xmrig | e4264ad228cb1c6aaf1f8e33dd7f16782443158f73c8c39526d8bcff9160b22e

Analysis

max time kernel
121s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
Size

2.3MB
MD5

ea380fe70bfa001d179fc1a3a1757fc0
SHA1

fadcd28f9c6b1b46320fb41e7bdf1b8a374551e2
SHA256

e4264ad228cb1c6aaf1f8e33dd7f16782443158f73c8c39526d8bcff9160b22e
SHA512

13dc430aa2d0deeb157502efc25f987e719c820af89f3bbb0d5e392726a06bf28634c3e32b8f358d40951361f68afb174e35feac44a1fb20e4976c49c36e8279
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+ANXx72V:BemTLkNdfE0pZr9

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4316-0-0x00007FF70BC30000-0x00007FF70BF84000-memory.dmp	xmrig
behavioral2/files/0x000a000000023413-5.dat	xmrig
behavioral2/files/0x000700000002341a-9.dat	xmrig
behavioral2/files/0x0008000000023416-12.dat	xmrig
behavioral2/memory/1492-10-0x00007FF72D790000-0x00007FF72DAE4000-memory.dmp	xmrig
behavioral2/memory/4864-19-0x00007FF7D1200000-0x00007FF7D1554000-memory.dmp	xmrig
behavioral2/memory/2308-22-0x00007FF7A51F0000-0x00007FF7A5544000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-24.dat	xmrig
behavioral2/files/0x000700000002341d-27.dat	xmrig
behavioral2/files/0x000700000002341e-36.dat	xmrig
behavioral2/memory/3868-33-0x00007FF7EB230000-0x00007FF7EB584000-memory.dmp	xmrig
behavioral2/memory/3760-38-0x00007FF63B960000-0x00007FF63BCB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-44.dat	xmrig
behavioral2/files/0x0007000000023421-49.dat	xmrig
behavioral2/memory/3988-45-0x00007FF6077F0000-0x00007FF607B44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-58.dat	xmrig
behavioral2/files/0x0007000000023423-64.dat	xmrig
behavioral2/files/0x0007000000023424-72.dat	xmrig
behavioral2/files/0x0007000000023425-78.dat	xmrig
behavioral2/files/0x0007000000023427-87.dat	xmrig
behavioral2/files/0x000700000002342e-117.dat	xmrig
behavioral2/files/0x0007000000023433-142.dat	xmrig
behavioral2/files/0x0007000000023436-157.dat	xmrig
behavioral2/memory/2392-387-0x00007FF7ECF70000-0x00007FF7ED2C4000-memory.dmp	xmrig
behavioral2/memory/1912-394-0x00007FF69BAD0000-0x00007FF69BE24000-memory.dmp	xmrig
behavioral2/memory/3500-401-0x00007FF694C90000-0x00007FF694FE4000-memory.dmp	xmrig
behavioral2/memory/1632-404-0x00007FF6F0D00000-0x00007FF6F1054000-memory.dmp	xmrig
behavioral2/memory/2480-407-0x00007FF63C050000-0x00007FF63C3A4000-memory.dmp	xmrig
behavioral2/memory/1176-409-0x00007FF6BA880000-0x00007FF6BABD4000-memory.dmp	xmrig
behavioral2/memory/4088-411-0x00007FF79E700000-0x00007FF79EA54000-memory.dmp	xmrig
behavioral2/memory/996-413-0x00007FF754AA0000-0x00007FF754DF4000-memory.dmp	xmrig
behavioral2/memory/1536-412-0x00007FF6557C0000-0x00007FF655B14000-memory.dmp	xmrig
behavioral2/memory/2388-410-0x00007FF688DF0000-0x00007FF689144000-memory.dmp	xmrig
behavioral2/memory/2696-408-0x00007FF7C0420000-0x00007FF7C0774000-memory.dmp	xmrig
behavioral2/memory/752-406-0x00007FF6A2760000-0x00007FF6A2AB4000-memory.dmp	xmrig
behavioral2/memory/4452-405-0x00007FF6BFF40000-0x00007FF6C0294000-memory.dmp	xmrig
behavioral2/memory/4608-403-0x00007FF6F5320000-0x00007FF6F5674000-memory.dmp	xmrig
behavioral2/memory/3884-400-0x00007FF740370000-0x00007FF7406C4000-memory.dmp	xmrig
behavioral2/memory/4396-391-0x00007FF773860000-0x00007FF773BB4000-memory.dmp	xmrig
behavioral2/memory/444-390-0x00007FF7227D0000-0x00007FF722B24000-memory.dmp	xmrig
behavioral2/memory/3700-388-0x00007FF611730000-0x00007FF611A84000-memory.dmp	xmrig
behavioral2/memory/3428-385-0x00007FF6CC820000-0x00007FF6CCB74000-memory.dmp	xmrig
behavioral2/memory/3344-382-0x00007FF780D60000-0x00007FF7810B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-172.dat	xmrig
behavioral2/files/0x0007000000023437-170.dat	xmrig
behavioral2/files/0x0007000000023438-167.dat	xmrig
behavioral2/files/0x0007000000023435-160.dat	xmrig
behavioral2/files/0x0007000000023434-155.dat	xmrig
behavioral2/files/0x0007000000023432-145.dat	xmrig
behavioral2/files/0x0007000000023431-140.dat	xmrig
behavioral2/files/0x0007000000023430-135.dat	xmrig
behavioral2/files/0x000700000002342f-130.dat	xmrig
behavioral2/files/0x000700000002342d-120.dat	xmrig
behavioral2/files/0x000700000002342c-115.dat	xmrig
behavioral2/files/0x000700000002342b-107.dat	xmrig
behavioral2/files/0x000700000002342a-103.dat	xmrig
behavioral2/files/0x0007000000023429-98.dat	xmrig
behavioral2/files/0x0007000000023428-93.dat	xmrig
behavioral2/files/0x0007000000023426-83.dat	xmrig
behavioral2/memory/3324-56-0x00007FF6A6720000-0x00007FF6A6A74000-memory.dmp	xmrig
behavioral2/memory/1036-50-0x00007FF61D120000-0x00007FF61D474000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-48.dat	xmrig
behavioral2/memory/4536-39-0x00007FF61EA50000-0x00007FF61EDA4000-memory.dmp	xmrig
behavioral2/memory/4316-1163-0x00007FF70BC30000-0x00007FF70BF84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1492	edcXGGd.exe
4864	RUeAose.exe
2308	IaXfklf.exe
3868	ldxGNjB.exe
3760	mshhqzI.exe
3988	RWSKAFq.exe
4536	DHjEIxg.exe
1036	GeCfzZv.exe
3324	DOwVyXW.exe
3344	SPTdoin.exe
3428	zUycjjV.exe
2392	qYveofV.exe
3700	NfnloFb.exe
444	XCgRuPc.exe
4396	DQwfnWw.exe
1912	vreAaGs.exe
3884	xoWeMKY.exe
3500	rvVhMDS.exe
4608	dsNpXEg.exe
1632	Wvbtjpc.exe
4452	CNCdAib.exe
752	TPTxPck.exe
2480	nEOErdx.exe
2696	WNfxjUP.exe
1176	eKBdDWM.exe
2388	ExhIaYv.exe
4088	DvtgyGg.exe
1536	kLbAnqc.exe
996	Gfyvlca.exe
1544	uICwaSB.exe
1548	GigPRdv.exe
1728	hAPnHAZ.exe
4572	afLbEIC.exe
2356	sNMAHeF.exe
5048	zIPYALq.exe
1452	zznwNwh.exe
1552	kTUaxeq.exe
3560	YLOYSJs.exe
4764	KdsrLXK.exe
3240	foTWbJg.exe
3784	rLcqmeo.exe
1168	Pdtxldk.exe
64	gbBdmnw.exe
3292	oepZKNU.exe
4656	VqRvqoV.exe
4344	XBMhoct.exe
4080	UmgaWfO.exe
1988	OsnvFEi.exe
4552	KRscwif.exe
3496	gyAIMbA.exe
3548	fpUPOcI.exe
1332	SpGyycu.exe
3248	oaYdaGB.exe
1448	Dfnlzjz.exe
1360	yVkazxE.exe
3320	opKqROT.exe
4372	YUOrmBB.exe
5104	wfWVmXE.exe
4800	GnFSjFv.exe
2568	wWlXkkQ.exe
3252	YwKRFIQ.exe
4872	zzQqcCi.exe
4320	lvATmYe.exe
3556	ITPwiPU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4316-0-0x00007FF70BC30000-0x00007FF70BF84000-memory.dmp	upx
behavioral2/files/0x000a000000023413-5.dat	upx
behavioral2/files/0x000700000002341a-9.dat	upx
behavioral2/files/0x0008000000023416-12.dat	upx
behavioral2/memory/1492-10-0x00007FF72D790000-0x00007FF72DAE4000-memory.dmp	upx
behavioral2/memory/4864-19-0x00007FF7D1200000-0x00007FF7D1554000-memory.dmp	upx
behavioral2/memory/2308-22-0x00007FF7A51F0000-0x00007FF7A5544000-memory.dmp	upx
behavioral2/files/0x000700000002341c-24.dat	upx
behavioral2/files/0x000700000002341d-27.dat	upx
behavioral2/files/0x000700000002341e-36.dat	upx
behavioral2/memory/3868-33-0x00007FF7EB230000-0x00007FF7EB584000-memory.dmp	upx
behavioral2/memory/3760-38-0x00007FF63B960000-0x00007FF63BCB4000-memory.dmp	upx
behavioral2/files/0x0007000000023420-44.dat	upx
behavioral2/files/0x0007000000023421-49.dat	upx
behavioral2/memory/3988-45-0x00007FF6077F0000-0x00007FF607B44000-memory.dmp	upx
behavioral2/files/0x0007000000023422-58.dat	upx
behavioral2/files/0x0007000000023423-64.dat	upx
behavioral2/files/0x0007000000023424-72.dat	upx
behavioral2/files/0x0007000000023425-78.dat	upx
behavioral2/files/0x0007000000023427-87.dat	upx
behavioral2/files/0x000700000002342e-117.dat	upx
behavioral2/files/0x0007000000023433-142.dat	upx
behavioral2/files/0x0007000000023436-157.dat	upx
behavioral2/memory/2392-387-0x00007FF7ECF70000-0x00007FF7ED2C4000-memory.dmp	upx
behavioral2/memory/1912-394-0x00007FF69BAD0000-0x00007FF69BE24000-memory.dmp	upx
behavioral2/memory/3500-401-0x00007FF694C90000-0x00007FF694FE4000-memory.dmp	upx
behavioral2/memory/1632-404-0x00007FF6F0D00000-0x00007FF6F1054000-memory.dmp	upx
behavioral2/memory/2480-407-0x00007FF63C050000-0x00007FF63C3A4000-memory.dmp	upx
behavioral2/memory/1176-409-0x00007FF6BA880000-0x00007FF6BABD4000-memory.dmp	upx
behavioral2/memory/4088-411-0x00007FF79E700000-0x00007FF79EA54000-memory.dmp	upx
behavioral2/memory/996-413-0x00007FF754AA0000-0x00007FF754DF4000-memory.dmp	upx
behavioral2/memory/1536-412-0x00007FF6557C0000-0x00007FF655B14000-memory.dmp	upx
behavioral2/memory/2388-410-0x00007FF688DF0000-0x00007FF689144000-memory.dmp	upx
behavioral2/memory/2696-408-0x00007FF7C0420000-0x00007FF7C0774000-memory.dmp	upx
behavioral2/memory/752-406-0x00007FF6A2760000-0x00007FF6A2AB4000-memory.dmp	upx
behavioral2/memory/4452-405-0x00007FF6BFF40000-0x00007FF6C0294000-memory.dmp	upx
behavioral2/memory/4608-403-0x00007FF6F5320000-0x00007FF6F5674000-memory.dmp	upx
behavioral2/memory/3884-400-0x00007FF740370000-0x00007FF7406C4000-memory.dmp	upx
behavioral2/memory/4396-391-0x00007FF773860000-0x00007FF773BB4000-memory.dmp	upx
behavioral2/memory/444-390-0x00007FF7227D0000-0x00007FF722B24000-memory.dmp	upx
behavioral2/memory/3700-388-0x00007FF611730000-0x00007FF611A84000-memory.dmp	upx
behavioral2/memory/3428-385-0x00007FF6CC820000-0x00007FF6CCB74000-memory.dmp	upx
behavioral2/memory/3344-382-0x00007FF780D60000-0x00007FF7810B4000-memory.dmp	upx
behavioral2/files/0x0007000000023439-172.dat	upx
behavioral2/files/0x0007000000023437-170.dat	upx
behavioral2/files/0x0007000000023438-167.dat	upx
behavioral2/files/0x0007000000023435-160.dat	upx
behavioral2/files/0x0007000000023434-155.dat	upx
behavioral2/files/0x0007000000023432-145.dat	upx
behavioral2/files/0x0007000000023431-140.dat	upx
behavioral2/files/0x0007000000023430-135.dat	upx
behavioral2/files/0x000700000002342f-130.dat	upx
behavioral2/files/0x000700000002342d-120.dat	upx
behavioral2/files/0x000700000002342c-115.dat	upx
behavioral2/files/0x000700000002342b-107.dat	upx
behavioral2/files/0x000700000002342a-103.dat	upx
behavioral2/files/0x0007000000023429-98.dat	upx
behavioral2/files/0x0007000000023428-93.dat	upx
behavioral2/files/0x0007000000023426-83.dat	upx
behavioral2/memory/3324-56-0x00007FF6A6720000-0x00007FF6A6A74000-memory.dmp	upx
behavioral2/memory/1036-50-0x00007FF61D120000-0x00007FF61D474000-memory.dmp	upx
behavioral2/files/0x000700000002341f-48.dat	upx
behavioral2/memory/4536-39-0x00007FF61EA50000-0x00007FF61EDA4000-memory.dmp	upx
behavioral2/memory/4316-1163-0x00007FF70BC30000-0x00007FF70BF84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ObmUytU.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\XrHiLda.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\tYYKvRd.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\yGvvEzg.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\bdlnsoq.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\AQcBcpy.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\qvcdbyZ.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\JaylbrH.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\fNELpjI.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\wfWVmXE.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\YgGQUBy.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\dmshsDy.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\ABhSuUc.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\zXtFjTr.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\PgNovDl.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\PjRGxOJ.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\WnaMVHA.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\yDWhyvL.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\ZtfpszI.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\UUIiNVN.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\znTXitt.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\CBAUGMD.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\aKOxVUD.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\aRKbrML.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\XBMhoct.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\yrIKjxz.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\hWIneGX.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\WhVbeap.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\FoulExS.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\DeTEafk.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\yyoHHNU.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\YLOYSJs.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\YUOrmBB.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\wmCZduP.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\wdoSqPa.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\dUsCoBy.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\JvBuaPm.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\NoRyGdZ.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\MAQvyck.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\jSlewbs.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\ViewZwJ.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\QFlLSTo.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\SPTdoin.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\GrddKWM.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\HTIMFyY.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\eQWxTnj.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\PCdXwZe.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\WNfxjUP.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\sNMAHeF.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\uvuLfwj.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\DGdvcht.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\qQIeyLr.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\CHFGOBu.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\tbnMNva.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\onpJIZP.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\FsPhxcQ.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\huaIUPW.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\LGcKhKC.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\ZApIYKx.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\HAWanAt.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\EvvvGor.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\AdHHCWo.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\DOwVyXW.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
File created	C:\Windows\System\fpUPOcI.exe	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15344	dwm.exe
Token: SeChangeNotifyPrivilege	15344	dwm.exe
Token: 33	15344	dwm.exe
Token: SeIncBasePriorityPrivilege	15344	dwm.exe
Token: SeShutdownPrivilege	15344	dwm.exe
Token: SeCreatePagefilePrivilege	15344	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 1492	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	83
PID 4316 wrote to memory of 1492	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	83
PID 4316 wrote to memory of 4864	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	84
PID 4316 wrote to memory of 4864	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	84
PID 4316 wrote to memory of 2308	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	85
PID 4316 wrote to memory of 2308	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	85
PID 4316 wrote to memory of 3868	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	86
PID 4316 wrote to memory of 3868	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	86
PID 4316 wrote to memory of 3760	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	87
PID 4316 wrote to memory of 3760	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	87
PID 4316 wrote to memory of 3988	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	88
PID 4316 wrote to memory of 3988	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	88
PID 4316 wrote to memory of 4536	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	89
PID 4316 wrote to memory of 4536	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	89
PID 4316 wrote to memory of 1036	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	90
PID 4316 wrote to memory of 1036	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	90
PID 4316 wrote to memory of 3324	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	91
PID 4316 wrote to memory of 3324	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	91
PID 4316 wrote to memory of 3344	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	92
PID 4316 wrote to memory of 3344	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	92
PID 4316 wrote to memory of 3428	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	93
PID 4316 wrote to memory of 3428	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	93
PID 4316 wrote to memory of 2392	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	94
PID 4316 wrote to memory of 2392	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	94
PID 4316 wrote to memory of 3700	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	95
PID 4316 wrote to memory of 3700	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	95
PID 4316 wrote to memory of 444	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	96
PID 4316 wrote to memory of 444	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	96
PID 4316 wrote to memory of 4396	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	97
PID 4316 wrote to memory of 4396	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	97
PID 4316 wrote to memory of 1912	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	98
PID 4316 wrote to memory of 1912	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	98
PID 4316 wrote to memory of 3884	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	99
PID 4316 wrote to memory of 3884	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	99
PID 4316 wrote to memory of 3500	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	100
PID 4316 wrote to memory of 3500	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	100
PID 4316 wrote to memory of 4608	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	101
PID 4316 wrote to memory of 4608	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	101
PID 4316 wrote to memory of 1632	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	102
PID 4316 wrote to memory of 1632	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	102
PID 4316 wrote to memory of 4452	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	103
PID 4316 wrote to memory of 4452	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	103
PID 4316 wrote to memory of 752	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	104
PID 4316 wrote to memory of 752	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	104
PID 4316 wrote to memory of 2480	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	105
PID 4316 wrote to memory of 2480	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	105
PID 4316 wrote to memory of 2696	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	106
PID 4316 wrote to memory of 2696	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	106
PID 4316 wrote to memory of 1176	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	107
PID 4316 wrote to memory of 1176	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	107
PID 4316 wrote to memory of 2388	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	108
PID 4316 wrote to memory of 2388	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	108
PID 4316 wrote to memory of 4088	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	109
PID 4316 wrote to memory of 4088	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	109
PID 4316 wrote to memory of 1536	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	110
PID 4316 wrote to memory of 1536	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	110
PID 4316 wrote to memory of 996	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	111
PID 4316 wrote to memory of 996	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	111
PID 4316 wrote to memory of 1544	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	112
PID 4316 wrote to memory of 1544	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	112
PID 4316 wrote to memory of 1548	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	113
PID 4316 wrote to memory of 1548	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	113
PID 4316 wrote to memory of 1728	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	114
PID 4316 wrote to memory of 1728	4316	ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ea380fe70bfa001d179fc1a3a1757fc0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Windows\System\edcXGGd.exe
  C:\Windows\System\edcXGGd.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\RUeAose.exe
  C:\Windows\System\RUeAose.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\IaXfklf.exe
  C:\Windows\System\IaXfklf.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ldxGNjB.exe
  C:\Windows\System\ldxGNjB.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\mshhqzI.exe
  C:\Windows\System\mshhqzI.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\RWSKAFq.exe
  C:\Windows\System\RWSKAFq.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\DHjEIxg.exe
  C:\Windows\System\DHjEIxg.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\GeCfzZv.exe
  C:\Windows\System\GeCfzZv.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\DOwVyXW.exe
  C:\Windows\System\DOwVyXW.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\SPTdoin.exe
  C:\Windows\System\SPTdoin.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\zUycjjV.exe
  C:\Windows\System\zUycjjV.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\qYveofV.exe
  C:\Windows\System\qYveofV.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\NfnloFb.exe
  C:\Windows\System\NfnloFb.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\XCgRuPc.exe
  C:\Windows\System\XCgRuPc.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\DQwfnWw.exe
  C:\Windows\System\DQwfnWw.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\vreAaGs.exe
  C:\Windows\System\vreAaGs.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\xoWeMKY.exe
  C:\Windows\System\xoWeMKY.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\rvVhMDS.exe
  C:\Windows\System\rvVhMDS.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\dsNpXEg.exe
  C:\Windows\System\dsNpXEg.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\Wvbtjpc.exe
  C:\Windows\System\Wvbtjpc.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\CNCdAib.exe
  C:\Windows\System\CNCdAib.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\TPTxPck.exe
  C:\Windows\System\TPTxPck.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\nEOErdx.exe
  C:\Windows\System\nEOErdx.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\WNfxjUP.exe
  C:\Windows\System\WNfxjUP.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\eKBdDWM.exe
  C:\Windows\System\eKBdDWM.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\ExhIaYv.exe
  C:\Windows\System\ExhIaYv.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\DvtgyGg.exe
  C:\Windows\System\DvtgyGg.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\kLbAnqc.exe
  C:\Windows\System\kLbAnqc.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\Gfyvlca.exe
  C:\Windows\System\Gfyvlca.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\uICwaSB.exe
  C:\Windows\System\uICwaSB.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\GigPRdv.exe
  C:\Windows\System\GigPRdv.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\hAPnHAZ.exe
  C:\Windows\System\hAPnHAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\afLbEIC.exe
  C:\Windows\System\afLbEIC.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\sNMAHeF.exe
  C:\Windows\System\sNMAHeF.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\zIPYALq.exe
  C:\Windows\System\zIPYALq.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\zznwNwh.exe
  C:\Windows\System\zznwNwh.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\kTUaxeq.exe
  C:\Windows\System\kTUaxeq.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\YLOYSJs.exe
  C:\Windows\System\YLOYSJs.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\KdsrLXK.exe
  C:\Windows\System\KdsrLXK.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\foTWbJg.exe
  C:\Windows\System\foTWbJg.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\rLcqmeo.exe
  C:\Windows\System\rLcqmeo.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\Pdtxldk.exe
  C:\Windows\System\Pdtxldk.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\gbBdmnw.exe
  C:\Windows\System\gbBdmnw.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\oepZKNU.exe
  C:\Windows\System\oepZKNU.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\VqRvqoV.exe
  C:\Windows\System\VqRvqoV.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\XBMhoct.exe
  C:\Windows\System\XBMhoct.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\UmgaWfO.exe
  C:\Windows\System\UmgaWfO.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\OsnvFEi.exe
  C:\Windows\System\OsnvFEi.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\KRscwif.exe
  C:\Windows\System\KRscwif.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\gyAIMbA.exe
  C:\Windows\System\gyAIMbA.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\fpUPOcI.exe
  C:\Windows\System\fpUPOcI.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\SpGyycu.exe
  C:\Windows\System\SpGyycu.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\oaYdaGB.exe
  C:\Windows\System\oaYdaGB.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\Dfnlzjz.exe
  C:\Windows\System\Dfnlzjz.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\yVkazxE.exe
  C:\Windows\System\yVkazxE.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\opKqROT.exe
  C:\Windows\System\opKqROT.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\YUOrmBB.exe
  C:\Windows\System\YUOrmBB.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\wfWVmXE.exe
  C:\Windows\System\wfWVmXE.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\GnFSjFv.exe
  C:\Windows\System\GnFSjFv.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\wWlXkkQ.exe
  C:\Windows\System\wWlXkkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\YwKRFIQ.exe
  C:\Windows\System\YwKRFIQ.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\zzQqcCi.exe
  C:\Windows\System\zzQqcCi.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\lvATmYe.exe
  C:\Windows\System\lvATmYe.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\ITPwiPU.exe
  C:\Windows\System\ITPwiPU.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\qHsnbPE.exe
  C:\Windows\System\qHsnbPE.exe
  2⤵
  PID:2320
- C:\Windows\System\wLdHeVU.exe
  C:\Windows\System\wLdHeVU.exe
  2⤵
  PID:1296
- C:\Windows\System\bHCRepq.exe
  C:\Windows\System\bHCRepq.exe
  2⤵
  PID:2884
- C:\Windows\System\lEtjuVR.exe
  C:\Windows\System\lEtjuVR.exe
  2⤵
  PID:3264
- C:\Windows\System\uSvBcUX.exe
  C:\Windows\System\uSvBcUX.exe
  2⤵
  PID:2700
- C:\Windows\System\MyCPZza.exe
  C:\Windows\System\MyCPZza.exe
  2⤵
  PID:4532
- C:\Windows\System\pgTCidY.exe
  C:\Windows\System\pgTCidY.exe
  2⤵
  PID:4024
- C:\Windows\System\GurNybz.exe
  C:\Windows\System\GurNybz.exe
  2⤵
  PID:4040
- C:\Windows\System\oMFKMHQ.exe
  C:\Windows\System\oMFKMHQ.exe
  2⤵
  PID:3068
- C:\Windows\System\voxRoJr.exe
  C:\Windows\System\voxRoJr.exe
  2⤵
  PID:4780
- C:\Windows\System\dfLcoRy.exe
  C:\Windows\System\dfLcoRy.exe
  2⤵
  PID:5060
- C:\Windows\System\ZyOEbji.exe
  C:\Windows\System\ZyOEbji.exe
  2⤵
  PID:5140
- C:\Windows\System\bWQutro.exe
  C:\Windows\System\bWQutro.exe
  2⤵
  PID:5168
- C:\Windows\System\GJteTnS.exe
  C:\Windows\System\GJteTnS.exe
  2⤵
  PID:5196
- C:\Windows\System\wurQQjm.exe
  C:\Windows\System\wurQQjm.exe
  2⤵
  PID:5224
- C:\Windows\System\kIpCHLl.exe
  C:\Windows\System\kIpCHLl.exe
  2⤵
  PID:5252
- C:\Windows\System\mebZLZo.exe
  C:\Windows\System\mebZLZo.exe
  2⤵
  PID:5284
- C:\Windows\System\YgGQUBy.exe
  C:\Windows\System\YgGQUBy.exe
  2⤵
  PID:5312
- C:\Windows\System\ENwNVLa.exe
  C:\Windows\System\ENwNVLa.exe
  2⤵
  PID:5336
- C:\Windows\System\ZwDfTXm.exe
  C:\Windows\System\ZwDfTXm.exe
  2⤵
  PID:5364
- C:\Windows\System\jQMtrja.exe
  C:\Windows\System\jQMtrja.exe
  2⤵
  PID:5392
- C:\Windows\System\KXlxpwx.exe
  C:\Windows\System\KXlxpwx.exe
  2⤵
  PID:5416
- C:\Windows\System\OavVgxj.exe
  C:\Windows\System\OavVgxj.exe
  2⤵
  PID:5448
- C:\Windows\System\XfRsFzs.exe
  C:\Windows\System\XfRsFzs.exe
  2⤵
  PID:5476
- C:\Windows\System\hIgdhBd.exe
  C:\Windows\System\hIgdhBd.exe
  2⤵
  PID:5500
- C:\Windows\System\fxiumRx.exe
  C:\Windows\System\fxiumRx.exe
  2⤵
  PID:5532
- C:\Windows\System\bOzNmac.exe
  C:\Windows\System\bOzNmac.exe
  2⤵
  PID:5560
- C:\Windows\System\WWUtKdm.exe
  C:\Windows\System\WWUtKdm.exe
  2⤵
  PID:5588
- C:\Windows\System\mwIgcnN.exe
  C:\Windows\System\mwIgcnN.exe
  2⤵
  PID:5616
- C:\Windows\System\fAAMOdi.exe
  C:\Windows\System\fAAMOdi.exe
  2⤵
  PID:5644
- C:\Windows\System\AQcBcpy.exe
  C:\Windows\System\AQcBcpy.exe
  2⤵
  PID:5668
- C:\Windows\System\HeSsByX.exe
  C:\Windows\System\HeSsByX.exe
  2⤵
  PID:5700
- C:\Windows\System\miKBnQO.exe
  C:\Windows\System\miKBnQO.exe
  2⤵
  PID:5728
- C:\Windows\System\NGDNYDc.exe
  C:\Windows\System\NGDNYDc.exe
  2⤵
  PID:5756
- C:\Windows\System\LzPNQaG.exe
  C:\Windows\System\LzPNQaG.exe
  2⤵
  PID:5784
- C:\Windows\System\gADgcIh.exe
  C:\Windows\System\gADgcIh.exe
  2⤵
  PID:5808
- C:\Windows\System\bZcncBL.exe
  C:\Windows\System\bZcncBL.exe
  2⤵
  PID:5836
- C:\Windows\System\UZeYRiE.exe
  C:\Windows\System\UZeYRiE.exe
  2⤵
  PID:5864
- C:\Windows\System\mdpRUEl.exe
  C:\Windows\System\mdpRUEl.exe
  2⤵
  PID:5892
- C:\Windows\System\gLAjJzB.exe
  C:\Windows\System\gLAjJzB.exe
  2⤵
  PID:5924
- C:\Windows\System\aRWkVrB.exe
  C:\Windows\System\aRWkVrB.exe
  2⤵
  PID:5960
- C:\Windows\System\ESSeOWb.exe
  C:\Windows\System\ESSeOWb.exe
  2⤵
  PID:6032
- C:\Windows\System\qvcdbyZ.exe
  C:\Windows\System\qvcdbyZ.exe
  2⤵
  PID:6052
- C:\Windows\System\icubdCX.exe
  C:\Windows\System\icubdCX.exe
  2⤵
  PID:5152
- C:\Windows\System\lULDmmn.exe
  C:\Windows\System\lULDmmn.exe
  2⤵
  PID:5188
- C:\Windows\System\pkuKNAB.exe
  C:\Windows\System\pkuKNAB.exe
  2⤵
  PID:5236
- C:\Windows\System\qfKpNDw.exe
  C:\Windows\System\qfKpNDw.exe
  2⤵
  PID:5320
- C:\Windows\System\jCpBPLi.exe
  C:\Windows\System\jCpBPLi.exe
  2⤵
  PID:5380
- C:\Windows\System\IgsVZUT.exe
  C:\Windows\System\IgsVZUT.exe
  2⤵
  PID:5436
- C:\Windows\System\HhdaMAu.exe
  C:\Windows\System\HhdaMAu.exe
  2⤵
  PID:5464
- C:\Windows\System\nUbufDf.exe
  C:\Windows\System\nUbufDf.exe
  2⤵
  PID:5496
- C:\Windows\System\XXNyIBl.exe
  C:\Windows\System\XXNyIBl.exe
  2⤵
  PID:5548
- C:\Windows\System\QFkdTRc.exe
  C:\Windows\System\QFkdTRc.exe
  2⤵
  PID:5600
- C:\Windows\System\ABgnbxB.exe
  C:\Windows\System\ABgnbxB.exe
  2⤵
  PID:4124
- C:\Windows\System\MrTWDGY.exe
  C:\Windows\System\MrTWDGY.exe
  2⤵
  PID:5660
- C:\Windows\System\YDMkmEl.exe
  C:\Windows\System\YDMkmEl.exe
  2⤵
  PID:5716
- C:\Windows\System\SamDXlA.exe
  C:\Windows\System\SamDXlA.exe
  2⤵
  PID:5768
- C:\Windows\System\jwdgepK.exe
  C:\Windows\System\jwdgepK.exe
  2⤵
  PID:5832
- C:\Windows\System\yaCUUay.exe
  C:\Windows\System\yaCUUay.exe
  2⤵
  PID:5856
- C:\Windows\System\klgwCUt.exe
  C:\Windows\System\klgwCUt.exe
  2⤵
  PID:5884
- C:\Windows\System\ucNZbTk.exe
  C:\Windows\System\ucNZbTk.exe
  2⤵
  PID:6044
- C:\Windows\System\jDAPIhN.exe
  C:\Windows\System\jDAPIhN.exe
  2⤵
  PID:1120
- C:\Windows\System\szzIjHx.exe
  C:\Windows\System\szzIjHx.exe
  2⤵
  PID:3544
- C:\Windows\System\BJgeIGF.exe
  C:\Windows\System\BJgeIGF.exe
  2⤵
  PID:1196
- C:\Windows\System\vRLMUCb.exe
  C:\Windows\System\vRLMUCb.exe
  2⤵
  PID:1484
- C:\Windows\System\rmVnCRd.exe
  C:\Windows\System\rmVnCRd.exe
  2⤵
  PID:2572
- C:\Windows\System\Ftjohsv.exe
  C:\Windows\System\Ftjohsv.exe
  2⤵
  PID:3296
- C:\Windows\System\bWZNmFJ.exe
  C:\Windows\System\bWZNmFJ.exe
  2⤵
  PID:1800
- C:\Windows\System\ZQJzUdY.exe
  C:\Windows\System\ZQJzUdY.exe
  2⤵
  PID:2316
- C:\Windows\System\wmCZduP.exe
  C:\Windows\System\wmCZduP.exe
  2⤵
  PID:5212
- C:\Windows\System\PgNovDl.exe
  C:\Windows\System\PgNovDl.exe
  2⤵
  PID:2036
- C:\Windows\System\tbkejch.exe
  C:\Windows\System\tbkejch.exe
  2⤵
  PID:1684
- C:\Windows\System\uptHHkP.exe
  C:\Windows\System\uptHHkP.exe
  2⤵
  PID:5460
- C:\Windows\System\DiskmUd.exe
  C:\Windows\System\DiskmUd.exe
  2⤵
  PID:5740
- C:\Windows\System\brMZPmP.exe
  C:\Windows\System\brMZPmP.exe
  2⤵
  PID:2876
- C:\Windows\System\yrIKjxz.exe
  C:\Windows\System\yrIKjxz.exe
  2⤵
  PID:5952
- C:\Windows\System\sDWosAX.exe
  C:\Windows\System\sDWosAX.exe
  2⤵
  PID:1832
- C:\Windows\System\CroQUUd.exe
  C:\Windows\System\CroQUUd.exe
  2⤵
  PID:460
- C:\Windows\System\CQYoBih.exe
  C:\Windows\System\CQYoBih.exe
  2⤵
  PID:4448
- C:\Windows\System\EqBBRwU.exe
  C:\Windows\System\EqBBRwU.exe
  2⤵
  PID:4968
- C:\Windows\System\hzqDWql.exe
  C:\Windows\System\hzqDWql.exe
  2⤵
  PID:5184
- C:\Windows\System\JdqxuSc.exe
  C:\Windows\System\JdqxuSc.exe
  2⤵
  PID:5404
- C:\Windows\System\iTowARX.exe
  C:\Windows\System\iTowARX.exe
  2⤵
  PID:6104
- C:\Windows\System\qzJQnya.exe
  C:\Windows\System\qzJQnya.exe
  2⤵
  PID:5880
- C:\Windows\System\Dgmfprg.exe
  C:\Windows\System\Dgmfprg.exe
  2⤵
  PID:984
- C:\Windows\System\onpJIZP.exe
  C:\Windows\System\onpJIZP.exe
  2⤵
  PID:6008
- C:\Windows\System\jDPuXeP.exe
  C:\Windows\System\jDPuXeP.exe
  2⤵
  PID:1568
- C:\Windows\System\pDXIkZw.exe
  C:\Windows\System\pDXIkZw.exe
  2⤵
  PID:5492
- C:\Windows\System\CamFKVK.exe
  C:\Windows\System\CamFKVK.exe
  2⤵
  PID:2292
- C:\Windows\System\XrHiLda.exe
  C:\Windows\System\XrHiLda.exe
  2⤵
  PID:6096
- C:\Windows\System\YGiMwIf.exe
  C:\Windows\System\YGiMwIf.exe
  2⤵
  PID:3064
- C:\Windows\System\RYoKEGh.exe
  C:\Windows\System\RYoKEGh.exe
  2⤵
  PID:3276
- C:\Windows\System\BvvTJYB.exe
  C:\Windows\System\BvvTJYB.exe
  2⤵
  PID:6128
- C:\Windows\System\CLBVqeH.exe
  C:\Windows\System\CLBVqeH.exe
  2⤵
  PID:6152
- C:\Windows\System\saOAjOx.exe
  C:\Windows\System\saOAjOx.exe
  2⤵
  PID:6180
- C:\Windows\System\wRiPgmz.exe
  C:\Windows\System\wRiPgmz.exe
  2⤵
  PID:6208
- C:\Windows\System\kRIIBht.exe
  C:\Windows\System\kRIIBht.exe
  2⤵
  PID:6240
- C:\Windows\System\BsbZGnO.exe
  C:\Windows\System\BsbZGnO.exe
  2⤵
  PID:6268
- C:\Windows\System\vYPsytk.exe
  C:\Windows\System\vYPsytk.exe
  2⤵
  PID:6300
- C:\Windows\System\qLGseiF.exe
  C:\Windows\System\qLGseiF.exe
  2⤵
  PID:6324
- C:\Windows\System\qsViFTk.exe
  C:\Windows\System\qsViFTk.exe
  2⤵
  PID:6356
- C:\Windows\System\ZOBUXXJ.exe
  C:\Windows\System\ZOBUXXJ.exe
  2⤵
  PID:6384
- C:\Windows\System\kBgvZXs.exe
  C:\Windows\System\kBgvZXs.exe
  2⤵
  PID:6412
- C:\Windows\System\NfOeYfg.exe
  C:\Windows\System\NfOeYfg.exe
  2⤵
  PID:6440
- C:\Windows\System\UZXxvgS.exe
  C:\Windows\System\UZXxvgS.exe
  2⤵
  PID:6468
- C:\Windows\System\oVTaEil.exe
  C:\Windows\System\oVTaEil.exe
  2⤵
  PID:6504
- C:\Windows\System\zwTbjpQ.exe
  C:\Windows\System\zwTbjpQ.exe
  2⤵
  PID:6532
- C:\Windows\System\ilVKkwG.exe
  C:\Windows\System\ilVKkwG.exe
  2⤵
  PID:6560
- C:\Windows\System\kztJfqE.exe
  C:\Windows\System\kztJfqE.exe
  2⤵
  PID:6588
- C:\Windows\System\MxDUlim.exe
  C:\Windows\System\MxDUlim.exe
  2⤵
  PID:6624
- C:\Windows\System\xWHnbwb.exe
  C:\Windows\System\xWHnbwb.exe
  2⤵
  PID:6652
- C:\Windows\System\MIbGyag.exe
  C:\Windows\System\MIbGyag.exe
  2⤵
  PID:6680
- C:\Windows\System\vvKhVvw.exe
  C:\Windows\System\vvKhVvw.exe
  2⤵
  PID:6708
- C:\Windows\System\SJqGAtB.exe
  C:\Windows\System\SJqGAtB.exe
  2⤵
  PID:6736
- C:\Windows\System\bRDfRcZ.exe
  C:\Windows\System\bRDfRcZ.exe
  2⤵
  PID:6764
- C:\Windows\System\FJGmOLp.exe
  C:\Windows\System\FJGmOLp.exe
  2⤵
  PID:6792
- C:\Windows\System\Uypoxbd.exe
  C:\Windows\System\Uypoxbd.exe
  2⤵
  PID:6820
- C:\Windows\System\uJvJLFT.exe
  C:\Windows\System\uJvJLFT.exe
  2⤵
  PID:6848
- C:\Windows\System\QrgbmYu.exe
  C:\Windows\System\QrgbmYu.exe
  2⤵
  PID:6864
- C:\Windows\System\jNfYcVr.exe
  C:\Windows\System\jNfYcVr.exe
  2⤵
  PID:6892
- C:\Windows\System\SLIDEqD.exe
  C:\Windows\System\SLIDEqD.exe
  2⤵
  PID:6920
- C:\Windows\System\KiQSwnK.exe
  C:\Windows\System\KiQSwnK.exe
  2⤵
  PID:6960
- C:\Windows\System\bvIsTXU.exe
  C:\Windows\System\bvIsTXU.exe
  2⤵
  PID:6976
- C:\Windows\System\qWYtwmv.exe
  C:\Windows\System\qWYtwmv.exe
  2⤵
  PID:7016
- C:\Windows\System\DdILOEW.exe
  C:\Windows\System\DdILOEW.exe
  2⤵
  PID:7036
- C:\Windows\System\FFefviY.exe
  C:\Windows\System\FFefviY.exe
  2⤵
  PID:7064
- C:\Windows\System\MvcdvWt.exe
  C:\Windows\System\MvcdvWt.exe
  2⤵
  PID:7100
- C:\Windows\System\jdHPdkE.exe
  C:\Windows\System\jdHPdkE.exe
  2⤵
  PID:7116
- C:\Windows\System\FdwpMVA.exe
  C:\Windows\System\FdwpMVA.exe
  2⤵
  PID:7156
- C:\Windows\System\JahiMEI.exe
  C:\Windows\System\JahiMEI.exe
  2⤵
  PID:6172
- C:\Windows\System\TQIOlGK.exe
  C:\Windows\System\TQIOlGK.exe
  2⤵
  PID:6204
- C:\Windows\System\SjrjeBe.exe
  C:\Windows\System\SjrjeBe.exe
  2⤵
  PID:6280
- C:\Windows\System\MAQvyck.exe
  C:\Windows\System\MAQvyck.exe
  2⤵
  PID:6348
- C:\Windows\System\yEIrRWU.exe
  C:\Windows\System\yEIrRWU.exe
  2⤵
  PID:6380
- C:\Windows\System\sHWqDqT.exe
  C:\Windows\System\sHWqDqT.exe
  2⤵
  PID:6464
- C:\Windows\System\cWawZoe.exe
  C:\Windows\System\cWawZoe.exe
  2⤵
  PID:6516
- C:\Windows\System\SJrVdvn.exe
  C:\Windows\System\SJrVdvn.exe
  2⤵
  PID:6552
- C:\Windows\System\bikZVtK.exe
  C:\Windows\System\bikZVtK.exe
  2⤵
  PID:6636
- C:\Windows\System\DFiwPmZ.exe
  C:\Windows\System\DFiwPmZ.exe
  2⤵
  PID:6664
- C:\Windows\System\JsQdajF.exe
  C:\Windows\System\JsQdajF.exe
  2⤵
  PID:6704
- C:\Windows\System\VcdZQYB.exe
  C:\Windows\System\VcdZQYB.exe
  2⤵
  PID:6776
- C:\Windows\System\IUiigSZ.exe
  C:\Windows\System\IUiigSZ.exe
  2⤵
  PID:6888
- C:\Windows\System\eVQJlyM.exe
  C:\Windows\System\eVQJlyM.exe
  2⤵
  PID:6968
- C:\Windows\System\pBCHFAW.exe
  C:\Windows\System\pBCHFAW.exe
  2⤵
  PID:7052
- C:\Windows\System\FIYygoS.exe
  C:\Windows\System\FIYygoS.exe
  2⤵
  PID:7152
- C:\Windows\System\lQkNGKJ.exe
  C:\Windows\System\lQkNGKJ.exe
  2⤵
  PID:5988
- C:\Windows\System\fvAItGa.exe
  C:\Windows\System\fvAItGa.exe
  2⤵
  PID:6308
- C:\Windows\System\pylSXHG.exe
  C:\Windows\System\pylSXHG.exe
  2⤵
  PID:6584
- C:\Windows\System\jSlewbs.exe
  C:\Windows\System\jSlewbs.exe
  2⤵
  PID:6612
- C:\Windows\System\TpLUtAh.exe
  C:\Windows\System\TpLUtAh.exe
  2⤵
  PID:6692
- C:\Windows\System\uvuLfwj.exe
  C:\Windows\System\uvuLfwj.exe
  2⤵
  PID:7012
- C:\Windows\System\yUiHlWi.exe
  C:\Windows\System\yUiHlWi.exe
  2⤵
  PID:6164
- C:\Windows\System\ZPSePHY.exe
  C:\Windows\System\ZPSePHY.exe
  2⤵
  PID:6424
- C:\Windows\System\adNEqwe.exe
  C:\Windows\System\adNEqwe.exe
  2⤵
  PID:6644
- C:\Windows\System\nmmRcOM.exe
  C:\Windows\System\nmmRcOM.exe
  2⤵
  PID:6260
- C:\Windows\System\yFerSAt.exe
  C:\Windows\System\yFerSAt.exe
  2⤵
  PID:7112
- C:\Windows\System\gufxLxF.exe
  C:\Windows\System\gufxLxF.exe
  2⤵
  PID:7180
- C:\Windows\System\TJZCVXV.exe
  C:\Windows\System\TJZCVXV.exe
  2⤵
  PID:7208
- C:\Windows\System\dOSLRMa.exe
  C:\Windows\System\dOSLRMa.exe
  2⤵
  PID:7236
- C:\Windows\System\hNjlSGR.exe
  C:\Windows\System\hNjlSGR.exe
  2⤵
  PID:7252
- C:\Windows\System\zHhzwTW.exe
  C:\Windows\System\zHhzwTW.exe
  2⤵
  PID:7296
- C:\Windows\System\hWIneGX.exe
  C:\Windows\System\hWIneGX.exe
  2⤵
  PID:7328
- C:\Windows\System\rxAduTp.exe
  C:\Windows\System\rxAduTp.exe
  2⤵
  PID:7356
- C:\Windows\System\vSDEnFD.exe
  C:\Windows\System\vSDEnFD.exe
  2⤵
  PID:7384
- C:\Windows\System\RZCfvMj.exe
  C:\Windows\System\RZCfvMj.exe
  2⤵
  PID:7412
- C:\Windows\System\TSmwwCf.exe
  C:\Windows\System\TSmwwCf.exe
  2⤵
  PID:7428
- C:\Windows\System\PcihtGd.exe
  C:\Windows\System\PcihtGd.exe
  2⤵
  PID:7468
- C:\Windows\System\WwsfCLv.exe
  C:\Windows\System\WwsfCLv.exe
  2⤵
  PID:7496
- C:\Windows\System\XFvPlrE.exe
  C:\Windows\System\XFvPlrE.exe
  2⤵
  PID:7516
- C:\Windows\System\YVhYVxR.exe
  C:\Windows\System\YVhYVxR.exe
  2⤵
  PID:7540
- C:\Windows\System\UqLMsiW.exe
  C:\Windows\System\UqLMsiW.exe
  2⤵
  PID:7580
- C:\Windows\System\fBWQfna.exe
  C:\Windows\System\fBWQfna.exe
  2⤵
  PID:7608
- C:\Windows\System\jKYVWan.exe
  C:\Windows\System\jKYVWan.exe
  2⤵
  PID:7632
- C:\Windows\System\laGCiUY.exe
  C:\Windows\System\laGCiUY.exe
  2⤵
  PID:7652
- C:\Windows\System\eIiKOrK.exe
  C:\Windows\System\eIiKOrK.exe
  2⤵
  PID:7668
- C:\Windows\System\soiJDDO.exe
  C:\Windows\System\soiJDDO.exe
  2⤵
  PID:7708
- C:\Windows\System\wdoSqPa.exe
  C:\Windows\System\wdoSqPa.exe
  2⤵
  PID:7736
- C:\Windows\System\oWokDdo.exe
  C:\Windows\System\oWokDdo.exe
  2⤵
  PID:7776
- C:\Windows\System\bnLfxFy.exe
  C:\Windows\System\bnLfxFy.exe
  2⤵
  PID:7804
- C:\Windows\System\UJquLeN.exe
  C:\Windows\System\UJquLeN.exe
  2⤵
  PID:7832
- C:\Windows\System\HcSBRQF.exe
  C:\Windows\System\HcSBRQF.exe
  2⤵
  PID:7864
- C:\Windows\System\WhVbeap.exe
  C:\Windows\System\WhVbeap.exe
  2⤵
  PID:7888
- C:\Windows\System\qnAAtak.exe
  C:\Windows\System\qnAAtak.exe
  2⤵
  PID:7904
- C:\Windows\System\hAaWbGn.exe
  C:\Windows\System\hAaWbGn.exe
  2⤵
  PID:7944
- C:\Windows\System\vsmodwv.exe
  C:\Windows\System\vsmodwv.exe
  2⤵
  PID:7972
- C:\Windows\System\hhgdEsh.exe
  C:\Windows\System\hhgdEsh.exe
  2⤵
  PID:7992
- C:\Windows\System\eoaeLiZ.exe
  C:\Windows\System\eoaeLiZ.exe
  2⤵
  PID:8016
- C:\Windows\System\mnETygF.exe
  C:\Windows\System\mnETygF.exe
  2⤵
  PID:8044
- C:\Windows\System\MvIsMQb.exe
  C:\Windows\System\MvIsMQb.exe
  2⤵
  PID:8084
- C:\Windows\System\kbjwDMs.exe
  C:\Windows\System\kbjwDMs.exe
  2⤵
  PID:8112
- C:\Windows\System\vhcKvva.exe
  C:\Windows\System\vhcKvva.exe
  2⤵
  PID:8140
- C:\Windows\System\DySZDiG.exe
  C:\Windows\System\DySZDiG.exe
  2⤵
  PID:8168
- C:\Windows\System\uYwFAGg.exe
  C:\Windows\System\uYwFAGg.exe
  2⤵
  PID:8188
- C:\Windows\System\LAyTHPe.exe
  C:\Windows\System\LAyTHPe.exe
  2⤵
  PID:7244
- C:\Windows\System\kQZOQDl.exe
  C:\Windows\System\kQZOQDl.exe
  2⤵
  PID:7292
- C:\Windows\System\LYjNNuT.exe
  C:\Windows\System\LYjNNuT.exe
  2⤵
  PID:7340
- C:\Windows\System\GVHudTe.exe
  C:\Windows\System\GVHudTe.exe
  2⤵
  PID:7396
- C:\Windows\System\dmshsDy.exe
  C:\Windows\System\dmshsDy.exe
  2⤵
  PID:7440
- C:\Windows\System\SGVYPKh.exe
  C:\Windows\System\SGVYPKh.exe
  2⤵
  PID:7532
- C:\Windows\System\LqosNkm.exe
  C:\Windows\System\LqosNkm.exe
  2⤵
  PID:7620
- C:\Windows\System\gYwSzib.exe
  C:\Windows\System\gYwSzib.exe
  2⤵
  PID:7680
- C:\Windows\System\HyMkqWq.exe
  C:\Windows\System\HyMkqWq.exe
  2⤵
  PID:7772
- C:\Windows\System\kIMuFtP.exe
  C:\Windows\System\kIMuFtP.exe
  2⤵
  PID:7816
- C:\Windows\System\dvXbszH.exe
  C:\Windows\System\dvXbszH.exe
  2⤵
  PID:7884
- C:\Windows\System\qCMwhrZ.exe
  C:\Windows\System\qCMwhrZ.exe
  2⤵
  PID:7928
- C:\Windows\System\wkHHJxJ.exe
  C:\Windows\System\wkHHJxJ.exe
  2⤵
  PID:8028
- C:\Windows\System\UZKuFDL.exe
  C:\Windows\System\UZKuFDL.exe
  2⤵
  PID:8108
- C:\Windows\System\opzvjzD.exe
  C:\Windows\System\opzvjzD.exe
  2⤵
  PID:8156
- C:\Windows\System\GrddKWM.exe
  C:\Windows\System\GrddKWM.exe
  2⤵
  PID:7228
- C:\Windows\System\xYuCMVN.exe
  C:\Windows\System\xYuCMVN.exe
  2⤵
  PID:7372
- C:\Windows\System\tXAPkSM.exe
  C:\Windows\System\tXAPkSM.exe
  2⤵
  PID:7492
- C:\Windows\System\CBAUGMD.exe
  C:\Windows\System\CBAUGMD.exe
  2⤵
  PID:7748
- C:\Windows\System\uUdMZlf.exe
  C:\Windows\System\uUdMZlf.exe
  2⤵
  PID:7920
- C:\Windows\System\QaEobjo.exe
  C:\Windows\System\QaEobjo.exe
  2⤵
  PID:8036
- C:\Windows\System\LKfQGXT.exe
  C:\Windows\System\LKfQGXT.exe
  2⤵
  PID:7192
- C:\Windows\System\CeeQPif.exe
  C:\Windows\System\CeeQPif.exe
  2⤵
  PID:7368
- C:\Windows\System\RjwWjCO.exe
  C:\Windows\System\RjwWjCO.exe
  2⤵
  PID:7720
- C:\Windows\System\slLUynM.exe
  C:\Windows\System\slLUynM.exe
  2⤵
  PID:8100
- C:\Windows\System\jcDgpvo.exe
  C:\Windows\System\jcDgpvo.exe
  2⤵
  PID:8004
- C:\Windows\System\sRmEInG.exe
  C:\Windows\System\sRmEInG.exe
  2⤵
  PID:8200
- C:\Windows\System\uTXcDxD.exe
  C:\Windows\System\uTXcDxD.exe
  2⤵
  PID:8232
- C:\Windows\System\ByTGMVz.exe
  C:\Windows\System\ByTGMVz.exe
  2⤵
  PID:8256
- C:\Windows\System\MuFtqnm.exe
  C:\Windows\System\MuFtqnm.exe
  2⤵
  PID:8284
- C:\Windows\System\ayMwNEz.exe
  C:\Windows\System\ayMwNEz.exe
  2⤵
  PID:8300
- C:\Windows\System\xYghFCL.exe
  C:\Windows\System\xYghFCL.exe
  2⤵
  PID:8332
- C:\Windows\System\pPZeMIC.exe
  C:\Windows\System\pPZeMIC.exe
  2⤵
  PID:8360
- C:\Windows\System\qEWQLIp.exe
  C:\Windows\System\qEWQLIp.exe
  2⤵
  PID:8396
- C:\Windows\System\RUDUshg.exe
  C:\Windows\System\RUDUshg.exe
  2⤵
  PID:8420
- C:\Windows\System\PifbnAJ.exe
  C:\Windows\System\PifbnAJ.exe
  2⤵
  PID:8440
- C:\Windows\System\LhiIlSJ.exe
  C:\Windows\System\LhiIlSJ.exe
  2⤵
  PID:8468
- C:\Windows\System\QBHbhnB.exe
  C:\Windows\System\QBHbhnB.exe
  2⤵
  PID:8484
- C:\Windows\System\COyDxeD.exe
  C:\Windows\System\COyDxeD.exe
  2⤵
  PID:8512
- C:\Windows\System\PDJYyrX.exe
  C:\Windows\System\PDJYyrX.exe
  2⤵
  PID:8552
- C:\Windows\System\sycciLQ.exe
  C:\Windows\System\sycciLQ.exe
  2⤵
  PID:8588
- C:\Windows\System\Uawvqvj.exe
  C:\Windows\System\Uawvqvj.exe
  2⤵
  PID:8608
- C:\Windows\System\OUzqhnj.exe
  C:\Windows\System\OUzqhnj.exe
  2⤵
  PID:8636
- C:\Windows\System\eXUfSlF.exe
  C:\Windows\System\eXUfSlF.exe
  2⤵
  PID:8676
- C:\Windows\System\sSMTKon.exe
  C:\Windows\System\sSMTKon.exe
  2⤵
  PID:8704
- C:\Windows\System\wSgFHqK.exe
  C:\Windows\System\wSgFHqK.exe
  2⤵
  PID:8720
- C:\Windows\System\nQhmJsJ.exe
  C:\Windows\System\nQhmJsJ.exe
  2⤵
  PID:8748
- C:\Windows\System\fyULFRY.exe
  C:\Windows\System\fyULFRY.exe
  2⤵
  PID:8776
- C:\Windows\System\dxOdvzx.exe
  C:\Windows\System\dxOdvzx.exe
  2⤵
  PID:8816
- C:\Windows\System\OLMIaRR.exe
  C:\Windows\System\OLMIaRR.exe
  2⤵
  PID:8844
- C:\Windows\System\aNcWoeC.exe
  C:\Windows\System\aNcWoeC.exe
  2⤵
  PID:8872
- C:\Windows\System\nDUsvUL.exe
  C:\Windows\System\nDUsvUL.exe
  2⤵
  PID:8904
- C:\Windows\System\kcxdSMB.exe
  C:\Windows\System\kcxdSMB.exe
  2⤵
  PID:8928
- C:\Windows\System\RBGioOT.exe
  C:\Windows\System\RBGioOT.exe
  2⤵
  PID:8956
- C:\Windows\System\ENWuFZp.exe
  C:\Windows\System\ENWuFZp.exe
  2⤵
  PID:8992
- C:\Windows\System\urSRirk.exe
  C:\Windows\System\urSRirk.exe
  2⤵
  PID:9020
- C:\Windows\System\vpFexAL.exe
  C:\Windows\System\vpFexAL.exe
  2⤵
  PID:9056
- C:\Windows\System\WTVuRAk.exe
  C:\Windows\System\WTVuRAk.exe
  2⤵
  PID:9084
- C:\Windows\System\XrycrUM.exe
  C:\Windows\System\XrycrUM.exe
  2⤵
  PID:9112
- C:\Windows\System\gWBuzAi.exe
  C:\Windows\System\gWBuzAi.exe
  2⤵
  PID:9148
- C:\Windows\System\hbippPN.exe
  C:\Windows\System\hbippPN.exe
  2⤵
  PID:9192
- C:\Windows\System\SievbxL.exe
  C:\Windows\System\SievbxL.exe
  2⤵
  PID:8196
- C:\Windows\System\UIdCDKb.exe
  C:\Windows\System\UIdCDKb.exe
  2⤵
  PID:8244
- C:\Windows\System\MLHqkTW.exe
  C:\Windows\System\MLHqkTW.exe
  2⤵
  PID:8320
- C:\Windows\System\ojYeLYf.exe
  C:\Windows\System\ojYeLYf.exe
  2⤵
  PID:8376
- C:\Windows\System\FWDlgsu.exe
  C:\Windows\System\FWDlgsu.exe
  2⤵
  PID:8432
- C:\Windows\System\GzmzAsB.exe
  C:\Windows\System\GzmzAsB.exe
  2⤵
  PID:8500
- C:\Windows\System\QffqWpb.exe
  C:\Windows\System\QffqWpb.exe
  2⤵
  PID:8576
- C:\Windows\System\yHjXTto.exe
  C:\Windows\System\yHjXTto.exe
  2⤵
  PID:8648
- C:\Windows\System\tXAuXjU.exe
  C:\Windows\System\tXAuXjU.exe
  2⤵
  PID:8736
- C:\Windows\System\pHffPiw.exe
  C:\Windows\System\pHffPiw.exe
  2⤵
  PID:8772
- C:\Windows\System\UXbAMPg.exe
  C:\Windows\System\UXbAMPg.exe
  2⤵
  PID:8864
- C:\Windows\System\WEFZdNI.exe
  C:\Windows\System\WEFZdNI.exe
  2⤵
  PID:8912
- C:\Windows\System\gofigvb.exe
  C:\Windows\System\gofigvb.exe
  2⤵
  PID:8988
- C:\Windows\System\yqdVzAu.exe
  C:\Windows\System\yqdVzAu.exe
  2⤵
  PID:9076
- C:\Windows\System\GakBNix.exe
  C:\Windows\System\GakBNix.exe
  2⤵
  PID:9140
- C:\Windows\System\FoulExS.exe
  C:\Windows\System\FoulExS.exe
  2⤵
  PID:9212
- C:\Windows\System\XsIjAZw.exe
  C:\Windows\System\XsIjAZw.exe
  2⤵
  PID:8368
- C:\Windows\System\cCNtGZm.exe
  C:\Windows\System\cCNtGZm.exe
  2⤵
  PID:8536
- C:\Windows\System\yBQITeL.exe
  C:\Windows\System\yBQITeL.exe
  2⤵
  PID:8620
- C:\Windows\System\RtEhzDT.exe
  C:\Windows\System\RtEhzDT.exe
  2⤵
  PID:8832
- C:\Windows\System\WZCgMZU.exe
  C:\Windows\System\WZCgMZU.exe
  2⤵
  PID:8952
- C:\Windows\System\siaXJfM.exe
  C:\Windows\System\siaXJfM.exe
  2⤵
  PID:9096
- C:\Windows\System\pPJMHjx.exe
  C:\Windows\System\pPJMHjx.exe
  2⤵
  PID:8272
- C:\Windows\System\uzkBoMX.exe
  C:\Windows\System\uzkBoMX.exe
  2⤵
  PID:8812
- C:\Windows\System\FsPhxcQ.exe
  C:\Windows\System\FsPhxcQ.exe
  2⤵
  PID:8424
- C:\Windows\System\upivvVH.exe
  C:\Windows\System\upivvVH.exe
  2⤵
  PID:8940
- C:\Windows\System\DGdvcht.exe
  C:\Windows\System\DGdvcht.exe
  2⤵
  PID:8760
- C:\Windows\System\OCmzMUJ.exe
  C:\Windows\System\OCmzMUJ.exe
  2⤵
  PID:9240
- C:\Windows\System\yQARMjL.exe
  C:\Windows\System\yQARMjL.exe
  2⤵
  PID:9268
- C:\Windows\System\YgqiJnf.exe
  C:\Windows\System\YgqiJnf.exe
  2⤵
  PID:9296
- C:\Windows\System\VVgyNdM.exe
  C:\Windows\System\VVgyNdM.exe
  2⤵
  PID:9324
- C:\Windows\System\tWgnXRq.exe
  C:\Windows\System\tWgnXRq.exe
  2⤵
  PID:9352
- C:\Windows\System\ZtfpszI.exe
  C:\Windows\System\ZtfpszI.exe
  2⤵
  PID:9380
- C:\Windows\System\mBuOJWe.exe
  C:\Windows\System\mBuOJWe.exe
  2⤵
  PID:9408
- C:\Windows\System\LVOUbmd.exe
  C:\Windows\System\LVOUbmd.exe
  2⤵
  PID:9436
- C:\Windows\System\hYvAEVw.exe
  C:\Windows\System\hYvAEVw.exe
  2⤵
  PID:9464
- C:\Windows\System\ZIEBWoP.exe
  C:\Windows\System\ZIEBWoP.exe
  2⤵
  PID:9492
- C:\Windows\System\IJloBGP.exe
  C:\Windows\System\IJloBGP.exe
  2⤵
  PID:9508
- C:\Windows\System\NFqYJsx.exe
  C:\Windows\System\NFqYJsx.exe
  2⤵
  PID:9524
- C:\Windows\System\RTgEmOv.exe
  C:\Windows\System\RTgEmOv.exe
  2⤵
  PID:9568
- C:\Windows\System\qeDddkv.exe
  C:\Windows\System\qeDddkv.exe
  2⤵
  PID:9584
- C:\Windows\System\aKOxVUD.exe
  C:\Windows\System\aKOxVUD.exe
  2⤵
  PID:9608
- C:\Windows\System\VBqCLgi.exe
  C:\Windows\System\VBqCLgi.exe
  2⤵
  PID:9656
- C:\Windows\System\TMfeOoe.exe
  C:\Windows\System\TMfeOoe.exe
  2⤵
  PID:9688
- C:\Windows\System\oGlnrue.exe
  C:\Windows\System\oGlnrue.exe
  2⤵
  PID:9708
- C:\Windows\System\OGudoho.exe
  C:\Windows\System\OGudoho.exe
  2⤵
  PID:9724
- C:\Windows\System\gaMXJfF.exe
  C:\Windows\System\gaMXJfF.exe
  2⤵
  PID:9748
- C:\Windows\System\EZZBZpu.exe
  C:\Windows\System\EZZBZpu.exe
  2⤵
  PID:9820
- C:\Windows\System\QTpAcPL.exe
  C:\Windows\System\QTpAcPL.exe
  2⤵
  PID:9848
- C:\Windows\System\SuhRtzs.exe
  C:\Windows\System\SuhRtzs.exe
  2⤵
  PID:9880
- C:\Windows\System\rSqAJfz.exe
  C:\Windows\System\rSqAJfz.exe
  2⤵
  PID:9920
- C:\Windows\System\rYRHRxl.exe
  C:\Windows\System\rYRHRxl.exe
  2⤵
  PID:9944
- C:\Windows\System\EvJwCcX.exe
  C:\Windows\System\EvJwCcX.exe
  2⤵
  PID:9988
- C:\Windows\System\UIJypbU.exe
  C:\Windows\System\UIJypbU.exe
  2⤵
  PID:10044
- C:\Windows\System\xrmZSTU.exe
  C:\Windows\System\xrmZSTU.exe
  2⤵
  PID:10076
- C:\Windows\System\vSIncXh.exe
  C:\Windows\System\vSIncXh.exe
  2⤵
  PID:10092
- C:\Windows\System\CXLPHnj.exe
  C:\Windows\System\CXLPHnj.exe
  2⤵
  PID:10124
- C:\Windows\System\qHKAfMy.exe
  C:\Windows\System\qHKAfMy.exe
  2⤵
  PID:10152
- C:\Windows\System\baEBust.exe
  C:\Windows\System\baEBust.exe
  2⤵
  PID:10212
- C:\Windows\System\BvuCkTz.exe
  C:\Windows\System\BvuCkTz.exe
  2⤵
  PID:9224
- C:\Windows\System\cHYMBuu.exe
  C:\Windows\System\cHYMBuu.exe
  2⤵
  PID:9292
- C:\Windows\System\KyaKoYD.exe
  C:\Windows\System\KyaKoYD.exe
  2⤵
  PID:9340
- C:\Windows\System\UnuLPrY.exe
  C:\Windows\System\UnuLPrY.exe
  2⤵
  PID:9428
- C:\Windows\System\oHIGEXu.exe
  C:\Windows\System\oHIGEXu.exe
  2⤵
  PID:9552
- C:\Windows\System\ouUEmct.exe
  C:\Windows\System\ouUEmct.exe
  2⤵
  PID:9672
- C:\Windows\System\UXyNkRa.exe
  C:\Windows\System\UXyNkRa.exe
  2⤵
  PID:9684
- C:\Windows\System\LxMQHGI.exe
  C:\Windows\System\LxMQHGI.exe
  2⤵
  PID:9832
- C:\Windows\System\iKqfadO.exe
  C:\Windows\System\iKqfadO.exe
  2⤵
  PID:9912
- C:\Windows\System\ycupFcV.exe
  C:\Windows\System\ycupFcV.exe
  2⤵
  PID:9980
- C:\Windows\System\ymkBvYI.exe
  C:\Windows\System\ymkBvYI.exe
  2⤵
  PID:10088
- C:\Windows\System\mXAhxiP.exe
  C:\Windows\System\mXAhxiP.exe
  2⤵
  PID:10108
- C:\Windows\System\cfxSiNb.exe
  C:\Windows\System\cfxSiNb.exe
  2⤵
  PID:10232
- C:\Windows\System\TAkYiOU.exe
  C:\Windows\System\TAkYiOU.exe
  2⤵
  PID:9320
- C:\Windows\System\PhPECkA.exe
  C:\Windows\System\PhPECkA.exe
  2⤵
  PID:9484
- C:\Windows\System\lAKGdch.exe
  C:\Windows\System\lAKGdch.exe
  2⤵
  PID:9700
- C:\Windows\System\ViewZwJ.exe
  C:\Windows\System\ViewZwJ.exe
  2⤵
  PID:9860
- C:\Windows\System\chCrBsl.exe
  C:\Windows\System\chCrBsl.exe
  2⤵
  PID:10144
- C:\Windows\System\ZApIYKx.exe
  C:\Windows\System\ZApIYKx.exe
  2⤵
  PID:9336
- C:\Windows\System\mDMUicO.exe
  C:\Windows\System\mDMUicO.exe
  2⤵
  PID:9816
- C:\Windows\System\QCcrQOv.exe
  C:\Windows\System\QCcrQOv.exe
  2⤵
  PID:10192
- C:\Windows\System\PWjkbYd.exe
  C:\Windows\System\PWjkbYd.exe
  2⤵
  PID:10248
- C:\Windows\System\rQnmqmQ.exe
  C:\Windows\System\rQnmqmQ.exe
  2⤵
  PID:10264
- C:\Windows\System\LDOzprO.exe
  C:\Windows\System\LDOzprO.exe
  2⤵
  PID:10304
- C:\Windows\System\cDIzTJo.exe
  C:\Windows\System\cDIzTJo.exe
  2⤵
  PID:10344
- C:\Windows\System\uczCmMM.exe
  C:\Windows\System\uczCmMM.exe
  2⤵
  PID:10360
- C:\Windows\System\QmOlMbK.exe
  C:\Windows\System\QmOlMbK.exe
  2⤵
  PID:10384
- C:\Windows\System\ckljvDm.exe
  C:\Windows\System\ckljvDm.exe
  2⤵
  PID:10412
- C:\Windows\System\ODGlkis.exe
  C:\Windows\System\ODGlkis.exe
  2⤵
  PID:10460
- C:\Windows\System\Aidnzdu.exe
  C:\Windows\System\Aidnzdu.exe
  2⤵
  PID:10496
- C:\Windows\System\ylWtBTW.exe
  C:\Windows\System\ylWtBTW.exe
  2⤵
  PID:10512
- C:\Windows\System\aoRIMax.exe
  C:\Windows\System\aoRIMax.exe
  2⤵
  PID:10548
- C:\Windows\System\AcKsMFR.exe
  C:\Windows\System\AcKsMFR.exe
  2⤵
  PID:10564
- C:\Windows\System\dIxIZWs.exe
  C:\Windows\System\dIxIZWs.exe
  2⤵
  PID:10592
- C:\Windows\System\qrgjuch.exe
  C:\Windows\System\qrgjuch.exe
  2⤵
  PID:10636
- C:\Windows\System\HIOhhDA.exe
  C:\Windows\System\HIOhhDA.exe
  2⤵
  PID:10656
- C:\Windows\System\KmostRF.exe
  C:\Windows\System\KmostRF.exe
  2⤵
  PID:10692
- C:\Windows\System\DDsgdpG.exe
  C:\Windows\System\DDsgdpG.exe
  2⤵
  PID:10720
- C:\Windows\System\atFePbd.exe
  C:\Windows\System\atFePbd.exe
  2⤵
  PID:10736
- C:\Windows\System\gIawYjL.exe
  C:\Windows\System\gIawYjL.exe
  2⤵
  PID:10764
- C:\Windows\System\kGhRZRN.exe
  C:\Windows\System\kGhRZRN.exe
  2⤵
  PID:10804
- C:\Windows\System\DeTEafk.exe
  C:\Windows\System\DeTEafk.exe
  2⤵
  PID:10820
- C:\Windows\System\ZVOAaEy.exe
  C:\Windows\System\ZVOAaEy.exe
  2⤵
  PID:10856
- C:\Windows\System\DxlEdyw.exe
  C:\Windows\System\DxlEdyw.exe
  2⤵
  PID:10876
- C:\Windows\System\sddsDkL.exe
  C:\Windows\System\sddsDkL.exe
  2⤵
  PID:10904
- C:\Windows\System\fLZkkTU.exe
  C:\Windows\System\fLZkkTU.exe
  2⤵
  PID:10936
- C:\Windows\System\iemcfFR.exe
  C:\Windows\System\iemcfFR.exe
  2⤵
  PID:10968
- C:\Windows\System\huaIUPW.exe
  C:\Windows\System\huaIUPW.exe
  2⤵
  PID:11000
- C:\Windows\System\dvLWvhe.exe
  C:\Windows\System\dvLWvhe.exe
  2⤵
  PID:11028
- C:\Windows\System\wUHqgVk.exe
  C:\Windows\System\wUHqgVk.exe
  2⤵
  PID:11056
- C:\Windows\System\gzvrFfi.exe
  C:\Windows\System\gzvrFfi.exe
  2⤵
  PID:11080
- C:\Windows\System\CNJhoEQ.exe
  C:\Windows\System\CNJhoEQ.exe
  2⤵
  PID:11104
- C:\Windows\System\CrAPMXx.exe
  C:\Windows\System\CrAPMXx.exe
  2⤵
  PID:11132
- C:\Windows\System\piAjBos.exe
  C:\Windows\System\piAjBos.exe
  2⤵
  PID:11160
- C:\Windows\System\hpabqOZ.exe
  C:\Windows\System\hpabqOZ.exe
  2⤵
  PID:11188
- C:\Windows\System\NhbVvfb.exe
  C:\Windows\System\NhbVvfb.exe
  2⤵
  PID:11224
- C:\Windows\System\UBhMNef.exe
  C:\Windows\System\UBhMNef.exe
  2⤵
  PID:11252
- C:\Windows\System\LAIqXqP.exe
  C:\Windows\System\LAIqXqP.exe
  2⤵
  PID:10104
- C:\Windows\System\BaBLami.exe
  C:\Windows\System\BaBLami.exe
  2⤵
  PID:10256
- C:\Windows\System\UgKQGRY.exe
  C:\Windows\System\UgKQGRY.exe
  2⤵
  PID:10352
- C:\Windows\System\HAWanAt.exe
  C:\Windows\System\HAWanAt.exe
  2⤵
  PID:10456
- C:\Windows\System\UUXgpBv.exe
  C:\Windows\System\UUXgpBv.exe
  2⤵
  PID:10508
- C:\Windows\System\PdbpwaC.exe
  C:\Windows\System\PdbpwaC.exe
  2⤵
  PID:10620
- C:\Windows\System\VARmhdD.exe
  C:\Windows\System\VARmhdD.exe
  2⤵
  PID:10680
- C:\Windows\System\XpYAoZK.exe
  C:\Windows\System\XpYAoZK.exe
  2⤵
  PID:10748
- C:\Windows\System\vnsdKmD.exe
  C:\Windows\System\vnsdKmD.exe
  2⤵
  PID:10816
- C:\Windows\System\fACXNCj.exe
  C:\Windows\System\fACXNCj.exe
  2⤵
  PID:10848
- C:\Windows\System\UUIiNVN.exe
  C:\Windows\System\UUIiNVN.exe
  2⤵
  PID:10928
- C:\Windows\System\MiFbyMg.exe
  C:\Windows\System\MiFbyMg.exe
  2⤵
  PID:10984
- C:\Windows\System\bODZlAj.exe
  C:\Windows\System\bODZlAj.exe
  2⤵
  PID:11064
- C:\Windows\System\IXvxHQQ.exe
  C:\Windows\System\IXvxHQQ.exe
  2⤵
  PID:11148
- C:\Windows\System\pqEtOmn.exe
  C:\Windows\System\pqEtOmn.exe
  2⤵
  PID:11208
- C:\Windows\System\bLxeNJM.exe
  C:\Windows\System\bLxeNJM.exe
  2⤵
  PID:10084
- C:\Windows\System\ykBDdKX.exe
  C:\Windows\System\ykBDdKX.exe
  2⤵
  PID:10424
- C:\Windows\System\UXsoxVA.exe
  C:\Windows\System\UXsoxVA.exe
  2⤵
  PID:10532
- C:\Windows\System\PjRGxOJ.exe
  C:\Windows\System\PjRGxOJ.exe
  2⤵
  PID:10708
- C:\Windows\System\MKloQtz.exe
  C:\Windows\System\MKloQtz.exe
  2⤵
  PID:10868
- C:\Windows\System\WPAzZlg.exe
  C:\Windows\System\WPAzZlg.exe
  2⤵
  PID:11024
- C:\Windows\System\UQLbnsw.exe
  C:\Windows\System\UQLbnsw.exe
  2⤵
  PID:11120
- C:\Windows\System\DhKsNnb.exe
  C:\Windows\System\DhKsNnb.exe
  2⤵
  PID:10320
- C:\Windows\System\sOsxveJ.exe
  C:\Windows\System\sOsxveJ.exe
  2⤵
  PID:10652
- C:\Windows\System\szvjENW.exe
  C:\Windows\System\szvjENW.exe
  2⤵
  PID:10960
- C:\Windows\System\ewwDCtC.exe
  C:\Windows\System\ewwDCtC.exe
  2⤵
  PID:11244
- C:\Windows\System\aAlhgkL.exe
  C:\Windows\System\aAlhgkL.exe
  2⤵
  PID:10376
- C:\Windows\System\tYYKvRd.exe
  C:\Windows\System\tYYKvRd.exe
  2⤵
  PID:11304
- C:\Windows\System\inqaaQe.exe
  C:\Windows\System\inqaaQe.exe
  2⤵
  PID:11336
- C:\Windows\System\eMqkpLA.exe
  C:\Windows\System\eMqkpLA.exe
  2⤵
  PID:11364
- C:\Windows\System\loWuxaK.exe
  C:\Windows\System\loWuxaK.exe
  2⤵
  PID:11392
- C:\Windows\System\DyozKuw.exe
  C:\Windows\System\DyozKuw.exe
  2⤵
  PID:11420
- C:\Windows\System\OsyziZR.exe
  C:\Windows\System\OsyziZR.exe
  2⤵
  PID:11448
- C:\Windows\System\ZiVLGAg.exe
  C:\Windows\System\ZiVLGAg.exe
  2⤵
  PID:11476
- C:\Windows\System\yGvvEzg.exe
  C:\Windows\System\yGvvEzg.exe
  2⤵
  PID:11504
- C:\Windows\System\XmDRkVt.exe
  C:\Windows\System\XmDRkVt.exe
  2⤵
  PID:11532
- C:\Windows\System\yWOAtUk.exe
  C:\Windows\System\yWOAtUk.exe
  2⤵
  PID:11548
- C:\Windows\System\VjAMsZP.exe
  C:\Windows\System\VjAMsZP.exe
  2⤵
  PID:11584
- C:\Windows\System\DxMNrtZ.exe
  C:\Windows\System\DxMNrtZ.exe
  2⤵
  PID:11612
- C:\Windows\System\uLqGlkv.exe
  C:\Windows\System\uLqGlkv.exe
  2⤵
  PID:11628
- C:\Windows\System\npQeTkc.exe
  C:\Windows\System\npQeTkc.exe
  2⤵
  PID:11648
- C:\Windows\System\FogtCLj.exe
  C:\Windows\System\FogtCLj.exe
  2⤵
  PID:11676
- C:\Windows\System\McILiUO.exe
  C:\Windows\System\McILiUO.exe
  2⤵
  PID:11708
- C:\Windows\System\dAmOTLS.exe
  C:\Windows\System\dAmOTLS.exe
  2⤵
  PID:11756
- C:\Windows\System\fMnDxwV.exe
  C:\Windows\System\fMnDxwV.exe
  2⤵
  PID:11772
- C:\Windows\System\ytIkDza.exe
  C:\Windows\System\ytIkDza.exe
  2⤵
  PID:11804
- C:\Windows\System\WqNHpqO.exe
  C:\Windows\System\WqNHpqO.exe
  2⤵
  PID:11836
- C:\Windows\System\yyoHHNU.exe
  C:\Windows\System\yyoHHNU.exe
  2⤵
  PID:11868
- C:\Windows\System\REzSghX.exe
  C:\Windows\System\REzSghX.exe
  2⤵
  PID:11896
- C:\Windows\System\IYGxKLK.exe
  C:\Windows\System\IYGxKLK.exe
  2⤵
  PID:11912
- C:\Windows\System\sOoGCUq.exe
  C:\Windows\System\sOoGCUq.exe
  2⤵
  PID:11948
- C:\Windows\System\hJBNzYD.exe
  C:\Windows\System\hJBNzYD.exe
  2⤵
  PID:11980
- C:\Windows\System\UeFSTvj.exe
  C:\Windows\System\UeFSTvj.exe
  2⤵
  PID:12008
- C:\Windows\System\ZkumTVO.exe
  C:\Windows\System\ZkumTVO.exe
  2⤵
  PID:12036
- C:\Windows\System\LGcKhKC.exe
  C:\Windows\System\LGcKhKC.exe
  2⤵
  PID:12064
- C:\Windows\System\woXUpsF.exe
  C:\Windows\System\woXUpsF.exe
  2⤵
  PID:12092
- C:\Windows\System\PuVTInU.exe
  C:\Windows\System\PuVTInU.exe
  2⤵
  PID:12120
- C:\Windows\System\MPkSafx.exe
  C:\Windows\System\MPkSafx.exe
  2⤵
  PID:12148
- C:\Windows\System\HJmlmkK.exe
  C:\Windows\System\HJmlmkK.exe
  2⤵
  PID:12176
- C:\Windows\System\BYeOXqW.exe
  C:\Windows\System\BYeOXqW.exe
  2⤵
  PID:12204
- C:\Windows\System\ldlfqfG.exe
  C:\Windows\System\ldlfqfG.exe
  2⤵
  PID:12232
- C:\Windows\System\ExrSCUJ.exe
  C:\Windows\System\ExrSCUJ.exe
  2⤵
  PID:12260
- C:\Windows\System\EvvvGor.exe
  C:\Windows\System\EvvvGor.exe
  2⤵
  PID:10832
- C:\Windows\System\QzlLGPY.exe
  C:\Windows\System\QzlLGPY.exe
  2⤵
  PID:11292
- C:\Windows\System\hLCSNve.exe
  C:\Windows\System\hLCSNve.exe
  2⤵
  PID:11360
- C:\Windows\System\znTXitt.exe
  C:\Windows\System\znTXitt.exe
  2⤵
  PID:11444
- C:\Windows\System\mWBelmq.exe
  C:\Windows\System\mWBelmq.exe
  2⤵
  PID:11496
- C:\Windows\System\ScKkBpK.exe
  C:\Windows\System\ScKkBpK.exe
  2⤵
  PID:11560
- C:\Windows\System\VUBGPlj.exe
  C:\Windows\System\VUBGPlj.exe
  2⤵
  PID:11620
- C:\Windows\System\QFlLSTo.exe
  C:\Windows\System\QFlLSTo.exe
  2⤵
  PID:11660
- C:\Windows\System\dZpEVIi.exe
  C:\Windows\System\dZpEVIi.exe
  2⤵
  PID:11752
- C:\Windows\System\AdHHCWo.exe
  C:\Windows\System\AdHHCWo.exe
  2⤵
  PID:11816
- C:\Windows\System\BpBTBuS.exe
  C:\Windows\System\BpBTBuS.exe
  2⤵
  PID:11892
- C:\Windows\System\xhshVNw.exe
  C:\Windows\System\xhshVNw.exe
  2⤵
  PID:11968
- C:\Windows\System\LjnWNOV.exe
  C:\Windows\System\LjnWNOV.exe
  2⤵
  PID:12028
- C:\Windows\System\ukhkwbS.exe
  C:\Windows\System\ukhkwbS.exe
  2⤵
  PID:12084
- C:\Windows\System\HZKyzFS.exe
  C:\Windows\System\HZKyzFS.exe
  2⤵
  PID:12132
- C:\Windows\System\DIAsIqw.exe
  C:\Windows\System\DIAsIqw.exe
  2⤵
  PID:12196
- C:\Windows\System\niyucje.exe
  C:\Windows\System\niyucje.exe
  2⤵
  PID:12280
- C:\Windows\System\HJwfvAN.exe
  C:\Windows\System\HJwfvAN.exe
  2⤵
  PID:11348
- C:\Windows\System\CVtkFcc.exe
  C:\Windows\System\CVtkFcc.exe
  2⤵
  PID:11540
- C:\Windows\System\EYrKjTM.exe
  C:\Windows\System\EYrKjTM.exe
  2⤵
  PID:11668
- C:\Windows\System\UBTdfZe.exe
  C:\Windows\System\UBTdfZe.exe
  2⤵
  PID:11864
- C:\Windows\System\qQIeyLr.exe
  C:\Windows\System\qQIeyLr.exe
  2⤵
  PID:12160
- C:\Windows\System\iqGdgWN.exe
  C:\Windows\System\iqGdgWN.exe
  2⤵
  PID:10452
- C:\Windows\System\VUokiAy.exe
  C:\Windows\System\VUokiAy.exe
  2⤵
  PID:11784
- C:\Windows\System\IwmaaDa.exe
  C:\Windows\System\IwmaaDa.exe
  2⤵
  PID:12256
- C:\Windows\System\eTLUaDD.exe
  C:\Windows\System\eTLUaDD.exe
  2⤵
  PID:11604
- C:\Windows\System\veXVYAm.exe
  C:\Windows\System\veXVYAm.exe
  2⤵
  PID:12304
- C:\Windows\System\FwutLBb.exe
  C:\Windows\System\FwutLBb.exe
  2⤵
  PID:12332
- C:\Windows\System\NLLFRQW.exe
  C:\Windows\System\NLLFRQW.exe
  2⤵
  PID:12360
- C:\Windows\System\DNzsRNg.exe
  C:\Windows\System\DNzsRNg.exe
  2⤵
  PID:12388
- C:\Windows\System\uMnzlCo.exe
  C:\Windows\System\uMnzlCo.exe
  2⤵
  PID:12416
- C:\Windows\System\gQqARif.exe
  C:\Windows\System\gQqARif.exe
  2⤵
  PID:12448
- C:\Windows\System\CHFGOBu.exe
  C:\Windows\System\CHFGOBu.exe
  2⤵
  PID:12476
- C:\Windows\System\xeYJxFe.exe
  C:\Windows\System\xeYJxFe.exe
  2⤵
  PID:12504
- C:\Windows\System\mdlqDua.exe
  C:\Windows\System\mdlqDua.exe
  2⤵
  PID:12532
- C:\Windows\System\UEvuMCc.exe
  C:\Windows\System\UEvuMCc.exe
  2⤵
  PID:12560
- C:\Windows\System\slZtgym.exe
  C:\Windows\System\slZtgym.exe
  2⤵
  PID:12588
- C:\Windows\System\HXfWkFK.exe
  C:\Windows\System\HXfWkFK.exe
  2⤵
  PID:12616
- C:\Windows\System\NeteSQk.exe
  C:\Windows\System\NeteSQk.exe
  2⤵
  PID:12644
- C:\Windows\System\YtqyxFq.exe
  C:\Windows\System\YtqyxFq.exe
  2⤵
  PID:12672
- C:\Windows\System\SaxKaEi.exe
  C:\Windows\System\SaxKaEi.exe
  2⤵
  PID:12700
- C:\Windows\System\PjjfITA.exe
  C:\Windows\System\PjjfITA.exe
  2⤵
  PID:12728
- C:\Windows\System\hAHtCFG.exe
  C:\Windows\System\hAHtCFG.exe
  2⤵
  PID:12748
- C:\Windows\System\WZQvuqK.exe
  C:\Windows\System\WZQvuqK.exe
  2⤵
  PID:12776
- C:\Windows\System\pNDPwdK.exe
  C:\Windows\System\pNDPwdK.exe
  2⤵
  PID:12812
- C:\Windows\System\qKuboem.exe
  C:\Windows\System\qKuboem.exe
  2⤵
  PID:12840
- C:\Windows\System\MssuWzw.exe
  C:\Windows\System\MssuWzw.exe
  2⤵
  PID:12868
- C:\Windows\System\dDIYVLG.exe
  C:\Windows\System\dDIYVLG.exe
  2⤵
  PID:12896
- C:\Windows\System\hADeNmW.exe
  C:\Windows\System\hADeNmW.exe
  2⤵
  PID:12924
- C:\Windows\System\VuMbIbC.exe
  C:\Windows\System\VuMbIbC.exe
  2⤵
  PID:12952
- C:\Windows\System\THrFgvR.exe
  C:\Windows\System\THrFgvR.exe
  2⤵
  PID:12980
- C:\Windows\System\snwBNva.exe
  C:\Windows\System\snwBNva.exe
  2⤵
  PID:13008
- C:\Windows\System\dUsCoBy.exe
  C:\Windows\System\dUsCoBy.exe
  2⤵
  PID:13036
- C:\Windows\System\ctXBXAc.exe
  C:\Windows\System\ctXBXAc.exe
  2⤵
  PID:13064
- C:\Windows\System\UYBVZYa.exe
  C:\Windows\System\UYBVZYa.exe
  2⤵
  PID:13092
- C:\Windows\System\gPDSYRx.exe
  C:\Windows\System\gPDSYRx.exe
  2⤵
  PID:13120
- C:\Windows\System\WSdQZfj.exe
  C:\Windows\System\WSdQZfj.exe
  2⤵
  PID:13148
- C:\Windows\System\iNkVivW.exe
  C:\Windows\System\iNkVivW.exe
  2⤵
  PID:13176
- C:\Windows\System\GGhulQE.exe
  C:\Windows\System\GGhulQE.exe
  2⤵
  PID:13204
- C:\Windows\System\tTXNnAU.exe
  C:\Windows\System\tTXNnAU.exe
  2⤵
  PID:13232
- C:\Windows\System\MLkMlUC.exe
  C:\Windows\System\MLkMlUC.exe
  2⤵
  PID:13260
- C:\Windows\System\ChCsaav.exe
  C:\Windows\System\ChCsaav.exe
  2⤵
  PID:13288
- C:\Windows\System\RzaGGLJ.exe
  C:\Windows\System\RzaGGLJ.exe
  2⤵
  PID:11596
- C:\Windows\System\OSxMOhT.exe
  C:\Windows\System\OSxMOhT.exe
  2⤵
  PID:12348
- C:\Windows\System\lwRsgVA.exe
  C:\Windows\System\lwRsgVA.exe
  2⤵
  PID:12412
- C:\Windows\System\JVyotqj.exe
  C:\Windows\System\JVyotqj.exe
  2⤵
  PID:12488
- C:\Windows\System\WnaMVHA.exe
  C:\Windows\System\WnaMVHA.exe
  2⤵
  PID:12552
- C:\Windows\System\HTIMFyY.exe
  C:\Windows\System\HTIMFyY.exe
  2⤵
  PID:12628
- C:\Windows\System\kBqBJjv.exe
  C:\Windows\System\kBqBJjv.exe
  2⤵
  PID:12720
- C:\Windows\System\WkdjWYA.exe
  C:\Windows\System\WkdjWYA.exe
  2⤵
  PID:12784
- C:\Windows\System\CfqEYht.exe
  C:\Windows\System\CfqEYht.exe
  2⤵
  PID:12836
- C:\Windows\System\xiDIiHl.exe
  C:\Windows\System\xiDIiHl.exe
  2⤵
  PID:12908
- C:\Windows\System\KpExIoJ.exe
  C:\Windows\System\KpExIoJ.exe
  2⤵
  PID:12972
- C:\Windows\System\tGmBGjg.exe
  C:\Windows\System\tGmBGjg.exe
  2⤵
  PID:13032
- C:\Windows\System\TkyEOVQ.exe
  C:\Windows\System\TkyEOVQ.exe
  2⤵
  PID:13088
- C:\Windows\System\QBkXZNZ.exe
  C:\Windows\System\QBkXZNZ.exe
  2⤵
  PID:13160
- C:\Windows\System\qriFPmr.exe
  C:\Windows\System\qriFPmr.exe
  2⤵
  PID:13228
- C:\Windows\System\xRrelGq.exe
  C:\Windows\System\xRrelGq.exe
  2⤵
  PID:13300
- C:\Windows\System\tbnMNva.exe
  C:\Windows\System\tbnMNva.exe
  2⤵
  PID:12404
- C:\Windows\System\yDWhyvL.exe
  C:\Windows\System\yDWhyvL.exe
  2⤵
  PID:12544
- C:\Windows\System\cJTMatK.exe
  C:\Windows\System\cJTMatK.exe
  2⤵
  PID:12684
- C:\Windows\System\nwsvuOo.exe
  C:\Windows\System\nwsvuOo.exe
  2⤵
  PID:12888
- C:\Windows\System\lvqykNL.exe
  C:\Windows\System\lvqykNL.exe
  2⤵
  PID:13024
- C:\Windows\System\NMldtWc.exe
  C:\Windows\System\NMldtWc.exe
  2⤵
  PID:13200
- C:\Windows\System\JvBuaPm.exe
  C:\Windows\System\JvBuaPm.exe
  2⤵
  PID:12344
- C:\Windows\System\KRKtUWM.exe
  C:\Windows\System\KRKtUWM.exe
  2⤵
  PID:12712
- C:\Windows\System\UsKYWvH.exe
  C:\Windows\System\UsKYWvH.exe
  2⤵
  PID:13084
- C:\Windows\System\GdFTWvq.exe
  C:\Windows\System\GdFTWvq.exe
  2⤵
  PID:12660
- C:\Windows\System\JLkEZYN.exe
  C:\Windows\System\JLkEZYN.exe
  2⤵
  PID:12524
- C:\Windows\System\UxiqHos.exe
  C:\Windows\System\UxiqHos.exe
  2⤵
  PID:13328
- C:\Windows\System\pGtuqXR.exe
  C:\Windows\System\pGtuqXR.exe
  2⤵
  PID:13356
- C:\Windows\System\dPKYYac.exe
  C:\Windows\System\dPKYYac.exe
  2⤵
  PID:13388
- C:\Windows\System\wPZaqfc.exe
  C:\Windows\System\wPZaqfc.exe
  2⤵
  PID:13416
- C:\Windows\System\vFJOMtn.exe
  C:\Windows\System\vFJOMtn.exe
  2⤵
  PID:13444
- C:\Windows\System\LAKYbUP.exe
  C:\Windows\System\LAKYbUP.exe
  2⤵
  PID:13472
- C:\Windows\System\aCinCdx.exe
  C:\Windows\System\aCinCdx.exe
  2⤵
  PID:13500
- C:\Windows\System\nmDJSdg.exe
  C:\Windows\System\nmDJSdg.exe
  2⤵
  PID:13528
- C:\Windows\System\jYZNPYD.exe
  C:\Windows\System\jYZNPYD.exe
  2⤵
  PID:13544
- C:\Windows\System\yjtkyyR.exe
  C:\Windows\System\yjtkyyR.exe
  2⤵
  PID:13584
- C:\Windows\System\kOfVJZj.exe
  C:\Windows\System\kOfVJZj.exe
  2⤵
  PID:13612
- C:\Windows\System\FAEqcgK.exe
  C:\Windows\System\FAEqcgK.exe
  2⤵
  PID:13640
- C:\Windows\System\PtFDwqY.exe
  C:\Windows\System\PtFDwqY.exe
  2⤵
  PID:13668
- C:\Windows\System\VloYopX.exe
  C:\Windows\System\VloYopX.exe
  2⤵
  PID:13696
- C:\Windows\System\TRUZAtp.exe
  C:\Windows\System\TRUZAtp.exe
  2⤵
  PID:13724
- C:\Windows\System\SNxXxwb.exe
  C:\Windows\System\SNxXxwb.exe
  2⤵
  PID:13772
- C:\Windows\System\wUsSYlM.exe
  C:\Windows\System\wUsSYlM.exe
  2⤵
  PID:13808
- C:\Windows\System\DTSzwqH.exe
  C:\Windows\System\DTSzwqH.exe
  2⤵
  PID:13836
- C:\Windows\System\YZdtiPm.exe
  C:\Windows\System\YZdtiPm.exe
  2⤵
  PID:13864
- C:\Windows\System\eLrBdRa.exe
  C:\Windows\System\eLrBdRa.exe
  2⤵
  PID:13892
- C:\Windows\System\gimcSyQ.exe
  C:\Windows\System\gimcSyQ.exe
  2⤵
  PID:13920
- C:\Windows\System\fIxGikA.exe
  C:\Windows\System\fIxGikA.exe
  2⤵
  PID:13948
- C:\Windows\System\UiIWcJE.exe
  C:\Windows\System\UiIWcJE.exe
  2⤵
  PID:13976
- C:\Windows\System\DZfmRKa.exe
  C:\Windows\System\DZfmRKa.exe
  2⤵
  PID:14004
- C:\Windows\System\zMouKFn.exe
  C:\Windows\System\zMouKFn.exe
  2⤵
  PID:14032
- C:\Windows\System\IQQrRYy.exe
  C:\Windows\System\IQQrRYy.exe
  2⤵
  PID:14060
- C:\Windows\System\iotqNVD.exe
  C:\Windows\System\iotqNVD.exe
  2⤵
  PID:14088
- C:\Windows\System\FDJYslt.exe
  C:\Windows\System\FDJYslt.exe
  2⤵
  PID:14120
- C:\Windows\System\UMUmeFZ.exe
  C:\Windows\System\UMUmeFZ.exe
  2⤵
  PID:14148
- C:\Windows\System\RSWwTrC.exe
  C:\Windows\System\RSWwTrC.exe
  2⤵
  PID:14176
- C:\Windows\System\zXtFjTr.exe
  C:\Windows\System\zXtFjTr.exe
  2⤵
  PID:14204
- C:\Windows\System\PkgeAUN.exe
  C:\Windows\System\PkgeAUN.exe
  2⤵
  PID:14232
- C:\Windows\System\nwmLMhC.exe
  C:\Windows\System\nwmLMhC.exe
  2⤵
  PID:14260
- C:\Windows\System\dfkgUJp.exe
  C:\Windows\System\dfkgUJp.exe
  2⤵
  PID:14288
- C:\Windows\System\USsoQdT.exe
  C:\Windows\System\USsoQdT.exe
  2⤵
  PID:14316
- C:\Windows\System\pJbMtSN.exe
  C:\Windows\System\pJbMtSN.exe
  2⤵
  PID:12328
- C:\Windows\System\VItKMvM.exe
  C:\Windows\System\VItKMvM.exe
  2⤵
  PID:3108
- C:\Windows\System\ABhSuUc.exe
  C:\Windows\System\ABhSuUc.exe
  2⤵
  PID:13368
- C:\Windows\System\IpcDJtY.exe
  C:\Windows\System\IpcDJtY.exe
  2⤵
  PID:13436
- C:\Windows\System\YZqWalV.exe
  C:\Windows\System\YZqWalV.exe
  2⤵
  PID:13496
- C:\Windows\System\cRnnRgq.exe
  C:\Windows\System\cRnnRgq.exe
  2⤵
  PID:13536
- C:\Windows\System\QvGoPuE.exe
  C:\Windows\System\QvGoPuE.exe
  2⤵
  PID:13632
- C:\Windows\System\kaoVUAw.exe
  C:\Windows\System\kaoVUAw.exe
  2⤵
  PID:13692
- C:\Windows\System\NGnfmHv.exe
  C:\Windows\System\NGnfmHv.exe
  2⤵
  PID:13792
- C:\Windows\System\rWjOoTy.exe
  C:\Windows\System\rWjOoTy.exe
  2⤵
  PID:13856
- C:\Windows\System\KSeuVTD.exe
  C:\Windows\System\KSeuVTD.exe
  2⤵
  PID:13916
- C:\Windows\System\mhyynXV.exe
  C:\Windows\System\mhyynXV.exe
  2⤵
  PID:13992
- C:\Windows\System\NoRyGdZ.exe
  C:\Windows\System\NoRyGdZ.exe
  2⤵
  PID:14052
- C:\Windows\System\eQWxTnj.exe
  C:\Windows\System\eQWxTnj.exe
  2⤵
  PID:14116
- C:\Windows\System\IZkHgTg.exe
  C:\Windows\System\IZkHgTg.exe
  2⤵
  PID:14188
- C:\Windows\System\qVzRMmr.exe
  C:\Windows\System\qVzRMmr.exe
  2⤵
  PID:14252
- C:\Windows\System\dHmnaBz.exe
  C:\Windows\System\dHmnaBz.exe
  2⤵
  PID:13324
- C:\Windows\System\WpTnyrN.exe
  C:\Windows\System\WpTnyrN.exe
  2⤵
  PID:13628
- C:\Windows\System\xkyBLyy.exe
  C:\Windows\System\xkyBLyy.exe
  2⤵
  PID:13904
- C:\Windows\System\titliyF.exe
  C:\Windows\System\titliyF.exe
  2⤵
  PID:14300
- C:\Windows\System\CDbxcFD.exe
  C:\Windows\System\CDbxcFD.exe
  2⤵
  PID:14080
- C:\Windows\System\bNJAPPG.exe
  C:\Windows\System\bNJAPPG.exe
  2⤵
  PID:14344
- C:\Windows\System\oKvjsGJ.exe
  C:\Windows\System\oKvjsGJ.exe
  2⤵
  PID:14360
- C:\Windows\System\kvlkqyO.exe
  C:\Windows\System\kvlkqyO.exe
  2⤵
  PID:14396
- C:\Windows\System\ZfsFfFw.exe
  C:\Windows\System\ZfsFfFw.exe
  2⤵
  PID:14412
- C:\Windows\System\HmiMdme.exe
  C:\Windows\System\HmiMdme.exe
  2⤵
  PID:14428
- C:\Windows\System\MpZvgmN.exe
  C:\Windows\System\MpZvgmN.exe
  2⤵
  PID:14456
- C:\Windows\System\egLIMNW.exe
  C:\Windows\System\egLIMNW.exe
  2⤵
  PID:14488
- C:\Windows\System\xxZfBOp.exe
  C:\Windows\System\xxZfBOp.exe
  2⤵
  PID:14552
- C:\Windows\System\pMKpSHr.exe
  C:\Windows\System\pMKpSHr.exe
  2⤵
  PID:14584
- C:\Windows\System\oIrMaFq.exe
  C:\Windows\System\oIrMaFq.exe
  2⤵
  PID:14612
- C:\Windows\System\PCdXwZe.exe
  C:\Windows\System\PCdXwZe.exe
  2⤵
  PID:14640
- C:\Windows\System\yRUmaNk.exe
  C:\Windows\System\yRUmaNk.exe
  2⤵
  PID:14668
- C:\Windows\System\UkRJSzz.exe
  C:\Windows\System\UkRJSzz.exe
  2⤵
  PID:14696

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CNCdAib.exe

Filesize
2.3MB

MD5
96a2da030a362fbd6aca95e72a9e9aaf

SHA1
a126fc86b26275267a05177d23e3f48ab34685e3

SHA256
ba51a947d0419358bc86ed4e873c080f38cad16d743b32543cfa711a3f0f23b9

SHA512
bdf3aafaeff9c51aa75d2c24c6a6790af67a1f9b5f198d734dabd53aa6a23f6768edfb453908bc8dc622f24fa80d433da159435bbf2d7772b04f5417a2bb48e3

Download Submit
C:\Windows\System\DHjEIxg.exe

Filesize
2.3MB

MD5
485246327f1373505ccece496bd55bf7

SHA1
a5d5bb6b27753a2efd200a473b07e1876cbda511

SHA256
3f4b79b6373fa0e5a8d9e0a98b0ddbadaeb190529ae8c32448f75c31aa850285

SHA512
c383b1ad33e1c82d8969959a906e15d096124cd93608e6c5c261b279998e090b064851db5d735d1002b264911ac7709b127e598fbc1874948a905d71beeff0e9

Download Submit
C:\Windows\System\DOwVyXW.exe

Filesize
2.3MB

MD5
882b2b10ac9cb9135930f84c2dc781d4

SHA1
a33a5261773148dd467ad5cdc3301fa598a06334

SHA256
4b4fce1e12d54c2bc131b823c38641bd725047eac2101b37829a248e10e6ebb2

SHA512
b59325a6521fefcc95b9e71b9339d207a112486035b0fc69cdd9ffbe3c35fe39857415027d6cf557e9e2610948de1f20871440ee6f8822ff9d32c9a21f6450c9

Download Submit
C:\Windows\System\DQwfnWw.exe

Filesize
2.3MB

MD5
8e4fea15c9c0669ca117882535f47350

SHA1
6343251ff03d9b596799f0800108be5795d5ce91

SHA256
04ee0b48405255548c52244aaad74accc32a72eed5740b612b9fd5154b73a2ba

SHA512
15e8845f99008ce382e49901f1efa0111d9ee2af940e847ab4e2781a668608821fb9e13e2cb192a02d29045c60f278c98ee813695167520c378db8ee0cf7538e

Download Submit
C:\Windows\System\DvtgyGg.exe

Filesize
2.3MB

MD5
720ea60f8e79942e2678c90fac08bb80

SHA1
930cb096671a3727f095683d8fda0c1d7510530f

SHA256
218a9b2605188634dcbdd8956d35251afe2c2adf5361c3743c2dc0d99a9db603

SHA512
d8ade9fe861391258f79cceb6c259afc29ae2fae8360c838f8961d58dfde95ff2046ff0efd214acb935f090d5a8bcc200dcc2aeb3bd36d22ee8b04f2e6434656

Download Submit
C:\Windows\System\ExhIaYv.exe

Filesize
2.3MB

MD5
1784e5c32bc56e16a3e4e9abfba5fa87

SHA1
fc916a3e681b94f42216ec96db55edf3cdf56a77

SHA256
7e5ad066434152b1dced8eb1b715698ee7c3fa4ae868711f7f26af6b1dcae684

SHA512
bd7d3d186381064c0e5a7cc1e0e9061275b647305533d5cdbfa42c1a21849d4bb8d422d5eed51092cd38b990e6dc873843d798ba5ffebb58dce63c61f30472c1

Download Submit
C:\Windows\System\GeCfzZv.exe

Filesize
2.3MB

MD5
5753a841d52ebbb52b9986da4bd83903

SHA1
f4435c261990ff73afbd2fb2121d0ee8c9b87783

SHA256
72a7b01376b91943502f8a325c07db9bd6c47cf89ef45b85467c671837488257

SHA512
30d3954eeaa6eb0fcb3a2ee67752090419bb51455910e640124eedc0a12180276da8a7c35c7e669d5d443b179bf6dc61eed2b18fa2887e0a575da6908a5a1c2a

Download Submit
C:\Windows\System\Gfyvlca.exe

Filesize
2.3MB

MD5
8e2ab84bbe927645835fcffdb12948d9

SHA1
7046406c35b990ce7a00906833a87dacced0262e

SHA256
bda79c50c90a8ef542402e92ed6a62522c3ceb078f5922a511de7a72b4cf54d6

SHA512
ac0aedcb015b2f902941ffef65d2e4247f9249409735f45fcb21985fd9ec501f3d311c52d103b5d5d86044053665c6bdf6f7847cfa67af42bb62daafe4baa11a

Download Submit
C:\Windows\System\GigPRdv.exe

Filesize
2.3MB

MD5
fafc9e991d3f5830e9f18b22b1111b8a

SHA1
aee440459cf91b7f11ee3982c32398dc5ec20ec1

SHA256
3878f68fac6f32c06376a26b6e9f51e7ac0c8185241a9693a51264b5b6afcdc2

SHA512
efca760031b456d5bf7132c71042b022f1774983d940574b893fb82f259d0267ad9a9d4fbb15be9b5d2243b449444581193521cb7b78c6292d642c1fa03fde6b

Download Submit
C:\Windows\System\IaXfklf.exe

Filesize
2.3MB

MD5
89bcc3d501fc5df901207db5c0aecaba

SHA1
fd8ceda39547f32e88f9a5ef9ee5173fb262683e

SHA256
5093b1689bf046f2aa969255ec76c78194d02df49d92c21baa7ca3e377369873

SHA512
fb88a3a6f75b8d1cbf226da55b58ac654e024b8058255324fc34e58ad24de14c11b3f85f270081c4e3c156ddd2c2d21553a2d41553e90d8272600f3c84116814

Download Submit
C:\Windows\System\NfnloFb.exe

Filesize
2.3MB

MD5
c3292940c8410808c0dc4d02ff72ca9c

SHA1
6b78ae886b9d9a3b182aa3bc4f25400a320bdb21

SHA256
2c24c2a1772db4e376b15a9c8e644f7bedec6591d974b3dcead0318742ddf10b

SHA512
91b0a54926363f1ed53eee07a5268a27ab16c264485952814a24ee7b107f899bb92d20270a46925598508dee1328623002bc9fa9e2a7349612f9e41dcfda7ff4

Download Submit
C:\Windows\System\RUeAose.exe

Filesize
2.3MB

MD5
8770029b65a4d310cc4e105208675dd7

SHA1
ab5423746dc9238c660e7845f5749fe420baf579

SHA256
cac03e77ce25f787a67b7ac23b59e00e9b4649bb30b3c5355b2d56e1545a2a20

SHA512
d87944790021b252b266d1c07f5e174e379786cab3f450cc05a074f1f237db78068916003e3ccfdb27600596ca96fe604b0cd8c53ce896bbe9d32486cc2431da

Download Submit
C:\Windows\System\RWSKAFq.exe

Filesize
2.3MB

MD5
19852b4949757523aec6bebe33b6f8b7

SHA1
d47e2addabb9d21906c4d29a032e2bec9e48e7f0

SHA256
3dfdc958c812b6c8e300ca8e47155a6b4dbc62cf17e0807b40a44e438d084515

SHA512
f1756ace67f7a2f607211c74df73a097a6f1c255f4510d0c021546027571f484b0322b6a043e5dedfadbd6d0ec52a062d532c7856a5831b5122caab60c67c9c3

Download Submit
C:\Windows\System\SPTdoin.exe

Filesize
2.3MB

MD5
40d706aa603cd654ec3351c792c5d953

SHA1
ed0593244516c308a680906a104097f10334a4b2

SHA256
71275df547bd514e290a1dfcfa2328b45e93cf46e740698395c736df5c922dd6

SHA512
276c44e0e52b2423087d6488d79d6f7c5e7410f138698d66c290eb61d8c514be59ba0b45dde2d85fc9572f89846bfc6987a61e103e626ae807015699311c7d9f

Download Submit
C:\Windows\System\TPTxPck.exe

Filesize
2.3MB

MD5
21a9d0ef20152b52ab29fc83aeadb0da

SHA1
a53f1ede5f6e05115ac309cdb52f4948b631f0d9

SHA256
a0476e206bb273f3f2edcaf8fd377b90c5825288386a3bbe49f4562cc8a8fa8e

SHA512
1fd23de2f6a6293da5806b3957884357596987c1ae1bde2fbe339bf68dc12394f5efed08caae16ca44c9aaa1ec0a946e0846a079bbb8596ed19d2afad08cb4b4

Download Submit
C:\Windows\System\WNfxjUP.exe

Filesize
2.3MB

MD5
00923cb7e1b4c6eae634ba2636dbe5ef

SHA1
348ef29d66a6bb44c95bed5315fce7cf5dee3b9e

SHA256
761fe7e2631edafa06a3d3cccae0e6182928b5e10997163a14e8e1d647444f6e

SHA512
070696d97e4b82b4653e2c1b85dbb4fe2aa06a341d9c01ac652b93d8460225c12440196234fc63cc983baf0e8be853932eaffbf9aed4462284f6e8020acf9ee6

Download Submit
C:\Windows\System\Wvbtjpc.exe

Filesize
2.3MB

MD5
7a7318808c2ae1880ebd33ad0b525272

SHA1
6d1234259924452af21e270366764b3184df814f

SHA256
ccfd801fe8ff06f77eb22798efb549f2d89ddd5f960e07e3608ccc6532b69f3d

SHA512
7af013aaa1a8d4c39a5f2a98dfef72f0010c9ebad8bd70ec2b0d8c37e31973dd58a7568193331e188ce851b1c6a364a8229b6023434664f5f26e3986f1778435

Download Submit
C:\Windows\System\XCgRuPc.exe

Filesize
2.3MB

MD5
c81a6edaafe736e7a062714ad355cbb2

SHA1
be75feac8ddad85c92341acce77b01d9bcebb0a8

SHA256
4ac6678fb53d6b8c18eba60011b709fc614c9ae1747186319430b8f0106608d6

SHA512
11be5a3373eac1f439725a67f97f52b8e747a26e8862c9c67f8cb737465152c2aff0e445209cddb9f67bd449c8e59d31812ade27e0d057ce324b9680730c0a8e

Download Submit
C:\Windows\System\afLbEIC.exe

Filesize
2.3MB

MD5
ecdecdcb22bf540867a099808068e7b4

SHA1
be839ba4e10ab49e96d8d38330f2689761817eac

SHA256
fb2ff60865c8143cc025f172e87de3d46621968e2b02f1aab17aa2b37873b5d6

SHA512
fa8893d0747910ad4f99dcdfc25264b4aad8926a2d55b2d2c391be374f21c9ad435cc5321c210824e338864b220896bbcf105385abbb71958bc72988472f5002

Download Submit
C:\Windows\System\dsNpXEg.exe

Filesize
2.3MB

MD5
782d42c25c48fccf872b707ffbc63d63

SHA1
964bea4ecaa60a0c5df47dfe71e626096bafc6b2

SHA256
afc9d040c15a4cdb30d032cfaba4c1f7693fdee61ef1668e2b68cc46b98fcda6

SHA512
42ed39758ff272bd1db06e7c78fdd4450b00f08f662aadfb8d7d8123b8b04d860c93e0f62719a8dc9acabbefb6007e12861c8657e4482ad4d9d91cfb600c81d6

Download Submit
C:\Windows\System\eKBdDWM.exe

Filesize
2.3MB

MD5
b49c7b8d509cf47566df1d3a73057455

SHA1
141583a6ef8a5b8affa4927de4286cb6fb8f2572

SHA256
fa4e8a64c0ed7a1d2525b427cc5473000d7159f68fedc3aee9efbd7080d9ebf2

SHA512
8ecea4288c03f904bdc3671e6c3fb30cffa039b4bd2a9ecd5bc27690983ba834d93ce01bc117066569b409daf06853cec002356dba7fa5f24a768c876e7b67d1

Download Submit
C:\Windows\System\edcXGGd.exe

Filesize
2.3MB

MD5
32176fa321464b6415d1bc5500c912a8

SHA1
762f810e47e70d838ec77b880947648466a21b57

SHA256
af5c36860ac8b2b8802ead3c032d82714a7b364dbfbfc24c89a5c3fc9df8f1d2

SHA512
8e4351b7250f02a2278b57e21029e8097d6743bdcd195dfcada95da6089ecb4e6c5367028a6e9f8936eef6529153651dd798a73a50044b2ff8885c6bae7a5849

Download Submit
C:\Windows\System\hAPnHAZ.exe

Filesize
2.3MB

MD5
9959c272616563a43d441b8e0bb2ebe5

SHA1
d21073346bc3b6fd49c013d1dff9c8c2af5f2cbc

SHA256
d4a5a89bf4cb930878740b16f47fcf670a4155ae2ec9c2b2be860e34e93c2200

SHA512
49d25c85e6f3648931bc2548f54630f51f754c52fa4902e13108bc06911182a457467cde71bd99197448452597af3b309636fda1f135c69a5d71851eff3db40c

Download Submit
C:\Windows\System\kLbAnqc.exe

Filesize
2.3MB

MD5
a28aeb35262105d5dcdad3bb43164569

SHA1
8fa899f75398171e5eb2d9ac02ef448ba77e7b1c

SHA256
10fac3a1ee80115070297a6b0800f96421ad5c970dd0c6d46ace37381781bac1

SHA512
7adace18d6e2ac243f77b7efa0119b692cecbba5b85019d08f22cd92337e6a016618a91323b496e27e169bef64f56b8d4bacc84896328999dc450b469211a393

Download Submit
C:\Windows\System\ldxGNjB.exe

Filesize
2.3MB

MD5
16cb71f6f8795926185cf893b7bed22d

SHA1
3094bad607b1d3dcd55b6eb84dfc03265d5bf19a

SHA256
e3640ad86941fca70e67986694dfed8bc8237d3f142afeb1d0dc28afdafdbe37

SHA512
9831e0d5e54b552d8e15320f74241330a48b4bc20f18bc80f917951ecd9946e57f5bd4e551c9d1ef1f2b4aded994441fd16721aa4cb5f5e19ff4df34914c3998

Download Submit
C:\Windows\System\mshhqzI.exe

Filesize
2.3MB

MD5
2a0b0655447272551a5f47c9fa8a867c

SHA1
61af198caabdcbb50c56cd02050004fda61e67e5

SHA256
3c3b7915a066fbdc5068e0a6b5bc769d24f437eaa7f10616fe085c0231d89d78

SHA512
43e57d3464a52f35510cf2a21f5650ed69b5df2f8cec8e147446a21d2bca81c3009f4365cb81b2531d822d2c0eb9c8edb1c8fd1b86b8abb25f822e5f817b2776

Download Submit
C:\Windows\System\nEOErdx.exe

Filesize
2.3MB

MD5
d2a8e8a8da9b0d75d567db8d9733ef0c

SHA1
dee8cbb9c72a494b04018c74c9d84331ee79b13f

SHA256
04c88ae959745051989558999e33b1b06a9edd14275d5393d48e2ba7a9144ee1

SHA512
0ff13f330eeb20d3ad7c7b08693a75def005525c552212a815621ceb2c39651218b46604b2e383a8344aeb0e86c6d51706adf50baa3c681981620c44cf396647

Download Submit
C:\Windows\System\qYveofV.exe

Filesize
2.3MB

MD5
968a0b2d0c4c7b9c65a4b46cf96de929

SHA1
72a85d3937cc81477c3d58987caa68e405982338

SHA256
9711b0463058ed83fd0c120833169904c8e6878c4b8a22059d71aef93a556bbe

SHA512
39d7e626d927b893b5017e465b7090ac919857869412ce2ce959e686933d66f3ec2cc70db2023193645f940592f4810ee174815c2fbf0b84eaa51819415159c8

Download Submit
C:\Windows\System\rvVhMDS.exe

Filesize
2.3MB

MD5
75949828db9eedcd05919dd8c49661f7

SHA1
f76cb05567c08c847d724b80615a5cce745c3c74

SHA256
1c5377dc39d4f954e374e47d74c393db6b54b73758dca4d98aeee96946886e48

SHA512
09a74ede606b66d0f93bb4b125c649c80ac2bbd76ce79c7f519b9e8610df5d3efd1a5f5026226cde8c0c48a5663d09051023b72de78ef045f328964edf81ae4a

Download Submit
C:\Windows\System\uICwaSB.exe

Filesize
2.3MB

MD5
67c4b44e08b37ec4a563492a21c6dc42

SHA1
da1ed19b20df76dd606f229bfd5be601f29181a7

SHA256
4f3647bde0fca514aa14d19e4103e2703318407c8078967d6c8d42ad5b4a9e36

SHA512
71c50269f87ab40e591227f7a9e9e600e9db9b106af084027127a9b59e4fb7db46097c800d2101a137d56f6ddf74525400ed643bc5cf19b6cf2f0f75021c3a4f

Download Submit
C:\Windows\System\vreAaGs.exe

Filesize
2.3MB

MD5
871e0689fd7ac0f7a57484355c93c628

SHA1
b1924f560c5c148374066e37b35ff722c52180a4

SHA256
cb98075bd3029d8f9b784de23ecbdbe8490104931207b632c7d9b5e95322e5c4

SHA512
4e994e45499fd6c4ec600a3a9618be4a9339a50d1f8e6fc404573a9874e3fa7c6d9d63b226254dd3deb36d0e31314957ba03e54215f808a7441e447e9cb91898

Download Submit
C:\Windows\System\xoWeMKY.exe

Filesize
2.3MB

MD5
963a882c462a917e9773f7bda12bddfd

SHA1
9dade84b018327def51767183bd908f5b946fe41

SHA256
c984772b0f8a7bd90022e538aedbab3ca275c04399083b82f74ab6ed83b0e4aa

SHA512
8befc659feeadbca4930119c54c0450dfb9320bfc795a92448cd08452f3c043d1fe318c95e6b4c1c5e6f78f2aa5e3b8c875869cf642b17b6ff0c5f1f44b5c606

Download Submit
C:\Windows\System\zUycjjV.exe

Filesize
2.3MB

MD5
3868ecb9c10c5f31b87cb6b185e8780b

SHA1
7fa1441ceb2e40d9d2fb038f88c4a466a5a0258f

SHA256
2b75afcca56bc4b82708fe54fe5aa5b714f62c59efac11cde0e8e5e62713a5c9

SHA512
59f2bb10fbe6e1b325f45730d9c06f089d94da6a5a9d7cfeed3a298220b103771c314ba78edca6c50e79f5963a8cf47df348fa8a50d4ce9ba9b84cf20caf7a6d

Download Submit
memory/444-390-0x00007FF7227D0000-0x00007FF722B24000-memory.dmp

Filesize
3.3MB

Download
memory/444-2124-0x00007FF7227D0000-0x00007FF722B24000-memory.dmp

Filesize
3.3MB

Download
memory/752-2132-0x00007FF6A2760000-0x00007FF6A2AB4000-memory.dmp

Filesize
3.3MB

Download
memory/752-406-0x00007FF6A2760000-0x00007FF6A2AB4000-memory.dmp

Filesize
3.3MB

Download
memory/996-2139-0x00007FF754AA0000-0x00007FF754DF4000-memory.dmp

Filesize
3.3MB

Download
memory/996-413-0x00007FF754AA0000-0x00007FF754DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2109-0x00007FF61D120000-0x00007FF61D474000-memory.dmp

Filesize
3.3MB

Download
memory/1036-50-0x00007FF61D120000-0x00007FF61D474000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2117-0x00007FF61D120000-0x00007FF61D474000-memory.dmp

Filesize
3.3MB

Download
memory/1176-409-0x00007FF6BA880000-0x00007FF6BABD4000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2136-0x00007FF6BA880000-0x00007FF6BABD4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2111-0x00007FF72D790000-0x00007FF72DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-10-0x00007FF72D790000-0x00007FF72DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2138-0x00007FF6557C0000-0x00007FF655B14000-memory.dmp

Filesize
3.3MB

Download
memory/1536-412-0x00007FF6557C0000-0x00007FF655B14000-memory.dmp

Filesize
3.3MB

Download
memory/1632-404-0x00007FF6F0D00000-0x00007FF6F1054000-memory.dmp

Filesize
3.3MB

Download
memory/1632-2127-0x00007FF6F0D00000-0x00007FF6F1054000-memory.dmp

Filesize
3.3MB

Download
memory/1912-394-0x00007FF69BAD0000-0x00007FF69BE24000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2129-0x00007FF69BAD0000-0x00007FF69BE24000-memory.dmp

Filesize
3.3MB

Download
memory/2308-22-0x00007FF7A51F0000-0x00007FF7A5544000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2113-0x00007FF7A51F0000-0x00007FF7A5544000-memory.dmp

Filesize
3.3MB

Download
memory/2388-410-0x00007FF688DF0000-0x00007FF689144000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2135-0x00007FF688DF0000-0x00007FF689144000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2122-0x00007FF7ECF70000-0x00007FF7ED2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-387-0x00007FF7ECF70000-0x00007FF7ED2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-407-0x00007FF63C050000-0x00007FF63C3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2133-0x00007FF63C050000-0x00007FF63C3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-408-0x00007FF7C0420000-0x00007FF7C0774000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2134-0x00007FF7C0420000-0x00007FF7C0774000-memory.dmp

Filesize
3.3MB

Download
memory/3324-56-0x00007FF6A6720000-0x00007FF6A6A74000-memory.dmp

Filesize
3.3MB

Download
memory/3324-2119-0x00007FF6A6720000-0x00007FF6A6A74000-memory.dmp

Filesize
3.3MB

Download
memory/3324-2110-0x00007FF6A6720000-0x00007FF6A6A74000-memory.dmp

Filesize
3.3MB

Download
memory/3344-382-0x00007FF780D60000-0x00007FF7810B4000-memory.dmp

Filesize
3.3MB

Download
memory/3344-2121-0x00007FF780D60000-0x00007FF7810B4000-memory.dmp

Filesize
3.3MB

Download
memory/3428-385-0x00007FF6CC820000-0x00007FF6CCB74000-memory.dmp

Filesize
3.3MB

Download
memory/3428-2120-0x00007FF6CC820000-0x00007FF6CCB74000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2126-0x00007FF694C90000-0x00007FF694FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3500-401-0x00007FF694C90000-0x00007FF694FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2123-0x00007FF611730000-0x00007FF611A84000-memory.dmp

Filesize
3.3MB

Download
memory/3700-388-0x00007FF611730000-0x00007FF611A84000-memory.dmp

Filesize
3.3MB

Download
memory/3760-38-0x00007FF63B960000-0x00007FF63BCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-2115-0x00007FF63B960000-0x00007FF63BCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3868-33-0x00007FF7EB230000-0x00007FF7EB584000-memory.dmp

Filesize
3.3MB

Download
memory/3868-2114-0x00007FF7EB230000-0x00007FF7EB584000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2128-0x00007FF740370000-0x00007FF7406C4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-400-0x00007FF740370000-0x00007FF7406C4000-memory.dmp

Filesize
3.3MB

Download
memory/3988-45-0x00007FF6077F0000-0x00007FF607B44000-memory.dmp

Filesize
3.3MB

Download
memory/3988-2116-0x00007FF6077F0000-0x00007FF607B44000-memory.dmp

Filesize
3.3MB

Download
memory/4088-411-0x00007FF79E700000-0x00007FF79EA54000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2137-0x00007FF79E700000-0x00007FF79EA54000-memory.dmp

Filesize
3.3MB

Download
memory/4316-1163-0x00007FF70BC30000-0x00007FF70BF84000-memory.dmp

Filesize
3.3MB

Download
memory/4316-1-0x0000019B5DA60000-0x0000019B5DA70000-memory.dmp

Filesize
64KB

Download
memory/4316-0-0x00007FF70BC30000-0x00007FF70BF84000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2130-0x00007FF773860000-0x00007FF773BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-391-0x00007FF773860000-0x00007FF773BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-405-0x00007FF6BFF40000-0x00007FF6C0294000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2131-0x00007FF6BFF40000-0x00007FF6C0294000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2108-0x00007FF61EA50000-0x00007FF61EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2118-0x00007FF61EA50000-0x00007FF61EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-39-0x00007FF61EA50000-0x00007FF61EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2125-0x00007FF6F5320000-0x00007FF6F5674000-memory.dmp

Filesize
3.3MB

Download
memory/4608-403-0x00007FF6F5320000-0x00007FF6F5674000-memory.dmp

Filesize
3.3MB

Download
memory/4864-19-0x00007FF7D1200000-0x00007FF7D1554000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2112-0x00007FF7D1200000-0x00007FF7D1554000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads