xmrig | bb7b338db87ed6f8e3e5f0820c6e12fc89eece6e5fd774794792ea917bae56a8

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
Size

2.2MB
MD5

d4ab1c2df6729b368c14a80d1e41a660
SHA1

47b1d856cee8853b71c0cc5c00e2a7a6cafd38cb
SHA256

bb7b338db87ed6f8e3e5f0820c6e12fc89eece6e5fd774794792ea917bae56a8
SHA512

495334f500af8d694dee8cbfe2217e20f1b95f1a15f27e56f18f3f1b251ad4a3edd4cb013d2576c2d5e9f4cd22b91df920a190c4f82759cb88349c8bc25ea066
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD5DhUKZIx4yT:BemTLkNdfE0pZrr

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2340-0-0x00007FF7F34A0000-0x00007FF7F37F4000-memory.dmp	xmrig
behavioral2/files/0x00060000000232a6-5.dat	xmrig
behavioral2/files/0x0007000000023421-9.dat	xmrig
behavioral2/files/0x0007000000023422-19.dat	xmrig
behavioral2/files/0x0007000000023423-22.dat	xmrig
behavioral2/files/0x0007000000023424-33.dat	xmrig
behavioral2/files/0x0007000000023425-37.dat	xmrig
behavioral2/files/0x0007000000023426-42.dat	xmrig
behavioral2/files/0x0007000000023427-48.dat	xmrig
behavioral2/files/0x0007000000023428-53.dat	xmrig
behavioral2/memory/1548-60-0x00007FF75FE70000-0x00007FF7601C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-82.dat	xmrig
behavioral2/files/0x0007000000023430-96.dat	xmrig
behavioral2/files/0x0007000000023438-142.dat	xmrig
behavioral2/memory/4048-744-0x00007FF7CFC50000-0x00007FF7CFFA4000-memory.dmp	xmrig
behavioral2/memory/1668-743-0x00007FF6663A0000-0x00007FF6666F4000-memory.dmp	xmrig
behavioral2/memory/2708-748-0x00007FF6C3380000-0x00007FF6C36D4000-memory.dmp	xmrig
behavioral2/memory/3704-749-0x00007FF6D2950000-0x00007FF6D2CA4000-memory.dmp	xmrig
behavioral2/memory/5080-750-0x00007FF7BC380000-0x00007FF7BC6D4000-memory.dmp	xmrig
behavioral2/memory/4912-751-0x00007FF799360000-0x00007FF7996B4000-memory.dmp	xmrig
behavioral2/memory/4268-753-0x00007FF627360000-0x00007FF6276B4000-memory.dmp	xmrig
behavioral2/memory/3236-762-0x00007FF65CED0000-0x00007FF65D224000-memory.dmp	xmrig
behavioral2/memory/4972-766-0x00007FF650740000-0x00007FF650A94000-memory.dmp	xmrig
behavioral2/memory/4868-773-0x00007FF797C30000-0x00007FF797F84000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-172.dat	xmrig
behavioral2/files/0x000700000002343f-171.dat	xmrig
behavioral2/files/0x000700000002343d-167.dat	xmrig
behavioral2/files/0x000700000002343c-162.dat	xmrig
behavioral2/files/0x000700000002343b-157.dat	xmrig
behavioral2/files/0x000700000002343a-152.dat	xmrig
behavioral2/files/0x0007000000023439-147.dat	xmrig
behavioral2/files/0x0007000000023437-137.dat	xmrig
behavioral2/files/0x0007000000023436-132.dat	xmrig
behavioral2/files/0x0007000000023435-127.dat	xmrig
behavioral2/files/0x0007000000023434-122.dat	xmrig
behavioral2/files/0x0007000000023433-117.dat	xmrig
behavioral2/files/0x0007000000023432-112.dat	xmrig
behavioral2/files/0x0007000000023431-107.dat	xmrig
behavioral2/files/0x000700000002342f-97.dat	xmrig
behavioral2/files/0x000700000002342e-92.dat	xmrig
behavioral2/files/0x000700000002342d-86.dat	xmrig
behavioral2/files/0x000700000002342b-77.dat	xmrig
behavioral2/files/0x000700000002342a-72.dat	xmrig
behavioral2/files/0x0007000000023429-67.dat	xmrig
behavioral2/memory/1708-55-0x00007FF617680000-0x00007FF6179D4000-memory.dmp	xmrig
behavioral2/memory/1244-51-0x00007FF7E8830000-0x00007FF7E8B84000-memory.dmp	xmrig
behavioral2/memory/3220-45-0x00007FF769230000-0x00007FF769584000-memory.dmp	xmrig
behavioral2/memory/4908-41-0x00007FF71D0F0000-0x00007FF71D444000-memory.dmp	xmrig
behavioral2/memory/3492-40-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp	xmrig
behavioral2/memory/2904-36-0x00007FF7E3310000-0x00007FF7E3664000-memory.dmp	xmrig
behavioral2/memory/1216-32-0x00007FF6B7920000-0x00007FF6B7C74000-memory.dmp	xmrig
behavioral2/memory/4112-27-0x00007FF67D7F0000-0x00007FF67DB44000-memory.dmp	xmrig
behavioral2/files/0x0008000000023420-17.dat	xmrig
behavioral2/memory/3148-14-0x00007FF7DCBE0000-0x00007FF7DCF34000-memory.dmp	xmrig
behavioral2/memory/4520-786-0x00007FF7D7140000-0x00007FF7D7494000-memory.dmp	xmrig
behavioral2/memory/4064-780-0x00007FF70FF50000-0x00007FF7102A4000-memory.dmp	xmrig
behavioral2/memory/1680-808-0x00007FF668400000-0x00007FF668754000-memory.dmp	xmrig
behavioral2/memory/924-796-0x00007FF641620000-0x00007FF641974000-memory.dmp	xmrig
behavioral2/memory/1636-818-0x00007FF7801D0000-0x00007FF780524000-memory.dmp	xmrig
behavioral2/memory/3452-821-0x00007FF6EA310000-0x00007FF6EA664000-memory.dmp	xmrig
behavioral2/memory/448-833-0x00007FF6AF5A0000-0x00007FF6AF8F4000-memory.dmp	xmrig
behavioral2/memory/4444-827-0x00007FF7EA2D0000-0x00007FF7EA624000-memory.dmp	xmrig
behavioral2/memory/2736-816-0x00007FF7D8680000-0x00007FF7D89D4000-memory.dmp	xmrig
behavioral2/memory/2340-1931-0x00007FF7F34A0000-0x00007FF7F37F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3148	JFEnyjP.exe
2904	RYGmDID.exe
4112	BDYAhdc.exe
3492	oYwXQhZ.exe
1216	qsENtgE.exe
4908	PZpYzCm.exe
3220	wwHbzur.exe
1244	hSnAVEI.exe
1708	aXcrvRW.exe
1548	rCLndBK.exe
1668	QUozrlC.exe
4048	uRqFCZx.exe
2708	FYSZhqm.exe
3704	wtYYJMU.exe
5080	AWMIxjr.exe
4912	EfHHWGX.exe
4268	pDuQZsJ.exe
3236	YwCmqzu.exe
4972	NwBkdrX.exe
4868	BscYAVI.exe
4064	zyXrfgo.exe
4520	gQOlRci.exe
924	NiLwfpu.exe
1680	vfIxDcn.exe
2736	VIUThjK.exe
1636	dglVlrx.exe
3452	AXCCedS.exe
4444	NSEEaoB.exe
448	dOAathp.exe
4420	KQwrZtf.exe
4348	cnIjckm.exe
4052	fqYeYkN.exe
2236	DfgtPnN.exe
3528	zwtVdsF.exe
1164	nKFlwCe.exe
4804	ahDzfDS.exe
2344	oNgyBQW.exe
1532	TUfOzHZ.exe
1076	EJEIGmV.exe
408	dwXxFAR.exe
760	mVCNrwf.exe
376	UpNmgiu.exe
4284	BWCzzgk.exe
1600	irJfbAD.exe
3064	NgDjenl.exe
1584	MzRUGIz.exe
3124	gEJKZDK.exe
548	QuBjIhh.exe
552	OZRvxSE.exe
4400	RjNQPBr.exe
4380	zCgkNjh.exe
1940	qqHRPHT.exe
116	JhmOoaX.exe
1832	TufLQgy.exe
4488	eWpqksA.exe
2524	jYFjWVv.exe
3660	JgAolcM.exe
4472	acgYXAM.exe
3944	RGROejn.exe
3920	FeKNrXo.exe
2268	AUaGiGX.exe
1908	MpWgwAV.exe
868	wLzyIDq.exe
2804	YYsfCfE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2340-0-0x00007FF7F34A0000-0x00007FF7F37F4000-memory.dmp	upx
behavioral2/files/0x00060000000232a6-5.dat	upx
behavioral2/files/0x0007000000023421-9.dat	upx
behavioral2/files/0x0007000000023422-19.dat	upx
behavioral2/files/0x0007000000023423-22.dat	upx
behavioral2/files/0x0007000000023424-33.dat	upx
behavioral2/files/0x0007000000023425-37.dat	upx
behavioral2/files/0x0007000000023426-42.dat	upx
behavioral2/files/0x0007000000023427-48.dat	upx
behavioral2/files/0x0007000000023428-53.dat	upx
behavioral2/memory/1548-60-0x00007FF75FE70000-0x00007FF7601C4000-memory.dmp	upx
behavioral2/files/0x000700000002342c-82.dat	upx
behavioral2/files/0x0007000000023430-96.dat	upx
behavioral2/files/0x0007000000023438-142.dat	upx
behavioral2/memory/4048-744-0x00007FF7CFC50000-0x00007FF7CFFA4000-memory.dmp	upx
behavioral2/memory/1668-743-0x00007FF6663A0000-0x00007FF6666F4000-memory.dmp	upx
behavioral2/memory/2708-748-0x00007FF6C3380000-0x00007FF6C36D4000-memory.dmp	upx
behavioral2/memory/3704-749-0x00007FF6D2950000-0x00007FF6D2CA4000-memory.dmp	upx
behavioral2/memory/5080-750-0x00007FF7BC380000-0x00007FF7BC6D4000-memory.dmp	upx
behavioral2/memory/4912-751-0x00007FF799360000-0x00007FF7996B4000-memory.dmp	upx
behavioral2/memory/4268-753-0x00007FF627360000-0x00007FF6276B4000-memory.dmp	upx
behavioral2/memory/3236-762-0x00007FF65CED0000-0x00007FF65D224000-memory.dmp	upx
behavioral2/memory/4972-766-0x00007FF650740000-0x00007FF650A94000-memory.dmp	upx
behavioral2/memory/4868-773-0x00007FF797C30000-0x00007FF797F84000-memory.dmp	upx
behavioral2/files/0x000700000002343e-172.dat	upx
behavioral2/files/0x000700000002343f-171.dat	upx
behavioral2/files/0x000700000002343d-167.dat	upx
behavioral2/files/0x000700000002343c-162.dat	upx
behavioral2/files/0x000700000002343b-157.dat	upx
behavioral2/files/0x000700000002343a-152.dat	upx
behavioral2/files/0x0007000000023439-147.dat	upx
behavioral2/files/0x0007000000023437-137.dat	upx
behavioral2/files/0x0007000000023436-132.dat	upx
behavioral2/files/0x0007000000023435-127.dat	upx
behavioral2/files/0x0007000000023434-122.dat	upx
behavioral2/files/0x0007000000023433-117.dat	upx
behavioral2/files/0x0007000000023432-112.dat	upx
behavioral2/files/0x0007000000023431-107.dat	upx
behavioral2/files/0x000700000002342f-97.dat	upx
behavioral2/files/0x000700000002342e-92.dat	upx
behavioral2/files/0x000700000002342d-86.dat	upx
behavioral2/files/0x000700000002342b-77.dat	upx
behavioral2/files/0x000700000002342a-72.dat	upx
behavioral2/files/0x0007000000023429-67.dat	upx
behavioral2/memory/1708-55-0x00007FF617680000-0x00007FF6179D4000-memory.dmp	upx
behavioral2/memory/1244-51-0x00007FF7E8830000-0x00007FF7E8B84000-memory.dmp	upx
behavioral2/memory/3220-45-0x00007FF769230000-0x00007FF769584000-memory.dmp	upx
behavioral2/memory/4908-41-0x00007FF71D0F0000-0x00007FF71D444000-memory.dmp	upx
behavioral2/memory/3492-40-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp	upx
behavioral2/memory/2904-36-0x00007FF7E3310000-0x00007FF7E3664000-memory.dmp	upx
behavioral2/memory/1216-32-0x00007FF6B7920000-0x00007FF6B7C74000-memory.dmp	upx
behavioral2/memory/4112-27-0x00007FF67D7F0000-0x00007FF67DB44000-memory.dmp	upx
behavioral2/files/0x0008000000023420-17.dat	upx
behavioral2/memory/3148-14-0x00007FF7DCBE0000-0x00007FF7DCF34000-memory.dmp	upx
behavioral2/memory/4520-786-0x00007FF7D7140000-0x00007FF7D7494000-memory.dmp	upx
behavioral2/memory/4064-780-0x00007FF70FF50000-0x00007FF7102A4000-memory.dmp	upx
behavioral2/memory/1680-808-0x00007FF668400000-0x00007FF668754000-memory.dmp	upx
behavioral2/memory/924-796-0x00007FF641620000-0x00007FF641974000-memory.dmp	upx
behavioral2/memory/1636-818-0x00007FF7801D0000-0x00007FF780524000-memory.dmp	upx
behavioral2/memory/3452-821-0x00007FF6EA310000-0x00007FF6EA664000-memory.dmp	upx
behavioral2/memory/448-833-0x00007FF6AF5A0000-0x00007FF6AF8F4000-memory.dmp	upx
behavioral2/memory/4444-827-0x00007FF7EA2D0000-0x00007FF7EA624000-memory.dmp	upx
behavioral2/memory/2736-816-0x00007FF7D8680000-0x00007FF7D89D4000-memory.dmp	upx
behavioral2/memory/2340-1931-0x00007FF7F34A0000-0x00007FF7F37F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TNLkVCT.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\JDmmoBk.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\KaAXsow.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\uokZvKa.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\jJpXIZQ.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\ltrSJnw.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\AkfGsde.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\ZPUhCCQ.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\DYxoVrV.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\dOZaNKC.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\asSxvPk.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\fzYeoOG.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\dPSmMHp.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\vrLwBUv.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\PvbnRdS.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\vQBvnri.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\xijqKlG.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\rqnyCfs.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\wCNIZfR.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\ykGNrzz.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\eWpqksA.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\AZmJwxa.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\UkRvtjC.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\HesSfjY.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\qFlzKtw.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\DSOxIjw.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\TSvWKTe.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\kJlsSGK.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\QhKphTc.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\CPYQJZg.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\jpykepU.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\fWZfQSK.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\nhbfTri.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\DbnNKwd.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\NSEEaoB.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\NWcUGHU.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\KkECJDr.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\tDIkeaC.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\CSXJoPa.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\rmhfpux.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\bTWwAdX.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\BbbXsUh.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\HvHLPwM.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\dhGlZPz.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\AJeacdF.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\AcQVyoX.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\phteviE.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\CdOzBUP.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\ocpoJvs.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\xFcxtqB.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\qpIuRxC.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\LcZsRwb.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\LblYygv.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\GTrhoJn.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\pvFtbtM.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\yXFSHMo.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\bYABdSY.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\SkZEoco.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\bgqBBVy.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\SYyVgRj.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\OdsAEsX.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\QqeryPK.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\nxBqUqO.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
File created	C:\Windows\System\dkyWWwQ.exe	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14440	dwm.exe
Token: SeChangeNotifyPrivilege	14440	dwm.exe
Token: 33	14440	dwm.exe
Token: SeIncBasePriorityPrivilege	14440	dwm.exe
Token: SeShutdownPrivilege	14440	dwm.exe
Token: SeCreatePagefilePrivilege	14440	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3148	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	84
PID 2340 wrote to memory of 3148	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	84
PID 2340 wrote to memory of 2904	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	85
PID 2340 wrote to memory of 2904	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	85
PID 2340 wrote to memory of 4112	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	86
PID 2340 wrote to memory of 4112	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	86
PID 2340 wrote to memory of 3492	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	87
PID 2340 wrote to memory of 3492	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	87
PID 2340 wrote to memory of 1216	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	88
PID 2340 wrote to memory of 1216	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	88
PID 2340 wrote to memory of 4908	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	89
PID 2340 wrote to memory of 4908	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	89
PID 2340 wrote to memory of 3220	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	90
PID 2340 wrote to memory of 3220	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	90
PID 2340 wrote to memory of 1244	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	91
PID 2340 wrote to memory of 1244	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	91
PID 2340 wrote to memory of 1708	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	92
PID 2340 wrote to memory of 1708	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	92
PID 2340 wrote to memory of 1548	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	93
PID 2340 wrote to memory of 1548	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	93
PID 2340 wrote to memory of 1668	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	94
PID 2340 wrote to memory of 1668	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	94
PID 2340 wrote to memory of 4048	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	95
PID 2340 wrote to memory of 4048	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	95
PID 2340 wrote to memory of 2708	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	96
PID 2340 wrote to memory of 2708	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	96
PID 2340 wrote to memory of 3704	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	97
PID 2340 wrote to memory of 3704	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	97
PID 2340 wrote to memory of 5080	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	98
PID 2340 wrote to memory of 5080	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	98
PID 2340 wrote to memory of 4912	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	99
PID 2340 wrote to memory of 4912	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	99
PID 2340 wrote to memory of 4268	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	100
PID 2340 wrote to memory of 4268	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	100
PID 2340 wrote to memory of 3236	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	101
PID 2340 wrote to memory of 3236	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	101
PID 2340 wrote to memory of 4972	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	102
PID 2340 wrote to memory of 4972	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	102
PID 2340 wrote to memory of 4868	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	103
PID 2340 wrote to memory of 4868	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	103
PID 2340 wrote to memory of 4064	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	104
PID 2340 wrote to memory of 4064	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	104
PID 2340 wrote to memory of 4520	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	105
PID 2340 wrote to memory of 4520	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	105
PID 2340 wrote to memory of 924	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	106
PID 2340 wrote to memory of 924	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	106
PID 2340 wrote to memory of 1680	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	107
PID 2340 wrote to memory of 1680	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	107
PID 2340 wrote to memory of 2736	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	108
PID 2340 wrote to memory of 2736	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	108
PID 2340 wrote to memory of 1636	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	109
PID 2340 wrote to memory of 1636	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	109
PID 2340 wrote to memory of 3452	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	110
PID 2340 wrote to memory of 3452	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	110
PID 2340 wrote to memory of 4444	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	111
PID 2340 wrote to memory of 4444	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	111
PID 2340 wrote to memory of 448	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	112
PID 2340 wrote to memory of 448	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	112
PID 2340 wrote to memory of 4420	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	113
PID 2340 wrote to memory of 4420	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	113
PID 2340 wrote to memory of 4348	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	114
PID 2340 wrote to memory of 4348	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	114
PID 2340 wrote to memory of 4052	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	115
PID 2340 wrote to memory of 4052	2340	d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d4ab1c2df6729b368c14a80d1e41a660_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\System\JFEnyjP.exe
  C:\Windows\System\JFEnyjP.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\RYGmDID.exe
  C:\Windows\System\RYGmDID.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\BDYAhdc.exe
  C:\Windows\System\BDYAhdc.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\oYwXQhZ.exe
  C:\Windows\System\oYwXQhZ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\qsENtgE.exe
  C:\Windows\System\qsENtgE.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\PZpYzCm.exe
  C:\Windows\System\PZpYzCm.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\wwHbzur.exe
  C:\Windows\System\wwHbzur.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\hSnAVEI.exe
  C:\Windows\System\hSnAVEI.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\aXcrvRW.exe
  C:\Windows\System\aXcrvRW.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\rCLndBK.exe
  C:\Windows\System\rCLndBK.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\QUozrlC.exe
  C:\Windows\System\QUozrlC.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\uRqFCZx.exe
  C:\Windows\System\uRqFCZx.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\FYSZhqm.exe
  C:\Windows\System\FYSZhqm.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\wtYYJMU.exe
  C:\Windows\System\wtYYJMU.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\AWMIxjr.exe
  C:\Windows\System\AWMIxjr.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\EfHHWGX.exe
  C:\Windows\System\EfHHWGX.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\pDuQZsJ.exe
  C:\Windows\System\pDuQZsJ.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\YwCmqzu.exe
  C:\Windows\System\YwCmqzu.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\NwBkdrX.exe
  C:\Windows\System\NwBkdrX.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\BscYAVI.exe
  C:\Windows\System\BscYAVI.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\zyXrfgo.exe
  C:\Windows\System\zyXrfgo.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\gQOlRci.exe
  C:\Windows\System\gQOlRci.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\NiLwfpu.exe
  C:\Windows\System\NiLwfpu.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\vfIxDcn.exe
  C:\Windows\System\vfIxDcn.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\VIUThjK.exe
  C:\Windows\System\VIUThjK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\dglVlrx.exe
  C:\Windows\System\dglVlrx.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\AXCCedS.exe
  C:\Windows\System\AXCCedS.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\NSEEaoB.exe
  C:\Windows\System\NSEEaoB.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\dOAathp.exe
  C:\Windows\System\dOAathp.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\KQwrZtf.exe
  C:\Windows\System\KQwrZtf.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\cnIjckm.exe
  C:\Windows\System\cnIjckm.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\fqYeYkN.exe
  C:\Windows\System\fqYeYkN.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\DfgtPnN.exe
  C:\Windows\System\DfgtPnN.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\zwtVdsF.exe
  C:\Windows\System\zwtVdsF.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\nKFlwCe.exe
  C:\Windows\System\nKFlwCe.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\ahDzfDS.exe
  C:\Windows\System\ahDzfDS.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\oNgyBQW.exe
  C:\Windows\System\oNgyBQW.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\TUfOzHZ.exe
  C:\Windows\System\TUfOzHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\EJEIGmV.exe
  C:\Windows\System\EJEIGmV.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\dwXxFAR.exe
  C:\Windows\System\dwXxFAR.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\mVCNrwf.exe
  C:\Windows\System\mVCNrwf.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\UpNmgiu.exe
  C:\Windows\System\UpNmgiu.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\BWCzzgk.exe
  C:\Windows\System\BWCzzgk.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\irJfbAD.exe
  C:\Windows\System\irJfbAD.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\NgDjenl.exe
  C:\Windows\System\NgDjenl.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\MzRUGIz.exe
  C:\Windows\System\MzRUGIz.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\gEJKZDK.exe
  C:\Windows\System\gEJKZDK.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\QuBjIhh.exe
  C:\Windows\System\QuBjIhh.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\OZRvxSE.exe
  C:\Windows\System\OZRvxSE.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\RjNQPBr.exe
  C:\Windows\System\RjNQPBr.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\zCgkNjh.exe
  C:\Windows\System\zCgkNjh.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\qqHRPHT.exe
  C:\Windows\System\qqHRPHT.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\JhmOoaX.exe
  C:\Windows\System\JhmOoaX.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\TufLQgy.exe
  C:\Windows\System\TufLQgy.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\eWpqksA.exe
  C:\Windows\System\eWpqksA.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\jYFjWVv.exe
  C:\Windows\System\jYFjWVv.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\JgAolcM.exe
  C:\Windows\System\JgAolcM.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\acgYXAM.exe
  C:\Windows\System\acgYXAM.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\RGROejn.exe
  C:\Windows\System\RGROejn.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\FeKNrXo.exe
  C:\Windows\System\FeKNrXo.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\AUaGiGX.exe
  C:\Windows\System\AUaGiGX.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\MpWgwAV.exe
  C:\Windows\System\MpWgwAV.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\wLzyIDq.exe
  C:\Windows\System\wLzyIDq.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\YYsfCfE.exe
  C:\Windows\System\YYsfCfE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\AZmJwxa.exe
  C:\Windows\System\AZmJwxa.exe
  2⤵
  PID:3508
- C:\Windows\System\AWKtDpj.exe
  C:\Windows\System\AWKtDpj.exe
  2⤵
  PID:3212
- C:\Windows\System\tuUvXsX.exe
  C:\Windows\System\tuUvXsX.exe
  2⤵
  PID:3832
- C:\Windows\System\HvtlGsu.exe
  C:\Windows\System\HvtlGsu.exe
  2⤵
  PID:968
- C:\Windows\System\bauvgUj.exe
  C:\Windows\System\bauvgUj.exe
  2⤵
  PID:876
- C:\Windows\System\BqnFGjG.exe
  C:\Windows\System\BqnFGjG.exe
  2⤵
  PID:3040
- C:\Windows\System\dPSmMHp.exe
  C:\Windows\System\dPSmMHp.exe
  2⤵
  PID:4884
- C:\Windows\System\THoozmM.exe
  C:\Windows\System\THoozmM.exe
  2⤵
  PID:4940
- C:\Windows\System\vwyxwKs.exe
  C:\Windows\System\vwyxwKs.exe
  2⤵
  PID:3760
- C:\Windows\System\xzCioUa.exe
  C:\Windows\System\xzCioUa.exe
  2⤵
  PID:3560
- C:\Windows\System\IOZKmuY.exe
  C:\Windows\System\IOZKmuY.exe
  2⤵
  PID:2336
- C:\Windows\System\BTBhgjC.exe
  C:\Windows\System\BTBhgjC.exe
  2⤵
  PID:3476
- C:\Windows\System\hxzyLLX.exe
  C:\Windows\System\hxzyLLX.exe
  2⤵
  PID:3556
- C:\Windows\System\rhSHzva.exe
  C:\Windows\System\rhSHzva.exe
  2⤵
  PID:464
- C:\Windows\System\xvWoroB.exe
  C:\Windows\System\xvWoroB.exe
  2⤵
  PID:4072
- C:\Windows\System\NVGwDQX.exe
  C:\Windows\System\NVGwDQX.exe
  2⤵
  PID:5148
- C:\Windows\System\ssTtvRw.exe
  C:\Windows\System\ssTtvRw.exe
  2⤵
  PID:5172
- C:\Windows\System\PpRbONS.exe
  C:\Windows\System\PpRbONS.exe
  2⤵
  PID:5204
- C:\Windows\System\PggiSBt.exe
  C:\Windows\System\PggiSBt.exe
  2⤵
  PID:5232
- C:\Windows\System\NSaWERD.exe
  C:\Windows\System\NSaWERD.exe
  2⤵
  PID:5260
- C:\Windows\System\jzEtaUr.exe
  C:\Windows\System\jzEtaUr.exe
  2⤵
  PID:5288
- C:\Windows\System\CdkBlfG.exe
  C:\Windows\System\CdkBlfG.exe
  2⤵
  PID:5316
- C:\Windows\System\TWCjOdd.exe
  C:\Windows\System\TWCjOdd.exe
  2⤵
  PID:5344
- C:\Windows\System\xDUOqHv.exe
  C:\Windows\System\xDUOqHv.exe
  2⤵
  PID:5372
- C:\Windows\System\ThKtjVh.exe
  C:\Windows\System\ThKtjVh.exe
  2⤵
  PID:5400
- C:\Windows\System\RxhSVoy.exe
  C:\Windows\System\RxhSVoy.exe
  2⤵
  PID:5428
- C:\Windows\System\KcfTnnM.exe
  C:\Windows\System\KcfTnnM.exe
  2⤵
  PID:5452
- C:\Windows\System\NGrkVZD.exe
  C:\Windows\System\NGrkVZD.exe
  2⤵
  PID:5484
- C:\Windows\System\ZpFQMeG.exe
  C:\Windows\System\ZpFQMeG.exe
  2⤵
  PID:5512
- C:\Windows\System\rVBacjJ.exe
  C:\Windows\System\rVBacjJ.exe
  2⤵
  PID:5540
- C:\Windows\System\yXFSHMo.exe
  C:\Windows\System\yXFSHMo.exe
  2⤵
  PID:5564
- C:\Windows\System\vCicEKF.exe
  C:\Windows\System\vCicEKF.exe
  2⤵
  PID:5596
- C:\Windows\System\UKiXodK.exe
  C:\Windows\System\UKiXodK.exe
  2⤵
  PID:5624
- C:\Windows\System\dhydwBr.exe
  C:\Windows\System\dhydwBr.exe
  2⤵
  PID:5652
- C:\Windows\System\LBrQeZr.exe
  C:\Windows\System\LBrQeZr.exe
  2⤵
  PID:5680
- C:\Windows\System\XzUEkCw.exe
  C:\Windows\System\XzUEkCw.exe
  2⤵
  PID:5708
- C:\Windows\System\hVBnuua.exe
  C:\Windows\System\hVBnuua.exe
  2⤵
  PID:5736
- C:\Windows\System\PbulBQi.exe
  C:\Windows\System\PbulBQi.exe
  2⤵
  PID:5764
- C:\Windows\System\kUNINgi.exe
  C:\Windows\System\kUNINgi.exe
  2⤵
  PID:5792
- C:\Windows\System\Sxiduqn.exe
  C:\Windows\System\Sxiduqn.exe
  2⤵
  PID:5816
- C:\Windows\System\IaewRPh.exe
  C:\Windows\System\IaewRPh.exe
  2⤵
  PID:5848
- C:\Windows\System\vrLwBUv.exe
  C:\Windows\System\vrLwBUv.exe
  2⤵
  PID:5876
- C:\Windows\System\WaeUwfi.exe
  C:\Windows\System\WaeUwfi.exe
  2⤵
  PID:5904
- C:\Windows\System\pKCgOrP.exe
  C:\Windows\System\pKCgOrP.exe
  2⤵
  PID:5932
- C:\Windows\System\cQRQxcN.exe
  C:\Windows\System\cQRQxcN.exe
  2⤵
  PID:5960
- C:\Windows\System\XfBMUsE.exe
  C:\Windows\System\XfBMUsE.exe
  2⤵
  PID:5988
- C:\Windows\System\YzjBjYd.exe
  C:\Windows\System\YzjBjYd.exe
  2⤵
  PID:6016
- C:\Windows\System\pSzLeRd.exe
  C:\Windows\System\pSzLeRd.exe
  2⤵
  PID:6044
- C:\Windows\System\OACLinY.exe
  C:\Windows\System\OACLinY.exe
  2⤵
  PID:6072
- C:\Windows\System\bDikXHF.exe
  C:\Windows\System\bDikXHF.exe
  2⤵
  PID:6100
- C:\Windows\System\RRMqlBp.exe
  C:\Windows\System\RRMqlBp.exe
  2⤵
  PID:6128
- C:\Windows\System\hahKaGH.exe
  C:\Windows\System\hahKaGH.exe
  2⤵
  PID:5012
- C:\Windows\System\inaOwcP.exe
  C:\Windows\System\inaOwcP.exe
  2⤵
  PID:2776
- C:\Windows\System\PeJtjCL.exe
  C:\Windows\System\PeJtjCL.exe
  2⤵
  PID:2160
- C:\Windows\System\cWfGMZh.exe
  C:\Windows\System\cWfGMZh.exe
  2⤵
  PID:5008
- C:\Windows\System\kEjMdxd.exe
  C:\Windows\System\kEjMdxd.exe
  2⤵
  PID:4404
- C:\Windows\System\LaZOISC.exe
  C:\Windows\System\LaZOISC.exe
  2⤵
  PID:3408
- C:\Windows\System\WznfSsq.exe
  C:\Windows\System\WznfSsq.exe
  2⤵
  PID:3188
- C:\Windows\System\EByNpAK.exe
  C:\Windows\System\EByNpAK.exe
  2⤵
  PID:5160
- C:\Windows\System\UavRgSd.exe
  C:\Windows\System\UavRgSd.exe
  2⤵
  PID:5220
- C:\Windows\System\rnwxhxb.exe
  C:\Windows\System\rnwxhxb.exe
  2⤵
  PID:5280
- C:\Windows\System\gLiHvkz.exe
  C:\Windows\System\gLiHvkz.exe
  2⤵
  PID:5356
- C:\Windows\System\LzMXqzV.exe
  C:\Windows\System\LzMXqzV.exe
  2⤵
  PID:5416
- C:\Windows\System\kVhPNsw.exe
  C:\Windows\System\kVhPNsw.exe
  2⤵
  PID:5476
- C:\Windows\System\uqxesDR.exe
  C:\Windows\System\uqxesDR.exe
  2⤵
  PID:5552
- C:\Windows\System\JzxRmWz.exe
  C:\Windows\System\JzxRmWz.exe
  2⤵
  PID:5612
- C:\Windows\System\PdwqlrP.exe
  C:\Windows\System\PdwqlrP.exe
  2⤵
  PID:5672
- C:\Windows\System\mHaApWN.exe
  C:\Windows\System\mHaApWN.exe
  2⤵
  PID:5748
- C:\Windows\System\dkyWWwQ.exe
  C:\Windows\System\dkyWWwQ.exe
  2⤵
  PID:5808
- C:\Windows\System\nEurEKh.exe
  C:\Windows\System\nEurEKh.exe
  2⤵
  PID:5868
- C:\Windows\System\ZyqnXGR.exe
  C:\Windows\System\ZyqnXGR.exe
  2⤵
  PID:5944
- C:\Windows\System\awYMENs.exe
  C:\Windows\System\awYMENs.exe
  2⤵
  PID:6004
- C:\Windows\System\IxhNLTh.exe
  C:\Windows\System\IxhNLTh.exe
  2⤵
  PID:6064
- C:\Windows\System\VLXWHJD.exe
  C:\Windows\System\VLXWHJD.exe
  2⤵
  PID:6140
- C:\Windows\System\zXklALC.exe
  C:\Windows\System\zXklALC.exe
  2⤵
  PID:1968
- C:\Windows\System\cbYbHDe.exe
  C:\Windows\System\cbYbHDe.exe
  2⤵
  PID:3616
- C:\Windows\System\TZPrCVZ.exe
  C:\Windows\System\TZPrCVZ.exe
  2⤵
  PID:4724
- C:\Windows\System\jmsrusG.exe
  C:\Windows\System\jmsrusG.exe
  2⤵
  PID:5196
- C:\Windows\System\GIgabxa.exe
  C:\Windows\System\GIgabxa.exe
  2⤵
  PID:5332
- C:\Windows\System\HesSfjY.exe
  C:\Windows\System\HesSfjY.exe
  2⤵
  PID:5468
- C:\Windows\System\CmJRXVJ.exe
  C:\Windows\System\CmJRXVJ.exe
  2⤵
  PID:5640
- C:\Windows\System\AxMvGkK.exe
  C:\Windows\System\AxMvGkK.exe
  2⤵
  PID:5780
- C:\Windows\System\wnIMToy.exe
  C:\Windows\System\wnIMToy.exe
  2⤵
  PID:6164
- C:\Windows\System\eMYiiEA.exe
  C:\Windows\System\eMYiiEA.exe
  2⤵
  PID:6192
- C:\Windows\System\JTTUspu.exe
  C:\Windows\System\JTTUspu.exe
  2⤵
  PID:6220
- C:\Windows\System\QUWGjZw.exe
  C:\Windows\System\QUWGjZw.exe
  2⤵
  PID:6248
- C:\Windows\System\EjmIWoG.exe
  C:\Windows\System\EjmIWoG.exe
  2⤵
  PID:6276
- C:\Windows\System\heQjgzb.exe
  C:\Windows\System\heQjgzb.exe
  2⤵
  PID:6304
- C:\Windows\System\loxkPNy.exe
  C:\Windows\System\loxkPNy.exe
  2⤵
  PID:6332
- C:\Windows\System\aZboOTE.exe
  C:\Windows\System\aZboOTE.exe
  2⤵
  PID:6360
- C:\Windows\System\WhvErPH.exe
  C:\Windows\System\WhvErPH.exe
  2⤵
  PID:6388
- C:\Windows\System\MLKtWeb.exe
  C:\Windows\System\MLKtWeb.exe
  2⤵
  PID:6416
- C:\Windows\System\jkYbnRo.exe
  C:\Windows\System\jkYbnRo.exe
  2⤵
  PID:6444
- C:\Windows\System\TfAmZJa.exe
  C:\Windows\System\TfAmZJa.exe
  2⤵
  PID:6472
- C:\Windows\System\jpSDjXR.exe
  C:\Windows\System\jpSDjXR.exe
  2⤵
  PID:6500
- C:\Windows\System\AJeacdF.exe
  C:\Windows\System\AJeacdF.exe
  2⤵
  PID:6528
- C:\Windows\System\YWFTziC.exe
  C:\Windows\System\YWFTziC.exe
  2⤵
  PID:6560
- C:\Windows\System\EGykroW.exe
  C:\Windows\System\EGykroW.exe
  2⤵
  PID:6588
- C:\Windows\System\YnTPolB.exe
  C:\Windows\System\YnTPolB.exe
  2⤵
  PID:6612
- C:\Windows\System\faySqbF.exe
  C:\Windows\System\faySqbF.exe
  2⤵
  PID:6640
- C:\Windows\System\ksJMSCD.exe
  C:\Windows\System\ksJMSCD.exe
  2⤵
  PID:6668
- C:\Windows\System\aMFTBfS.exe
  C:\Windows\System\aMFTBfS.exe
  2⤵
  PID:6696
- C:\Windows\System\AkfGsde.exe
  C:\Windows\System\AkfGsde.exe
  2⤵
  PID:6724
- C:\Windows\System\cCrRYaG.exe
  C:\Windows\System\cCrRYaG.exe
  2⤵
  PID:6752
- C:\Windows\System\lIrtJdJ.exe
  C:\Windows\System\lIrtJdJ.exe
  2⤵
  PID:6780
- C:\Windows\System\UVHRxPg.exe
  C:\Windows\System\UVHRxPg.exe
  2⤵
  PID:6808
- C:\Windows\System\qUUtgbo.exe
  C:\Windows\System\qUUtgbo.exe
  2⤵
  PID:6836
- C:\Windows\System\USHDLNq.exe
  C:\Windows\System\USHDLNq.exe
  2⤵
  PID:6864
- C:\Windows\System\FDSKfaJ.exe
  C:\Windows\System\FDSKfaJ.exe
  2⤵
  PID:6892
- C:\Windows\System\nVmuUnL.exe
  C:\Windows\System\nVmuUnL.exe
  2⤵
  PID:6920
- C:\Windows\System\ObxyJls.exe
  C:\Windows\System\ObxyJls.exe
  2⤵
  PID:6948
- C:\Windows\System\ktUHgby.exe
  C:\Windows\System\ktUHgby.exe
  2⤵
  PID:6976
- C:\Windows\System\KkECJDr.exe
  C:\Windows\System\KkECJDr.exe
  2⤵
  PID:7004
- C:\Windows\System\fqSQXDI.exe
  C:\Windows\System\fqSQXDI.exe
  2⤵
  PID:7032
- C:\Windows\System\okysmUZ.exe
  C:\Windows\System\okysmUZ.exe
  2⤵
  PID:7060
- C:\Windows\System\rfsxipG.exe
  C:\Windows\System\rfsxipG.exe
  2⤵
  PID:7092
- C:\Windows\System\ohkHZMm.exe
  C:\Windows\System\ohkHZMm.exe
  2⤵
  PID:7116
- C:\Windows\System\mLLiEIi.exe
  C:\Windows\System\mLLiEIi.exe
  2⤵
  PID:7144
- C:\Windows\System\ZjJgdCK.exe
  C:\Windows\System\ZjJgdCK.exe
  2⤵
  PID:5860
- C:\Windows\System\nvoZLmY.exe
  C:\Windows\System\nvoZLmY.exe
  2⤵
  PID:6032
- C:\Windows\System\VZiTtAf.exe
  C:\Windows\System\VZiTtAf.exe
  2⤵
  PID:1656
- C:\Windows\System\wQkPcVZ.exe
  C:\Windows\System\wQkPcVZ.exe
  2⤵
  PID:600
- C:\Windows\System\cwtEvfJ.exe
  C:\Windows\System\cwtEvfJ.exe
  2⤵
  PID:5388
- C:\Windows\System\UHxECgZ.exe
  C:\Windows\System\UHxECgZ.exe
  2⤵
  PID:5700
- C:\Windows\System\MBVPcor.exe
  C:\Windows\System\MBVPcor.exe
  2⤵
  PID:6180
- C:\Windows\System\luHhtrX.exe
  C:\Windows\System\luHhtrX.exe
  2⤵
  PID:6240
- C:\Windows\System\lHeDViX.exe
  C:\Windows\System\lHeDViX.exe
  2⤵
  PID:6296
- C:\Windows\System\PmljbSM.exe
  C:\Windows\System\PmljbSM.exe
  2⤵
  PID:6372
- C:\Windows\System\ohMFRrt.exe
  C:\Windows\System\ohMFRrt.exe
  2⤵
  PID:6432
- C:\Windows\System\PLCAlpE.exe
  C:\Windows\System\PLCAlpE.exe
  2⤵
  PID:6488
- C:\Windows\System\XWBtOsr.exe
  C:\Windows\System\XWBtOsr.exe
  2⤵
  PID:6544
- C:\Windows\System\oYMSWLU.exe
  C:\Windows\System\oYMSWLU.exe
  2⤵
  PID:6608
- C:\Windows\System\tdGxtyV.exe
  C:\Windows\System\tdGxtyV.exe
  2⤵
  PID:6680
- C:\Windows\System\gzeoLpO.exe
  C:\Windows\System\gzeoLpO.exe
  2⤵
  PID:6740
- C:\Windows\System\JDmmoBk.exe
  C:\Windows\System\JDmmoBk.exe
  2⤵
  PID:6796
- C:\Windows\System\gnmMxNZ.exe
  C:\Windows\System\gnmMxNZ.exe
  2⤵
  PID:6856
- C:\Windows\System\hLRPTXA.exe
  C:\Windows\System\hLRPTXA.exe
  2⤵
  PID:6912
- C:\Windows\System\XeLqxyJ.exe
  C:\Windows\System\XeLqxyJ.exe
  2⤵
  PID:6988
- C:\Windows\System\HzusKWE.exe
  C:\Windows\System\HzusKWE.exe
  2⤵
  PID:7048
- C:\Windows\System\efwLZzM.exe
  C:\Windows\System\efwLZzM.exe
  2⤵
  PID:7108
- C:\Windows\System\uTpxUjn.exe
  C:\Windows\System\uTpxUjn.exe
  2⤵
  PID:4600
- C:\Windows\System\agvazNt.exe
  C:\Windows\System\agvazNt.exe
  2⤵
  PID:6116
- C:\Windows\System\HHPSlQq.exe
  C:\Windows\System\HHPSlQq.exe
  2⤵
  PID:5444
- C:\Windows\System\OaYArnJ.exe
  C:\Windows\System\OaYArnJ.exe
  2⤵
  PID:6212
- C:\Windows\System\EojaJIi.exe
  C:\Windows\System\EojaJIi.exe
  2⤵
  PID:6348
- C:\Windows\System\LblYygv.exe
  C:\Windows\System\LblYygv.exe
  2⤵
  PID:6516
- C:\Windows\System\adQaLUZ.exe
  C:\Windows\System\adQaLUZ.exe
  2⤵
  PID:6652
- C:\Windows\System\CPYQJZg.exe
  C:\Windows\System\CPYQJZg.exe
  2⤵
  PID:6764
- C:\Windows\System\AlhbCLi.exe
  C:\Windows\System\AlhbCLi.exe
  2⤵
  PID:3312
- C:\Windows\System\lvtJuLx.exe
  C:\Windows\System\lvtJuLx.exe
  2⤵
  PID:7024
- C:\Windows\System\hVzbkix.exe
  C:\Windows\System\hVzbkix.exe
  2⤵
  PID:7136
- C:\Windows\System\jpykepU.exe
  C:\Windows\System\jpykepU.exe
  2⤵
  PID:4956
- C:\Windows\System\zghKVpC.exe
  C:\Windows\System\zghKVpC.exe
  2⤵
  PID:6324
- C:\Windows\System\pwzuCen.exe
  C:\Windows\System\pwzuCen.exe
  2⤵
  PID:6580
- C:\Windows\System\bpmwTEj.exe
  C:\Windows\System\bpmwTEj.exe
  2⤵
  PID:2044
- C:\Windows\System\bMWZFpe.exe
  C:\Windows\System\bMWZFpe.exe
  2⤵
  PID:7076
- C:\Windows\System\nFGhmNP.exe
  C:\Windows\System\nFGhmNP.exe
  2⤵
  PID:6092
- C:\Windows\System\PXjQjOR.exe
  C:\Windows\System\PXjQjOR.exe
  2⤵
  PID:6156
- C:\Windows\System\bYABdSY.exe
  C:\Windows\System\bYABdSY.exe
  2⤵
  PID:2000
- C:\Windows\System\nnSfotN.exe
  C:\Windows\System\nnSfotN.exe
  2⤵
  PID:2668
- C:\Windows\System\AjpJbaQ.exe
  C:\Windows\System\AjpJbaQ.exe
  2⤵
  PID:4992
- C:\Windows\System\exRIKrJ.exe
  C:\Windows\System\exRIKrJ.exe
  2⤵
  PID:3016
- C:\Windows\System\KgieFrw.exe
  C:\Windows\System\KgieFrw.exe
  2⤵
  PID:2308
- C:\Windows\System\rBYTJIl.exe
  C:\Windows\System\rBYTJIl.exe
  2⤵
  PID:2120
- C:\Windows\System\ZPUhCCQ.exe
  C:\Windows\System\ZPUhCCQ.exe
  2⤵
  PID:7180
- C:\Windows\System\BitrzNB.exe
  C:\Windows\System\BitrzNB.exe
  2⤵
  PID:7224
- C:\Windows\System\UNqTyJE.exe
  C:\Windows\System\UNqTyJE.exe
  2⤵
  PID:7252
- C:\Windows\System\wVKVlvV.exe
  C:\Windows\System\wVKVlvV.exe
  2⤵
  PID:7268
- C:\Windows\System\ZPFMCzX.exe
  C:\Windows\System\ZPFMCzX.exe
  2⤵
  PID:7284
- C:\Windows\System\aOafVqW.exe
  C:\Windows\System\aOafVqW.exe
  2⤵
  PID:7304
- C:\Windows\System\riyezEH.exe
  C:\Windows\System\riyezEH.exe
  2⤵
  PID:7320
- C:\Windows\System\WDKQxyI.exe
  C:\Windows\System\WDKQxyI.exe
  2⤵
  PID:7340
- C:\Windows\System\fhOQIRN.exe
  C:\Windows\System\fhOQIRN.exe
  2⤵
  PID:7356
- C:\Windows\System\dMzBKiW.exe
  C:\Windows\System\dMzBKiW.exe
  2⤵
  PID:7372
- C:\Windows\System\BEQWSQt.exe
  C:\Windows\System\BEQWSQt.exe
  2⤵
  PID:7400
- C:\Windows\System\lTgTGBI.exe
  C:\Windows\System\lTgTGBI.exe
  2⤵
  PID:7420
- C:\Windows\System\aSGPGGx.exe
  C:\Windows\System\aSGPGGx.exe
  2⤵
  PID:7436
- C:\Windows\System\lpwRnrs.exe
  C:\Windows\System\lpwRnrs.exe
  2⤵
  PID:7464
- C:\Windows\System\xijqKlG.exe
  C:\Windows\System\xijqKlG.exe
  2⤵
  PID:7488
- C:\Windows\System\VlfmEez.exe
  C:\Windows\System\VlfmEez.exe
  2⤵
  PID:7504
- C:\Windows\System\MdKwBkz.exe
  C:\Windows\System\MdKwBkz.exe
  2⤵
  PID:7596
- C:\Windows\System\JViEytZ.exe
  C:\Windows\System\JViEytZ.exe
  2⤵
  PID:7616
- C:\Windows\System\dOsosmN.exe
  C:\Windows\System\dOsosmN.exe
  2⤵
  PID:7676
- C:\Windows\System\vJbeZAU.exe
  C:\Windows\System\vJbeZAU.exe
  2⤵
  PID:7728
- C:\Windows\System\Oxghctu.exe
  C:\Windows\System\Oxghctu.exe
  2⤵
  PID:7780
- C:\Windows\System\gtUnCTY.exe
  C:\Windows\System\gtUnCTY.exe
  2⤵
  PID:7864
- C:\Windows\System\DRrikix.exe
  C:\Windows\System\DRrikix.exe
  2⤵
  PID:7892
- C:\Windows\System\LaDgddj.exe
  C:\Windows\System\LaDgddj.exe
  2⤵
  PID:7928
- C:\Windows\System\TaAeblQ.exe
  C:\Windows\System\TaAeblQ.exe
  2⤵
  PID:7948
- C:\Windows\System\MGsQYpy.exe
  C:\Windows\System\MGsQYpy.exe
  2⤵
  PID:7976
- C:\Windows\System\AcQVyoX.exe
  C:\Windows\System\AcQVyoX.exe
  2⤵
  PID:8004
- C:\Windows\System\KaAXsow.exe
  C:\Windows\System\KaAXsow.exe
  2⤵
  PID:8024
- C:\Windows\System\ysLPcPF.exe
  C:\Windows\System\ysLPcPF.exe
  2⤵
  PID:8064
- C:\Windows\System\vOCYrFN.exe
  C:\Windows\System\vOCYrFN.exe
  2⤵
  PID:8088
- C:\Windows\System\cPWMvmA.exe
  C:\Windows\System\cPWMvmA.exe
  2⤵
  PID:8116
- C:\Windows\System\lCfxMnR.exe
  C:\Windows\System\lCfxMnR.exe
  2⤵
  PID:8144
- C:\Windows\System\GiAfmVq.exe
  C:\Windows\System\GiAfmVq.exe
  2⤵
  PID:8172
- C:\Windows\System\pkaDnny.exe
  C:\Windows\System\pkaDnny.exe
  2⤵
  PID:4456
- C:\Windows\System\xpXEmOm.exe
  C:\Windows\System\xpXEmOm.exe
  2⤵
  PID:216
- C:\Windows\System\rqPFyGH.exe
  C:\Windows\System\rqPFyGH.exe
  2⤵
  PID:3020
- C:\Windows\System\FfNbBha.exe
  C:\Windows\System\FfNbBha.exe
  2⤵
  PID:7212
- C:\Windows\System\aYienwz.exe
  C:\Windows\System\aYienwz.exe
  2⤵
  PID:7280
- C:\Windows\System\JajLIuv.exe
  C:\Windows\System\JajLIuv.exe
  2⤵
  PID:7396
- C:\Windows\System\cRsdrOl.exe
  C:\Windows\System\cRsdrOl.exe
  2⤵
  PID:7452
- C:\Windows\System\HlyGJfu.exe
  C:\Windows\System\HlyGJfu.exe
  2⤵
  PID:7568
- C:\Windows\System\VwafZBe.exe
  C:\Windows\System\VwafZBe.exe
  2⤵
  PID:7484
- C:\Windows\System\DSOxIjw.exe
  C:\Windows\System\DSOxIjw.exe
  2⤵
  PID:7672
- C:\Windows\System\UawCyAD.exe
  C:\Windows\System\UawCyAD.exe
  2⤵
  PID:7724
- C:\Windows\System\JYmmcDB.exe
  C:\Windows\System\JYmmcDB.exe
  2⤵
  PID:7860
- C:\Windows\System\gxsUCBR.exe
  C:\Windows\System\gxsUCBR.exe
  2⤵
  PID:7916
- C:\Windows\System\ZfOsfNQ.exe
  C:\Windows\System\ZfOsfNQ.exe
  2⤵
  PID:7988
- C:\Windows\System\FQnwGGH.exe
  C:\Windows\System\FQnwGGH.exe
  2⤵
  PID:8052
- C:\Windows\System\ZfGewHf.exe
  C:\Windows\System\ZfGewHf.exe
  2⤵
  PID:8140
- C:\Windows\System\CgsnPMR.exe
  C:\Windows\System\CgsnPMR.exe
  2⤵
  PID:6540
- C:\Windows\System\GwArEQU.exe
  C:\Windows\System\GwArEQU.exe
  2⤵
  PID:7336
- C:\Windows\System\CSXJoPa.exe
  C:\Windows\System\CSXJoPa.exe
  2⤵
  PID:7532
- C:\Windows\System\UYVuALt.exe
  C:\Windows\System\UYVuALt.exe
  2⤵
  PID:7760
- C:\Windows\System\dKGwNjH.exe
  C:\Windows\System\dKGwNjH.exe
  2⤵
  PID:7968
- C:\Windows\System\qYPJjCr.exe
  C:\Windows\System\qYPJjCr.exe
  2⤵
  PID:8128
- C:\Windows\System\qHTTpYA.exe
  C:\Windows\System\qHTTpYA.exe
  2⤵
  PID:7240
- C:\Windows\System\givohyO.exe
  C:\Windows\System\givohyO.exe
  2⤵
  PID:7476
- C:\Windows\System\fnbdrJj.exe
  C:\Windows\System\fnbdrJj.exe
  2⤵
  PID:7592
- C:\Windows\System\nYuGlzK.exe
  C:\Windows\System\nYuGlzK.exe
  2⤵
  PID:7696
- C:\Windows\System\wVbSzXO.exe
  C:\Windows\System\wVbSzXO.exe
  2⤵
  PID:7264
- C:\Windows\System\vJRyFBA.exe
  C:\Windows\System\vJRyFBA.exe
  2⤵
  PID:7608
- C:\Windows\System\ZkiUQwB.exe
  C:\Windows\System\ZkiUQwB.exe
  2⤵
  PID:7604
- C:\Windows\System\uMQtpxP.exe
  C:\Windows\System\uMQtpxP.exe
  2⤵
  PID:8208
- C:\Windows\System\TmXlGkD.exe
  C:\Windows\System\TmXlGkD.exe
  2⤵
  PID:8228
- C:\Windows\System\TpJlmAu.exe
  C:\Windows\System\TpJlmAu.exe
  2⤵
  PID:8244
- C:\Windows\System\cpNFLqu.exe
  C:\Windows\System\cpNFLqu.exe
  2⤵
  PID:8280
- C:\Windows\System\DTpJFMN.exe
  C:\Windows\System\DTpJFMN.exe
  2⤵
  PID:8312
- C:\Windows\System\mrdyhEJ.exe
  C:\Windows\System\mrdyhEJ.exe
  2⤵
  PID:8340
- C:\Windows\System\xTUxJPQ.exe
  C:\Windows\System\xTUxJPQ.exe
  2⤵
  PID:8356
- C:\Windows\System\CGgptbN.exe
  C:\Windows\System\CGgptbN.exe
  2⤵
  PID:8380
- C:\Windows\System\RjlXXTy.exe
  C:\Windows\System\RjlXXTy.exe
  2⤵
  PID:8412
- C:\Windows\System\spIDZGo.exe
  C:\Windows\System\spIDZGo.exe
  2⤵
  PID:8440
- C:\Windows\System\DXQBupi.exe
  C:\Windows\System\DXQBupi.exe
  2⤵
  PID:8476
- C:\Windows\System\ooxYlQu.exe
  C:\Windows\System\ooxYlQu.exe
  2⤵
  PID:8516
- C:\Windows\System\XCkzIyM.exe
  C:\Windows\System\XCkzIyM.exe
  2⤵
  PID:8552
- C:\Windows\System\rknXThi.exe
  C:\Windows\System\rknXThi.exe
  2⤵
  PID:8580
- C:\Windows\System\mcSFgQB.exe
  C:\Windows\System\mcSFgQB.exe
  2⤵
  PID:8608
- C:\Windows\System\oStSaFQ.exe
  C:\Windows\System\oStSaFQ.exe
  2⤵
  PID:8636
- C:\Windows\System\rzKoNHv.exe
  C:\Windows\System\rzKoNHv.exe
  2⤵
  PID:8664
- C:\Windows\System\PYTBgGL.exe
  C:\Windows\System\PYTBgGL.exe
  2⤵
  PID:8692
- C:\Windows\System\aRetgmc.exe
  C:\Windows\System\aRetgmc.exe
  2⤵
  PID:8720
- C:\Windows\System\EwulSKW.exe
  C:\Windows\System\EwulSKW.exe
  2⤵
  PID:8736
- C:\Windows\System\Gerecxa.exe
  C:\Windows\System\Gerecxa.exe
  2⤵
  PID:8764
- C:\Windows\System\VCZgefk.exe
  C:\Windows\System\VCZgefk.exe
  2⤵
  PID:8804
- C:\Windows\System\fenqwSE.exe
  C:\Windows\System\fenqwSE.exe
  2⤵
  PID:8832
- C:\Windows\System\BQWjvas.exe
  C:\Windows\System\BQWjvas.exe
  2⤵
  PID:8860
- C:\Windows\System\TSvWKTe.exe
  C:\Windows\System\TSvWKTe.exe
  2⤵
  PID:8876
- C:\Windows\System\FNSXCxE.exe
  C:\Windows\System\FNSXCxE.exe
  2⤵
  PID:8908
- C:\Windows\System\TWuARWd.exe
  C:\Windows\System\TWuARWd.exe
  2⤵
  PID:8940
- C:\Windows\System\YHCOVGD.exe
  C:\Windows\System\YHCOVGD.exe
  2⤵
  PID:8984
- C:\Windows\System\GTrhoJn.exe
  C:\Windows\System\GTrhoJn.exe
  2⤵
  PID:9004
- C:\Windows\System\UcpTdoS.exe
  C:\Windows\System\UcpTdoS.exe
  2⤵
  PID:9032
- C:\Windows\System\rtMOtiL.exe
  C:\Windows\System\rtMOtiL.exe
  2⤵
  PID:9064
- C:\Windows\System\lcYkVyz.exe
  C:\Windows\System\lcYkVyz.exe
  2⤵
  PID:9084
- C:\Windows\System\fHpjQdV.exe
  C:\Windows\System\fHpjQdV.exe
  2⤵
  PID:9112
- C:\Windows\System\flejwmY.exe
  C:\Windows\System\flejwmY.exe
  2⤵
  PID:9132
- C:\Windows\System\KFIOwpw.exe
  C:\Windows\System\KFIOwpw.exe
  2⤵
  PID:9176
- C:\Windows\System\yRXMpkU.exe
  C:\Windows\System\yRXMpkU.exe
  2⤵
  PID:9196
- C:\Windows\System\gstbKPS.exe
  C:\Windows\System\gstbKPS.exe
  2⤵
  PID:8216
- C:\Windows\System\PkbxGRV.exe
  C:\Windows\System\PkbxGRV.exe
  2⤵
  PID:8300
- C:\Windows\System\lPyRAPr.exe
  C:\Windows\System\lPyRAPr.exe
  2⤵
  PID:8436
- C:\Windows\System\qSvqkAq.exe
  C:\Windows\System\qSvqkAq.exe
  2⤵
  PID:8428
- C:\Windows\System\sBSmVLL.exe
  C:\Windows\System\sBSmVLL.exe
  2⤵
  PID:8544
- C:\Windows\System\RMpuIEp.exe
  C:\Windows\System\RMpuIEp.exe
  2⤵
  PID:8572
- C:\Windows\System\RSVgysm.exe
  C:\Windows\System\RSVgysm.exe
  2⤵
  PID:8688
- C:\Windows\System\fsXaKMe.exe
  C:\Windows\System\fsXaKMe.exe
  2⤵
  PID:8712
- C:\Windows\System\bTClxxF.exe
  C:\Windows\System\bTClxxF.exe
  2⤵
  PID:8792
- C:\Windows\System\DYxoVrV.exe
  C:\Windows\System\DYxoVrV.exe
  2⤵
  PID:8844
- C:\Windows\System\jdSUVkn.exe
  C:\Windows\System\jdSUVkn.exe
  2⤵
  PID:8892
- C:\Windows\System\SPLlpYf.exe
  C:\Windows\System\SPLlpYf.exe
  2⤵
  PID:8968
- C:\Windows\System\zzbOiXr.exe
  C:\Windows\System\zzbOiXr.exe
  2⤵
  PID:9076
- C:\Windows\System\hmAisSE.exe
  C:\Windows\System\hmAisSE.exe
  2⤵
  PID:9060
- C:\Windows\System\DZVVxnB.exe
  C:\Windows\System\DZVVxnB.exe
  2⤵
  PID:9124
- C:\Windows\System\fugmyXD.exe
  C:\Windows\System\fugmyXD.exe
  2⤵
  PID:8264
- C:\Windows\System\uASnlUQ.exe
  C:\Windows\System\uASnlUQ.exe
  2⤵
  PID:8484
- C:\Windows\System\LDmbVnM.exe
  C:\Windows\System\LDmbVnM.exe
  2⤵
  PID:8536
- C:\Windows\System\VyufFhu.exe
  C:\Windows\System\VyufFhu.exe
  2⤵
  PID:8656
- C:\Windows\System\UvcuVNL.exe
  C:\Windows\System\UvcuVNL.exe
  2⤵
  PID:8756
- C:\Windows\System\zLTbOBY.exe
  C:\Windows\System\zLTbOBY.exe
  2⤵
  PID:8964
- C:\Windows\System\ZMgurJU.exe
  C:\Windows\System\ZMgurJU.exe
  2⤵
  PID:9140
- C:\Windows\System\HKerbVB.exe
  C:\Windows\System\HKerbVB.exe
  2⤵
  PID:8364
- C:\Windows\System\GdTzZEQ.exe
  C:\Windows\System\GdTzZEQ.exe
  2⤵
  PID:8704
- C:\Windows\System\PFxRKIG.exe
  C:\Windows\System\PFxRKIG.exe
  2⤵
  PID:9020
- C:\Windows\System\GRAkuBE.exe
  C:\Windows\System\GRAkuBE.exe
  2⤵
  PID:9224
- C:\Windows\System\SkZEoco.exe
  C:\Windows\System\SkZEoco.exe
  2⤵
  PID:9256
- C:\Windows\System\ZuOgyNN.exe
  C:\Windows\System\ZuOgyNN.exe
  2⤵
  PID:9284
- C:\Windows\System\EAMRmNf.exe
  C:\Windows\System\EAMRmNf.exe
  2⤵
  PID:9324
- C:\Windows\System\qgTiZfg.exe
  C:\Windows\System\qgTiZfg.exe
  2⤵
  PID:9352
- C:\Windows\System\rmhfpux.exe
  C:\Windows\System\rmhfpux.exe
  2⤵
  PID:9368
- C:\Windows\System\DVuNcXW.exe
  C:\Windows\System\DVuNcXW.exe
  2⤵
  PID:9400
- C:\Windows\System\GrxyyPV.exe
  C:\Windows\System\GrxyyPV.exe
  2⤵
  PID:9436
- C:\Windows\System\SdmqNnC.exe
  C:\Windows\System\SdmqNnC.exe
  2⤵
  PID:9464
- C:\Windows\System\xsnsBzg.exe
  C:\Windows\System\xsnsBzg.exe
  2⤵
  PID:9492
- C:\Windows\System\jJpXIZQ.exe
  C:\Windows\System\jJpXIZQ.exe
  2⤵
  PID:9508
- C:\Windows\System\tDIkeaC.exe
  C:\Windows\System\tDIkeaC.exe
  2⤵
  PID:9524
- C:\Windows\System\NYcVKez.exe
  C:\Windows\System\NYcVKez.exe
  2⤵
  PID:9560
- C:\Windows\System\UDVDPXE.exe
  C:\Windows\System\UDVDPXE.exe
  2⤵
  PID:9600
- C:\Windows\System\SRzwCMa.exe
  C:\Windows\System\SRzwCMa.exe
  2⤵
  PID:9632
- C:\Windows\System\Recjgsa.exe
  C:\Windows\System\Recjgsa.exe
  2⤵
  PID:9664
- C:\Windows\System\rIwXQKF.exe
  C:\Windows\System\rIwXQKF.exe
  2⤵
  PID:9680
- C:\Windows\System\NoCGUJQ.exe
  C:\Windows\System\NoCGUJQ.exe
  2⤵
  PID:9712
- C:\Windows\System\RrRvJAc.exe
  C:\Windows\System\RrRvJAc.exe
  2⤵
  PID:9740
- C:\Windows\System\wjEaVah.exe
  C:\Windows\System\wjEaVah.exe
  2⤵
  PID:9764
- C:\Windows\System\EIwbZue.exe
  C:\Windows\System\EIwbZue.exe
  2⤵
  PID:9792
- C:\Windows\System\ZDYertC.exe
  C:\Windows\System\ZDYertC.exe
  2⤵
  PID:9820
- C:\Windows\System\utSHTxZ.exe
  C:\Windows\System\utSHTxZ.exe
  2⤵
  PID:9848
- C:\Windows\System\GuXObjW.exe
  C:\Windows\System\GuXObjW.exe
  2⤵
  PID:9888
- C:\Windows\System\pmOVDno.exe
  C:\Windows\System\pmOVDno.exe
  2⤵
  PID:9916
- C:\Windows\System\cpmhZRx.exe
  C:\Windows\System\cpmhZRx.exe
  2⤵
  PID:9932
- C:\Windows\System\QvfDsOk.exe
  C:\Windows\System\QvfDsOk.exe
  2⤵
  PID:9972
- C:\Windows\System\gWmBHNz.exe
  C:\Windows\System\gWmBHNz.exe
  2⤵
  PID:10000
- C:\Windows\System\IiKMBog.exe
  C:\Windows\System\IiKMBog.exe
  2⤵
  PID:10016
- C:\Windows\System\tpvLLtf.exe
  C:\Windows\System\tpvLLtf.exe
  2⤵
  PID:10048
- C:\Windows\System\HJdanjf.exe
  C:\Windows\System\HJdanjf.exe
  2⤵
  PID:10076
- C:\Windows\System\PTWrcJU.exe
  C:\Windows\System\PTWrcJU.exe
  2⤵
  PID:10112
- C:\Windows\System\viprumA.exe
  C:\Windows\System\viprumA.exe
  2⤵
  PID:10144
- C:\Windows\System\gfZzTgv.exe
  C:\Windows\System\gfZzTgv.exe
  2⤵
  PID:10172
- C:\Windows\System\MyWbrNu.exe
  C:\Windows\System\MyWbrNu.exe
  2⤵
  PID:10200
- C:\Windows\System\UaHnopb.exe
  C:\Windows\System\UaHnopb.exe
  2⤵
  PID:10228
- C:\Windows\System\EaqPaNb.exe
  C:\Windows\System\EaqPaNb.exe
  2⤵
  PID:8532
- C:\Windows\System\SzTqJOT.exe
  C:\Windows\System\SzTqJOT.exe
  2⤵
  PID:9248
- C:\Windows\System\ysEcNAS.exe
  C:\Windows\System\ysEcNAS.exe
  2⤵
  PID:9308
- C:\Windows\System\bEzNcXN.exe
  C:\Windows\System\bEzNcXN.exe
  2⤵
  PID:9408
- C:\Windows\System\xVRheoM.exe
  C:\Windows\System\xVRheoM.exe
  2⤵
  PID:9484
- C:\Windows\System\BlXKORW.exe
  C:\Windows\System\BlXKORW.exe
  2⤵
  PID:9520
- C:\Windows\System\FKGatEi.exe
  C:\Windows\System\FKGatEi.exe
  2⤵
  PID:9572
- C:\Windows\System\tWMpidI.exe
  C:\Windows\System\tWMpidI.exe
  2⤵
  PID:9644
- C:\Windows\System\zszUOpn.exe
  C:\Windows\System\zszUOpn.exe
  2⤵
  PID:9720
- C:\Windows\System\aSMGPaa.exe
  C:\Windows\System\aSMGPaa.exe
  2⤵
  PID:9784
- C:\Windows\System\lyTgzfV.exe
  C:\Windows\System\lyTgzfV.exe
  2⤵
  PID:9840
- C:\Windows\System\PhHMHaQ.exe
  C:\Windows\System\PhHMHaQ.exe
  2⤵
  PID:9900
- C:\Windows\System\neevQCo.exe
  C:\Windows\System\neevQCo.exe
  2⤵
  PID:9988
- C:\Windows\System\bTWwAdX.exe
  C:\Windows\System\bTWwAdX.exe
  2⤵
  PID:10032
- C:\Windows\System\qjHuHbW.exe
  C:\Windows\System\qjHuHbW.exe
  2⤵
  PID:10100
- C:\Windows\System\OfixhOs.exe
  C:\Windows\System\OfixhOs.exe
  2⤵
  PID:10160
- C:\Windows\System\scFXIuQ.exe
  C:\Windows\System\scFXIuQ.exe
  2⤵
  PID:10196
- C:\Windows\System\jljcWVf.exe
  C:\Windows\System\jljcWVf.exe
  2⤵
  PID:8324
- C:\Windows\System\TpsoqGI.exe
  C:\Windows\System\TpsoqGI.exe
  2⤵
  PID:9460
- C:\Windows\System\llwMgww.exe
  C:\Windows\System\llwMgww.exe
  2⤵
  PID:9556
- C:\Windows\System\GXUMioT.exe
  C:\Windows\System\GXUMioT.exe
  2⤵
  PID:9760
- C:\Windows\System\BVPfQGC.exe
  C:\Windows\System\BVPfQGC.exe
  2⤵
  PID:9804
- C:\Windows\System\HoswrYs.exe
  C:\Windows\System\HoswrYs.exe
  2⤵
  PID:10060
- C:\Windows\System\KMdgRde.exe
  C:\Windows\System\KMdgRde.exe
  2⤵
  PID:10224
- C:\Windows\System\rFawTGH.exe
  C:\Windows\System\rFawTGH.exe
  2⤵
  PID:9540
- C:\Windows\System\kJomRAO.exe
  C:\Windows\System\kJomRAO.exe
  2⤵
  PID:9952
- C:\Windows\System\tgMMkig.exe
  C:\Windows\System\tgMMkig.exe
  2⤵
  PID:10184
- C:\Windows\System\aXdnxMx.exe
  C:\Windows\System\aXdnxMx.exe
  2⤵
  PID:9832
- C:\Windows\System\ukPihhG.exe
  C:\Windows\System\ukPihhG.exe
  2⤵
  PID:10272
- C:\Windows\System\RhLIJZC.exe
  C:\Windows\System\RhLIJZC.exe
  2⤵
  PID:10300
- C:\Windows\System\vzILAQC.exe
  C:\Windows\System\vzILAQC.exe
  2⤵
  PID:10332
- C:\Windows\System\DOvwqhP.exe
  C:\Windows\System\DOvwqhP.exe
  2⤵
  PID:10360
- C:\Windows\System\ZbjhaAg.exe
  C:\Windows\System\ZbjhaAg.exe
  2⤵
  PID:10388
- C:\Windows\System\IuTAEik.exe
  C:\Windows\System\IuTAEik.exe
  2⤵
  PID:10416
- C:\Windows\System\NWcUGHU.exe
  C:\Windows\System\NWcUGHU.exe
  2⤵
  PID:10440
- C:\Windows\System\ZHegEcv.exe
  C:\Windows\System\ZHegEcv.exe
  2⤵
  PID:10460
- C:\Windows\System\CdOzBUP.exe
  C:\Windows\System\CdOzBUP.exe
  2⤵
  PID:10500
- C:\Windows\System\kuyeHhr.exe
  C:\Windows\System\kuyeHhr.exe
  2⤵
  PID:10520
- C:\Windows\System\mTAWvBU.exe
  C:\Windows\System\mTAWvBU.exe
  2⤵
  PID:10556
- C:\Windows\System\HaFdxTX.exe
  C:\Windows\System\HaFdxTX.exe
  2⤵
  PID:10584
- C:\Windows\System\SNwABst.exe
  C:\Windows\System\SNwABst.exe
  2⤵
  PID:10612
- C:\Windows\System\DXBhDOH.exe
  C:\Windows\System\DXBhDOH.exe
  2⤵
  PID:10628
- C:\Windows\System\ATGypQI.exe
  C:\Windows\System\ATGypQI.exe
  2⤵
  PID:10668
- C:\Windows\System\OyJtVcz.exe
  C:\Windows\System\OyJtVcz.exe
  2⤵
  PID:10700
- C:\Windows\System\QPIHAIw.exe
  C:\Windows\System\QPIHAIw.exe
  2⤵
  PID:10724
- C:\Windows\System\bgqBBVy.exe
  C:\Windows\System\bgqBBVy.exe
  2⤵
  PID:10748
- C:\Windows\System\YTXEQEF.exe
  C:\Windows\System\YTXEQEF.exe
  2⤵
  PID:10776
- C:\Windows\System\lOtdXeb.exe
  C:\Windows\System\lOtdXeb.exe
  2⤵
  PID:10816
- C:\Windows\System\oGZqIJH.exe
  C:\Windows\System\oGZqIJH.exe
  2⤵
  PID:10844
- C:\Windows\System\qFlzKtw.exe
  C:\Windows\System\qFlzKtw.exe
  2⤵
  PID:10864
- C:\Windows\System\YuXUmfn.exe
  C:\Windows\System\YuXUmfn.exe
  2⤵
  PID:10896
- C:\Windows\System\NEwomwd.exe
  C:\Windows\System\NEwomwd.exe
  2⤵
  PID:10916
- C:\Windows\System\KGZDMJG.exe
  C:\Windows\System\KGZDMJG.exe
  2⤵
  PID:10948
- C:\Windows\System\oguShvU.exe
  C:\Windows\System\oguShvU.exe
  2⤵
  PID:10972
- C:\Windows\System\lFTMxUx.exe
  C:\Windows\System\lFTMxUx.exe
  2⤵
  PID:11000
- C:\Windows\System\PNEYLkx.exe
  C:\Windows\System\PNEYLkx.exe
  2⤵
  PID:11040
- C:\Windows\System\aMmfpTy.exe
  C:\Windows\System\aMmfpTy.exe
  2⤵
  PID:11068
- C:\Windows\System\wsyOUda.exe
  C:\Windows\System\wsyOUda.exe
  2⤵
  PID:11084
- C:\Windows\System\CFQrvmy.exe
  C:\Windows\System\CFQrvmy.exe
  2⤵
  PID:11124
- C:\Windows\System\ZXKEGUt.exe
  C:\Windows\System\ZXKEGUt.exe
  2⤵
  PID:11152
- C:\Windows\System\AbnYuwH.exe
  C:\Windows\System\AbnYuwH.exe
  2⤵
  PID:11168
- C:\Windows\System\pyLXvdv.exe
  C:\Windows\System\pyLXvdv.exe
  2⤵
  PID:11200
- C:\Windows\System\ByGoVAy.exe
  C:\Windows\System\ByGoVAy.exe
  2⤵
  PID:11236
- C:\Windows\System\WAbisOi.exe
  C:\Windows\System\WAbisOi.exe
  2⤵
  PID:10192
- C:\Windows\System\YEmZVqo.exe
  C:\Windows\System\YEmZVqo.exe
  2⤵
  PID:10256
- C:\Windows\System\MRhBOdX.exe
  C:\Windows\System\MRhBOdX.exe
  2⤵
  PID:1236
- C:\Windows\System\aYCFLDR.exe
  C:\Windows\System\aYCFLDR.exe
  2⤵
  PID:10352
- C:\Windows\System\RxmhPOC.exe
  C:\Windows\System\RxmhPOC.exe
  2⤵
  PID:10452
- C:\Windows\System\tVeuGpP.exe
  C:\Windows\System\tVeuGpP.exe
  2⤵
  PID:10528
- C:\Windows\System\EMlAcBo.exe
  C:\Windows\System\EMlAcBo.exe
  2⤵
  PID:10580
- C:\Windows\System\dOZaNKC.exe
  C:\Windows\System\dOZaNKC.exe
  2⤵
  PID:10648
- C:\Windows\System\cjIwyIN.exe
  C:\Windows\System\cjIwyIN.exe
  2⤵
  PID:10716
- C:\Windows\System\HddVuVA.exe
  C:\Windows\System\HddVuVA.exe
  2⤵
  PID:10772
- C:\Windows\System\XFYsINr.exe
  C:\Windows\System\XFYsINr.exe
  2⤵
  PID:10808
- C:\Windows\System\bopDjwC.exe
  C:\Windows\System\bopDjwC.exe
  2⤵
  PID:10880
- C:\Windows\System\iostUuK.exe
  C:\Windows\System\iostUuK.exe
  2⤵
  PID:10960
- C:\Windows\System\efRdyvE.exe
  C:\Windows\System\efRdyvE.exe
  2⤵
  PID:11020
- C:\Windows\System\sSnOgxK.exe
  C:\Windows\System\sSnOgxK.exe
  2⤵
  PID:11080
- C:\Windows\System\HqXTyUa.exe
  C:\Windows\System\HqXTyUa.exe
  2⤵
  PID:11164
- C:\Windows\System\yiIXkXU.exe
  C:\Windows\System\yiIXkXU.exe
  2⤵
  PID:11216
- C:\Windows\System\aUONaoH.exe
  C:\Windows\System\aUONaoH.exe
  2⤵
  PID:10252
- C:\Windows\System\lYPzfzx.exe
  C:\Windows\System\lYPzfzx.exe
  2⤵
  PID:10404
- C:\Windows\System\bJicwoz.exe
  C:\Windows\System\bJicwoz.exe
  2⤵
  PID:10544
- C:\Windows\System\VYzrpTq.exe
  C:\Windows\System\VYzrpTq.exe
  2⤵
  PID:10608
- C:\Windows\System\qiZWiWT.exe
  C:\Windows\System\qiZWiWT.exe
  2⤵
  PID:10788
- C:\Windows\System\SxmdEmU.exe
  C:\Windows\System\SxmdEmU.exe
  2⤵
  PID:10908
- C:\Windows\System\VzcqecB.exe
  C:\Windows\System\VzcqecB.exe
  2⤵
  PID:11104
- C:\Windows\System\asSxvPk.exe
  C:\Windows\System\asSxvPk.exe
  2⤵
  PID:11208
- C:\Windows\System\kDMcgGN.exe
  C:\Windows\System\kDMcgGN.exe
  2⤵
  PID:10492
- C:\Windows\System\urIVKdn.exe
  C:\Windows\System\urIVKdn.exe
  2⤵
  PID:4712
- C:\Windows\System\UkRvtjC.exe
  C:\Windows\System\UkRvtjC.exe
  2⤵
  PID:11428
- C:\Windows\System\SPaaeTX.exe
  C:\Windows\System\SPaaeTX.exe
  2⤵
  PID:11444
- C:\Windows\System\gvBETCN.exe
  C:\Windows\System\gvBETCN.exe
  2⤵
  PID:11468
- C:\Windows\System\fWZfQSK.exe
  C:\Windows\System\fWZfQSK.exe
  2⤵
  PID:11504
- C:\Windows\System\XzhoJMk.exe
  C:\Windows\System\XzhoJMk.exe
  2⤵
  PID:11532
- C:\Windows\System\ocpoJvs.exe
  C:\Windows\System\ocpoJvs.exe
  2⤵
  PID:11576
- C:\Windows\System\fzYeoOG.exe
  C:\Windows\System\fzYeoOG.exe
  2⤵
  PID:11592
- C:\Windows\System\PZodeHw.exe
  C:\Windows\System\PZodeHw.exe
  2⤵
  PID:11632
- C:\Windows\System\aNSIihx.exe
  C:\Windows\System\aNSIihx.exe
  2⤵
  PID:11652
- C:\Windows\System\vdDRcRg.exe
  C:\Windows\System\vdDRcRg.exe
  2⤵
  PID:11688
- C:\Windows\System\tNozlhh.exe
  C:\Windows\System\tNozlhh.exe
  2⤵
  PID:11720
- C:\Windows\System\rqnyCfs.exe
  C:\Windows\System\rqnyCfs.exe
  2⤵
  PID:11736
- C:\Windows\System\fUGkZpV.exe
  C:\Windows\System\fUGkZpV.exe
  2⤵
  PID:11776
- C:\Windows\System\TltSrIY.exe
  C:\Windows\System\TltSrIY.exe
  2⤵
  PID:11804
- C:\Windows\System\bXUSpqh.exe
  C:\Windows\System\bXUSpqh.exe
  2⤵
  PID:11832
- C:\Windows\System\nCTzspW.exe
  C:\Windows\System\nCTzspW.exe
  2⤵
  PID:11848
- C:\Windows\System\VOWilTU.exe
  C:\Windows\System\VOWilTU.exe
  2⤵
  PID:11876
- C:\Windows\System\XIvRUAC.exe
  C:\Windows\System\XIvRUAC.exe
  2⤵
  PID:11896
- C:\Windows\System\jdKQBLc.exe
  C:\Windows\System\jdKQBLc.exe
  2⤵
  PID:11912
- C:\Windows\System\VODmsxy.exe
  C:\Windows\System\VODmsxy.exe
  2⤵
  PID:11972
- C:\Windows\System\UBcBSqr.exe
  C:\Windows\System\UBcBSqr.exe
  2⤵
  PID:12000
- C:\Windows\System\dlwoCrL.exe
  C:\Windows\System\dlwoCrL.exe
  2⤵
  PID:12028
- C:\Windows\System\ZYfIpHH.exe
  C:\Windows\System\ZYfIpHH.exe
  2⤵
  PID:12044
- C:\Windows\System\YeNdJGn.exe
  C:\Windows\System\YeNdJGn.exe
  2⤵
  PID:12084
- C:\Windows\System\ytRzHxY.exe
  C:\Windows\System\ytRzHxY.exe
  2⤵
  PID:12112
- C:\Windows\System\cLFwERD.exe
  C:\Windows\System\cLFwERD.exe
  2⤵
  PID:12140
- C:\Windows\System\xoTpUfU.exe
  C:\Windows\System\xoTpUfU.exe
  2⤵
  PID:12156
- C:\Windows\System\Mhqdmtq.exe
  C:\Windows\System\Mhqdmtq.exe
  2⤵
  PID:12196
- C:\Windows\System\LmKEdvL.exe
  C:\Windows\System\LmKEdvL.exe
  2⤵
  PID:12212
- C:\Windows\System\EDUbvAv.exe
  C:\Windows\System\EDUbvAv.exe
  2⤵
  PID:12240
- C:\Windows\System\jTqgTkr.exe
  C:\Windows\System\jTqgTkr.exe
  2⤵
  PID:12280
- C:\Windows\System\xFcxtqB.exe
  C:\Windows\System\xFcxtqB.exe
  2⤵
  PID:1036
- C:\Windows\System\otsDxFj.exe
  C:\Windows\System\otsDxFj.exe
  2⤵
  PID:10692
- C:\Windows\System\ltrSJnw.exe
  C:\Windows\System\ltrSJnw.exe
  2⤵
  PID:11308
- C:\Windows\System\inYQGnK.exe
  C:\Windows\System\inYQGnK.exe
  2⤵
  PID:11464
- C:\Windows\System\lmFdYdg.exe
  C:\Windows\System\lmFdYdg.exe
  2⤵
  PID:11484
- C:\Windows\System\AygYKta.exe
  C:\Windows\System\AygYKta.exe
  2⤵
  PID:11552
- C:\Windows\System\iNaOrVN.exe
  C:\Windows\System\iNaOrVN.exe
  2⤵
  PID:11388
- C:\Windows\System\NGnBOjj.exe
  C:\Windows\System\NGnBOjj.exe
  2⤵
  PID:11628
- C:\Windows\System\ECZIWYL.exe
  C:\Windows\System\ECZIWYL.exe
  2⤵
  PID:11380
- C:\Windows\System\qdlwymc.exe
  C:\Windows\System\qdlwymc.exe
  2⤵
  PID:11368
- C:\Windows\System\nMhukEO.exe
  C:\Windows\System\nMhukEO.exe
  2⤵
  PID:11376
- C:\Windows\System\WViThzj.exe
  C:\Windows\System\WViThzj.exe
  2⤵
  PID:11752
- C:\Windows\System\LwjFdkw.exe
  C:\Windows\System\LwjFdkw.exe
  2⤵
  PID:11340
- C:\Windows\System\mRiHitz.exe
  C:\Windows\System\mRiHitz.exe
  2⤵
  PID:11332
- C:\Windows\System\MfPYCoK.exe
  C:\Windows\System\MfPYCoK.exe
  2⤵
  PID:11864
- C:\Windows\System\oXkrfIo.exe
  C:\Windows\System\oXkrfIo.exe
  2⤵
  PID:11884
- C:\Windows\System\zUgCAuk.exe
  C:\Windows\System\zUgCAuk.exe
  2⤵
  PID:11992
- C:\Windows\System\ogDskdm.exe
  C:\Windows\System\ogDskdm.exe
  2⤵
  PID:12080
- C:\Windows\System\FVOwVNn.exe
  C:\Windows\System\FVOwVNn.exe
  2⤵
  PID:12148
- C:\Windows\System\BbbXsUh.exe
  C:\Windows\System\BbbXsUh.exe
  2⤵
  PID:12224
- C:\Windows\System\UrceWIT.exe
  C:\Windows\System\UrceWIT.exe
  2⤵
  PID:12264
- C:\Windows\System\OhRUQWa.exe
  C:\Windows\System\OhRUQWa.exe
  2⤵
  PID:10568
- C:\Windows\System\EoRCmJG.exe
  C:\Windows\System\EoRCmJG.exe
  2⤵
  PID:11480
- C:\Windows\System\QFdmVFQ.exe
  C:\Windows\System\QFdmVFQ.exe
  2⤵
  PID:11400
- C:\Windows\System\crKzjTk.exe
  C:\Windows\System\crKzjTk.exe
  2⤵
  PID:11356
- C:\Windows\System\KKMyfOd.exe
  C:\Windows\System\KKMyfOd.exe
  2⤵
  PID:11360
- C:\Windows\System\sLPIvRr.exe
  C:\Windows\System\sLPIvRr.exe
  2⤵
  PID:11824
- C:\Windows\System\IEQQuJf.exe
  C:\Windows\System\IEQQuJf.exe
  2⤵
  PID:11988
- C:\Windows\System\FnAOONh.exe
  C:\Windows\System\FnAOONh.exe
  2⤵
  PID:12060
- C:\Windows\System\oKtJsNX.exe
  C:\Windows\System\oKtJsNX.exe
  2⤵
  PID:2088
- C:\Windows\System\DMSPtRj.exe
  C:\Windows\System\DMSPtRj.exe
  2⤵
  PID:10928
- C:\Windows\System\iPMXLZV.exe
  C:\Windows\System\iPMXLZV.exe
  2⤵
  PID:10740
- C:\Windows\System\tokQjKw.exe
  C:\Windows\System\tokQjKw.exe
  2⤵
  PID:3444
- C:\Windows\System\KBHcnEy.exe
  C:\Windows\System\KBHcnEy.exe
  2⤵
  PID:11796
- C:\Windows\System\UXHnkdr.exe
  C:\Windows\System\UXHnkdr.exe
  2⤵
  PID:4536
- C:\Windows\System\fhRjJwV.exe
  C:\Windows\System\fhRjJwV.exe
  2⤵
  PID:11704
- C:\Windows\System\ptrUMGZ.exe
  C:\Windows\System\ptrUMGZ.exe
  2⤵
  PID:11284
- C:\Windows\System\EGdcuFK.exe
  C:\Windows\System\EGdcuFK.exe
  2⤵
  PID:12296
- C:\Windows\System\boBoImO.exe
  C:\Windows\System\boBoImO.exe
  2⤵
  PID:12336
- C:\Windows\System\NlpiIaz.exe
  C:\Windows\System\NlpiIaz.exe
  2⤵
  PID:12352
- C:\Windows\System\YrUnphw.exe
  C:\Windows\System\YrUnphw.exe
  2⤵
  PID:12392
- C:\Windows\System\UUNXkDt.exe
  C:\Windows\System\UUNXkDt.exe
  2⤵
  PID:12412
- C:\Windows\System\BMVomof.exe
  C:\Windows\System\BMVomof.exe
  2⤵
  PID:12436
- C:\Windows\System\dYdkkjj.exe
  C:\Windows\System\dYdkkjj.exe
  2⤵
  PID:12460
- C:\Windows\System\SmoHMQo.exe
  C:\Windows\System\SmoHMQo.exe
  2⤵
  PID:12492
- C:\Windows\System\WpyDLCq.exe
  C:\Windows\System\WpyDLCq.exe
  2⤵
  PID:12536
- C:\Windows\System\wGHwRDC.exe
  C:\Windows\System\wGHwRDC.exe
  2⤵
  PID:12568
- C:\Windows\System\TJiGUjs.exe
  C:\Windows\System\TJiGUjs.exe
  2⤵
  PID:12584
- C:\Windows\System\uokZvKa.exe
  C:\Windows\System\uokZvKa.exe
  2⤵
  PID:12612
- C:\Windows\System\GHeZPtA.exe
  C:\Windows\System\GHeZPtA.exe
  2⤵
  PID:12628
- C:\Windows\System\PvtLEPs.exe
  C:\Windows\System\PvtLEPs.exe
  2⤵
  PID:12676
- C:\Windows\System\QvbAAbB.exe
  C:\Windows\System\QvbAAbB.exe
  2⤵
  PID:12696
- C:\Windows\System\HtJSlzx.exe
  C:\Windows\System\HtJSlzx.exe
  2⤵
  PID:12724
- C:\Windows\System\mnPmjgG.exe
  C:\Windows\System\mnPmjgG.exe
  2⤵
  PID:12752
- C:\Windows\System\qGiPUNO.exe
  C:\Windows\System\qGiPUNO.exe
  2⤵
  PID:12780
- C:\Windows\System\xUOkXwl.exe
  C:\Windows\System\xUOkXwl.exe
  2⤵
  PID:12808
- C:\Windows\System\sajmLFW.exe
  C:\Windows\System\sajmLFW.exe
  2⤵
  PID:12824
- C:\Windows\System\TNLkVCT.exe
  C:\Windows\System\TNLkVCT.exe
  2⤵
  PID:12868
- C:\Windows\System\bEvHDwz.exe
  C:\Windows\System\bEvHDwz.exe
  2⤵
  PID:12892
- C:\Windows\System\ymAqQfG.exe
  C:\Windows\System\ymAqQfG.exe
  2⤵
  PID:12920
- C:\Windows\System\EXPDEGC.exe
  C:\Windows\System\EXPDEGC.exe
  2⤵
  PID:12944
- C:\Windows\System\nCbtRON.exe
  C:\Windows\System\nCbtRON.exe
  2⤵
  PID:12976
- C:\Windows\System\XYzzftq.exe
  C:\Windows\System\XYzzftq.exe
  2⤵
  PID:13000
- C:\Windows\System\gzMoPpj.exe
  C:\Windows\System\gzMoPpj.exe
  2⤵
  PID:13032
- C:\Windows\System\faQdyJB.exe
  C:\Windows\System\faQdyJB.exe
  2⤵
  PID:13072
- C:\Windows\System\qzoaozr.exe
  C:\Windows\System\qzoaozr.exe
  2⤵
  PID:13100
- C:\Windows\System\aYcCOZd.exe
  C:\Windows\System\aYcCOZd.exe
  2⤵
  PID:13128
- C:\Windows\System\DfYtWEm.exe
  C:\Windows\System\DfYtWEm.exe
  2⤵
  PID:13144
- C:\Windows\System\pTIkjst.exe
  C:\Windows\System\pTIkjst.exe
  2⤵
  PID:13172
- C:\Windows\System\kJlsSGK.exe
  C:\Windows\System\kJlsSGK.exe
  2⤵
  PID:13212
- C:\Windows\System\PZPKigR.exe
  C:\Windows\System\PZPKigR.exe
  2⤵
  PID:13240
- C:\Windows\System\wCNIZfR.exe
  C:\Windows\System\wCNIZfR.exe
  2⤵
  PID:13268
- C:\Windows\System\OikEaNo.exe
  C:\Windows\System\OikEaNo.exe
  2⤵
  PID:13296
- C:\Windows\System\NzUyWHR.exe
  C:\Windows\System\NzUyWHR.exe
  2⤵
  PID:12320
- C:\Windows\System\ZHSCqhF.exe
  C:\Windows\System\ZHSCqhF.exe
  2⤵
  PID:12384
- C:\Windows\System\pjYocaI.exe
  C:\Windows\System\pjYocaI.exe
  2⤵
  PID:12444
- C:\Windows\System\plHMbjP.exe
  C:\Windows\System\plHMbjP.exe
  2⤵
  PID:12532
- C:\Windows\System\NjSHBdt.exe
  C:\Windows\System\NjSHBdt.exe
  2⤵
  PID:12576
- C:\Windows\System\OmZjSml.exe
  C:\Windows\System\OmZjSml.exe
  2⤵
  PID:12660
- C:\Windows\System\AuQsufK.exe
  C:\Windows\System\AuQsufK.exe
  2⤵
  PID:12684
- C:\Windows\System\cluonna.exe
  C:\Windows\System\cluonna.exe
  2⤵
  PID:12740
- C:\Windows\System\hFZESMh.exe
  C:\Windows\System\hFZESMh.exe
  2⤵
  PID:12844
- C:\Windows\System\fKUNdMW.exe
  C:\Windows\System\fKUNdMW.exe
  2⤵
  PID:12904
- C:\Windows\System\jifGSHy.exe
  C:\Windows\System\jifGSHy.exe
  2⤵
  PID:12964
- C:\Windows\System\AoiphCr.exe
  C:\Windows\System\AoiphCr.exe
  2⤵
  PID:13056
- C:\Windows\System\vemSlcr.exe
  C:\Windows\System\vemSlcr.exe
  2⤵
  PID:13084
- C:\Windows\System\MhYxgfg.exe
  C:\Windows\System\MhYxgfg.exe
  2⤵
  PID:13140
- C:\Windows\System\qsotqyY.exe
  C:\Windows\System\qsotqyY.exe
  2⤵
  PID:13232
- C:\Windows\System\RgUKbQM.exe
  C:\Windows\System\RgUKbQM.exe
  2⤵
  PID:13280
- C:\Windows\System\xRSagKy.exe
  C:\Windows\System\xRSagKy.exe
  2⤵
  PID:4504
- C:\Windows\System\iQnUbCW.exe
  C:\Windows\System\iQnUbCW.exe
  2⤵
  PID:12364
- C:\Windows\System\rtOpepI.exe
  C:\Windows\System\rtOpepI.exe
  2⤵
  PID:12480
- C:\Windows\System\RhQcxHh.exe
  C:\Windows\System\RhQcxHh.exe
  2⤵
  PID:12600
- C:\Windows\System\QDKriva.exe
  C:\Windows\System\QDKriva.exe
  2⤵
  PID:12692
- C:\Windows\System\yXsUGNm.exe
  C:\Windows\System\yXsUGNm.exe
  2⤵
  PID:12908
- C:\Windows\System\HvHLPwM.exe
  C:\Windows\System\HvHLPwM.exe
  2⤵
  PID:13064
- C:\Windows\System\vwxLbVi.exe
  C:\Windows\System\vwxLbVi.exe
  2⤵
  PID:13264
- C:\Windows\System\sPOLXvt.exe
  C:\Windows\System\sPOLXvt.exe
  2⤵
  PID:12564
- C:\Windows\System\WpYXwOe.exe
  C:\Windows\System\WpYXwOe.exe
  2⤵
  PID:12956
- C:\Windows\System\sygGGfB.exe
  C:\Windows\System\sygGGfB.exe
  2⤵
  PID:13200
- C:\Windows\System\fdmvexD.exe
  C:\Windows\System\fdmvexD.exe
  2⤵
  PID:5076
- C:\Windows\System\wRgImjd.exe
  C:\Windows\System\wRgImjd.exe
  2⤵
  PID:13204
- C:\Windows\System\DEwYfis.exe
  C:\Windows\System\DEwYfis.exe
  2⤵
  PID:13332
- C:\Windows\System\PvbnRdS.exe
  C:\Windows\System\PvbnRdS.exe
  2⤵
  PID:13348
- C:\Windows\System\SJasWAx.exe
  C:\Windows\System\SJasWAx.exe
  2⤵
  PID:13372
- C:\Windows\System\NBhjwEr.exe
  C:\Windows\System\NBhjwEr.exe
  2⤵
  PID:13388
- C:\Windows\System\fYjtljV.exe
  C:\Windows\System\fYjtljV.exe
  2⤵
  PID:13416
- C:\Windows\System\DqsRavu.exe
  C:\Windows\System\DqsRavu.exe
  2⤵
  PID:13440
- C:\Windows\System\gURraoO.exe
  C:\Windows\System\gURraoO.exe
  2⤵
  PID:13460
- C:\Windows\System\WYVNJNU.exe
  C:\Windows\System\WYVNJNU.exe
  2⤵
  PID:13476
- C:\Windows\System\muwKeLZ.exe
  C:\Windows\System\muwKeLZ.exe
  2⤵
  PID:13496
- C:\Windows\System\nhbfTri.exe
  C:\Windows\System\nhbfTri.exe
  2⤵
  PID:13548
- C:\Windows\System\dRHwbMW.exe
  C:\Windows\System\dRHwbMW.exe
  2⤵
  PID:13620
- C:\Windows\System\joTWiuC.exe
  C:\Windows\System\joTWiuC.exe
  2⤵
  PID:13636
- C:\Windows\System\ADovCVR.exe
  C:\Windows\System\ADovCVR.exe
  2⤵
  PID:13664
- C:\Windows\System\SYyVgRj.exe
  C:\Windows\System\SYyVgRj.exe
  2⤵
  PID:13704
- C:\Windows\System\hVHPTZy.exe
  C:\Windows\System\hVHPTZy.exe
  2⤵
  PID:13748
- C:\Windows\System\tddAJvZ.exe
  C:\Windows\System\tddAJvZ.exe
  2⤵
  PID:13776
- C:\Windows\System\gLydqgb.exe
  C:\Windows\System\gLydqgb.exe
  2⤵
  PID:13804
- C:\Windows\System\QdhivMv.exe
  C:\Windows\System\QdhivMv.exe
  2⤵
  PID:13820
- C:\Windows\System\OdsAEsX.exe
  C:\Windows\System\OdsAEsX.exe
  2⤵
  PID:13840
- C:\Windows\System\UapcFeB.exe
  C:\Windows\System\UapcFeB.exe
  2⤵
  PID:13864
- C:\Windows\System\tJCYTzR.exe
  C:\Windows\System\tJCYTzR.exe
  2⤵
  PID:13888
- C:\Windows\System\QOroUgp.exe
  C:\Windows\System\QOroUgp.exe
  2⤵
  PID:13944
- C:\Windows\System\PGtOVFN.exe
  C:\Windows\System\PGtOVFN.exe
  2⤵
  PID:13960
- C:\Windows\System\QhKphTc.exe
  C:\Windows\System\QhKphTc.exe
  2⤵
  PID:13988
- C:\Windows\System\vQBvnri.exe
  C:\Windows\System\vQBvnri.exe
  2⤵
  PID:14032
- C:\Windows\System\pICxARx.exe
  C:\Windows\System\pICxARx.exe
  2⤵
  PID:14060
- C:\Windows\System\EmjszgJ.exe
  C:\Windows\System\EmjszgJ.exe
  2⤵
  PID:14088
- C:\Windows\System\nSZGRgq.exe
  C:\Windows\System\nSZGRgq.exe
  2⤵
  PID:14104
- C:\Windows\System\mVmxplV.exe
  C:\Windows\System\mVmxplV.exe
  2⤵
  PID:14144
- C:\Windows\System\oRyudpO.exe
  C:\Windows\System\oRyudpO.exe
  2⤵
  PID:14160
- C:\Windows\System\YaPqITk.exe
  C:\Windows\System\YaPqITk.exe
  2⤵
  PID:14200
- C:\Windows\System\uDBgaBM.exe
  C:\Windows\System\uDBgaBM.exe
  2⤵
  PID:14220
- C:\Windows\System\qpIuRxC.exe
  C:\Windows\System\qpIuRxC.exe
  2⤵
  PID:14244
- C:\Windows\System\ATDINaq.exe
  C:\Windows\System\ATDINaq.exe
  2⤵
  PID:14272
- C:\Windows\System\ZwerSvN.exe
  C:\Windows\System\ZwerSvN.exe
  2⤵
  PID:14300
- C:\Windows\System\USAqpMk.exe
  C:\Windows\System\USAqpMk.exe
  2⤵
  PID:14328
- C:\Windows\System\CEapmWu.exe
  C:\Windows\System\CEapmWu.exe
  2⤵
  PID:13340
- C:\Windows\System\qZRJrql.exe
  C:\Windows\System\qZRJrql.exe
  2⤵
  PID:13412
- C:\Windows\System\DbnNKwd.exe
  C:\Windows\System\DbnNKwd.exe
  2⤵
  PID:13472
- C:\Windows\System\qUcgtuL.exe
  C:\Windows\System\qUcgtuL.exe
  2⤵
  PID:13520
- C:\Windows\System\dkVbVkr.exe
  C:\Windows\System\dkVbVkr.exe
  2⤵
  PID:13648
- C:\Windows\System\cjIvzwP.exe
  C:\Windows\System\cjIvzwP.exe
  2⤵
  PID:13396
- C:\Windows\System\iGjrjit.exe
  C:\Windows\System\iGjrjit.exe
  2⤵
  PID:13744
- C:\Windows\System\lHJSXnS.exe
  C:\Windows\System\lHJSXnS.exe
  2⤵
  PID:13812
- C:\Windows\System\hcXEOdg.exe
  C:\Windows\System\hcXEOdg.exe
  2⤵
  PID:13836
- C:\Windows\System\ykGNrzz.exe
  C:\Windows\System\ykGNrzz.exe
  2⤵
  PID:13940
- C:\Windows\System\vLFlCnm.exe
  C:\Windows\System\vLFlCnm.exe
  2⤵
  PID:13984
- C:\Windows\System\FLFDqxk.exe
  C:\Windows\System\FLFDqxk.exe
  2⤵
  PID:14048
- C:\Windows\System\GpesFvT.exe
  C:\Windows\System\GpesFvT.exe
  2⤵
  PID:14116
- C:\Windows\System\fHjyJGW.exe
  C:\Windows\System\fHjyJGW.exe
  2⤵
  PID:14172
- C:\Windows\System\UpcuHih.exe
  C:\Windows\System\UpcuHih.exe
  2⤵
  PID:14256
- C:\Windows\System\gQVQPBB.exe
  C:\Windows\System\gQVQPBB.exe
  2⤵
  PID:14288
- C:\Windows\System\AKsCICI.exe
  C:\Windows\System\AKsCICI.exe
  2⤵
  PID:13456

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AWMIxjr.exe

Filesize
2.2MB

MD5
4a3b452973bb8d8791dd333258b63ddd

SHA1
05dfe614df169288f8436dbad5faa2106d9d88f1

SHA256
4b26b6f171155f937ca8fd669d5e38831817c1390b73aa61ad0545cabce8632a

SHA512
671504f85c2149c5ed0104ab60983ff0b3151e549b3124221475775977e7a98e0061504432251e75aad42e4a986a282c5409c1276065a27651dbd97363badc2b

Download Submit
C:\Windows\System\AXCCedS.exe

Filesize
2.2MB

MD5
356ed8ccda9fee3dd3f608689baad6da

SHA1
63b89f5581dbf3eec1f74e79a141ae3ae39fc182

SHA256
28cea06574537d3d99acbf2ce90f5f6092142d850daa6c82338b5b632e48a429

SHA512
7fafa37e9281905da787618926aa84bff4183c470169c67322934e6b1d3c31055093cae8b158f62e689986abb2b58683330409d0fa475d3e2533f6053e062d51

Download Submit
C:\Windows\System\BDYAhdc.exe

Filesize
2.2MB

MD5
97b19c2058494da7942c822213ffdea0

SHA1
0c566bbcbcb891c72b6a53828e43d98e7a015b64

SHA256
1a7143c088f1240ca929adbb4c5470e81e23898a93a228ef80e88905f2cd626d

SHA512
758e3fafe7b8f18d22974a3ed4bc583f6d38c059a092395ff3c5a9cc303d14f0c726a95cf1d7d47fbcf5fac1a2098a924bf1da54dfb78c0fbc344402a878141d

Download Submit
C:\Windows\System\BscYAVI.exe

Filesize
2.2MB

MD5
079cd975fc6ae930dc99204a92b7d100

SHA1
666fe91d096bf039e5a2a981f3c073cfb9603a3e

SHA256
81ceafa4fff59353553a1adf3dddae1d0b0ac5156791ca2965dd3b1d4323dda5

SHA512
5f092e11fb05bef747e10d186623d07bbd58c3e88a9929beefcd89ccfaeb4d57d76df90f0162aa045db95204dc2a661900d25eb4465a9c114aff3aef4b10756e

Download Submit
C:\Windows\System\DfgtPnN.exe

Filesize
2.2MB

MD5
88e63302d89758e247a26de93349a09f

SHA1
f6ff84cc768d9008562bd32d5bc7597e40b33f92

SHA256
d5bbf528a5b8bd2eb72e5cda714c300c2814907819ef5a61d2ef5907edea21ae

SHA512
bad81af00b20504b968d8bea11bbd5c32135c76ce04e0b8541950b3e999f4475240e26a1c557e98082ca54dd581078ccbdad15dd615ce7bd8eaa0a5f11de4fc0

Download Submit
C:\Windows\System\EfHHWGX.exe

Filesize
2.2MB

MD5
d4adbc3ae0f4b9c93c00aa18872032f1

SHA1
fabae52e993e8999df5213be83b1900cc11f0c0b

SHA256
0461d3efaeeb2042e1af277b624b788274541217f7e0e66ef1d69822f2e70164

SHA512
db68ab04ba8fb0f4924383bf1c01e9ca63887f89586a52538d258264be07322fb12894ed802b677355c86782c5928a6e7bded73b57d78fb026e0563bc57fdab9

Download Submit
C:\Windows\System\FYSZhqm.exe

Filesize
2.2MB

MD5
85b13900299d48c98536f5c64ef027b8

SHA1
dab528c7a466632599a08c888f748b7366a74951

SHA256
06064c3de94b8243dd425949895d8b4c31017143a2e3433dc5df1131c2e6287a

SHA512
f024b3f2d2de66f73cb0cce913aae72752f3a46c0d1a416c22ca7159c3ad670c9eb7970286cd77f9fa430eacb9574e94d7f00638f20a86c29788364aaf835042

Download Submit
C:\Windows\System\JFEnyjP.exe

Filesize
2.2MB

MD5
99f8057a1713f0a9f27eaa7f9e91a2b4

SHA1
0552c323b2c1efc0f3970b37868b8a0bbc095121

SHA256
b369683dcd733b85d654edce9550df96bba95d885dbd49f5127401a91dba298b

SHA512
9a9a2b0e86dd0ec2f38827b639bcc1ac21c9a0c2d016c69fae51923bcbb161be8fc94c1fa0f266a607b7f485397cd07162858c1f922b30259ba0280bcdfdec6c

Download Submit
C:\Windows\System\KQwrZtf.exe

Filesize
2.2MB

MD5
61e444180d3ad419a6c30f0b554f3fd7

SHA1
b888694c73404aa9122dac5075127ae0ee764d36

SHA256
a012252ab696ed6c75fb661261842880d4b0d6c7caca3724ecb4ce136e913715

SHA512
8051ee5fc2ed89324a7e737083a582cf594dd6a6e0f3767d67fd8ff2034e25bce2299d3cfc733eb1fe0f2bbf78225da02c464237146e836ad88dd6aa0bb1bfdd

Download Submit
C:\Windows\System\NSEEaoB.exe

Filesize
2.2MB

MD5
2b475bb74e49eab1b6ac635396f7bf1e

SHA1
bef4b775298755b75e5f9c00364596f88c1da7f1

SHA256
98ea88879d2719eba9e7acc35b9cb26e87741b1f03f3e857b08b3f3f710870d3

SHA512
fa0bcb3409b773ad8be246b3a7e8f037b00700aa5afa0b91d5803a74d674635eaa8049db7a0e0774a5e726bbe940b29af3fba6283497e929ee808ca6c225761f

Download Submit
C:\Windows\System\NiLwfpu.exe

Filesize
2.2MB

MD5
11b433f59291710af1abec60b2cc12e7

SHA1
6e07c9cd4119af06fd2cc6dcdb588b87ae37560b

SHA256
1a300621525f2076862204582621ada2a604a6532a266761a9c909d2b734f7cd

SHA512
930a514389c285be9fa42bc715f9ffbf9a78437a751dc6944e6f9eb61f1c6fa29d08f5a4f48571566fcd1861d67822de50459ec00ac81f2b7bc96a8b1020666c

Download Submit
C:\Windows\System\NwBkdrX.exe

Filesize
2.2MB

MD5
5023af28e418a17f740125ea8e451fb1

SHA1
c2b795a994c8307c0bee8430205bb2c374ee5047

SHA256
7309a6f4498f15e462b5d8a907d43706450f48ea2b152b7ccba9cc31c08a8d04

SHA512
c6b55bca5e4dba3436a01f6daf120dcf7ebe9c29f5dbfb1c9ea756cbc50dd06d9f1b62de4ea8b136d12b1e49a1010fe14066b6a669a122c168122af76d810612

Download Submit
C:\Windows\System\PZpYzCm.exe

Filesize
2.2MB

MD5
1fbbd8d5dba13694d76df13b6ee4a3d8

SHA1
6bbc6ab8d200edfb9d1792cb95fc2fb60e66406c

SHA256
75884dc1825acb335637a3662d6f7b7f38d9e38f8264827d778243d03b3bf8e5

SHA512
0f5f1de639829896bc919b307288224d352fc6d7b185e3fe8969a0a41cf9b3a623c52b16a14810ae4e2914af1bb5446a6fafe108e8450041191e3b404cb18349

Download Submit
C:\Windows\System\QUozrlC.exe

Filesize
2.2MB

MD5
d611d694a527867ec83760f96f1edc51

SHA1
3840fdf986b5e80bd31809e63d18445bffc8be25

SHA256
07f47cf016a29d65055270778312ac5ee85e55b732ad2dc249f3759f4fd4a9c1

SHA512
8f277e0aa349434be723fe5cab8e63785a79f2884c47a464dcfbe0fe7a3b8e9ba7cf4694e28cf08e07faaa96097e65e8d69e803f4b881d26e825a9fa74d7645f

Download Submit
C:\Windows\System\RYGmDID.exe

Filesize
2.2MB

MD5
74d072ee1144a15e49e93aff83fc6074

SHA1
f7038272a5639c262934e8ab9d81b5bb1820aa69

SHA256
8b56c0dfab14c857350a752016ed70ee0f0914ba0a309d3f7cbd791988c181a6

SHA512
7b9cc8d6ed41469a90a42c31ee47b46e028ba57b50936d83d781d6488b0efde40bf9f8505b7c7e18d71392fd6a38ed21493bc132118a122a56ef2a4c6dc6ae9a

Download Submit
C:\Windows\System\VIUThjK.exe

Filesize
2.2MB

MD5
eeab9128bba254f99ca21695ae8f694e

SHA1
7b173c1bec1c0e952272d5bb95e126de2349a74e

SHA256
f7a32b82498b5bb097f8814bd23d98472f07ace64459e65c7ecfbf5b5c58d9ab

SHA512
183591f268c6a35ff76c615140a123b2db7d39d26196c63a41aaf913d012bcdb848aa0b5f9ebcc618f79fbe4927daa31aa38bb2b7b48d97c5cbcaf164b1f74cc

Download Submit
C:\Windows\System\YwCmqzu.exe

Filesize
2.2MB

MD5
cbfaf935c702f2cc3ee71a0a72e8b092

SHA1
5a7ede1100fefa448f292047ec285378d2cf9dfa

SHA256
57b572e8c377d72ee83b52780800f7d69acef94c20c2894e9add7e48ac635103

SHA512
2ed947efadb178e6703b1e060ee0102ce3c46a150b2df29ef80964209a3257c46ca550f265e9d69a469a0f8dc144662d30fa6a46ebd2470e46ad685d8968e98d

Download Submit
C:\Windows\System\aXcrvRW.exe

Filesize
2.2MB

MD5
30c091aef98c45d192e0d6333c4de974

SHA1
4967dee891794310a1946615ee3d02cfd652c172

SHA256
d2e06d852283c807b769d15492c5d70946635d9421cefdb797ee0cc815755f2f

SHA512
0376f7f55561ed34a46e15f1bbaeaf47927faed60ea5594ea730213b3fee0daa510ec89c44d83268b906eb8bdbe51c68e013864ed37e756efb63f49b21308e74

Download Submit
C:\Windows\System\cnIjckm.exe

Filesize
2.2MB

MD5
16edb1b98c9ec583e51e55fe981cd834

SHA1
33e7da8b34487758d65665e64aa32cf7146f24cb

SHA256
c38bdbeb52d6446c9f3110582bd248c84f4593ebf4ea4ed9940ef4626ead8174

SHA512
92f080fdd6b589f3a61f1c10b433cbfc8d7b40e5ae0881681902ebcbdf6244c9832762f71b27b135317f13ab7445ffd1f0b6713388c44aba0b44220be0173547

Download Submit
C:\Windows\System\dOAathp.exe

Filesize
2.2MB

MD5
672838ed801cfc1a8fa5385ca46eb220

SHA1
ee5bc65e9459339a88516e4359d6bab9d448ec4d

SHA256
7d5568f88f93f4f1ed892601f9103e76bca86a2ac86246282de72cf154156907

SHA512
16988e6372ebe9c98f0615f2922a59ac2fa3c14c737f50ac5b43dc4fbea8e07eece1bb31c1cf16f21a7926b56800e1cb402fccbcd131ff91a9e3294cfa7c359f

Download Submit
C:\Windows\System\dglVlrx.exe

Filesize
2.2MB

MD5
2ff31e5daa399c37114775ddfdec7e67

SHA1
268fad0bf12d3250f5883210e581ec7b06d0d744

SHA256
cf370730b24013d64a2e889ce684e0eb77d050dea915d0a05a3d4a7d04d6bb20

SHA512
6c2ed038f1cd3e144c2a7c7301a236adeb5d14928dafd39c2b47024413c751e7efce4367a4c20e52e424d6d8d564e8a4322776d1fe6fe5d985cff970049f6db4

Download Submit
C:\Windows\System\fqYeYkN.exe

Filesize
2.2MB

MD5
26f3c557cbcb7a3d4f16a1ea395e5f69

SHA1
262af3116587a9ce7cfeb8c8b44bd64abdc36883

SHA256
36429f4a36aead09757315bb8bb6bec4435a37eea601ed0c92673a8b60c1879b

SHA512
bfbe218a4fe5fe7420558ac4144b52ffd73b031179ac6e258d4527ea59cc647aebad7671ebaa0c96dbcae460ab0dfdebdea7d2cff191c2c8ea0a6640d0357763

Download Submit
C:\Windows\System\gQOlRci.exe

Filesize
2.2MB

MD5
15e7c2cfcdf7c02dcaadd103a87000f2

SHA1
321c57b59c1454a5b7d1fbc19f20764e9947ed00

SHA256
ae78b8c63004df0fbbbab3b5e47df05eeedfc9372a63af71b2b1b46067cf963b

SHA512
90524997b0ef9d7f53b9251d627e5973eb86b7b3ee2ba1874b0559dea2b27d13226fe27db8c2eb8c050ed2fd1bef7043c2381193d28859fcad42300863508b88

Download Submit
C:\Windows\System\hSnAVEI.exe

Filesize
2.2MB

MD5
1a2f7f42eebefa21b6847d149d621986

SHA1
2e683109559ca8782a6a637c4626f867b4b208bf

SHA256
8c0ae7e407dd2f2fc6e07339ee1d2529cd784d869eddbbac857e208d7538549b

SHA512
e962840f6dcd7830a492ce0f374401dae58cf7429fe83fbc3f84631494953cf4bdf6d04cf40a6b24c1ddc0a766e0d942148f84d002823356e0510478e91751f4

Download Submit
C:\Windows\System\oYwXQhZ.exe

Filesize
2.2MB

MD5
11fe6f82bafadd5ddcf602b4173d2bb3

SHA1
92a772193bf365e7d153ac84c3e7952f081ce99e

SHA256
abf64422ce8e6ef82dff31c2cdcf2effc0e02bcb3ea8e54cd82500c55fefcfb3

SHA512
b9f6755e29066820d16329bc253eacaaae28b0e820a8f05d4acd09e679a4b474cf9c804d793bcf0fe3e7c82bfab970c09d69e59c1b7223129f8fe4ac47283846

Download Submit
C:\Windows\System\pDuQZsJ.exe

Filesize
2.2MB

MD5
fcff119abcfb77d9c506da548cefc1a6

SHA1
e104834488cff92cdbec5d4777d300feed6d17b7

SHA256
ec4ef1386fbb986658193ebd614ac1a4a1fd6bd3a07d211a63dda691663a81cc

SHA512
50623b12715001529c0ce6387ff64bf6094c78c1d05b5b3cf94993672c1f2d296c91729b35436c1b50ce3fbd3f076cfd9e9eb3c1896d31924c1bc53821df89ea

Download Submit
C:\Windows\System\qsENtgE.exe

Filesize
2.2MB

MD5
d44573cb0fe37ad272695525857f698b

SHA1
a32df8aedb474b944c319a6f11abde108e4ca828

SHA256
90bf0ae3caeb4475eff3951294a99e07cd7755385a3cc199a516b75941e0fe1f

SHA512
11abd7b66712fc1d224c3c69a2b2b7bbf4a5fe5ccbdd06adc6e3358b949a36189b988e88ad274ed4f6e32537609682739558df493ecbc1f03f052da914630409

Download Submit
C:\Windows\System\rCLndBK.exe

Filesize
2.2MB

MD5
89ea86aeef275ca08fe938e12e1d6a6d

SHA1
781307b6877e384ecdac326bf2030ee5f32610a3

SHA256
31b65411b196b0e993a0ea0706b71b9a4a1af835c5a4639b85aced62dd2db156

SHA512
987c215fd51b4a776147b995bc9766ef79211d4943c76f69fa0ee36a064c8c19da0047eb5d1bd24327be212a9454577e93d1d97392d718536b6b6633d4deeaec

Download Submit
C:\Windows\System\uRqFCZx.exe

Filesize
2.2MB

MD5
cd419828b2e2f56ed7d31fcd9371e59c

SHA1
f6c742642516815e0eb55d35c498ea7640501b4f

SHA256
23f0d158eb3700118696b74ed085d50c326a2800d3f8af12834fba942815a7c9

SHA512
42221faec70957ee0b5d584d4d21ea1b26c017dbcb6eace73d970a932efc13779b09ad71c446977af4a64a5798c10cc3e068dd1f407f3624f4bdb1667d9ac3d2

Download Submit
C:\Windows\System\vfIxDcn.exe

Filesize
2.2MB

MD5
bc606283976b9846b9344481ba61e410

SHA1
7ba8c5e157daafa2cbc567cc062060ce49438405

SHA256
8b7bd1906e3fb2b8ae032744fa9106ef69b68c8f4cc8a5e8d7e8b48f5c83d524

SHA512
e7cd1a95f63652ab5f2728039399dedba38d18325a51dfae350e4f6cbb31f24b2408f0684ce24925f7ba492ac9644c871d9c92694a99f478d2ed2ffbc92ab957

Download Submit
C:\Windows\System\wtYYJMU.exe

Filesize
2.2MB

MD5
131d0958a7f6ed4664e8a34d666161ba

SHA1
6954efaee3148788ec944672b9a443dfaa82f689

SHA256
c7296967f7a040f526e706509c99e3b0f6e12276b5a46e420252d49d722b039e

SHA512
523a8b5573f64b0bc408e904445d174d39930e896a790c7dde2a5ac8c664019f977dae92b5c9eaceff3d4984ae1a8e3a25de03cf9bd740ff4adfdd3b2302981c

Download Submit
C:\Windows\System\wwHbzur.exe

Filesize
2.2MB

MD5
82b0c9ad50a0322944bdbbaba7fc3860

SHA1
76b7ed5f43e582e8546fae004956d671aacb7639

SHA256
69e5d8ca3d2bb8a823c45bd9cd87326c5019eb74351cb611671ac9714a2c19e2

SHA512
2eb33d5dfdc078774eda94b8edd63866a38a3e227c0e138016e7f407d0e1fda9851d1422ade9ad260d947e09775e94866922a07648dc6682f0e6f9a98ff2057e

Download Submit
C:\Windows\System\zyXrfgo.exe

Filesize
2.2MB

MD5
aaa9da1c66fe259ed2398f8d1669299b

SHA1
3d764a8554e02f074febd615797e4abc750312a0

SHA256
507d99d24f9fc14ad00a579fd9d8260522e3d997ed6721613b767ee7b25f5c25

SHA512
5e863e016f2b554b8eca3631b064a98719a51a2d95c1b81e53a9c0b2ad7b11b79897a781cf8747224036140b36925a8679373a07a30373f54e309c0d2b8bee24

Download Submit
memory/448-2152-0x00007FF6AF5A0000-0x00007FF6AF8F4000-memory.dmp

Filesize
3.3MB

Download
memory/448-833-0x00007FF6AF5A0000-0x00007FF6AF8F4000-memory.dmp

Filesize
3.3MB

Download
memory/924-2153-0x00007FF641620000-0x00007FF641974000-memory.dmp

Filesize
3.3MB

Download
memory/924-796-0x00007FF641620000-0x00007FF641974000-memory.dmp

Filesize
3.3MB

Download
memory/1216-32-0x00007FF6B7920000-0x00007FF6B7C74000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2132-0x00007FF6B7920000-0x00007FF6B7C74000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2128-0x00007FF7E8830000-0x00007FF7E8B84000-memory.dmp

Filesize
3.3MB

Download
memory/1244-51-0x00007FF7E8830000-0x00007FF7E8B84000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2158-0x00007FF7E8830000-0x00007FF7E8B84000-memory.dmp

Filesize
3.3MB

Download
memory/1548-60-0x00007FF75FE70000-0x00007FF7601C4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-2141-0x00007FF75FE70000-0x00007FF7601C4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2157-0x00007FF7801D0000-0x00007FF780524000-memory.dmp

Filesize
3.3MB

Download
memory/1636-818-0x00007FF7801D0000-0x00007FF780524000-memory.dmp

Filesize
3.3MB

Download
memory/1668-743-0x00007FF6663A0000-0x00007FF6666F4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2147-0x00007FF6663A0000-0x00007FF6666F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2156-0x00007FF668400000-0x00007FF668754000-memory.dmp

Filesize
3.3MB

Download
memory/1680-808-0x00007FF668400000-0x00007FF668754000-memory.dmp

Filesize
3.3MB

Download
memory/1708-55-0x00007FF617680000-0x00007FF6179D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2129-0x00007FF617680000-0x00007FF6179D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2146-0x00007FF617680000-0x00007FF6179D4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1-0x0000014831E90000-0x0000014831EA0000-memory.dmp

Filesize
64KB

Download
memory/2340-0-0x00007FF7F34A0000-0x00007FF7F37F4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1931-0x00007FF7F34A0000-0x00007FF7F37F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2139-0x00007FF6C3380000-0x00007FF6C36D4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-748-0x00007FF6C3380000-0x00007FF6C36D4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-816-0x00007FF7D8680000-0x00007FF7D89D4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2151-0x00007FF7D8680000-0x00007FF7D89D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2131-0x00007FF7E3310000-0x00007FF7E3664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-36-0x00007FF7E3310000-0x00007FF7E3664000-memory.dmp

Filesize
3.3MB

Download
memory/3148-14-0x00007FF7DCBE0000-0x00007FF7DCF34000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2130-0x00007FF7DCBE0000-0x00007FF7DCF34000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2135-0x00007FF769230000-0x00007FF769584000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2127-0x00007FF769230000-0x00007FF769584000-memory.dmp

Filesize
3.3MB

Download
memory/3220-45-0x00007FF769230000-0x00007FF769584000-memory.dmp

Filesize
3.3MB

Download
memory/3236-762-0x00007FF65CED0000-0x00007FF65D224000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2140-0x00007FF65CED0000-0x00007FF65D224000-memory.dmp

Filesize
3.3MB

Download
memory/3452-821-0x00007FF6EA310000-0x00007FF6EA664000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2155-0x00007FF6EA310000-0x00007FF6EA664000-memory.dmp

Filesize
3.3MB

Download
memory/3492-40-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2133-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp

Filesize
3.3MB

Download
memory/3704-749-0x00007FF6D2950000-0x00007FF6D2CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3704-2137-0x00007FF6D2950000-0x00007FF6D2CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2142-0x00007FF7CFC50000-0x00007FF7CFFA4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-744-0x00007FF7CFC50000-0x00007FF7CFFA4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-2150-0x00007FF70FF50000-0x00007FF7102A4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-780-0x00007FF70FF50000-0x00007FF7102A4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-27-0x00007FF67D7F0000-0x00007FF67DB44000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2134-0x00007FF67D7F0000-0x00007FF67DB44000-memory.dmp

Filesize
3.3MB

Download
memory/4112-1937-0x00007FF67D7F0000-0x00007FF67DB44000-memory.dmp

Filesize
3.3MB

Download
memory/4268-753-0x00007FF627360000-0x00007FF6276B4000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2143-0x00007FF627360000-0x00007FF6276B4000-memory.dmp

Filesize
3.3MB

Download
memory/4444-2154-0x00007FF7EA2D0000-0x00007FF7EA624000-memory.dmp

Filesize
3.3MB

Download
memory/4444-827-0x00007FF7EA2D0000-0x00007FF7EA624000-memory.dmp

Filesize
3.3MB

Download
memory/4520-786-0x00007FF7D7140000-0x00007FF7D7494000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2149-0x00007FF7D7140000-0x00007FF7D7494000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2148-0x00007FF797C30000-0x00007FF797F84000-memory.dmp

Filesize
3.3MB

Download
memory/4868-773-0x00007FF797C30000-0x00007FF797F84000-memory.dmp

Filesize
3.3MB

Download
memory/4908-41-0x00007FF71D0F0000-0x00007FF71D444000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2126-0x00007FF71D0F0000-0x00007FF71D444000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2136-0x00007FF71D0F0000-0x00007FF71D444000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2144-0x00007FF799360000-0x00007FF7996B4000-memory.dmp

Filesize
3.3MB

Download
memory/4912-751-0x00007FF799360000-0x00007FF7996B4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-766-0x00007FF650740000-0x00007FF650A94000-memory.dmp

Filesize
3.3MB

Download
memory/4972-2145-0x00007FF650740000-0x00007FF650A94000-memory.dmp

Filesize
3.3MB

Download
memory/5080-750-0x00007FF7BC380000-0x00007FF7BC6D4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2138-0x00007FF7BC380000-0x00007FF7BC6D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads