xmrig | ab9ab058613e33185f06c2fccda2287cd1a9db8d5b916cddb85b66627d63bc0a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
Size

2.3MB
MD5

24d7a40db506d17404b0f7b9e5011190
SHA1

05673c00e928a1fb221b4b7e197c09fc78516825
SHA256

ab9ab058613e33185f06c2fccda2287cd1a9db8d5b916cddb85b66627d63bc0a
SHA512

22c70c66c9af6db109375a770f9a8d4dba9b9b3df57dcb9defda5a3465aebfe54ff4246d5ec3ea99c08777d8c128dd00edec8b5836898dbbb6dcb58f7bf30b7d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOYilJ51srMnJ:BemTLkNdfE0pZrQo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2596-0-0x00007FF70D700000-0x00007FF70DA54000-memory.dmp	xmrig
behavioral2/files/0x00050000000232a4-5.dat	xmrig
behavioral2/memory/1856-9-0x00007FF7EBFC0000-0x00007FF7EC314000-memory.dmp	xmrig
behavioral2/files/0x000a00000002340d-13.dat	xmrig
behavioral2/files/0x0008000000023412-16.dat	xmrig
behavioral2/files/0x0007000000023414-27.dat	xmrig
behavioral2/files/0x0007000000023416-35.dat	xmrig
behavioral2/files/0x0007000000023415-34.dat	xmrig
behavioral2/files/0x0008000000023413-28.dat	xmrig
behavioral2/files/0x0007000000023417-36.dat	xmrig
behavioral2/memory/4016-20-0x00007FF678C50000-0x00007FF678FA4000-memory.dmp	xmrig
behavioral2/memory/912-42-0x00007FF6F0680000-0x00007FF6F09D4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023406-61.dat	xmrig
behavioral2/files/0x000700000002341a-64.dat	xmrig
behavioral2/files/0x000700000002341c-73.dat	xmrig
behavioral2/files/0x000700000002341d-84.dat	xmrig
behavioral2/files/0x0007000000023420-103.dat	xmrig
behavioral2/files/0x0007000000023422-113.dat	xmrig
behavioral2/files/0x0007000000023425-127.dat	xmrig
behavioral2/files/0x0007000000023428-142.dat	xmrig
behavioral2/files/0x000700000002342c-157.dat	xmrig
behavioral2/files/0x000700000002342e-170.dat	xmrig
behavioral2/files/0x000700000002342d-168.dat	xmrig
behavioral2/files/0x000700000002342b-158.dat	xmrig
behavioral2/files/0x000700000002342a-153.dat	xmrig
behavioral2/files/0x0007000000023429-148.dat	xmrig
behavioral2/files/0x0007000000023427-138.dat	xmrig
behavioral2/files/0x0007000000023426-133.dat	xmrig
behavioral2/files/0x0007000000023424-123.dat	xmrig
behavioral2/files/0x0007000000023423-118.dat	xmrig
behavioral2/memory/3588-669-0x00007FF69FD60000-0x00007FF6A00B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-107.dat	xmrig
behavioral2/files/0x000700000002341f-98.dat	xmrig
behavioral2/files/0x000700000002341e-92.dat	xmrig
behavioral2/files/0x000700000002341b-80.dat	xmrig
behavioral2/memory/3372-74-0x00007FF785AB0000-0x00007FF785E04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-71.dat	xmrig
behavioral2/memory/4336-68-0x00007FF71CA30000-0x00007FF71CD84000-memory.dmp	xmrig
behavioral2/memory/4248-62-0x00007FF6B9660000-0x00007FF6B99B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-56.dat	xmrig
behavioral2/memory/2700-51-0x00007FF7954B0000-0x00007FF795804000-memory.dmp	xmrig
behavioral2/memory/1132-47-0x00007FF72FE40000-0x00007FF730194000-memory.dmp	xmrig
behavioral2/memory/4148-40-0x00007FF77AF10000-0x00007FF77B264000-memory.dmp	xmrig
behavioral2/memory/836-670-0x00007FF6157A0000-0x00007FF615AF4000-memory.dmp	xmrig
behavioral2/memory/5048-671-0x00007FF61CAB0000-0x00007FF61CE04000-memory.dmp	xmrig
behavioral2/memory/4556-672-0x00007FF7EE3E0000-0x00007FF7EE734000-memory.dmp	xmrig
behavioral2/memory/3992-673-0x00007FF614330000-0x00007FF614684000-memory.dmp	xmrig
behavioral2/memory/4436-679-0x00007FF7491C0000-0x00007FF749514000-memory.dmp	xmrig
behavioral2/memory/1804-705-0x00007FF79CB10000-0x00007FF79CE64000-memory.dmp	xmrig
behavioral2/memory/4528-724-0x00007FF627B50000-0x00007FF627EA4000-memory.dmp	xmrig
behavioral2/memory/4580-727-0x00007FF6CCE40000-0x00007FF6CD194000-memory.dmp	xmrig
behavioral2/memory/3044-719-0x00007FF7893B0000-0x00007FF789704000-memory.dmp	xmrig
behavioral2/memory/2592-708-0x00007FF725870000-0x00007FF725BC4000-memory.dmp	xmrig
behavioral2/memory/2432-701-0x00007FF7EB330000-0x00007FF7EB684000-memory.dmp	xmrig
behavioral2/memory/4800-693-0x00007FF76FF00000-0x00007FF770254000-memory.dmp	xmrig
behavioral2/memory/4388-684-0x00007FF723730000-0x00007FF723A84000-memory.dmp	xmrig
behavioral2/memory/3456-733-0x00007FF7EAAC0000-0x00007FF7EAE14000-memory.dmp	xmrig
behavioral2/memory/5000-743-0x00007FF69D9F0000-0x00007FF69DD44000-memory.dmp	xmrig
behavioral2/memory/3552-736-0x00007FF7D4B20000-0x00007FF7D4E74000-memory.dmp	xmrig
behavioral2/memory/3328-728-0x00007FF7E2AD0000-0x00007FF7E2E24000-memory.dmp	xmrig
behavioral2/memory/1996-744-0x00007FF680A90000-0x00007FF680DE4000-memory.dmp	xmrig
behavioral2/memory/1816-750-0x00007FF77B200000-0x00007FF77B554000-memory.dmp	xmrig
behavioral2/memory/1856-2157-0x00007FF7EBFC0000-0x00007FF7EC314000-memory.dmp	xmrig
behavioral2/memory/4016-2158-0x00007FF678C50000-0x00007FF678FA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1856	uWJArFA.exe
4016	sTruVWx.exe
4148	VJGMkhI.exe
4248	UTRhIMh.exe
4336	ZYiwVHG.exe
912	bTBwWWo.exe
1132	sbqiETs.exe
2700	nUoCzmJ.exe
3372	ufiPjcd.exe
3552	LEGJeon.exe
3588	hsRMnTF.exe
5000	feEIaLA.exe
1996	aDLWyEN.exe
836	HIaiPCt.exe
1816	GSrcwRy.exe
5048	hbDLfLR.exe
4556	QXlFJHM.exe
3992	ugwGVlK.exe
4436	FjgMoDg.exe
4388	ngUqYVo.exe
4800	VwMMZyO.exe
2432	JmWrqsQ.exe
1804	wzgNGMB.exe
2592	FxUoWTi.exe
3044	ocyVgjz.exe
4528	rrtOIBj.exe
4580	uhnKQNp.exe
3328	FAOMDjn.exe
3456	ftyKkiv.exe
996	JxFxEuQ.exe
4304	yKCFbbF.exe
2244	jnroXYu.exe
2428	ANFWQyR.exe
4548	hXXifOy.exe
4208	KUSzcYV.exe
3332	DlBlNNn.exe
3680	VxTCFpS.exe
3508	NsPUmNf.exe
3872	djCtvFf.exe
1360	aOLiATr.exe
5100	lyIInLa.exe
4656	ezhPsmm.exe
3080	QTAfWHO.exe
632	OsGZRWS.exe
5044	iFLscUo.exe
4072	TvpnUgD.exe
4572	nQOIHXm.exe
4480	OfCJkSg.exe
2692	jLcMthf.exe
1552	iBvtKON.exe
2948	bWHnZAk.exe
1756	oABhmoa.exe
4260	nXjHwTk.exe
3584	ZjvtQCF.exe
1940	jbLMAOo.exe
4844	bTZEqRq.exe
4276	rQiEcKR.exe
2744	MCZRwIX.exe
620	qNcdGnm.exe
1544	ELCXbbr.exe
4392	VsNJlLv.exe
2404	OiIDkDI.exe
4956	nNNQZRA.exe
3192	WVRbwJb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2596-0-0x00007FF70D700000-0x00007FF70DA54000-memory.dmp	upx
behavioral2/files/0x00050000000232a4-5.dat	upx
behavioral2/memory/1856-9-0x00007FF7EBFC0000-0x00007FF7EC314000-memory.dmp	upx
behavioral2/files/0x000a00000002340d-13.dat	upx
behavioral2/files/0x0008000000023412-16.dat	upx
behavioral2/files/0x0007000000023414-27.dat	upx
behavioral2/files/0x0007000000023416-35.dat	upx
behavioral2/files/0x0007000000023415-34.dat	upx
behavioral2/files/0x0008000000023413-28.dat	upx
behavioral2/files/0x0007000000023417-36.dat	upx
behavioral2/memory/4016-20-0x00007FF678C50000-0x00007FF678FA4000-memory.dmp	upx
behavioral2/memory/912-42-0x00007FF6F0680000-0x00007FF6F09D4000-memory.dmp	upx
behavioral2/files/0x0009000000023406-61.dat	upx
behavioral2/files/0x000700000002341a-64.dat	upx
behavioral2/files/0x000700000002341c-73.dat	upx
behavioral2/files/0x000700000002341d-84.dat	upx
behavioral2/files/0x0007000000023420-103.dat	upx
behavioral2/files/0x0007000000023422-113.dat	upx
behavioral2/files/0x0007000000023425-127.dat	upx
behavioral2/files/0x0007000000023428-142.dat	upx
behavioral2/files/0x000700000002342c-157.dat	upx
behavioral2/files/0x000700000002342e-170.dat	upx
behavioral2/files/0x000700000002342d-168.dat	upx
behavioral2/files/0x000700000002342b-158.dat	upx
behavioral2/files/0x000700000002342a-153.dat	upx
behavioral2/files/0x0007000000023429-148.dat	upx
behavioral2/files/0x0007000000023427-138.dat	upx
behavioral2/files/0x0007000000023426-133.dat	upx
behavioral2/files/0x0007000000023424-123.dat	upx
behavioral2/files/0x0007000000023423-118.dat	upx
behavioral2/memory/3588-669-0x00007FF69FD60000-0x00007FF6A00B4000-memory.dmp	upx
behavioral2/files/0x0007000000023421-107.dat	upx
behavioral2/files/0x000700000002341f-98.dat	upx
behavioral2/files/0x000700000002341e-92.dat	upx
behavioral2/files/0x000700000002341b-80.dat	upx
behavioral2/memory/3372-74-0x00007FF785AB0000-0x00007FF785E04000-memory.dmp	upx
behavioral2/files/0x0007000000023419-71.dat	upx
behavioral2/memory/4336-68-0x00007FF71CA30000-0x00007FF71CD84000-memory.dmp	upx
behavioral2/memory/4248-62-0x00007FF6B9660000-0x00007FF6B99B4000-memory.dmp	upx
behavioral2/files/0x0007000000023418-56.dat	upx
behavioral2/memory/2700-51-0x00007FF7954B0000-0x00007FF795804000-memory.dmp	upx
behavioral2/memory/1132-47-0x00007FF72FE40000-0x00007FF730194000-memory.dmp	upx
behavioral2/memory/4148-40-0x00007FF77AF10000-0x00007FF77B264000-memory.dmp	upx
behavioral2/memory/836-670-0x00007FF6157A0000-0x00007FF615AF4000-memory.dmp	upx
behavioral2/memory/5048-671-0x00007FF61CAB0000-0x00007FF61CE04000-memory.dmp	upx
behavioral2/memory/4556-672-0x00007FF7EE3E0000-0x00007FF7EE734000-memory.dmp	upx
behavioral2/memory/3992-673-0x00007FF614330000-0x00007FF614684000-memory.dmp	upx
behavioral2/memory/4436-679-0x00007FF7491C0000-0x00007FF749514000-memory.dmp	upx
behavioral2/memory/1804-705-0x00007FF79CB10000-0x00007FF79CE64000-memory.dmp	upx
behavioral2/memory/4528-724-0x00007FF627B50000-0x00007FF627EA4000-memory.dmp	upx
behavioral2/memory/4580-727-0x00007FF6CCE40000-0x00007FF6CD194000-memory.dmp	upx
behavioral2/memory/3044-719-0x00007FF7893B0000-0x00007FF789704000-memory.dmp	upx
behavioral2/memory/2592-708-0x00007FF725870000-0x00007FF725BC4000-memory.dmp	upx
behavioral2/memory/2432-701-0x00007FF7EB330000-0x00007FF7EB684000-memory.dmp	upx
behavioral2/memory/4800-693-0x00007FF76FF00000-0x00007FF770254000-memory.dmp	upx
behavioral2/memory/4388-684-0x00007FF723730000-0x00007FF723A84000-memory.dmp	upx
behavioral2/memory/3456-733-0x00007FF7EAAC0000-0x00007FF7EAE14000-memory.dmp	upx
behavioral2/memory/5000-743-0x00007FF69D9F0000-0x00007FF69DD44000-memory.dmp	upx
behavioral2/memory/3552-736-0x00007FF7D4B20000-0x00007FF7D4E74000-memory.dmp	upx
behavioral2/memory/3328-728-0x00007FF7E2AD0000-0x00007FF7E2E24000-memory.dmp	upx
behavioral2/memory/1996-744-0x00007FF680A90000-0x00007FF680DE4000-memory.dmp	upx
behavioral2/memory/1816-750-0x00007FF77B200000-0x00007FF77B554000-memory.dmp	upx
behavioral2/memory/1856-2157-0x00007FF7EBFC0000-0x00007FF7EC314000-memory.dmp	upx
behavioral2/memory/4016-2158-0x00007FF678C50000-0x00007FF678FA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KhjffTs.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\NsPUmNf.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\VYLHhhA.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\EtVkkUv.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\XRWhjVo.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\ZtFCWbJ.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\KmOmthR.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\DoslvcG.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\DzgeNTY.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\PWxrauf.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\lvrGfrC.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\zYJLzwI.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\JTtmFEU.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\ufiPjcd.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\nNNQZRA.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\AFzxEVy.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\HYcrMzM.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\aXxmjxN.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\EAooAGr.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\TvpnUgD.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\JWQsqzT.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\LqVoRjP.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\SIbKLyj.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\vHODKjy.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\hSDlPDc.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\SRtepkp.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\RmExzPu.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\wcDyKTd.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\iJuINVl.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\EHvpwUu.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\oqCXsDb.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\aPBpGXe.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\NFPuONs.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\afUivGK.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\bjPvInI.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\iSuHBYy.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\RcNpjAu.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\uutPrkO.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\BFMFLUr.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\LHgYWaX.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\nXuEkzP.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\lPCyWRx.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\bTBwWWo.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\qOukMdi.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\AcMfTNh.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\ccRvVff.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\rjNswBI.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\GuurbJb.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\tLlbumh.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\gmHUsKh.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\EBzQnvy.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\JpxKlRw.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\ubkoSxl.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\FGCoSwC.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\cllPmAt.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\IAtufOc.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\XYPXLCf.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\nkWRSho.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\Pzhyhbh.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\ZZZQvDd.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\coYxLZq.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\qdopdJw.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\XZCqndh.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
File created	C:\Windows\System\rUuxvUP.exe	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4608	dwm.exe
Token: SeChangeNotifyPrivilege	4608	dwm.exe
Token: 33	4608	dwm.exe
Token: SeIncBasePriorityPrivilege	4608	dwm.exe
Token: SeShutdownPrivilege	4608	dwm.exe
Token: SeCreatePagefilePrivilege	4608	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 1856	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	83
PID 2596 wrote to memory of 1856	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	83
PID 2596 wrote to memory of 4016	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	84
PID 2596 wrote to memory of 4016	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	84
PID 2596 wrote to memory of 4148	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	85
PID 2596 wrote to memory of 4148	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	85
PID 2596 wrote to memory of 4248	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	86
PID 2596 wrote to memory of 4248	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	86
PID 2596 wrote to memory of 4336	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	87
PID 2596 wrote to memory of 4336	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	87
PID 2596 wrote to memory of 912	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	88
PID 2596 wrote to memory of 912	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	88
PID 2596 wrote to memory of 1132	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	89
PID 2596 wrote to memory of 1132	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	89
PID 2596 wrote to memory of 2700	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	90
PID 2596 wrote to memory of 2700	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	90
PID 2596 wrote to memory of 3372	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	91
PID 2596 wrote to memory of 3372	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	91
PID 2596 wrote to memory of 3552	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	92
PID 2596 wrote to memory of 3552	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	92
PID 2596 wrote to memory of 3588	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	94
PID 2596 wrote to memory of 3588	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	94
PID 2596 wrote to memory of 5000	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	95
PID 2596 wrote to memory of 5000	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	95
PID 2596 wrote to memory of 1996	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	96
PID 2596 wrote to memory of 1996	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	96
PID 2596 wrote to memory of 836	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	97
PID 2596 wrote to memory of 836	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	97
PID 2596 wrote to memory of 1816	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	98
PID 2596 wrote to memory of 1816	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	98
PID 2596 wrote to memory of 5048	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	99
PID 2596 wrote to memory of 5048	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	99
PID 2596 wrote to memory of 4556	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	100
PID 2596 wrote to memory of 4556	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	100
PID 2596 wrote to memory of 3992	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	101
PID 2596 wrote to memory of 3992	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	101
PID 2596 wrote to memory of 4436	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	102
PID 2596 wrote to memory of 4436	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	102
PID 2596 wrote to memory of 4388	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	103
PID 2596 wrote to memory of 4388	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	103
PID 2596 wrote to memory of 4800	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	104
PID 2596 wrote to memory of 4800	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	104
PID 2596 wrote to memory of 2432	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	105
PID 2596 wrote to memory of 2432	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	105
PID 2596 wrote to memory of 1804	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	106
PID 2596 wrote to memory of 1804	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	106
PID 2596 wrote to memory of 2592	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	107
PID 2596 wrote to memory of 2592	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	107
PID 2596 wrote to memory of 3044	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	108
PID 2596 wrote to memory of 3044	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	108
PID 2596 wrote to memory of 4528	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	109
PID 2596 wrote to memory of 4528	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	109
PID 2596 wrote to memory of 4580	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	110
PID 2596 wrote to memory of 4580	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	110
PID 2596 wrote to memory of 3328	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	111
PID 2596 wrote to memory of 3328	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	111
PID 2596 wrote to memory of 3456	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	112
PID 2596 wrote to memory of 3456	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	112
PID 2596 wrote to memory of 996	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	113
PID 2596 wrote to memory of 996	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	113
PID 2596 wrote to memory of 4304	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	114
PID 2596 wrote to memory of 4304	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	114
PID 2596 wrote to memory of 2244	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	115
PID 2596 wrote to memory of 2244	2596	24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\24d7a40db506d17404b0f7b9e5011190_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\System\uWJArFA.exe
  C:\Windows\System\uWJArFA.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\sTruVWx.exe
  C:\Windows\System\sTruVWx.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\VJGMkhI.exe
  C:\Windows\System\VJGMkhI.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\UTRhIMh.exe
  C:\Windows\System\UTRhIMh.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\ZYiwVHG.exe
  C:\Windows\System\ZYiwVHG.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\bTBwWWo.exe
  C:\Windows\System\bTBwWWo.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\sbqiETs.exe
  C:\Windows\System\sbqiETs.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\nUoCzmJ.exe
  C:\Windows\System\nUoCzmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ufiPjcd.exe
  C:\Windows\System\ufiPjcd.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\LEGJeon.exe
  C:\Windows\System\LEGJeon.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\hsRMnTF.exe
  C:\Windows\System\hsRMnTF.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\feEIaLA.exe
  C:\Windows\System\feEIaLA.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\aDLWyEN.exe
  C:\Windows\System\aDLWyEN.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\HIaiPCt.exe
  C:\Windows\System\HIaiPCt.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\GSrcwRy.exe
  C:\Windows\System\GSrcwRy.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\hbDLfLR.exe
  C:\Windows\System\hbDLfLR.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\QXlFJHM.exe
  C:\Windows\System\QXlFJHM.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\ugwGVlK.exe
  C:\Windows\System\ugwGVlK.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\FjgMoDg.exe
  C:\Windows\System\FjgMoDg.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\ngUqYVo.exe
  C:\Windows\System\ngUqYVo.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\VwMMZyO.exe
  C:\Windows\System\VwMMZyO.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\JmWrqsQ.exe
  C:\Windows\System\JmWrqsQ.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\wzgNGMB.exe
  C:\Windows\System\wzgNGMB.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\FxUoWTi.exe
  C:\Windows\System\FxUoWTi.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ocyVgjz.exe
  C:\Windows\System\ocyVgjz.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\rrtOIBj.exe
  C:\Windows\System\rrtOIBj.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\uhnKQNp.exe
  C:\Windows\System\uhnKQNp.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\FAOMDjn.exe
  C:\Windows\System\FAOMDjn.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\ftyKkiv.exe
  C:\Windows\System\ftyKkiv.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\JxFxEuQ.exe
  C:\Windows\System\JxFxEuQ.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\yKCFbbF.exe
  C:\Windows\System\yKCFbbF.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\jnroXYu.exe
  C:\Windows\System\jnroXYu.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ANFWQyR.exe
  C:\Windows\System\ANFWQyR.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\hXXifOy.exe
  C:\Windows\System\hXXifOy.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\KUSzcYV.exe
  C:\Windows\System\KUSzcYV.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\DlBlNNn.exe
  C:\Windows\System\DlBlNNn.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\VxTCFpS.exe
  C:\Windows\System\VxTCFpS.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\NsPUmNf.exe
  C:\Windows\System\NsPUmNf.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\djCtvFf.exe
  C:\Windows\System\djCtvFf.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\aOLiATr.exe
  C:\Windows\System\aOLiATr.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\lyIInLa.exe
  C:\Windows\System\lyIInLa.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\ezhPsmm.exe
  C:\Windows\System\ezhPsmm.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\QTAfWHO.exe
  C:\Windows\System\QTAfWHO.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\OsGZRWS.exe
  C:\Windows\System\OsGZRWS.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\iFLscUo.exe
  C:\Windows\System\iFLscUo.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\TvpnUgD.exe
  C:\Windows\System\TvpnUgD.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\nQOIHXm.exe
  C:\Windows\System\nQOIHXm.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\OfCJkSg.exe
  C:\Windows\System\OfCJkSg.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\jLcMthf.exe
  C:\Windows\System\jLcMthf.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\iBvtKON.exe
  C:\Windows\System\iBvtKON.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\bWHnZAk.exe
  C:\Windows\System\bWHnZAk.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\oABhmoa.exe
  C:\Windows\System\oABhmoa.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\nXjHwTk.exe
  C:\Windows\System\nXjHwTk.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\ZjvtQCF.exe
  C:\Windows\System\ZjvtQCF.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\jbLMAOo.exe
  C:\Windows\System\jbLMAOo.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\bTZEqRq.exe
  C:\Windows\System\bTZEqRq.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\rQiEcKR.exe
  C:\Windows\System\rQiEcKR.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\MCZRwIX.exe
  C:\Windows\System\MCZRwIX.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\qNcdGnm.exe
  C:\Windows\System\qNcdGnm.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\ELCXbbr.exe
  C:\Windows\System\ELCXbbr.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\VsNJlLv.exe
  C:\Windows\System\VsNJlLv.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\OiIDkDI.exe
  C:\Windows\System\OiIDkDI.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\nNNQZRA.exe
  C:\Windows\System\nNNQZRA.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\WVRbwJb.exe
  C:\Windows\System\WVRbwJb.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\NvGMkZU.exe
  C:\Windows\System\NvGMkZU.exe
  2⤵
  PID:4696
- C:\Windows\System\ZGZmJhg.exe
  C:\Windows\System\ZGZmJhg.exe
  2⤵
  PID:2036
- C:\Windows\System\mQAHhuL.exe
  C:\Windows\System\mQAHhuL.exe
  2⤵
  PID:616
- C:\Windows\System\JpxKlRw.exe
  C:\Windows\System\JpxKlRw.exe
  2⤵
  PID:3140
- C:\Windows\System\qOukMdi.exe
  C:\Windows\System\qOukMdi.exe
  2⤵
  PID:1064
- C:\Windows\System\TvZhPtE.exe
  C:\Windows\System\TvZhPtE.exe
  2⤵
  PID:3620
- C:\Windows\System\oNIbbBQ.exe
  C:\Windows\System\oNIbbBQ.exe
  2⤵
  PID:1796
- C:\Windows\System\JXSBTgU.exe
  C:\Windows\System\JXSBTgU.exe
  2⤵
  PID:4004
- C:\Windows\System\hoDPdop.exe
  C:\Windows\System\hoDPdop.exe
  2⤵
  PID:1916
- C:\Windows\System\ZsHLkjM.exe
  C:\Windows\System\ZsHLkjM.exe
  2⤵
  PID:4544
- C:\Windows\System\HcJeyZa.exe
  C:\Windows\System\HcJeyZa.exe
  2⤵
  PID:944
- C:\Windows\System\DSoiEmV.exe
  C:\Windows\System\DSoiEmV.exe
  2⤵
  PID:2824
- C:\Windows\System\juWZKDT.exe
  C:\Windows\System\juWZKDT.exe
  2⤵
  PID:1224
- C:\Windows\System\jDxRIYv.exe
  C:\Windows\System\jDxRIYv.exe
  2⤵
  PID:4940
- C:\Windows\System\IuHDGVK.exe
  C:\Windows\System\IuHDGVK.exe
  2⤵
  PID:2396
- C:\Windows\System\eeBhzEE.exe
  C:\Windows\System\eeBhzEE.exe
  2⤵
  PID:1016
- C:\Windows\System\TvumJmD.exe
  C:\Windows\System\TvumJmD.exe
  2⤵
  PID:4516
- C:\Windows\System\SClEWTW.exe
  C:\Windows\System\SClEWTW.exe
  2⤵
  PID:3064
- C:\Windows\System\UuPGspK.exe
  C:\Windows\System\UuPGspK.exe
  2⤵
  PID:3272
- C:\Windows\System\ynkSPDE.exe
  C:\Windows\System\ynkSPDE.exe
  2⤵
  PID:2616
- C:\Windows\System\Mcvtwof.exe
  C:\Windows\System\Mcvtwof.exe
  2⤵
  PID:4760
- C:\Windows\System\GYzyihq.exe
  C:\Windows\System\GYzyihq.exe
  2⤵
  PID:3940
- C:\Windows\System\KJftJKt.exe
  C:\Windows\System\KJftJKt.exe
  2⤵
  PID:4152
- C:\Windows\System\qPZWPwX.exe
  C:\Windows\System\qPZWPwX.exe
  2⤵
  PID:1120
- C:\Windows\System\BBpreTP.exe
  C:\Windows\System\BBpreTP.exe
  2⤵
  PID:5140
- C:\Windows\System\pSnDURz.exe
  C:\Windows\System\pSnDURz.exe
  2⤵
  PID:5168
- C:\Windows\System\IVgzFoN.exe
  C:\Windows\System\IVgzFoN.exe
  2⤵
  PID:5196
- C:\Windows\System\jgTAhmi.exe
  C:\Windows\System\jgTAhmi.exe
  2⤵
  PID:5224
- C:\Windows\System\nrYHlhy.exe
  C:\Windows\System\nrYHlhy.exe
  2⤵
  PID:5252
- C:\Windows\System\uzWfVsK.exe
  C:\Windows\System\uzWfVsK.exe
  2⤵
  PID:5280
- C:\Windows\System\ghXTJha.exe
  C:\Windows\System\ghXTJha.exe
  2⤵
  PID:5308
- C:\Windows\System\askWAHD.exe
  C:\Windows\System\askWAHD.exe
  2⤵
  PID:5336
- C:\Windows\System\CZiXFqh.exe
  C:\Windows\System\CZiXFqh.exe
  2⤵
  PID:5364
- C:\Windows\System\qydcriO.exe
  C:\Windows\System\qydcriO.exe
  2⤵
  PID:5392
- C:\Windows\System\EKcwapB.exe
  C:\Windows\System\EKcwapB.exe
  2⤵
  PID:5420
- C:\Windows\System\vPpjzjz.exe
  C:\Windows\System\vPpjzjz.exe
  2⤵
  PID:5448
- C:\Windows\System\IhDHeva.exe
  C:\Windows\System\IhDHeva.exe
  2⤵
  PID:5476
- C:\Windows\System\RzXfLjj.exe
  C:\Windows\System\RzXfLjj.exe
  2⤵
  PID:5504
- C:\Windows\System\iHFCIBW.exe
  C:\Windows\System\iHFCIBW.exe
  2⤵
  PID:5532
- C:\Windows\System\UdJIxlU.exe
  C:\Windows\System\UdJIxlU.exe
  2⤵
  PID:5560
- C:\Windows\System\iQGDrJU.exe
  C:\Windows\System\iQGDrJU.exe
  2⤵
  PID:5588
- C:\Windows\System\qkJFtQn.exe
  C:\Windows\System\qkJFtQn.exe
  2⤵
  PID:5616
- C:\Windows\System\AFzxEVy.exe
  C:\Windows\System\AFzxEVy.exe
  2⤵
  PID:5644
- C:\Windows\System\khkfNzS.exe
  C:\Windows\System\khkfNzS.exe
  2⤵
  PID:5672
- C:\Windows\System\HgSGQhH.exe
  C:\Windows\System\HgSGQhH.exe
  2⤵
  PID:5700
- C:\Windows\System\PyyNTbX.exe
  C:\Windows\System\PyyNTbX.exe
  2⤵
  PID:5728
- C:\Windows\System\YfNNJjL.exe
  C:\Windows\System\YfNNJjL.exe
  2⤵
  PID:5756
- C:\Windows\System\RHkCfuv.exe
  C:\Windows\System\RHkCfuv.exe
  2⤵
  PID:5784
- C:\Windows\System\VmyftEb.exe
  C:\Windows\System\VmyftEb.exe
  2⤵
  PID:5812
- C:\Windows\System\WDgGUhL.exe
  C:\Windows\System\WDgGUhL.exe
  2⤵
  PID:5840
- C:\Windows\System\pZypiTE.exe
  C:\Windows\System\pZypiTE.exe
  2⤵
  PID:5868
- C:\Windows\System\ymwmkif.exe
  C:\Windows\System\ymwmkif.exe
  2⤵
  PID:5896
- C:\Windows\System\ZtFCWbJ.exe
  C:\Windows\System\ZtFCWbJ.exe
  2⤵
  PID:5924
- C:\Windows\System\hcsFMAA.exe
  C:\Windows\System\hcsFMAA.exe
  2⤵
  PID:5952
- C:\Windows\System\eRcsNZa.exe
  C:\Windows\System\eRcsNZa.exe
  2⤵
  PID:5980
- C:\Windows\System\QVbglGN.exe
  C:\Windows\System\QVbglGN.exe
  2⤵
  PID:6008
- C:\Windows\System\hWTxFVr.exe
  C:\Windows\System\hWTxFVr.exe
  2⤵
  PID:6036
- C:\Windows\System\AXdWcbP.exe
  C:\Windows\System\AXdWcbP.exe
  2⤵
  PID:6064
- C:\Windows\System\iXrbqVR.exe
  C:\Windows\System\iXrbqVR.exe
  2⤵
  PID:6092
- C:\Windows\System\rHdrDAY.exe
  C:\Windows\System\rHdrDAY.exe
  2⤵
  PID:6120
- C:\Windows\System\hSDlPDc.exe
  C:\Windows\System\hSDlPDc.exe
  2⤵
  PID:1020
- C:\Windows\System\cNrcoaZ.exe
  C:\Windows\System\cNrcoaZ.exe
  2⤵
  PID:2408
- C:\Windows\System\FedumsZ.exe
  C:\Windows\System\FedumsZ.exe
  2⤵
  PID:3692
- C:\Windows\System\nsFFzHe.exe
  C:\Windows\System\nsFFzHe.exe
  2⤵
  PID:4092
- C:\Windows\System\KmOmthR.exe
  C:\Windows\System\KmOmthR.exe
  2⤵
  PID:5124
- C:\Windows\System\aVQHmCN.exe
  C:\Windows\System\aVQHmCN.exe
  2⤵
  PID:5184
- C:\Windows\System\fqemYUh.exe
  C:\Windows\System\fqemYUh.exe
  2⤵
  PID:5244
- C:\Windows\System\wlQpyKE.exe
  C:\Windows\System\wlQpyKE.exe
  2⤵
  PID:5320
- C:\Windows\System\IxYGIGy.exe
  C:\Windows\System\IxYGIGy.exe
  2⤵
  PID:5380
- C:\Windows\System\moctArt.exe
  C:\Windows\System\moctArt.exe
  2⤵
  PID:5440
- C:\Windows\System\aNBwWuQ.exe
  C:\Windows\System\aNBwWuQ.exe
  2⤵
  PID:5516
- C:\Windows\System\fSliJbv.exe
  C:\Windows\System\fSliJbv.exe
  2⤵
  PID:5576
- C:\Windows\System\HTTRMUG.exe
  C:\Windows\System\HTTRMUG.exe
  2⤵
  PID:5636
- C:\Windows\System\rPtFwkU.exe
  C:\Windows\System\rPtFwkU.exe
  2⤵
  PID:5712
- C:\Windows\System\SIigORG.exe
  C:\Windows\System\SIigORG.exe
  2⤵
  PID:5772
- C:\Windows\System\ucLrDdh.exe
  C:\Windows\System\ucLrDdh.exe
  2⤵
  PID:5832
- C:\Windows\System\BtlUsNs.exe
  C:\Windows\System\BtlUsNs.exe
  2⤵
  PID:5908
- C:\Windows\System\QMXrtey.exe
  C:\Windows\System\QMXrtey.exe
  2⤵
  PID:5968
- C:\Windows\System\RceJpQx.exe
  C:\Windows\System\RceJpQx.exe
  2⤵
  PID:6028
- C:\Windows\System\nwVuNzf.exe
  C:\Windows\System\nwVuNzf.exe
  2⤵
  PID:6104
- C:\Windows\System\VYLHhhA.exe
  C:\Windows\System\VYLHhhA.exe
  2⤵
  PID:4256
- C:\Windows\System\iAELNLa.exe
  C:\Windows\System\iAELNLa.exe
  2⤵
  PID:1944
- C:\Windows\System\KpKmSZM.exe
  C:\Windows\System\KpKmSZM.exe
  2⤵
  PID:5212
- C:\Windows\System\YwmBtlx.exe
  C:\Windows\System\YwmBtlx.exe
  2⤵
  PID:5352
- C:\Windows\System\YIzoNac.exe
  C:\Windows\System\YIzoNac.exe
  2⤵
  PID:5492
- C:\Windows\System\WMzXKGi.exe
  C:\Windows\System\WMzXKGi.exe
  2⤵
  PID:5664
- C:\Windows\System\GUNlIrq.exe
  C:\Windows\System\GUNlIrq.exe
  2⤵
  PID:5824
- C:\Windows\System\wZroLHr.exe
  C:\Windows\System\wZroLHr.exe
  2⤵
  PID:5940
- C:\Windows\System\bjPvInI.exe
  C:\Windows\System\bjPvInI.exe
  2⤵
  PID:6080
- C:\Windows\System\HhNxbby.exe
  C:\Windows\System\HhNxbby.exe
  2⤵
  PID:4048
- C:\Windows\System\XohIQlQ.exe
  C:\Windows\System\XohIQlQ.exe
  2⤵
  PID:6172
- C:\Windows\System\AcMfTNh.exe
  C:\Windows\System\AcMfTNh.exe
  2⤵
  PID:6200
- C:\Windows\System\XFfNsiF.exe
  C:\Windows\System\XFfNsiF.exe
  2⤵
  PID:6232
- C:\Windows\System\dnGsPVZ.exe
  C:\Windows\System\dnGsPVZ.exe
  2⤵
  PID:6256
- C:\Windows\System\xZWuWQn.exe
  C:\Windows\System\xZWuWQn.exe
  2⤵
  PID:6284
- C:\Windows\System\VAjxWty.exe
  C:\Windows\System\VAjxWty.exe
  2⤵
  PID:6312
- C:\Windows\System\afdLOGz.exe
  C:\Windows\System\afdLOGz.exe
  2⤵
  PID:6340
- C:\Windows\System\fNZveDV.exe
  C:\Windows\System\fNZveDV.exe
  2⤵
  PID:6368
- C:\Windows\System\JUfRyRt.exe
  C:\Windows\System\JUfRyRt.exe
  2⤵
  PID:6396
- C:\Windows\System\dugIUEn.exe
  C:\Windows\System\dugIUEn.exe
  2⤵
  PID:6424
- C:\Windows\System\wFjFiGh.exe
  C:\Windows\System\wFjFiGh.exe
  2⤵
  PID:6452
- C:\Windows\System\HjyXUlU.exe
  C:\Windows\System\HjyXUlU.exe
  2⤵
  PID:6480
- C:\Windows\System\hbzOdQR.exe
  C:\Windows\System\hbzOdQR.exe
  2⤵
  PID:6508
- C:\Windows\System\GYpzsVE.exe
  C:\Windows\System\GYpzsVE.exe
  2⤵
  PID:6536
- C:\Windows\System\UgQkbvX.exe
  C:\Windows\System\UgQkbvX.exe
  2⤵
  PID:6564
- C:\Windows\System\OtpskIL.exe
  C:\Windows\System\OtpskIL.exe
  2⤵
  PID:6592
- C:\Windows\System\AHHQIEO.exe
  C:\Windows\System\AHHQIEO.exe
  2⤵
  PID:6620
- C:\Windows\System\DzgeNTY.exe
  C:\Windows\System\DzgeNTY.exe
  2⤵
  PID:6648
- C:\Windows\System\QfCoTDh.exe
  C:\Windows\System\QfCoTDh.exe
  2⤵
  PID:6688
- C:\Windows\System\yriXfrB.exe
  C:\Windows\System\yriXfrB.exe
  2⤵
  PID:6716
- C:\Windows\System\vEckgOa.exe
  C:\Windows\System\vEckgOa.exe
  2⤵
  PID:6740
- C:\Windows\System\IEOVokJ.exe
  C:\Windows\System\IEOVokJ.exe
  2⤵
  PID:6760
- C:\Windows\System\GeeVRec.exe
  C:\Windows\System\GeeVRec.exe
  2⤵
  PID:6788
- C:\Windows\System\yNbnZCs.exe
  C:\Windows\System\yNbnZCs.exe
  2⤵
  PID:6816
- C:\Windows\System\YozmtUL.exe
  C:\Windows\System\YozmtUL.exe
  2⤵
  PID:6844
- C:\Windows\System\rNJDnUt.exe
  C:\Windows\System\rNJDnUt.exe
  2⤵
  PID:6872
- C:\Windows\System\ubkoSxl.exe
  C:\Windows\System\ubkoSxl.exe
  2⤵
  PID:6900
- C:\Windows\System\cbUTstZ.exe
  C:\Windows\System\cbUTstZ.exe
  2⤵
  PID:6928
- C:\Windows\System\mWwLaki.exe
  C:\Windows\System\mWwLaki.exe
  2⤵
  PID:6956
- C:\Windows\System\dimhCKy.exe
  C:\Windows\System\dimhCKy.exe
  2⤵
  PID:6984
- C:\Windows\System\lhCpZme.exe
  C:\Windows\System\lhCpZme.exe
  2⤵
  PID:7012
- C:\Windows\System\UgmQRDS.exe
  C:\Windows\System\UgmQRDS.exe
  2⤵
  PID:7036
- C:\Windows\System\uALJkok.exe
  C:\Windows\System\uALJkok.exe
  2⤵
  PID:7068
- C:\Windows\System\VoglHdF.exe
  C:\Windows\System\VoglHdF.exe
  2⤵
  PID:7096
- C:\Windows\System\CYLtQNc.exe
  C:\Windows\System\CYLtQNc.exe
  2⤵
  PID:7124
- C:\Windows\System\ppNQrVH.exe
  C:\Windows\System\ppNQrVH.exe
  2⤵
  PID:7152
- C:\Windows\System\BZAfsmT.exe
  C:\Windows\System\BZAfsmT.exe
  2⤵
  PID:5292
- C:\Windows\System\IKqxVkd.exe
  C:\Windows\System\IKqxVkd.exe
  2⤵
  PID:5604
- C:\Windows\System\yuJImVj.exe
  C:\Windows\System\yuJImVj.exe
  2⤵
  PID:4356
- C:\Windows\System\DLcImwe.exe
  C:\Windows\System\DLcImwe.exe
  2⤵
  PID:3684
- C:\Windows\System\xXqyYoN.exe
  C:\Windows\System\xXqyYoN.exe
  2⤵
  PID:6188
- C:\Windows\System\uHfnAnx.exe
  C:\Windows\System\uHfnAnx.exe
  2⤵
  PID:6252
- C:\Windows\System\FenQPnA.exe
  C:\Windows\System\FenQPnA.exe
  2⤵
  PID:6324
- C:\Windows\System\zzPXmVi.exe
  C:\Windows\System\zzPXmVi.exe
  2⤵
  PID:6384
- C:\Windows\System\TiMjlXe.exe
  C:\Windows\System\TiMjlXe.exe
  2⤵
  PID:6416
- C:\Windows\System\iJBPGss.exe
  C:\Windows\System\iJBPGss.exe
  2⤵
  PID:6528
- C:\Windows\System\ufGBGAz.exe
  C:\Windows\System\ufGBGAz.exe
  2⤵
  PID:6680
- C:\Windows\System\Batcujv.exe
  C:\Windows\System\Batcujv.exe
  2⤵
  PID:6752
- C:\Windows\System\cvtYxnN.exe
  C:\Windows\System\cvtYxnN.exe
  2⤵
  PID:6800
- C:\Windows\System\Pzhyhbh.exe
  C:\Windows\System\Pzhyhbh.exe
  2⤵
  PID:6828
- C:\Windows\System\mfesfXA.exe
  C:\Windows\System\mfesfXA.exe
  2⤵
  PID:6864
- C:\Windows\System\UmxArHS.exe
  C:\Windows\System\UmxArHS.exe
  2⤵
  PID:6916
- C:\Windows\System\joweXHY.exe
  C:\Windows\System\joweXHY.exe
  2⤵
  PID:412
- C:\Windows\System\geaVpYo.exe
  C:\Windows\System\geaVpYo.exe
  2⤵
  PID:5056
- C:\Windows\System\BfXNdDB.exe
  C:\Windows\System\BfXNdDB.exe
  2⤵
  PID:7060
- C:\Windows\System\ySXqDZs.exe
  C:\Windows\System\ySXqDZs.exe
  2⤵
  PID:7112
- C:\Windows\System\lnHiLCE.exe
  C:\Windows\System\lnHiLCE.exe
  2⤵
  PID:7144
- C:\Windows\System\gSLXIXw.exe
  C:\Windows\System\gSLXIXw.exe
  2⤵
  PID:5468
- C:\Windows\System\LMEfhnX.exe
  C:\Windows\System\LMEfhnX.exe
  2⤵
  PID:6000
- C:\Windows\System\jRiqSnP.exe
  C:\Windows\System\jRiqSnP.exe
  2⤵
  PID:5096
- C:\Windows\System\ANDSrII.exe
  C:\Windows\System\ANDSrII.exe
  2⤵
  PID:3000
- C:\Windows\System\tOrrhfe.exe
  C:\Windows\System\tOrrhfe.exe
  2⤵
  PID:2160
- C:\Windows\System\gnwnriK.exe
  C:\Windows\System\gnwnriK.exe
  2⤵
  PID:6412
- C:\Windows\System\qoBfoiF.exe
  C:\Windows\System\qoBfoiF.exe
  2⤵
  PID:6556
- C:\Windows\System\hAYTaft.exe
  C:\Windows\System\hAYTaft.exe
  2⤵
  PID:964
- C:\Windows\System\mTsRqYl.exe
  C:\Windows\System\mTsRqYl.exe
  2⤵
  PID:6636
- C:\Windows\System\AbLHuoC.exe
  C:\Windows\System\AbLHuoC.exe
  2⤵
  PID:6836
- C:\Windows\System\LombIui.exe
  C:\Windows\System\LombIui.exe
  2⤵
  PID:6860
- C:\Windows\System\MnphvOB.exe
  C:\Windows\System\MnphvOB.exe
  2⤵
  PID:7032
- C:\Windows\System\kcWhrAo.exe
  C:\Windows\System\kcWhrAo.exe
  2⤵
  PID:6296
- C:\Windows\System\BWQBrJm.exe
  C:\Windows\System\BWQBrJm.exe
  2⤵
  PID:528
- C:\Windows\System\EDRHnnM.exe
  C:\Windows\System\EDRHnnM.exe
  2⤵
  PID:2436
- C:\Windows\System\zdvAkJn.exe
  C:\Windows\System\zdvAkJn.exe
  2⤵
  PID:4708
- C:\Windows\System\hKWjuAZ.exe
  C:\Windows\System\hKWjuAZ.exe
  2⤵
  PID:4560
- C:\Windows\System\bdwHEfz.exe
  C:\Windows\System\bdwHEfz.exe
  2⤵
  PID:6408
- C:\Windows\System\nRIXRPP.exe
  C:\Windows\System\nRIXRPP.exe
  2⤵
  PID:6552
- C:\Windows\System\neBUmnF.exe
  C:\Windows\System\neBUmnF.exe
  2⤵
  PID:7176
- C:\Windows\System\hqVKJvb.exe
  C:\Windows\System\hqVKJvb.exe
  2⤵
  PID:7208
- C:\Windows\System\EtVkkUv.exe
  C:\Windows\System\EtVkkUv.exe
  2⤵
  PID:7240
- C:\Windows\System\vhfzKWW.exe
  C:\Windows\System\vhfzKWW.exe
  2⤵
  PID:7256
- C:\Windows\System\poMkOgU.exe
  C:\Windows\System\poMkOgU.exe
  2⤵
  PID:7300
- C:\Windows\System\ZTIpGQf.exe
  C:\Windows\System\ZTIpGQf.exe
  2⤵
  PID:7324
- C:\Windows\System\eaISwmn.exe
  C:\Windows\System\eaISwmn.exe
  2⤵
  PID:7352
- C:\Windows\System\PWxrauf.exe
  C:\Windows\System\PWxrauf.exe
  2⤵
  PID:7380
- C:\Windows\System\IyFKKZu.exe
  C:\Windows\System\IyFKKZu.exe
  2⤵
  PID:7396
- C:\Windows\System\bgWLQnW.exe
  C:\Windows\System\bgWLQnW.exe
  2⤵
  PID:7428
- C:\Windows\System\pLFltYq.exe
  C:\Windows\System\pLFltYq.exe
  2⤵
  PID:7456
- C:\Windows\System\aCjVvwA.exe
  C:\Windows\System\aCjVvwA.exe
  2⤵
  PID:7472
- C:\Windows\System\uGwlLKJ.exe
  C:\Windows\System\uGwlLKJ.exe
  2⤵
  PID:7524
- C:\Windows\System\GieyVNs.exe
  C:\Windows\System\GieyVNs.exe
  2⤵
  PID:7552
- C:\Windows\System\cMjUlQw.exe
  C:\Windows\System\cMjUlQw.exe
  2⤵
  PID:7568
- C:\Windows\System\gbWslxW.exe
  C:\Windows\System\gbWslxW.exe
  2⤵
  PID:7600
- C:\Windows\System\NTrIvrO.exe
  C:\Windows\System\NTrIvrO.exe
  2⤵
  PID:7624
- C:\Windows\System\nEmTRub.exe
  C:\Windows\System\nEmTRub.exe
  2⤵
  PID:7660
- C:\Windows\System\rxtIBvj.exe
  C:\Windows\System\rxtIBvj.exe
  2⤵
  PID:7688
- C:\Windows\System\IQReZZj.exe
  C:\Windows\System\IQReZZj.exe
  2⤵
  PID:7716
- C:\Windows\System\nmkjdlh.exe
  C:\Windows\System\nmkjdlh.exe
  2⤵
  PID:7752
- C:\Windows\System\wQdCkNU.exe
  C:\Windows\System\wQdCkNU.exe
  2⤵
  PID:7768
- C:\Windows\System\SZnhewP.exe
  C:\Windows\System\SZnhewP.exe
  2⤵
  PID:7796
- C:\Windows\System\XkhPvQi.exe
  C:\Windows\System\XkhPvQi.exe
  2⤵
  PID:7828
- C:\Windows\System\iSuHBYy.exe
  C:\Windows\System\iSuHBYy.exe
  2⤵
  PID:7888
- C:\Windows\System\VsXNFZP.exe
  C:\Windows\System\VsXNFZP.exe
  2⤵
  PID:7908
- C:\Windows\System\rEjzvUj.exe
  C:\Windows\System\rEjzvUj.exe
  2⤵
  PID:7940
- C:\Windows\System\QpduMwW.exe
  C:\Windows\System\QpduMwW.exe
  2⤵
  PID:7968
- C:\Windows\System\XZCqndh.exe
  C:\Windows\System\XZCqndh.exe
  2⤵
  PID:7996
- C:\Windows\System\JWQsqzT.exe
  C:\Windows\System\JWQsqzT.exe
  2⤵
  PID:8024
- C:\Windows\System\PAfGoze.exe
  C:\Windows\System\PAfGoze.exe
  2⤵
  PID:8052
- C:\Windows\System\mkkzXTl.exe
  C:\Windows\System\mkkzXTl.exe
  2⤵
  PID:8072
- C:\Windows\System\hKPRITN.exe
  C:\Windows\System\hKPRITN.exe
  2⤵
  PID:8108
- C:\Windows\System\UfalMGt.exe
  C:\Windows\System\UfalMGt.exe
  2⤵
  PID:8136
- C:\Windows\System\bVQBYHm.exe
  C:\Windows\System\bVQBYHm.exe
  2⤵
  PID:8152
- C:\Windows\System\bABoHfu.exe
  C:\Windows\System\bABoHfu.exe
  2⤵
  PID:8184
- C:\Windows\System\bSMryTf.exe
  C:\Windows\System\bSMryTf.exe
  2⤵
  PID:7200
- C:\Windows\System\ifObrRO.exe
  C:\Windows\System\ifObrRO.exe
  2⤵
  PID:7280
- C:\Windows\System\vmcdZAL.exe
  C:\Windows\System\vmcdZAL.exe
  2⤵
  PID:7364
- C:\Windows\System\mZaHQPs.exe
  C:\Windows\System\mZaHQPs.exe
  2⤵
  PID:7416
- C:\Windows\System\ztdVSGs.exe
  C:\Windows\System\ztdVSGs.exe
  2⤵
  PID:7492
- C:\Windows\System\lcMMsqR.exe
  C:\Windows\System\lcMMsqR.exe
  2⤵
  PID:7540
- C:\Windows\System\nHCPJxI.exe
  C:\Windows\System\nHCPJxI.exe
  2⤵
  PID:7620
- C:\Windows\System\mjAiOQK.exe
  C:\Windows\System\mjAiOQK.exe
  2⤵
  PID:7680
- C:\Windows\System\kphyxJU.exe
  C:\Windows\System\kphyxJU.exe
  2⤵
  PID:7736
- C:\Windows\System\uxzLjgE.exe
  C:\Windows\System\uxzLjgE.exe
  2⤵
  PID:7816
- C:\Windows\System\PMSjuZa.exe
  C:\Windows\System\PMSjuZa.exe
  2⤵
  PID:7864
- C:\Windows\System\DoslvcG.exe
  C:\Windows\System\DoslvcG.exe
  2⤵
  PID:7980
- C:\Windows\System\AEMvLAv.exe
  C:\Windows\System\AEMvLAv.exe
  2⤵
  PID:8016
- C:\Windows\System\ivfrtwd.exe
  C:\Windows\System\ivfrtwd.exe
  2⤵
  PID:8068
- C:\Windows\System\bsklNRl.exe
  C:\Windows\System\bsklNRl.exe
  2⤵
  PID:8148
- C:\Windows\System\QeCuLuK.exe
  C:\Windows\System\QeCuLuK.exe
  2⤵
  PID:7192
- C:\Windows\System\ICoSJDW.exe
  C:\Windows\System\ICoSJDW.exe
  2⤵
  PID:7448
- C:\Windows\System\CbntEyn.exe
  C:\Windows\System\CbntEyn.exe
  2⤵
  PID:7560
- C:\Windows\System\QcwSBUr.exe
  C:\Windows\System\QcwSBUr.exe
  2⤵
  PID:7668
- C:\Windows\System\KPoNCfX.exe
  C:\Windows\System\KPoNCfX.exe
  2⤵
  PID:7860
- C:\Windows\System\pmveZsp.exe
  C:\Windows\System\pmveZsp.exe
  2⤵
  PID:8036
- C:\Windows\System\EweZqMe.exe
  C:\Windows\System\EweZqMe.exe
  2⤵
  PID:7188
- C:\Windows\System\FLaCdUm.exe
  C:\Windows\System\FLaCdUm.exe
  2⤵
  PID:7292
- C:\Windows\System\yxrrmHx.exe
  C:\Windows\System\yxrrmHx.exe
  2⤵
  PID:7468
- C:\Windows\System\xmwCYQx.exe
  C:\Windows\System\xmwCYQx.exe
  2⤵
  PID:7964
- C:\Windows\System\kQjxoEQ.exe
  C:\Windows\System\kQjxoEQ.exe
  2⤵
  PID:7340
- C:\Windows\System\LszuIpJ.exe
  C:\Windows\System\LszuIpJ.exe
  2⤵
  PID:8212
- C:\Windows\System\RcNpjAu.exe
  C:\Windows\System\RcNpjAu.exe
  2⤵
  PID:8240
- C:\Windows\System\mOZlPNe.exe
  C:\Windows\System\mOZlPNe.exe
  2⤵
  PID:8264
- C:\Windows\System\bIreNOF.exe
  C:\Windows\System\bIreNOF.exe
  2⤵
  PID:8296
- C:\Windows\System\jgNHMZZ.exe
  C:\Windows\System\jgNHMZZ.exe
  2⤵
  PID:8324
- C:\Windows\System\XVLHplw.exe
  C:\Windows\System\XVLHplw.exe
  2⤵
  PID:8344
- C:\Windows\System\NNWYaHa.exe
  C:\Windows\System\NNWYaHa.exe
  2⤵
  PID:8372
- C:\Windows\System\NYLqSsi.exe
  C:\Windows\System\NYLqSsi.exe
  2⤵
  PID:8420
- C:\Windows\System\rUuxvUP.exe
  C:\Windows\System\rUuxvUP.exe
  2⤵
  PID:8436
- C:\Windows\System\ejDxmwv.exe
  C:\Windows\System\ejDxmwv.exe
  2⤵
  PID:8464
- C:\Windows\System\USWrJLm.exe
  C:\Windows\System\USWrJLm.exe
  2⤵
  PID:8504
- C:\Windows\System\aHaLVMC.exe
  C:\Windows\System\aHaLVMC.exe
  2⤵
  PID:8528
- C:\Windows\System\SnEwtyK.exe
  C:\Windows\System\SnEwtyK.exe
  2⤵
  PID:8548
- C:\Windows\System\ebsTHAb.exe
  C:\Windows\System\ebsTHAb.exe
  2⤵
  PID:8592
- C:\Windows\System\pAXYKJW.exe
  C:\Windows\System\pAXYKJW.exe
  2⤵
  PID:8620
- C:\Windows\System\rMufUyo.exe
  C:\Windows\System\rMufUyo.exe
  2⤵
  PID:8648
- C:\Windows\System\hmUMhxK.exe
  C:\Windows\System\hmUMhxK.exe
  2⤵
  PID:8668
- C:\Windows\System\XhoIJON.exe
  C:\Windows\System\XhoIJON.exe
  2⤵
  PID:8704
- C:\Windows\System\eTZPJpw.exe
  C:\Windows\System\eTZPJpw.exe
  2⤵
  PID:8732
- C:\Windows\System\AIbtyVf.exe
  C:\Windows\System\AIbtyVf.exe
  2⤵
  PID:8748
- C:\Windows\System\jgyVicp.exe
  C:\Windows\System\jgyVicp.exe
  2⤵
  PID:8776
- C:\Windows\System\BoIuXVE.exe
  C:\Windows\System\BoIuXVE.exe
  2⤵
  PID:8796
- C:\Windows\System\XqrnXId.exe
  C:\Windows\System\XqrnXId.exe
  2⤵
  PID:8848
- C:\Windows\System\RVyKcdU.exe
  C:\Windows\System\RVyKcdU.exe
  2⤵
  PID:8872
- C:\Windows\System\uutPrkO.exe
  C:\Windows\System\uutPrkO.exe
  2⤵
  PID:8900
- C:\Windows\System\AXKwaXS.exe
  C:\Windows\System\AXKwaXS.exe
  2⤵
  PID:8928
- C:\Windows\System\XUbpfhm.exe
  C:\Windows\System\XUbpfhm.exe
  2⤵
  PID:8956
- C:\Windows\System\XRWhjVo.exe
  C:\Windows\System\XRWhjVo.exe
  2⤵
  PID:8984
- C:\Windows\System\fwBqYmA.exe
  C:\Windows\System\fwBqYmA.exe
  2⤵
  PID:9000
- C:\Windows\System\trbxgtd.exe
  C:\Windows\System\trbxgtd.exe
  2⤵
  PID:9032
- C:\Windows\System\xCAoNEU.exe
  C:\Windows\System\xCAoNEU.exe
  2⤵
  PID:9056
- C:\Windows\System\uLJHIPD.exe
  C:\Windows\System\uLJHIPD.exe
  2⤵
  PID:9076
- C:\Windows\System\BFMFLUr.exe
  C:\Windows\System\BFMFLUr.exe
  2⤵
  PID:9112
- C:\Windows\System\zChLwQJ.exe
  C:\Windows\System\zChLwQJ.exe
  2⤵
  PID:9140
- C:\Windows\System\eipdEbx.exe
  C:\Windows\System\eipdEbx.exe
  2⤵
  PID:9180
- C:\Windows\System\PptLMaM.exe
  C:\Windows\System\PptLMaM.exe
  2⤵
  PID:9208
- C:\Windows\System\HxSbvay.exe
  C:\Windows\System\HxSbvay.exe
  2⤵
  PID:7696
- C:\Windows\System\eeTgBtg.exe
  C:\Windows\System\eeTgBtg.exe
  2⤵
  PID:8292
- C:\Windows\System\JcRMRAM.exe
  C:\Windows\System\JcRMRAM.exe
  2⤵
  PID:8332
- C:\Windows\System\fWDgCfc.exe
  C:\Windows\System\fWDgCfc.exe
  2⤵
  PID:8416
- C:\Windows\System\ZfDzKSR.exe
  C:\Windows\System\ZfDzKSR.exe
  2⤵
  PID:8460
- C:\Windows\System\OOihSUa.exe
  C:\Windows\System\OOihSUa.exe
  2⤵
  PID:8520
- C:\Windows\System\GjBvgJR.exe
  C:\Windows\System\GjBvgJR.exe
  2⤵
  PID:8616
- C:\Windows\System\vtgbgSt.exe
  C:\Windows\System\vtgbgSt.exe
  2⤵
  PID:8632
- C:\Windows\System\nRQzazc.exe
  C:\Windows\System\nRQzazc.exe
  2⤵
  PID:8688
- C:\Windows\System\nbhvQRn.exe
  C:\Windows\System\nbhvQRn.exe
  2⤵
  PID:8740
- C:\Windows\System\LHgYWaX.exe
  C:\Windows\System\LHgYWaX.exe
  2⤵
  PID:8868
- C:\Windows\System\avfeSNY.exe
  C:\Windows\System\avfeSNY.exe
  2⤵
  PID:8924
- C:\Windows\System\jbFPCIg.exe
  C:\Windows\System\jbFPCIg.exe
  2⤵
  PID:9012
- C:\Windows\System\wduKroh.exe
  C:\Windows\System\wduKroh.exe
  2⤵
  PID:9048
- C:\Windows\System\CAbqaMk.exe
  C:\Windows\System\CAbqaMk.exe
  2⤵
  PID:9136
- C:\Windows\System\gEdETUu.exe
  C:\Windows\System\gEdETUu.exe
  2⤵
  PID:9192
- C:\Windows\System\EHvpwUu.exe
  C:\Windows\System\EHvpwUu.exe
  2⤵
  PID:8256
- C:\Windows\System\TAIBkBa.exe
  C:\Windows\System\TAIBkBa.exe
  2⤵
  PID:8396
- C:\Windows\System\aJptjYG.exe
  C:\Windows\System\aJptjYG.exe
  2⤵
  PID:8524
- C:\Windows\System\ZZZQvDd.exe
  C:\Windows\System\ZZZQvDd.exe
  2⤵
  PID:8784
- C:\Windows\System\doeynRT.exe
  C:\Windows\System\doeynRT.exe
  2⤵
  PID:8744
- C:\Windows\System\wkmmAHG.exe
  C:\Windows\System\wkmmAHG.exe
  2⤵
  PID:8976
- C:\Windows\System\coYxLZq.exe
  C:\Windows\System\coYxLZq.exe
  2⤵
  PID:8200
- C:\Windows\System\LfIWzfu.exe
  C:\Windows\System\LfIWzfu.exe
  2⤵
  PID:8536
- C:\Windows\System\UWfKOav.exe
  C:\Windows\System\UWfKOav.exe
  2⤵
  PID:8636
- C:\Windows\System\DDuwvSK.exe
  C:\Windows\System\DDuwvSK.exe
  2⤵
  PID:8948
- C:\Windows\System\XTaiqTl.exe
  C:\Windows\System\XTaiqTl.exe
  2⤵
  PID:8640
- C:\Windows\System\RkPOmYY.exe
  C:\Windows\System\RkPOmYY.exe
  2⤵
  PID:9224
- C:\Windows\System\DPjRKpO.exe
  C:\Windows\System\DPjRKpO.exe
  2⤵
  PID:9256
- C:\Windows\System\ldZRoZj.exe
  C:\Windows\System\ldZRoZj.exe
  2⤵
  PID:9284
- C:\Windows\System\gPRpFnB.exe
  C:\Windows\System\gPRpFnB.exe
  2⤵
  PID:9312
- C:\Windows\System\OxGzbWy.exe
  C:\Windows\System\OxGzbWy.exe
  2⤵
  PID:9340
- C:\Windows\System\cZMctqD.exe
  C:\Windows\System\cZMctqD.exe
  2⤵
  PID:9372
- C:\Windows\System\ItfgPex.exe
  C:\Windows\System\ItfgPex.exe
  2⤵
  PID:9396
- C:\Windows\System\qlFYwmf.exe
  C:\Windows\System\qlFYwmf.exe
  2⤵
  PID:9428
- C:\Windows\System\zwBtnXP.exe
  C:\Windows\System\zwBtnXP.exe
  2⤵
  PID:9444
- C:\Windows\System\lhqBorX.exe
  C:\Windows\System\lhqBorX.exe
  2⤵
  PID:9472
- C:\Windows\System\bZlnhak.exe
  C:\Windows\System\bZlnhak.exe
  2⤵
  PID:9500
- C:\Windows\System\GgOGwWY.exe
  C:\Windows\System\GgOGwWY.exe
  2⤵
  PID:9540
- C:\Windows\System\mjAPRnC.exe
  C:\Windows\System\mjAPRnC.exe
  2⤵
  PID:9564
- C:\Windows\System\RUmByri.exe
  C:\Windows\System\RUmByri.exe
  2⤵
  PID:9580
- C:\Windows\System\DjuqmWB.exe
  C:\Windows\System\DjuqmWB.exe
  2⤵
  PID:9616
- C:\Windows\System\oqCXsDb.exe
  C:\Windows\System\oqCXsDb.exe
  2⤵
  PID:9640
- C:\Windows\System\mAVPDPV.exe
  C:\Windows\System\mAVPDPV.exe
  2⤵
  PID:9660
- C:\Windows\System\nXuEkzP.exe
  C:\Windows\System\nXuEkzP.exe
  2⤵
  PID:9696
- C:\Windows\System\DoxOBGh.exe
  C:\Windows\System\DoxOBGh.exe
  2⤵
  PID:9724
- C:\Windows\System\mcPSiDf.exe
  C:\Windows\System\mcPSiDf.exe
  2⤵
  PID:9756
- C:\Windows\System\ShVIJtW.exe
  C:\Windows\System\ShVIJtW.exe
  2⤵
  PID:9784
- C:\Windows\System\VTTtaFI.exe
  C:\Windows\System\VTTtaFI.exe
  2⤵
  PID:9808
- C:\Windows\System\yYZZHCM.exe
  C:\Windows\System\yYZZHCM.exe
  2⤵
  PID:9848
- C:\Windows\System\IvSegEF.exe
  C:\Windows\System\IvSegEF.exe
  2⤵
  PID:9876
- C:\Windows\System\BrRAZAm.exe
  C:\Windows\System\BrRAZAm.exe
  2⤵
  PID:9904
- C:\Windows\System\HnwltbT.exe
  C:\Windows\System\HnwltbT.exe
  2⤵
  PID:9920
- C:\Windows\System\yBRImBL.exe
  C:\Windows\System\yBRImBL.exe
  2⤵
  PID:9948
- C:\Windows\System\dcsyVev.exe
  C:\Windows\System\dcsyVev.exe
  2⤵
  PID:9972
- C:\Windows\System\AaviveV.exe
  C:\Windows\System\AaviveV.exe
  2⤵
  PID:10016
- C:\Windows\System\cllPmAt.exe
  C:\Windows\System\cllPmAt.exe
  2⤵
  PID:10044
- C:\Windows\System\HwPUuMz.exe
  C:\Windows\System\HwPUuMz.exe
  2⤵
  PID:10072
- C:\Windows\System\vazpglr.exe
  C:\Windows\System\vazpglr.exe
  2⤵
  PID:10092
- C:\Windows\System\CylBmXc.exe
  C:\Windows\System\CylBmXc.exe
  2⤵
  PID:10116
- C:\Windows\System\OOKVpDD.exe
  C:\Windows\System\OOKVpDD.exe
  2⤵
  PID:10144
- C:\Windows\System\yellqta.exe
  C:\Windows\System\yellqta.exe
  2⤵
  PID:10184
- C:\Windows\System\ExjQbfe.exe
  C:\Windows\System\ExjQbfe.exe
  2⤵
  PID:10204
- C:\Windows\System\xCASDPP.exe
  C:\Windows\System\xCASDPP.exe
  2⤵
  PID:9196
- C:\Windows\System\teubJMb.exe
  C:\Windows\System\teubJMb.exe
  2⤵
  PID:9268
- C:\Windows\System\lXeJmZo.exe
  C:\Windows\System\lXeJmZo.exe
  2⤵
  PID:9336
- C:\Windows\System\MvjVbHh.exe
  C:\Windows\System\MvjVbHh.exe
  2⤵
  PID:9404
- C:\Windows\System\aWmXFQA.exe
  C:\Windows\System\aWmXFQA.exe
  2⤵
  PID:9456
- C:\Windows\System\ThTVcuO.exe
  C:\Windows\System\ThTVcuO.exe
  2⤵
  PID:9532
- C:\Windows\System\QtdyIsC.exe
  C:\Windows\System\QtdyIsC.exe
  2⤵
  PID:9592
- C:\Windows\System\XkIEHvY.exe
  C:\Windows\System\XkIEHvY.exe
  2⤵
  PID:9608
- C:\Windows\System\saUsLzg.exe
  C:\Windows\System\saUsLzg.exe
  2⤵
  PID:9736
- C:\Windows\System\NhtWOsl.exe
  C:\Windows\System\NhtWOsl.exe
  2⤵
  PID:9800
- C:\Windows\System\LUAsLjz.exe
  C:\Windows\System\LUAsLjz.exe
  2⤵
  PID:9872
- C:\Windows\System\SRtepkp.exe
  C:\Windows\System\SRtepkp.exe
  2⤵
  PID:9936
- C:\Windows\System\oWeDNBa.exe
  C:\Windows\System\oWeDNBa.exe
  2⤵
  PID:9960
- C:\Windows\System\rhCknVh.exe
  C:\Windows\System\rhCknVh.exe
  2⤵
  PID:10068
- C:\Windows\System\oTTlUXl.exe
  C:\Windows\System\oTTlUXl.exe
  2⤵
  PID:10108
- C:\Windows\System\uKyzqct.exe
  C:\Windows\System\uKyzqct.exe
  2⤵
  PID:10140
- C:\Windows\System\eoctPZX.exe
  C:\Windows\System\eoctPZX.exe
  2⤵
  PID:10224
- C:\Windows\System\McOBKjH.exe
  C:\Windows\System\McOBKjH.exe
  2⤵
  PID:9252
- C:\Windows\System\xtHWLti.exe
  C:\Windows\System\xtHWLti.exe
  2⤵
  PID:9548
- C:\Windows\System\lvrGfrC.exe
  C:\Windows\System\lvrGfrC.exe
  2⤵
  PID:9624
- C:\Windows\System\CgHGOIt.exe
  C:\Windows\System\CgHGOIt.exe
  2⤵
  PID:9792
- C:\Windows\System\BhiWiou.exe
  C:\Windows\System\BhiWiou.exe
  2⤵
  PID:9992
- C:\Windows\System\MKvViLS.exe
  C:\Windows\System\MKvViLS.exe
  2⤵
  PID:10164
- C:\Windows\System\VagPtSP.exe
  C:\Windows\System\VagPtSP.exe
  2⤵
  PID:9420
- C:\Windows\System\zGXDyba.exe
  C:\Windows\System\zGXDyba.exe
  2⤵
  PID:9712
- C:\Windows\System\NunUXAy.exe
  C:\Windows\System\NunUXAy.exe
  2⤵
  PID:10084
- C:\Windows\System\cgOBWZh.exe
  C:\Windows\System\cgOBWZh.exe
  2⤵
  PID:9776
- C:\Windows\System\lPCyWRx.exe
  C:\Windows\System\lPCyWRx.exe
  2⤵
  PID:9236
- C:\Windows\System\vRXVYkp.exe
  C:\Windows\System\vRXVYkp.exe
  2⤵
  PID:10268
- C:\Windows\System\fSzVjqV.exe
  C:\Windows\System\fSzVjqV.exe
  2⤵
  PID:10296
- C:\Windows\System\zsVRKaw.exe
  C:\Windows\System\zsVRKaw.exe
  2⤵
  PID:10324
- C:\Windows\System\ELvvvcB.exe
  C:\Windows\System\ELvvvcB.exe
  2⤵
  PID:10368
- C:\Windows\System\hamYyVb.exe
  C:\Windows\System\hamYyVb.exe
  2⤵
  PID:10400
- C:\Windows\System\mnmoJqv.exe
  C:\Windows\System\mnmoJqv.exe
  2⤵
  PID:10440
- C:\Windows\System\sMktvox.exe
  C:\Windows\System\sMktvox.exe
  2⤵
  PID:10468
- C:\Windows\System\HVKyNUX.exe
  C:\Windows\System\HVKyNUX.exe
  2⤵
  PID:10484
- C:\Windows\System\zYKjcqG.exe
  C:\Windows\System\zYKjcqG.exe
  2⤵
  PID:10500
- C:\Windows\System\OHzVIDm.exe
  C:\Windows\System\OHzVIDm.exe
  2⤵
  PID:10532
- C:\Windows\System\aQBDRUG.exe
  C:\Windows\System\aQBDRUG.exe
  2⤵
  PID:10572
- C:\Windows\System\VTkUnjn.exe
  C:\Windows\System\VTkUnjn.exe
  2⤵
  PID:10592
- C:\Windows\System\hZHvHbA.exe
  C:\Windows\System\hZHvHbA.exe
  2⤵
  PID:10620
- C:\Windows\System\bGXRKEo.exe
  C:\Windows\System\bGXRKEo.exe
  2⤵
  PID:10660
- C:\Windows\System\bXCtLVz.exe
  C:\Windows\System\bXCtLVz.exe
  2⤵
  PID:10684
- C:\Windows\System\rrzXgKq.exe
  C:\Windows\System\rrzXgKq.exe
  2⤵
  PID:10712
- C:\Windows\System\TuwiGjA.exe
  C:\Windows\System\TuwiGjA.exe
  2⤵
  PID:10748
- C:\Windows\System\hzBxtjQ.exe
  C:\Windows\System\hzBxtjQ.exe
  2⤵
  PID:10780
- C:\Windows\System\yVijORm.exe
  C:\Windows\System\yVijORm.exe
  2⤵
  PID:10804
- C:\Windows\System\DuLvcUP.exe
  C:\Windows\System\DuLvcUP.exe
  2⤵
  PID:10836
- C:\Windows\System\opxLuLt.exe
  C:\Windows\System\opxLuLt.exe
  2⤵
  PID:10864
- C:\Windows\System\dNvsDNc.exe
  C:\Windows\System\dNvsDNc.exe
  2⤵
  PID:10884
- C:\Windows\System\GPveydb.exe
  C:\Windows\System\GPveydb.exe
  2⤵
  PID:10908
- C:\Windows\System\tLfnvGw.exe
  C:\Windows\System\tLfnvGw.exe
  2⤵
  PID:10948
- C:\Windows\System\voERKzA.exe
  C:\Windows\System\voERKzA.exe
  2⤵
  PID:10972
- C:\Windows\System\EPgDGno.exe
  C:\Windows\System\EPgDGno.exe
  2⤵
  PID:11004
- C:\Windows\System\Pobqmza.exe
  C:\Windows\System\Pobqmza.exe
  2⤵
  PID:11032
- C:\Windows\System\RmExzPu.exe
  C:\Windows\System\RmExzPu.exe
  2⤵
  PID:11048
- C:\Windows\System\erYcFpI.exe
  C:\Windows\System\erYcFpI.exe
  2⤵
  PID:11084
- C:\Windows\System\IAtufOc.exe
  C:\Windows\System\IAtufOc.exe
  2⤵
  PID:11112
- C:\Windows\System\QFvkCVc.exe
  C:\Windows\System\QFvkCVc.exe
  2⤵
  PID:11132
- C:\Windows\System\puzMlfQ.exe
  C:\Windows\System\puzMlfQ.exe
  2⤵
  PID:11160
- C:\Windows\System\UCYRQeR.exe
  C:\Windows\System\UCYRQeR.exe
  2⤵
  PID:11192
- C:\Windows\System\MSOJobz.exe
  C:\Windows\System\MSOJobz.exe
  2⤵
  PID:11216
- C:\Windows\System\nPstEZR.exe
  C:\Windows\System\nPstEZR.exe
  2⤵
  PID:11248
- C:\Windows\System\RNXWfHk.exe
  C:\Windows\System\RNXWfHk.exe
  2⤵
  PID:10308
- C:\Windows\System\kzhJoet.exe
  C:\Windows\System\kzhJoet.exe
  2⤵
  PID:10384
- C:\Windows\System\xNCngie.exe
  C:\Windows\System\xNCngie.exe
  2⤵
  PID:10460
- C:\Windows\System\nVezVSo.exe
  C:\Windows\System\nVezVSo.exe
  2⤵
  PID:10492
- C:\Windows\System\TJWbWzY.exe
  C:\Windows\System\TJWbWzY.exe
  2⤵
  PID:10556
- C:\Windows\System\rjNswBI.exe
  C:\Windows\System\rjNswBI.exe
  2⤵
  PID:10652
- C:\Windows\System\AqoTErn.exe
  C:\Windows\System\AqoTErn.exe
  2⤵
  PID:10740
- C:\Windows\System\BuLBaTG.exe
  C:\Windows\System\BuLBaTG.exe
  2⤵
  PID:10812
- C:\Windows\System\mOfHyEL.exe
  C:\Windows\System\mOfHyEL.exe
  2⤵
  PID:10856
- C:\Windows\System\OrOVcqC.exe
  C:\Windows\System\OrOVcqC.exe
  2⤵
  PID:10928
- C:\Windows\System\GuurbJb.exe
  C:\Windows\System\GuurbJb.exe
  2⤵
  PID:10988
- C:\Windows\System\jnMatrC.exe
  C:\Windows\System\jnMatrC.exe
  2⤵
  PID:11040
- C:\Windows\System\FGCoSwC.exe
  C:\Windows\System\FGCoSwC.exe
  2⤵
  PID:11128
- C:\Windows\System\gmHUsKh.exe
  C:\Windows\System\gmHUsKh.exe
  2⤵
  PID:11148
- C:\Windows\System\fIYhvIZ.exe
  C:\Windows\System\fIYhvIZ.exe
  2⤵
  PID:11232
- C:\Windows\System\CvKURXr.exe
  C:\Windows\System\CvKURXr.exe
  2⤵
  PID:10280
- C:\Windows\System\chdYFPk.exe
  C:\Windows\System\chdYFPk.exe
  2⤵
  PID:10480
- C:\Windows\System\kQYHZDL.exe
  C:\Windows\System\kQYHZDL.exe
  2⤵
  PID:10668
- C:\Windows\System\pOfzVdS.exe
  C:\Windows\System\pOfzVdS.exe
  2⤵
  PID:10848
- C:\Windows\System\kSPGMKh.exe
  C:\Windows\System\kSPGMKh.exe
  2⤵
  PID:10980
- C:\Windows\System\UBurBcw.exe
  C:\Windows\System\UBurBcw.exe
  2⤵
  PID:11092
- C:\Windows\System\ptLGNtu.exe
  C:\Windows\System\ptLGNtu.exe
  2⤵
  PID:11180
- C:\Windows\System\uhanUBI.exe
  C:\Windows\System\uhanUBI.exe
  2⤵
  PID:10428
- C:\Windows\System\pmCjQPH.exe
  C:\Windows\System\pmCjQPH.exe
  2⤵
  PID:10920
- C:\Windows\System\MHjcPuq.exe
  C:\Windows\System\MHjcPuq.exe
  2⤵
  PID:2252
- C:\Windows\System\etiFMwx.exe
  C:\Windows\System\etiFMwx.exe
  2⤵
  PID:11124
- C:\Windows\System\zAWRhOp.exe
  C:\Windows\System\zAWRhOp.exe
  2⤵
  PID:11288
- C:\Windows\System\KhjffTs.exe
  C:\Windows\System\KhjffTs.exe
  2⤵
  PID:11328
- C:\Windows\System\nzPzZkk.exe
  C:\Windows\System\nzPzZkk.exe
  2⤵
  PID:11356
- C:\Windows\System\gQlGSjc.exe
  C:\Windows\System\gQlGSjc.exe
  2⤵
  PID:11376
- C:\Windows\System\XEBudec.exe
  C:\Windows\System\XEBudec.exe
  2⤵
  PID:11400
- C:\Windows\System\XYPXLCf.exe
  C:\Windows\System\XYPXLCf.exe
  2⤵
  PID:11440
- C:\Windows\System\lchQYWl.exe
  C:\Windows\System\lchQYWl.exe
  2⤵
  PID:11468
- C:\Windows\System\oDnygtX.exe
  C:\Windows\System\oDnygtX.exe
  2⤵
  PID:11496
- C:\Windows\System\TGHreKw.exe
  C:\Windows\System\TGHreKw.exe
  2⤵
  PID:11524
- C:\Windows\System\VDPDAkp.exe
  C:\Windows\System\VDPDAkp.exe
  2⤵
  PID:11552
- C:\Windows\System\EBzQnvy.exe
  C:\Windows\System\EBzQnvy.exe
  2⤵
  PID:11580
- C:\Windows\System\mrawBRl.exe
  C:\Windows\System\mrawBRl.exe
  2⤵
  PID:11596
- C:\Windows\System\ArgTptQ.exe
  C:\Windows\System\ArgTptQ.exe
  2⤵
  PID:11624
- C:\Windows\System\shZJxpm.exe
  C:\Windows\System\shZJxpm.exe
  2⤵
  PID:11664
- C:\Windows\System\nkWRSho.exe
  C:\Windows\System\nkWRSho.exe
  2⤵
  PID:11680
- C:\Windows\System\tEDgWpy.exe
  C:\Windows\System\tEDgWpy.exe
  2⤵
  PID:11700
- C:\Windows\System\GiPIDNL.exe
  C:\Windows\System\GiPIDNL.exe
  2⤵
  PID:11736
- C:\Windows\System\gjumeOo.exe
  C:\Windows\System\gjumeOo.exe
  2⤵
  PID:11760
- C:\Windows\System\SQtwGGx.exe
  C:\Windows\System\SQtwGGx.exe
  2⤵
  PID:11780
- C:\Windows\System\LqVoRjP.exe
  C:\Windows\System\LqVoRjP.exe
  2⤵
  PID:11832
- C:\Windows\System\TXtbcNb.exe
  C:\Windows\System\TXtbcNb.exe
  2⤵
  PID:11848
- C:\Windows\System\zYJLzwI.exe
  C:\Windows\System\zYJLzwI.exe
  2⤵
  PID:11888
- C:\Windows\System\KfHKqNw.exe
  C:\Windows\System\KfHKqNw.exe
  2⤵
  PID:11916
- C:\Windows\System\GFVrRSi.exe
  C:\Windows\System\GFVrRSi.exe
  2⤵
  PID:11932
- C:\Windows\System\YYWxQxJ.exe
  C:\Windows\System\YYWxQxJ.exe
  2⤵
  PID:11960
- C:\Windows\System\POVXORm.exe
  C:\Windows\System\POVXORm.exe
  2⤵
  PID:11996
- C:\Windows\System\amFgYie.exe
  C:\Windows\System\amFgYie.exe
  2⤵
  PID:12028
- C:\Windows\System\LtGxzyc.exe
  C:\Windows\System\LtGxzyc.exe
  2⤵
  PID:12056
- C:\Windows\System\JTtmFEU.exe
  C:\Windows\System\JTtmFEU.exe
  2⤵
  PID:12072
- C:\Windows\System\OhtrScx.exe
  C:\Windows\System\OhtrScx.exe
  2⤵
  PID:12116
- C:\Windows\System\ftusxDZ.exe
  C:\Windows\System\ftusxDZ.exe
  2⤵
  PID:12144
- C:\Windows\System\YEOumxG.exe
  C:\Windows\System\YEOumxG.exe
  2⤵
  PID:12172
- C:\Windows\System\WtbVxkw.exe
  C:\Windows\System\WtbVxkw.exe
  2⤵
  PID:12192
- C:\Windows\System\WaBIlzJ.exe
  C:\Windows\System\WaBIlzJ.exe
  2⤵
  PID:12228
- C:\Windows\System\rqcfBrx.exe
  C:\Windows\System\rqcfBrx.exe
  2⤵
  PID:12244
- C:\Windows\System\gUaEOdc.exe
  C:\Windows\System\gUaEOdc.exe
  2⤵
  PID:12272
- C:\Windows\System\DSyiSpt.exe
  C:\Windows\System\DSyiSpt.exe
  2⤵
  PID:11276
- C:\Windows\System\TXGlpRc.exe
  C:\Windows\System\TXGlpRc.exe
  2⤵
  PID:11340
- C:\Windows\System\kHqSXak.exe
  C:\Windows\System\kHqSXak.exe
  2⤵
  PID:11420
- C:\Windows\System\zHSCXPO.exe
  C:\Windows\System\zHSCXPO.exe
  2⤵
  PID:11484
- C:\Windows\System\DOJYrAF.exe
  C:\Windows\System\DOJYrAF.exe
  2⤵
  PID:11516
- C:\Windows\System\uJbpqRv.exe
  C:\Windows\System\uJbpqRv.exe
  2⤵
  PID:11608
- C:\Windows\System\uOmlPJP.exe
  C:\Windows\System\uOmlPJP.exe
  2⤵
  PID:11676
- C:\Windows\System\jbLsDaW.exe
  C:\Windows\System\jbLsDaW.exe
  2⤵
  PID:11728
- C:\Windows\System\KXTbDCa.exe
  C:\Windows\System\KXTbDCa.exe
  2⤵
  PID:11772
- C:\Windows\System\HYcrMzM.exe
  C:\Windows\System\HYcrMzM.exe
  2⤵
  PID:11828
- C:\Windows\System\qdopdJw.exe
  C:\Windows\System\qdopdJw.exe
  2⤵
  PID:11900
- C:\Windows\System\LjcSTjU.exe
  C:\Windows\System\LjcSTjU.exe
  2⤵
  PID:11976
- C:\Windows\System\UpJDbFK.exe
  C:\Windows\System\UpJDbFK.exe
  2⤵
  PID:12012
- C:\Windows\System\AjdtdZQ.exe
  C:\Windows\System\AjdtdZQ.exe
  2⤵
  PID:12104
- C:\Windows\System\YSMjRdi.exe
  C:\Windows\System\YSMjRdi.exe
  2⤵
  PID:12132
- C:\Windows\System\DksqTty.exe
  C:\Windows\System\DksqTty.exe
  2⤵
  PID:12260
- C:\Windows\System\zamflFc.exe
  C:\Windows\System\zamflFc.exe
  2⤵
  PID:11312
- C:\Windows\System\qkhBZmW.exe
  C:\Windows\System\qkhBZmW.exe
  2⤵
  PID:11452
- C:\Windows\System\VTWyxCr.exe
  C:\Windows\System\VTWyxCr.exe
  2⤵
  PID:11512
- C:\Windows\System\aPBpGXe.exe
  C:\Windows\System\aPBpGXe.exe
  2⤵
  PID:11656
- C:\Windows\System\VKonYqR.exe
  C:\Windows\System\VKonYqR.exe
  2⤵
  PID:11868
- C:\Windows\System\TXJMjeq.exe
  C:\Windows\System\TXJMjeq.exe
  2⤵
  PID:11928
- C:\Windows\System\PCLAROp.exe
  C:\Windows\System\PCLAROp.exe
  2⤵
  PID:12168
- C:\Windows\System\dkqNkiQ.exe
  C:\Windows\System\dkqNkiQ.exe
  2⤵
  PID:12284
- C:\Windows\System\HgQtMAW.exe
  C:\Windows\System\HgQtMAW.exe
  2⤵
  PID:2844
- C:\Windows\System\tLlbumh.exe
  C:\Windows\System\tLlbumh.exe
  2⤵
  PID:11956
- C:\Windows\System\eJdwtia.exe
  C:\Windows\System\eJdwtia.exe
  2⤵
  PID:11024
- C:\Windows\System\ejPwvDj.exe
  C:\Windows\System\ejPwvDj.exe
  2⤵
  PID:2380
- C:\Windows\System\cTQtPba.exe
  C:\Windows\System\cTQtPba.exe
  2⤵
  PID:12296
- C:\Windows\System\wBJWLiO.exe
  C:\Windows\System\wBJWLiO.exe
  2⤵
  PID:12336
- C:\Windows\System\lTEcVxu.exe
  C:\Windows\System\lTEcVxu.exe
  2⤵
  PID:12352
- C:\Windows\System\jNzzMdn.exe
  C:\Windows\System\jNzzMdn.exe
  2⤵
  PID:12392
- C:\Windows\System\juovmDS.exe
  C:\Windows\System\juovmDS.exe
  2⤵
  PID:12420
- C:\Windows\System\GWRPBWD.exe
  C:\Windows\System\GWRPBWD.exe
  2⤵
  PID:12448
- C:\Windows\System\taaribT.exe
  C:\Windows\System\taaribT.exe
  2⤵
  PID:12476
- C:\Windows\System\zsKRQWx.exe
  C:\Windows\System\zsKRQWx.exe
  2⤵
  PID:12492
- C:\Windows\System\ucUQTBK.exe
  C:\Windows\System\ucUQTBK.exe
  2⤵
  PID:12536
- C:\Windows\System\eOTBoSb.exe
  C:\Windows\System\eOTBoSb.exe
  2⤵
  PID:12560
- C:\Windows\System\xgCugwk.exe
  C:\Windows\System\xgCugwk.exe
  2⤵
  PID:12576
- C:\Windows\System\uvWEOPN.exe
  C:\Windows\System\uvWEOPN.exe
  2⤵
  PID:12596
- C:\Windows\System\aUbIlJN.exe
  C:\Windows\System\aUbIlJN.exe
  2⤵
  PID:12620
- C:\Windows\System\TwAaabm.exe
  C:\Windows\System\TwAaabm.exe
  2⤵
  PID:12648
- C:\Windows\System\rKIEFuN.exe
  C:\Windows\System\rKIEFuN.exe
  2⤵
  PID:12680
- C:\Windows\System\dadiIVT.exe
  C:\Windows\System\dadiIVT.exe
  2⤵
  PID:12700
- C:\Windows\System\gESlYFa.exe
  C:\Windows\System\gESlYFa.exe
  2⤵
  PID:12728
- C:\Windows\System\dqgLzFf.exe
  C:\Windows\System\dqgLzFf.exe
  2⤵
  PID:12792
- C:\Windows\System\eFcCehn.exe
  C:\Windows\System\eFcCehn.exe
  2⤵
  PID:12808
- C:\Windows\System\gPRIVjE.exe
  C:\Windows\System\gPRIVjE.exe
  2⤵
  PID:12848
- C:\Windows\System\CDzOFMC.exe
  C:\Windows\System\CDzOFMC.exe
  2⤵
  PID:12864
- C:\Windows\System\KMrBUXj.exe
  C:\Windows\System\KMrBUXj.exe
  2⤵
  PID:12900
- C:\Windows\System\QRxckqG.exe
  C:\Windows\System\QRxckqG.exe
  2⤵
  PID:12932
- C:\Windows\System\EYDYPrS.exe
  C:\Windows\System\EYDYPrS.exe
  2⤵
  PID:12948
- C:\Windows\System\sFRdVYj.exe
  C:\Windows\System\sFRdVYj.exe
  2⤵
  PID:12976
- C:\Windows\System\UZNxMDr.exe
  C:\Windows\System\UZNxMDr.exe
  2⤵
  PID:13004
- C:\Windows\System\jloOvHz.exe
  C:\Windows\System\jloOvHz.exe
  2⤵
  PID:13032
- C:\Windows\System\dFbncow.exe
  C:\Windows\System\dFbncow.exe
  2⤵
  PID:13068
- C:\Windows\System\GGTiKTD.exe
  C:\Windows\System\GGTiKTD.exe
  2⤵
  PID:13100
- C:\Windows\System\nLtnaRW.exe
  C:\Windows\System\nLtnaRW.exe
  2⤵
  PID:13128
- C:\Windows\System\IWYoHne.exe
  C:\Windows\System\IWYoHne.exe
  2⤵
  PID:13156
- C:\Windows\System\xQqdofI.exe
  C:\Windows\System\xQqdofI.exe
  2⤵
  PID:13184
- C:\Windows\System\aXxmjxN.exe
  C:\Windows\System\aXxmjxN.exe
  2⤵
  PID:13212
- C:\Windows\System\XiQVhDI.exe
  C:\Windows\System\XiQVhDI.exe
  2⤵
  PID:13228
- C:\Windows\System\NFPuONs.exe
  C:\Windows\System\NFPuONs.exe
  2⤵
  PID:13256
- C:\Windows\System\KHDCwAc.exe
  C:\Windows\System\KHDCwAc.exe
  2⤵
  PID:13284
- C:\Windows\System\NCwgBtH.exe
  C:\Windows\System\NCwgBtH.exe
  2⤵
  PID:12240
- C:\Windows\System\Irbmflt.exe
  C:\Windows\System\Irbmflt.exe
  2⤵
  PID:12308
- C:\Windows\System\NqFZfEs.exe
  C:\Windows\System\NqFZfEs.exe
  2⤵
  PID:12412
- C:\Windows\System\qgVfsyv.exe
  C:\Windows\System\qgVfsyv.exe
  2⤵
  PID:12444
- C:\Windows\System\HILhiCy.exe
  C:\Windows\System\HILhiCy.exe
  2⤵
  PID:12504
- C:\Windows\System\tONkJJJ.exe
  C:\Windows\System\tONkJJJ.exe
  2⤵
  PID:12588
- C:\Windows\System\VrzYjYN.exe
  C:\Windows\System\VrzYjYN.exe
  2⤵
  PID:12616
- C:\Windows\System\IvDDOKJ.exe
  C:\Windows\System\IvDDOKJ.exe
  2⤵
  PID:12712
- C:\Windows\System\MHqPjbx.exe
  C:\Windows\System\MHqPjbx.exe
  2⤵
  PID:12800
- C:\Windows\System\gLQPuZj.exe
  C:\Windows\System\gLQPuZj.exe
  2⤵
  PID:12876
- C:\Windows\System\WHxpoqi.exe
  C:\Windows\System\WHxpoqi.exe
  2⤵
  PID:12940
- C:\Windows\System\FTwsQWg.exe
  C:\Windows\System\FTwsQWg.exe
  2⤵
  PID:12988
- C:\Windows\System\piwdsJf.exe
  C:\Windows\System\piwdsJf.exe
  2⤵
  PID:12992
- C:\Windows\System\ZSngfxF.exe
  C:\Windows\System\ZSngfxF.exe
  2⤵
  PID:13056
- C:\Windows\System\DLUPqgK.exe
  C:\Windows\System\DLUPqgK.exe
  2⤵
  PID:13124
- C:\Windows\System\jYgQqxD.exe
  C:\Windows\System\jYgQqxD.exe
  2⤵
  PID:13168
- C:\Windows\System\jPCilve.exe
  C:\Windows\System\jPCilve.exe
  2⤵
  PID:13224
- C:\Windows\System\QQjcect.exe
  C:\Windows\System\QQjcect.exe
  2⤵
  PID:12372
- C:\Windows\System\LlaMNBo.exe
  C:\Windows\System\LlaMNBo.exe
  2⤵
  PID:12472
- C:\Windows\System\kGzAsNU.exe
  C:\Windows\System\kGzAsNU.exe
  2⤵
  PID:12568
- C:\Windows\System\WkImTXy.exe
  C:\Windows\System\WkImTXy.exe
  2⤵
  PID:12668
- C:\Windows\System\CzrqZOr.exe
  C:\Windows\System\CzrqZOr.exe
  2⤵
  PID:12856
- C:\Windows\System\afUivGK.exe
  C:\Windows\System\afUivGK.exe
  2⤵
  PID:13048
- C:\Windows\System\RoleTCT.exe
  C:\Windows\System\RoleTCT.exe
  2⤵
  PID:13140
- C:\Windows\System\wwXbbEq.exe
  C:\Windows\System\wwXbbEq.exe
  2⤵
  PID:12236
- C:\Windows\System\oXYLYlo.exe
  C:\Windows\System\oXYLYlo.exe
  2⤵
  PID:12768
- C:\Windows\System\SIbKLyj.exe
  C:\Windows\System\SIbKLyj.exe
  2⤵
  PID:13092
- C:\Windows\System\CtVHJQo.exe
  C:\Windows\System\CtVHJQo.exe
  2⤵
  PID:12408
- C:\Windows\System\EAeHRwj.exe
  C:\Windows\System\EAeHRwj.exe
  2⤵
  PID:12632
- C:\Windows\System\FpVZIPv.exe
  C:\Windows\System\FpVZIPv.exe
  2⤵
  PID:4624
- C:\Windows\System\UCzKQPL.exe
  C:\Windows\System\UCzKQPL.exe
  2⤵
  PID:1392
- C:\Windows\System\EHkauEA.exe
  C:\Windows\System\EHkauEA.exe
  2⤵
  PID:13320
- C:\Windows\System\EPRdQln.exe
  C:\Windows\System\EPRdQln.exe
  2⤵
  PID:13340
- C:\Windows\System\DidWjxs.exe
  C:\Windows\System\DidWjxs.exe
  2⤵
  PID:13376
- C:\Windows\System\EaGekPu.exe
  C:\Windows\System\EaGekPu.exe
  2⤵
  PID:13408
- C:\Windows\System\OUpEuef.exe
  C:\Windows\System\OUpEuef.exe
  2⤵
  PID:13432
- C:\Windows\System\cHrQghJ.exe
  C:\Windows\System\cHrQghJ.exe
  2⤵
  PID:13452
- C:\Windows\System\zMHoSxx.exe
  C:\Windows\System\zMHoSxx.exe
  2⤵
  PID:13484
- C:\Windows\System\qfGamOJ.exe
  C:\Windows\System\qfGamOJ.exe
  2⤵
  PID:13512
- C:\Windows\System\FZkmXtL.exe
  C:\Windows\System\FZkmXtL.exe
  2⤵
  PID:13536
- C:\Windows\System\wcDyKTd.exe
  C:\Windows\System\wcDyKTd.exe
  2⤵
  PID:13564
- C:\Windows\System\ZZqimHr.exe
  C:\Windows\System\ZZqimHr.exe
  2⤵
  PID:13592
- C:\Windows\System\tTQtYfz.exe
  C:\Windows\System\tTQtYfz.exe
  2⤵
  PID:13632
- C:\Windows\System\JIfZpiv.exe
  C:\Windows\System\JIfZpiv.exe
  2⤵
  PID:13660
- C:\Windows\System\TkUNNpv.exe
  C:\Windows\System\TkUNNpv.exe
  2⤵
  PID:13676
- C:\Windows\System\dlWAKVq.exe
  C:\Windows\System\dlWAKVq.exe
  2⤵
  PID:13692
- C:\Windows\System\JNMwMMY.exe
  C:\Windows\System\JNMwMMY.exe
  2⤵
  PID:13708
- C:\Windows\System\oBViwyy.exe
  C:\Windows\System\oBViwyy.exe
  2⤵
  PID:13732
- C:\Windows\System\EyxpEhk.exe
  C:\Windows\System\EyxpEhk.exe
  2⤵
  PID:13800
- C:\Windows\System\LKlaJVc.exe
  C:\Windows\System\LKlaJVc.exe
  2⤵
  PID:13820
- C:\Windows\System\foXJibV.exe
  C:\Windows\System\foXJibV.exe
  2⤵
  PID:13856
- C:\Windows\System\KPCpSaO.exe
  C:\Windows\System\KPCpSaO.exe
  2⤵
  PID:13884
- C:\Windows\System\vHODKjy.exe
  C:\Windows\System\vHODKjy.exe
  2⤵
  PID:13912
- C:\Windows\System\xXCvJrL.exe
  C:\Windows\System\xXCvJrL.exe
  2⤵
  PID:13932
- C:\Windows\System\EAooAGr.exe
  C:\Windows\System\EAooAGr.exe
  2⤵
  PID:13968
- C:\Windows\System\lmUktiC.exe
  C:\Windows\System\lmUktiC.exe
  2⤵
  PID:13984
- C:\Windows\System\nlnOZUV.exe
  C:\Windows\System\nlnOZUV.exe
  2⤵
  PID:14004
- C:\Windows\System\qfVCjFo.exe
  C:\Windows\System\qfVCjFo.exe
  2⤵
  PID:14048
- C:\Windows\System\nApUxTD.exe
  C:\Windows\System\nApUxTD.exe
  2⤵
  PID:14068
- C:\Windows\System\bDmxVPt.exe
  C:\Windows\System\bDmxVPt.exe
  2⤵
  PID:14096
- C:\Windows\System\NneVROI.exe
  C:\Windows\System\NneVROI.exe
  2⤵
  PID:14128
- C:\Windows\System\JuIXUpT.exe
  C:\Windows\System\JuIXUpT.exe
  2⤵
  PID:14164
- C:\Windows\System\wdSjOYn.exe
  C:\Windows\System\wdSjOYn.exe
  2⤵
  PID:14192
- C:\Windows\System\qIEyjaN.exe
  C:\Windows\System\qIEyjaN.exe
  2⤵
  PID:14220
- C:\Windows\System\jJLKziv.exe
  C:\Windows\System\jJLKziv.exe
  2⤵
  PID:14244
- C:\Windows\System\EegbZgy.exe
  C:\Windows\System\EegbZgy.exe
  2⤵
  PID:14264
- C:\Windows\System\IbvWrPa.exe
  C:\Windows\System\IbvWrPa.exe
  2⤵
  PID:14292
- C:\Windows\System\RjFEnmC.exe
  C:\Windows\System\RjFEnmC.exe
  2⤵
  PID:14320
- C:\Windows\System\lAMYtuj.exe
  C:\Windows\System\lAMYtuj.exe
  2⤵
  PID:4824
- C:\Windows\System\gelfuYr.exe
  C:\Windows\System\gelfuYr.exe
  2⤵
  PID:13388
- C:\Windows\System\koZYdCa.exe
  C:\Windows\System\koZYdCa.exe
  2⤵
  PID:13476
- C:\Windows\System\EyPFxiZ.exe
  C:\Windows\System\EyPFxiZ.exe
  2⤵
  PID:13500
- C:\Windows\System\WPDDSBT.exe
  C:\Windows\System\WPDDSBT.exe
  2⤵
  PID:13560
- C:\Windows\System\PREGNgr.exe
  C:\Windows\System\PREGNgr.exe
  2⤵
  PID:13628
- C:\Windows\System\PaZcszJ.exe
  C:\Windows\System\PaZcszJ.exe
  2⤵
  PID:13688
- C:\Windows\System\HLdjHas.exe
  C:\Windows\System\HLdjHas.exe
  2⤵
  PID:13780
- C:\Windows\System\wgqbFRg.exe
  C:\Windows\System\wgqbFRg.exe
  2⤵
  PID:13844
- C:\Windows\System\upqfDem.exe
  C:\Windows\System\upqfDem.exe
  2⤵
  PID:13876
- C:\Windows\System\jLJwZJk.exe
  C:\Windows\System\jLJwZJk.exe
  2⤵
  PID:13960
- C:\Windows\System\SabgOgV.exe
  C:\Windows\System\SabgOgV.exe
  2⤵
  PID:14056

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\FAOMDjn.exe

Filesize
2.3MB

MD5
a139fae3ba0960a06031cd9b1b516ef1

SHA1
790ca3e59754cbd53524532322d834348fb46722

SHA256
cd2d1d5051714812d26c883fe6ed159b533d818a0069e7adf42e8c284b50f1af

SHA512
663e4b896aa0d092ea82747caeccb2c6d21bc7d7e530c09d1161e5ed4668192c1dfac827ef6da8ec61e8f34d8efa281dbeb71ba8c1ec5cb25a516f4d9e61ca21

Download Submit
C:\Windows\System\FjgMoDg.exe

Filesize
2.3MB

MD5
96c977bc2b51f4f60a978536cbd988bc

SHA1
3912ef80566bb915798ec35f40c4dd77c0f07a0a

SHA256
c374c36a90cd0529e2d222f6f3a795985373c2e45234a6b370fa6a5af72965b9

SHA512
c1ea195606e547502b58fbe8641dfff95d4e4db024316b2da8610d120e2ed9ce4d03a533230bcdb05cd67cec3e3f79a7f56c680036db8dedfc401518d211a937

Download Submit
C:\Windows\System\FxUoWTi.exe

Filesize
2.3MB

MD5
fddb425b7f1d8fffea5df3780d113c00

SHA1
de1b0a6c59357906570af6aa64370f4be358943f

SHA256
8d5acab1bd516eabb1090305a074263b233bf89c67bdc6cddf90977e14253409

SHA512
f89ad448d5a97ed8885d775ba698626a4d280f439b42baa40a4777d503f9867397530831fc0c22a895f6c95ea1789103a1e191735b95e138c18982ca4b57168f

Download Submit
C:\Windows\System\GSrcwRy.exe

Filesize
2.3MB

MD5
2a3f54707e24567adede9421f94f8f6b

SHA1
aa06c7f35cf8e5c9f7c1c7390ec1290e23b2ec30

SHA256
a943b5b2f4db4300c755b0848319a0fe0f2465bafdb18d9f8f5a595c190dbfd2

SHA512
9987e9d659166072a7e8d0c8456e58a1445de4c0af16db8a9c9184422958d8cf7186f3cdee1c1c963f69f2a723004fc4dd3c4d183b6ce65fa5f76023a26e629a

Download Submit
C:\Windows\System\HIaiPCt.exe

Filesize
2.3MB

MD5
255cf843a946259cd9ee3ee3a74e13ec

SHA1
a1627b48b0b7652e11c915116c2ce3e1cf73162b

SHA256
30d1d6e610d1b0113d4193081ed15442308adecdbf60961938e8074b50776135

SHA512
33582d28d32426774dc211ba840c45d785d9c82efe0add427dee99181492f0b5d183c84f015a57fbcc568a2748709775a0b240cb4f3d1ba371469c08b2b1cc6f

Download Submit
C:\Windows\System\JmWrqsQ.exe

Filesize
2.3MB

MD5
29e44411061353b8a2b9a0e7899eb83a

SHA1
69dcbb9c17e1576f7e8fbc944ba33f7f196f3e6c

SHA256
426d7e2a30ca1233202fcffeddd361d1f020bda2200256f36cb7da9283cedcd7

SHA512
9a87faec591443f01be29f5a2a30afeefe6273ccfcccc5256c825bb57cdc9856f6bd95504ead87ae5da4d4e3ef3cf0e35fb1a25762565d19fe377eb8c70ee387

Download Submit
C:\Windows\System\JxFxEuQ.exe

Filesize
2.3MB

MD5
1696a1d1e7748e7e5d5be464d21d0b28

SHA1
49e560f3b685d9ef4d8516ebc9b383578360a4c8

SHA256
fc855ad8797c6b246d0ab08f4f3e2e1312ac94a7ecd90212318795bb1bbfb47c

SHA512
7194835eab33a9906dc41538f17a1fa1976ab07f23ab0eeec64fec741a4930a5b7f66ccfe28056506b6dd8b614373a721f76ec631c7b8fedfa4cec6be77841b8

Download Submit
C:\Windows\System\LEGJeon.exe

Filesize
2.3MB

MD5
dca94ba7834d5c04036e94e083556a1e

SHA1
923936269ab34e47a286f89f63fc341d9af383b2

SHA256
46c65050e269c60464693c8d7975c3cb0cf9632dd8ef982ecb9560b19bd777a0

SHA512
a2f39532365c2ce3f2459362ea9e2333d965e8158f8da5000b695fa8c598bddf0d1046a1e6748062979c512929c7f2a401326cbbef1839dc958d02d76ee54c99

Download Submit
C:\Windows\System\QXlFJHM.exe

Filesize
2.3MB

MD5
eac11a585510145fd9ac3e8fb0732791

SHA1
94d00c6c1fdde1302587cac6786e20c8fa546252

SHA256
5b047d31789f6afaae1c9ec7e4cf1204efb5443f8c835340f48813b798571eea

SHA512
0871a66af2c5931c39d87da67c22a39c84d661ce40e5bcf3b14bbb3a69e8bb574af9b0bf75351de44686ca3c619b58a09d0151fe45b07f0c201ba3e46b68fc99

Download Submit
C:\Windows\System\UTRhIMh.exe

Filesize
2.3MB

MD5
89793291e2d2605fcf9ed8b3599f2570

SHA1
b24fbdc03ea26abfb9dde3e786765d7c3a070e8d

SHA256
3ab265904050fc683a1050c3cdea2b4040516b72304174774371e061ea7cfb91

SHA512
49a8bf2e17427d1ec0ab42605bc47ff8878e2aebab9bbe50dad7db5f4891bf1614ca231ff3a8a8f737d0ac1e3fa6fbb45cb2d0d6d523f3044bedf32ee1d92b06

Download Submit
C:\Windows\System\VJGMkhI.exe

Filesize
2.3MB

MD5
6a5216ade4bfa8b1510a6bec8418991a

SHA1
dfb66ed5faf0b2524e808969ef9d5928ba2c13f8

SHA256
121f98e0a300d2f3650c7d4b49439c907b27d09daa6d3114edd4592947d65127

SHA512
4ef6ab9bd51ca591cd220ed0e9f38f50844c87efd7fe3367d6eb07a95041f4b690cdb8b8bda879896a7326c55fb2aeb99463952e46e0542acc827848ab24fc13

Download Submit
C:\Windows\System\VwMMZyO.exe

Filesize
2.3MB

MD5
8a83669d519c3916af9acf7aaee2d121

SHA1
801032ac614a1e0c7ce875e13427758c179b4763

SHA256
6e67cf1d236bbff743c94f36005f1b44db6fd9b57ac25587dd659199588dba6d

SHA512
1ab7209a559b929aa47d970132ecb12addcd7957227489245fe4740e7abe0a933b7956df42c4636de25be72d84ac147eb904378c813479872b8e17d8b5f20e7e

Download Submit
C:\Windows\System\ZYiwVHG.exe

Filesize
2.3MB

MD5
65b634351f7d37132663388e91f952a5

SHA1
d1691e9f939d85ea4433d6a52ce0a728758232b5

SHA256
bf019fb257835089e746fc449f57c616a94ebcb9e652b66c0487842d8545c2d2

SHA512
8f1fca8956712a9f6b9c6b8ff85914ef34dfc4867d3830025697d12981f1ffb1689f912b401c5a55cd57f70d3d64d84c5aed00cc8368096596c320f0bb34e6ab

Download Submit
C:\Windows\System\aDLWyEN.exe

Filesize
2.3MB

MD5
80c18a571e55377b2a7f52c66fadc5c5

SHA1
ecab7d01cc6a6fd1d4aa3cdaf6bcead144c3547d

SHA256
d7d5b0bb4f6e1c9eda2a425141be059b3a133c32eb742424446e68f085ad9e8c

SHA512
b7cf7f5683a59f9ea5d2525b45ab340990fc38479efbca015a84b6f2167d0574adda50dca8e14795ae502a6c81379d93471b62fbd9c17b811af274712e4ad187

Download Submit
C:\Windows\System\bTBwWWo.exe

Filesize
2.3MB

MD5
21dc51eeff911d29c7d22b4ce40b7870

SHA1
6fca488ab0470f88a70e7555f5160baf5622a286

SHA256
2e8e63b6b4505c350a99dbf868c55911571c15a0c37e6ae00b88dfb77fbd8b77

SHA512
1db168b9975d4c5716cfe078f4d6f3d895c9dbc2ffd11c3f5f42b043f40d94a5bfd9180d25909a70568b77f8e0f071b5ed0e36001fe421eadbe9498d08735b8e

Download Submit
C:\Windows\System\feEIaLA.exe

Filesize
2.3MB

MD5
e9597e2469e9f81b20dbd2fe1ba3d924

SHA1
f5da1714c8a8ce670dc953ce873164003c9a500f

SHA256
f901cb58654391a46d767083ef14f8a14d3dc198459dad4809096df81c02bcfc

SHA512
d091a2a0d9b9bbfc684ce454b09591e9780e75d4667a07acad58e4107aee6dfc68d34e481afb3c1b2905e2da923fa111d9a100605912f8048a21b2ecc4e2540d

Download Submit
C:\Windows\System\ftyKkiv.exe

Filesize
2.3MB

MD5
6222c2e3efe1d87166a140598a484a92

SHA1
91171969bf956e9e8dfa4ae527829296e7cf32d8

SHA256
dc0c73829f911b4a31e55606486d190fec786c81c366fbcc00d1db1fbc908212

SHA512
5cf39e1e0cd4e0643f333e6b658dde95768dc7ee90a8c3230ddbeaf4fdb7f2090da2ab813721456525d9a6ff5434e658e9bebe1b847d4d42f12084d9ca04028c

Download Submit
C:\Windows\System\hbDLfLR.exe

Filesize
2.3MB

MD5
0b38aefca11920006db0a712fcbfc809

SHA1
0c65bb72c54f2ef6c2685328c8602712b2f946f0

SHA256
6958be5e277b313adb8bc3edc0da27bf2a0e8f11b4929c1352b3693bc9e7eb3c

SHA512
25affd1912a085a6d36d0e05d9e22235e19b724dff87f2d079de2845a962c587e9de4b1841285b20c3b854bf2e50e367993456093ef2c25a33a715e8cef71ef5

Download Submit
C:\Windows\System\hsRMnTF.exe

Filesize
2.3MB

MD5
20a82cab53857f8e6f4a52e61461d907

SHA1
7ff0d7f7d2f680094b3b4b2fc82d7e4c6d10310a

SHA256
926e21772d097178dad58f3216eb94adb811bb8818fbedc0916e3f8d2c0ac101

SHA512
67276c5dfe600a9e2277c2f2ef6152796ef898ff8d5ebd797cd028cbb942c0f7d03d7537185745db84d327d19275d0073cd267f49ac11e39e6f12ceebd3cf0bc

Download Submit
C:\Windows\System\jnroXYu.exe

Filesize
2.3MB

MD5
16b82419addadaf3340e59a493ed5121

SHA1
bf68617cc21fa353b05cd38beb2abbe520041e21

SHA256
e40a2b5c2ec5f5e042581dec9fee65d3e0a646135ca41d74e2d3b39ba5d57603

SHA512
af8503738d63b49d8d3ae75db0acf7f8498a968e3b216dadc08a6e3a6dc7e204d2bccba266779a4a7bca572690fe41f8cd7727cd987ecabb6ecc8155c196e686

Download Submit
C:\Windows\System\nUoCzmJ.exe

Filesize
2.3MB

MD5
363531b302d771c30ad4565b93bf7574

SHA1
b70bd6e49a8e13b54d756c1b2f1871068a744c30

SHA256
77bd80b72e35987578672c759d90694821096f0c8c9536678f030dd18f25d8e5

SHA512
3b6455103b3b87aea9ca89ab3f46fd51c80f456b04072dc8ac3bc15b9bf68f65843f32f7fb0afeaac1be142016f9958d89722af37b6454bc17d9b794f9ec98e1

Download Submit
C:\Windows\System\ngUqYVo.exe

Filesize
2.3MB

MD5
eb14584deba326c82373320c4d141461

SHA1
d0c6157261633615541fb8b2e430bb5695c76346

SHA256
00208a5190efe032a0e1de88d96aef3d2b74e249b8f827f642bac1cc1e6281b3

SHA512
f5e4a7ee635b363df3e7ba35bdd3931fc5a2ba43cbb7e7b066d6c1aedeb9e0ad54d71cbd3548cbcdbb45cd9fad0684c43970e3b01089d7ec03614f04fd284cb2

Download Submit
C:\Windows\System\ocyVgjz.exe

Filesize
2.3MB

MD5
192e00620837a9a17590d8e273ea23fb

SHA1
22ade865777a4362e265a7183adbb5e739923e50

SHA256
79aecb96673e70f01904b26b465b96755afad888a2d805f2395e1bea3747f984

SHA512
08f57af393ce8581ef8e5d286f9689f03c203a09378ce263192a55ca1dd982cee4af12a9c4783ce00c48426e246ba007f3448ecb54e9c24f5def1d26d672be98

Download Submit
C:\Windows\System\rrtOIBj.exe

Filesize
2.3MB

MD5
a02b29ecb2e4e95de2494cf5beac7ce4

SHA1
73dfccfc12fbbaee044983142e786ccbdb5d4ccb

SHA256
d43df1ae3e45410951ec14712f148d91d5a75494b9c25290d2828a55ae07a0d7

SHA512
3def501a5621fa458f763ac34ec695192fd4fefd80984c29d2f3c093942ab5391c58ccca52c45d5aaa8f0fd2b376e8521623bd9103628dd5cd910a2bf0d01ee6

Download Submit
C:\Windows\System\sTruVWx.exe

Filesize
2.3MB

MD5
cd460e7ba59f11be0a87c26cdd1acb5e

SHA1
fbaa4723dd59da2bafa7900fea42843c2f3bf3cb

SHA256
06ecb2d754abb3ce03acb9d6727a52390dc68db77d01cf7667427fd76cea0cff

SHA512
886c320f13ca6f2568e60054cf3872eef3a443461e148c57249e12dee1a8baba77d3c03530c537687cade55f835505a4ab0d4b0324de21fabc951fa42e58a273

Download Submit
C:\Windows\System\sbqiETs.exe

Filesize
2.3MB

MD5
70117b2eaee20d791267e3169cbfd930

SHA1
bea7ac9d7627fea43ca30f4f4da30e63215897a6

SHA256
8c547d1515afa2f8ef632522e5380802c841f5d60abbeda4ca6fdb2fa4d05245

SHA512
e42850b5cfc12afa898e841da6888ff62e67acbc0359119bc4fd8cdaa7ad3c9a4f89b40f828f5fb08f289609090fc329aa14b37b23b7eb5fe9642f4d105f4183

Download Submit
C:\Windows\System\uWJArFA.exe

Filesize
2.3MB

MD5
22bb6728892d972fa4420a5da4dd79dc

SHA1
a314b5fd13fe9a87ba785cd528ddad16f7c882a7

SHA256
9599e8f053e59538ce38ed0c5c19283d5ff5e9c243a97f4fd38b16668ade047b

SHA512
e05f280c1378011dc9c1d8d96f7d5ca4ce0ea4820964bc6bba3c7c2f642c81dfd079042f700dccc70a5b25a0f9edb1b6f75711705c4838465a60296992085a40

Download Submit
C:\Windows\System\ufiPjcd.exe

Filesize
2.3MB

MD5
fd292f67d4c4dab1759d3ef3b0e367d7

SHA1
5ada7b69c3e95d8ea1a87d7e79840bb6370f7714

SHA256
a92ba6967367c67527282cd1b7b71fbe2a2b879206450dc867354bd4c4f32836

SHA512
b539d6a48f4508f4c78ed20717cb39c45f38fe0202b3aef81428168ae9203bd42c69c51e5f11b24b366736680a4173e5b5f1f3fb987dee671f2fa9d32408fb1f

Download Submit
C:\Windows\System\ugwGVlK.exe

Filesize
2.3MB

MD5
4d6616b3ab85916d26251c39383ef5b3

SHA1
7a55a8ed7e969a5a74d45d15c9b5423b7af9e9d4

SHA256
fe440fc7e4baabf1d7b368f712649acbf78a87e5db5ed83c32312336660f89b3

SHA512
09a95a195940dfec69d5064b924685b3fa5e285d369569f477c569e69ac8b9d804ab3f8f87e4adebc0a93817bf52f58b226707b5441231e4e7ec61fd07a66408

Download Submit
C:\Windows\System\uhnKQNp.exe

Filesize
2.3MB

MD5
99b0d0accab772a348bf0891a47fc3f7

SHA1
b66814e63b84c4e7a3a9383dd86b0eca67b1667a

SHA256
fe0e221ae0c723ff964378209fe93dc7bb43c0acb9474594e5944f7bb10324fc

SHA512
8a548566025df92fd3b15aae71b823f77d51df9b932e33a85d8e30b226067ad82d15e9d3b2edf0fc7aba6761aa7f7461227445bea5c0fc17d4f6b2757b527c72

Download Submit
C:\Windows\System\wzgNGMB.exe

Filesize
2.3MB

MD5
5e3c1b864df953078555a438bfbd6a4d

SHA1
d2a843df45fbdcd1a99a4ad56005ed0d0aeeaffe

SHA256
92837edb0a10355d21f7f5b806e038def819ab7509aff1b835f541d9e450adc7

SHA512
e541339db1aa5eaf04fffc40658b6a624339e15690fac8876c33b530b490263ffc577467948da6e2f5712fa3ba7a5321c31d8692a3ee440fe1fee98a04c14b1c

Download Submit
C:\Windows\System\yKCFbbF.exe

Filesize
2.3MB

MD5
5cb7fbff32bfcae57c67170222980fac

SHA1
02c315645ae723023df041f07714d733c7ea8623

SHA256
bb3fbe08409099814ae260cb8329ae66ec584be4d1588f79e024e1fee6826655

SHA512
8d71060acec1b0d455741d9ab24ef0f0aaa36269c5219a1011fd168537dc37ee30dd855473e63ce78facf9bf9ff13f58e09f8eec1fa56201198f799405add03b

Download Submit
memory/836-2175-0x00007FF6157A0000-0x00007FF615AF4000-memory.dmp

Filesize
3.3MB

Download
memory/836-670-0x00007FF6157A0000-0x00007FF615AF4000-memory.dmp

Filesize
3.3MB

Download
memory/912-2160-0x00007FF6F0680000-0x00007FF6F09D4000-memory.dmp

Filesize
3.3MB

Download
memory/912-2169-0x00007FF6F0680000-0x00007FF6F09D4000-memory.dmp

Filesize
3.3MB

Download
memory/912-42-0x00007FF6F0680000-0x00007FF6F09D4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-2159-0x00007FF72FE40000-0x00007FF730194000-memory.dmp

Filesize
3.3MB

Download
memory/1132-2166-0x00007FF72FE40000-0x00007FF730194000-memory.dmp

Filesize
3.3MB

Download
memory/1132-47-0x00007FF72FE40000-0x00007FF730194000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2183-0x00007FF79CB10000-0x00007FF79CE64000-memory.dmp

Filesize
3.3MB

Download
memory/1804-705-0x00007FF79CB10000-0x00007FF79CE64000-memory.dmp

Filesize
3.3MB

Download
memory/1816-750-0x00007FF77B200000-0x00007FF77B554000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2181-0x00007FF77B200000-0x00007FF77B554000-memory.dmp

Filesize
3.3MB

Download
memory/1856-9-0x00007FF7EBFC0000-0x00007FF7EC314000-memory.dmp

Filesize
3.3MB

Download
memory/1856-2162-0x00007FF7EBFC0000-0x00007FF7EC314000-memory.dmp

Filesize
3.3MB

Download
memory/1856-2157-0x00007FF7EBFC0000-0x00007FF7EC314000-memory.dmp

Filesize
3.3MB

Download
memory/1996-744-0x00007FF680A90000-0x00007FF680DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2174-0x00007FF680A90000-0x00007FF680DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2184-0x00007FF7EB330000-0x00007FF7EB684000-memory.dmp

Filesize
3.3MB

Download
memory/2432-701-0x00007FF7EB330000-0x00007FF7EB684000-memory.dmp

Filesize
3.3MB

Download
memory/2592-708-0x00007FF725870000-0x00007FF725BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2185-0x00007FF725870000-0x00007FF725BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1-0x000001FAC6EF0000-0x000001FAC6F00000-memory.dmp

Filesize
64KB

Download
memory/2596-0-0x00007FF70D700000-0x00007FF70DA54000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2161-0x00007FF7954B0000-0x00007FF795804000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2168-0x00007FF7954B0000-0x00007FF795804000-memory.dmp

Filesize
3.3MB

Download
memory/2700-51-0x00007FF7954B0000-0x00007FF795804000-memory.dmp

Filesize
3.3MB

Download
memory/3044-719-0x00007FF7893B0000-0x00007FF789704000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2187-0x00007FF7893B0000-0x00007FF789704000-memory.dmp

Filesize
3.3MB

Download
memory/3328-728-0x00007FF7E2AD0000-0x00007FF7E2E24000-memory.dmp

Filesize
3.3MB

Download
memory/3328-2189-0x00007FF7E2AD0000-0x00007FF7E2E24000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2170-0x00007FF785AB0000-0x00007FF785E04000-memory.dmp

Filesize
3.3MB

Download
memory/3372-74-0x00007FF785AB0000-0x00007FF785E04000-memory.dmp

Filesize
3.3MB

Download
memory/3456-733-0x00007FF7EAAC0000-0x00007FF7EAE14000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2190-0x00007FF7EAAC0000-0x00007FF7EAE14000-memory.dmp

Filesize
3.3MB

Download
memory/3552-736-0x00007FF7D4B20000-0x00007FF7D4E74000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2173-0x00007FF7D4B20000-0x00007FF7D4E74000-memory.dmp

Filesize
3.3MB

Download
memory/3588-2172-0x00007FF69FD60000-0x00007FF6A00B4000-memory.dmp

Filesize
3.3MB

Download
memory/3588-669-0x00007FF69FD60000-0x00007FF6A00B4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-673-0x00007FF614330000-0x00007FF614684000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2180-0x00007FF614330000-0x00007FF614684000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2158-0x00007FF678C50000-0x00007FF678FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2164-0x00007FF678C50000-0x00007FF678FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-20-0x00007FF678C50000-0x00007FF678FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4148-40-0x00007FF77AF10000-0x00007FF77B264000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2163-0x00007FF77AF10000-0x00007FF77B264000-memory.dmp

Filesize
3.3MB

Download
memory/4248-62-0x00007FF6B9660000-0x00007FF6B99B4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-2165-0x00007FF6B9660000-0x00007FF6B99B4000-memory.dmp

Filesize
3.3MB

Download
memory/4336-68-0x00007FF71CA30000-0x00007FF71CD84000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2167-0x00007FF71CA30000-0x00007FF71CD84000-memory.dmp

Filesize
3.3MB

Download
memory/4388-684-0x00007FF723730000-0x00007FF723A84000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2177-0x00007FF723730000-0x00007FF723A84000-memory.dmp

Filesize
3.3MB

Download
memory/4436-679-0x00007FF7491C0000-0x00007FF749514000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2179-0x00007FF7491C0000-0x00007FF749514000-memory.dmp

Filesize
3.3MB

Download
memory/4528-724-0x00007FF627B50000-0x00007FF627EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2188-0x00007FF627B50000-0x00007FF627EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4556-672-0x00007FF7EE3E0000-0x00007FF7EE734000-memory.dmp

Filesize
3.3MB

Download
memory/4556-2176-0x00007FF7EE3E0000-0x00007FF7EE734000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2186-0x00007FF6CCE40000-0x00007FF6CD194000-memory.dmp

Filesize
3.3MB

Download
memory/4580-727-0x00007FF6CCE40000-0x00007FF6CD194000-memory.dmp

Filesize
3.3MB

Download
memory/4800-693-0x00007FF76FF00000-0x00007FF770254000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2182-0x00007FF76FF00000-0x00007FF770254000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2171-0x00007FF69D9F0000-0x00007FF69DD44000-memory.dmp

Filesize
3.3MB

Download
memory/5000-743-0x00007FF69D9F0000-0x00007FF69DD44000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2178-0x00007FF61CAB0000-0x00007FF61CE04000-memory.dmp

Filesize
3.3MB

Download
memory/5048-671-0x00007FF61CAB0000-0x00007FF61CE04000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads