xmrig | b0d30b63af0436dd445ca65dd0b22758e5d1549b9b7ef8a293607475231e6f32

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
Size

1.8MB
MD5

3e286a871d0d8e7fe37be5eb4940fc50
SHA1

60ab47bccc2f88ecf8ddb266806a451cba4b7173
SHA256

b0d30b63af0436dd445ca65dd0b22758e5d1549b9b7ef8a293607475231e6f32
SHA512

4e69462c24464735aa737854d32389e5397acd2176b2bf562fdbfe65abf3dd40f69b57ada362456999df1b72cf7fce137f02cd753ee945be549a4792f3225bb0
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpuzBF6727XL1+KvSjsvZJQ:BezaTF8FcNkNdfE0pZ9ozt4wIQHxx4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/632-0-0x00007FF7E6100000-0x00007FF7E6454000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-7.dat	xmrig
behavioral2/files/0x0008000000023410-9.dat	xmrig
behavioral2/files/0x0007000000023276-10.dat	xmrig
behavioral2/memory/5080-24-0x00007FF64FDE0000-0x00007FF650134000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-36.dat	xmrig
behavioral2/files/0x0007000000023419-61.dat	xmrig
behavioral2/files/0x000700000002341c-73.dat	xmrig
behavioral2/files/0x0007000000023428-137.dat	xmrig
behavioral2/files/0x000700000002342d-158.dat	xmrig
behavioral2/memory/4716-687-0x00007FF626B90000-0x00007FF626EE4000-memory.dmp	xmrig
behavioral2/memory/2328-688-0x00007FF6B9860000-0x00007FF6B9BB4000-memory.dmp	xmrig
behavioral2/memory/3040-689-0x00007FF767DA0000-0x00007FF7680F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-166.dat	xmrig
behavioral2/files/0x000700000002342e-161.dat	xmrig
behavioral2/files/0x000700000002342c-156.dat	xmrig
behavioral2/files/0x000700000002342b-152.dat	xmrig
behavioral2/files/0x000700000002342a-147.dat	xmrig
behavioral2/files/0x0007000000023429-141.dat	xmrig
behavioral2/files/0x0007000000023427-131.dat	xmrig
behavioral2/files/0x0007000000023426-127.dat	xmrig
behavioral2/files/0x0007000000023425-122.dat	xmrig
behavioral2/files/0x0007000000023424-116.dat	xmrig
behavioral2/files/0x0007000000023423-112.dat	xmrig
behavioral2/files/0x0007000000023422-106.dat	xmrig
behavioral2/files/0x0007000000023421-99.dat	xmrig
behavioral2/files/0x0007000000023420-94.dat	xmrig
behavioral2/files/0x000700000002341f-91.dat	xmrig
behavioral2/files/0x000700000002341e-87.dat	xmrig
behavioral2/files/0x000700000002341d-81.dat	xmrig
behavioral2/files/0x000700000002341b-71.dat	xmrig
behavioral2/files/0x000700000002341a-67.dat	xmrig
behavioral2/files/0x0007000000023418-57.dat	xmrig
behavioral2/files/0x0007000000023417-51.dat	xmrig
behavioral2/files/0x0007000000023416-47.dat	xmrig
behavioral2/files/0x0007000000023414-39.dat	xmrig
behavioral2/files/0x0007000000023413-34.dat	xmrig
behavioral2/files/0x0007000000023412-26.dat	xmrig
behavioral2/memory/5104-16-0x00007FF654AE0000-0x00007FF654E34000-memory.dmp	xmrig
behavioral2/memory/1320-8-0x00007FF7ACD80000-0x00007FF7AD0D4000-memory.dmp	xmrig
behavioral2/memory/4936-690-0x00007FF6E2500000-0x00007FF6E2854000-memory.dmp	xmrig
behavioral2/memory/2524-691-0x00007FF795C70000-0x00007FF795FC4000-memory.dmp	xmrig
behavioral2/memory/764-692-0x00007FF758E70000-0x00007FF7591C4000-memory.dmp	xmrig
behavioral2/memory/4288-693-0x00007FF729660000-0x00007FF7299B4000-memory.dmp	xmrig
behavioral2/memory/4800-694-0x00007FF656870000-0x00007FF656BC4000-memory.dmp	xmrig
behavioral2/memory/3316-695-0x00007FF732740000-0x00007FF732A94000-memory.dmp	xmrig
behavioral2/memory/516-707-0x00007FF69FE10000-0x00007FF6A0164000-memory.dmp	xmrig
behavioral2/memory/4976-735-0x00007FF669C80000-0x00007FF669FD4000-memory.dmp	xmrig
behavioral2/memory/1444-740-0x00007FF7CAA20000-0x00007FF7CAD74000-memory.dmp	xmrig
behavioral2/memory/3268-748-0x00007FF72B340000-0x00007FF72B694000-memory.dmp	xmrig
behavioral2/memory/1180-749-0x00007FF750E80000-0x00007FF7511D4000-memory.dmp	xmrig
behavioral2/memory/4148-753-0x00007FF63AAB0000-0x00007FF63AE04000-memory.dmp	xmrig
behavioral2/memory/412-754-0x00007FF7BB710000-0x00007FF7BBA64000-memory.dmp	xmrig
behavioral2/memory/2900-755-0x00007FF6DF270000-0x00007FF6DF5C4000-memory.dmp	xmrig
behavioral2/memory/4924-759-0x00007FF712270000-0x00007FF7125C4000-memory.dmp	xmrig
behavioral2/memory/2436-761-0x00007FF668C20000-0x00007FF668F74000-memory.dmp	xmrig
behavioral2/memory/4432-762-0x00007FF6F7380000-0x00007FF6F76D4000-memory.dmp	xmrig
behavioral2/memory/812-756-0x00007FF66FCD0000-0x00007FF670024000-memory.dmp	xmrig
behavioral2/memory/440-745-0x00007FF67A400000-0x00007FF67A754000-memory.dmp	xmrig
behavioral2/memory/4012-727-0x00007FF68EAE0000-0x00007FF68EE34000-memory.dmp	xmrig
behavioral2/memory/2852-720-0x00007FF6DF7A0000-0x00007FF6DFAF4000-memory.dmp	xmrig
behavioral2/memory/3124-710-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp	xmrig
behavioral2/memory/2128-702-0x00007FF7867B0000-0x00007FF786B04000-memory.dmp	xmrig
behavioral2/memory/5080-2180-0x00007FF64FDE0000-0x00007FF650134000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1320	xYTglHp.exe
5104	GYJsDJj.exe
5080	pLFJDrl.exe
4432	yxoJBGt.exe
4716	WkVnNZB.exe
2328	HKnKOMc.exe
3040	gKHLllL.exe
4936	lXabPKZ.exe
2524	TIJOqay.exe
764	JzTVGSd.exe
4288	zVORvVj.exe
4800	MMgwBab.exe
3316	xgPAUlW.exe
2128	eNeURxK.exe
516	ymJIMNf.exe
3124	bgFtDuB.exe
2852	ckxYldt.exe
4012	ykUGKlg.exe
4976	VFwcoGT.exe
1444	SQdGpCf.exe
440	RrXlsLJ.exe
3268	xZdqWdg.exe
1180	BYnCgkd.exe
4148	ZAwmuPm.exe
412	upnqVSG.exe
2900	TmrjrZz.exe
812	pXyTzSG.exe
4924	WOojPHv.exe
2436	zXjMCfH.exe
2032	okzDghp.exe
1576	fSkjapU.exe
788	SjYURVn.exe
1584	MCZDlzu.exe
3276	ZsssYee.exe
3676	TdKRmco.exe
3068	SaXyTOs.exe
2276	zFgWSbI.exe
2316	OrQtAtA.exe
2988	LXCCfUd.exe
2528	GOjtpNi.exe
4948	JEsexxH.exe
2788	HzbFZaI.exe
5060	NpTYDfx.exe
1992	QtvOKfn.exe
380	QLdEUHC.exe
1504	oSfNdMj.exe
4628	uUvaPap.exe
2040	leGEXKy.exe
4024	eCXDPDz.exe
224	PXAfZLm.exe
3712	yyzmpxJ.exe
4356	BOBZyJQ.exe
4284	jAmnlGO.exe
1048	KadqawF.exe
3892	roiMZUZ.exe
3416	tiRhxTm.exe
4876	xNIIIQX.exe
1208	qNeopmw.exe
4812	kynUSZR.exe
4892	jcWGJLC.exe
2700	gMGFsiC.exe
4868	JAJUbtc.exe
3732	uANuDQD.exe
4704	WoGZGUe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/632-0-0x00007FF7E6100000-0x00007FF7E6454000-memory.dmp	upx
behavioral2/files/0x0007000000023411-7.dat	upx
behavioral2/files/0x0008000000023410-9.dat	upx
behavioral2/files/0x0007000000023276-10.dat	upx
behavioral2/memory/5080-24-0x00007FF64FDE0000-0x00007FF650134000-memory.dmp	upx
behavioral2/files/0x0007000000023415-36.dat	upx
behavioral2/files/0x0007000000023419-61.dat	upx
behavioral2/files/0x000700000002341c-73.dat	upx
behavioral2/files/0x0007000000023428-137.dat	upx
behavioral2/files/0x000700000002342d-158.dat	upx
behavioral2/memory/4716-687-0x00007FF626B90000-0x00007FF626EE4000-memory.dmp	upx
behavioral2/memory/2328-688-0x00007FF6B9860000-0x00007FF6B9BB4000-memory.dmp	upx
behavioral2/memory/3040-689-0x00007FF767DA0000-0x00007FF7680F4000-memory.dmp	upx
behavioral2/files/0x000700000002342f-166.dat	upx
behavioral2/files/0x000700000002342e-161.dat	upx
behavioral2/files/0x000700000002342c-156.dat	upx
behavioral2/files/0x000700000002342b-152.dat	upx
behavioral2/files/0x000700000002342a-147.dat	upx
behavioral2/files/0x0007000000023429-141.dat	upx
behavioral2/files/0x0007000000023427-131.dat	upx
behavioral2/files/0x0007000000023426-127.dat	upx
behavioral2/files/0x0007000000023425-122.dat	upx
behavioral2/files/0x0007000000023424-116.dat	upx
behavioral2/files/0x0007000000023423-112.dat	upx
behavioral2/files/0x0007000000023422-106.dat	upx
behavioral2/files/0x0007000000023421-99.dat	upx
behavioral2/files/0x0007000000023420-94.dat	upx
behavioral2/files/0x000700000002341f-91.dat	upx
behavioral2/files/0x000700000002341e-87.dat	upx
behavioral2/files/0x000700000002341d-81.dat	upx
behavioral2/files/0x000700000002341b-71.dat	upx
behavioral2/files/0x000700000002341a-67.dat	upx
behavioral2/files/0x0007000000023418-57.dat	upx
behavioral2/files/0x0007000000023417-51.dat	upx
behavioral2/files/0x0007000000023416-47.dat	upx
behavioral2/files/0x0007000000023414-39.dat	upx
behavioral2/files/0x0007000000023413-34.dat	upx
behavioral2/files/0x0007000000023412-26.dat	upx
behavioral2/memory/5104-16-0x00007FF654AE0000-0x00007FF654E34000-memory.dmp	upx
behavioral2/memory/1320-8-0x00007FF7ACD80000-0x00007FF7AD0D4000-memory.dmp	upx
behavioral2/memory/4936-690-0x00007FF6E2500000-0x00007FF6E2854000-memory.dmp	upx
behavioral2/memory/2524-691-0x00007FF795C70000-0x00007FF795FC4000-memory.dmp	upx
behavioral2/memory/764-692-0x00007FF758E70000-0x00007FF7591C4000-memory.dmp	upx
behavioral2/memory/4288-693-0x00007FF729660000-0x00007FF7299B4000-memory.dmp	upx
behavioral2/memory/4800-694-0x00007FF656870000-0x00007FF656BC4000-memory.dmp	upx
behavioral2/memory/3316-695-0x00007FF732740000-0x00007FF732A94000-memory.dmp	upx
behavioral2/memory/516-707-0x00007FF69FE10000-0x00007FF6A0164000-memory.dmp	upx
behavioral2/memory/4976-735-0x00007FF669C80000-0x00007FF669FD4000-memory.dmp	upx
behavioral2/memory/1444-740-0x00007FF7CAA20000-0x00007FF7CAD74000-memory.dmp	upx
behavioral2/memory/3268-748-0x00007FF72B340000-0x00007FF72B694000-memory.dmp	upx
behavioral2/memory/1180-749-0x00007FF750E80000-0x00007FF7511D4000-memory.dmp	upx
behavioral2/memory/4148-753-0x00007FF63AAB0000-0x00007FF63AE04000-memory.dmp	upx
behavioral2/memory/412-754-0x00007FF7BB710000-0x00007FF7BBA64000-memory.dmp	upx
behavioral2/memory/2900-755-0x00007FF6DF270000-0x00007FF6DF5C4000-memory.dmp	upx
behavioral2/memory/4924-759-0x00007FF712270000-0x00007FF7125C4000-memory.dmp	upx
behavioral2/memory/2436-761-0x00007FF668C20000-0x00007FF668F74000-memory.dmp	upx
behavioral2/memory/4432-762-0x00007FF6F7380000-0x00007FF6F76D4000-memory.dmp	upx
behavioral2/memory/812-756-0x00007FF66FCD0000-0x00007FF670024000-memory.dmp	upx
behavioral2/memory/440-745-0x00007FF67A400000-0x00007FF67A754000-memory.dmp	upx
behavioral2/memory/4012-727-0x00007FF68EAE0000-0x00007FF68EE34000-memory.dmp	upx
behavioral2/memory/2852-720-0x00007FF6DF7A0000-0x00007FF6DFAF4000-memory.dmp	upx
behavioral2/memory/3124-710-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp	upx
behavioral2/memory/2128-702-0x00007FF7867B0000-0x00007FF786B04000-memory.dmp	upx
behavioral2/memory/5080-2180-0x00007FF64FDE0000-0x00007FF650134000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RrXlsLJ.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\oKJscPS.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\qdvsZVA.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\QQsoxIn.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\ZKssCgf.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\qBStSAh.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\kXanArq.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\RWGyzqX.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\etNuDgA.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\epdLwSm.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\wnVvpQc.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\SQdGpCf.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\uWMOUNt.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\CGLQUhD.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\kacTbOf.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\gJFCQnd.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\ZTZuzQZ.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\YnnasPH.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\zYwnltF.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\qNeopmw.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\wivtBjL.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\egeGCBS.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\WBGugUc.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\WKtydqs.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\VFwcoGT.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\gXUEazG.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\ZGCQTjc.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\khVKnsl.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\EVarIdF.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\xZdqWdg.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\jcWGJLC.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\GVNXkob.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\nSaFqzu.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\EaJClVg.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\ocMPzHl.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\upnqVSG.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\TxEHkzP.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\vrDBjbx.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\wqWVHpD.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\wDskHvV.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\mADwoaU.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\rvhZEbd.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\Szdulhw.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\CtzSzcX.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\jNozwDS.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\DQBPZOc.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\THCmfXh.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\yyzmpxJ.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\kcLNxDv.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\jfzOcuM.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\JRkfHVI.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\FadMCJA.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\LHzbfkK.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\uUdsHOH.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\jDvUvDe.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\xBkaBCF.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\MZmvAjF.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\aCzqMlb.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\GDhOQBd.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\roiMZUZ.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\sNxrpAq.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\vSgvzcT.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\JqWeNXM.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
File created	C:\Windows\System\btkbatZ.exe	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13956	dwm.exe
Token: SeChangeNotifyPrivilege	13956	dwm.exe
Token: 33	13956	dwm.exe
Token: SeIncBasePriorityPrivilege	13956	dwm.exe
Token: SeShutdownPrivilege	13956	dwm.exe
Token: SeCreatePagefilePrivilege	13956	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 1320	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	84
PID 632 wrote to memory of 1320	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	84
PID 632 wrote to memory of 5104	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	85
PID 632 wrote to memory of 5104	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	85
PID 632 wrote to memory of 5080	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	86
PID 632 wrote to memory of 5080	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	86
PID 632 wrote to memory of 4432	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	87
PID 632 wrote to memory of 4432	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	87
PID 632 wrote to memory of 4716	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	88
PID 632 wrote to memory of 4716	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	88
PID 632 wrote to memory of 2328	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	89
PID 632 wrote to memory of 2328	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	89
PID 632 wrote to memory of 3040	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	90
PID 632 wrote to memory of 3040	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	90
PID 632 wrote to memory of 4936	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	91
PID 632 wrote to memory of 4936	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	91
PID 632 wrote to memory of 2524	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	92
PID 632 wrote to memory of 2524	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	92
PID 632 wrote to memory of 764	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	93
PID 632 wrote to memory of 764	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	93
PID 632 wrote to memory of 4288	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	94
PID 632 wrote to memory of 4288	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	94
PID 632 wrote to memory of 4800	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	95
PID 632 wrote to memory of 4800	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	95
PID 632 wrote to memory of 3316	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	96
PID 632 wrote to memory of 3316	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	96
PID 632 wrote to memory of 2128	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	97
PID 632 wrote to memory of 2128	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	97
PID 632 wrote to memory of 516	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	98
PID 632 wrote to memory of 516	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	98
PID 632 wrote to memory of 3124	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	99
PID 632 wrote to memory of 3124	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	99
PID 632 wrote to memory of 2852	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	100
PID 632 wrote to memory of 2852	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	100
PID 632 wrote to memory of 4012	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	101
PID 632 wrote to memory of 4012	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	101
PID 632 wrote to memory of 4976	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	102
PID 632 wrote to memory of 4976	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	102
PID 632 wrote to memory of 1444	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	103
PID 632 wrote to memory of 1444	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	103
PID 632 wrote to memory of 440	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	104
PID 632 wrote to memory of 440	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	104
PID 632 wrote to memory of 3268	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	105
PID 632 wrote to memory of 3268	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	105
PID 632 wrote to memory of 1180	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	106
PID 632 wrote to memory of 1180	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	106
PID 632 wrote to memory of 4148	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	107
PID 632 wrote to memory of 4148	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	107
PID 632 wrote to memory of 412	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	108
PID 632 wrote to memory of 412	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	108
PID 632 wrote to memory of 2900	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	109
PID 632 wrote to memory of 2900	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	109
PID 632 wrote to memory of 812	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	110
PID 632 wrote to memory of 812	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	110
PID 632 wrote to memory of 4924	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	111
PID 632 wrote to memory of 4924	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	111
PID 632 wrote to memory of 2436	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	112
PID 632 wrote to memory of 2436	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	112
PID 632 wrote to memory of 2032	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	113
PID 632 wrote to memory of 2032	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	113
PID 632 wrote to memory of 1576	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	114
PID 632 wrote to memory of 1576	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	114
PID 632 wrote to memory of 788	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	115
PID 632 wrote to memory of 788	632	3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3e286a871d0d8e7fe37be5eb4940fc50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\System\xYTglHp.exe
  C:\Windows\System\xYTglHp.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\GYJsDJj.exe
  C:\Windows\System\GYJsDJj.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\pLFJDrl.exe
  C:\Windows\System\pLFJDrl.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\yxoJBGt.exe
  C:\Windows\System\yxoJBGt.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\WkVnNZB.exe
  C:\Windows\System\WkVnNZB.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\HKnKOMc.exe
  C:\Windows\System\HKnKOMc.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\gKHLllL.exe
  C:\Windows\System\gKHLllL.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\lXabPKZ.exe
  C:\Windows\System\lXabPKZ.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\TIJOqay.exe
  C:\Windows\System\TIJOqay.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\JzTVGSd.exe
  C:\Windows\System\JzTVGSd.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\zVORvVj.exe
  C:\Windows\System\zVORvVj.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\MMgwBab.exe
  C:\Windows\System\MMgwBab.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\xgPAUlW.exe
  C:\Windows\System\xgPAUlW.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\eNeURxK.exe
  C:\Windows\System\eNeURxK.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ymJIMNf.exe
  C:\Windows\System\ymJIMNf.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\bgFtDuB.exe
  C:\Windows\System\bgFtDuB.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\ckxYldt.exe
  C:\Windows\System\ckxYldt.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ykUGKlg.exe
  C:\Windows\System\ykUGKlg.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\VFwcoGT.exe
  C:\Windows\System\VFwcoGT.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\SQdGpCf.exe
  C:\Windows\System\SQdGpCf.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\RrXlsLJ.exe
  C:\Windows\System\RrXlsLJ.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\xZdqWdg.exe
  C:\Windows\System\xZdqWdg.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\BYnCgkd.exe
  C:\Windows\System\BYnCgkd.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\ZAwmuPm.exe
  C:\Windows\System\ZAwmuPm.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\upnqVSG.exe
  C:\Windows\System\upnqVSG.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\TmrjrZz.exe
  C:\Windows\System\TmrjrZz.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\pXyTzSG.exe
  C:\Windows\System\pXyTzSG.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\WOojPHv.exe
  C:\Windows\System\WOojPHv.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\zXjMCfH.exe
  C:\Windows\System\zXjMCfH.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\okzDghp.exe
  C:\Windows\System\okzDghp.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\fSkjapU.exe
  C:\Windows\System\fSkjapU.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\SjYURVn.exe
  C:\Windows\System\SjYURVn.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\MCZDlzu.exe
  C:\Windows\System\MCZDlzu.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\ZsssYee.exe
  C:\Windows\System\ZsssYee.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\TdKRmco.exe
  C:\Windows\System\TdKRmco.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\SaXyTOs.exe
  C:\Windows\System\SaXyTOs.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\zFgWSbI.exe
  C:\Windows\System\zFgWSbI.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\OrQtAtA.exe
  C:\Windows\System\OrQtAtA.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\LXCCfUd.exe
  C:\Windows\System\LXCCfUd.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\GOjtpNi.exe
  C:\Windows\System\GOjtpNi.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\JEsexxH.exe
  C:\Windows\System\JEsexxH.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\HzbFZaI.exe
  C:\Windows\System\HzbFZaI.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\NpTYDfx.exe
  C:\Windows\System\NpTYDfx.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\QtvOKfn.exe
  C:\Windows\System\QtvOKfn.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\QLdEUHC.exe
  C:\Windows\System\QLdEUHC.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\oSfNdMj.exe
  C:\Windows\System\oSfNdMj.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\uUvaPap.exe
  C:\Windows\System\uUvaPap.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\leGEXKy.exe
  C:\Windows\System\leGEXKy.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\eCXDPDz.exe
  C:\Windows\System\eCXDPDz.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\PXAfZLm.exe
  C:\Windows\System\PXAfZLm.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\yyzmpxJ.exe
  C:\Windows\System\yyzmpxJ.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\BOBZyJQ.exe
  C:\Windows\System\BOBZyJQ.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\jAmnlGO.exe
  C:\Windows\System\jAmnlGO.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\KadqawF.exe
  C:\Windows\System\KadqawF.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\roiMZUZ.exe
  C:\Windows\System\roiMZUZ.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\tiRhxTm.exe
  C:\Windows\System\tiRhxTm.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\xNIIIQX.exe
  C:\Windows\System\xNIIIQX.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\qNeopmw.exe
  C:\Windows\System\qNeopmw.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\kynUSZR.exe
  C:\Windows\System\kynUSZR.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\jcWGJLC.exe
  C:\Windows\System\jcWGJLC.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\gMGFsiC.exe
  C:\Windows\System\gMGFsiC.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\JAJUbtc.exe
  C:\Windows\System\JAJUbtc.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\uANuDQD.exe
  C:\Windows\System\uANuDQD.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\WoGZGUe.exe
  C:\Windows\System\WoGZGUe.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\GgwMpnR.exe
  C:\Windows\System\GgwMpnR.exe
  2⤵
  PID:3568
- C:\Windows\System\BKKbFiX.exe
  C:\Windows\System\BKKbFiX.exe
  2⤵
  PID:4636
- C:\Windows\System\qZqoYYV.exe
  C:\Windows\System\qZqoYYV.exe
  2⤵
  PID:2748
- C:\Windows\System\kcLNxDv.exe
  C:\Windows\System\kcLNxDv.exe
  2⤵
  PID:2380
- C:\Windows\System\DyhsxBQ.exe
  C:\Windows\System\DyhsxBQ.exe
  2⤵
  PID:4404
- C:\Windows\System\cxNWjIT.exe
  C:\Windows\System\cxNWjIT.exe
  2⤵
  PID:4032
- C:\Windows\System\fNkSAgK.exe
  C:\Windows\System\fNkSAgK.exe
  2⤵
  PID:428
- C:\Windows\System\nlgvggn.exe
  C:\Windows\System\nlgvggn.exe
  2⤵
  PID:4548
- C:\Windows\System\rCkyaKZ.exe
  C:\Windows\System\rCkyaKZ.exe
  2⤵
  PID:3812
- C:\Windows\System\vpwgHJy.exe
  C:\Windows\System\vpwgHJy.exe
  2⤵
  PID:4852
- C:\Windows\System\qxyaVOM.exe
  C:\Windows\System\qxyaVOM.exe
  2⤵
  PID:2072
- C:\Windows\System\lypJDkZ.exe
  C:\Windows\System\lypJDkZ.exe
  2⤵
  PID:4452
- C:\Windows\System\UvyPkHg.exe
  C:\Windows\System\UvyPkHg.exe
  2⤵
  PID:3244
- C:\Windows\System\pVaXzpv.exe
  C:\Windows\System\pVaXzpv.exe
  2⤵
  PID:4464
- C:\Windows\System\WmnVtOc.exe
  C:\Windows\System\WmnVtOc.exe
  2⤵
  PID:4872
- C:\Windows\System\uWMOUNt.exe
  C:\Windows\System\uWMOUNt.exe
  2⤵
  PID:2792
- C:\Windows\System\wGYvMEB.exe
  C:\Windows\System\wGYvMEB.exe
  2⤵
  PID:3192
- C:\Windows\System\nxNVBZz.exe
  C:\Windows\System\nxNVBZz.exe
  2⤵
  PID:5124
- C:\Windows\System\CkLgHQL.exe
  C:\Windows\System\CkLgHQL.exe
  2⤵
  PID:5152
- C:\Windows\System\tnwMZzv.exe
  C:\Windows\System\tnwMZzv.exe
  2⤵
  PID:5188
- C:\Windows\System\XEGGDkJ.exe
  C:\Windows\System\XEGGDkJ.exe
  2⤵
  PID:5216
- C:\Windows\System\paElVoP.exe
  C:\Windows\System\paElVoP.exe
  2⤵
  PID:5244
- C:\Windows\System\gfadzPi.exe
  C:\Windows\System\gfadzPi.exe
  2⤵
  PID:5260
- C:\Windows\System\GVNXkob.exe
  C:\Windows\System\GVNXkob.exe
  2⤵
  PID:5288
- C:\Windows\System\ySZPzCi.exe
  C:\Windows\System\ySZPzCi.exe
  2⤵
  PID:5316
- C:\Windows\System\wMQfBQk.exe
  C:\Windows\System\wMQfBQk.exe
  2⤵
  PID:5344
- C:\Windows\System\gXUEazG.exe
  C:\Windows\System\gXUEazG.exe
  2⤵
  PID:5372
- C:\Windows\System\IsolRNR.exe
  C:\Windows\System\IsolRNR.exe
  2⤵
  PID:5400
- C:\Windows\System\rlazrRI.exe
  C:\Windows\System\rlazrRI.exe
  2⤵
  PID:5428
- C:\Windows\System\sDViRss.exe
  C:\Windows\System\sDViRss.exe
  2⤵
  PID:5456
- C:\Windows\System\uMnzFtu.exe
  C:\Windows\System\uMnzFtu.exe
  2⤵
  PID:5480
- C:\Windows\System\eaGwxLJ.exe
  C:\Windows\System\eaGwxLJ.exe
  2⤵
  PID:5508
- C:\Windows\System\mcHrviY.exe
  C:\Windows\System\mcHrviY.exe
  2⤵
  PID:5540
- C:\Windows\System\ymPpiwi.exe
  C:\Windows\System\ymPpiwi.exe
  2⤵
  PID:5568
- C:\Windows\System\CrZFdqr.exe
  C:\Windows\System\CrZFdqr.exe
  2⤵
  PID:5584
- C:\Windows\System\tvQyBhp.exe
  C:\Windows\System\tvQyBhp.exe
  2⤵
  PID:5612
- C:\Windows\System\HJkgSoo.exe
  C:\Windows\System\HJkgSoo.exe
  2⤵
  PID:5648
- C:\Windows\System\khfpKUB.exe
  C:\Windows\System\khfpKUB.exe
  2⤵
  PID:5680
- C:\Windows\System\AviMuVJ.exe
  C:\Windows\System\AviMuVJ.exe
  2⤵
  PID:5708
- C:\Windows\System\nPSjhfA.exe
  C:\Windows\System\nPSjhfA.exe
  2⤵
  PID:5736
- C:\Windows\System\sqeJYKH.exe
  C:\Windows\System\sqeJYKH.exe
  2⤵
  PID:5760
- C:\Windows\System\ZKssCgf.exe
  C:\Windows\System\ZKssCgf.exe
  2⤵
  PID:5792
- C:\Windows\System\wivtBjL.exe
  C:\Windows\System\wivtBjL.exe
  2⤵
  PID:5824
- C:\Windows\System\jfzOcuM.exe
  C:\Windows\System\jfzOcuM.exe
  2⤵
  PID:5848
- C:\Windows\System\QdyZzio.exe
  C:\Windows\System\QdyZzio.exe
  2⤵
  PID:5876
- C:\Windows\System\luezvcM.exe
  C:\Windows\System\luezvcM.exe
  2⤵
  PID:5904
- C:\Windows\System\GWKEBmU.exe
  C:\Windows\System\GWKEBmU.exe
  2⤵
  PID:5932
- C:\Windows\System\kxRlMEY.exe
  C:\Windows\System\kxRlMEY.exe
  2⤵
  PID:5960
- C:\Windows\System\DGjnbBJ.exe
  C:\Windows\System\DGjnbBJ.exe
  2⤵
  PID:5988
- C:\Windows\System\SLrUHUI.exe
  C:\Windows\System\SLrUHUI.exe
  2⤵
  PID:6016
- C:\Windows\System\tRMQeQc.exe
  C:\Windows\System\tRMQeQc.exe
  2⤵
  PID:6044
- C:\Windows\System\NbpXoNX.exe
  C:\Windows\System\NbpXoNX.exe
  2⤵
  PID:6072
- C:\Windows\System\MmGMZpb.exe
  C:\Windows\System\MmGMZpb.exe
  2⤵
  PID:6100
- C:\Windows\System\nSaFqzu.exe
  C:\Windows\System\nSaFqzu.exe
  2⤵
  PID:6128
- C:\Windows\System\wzpurMi.exe
  C:\Windows\System\wzpurMi.exe
  2⤵
  PID:4580
- C:\Windows\System\TaVQBUy.exe
  C:\Windows\System\TaVQBUy.exe
  2⤵
  PID:368
- C:\Windows\System\ZuFImZk.exe
  C:\Windows\System\ZuFImZk.exe
  2⤵
  PID:4920
- C:\Windows\System\TgglzcW.exe
  C:\Windows\System\TgglzcW.exe
  2⤵
  PID:1300
- C:\Windows\System\hDVpqNN.exe
  C:\Windows\System\hDVpqNN.exe
  2⤵
  PID:3548
- C:\Windows\System\nikrmyl.exe
  C:\Windows\System\nikrmyl.exe
  2⤵
  PID:3564
- C:\Windows\System\RRjqPHC.exe
  C:\Windows\System\RRjqPHC.exe
  2⤵
  PID:4664
- C:\Windows\System\MXmqDJv.exe
  C:\Windows\System\MXmqDJv.exe
  2⤵
  PID:5180
- C:\Windows\System\dEhfvzf.exe
  C:\Windows\System\dEhfvzf.exe
  2⤵
  PID:5232
- C:\Windows\System\dVYEnkB.exe
  C:\Windows\System\dVYEnkB.exe
  2⤵
  PID:5304
- C:\Windows\System\ANLNNCh.exe
  C:\Windows\System\ANLNNCh.exe
  2⤵
  PID:5360
- C:\Windows\System\ATjJpMm.exe
  C:\Windows\System\ATjJpMm.exe
  2⤵
  PID:5440
- C:\Windows\System\OCLyZKX.exe
  C:\Windows\System\OCLyZKX.exe
  2⤵
  PID:5504
- C:\Windows\System\XrtKpOJ.exe
  C:\Windows\System\XrtKpOJ.exe
  2⤵
  PID:5596
- C:\Windows\System\YYNxiFV.exe
  C:\Windows\System\YYNxiFV.exe
  2⤵
  PID:5664
- C:\Windows\System\KZhTaPy.exe
  C:\Windows\System\KZhTaPy.exe
  2⤵
  PID:316
- C:\Windows\System\uqTTniy.exe
  C:\Windows\System\uqTTniy.exe
  2⤵
  PID:5752
- C:\Windows\System\VlagTig.exe
  C:\Windows\System\VlagTig.exe
  2⤵
  PID:5820
- C:\Windows\System\cYikIpl.exe
  C:\Windows\System\cYikIpl.exe
  2⤵
  PID:5888
- C:\Windows\System\luhYJZq.exe
  C:\Windows\System\luhYJZq.exe
  2⤵
  PID:5948
- C:\Windows\System\lYvickC.exe
  C:\Windows\System\lYvickC.exe
  2⤵
  PID:6004
- C:\Windows\System\vRMBFlW.exe
  C:\Windows\System\vRMBFlW.exe
  2⤵
  PID:6084
- C:\Windows\System\xBkaBCF.exe
  C:\Windows\System\xBkaBCF.exe
  2⤵
  PID:6116
- C:\Windows\System\FWbnoih.exe
  C:\Windows\System\FWbnoih.exe
  2⤵
  PID:3308
- C:\Windows\System\qaHMcyi.exe
  C:\Windows\System\qaHMcyi.exe
  2⤵
  PID:4348
- C:\Windows\System\riXLlaE.exe
  C:\Windows\System\riXLlaE.exe
  2⤵
  PID:5140
- C:\Windows\System\hVwoiZF.exe
  C:\Windows\System\hVwoiZF.exe
  2⤵
  PID:5276
- C:\Windows\System\chObKSs.exe
  C:\Windows\System\chObKSs.exe
  2⤵
  PID:5468
- C:\Windows\System\qBStSAh.exe
  C:\Windows\System\qBStSAh.exe
  2⤵
  PID:5624
- C:\Windows\System\mqBSVTA.exe
  C:\Windows\System\mqBSVTA.exe
  2⤵
  PID:5728
- C:\Windows\System\gPOyjGo.exe
  C:\Windows\System\gPOyjGo.exe
  2⤵
  PID:6168
- C:\Windows\System\egeGCBS.exe
  C:\Windows\System\egeGCBS.exe
  2⤵
  PID:6196
- C:\Windows\System\TCgyNMG.exe
  C:\Windows\System\TCgyNMG.exe
  2⤵
  PID:6224
- C:\Windows\System\RAvPGGy.exe
  C:\Windows\System\RAvPGGy.exe
  2⤵
  PID:6252
- C:\Windows\System\IfReYtL.exe
  C:\Windows\System\IfReYtL.exe
  2⤵
  PID:6280
- C:\Windows\System\hAacMgv.exe
  C:\Windows\System\hAacMgv.exe
  2⤵
  PID:6308
- C:\Windows\System\ptaeqSM.exe
  C:\Windows\System\ptaeqSM.exe
  2⤵
  PID:6336
- C:\Windows\System\iGqQJxY.exe
  C:\Windows\System\iGqQJxY.exe
  2⤵
  PID:6364
- C:\Windows\System\axJREqT.exe
  C:\Windows\System\axJREqT.exe
  2⤵
  PID:6392
- C:\Windows\System\snRHdmz.exe
  C:\Windows\System\snRHdmz.exe
  2⤵
  PID:6420
- C:\Windows\System\SigiCrP.exe
  C:\Windows\System\SigiCrP.exe
  2⤵
  PID:6444
- C:\Windows\System\McwfKxq.exe
  C:\Windows\System\McwfKxq.exe
  2⤵
  PID:6476
- C:\Windows\System\szbWIkW.exe
  C:\Windows\System\szbWIkW.exe
  2⤵
  PID:6504
- C:\Windows\System\zOetUqn.exe
  C:\Windows\System\zOetUqn.exe
  2⤵
  PID:6532
- C:\Windows\System\kTZqppE.exe
  C:\Windows\System\kTZqppE.exe
  2⤵
  PID:6560
- C:\Windows\System\RBGYGgR.exe
  C:\Windows\System\RBGYGgR.exe
  2⤵
  PID:6588
- C:\Windows\System\nfpFUKy.exe
  C:\Windows\System\nfpFUKy.exe
  2⤵
  PID:6616
- C:\Windows\System\yfsPLvu.exe
  C:\Windows\System\yfsPLvu.exe
  2⤵
  PID:6644
- C:\Windows\System\SkcDNoo.exe
  C:\Windows\System\SkcDNoo.exe
  2⤵
  PID:6668
- C:\Windows\System\armNmyz.exe
  C:\Windows\System\armNmyz.exe
  2⤵
  PID:6696
- C:\Windows\System\QdfCCqj.exe
  C:\Windows\System\QdfCCqj.exe
  2⤵
  PID:6728
- C:\Windows\System\GNpDAer.exe
  C:\Windows\System\GNpDAer.exe
  2⤵
  PID:6752
- C:\Windows\System\uagegfy.exe
  C:\Windows\System\uagegfy.exe
  2⤵
  PID:6788
- C:\Windows\System\YSJYZwm.exe
  C:\Windows\System\YSJYZwm.exe
  2⤵
  PID:6812
- C:\Windows\System\jnqBLdz.exe
  C:\Windows\System\jnqBLdz.exe
  2⤵
  PID:6840
- C:\Windows\System\kXanArq.exe
  C:\Windows\System\kXanArq.exe
  2⤵
  PID:6868
- C:\Windows\System\jxrYiuY.exe
  C:\Windows\System\jxrYiuY.exe
  2⤵
  PID:6892
- C:\Windows\System\tqMBjjc.exe
  C:\Windows\System\tqMBjjc.exe
  2⤵
  PID:6924
- C:\Windows\System\gXMZrmT.exe
  C:\Windows\System\gXMZrmT.exe
  2⤵
  PID:6952
- C:\Windows\System\lWmEepc.exe
  C:\Windows\System\lWmEepc.exe
  2⤵
  PID:6980
- C:\Windows\System\DGaWsYm.exe
  C:\Windows\System\DGaWsYm.exe
  2⤵
  PID:7008
- C:\Windows\System\PBHiIUd.exe
  C:\Windows\System\PBHiIUd.exe
  2⤵
  PID:7036
- C:\Windows\System\ZKlISyn.exe
  C:\Windows\System\ZKlISyn.exe
  2⤵
  PID:7064
- C:\Windows\System\xiJrNXs.exe
  C:\Windows\System\xiJrNXs.exe
  2⤵
  PID:7092
- C:\Windows\System\mbReAvC.exe
  C:\Windows\System\mbReAvC.exe
  2⤵
  PID:7120
- C:\Windows\System\sgYeuqI.exe
  C:\Windows\System\sgYeuqI.exe
  2⤵
  PID:7148
- C:\Windows\System\xIYFKNA.exe
  C:\Windows\System\xIYFKNA.exe
  2⤵
  PID:5844
- C:\Windows\System\TuGcDKi.exe
  C:\Windows\System\TuGcDKi.exe
  2⤵
  PID:1524
- C:\Windows\System\iGOTyRc.exe
  C:\Windows\System\iGOTyRc.exe
  2⤵
  PID:4400
- C:\Windows\System\ooZxGbI.exe
  C:\Windows\System\ooZxGbI.exe
  2⤵
  PID:1736
- C:\Windows\System\qBMKfCQ.exe
  C:\Windows\System\qBMKfCQ.exe
  2⤵
  PID:5228
- C:\Windows\System\fztGTQW.exe
  C:\Windows\System\fztGTQW.exe
  2⤵
  PID:5556
- C:\Windows\System\KloraVu.exe
  C:\Windows\System\KloraVu.exe
  2⤵
  PID:6180
- C:\Windows\System\rcuQIEj.exe
  C:\Windows\System\rcuQIEj.exe
  2⤵
  PID:6240
- C:\Windows\System\LKkhwcx.exe
  C:\Windows\System\LKkhwcx.exe
  2⤵
  PID:6300
- C:\Windows\System\GngfKyC.exe
  C:\Windows\System\GngfKyC.exe
  2⤵
  PID:6356
- C:\Windows\System\OSNcMFj.exe
  C:\Windows\System\OSNcMFj.exe
  2⤵
  PID:2052
- C:\Windows\System\ADIFMHo.exe
  C:\Windows\System\ADIFMHo.exe
  2⤵
  PID:6468
- C:\Windows\System\jMSaoVE.exe
  C:\Windows\System\jMSaoVE.exe
  2⤵
  PID:6544
- C:\Windows\System\NKvaJIJ.exe
  C:\Windows\System\NKvaJIJ.exe
  2⤵
  PID:6604
- C:\Windows\System\WTdpRyl.exe
  C:\Windows\System\WTdpRyl.exe
  2⤵
  PID:6664
- C:\Windows\System\uUzkute.exe
  C:\Windows\System\uUzkute.exe
  2⤵
  PID:6716
- C:\Windows\System\LrKIqSJ.exe
  C:\Windows\System\LrKIqSJ.exe
  2⤵
  PID:6772
- C:\Windows\System\KGZSkKP.exe
  C:\Windows\System\KGZSkKP.exe
  2⤵
  PID:6852
- C:\Windows\System\TxEHkzP.exe
  C:\Windows\System\TxEHkzP.exe
  2⤵
  PID:6912
- C:\Windows\System\CwKxWQY.exe
  C:\Windows\System\CwKxWQY.exe
  2⤵
  PID:6968
- C:\Windows\System\CGLQUhD.exe
  C:\Windows\System\CGLQUhD.exe
  2⤵
  PID:7000
- C:\Windows\System\CzHqJvb.exe
  C:\Windows\System\CzHqJvb.exe
  2⤵
  PID:7056
- C:\Windows\System\UXtRzVr.exe
  C:\Windows\System\UXtRzVr.exe
  2⤵
  PID:7112
- C:\Windows\System\MZmvAjF.exe
  C:\Windows\System\MZmvAjF.exe
  2⤵
  PID:6152
- C:\Windows\System\EQrTqBh.exe
  C:\Windows\System\EQrTqBh.exe
  2⤵
  PID:3164
- C:\Windows\System\IHrCDbD.exe
  C:\Windows\System\IHrCDbD.exe
  2⤵
  PID:404
- C:\Windows\System\auuxPIC.exe
  C:\Windows\System\auuxPIC.exe
  2⤵
  PID:3172
- C:\Windows\System\cWMnrxk.exe
  C:\Windows\System\cWMnrxk.exe
  2⤵
  PID:1096
- C:\Windows\System\IAtJkhd.exe
  C:\Windows\System\IAtJkhd.exe
  2⤵
  PID:6576
- C:\Windows\System\IXKUyJa.exe
  C:\Windows\System\IXKUyJa.exe
  2⤵
  PID:432
- C:\Windows\System\EukRSMb.exe
  C:\Windows\System\EukRSMb.exe
  2⤵
  PID:5016
- C:\Windows\System\QOJzmEX.exe
  C:\Windows\System\QOJzmEX.exe
  2⤵
  PID:6880
- C:\Windows\System\zpreFyk.exe
  C:\Windows\System\zpreFyk.exe
  2⤵
  PID:6940
- C:\Windows\System\AQwzEdx.exe
  C:\Windows\System\AQwzEdx.exe
  2⤵
  PID:6964
- C:\Windows\System\KWHLPwc.exe
  C:\Windows\System\KWHLPwc.exe
  2⤵
  PID:7104
- C:\Windows\System\CIqWlsP.exe
  C:\Windows\System\CIqWlsP.exe
  2⤵
  PID:820
- C:\Windows\System\JRkfHVI.exe
  C:\Windows\System\JRkfHVI.exe
  2⤵
  PID:596
- C:\Windows\System\CPYaoGy.exe
  C:\Windows\System\CPYaoGy.exe
  2⤵
  PID:2296
- C:\Windows\System\oVIOOcc.exe
  C:\Windows\System\oVIOOcc.exe
  2⤵
  PID:3904
- C:\Windows\System\WBGugUc.exe
  C:\Windows\System\WBGugUc.exe
  2⤵
  PID:468
- C:\Windows\System\EaJClVg.exe
  C:\Windows\System\EaJClVg.exe
  2⤵
  PID:7080
- C:\Windows\System\WtNtUQn.exe
  C:\Windows\System\WtNtUQn.exe
  2⤵
  PID:452
- C:\Windows\System\NKoBWET.exe
  C:\Windows\System\NKoBWET.exe
  2⤵
  PID:3408
- C:\Windows\System\abvwWNK.exe
  C:\Windows\System\abvwWNK.exe
  2⤵
  PID:6636
- C:\Windows\System\OBJeWVT.exe
  C:\Windows\System\OBJeWVT.exe
  2⤵
  PID:7172
- C:\Windows\System\OSnfsvk.exe
  C:\Windows\System\OSnfsvk.exe
  2⤵
  PID:7204
- C:\Windows\System\FadMCJA.exe
  C:\Windows\System\FadMCJA.exe
  2⤵
  PID:7232
- C:\Windows\System\EVarIdF.exe
  C:\Windows\System\EVarIdF.exe
  2⤵
  PID:7256
- C:\Windows\System\BgaxLdH.exe
  C:\Windows\System\BgaxLdH.exe
  2⤵
  PID:7284
- C:\Windows\System\HqSucxS.exe
  C:\Windows\System\HqSucxS.exe
  2⤵
  PID:7324
- C:\Windows\System\HQhOxEY.exe
  C:\Windows\System\HQhOxEY.exe
  2⤵
  PID:7360
- C:\Windows\System\qWiQapA.exe
  C:\Windows\System\qWiQapA.exe
  2⤵
  PID:7392
- C:\Windows\System\pbbBwIJ.exe
  C:\Windows\System\pbbBwIJ.exe
  2⤵
  PID:7416
- C:\Windows\System\QRxsgpd.exe
  C:\Windows\System\QRxsgpd.exe
  2⤵
  PID:7448
- C:\Windows\System\eImyWzT.exe
  C:\Windows\System\eImyWzT.exe
  2⤵
  PID:7480
- C:\Windows\System\aaLZqqy.exe
  C:\Windows\System\aaLZqqy.exe
  2⤵
  PID:7508
- C:\Windows\System\LpIlFFN.exe
  C:\Windows\System\LpIlFFN.exe
  2⤵
  PID:7536
- C:\Windows\System\mbuMSqK.exe
  C:\Windows\System\mbuMSqK.exe
  2⤵
  PID:7564
- C:\Windows\System\UJDMbsy.exe
  C:\Windows\System\UJDMbsy.exe
  2⤵
  PID:7592
- C:\Windows\System\NbPDUeI.exe
  C:\Windows\System\NbPDUeI.exe
  2⤵
  PID:7620
- C:\Windows\System\NRhPvnd.exe
  C:\Windows\System\NRhPvnd.exe
  2⤵
  PID:7648
- C:\Windows\System\MXVyjrd.exe
  C:\Windows\System\MXVyjrd.exe
  2⤵
  PID:7676
- C:\Windows\System\NwdLxQv.exe
  C:\Windows\System\NwdLxQv.exe
  2⤵
  PID:7704
- C:\Windows\System\gOsrxMo.exe
  C:\Windows\System\gOsrxMo.exe
  2⤵
  PID:7732
- C:\Windows\System\GaGsyLB.exe
  C:\Windows\System\GaGsyLB.exe
  2⤵
  PID:7760
- C:\Windows\System\ieYcYhQ.exe
  C:\Windows\System\ieYcYhQ.exe
  2⤵
  PID:7788
- C:\Windows\System\jNozwDS.exe
  C:\Windows\System\jNozwDS.exe
  2⤵
  PID:7816
- C:\Windows\System\vmJetrD.exe
  C:\Windows\System\vmJetrD.exe
  2⤵
  PID:7896
- C:\Windows\System\awRugYk.exe
  C:\Windows\System\awRugYk.exe
  2⤵
  PID:7924
- C:\Windows\System\nYmIlRN.exe
  C:\Windows\System\nYmIlRN.exe
  2⤵
  PID:7948
- C:\Windows\System\IKInclR.exe
  C:\Windows\System\IKInclR.exe
  2⤵
  PID:7968
- C:\Windows\System\kacTbOf.exe
  C:\Windows\System\kacTbOf.exe
  2⤵
  PID:8008
- C:\Windows\System\LDXFHMt.exe
  C:\Windows\System\LDXFHMt.exe
  2⤵
  PID:8028
- C:\Windows\System\rpBdpZF.exe
  C:\Windows\System\rpBdpZF.exe
  2⤵
  PID:8052
- C:\Windows\System\FguWHpp.exe
  C:\Windows\System\FguWHpp.exe
  2⤵
  PID:8092
- C:\Windows\System\OoSqZzj.exe
  C:\Windows\System\OoSqZzj.exe
  2⤵
  PID:8108
- C:\Windows\System\eWzzfKZ.exe
  C:\Windows\System\eWzzfKZ.exe
  2⤵
  PID:8136
- C:\Windows\System\ZLXajwl.exe
  C:\Windows\System\ZLXajwl.exe
  2⤵
  PID:8172
- C:\Windows\System\YUBJPxx.exe
  C:\Windows\System\YUBJPxx.exe
  2⤵
  PID:2492
- C:\Windows\System\JmhLjRv.exe
  C:\Windows\System\JmhLjRv.exe
  2⤵
  PID:5720
- C:\Windows\System\vrDBjbx.exe
  C:\Windows\System\vrDBjbx.exe
  2⤵
  PID:5552
- C:\Windows\System\JQitkDP.exe
  C:\Windows\System\JQitkDP.exe
  2⤵
  PID:7244
- C:\Windows\System\LNoqBuF.exe
  C:\Windows\System\LNoqBuF.exe
  2⤵
  PID:7316
- C:\Windows\System\vIycSCO.exe
  C:\Windows\System\vIycSCO.exe
  2⤵
  PID:7440
- C:\Windows\System\iBeBPFo.exe
  C:\Windows\System\iBeBPFo.exe
  2⤵
  PID:7500
- C:\Windows\System\RlJuwCO.exe
  C:\Windows\System\RlJuwCO.exe
  2⤵
  PID:7548
- C:\Windows\System\HstDBeE.exe
  C:\Windows\System\HstDBeE.exe
  2⤵
  PID:7612
- C:\Windows\System\sKdfMMl.exe
  C:\Windows\System\sKdfMMl.exe
  2⤵
  PID:7660
- C:\Windows\System\rYcruAR.exe
  C:\Windows\System\rYcruAR.exe
  2⤵
  PID:7744
- C:\Windows\System\DQBPZOc.exe
  C:\Windows\System\DQBPZOc.exe
  2⤵
  PID:7776
- C:\Windows\System\gRaEJEp.exe
  C:\Windows\System\gRaEJEp.exe
  2⤵
  PID:7848
- C:\Windows\System\XrRBEqp.exe
  C:\Windows\System\XrRBEqp.exe
  2⤵
  PID:1332
- C:\Windows\System\HdNhDAP.exe
  C:\Windows\System\HdNhDAP.exe
  2⤵
  PID:4960
- C:\Windows\System\kCfIOIN.exe
  C:\Windows\System\kCfIOIN.exe
  2⤵
  PID:7940
- C:\Windows\System\yHGdSPn.exe
  C:\Windows\System\yHGdSPn.exe
  2⤵
  PID:8036
- C:\Windows\System\ZLLLzHC.exe
  C:\Windows\System\ZLLLzHC.exe
  2⤵
  PID:8068
- C:\Windows\System\jgoXwGV.exe
  C:\Windows\System\jgoXwGV.exe
  2⤵
  PID:8124
- C:\Windows\System\rpyflqc.exe
  C:\Windows\System\rpyflqc.exe
  2⤵
  PID:2480
- C:\Windows\System\haBguQO.exe
  C:\Windows\System\haBguQO.exe
  2⤵
  PID:7280
- C:\Windows\System\LLwlXBC.exe
  C:\Windows\System\LLwlXBC.exe
  2⤵
  PID:7404
- C:\Windows\System\ebfljog.exe
  C:\Windows\System\ebfljog.exe
  2⤵
  PID:7580
- C:\Windows\System\NQUXyZx.exe
  C:\Windows\System\NQUXyZx.exe
  2⤵
  PID:7640
- C:\Windows\System\qtdHuYq.exe
  C:\Windows\System\qtdHuYq.exe
  2⤵
  PID:7804
- C:\Windows\System\HoExAkh.exe
  C:\Windows\System\HoExAkh.exe
  2⤵
  PID:7912
- C:\Windows\System\tWerRIi.exe
  C:\Windows\System\tWerRIi.exe
  2⤵
  PID:8156
- C:\Windows\System\ZKcglnx.exe
  C:\Windows\System\ZKcglnx.exe
  2⤵
  PID:3588
- C:\Windows\System\dsQpcYc.exe
  C:\Windows\System\dsQpcYc.exe
  2⤵
  PID:7688
- C:\Windows\System\IqNKpgj.exe
  C:\Windows\System\IqNKpgj.exe
  2⤵
  PID:2120
- C:\Windows\System\FFKeyUx.exe
  C:\Windows\System\FFKeyUx.exe
  2⤵
  PID:8160
- C:\Windows\System\itUgHTV.exe
  C:\Windows\System\itUgHTV.exe
  2⤵
  PID:6632
- C:\Windows\System\tTMrPNY.exe
  C:\Windows\System\tTMrPNY.exe
  2⤵
  PID:7272
- C:\Windows\System\ajKhXBI.exe
  C:\Windows\System\ajKhXBI.exe
  2⤵
  PID:8232
- C:\Windows\System\XMbtkrr.exe
  C:\Windows\System\XMbtkrr.exe
  2⤵
  PID:8260
- C:\Windows\System\WBrwslD.exe
  C:\Windows\System\WBrwslD.exe
  2⤵
  PID:8288
- C:\Windows\System\wqWVHpD.exe
  C:\Windows\System\wqWVHpD.exe
  2⤵
  PID:8316
- C:\Windows\System\VGtxdIq.exe
  C:\Windows\System\VGtxdIq.exe
  2⤵
  PID:8340
- C:\Windows\System\XRAYuYJ.exe
  C:\Windows\System\XRAYuYJ.exe
  2⤵
  PID:8360
- C:\Windows\System\ZfKfjSr.exe
  C:\Windows\System\ZfKfjSr.exe
  2⤵
  PID:8404
- C:\Windows\System\ZgblOkL.exe
  C:\Windows\System\ZgblOkL.exe
  2⤵
  PID:8428
- C:\Windows\System\ldblzlK.exe
  C:\Windows\System\ldblzlK.exe
  2⤵
  PID:8460
- C:\Windows\System\nDCyeDP.exe
  C:\Windows\System\nDCyeDP.exe
  2⤵
  PID:8480
- C:\Windows\System\uPlPjNu.exe
  C:\Windows\System\uPlPjNu.exe
  2⤵
  PID:8504
- C:\Windows\System\UMBNIhv.exe
  C:\Windows\System\UMBNIhv.exe
  2⤵
  PID:8532
- C:\Windows\System\RWGyzqX.exe
  C:\Windows\System\RWGyzqX.exe
  2⤵
  PID:8548
- C:\Windows\System\AfNWmIc.exe
  C:\Windows\System\AfNWmIc.exe
  2⤵
  PID:8572
- C:\Windows\System\gYgbUZv.exe
  C:\Windows\System\gYgbUZv.exe
  2⤵
  PID:8608
- C:\Windows\System\GpeeIQk.exe
  C:\Windows\System\GpeeIQk.exe
  2⤵
  PID:8644
- C:\Windows\System\nJMFIby.exe
  C:\Windows\System\nJMFIby.exe
  2⤵
  PID:8680
- C:\Windows\System\JtNIyBO.exe
  C:\Windows\System\JtNIyBO.exe
  2⤵
  PID:8712
- C:\Windows\System\wpibuRU.exe
  C:\Windows\System\wpibuRU.exe
  2⤵
  PID:8728
- C:\Windows\System\yGKkzIV.exe
  C:\Windows\System\yGKkzIV.exe
  2⤵
  PID:8756
- C:\Windows\System\yaCnjyu.exe
  C:\Windows\System\yaCnjyu.exe
  2⤵
  PID:8788
- C:\Windows\System\pJaxXkT.exe
  C:\Windows\System\pJaxXkT.exe
  2⤵
  PID:8816
- C:\Windows\System\ExufXNM.exe
  C:\Windows\System\ExufXNM.exe
  2⤵
  PID:8836
- C:\Windows\System\yQviRst.exe
  C:\Windows\System\yQviRst.exe
  2⤵
  PID:8860
- C:\Windows\System\VOmxvIk.exe
  C:\Windows\System\VOmxvIk.exe
  2⤵
  PID:8908
- C:\Windows\System\oKJscPS.exe
  C:\Windows\System\oKJscPS.exe
  2⤵
  PID:8936
- C:\Windows\System\sFrLUMi.exe
  C:\Windows\System\sFrLUMi.exe
  2⤵
  PID:8952
- C:\Windows\System\XRsfEtx.exe
  C:\Windows\System\XRsfEtx.exe
  2⤵
  PID:8980
- C:\Windows\System\kxdQqyx.exe
  C:\Windows\System\kxdQqyx.exe
  2⤵
  PID:9012
- C:\Windows\System\vfMXDUZ.exe
  C:\Windows\System\vfMXDUZ.exe
  2⤵
  PID:9036
- C:\Windows\System\aouVYbI.exe
  C:\Windows\System\aouVYbI.exe
  2⤵
  PID:9064
- C:\Windows\System\THCmfXh.exe
  C:\Windows\System\THCmfXh.exe
  2⤵
  PID:9104
- C:\Windows\System\wPzvwBi.exe
  C:\Windows\System\wPzvwBi.exe
  2⤵
  PID:9132
- C:\Windows\System\PXzMmxd.exe
  C:\Windows\System\PXzMmxd.exe
  2⤵
  PID:9160
- C:\Windows\System\UZgPxlp.exe
  C:\Windows\System\UZgPxlp.exe
  2⤵
  PID:9188
- C:\Windows\System\XDaCbmO.exe
  C:\Windows\System\XDaCbmO.exe
  2⤵
  PID:9208
- C:\Windows\System\FkfMlmg.exe
  C:\Windows\System\FkfMlmg.exe
  2⤵
  PID:8244
- C:\Windows\System\tTtXwyr.exe
  C:\Windows\System\tTtXwyr.exe
  2⤵
  PID:8300
- C:\Windows\System\FPtHXUw.exe
  C:\Windows\System\FPtHXUw.exe
  2⤵
  PID:8324
- C:\Windows\System\TOPTONW.exe
  C:\Windows\System\TOPTONW.exe
  2⤵
  PID:8380
- C:\Windows\System\MmoGBKS.exe
  C:\Windows\System\MmoGBKS.exe
  2⤵
  PID:8448
- C:\Windows\System\IVKVleO.exe
  C:\Windows\System\IVKVleO.exe
  2⤵
  PID:8492
- C:\Windows\System\lTaUZYE.exe
  C:\Windows\System\lTaUZYE.exe
  2⤵
  PID:8544
- C:\Windows\System\WqRroxl.exe
  C:\Windows\System\WqRroxl.exe
  2⤵
  PID:8628
- C:\Windows\System\fckAZaq.exe
  C:\Windows\System\fckAZaq.exe
  2⤵
  PID:8720
- C:\Windows\System\WDVQeAY.exe
  C:\Windows\System\WDVQeAY.exe
  2⤵
  PID:8772
- C:\Windows\System\wKviRFN.exe
  C:\Windows\System\wKviRFN.exe
  2⤵
  PID:8884
- C:\Windows\System\lJPfxws.exe
  C:\Windows\System\lJPfxws.exe
  2⤵
  PID:8944
- C:\Windows\System\WKtydqs.exe
  C:\Windows\System\WKtydqs.exe
  2⤵
  PID:9020
- C:\Windows\System\obSDDMG.exe
  C:\Windows\System\obSDDMG.exe
  2⤵
  PID:9048
- C:\Windows\System\ceMCcwp.exe
  C:\Windows\System\ceMCcwp.exe
  2⤵
  PID:9156
- C:\Windows\System\oIPstAe.exe
  C:\Windows\System\oIPstAe.exe
  2⤵
  PID:9204
- C:\Windows\System\pzpJFud.exe
  C:\Windows\System\pzpJFud.exe
  2⤵
  PID:8352
- C:\Windows\System\XzWussR.exe
  C:\Windows\System\XzWussR.exe
  2⤵
  PID:8376
- C:\Windows\System\FmzhMaB.exe
  C:\Windows\System\FmzhMaB.exe
  2⤵
  PID:8596
- C:\Windows\System\JpRHVGX.exe
  C:\Windows\System\JpRHVGX.exe
  2⤵
  PID:8796
- C:\Windows\System\rhnrcsA.exe
  C:\Windows\System\rhnrcsA.exe
  2⤵
  PID:8924
- C:\Windows\System\rzMbwSU.exe
  C:\Windows\System\rzMbwSU.exe
  2⤵
  PID:2108
- C:\Windows\System\jiQQHfh.exe
  C:\Windows\System\jiQQHfh.exe
  2⤵
  PID:8920
- C:\Windows\System\JAAEXUM.exe
  C:\Windows\System\JAAEXUM.exe
  2⤵
  PID:8996
- C:\Windows\System\vKuhcGP.exe
  C:\Windows\System\vKuhcGP.exe
  2⤵
  PID:9148
- C:\Windows\System\SbTWjUl.exe
  C:\Windows\System\SbTWjUl.exe
  2⤵
  PID:8668
- C:\Windows\System\ERwHhZX.exe
  C:\Windows\System\ERwHhZX.exe
  2⤵
  PID:1068
- C:\Windows\System\WuoTzkU.exe
  C:\Windows\System\WuoTzkU.exe
  2⤵
  PID:8468
- C:\Windows\System\OCKSTJa.exe
  C:\Windows\System\OCKSTJa.exe
  2⤵
  PID:8776
- C:\Windows\System\nQpajPr.exe
  C:\Windows\System\nQpajPr.exe
  2⤵
  PID:9220
- C:\Windows\System\AXIKuNC.exe
  C:\Windows\System\AXIKuNC.exe
  2⤵
  PID:9240
- C:\Windows\System\Hpncdsh.exe
  C:\Windows\System\Hpncdsh.exe
  2⤵
  PID:9268
- C:\Windows\System\NLJYkug.exe
  C:\Windows\System\NLJYkug.exe
  2⤵
  PID:9292
- C:\Windows\System\zmhgZBz.exe
  C:\Windows\System\zmhgZBz.exe
  2⤵
  PID:9316
- C:\Windows\System\nWNPlZV.exe
  C:\Windows\System\nWNPlZV.exe
  2⤵
  PID:9344
- C:\Windows\System\KEKJsuW.exe
  C:\Windows\System\KEKJsuW.exe
  2⤵
  PID:9404
- C:\Windows\System\gKCQcmc.exe
  C:\Windows\System\gKCQcmc.exe
  2⤵
  PID:9428
- C:\Windows\System\JieYvQu.exe
  C:\Windows\System\JieYvQu.exe
  2⤵
  PID:9452
- C:\Windows\System\KuQLlQt.exe
  C:\Windows\System\KuQLlQt.exe
  2⤵
  PID:9468
- C:\Windows\System\rxXiOqf.exe
  C:\Windows\System\rxXiOqf.exe
  2⤵
  PID:9536
- C:\Windows\System\pWKnuBO.exe
  C:\Windows\System\pWKnuBO.exe
  2⤵
  PID:9556
- C:\Windows\System\ObBhzOS.exe
  C:\Windows\System\ObBhzOS.exe
  2⤵
  PID:9584
- C:\Windows\System\BfdJsVE.exe
  C:\Windows\System\BfdJsVE.exe
  2⤵
  PID:9612
- C:\Windows\System\DbFXTbV.exe
  C:\Windows\System\DbFXTbV.exe
  2⤵
  PID:9652
- C:\Windows\System\OMoqRDf.exe
  C:\Windows\System\OMoqRDf.exe
  2⤵
  PID:9680
- C:\Windows\System\MhmSEAE.exe
  C:\Windows\System\MhmSEAE.exe
  2⤵
  PID:9708
- C:\Windows\System\FDImVBD.exe
  C:\Windows\System\FDImVBD.exe
  2⤵
  PID:9724
- C:\Windows\System\wpsoPri.exe
  C:\Windows\System\wpsoPri.exe
  2⤵
  PID:9740
- C:\Windows\System\aqhjNgt.exe
  C:\Windows\System\aqhjNgt.exe
  2⤵
  PID:9764
- C:\Windows\System\kJfoWYP.exe
  C:\Windows\System\kJfoWYP.exe
  2⤵
  PID:9784
- C:\Windows\System\jrvQoIY.exe
  C:\Windows\System\jrvQoIY.exe
  2⤵
  PID:9824
- C:\Windows\System\iDImhyh.exe
  C:\Windows\System\iDImhyh.exe
  2⤵
  PID:9856
- C:\Windows\System\UNRDICM.exe
  C:\Windows\System\UNRDICM.exe
  2⤵
  PID:9880
- C:\Windows\System\vxEEIQi.exe
  C:\Windows\System\vxEEIQi.exe
  2⤵
  PID:9924
- C:\Windows\System\btwoEkJ.exe
  C:\Windows\System\btwoEkJ.exe
  2⤵
  PID:9948
- C:\Windows\System\kFWQOiE.exe
  C:\Windows\System\kFWQOiE.exe
  2⤵
  PID:9976
- C:\Windows\System\MvnMOsI.exe
  C:\Windows\System\MvnMOsI.exe
  2⤵
  PID:10004
- C:\Windows\System\cHIGQiS.exe
  C:\Windows\System\cHIGQiS.exe
  2⤵
  PID:10032
- C:\Windows\System\AvSAAEs.exe
  C:\Windows\System\AvSAAEs.exe
  2⤵
  PID:10068
- C:\Windows\System\XmSleTl.exe
  C:\Windows\System\XmSleTl.exe
  2⤵
  PID:10084
- C:\Windows\System\HyOeryu.exe
  C:\Windows\System\HyOeryu.exe
  2⤵
  PID:10108
- C:\Windows\System\JQdoxbh.exe
  C:\Windows\System\JQdoxbh.exe
  2⤵
  PID:10148
- C:\Windows\System\WQNlEwx.exe
  C:\Windows\System\WQNlEwx.exe
  2⤵
  PID:10184
- C:\Windows\System\XUXleGt.exe
  C:\Windows\System\XUXleGt.exe
  2⤵
  PID:10200
- C:\Windows\System\jWHCrNu.exe
  C:\Windows\System\jWHCrNu.exe
  2⤵
  PID:10232
- C:\Windows\System\jfRPtfY.exe
  C:\Windows\System\jfRPtfY.exe
  2⤵
  PID:9256
- C:\Windows\System\xLzDEIO.exe
  C:\Windows\System\xLzDEIO.exe
  2⤵
  PID:9252
- C:\Windows\System\dVsgazo.exe
  C:\Windows\System\dVsgazo.exe
  2⤵
  PID:9304
- C:\Windows\System\iJcZEhZ.exe
  C:\Windows\System\iJcZEhZ.exe
  2⤵
  PID:9380
- C:\Windows\System\iaDAziW.exe
  C:\Windows\System\iaDAziW.exe
  2⤵
  PID:9460
- C:\Windows\System\atgBqEB.exe
  C:\Windows\System\atgBqEB.exe
  2⤵
  PID:9528
- C:\Windows\System\LqdywXA.exe
  C:\Windows\System\LqdywXA.exe
  2⤵
  PID:9572
- C:\Windows\System\IOSGtkb.exe
  C:\Windows\System\IOSGtkb.exe
  2⤵
  PID:9640
- C:\Windows\System\wxBqDIj.exe
  C:\Windows\System\wxBqDIj.exe
  2⤵
  PID:9716
- C:\Windows\System\aqeRrJR.exe
  C:\Windows\System\aqeRrJR.exe
  2⤵
  PID:9752
- C:\Windows\System\ZTZuzQZ.exe
  C:\Windows\System\ZTZuzQZ.exe
  2⤵
  PID:9808
- C:\Windows\System\WIzBgCv.exe
  C:\Windows\System\WIzBgCv.exe
  2⤵
  PID:9876
- C:\Windows\System\KzKPNtj.exe
  C:\Windows\System\KzKPNtj.exe
  2⤵
  PID:9932
- C:\Windows\System\dtugQXV.exe
  C:\Windows\System\dtugQXV.exe
  2⤵
  PID:9960
- C:\Windows\System\ChdEaxR.exe
  C:\Windows\System\ChdEaxR.exe
  2⤵
  PID:10056
- C:\Windows\System\cnLQCEY.exe
  C:\Windows\System\cnLQCEY.exe
  2⤵
  PID:10116
- C:\Windows\System\TCtbuEV.exe
  C:\Windows\System\TCtbuEV.exe
  2⤵
  PID:10180
- C:\Windows\System\mADwoaU.exe
  C:\Windows\System\mADwoaU.exe
  2⤵
  PID:10220
- C:\Windows\System\KOfkjzV.exe
  C:\Windows\System\KOfkjzV.exe
  2⤵
  PID:9736
- C:\Windows\System\amBhmpV.exe
  C:\Windows\System\amBhmpV.exe
  2⤵
  PID:9988
- C:\Windows\System\GwZPGjP.exe
  C:\Windows\System\GwZPGjP.exe
  2⤵
  PID:9800
- C:\Windows\System\oZreKYD.exe
  C:\Windows\System\oZreKYD.exe
  2⤵
  PID:10100
- C:\Windows\System\rDcnIRJ.exe
  C:\Windows\System\rDcnIRJ.exe
  2⤵
  PID:9576
- C:\Windows\System\UGFBpnM.exe
  C:\Windows\System\UGFBpnM.exe
  2⤵
  PID:9692
- C:\Windows\System\GwkdBJk.exe
  C:\Windows\System\GwkdBJk.exe
  2⤵
  PID:9840
- C:\Windows\System\TWRwTtk.exe
  C:\Windows\System\TWRwTtk.exe
  2⤵
  PID:10020
- C:\Windows\System\lZLxmak.exe
  C:\Windows\System\lZLxmak.exe
  2⤵
  PID:10244
- C:\Windows\System\exuOZnG.exe
  C:\Windows\System\exuOZnG.exe
  2⤵
  PID:10276
- C:\Windows\System\vmXiuiH.exe
  C:\Windows\System\vmXiuiH.exe
  2⤵
  PID:10304
- C:\Windows\System\OgWHxOz.exe
  C:\Windows\System\OgWHxOz.exe
  2⤵
  PID:10320
- C:\Windows\System\qssPReh.exe
  C:\Windows\System\qssPReh.exe
  2⤵
  PID:10348
- C:\Windows\System\vwUplOK.exe
  C:\Windows\System\vwUplOK.exe
  2⤵
  PID:10372
- C:\Windows\System\viTSJXP.exe
  C:\Windows\System\viTSJXP.exe
  2⤵
  PID:10400
- C:\Windows\System\bViFWaY.exe
  C:\Windows\System\bViFWaY.exe
  2⤵
  PID:10432
- C:\Windows\System\YFIMKwm.exe
  C:\Windows\System\YFIMKwm.exe
  2⤵
  PID:10448
- C:\Windows\System\uemrLzh.exe
  C:\Windows\System\uemrLzh.exe
  2⤵
  PID:10472
- C:\Windows\System\LdUcrjQ.exe
  C:\Windows\System\LdUcrjQ.exe
  2⤵
  PID:10508
- C:\Windows\System\dXwNQfZ.exe
  C:\Windows\System\dXwNQfZ.exe
  2⤵
  PID:10544
- C:\Windows\System\tkBjgER.exe
  C:\Windows\System\tkBjgER.exe
  2⤵
  PID:10584
- C:\Windows\System\TqUZzHt.exe
  C:\Windows\System\TqUZzHt.exe
  2⤵
  PID:10600
- C:\Windows\System\TSJoklX.exe
  C:\Windows\System\TSJoklX.exe
  2⤵
  PID:10628
- C:\Windows\System\bVEpIBC.exe
  C:\Windows\System\bVEpIBC.exe
  2⤵
  PID:10672
- C:\Windows\System\aNadlYG.exe
  C:\Windows\System\aNadlYG.exe
  2⤵
  PID:10696
- C:\Windows\System\DFJmPXh.exe
  C:\Windows\System\DFJmPXh.exe
  2⤵
  PID:10716
- C:\Windows\System\hhSWFnh.exe
  C:\Windows\System\hhSWFnh.exe
  2⤵
  PID:10756
- C:\Windows\System\ZXfspCD.exe
  C:\Windows\System\ZXfspCD.exe
  2⤵
  PID:10784
- C:\Windows\System\iLbMwSS.exe
  C:\Windows\System\iLbMwSS.exe
  2⤵
  PID:10812
- C:\Windows\System\MvrshgQ.exe
  C:\Windows\System\MvrshgQ.exe
  2⤵
  PID:10840
- C:\Windows\System\VzsDjoC.exe
  C:\Windows\System\VzsDjoC.exe
  2⤵
  PID:10868
- C:\Windows\System\aCzqMlb.exe
  C:\Windows\System\aCzqMlb.exe
  2⤵
  PID:10884
- C:\Windows\System\sKXodiR.exe
  C:\Windows\System\sKXodiR.exe
  2⤵
  PID:10924
- C:\Windows\System\fLHJupi.exe
  C:\Windows\System\fLHJupi.exe
  2⤵
  PID:10952
- C:\Windows\System\DUmlcMf.exe
  C:\Windows\System\DUmlcMf.exe
  2⤵
  PID:10980
- C:\Windows\System\ZLmgiJu.exe
  C:\Windows\System\ZLmgiJu.exe
  2⤵
  PID:11008
- C:\Windows\System\QTcEBXw.exe
  C:\Windows\System\QTcEBXw.exe
  2⤵
  PID:11036
- C:\Windows\System\BWvJxkT.exe
  C:\Windows\System\BWvJxkT.exe
  2⤵
  PID:11064
- C:\Windows\System\oKNePli.exe
  C:\Windows\System\oKNePli.exe
  2⤵
  PID:11092
- C:\Windows\System\cSNCTUI.exe
  C:\Windows\System\cSNCTUI.exe
  2⤵
  PID:11120
- C:\Windows\System\kNkSBmF.exe
  C:\Windows\System\kNkSBmF.exe
  2⤵
  PID:11136
- C:\Windows\System\wDskHvV.exe
  C:\Windows\System\wDskHvV.exe
  2⤵
  PID:11176
- C:\Windows\System\wBRLALl.exe
  C:\Windows\System\wBRLALl.exe
  2⤵
  PID:11192
- C:\Windows\System\YKGGDjr.exe
  C:\Windows\System\YKGGDjr.exe
  2⤵
  PID:11224
- C:\Windows\System\FYAUTwG.exe
  C:\Windows\System\FYAUTwG.exe
  2⤵
  PID:11252
- C:\Windows\System\rvhZEbd.exe
  C:\Windows\System\rvhZEbd.exe
  2⤵
  PID:10288
- C:\Windows\System\cecIYJH.exe
  C:\Windows\System\cecIYJH.exe
  2⤵
  PID:10336
- C:\Windows\System\jiTQJLt.exe
  C:\Windows\System\jiTQJLt.exe
  2⤵
  PID:10428
- C:\Windows\System\ngefpMe.exe
  C:\Windows\System\ngefpMe.exe
  2⤵
  PID:10492
- C:\Windows\System\jKcQjQH.exe
  C:\Windows\System\jKcQjQH.exe
  2⤵
  PID:10464
- C:\Windows\System\FwrpVQH.exe
  C:\Windows\System\FwrpVQH.exe
  2⤵
  PID:10580
- C:\Windows\System\adpaEAF.exe
  C:\Windows\System\adpaEAF.exe
  2⤵
  PID:10692
- C:\Windows\System\GpVAKeN.exe
  C:\Windows\System\GpVAKeN.exe
  2⤵
  PID:10712
- C:\Windows\System\ihZwUlA.exe
  C:\Windows\System\ihZwUlA.exe
  2⤵
  PID:10776
- C:\Windows\System\YxxpBBM.exe
  C:\Windows\System\YxxpBBM.exe
  2⤵
  PID:10864
- C:\Windows\System\xDWqwUs.exe
  C:\Windows\System\xDWqwUs.exe
  2⤵
  PID:10904
- C:\Windows\System\epdLwSm.exe
  C:\Windows\System\epdLwSm.exe
  2⤵
  PID:10996
- C:\Windows\System\JoNPUXJ.exe
  C:\Windows\System\JoNPUXJ.exe
  2⤵
  PID:11084
- C:\Windows\System\JwNaFdd.exe
  C:\Windows\System\JwNaFdd.exe
  2⤵
  PID:11132
- C:\Windows\System\xnJfQuu.exe
  C:\Windows\System\xnJfQuu.exe
  2⤵
  PID:11184
- C:\Windows\System\HAEUHiF.exe
  C:\Windows\System\HAEUHiF.exe
  2⤵
  PID:10048
- C:\Windows\System\wssTSqQ.exe
  C:\Windows\System\wssTSqQ.exe
  2⤵
  PID:10344
- C:\Windows\System\CUAvpJe.exe
  C:\Windows\System\CUAvpJe.exe
  2⤵
  PID:10540
- C:\Windows\System\ULOeIdw.exe
  C:\Windows\System\ULOeIdw.exe
  2⤵
  PID:10708
- C:\Windows\System\YnnasPH.exe
  C:\Windows\System\YnnasPH.exe
  2⤵
  PID:10836
- C:\Windows\System\YRkvozg.exe
  C:\Windows\System\YRkvozg.exe
  2⤵
  PID:11056
- C:\Windows\System\mObirel.exe
  C:\Windows\System\mObirel.exe
  2⤵
  PID:10260
- C:\Windows\System\MufhWRP.exe
  C:\Windows\System\MufhWRP.exe
  2⤵
  PID:10316
- C:\Windows\System\Blwhmfh.exe
  C:\Windows\System\Blwhmfh.exe
  2⤵
  PID:1500
- C:\Windows\System\BjGMOze.exe
  C:\Windows\System\BjGMOze.exe
  2⤵
  PID:10968
- C:\Windows\System\WYBwMml.exe
  C:\Windows\System\WYBwMml.exe
  2⤵
  PID:10640
- C:\Windows\System\DPlmIgi.exe
  C:\Windows\System\DPlmIgi.exe
  2⤵
  PID:11168
- C:\Windows\System\UBUgYCs.exe
  C:\Windows\System\UBUgYCs.exe
  2⤵
  PID:11288
- C:\Windows\System\JOTDLAc.exe
  C:\Windows\System\JOTDLAc.exe
  2⤵
  PID:11312
- C:\Windows\System\NXOXLbj.exe
  C:\Windows\System\NXOXLbj.exe
  2⤵
  PID:11344
- C:\Windows\System\HTzJVru.exe
  C:\Windows\System\HTzJVru.exe
  2⤵
  PID:11372
- C:\Windows\System\gZWemOb.exe
  C:\Windows\System\gZWemOb.exe
  2⤵
  PID:11396
- C:\Windows\System\dzmviNd.exe
  C:\Windows\System\dzmviNd.exe
  2⤵
  PID:11416
- C:\Windows\System\GkgVTtp.exe
  C:\Windows\System\GkgVTtp.exe
  2⤵
  PID:11444
- C:\Windows\System\DdmlyHi.exe
  C:\Windows\System\DdmlyHi.exe
  2⤵
  PID:11484
- C:\Windows\System\LHzbfkK.exe
  C:\Windows\System\LHzbfkK.exe
  2⤵
  PID:11500
- C:\Windows\System\PVRFTcP.exe
  C:\Windows\System\PVRFTcP.exe
  2⤵
  PID:11532
- C:\Windows\System\bpkCqZj.exe
  C:\Windows\System\bpkCqZj.exe
  2⤵
  PID:11556
- C:\Windows\System\vXEUVwo.exe
  C:\Windows\System\vXEUVwo.exe
  2⤵
  PID:11584
- C:\Windows\System\DmvzUHJ.exe
  C:\Windows\System\DmvzUHJ.exe
  2⤵
  PID:11612
- C:\Windows\System\KDJobbo.exe
  C:\Windows\System\KDJobbo.exe
  2⤵
  PID:11632
- C:\Windows\System\TLBiKJp.exe
  C:\Windows\System\TLBiKJp.exe
  2⤵
  PID:11652
- C:\Windows\System\iZCnayo.exe
  C:\Windows\System\iZCnayo.exe
  2⤵
  PID:11680
- C:\Windows\System\qUOVaof.exe
  C:\Windows\System\qUOVaof.exe
  2⤵
  PID:11700
- C:\Windows\System\sNxrpAq.exe
  C:\Windows\System\sNxrpAq.exe
  2⤵
  PID:11752
- C:\Windows\System\DCgPyMO.exe
  C:\Windows\System\DCgPyMO.exe
  2⤵
  PID:11772
- C:\Windows\System\hmJbmka.exe
  C:\Windows\System\hmJbmka.exe
  2⤵
  PID:11796
- C:\Windows\System\eYVLjlH.exe
  C:\Windows\System\eYVLjlH.exe
  2⤵
  PID:11816
- C:\Windows\System\jQyKFWH.exe
  C:\Windows\System\jQyKFWH.exe
  2⤵
  PID:11844
- C:\Windows\System\hoiNUKO.exe
  C:\Windows\System\hoiNUKO.exe
  2⤵
  PID:11896
- C:\Windows\System\fphSLlP.exe
  C:\Windows\System\fphSLlP.exe
  2⤵
  PID:11916
- C:\Windows\System\OOIzXpk.exe
  C:\Windows\System\OOIzXpk.exe
  2⤵
  PID:11940
- C:\Windows\System\tHCDphe.exe
  C:\Windows\System\tHCDphe.exe
  2⤵
  PID:11964
- C:\Windows\System\vltxSnH.exe
  C:\Windows\System\vltxSnH.exe
  2⤵
  PID:11992
- C:\Windows\System\fXwlxrR.exe
  C:\Windows\System\fXwlxrR.exe
  2⤵
  PID:12012
- C:\Windows\System\zQOkhlD.exe
  C:\Windows\System\zQOkhlD.exe
  2⤵
  PID:12044
- C:\Windows\System\bVqkYDj.exe
  C:\Windows\System\bVqkYDj.exe
  2⤵
  PID:12068
- C:\Windows\System\HnPNjBc.exe
  C:\Windows\System\HnPNjBc.exe
  2⤵
  PID:12136
- C:\Windows\System\NpatNyI.exe
  C:\Windows\System\NpatNyI.exe
  2⤵
  PID:12156
- C:\Windows\System\CVccHrp.exe
  C:\Windows\System\CVccHrp.exe
  2⤵
  PID:12184
- C:\Windows\System\IAqCsRz.exe
  C:\Windows\System\IAqCsRz.exe
  2⤵
  PID:12212
- C:\Windows\System\YHompiy.exe
  C:\Windows\System\YHompiy.exe
  2⤵
  PID:12228
- C:\Windows\System\AjgfAfb.exe
  C:\Windows\System\AjgfAfb.exe
  2⤵
  PID:12260
- C:\Windows\System\WityQVB.exe
  C:\Windows\System\WityQVB.exe
  2⤵
  PID:11280
- C:\Windows\System\IiZSgHr.exe
  C:\Windows\System\IiZSgHr.exe
  2⤵
  PID:11356
- C:\Windows\System\YUXcAbh.exe
  C:\Windows\System\YUXcAbh.exe
  2⤵
  PID:11404
- C:\Windows\System\Szdulhw.exe
  C:\Windows\System\Szdulhw.exe
  2⤵
  PID:11472
- C:\Windows\System\SgrEjkc.exe
  C:\Windows\System\SgrEjkc.exe
  2⤵
  PID:11524
- C:\Windows\System\QafaMoe.exe
  C:\Windows\System\QafaMoe.exe
  2⤵
  PID:11596
- C:\Windows\System\FycARyM.exe
  C:\Windows\System\FycARyM.exe
  2⤵
  PID:11644
- C:\Windows\System\CtzSzcX.exe
  C:\Windows\System\CtzSzcX.exe
  2⤵
  PID:11696
- C:\Windows\System\GDhOQBd.exe
  C:\Windows\System\GDhOQBd.exe
  2⤵
  PID:11740
- C:\Windows\System\OEzheIt.exe
  C:\Windows\System\OEzheIt.exe
  2⤵
  PID:11784
- C:\Windows\System\kElWwvQ.exe
  C:\Windows\System\kElWwvQ.exe
  2⤵
  PID:11832
- C:\Windows\System\wlUsMtw.exe
  C:\Windows\System\wlUsMtw.exe
  2⤵
  PID:11904
- C:\Windows\System\xtYmNwo.exe
  C:\Windows\System\xtYmNwo.exe
  2⤵
  PID:11936
- C:\Windows\System\TnEtCcE.exe
  C:\Windows\System\TnEtCcE.exe
  2⤵
  PID:12000
- C:\Windows\System\Sdiqefe.exe
  C:\Windows\System\Sdiqefe.exe
  2⤵
  PID:12056
- C:\Windows\System\IzHMOKm.exe
  C:\Windows\System\IzHMOKm.exe
  2⤵
  PID:12108
- C:\Windows\System\zCCnqwk.exe
  C:\Windows\System\zCCnqwk.exe
  2⤵
  PID:12176
- C:\Windows\System\VCCFdar.exe
  C:\Windows\System\VCCFdar.exe
  2⤵
  PID:12224
- C:\Windows\System\YoMLhKK.exe
  C:\Windows\System\YoMLhKK.exe
  2⤵
  PID:12244
- C:\Windows\System\XDvFLOY.exe
  C:\Windows\System\XDvFLOY.exe
  2⤵
  PID:11436
- C:\Windows\System\uKNOkBB.exe
  C:\Windows\System\uKNOkBB.exe
  2⤵
  PID:11548
- C:\Windows\System\FOawcFN.exe
  C:\Windows\System\FOawcFN.exe
  2⤵
  PID:11676
- C:\Windows\System\rlMOLUs.exe
  C:\Windows\System\rlMOLUs.exe
  2⤵
  PID:11780
- C:\Windows\System\fqbbPbB.exe
  C:\Windows\System\fqbbPbB.exe
  2⤵
  PID:11888
- C:\Windows\System\ylIHEBG.exe
  C:\Windows\System\ylIHEBG.exe
  2⤵
  PID:11932
- C:\Windows\System\kwVgyNX.exe
  C:\Windows\System\kwVgyNX.exe
  2⤵
  PID:12196
- C:\Windows\System\JSmnYgX.exe
  C:\Windows\System\JSmnYgX.exe
  2⤵
  PID:11620
- C:\Windows\System\gJjmECc.exe
  C:\Windows\System\gJjmECc.exe
  2⤵
  PID:11812
- C:\Windows\System\RSDJdZc.exe
  C:\Windows\System\RSDJdZc.exe
  2⤵
  PID:12112
- C:\Windows\System\TZjPzXo.exe
  C:\Windows\System\TZjPzXo.exe
  2⤵
  PID:11468
- C:\Windows\System\PyDtwbQ.exe
  C:\Windows\System\PyDtwbQ.exe
  2⤵
  PID:12168
- C:\Windows\System\vpllKJD.exe
  C:\Windows\System\vpllKJD.exe
  2⤵
  PID:1080
- C:\Windows\System\RFPcQqT.exe
  C:\Windows\System\RFPcQqT.exe
  2⤵
  PID:12296
- C:\Windows\System\pBJLmfH.exe
  C:\Windows\System\pBJLmfH.exe
  2⤵
  PID:12328
- C:\Windows\System\vVanJkB.exe
  C:\Windows\System\vVanJkB.exe
  2⤵
  PID:12352
- C:\Windows\System\tanyyih.exe
  C:\Windows\System\tanyyih.exe
  2⤵
  PID:12388
- C:\Windows\System\PVtFjvO.exe
  C:\Windows\System\PVtFjvO.exe
  2⤵
  PID:12412
- C:\Windows\System\bCZrMLk.exe
  C:\Windows\System\bCZrMLk.exe
  2⤵
  PID:12452
- C:\Windows\System\TGyCYip.exe
  C:\Windows\System\TGyCYip.exe
  2⤵
  PID:12476
- C:\Windows\System\MWEOelB.exe
  C:\Windows\System\MWEOelB.exe
  2⤵
  PID:12520
- C:\Windows\System\PXVrprD.exe
  C:\Windows\System\PXVrprD.exe
  2⤵
  PID:12536
- C:\Windows\System\qpwCrtv.exe
  C:\Windows\System\qpwCrtv.exe
  2⤵
  PID:12572
- C:\Windows\System\XPRfGJl.exe
  C:\Windows\System\XPRfGJl.exe
  2⤵
  PID:12592
- C:\Windows\System\HNJeoTq.exe
  C:\Windows\System\HNJeoTq.exe
  2⤵
  PID:12616
- C:\Windows\System\HvEGyaA.exe
  C:\Windows\System\HvEGyaA.exe
  2⤵
  PID:12636
- C:\Windows\System\EHimFqw.exe
  C:\Windows\System\EHimFqw.exe
  2⤵
  PID:12664
- C:\Windows\System\aIIWpng.exe
  C:\Windows\System\aIIWpng.exe
  2⤵
  PID:12696
- C:\Windows\System\vsQUhOn.exe
  C:\Windows\System\vsQUhOn.exe
  2⤵
  PID:12716
- C:\Windows\System\OHDOayL.exe
  C:\Windows\System\OHDOayL.exe
  2⤵
  PID:12740
- C:\Windows\System\vSgvzcT.exe
  C:\Windows\System\vSgvzcT.exe
  2⤵
  PID:12764
- C:\Windows\System\ZEvbLXd.exe
  C:\Windows\System\ZEvbLXd.exe
  2⤵
  PID:12816
- C:\Windows\System\lloQKsz.exe
  C:\Windows\System\lloQKsz.exe
  2⤵
  PID:12840
- C:\Windows\System\tCXkRiF.exe
  C:\Windows\System\tCXkRiF.exe
  2⤵
  PID:12884
- C:\Windows\System\WedwSmp.exe
  C:\Windows\System\WedwSmp.exe
  2⤵
  PID:12900
- C:\Windows\System\xmnGsUE.exe
  C:\Windows\System\xmnGsUE.exe
  2⤵
  PID:12928
- C:\Windows\System\MXpcIpL.exe
  C:\Windows\System\MXpcIpL.exe
  2⤵
  PID:12944
- C:\Windows\System\NDIsDPH.exe
  C:\Windows\System\NDIsDPH.exe
  2⤵
  PID:12972
- C:\Windows\System\vcGttoq.exe
  C:\Windows\System\vcGttoq.exe
  2⤵
  PID:12996
- C:\Windows\System\qnsXvlM.exe
  C:\Windows\System\qnsXvlM.exe
  2⤵
  PID:13040
- C:\Windows\System\etNuDgA.exe
  C:\Windows\System\etNuDgA.exe
  2⤵
  PID:13080
- C:\Windows\System\VGewQbB.exe
  C:\Windows\System\VGewQbB.exe
  2⤵
  PID:13108
- C:\Windows\System\AHxUnMS.exe
  C:\Windows\System\AHxUnMS.exe
  2⤵
  PID:13136
- C:\Windows\System\WCocVnm.exe
  C:\Windows\System\WCocVnm.exe
  2⤵
  PID:13152
- C:\Windows\System\zGBAZje.exe
  C:\Windows\System\zGBAZje.exe
  2⤵
  PID:13176
- C:\Windows\System\PbLAbYu.exe
  C:\Windows\System\PbLAbYu.exe
  2⤵
  PID:13208
- C:\Windows\System\ytghkau.exe
  C:\Windows\System\ytghkau.exe
  2⤵
  PID:13228
- C:\Windows\System\nIbwauM.exe
  C:\Windows\System\nIbwauM.exe
  2⤵
  PID:13252
- C:\Windows\System\zMKigND.exe
  C:\Windows\System\zMKigND.exe
  2⤵
  PID:13304
- C:\Windows\System\DJVqBSu.exe
  C:\Windows\System\DJVqBSu.exe
  2⤵
  PID:11848
- C:\Windows\System\flPQBts.exe
  C:\Windows\System\flPQBts.exe
  2⤵
  PID:12292
- C:\Windows\System\qdvsZVA.exe
  C:\Windows\System\qdvsZVA.exe
  2⤵
  PID:12460
- C:\Windows\System\gbNufhT.exe
  C:\Windows\System\gbNufhT.exe
  2⤵
  PID:12448
- C:\Windows\System\EfGQYJO.exe
  C:\Windows\System\EfGQYJO.exe
  2⤵
  PID:12560
- C:\Windows\System\asvfXyu.exe
  C:\Windows\System\asvfXyu.exe
  2⤵
  PID:12628
- C:\Windows\System\HBtQIxt.exe
  C:\Windows\System\HBtQIxt.exe
  2⤵
  PID:12672
- C:\Windows\System\avNhjtM.exe
  C:\Windows\System\avNhjtM.exe
  2⤵
  PID:12704
- C:\Windows\System\gJFCQnd.exe
  C:\Windows\System\gJFCQnd.exe
  2⤵
  PID:12804
- C:\Windows\System\VJPnYeW.exe
  C:\Windows\System\VJPnYeW.exe
  2⤵
  PID:12856
- C:\Windows\System\fnRApgE.exe
  C:\Windows\System\fnRApgE.exe
  2⤵
  PID:12920
- C:\Windows\System\maaSxnk.exe
  C:\Windows\System\maaSxnk.exe
  2⤵
  PID:12964
- C:\Windows\System\KbJqKyh.exe
  C:\Windows\System\KbJqKyh.exe
  2⤵
  PID:13032
- C:\Windows\System\AsPcXEP.exe
  C:\Windows\System\AsPcXEP.exe
  2⤵
  PID:13076
- C:\Windows\System\JbfDPxk.exe
  C:\Windows\System\JbfDPxk.exe
  2⤵
  PID:2744
- C:\Windows\System\gXadUOg.exe
  C:\Windows\System\gXadUOg.exe
  2⤵
  PID:13216
- C:\Windows\System\uUdsHOH.exe
  C:\Windows\System\uUdsHOH.exe
  2⤵
  PID:13276
- C:\Windows\System\uiplFbo.exe
  C:\Windows\System\uiplFbo.exe
  2⤵
  PID:11692
- C:\Windows\System\OkjcuJv.exe
  C:\Windows\System\OkjcuJv.exe
  2⤵
  PID:12464
- C:\Windows\System\xBHNptW.exe
  C:\Windows\System\xBHNptW.exe
  2⤵
  PID:12608
- C:\Windows\System\ufIMEEa.exe
  C:\Windows\System\ufIMEEa.exe
  2⤵
  PID:3872
- C:\Windows\System\seDFNpQ.exe
  C:\Windows\System\seDFNpQ.exe
  2⤵
  PID:12736
- C:\Windows\System\usUdxfQ.exe
  C:\Windows\System\usUdxfQ.exe
  2⤵
  PID:12880
- C:\Windows\System\jDvUvDe.exe
  C:\Windows\System\jDvUvDe.exe
  2⤵
  PID:13020
- C:\Windows\System\rzBcWmt.exe
  C:\Windows\System\rzBcWmt.exe
  2⤵
  PID:13120
- C:\Windows\System\YIoaoOD.exe
  C:\Windows\System\YIoaoOD.exe
  2⤵
  PID:12372
- C:\Windows\System\vBblwuZ.exe
  C:\Windows\System\vBblwuZ.exe
  2⤵
  PID:12660
- C:\Windows\System\yOKKhkH.exe
  C:\Windows\System\yOKKhkH.exe
  2⤵
  PID:12796
- C:\Windows\System\FnxOAzW.exe
  C:\Windows\System\FnxOAzW.exe
  2⤵
  PID:5116
- C:\Windows\System\pdygpHi.exe
  C:\Windows\System\pdygpHi.exe
  2⤵
  PID:4380
- C:\Windows\System\MJPcdzU.exe
  C:\Windows\System\MJPcdzU.exe
  2⤵
  PID:13288
- C:\Windows\System\cnOlRPs.exe
  C:\Windows\System\cnOlRPs.exe
  2⤵
  PID:13332
- C:\Windows\System\cMJgqhq.exe
  C:\Windows\System\cMJgqhq.exe
  2⤵
  PID:13364
- C:\Windows\System\Kqhpvyz.exe
  C:\Windows\System\Kqhpvyz.exe
  2⤵
  PID:13388
- C:\Windows\System\VYPPFpg.exe
  C:\Windows\System\VYPPFpg.exe
  2⤵
  PID:13416
- C:\Windows\System\ojLrlms.exe
  C:\Windows\System\ojLrlms.exe
  2⤵
  PID:13432
- C:\Windows\System\DmHenbc.exe
  C:\Windows\System\DmHenbc.exe
  2⤵
  PID:13480
- C:\Windows\System\nbFhqbj.exe
  C:\Windows\System\nbFhqbj.exe
  2⤵
  PID:13500
- C:\Windows\System\SiWdORE.exe
  C:\Windows\System\SiWdORE.exe
  2⤵
  PID:13528
- C:\Windows\System\cpbbxuo.exe
  C:\Windows\System\cpbbxuo.exe
  2⤵
  PID:13556
- C:\Windows\System\xgHJJHe.exe
  C:\Windows\System\xgHJJHe.exe
  2⤵
  PID:13584
- C:\Windows\System\eIiSqwV.exe
  C:\Windows\System\eIiSqwV.exe
  2⤵
  PID:13624
- C:\Windows\System\iCKjUGh.exe
  C:\Windows\System\iCKjUGh.exe
  2⤵
  PID:13648
- C:\Windows\System\Zciywpi.exe
  C:\Windows\System\Zciywpi.exe
  2⤵
  PID:13672
- C:\Windows\System\xRaVjuB.exe
  C:\Windows\System\xRaVjuB.exe
  2⤵
  PID:13696
- C:\Windows\System\QQsoxIn.exe
  C:\Windows\System\QQsoxIn.exe
  2⤵
  PID:13724
- C:\Windows\System\QytEDuO.exe
  C:\Windows\System\QytEDuO.exe
  2⤵
  PID:13756
- C:\Windows\System\gtnwXdK.exe
  C:\Windows\System\gtnwXdK.exe
  2⤵
  PID:13792
- C:\Windows\System\SvQqCyR.exe
  C:\Windows\System\SvQqCyR.exe
  2⤵
  PID:13820
- C:\Windows\System\iYMIDLV.exe
  C:\Windows\System\iYMIDLV.exe
  2⤵
  PID:13848
- C:\Windows\System\cLzQNQp.exe
  C:\Windows\System\cLzQNQp.exe
  2⤵
  PID:13876
- C:\Windows\System\QArgFnq.exe
  C:\Windows\System\QArgFnq.exe
  2⤵
  PID:13892
- C:\Windows\System\nxnrBTK.exe
  C:\Windows\System\nxnrBTK.exe
  2⤵
  PID:13908
- C:\Windows\System\HdIPRIt.exe
  C:\Windows\System\HdIPRIt.exe
  2⤵
  PID:13936
- C:\Windows\System\HpNqliO.exe
  C:\Windows\System\HpNqliO.exe
  2⤵
  PID:13976
- C:\Windows\System\ZGCQTjc.exe
  C:\Windows\System\ZGCQTjc.exe
  2⤵
  PID:13992
- C:\Windows\System\RvvdLGe.exe
  C:\Windows\System\RvvdLGe.exe
  2⤵
  PID:14020
- C:\Windows\System\iYQdacr.exe
  C:\Windows\System\iYQdacr.exe
  2⤵
  PID:14048
- C:\Windows\System\UebHhvv.exe
  C:\Windows\System\UebHhvv.exe
  2⤵
  PID:14100
- C:\Windows\System\mgrokwq.exe
  C:\Windows\System\mgrokwq.exe
  2⤵
  PID:14128
- C:\Windows\System\OzYpvnu.exe
  C:\Windows\System\OzYpvnu.exe
  2⤵
  PID:14148
- C:\Windows\System\ONUBrQo.exe
  C:\Windows\System\ONUBrQo.exe
  2⤵
  PID:14184
- C:\Windows\System\qDbfEmN.exe
  C:\Windows\System\qDbfEmN.exe
  2⤵
  PID:14200
- C:\Windows\System\UNVIzkV.exe
  C:\Windows\System\UNVIzkV.exe
  2⤵
  PID:14220
- C:\Windows\System\JqWeNXM.exe
  C:\Windows\System\JqWeNXM.exe
  2⤵
  PID:14260
- C:\Windows\System\eGrWICg.exe
  C:\Windows\System\eGrWICg.exe
  2⤵
  PID:14292
- C:\Windows\System\khVKnsl.exe
  C:\Windows\System\khVKnsl.exe
  2⤵
  PID:14316
- C:\Windows\System\aPPJkPx.exe
  C:\Windows\System\aPPJkPx.exe
  2⤵
  PID:13320

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BYnCgkd.exe

Filesize
1.8MB

MD5
f5df99266a1f8e625040333cd1601222

SHA1
cd5bcb92d1372b65c5eb2cec30b3373728f7d2e8

SHA256
223eaa1671ed29293ffc39fab6f33f18815820f21b537895c15eb06325eb3931

SHA512
076e972b4377f0f42b0136e94ec12dff5672e95c0405bd2eff1dafc2a244ca913ec5f25bec1dd717e9eff52e1fb5751c3b0b7f202c84850b54be2bcdb22a10bb

Download Submit
C:\Windows\System\GYJsDJj.exe

Filesize
1.8MB

MD5
b6d60cdfeccdc77a1fc2aa88d992cf86

SHA1
0a6e7a3747ba1b62b0606bfd1988c29460924d8b

SHA256
f6f387c03701253b9b565fee86b4d8b3264ecae80178b93cae11dc4d0694b20d

SHA512
31b9d8d01a34214d34a3bf938b7e2aa3bb819704e4f2fccee6b1a99b99157bff5f4c1d4d182696a8ca25a0a5af79feaabbbe99e8cc0d22dc8938bccca47eb5cb

Download Submit
C:\Windows\System\HKnKOMc.exe

Filesize
1.8MB

MD5
a110383828aa8b915d3613f959c368d8

SHA1
2439b083ffe42fdb52db461a2db49494aacaa2bb

SHA256
34f8f9b954a338cb9b1537b1ad1191df5e9f87ecdadcfd8c95d98acef831b7ff

SHA512
ccd5bb43888086d3e7953bc53780f270141a1844f25bb4a0b73c3e3acf5713cb1ad36460f529e6cf69ba7d97f7a9eaf2d4a532309db7a449fd6bb6a7a1f4f176

Download Submit
C:\Windows\System\JzTVGSd.exe

Filesize
1.8MB

MD5
bcd959f83f7feed6d86357ecd03f8620

SHA1
fe719e14a74c98c17fa3db71d20b9bf01479dd11

SHA256
ee6d040e4f07d033424ec75a1bef233375039ef095ee89963bfee6e0ec0cd14c

SHA512
eb0935bab21de46b08daaeb8a2c70e11a3cb7be3ca51a21dd5f951d14fb5e85690d3dc4472c7bc17c21d0df371142f929c49bdff9bb2713ea3a6d7ebc9ba0bbb

Download Submit
C:\Windows\System\MCZDlzu.exe

Filesize
1.8MB

MD5
9d70fe3ad2084b25e6a618e72107a31d

SHA1
c52365965725428c893d762e7a21d215af9b8083

SHA256
a3075dc687e70d58188e63f4b628b7b56162e57c3e0aca44751a8eec77f3ec4c

SHA512
e452f5f4096f39d8fb98472464a771f9ee6579decbe7aaa304acb52dabee3676880749fd0602c285f341e5217d8c94e7980422e4ea004731a72ad48e8b0a8267

Download Submit
C:\Windows\System\MMgwBab.exe

Filesize
1.8MB

MD5
07eac3173c7696e7a883b26ee128e88b

SHA1
e57e4e3c3c1d08823b280c3c9489257043cedbe7

SHA256
29d2fb0837854e0c07457ae39e3c074dd944952bcdb4db83e7f386498179be19

SHA512
629e5cb31e62d32cbaf781189d41d2cf4b85526d66a9473807ea4b39eb50328190f4f77ca2f2578ad8b3fe80d0499d632c60fa9a2a3533bf8aa00ed9dc53626d

Download Submit
C:\Windows\System\RrXlsLJ.exe

Filesize
1.8MB

MD5
7bfcf61521d84a776b03eafc5958620f

SHA1
6e8c409d116b74dd05ad5803535da685b3a7a139

SHA256
e6aeb3eaddc17c39764815840f45101913e00d89bbf74f6138000323f527f134

SHA512
d969d6fc37dcc19c96dbe56a593f126f822233e6feae7bce20488733e1e49782a42a8c7ebcac7e831b25c74a7dbe52b5d30cb8091c7acdfcb626bcb2ef7bfa76

Download Submit
C:\Windows\System\SQdGpCf.exe

Filesize
1.8MB

MD5
a1325bb4d74f026dff5fd257df43d17c

SHA1
800a119304d6dd96a7c9e4cd6abf1d7dc7cdc3bb

SHA256
3bfceb94f2dbf0dbb6025ce1636a6d0a998d085f71fd4d2c658ee6da3c1fdbb4

SHA512
c604e4c18d3d31d72d8f66d4f0a17db0a317c023f3c7edbd3410d8d988053490c8164d3b7a08c599e4d9023d7f6714d017ab541fdd1c6198652d2b6fc152dd0a

Download Submit
C:\Windows\System\SjYURVn.exe

Filesize
1.8MB

MD5
22cdf6175870105fd7b9aed19114ed23

SHA1
14c019b2281732812e95db7f9ada028a92f61123

SHA256
f801b8f389c0cc0d2249dec3466fc7985bc1347b6b036fb55d314517aa6982a0

SHA512
ccb28bc8faf92dcd216d52cf3965ae45cad25790403ef3e4cb89414fdff73ef45c9c79ba556fd0a95ffc7147701804d60ebb70e9d9972be60b46a7badfa5fb37

Download Submit
C:\Windows\System\TIJOqay.exe

Filesize
1.8MB

MD5
f427e8b9add001fb198a7eecda25eff4

SHA1
80a3ed912936704363be81e00060a1cf10671e88

SHA256
7341bdc219cb732afec2089611e385d2028175eb73576646c371245f7d1ed315

SHA512
52f9e57512f2c50855718f4fabd84b63c2a42899eedca795621ad8aa9128a5fb11583f36643e85c2156a219edfc9f244271b2e65a548c4d0f9a2646e1754fcae

Download Submit
C:\Windows\System\TmrjrZz.exe

Filesize
1.8MB

MD5
ed406d26c9ef1bc0e028b2546a847911

SHA1
5599e8a981e16c5acdf53c39e53adecce31ffad3

SHA256
6514d83d0890cd2ab3244598b6b6c24c3478ae96c4915d88108e7acef0a6577c

SHA512
9e012a45a806a59717c6bdc73cb90b492aa79c1a7e85aa1d067f697615208c995819163d4de50330cf840d259087f73b7013be2af34e7369bc673e812d3b21b1

Download Submit
C:\Windows\System\VFwcoGT.exe

Filesize
1.8MB

MD5
9205ef32d52bd0bcc93068af1030f07f

SHA1
d66816650fca224ec8c0061af318bd9112491eab

SHA256
ecb2d6d1e361926c56b7a9f88ae29a80e70653542a3cd17937266a8dbce90b0c

SHA512
6e51bb2c50d02c63a7421e9c8568a4eb357c6e30d4476ee68db619e3b22219db620a07f0eb27e31a54ba0a75b11a27033d4f0cae19423fc5450339d801862b30

Download Submit
C:\Windows\System\WOojPHv.exe

Filesize
1.8MB

MD5
9635bfe1554266f8c5c758811144931e

SHA1
ca2a12801c1d12e2859ef56f2cac637188527c3a

SHA256
6c60d9360d5a10386a4cc8c55e29907adfec62d36f956ffc35c1f4d81231b9a3

SHA512
414f159cee86c30eb3a982e3dc7c59b4e4e565fd7a6d553e1150feb91705e2a6986580313cc46e3de44e8ba54077d4cf84bd769d1a0d249a385536e0d8940cdc

Download Submit
C:\Windows\System\WkVnNZB.exe

Filesize
1.8MB

MD5
36cca4cacd2dad706f360fe39c98b91a

SHA1
27fc7af1296ce72dcda2cd46b35d2952d215de80

SHA256
d4a322f73c293003cc16c2846296b01e53e57dea6619512126d575246f543800

SHA512
48a2529c7a877cc72ae8654c4e5245f67eea57acd33fe104138dbbb0d511b19d3c59cf80d6b9a32b7d4da70baf2441e4b4dddd33d4cc15cf00bb1922fd0851bf

Download Submit
C:\Windows\System\ZAwmuPm.exe

Filesize
1.8MB

MD5
a7f67771220065f53b7bc8909a021579

SHA1
4a9079f3bff82344f74185d8ab0ad61e2982aeec

SHA256
476f4727271ecc8313f6d10411a99e9d4181b17065b6f496ff4f59fae14fe49a

SHA512
595a63246d51aa2b52c4581f2f122641351a68529ed251bab6f34d4c203ffdc1ec5249a6f4c48af4f064f07394fa9a2acd2a5770ad6c3d9063289055de9b5a78

Download Submit
C:\Windows\System\bgFtDuB.exe

Filesize
1.8MB

MD5
d163402893f8894d69e4292c10162998

SHA1
b2f93665e57579e9598a1afac1e5c756f6589a0d

SHA256
7a30f5f2497d441a9d6de2f9722ac52d134f18d6676861bd430c0729b8e209c4

SHA512
f9b5b01d213a45d8a2826e7b21a8648a92fa2ce1055ba490c8aaddd1c8c05aaa45598a9b04ca342c1e877881f22fe849f84dbc7d6896106b150eb88a3cc0ae31

Download Submit
C:\Windows\System\ckxYldt.exe

Filesize
1.8MB

MD5
d8458238b8615bc39514caf2b1e86e52

SHA1
d3f98508b1d3666f87c12232245c33aaa43aad2a

SHA256
4b000e3e73370bf4ac2e950873781a6a8ac4099051af3b9646b08de022b987db

SHA512
a40097add0aebb62aa2c12cc8c58fc1c19111075279bedc81292a68265687d54c544b460ccfc293fd311145e6912949b58f8ae76885bd895ddad7a804a3ac9f8

Download Submit
C:\Windows\System\eNeURxK.exe

Filesize
1.8MB

MD5
77653eebd4bdf2614b7ec0acd388e951

SHA1
976edb2d7760fd160c2dcd949153f63c570e55df

SHA256
4158a1d0ce8f1d57c9040d36de1e74740a4b7eba12a79b6cde14e38ec1061a28

SHA512
c8cbc7e3a01e9a514bd58cd7a67c8bfc3f524f828ae4d2bec3461b92ca5adc17cf12c59b5662c8f64e4361c04896f6320b63d4a87aa08065d1a7ee6b454994ab

Download Submit
C:\Windows\System\fSkjapU.exe

Filesize
1.8MB

MD5
19700cd11d2717ee552c1bb8e55fd5cf

SHA1
71d28f3e5c3991ecb5bd82fb1c61acbf4b517353

SHA256
39f8e687aa24dd3ed3b12407a62ac48317be48c890203895132541931cff74de

SHA512
27a7680948a49e1f1f0361c4464f4986a9501d456d299140fecf4c6f8d86f8dcdf41c5d5d0dc2b8ad887b4751af9411f1eda016dcb98c8f5ef9622b60acffc87

Download Submit
C:\Windows\System\gKHLllL.exe

Filesize
1.8MB

MD5
0f8e2bb02925d6c7220ca681f45587a6

SHA1
b6b6657e506d1d788bc7d8ddd9762ac43cc6e96f

SHA256
236b1ab4aee53ad3c10680063c101c7c87bc961e1e919f19e58d088aa27cdab4

SHA512
f75232cb0054e960d552d5f06de5383b008d6eaaa3cae8e4b6b180286df930989dc177891f0d19ae0e65ee290a77f5c773b0e9adf9ddd8c3f341ec3f008d4b7b

Download Submit
C:\Windows\System\lXabPKZ.exe

Filesize
1.8MB

MD5
992b8f269aed3c6e21476391f0dd3f4b

SHA1
e03d296bc277a5b27ef5301499a22734a1c0c916

SHA256
fffc94fbda75a666189a962085fa1a1c1e45a743128308431533a68daeff5e63

SHA512
5f4f7b731c980e8920d646cdfea2f8f3d947488dbd5dcdf54bdf08233529f81b0ac48e47781df953b322ff056f05f882c76004c7e3159c936bd506287ee92e6d

Download Submit
C:\Windows\System\okzDghp.exe

Filesize
1.8MB

MD5
58137a6acb0833a997d3863a0b8189fb

SHA1
9d6ecd90c28d495120d2d9a3a9128f2618352828

SHA256
053d8b6b940793206a0adc5a446c899b0a1ff90dd0112445a799b39f23622076

SHA512
f220cae0d3cf2d7028507657f337c5004e8d58d3a29d05fdb82ff28a22803f92ff5759d104daea438ea039c11af24c3d65b96b16bca55fca95e5fe4251206ece

Download Submit
C:\Windows\System\pLFJDrl.exe

Filesize
1.8MB

MD5
d6b8b76489f9f93b4a4329f9e2655631

SHA1
c1c1201babe8c55151db8a2f4719155adfe58a22

SHA256
380b11f5908fc63ae67bd515076b4eac0d18abb9adccf505194fa10aa3adfd54

SHA512
38c9d77d0d00b65209b8aee4932f8410dca2c60bd49298d8d5381ea5b59e2de769fd7b823ce81252e0b36ce684d5f51b3a739bdce1dcd6356c8892d663baf891

Download Submit
C:\Windows\System\pXyTzSG.exe

Filesize
1.8MB

MD5
decc3c1f163479ff4f67ee939f0e8caa

SHA1
956a2471b9cf95829e3ca9419b3608ddf67afe5c

SHA256
fb5abafb45077ae5b274f87627f472d21f17732350e2f801f72a3b824fb5abf2

SHA512
d53a812f7f6877e24d1542d2aebd9ba3f8b0b0602c985593616c9099955816e785356fd5bb444b2d389a355b3b0a67837b0fc6a14fae4bc8d778b6914d7f05bc

Download Submit
C:\Windows\System\upnqVSG.exe

Filesize
1.8MB

MD5
706ef170e67227044fb615eb332a565d

SHA1
141411ed8268078e99d99e019124f9dfbe587ede

SHA256
60d021c1e0d7767164a79d1062022e32fc5090f26c701d6edd0cec7d09722e3b

SHA512
4302eca036cf26207ab2c18991d2d4bfc3c5288992b3b452bed2e5e369d9b10ad69caa3eca2fd67ee544a59e22eb842ecf35544944c4a9f4b0a9e0896e518e0d

Download Submit
C:\Windows\System\xYTglHp.exe

Filesize
1.8MB

MD5
79befa1635eb68530aa0a6bda0479b0d

SHA1
4b46540430f0fd6d7660e066641b012f7d8274d8

SHA256
19039b9b28e8f04af5330d8cf04b406bd503ddd61ab87a80af59ddf180f41570

SHA512
cff0624d94d99803c64fed8cc49ea97db4cfdd6c54ce865c23ebe527f43b3441fc424195c6e2ed4e56bf95def1510865719f13d73a0be641d25e83f010a6a2fd

Download Submit
C:\Windows\System\xZdqWdg.exe

Filesize
1.8MB

MD5
eb548b65a3905713709c16aba5be184c

SHA1
ab3b379f4557ed94077c9baa12ac85102c0afd7b

SHA256
c20b663062bd688d243ccfd5647592bdb91c38d2f732f710eba01a796d3521f5

SHA512
90ec393837db658af3ab1736c654c4a35987ec8484a85a5c70ece3fa081918586aec6cd0ed3d32d64e217a9cd97a7f7130ae3e7de96e1c189fed712593d8fef1

Download Submit
C:\Windows\System\xgPAUlW.exe

Filesize
1.8MB

MD5
89cf65c7f3075119fc6fa68c50e98157

SHA1
0a806c2f1a2a0ebaeb8fa41bb5c9efea528d883e

SHA256
101f9ad6296dbaa55669649b34d9982090784eb02e7e8efa4698e7c6d1c28277

SHA512
edd34120b685cc75005b2c36c238c8e90c3c2fe27b580009e6ec367ff3315db69be34d28baadbfae72b680cade829be645af7be2d757359c6ae77f20ef1921f7

Download Submit
C:\Windows\System\ykUGKlg.exe

Filesize
1.8MB

MD5
57d69c8effff38842832fec21d5399f5

SHA1
d67c69baee425c9bb4209ab08fa7ee769549eece

SHA256
88c6e966b221e793f8b30ea31913ce64ba0955923eebafac304b6510974e9b32

SHA512
a7596230f6da52cb5204f7b721fa9e19b2fb6fbcec20a916e4b5a801b1aab6f2aea3531cae153fec3f168aef3f747b5fac6e6dda3d47851ed82f4a8050746427

Download Submit
C:\Windows\System\ymJIMNf.exe

Filesize
1.8MB

MD5
0b187d7520cb5b952dae1e96bb33d130

SHA1
ffa4b049c5f9bf2182050094017e74e119e57709

SHA256
00b8f125a9f8af02f08a1fd70ef86131937ac3902fc085803e7f342c28ed1ad4

SHA512
a1971e645e9c9d921f0fa7276a473012a35806b76ed9378c8702a51c1fcdcede7b67beae6d2d3adc5f4cbe61c7b2a4211de74519ffcdd472b52e08dbf5eb653f

Download Submit
C:\Windows\System\yxoJBGt.exe

Filesize
1.8MB

MD5
ece6287a0d6a5e15236f75e54f65560c

SHA1
33c098ad8d34729508905fb90e4130c50b48b873

SHA256
00b30404cbf0a46316cc6c965374c21a648f652ac38c0ed42ecbcf846a9abc4e

SHA512
8ec1aff3fbe782bb897845f35c89801c64aa6b455eecc28a494bd6d25d56dce7c546f1eb465dcb03e111c82ecf03deab975573ac27b4fc793ccd87cda737284f

Download Submit
C:\Windows\System\zVORvVj.exe

Filesize
1.8MB

MD5
e2575a3d702102ce6a6210b42383e4df

SHA1
5c490929451d64a619b5bd05ef7503088ccddde6

SHA256
6a7940e526d7b90df4b200acdc923508d9e799ab396ce1a2e53c33bbdbbbdf20

SHA512
68ce4faae878f1f0ae5c7b4d94b1b172e696a0016119fe2c79103dc2030da78f47fe969560bb110b4077ff4b37412ccd75774b11ddd26fef9d72b5efeba96f87

Download Submit
C:\Windows\System\zXjMCfH.exe

Filesize
1.8MB

MD5
e6d498feb9475e7ba24b7c23b07f64a1

SHA1
4c8ae52dcbfefdabc20d23a778d36ab5152d98d5

SHA256
e1baaa93daa80419bf4d85eb2acf4bd7deeb2c1ec65b421718a9b2a9dffa688d

SHA512
7cf25aa2f68efc08cd6aafc92e0dab8ea2da636c07c446300c9ac367c1918c9f873a131de7b5b4c66d9a7a16a2def66edf7a5d33a266ac8371b721d8524f4a75

Download Submit
memory/412-2198-0x00007FF7BB710000-0x00007FF7BBA64000-memory.dmp

Filesize
3.3MB

Download
memory/412-754-0x00007FF7BB710000-0x00007FF7BBA64000-memory.dmp

Filesize
3.3MB

Download
memory/440-2203-0x00007FF67A400000-0x00007FF67A754000-memory.dmp

Filesize
3.3MB

Download
memory/440-745-0x00007FF67A400000-0x00007FF67A754000-memory.dmp

Filesize
3.3MB

Download
memory/516-707-0x00007FF69FE10000-0x00007FF6A0164000-memory.dmp

Filesize
3.3MB

Download
memory/516-2194-0x00007FF69FE10000-0x00007FF6A0164000-memory.dmp

Filesize
3.3MB

Download
memory/632-0-0x00007FF7E6100000-0x00007FF7E6454000-memory.dmp

Filesize
3.3MB

Download
memory/632-1-0x000001933C470000-0x000001933C480000-memory.dmp

Filesize
64KB

Download
memory/764-692-0x00007FF758E70000-0x00007FF7591C4000-memory.dmp

Filesize
3.3MB

Download
memory/764-2191-0x00007FF758E70000-0x00007FF7591C4000-memory.dmp

Filesize
3.3MB

Download
memory/812-756-0x00007FF66FCD0000-0x00007FF670024000-memory.dmp

Filesize
3.3MB

Download
memory/812-2208-0x00007FF66FCD0000-0x00007FF670024000-memory.dmp

Filesize
3.3MB

Download
memory/1180-749-0x00007FF750E80000-0x00007FF7511D4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2207-0x00007FF750E80000-0x00007FF7511D4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-2181-0x00007FF7ACD80000-0x00007FF7AD0D4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-8-0x00007FF7ACD80000-0x00007FF7AD0D4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-2205-0x00007FF7CAA20000-0x00007FF7CAD74000-memory.dmp

Filesize
3.3MB

Download
memory/1444-740-0x00007FF7CAA20000-0x00007FF7CAD74000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2196-0x00007FF7867B0000-0x00007FF786B04000-memory.dmp

Filesize
3.3MB

Download
memory/2128-702-0x00007FF7867B0000-0x00007FF786B04000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2187-0x00007FF6B9860000-0x00007FF6B9BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-688-0x00007FF6B9860000-0x00007FF6B9BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2200-0x00007FF668C20000-0x00007FF668F74000-memory.dmp

Filesize
3.3MB

Download
memory/2436-761-0x00007FF668C20000-0x00007FF668F74000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2193-0x00007FF795C70000-0x00007FF795FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-691-0x00007FF795C70000-0x00007FF795FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2197-0x00007FF6DF7A0000-0x00007FF6DFAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-720-0x00007FF6DF7A0000-0x00007FF6DFAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-755-0x00007FF6DF270000-0x00007FF6DF5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2209-0x00007FF6DF270000-0x00007FF6DF5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2183-0x00007FF767DA0000-0x00007FF7680F4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-689-0x00007FF767DA0000-0x00007FF7680F4000-memory.dmp

Filesize
3.3MB

Download
memory/3124-710-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp

Filesize
3.3MB

Download
memory/3124-2199-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2202-0x00007FF72B340000-0x00007FF72B694000-memory.dmp

Filesize
3.3MB

Download
memory/3268-748-0x00007FF72B340000-0x00007FF72B694000-memory.dmp

Filesize
3.3MB

Download
memory/3316-695-0x00007FF732740000-0x00007FF732A94000-memory.dmp

Filesize
3.3MB

Download
memory/3316-2192-0x00007FF732740000-0x00007FF732A94000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2195-0x00007FF68EAE0000-0x00007FF68EE34000-memory.dmp

Filesize
3.3MB

Download
memory/4012-727-0x00007FF68EAE0000-0x00007FF68EE34000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2201-0x00007FF63AAB0000-0x00007FF63AE04000-memory.dmp

Filesize
3.3MB

Download
memory/4148-753-0x00007FF63AAB0000-0x00007FF63AE04000-memory.dmp

Filesize
3.3MB

Download
memory/4288-693-0x00007FF729660000-0x00007FF7299B4000-memory.dmp

Filesize
3.3MB

Download
memory/4288-2190-0x00007FF729660000-0x00007FF7299B4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-2186-0x00007FF6F7380000-0x00007FF6F76D4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-762-0x00007FF6F7380000-0x00007FF6F76D4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2188-0x00007FF626B90000-0x00007FF626EE4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-687-0x00007FF626B90000-0x00007FF626EE4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2189-0x00007FF656870000-0x00007FF656BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-694-0x00007FF656870000-0x00007FF656BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2206-0x00007FF712270000-0x00007FF7125C4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-759-0x00007FF712270000-0x00007FF7125C4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-690-0x00007FF6E2500000-0x00007FF6E2854000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2184-0x00007FF6E2500000-0x00007FF6E2854000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2204-0x00007FF669C80000-0x00007FF669FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-735-0x00007FF669C80000-0x00007FF669FD4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2185-0x00007FF64FDE0000-0x00007FF650134000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2180-0x00007FF64FDE0000-0x00007FF650134000-memory.dmp

Filesize
3.3MB

Download
memory/5080-24-0x00007FF64FDE0000-0x00007FF650134000-memory.dmp

Filesize
3.3MB

Download
memory/5104-16-0x00007FF654AE0000-0x00007FF654E34000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2182-0x00007FF654AE0000-0x00007FF654E34000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads