xmrig | fde304965638c989f84db8464dfab418bdd30cdd27b33d291df09ed8ca47f3a1

Analysis

max time kernel
102s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 07:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
Size

2.4MB
MD5

9932636f14f9aaac9ed2ab5e7eb95b60
SHA1

cf8637d77923c71a48574630630daf38c75532ea
SHA256

fde304965638c989f84db8464dfab418bdd30cdd27b33d291df09ed8ca47f3a1
SHA512

4d46123937516b385805a84d6370f8e2ec6f71b426671172377411afc17efdf8d6965c295acee9aa125a3e0d99024f551703f2f38d599f6ca0c185758926bdd1
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQw5UPeNliw8s/E/GYsqq:BemTLkNdfE0pZrQI

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4616-0-0x00007FF60E580000-0x00007FF60E8D4000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/files/0x00070000000233f2-16.dat	xmrig
behavioral2/files/0x00070000000233f4-24.dat	xmrig
behavioral2/files/0x00070000000233f6-33.dat	xmrig
behavioral2/files/0x00070000000233f8-44.dat	xmrig
behavioral2/files/0x00070000000233fa-56.dat	xmrig
behavioral2/files/0x00070000000233fc-68.dat	xmrig
behavioral2/files/0x0007000000023400-90.dat	xmrig
behavioral2/files/0x00080000000233ef-130.dat	xmrig
behavioral2/files/0x000700000002340d-152.dat	xmrig
behavioral2/memory/3128-168-0x00007FF7712A0000-0x00007FF7715F4000-memory.dmp	xmrig
behavioral2/memory/2912-172-0x00007FF6F6740000-0x00007FF6F6A94000-memory.dmp	xmrig
behavioral2/memory/3480-177-0x00007FF745AB0000-0x00007FF745E04000-memory.dmp	xmrig
behavioral2/memory/4704-184-0x00007FF6FF9F0000-0x00007FF6FFD44000-memory.dmp	xmrig
behavioral2/memory/2672-186-0x00007FF710F50000-0x00007FF7112A4000-memory.dmp	xmrig
behavioral2/memory/4608-185-0x00007FF6AA660000-0x00007FF6AA9B4000-memory.dmp	xmrig
behavioral2/memory/5040-183-0x00007FF7E4DE0000-0x00007FF7E5134000-memory.dmp	xmrig
behavioral2/memory/2368-182-0x00007FF77AE60000-0x00007FF77B1B4000-memory.dmp	xmrig
behavioral2/memory/4660-181-0x00007FF618E80000-0x00007FF6191D4000-memory.dmp	xmrig
behavioral2/memory/4220-180-0x00007FF69E5F0000-0x00007FF69E944000-memory.dmp	xmrig
behavioral2/memory/2308-179-0x00007FF751410000-0x00007FF751764000-memory.dmp	xmrig
behavioral2/memory/4092-178-0x00007FF765220000-0x00007FF765574000-memory.dmp	xmrig
behavioral2/memory/4832-176-0x00007FF69CC60000-0x00007FF69CFB4000-memory.dmp	xmrig
behavioral2/memory/4412-175-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp	xmrig
behavioral2/memory/2148-174-0x00007FF75CD70000-0x00007FF75D0C4000-memory.dmp	xmrig
behavioral2/memory/4768-173-0x00007FF686C10000-0x00007FF686F64000-memory.dmp	xmrig
behavioral2/memory/4680-171-0x00007FF7D46D0000-0x00007FF7D4A24000-memory.dmp	xmrig
behavioral2/memory/1736-170-0x00007FF7A9550000-0x00007FF7A98A4000-memory.dmp	xmrig
behavioral2/memory/1964-169-0x00007FF641900000-0x00007FF641C54000-memory.dmp	xmrig
behavioral2/memory/2764-167-0x00007FF795200000-0x00007FF795554000-memory.dmp	xmrig
behavioral2/memory/4568-164-0x00007FF69DF80000-0x00007FF69E2D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-162.dat	xmrig
behavioral2/files/0x000700000002340b-160.dat	xmrig
behavioral2/files/0x000700000002340a-158.dat	xmrig
behavioral2/files/0x0007000000023409-156.dat	xmrig
behavioral2/files/0x0007000000023408-154.dat	xmrig
behavioral2/memory/2596-153-0x00007FF797BB0000-0x00007FF797F04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023406-150.dat	xmrig
behavioral2/memory/3056-149-0x00007FF61B740000-0x00007FF61BA94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-140.dat	xmrig
behavioral2/files/0x0007000000023405-117.dat	xmrig
behavioral2/files/0x0007000000023404-115.dat	xmrig
behavioral2/files/0x0007000000023403-113.dat	xmrig
behavioral2/files/0x00070000000233fe-111.dat	xmrig
behavioral2/files/0x0007000000023402-109.dat	xmrig
behavioral2/files/0x0007000000023401-107.dat	xmrig
behavioral2/files/0x00070000000233fd-103.dat	xmrig
behavioral2/memory/3432-99-0x00007FF794D20000-0x00007FF795074000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ff-97.dat	xmrig
behavioral2/memory/1112-81-0x00007FF774F60000-0x00007FF7752B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fb-73.dat	xmrig
behavioral2/files/0x00070000000233f9-67.dat	xmrig
behavioral2/memory/1820-61-0x00007FF64A330000-0x00007FF64A684000-memory.dmp	xmrig
behavioral2/memory/1392-50-0x00007FF743E50000-0x00007FF7441A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f7-43.dat	xmrig
behavioral2/files/0x00070000000233f5-40.dat	xmrig
behavioral2/files/0x000a0000000233ea-26.dat	xmrig
behavioral2/files/0x00070000000233f3-34.dat	xmrig
behavioral2/memory/3708-31-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp	xmrig
behavioral2/memory/1824-13-0x00007FF73E290000-0x00007FF73E5E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-189.dat	xmrig
behavioral2/files/0x000700000002340f-191.dat	xmrig
behavioral2/memory/4616-2157-0x00007FF60E580000-0x00007FF60E8D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1824	lrOoDSJ.exe
2308	VVXioKL.exe
3708	iOhcpau.exe
1392	SsQkFon.exe
4220	BowIXfM.exe
1820	kNusduE.exe
1112	tAcwbQS.exe
3432	ZPFzrix.exe
4660	vqYBBBP.exe
3056	kGEQdcz.exe
2368	uBAqrJm.exe
2596	drlEiiz.exe
5040	YecLZXv.exe
4568	jAUZQNz.exe
2764	fWqjogL.exe
4704	EFqzdqb.exe
3128	ModhrQe.exe
1964	KZYStug.exe
1736	WTcGRwH.exe
4680	dkvaaXh.exe
4608	vzDlfnN.exe
2912	MaMNLvE.exe
4768	udoQLNH.exe
2148	yPhShsg.exe
2672	RScunkg.exe
4412	aJZJnAR.exe
4832	Tzjvhqy.exe
3480	vgrxoWd.exe
4092	KvzMLiR.exe
1504	kmrHuur.exe
5004	OflLtYu.exe
4632	nXvcmGd.exe
2720	hOHxHnB.exe
3048	WPZYGOd.exe
2928	dVeUMFf.exe
3328	JalbpXL.exe
3184	hVZGRgn.exe
1536	mZRpPlw.exe
828	xxVaFBO.exe
1160	jgDiQzo.exe
1336	qUKOkCt.exe
624	UhNHbeB.exe
3144	wNeBqRR.exe
4348	xxbHmmv.exe
2184	UgPqTyA.exe
772	FCUXbpL.exe
3956	yrUgUPH.exe
3592	rAharcY.exe
2120	xZlikKj.exe
2068	kAabcmx.exe
1332	TbLeBQQ.exe
2768	iSzHcAy.exe
3960	hSnAEXQ.exe
2708	nIWmCMh.exe
4712	xYSfgsm.exe
2812	SBEHDJK.exe
3700	ZwwEodQ.exe
1020	YmGkLDC.exe
428	vjmPhVc.exe
5080	xDsZliq.exe
4300	SmewCys.exe
2508	BeUDFXH.exe
224	uStuecL.exe
4064	UyxBLFP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4616-0-0x00007FF60E580000-0x00007FF60E8D4000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x00070000000233f2-16.dat	upx
behavioral2/files/0x00070000000233f4-24.dat	upx
behavioral2/files/0x00070000000233f6-33.dat	upx
behavioral2/files/0x00070000000233f8-44.dat	upx
behavioral2/files/0x00070000000233fa-56.dat	upx
behavioral2/files/0x00070000000233fc-68.dat	upx
behavioral2/files/0x0007000000023400-90.dat	upx
behavioral2/files/0x00080000000233ef-130.dat	upx
behavioral2/files/0x000700000002340d-152.dat	upx
behavioral2/memory/3128-168-0x00007FF7712A0000-0x00007FF7715F4000-memory.dmp	upx
behavioral2/memory/2912-172-0x00007FF6F6740000-0x00007FF6F6A94000-memory.dmp	upx
behavioral2/memory/3480-177-0x00007FF745AB0000-0x00007FF745E04000-memory.dmp	upx
behavioral2/memory/4704-184-0x00007FF6FF9F0000-0x00007FF6FFD44000-memory.dmp	upx
behavioral2/memory/2672-186-0x00007FF710F50000-0x00007FF7112A4000-memory.dmp	upx
behavioral2/memory/4608-185-0x00007FF6AA660000-0x00007FF6AA9B4000-memory.dmp	upx
behavioral2/memory/5040-183-0x00007FF7E4DE0000-0x00007FF7E5134000-memory.dmp	upx
behavioral2/memory/2368-182-0x00007FF77AE60000-0x00007FF77B1B4000-memory.dmp	upx
behavioral2/memory/4660-181-0x00007FF618E80000-0x00007FF6191D4000-memory.dmp	upx
behavioral2/memory/4220-180-0x00007FF69E5F0000-0x00007FF69E944000-memory.dmp	upx
behavioral2/memory/2308-179-0x00007FF751410000-0x00007FF751764000-memory.dmp	upx
behavioral2/memory/4092-178-0x00007FF765220000-0x00007FF765574000-memory.dmp	upx
behavioral2/memory/4832-176-0x00007FF69CC60000-0x00007FF69CFB4000-memory.dmp	upx
behavioral2/memory/4412-175-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp	upx
behavioral2/memory/2148-174-0x00007FF75CD70000-0x00007FF75D0C4000-memory.dmp	upx
behavioral2/memory/4768-173-0x00007FF686C10000-0x00007FF686F64000-memory.dmp	upx
behavioral2/memory/4680-171-0x00007FF7D46D0000-0x00007FF7D4A24000-memory.dmp	upx
behavioral2/memory/1736-170-0x00007FF7A9550000-0x00007FF7A98A4000-memory.dmp	upx
behavioral2/memory/1964-169-0x00007FF641900000-0x00007FF641C54000-memory.dmp	upx
behavioral2/memory/2764-167-0x00007FF795200000-0x00007FF795554000-memory.dmp	upx
behavioral2/memory/4568-164-0x00007FF69DF80000-0x00007FF69E2D4000-memory.dmp	upx
behavioral2/files/0x000700000002340c-162.dat	upx
behavioral2/files/0x000700000002340b-160.dat	upx
behavioral2/files/0x000700000002340a-158.dat	upx
behavioral2/files/0x0007000000023409-156.dat	upx
behavioral2/files/0x0007000000023408-154.dat	upx
behavioral2/memory/2596-153-0x00007FF797BB0000-0x00007FF797F04000-memory.dmp	upx
behavioral2/files/0x0007000000023406-150.dat	upx
behavioral2/memory/3056-149-0x00007FF61B740000-0x00007FF61BA94000-memory.dmp	upx
behavioral2/files/0x0007000000023407-140.dat	upx
behavioral2/files/0x0007000000023405-117.dat	upx
behavioral2/files/0x0007000000023404-115.dat	upx
behavioral2/files/0x0007000000023403-113.dat	upx
behavioral2/files/0x00070000000233fe-111.dat	upx
behavioral2/files/0x0007000000023402-109.dat	upx
behavioral2/files/0x0007000000023401-107.dat	upx
behavioral2/files/0x00070000000233fd-103.dat	upx
behavioral2/memory/3432-99-0x00007FF794D20000-0x00007FF795074000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-97.dat	upx
behavioral2/memory/1112-81-0x00007FF774F60000-0x00007FF7752B4000-memory.dmp	upx
behavioral2/files/0x00070000000233fb-73.dat	upx
behavioral2/files/0x00070000000233f9-67.dat	upx
behavioral2/memory/1820-61-0x00007FF64A330000-0x00007FF64A684000-memory.dmp	upx
behavioral2/memory/1392-50-0x00007FF743E50000-0x00007FF7441A4000-memory.dmp	upx
behavioral2/files/0x00070000000233f7-43.dat	upx
behavioral2/files/0x00070000000233f5-40.dat	upx
behavioral2/files/0x000a0000000233ea-26.dat	upx
behavioral2/files/0x00070000000233f3-34.dat	upx
behavioral2/memory/3708-31-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp	upx
behavioral2/memory/1824-13-0x00007FF73E290000-0x00007FF73E5E4000-memory.dmp	upx
behavioral2/files/0x000700000002340e-189.dat	upx
behavioral2/files/0x000700000002340f-191.dat	upx
behavioral2/memory/4616-2157-0x00007FF60E580000-0x00007FF60E8D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rAharcY.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\iiTJNzG.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\pcmIGAx.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\UMsdMch.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\wYkgBSk.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\xaOMnHc.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\MXRnSlQ.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\SgshXgp.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\awBRhtL.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\oCMPCMe.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\JeHDAnm.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\lpvuFhe.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\muOwmpI.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\fcaokzK.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\VuLURUz.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\xTfKmUe.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\LtZHJSD.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\TmXRPBV.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\WIPHEQJ.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\gipJMqb.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\gItkOwz.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\rLdAtoT.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\kJzzaTG.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\ZQfhBfT.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\NQcMDOX.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\EFqzdqb.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\MaMNLvE.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\WPZYGOd.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\BGNXLZl.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\xMHqELJ.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\ipBqYKc.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\flTVUZV.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\nFKNBNA.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\isoxedG.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\wVygOSJ.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\qXYJaGL.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\pqmYSbZ.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\fRvtoss.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\cYFRaqr.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\xiWleQo.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\WIgRJBG.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\fOTVtXw.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\nIWmCMh.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\iGAQcNo.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\CcPVQnS.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\udirkbl.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\DIUGLKC.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\eyByWbY.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\wXtvrZB.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\dwgXuyO.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\KTyEdpv.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\yWSyheU.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\kmrHuur.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\hOHxHnB.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\vjmPhVc.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\iWNnUYN.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\rbwdexi.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\xOxgLKF.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\nqhNGqZ.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\VtUzDSe.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\BeUDFXH.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\AZoqyqj.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\loOgrFd.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
File created	C:\Windows\System\gRGxkFN.exe	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14212	dwm.exe
Token: SeChangeNotifyPrivilege	14212	dwm.exe
Token: 33	14212	dwm.exe
Token: SeIncBasePriorityPrivilege	14212	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 1824	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	84
PID 4616 wrote to memory of 1824	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	84
PID 4616 wrote to memory of 2308	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	85
PID 4616 wrote to memory of 2308	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	85
PID 4616 wrote to memory of 3708	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	86
PID 4616 wrote to memory of 3708	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	86
PID 4616 wrote to memory of 1392	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	87
PID 4616 wrote to memory of 1392	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	87
PID 4616 wrote to memory of 4220	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	88
PID 4616 wrote to memory of 4220	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	88
PID 4616 wrote to memory of 1820	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	89
PID 4616 wrote to memory of 1820	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	89
PID 4616 wrote to memory of 1112	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	90
PID 4616 wrote to memory of 1112	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	90
PID 4616 wrote to memory of 3432	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	91
PID 4616 wrote to memory of 3432	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	91
PID 4616 wrote to memory of 3056	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	92
PID 4616 wrote to memory of 3056	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	92
PID 4616 wrote to memory of 4660	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	93
PID 4616 wrote to memory of 4660	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	93
PID 4616 wrote to memory of 2368	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	94
PID 4616 wrote to memory of 2368	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	94
PID 4616 wrote to memory of 2596	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	95
PID 4616 wrote to memory of 2596	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	95
PID 4616 wrote to memory of 5040	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	96
PID 4616 wrote to memory of 5040	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	96
PID 4616 wrote to memory of 4568	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	97
PID 4616 wrote to memory of 4568	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	97
PID 4616 wrote to memory of 2764	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	98
PID 4616 wrote to memory of 2764	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	98
PID 4616 wrote to memory of 4704	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	99
PID 4616 wrote to memory of 4704	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	99
PID 4616 wrote to memory of 3128	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	100
PID 4616 wrote to memory of 3128	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	100
PID 4616 wrote to memory of 1964	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	101
PID 4616 wrote to memory of 1964	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	101
PID 4616 wrote to memory of 1736	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	102
PID 4616 wrote to memory of 1736	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	102
PID 4616 wrote to memory of 4680	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	103
PID 4616 wrote to memory of 4680	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	103
PID 4616 wrote to memory of 4608	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	104
PID 4616 wrote to memory of 4608	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	104
PID 4616 wrote to memory of 2912	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	105
PID 4616 wrote to memory of 2912	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	105
PID 4616 wrote to memory of 4768	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	106
PID 4616 wrote to memory of 4768	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	106
PID 4616 wrote to memory of 2148	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	107
PID 4616 wrote to memory of 2148	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	107
PID 4616 wrote to memory of 2672	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	108
PID 4616 wrote to memory of 2672	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	108
PID 4616 wrote to memory of 4412	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	109
PID 4616 wrote to memory of 4412	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	109
PID 4616 wrote to memory of 4832	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	110
PID 4616 wrote to memory of 4832	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	110
PID 4616 wrote to memory of 3480	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	111
PID 4616 wrote to memory of 3480	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	111
PID 4616 wrote to memory of 4092	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	112
PID 4616 wrote to memory of 4092	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	112
PID 4616 wrote to memory of 1504	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	113
PID 4616 wrote to memory of 1504	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	113
PID 4616 wrote to memory of 5004	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	114
PID 4616 wrote to memory of 5004	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	114
PID 4616 wrote to memory of 4632	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	115
PID 4616 wrote to memory of 4632	4616	9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9932636f14f9aaac9ed2ab5e7eb95b60_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\System\lrOoDSJ.exe
  C:\Windows\System\lrOoDSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\VVXioKL.exe
  C:\Windows\System\VVXioKL.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\iOhcpau.exe
  C:\Windows\System\iOhcpau.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\SsQkFon.exe
  C:\Windows\System\SsQkFon.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\BowIXfM.exe
  C:\Windows\System\BowIXfM.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\kNusduE.exe
  C:\Windows\System\kNusduE.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\tAcwbQS.exe
  C:\Windows\System\tAcwbQS.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\ZPFzrix.exe
  C:\Windows\System\ZPFzrix.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\kGEQdcz.exe
  C:\Windows\System\kGEQdcz.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\vqYBBBP.exe
  C:\Windows\System\vqYBBBP.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\uBAqrJm.exe
  C:\Windows\System\uBAqrJm.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\drlEiiz.exe
  C:\Windows\System\drlEiiz.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\YecLZXv.exe
  C:\Windows\System\YecLZXv.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\jAUZQNz.exe
  C:\Windows\System\jAUZQNz.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\fWqjogL.exe
  C:\Windows\System\fWqjogL.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\EFqzdqb.exe
  C:\Windows\System\EFqzdqb.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\ModhrQe.exe
  C:\Windows\System\ModhrQe.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\KZYStug.exe
  C:\Windows\System\KZYStug.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\WTcGRwH.exe
  C:\Windows\System\WTcGRwH.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\dkvaaXh.exe
  C:\Windows\System\dkvaaXh.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\vzDlfnN.exe
  C:\Windows\System\vzDlfnN.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\MaMNLvE.exe
  C:\Windows\System\MaMNLvE.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\udoQLNH.exe
  C:\Windows\System\udoQLNH.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\yPhShsg.exe
  C:\Windows\System\yPhShsg.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\RScunkg.exe
  C:\Windows\System\RScunkg.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\aJZJnAR.exe
  C:\Windows\System\aJZJnAR.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\Tzjvhqy.exe
  C:\Windows\System\Tzjvhqy.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\vgrxoWd.exe
  C:\Windows\System\vgrxoWd.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\KvzMLiR.exe
  C:\Windows\System\KvzMLiR.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\kmrHuur.exe
  C:\Windows\System\kmrHuur.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\OflLtYu.exe
  C:\Windows\System\OflLtYu.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\nXvcmGd.exe
  C:\Windows\System\nXvcmGd.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\hOHxHnB.exe
  C:\Windows\System\hOHxHnB.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\WPZYGOd.exe
  C:\Windows\System\WPZYGOd.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\dVeUMFf.exe
  C:\Windows\System\dVeUMFf.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\JalbpXL.exe
  C:\Windows\System\JalbpXL.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\hVZGRgn.exe
  C:\Windows\System\hVZGRgn.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\mZRpPlw.exe
  C:\Windows\System\mZRpPlw.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\xxVaFBO.exe
  C:\Windows\System\xxVaFBO.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\jgDiQzo.exe
  C:\Windows\System\jgDiQzo.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\qUKOkCt.exe
  C:\Windows\System\qUKOkCt.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\UhNHbeB.exe
  C:\Windows\System\UhNHbeB.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\wNeBqRR.exe
  C:\Windows\System\wNeBqRR.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\xxbHmmv.exe
  C:\Windows\System\xxbHmmv.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\UgPqTyA.exe
  C:\Windows\System\UgPqTyA.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\FCUXbpL.exe
  C:\Windows\System\FCUXbpL.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\yrUgUPH.exe
  C:\Windows\System\yrUgUPH.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\rAharcY.exe
  C:\Windows\System\rAharcY.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\xZlikKj.exe
  C:\Windows\System\xZlikKj.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\kAabcmx.exe
  C:\Windows\System\kAabcmx.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\TbLeBQQ.exe
  C:\Windows\System\TbLeBQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\iSzHcAy.exe
  C:\Windows\System\iSzHcAy.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\hSnAEXQ.exe
  C:\Windows\System\hSnAEXQ.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\nIWmCMh.exe
  C:\Windows\System\nIWmCMh.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\xYSfgsm.exe
  C:\Windows\System\xYSfgsm.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\SBEHDJK.exe
  C:\Windows\System\SBEHDJK.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\ZwwEodQ.exe
  C:\Windows\System\ZwwEodQ.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\YmGkLDC.exe
  C:\Windows\System\YmGkLDC.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\vjmPhVc.exe
  C:\Windows\System\vjmPhVc.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\xDsZliq.exe
  C:\Windows\System\xDsZliq.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\SmewCys.exe
  C:\Windows\System\SmewCys.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\BeUDFXH.exe
  C:\Windows\System\BeUDFXH.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\uStuecL.exe
  C:\Windows\System\uStuecL.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\UyxBLFP.exe
  C:\Windows\System\UyxBLFP.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\ISfZJAb.exe
  C:\Windows\System\ISfZJAb.exe
  2⤵
  PID:4684
- C:\Windows\System\TsJQLsS.exe
  C:\Windows\System\TsJQLsS.exe
  2⤵
  PID:2076
- C:\Windows\System\aKqSqhj.exe
  C:\Windows\System\aKqSqhj.exe
  2⤵
  PID:2096
- C:\Windows\System\XOgmMGQ.exe
  C:\Windows\System\XOgmMGQ.exe
  2⤵
  PID:940
- C:\Windows\System\iGAQcNo.exe
  C:\Windows\System\iGAQcNo.exe
  2⤵
  PID:3340
- C:\Windows\System\nBLckUC.exe
  C:\Windows\System\nBLckUC.exe
  2⤵
  PID:2156
- C:\Windows\System\eASSRfz.exe
  C:\Windows\System\eASSRfz.exe
  2⤵
  PID:2212
- C:\Windows\System\aWVlaYT.exe
  C:\Windows\System\aWVlaYT.exe
  2⤵
  PID:1388
- C:\Windows\System\QMegYHr.exe
  C:\Windows\System\QMegYHr.exe
  2⤵
  PID:2556
- C:\Windows\System\lbswFRX.exe
  C:\Windows\System\lbswFRX.exe
  2⤵
  PID:4844
- C:\Windows\System\wLRFSRq.exe
  C:\Windows\System\wLRFSRq.exe
  2⤵
  PID:4888
- C:\Windows\System\LfeNctL.exe
  C:\Windows\System\LfeNctL.exe
  2⤵
  PID:2616
- C:\Windows\System\ukgGogP.exe
  C:\Windows\System\ukgGogP.exe
  2⤵
  PID:3600
- C:\Windows\System\VhgxTwf.exe
  C:\Windows\System\VhgxTwf.exe
  2⤵
  PID:3988
- C:\Windows\System\xCmGYrE.exe
  C:\Windows\System\xCmGYrE.exe
  2⤵
  PID:2072
- C:\Windows\System\GfAvJJB.exe
  C:\Windows\System\GfAvJJB.exe
  2⤵
  PID:4132
- C:\Windows\System\awBRhtL.exe
  C:\Windows\System\awBRhtL.exe
  2⤵
  PID:3636
- C:\Windows\System\oQkjArX.exe
  C:\Windows\System\oQkjArX.exe
  2⤵
  PID:3152
- C:\Windows\System\IhKVDkt.exe
  C:\Windows\System\IhKVDkt.exe
  2⤵
  PID:2800
- C:\Windows\System\bGvajvX.exe
  C:\Windows\System\bGvajvX.exe
  2⤵
  PID:1412
- C:\Windows\System\LMimYyT.exe
  C:\Windows\System\LMimYyT.exe
  2⤵
  PID:2460
- C:\Windows\System\isoxedG.exe
  C:\Windows\System\isoxedG.exe
  2⤵
  PID:3644
- C:\Windows\System\zMabuiw.exe
  C:\Windows\System\zMabuiw.exe
  2⤵
  PID:1320
- C:\Windows\System\gDRWFEK.exe
  C:\Windows\System\gDRWFEK.exe
  2⤵
  PID:4860
- C:\Windows\System\BGNXLZl.exe
  C:\Windows\System\BGNXLZl.exe
  2⤵
  PID:1500
- C:\Windows\System\VOBkQHO.exe
  C:\Windows\System\VOBkQHO.exe
  2⤵
  PID:4968
- C:\Windows\System\GaEFOuy.exe
  C:\Windows\System\GaEFOuy.exe
  2⤵
  PID:3704
- C:\Windows\System\OTTgynm.exe
  C:\Windows\System\OTTgynm.exe
  2⤵
  PID:1424
- C:\Windows\System\EuVxWqR.exe
  C:\Windows\System\EuVxWqR.exe
  2⤵
  PID:2244
- C:\Windows\System\jyGoJqs.exe
  C:\Windows\System\jyGoJqs.exe
  2⤵
  PID:3052
- C:\Windows\System\oCMPCMe.exe
  C:\Windows\System\oCMPCMe.exe
  2⤵
  PID:1076
- C:\Windows\System\jIrqSMy.exe
  C:\Windows\System\jIrqSMy.exe
  2⤵
  PID:2044
- C:\Windows\System\Nnkjbbb.exe
  C:\Windows\System\Nnkjbbb.exe
  2⤵
  PID:2932
- C:\Windows\System\CcPVQnS.exe
  C:\Windows\System\CcPVQnS.exe
  2⤵
  PID:3668
- C:\Windows\System\yEYZvvt.exe
  C:\Windows\System\yEYZvvt.exe
  2⤵
  PID:4876
- C:\Windows\System\nWYDKfE.exe
  C:\Windows\System\nWYDKfE.exe
  2⤵
  PID:5136
- C:\Windows\System\tYACPWa.exe
  C:\Windows\System\tYACPWa.exe
  2⤵
  PID:5168
- C:\Windows\System\qOmfYST.exe
  C:\Windows\System\qOmfYST.exe
  2⤵
  PID:5200
- C:\Windows\System\gYkTDwx.exe
  C:\Windows\System\gYkTDwx.exe
  2⤵
  PID:5228
- C:\Windows\System\StIwOkz.exe
  C:\Windows\System\StIwOkz.exe
  2⤵
  PID:5252
- C:\Windows\System\IhoODeQ.exe
  C:\Windows\System\IhoODeQ.exe
  2⤵
  PID:5284
- C:\Windows\System\OujvEWx.exe
  C:\Windows\System\OujvEWx.exe
  2⤵
  PID:5312
- C:\Windows\System\yYBhtKQ.exe
  C:\Windows\System\yYBhtKQ.exe
  2⤵
  PID:5340
- C:\Windows\System\fBRRjKl.exe
  C:\Windows\System\fBRRjKl.exe
  2⤵
  PID:5372
- C:\Windows\System\ENeLMLZ.exe
  C:\Windows\System\ENeLMLZ.exe
  2⤵
  PID:5396
- C:\Windows\System\ZThPmIy.exe
  C:\Windows\System\ZThPmIy.exe
  2⤵
  PID:5424
- C:\Windows\System\xNEJycc.exe
  C:\Windows\System\xNEJycc.exe
  2⤵
  PID:5452
- C:\Windows\System\YrGvUNp.exe
  C:\Windows\System\YrGvUNp.exe
  2⤵
  PID:5484
- C:\Windows\System\kDEQwGM.exe
  C:\Windows\System\kDEQwGM.exe
  2⤵
  PID:5512
- C:\Windows\System\kJzzaTG.exe
  C:\Windows\System\kJzzaTG.exe
  2⤵
  PID:5540
- C:\Windows\System\WlRjrvg.exe
  C:\Windows\System\WlRjrvg.exe
  2⤵
  PID:5568
- C:\Windows\System\wZjivjo.exe
  C:\Windows\System\wZjivjo.exe
  2⤵
  PID:5600
- C:\Windows\System\ZfUCxYZ.exe
  C:\Windows\System\ZfUCxYZ.exe
  2⤵
  PID:5632
- C:\Windows\System\qXFFrpr.exe
  C:\Windows\System\qXFFrpr.exe
  2⤵
  PID:5656
- C:\Windows\System\MKxSLZt.exe
  C:\Windows\System\MKxSLZt.exe
  2⤵
  PID:5684
- C:\Windows\System\RLcfeVp.exe
  C:\Windows\System\RLcfeVp.exe
  2⤵
  PID:5712
- C:\Windows\System\rgvlwfz.exe
  C:\Windows\System\rgvlwfz.exe
  2⤵
  PID:5744
- C:\Windows\System\LZpkhYH.exe
  C:\Windows\System\LZpkhYH.exe
  2⤵
  PID:5768
- C:\Windows\System\qCpSuGU.exe
  C:\Windows\System\qCpSuGU.exe
  2⤵
  PID:5796
- C:\Windows\System\udirkbl.exe
  C:\Windows\System\udirkbl.exe
  2⤵
  PID:5824
- C:\Windows\System\CDktHZe.exe
  C:\Windows\System\CDktHZe.exe
  2⤵
  PID:5856
- C:\Windows\System\iWNnUYN.exe
  C:\Windows\System\iWNnUYN.exe
  2⤵
  PID:5880
- C:\Windows\System\IaMHkGX.exe
  C:\Windows\System\IaMHkGX.exe
  2⤵
  PID:5912
- C:\Windows\System\IRzkHwz.exe
  C:\Windows\System\IRzkHwz.exe
  2⤵
  PID:5936
- C:\Windows\System\hgbRTKp.exe
  C:\Windows\System\hgbRTKp.exe
  2⤵
  PID:5968
- C:\Windows\System\IzTYopI.exe
  C:\Windows\System\IzTYopI.exe
  2⤵
  PID:6000
- C:\Windows\System\ykXiInb.exe
  C:\Windows\System\ykXiInb.exe
  2⤵
  PID:6028
- C:\Windows\System\BXFULQd.exe
  C:\Windows\System\BXFULQd.exe
  2⤵
  PID:6052
- C:\Windows\System\KBlNrBZ.exe
  C:\Windows\System\KBlNrBZ.exe
  2⤵
  PID:6092
- C:\Windows\System\zRKpTPK.exe
  C:\Windows\System\zRKpTPK.exe
  2⤵
  PID:6116
- C:\Windows\System\zoTfOos.exe
  C:\Windows\System\zoTfOos.exe
  2⤵
  PID:5128
- C:\Windows\System\fWSBfgc.exe
  C:\Windows\System\fWSBfgc.exe
  2⤵
  PID:5188
- C:\Windows\System\VgywzMc.exe
  C:\Windows\System\VgywzMc.exe
  2⤵
  PID:5220
- C:\Windows\System\jwtpfnm.exe
  C:\Windows\System\jwtpfnm.exe
  2⤵
  PID:5308
- C:\Windows\System\mmWZzUH.exe
  C:\Windows\System\mmWZzUH.exe
  2⤵
  PID:5388
- C:\Windows\System\HjBitxN.exe
  C:\Windows\System\HjBitxN.exe
  2⤵
  PID:5420
- C:\Windows\System\UMHDgQa.exe
  C:\Windows\System\UMHDgQa.exe
  2⤵
  PID:5476
- C:\Windows\System\xSaNlcU.exe
  C:\Windows\System\xSaNlcU.exe
  2⤵
  PID:5564
- C:\Windows\System\hSFCQnh.exe
  C:\Windows\System\hSFCQnh.exe
  2⤵
  PID:5644
- C:\Windows\System\vvnybIa.exe
  C:\Windows\System\vvnybIa.exe
  2⤵
  PID:5680
- C:\Windows\System\XUvRvIp.exe
  C:\Windows\System\XUvRvIp.exe
  2⤵
  PID:5752
- C:\Windows\System\xMCCdyZ.exe
  C:\Windows\System\xMCCdyZ.exe
  2⤵
  PID:5812
- C:\Windows\System\qtgtQnj.exe
  C:\Windows\System\qtgtQnj.exe
  2⤵
  PID:5892
- C:\Windows\System\afiygop.exe
  C:\Windows\System\afiygop.exe
  2⤵
  PID:5952
- C:\Windows\System\WvVhiMf.exe
  C:\Windows\System\WvVhiMf.exe
  2⤵
  PID:6024
- C:\Windows\System\mtSmtRM.exe
  C:\Windows\System\mtSmtRM.exe
  2⤵
  PID:6040
- C:\Windows\System\NSrNgoq.exe
  C:\Windows\System\NSrNgoq.exe
  2⤵
  PID:6112
- C:\Windows\System\RPRNyHX.exe
  C:\Windows\System\RPRNyHX.exe
  2⤵
  PID:6140
- C:\Windows\System\fadYCbW.exe
  C:\Windows\System\fadYCbW.exe
  2⤵
  PID:5216
- C:\Windows\System\gRGxkFN.exe
  C:\Windows\System\gRGxkFN.exe
  2⤵
  PID:5328
- C:\Windows\System\hbidYMh.exe
  C:\Windows\System\hbidYMh.exe
  2⤵
  PID:5552
- C:\Windows\System\WdqSVIb.exe
  C:\Windows\System\WdqSVIb.exe
  2⤵
  PID:5668
- C:\Windows\System\NSQMaET.exe
  C:\Windows\System\NSQMaET.exe
  2⤵
  PID:5704
- C:\Windows\System\uulxJws.exe
  C:\Windows\System\uulxJws.exe
  2⤵
  PID:6060
- C:\Windows\System\brVqaoT.exe
  C:\Windows\System\brVqaoT.exe
  2⤵
  PID:5416
- C:\Windows\System\PjVPvcx.exe
  C:\Windows\System\PjVPvcx.exe
  2⤵
  PID:5792
- C:\Windows\System\rbwdexi.exe
  C:\Windows\System\rbwdexi.exe
  2⤵
  PID:5464
- C:\Windows\System\BqeFkwl.exe
  C:\Windows\System\BqeFkwl.exe
  2⤵
  PID:5988
- C:\Windows\System\QkdVcle.exe
  C:\Windows\System\QkdVcle.exe
  2⤵
  PID:6184
- C:\Windows\System\KNJETZJ.exe
  C:\Windows\System\KNJETZJ.exe
  2⤵
  PID:6224
- C:\Windows\System\tggEKwP.exe
  C:\Windows\System\tggEKwP.exe
  2⤵
  PID:6272
- C:\Windows\System\Pjouhwr.exe
  C:\Windows\System\Pjouhwr.exe
  2⤵
  PID:6292
- C:\Windows\System\MrnxIZh.exe
  C:\Windows\System\MrnxIZh.exe
  2⤵
  PID:6320
- C:\Windows\System\tYtHOsx.exe
  C:\Windows\System\tYtHOsx.exe
  2⤵
  PID:6348
- C:\Windows\System\ESyGKvH.exe
  C:\Windows\System\ESyGKvH.exe
  2⤵
  PID:6392
- C:\Windows\System\kQaeaGz.exe
  C:\Windows\System\kQaeaGz.exe
  2⤵
  PID:6432
- C:\Windows\System\cfZKLDl.exe
  C:\Windows\System\cfZKLDl.exe
  2⤵
  PID:6456
- C:\Windows\System\tgOKInN.exe
  C:\Windows\System\tgOKInN.exe
  2⤵
  PID:6492
- C:\Windows\System\fXTPPaJ.exe
  C:\Windows\System\fXTPPaJ.exe
  2⤵
  PID:6516
- C:\Windows\System\sMlaERV.exe
  C:\Windows\System\sMlaERV.exe
  2⤵
  PID:6556
- C:\Windows\System\iqWzgXS.exe
  C:\Windows\System\iqWzgXS.exe
  2⤵
  PID:6572
- C:\Windows\System\hTXPmiW.exe
  C:\Windows\System\hTXPmiW.exe
  2⤵
  PID:6612
- C:\Windows\System\doWfHMu.exe
  C:\Windows\System\doWfHMu.exe
  2⤵
  PID:6640
- C:\Windows\System\nQNhqaB.exe
  C:\Windows\System\nQNhqaB.exe
  2⤵
  PID:6676
- C:\Windows\System\ODgLmSP.exe
  C:\Windows\System\ODgLmSP.exe
  2⤵
  PID:6696
- C:\Windows\System\wsAYeCb.exe
  C:\Windows\System\wsAYeCb.exe
  2⤵
  PID:6724
- C:\Windows\System\wqxCYrh.exe
  C:\Windows\System\wqxCYrh.exe
  2⤵
  PID:6752
- C:\Windows\System\iWmkknq.exe
  C:\Windows\System\iWmkknq.exe
  2⤵
  PID:6780
- C:\Windows\System\JwvFBnl.exe
  C:\Windows\System\JwvFBnl.exe
  2⤵
  PID:6808
- C:\Windows\System\AiBcivn.exe
  C:\Windows\System\AiBcivn.exe
  2⤵
  PID:6836
- C:\Windows\System\EfgeDRa.exe
  C:\Windows\System\EfgeDRa.exe
  2⤵
  PID:6868
- C:\Windows\System\mcoKJjJ.exe
  C:\Windows\System\mcoKJjJ.exe
  2⤵
  PID:6904
- C:\Windows\System\QHNTtKZ.exe
  C:\Windows\System\QHNTtKZ.exe
  2⤵
  PID:6924
- C:\Windows\System\yrCytlI.exe
  C:\Windows\System\yrCytlI.exe
  2⤵
  PID:6948
- C:\Windows\System\ypQrzTd.exe
  C:\Windows\System\ypQrzTd.exe
  2⤵
  PID:6964
- C:\Windows\System\xOxgLKF.exe
  C:\Windows\System\xOxgLKF.exe
  2⤵
  PID:7004
- C:\Windows\System\BdlJWSI.exe
  C:\Windows\System\BdlJWSI.exe
  2⤵
  PID:7020
- C:\Windows\System\EonJxam.exe
  C:\Windows\System\EonJxam.exe
  2⤵
  PID:7060
- C:\Windows\System\PKapdyU.exe
  C:\Windows\System\PKapdyU.exe
  2⤵
  PID:7076
- C:\Windows\System\JkueftB.exe
  C:\Windows\System\JkueftB.exe
  2⤵
  PID:7116
- C:\Windows\System\FvVEgZl.exe
  C:\Windows\System\FvVEgZl.exe
  2⤵
  PID:7144
- C:\Windows\System\NrOiWwn.exe
  C:\Windows\System\NrOiWwn.exe
  2⤵
  PID:7160
- C:\Windows\System\CxXUYEq.exe
  C:\Windows\System\CxXUYEq.exe
  2⤵
  PID:6176
- C:\Windows\System\ZvQqhsK.exe
  C:\Windows\System\ZvQqhsK.exe
  2⤵
  PID:6212
- C:\Windows\System\nebBDJu.exe
  C:\Windows\System\nebBDJu.exe
  2⤵
  PID:6308
- C:\Windows\System\QvcMmbX.exe
  C:\Windows\System\QvcMmbX.exe
  2⤵
  PID:6372
- C:\Windows\System\MopgJym.exe
  C:\Windows\System\MopgJym.exe
  2⤵
  PID:6452
- C:\Windows\System\ZzSpWEP.exe
  C:\Windows\System\ZzSpWEP.exe
  2⤵
  PID:6488
- C:\Windows\System\ceAoNys.exe
  C:\Windows\System\ceAoNys.exe
  2⤵
  PID:6564
- C:\Windows\System\NdLQijS.exe
  C:\Windows\System\NdLQijS.exe
  2⤵
  PID:6660
- C:\Windows\System\lNACeTj.exe
  C:\Windows\System\lNACeTj.exe
  2⤵
  PID:6716
- C:\Windows\System\qrXYbGt.exe
  C:\Windows\System\qrXYbGt.exe
  2⤵
  PID:6768
- C:\Windows\System\zpvxwZM.exe
  C:\Windows\System\zpvxwZM.exe
  2⤵
  PID:6792
- C:\Windows\System\gALrKWJ.exe
  C:\Windows\System\gALrKWJ.exe
  2⤵
  PID:6912
- C:\Windows\System\sDlptIb.exe
  C:\Windows\System\sDlptIb.exe
  2⤵
  PID:6984
- C:\Windows\System\eVwzkNF.exe
  C:\Windows\System\eVwzkNF.exe
  2⤵
  PID:7048
- C:\Windows\System\XGMUuBX.exe
  C:\Windows\System\XGMUuBX.exe
  2⤵
  PID:7068
- C:\Windows\System\rbrjcCs.exe
  C:\Windows\System\rbrjcCs.exe
  2⤵
  PID:6152
- C:\Windows\System\lKVOytW.exe
  C:\Windows\System\lKVOytW.exe
  2⤵
  PID:6232
- C:\Windows\System\fFLTfun.exe
  C:\Windows\System\fFLTfun.exe
  2⤵
  PID:6468
- C:\Windows\System\dvKQCeQ.exe
  C:\Windows\System\dvKQCeQ.exe
  2⤵
  PID:6528
- C:\Windows\System\WYKGtNG.exe
  C:\Windows\System\WYKGtNG.exe
  2⤵
  PID:5980
- C:\Windows\System\axjNqSY.exe
  C:\Windows\System\axjNqSY.exe
  2⤵
  PID:6748
- C:\Windows\System\mBjHcKL.exe
  C:\Windows\System\mBjHcKL.exe
  2⤵
  PID:6828
- C:\Windows\System\boIITmK.exe
  C:\Windows\System\boIITmK.exe
  2⤵
  PID:7016
- C:\Windows\System\wysNirp.exe
  C:\Windows\System\wysNirp.exe
  2⤵
  PID:5508
- C:\Windows\System\XrgVJSU.exe
  C:\Windows\System\XrgVJSU.exe
  2⤵
  PID:6480
- C:\Windows\System\QNCawPS.exe
  C:\Windows\System\QNCawPS.exe
  2⤵
  PID:6800
- C:\Windows\System\xcCityc.exe
  C:\Windows\System\xcCityc.exe
  2⤵
  PID:6168
- C:\Windows\System\bPeNpwI.exe
  C:\Windows\System\bPeNpwI.exe
  2⤵
  PID:6632
- C:\Windows\System\qlScCrx.exe
  C:\Windows\System\qlScCrx.exe
  2⤵
  PID:7100
- C:\Windows\System\MmJOpQP.exe
  C:\Windows\System\MmJOpQP.exe
  2⤵
  PID:7196
- C:\Windows\System\lBwurqq.exe
  C:\Windows\System\lBwurqq.exe
  2⤵
  PID:7224
- C:\Windows\System\uDkQfXT.exe
  C:\Windows\System\uDkQfXT.exe
  2⤵
  PID:7240
- C:\Windows\System\FpARnFK.exe
  C:\Windows\System\FpARnFK.exe
  2⤵
  PID:7268
- C:\Windows\System\RLOalPj.exe
  C:\Windows\System\RLOalPj.exe
  2⤵
  PID:7300
- C:\Windows\System\XhYnBPV.exe
  C:\Windows\System\XhYnBPV.exe
  2⤵
  PID:7336
- C:\Windows\System\EcTkPOq.exe
  C:\Windows\System\EcTkPOq.exe
  2⤵
  PID:7360
- C:\Windows\System\yVmOsdL.exe
  C:\Windows\System\yVmOsdL.exe
  2⤵
  PID:7388
- C:\Windows\System\dzaaKtX.exe
  C:\Windows\System\dzaaKtX.exe
  2⤵
  PID:7416
- C:\Windows\System\NUVeayB.exe
  C:\Windows\System\NUVeayB.exe
  2⤵
  PID:7436
- C:\Windows\System\KGZQBFR.exe
  C:\Windows\System\KGZQBFR.exe
  2⤵
  PID:7476
- C:\Windows\System\KGQVAhs.exe
  C:\Windows\System\KGQVAhs.exe
  2⤵
  PID:7500
- C:\Windows\System\kHAKSTs.exe
  C:\Windows\System\kHAKSTs.exe
  2⤵
  PID:7520
- C:\Windows\System\ZLDRRrF.exe
  C:\Windows\System\ZLDRRrF.exe
  2⤵
  PID:7548
- C:\Windows\System\eEdZGZE.exe
  C:\Windows\System\eEdZGZE.exe
  2⤵
  PID:7580
- C:\Windows\System\wZPNTCB.exe
  C:\Windows\System\wZPNTCB.exe
  2⤵
  PID:7604
- C:\Windows\System\BHYBAxq.exe
  C:\Windows\System\BHYBAxq.exe
  2⤵
  PID:7644
- C:\Windows\System\VPHprMQ.exe
  C:\Windows\System\VPHprMQ.exe
  2⤵
  PID:7672
- C:\Windows\System\idFqUPq.exe
  C:\Windows\System\idFqUPq.exe
  2⤵
  PID:7700
- C:\Windows\System\baAccOD.exe
  C:\Windows\System\baAccOD.exe
  2⤵
  PID:7716
- C:\Windows\System\ckvLAOF.exe
  C:\Windows\System\ckvLAOF.exe
  2⤵
  PID:7744
- C:\Windows\System\ggTAfmx.exe
  C:\Windows\System\ggTAfmx.exe
  2⤵
  PID:7760
- C:\Windows\System\yqScIFX.exe
  C:\Windows\System\yqScIFX.exe
  2⤵
  PID:7788
- C:\Windows\System\yKQDuUO.exe
  C:\Windows\System\yKQDuUO.exe
  2⤵
  PID:7820
- C:\Windows\System\AZoqyqj.exe
  C:\Windows\System\AZoqyqj.exe
  2⤵
  PID:7856
- C:\Windows\System\eVhXmtG.exe
  C:\Windows\System\eVhXmtG.exe
  2⤵
  PID:7884
- C:\Windows\System\HotQnYc.exe
  C:\Windows\System\HotQnYc.exe
  2⤵
  PID:7912
- C:\Windows\System\htYDQpU.exe
  C:\Windows\System\htYDQpU.exe
  2⤵
  PID:7932
- C:\Windows\System\pYPtWVU.exe
  C:\Windows\System\pYPtWVU.exe
  2⤵
  PID:7956
- C:\Windows\System\DIUGLKC.exe
  C:\Windows\System\DIUGLKC.exe
  2⤵
  PID:7996
- C:\Windows\System\otbxQDj.exe
  C:\Windows\System\otbxQDj.exe
  2⤵
  PID:8016
- C:\Windows\System\AqfNeXY.exe
  C:\Windows\System\AqfNeXY.exe
  2⤵
  PID:8052
- C:\Windows\System\VaevfsY.exe
  C:\Windows\System\VaevfsY.exe
  2⤵
  PID:8072
- C:\Windows\System\ULUdVxG.exe
  C:\Windows\System\ULUdVxG.exe
  2⤵
  PID:8108
- C:\Windows\System\SvJpwRK.exe
  C:\Windows\System\SvJpwRK.exe
  2⤵
  PID:8136
- C:\Windows\System\eyByWbY.exe
  C:\Windows\System\eyByWbY.exe
  2⤵
  PID:8164
- C:\Windows\System\QVZwHKa.exe
  C:\Windows\System\QVZwHKa.exe
  2⤵
  PID:6244
- C:\Windows\System\QLVrwUJ.exe
  C:\Windows\System\QLVrwUJ.exe
  2⤵
  PID:7216
- C:\Windows\System\wVygOSJ.exe
  C:\Windows\System\wVygOSJ.exe
  2⤵
  PID:7292
- C:\Windows\System\wXCMbEQ.exe
  C:\Windows\System\wXCMbEQ.exe
  2⤵
  PID:7380
- C:\Windows\System\WfIqvRX.exe
  C:\Windows\System\WfIqvRX.exe
  2⤵
  PID:7408
- C:\Windows\System\ZQfhBfT.exe
  C:\Windows\System\ZQfhBfT.exe
  2⤵
  PID:7464
- C:\Windows\System\sDQimFF.exe
  C:\Windows\System\sDQimFF.exe
  2⤵
  PID:7484
- C:\Windows\System\GKVTZdL.exe
  C:\Windows\System\GKVTZdL.exe
  2⤵
  PID:1368
- C:\Windows\System\VuLURUz.exe
  C:\Windows\System\VuLURUz.exe
  2⤵
  PID:7616
- C:\Windows\System\XPvdHzf.exe
  C:\Windows\System\XPvdHzf.exe
  2⤵
  PID:7664
- C:\Windows\System\MpnSPPb.exe
  C:\Windows\System\MpnSPPb.exe
  2⤵
  PID:4728
- C:\Windows\System\cJZqWGG.exe
  C:\Windows\System\cJZqWGG.exe
  2⤵
  PID:4464
- C:\Windows\System\mvTuxkU.exe
  C:\Windows\System\mvTuxkU.exe
  2⤵
  PID:7808
- C:\Windows\System\wVLtOqW.exe
  C:\Windows\System\wVLtOqW.exe
  2⤵
  PID:7872
- C:\Windows\System\CXOXcVE.exe
  C:\Windows\System\CXOXcVE.exe
  2⤵
  PID:7980
- C:\Windows\System\sPZZHOH.exe
  C:\Windows\System\sPZZHOH.exe
  2⤵
  PID:8060
- C:\Windows\System\FlCJlcH.exe
  C:\Windows\System\FlCJlcH.exe
  2⤵
  PID:8148
- C:\Windows\System\CDITnCW.exe
  C:\Windows\System\CDITnCW.exe
  2⤵
  PID:7192
- C:\Windows\System\qXYJaGL.exe
  C:\Windows\System\qXYJaGL.exe
  2⤵
  PID:7344
- C:\Windows\System\bWQfUSq.exe
  C:\Windows\System\bWQfUSq.exe
  2⤵
  PID:7456
- C:\Windows\System\QeSIrOQ.exe
  C:\Windows\System\QeSIrOQ.exe
  2⤵
  PID:7516
- C:\Windows\System\BjCQoTt.exe
  C:\Windows\System\BjCQoTt.exe
  2⤵
  PID:7844
- C:\Windows\System\ILQIDWj.exe
  C:\Windows\System\ILQIDWj.exe
  2⤵
  PID:7876
- C:\Windows\System\PxUhwDs.exe
  C:\Windows\System\PxUhwDs.exe
  2⤵
  PID:8040
- C:\Windows\System\jnxbKes.exe
  C:\Windows\System\jnxbKes.exe
  2⤵
  PID:8068
- C:\Windows\System\UQwmgxa.exe
  C:\Windows\System\UQwmgxa.exe
  2⤵
  PID:7184
- C:\Windows\System\DshldzU.exe
  C:\Windows\System\DshldzU.exe
  2⤵
  PID:7564
- C:\Windows\System\HTyeJat.exe
  C:\Windows\System\HTyeJat.exe
  2⤵
  PID:7684
- C:\Windows\System\OWZKULE.exe
  C:\Windows\System\OWZKULE.exe
  2⤵
  PID:2784
- C:\Windows\System\aMLBreo.exe
  C:\Windows\System\aMLBreo.exe
  2⤵
  PID:7328
- C:\Windows\System\gcTJXna.exe
  C:\Windows\System\gcTJXna.exe
  2⤵
  PID:7752
- C:\Windows\System\JbwHeFU.exe
  C:\Windows\System\JbwHeFU.exe
  2⤵
  PID:8212
- C:\Windows\System\pTCZZPo.exe
  C:\Windows\System\pTCZZPo.exe
  2⤵
  PID:8240
- C:\Windows\System\iiTJNzG.exe
  C:\Windows\System\iiTJNzG.exe
  2⤵
  PID:8272
- C:\Windows\System\elKkjZl.exe
  C:\Windows\System\elKkjZl.exe
  2⤵
  PID:8300
- C:\Windows\System\RIxqSoc.exe
  C:\Windows\System\RIxqSoc.exe
  2⤵
  PID:8328
- C:\Windows\System\CTWVwXT.exe
  C:\Windows\System\CTWVwXT.exe
  2⤵
  PID:8372
- C:\Windows\System\GCOUKVP.exe
  C:\Windows\System\GCOUKVP.exe
  2⤵
  PID:8396
- C:\Windows\System\YXfipcG.exe
  C:\Windows\System\YXfipcG.exe
  2⤵
  PID:8424
- C:\Windows\System\FqRZGrx.exe
  C:\Windows\System\FqRZGrx.exe
  2⤵
  PID:8464
- C:\Windows\System\VyJqXGc.exe
  C:\Windows\System\VyJqXGc.exe
  2⤵
  PID:8492
- C:\Windows\System\pfLSOME.exe
  C:\Windows\System\pfLSOME.exe
  2⤵
  PID:8524
- C:\Windows\System\bDYBoEy.exe
  C:\Windows\System\bDYBoEy.exe
  2⤵
  PID:8556
- C:\Windows\System\URyjyGQ.exe
  C:\Windows\System\URyjyGQ.exe
  2⤵
  PID:8576
- C:\Windows\System\MUnjrij.exe
  C:\Windows\System\MUnjrij.exe
  2⤵
  PID:8604
- C:\Windows\System\HQAtOdk.exe
  C:\Windows\System\HQAtOdk.exe
  2⤵
  PID:8632
- C:\Windows\System\KGsBCFy.exe
  C:\Windows\System\KGsBCFy.exe
  2⤵
  PID:8660
- C:\Windows\System\FIOMzsY.exe
  C:\Windows\System\FIOMzsY.exe
  2⤵
  PID:8688
- C:\Windows\System\TptfzjB.exe
  C:\Windows\System\TptfzjB.exe
  2⤵
  PID:8716
- C:\Windows\System\cYznIXb.exe
  C:\Windows\System\cYznIXb.exe
  2⤵
  PID:8748
- C:\Windows\System\IXYizmi.exe
  C:\Windows\System\IXYizmi.exe
  2⤵
  PID:8780
- C:\Windows\System\KTyEdpv.exe
  C:\Windows\System\KTyEdpv.exe
  2⤵
  PID:8812
- C:\Windows\System\WCggGQS.exe
  C:\Windows\System\WCggGQS.exe
  2⤵
  PID:8828
- C:\Windows\System\UMaEsQR.exe
  C:\Windows\System\UMaEsQR.exe
  2⤵
  PID:8856
- C:\Windows\System\dsGPkUx.exe
  C:\Windows\System\dsGPkUx.exe
  2⤵
  PID:8884
- C:\Windows\System\DWYSTpV.exe
  C:\Windows\System\DWYSTpV.exe
  2⤵
  PID:8912
- C:\Windows\System\HWkWkeJ.exe
  C:\Windows\System\HWkWkeJ.exe
  2⤵
  PID:8952
- C:\Windows\System\PxOQsPc.exe
  C:\Windows\System\PxOQsPc.exe
  2⤵
  PID:8980
- C:\Windows\System\rOYaVwL.exe
  C:\Windows\System\rOYaVwL.exe
  2⤵
  PID:8996
- C:\Windows\System\ZWnerZJ.exe
  C:\Windows\System\ZWnerZJ.exe
  2⤵
  PID:9036
- C:\Windows\System\NJiioDW.exe
  C:\Windows\System\NJiioDW.exe
  2⤵
  PID:9060
- C:\Windows\System\uMvPkNC.exe
  C:\Windows\System\uMvPkNC.exe
  2⤵
  PID:9084
- C:\Windows\System\hiCnmnl.exe
  C:\Windows\System\hiCnmnl.exe
  2⤵
  PID:9104
- C:\Windows\System\pNIthQa.exe
  C:\Windows\System\pNIthQa.exe
  2⤵
  PID:9124
- C:\Windows\System\NRIxRIA.exe
  C:\Windows\System\NRIxRIA.exe
  2⤵
  PID:9152
- C:\Windows\System\ygiFkEQ.exe
  C:\Windows\System\ygiFkEQ.exe
  2⤵
  PID:9180
- C:\Windows\System\MxtTwPK.exe
  C:\Windows\System\MxtTwPK.exe
  2⤵
  PID:9204
- C:\Windows\System\aOKlIYj.exe
  C:\Windows\System\aOKlIYj.exe
  2⤵
  PID:8224
- C:\Windows\System\nwHiqcC.exe
  C:\Windows\System\nwHiqcC.exe
  2⤵
  PID:8324
- C:\Windows\System\pqmYSbZ.exe
  C:\Windows\System\pqmYSbZ.exe
  2⤵
  PID:8432
- C:\Windows\System\ZkTbKAc.exe
  C:\Windows\System\ZkTbKAc.exe
  2⤵
  PID:8412
- C:\Windows\System\PBPmKmS.exe
  C:\Windows\System\PBPmKmS.exe
  2⤵
  PID:8488
- C:\Windows\System\pcmIGAx.exe
  C:\Windows\System\pcmIGAx.exe
  2⤵
  PID:8568
- C:\Windows\System\AdGByHW.exe
  C:\Windows\System\AdGByHW.exe
  2⤵
  PID:8680
- C:\Windows\System\tsQvhYU.exe
  C:\Windows\System\tsQvhYU.exe
  2⤵
  PID:8672
- C:\Windows\System\xTfKmUe.exe
  C:\Windows\System\xTfKmUe.exe
  2⤵
  PID:8756
- C:\Windows\System\GiTnHFm.exe
  C:\Windows\System\GiTnHFm.exe
  2⤵
  PID:8820
- C:\Windows\System\AccgHjj.exe
  C:\Windows\System\AccgHjj.exe
  2⤵
  PID:8868
- C:\Windows\System\uNZEYuM.exe
  C:\Windows\System\uNZEYuM.exe
  2⤵
  PID:8928
- C:\Windows\System\mhKaeVA.exe
  C:\Windows\System\mhKaeVA.exe
  2⤵
  PID:9028
- C:\Windows\System\GzgqOLc.exe
  C:\Windows\System\GzgqOLc.exe
  2⤵
  PID:9092
- C:\Windows\System\FPsqpnO.exe
  C:\Windows\System\FPsqpnO.exe
  2⤵
  PID:2396
- C:\Windows\System\WTemUjQ.exe
  C:\Windows\System\WTemUjQ.exe
  2⤵
  PID:9136
- C:\Windows\System\mrQgzfh.exe
  C:\Windows\System\mrQgzfh.exe
  2⤵
  PID:9188
- C:\Windows\System\GRAIveX.exe
  C:\Windows\System\GRAIveX.exe
  2⤵
  PID:8448
- C:\Windows\System\fmqrTno.exe
  C:\Windows\System\fmqrTno.exe
  2⤵
  PID:8532
- C:\Windows\System\VubGkHq.exe
  C:\Windows\System\VubGkHq.exe
  2⤵
  PID:8644
- C:\Windows\System\IoRfGfO.exe
  C:\Windows\System\IoRfGfO.exe
  2⤵
  PID:8804
- C:\Windows\System\wEvQojT.exe
  C:\Windows\System\wEvQojT.exe
  2⤵
  PID:8936
- C:\Windows\System\ofWqTZx.exe
  C:\Windows\System\ofWqTZx.exe
  2⤵
  PID:9052
- C:\Windows\System\eqYsblo.exe
  C:\Windows\System\eqYsblo.exe
  2⤵
  PID:4156
- C:\Windows\System\mBWBXbu.exe
  C:\Windows\System\mBWBXbu.exe
  2⤵
  PID:8408
- C:\Windows\System\kYCTkpL.exe
  C:\Windows\System\kYCTkpL.exe
  2⤵
  PID:8932
- C:\Windows\System\KjqDFNN.exe
  C:\Windows\System\KjqDFNN.exe
  2⤵
  PID:1540
- C:\Windows\System\kYgxznS.exe
  C:\Windows\System\kYgxznS.exe
  2⤵
  PID:8676
- C:\Windows\System\YWBQfYt.exe
  C:\Windows\System\YWBQfYt.exe
  2⤵
  PID:8572
- C:\Windows\System\bNVIMNS.exe
  C:\Windows\System\bNVIMNS.exe
  2⤵
  PID:9224
- C:\Windows\System\Mqxbtfj.exe
  C:\Windows\System\Mqxbtfj.exe
  2⤵
  PID:9240
- C:\Windows\System\IjVRHOn.exe
  C:\Windows\System\IjVRHOn.exe
  2⤵
  PID:9276
- C:\Windows\System\KRiLLpd.exe
  C:\Windows\System\KRiLLpd.exe
  2⤵
  PID:9312
- C:\Windows\System\fRvtoss.exe
  C:\Windows\System\fRvtoss.exe
  2⤵
  PID:9340
- C:\Windows\System\HBbcsLk.exe
  C:\Windows\System\HBbcsLk.exe
  2⤵
  PID:9364
- C:\Windows\System\QkcXNgT.exe
  C:\Windows\System\QkcXNgT.exe
  2⤵
  PID:9396
- C:\Windows\System\PIngKvt.exe
  C:\Windows\System\PIngKvt.exe
  2⤵
  PID:9432
- C:\Windows\System\MYBuAeR.exe
  C:\Windows\System\MYBuAeR.exe
  2⤵
  PID:9460
- C:\Windows\System\jlJQPzs.exe
  C:\Windows\System\jlJQPzs.exe
  2⤵
  PID:9496
- C:\Windows\System\nerHTCW.exe
  C:\Windows\System\nerHTCW.exe
  2⤵
  PID:9516
- C:\Windows\System\yAESAjw.exe
  C:\Windows\System\yAESAjw.exe
  2⤵
  PID:9544
- C:\Windows\System\JeHDAnm.exe
  C:\Windows\System\JeHDAnm.exe
  2⤵
  PID:9584
- C:\Windows\System\meMbqde.exe
  C:\Windows\System\meMbqde.exe
  2⤵
  PID:9612
- C:\Windows\System\PSFzPIL.exe
  C:\Windows\System\PSFzPIL.exe
  2⤵
  PID:9636
- C:\Windows\System\zGyqOpL.exe
  C:\Windows\System\zGyqOpL.exe
  2⤵
  PID:9652
- C:\Windows\System\pFvGXIq.exe
  C:\Windows\System\pFvGXIq.exe
  2⤵
  PID:9668
- C:\Windows\System\ibkGNsY.exe
  C:\Windows\System\ibkGNsY.exe
  2⤵
  PID:9696
- C:\Windows\System\yWSyheU.exe
  C:\Windows\System\yWSyheU.exe
  2⤵
  PID:9716
- C:\Windows\System\XAveLrU.exe
  C:\Windows\System\XAveLrU.exe
  2⤵
  PID:9744
- C:\Windows\System\kNtkuJd.exe
  C:\Windows\System\kNtkuJd.exe
  2⤵
  PID:9776
- C:\Windows\System\OVEYLJS.exe
  C:\Windows\System\OVEYLJS.exe
  2⤵
  PID:9804
- C:\Windows\System\RbnSxWL.exe
  C:\Windows\System\RbnSxWL.exe
  2⤵
  PID:9832
- C:\Windows\System\lvCfLNw.exe
  C:\Windows\System\lvCfLNw.exe
  2⤵
  PID:9868
- C:\Windows\System\eWrPuvC.exe
  C:\Windows\System\eWrPuvC.exe
  2⤵
  PID:9896
- C:\Windows\System\sRXaZWT.exe
  C:\Windows\System\sRXaZWT.exe
  2⤵
  PID:9912
- C:\Windows\System\SFxKMHO.exe
  C:\Windows\System\SFxKMHO.exe
  2⤵
  PID:9936
- C:\Windows\System\UwqPDgO.exe
  C:\Windows\System\UwqPDgO.exe
  2⤵
  PID:9980
- C:\Windows\System\dBrawBz.exe
  C:\Windows\System\dBrawBz.exe
  2⤵
  PID:10020
- C:\Windows\System\QWjIlII.exe
  C:\Windows\System\QWjIlII.exe
  2⤵
  PID:10048
- C:\Windows\System\NLfKbGF.exe
  C:\Windows\System\NLfKbGF.exe
  2⤵
  PID:10076
- C:\Windows\System\ItEbCNW.exe
  C:\Windows\System\ItEbCNW.exe
  2⤵
  PID:10092
- C:\Windows\System\DVzGycq.exe
  C:\Windows\System\DVzGycq.exe
  2⤵
  PID:10124
- C:\Windows\System\DAdHIlU.exe
  C:\Windows\System\DAdHIlU.exe
  2⤵
  PID:10164
- C:\Windows\System\AmlPcMh.exe
  C:\Windows\System\AmlPcMh.exe
  2⤵
  PID:10200
- C:\Windows\System\KbRVRdK.exe
  C:\Windows\System\KbRVRdK.exe
  2⤵
  PID:10220
- C:\Windows\System\faasyjD.exe
  C:\Windows\System\faasyjD.exe
  2⤵
  PID:9220
- C:\Windows\System\SGaVxTh.exe
  C:\Windows\System\SGaVxTh.exe
  2⤵
  PID:9260
- C:\Windows\System\EEZVSRb.exe
  C:\Windows\System\EEZVSRb.exe
  2⤵
  PID:9348
- C:\Windows\System\LtZHJSD.exe
  C:\Windows\System\LtZHJSD.exe
  2⤵
  PID:9384
- C:\Windows\System\TmXRPBV.exe
  C:\Windows\System\TmXRPBV.exe
  2⤵
  PID:9476
- C:\Windows\System\GNsxVci.exe
  C:\Windows\System\GNsxVci.exe
  2⤵
  PID:9536
- C:\Windows\System\VwBupvH.exe
  C:\Windows\System\VwBupvH.exe
  2⤵
  PID:9604
- C:\Windows\System\ojhnTLu.exe
  C:\Windows\System\ojhnTLu.exe
  2⤵
  PID:9676
- C:\Windows\System\STnCSVm.exe
  C:\Windows\System\STnCSVm.exe
  2⤵
  PID:9764
- C:\Windows\System\cYFRaqr.exe
  C:\Windows\System\cYFRaqr.exe
  2⤵
  PID:9848
- C:\Windows\System\sKaojjl.exe
  C:\Windows\System\sKaojjl.exe
  2⤵
  PID:9816
- C:\Windows\System\EMYBjkv.exe
  C:\Windows\System\EMYBjkv.exe
  2⤵
  PID:9960
- C:\Windows\System\YdpTcHV.exe
  C:\Windows\System\YdpTcHV.exe
  2⤵
  PID:9992
- C:\Windows\System\uZTxlVq.exe
  C:\Windows\System\uZTxlVq.exe
  2⤵
  PID:10088
- C:\Windows\System\xwdhcuz.exe
  C:\Windows\System\xwdhcuz.exe
  2⤵
  PID:10120
- C:\Windows\System\qPOxNRs.exe
  C:\Windows\System\qPOxNRs.exe
  2⤵
  PID:10176
- C:\Windows\System\UMsdMch.exe
  C:\Windows\System\UMsdMch.exe
  2⤵
  PID:10216
- C:\Windows\System\QXungap.exe
  C:\Windows\System\QXungap.exe
  2⤵
  PID:9272
- C:\Windows\System\cZVlZZy.exe
  C:\Windows\System\cZVlZZy.exe
  2⤵
  PID:9444
- C:\Windows\System\ggzGROv.exe
  C:\Windows\System\ggzGROv.exe
  2⤵
  PID:9504
- C:\Windows\System\ScYtGtG.exe
  C:\Windows\System\ScYtGtG.exe
  2⤵
  PID:9712
- C:\Windows\System\SZueOiw.exe
  C:\Windows\System\SZueOiw.exe
  2⤵
  PID:9828
- C:\Windows\System\dODJHGm.exe
  C:\Windows\System\dODJHGm.exe
  2⤵
  PID:10040
- C:\Windows\System\epYkylo.exe
  C:\Windows\System\epYkylo.exe
  2⤵
  PID:5092
- C:\Windows\System\heTrmOd.exe
  C:\Windows\System\heTrmOd.exe
  2⤵
  PID:9420
- C:\Windows\System\WIPHEQJ.exe
  C:\Windows\System\WIPHEQJ.exe
  2⤵
  PID:9572
- C:\Windows\System\FDTCKNa.exe
  C:\Windows\System\FDTCKNa.exe
  2⤵
  PID:10188
- C:\Windows\System\TCjDBbl.exe
  C:\Windows\System\TCjDBbl.exe
  2⤵
  PID:9648
- C:\Windows\System\SyucXvE.exe
  C:\Windows\System\SyucXvE.exe
  2⤵
  PID:9288
- C:\Windows\System\zFWGRci.exe
  C:\Windows\System\zFWGRci.exe
  2⤵
  PID:10276
- C:\Windows\System\luZVGyk.exe
  C:\Windows\System\luZVGyk.exe
  2⤵
  PID:10304
- C:\Windows\System\ByaDcaC.exe
  C:\Windows\System\ByaDcaC.exe
  2⤵
  PID:10336
- C:\Windows\System\vwNEBZZ.exe
  C:\Windows\System\vwNEBZZ.exe
  2⤵
  PID:10372
- C:\Windows\System\zRZOYgs.exe
  C:\Windows\System\zRZOYgs.exe
  2⤵
  PID:10400
- C:\Windows\System\NnrdUBB.exe
  C:\Windows\System\NnrdUBB.exe
  2⤵
  PID:10436
- C:\Windows\System\xaOMnHc.exe
  C:\Windows\System\xaOMnHc.exe
  2⤵
  PID:10452
- C:\Windows\System\FFDrZwr.exe
  C:\Windows\System\FFDrZwr.exe
  2⤵
  PID:10492
- C:\Windows\System\CjuyLqF.exe
  C:\Windows\System\CjuyLqF.exe
  2⤵
  PID:10536
- C:\Windows\System\OnfbMvk.exe
  C:\Windows\System\OnfbMvk.exe
  2⤵
  PID:10560
- C:\Windows\System\KJVhqpY.exe
  C:\Windows\System\KJVhqpY.exe
  2⤵
  PID:10576
- C:\Windows\System\PZPZizz.exe
  C:\Windows\System\PZPZizz.exe
  2⤵
  PID:10604
- C:\Windows\System\XZiPIIc.exe
  C:\Windows\System\XZiPIIc.exe
  2⤵
  PID:10628
- C:\Windows\System\yVtuJAE.exe
  C:\Windows\System\yVtuJAE.exe
  2⤵
  PID:10664
- C:\Windows\System\pOebYth.exe
  C:\Windows\System\pOebYth.exe
  2⤵
  PID:10692
- C:\Windows\System\jozaWzX.exe
  C:\Windows\System\jozaWzX.exe
  2⤵
  PID:10724
- C:\Windows\System\hltVqnX.exe
  C:\Windows\System\hltVqnX.exe
  2⤵
  PID:10756
- C:\Windows\System\DhJNnVQ.exe
  C:\Windows\System\DhJNnVQ.exe
  2⤵
  PID:10788
- C:\Windows\System\SvXrFiW.exe
  C:\Windows\System\SvXrFiW.exe
  2⤵
  PID:10816
- C:\Windows\System\lpvuFhe.exe
  C:\Windows\System\lpvuFhe.exe
  2⤵
  PID:10840
- C:\Windows\System\zSemwWj.exe
  C:\Windows\System\zSemwWj.exe
  2⤵
  PID:10868
- C:\Windows\System\DNZdxIR.exe
  C:\Windows\System\DNZdxIR.exe
  2⤵
  PID:10888
- C:\Windows\System\TKMmloj.exe
  C:\Windows\System\TKMmloj.exe
  2⤵
  PID:10912
- C:\Windows\System\gipJMqb.exe
  C:\Windows\System\gipJMqb.exe
  2⤵
  PID:10940
- C:\Windows\System\vhfYVpr.exe
  C:\Windows\System\vhfYVpr.exe
  2⤵
  PID:10968
- C:\Windows\System\dBfcceH.exe
  C:\Windows\System\dBfcceH.exe
  2⤵
  PID:11004
- C:\Windows\System\VyvLXsz.exe
  C:\Windows\System\VyvLXsz.exe
  2⤵
  PID:11036
- C:\Windows\System\xXRhdxC.exe
  C:\Windows\System\xXRhdxC.exe
  2⤵
  PID:11064
- C:\Windows\System\mJorPqJ.exe
  C:\Windows\System\mJorPqJ.exe
  2⤵
  PID:11092
- C:\Windows\System\goGpUrd.exe
  C:\Windows\System\goGpUrd.exe
  2⤵
  PID:11124
- C:\Windows\System\PhETJBJ.exe
  C:\Windows\System\PhETJBJ.exe
  2⤵
  PID:11160
- C:\Windows\System\cYnwLxQ.exe
  C:\Windows\System\cYnwLxQ.exe
  2⤵
  PID:11184
- C:\Windows\System\dKfSjnc.exe
  C:\Windows\System\dKfSjnc.exe
  2⤵
  PID:11208
- C:\Windows\System\ffxedMn.exe
  C:\Windows\System\ffxedMn.exe
  2⤵
  PID:11224
- C:\Windows\System\XbKqaEK.exe
  C:\Windows\System\XbKqaEK.exe
  2⤵
  PID:11256
- C:\Windows\System\LFyLstD.exe
  C:\Windows\System\LFyLstD.exe
  2⤵
  PID:10284
- C:\Windows\System\muOwmpI.exe
  C:\Windows\System\muOwmpI.exe
  2⤵
  PID:10244
- C:\Windows\System\MPBkBbU.exe
  C:\Windows\System\MPBkBbU.exe
  2⤵
  PID:10328
- C:\Windows\System\TicWZyD.exe
  C:\Windows\System\TicWZyD.exe
  2⤵
  PID:10480
- C:\Windows\System\DCOZbPU.exe
  C:\Windows\System\DCOZbPU.exe
  2⤵
  PID:10508
- C:\Windows\System\TUwNHpj.exe
  C:\Windows\System\TUwNHpj.exe
  2⤵
  PID:10588
- C:\Windows\System\cVXbTlN.exe
  C:\Windows\System\cVXbTlN.exe
  2⤵
  PID:10652
- C:\Windows\System\MXtQbkH.exe
  C:\Windows\System\MXtQbkH.exe
  2⤵
  PID:10720
- C:\Windows\System\xcTMgxh.exe
  C:\Windows\System\xcTMgxh.exe
  2⤵
  PID:10796
- C:\Windows\System\kirVnlh.exe
  C:\Windows\System\kirVnlh.exe
  2⤵
  PID:10836
- C:\Windows\System\oDVJGaD.exe
  C:\Windows\System\oDVJGaD.exe
  2⤵
  PID:10924
- C:\Windows\System\OkXWlhA.exe
  C:\Windows\System\OkXWlhA.exe
  2⤵
  PID:10960
- C:\Windows\System\jyAJMUO.exe
  C:\Windows\System\jyAJMUO.exe
  2⤵
  PID:11024
- C:\Windows\System\gLtFWVi.exe
  C:\Windows\System\gLtFWVi.exe
  2⤵
  PID:11132
- C:\Windows\System\UyEumFc.exe
  C:\Windows\System\UyEumFc.exe
  2⤵
  PID:11216
- C:\Windows\System\gTzXPQl.exe
  C:\Windows\System\gTzXPQl.exe
  2⤵
  PID:11240
- C:\Windows\System\NMYQcKJ.exe
  C:\Windows\System\NMYQcKJ.exe
  2⤵
  PID:9232
- C:\Windows\System\JhGqCJc.exe
  C:\Windows\System\JhGqCJc.exe
  2⤵
  PID:10360
- C:\Windows\System\xHBtdAb.exe
  C:\Windows\System\xHBtdAb.exe
  2⤵
  PID:10476
- C:\Windows\System\gmFESJL.exe
  C:\Windows\System\gmFESJL.exe
  2⤵
  PID:10624
- C:\Windows\System\mYfOkxG.exe
  C:\Windows\System\mYfOkxG.exe
  2⤵
  PID:10808
- C:\Windows\System\CChegsI.exe
  C:\Windows\System\CChegsI.exe
  2⤵
  PID:10992
- C:\Windows\System\PabbQve.exe
  C:\Windows\System\PabbQve.exe
  2⤵
  PID:11192
- C:\Windows\System\TEIeoXu.exe
  C:\Windows\System\TEIeoXu.exe
  2⤵
  PID:10352
- C:\Windows\System\jOdduWG.exe
  C:\Windows\System\jOdduWG.exe
  2⤵
  PID:10648
- C:\Windows\System\FOkUJNz.exe
  C:\Windows\System\FOkUJNz.exe
  2⤵
  PID:10904
- C:\Windows\System\YGBfFYL.exe
  C:\Windows\System\YGBfFYL.exe
  2⤵
  PID:10752
- C:\Windows\System\lbyAcYT.exe
  C:\Windows\System\lbyAcYT.exe
  2⤵
  PID:11200
- C:\Windows\System\rnizeTn.exe
  C:\Windows\System\rnizeTn.exe
  2⤵
  PID:10856
- C:\Windows\System\UENAYjY.exe
  C:\Windows\System\UENAYjY.exe
  2⤵
  PID:11288
- C:\Windows\System\yCqzGxT.exe
  C:\Windows\System\yCqzGxT.exe
  2⤵
  PID:11328
- C:\Windows\System\diJcYJN.exe
  C:\Windows\System\diJcYJN.exe
  2⤵
  PID:11360
- C:\Windows\System\XfDNfEE.exe
  C:\Windows\System\XfDNfEE.exe
  2⤵
  PID:11384
- C:\Windows\System\qKIHWEC.exe
  C:\Windows\System\qKIHWEC.exe
  2⤵
  PID:11412
- C:\Windows\System\MWtwfXX.exe
  C:\Windows\System\MWtwfXX.exe
  2⤵
  PID:11444
- C:\Windows\System\TKNGraV.exe
  C:\Windows\System\TKNGraV.exe
  2⤵
  PID:11472
- C:\Windows\System\EVoDSKJ.exe
  C:\Windows\System\EVoDSKJ.exe
  2⤵
  PID:11496
- C:\Windows\System\scZYoiK.exe
  C:\Windows\System\scZYoiK.exe
  2⤵
  PID:11524
- C:\Windows\System\CUnyafy.exe
  C:\Windows\System\CUnyafy.exe
  2⤵
  PID:11552
- C:\Windows\System\rXQUEkm.exe
  C:\Windows\System\rXQUEkm.exe
  2⤵
  PID:11584
- C:\Windows\System\UxEuSiz.exe
  C:\Windows\System\UxEuSiz.exe
  2⤵
  PID:11608
- C:\Windows\System\xdAuvSE.exe
  C:\Windows\System\xdAuvSE.exe
  2⤵
  PID:11636
- C:\Windows\System\WIgRJBG.exe
  C:\Windows\System\WIgRJBG.exe
  2⤵
  PID:11652
- C:\Windows\System\WyCdjYe.exe
  C:\Windows\System\WyCdjYe.exe
  2⤵
  PID:11680
- C:\Windows\System\UyRpcjt.exe
  C:\Windows\System\UyRpcjt.exe
  2⤵
  PID:11708
- C:\Windows\System\ueIRuvZ.exe
  C:\Windows\System\ueIRuvZ.exe
  2⤵
  PID:11732
- C:\Windows\System\gilVojL.exe
  C:\Windows\System\gilVojL.exe
  2⤵
  PID:11804
- C:\Windows\System\nqhNGqZ.exe
  C:\Windows\System\nqhNGqZ.exe
  2⤵
  PID:11832
- C:\Windows\System\CWxLdIe.exe
  C:\Windows\System\CWxLdIe.exe
  2⤵
  PID:11848
- C:\Windows\System\vZNpraa.exe
  C:\Windows\System\vZNpraa.exe
  2⤵
  PID:11876
- C:\Windows\System\WKfElMw.exe
  C:\Windows\System\WKfElMw.exe
  2⤵
  PID:11896
- C:\Windows\System\NmaLAur.exe
  C:\Windows\System\NmaLAur.exe
  2⤵
  PID:11920
- C:\Windows\System\btOaNOG.exe
  C:\Windows\System\btOaNOG.exe
  2⤵
  PID:11956
- C:\Windows\System\HIZKpyr.exe
  C:\Windows\System\HIZKpyr.exe
  2⤵
  PID:11984
- C:\Windows\System\PidMesT.exe
  C:\Windows\System\PidMesT.exe
  2⤵
  PID:12016
- C:\Windows\System\oHDATWm.exe
  C:\Windows\System\oHDATWm.exe
  2⤵
  PID:12044
- C:\Windows\System\MZTiPJM.exe
  C:\Windows\System\MZTiPJM.exe
  2⤵
  PID:12060
- C:\Windows\System\bedoTno.exe
  C:\Windows\System\bedoTno.exe
  2⤵
  PID:12084
- C:\Windows\System\YADApYK.exe
  C:\Windows\System\YADApYK.exe
  2⤵
  PID:12116
- C:\Windows\System\VTlRmMm.exe
  C:\Windows\System\VTlRmMm.exe
  2⤵
  PID:12140
- C:\Windows\System\FGWKUvr.exe
  C:\Windows\System\FGWKUvr.exe
  2⤵
  PID:12156
- C:\Windows\System\YMgoLOd.exe
  C:\Windows\System\YMgoLOd.exe
  2⤵
  PID:12180
- C:\Windows\System\miingzQ.exe
  C:\Windows\System\miingzQ.exe
  2⤵
  PID:12216
- C:\Windows\System\OXiGzHz.exe
  C:\Windows\System\OXiGzHz.exe
  2⤵
  PID:12260
- C:\Windows\System\XuXpzSt.exe
  C:\Windows\System\XuXpzSt.exe
  2⤵
  PID:12284
- C:\Windows\System\xMHqELJ.exe
  C:\Windows\System\xMHqELJ.exe
  2⤵
  PID:11352
- C:\Windows\System\ipBqYKc.exe
  C:\Windows\System\ipBqYKc.exe
  2⤵
  PID:11424
- C:\Windows\System\SpEALtW.exe
  C:\Windows\System\SpEALtW.exe
  2⤵
  PID:11480
- C:\Windows\System\oKFFwaN.exe
  C:\Windows\System\oKFFwaN.exe
  2⤵
  PID:11536
- C:\Windows\System\lfbBdQw.exe
  C:\Windows\System\lfbBdQw.exe
  2⤵
  PID:11568
- C:\Windows\System\zgivyLu.exe
  C:\Windows\System\zgivyLu.exe
  2⤵
  PID:11644
- C:\Windows\System\qNfRKtE.exe
  C:\Windows\System\qNfRKtE.exe
  2⤵
  PID:11692
- C:\Windows\System\UHxTbkv.exe
  C:\Windows\System\UHxTbkv.exe
  2⤵
  PID:11796
- C:\Windows\System\PpRqtvm.exe
  C:\Windows\System\PpRqtvm.exe
  2⤵
  PID:11828
- C:\Windows\System\VnvSNlN.exe
  C:\Windows\System\VnvSNlN.exe
  2⤵
  PID:11908
- C:\Windows\System\vNiqtaA.exe
  C:\Windows\System\vNiqtaA.exe
  2⤵
  PID:11940
- C:\Windows\System\RVivtPZ.exe
  C:\Windows\System\RVivtPZ.exe
  2⤵
  PID:12024
- C:\Windows\System\szFQCJk.exe
  C:\Windows\System\szFQCJk.exe
  2⤵
  PID:12072
- C:\Windows\System\DtYtVzc.exe
  C:\Windows\System\DtYtVzc.exe
  2⤵
  PID:12132
- C:\Windows\System\flTVUZV.exe
  C:\Windows\System\flTVUZV.exe
  2⤵
  PID:12196
- C:\Windows\System\FOAihvM.exe
  C:\Windows\System\FOAihvM.exe
  2⤵
  PID:11336
- C:\Windows\System\xsjrpyH.exe
  C:\Windows\System\xsjrpyH.exe
  2⤵
  PID:11436
- C:\Windows\System\vIwoRMA.exe
  C:\Windows\System\vIwoRMA.exe
  2⤵
  PID:11564
- C:\Windows\System\bokAkeJ.exe
  C:\Windows\System\bokAkeJ.exe
  2⤵
  PID:11740
- C:\Windows\System\MKlAphP.exe
  C:\Windows\System\MKlAphP.exe
  2⤵
  PID:12004
- C:\Windows\System\XruGWnV.exe
  C:\Windows\System\XruGWnV.exe
  2⤵
  PID:12056
- C:\Windows\System\BgEgOCW.exe
  C:\Windows\System\BgEgOCW.exe
  2⤵
  PID:12280
- C:\Windows\System\fOTVtXw.exe
  C:\Windows\System\fOTVtXw.exe
  2⤵
  PID:11512
- C:\Windows\System\gDrhrWd.exe
  C:\Windows\System\gDrhrWd.exe
  2⤵
  PID:11792
- C:\Windows\System\cNNIsaY.exe
  C:\Windows\System\cNNIsaY.exe
  2⤵
  PID:11372
- C:\Windows\System\NbGUXAA.exe
  C:\Windows\System\NbGUXAA.exe
  2⤵
  PID:11948
- C:\Windows\System\zGhvCRA.exe
  C:\Windows\System\zGhvCRA.exe
  2⤵
  PID:12296
- C:\Windows\System\SOprgzu.exe
  C:\Windows\System\SOprgzu.exe
  2⤵
  PID:12328
- C:\Windows\System\GBTyPPc.exe
  C:\Windows\System\GBTyPPc.exe
  2⤵
  PID:12356
- C:\Windows\System\nInbrUZ.exe
  C:\Windows\System\nInbrUZ.exe
  2⤵
  PID:12384
- C:\Windows\System\nFKNBNA.exe
  C:\Windows\System\nFKNBNA.exe
  2⤵
  PID:12412
- C:\Windows\System\fcaokzK.exe
  C:\Windows\System\fcaokzK.exe
  2⤵
  PID:12432
- C:\Windows\System\eNbFdnP.exe
  C:\Windows\System\eNbFdnP.exe
  2⤵
  PID:12464
- C:\Windows\System\BHFKyHT.exe
  C:\Windows\System\BHFKyHT.exe
  2⤵
  PID:12500
- C:\Windows\System\wXtvrZB.exe
  C:\Windows\System\wXtvrZB.exe
  2⤵
  PID:12528
- C:\Windows\System\wYkgBSk.exe
  C:\Windows\System\wYkgBSk.exe
  2⤵
  PID:12556
- C:\Windows\System\yIoTXEr.exe
  C:\Windows\System\yIoTXEr.exe
  2⤵
  PID:12576
- C:\Windows\System\EPQiGKu.exe
  C:\Windows\System\EPQiGKu.exe
  2⤵
  PID:12612
- C:\Windows\System\BPajeID.exe
  C:\Windows\System\BPajeID.exe
  2⤵
  PID:12640
- C:\Windows\System\NqugEBW.exe
  C:\Windows\System\NqugEBW.exe
  2⤵
  PID:12680
- C:\Windows\System\KqDWojC.exe
  C:\Windows\System\KqDWojC.exe
  2⤵
  PID:12708
- C:\Windows\System\gNyIOXo.exe
  C:\Windows\System\gNyIOXo.exe
  2⤵
  PID:12736
- C:\Windows\System\PwcSUfW.exe
  C:\Windows\System\PwcSUfW.exe
  2⤵
  PID:12764
- C:\Windows\System\aXaZmcw.exe
  C:\Windows\System\aXaZmcw.exe
  2⤵
  PID:12780
- C:\Windows\System\pHdwWkp.exe
  C:\Windows\System\pHdwWkp.exe
  2⤵
  PID:12800
- C:\Windows\System\NEVvqsE.exe
  C:\Windows\System\NEVvqsE.exe
  2⤵
  PID:12836
- C:\Windows\System\ZMubzPI.exe
  C:\Windows\System\ZMubzPI.exe
  2⤵
  PID:12864
- C:\Windows\System\eQMNvuc.exe
  C:\Windows\System\eQMNvuc.exe
  2⤵
  PID:12892
- C:\Windows\System\UABfkVH.exe
  C:\Windows\System\UABfkVH.exe
  2⤵
  PID:12932
- C:\Windows\System\rbvjJpf.exe
  C:\Windows\System\rbvjJpf.exe
  2⤵
  PID:12948
- C:\Windows\System\unladTD.exe
  C:\Windows\System\unladTD.exe
  2⤵
  PID:12964
- C:\Windows\System\vXlwSXB.exe
  C:\Windows\System\vXlwSXB.exe
  2⤵
  PID:13004
- C:\Windows\System\Oiixpws.exe
  C:\Windows\System\Oiixpws.exe
  2⤵
  PID:13028
- C:\Windows\System\tcUqlpK.exe
  C:\Windows\System\tcUqlpK.exe
  2⤵
  PID:13060
- C:\Windows\System\ofRZmsR.exe
  C:\Windows\System\ofRZmsR.exe
  2⤵
  PID:13076
- C:\Windows\System\uZuJjUR.exe
  C:\Windows\System\uZuJjUR.exe
  2⤵
  PID:13096
- C:\Windows\System\gnzvgfS.exe
  C:\Windows\System\gnzvgfS.exe
  2⤵
  PID:13128
- C:\Windows\System\hXDbNrA.exe
  C:\Windows\System\hXDbNrA.exe
  2⤵
  PID:13152
- C:\Windows\System\feStsey.exe
  C:\Windows\System\feStsey.exe
  2⤵
  PID:13176
- C:\Windows\System\FHMXgzH.exe
  C:\Windows\System\FHMXgzH.exe
  2⤵
  PID:13204
- C:\Windows\System\hlDvZqX.exe
  C:\Windows\System\hlDvZqX.exe
  2⤵
  PID:13220
- C:\Windows\System\dWgawFP.exe
  C:\Windows\System\dWgawFP.exe
  2⤵
  PID:13236
- C:\Windows\System\DFdrHPQ.exe
  C:\Windows\System\DFdrHPQ.exe
  2⤵
  PID:13268
- C:\Windows\System\ubYSsCm.exe
  C:\Windows\System\ubYSsCm.exe
  2⤵
  PID:13300
- C:\Windows\System\QXtNYEC.exe
  C:\Windows\System\QXtNYEC.exe
  2⤵
  PID:11620
- C:\Windows\System\VSmkyaG.exe
  C:\Windows\System\VSmkyaG.exe
  2⤵
  PID:12352
- C:\Windows\System\NQcMDOX.exe
  C:\Windows\System\NQcMDOX.exe
  2⤵
  PID:12420
- C:\Windows\System\HlqezOu.exe
  C:\Windows\System\HlqezOu.exe
  2⤵
  PID:12472
- C:\Windows\System\sxIVaZr.exe
  C:\Windows\System\sxIVaZr.exe
  2⤵
  PID:12564
- C:\Windows\System\KnxETAF.exe
  C:\Windows\System\KnxETAF.exe
  2⤵
  PID:12632
- C:\Windows\System\RnwKWcX.exe
  C:\Windows\System\RnwKWcX.exe
  2⤵
  PID:12704
- C:\Windows\System\DHrRndP.exe
  C:\Windows\System\DHrRndP.exe
  2⤵
  PID:12788
- C:\Windows\System\SFEupoe.exe
  C:\Windows\System\SFEupoe.exe
  2⤵
  PID:12912
- C:\Windows\System\UCkfPWg.exe
  C:\Windows\System\UCkfPWg.exe
  2⤵
  PID:12940
- C:\Windows\System\HbJMDij.exe
  C:\Windows\System\HbJMDij.exe
  2⤵
  PID:13016
- C:\Windows\System\nEvpRyL.exe
  C:\Windows\System\nEvpRyL.exe
  2⤵
  PID:13092
- C:\Windows\System\yzwUFDS.exe
  C:\Windows\System\yzwUFDS.exe
  2⤵
  PID:13116
- C:\Windows\System\eRJXGkn.exe
  C:\Windows\System\eRJXGkn.exe
  2⤵
  PID:13216
- C:\Windows\System\wuNTVXz.exe
  C:\Windows\System\wuNTVXz.exe
  2⤵
  PID:13228
- C:\Windows\System\xBiFvPq.exe
  C:\Windows\System\xBiFvPq.exe
  2⤵
  PID:12608
- C:\Windows\System\idVyPTj.exe
  C:\Windows\System\idVyPTj.exe
  2⤵
  PID:12692
- C:\Windows\System\ncpvsVd.exe
  C:\Windows\System\ncpvsVd.exe
  2⤵
  PID:12600
- C:\Windows\System\ukfHEPu.exe
  C:\Windows\System\ukfHEPu.exe
  2⤵
  PID:12888
- C:\Windows\System\HkiJliQ.exe
  C:\Windows\System\HkiJliQ.exe
  2⤵
  PID:13068
- C:\Windows\System\SGSSbkK.exe
  C:\Windows\System\SGSSbkK.exe
  2⤵
  PID:12372
- C:\Windows\System\reurnhH.exe
  C:\Windows\System\reurnhH.exe
  2⤵
  PID:13184
- C:\Windows\System\kwpJypv.exe
  C:\Windows\System\kwpJypv.exe
  2⤵
  PID:12828
- C:\Windows\System\kByzigP.exe
  C:\Windows\System\kByzigP.exe
  2⤵
  PID:12452
- C:\Windows\System\rRDaIZv.exe
  C:\Windows\System\rRDaIZv.exe
  2⤵
  PID:13340
- C:\Windows\System\XwqNCZC.exe
  C:\Windows\System\XwqNCZC.exe
  2⤵
  PID:13368
- C:\Windows\System\hpFMptr.exe
  C:\Windows\System\hpFMptr.exe
  2⤵
  PID:13400
- C:\Windows\System\OVOLmpG.exe
  C:\Windows\System\OVOLmpG.exe
  2⤵
  PID:13432
- C:\Windows\System\uuoBisI.exe
  C:\Windows\System\uuoBisI.exe
  2⤵
  PID:13456
- C:\Windows\System\TepZnSR.exe
  C:\Windows\System\TepZnSR.exe
  2⤵
  PID:13492
- C:\Windows\System\WPmuFiz.exe
  C:\Windows\System\WPmuFiz.exe
  2⤵
  PID:13524
- C:\Windows\System\iydRCUK.exe
  C:\Windows\System\iydRCUK.exe
  2⤵
  PID:13552
- C:\Windows\System\dofaytm.exe
  C:\Windows\System\dofaytm.exe
  2⤵
  PID:13584
- C:\Windows\System\HksAgPC.exe
  C:\Windows\System\HksAgPC.exe
  2⤵
  PID:13612
- C:\Windows\System\dNGumun.exe
  C:\Windows\System\dNGumun.exe
  2⤵
  PID:13644
- C:\Windows\System\NnycVCn.exe
  C:\Windows\System\NnycVCn.exe
  2⤵
  PID:13672
- C:\Windows\System\vkUViXq.exe
  C:\Windows\System\vkUViXq.exe
  2⤵
  PID:13692
- C:\Windows\System\rHCdgQc.exe
  C:\Windows\System\rHCdgQc.exe
  2⤵
  PID:13720
- C:\Windows\System\SyyavyC.exe
  C:\Windows\System\SyyavyC.exe
  2⤵
  PID:13744
- C:\Windows\System\llUNEqI.exe
  C:\Windows\System\llUNEqI.exe
  2⤵
  PID:13772
- C:\Windows\System\HcGdDEj.exe
  C:\Windows\System\HcGdDEj.exe
  2⤵
  PID:13796
- C:\Windows\System\cVGrmTU.exe
  C:\Windows\System\cVGrmTU.exe
  2⤵
  PID:13828
- C:\Windows\System\EvuYago.exe
  C:\Windows\System\EvuYago.exe
  2⤵
  PID:13868
- C:\Windows\System\RYWdQmL.exe
  C:\Windows\System\RYWdQmL.exe
  2⤵
  PID:13900
- C:\Windows\System\eaiURiV.exe
  C:\Windows\System\eaiURiV.exe
  2⤵
  PID:13936
- C:\Windows\System\lGGkKVx.exe
  C:\Windows\System\lGGkKVx.exe
  2⤵
  PID:13972
- C:\Windows\System\RdBdcpb.exe
  C:\Windows\System\RdBdcpb.exe
  2⤵
  PID:14000
- C:\Windows\System\eYsiqER.exe
  C:\Windows\System\eYsiqER.exe
  2⤵
  PID:14032
- C:\Windows\System\fNhcCDL.exe
  C:\Windows\System\fNhcCDL.exe
  2⤵
  PID:14072
- C:\Windows\System\KDWTwGv.exe
  C:\Windows\System\KDWTwGv.exe
  2⤵
  PID:14088
- C:\Windows\System\zmFDQXB.exe
  C:\Windows\System\zmFDQXB.exe
  2⤵
  PID:14116
- C:\Windows\System\hgjxXwc.exe
  C:\Windows\System\hgjxXwc.exe
  2⤵
  PID:14136
- C:\Windows\System\xTVPEzi.exe
  C:\Windows\System\xTVPEzi.exe
  2⤵
  PID:14172
- C:\Windows\System\mzAiiBD.exe
  C:\Windows\System\mzAiiBD.exe
  2⤵
  PID:14200
- C:\Windows\System\eyqPBME.exe
  C:\Windows\System\eyqPBME.exe
  2⤵
  PID:14228
- C:\Windows\System\ZFhnlyo.exe
  C:\Windows\System\ZFhnlyo.exe
  2⤵
  PID:14260
- C:\Windows\System\NeFIjqX.exe
  C:\Windows\System\NeFIjqX.exe
  2⤵
  PID:14288
- C:\Windows\System\sFiSBby.exe
  C:\Windows\System\sFiSBby.exe
  2⤵
  PID:14312
- C:\Windows\System\JuQnQEh.exe
  C:\Windows\System\JuQnQEh.exe
  2⤵
  PID:12752
- C:\Windows\System\ygxBvPT.exe
  C:\Windows\System\ygxBvPT.exe
  2⤵
  PID:13020
- C:\Windows\System\gWRWYvx.exe
  C:\Windows\System\gWRWYvx.exe
  2⤵
  PID:13396
- C:\Windows\System\TjOLuGE.exe
  C:\Windows\System\TjOLuGE.exe
  2⤵
  PID:4652
- C:\Windows\System\VjKseNO.exe
  C:\Windows\System\VjKseNO.exe
  2⤵
  PID:4640
- C:\Windows\System\dGhgrFS.exe
  C:\Windows\System\dGhgrFS.exe
  2⤵
  PID:13508
- C:\Windows\System\LLTrWkU.exe
  C:\Windows\System\LLTrWkU.exe
  2⤵
  PID:13480
- C:\Windows\System\GOzbsnQ.exe
  C:\Windows\System\GOzbsnQ.exe
  2⤵
  PID:13656
- C:\Windows\System\oRRpsDH.exe
  C:\Windows\System\oRRpsDH.exe
  2⤵
  PID:13664
- C:\Windows\System\vnFrjvQ.exe
  C:\Windows\System\vnFrjvQ.exe
  2⤵
  PID:13764
- C:\Windows\System\SZkyDWZ.exe
  C:\Windows\System\SZkyDWZ.exe
  2⤵
  PID:13856
- C:\Windows\System\gItkOwz.exe
  C:\Windows\System\gItkOwz.exe
  2⤵
  PID:13932
- C:\Windows\System\LowLFQt.exe
  C:\Windows\System\LowLFQt.exe
  2⤵
  PID:13884

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BowIXfM.exe

Filesize
2.4MB

MD5
010bd5cdde918efde97ffe251775de00

SHA1
3196f0dbec4bbfbaaf7df6acd921864f3995b8b5

SHA256
fc252581363c2dc4946ac62b6f49db58f75f1ca8f2d4eaaae310ebed2201e98a

SHA512
80e6d3e3dc80912d0ac84887204d818a693b1d9119b7d751b600f8fc47efaac208f5cc3b1e854deb930418b37e57d12077f8eeb64a8db6a9fdfd5e7ad8e7949c

Download Submit
C:\Windows\System\EFqzdqb.exe

Filesize
2.4MB

MD5
a1eb2b9da7f558fbb2ad3d3d7c3779f1

SHA1
642acdff0c3e6fb4bdfb2270c651045930903107

SHA256
f1dd142b65f5bb003dd2c9b2a5f022e34e3f22b56cd5de99eb3526db3dd670da

SHA512
fc7699ececdd9ab5b440cd16957733ca6327effe2a25ff39f5e308ac4b315b4225c8ac266710ded7f2e90dd6cc004de5395485db9306f0086d299ebf501eb3a8

Download Submit
C:\Windows\System\KZYStug.exe

Filesize
2.4MB

MD5
54be7064a3397b65e1b61dddc75b91e5

SHA1
229cf53ef0c8fcb501e52c7d2ad95fd1c29bcad5

SHA256
d14f78ff7e59381a343b35742e5cd5acc448b7d5c95ca741619a5d6913b9943c

SHA512
12a45a18f4fc40c1dafe8971db2f7f9957a47cc51e5d224e01f5627c7d93bfc0eb5cadb3eb2f2c5aa227b18aeca453e39eab23ce42e7dae2539d077b1aa0ec9e

Download Submit
C:\Windows\System\KvzMLiR.exe

Filesize
2.4MB

MD5
e976a8359f5fa925b332c76fb7efda5c

SHA1
da3bb6661b679a5e603ccd319b76423af008ce1e

SHA256
b92ab78f94f119a3a1846df2ec48ed957fa372a06a56ec6ee79d300ba8bb5c13

SHA512
6b472493ad4e6d96096a83983a335bcaeeac876094bbfe693cfa853686f1e6be5354c77b87adc7138be1e8f257f47e332a94aa328692091662354fe593f593ae

Download Submit
C:\Windows\System\MaMNLvE.exe

Filesize
2.4MB

MD5
0a0225dfcfc3180379775c7e52c22099

SHA1
84891b992c2650898aef976b73929a6adec776ec

SHA256
f03f2849c4b8a6b1db469e7e3578cfa9aec78ec7ef333df5ce4190553d899423

SHA512
497ebc45f4b1807e40de981144ec8481ac67671c9cfb2989f657fdecb3c4c669356b6b9049038c2bcbca0323fca78a3a33f70b156f06cfb4f6f9a8475037b326

Download Submit
C:\Windows\System\ModhrQe.exe

Filesize
2.4MB

MD5
cb8d5bdcfc89d628cad60b6e1e58271c

SHA1
7460e91d7aff7a1fcaf32b07840781cfa99061b6

SHA256
335f95b859539a989fcddbfb830830f2812f4ba48c6a9011787cb65dc6d9e809

SHA512
a0133127254e08f2808fc374644f4e4194d0b8a94533d4ecaf96a07db36ed60b45066f43cbd9477a6096b5b69c6a17c5127081753889f851d0b9e34a68ba5fc0

Download Submit
C:\Windows\System\OflLtYu.exe

Filesize
2.4MB

MD5
c9751ca98105d4f6e0c561b02f0e752b

SHA1
c1d357ec318c28136907823d9234d4f02a2af4b1

SHA256
84a838b213e9fd7a5f15a830c19aecc22e6a3dac2f7c258ab0dbb054676e4390

SHA512
11b132fab13131dc2c04067669cbc13f797a4fc23125618dcb5d0be5112c3760e05e7e384eaef275dfd016dbc4e4717b22c42243b9546d110e90e4f879d09118

Download Submit
C:\Windows\System\RScunkg.exe

Filesize
2.4MB

MD5
a07d77feebf748c85a75c1a793c1cc8f

SHA1
0930c0123209b44302b095548b0e93440f341c51

SHA256
6dd15de6e8c1591866d1839bac161dc895ef0d331547a98918f6ec6741da5fd6

SHA512
877bcca85f80b836b195811feb6350b92e912c185c0d27aa0939d004b3fb335ab4b22d88d840008b7a82c5159e5a321198c067c3e33efb02fedb46c2aca90268

Download Submit
C:\Windows\System\SsQkFon.exe

Filesize
2.4MB

MD5
328e2d82b0a977c36996b516948378ba

SHA1
f795aa1fe1611bebfee6421a4637ab3484026750

SHA256
08da0f4905e2237f386d3f4856dbe0834881cd5be16e7f76451bd365d1a62083

SHA512
a7d0ea360c4fa5cbfd7f81ca21f7dc02a3f6e71d978aa53c918cbd1c1881055c6f60d6bf2e9b5fc0f8efc8ae1fccc9b8401f1111e30b56cd08181a1c305c92b9

Download Submit
C:\Windows\System\Tzjvhqy.exe

Filesize
2.4MB

MD5
5388289343657529c51bacf448418e71

SHA1
050f38b61d57da92a3913901664c44b3844a9694

SHA256
ac5849a80920aa48448221e676527cfdf5a4865c35a35f19ad1412a5988a8fe8

SHA512
adda8cfe21e6e4f6838687800b4e01216ac8efe922abb5f26930e212a81eb23df777f44ab67b267564afb63759cba316f285dd44de9b756f8caba631dc439610

Download Submit
C:\Windows\System\VVXioKL.exe

Filesize
2.4MB

MD5
9c43a6940fae476150f9cf1678a29c6d

SHA1
08e12dcd846ec993cec046cfd612d9c5a90a4ef8

SHA256
27981a556a4b2f0015b0c40b3855333fd2af7cb065d2edae1b9b587fb7dd0597

SHA512
ad37d466f563fc6b6348cea5616f30dbfd2916f61c2fb2b0710497b40972a5aae5106683ae49aeeb0094ffa8d328896c2a7d966c0453711726428c7a41a0d3fb

Download Submit
C:\Windows\System\WTcGRwH.exe

Filesize
2.4MB

MD5
fd1478ae0bc8633377eadf42c4cbb3ad

SHA1
636b5deb0bf39a03b530fdf72d65b59a964865df

SHA256
2b79895f0e0571e496f01b78da9ae496786c92f98dc13c053f80e9dc48bd12d5

SHA512
57ed155b4e014180468625434326a09d70e1ea43f0ff870c985382a9d26528371c58e58640ec22ceb361afcb7f373f61bc6004c9daf23e4d401e62ccb2341f80

Download Submit
C:\Windows\System\YecLZXv.exe

Filesize
2.4MB

MD5
1e156458c0b323184886ab72e82fbbb2

SHA1
010cd299bcc6481cc548cca4fcc446f2195a17ae

SHA256
85403e8a25a450e449ea02d87872b1d68a16a5841e6631d8602aa77811bf698a

SHA512
eedd6264118266ae63f7e4b8d03289c1db9fa2190622cc3acf0b1bc5f9bc2de77ad7c4f57d51f8440da21e093818e0585a0f2e9c5a0a3119a34f965e315ba49c

Download Submit
C:\Windows\System\ZPFzrix.exe

Filesize
2.4MB

MD5
a2c58c1a45a3afcf416cecbe800a58bc

SHA1
513f74e021e928860d03944e7f0384c5e681f6d2

SHA256
acd7f2419e5adebb253eb6920f75cfbbeded15f1d4cb8389856309340a2158e1

SHA512
99abe3a4d234c158312039c05623cd1eb7df00ad3511b2f510334a9d82b1c17ca8ce8b5b0061f7a3b99a3f2f38db9a834b99cdc94ebdb51f86efa222e6f681cc

Download Submit
C:\Windows\System\aJZJnAR.exe

Filesize
2.4MB

MD5
32c2e23fc45b04c5fb1a6ee07a6ce178

SHA1
93fcf40039fad038feb0dbce7efbc34ddb7c3ce1

SHA256
da46e91d2fa4b2d2d04e2a36df50c9654aeb8e5f3b09a0a348316c41b1514fd0

SHA512
42b0f80cf572e61ecc3e9539a3dd25920c28f4c6892a04f6e1e31ecf2d10b57c0a1e3a2b2cf384ece72abef8c7105ddcfd3f276fc5fc097d531e0c24d8fef62d

Download Submit
C:\Windows\System\dkvaaXh.exe

Filesize
2.4MB

MD5
4cbffd3c1f650b493643efa2e89e7f43

SHA1
f55174ad11c5e904d31d25539ef40fdc7b199f4a

SHA256
ac14b3727a560ab40c67f969a56c30eb73310629063f7e95ba47a543b6463735

SHA512
eb75ca343512cac47fe637cd7bd62cc9c319a234cf1d0778e7d76de792cb5dc4243522b7fd6195e82991251dbcf6702c11f8ceb019fb060eee0dd736f5bf3399

Download Submit
C:\Windows\System\drlEiiz.exe

Filesize
2.4MB

MD5
d6caa074226236cbb441ae879f3ef237

SHA1
3bfada2b0755ee21231093e539254191490e5a81

SHA256
d93d9676d4879b1b281c849757f6fccdadfc6ff6cc3dfd6de25211f0a605d38f

SHA512
877bc5ef4ea6673d90d9d4e8324ffbe01d2401eb64e644f0a2964736b4c74a2b91e5d3fbe589c07fc3efb3b60b350f9f2631d70d98f529645fc6b9782be6bcfb

Download Submit
C:\Windows\System\fWqjogL.exe

Filesize
2.4MB

MD5
33210213ca2422c80083dac439d07a95

SHA1
4c600a2e9988b7ac55ef6f4327ce63800a11c52e

SHA256
b4c7e1b4299e3d64597536db7c61744791de114a4539d90f0a2423df694087d7

SHA512
b916c40238d7c18836c7fb92257c1bf1a1b81dd785318856182ab170402750a48b2bce8a47c5d01fc903907ec8d84f81079cbb6553095a146dbb94e6047c82ed

Download Submit
C:\Windows\System\hOHxHnB.exe

Filesize
2.4MB

MD5
a05f8d63dfaa0d70641e0801805c0993

SHA1
4d9cf8b78cf3a7377870a2e3b3a76b902e717256

SHA256
c1c4a70b9651fc633efc86b39daa93b5275c3c7990ff36890c82f23bd3ca9681

SHA512
07563a2f6b3d75418e100dd50dfb15ddbf1612ac5da1bde6235eb8d44764553a3fb39b573b17c6a90cb156b32081b5633492c4aff472317b6e04d221b9f76a52

Download Submit
C:\Windows\System\iOhcpau.exe

Filesize
2.4MB

MD5
acc9c416149f0b91bd8060235cbdbda9

SHA1
c38d8bb89ea3d2fd462429e750b680aa7d554860

SHA256
072b1f667e33d40e6eb493190468cf46649d59976036a89c11e38ae271cb500f

SHA512
2bceea70720512156472ab0bad5e117172b5c1f1dbcf94cf01cf6a020c14ca19cef0d3f81abfe661efc8aa359e4faaa0676fa1fd437054888bea20c876f92f2d

Download Submit
C:\Windows\System\jAUZQNz.exe

Filesize
2.4MB

MD5
448b36adecc5bf2fa6d214dc4b893901

SHA1
5711e3d68715ff8bf0346a2994be83b43b16257f

SHA256
87b7c0a87138e020007b9ae2f10e2219bc0ad37dada7a3c44e3bce98f27dbd6e

SHA512
a9c70028b5a773b80b97a7a7c027cf23b8b8607fd6b3f59fdc929a0e418c33560052cde75c784169937b956dcfe8ac1b408c426a2e4f89735e3db9d3561c8656

Download Submit
C:\Windows\System\kGEQdcz.exe

Filesize
2.4MB

MD5
bb45d3fa29eacc1285af47f5bdf24599

SHA1
334491c12ff199b1ee3417b6d2e7706d2ae00c8f

SHA256
f9bd62e101ffd6207e35358098e380171bbad079d8fe8acd7c7d6aa8103d29d2

SHA512
8a6adb78abc56305397218bfcb26a8bb001fc0e8891a0722c53360c3515080eb53185a3b1b95356217db3cb94d88e98731a5b19780010ed480f676bf9b0819d5

Download Submit
C:\Windows\System\kNusduE.exe

Filesize
2.4MB

MD5
c33dbbf2bf4c99edd4f28153440134cb

SHA1
f12655cc5314051bd154f89f62b449919be80657

SHA256
e900d2d0fceb34aaea65475e527889598f2868d7a5a58ad21d5d723ae6cf3163

SHA512
812ba4c0e8af5df2383dd84f4d0dd6b40342b89276a59c84afd07c32d2f553f65daf1e6bfdc9dac6bc26b322faf649d93bc4a219adda2359ffcfbb84ac184c55

Download Submit
C:\Windows\System\kmrHuur.exe

Filesize
2.4MB

MD5
105a25716788a91234250e7e9a4b07ef

SHA1
53bce01f9b8313b48c58e8d0fe6a66a9ebbe4396

SHA256
5199bb5951f63e14d78a856938b69b4d7ddf74f9af4e2dd5567ea88032168222

SHA512
862bac2125b140e5dfad6cff754346fb6952c9590d03b1bd90c0868b50c49f995a31c45a7e835c19b6befdac150d16e96d7187a3818cad6dd20d7c14dcf41a90

Download Submit
C:\Windows\System\lrOoDSJ.exe

Filesize
2.4MB

MD5
d04ae37e9d47abfa0631c1f3940c7f8d

SHA1
3f2ae1f9611cfa298d160ae20b1b8d698a78a198

SHA256
fd2c4a57c73b3643e0e081d4e5674e3860b32733dec283504649f91c91eda745

SHA512
c0d74e6c9f2e68da64d2d3bc95896c6b5676572c95dce71a22400c4df7e1eb79a045636721e4c34f37f0a6b29622a9eff1cbb173977c4e5689f9f8a942c9ced0

Download Submit
C:\Windows\System\nXvcmGd.exe

Filesize
2.4MB

MD5
4d54ea56526ec71f75864010c0dc1f5a

SHA1
57b13008d0974f7b68633b12366f2a0def393ada

SHA256
2091ba7de3e79212cb08de27217b5689098f701b4c777b414f7c9e63b08a04c4

SHA512
3bb6dbb2e7a5bef25a2fe22f97dc686dcb77d528e31fd5e28f38524c10cf8f791f7d47a4ffc13a6776969613d953ec59f7ec55c8865bec00fcd5ddf5149d363f

Download Submit
C:\Windows\System\tAcwbQS.exe

Filesize
2.4MB

MD5
d23ec78927b41d3fd0768e069689bdad

SHA1
e3b482144f727b46f68a86440b104400a6f62d3c

SHA256
c6ea6dc76d13db1d344444d368e57bf447f423a8130805b171a12846d92affbc

SHA512
8012b80bdec2e875799262714d49ba7744229c8b4c2985ab31f0e820d1fa7e650213916307af36f851c85faa73ef5962b4f77006dfe9d53083a2b97d2f2a2506

Download Submit
C:\Windows\System\uBAqrJm.exe

Filesize
2.4MB

MD5
6e1a6f4eb2cbe696322fdeed72666bce

SHA1
5938570fb227698c1b420c4852c2b6bd31f9a066

SHA256
225b30f88e090149308d1c833ebaf7984e18ccc0dc34c8927c08caa89b84a4cc

SHA512
200a66349bed984e83c5222b348ce8496b42c092f256d78a106fc212b0122ff2b1ea66ba0266dc8bba039467e8b9e5c6658cfd1938ab8a95719e3035c982571a

Download Submit
C:\Windows\System\udoQLNH.exe

Filesize
2.4MB

MD5
7d5be292099f2ea0b990614331ca7da6

SHA1
8e3da61c2798c4dbe7b536054d3deb7f48f1ab4e

SHA256
d228ea6d37ba026b761088f75785a2394cfa90dd4ce029860e1debb23a0367ae

SHA512
468c61797fe3e3ea0a2df9942a65e0d7603f1888aed421bd565c43b0b1a5a34f4aa34c1a2823a2b7cd3805d639d66487a460cebf61583527a5a8601893ae37ac

Download Submit
C:\Windows\System\vgrxoWd.exe

Filesize
2.4MB

MD5
ed3f40c7a1b471f895241c2761cbc8d7

SHA1
bf1fc0b47ddfb6384b8ec013d4651d3c9c2fe6c4

SHA256
286d1731ec166633741cf2d06fed63cfccf5f99d0d9e903d8b906beeaabbd190

SHA512
b08ee9f5a0c0e48da96645487e98f4387ef990b33f98a8c51d40a920ae09adb23ec7b072b87e4f212d1eea75830471caf20c302c961befa22ca1f87842e2065d

Download Submit
C:\Windows\System\vqYBBBP.exe

Filesize
2.4MB

MD5
ca9053e1c03fd255554276e9d6da6fc8

SHA1
1e8b95c9c32587d22ca245f400616832b955068a

SHA256
7e76b7ada6abe4a1b2c7585252b1460ab20426622f0654ca3d52b4787614eb93

SHA512
cbc9ef3f9074474bd726c7cad11dca8163ed139663b74626d564d591f0fc14453fc0fde1751b8ccf73f7a8200494c513728194d70eb1c0e47a8fd7ac62950a7b

Download Submit
C:\Windows\System\vzDlfnN.exe

Filesize
2.4MB

MD5
0b36b3869e650410590be17b2f9313bf

SHA1
7e86288212a5e8fbebbab48cf6b6925bd9a32f91

SHA256
f7b1a5cd4a3ee8e1cae9ad50223df5371eac2e62076dbb798607212ce0776290

SHA512
64035b1794dbe6bbea553f34797c6358d84b9931a2f67e325eda9409178b1d2ece92aba82288f264089219759ab8dca73950c2c68a34eaeb3a5fdc7f67049ded

Download Submit
C:\Windows\System\yPhShsg.exe

Filesize
2.4MB

MD5
3ba784b77f6e6c6538e7f6c417b5f9aa

SHA1
b36ae63b78bf7625a7b7f77b773569636eb1d8e5

SHA256
59f167622f9ee1c95cec97c8a2949526460023dc988de9a720b2744334c40769

SHA512
319e24494c4759970b4deda315e5f8fb708be28f2e8fe04c5a8e4c7d39aff42ba877da3f4ebf64d810ac9e07ea2c68f46e749f7689bf1154af9c67335fbe7c96

Download Submit
memory/1112-2166-0x00007FF774F60000-0x00007FF7752B4000-memory.dmp

Filesize
3.3MB

Download
memory/1112-81-0x00007FF774F60000-0x00007FF7752B4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2161-0x00007FF743E50000-0x00007FF7441A4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-50-0x00007FF743E50000-0x00007FF7441A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-170-0x00007FF7A9550000-0x00007FF7A98A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-2172-0x00007FF7A9550000-0x00007FF7A98A4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-2158-0x00007FF64A330000-0x00007FF64A684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-2173-0x00007FF64A330000-0x00007FF64A684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-61-0x00007FF64A330000-0x00007FF64A684000-memory.dmp

Filesize
3.3MB

Download
memory/1824-13-0x00007FF73E290000-0x00007FF73E5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-2159-0x00007FF73E290000-0x00007FF73E5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-169-0x00007FF641900000-0x00007FF641C54000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2170-0x00007FF641900000-0x00007FF641C54000-memory.dmp

Filesize
3.3MB

Download
memory/2148-2181-0x00007FF75CD70000-0x00007FF75D0C4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-174-0x00007FF75CD70000-0x00007FF75D0C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-179-0x00007FF751410000-0x00007FF751764000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2160-0x00007FF751410000-0x00007FF751764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-182-0x00007FF77AE60000-0x00007FF77B1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2179-0x00007FF77AE60000-0x00007FF77B1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-153-0x00007FF797BB0000-0x00007FF797F04000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2174-0x00007FF797BB0000-0x00007FF797F04000-memory.dmp

Filesize
3.3MB

Download
memory/2672-186-0x00007FF710F50000-0x00007FF7112A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2182-0x00007FF710F50000-0x00007FF7112A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2171-0x00007FF795200000-0x00007FF795554000-memory.dmp

Filesize
3.3MB

Download
memory/2764-167-0x00007FF795200000-0x00007FF795554000-memory.dmp

Filesize
3.3MB

Download
memory/2912-172-0x00007FF6F6740000-0x00007FF6F6A94000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2168-0x00007FF6F6740000-0x00007FF6F6A94000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2163-0x00007FF61B740000-0x00007FF61BA94000-memory.dmp

Filesize
3.3MB

Download
memory/3056-149-0x00007FF61B740000-0x00007FF61BA94000-memory.dmp

Filesize
3.3MB

Download
memory/3128-168-0x00007FF7712A0000-0x00007FF7715F4000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2178-0x00007FF7712A0000-0x00007FF7715F4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2162-0x00007FF794D20000-0x00007FF795074000-memory.dmp

Filesize
3.3MB

Download
memory/3432-99-0x00007FF794D20000-0x00007FF795074000-memory.dmp

Filesize
3.3MB

Download
memory/3480-177-0x00007FF745AB0000-0x00007FF745E04000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2185-0x00007FF745AB0000-0x00007FF745E04000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2164-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-31-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2186-0x00007FF765220000-0x00007FF765574000-memory.dmp

Filesize
3.3MB

Download
memory/4092-178-0x00007FF765220000-0x00007FF765574000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2165-0x00007FF69E5F0000-0x00007FF69E944000-memory.dmp

Filesize
3.3MB

Download
memory/4220-180-0x00007FF69E5F0000-0x00007FF69E944000-memory.dmp

Filesize
3.3MB

Download
memory/4412-175-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp

Filesize
3.3MB

Download
memory/4412-2184-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2177-0x00007FF69DF80000-0x00007FF69E2D4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-164-0x00007FF69DF80000-0x00007FF69E2D4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-185-0x00007FF6AA660000-0x00007FF6AA9B4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2169-0x00007FF6AA660000-0x00007FF6AA9B4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-1-0x000001A51F500000-0x000001A51F510000-memory.dmp

Filesize
64KB

Download
memory/4616-0-0x00007FF60E580000-0x00007FF60E8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2157-0x00007FF60E580000-0x00007FF60E8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4660-2180-0x00007FF618E80000-0x00007FF6191D4000-memory.dmp

Filesize
3.3MB

Download
memory/4660-181-0x00007FF618E80000-0x00007FF6191D4000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2167-0x00007FF7D46D0000-0x00007FF7D4A24000-memory.dmp

Filesize
3.3MB

Download
memory/4680-171-0x00007FF7D46D0000-0x00007FF7D4A24000-memory.dmp

Filesize
3.3MB

Download
memory/4704-184-0x00007FF6FF9F0000-0x00007FF6FFD44000-memory.dmp

Filesize
3.3MB

Download
memory/4704-2175-0x00007FF6FF9F0000-0x00007FF6FFD44000-memory.dmp

Filesize
3.3MB

Download
memory/4768-173-0x00007FF686C10000-0x00007FF686F64000-memory.dmp

Filesize
3.3MB

Download
memory/4768-2183-0x00007FF686C10000-0x00007FF686F64000-memory.dmp

Filesize
3.3MB

Download
memory/4832-176-0x00007FF69CC60000-0x00007FF69CFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2187-0x00007FF69CC60000-0x00007FF69CFB4000-memory.dmp

Filesize
3.3MB

Download
memory/5040-183-0x00007FF7E4DE0000-0x00007FF7E5134000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2176-0x00007FF7E4DE0000-0x00007FF7E5134000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads