xmrig | 9c90583f0f131fd90ac6b534c5620b20d9b9aa891c203f6be0c9242c10a80bfd

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
Size

1.8MB
MD5

3c32c776923b88817f3964844e4ae3f0
SHA1

2f5cae43a5c4cf043321017329bd45ab62ac0183
SHA256

9c90583f0f131fd90ac6b534c5620b20d9b9aa891c203f6be0c9242c10a80bfd
SHA512

66108ae7228a4588ecbfe9601a6ec53fcc4e3a2bc2e1392aa4cb8c73251c63ac0f0896fbc0c7cb535f3e9760ba3bacb02edbe2bf883fd13da40340d6a8b858a3
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wISK9NcHFg:BemTLkNdfE0pZr9

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/996-0-0x00007FF738180000-0x00007FF7384D4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023413-5.dat	xmrig
behavioral2/files/0x0007000000023417-10.dat	xmrig
behavioral2/memory/4688-26-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-32.dat	xmrig
behavioral2/memory/4880-48-0x00007FF665990000-0x00007FF665CE4000-memory.dmp	xmrig
behavioral2/memory/2100-53-0x00007FF7C0530000-0x00007FF7C0884000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-93.dat	xmrig
behavioral2/files/0x0007000000023427-108.dat	xmrig
behavioral2/files/0x000700000002342a-123.dat	xmrig
behavioral2/files/0x000700000002342e-135.dat	xmrig
behavioral2/files/0x0007000000023430-153.dat	xmrig
behavioral2/files/0x0007000000023436-175.dat	xmrig
behavioral2/memory/4064-537-0x00007FF7C0CD0000-0x00007FF7C1024000-memory.dmp	xmrig
behavioral2/memory/3280-540-0x00007FF74D1F0000-0x00007FF74D544000-memory.dmp	xmrig
behavioral2/memory/2360-547-0x00007FF7B9590000-0x00007FF7B98E4000-memory.dmp	xmrig
behavioral2/memory/4956-557-0x00007FF722ED0000-0x00007FF723224000-memory.dmp	xmrig
behavioral2/memory/2916-554-0x00007FF70FD00000-0x00007FF710054000-memory.dmp	xmrig
behavioral2/memory/3284-550-0x00007FF61F270000-0x00007FF61F5C4000-memory.dmp	xmrig
behavioral2/memory/3068-543-0x00007FF737760000-0x00007FF737AB4000-memory.dmp	xmrig
behavioral2/memory/3688-565-0x00007FF699480000-0x00007FF6997D4000-memory.dmp	xmrig
behavioral2/memory/5032-574-0x00007FF73EC60000-0x00007FF73EFB4000-memory.dmp	xmrig
behavioral2/memory/4528-587-0x00007FF729290000-0x00007FF7295E4000-memory.dmp	xmrig
behavioral2/memory/4656-584-0x00007FF7E1A20000-0x00007FF7E1D74000-memory.dmp	xmrig
behavioral2/memory/2096-569-0x00007FF636750000-0x00007FF636AA4000-memory.dmp	xmrig
behavioral2/memory/2324-568-0x00007FF666740000-0x00007FF666A94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-173.dat	xmrig
behavioral2/files/0x0007000000023435-170.dat	xmrig
behavioral2/files/0x0007000000023433-168.dat	xmrig
behavioral2/files/0x0007000000023432-163.dat	xmrig
behavioral2/files/0x0007000000023431-158.dat	xmrig
behavioral2/files/0x000700000002342f-148.dat	xmrig
behavioral2/files/0x000700000002342d-138.dat	xmrig
behavioral2/files/0x000700000002342c-133.dat	xmrig
behavioral2/files/0x000700000002342b-128.dat	xmrig
behavioral2/files/0x0007000000023429-118.dat	xmrig
behavioral2/files/0x0007000000023428-113.dat	xmrig
behavioral2/files/0x0007000000023426-103.dat	xmrig
behavioral2/files/0x0007000000023425-98.dat	xmrig
behavioral2/files/0x0007000000023423-88.dat	xmrig
behavioral2/files/0x0007000000023422-83.dat	xmrig
behavioral2/memory/3196-78-0x00007FF7D7890000-0x00007FF7D7BE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-74.dat	xmrig
behavioral2/memory/2300-73-0x00007FF6398C0000-0x00007FF639C14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-68.dat	xmrig
behavioral2/memory/1812-67-0x00007FF7F2070000-0x00007FF7F23C4000-memory.dmp	xmrig
behavioral2/memory/5112-66-0x00007FF6DE890000-0x00007FF6DEBE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-64.dat	xmrig
behavioral2/memory/4592-62-0x00007FF6F54A0000-0x00007FF6F57F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-57.dat	xmrig
behavioral2/files/0x000700000002341d-56.dat	xmrig
behavioral2/memory/5044-52-0x00007FF790A70000-0x00007FF790DC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-46.dat	xmrig
behavioral2/files/0x000700000002341b-44.dat	xmrig
behavioral2/files/0x000700000002341a-38.dat	xmrig
behavioral2/memory/3476-29-0x00007FF71DE20000-0x00007FF71E174000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-20.dat	xmrig
behavioral2/memory/1288-17-0x00007FF7463E0000-0x00007FF746734000-memory.dmp	xmrig
behavioral2/memory/2216-14-0x00007FF7A4580000-0x00007FF7A48D4000-memory.dmp	xmrig
behavioral2/memory/3512-595-0x00007FF6ECA80000-0x00007FF6ECDD4000-memory.dmp	xmrig
behavioral2/memory/2276-604-0x00007FF6923A0000-0x00007FF6926F4000-memory.dmp	xmrig
behavioral2/memory/4040-610-0x00007FF739CF0000-0x00007FF73A044000-memory.dmp	xmrig
behavioral2/memory/4680-596-0x00007FF7B80A0000-0x00007FF7B83F4000-memory.dmp	xmrig
behavioral2/memory/996-1566-0x00007FF738180000-0x00007FF7384D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2216	nisKJTf.exe
4688	kAiMBwD.exe
1288	HeaOqzy.exe
4880	dNJhSJx.exe
3476	cQTnUlV.exe
5112	UWqzDgf.exe
5044	QkfikXB.exe
2100	GTGNDdz.exe
4592	wilAtct.exe
1812	ySmpYTD.exe
2300	KappaCR.exe
3196	McIUYlf.exe
4064	mOupJeb.exe
4040	jpEKfhP.exe
3280	DqdgtiA.exe
3068	mlDIJBh.exe
2360	YTVndIK.exe
3284	qaxvstM.exe
2916	jrFTUFc.exe
4956	Ausaoyg.exe
3688	RERxsGb.exe
2324	SvWPtFa.exe
2096	JVAVouY.exe
5032	TjLxQlA.exe
4656	WvKAzNP.exe
4528	vXbPKuO.exe
3512	dHKwmpb.exe
4680	PRrAuWs.exe
2276	yWiQpkO.exe
4496	FAlVtaF.exe
2204	pyYhEUr.exe
1512	qUNNTFA.exe
4120	erjggTh.exe
2744	sGhgLKq.exe
2776	dsMfaLs.exe
3228	TmaapYX.exe
3572	GpQEIJw.exe
2768	xujPgep.exe
2296	jCPKvCn.exe
2476	mZMdUgG.exe
5052	hYSpNSo.exe
3652	chglbAR.exe
1284	ZWyhyKc.exe
3920	EMyslnr.exe
4904	PzISugH.exe
1536	PXBdsnK.exe
640	qgeGYkE.exe
4440	QigLOQa.exe
2160	oHteVXQ.exe
4944	AXnBYhB.exe
3664	fhoAfot.exe
2412	IQzRyOW.exe
544	PXejwMx.exe
1852	kzRwIZT.exe
4076	QrobjUX.exe
4060	nANWOHd.exe
4612	ofNdSQK.exe
3276	oIKwfMb.exe
1612	DkyMAFM.exe
3952	RnuHFFP.exe
2764	kOxDAgc.exe
3740	huyUnUB.exe
3004	FzKIQBm.exe
688	EsXNbTJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/996-0-0x00007FF738180000-0x00007FF7384D4000-memory.dmp	upx
behavioral2/files/0x0008000000023413-5.dat	upx
behavioral2/files/0x0007000000023417-10.dat	upx
behavioral2/memory/4688-26-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp	upx
behavioral2/files/0x0007000000023419-32.dat	upx
behavioral2/memory/4880-48-0x00007FF665990000-0x00007FF665CE4000-memory.dmp	upx
behavioral2/memory/2100-53-0x00007FF7C0530000-0x00007FF7C0884000-memory.dmp	upx
behavioral2/files/0x0007000000023424-93.dat	upx
behavioral2/files/0x0007000000023427-108.dat	upx
behavioral2/files/0x000700000002342a-123.dat	upx
behavioral2/files/0x000700000002342e-135.dat	upx
behavioral2/files/0x0007000000023430-153.dat	upx
behavioral2/files/0x0007000000023436-175.dat	upx
behavioral2/memory/4064-537-0x00007FF7C0CD0000-0x00007FF7C1024000-memory.dmp	upx
behavioral2/memory/3280-540-0x00007FF74D1F0000-0x00007FF74D544000-memory.dmp	upx
behavioral2/memory/2360-547-0x00007FF7B9590000-0x00007FF7B98E4000-memory.dmp	upx
behavioral2/memory/4956-557-0x00007FF722ED0000-0x00007FF723224000-memory.dmp	upx
behavioral2/memory/2916-554-0x00007FF70FD00000-0x00007FF710054000-memory.dmp	upx
behavioral2/memory/3284-550-0x00007FF61F270000-0x00007FF61F5C4000-memory.dmp	upx
behavioral2/memory/3068-543-0x00007FF737760000-0x00007FF737AB4000-memory.dmp	upx
behavioral2/memory/3688-565-0x00007FF699480000-0x00007FF6997D4000-memory.dmp	upx
behavioral2/memory/5032-574-0x00007FF73EC60000-0x00007FF73EFB4000-memory.dmp	upx
behavioral2/memory/4528-587-0x00007FF729290000-0x00007FF7295E4000-memory.dmp	upx
behavioral2/memory/4656-584-0x00007FF7E1A20000-0x00007FF7E1D74000-memory.dmp	upx
behavioral2/memory/2096-569-0x00007FF636750000-0x00007FF636AA4000-memory.dmp	upx
behavioral2/memory/2324-568-0x00007FF666740000-0x00007FF666A94000-memory.dmp	upx
behavioral2/files/0x0007000000023434-173.dat	upx
behavioral2/files/0x0007000000023435-170.dat	upx
behavioral2/files/0x0007000000023433-168.dat	upx
behavioral2/files/0x0007000000023432-163.dat	upx
behavioral2/files/0x0007000000023431-158.dat	upx
behavioral2/files/0x000700000002342f-148.dat	upx
behavioral2/files/0x000700000002342d-138.dat	upx
behavioral2/files/0x000700000002342c-133.dat	upx
behavioral2/files/0x000700000002342b-128.dat	upx
behavioral2/files/0x0007000000023429-118.dat	upx
behavioral2/files/0x0007000000023428-113.dat	upx
behavioral2/files/0x0007000000023426-103.dat	upx
behavioral2/files/0x0007000000023425-98.dat	upx
behavioral2/files/0x0007000000023423-88.dat	upx
behavioral2/files/0x0007000000023422-83.dat	upx
behavioral2/memory/3196-78-0x00007FF7D7890000-0x00007FF7D7BE4000-memory.dmp	upx
behavioral2/files/0x0007000000023421-74.dat	upx
behavioral2/memory/2300-73-0x00007FF6398C0000-0x00007FF639C14000-memory.dmp	upx
behavioral2/files/0x0007000000023420-68.dat	upx
behavioral2/memory/1812-67-0x00007FF7F2070000-0x00007FF7F23C4000-memory.dmp	upx
behavioral2/memory/5112-66-0x00007FF6DE890000-0x00007FF6DEBE4000-memory.dmp	upx
behavioral2/files/0x000700000002341f-64.dat	upx
behavioral2/memory/4592-62-0x00007FF6F54A0000-0x00007FF6F57F4000-memory.dmp	upx
behavioral2/files/0x000700000002341e-57.dat	upx
behavioral2/files/0x000700000002341d-56.dat	upx
behavioral2/memory/5044-52-0x00007FF790A70000-0x00007FF790DC4000-memory.dmp	upx
behavioral2/files/0x000700000002341c-46.dat	upx
behavioral2/files/0x000700000002341b-44.dat	upx
behavioral2/files/0x000700000002341a-38.dat	upx
behavioral2/memory/3476-29-0x00007FF71DE20000-0x00007FF71E174000-memory.dmp	upx
behavioral2/files/0x0007000000023418-20.dat	upx
behavioral2/memory/1288-17-0x00007FF7463E0000-0x00007FF746734000-memory.dmp	upx
behavioral2/memory/2216-14-0x00007FF7A4580000-0x00007FF7A48D4000-memory.dmp	upx
behavioral2/memory/3512-595-0x00007FF6ECA80000-0x00007FF6ECDD4000-memory.dmp	upx
behavioral2/memory/2276-604-0x00007FF6923A0000-0x00007FF6926F4000-memory.dmp	upx
behavioral2/memory/4040-610-0x00007FF739CF0000-0x00007FF73A044000-memory.dmp	upx
behavioral2/memory/4680-596-0x00007FF7B80A0000-0x00007FF7B83F4000-memory.dmp	upx
behavioral2/memory/996-1566-0x00007FF738180000-0x00007FF7384D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QwsRCxf.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\yXanKeD.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\iZPsIcs.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\UporNhc.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\lVZoHZG.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\iiIGfUN.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\IflDbvR.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\TDdWfMV.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\YdmHxQM.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\TVSdKYy.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\UAqNejp.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\OObZPaa.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\eMuuXLk.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\wunqaZu.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\VLajOIy.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\cQTnUlV.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\erjggTh.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\jGuVSHU.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\KbPCiSb.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\wxtHjYi.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\ofNdSQK.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\OIHagIZ.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\xEefIfP.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\rIfDDdh.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\zQhQdlW.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\yUCqlAh.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\ankDWAB.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\nfRSyFu.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\fzLhBFn.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\HOJmFNT.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\IzRCvAd.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\lqsKpEz.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\rpIhGeP.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\IXfFqFS.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\GdKvZeW.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\zqmPMgx.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\rlIMHhU.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\OeAPyIw.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\NgqmDFm.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\uFJTDPs.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZRqPWXK.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\sKZOLbd.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\XdhPSTL.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\emLnoUi.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\BzxcfET.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\wpLzyWF.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\FNgdezZ.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\lRzIxkU.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\rMvjUSu.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\uZSSlHx.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\SwJJBCO.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\tOYVMVV.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\WcsAwPs.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\wezqBdq.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\ytJSNms.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\lXGncIH.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\TtaZiJd.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\RbGaudn.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\bxrztFU.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\mRdGfib.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\NuSTTef.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\QrobjUX.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\FyXqiKa.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
File created	C:\Windows\System\nirQzdu.exe	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1228	dwm.exe
Token: SeChangeNotifyPrivilege	1228	dwm.exe
Token: 33	1228	dwm.exe
Token: SeIncBasePriorityPrivilege	1228	dwm.exe
Token: SeShutdownPrivilege	1228	dwm.exe
Token: SeCreatePagefilePrivilege	1228	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 2216	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	84
PID 996 wrote to memory of 2216	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	84
PID 996 wrote to memory of 4688	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	85
PID 996 wrote to memory of 4688	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	85
PID 996 wrote to memory of 1288	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	86
PID 996 wrote to memory of 1288	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	86
PID 996 wrote to memory of 4880	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	87
PID 996 wrote to memory of 4880	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	87
PID 996 wrote to memory of 3476	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	88
PID 996 wrote to memory of 3476	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	88
PID 996 wrote to memory of 5112	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	89
PID 996 wrote to memory of 5112	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	89
PID 996 wrote to memory of 5044	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	90
PID 996 wrote to memory of 5044	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	90
PID 996 wrote to memory of 2100	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	91
PID 996 wrote to memory of 2100	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	91
PID 996 wrote to memory of 4592	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	92
PID 996 wrote to memory of 4592	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	92
PID 996 wrote to memory of 1812	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	93
PID 996 wrote to memory of 1812	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	93
PID 996 wrote to memory of 2300	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	94
PID 996 wrote to memory of 2300	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	94
PID 996 wrote to memory of 3196	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	95
PID 996 wrote to memory of 3196	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	95
PID 996 wrote to memory of 4064	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	96
PID 996 wrote to memory of 4064	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	96
PID 996 wrote to memory of 4040	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	97
PID 996 wrote to memory of 4040	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	97
PID 996 wrote to memory of 3280	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	98
PID 996 wrote to memory of 3280	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	98
PID 996 wrote to memory of 3068	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	99
PID 996 wrote to memory of 3068	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	99
PID 996 wrote to memory of 2360	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	100
PID 996 wrote to memory of 2360	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	100
PID 996 wrote to memory of 3284	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	101
PID 996 wrote to memory of 3284	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	101
PID 996 wrote to memory of 2916	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	102
PID 996 wrote to memory of 2916	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	102
PID 996 wrote to memory of 4956	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	103
PID 996 wrote to memory of 4956	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	103
PID 996 wrote to memory of 3688	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	104
PID 996 wrote to memory of 3688	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	104
PID 996 wrote to memory of 2324	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	105
PID 996 wrote to memory of 2324	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	105
PID 996 wrote to memory of 2096	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	106
PID 996 wrote to memory of 2096	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	106
PID 996 wrote to memory of 5032	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	107
PID 996 wrote to memory of 5032	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	107
PID 996 wrote to memory of 4656	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	108
PID 996 wrote to memory of 4656	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	108
PID 996 wrote to memory of 4528	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	109
PID 996 wrote to memory of 4528	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	109
PID 996 wrote to memory of 3512	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	110
PID 996 wrote to memory of 3512	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	110
PID 996 wrote to memory of 4680	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	111
PID 996 wrote to memory of 4680	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	111
PID 996 wrote to memory of 2276	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	112
PID 996 wrote to memory of 2276	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	112
PID 996 wrote to memory of 4496	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	113
PID 996 wrote to memory of 4496	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	113
PID 996 wrote to memory of 2204	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	114
PID 996 wrote to memory of 2204	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	114
PID 996 wrote to memory of 1512	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	115
PID 996 wrote to memory of 1512	996	3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c32c776923b88817f3964844e4ae3f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\System\nisKJTf.exe
  C:\Windows\System\nisKJTf.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kAiMBwD.exe
  C:\Windows\System\kAiMBwD.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\HeaOqzy.exe
  C:\Windows\System\HeaOqzy.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\dNJhSJx.exe
  C:\Windows\System\dNJhSJx.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\cQTnUlV.exe
  C:\Windows\System\cQTnUlV.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\UWqzDgf.exe
  C:\Windows\System\UWqzDgf.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\QkfikXB.exe
  C:\Windows\System\QkfikXB.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\GTGNDdz.exe
  C:\Windows\System\GTGNDdz.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\wilAtct.exe
  C:\Windows\System\wilAtct.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\ySmpYTD.exe
  C:\Windows\System\ySmpYTD.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\KappaCR.exe
  C:\Windows\System\KappaCR.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\McIUYlf.exe
  C:\Windows\System\McIUYlf.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\mOupJeb.exe
  C:\Windows\System\mOupJeb.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\jpEKfhP.exe
  C:\Windows\System\jpEKfhP.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\DqdgtiA.exe
  C:\Windows\System\DqdgtiA.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\mlDIJBh.exe
  C:\Windows\System\mlDIJBh.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\YTVndIK.exe
  C:\Windows\System\YTVndIK.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\qaxvstM.exe
  C:\Windows\System\qaxvstM.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\jrFTUFc.exe
  C:\Windows\System\jrFTUFc.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\Ausaoyg.exe
  C:\Windows\System\Ausaoyg.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\RERxsGb.exe
  C:\Windows\System\RERxsGb.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\SvWPtFa.exe
  C:\Windows\System\SvWPtFa.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\JVAVouY.exe
  C:\Windows\System\JVAVouY.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\TjLxQlA.exe
  C:\Windows\System\TjLxQlA.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\WvKAzNP.exe
  C:\Windows\System\WvKAzNP.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\vXbPKuO.exe
  C:\Windows\System\vXbPKuO.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\dHKwmpb.exe
  C:\Windows\System\dHKwmpb.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\PRrAuWs.exe
  C:\Windows\System\PRrAuWs.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\yWiQpkO.exe
  C:\Windows\System\yWiQpkO.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\FAlVtaF.exe
  C:\Windows\System\FAlVtaF.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\pyYhEUr.exe
  C:\Windows\System\pyYhEUr.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\qUNNTFA.exe
  C:\Windows\System\qUNNTFA.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\erjggTh.exe
  C:\Windows\System\erjggTh.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\sGhgLKq.exe
  C:\Windows\System\sGhgLKq.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\dsMfaLs.exe
  C:\Windows\System\dsMfaLs.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\TmaapYX.exe
  C:\Windows\System\TmaapYX.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\GpQEIJw.exe
  C:\Windows\System\GpQEIJw.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\xujPgep.exe
  C:\Windows\System\xujPgep.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\jCPKvCn.exe
  C:\Windows\System\jCPKvCn.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\mZMdUgG.exe
  C:\Windows\System\mZMdUgG.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\hYSpNSo.exe
  C:\Windows\System\hYSpNSo.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\chglbAR.exe
  C:\Windows\System\chglbAR.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\ZWyhyKc.exe
  C:\Windows\System\ZWyhyKc.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\EMyslnr.exe
  C:\Windows\System\EMyslnr.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\PzISugH.exe
  C:\Windows\System\PzISugH.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\PXBdsnK.exe
  C:\Windows\System\PXBdsnK.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\qgeGYkE.exe
  C:\Windows\System\qgeGYkE.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\QigLOQa.exe
  C:\Windows\System\QigLOQa.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\oHteVXQ.exe
  C:\Windows\System\oHteVXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\AXnBYhB.exe
  C:\Windows\System\AXnBYhB.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\fhoAfot.exe
  C:\Windows\System\fhoAfot.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\IQzRyOW.exe
  C:\Windows\System\IQzRyOW.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\PXejwMx.exe
  C:\Windows\System\PXejwMx.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\kzRwIZT.exe
  C:\Windows\System\kzRwIZT.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\QrobjUX.exe
  C:\Windows\System\QrobjUX.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\nANWOHd.exe
  C:\Windows\System\nANWOHd.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\ofNdSQK.exe
  C:\Windows\System\ofNdSQK.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\oIKwfMb.exe
  C:\Windows\System\oIKwfMb.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\DkyMAFM.exe
  C:\Windows\System\DkyMAFM.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\RnuHFFP.exe
  C:\Windows\System\RnuHFFP.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\kOxDAgc.exe
  C:\Windows\System\kOxDAgc.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\huyUnUB.exe
  C:\Windows\System\huyUnUB.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\FzKIQBm.exe
  C:\Windows\System\FzKIQBm.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\EsXNbTJ.exe
  C:\Windows\System\EsXNbTJ.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\ATtlvOQ.exe
  C:\Windows\System\ATtlvOQ.exe
  2⤵
  PID:1896
- C:\Windows\System\FyXqiKa.exe
  C:\Windows\System\FyXqiKa.exe
  2⤵
  PID:4396
- C:\Windows\System\TVSdKYy.exe
  C:\Windows\System\TVSdKYy.exe
  2⤵
  PID:424
- C:\Windows\System\dHLGIfw.exe
  C:\Windows\System\dHLGIfw.exe
  2⤵
  PID:4756
- C:\Windows\System\kETYsCK.exe
  C:\Windows\System\kETYsCK.exe
  2⤵
  PID:4920
- C:\Windows\System\FXUBamp.exe
  C:\Windows\System\FXUBamp.exe
  2⤵
  PID:4584
- C:\Windows\System\lTJohOf.exe
  C:\Windows\System\lTJohOf.exe
  2⤵
  PID:4384
- C:\Windows\System\DEUzvzo.exe
  C:\Windows\System\DEUzvzo.exe
  2⤵
  PID:540
- C:\Windows\System\njMGUHz.exe
  C:\Windows\System\njMGUHz.exe
  2⤵
  PID:4828
- C:\Windows\System\okDUEkF.exe
  C:\Windows\System\okDUEkF.exe
  2⤵
  PID:2924
- C:\Windows\System\sQkRlyO.exe
  C:\Windows\System\sQkRlyO.exe
  2⤵
  PID:3096
- C:\Windows\System\PnCZZOd.exe
  C:\Windows\System\PnCZZOd.exe
  2⤵
  PID:1324
- C:\Windows\System\AYnVLLY.exe
  C:\Windows\System\AYnVLLY.exe
  2⤵
  PID:5140
- C:\Windows\System\wpLzyWF.exe
  C:\Windows\System\wpLzyWF.exe
  2⤵
  PID:5168
- C:\Windows\System\bcMMxal.exe
  C:\Windows\System\bcMMxal.exe
  2⤵
  PID:5196
- C:\Windows\System\wvFlNiB.exe
  C:\Windows\System\wvFlNiB.exe
  2⤵
  PID:5224
- C:\Windows\System\eZKWMvo.exe
  C:\Windows\System\eZKWMvo.exe
  2⤵
  PID:5248
- C:\Windows\System\IUOXYJg.exe
  C:\Windows\System\IUOXYJg.exe
  2⤵
  PID:5280
- C:\Windows\System\BYAHIGP.exe
  C:\Windows\System\BYAHIGP.exe
  2⤵
  PID:5308
- C:\Windows\System\zUwltay.exe
  C:\Windows\System\zUwltay.exe
  2⤵
  PID:5336
- C:\Windows\System\KysDBwQ.exe
  C:\Windows\System\KysDBwQ.exe
  2⤵
  PID:5364
- C:\Windows\System\stkptDV.exe
  C:\Windows\System\stkptDV.exe
  2⤵
  PID:5392
- C:\Windows\System\YqjArSn.exe
  C:\Windows\System\YqjArSn.exe
  2⤵
  PID:5420
- C:\Windows\System\JoWJZpa.exe
  C:\Windows\System\JoWJZpa.exe
  2⤵
  PID:5448
- C:\Windows\System\aiiDFgr.exe
  C:\Windows\System\aiiDFgr.exe
  2⤵
  PID:5472
- C:\Windows\System\nabJwCm.exe
  C:\Windows\System\nabJwCm.exe
  2⤵
  PID:5508
- C:\Windows\System\daLHQHG.exe
  C:\Windows\System\daLHQHG.exe
  2⤵
  PID:5532
- C:\Windows\System\AKKJukH.exe
  C:\Windows\System\AKKJukH.exe
  2⤵
  PID:5560
- C:\Windows\System\dXIKFsY.exe
  C:\Windows\System\dXIKFsY.exe
  2⤵
  PID:5588
- C:\Windows\System\TDdWfMV.exe
  C:\Windows\System\TDdWfMV.exe
  2⤵
  PID:5616
- C:\Windows\System\CgngBdR.exe
  C:\Windows\System\CgngBdR.exe
  2⤵
  PID:5648
- C:\Windows\System\RVLWoNQ.exe
  C:\Windows\System\RVLWoNQ.exe
  2⤵
  PID:5676
- C:\Windows\System\nsuEHHG.exe
  C:\Windows\System\nsuEHHG.exe
  2⤵
  PID:5704
- C:\Windows\System\FNgdezZ.exe
  C:\Windows\System\FNgdezZ.exe
  2⤵
  PID:5728
- C:\Windows\System\hBkxvyo.exe
  C:\Windows\System\hBkxvyo.exe
  2⤵
  PID:5756
- C:\Windows\System\fdHAnMB.exe
  C:\Windows\System\fdHAnMB.exe
  2⤵
  PID:5780
- C:\Windows\System\dMphweb.exe
  C:\Windows\System\dMphweb.exe
  2⤵
  PID:5808
- C:\Windows\System\VYrWUGe.exe
  C:\Windows\System\VYrWUGe.exe
  2⤵
  PID:5836
- C:\Windows\System\pPFLuou.exe
  C:\Windows\System\pPFLuou.exe
  2⤵
  PID:5868
- C:\Windows\System\LouxFMo.exe
  C:\Windows\System\LouxFMo.exe
  2⤵
  PID:5892
- C:\Windows\System\lXGncIH.exe
  C:\Windows\System\lXGncIH.exe
  2⤵
  PID:5924
- C:\Windows\System\lKDROyF.exe
  C:\Windows\System\lKDROyF.exe
  2⤵
  PID:5952
- C:\Windows\System\GQiVpmP.exe
  C:\Windows\System\GQiVpmP.exe
  2⤵
  PID:5980
- C:\Windows\System\hNYftDa.exe
  C:\Windows\System\hNYftDa.exe
  2⤵
  PID:6004
- C:\Windows\System\KvhsWkc.exe
  C:\Windows\System\KvhsWkc.exe
  2⤵
  PID:6032
- C:\Windows\System\WmhoWUt.exe
  C:\Windows\System\WmhoWUt.exe
  2⤵
  PID:6060
- C:\Windows\System\CqnahWs.exe
  C:\Windows\System\CqnahWs.exe
  2⤵
  PID:6088
- C:\Windows\System\hwjYzjY.exe
  C:\Windows\System\hwjYzjY.exe
  2⤵
  PID:6116
- C:\Windows\System\iJwSBAZ.exe
  C:\Windows\System\iJwSBAZ.exe
  2⤵
  PID:4644
- C:\Windows\System\DqPEylZ.exe
  C:\Windows\System\DqPEylZ.exe
  2⤵
  PID:2180
- C:\Windows\System\OMqZtAs.exe
  C:\Windows\System\OMqZtAs.exe
  2⤵
  PID:2128
- C:\Windows\System\AaCNUHf.exe
  C:\Windows\System\AaCNUHf.exe
  2⤵
  PID:3440
- C:\Windows\System\zRDdJmA.exe
  C:\Windows\System\zRDdJmA.exe
  2⤵
  PID:4588
- C:\Windows\System\qmlTFpp.exe
  C:\Windows\System\qmlTFpp.exe
  2⤵
  PID:2840
- C:\Windows\System\QzrgVjg.exe
  C:\Windows\System\QzrgVjg.exe
  2⤵
  PID:4068
- C:\Windows\System\WbjIVJw.exe
  C:\Windows\System\WbjIVJw.exe
  2⤵
  PID:5188
- C:\Windows\System\ThqXrvL.exe
  C:\Windows\System\ThqXrvL.exe
  2⤵
  PID:5264
- C:\Windows\System\nJmnJZF.exe
  C:\Windows\System\nJmnJZF.exe
  2⤵
  PID:5320
- C:\Windows\System\ankDWAB.exe
  C:\Windows\System\ankDWAB.exe
  2⤵
  PID:5384
- C:\Windows\System\YqqbHTk.exe
  C:\Windows\System\YqqbHTk.exe
  2⤵
  PID:5436
- C:\Windows\System\ZRqPWXK.exe
  C:\Windows\System\ZRqPWXK.exe
  2⤵
  PID:5496
- C:\Windows\System\pAbpHZr.exe
  C:\Windows\System\pAbpHZr.exe
  2⤵
  PID:5576
- C:\Windows\System\auTYarr.exe
  C:\Windows\System\auTYarr.exe
  2⤵
  PID:5656
- C:\Windows\System\hdCzhDL.exe
  C:\Windows\System\hdCzhDL.exe
  2⤵
  PID:5720
- C:\Windows\System\lFOaXgs.exe
  C:\Windows\System\lFOaXgs.exe
  2⤵
  PID:5772
- C:\Windows\System\XPqhASJ.exe
  C:\Windows\System\XPqhASJ.exe
  2⤵
  PID:5880
- C:\Windows\System\jQtZOye.exe
  C:\Windows\System\jQtZOye.exe
  2⤵
  PID:5964
- C:\Windows\System\dTyRXYW.exe
  C:\Windows\System\dTyRXYW.exe
  2⤵
  PID:6020
- C:\Windows\System\WDiZYfD.exe
  C:\Windows\System\WDiZYfD.exe
  2⤵
  PID:6080
- C:\Windows\System\BtOerQS.exe
  C:\Windows\System\BtOerQS.exe
  2⤵
  PID:6140
- C:\Windows\System\tbgkXoA.exe
  C:\Windows\System\tbgkXoA.exe
  2⤵
  PID:448
- C:\Windows\System\GlppONi.exe
  C:\Windows\System\GlppONi.exe
  2⤵
  PID:1444
- C:\Windows\System\hVQzJxs.exe
  C:\Windows\System\hVQzJxs.exe
  2⤵
  PID:4196
- C:\Windows\System\LojonKb.exe
  C:\Windows\System\LojonKb.exe
  2⤵
  PID:5240
- C:\Windows\System\PeOVAqU.exe
  C:\Windows\System\PeOVAqU.exe
  2⤵
  PID:5412
- C:\Windows\System\aWFHbia.exe
  C:\Windows\System\aWFHbia.exe
  2⤵
  PID:5492
- C:\Windows\System\YsDxJbN.exe
  C:\Windows\System\YsDxJbN.exe
  2⤵
  PID:5640
- C:\Windows\System\VDvRnyi.exe
  C:\Windows\System\VDvRnyi.exe
  2⤵
  PID:5692
- C:\Windows\System\WCTaLet.exe
  C:\Windows\System\WCTaLet.exe
  2⤵
  PID:5856
- C:\Windows\System\TtaZiJd.exe
  C:\Windows\System\TtaZiJd.exe
  2⤵
  PID:5996
- C:\Windows\System\YQjKdFk.exe
  C:\Windows\System\YQjKdFk.exe
  2⤵
  PID:2200
- C:\Windows\System\QIiMrLM.exe
  C:\Windows\System\QIiMrLM.exe
  2⤵
  PID:2796
- C:\Windows\System\lMyLsEr.exe
  C:\Windows\System\lMyLsEr.exe
  2⤵
  PID:5180
- C:\Windows\System\iXFxQdv.exe
  C:\Windows\System\iXFxQdv.exe
  2⤵
  PID:2320
- C:\Windows\System\UAqNejp.exe
  C:\Windows\System\UAqNejp.exe
  2⤵
  PID:2464
- C:\Windows\System\ZlzVXsP.exe
  C:\Windows\System\ZlzVXsP.exe
  2⤵
  PID:5916
- C:\Windows\System\Ksjgksh.exe
  C:\Windows\System\Ksjgksh.exe
  2⤵
  PID:6164
- C:\Windows\System\AAfhKqR.exe
  C:\Windows\System\AAfhKqR.exe
  2⤵
  PID:6192
- C:\Windows\System\WrXoELi.exe
  C:\Windows\System\WrXoELi.exe
  2⤵
  PID:6220
- C:\Windows\System\ibQEywT.exe
  C:\Windows\System\ibQEywT.exe
  2⤵
  PID:6272
- C:\Windows\System\TwSWhHJ.exe
  C:\Windows\System\TwSWhHJ.exe
  2⤵
  PID:6288
- C:\Windows\System\gkOMORN.exe
  C:\Windows\System\gkOMORN.exe
  2⤵
  PID:6308
- C:\Windows\System\HwhExJW.exe
  C:\Windows\System\HwhExJW.exe
  2⤵
  PID:6340
- C:\Windows\System\STnpbNf.exe
  C:\Windows\System\STnpbNf.exe
  2⤵
  PID:6364
- C:\Windows\System\OIHagIZ.exe
  C:\Windows\System\OIHagIZ.exe
  2⤵
  PID:6420
- C:\Windows\System\MKIYpRB.exe
  C:\Windows\System\MKIYpRB.exe
  2⤵
  PID:6456
- C:\Windows\System\sKZOLbd.exe
  C:\Windows\System\sKZOLbd.exe
  2⤵
  PID:6484
- C:\Windows\System\lzLWiFd.exe
  C:\Windows\System\lzLWiFd.exe
  2⤵
  PID:6520
- C:\Windows\System\uZSSlHx.exe
  C:\Windows\System\uZSSlHx.exe
  2⤵
  PID:6544
- C:\Windows\System\PdoVoji.exe
  C:\Windows\System\PdoVoji.exe
  2⤵
  PID:6580
- C:\Windows\System\yjtKPcj.exe
  C:\Windows\System\yjtKPcj.exe
  2⤵
  PID:6600
- C:\Windows\System\dzAwuhm.exe
  C:\Windows\System\dzAwuhm.exe
  2⤵
  PID:6616
- C:\Windows\System\rdNHDSU.exe
  C:\Windows\System\rdNHDSU.exe
  2⤵
  PID:6644
- C:\Windows\System\OSRNRpm.exe
  C:\Windows\System\OSRNRpm.exe
  2⤵
  PID:6668
- C:\Windows\System\NgqmDFm.exe
  C:\Windows\System\NgqmDFm.exe
  2⤵
  PID:6756
- C:\Windows\System\neoMZde.exe
  C:\Windows\System\neoMZde.exe
  2⤵
  PID:6780
- C:\Windows\System\MipBTab.exe
  C:\Windows\System\MipBTab.exe
  2⤵
  PID:6800
- C:\Windows\System\pXcVynA.exe
  C:\Windows\System\pXcVynA.exe
  2⤵
  PID:6816
- C:\Windows\System\SlVjxuS.exe
  C:\Windows\System\SlVjxuS.exe
  2⤵
  PID:6836
- C:\Windows\System\FiymmEz.exe
  C:\Windows\System\FiymmEz.exe
  2⤵
  PID:6852
- C:\Windows\System\hABNHHj.exe
  C:\Windows\System\hABNHHj.exe
  2⤵
  PID:6872
- C:\Windows\System\zVyACiH.exe
  C:\Windows\System\zVyACiH.exe
  2⤵
  PID:6888
- C:\Windows\System\vtkXLjd.exe
  C:\Windows\System\vtkXLjd.exe
  2⤵
  PID:6904
- C:\Windows\System\LEmDTFG.exe
  C:\Windows\System\LEmDTFG.exe
  2⤵
  PID:6928
- C:\Windows\System\DODLCYg.exe
  C:\Windows\System\DODLCYg.exe
  2⤵
  PID:6972
- C:\Windows\System\qytTTcX.exe
  C:\Windows\System\qytTTcX.exe
  2⤵
  PID:7020
- C:\Windows\System\YWOHJGg.exe
  C:\Windows\System\YWOHJGg.exe
  2⤵
  PID:7056
- C:\Windows\System\nSKEYgC.exe
  C:\Windows\System\nSKEYgC.exe
  2⤵
  PID:7128
- C:\Windows\System\ATLUsGo.exe
  C:\Windows\System\ATLUsGo.exe
  2⤵
  PID:7152
- C:\Windows\System\jEHjUoL.exe
  C:\Windows\System\jEHjUoL.exe
  2⤵
  PID:3292
- C:\Windows\System\IwvjBpL.exe
  C:\Windows\System\IwvjBpL.exe
  2⤵
  PID:6052
- C:\Windows\System\kWFZnXM.exe
  C:\Windows\System\kWFZnXM.exe
  2⤵
  PID:6184
- C:\Windows\System\rBgiPEb.exe
  C:\Windows\System\rBgiPEb.exe
  2⤵
  PID:3932
- C:\Windows\System\GmTZrIb.exe
  C:\Windows\System\GmTZrIb.exe
  2⤵
  PID:6232
- C:\Windows\System\LPCgDfN.exe
  C:\Windows\System\LPCgDfN.exe
  2⤵
  PID:6240
- C:\Windows\System\aepruer.exe
  C:\Windows\System\aepruer.exe
  2⤵
  PID:6300
- C:\Windows\System\SiJqSAD.exe
  C:\Windows\System\SiJqSAD.exe
  2⤵
  PID:2396
- C:\Windows\System\fYIkZre.exe
  C:\Windows\System\fYIkZre.exe
  2⤵
  PID:3372
- C:\Windows\System\GMIVIRr.exe
  C:\Windows\System\GMIVIRr.exe
  2⤵
  PID:4408
- C:\Windows\System\HzvUhKV.exe
  C:\Windows\System\HzvUhKV.exe
  2⤵
  PID:3032
- C:\Windows\System\ZdWFtpv.exe
  C:\Windows\System\ZdWFtpv.exe
  2⤵
  PID:6412
- C:\Windows\System\hMNvscf.exe
  C:\Windows\System\hMNvscf.exe
  2⤵
  PID:6480
- C:\Windows\System\aQnebOp.exe
  C:\Windows\System\aQnebOp.exe
  2⤵
  PID:3184
- C:\Windows\System\JtxsltW.exe
  C:\Windows\System\JtxsltW.exe
  2⤵
  PID:6556
- C:\Windows\System\FkPaDxj.exe
  C:\Windows\System\FkPaDxj.exe
  2⤵
  PID:6592
- C:\Windows\System\aowwAVA.exe
  C:\Windows\System\aowwAVA.exe
  2⤵
  PID:6692
- C:\Windows\System\KURCnis.exe
  C:\Windows\System\KURCnis.exe
  2⤵
  PID:2640
- C:\Windows\System\RwSTSaf.exe
  C:\Windows\System\RwSTSaf.exe
  2⤵
  PID:6408
- C:\Windows\System\crKpGrq.exe
  C:\Windows\System\crKpGrq.exe
  2⤵
  PID:6532
- C:\Windows\System\kbpkDKB.exe
  C:\Windows\System\kbpkDKB.exe
  2⤵
  PID:6788
- C:\Windows\System\hEqVzHj.exe
  C:\Windows\System\hEqVzHj.exe
  2⤵
  PID:6828
- C:\Windows\System\dCcuaxG.exe
  C:\Windows\System\dCcuaxG.exe
  2⤵
  PID:6936
- C:\Windows\System\pNwNKVn.exe
  C:\Windows\System\pNwNKVn.exe
  2⤵
  PID:2316
- C:\Windows\System\kFqOdtu.exe
  C:\Windows\System\kFqOdtu.exe
  2⤵
  PID:7120
- C:\Windows\System\lctVHaE.exe
  C:\Windows\System\lctVHaE.exe
  2⤵
  PID:5352
- C:\Windows\System\tYYJaql.exe
  C:\Windows\System\tYYJaql.exe
  2⤵
  PID:6108
- C:\Windows\System\HcqzroM.exe
  C:\Windows\System\HcqzroM.exe
  2⤵
  PID:1932
- C:\Windows\System\IXuwBrq.exe
  C:\Windows\System\IXuwBrq.exe
  2⤵
  PID:4596
- C:\Windows\System\MoLDCrw.exe
  C:\Windows\System\MoLDCrw.exe
  2⤵
  PID:6356
- C:\Windows\System\ieybrdD.exe
  C:\Windows\System\ieybrdD.exe
  2⤵
  PID:4948
- C:\Windows\System\cwMzqqa.exe
  C:\Windows\System\cwMzqqa.exe
  2⤵
  PID:6396
- C:\Windows\System\SHjRmod.exe
  C:\Windows\System\SHjRmod.exe
  2⤵
  PID:6720
- C:\Windows\System\CpNXFNT.exe
  C:\Windows\System\CpNXFNT.exe
  2⤵
  PID:6628
- C:\Windows\System\FDwPcWg.exe
  C:\Windows\System\FDwPcWg.exe
  2⤵
  PID:6656
- C:\Windows\System\TucNvsF.exe
  C:\Windows\System\TucNvsF.exe
  2⤵
  PID:6268
- C:\Windows\System\NDTJpKC.exe
  C:\Windows\System\NDTJpKC.exe
  2⤵
  PID:6868
- C:\Windows\System\WTFGAkR.exe
  C:\Windows\System\WTFGAkR.exe
  2⤵
  PID:4208
- C:\Windows\System\QAZTMNl.exe
  C:\Windows\System\QAZTMNl.exe
  2⤵
  PID:7148
- C:\Windows\System\KgPlRbM.exe
  C:\Windows\System\KgPlRbM.exe
  2⤵
  PID:4248
- C:\Windows\System\uZDRumz.exe
  C:\Windows\System\uZDRumz.exe
  2⤵
  PID:4320
- C:\Windows\System\MOuDFir.exe
  C:\Windows\System\MOuDFir.exe
  2⤵
  PID:3260
- C:\Windows\System\VlPrwAB.exe
  C:\Windows\System\VlPrwAB.exe
  2⤵
  PID:6956
- C:\Windows\System\VwjASoe.exe
  C:\Windows\System\VwjASoe.exe
  2⤵
  PID:7044
- C:\Windows\System\PXWTqBK.exe
  C:\Windows\System\PXWTqBK.exe
  2⤵
  PID:6360
- C:\Windows\System\MkwHSMX.exe
  C:\Windows\System\MkwHSMX.exe
  2⤵
  PID:6284
- C:\Windows\System\NLJblDl.exe
  C:\Windows\System\NLJblDl.exe
  2⤵
  PID:7192
- C:\Windows\System\lRAYSex.exe
  C:\Windows\System\lRAYSex.exe
  2⤵
  PID:7220
- C:\Windows\System\LrAVyAc.exe
  C:\Windows\System\LrAVyAc.exe
  2⤵
  PID:7256
- C:\Windows\System\tWbkJmD.exe
  C:\Windows\System\tWbkJmD.exe
  2⤵
  PID:7276
- C:\Windows\System\QtMcshE.exe
  C:\Windows\System\QtMcshE.exe
  2⤵
  PID:7304
- C:\Windows\System\ImCtlQX.exe
  C:\Windows\System\ImCtlQX.exe
  2⤵
  PID:7332
- C:\Windows\System\xyAQVOE.exe
  C:\Windows\System\xyAQVOE.exe
  2⤵
  PID:7364
- C:\Windows\System\daThFVs.exe
  C:\Windows\System\daThFVs.exe
  2⤵
  PID:7396
- C:\Windows\System\zTzyAjc.exe
  C:\Windows\System\zTzyAjc.exe
  2⤵
  PID:7424
- C:\Windows\System\EoUuPfJ.exe
  C:\Windows\System\EoUuPfJ.exe
  2⤵
  PID:7452
- C:\Windows\System\PlrBGjf.exe
  C:\Windows\System\PlrBGjf.exe
  2⤵
  PID:7476
- C:\Windows\System\pBInmaA.exe
  C:\Windows\System\pBInmaA.exe
  2⤵
  PID:7504
- C:\Windows\System\xFMybWL.exe
  C:\Windows\System\xFMybWL.exe
  2⤵
  PID:7528
- C:\Windows\System\BzrhPmF.exe
  C:\Windows\System\BzrhPmF.exe
  2⤵
  PID:7568
- C:\Windows\System\dKJnEMO.exe
  C:\Windows\System\dKJnEMO.exe
  2⤵
  PID:7596
- C:\Windows\System\qWhtVfs.exe
  C:\Windows\System\qWhtVfs.exe
  2⤵
  PID:7612
- C:\Windows\System\nQTnEGR.exe
  C:\Windows\System\nQTnEGR.exe
  2⤵
  PID:7640
- C:\Windows\System\gFgeBTq.exe
  C:\Windows\System\gFgeBTq.exe
  2⤵
  PID:7680
- C:\Windows\System\JJSZWpT.exe
  C:\Windows\System\JJSZWpT.exe
  2⤵
  PID:7708
- C:\Windows\System\SwJJBCO.exe
  C:\Windows\System\SwJJBCO.exe
  2⤵
  PID:7736
- C:\Windows\System\OmHwweQ.exe
  C:\Windows\System\OmHwweQ.exe
  2⤵
  PID:7768
- C:\Windows\System\tWjpQdJ.exe
  C:\Windows\System\tWjpQdJ.exe
  2⤵
  PID:7792
- C:\Windows\System\EAMxAzl.exe
  C:\Windows\System\EAMxAzl.exe
  2⤵
  PID:7820
- C:\Windows\System\vQFIgYk.exe
  C:\Windows\System\vQFIgYk.exe
  2⤵
  PID:7848
- C:\Windows\System\FivsCZx.exe
  C:\Windows\System\FivsCZx.exe
  2⤵
  PID:7884
- C:\Windows\System\KLsaUwZ.exe
  C:\Windows\System\KLsaUwZ.exe
  2⤵
  PID:7908
- C:\Windows\System\nfRSyFu.exe
  C:\Windows\System\nfRSyFu.exe
  2⤵
  PID:7928
- C:\Windows\System\KIKjOaw.exe
  C:\Windows\System\KIKjOaw.exe
  2⤵
  PID:7956
- C:\Windows\System\QOvLFIu.exe
  C:\Windows\System\QOvLFIu.exe
  2⤵
  PID:7996
- C:\Windows\System\penVfZZ.exe
  C:\Windows\System\penVfZZ.exe
  2⤵
  PID:8024
- C:\Windows\System\keNKLAC.exe
  C:\Windows\System\keNKLAC.exe
  2⤵
  PID:8052
- C:\Windows\System\HRnLSak.exe
  C:\Windows\System\HRnLSak.exe
  2⤵
  PID:8088
- C:\Windows\System\xqZhRsE.exe
  C:\Windows\System\xqZhRsE.exe
  2⤵
  PID:8120
- C:\Windows\System\cezroFt.exe
  C:\Windows\System\cezroFt.exe
  2⤵
  PID:8148
- C:\Windows\System\LDFmeSD.exe
  C:\Windows\System\LDFmeSD.exe
  2⤵
  PID:8168
- C:\Windows\System\wBWOnqK.exe
  C:\Windows\System\wBWOnqK.exe
  2⤵
  PID:7172
- C:\Windows\System\sXLPgGK.exe
  C:\Windows\System\sXLPgGK.exe
  2⤵
  PID:7252
- C:\Windows\System\frJJwqs.exe
  C:\Windows\System\frJJwqs.exe
  2⤵
  PID:7292
- C:\Windows\System\qMRipIK.exe
  C:\Windows\System\qMRipIK.exe
  2⤵
  PID:7360
- C:\Windows\System\AjbCksC.exe
  C:\Windows\System\AjbCksC.exe
  2⤵
  PID:7436
- C:\Windows\System\dGCNWsI.exe
  C:\Windows\System\dGCNWsI.exe
  2⤵
  PID:7496
- C:\Windows\System\wmNTXTQ.exe
  C:\Windows\System\wmNTXTQ.exe
  2⤵
  PID:7560
- C:\Windows\System\HxMGNXU.exe
  C:\Windows\System\HxMGNXU.exe
  2⤵
  PID:7608
- C:\Windows\System\KZEOoKy.exe
  C:\Windows\System\KZEOoKy.exe
  2⤵
  PID:7704
- C:\Windows\System\crRaoCT.exe
  C:\Windows\System\crRaoCT.exe
  2⤵
  PID:7780
- C:\Windows\System\mWhOtgV.exe
  C:\Windows\System\mWhOtgV.exe
  2⤵
  PID:7860
- C:\Windows\System\DwsWHdT.exe
  C:\Windows\System\DwsWHdT.exe
  2⤵
  PID:7924
- C:\Windows\System\qkfBaoS.exe
  C:\Windows\System\qkfBaoS.exe
  2⤵
  PID:7944
- C:\Windows\System\fwqbgUO.exe
  C:\Windows\System\fwqbgUO.exe
  2⤵
  PID:8016
- C:\Windows\System\RsZoSLG.exe
  C:\Windows\System\RsZoSLG.exe
  2⤵
  PID:8132
- C:\Windows\System\FGZiDLp.exe
  C:\Windows\System\FGZiDLp.exe
  2⤵
  PID:6896
- C:\Windows\System\BnMpspD.exe
  C:\Windows\System\BnMpspD.exe
  2⤵
  PID:7248
- C:\Windows\System\vvDNhOa.exe
  C:\Windows\System\vvDNhOa.exe
  2⤵
  PID:7464
- C:\Windows\System\kLsssaq.exe
  C:\Windows\System\kLsssaq.exe
  2⤵
  PID:7544
- C:\Windows\System\ILtUBNN.exe
  C:\Windows\System\ILtUBNN.exe
  2⤵
  PID:7732
- C:\Windows\System\aifZrHl.exe
  C:\Windows\System\aifZrHl.exe
  2⤵
  PID:7836
- C:\Windows\System\evMKjgA.exe
  C:\Windows\System\evMKjgA.exe
  2⤵
  PID:8008
- C:\Windows\System\iiIGfUN.exe
  C:\Windows\System\iiIGfUN.exe
  2⤵
  PID:8108
- C:\Windows\System\BjJnSZk.exe
  C:\Windows\System\BjJnSZk.exe
  2⤵
  PID:7384
- C:\Windows\System\AWudkEk.exe
  C:\Windows\System\AWudkEk.exe
  2⤵
  PID:7672
- C:\Windows\System\nirQzdu.exe
  C:\Windows\System\nirQzdu.exe
  2⤵
  PID:7992
- C:\Windows\System\evqGCDE.exe
  C:\Windows\System\evqGCDE.exe
  2⤵
  PID:7484
- C:\Windows\System\GRksdyJ.exe
  C:\Windows\System\GRksdyJ.exe
  2⤵
  PID:8204
- C:\Windows\System\wItIxsw.exe
  C:\Windows\System\wItIxsw.exe
  2⤵
  PID:8232
- C:\Windows\System\tMjtqEL.exe
  C:\Windows\System\tMjtqEL.exe
  2⤵
  PID:8260
- C:\Windows\System\SiJXCqI.exe
  C:\Windows\System\SiJXCqI.exe
  2⤵
  PID:8288
- C:\Windows\System\Wzpiuzs.exe
  C:\Windows\System\Wzpiuzs.exe
  2⤵
  PID:8316
- C:\Windows\System\MRJEMda.exe
  C:\Windows\System\MRJEMda.exe
  2⤵
  PID:8332
- C:\Windows\System\VAPQSee.exe
  C:\Windows\System\VAPQSee.exe
  2⤵
  PID:8364
- C:\Windows\System\axGRbYR.exe
  C:\Windows\System\axGRbYR.exe
  2⤵
  PID:8388
- C:\Windows\System\lqsKpEz.exe
  C:\Windows\System\lqsKpEz.exe
  2⤵
  PID:8428
- C:\Windows\System\RHbQcNL.exe
  C:\Windows\System\RHbQcNL.exe
  2⤵
  PID:8456
- C:\Windows\System\ACxUXxI.exe
  C:\Windows\System\ACxUXxI.exe
  2⤵
  PID:8484
- C:\Windows\System\KivplXd.exe
  C:\Windows\System\KivplXd.exe
  2⤵
  PID:8516
- C:\Windows\System\EACKpdH.exe
  C:\Windows\System\EACKpdH.exe
  2⤵
  PID:8548
- C:\Windows\System\CjptfHN.exe
  C:\Windows\System\CjptfHN.exe
  2⤵
  PID:8576
- C:\Windows\System\tOYVMVV.exe
  C:\Windows\System\tOYVMVV.exe
  2⤵
  PID:8604
- C:\Windows\System\ujlzrtK.exe
  C:\Windows\System\ujlzrtK.exe
  2⤵
  PID:8632
- C:\Windows\System\aYpVrKz.exe
  C:\Windows\System\aYpVrKz.exe
  2⤵
  PID:8660
- C:\Windows\System\jlZTgci.exe
  C:\Windows\System\jlZTgci.exe
  2⤵
  PID:8680
- C:\Windows\System\wCWsyDz.exe
  C:\Windows\System\wCWsyDz.exe
  2⤵
  PID:8704
- C:\Windows\System\vMySoon.exe
  C:\Windows\System\vMySoon.exe
  2⤵
  PID:8732
- C:\Windows\System\xxwYIrL.exe
  C:\Windows\System\xxwYIrL.exe
  2⤵
  PID:8760
- C:\Windows\System\rpIhGeP.exe
  C:\Windows\System\rpIhGeP.exe
  2⤵
  PID:8788
- C:\Windows\System\mpbjVXU.exe
  C:\Windows\System\mpbjVXU.exe
  2⤵
  PID:8820
- C:\Windows\System\xXpthEI.exe
  C:\Windows\System\xXpthEI.exe
  2⤵
  PID:8852
- C:\Windows\System\KHmXTme.exe
  C:\Windows\System\KHmXTme.exe
  2⤵
  PID:8880
- C:\Windows\System\IlyxpKY.exe
  C:\Windows\System\IlyxpKY.exe
  2⤵
  PID:8916
- C:\Windows\System\ljSqLwC.exe
  C:\Windows\System\ljSqLwC.exe
  2⤵
  PID:8944
- C:\Windows\System\dhUFrnW.exe
  C:\Windows\System\dhUFrnW.exe
  2⤵
  PID:8964
- C:\Windows\System\BJwseoG.exe
  C:\Windows\System\BJwseoG.exe
  2⤵
  PID:8996
- C:\Windows\System\addGHdU.exe
  C:\Windows\System\addGHdU.exe
  2⤵
  PID:9032
- C:\Windows\System\LESetzn.exe
  C:\Windows\System\LESetzn.exe
  2⤵
  PID:9060
- C:\Windows\System\jGuVSHU.exe
  C:\Windows\System\jGuVSHU.exe
  2⤵
  PID:9088
- C:\Windows\System\fxWcnOr.exe
  C:\Windows\System\fxWcnOr.exe
  2⤵
  PID:9116
- C:\Windows\System\KJVtkzH.exe
  C:\Windows\System\KJVtkzH.exe
  2⤵
  PID:9144
- C:\Windows\System\IflDbvR.exe
  C:\Windows\System\IflDbvR.exe
  2⤵
  PID:9172
- C:\Windows\System\DZEZLdt.exe
  C:\Windows\System\DZEZLdt.exe
  2⤵
  PID:9188
- C:\Windows\System\PpCJgEG.exe
  C:\Windows\System\PpCJgEG.exe
  2⤵
  PID:8196
- C:\Windows\System\RKURppn.exe
  C:\Windows\System\RKURppn.exe
  2⤵
  PID:8272
- C:\Windows\System\IMXDWsn.exe
  C:\Windows\System\IMXDWsn.exe
  2⤵
  PID:8328
- C:\Windows\System\smOGKWU.exe
  C:\Windows\System\smOGKWU.exe
  2⤵
  PID:8380
- C:\Windows\System\HTaLMuP.exe
  C:\Windows\System\HTaLMuP.exe
  2⤵
  PID:8472
- C:\Windows\System\lqHisut.exe
  C:\Windows\System\lqHisut.exe
  2⤵
  PID:8496
- C:\Windows\System\kjYrgxh.exe
  C:\Windows\System\kjYrgxh.exe
  2⤵
  PID:8536
- C:\Windows\System\qPiXJoT.exe
  C:\Windows\System\qPiXJoT.exe
  2⤵
  PID:8656
- C:\Windows\System\bYFjkJy.exe
  C:\Windows\System\bYFjkJy.exe
  2⤵
  PID:8728
- C:\Windows\System\XknpxyS.exe
  C:\Windows\System\XknpxyS.exe
  2⤵
  PID:8756
- C:\Windows\System\QRInebp.exe
  C:\Windows\System\QRInebp.exe
  2⤵
  PID:8832
- C:\Windows\System\noqPUaq.exe
  C:\Windows\System\noqPUaq.exe
  2⤵
  PID:8876
- C:\Windows\System\EyXpSNw.exe
  C:\Windows\System\EyXpSNw.exe
  2⤵
  PID:8984
- C:\Windows\System\JTtjVbi.exe
  C:\Windows\System\JTtjVbi.exe
  2⤵
  PID:9044
- C:\Windows\System\LrmdnTr.exe
  C:\Windows\System\LrmdnTr.exe
  2⤵
  PID:9100
- C:\Windows\System\mGrXrMc.exe
  C:\Windows\System\mGrXrMc.exe
  2⤵
  PID:9136
- C:\Windows\System\iTeOarV.exe
  C:\Windows\System\iTeOarV.exe
  2⤵
  PID:9204
- C:\Windows\System\YrzEUZG.exe
  C:\Windows\System\YrzEUZG.exe
  2⤵
  PID:8308
- C:\Windows\System\FCVUCzJ.exe
  C:\Windows\System\FCVUCzJ.exe
  2⤵
  PID:8420
- C:\Windows\System\PaLXoVc.exe
  C:\Windows\System\PaLXoVc.exe
  2⤵
  PID:8592
- C:\Windows\System\EMrVzwz.exe
  C:\Windows\System\EMrVzwz.exe
  2⤵
  PID:8752
- C:\Windows\System\MQvAWMR.exe
  C:\Windows\System\MQvAWMR.exe
  2⤵
  PID:8932
- C:\Windows\System\HCDgXyD.exe
  C:\Windows\System\HCDgXyD.exe
  2⤵
  PID:9056
- C:\Windows\System\tNGyvtK.exe
  C:\Windows\System\tNGyvtK.exe
  2⤵
  PID:8216
- C:\Windows\System\tFVdWgH.exe
  C:\Windows\System\tFVdWgH.exe
  2⤵
  PID:7764
- C:\Windows\System\QwsRCxf.exe
  C:\Windows\System\QwsRCxf.exe
  2⤵
  PID:8864
- C:\Windows\System\TFVdBOz.exe
  C:\Windows\System\TFVdBOz.exe
  2⤵
  PID:8344
- C:\Windows\System\scUoqjb.exe
  C:\Windows\System\scUoqjb.exe
  2⤵
  PID:9240
- C:\Windows\System\MgDbqeu.exe
  C:\Windows\System\MgDbqeu.exe
  2⤵
  PID:9268
- C:\Windows\System\ukshnyO.exe
  C:\Windows\System\ukshnyO.exe
  2⤵
  PID:9288
- C:\Windows\System\EnKgwVb.exe
  C:\Windows\System\EnKgwVb.exe
  2⤵
  PID:9324
- C:\Windows\System\zEmdgFu.exe
  C:\Windows\System\zEmdgFu.exe
  2⤵
  PID:9352
- C:\Windows\System\yrQKmQf.exe
  C:\Windows\System\yrQKmQf.exe
  2⤵
  PID:9380
- C:\Windows\System\DBfqAkV.exe
  C:\Windows\System\DBfqAkV.exe
  2⤵
  PID:9408
- C:\Windows\System\xZcMMAF.exe
  C:\Windows\System\xZcMMAF.exe
  2⤵
  PID:9436
- C:\Windows\System\FMxeZoC.exe
  C:\Windows\System\FMxeZoC.exe
  2⤵
  PID:9464
- C:\Windows\System\MkmirCF.exe
  C:\Windows\System\MkmirCF.exe
  2⤵
  PID:9492
- C:\Windows\System\KbPCiSb.exe
  C:\Windows\System\KbPCiSb.exe
  2⤵
  PID:9520
- C:\Windows\System\OObZPaa.exe
  C:\Windows\System\OObZPaa.exe
  2⤵
  PID:9548
- C:\Windows\System\IoPWUBQ.exe
  C:\Windows\System\IoPWUBQ.exe
  2⤵
  PID:9576
- C:\Windows\System\LfgCAEP.exe
  C:\Windows\System\LfgCAEP.exe
  2⤵
  PID:9604
- C:\Windows\System\iaaRKQF.exe
  C:\Windows\System\iaaRKQF.exe
  2⤵
  PID:9632
- C:\Windows\System\iZPsIcs.exe
  C:\Windows\System\iZPsIcs.exe
  2⤵
  PID:9652
- C:\Windows\System\LathLaU.exe
  C:\Windows\System\LathLaU.exe
  2⤵
  PID:9676
- C:\Windows\System\ErKNUwH.exe
  C:\Windows\System\ErKNUwH.exe
  2⤵
  PID:9716
- C:\Windows\System\lkRioDr.exe
  C:\Windows\System\lkRioDr.exe
  2⤵
  PID:9732
- C:\Windows\System\QygjqUE.exe
  C:\Windows\System\QygjqUE.exe
  2⤵
  PID:9760
- C:\Windows\System\yIYoUPa.exe
  C:\Windows\System\yIYoUPa.exe
  2⤵
  PID:9788
- C:\Windows\System\XkIyWOQ.exe
  C:\Windows\System\XkIyWOQ.exe
  2⤵
  PID:9844
- C:\Windows\System\UkjIBSz.exe
  C:\Windows\System\UkjIBSz.exe
  2⤵
  PID:9864
- C:\Windows\System\YEqGKwV.exe
  C:\Windows\System\YEqGKwV.exe
  2⤵
  PID:9900
- C:\Windows\System\nmlMpvI.exe
  C:\Windows\System\nmlMpvI.exe
  2⤵
  PID:9928
- C:\Windows\System\zOQPbEh.exe
  C:\Windows\System\zOQPbEh.exe
  2⤵
  PID:9968
- C:\Windows\System\fICxKBR.exe
  C:\Windows\System\fICxKBR.exe
  2⤵
  PID:9984
- C:\Windows\System\cdyjuaK.exe
  C:\Windows\System\cdyjuaK.exe
  2⤵
  PID:10000
- C:\Windows\System\QpIZMix.exe
  C:\Windows\System\QpIZMix.exe
  2⤵
  PID:10016
- C:\Windows\System\pnGaiNz.exe
  C:\Windows\System\pnGaiNz.exe
  2⤵
  PID:10040
- C:\Windows\System\xTdbVgS.exe
  C:\Windows\System\xTdbVgS.exe
  2⤵
  PID:10064
- C:\Windows\System\kVMVRjs.exe
  C:\Windows\System\kVMVRjs.exe
  2⤵
  PID:10088
- C:\Windows\System\ypvdklr.exe
  C:\Windows\System\ypvdklr.exe
  2⤵
  PID:10120
- C:\Windows\System\lRzIxkU.exe
  C:\Windows\System\lRzIxkU.exe
  2⤵
  PID:10168
- C:\Windows\System\SsWayBv.exe
  C:\Windows\System\SsWayBv.exe
  2⤵
  PID:10196
- C:\Windows\System\vWmkaNo.exe
  C:\Windows\System\vWmkaNo.exe
  2⤵
  PID:9184
- C:\Windows\System\aBdWsbh.exe
  C:\Windows\System\aBdWsbh.exe
  2⤵
  PID:9260
- C:\Windows\System\XdhPSTL.exe
  C:\Windows\System\XdhPSTL.exe
  2⤵
  PID:9308
- C:\Windows\System\RRiWxrj.exe
  C:\Windows\System\RRiWxrj.exe
  2⤵
  PID:9404
- C:\Windows\System\uFJTDPs.exe
  C:\Windows\System\uFJTDPs.exe
  2⤵
  PID:9476
- C:\Windows\System\eMuuXLk.exe
  C:\Windows\System\eMuuXLk.exe
  2⤵
  PID:9536
- C:\Windows\System\VjPeBTO.exe
  C:\Windows\System\VjPeBTO.exe
  2⤵
  PID:9592
- C:\Windows\System\IzqbZmF.exe
  C:\Windows\System\IzqbZmF.exe
  2⤵
  PID:9668
- C:\Windows\System\smfaASo.exe
  C:\Windows\System\smfaASo.exe
  2⤵
  PID:9748
- C:\Windows\System\YOUphgu.exe
  C:\Windows\System\YOUphgu.exe
  2⤵
  PID:8980
- C:\Windows\System\dqFUSJO.exe
  C:\Windows\System\dqFUSJO.exe
  2⤵
  PID:9880
- C:\Windows\System\LrHupMN.exe
  C:\Windows\System\LrHupMN.exe
  2⤵
  PID:9892
- C:\Windows\System\feewMFI.exe
  C:\Windows\System\feewMFI.exe
  2⤵
  PID:9976
- C:\Windows\System\KdWfiZF.exe
  C:\Windows\System\KdWfiZF.exe
  2⤵
  PID:10028
- C:\Windows\System\mqGSYsn.exe
  C:\Windows\System\mqGSYsn.exe
  2⤵
  PID:10116
- C:\Windows\System\ClJygOO.exe
  C:\Windows\System\ClJygOO.exe
  2⤵
  PID:10176
- C:\Windows\System\PTvirhP.exe
  C:\Windows\System\PTvirhP.exe
  2⤵
  PID:8976
- C:\Windows\System\PQxIWXN.exe
  C:\Windows\System\PQxIWXN.exe
  2⤵
  PID:9448
- C:\Windows\System\kACniBr.exe
  C:\Windows\System\kACniBr.exe
  2⤵
  PID:9600
- C:\Windows\System\aEWWKML.exe
  C:\Windows\System\aEWWKML.exe
  2⤵
  PID:9648
- C:\Windows\System\urRnmJY.exe
  C:\Windows\System\urRnmJY.exe
  2⤵
  PID:9860
- C:\Windows\System\IdNnAFK.exe
  C:\Windows\System\IdNnAFK.exe
  2⤵
  PID:9944
- C:\Windows\System\LmxZKBY.exe
  C:\Windows\System\LmxZKBY.exe
  2⤵
  PID:10152
- C:\Windows\System\gBKaUei.exe
  C:\Windows\System\gBKaUei.exe
  2⤵
  PID:9504
- C:\Windows\System\QzPotoA.exe
  C:\Windows\System\QzPotoA.exe
  2⤵
  PID:9780
- C:\Windows\System\UporNhc.exe
  C:\Windows\System\UporNhc.exe
  2⤵
  PID:9992
- C:\Windows\System\HOxHSRW.exe
  C:\Windows\System\HOxHSRW.exe
  2⤵
  PID:9560
- C:\Windows\System\rzSUYZF.exe
  C:\Windows\System\rzSUYZF.exe
  2⤵
  PID:10256
- C:\Windows\System\hwyefEC.exe
  C:\Windows\System\hwyefEC.exe
  2⤵
  PID:10284
- C:\Windows\System\gJFqmcz.exe
  C:\Windows\System\gJFqmcz.exe
  2⤵
  PID:10312
- C:\Windows\System\yJuItFx.exe
  C:\Windows\System\yJuItFx.exe
  2⤵
  PID:10344
- C:\Windows\System\FjfTVpA.exe
  C:\Windows\System\FjfTVpA.exe
  2⤵
  PID:10372
- C:\Windows\System\OWlukRB.exe
  C:\Windows\System\OWlukRB.exe
  2⤵
  PID:10400
- C:\Windows\System\wHXwbTW.exe
  C:\Windows\System\wHXwbTW.exe
  2⤵
  PID:10428
- C:\Windows\System\bxrztFU.exe
  C:\Windows\System\bxrztFU.exe
  2⤵
  PID:10456
- C:\Windows\System\pqyuGiu.exe
  C:\Windows\System\pqyuGiu.exe
  2⤵
  PID:10484
- C:\Windows\System\qCcQREQ.exe
  C:\Windows\System\qCcQREQ.exe
  2⤵
  PID:10512
- C:\Windows\System\WuCmiBU.exe
  C:\Windows\System\WuCmiBU.exe
  2⤵
  PID:10540
- C:\Windows\System\veLEDOl.exe
  C:\Windows\System\veLEDOl.exe
  2⤵
  PID:10568
- C:\Windows\System\ZKsFocT.exe
  C:\Windows\System\ZKsFocT.exe
  2⤵
  PID:10584
- C:\Windows\System\yXanKeD.exe
  C:\Windows\System\yXanKeD.exe
  2⤵
  PID:10624
- C:\Windows\System\iXPhhnZ.exe
  C:\Windows\System\iXPhhnZ.exe
  2⤵
  PID:10652
- C:\Windows\System\kANzPwB.exe
  C:\Windows\System\kANzPwB.exe
  2⤵
  PID:10680
- C:\Windows\System\KKcXOkv.exe
  C:\Windows\System\KKcXOkv.exe
  2⤵
  PID:10708
- C:\Windows\System\FoEjXBz.exe
  C:\Windows\System\FoEjXBz.exe
  2⤵
  PID:10740
- C:\Windows\System\nkJHLPH.exe
  C:\Windows\System\nkJHLPH.exe
  2⤵
  PID:10768
- C:\Windows\System\ZjAIqdx.exe
  C:\Windows\System\ZjAIqdx.exe
  2⤵
  PID:10800
- C:\Windows\System\hNHAiTq.exe
  C:\Windows\System\hNHAiTq.exe
  2⤵
  PID:10828
- C:\Windows\System\jecYzPf.exe
  C:\Windows\System\jecYzPf.exe
  2⤵
  PID:10856
- C:\Windows\System\UmnoGuo.exe
  C:\Windows\System\UmnoGuo.exe
  2⤵
  PID:10884
- C:\Windows\System\eGXVvlW.exe
  C:\Windows\System\eGXVvlW.exe
  2⤵
  PID:10908
- C:\Windows\System\IXfFqFS.exe
  C:\Windows\System\IXfFqFS.exe
  2⤵
  PID:10928
- C:\Windows\System\LBjpabz.exe
  C:\Windows\System\LBjpabz.exe
  2⤵
  PID:10956
- C:\Windows\System\eNUoxIJ.exe
  C:\Windows\System\eNUoxIJ.exe
  2⤵
  PID:10988
- C:\Windows\System\EzvmqWP.exe
  C:\Windows\System\EzvmqWP.exe
  2⤵
  PID:11024
- C:\Windows\System\gHEuOqO.exe
  C:\Windows\System\gHEuOqO.exe
  2⤵
  PID:11052
- C:\Windows\System\bMKCbrF.exe
  C:\Windows\System\bMKCbrF.exe
  2⤵
  PID:11072
- C:\Windows\System\TikASTD.exe
  C:\Windows\System\TikASTD.exe
  2⤵
  PID:11104
- C:\Windows\System\mLCEhyN.exe
  C:\Windows\System\mLCEhyN.exe
  2⤵
  PID:11124
- C:\Windows\System\sjFPYyP.exe
  C:\Windows\System\sjFPYyP.exe
  2⤵
  PID:11148
- C:\Windows\System\iqoEZgn.exe
  C:\Windows\System\iqoEZgn.exe
  2⤵
  PID:11168
- C:\Windows\System\fzLhBFn.exe
  C:\Windows\System\fzLhBFn.exe
  2⤵
  PID:11220
- C:\Windows\System\HOJmFNT.exe
  C:\Windows\System\HOJmFNT.exe
  2⤵
  PID:11248
- C:\Windows\System\EXKYckY.exe
  C:\Windows\System\EXKYckY.exe
  2⤵
  PID:9396
- C:\Windows\System\uywzOGW.exe
  C:\Windows\System\uywzOGW.exe
  2⤵
  PID:10296
- C:\Windows\System\UzzdiVG.exe
  C:\Windows\System\UzzdiVG.exe
  2⤵
  PID:10356
- C:\Windows\System\SRSuHfL.exe
  C:\Windows\System\SRSuHfL.exe
  2⤵
  PID:10440
- C:\Windows\System\WBpJeBd.exe
  C:\Windows\System\WBpJeBd.exe
  2⤵
  PID:10468
- C:\Windows\System\OCObNze.exe
  C:\Windows\System\OCObNze.exe
  2⤵
  PID:10556
- C:\Windows\System\eFVzAxI.exe
  C:\Windows\System\eFVzAxI.exe
  2⤵
  PID:10620
- C:\Windows\System\xEefIfP.exe
  C:\Windows\System\xEefIfP.exe
  2⤵
  PID:10672
- C:\Windows\System\ELvAVnt.exe
  C:\Windows\System\ELvAVnt.exe
  2⤵
  PID:10752
- C:\Windows\System\GdKvZeW.exe
  C:\Windows\System\GdKvZeW.exe
  2⤵
  PID:10812
- C:\Windows\System\eGnGvHK.exe
  C:\Windows\System\eGnGvHK.exe
  2⤵
  PID:10872
- C:\Windows\System\knftddZ.exe
  C:\Windows\System\knftddZ.exe
  2⤵
  PID:10952
- C:\Windows\System\bYPdCqH.exe
  C:\Windows\System\bYPdCqH.exe
  2⤵
  PID:11036
- C:\Windows\System\SzDaRAg.exe
  C:\Windows\System\SzDaRAg.exe
  2⤵
  PID:11088
- C:\Windows\System\GdlHfJj.exe
  C:\Windows\System\GdlHfJj.exe
  2⤵
  PID:11120
- C:\Windows\System\jiiannY.exe
  C:\Windows\System\jiiannY.exe
  2⤵
  PID:11204
- C:\Windows\System\NKFMDvj.exe
  C:\Windows\System\NKFMDvj.exe
  2⤵
  PID:10248
- C:\Windows\System\mcFsKaq.exe
  C:\Windows\System\mcFsKaq.exe
  2⤵
  PID:10476
- C:\Windows\System\rcoHjhQ.exe
  C:\Windows\System\rcoHjhQ.exe
  2⤵
  PID:10500
- C:\Windows\System\wckIpPZ.exe
  C:\Windows\System\wckIpPZ.exe
  2⤵
  PID:10664
- C:\Windows\System\AWrxxjj.exe
  C:\Windows\System\AWrxxjj.exe
  2⤵
  PID:10780
- C:\Windows\System\QccSKsw.exe
  C:\Windows\System\QccSKsw.exe
  2⤵
  PID:10996
- C:\Windows\System\uDlCcqV.exe
  C:\Windows\System\uDlCcqV.exe
  2⤵
  PID:11188
- C:\Windows\System\mRdGfib.exe
  C:\Windows\System\mRdGfib.exe
  2⤵
  PID:10244
- C:\Windows\System\qtkBaVM.exe
  C:\Windows\System\qtkBaVM.exe
  2⤵
  PID:10636
- C:\Windows\System\hYbmVoE.exe
  C:\Windows\System\hYbmVoE.exe
  2⤵
  PID:11096
- C:\Windows\System\emLnoUi.exe
  C:\Windows\System\emLnoUi.exe
  2⤵
  PID:10924
- C:\Windows\System\jKOtxDG.exe
  C:\Windows\System\jKOtxDG.exe
  2⤵
  PID:11112
- C:\Windows\System\SbYxxVV.exe
  C:\Windows\System\SbYxxVV.exe
  2⤵
  PID:11284
- C:\Windows\System\ASpAYks.exe
  C:\Windows\System\ASpAYks.exe
  2⤵
  PID:11308
- C:\Windows\System\KANNqyT.exe
  C:\Windows\System\KANNqyT.exe
  2⤵
  PID:11336
- C:\Windows\System\sberVXA.exe
  C:\Windows\System\sberVXA.exe
  2⤵
  PID:11368
- C:\Windows\System\SVAtrtD.exe
  C:\Windows\System\SVAtrtD.exe
  2⤵
  PID:11396
- C:\Windows\System\VnZGVXf.exe
  C:\Windows\System\VnZGVXf.exe
  2⤵
  PID:11412
- C:\Windows\System\EHdagQJ.exe
  C:\Windows\System\EHdagQJ.exe
  2⤵
  PID:11444
- C:\Windows\System\fCrYsQF.exe
  C:\Windows\System\fCrYsQF.exe
  2⤵
  PID:11460
- C:\Windows\System\PUVwyLl.exe
  C:\Windows\System\PUVwyLl.exe
  2⤵
  PID:11480
- C:\Windows\System\AFWAmIM.exe
  C:\Windows\System\AFWAmIM.exe
  2⤵
  PID:11500
- C:\Windows\System\BXSnKAP.exe
  C:\Windows\System\BXSnKAP.exe
  2⤵
  PID:11520
- C:\Windows\System\ameEwis.exe
  C:\Windows\System\ameEwis.exe
  2⤵
  PID:11552
- C:\Windows\System\aENsKXn.exe
  C:\Windows\System\aENsKXn.exe
  2⤵
  PID:11624
- C:\Windows\System\vhmPKdS.exe
  C:\Windows\System\vhmPKdS.exe
  2⤵
  PID:11644
- C:\Windows\System\bgQGYwV.exe
  C:\Windows\System\bgQGYwV.exe
  2⤵
  PID:11664
- C:\Windows\System\ytltZVD.exe
  C:\Windows\System\ytltZVD.exe
  2⤵
  PID:11696
- C:\Windows\System\eAPXQbV.exe
  C:\Windows\System\eAPXQbV.exe
  2⤵
  PID:11720
- C:\Windows\System\eikPjPj.exe
  C:\Windows\System\eikPjPj.exe
  2⤵
  PID:11764
- C:\Windows\System\wunqaZu.exe
  C:\Windows\System\wunqaZu.exe
  2⤵
  PID:11800
- C:\Windows\System\uwekqFm.exe
  C:\Windows\System\uwekqFm.exe
  2⤵
  PID:11820
- C:\Windows\System\WyPflwh.exe
  C:\Windows\System\WyPflwh.exe
  2⤵
  PID:11844
- C:\Windows\System\jYgQuhR.exe
  C:\Windows\System\jYgQuhR.exe
  2⤵
  PID:11884
- C:\Windows\System\iMuSyot.exe
  C:\Windows\System\iMuSyot.exe
  2⤵
  PID:11904
- C:\Windows\System\WcsAwPs.exe
  C:\Windows\System\WcsAwPs.exe
  2⤵
  PID:11940
- C:\Windows\System\UwkDEyr.exe
  C:\Windows\System\UwkDEyr.exe
  2⤵
  PID:11968
- C:\Windows\System\cBLkiuB.exe
  C:\Windows\System\cBLkiuB.exe
  2⤵
  PID:11984
- C:\Windows\System\TeGDReu.exe
  C:\Windows\System\TeGDReu.exe
  2⤵
  PID:12016
- C:\Windows\System\oxnudGc.exe
  C:\Windows\System\oxnudGc.exe
  2⤵
  PID:12040
- C:\Windows\System\etOXFnU.exe
  C:\Windows\System\etOXFnU.exe
  2⤵
  PID:12080
- C:\Windows\System\VMHvOHK.exe
  C:\Windows\System\VMHvOHK.exe
  2⤵
  PID:12108
- C:\Windows\System\xbxZOAU.exe
  C:\Windows\System\xbxZOAU.exe
  2⤵
  PID:12128
- C:\Windows\System\IGhmYIL.exe
  C:\Windows\System\IGhmYIL.exe
  2⤵
  PID:12152
- C:\Windows\System\DTOJpDz.exe
  C:\Windows\System\DTOJpDz.exe
  2⤵
  PID:12192
- C:\Windows\System\qCiIkmy.exe
  C:\Windows\System\qCiIkmy.exe
  2⤵
  PID:12220
- C:\Windows\System\FoWKjRv.exe
  C:\Windows\System\FoWKjRv.exe
  2⤵
  PID:12248
- C:\Windows\System\tAjaGxo.exe
  C:\Windows\System\tAjaGxo.exe
  2⤵
  PID:12276
- C:\Windows\System\QgYudRR.exe
  C:\Windows\System\QgYudRR.exe
  2⤵
  PID:11276
- C:\Windows\System\AzCcxbf.exe
  C:\Windows\System\AzCcxbf.exe
  2⤵
  PID:11356
- C:\Windows\System\euulqmz.exe
  C:\Windows\System\euulqmz.exe
  2⤵
  PID:11456
- C:\Windows\System\iMulkUx.exe
  C:\Windows\System\iMulkUx.exe
  2⤵
  PID:11488
- C:\Windows\System\NJJjkdS.exe
  C:\Windows\System\NJJjkdS.exe
  2⤵
  PID:11572
- C:\Windows\System\YdmHxQM.exe
  C:\Windows\System\YdmHxQM.exe
  2⤵
  PID:11616
- C:\Windows\System\zqmPMgx.exe
  C:\Windows\System\zqmPMgx.exe
  2⤵
  PID:11636
- C:\Windows\System\yvgKsOj.exe
  C:\Windows\System\yvgKsOj.exe
  2⤵
  PID:11728
- C:\Windows\System\hfjBkpC.exe
  C:\Windows\System\hfjBkpC.exe
  2⤵
  PID:11808
- C:\Windows\System\FZmfsJT.exe
  C:\Windows\System\FZmfsJT.exe
  2⤵
  PID:11896
- C:\Windows\System\rLSgCFG.exe
  C:\Windows\System\rLSgCFG.exe
  2⤵
  PID:11952
- C:\Windows\System\tPLWbXJ.exe
  C:\Windows\System\tPLWbXJ.exe
  2⤵
  PID:12000
- C:\Windows\System\DGUOUiE.exe
  C:\Windows\System\DGUOUiE.exe
  2⤵
  PID:12052
- C:\Windows\System\cKKDDBQ.exe
  C:\Windows\System\cKKDDBQ.exe
  2⤵
  PID:12116
- C:\Windows\System\cMOQkWn.exe
  C:\Windows\System\cMOQkWn.exe
  2⤵
  PID:12208
- C:\Windows\System\rIfDDdh.exe
  C:\Windows\System\rIfDDdh.exe
  2⤵
  PID:12268
- C:\Windows\System\NWzPpYE.exe
  C:\Windows\System\NWzPpYE.exe
  2⤵
  PID:11388
- C:\Windows\System\JKHhNCv.exe
  C:\Windows\System\JKHhNCv.exe
  2⤵
  PID:11536
- C:\Windows\System\nRIZNLm.exe
  C:\Windows\System\nRIZNLm.exe
  2⤵
  PID:11716
- C:\Windows\System\FKdtLXT.exe
  C:\Windows\System\FKdtLXT.exe
  2⤵
  PID:11836
- C:\Windows\System\uhzXuEx.exe
  C:\Windows\System\uhzXuEx.exe
  2⤵
  PID:12032
- C:\Windows\System\MAFSydV.exe
  C:\Windows\System\MAFSydV.exe
  2⤵
  PID:12100
- C:\Windows\System\CFMirso.exe
  C:\Windows\System\CFMirso.exe
  2⤵
  PID:11268
- C:\Windows\System\gaxyRSR.exe
  C:\Windows\System\gaxyRSR.exe
  2⤵
  PID:11640
- C:\Windows\System\lVZoHZG.exe
  C:\Windows\System\lVZoHZG.exe
  2⤵
  PID:11928
- C:\Windows\System\xzgyScO.exe
  C:\Windows\System\xzgyScO.exe
  2⤵
  PID:12272
- C:\Windows\System\MdDxJWu.exe
  C:\Windows\System\MdDxJWu.exe
  2⤵
  PID:12024
- C:\Windows\System\pFLPEqz.exe
  C:\Windows\System\pFLPEqz.exe
  2⤵
  PID:12300
- C:\Windows\System\YYPknvs.exe
  C:\Windows\System\YYPknvs.exe
  2⤵
  PID:12328
- C:\Windows\System\NkTVBFk.exe
  C:\Windows\System\NkTVBFk.exe
  2⤵
  PID:12356
- C:\Windows\System\ZjbTZqP.exe
  C:\Windows\System\ZjbTZqP.exe
  2⤵
  PID:12376
- C:\Windows\System\iuzQbll.exe
  C:\Windows\System\iuzQbll.exe
  2⤵
  PID:12408
- C:\Windows\System\dOTuohn.exe
  C:\Windows\System\dOTuohn.exe
  2⤵
  PID:12428
- C:\Windows\System\zQhQdlW.exe
  C:\Windows\System\zQhQdlW.exe
  2⤵
  PID:12468
- C:\Windows\System\ocsKDxX.exe
  C:\Windows\System\ocsKDxX.exe
  2⤵
  PID:12488
- C:\Windows\System\Qvbdqov.exe
  C:\Windows\System\Qvbdqov.exe
  2⤵
  PID:12520
- C:\Windows\System\VgthgfH.exe
  C:\Windows\System\VgthgfH.exe
  2⤵
  PID:12548
- C:\Windows\System\ssDwzuF.exe
  C:\Windows\System\ssDwzuF.exe
  2⤵
  PID:12580
- C:\Windows\System\BzxcfET.exe
  C:\Windows\System\BzxcfET.exe
  2⤵
  PID:12608
- C:\Windows\System\IzRCvAd.exe
  C:\Windows\System\IzRCvAd.exe
  2⤵
  PID:12636
- C:\Windows\System\JNIDrfF.exe
  C:\Windows\System\JNIDrfF.exe
  2⤵
  PID:12656
- C:\Windows\System\jAamwYM.exe
  C:\Windows\System\jAamwYM.exe
  2⤵
  PID:12692
- C:\Windows\System\QZySkcA.exe
  C:\Windows\System\QZySkcA.exe
  2⤵
  PID:12728
- C:\Windows\System\OFHWnLp.exe
  C:\Windows\System\OFHWnLp.exe
  2⤵
  PID:12756
- C:\Windows\System\pWuibak.exe
  C:\Windows\System\pWuibak.exe
  2⤵
  PID:12772
- C:\Windows\System\cvTqFOv.exe
  C:\Windows\System\cvTqFOv.exe
  2⤵
  PID:12812
- C:\Windows\System\GKQEdti.exe
  C:\Windows\System\GKQEdti.exe
  2⤵
  PID:12832
- C:\Windows\System\GKBfvNx.exe
  C:\Windows\System\GKBfvNx.exe
  2⤵
  PID:12880
- C:\Windows\System\tOWObHJ.exe
  C:\Windows\System\tOWObHJ.exe
  2⤵
  PID:12908
- C:\Windows\System\tLMSDXG.exe
  C:\Windows\System\tLMSDXG.exe
  2⤵
  PID:12936
- C:\Windows\System\UPSLPRg.exe
  C:\Windows\System\UPSLPRg.exe
  2⤵
  PID:12956
- C:\Windows\System\lIdzENz.exe
  C:\Windows\System\lIdzENz.exe
  2⤵
  PID:12980
- C:\Windows\System\rqlYcnv.exe
  C:\Windows\System\rqlYcnv.exe
  2⤵
  PID:13012
- C:\Windows\System\nJqHWXA.exe
  C:\Windows\System\nJqHWXA.exe
  2⤵
  PID:13040
- C:\Windows\System\WfaXghz.exe
  C:\Windows\System\WfaXghz.exe
  2⤵
  PID:13076
- C:\Windows\System\YUjBvVj.exe
  C:\Windows\System\YUjBvVj.exe
  2⤵
  PID:13112
- C:\Windows\System\aixAFOn.exe
  C:\Windows\System\aixAFOn.exe
  2⤵
  PID:13140
- C:\Windows\System\zlUSWzB.exe
  C:\Windows\System\zlUSWzB.exe
  2⤵
  PID:13168
- C:\Windows\System\PSfcwvn.exe
  C:\Windows\System\PSfcwvn.exe
  2⤵
  PID:13188
- C:\Windows\System\VxjoTsV.exe
  C:\Windows\System\VxjoTsV.exe
  2⤵
  PID:13240
- C:\Windows\System\RVgVMDa.exe
  C:\Windows\System\RVgVMDa.exe
  2⤵
  PID:13272
- C:\Windows\System\gUQfbRB.exe
  C:\Windows\System\gUQfbRB.exe
  2⤵
  PID:13288
- C:\Windows\System\xhXWknE.exe
  C:\Windows\System\xhXWknE.exe
  2⤵
  PID:12320
- C:\Windows\System\fEaAFgN.exe
  C:\Windows\System\fEaAFgN.exe
  2⤵
  PID:12384
- C:\Windows\System\pBFXKyf.exe
  C:\Windows\System\pBFXKyf.exe
  2⤵
  PID:12420
- C:\Windows\System\SGoftWq.exe
  C:\Windows\System\SGoftWq.exe
  2⤵
  PID:12504
- C:\Windows\System\QNZIQpC.exe
  C:\Windows\System\QNZIQpC.exe
  2⤵
  PID:12576
- C:\Windows\System\oTZcYHD.exe
  C:\Windows\System\oTZcYHD.exe
  2⤵
  PID:12628
- C:\Windows\System\pYqKJNV.exe
  C:\Windows\System\pYqKJNV.exe
  2⤵
  PID:12704
- C:\Windows\System\jHxHeWf.exe
  C:\Windows\System\jHxHeWf.exe
  2⤵
  PID:12744
- C:\Windows\System\WBiERoH.exe
  C:\Windows\System\WBiERoH.exe
  2⤵
  PID:12844
- C:\Windows\System\WeULCUa.exe
  C:\Windows\System\WeULCUa.exe
  2⤵
  PID:12896
- C:\Windows\System\dGNiHvc.exe
  C:\Windows\System\dGNiHvc.exe
  2⤵
  PID:12948
- C:\Windows\System\fvzptPW.exe
  C:\Windows\System\fvzptPW.exe
  2⤵
  PID:13036
- C:\Windows\System\ohaQbTA.exe
  C:\Windows\System\ohaQbTA.exe
  2⤵
  PID:13132
- C:\Windows\System\sLjMYai.exe
  C:\Windows\System\sLjMYai.exe
  2⤵
  PID:13136
- C:\Windows\System\mtOuEWz.exe
  C:\Windows\System\mtOuEWz.exe
  2⤵
  PID:13236
- C:\Windows\System\rcQtjyp.exe
  C:\Windows\System\rcQtjyp.exe
  2⤵
  PID:11744
- C:\Windows\System\LWKgVYn.exe
  C:\Windows\System\LWKgVYn.exe
  2⤵
  PID:12464
- C:\Windows\System\cKYXSKg.exe
  C:\Windows\System\cKYXSKg.exe
  2⤵
  PID:12632
- C:\Windows\System\aljKLbW.exe
  C:\Windows\System\aljKLbW.exe
  2⤵
  PID:12740
- C:\Windows\System\EiyzTZn.exe
  C:\Windows\System\EiyzTZn.exe
  2⤵
  PID:12972
- C:\Windows\System\eLkQVzX.exe
  C:\Windows\System\eLkQVzX.exe
  2⤵
  PID:13000
- C:\Windows\System\scMymAX.exe
  C:\Windows\System\scMymAX.exe
  2⤵
  PID:1344
- C:\Windows\System\oapDZwy.exe
  C:\Windows\System\oapDZwy.exe
  2⤵
  PID:13264
- C:\Windows\System\evNJRKO.exe
  C:\Windows\System\evNJRKO.exe
  2⤵
  PID:12484
- C:\Windows\System\TNpaGME.exe
  C:\Windows\System\TNpaGME.exe
  2⤵
  PID:12800
- C:\Windows\System\GsBcxJJ.exe
  C:\Windows\System\GsBcxJJ.exe
  2⤵
  PID:3136
- C:\Windows\System\dLcXleh.exe
  C:\Windows\System\dLcXleh.exe
  2⤵
  PID:12648
- C:\Windows\System\xnSgdnb.exe
  C:\Windows\System\xnSgdnb.exe
  2⤵
  PID:12296
- C:\Windows\System\mYDRXTN.exe
  C:\Windows\System\mYDRXTN.exe
  2⤵
  PID:13088
- C:\Windows\System\MbCRaCY.exe
  C:\Windows\System\MbCRaCY.exe
  2⤵
  PID:13340
- C:\Windows\System\CerlOVe.exe
  C:\Windows\System\CerlOVe.exe
  2⤵
  PID:13368
- C:\Windows\System\rEALlvE.exe
  C:\Windows\System\rEALlvE.exe
  2⤵
  PID:13384
- C:\Windows\System\iRnGnGd.exe
  C:\Windows\System\iRnGnGd.exe
  2⤵
  PID:13412
- C:\Windows\System\jadTbaY.exe
  C:\Windows\System\jadTbaY.exe
  2⤵
  PID:13444
- C:\Windows\System\pOVEFkv.exe
  C:\Windows\System\pOVEFkv.exe
  2⤵
  PID:13468
- C:\Windows\System\gLHsOqV.exe
  C:\Windows\System\gLHsOqV.exe
  2⤵
  PID:13496
- C:\Windows\System\XGcAsMP.exe
  C:\Windows\System\XGcAsMP.exe
  2⤵
  PID:13536
- C:\Windows\System\eftmMdR.exe
  C:\Windows\System\eftmMdR.exe
  2⤵
  PID:13568
- C:\Windows\System\eAenbWc.exe
  C:\Windows\System\eAenbWc.exe
  2⤵
  PID:13600
- C:\Windows\System\KijZjlm.exe
  C:\Windows\System\KijZjlm.exe
  2⤵
  PID:13624
- C:\Windows\System\rqmYSoD.exe
  C:\Windows\System\rqmYSoD.exe
  2⤵
  PID:13652
- C:\Windows\System\edZyMui.exe
  C:\Windows\System\edZyMui.exe
  2⤵
  PID:13692
- C:\Windows\System\lJiyoZH.exe
  C:\Windows\System\lJiyoZH.exe
  2⤵
  PID:13708
- C:\Windows\System\DcTfzlN.exe
  C:\Windows\System\DcTfzlN.exe
  2⤵
  PID:13736
- C:\Windows\System\dgYPCbx.exe
  C:\Windows\System\dgYPCbx.exe
  2⤵
  PID:13764
- C:\Windows\System\kIEDkbh.exe
  C:\Windows\System\kIEDkbh.exe
  2⤵
  PID:13796
- C:\Windows\System\kmayATz.exe
  C:\Windows\System\kmayATz.exe
  2⤵
  PID:13840
- C:\Windows\System\MzIWkCc.exe
  C:\Windows\System\MzIWkCc.exe
  2⤵
  PID:13864
- C:\Windows\System\LKrnoGu.exe
  C:\Windows\System\LKrnoGu.exe
  2⤵
  PID:13900
- C:\Windows\System\PNZAmrE.exe
  C:\Windows\System\PNZAmrE.exe
  2⤵
  PID:13924
- C:\Windows\System\lVkllyF.exe
  C:\Windows\System\lVkllyF.exe
  2⤵
  PID:13972
- C:\Windows\System\wHOFVIV.exe
  C:\Windows\System\wHOFVIV.exe
  2⤵
  PID:13996
- C:\Windows\System\tsvxSdC.exe
  C:\Windows\System\tsvxSdC.exe
  2⤵
  PID:14060
- C:\Windows\System\VALGYUD.exe
  C:\Windows\System\VALGYUD.exe
  2⤵
  PID:14088
- C:\Windows\System\jpnfdnp.exe
  C:\Windows\System\jpnfdnp.exe
  2⤵
  PID:14132
- C:\Windows\System\vgbnhZT.exe
  C:\Windows\System\vgbnhZT.exe
  2⤵
  PID:14160
- C:\Windows\System\SjlPnVu.exe
  C:\Windows\System\SjlPnVu.exe
  2⤵
  PID:14192
- C:\Windows\System\EscqGMZ.exe
  C:\Windows\System\EscqGMZ.exe
  2⤵
  PID:14232
- C:\Windows\System\jOwNDOK.exe
  C:\Windows\System\jOwNDOK.exe
  2⤵
  PID:14268
- C:\Windows\System\lAuPzJo.exe
  C:\Windows\System\lAuPzJo.exe
  2⤵
  PID:14288
- C:\Windows\System\QSOFDyh.exe
  C:\Windows\System\QSOFDyh.exe
  2⤵
  PID:14320
- C:\Windows\System\TDHbJFx.exe
  C:\Windows\System\TDHbJFx.exe
  2⤵
  PID:13336
- C:\Windows\System\XUyHBOL.exe
  C:\Windows\System\XUyHBOL.exe
  2⤵
  PID:13436
- C:\Windows\System\nWgvBhC.exe
  C:\Windows\System\nWgvBhC.exe
  2⤵
  PID:13548
- C:\Windows\System\rMvjUSu.exe
  C:\Windows\System\rMvjUSu.exe
  2⤵
  PID:13724
- C:\Windows\System\McGBtyb.exe
  C:\Windows\System\McGBtyb.exe
  2⤵
  PID:13756
- C:\Windows\System\UIgtTRe.exe
  C:\Windows\System\UIgtTRe.exe
  2⤵
  PID:13832
- C:\Windows\System\rlIMHhU.exe
  C:\Windows\System\rlIMHhU.exe
  2⤵
  PID:13916
- C:\Windows\System\pOZqzwn.exe
  C:\Windows\System\pOZqzwn.exe
  2⤵
  PID:13960
- C:\Windows\System\zcXboGy.exe
  C:\Windows\System\zcXboGy.exe
  2⤵
  PID:14112
- C:\Windows\System\wfzUCkX.exe
  C:\Windows\System\wfzUCkX.exe
  2⤵
  PID:14156
- C:\Windows\System\vNmgyZz.exe
  C:\Windows\System\vNmgyZz.exe
  2⤵
  PID:14276
- C:\Windows\System\XsFBQRe.exe
  C:\Windows\System\XsFBQRe.exe
  2⤵
  PID:13332
- C:\Windows\System\dWoHtKI.exe
  C:\Windows\System\dWoHtKI.exe
  2⤵
  PID:13588
- C:\Windows\System\Wwqcazj.exe
  C:\Windows\System\Wwqcazj.exe
  2⤵
  PID:13908

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Ausaoyg.exe

Filesize
1.8MB

MD5
900d3c42d4aac4e6e227ae96a737fbb4

SHA1
d43bc7fc81e37277ce8e4c42a27824fde78e1b3a

SHA256
53d50e6a7ce0ea17a5a183a1086d87aafe9780cabf6a19fe609439a914b9ebe5

SHA512
b8976ad566624f13c6daf7cc4707778c16abb63b137b1ddd054238fd7c711c8623a5c0f9a2ac3122e8db0ab5767dc7689a488aa280a14e449f06c2501c244805

Download Submit
C:\Windows\System\DqdgtiA.exe

Filesize
1.8MB

MD5
bf2e801c46acde04e4f5a5f9e6e9246f

SHA1
333d8d586d4da796feafba91e6632937948aa021

SHA256
52ead9d919d00546a17a8ae799ab6c374ca8d1c06782ce9a5d89910e37a59e5c

SHA512
a2b7a8e40df2ca4c91c8e2fc852fb8f0a30778ac07e5f93ea3ea4ccb557e4c7bbc69d84d2c37414cf1adc375e2d88b4d1e8dd745fe3a0620f6c441cd72940a7b

Download Submit
C:\Windows\System\FAlVtaF.exe

Filesize
1.8MB

MD5
46a782a8ba6716d62098914aabedeff4

SHA1
9d26a5c3231abc6596e7b96706ff96e64f96d171

SHA256
2120a20954bb9bcb60fca382754514c399a95badc7609e69e5f89111371a775d

SHA512
5e2e9e93584b65993884299740d153f1ecf7fd0c0ae65fa14d340902957ea52696608a82e3d8c5629e43acabefe97e16e6b196d232e30d3ddafcba9f39b92e8a

Download Submit
C:\Windows\System\GTGNDdz.exe

Filesize
1.8MB

MD5
ec3b0bccda7e8d9990040d013185530a

SHA1
25c4d19df6776ad8af96f35ddc40e373d4392bb9

SHA256
89bf11c812ace34e45a1fdde0be2e58dc73ebb290eb8d82680b2df02f24894f8

SHA512
7450b90e750e0db61d109b04d96293a466ad356a584579c8ff3fcea1892ead4fa397dd71589c0e6ac9ebaea7c64a427a01eb44f4167fcb5aec73f2a5fa440b84

Download Submit
C:\Windows\System\HeaOqzy.exe

Filesize
1.8MB

MD5
79a570c1ab8424880a1527b54ece50e9

SHA1
feeaa32cdc80d0593fda27fa3b2cfcb328a82792

SHA256
031481dfbdca22fe05860bee595f73422b2dd954edd2018da16d8ee8eeb8f731

SHA512
5ceecbb79be63555eb3aa085bdc248dbf52fdbb274a7cdcf87d4fb6998431403cf870ce660116c7fcd21680b38bbd048978277203694a1cd39ebe2b75563a865

Download Submit
C:\Windows\System\JVAVouY.exe

Filesize
1.8MB

MD5
a91fa445a65cbef43597ec9117b989bb

SHA1
de501b94b908baccfdf2a1d1755f4dc5e91f0380

SHA256
526e65836a644ce01fb34e20297630c4571fdc40a3995da339bf14e55ea17e14

SHA512
5f991f73d995d939d8486557d589149c26c729e88288e839c1dee6a550b979b296fda6db3cc838390493fbb90908ae1025d17e4007e87a900827f2164795c361

Download Submit
C:\Windows\System\KappaCR.exe

Filesize
1.8MB

MD5
4e30e396688a74f6d6fd9f204b50a7fa

SHA1
f4771116203199bbe447b788fe2768ba6e5f0612

SHA256
bd5460fd2e727ef63bfce4b18fa64712f226de2d9ebb2331b1a685d0df8cf497

SHA512
710dfcc955a756114fbb10449866e1f71eeacb69ce469445a7ed027399efb1e6637ef1f73290be5faa934ec391578d67afbdd195a4c8d28bbbd0d60417e37597

Download Submit
C:\Windows\System\McIUYlf.exe

Filesize
1.8MB

MD5
665aab7772c79bc164d2b35277b5d57c

SHA1
8ac92787e5854b02c81766d4540f2167a116f474

SHA256
f422b3bdce465a98e3bd927bcfdeaa7f7cb293735d36d5a32e2e70d5f81ebf62

SHA512
290b3079ae90ecf416a601d4b985b3f95c7e310775c745e322217162b9f2e6ac22dcadec0596ddd9686e8256af71a9369e38b24ac67f75bb5246b99537ae4ea4

Download Submit
C:\Windows\System\PRrAuWs.exe

Filesize
1.8MB

MD5
6ca5d037a4f720f0a14d8c4b7cc1d65d

SHA1
227e8990d49232aab1e2702e8571c792efaae703

SHA256
36d3f106a97c3404cf6e27fa5adfd643ec074dc61ac350e084c3f0761c77d011

SHA512
c056c245da55bb97dc18118525f7b6c64247d257aa1a4e4f4f5541f8b6bdede60944befd838bf1ffad09b6f761bdd4df79e0bf9186d8d905737598fc3dcd59ea

Download Submit
C:\Windows\System\QkfikXB.exe

Filesize
1.8MB

MD5
33a7d9a7f2915bab945a3f9effffbcc5

SHA1
3c3e01d6375a589410b983e01ecc030d0583bc5c

SHA256
4eb67a895ece81ea00b32edbb7229248e15fac7c665358b7ab716ca334539590

SHA512
67f4834c8f4021e7171e9b512d14804a73540afc3e0686fc1ccc64768bce675bee8420da5e2e9bcdb7320d36d42f52dfe9b6eadbe53ce4daa80079d4f39ac5ce

Download Submit
C:\Windows\System\RERxsGb.exe

Filesize
1.8MB

MD5
e9658210268bce3485e7542fb6cd7354

SHA1
e659f92819aaa26701a9006165d7156be0fed135

SHA256
ea517dbd5c40287e3069b3c84eb3e341b4a01a165a1eaaa70312e87b43155d25

SHA512
b91fd8715c294eb924d8535390c0d0fe93ccb44f82fdafd115b186bd668c61316b1ad701bde7292dc98d3ff40fa31ba140114d121132e7b72d8c95fcb3ebd363

Download Submit
C:\Windows\System\SvWPtFa.exe

Filesize
1.8MB

MD5
02c1b799f0d72229aa62463f2db2fa61

SHA1
67564fbd22ebbbd13f3c3c4947022fe52baa8b71

SHA256
5e10603c11d636d94bafed7564b7b52799d6a1dd55f5236148194e8f5b253588

SHA512
4f6f1ff17d975ae405d50d87cf60acb44ddeab4a00cf9cb3dca61be51948099788405af4198ff45f70649760a18ee4f806ca47e1689773e8c8f7eac600698366

Download Submit
C:\Windows\System\TjLxQlA.exe

Filesize
1.8MB

MD5
018db2954a25b61dc88a3ba9eddf0288

SHA1
8076640119d746b4833eecc3114eead099997c88

SHA256
8c35210573f1bb47b66335407aa5865a28816068b5bb820ae0b807ee5faefd7f

SHA512
835c56ea8f1474de6f662a6694028b7c1ebf00c6929a439822c6d1b39e9100612111db94bb22776d8bedd6e539776c147b428986c8fae0faed2377ce51eb5958

Download Submit
C:\Windows\System\UWqzDgf.exe

Filesize
1.8MB

MD5
51cb33dd28ea9c210b99ad21b3f5d36f

SHA1
ff3745959ad6439cdc03bddb857e3a492db32e8b

SHA256
d4cbb1c2023efdda44debcd0de13b35921c10db44a1e2358b592734406095b8b

SHA512
919fcf575b1fe09e14ed29eee34c51aa1a28791b3706488ab886aaefe80fdf2ed5951a51af72ad9b8edb22052fb4ccbdfe52bdf35df80d48560f4692eada4ae8

Download Submit
C:\Windows\System\WvKAzNP.exe

Filesize
1.8MB

MD5
59b8cc70cf084cda8bcddbb18e656250

SHA1
47f643204037bc6ad35845141c85777198b03c36

SHA256
16f3da2a5ae0cc13833aab0387fc6b42bb1f8599b3f7edb61ca75a581619910b

SHA512
7888ceac7a4745abdd418f296c0bb9199a26a255d9d57f5718cfae0c0acecbe1d9dfc08e62617c560dc4c5a732be36d832f858d3315b03f4bc792248b2459731

Download Submit
C:\Windows\System\YTVndIK.exe

Filesize
1.8MB

MD5
1920d4f25895cc103b25dd272118ab5e

SHA1
740c19d2be35e0c7cc3a9c76cd05bbb38b68a1ce

SHA256
35136892b1f1ff3fca8429495379adb02a573efda981476b494700fc9eedd903

SHA512
9c4a510ab3f6310aa05a50f72a87c95963e2cfe9dbdda550c7895b00874d1b7f945e9c2ee498c5eaaa96233460ea3bc5624782c74eb014133b153706b9265186

Download Submit
C:\Windows\System\cQTnUlV.exe

Filesize
1.8MB

MD5
0fbef333662e2784bb6d85958339a7f0

SHA1
75b481a19aaf7becd8d375d5901d2d8c7b3e92c0

SHA256
183c4630ee68fefc013c70828bbedb10e4bcec577ba113e0d2779736c484b599

SHA512
329fd8de04d47d31cf2ed49e932ce042f0f98c48a3f715b807c5f200f7d214c819efa3111730bb0fb712ff45cf5380d0b427efc73f0da3d8cd66e4faa6429f34

Download Submit
C:\Windows\System\dHKwmpb.exe

Filesize
1.8MB

MD5
ed5bf9af6394ba46c1ffcf219228d97f

SHA1
210e8a49cddcf977f12d71cff923bf24778f1f8a

SHA256
894272a77e05261995f9ff2575cbdc1e0205a908fb58ad7ca2e27a7751597e15

SHA512
025294d32f3bf10cea9d99d9b28981193d98ac5388d69a0586e793bbb81c54ca843c3bc5e6c9b80ae97d2d3991101d6a4a71d580fe5243228a3cd1ffcc147096

Download Submit
C:\Windows\System\dNJhSJx.exe

Filesize
1.8MB

MD5
d59f3bf949518aa3db102c0d579e4f4e

SHA1
94c47cf462f20721ead15cc7af528d11a4a24941

SHA256
a40fb912c943dac6ddf1e7be23363f5458e108e343da18e121c312ae0df02894

SHA512
c54e741c7a04195c8d28a356790827e9cda41371f0d5b73ce36db4892067115c03346a0447155b91a7974fff1248b29d5f5301a179e95ec66482948d8317b51c

Download Submit
C:\Windows\System\erjggTh.exe

Filesize
1.8MB

MD5
d109617481e019b35ad9e9944fdb3a62

SHA1
ab3cc6be408e7b610d49e9fe7037c3f8a0966404

SHA256
99fb52a157e94fbd6489ab2eebb00af858e552769d44edce56d367a8701819c4

SHA512
fef9d0d5240ee283de96f3fc041a41e72129e4e4bfd73ec7c6a69b6843036922b7cdafbf651cf4646af6b43f990291891bbb053d79a88476449a42a9c0fe2be0

Download Submit
C:\Windows\System\jpEKfhP.exe

Filesize
1.8MB

MD5
de474f3a779a6dfbe00b75b759d8e599

SHA1
9ed1fc0da3727285a4cbb3db905516ae9f95c1e1

SHA256
cf600d6ac4f3a87a027aa65ef99bdbedd82d8a820a8034ba86585bb18f5cff6a

SHA512
6e6d7ebb29ecf49146b3118d7a7ee517ccb0612c43081dc20b0f21a1ac7ffb3e2c4087b0070c1c4167d0cd989a22a2ed8905a015b4c81e3ece8dad18212494d0

Download Submit
C:\Windows\System\jrFTUFc.exe

Filesize
1.8MB

MD5
5993add77fdc3da5182c05f1fac139ab

SHA1
0efd177dcb74bcc79433722fefe57755979cd14f

SHA256
fabd40f33d44eb28a8749d3e504c9981964d504e2321a385d50c716ba42c53f5

SHA512
5acc878b4288b7c0363da624dec90690c5658dae2d8463e6900fb9fd058093f9f5dca5f9005d13fe2c26aae11953c9a198928e4ad226cdf8336f23690cd43f18

Download Submit
C:\Windows\System\kAiMBwD.exe

Filesize
1.8MB

MD5
f0d5491775ed6bb551e78dc328f5f4a2

SHA1
cea0c8c516b4a1f5ce96f35526b374d69f101bad

SHA256
a1f18eed35b8968a53bd8d30cb035afea85db58deda5343710d4a52d604e8bb8

SHA512
639d488e747e133fb7c7882aa68a0c9f689b2903f915a69be9ab6aac419e0a487a0ae0dbae5acfc2c5482d8a9c16d4bda48c39a1045df2d19a6dbd0c913520f7

Download Submit
C:\Windows\System\mOupJeb.exe

Filesize
1.8MB

MD5
43f74a07c78c62163e0c73658931b744

SHA1
6588725769e4f4f810671065a6350e01c20d44e9

SHA256
e0dee7cb4881fc25cccdeb8cd51db7dcbddca80a41694f77b9e00ddda8494cbe

SHA512
a5027a5976d5469cd37dffbd1aea104a26fd20b953e79a8ea8c7b0db4b01fb099db171a04f63f17c03f5cb6dd3e13d87b0947e0e3c7a9b2d6e1fc057866c0586

Download Submit
C:\Windows\System\mlDIJBh.exe

Filesize
1.8MB

MD5
873e1ffdd6ee168e8121aced0e3963cd

SHA1
8b2229b245ad9d18b07c0adaf96edca784e38f72

SHA256
93a700af3650e37de9d6a54110d79696de4d4d9fd3d387029ded70f4ecbd0ab4

SHA512
261cf99fe672e5b6dead824af7f32fa5805136aba072b9381f5439a4dfddf0b826ce5b5fcd89da196fdd7d44459ce995f6f637d0dc532f43237169fa9a654568

Download Submit
C:\Windows\System\nisKJTf.exe

Filesize
1.8MB

MD5
7734caa5e5c2336ec85eb8b9ec98a9c9

SHA1
6c37c2783e7b30c2ddd98e91f53a38f325c4253a

SHA256
6dfbdfa2e05cd603be8a5fde4eb5f143d11825788ce6b2be74c4f46f562d0e1e

SHA512
8c916d07ec06ce6dcad28d80fde8ecfe515c790df49f7b99adcad6353db9303ded2f6d45922d5f73ffbad2634f28b5557cac8f02437635506a23d3d3d1ea1277

Download Submit
C:\Windows\System\pyYhEUr.exe

Filesize
1.8MB

MD5
d6fd398c028e0cdfb5cb6cc8fe294282

SHA1
a49d3d66d5b103efc3881b48c744ffefbee72940

SHA256
2aafb65d2e657baef9d61139d73edc00ded5e8d00a95d3c5dec4913b7214c27e

SHA512
96b6da7701f5d5a5173fa48abd8136e469eea097c8d318f1f1aa98586508492d7effae7387132196a55ee559aca0b55261fa3276fae763e8728403cf372c3ca9

Download Submit
C:\Windows\System\qUNNTFA.exe

Filesize
1.8MB

MD5
0fed93fb71c79fe54f497a9121f41c29

SHA1
d7895877d46e46a3e3df60f761066655b19ddaa0

SHA256
008fde7d77efb9a17ab05b7359030d4046b085d1a71c3ac058174cec20128217

SHA512
c316db6b786b07fbd4d59c315df0e21ac542cb72cdd20d56b9f971a8460951da66e77e760d545c2c50c38d39801dabc1eb9aa98fc66aa66ecda738fe9cc2cced

Download Submit
C:\Windows\System\qaxvstM.exe

Filesize
1.8MB

MD5
8d28ea2b7a1f2af64f01e4f3d433f617

SHA1
2ce0d24d4e090c58c40b5d745fc490dd2d5f1c86

SHA256
ab5df27b1b3b4e66498e04798c4f1d56574d04ad9d246e691c84c0bd318d139c

SHA512
52a9fb215ee6af121eb7a1c62877844bef03e14289b259cddcf5ee93143c5f942ca3ae8c1e85a98c819e0bd5ce6d4cbcc27be8b46ff9e0621c0eea158b976789

Download Submit
C:\Windows\System\vXbPKuO.exe

Filesize
1.8MB

MD5
b44cc74289f440ac6a1003f96b7394d5

SHA1
e0fdd4ceb6ff63c478aa426156a4c2675d898b59

SHA256
b6a76d93b0077e0607972fa3d72c0c006b9733925f8c208cdb992e66dee9c551

SHA512
3d3b6c6d1472a8944b1bdc0d42e3ac9fdd4b8974f739b1550b1aaccfd67e11676712842814681b8f51f7c9c1c610be8ebcc8f9448626547eb02d4a0ec4ad6b8e

Download Submit
C:\Windows\System\wilAtct.exe

Filesize
1.8MB

MD5
0e593b74ec9fa8b9b228647cc8664df8

SHA1
d6a54ee0f36311d51d480b527c0f5e219903184e

SHA256
3012ea6427373b73e5246dcd9bc3142c2ed5e4c6ea4da8f08f8179330e1d046c

SHA512
ee59cfe8a613c94b62115f68afa9e4d93b72cc828a75ed9eb91f0320d1a26d8d128c8c6e36a78b97df6a62f01aecc92b7663ef41bfa5df0dbce79df757eec051

Download Submit
C:\Windows\System\ySmpYTD.exe

Filesize
1.8MB

MD5
34f22fe94705bd0adacae1fa07536edf

SHA1
4a925bde6022162fe1c96289efff2c3c6dc9b8e2

SHA256
c851871653252625018487edc1f1da12e66f8902f2befdf1422c0f902238c080

SHA512
55f179aa35697e330c8cb0ad229d5a9c9c26372e5a0b358175380a2ca8da5db00c6ad9ae9d918e1e99da1649d59694a345bd7629b505d54150b9276e58865a2b

Download Submit
C:\Windows\System\yWiQpkO.exe

Filesize
1.8MB

MD5
85850e26ee8ff7c4799ad2a89e4285c8

SHA1
96ff5633b22c429b9e51ce06c8f08c1feefb15fc

SHA256
ac959f1266ed9d50ae47579e919b7c19366d627376364db4a20267340ab3a6aa

SHA512
cb44f98aa1a289d8a80577804decdfb7e1303a335872a0bf5d88e68e32af55275cb39d7dc8e9a54a19b030f34d538d6c203220388a0b90cdde5da545f624b3a6

Download Submit
memory/996-0-0x00007FF738180000-0x00007FF7384D4000-memory.dmp

Filesize
3.3MB

Download
memory/996-1-0x0000020182B50000-0x0000020182B60000-memory.dmp

Filesize
64KB

Download
memory/996-1566-0x00007FF738180000-0x00007FF7384D4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2139-0x00007FF7463E0000-0x00007FF746734000-memory.dmp

Filesize
3.3MB

Download
memory/1288-17-0x00007FF7463E0000-0x00007FF746734000-memory.dmp

Filesize
3.3MB

Download
memory/1812-67-0x00007FF7F2070000-0x00007FF7F23C4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-2148-0x00007FF7F2070000-0x00007FF7F23C4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2161-0x00007FF636750000-0x00007FF636AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-569-0x00007FF636750000-0x00007FF636AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2150-0x00007FF7C0530000-0x00007FF7C0884000-memory.dmp

Filesize
3.3MB

Download
memory/2100-53-0x00007FF7C0530000-0x00007FF7C0884000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2134-0x00007FF7C0530000-0x00007FF7C0884000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2002-0x00007FF7A4580000-0x00007FF7A48D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2137-0x00007FF7A4580000-0x00007FF7A48D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-14-0x00007FF7A4580000-0x00007FF7A48D4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2165-0x00007FF6923A0000-0x00007FF6926F4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-604-0x00007FF6923A0000-0x00007FF6926F4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2147-0x00007FF6398C0000-0x00007FF639C14000-memory.dmp

Filesize
3.3MB

Download
memory/2300-73-0x00007FF6398C0000-0x00007FF639C14000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2135-0x00007FF6398C0000-0x00007FF639C14000-memory.dmp

Filesize
3.3MB

Download
memory/2324-568-0x00007FF666740000-0x00007FF666A94000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2160-0x00007FF666740000-0x00007FF666A94000-memory.dmp

Filesize
3.3MB

Download
memory/2360-547-0x00007FF7B9590000-0x00007FF7B98E4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-2153-0x00007FF7B9590000-0x00007FF7B98E4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2155-0x00007FF70FD00000-0x00007FF710054000-memory.dmp

Filesize
3.3MB

Download
memory/2916-554-0x00007FF70FD00000-0x00007FF710054000-memory.dmp

Filesize
3.3MB

Download
memory/3068-543-0x00007FF737760000-0x00007FF737AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2152-0x00007FF737760000-0x00007FF737AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2149-0x00007FF7D7890000-0x00007FF7D7BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-78-0x00007FF7D7890000-0x00007FF7D7BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2136-0x00007FF7D7890000-0x00007FF7D7BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-2151-0x00007FF74D1F0000-0x00007FF74D544000-memory.dmp

Filesize
3.3MB

Download
memory/3280-540-0x00007FF74D1F0000-0x00007FF74D544000-memory.dmp

Filesize
3.3MB

Download
memory/3284-2154-0x00007FF61F270000-0x00007FF61F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3284-550-0x00007FF61F270000-0x00007FF61F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3476-2142-0x00007FF71DE20000-0x00007FF71E174000-memory.dmp

Filesize
3.3MB

Download
memory/3476-2132-0x00007FF71DE20000-0x00007FF71E174000-memory.dmp

Filesize
3.3MB

Download
memory/3476-29-0x00007FF71DE20000-0x00007FF71E174000-memory.dmp

Filesize
3.3MB

Download
memory/3512-595-0x00007FF6ECA80000-0x00007FF6ECDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2164-0x00007FF6ECA80000-0x00007FF6ECDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-565-0x00007FF699480000-0x00007FF6997D4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-2159-0x00007FF699480000-0x00007FF6997D4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2146-0x00007FF739CF0000-0x00007FF73A044000-memory.dmp

Filesize
3.3MB

Download
memory/4040-610-0x00007FF739CF0000-0x00007FF73A044000-memory.dmp

Filesize
3.3MB

Download
memory/4064-537-0x00007FF7C0CD0000-0x00007FF7C1024000-memory.dmp

Filesize
3.3MB

Download
memory/4064-2145-0x00007FF7C0CD0000-0x00007FF7C1024000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2162-0x00007FF729290000-0x00007FF7295E4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-587-0x00007FF729290000-0x00007FF7295E4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2133-0x00007FF6F54A0000-0x00007FF6F57F4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-62-0x00007FF6F54A0000-0x00007FF6F57F4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2144-0x00007FF6F54A0000-0x00007FF6F57F4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-584-0x00007FF7E1A20000-0x00007FF7E1D74000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2156-0x00007FF7E1A20000-0x00007FF7E1D74000-memory.dmp

Filesize
3.3MB

Download
memory/4680-596-0x00007FF7B80A0000-0x00007FF7B83F4000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2163-0x00007FF7B80A0000-0x00007FF7B83F4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2138-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-26-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2140-0x00007FF665990000-0x00007FF665CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-48-0x00007FF665990000-0x00007FF665CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-557-0x00007FF722ED0000-0x00007FF723224000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2157-0x00007FF722ED0000-0x00007FF723224000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2158-0x00007FF73EC60000-0x00007FF73EFB4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-574-0x00007FF73EC60000-0x00007FF73EFB4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-52-0x00007FF790A70000-0x00007FF790DC4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2141-0x00007FF790A70000-0x00007FF790DC4000-memory.dmp

Filesize
3.3MB

Download
memory/5112-66-0x00007FF6DE890000-0x00007FF6DEBE4000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2143-0x00007FF6DE890000-0x00007FF6DEBE4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads