xmrig | 5eb5f9666a7c92d730075726e57ce4db19042efc651c0340c466f5e56099154d

Analysis

max time kernel
122s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
Size

2.6MB
MD5

0cdfb62e6086c5072e05ef53b76dc000
SHA1

0e0815607402fe96dc270675ef6639bec15f56f2
SHA256

5eb5f9666a7c92d730075726e57ce4db19042efc651c0340c466f5e56099154d
SHA512

816b03d6ca4eea6e7ac452af6e958ee593fedcc4fee5c19152b6850e13cd1016300d41450772ad7fe91251dd72a816d3cdcfea2a6b74807f71cae6f8cef9289e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPFo4Bq+p:BemTLkNdfE0pZrV56utgpPFos

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3688-0-0x00007FF77B8B0000-0x00007FF77BC04000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-7.dat	xmrig
behavioral2/files/0x0008000000022f51-13.dat	xmrig
behavioral2/files/0x000800000002340c-10.dat	xmrig
behavioral2/memory/2436-11-0x00007FF74E7A0000-0x00007FF74EAF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-36.dat	xmrig
behavioral2/files/0x0007000000023411-55.dat	xmrig
behavioral2/files/0x0007000000023416-71.dat	xmrig
behavioral2/files/0x000700000002341d-100.dat	xmrig
behavioral2/files/0x0007000000023423-111.dat	xmrig
behavioral2/files/0x0007000000023424-130.dat	xmrig
behavioral2/files/0x0007000000023428-162.dat	xmrig
behavioral2/memory/1964-176-0x00007FF794750000-0x00007FF794AA4000-memory.dmp	xmrig
behavioral2/memory/5100-183-0x00007FF66C260000-0x00007FF66C5B4000-memory.dmp	xmrig
behavioral2/memory/1184-189-0x00007FF6692C0000-0x00007FF669614000-memory.dmp	xmrig
behavioral2/memory/2352-191-0x00007FF6CCA60000-0x00007FF6CCDB4000-memory.dmp	xmrig
behavioral2/memory/4540-190-0x00007FF69FF90000-0x00007FF6A02E4000-memory.dmp	xmrig
behavioral2/memory/3428-188-0x00007FF6E92D0000-0x00007FF6E9624000-memory.dmp	xmrig
behavioral2/memory/4744-187-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp	xmrig
behavioral2/memory/2344-186-0x00007FF735B60000-0x00007FF735EB4000-memory.dmp	xmrig
behavioral2/memory/320-185-0x00007FF65CDB0000-0x00007FF65D104000-memory.dmp	xmrig
behavioral2/memory/2592-184-0x00007FF6ED200000-0x00007FF6ED554000-memory.dmp	xmrig
behavioral2/memory/1740-182-0x00007FF7FB060000-0x00007FF7FB3B4000-memory.dmp	xmrig
behavioral2/memory/400-181-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp	xmrig
behavioral2/memory/3400-180-0x00007FF609A30000-0x00007FF609D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-178.dat	xmrig
behavioral2/memory/4948-177-0x00007FF776130000-0x00007FF776484000-memory.dmp	xmrig
behavioral2/memory/3468-173-0x00007FF612AE0000-0x00007FF612E34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-171.dat	xmrig
behavioral2/files/0x000800000002340a-169.dat	xmrig
behavioral2/files/0x0007000000023426-167.dat	xmrig
behavioral2/files/0x0007000000023425-164.dat	xmrig
behavioral2/memory/3580-163-0x00007FF609EC0000-0x00007FF60A214000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-158.dat	xmrig
behavioral2/files/0x0007000000023422-156.dat	xmrig
behavioral2/files/0x0007000000023421-154.dat	xmrig
behavioral2/files/0x0007000000023420-152.dat	xmrig
behavioral2/files/0x000700000002341f-150.dat	xmrig
behavioral2/memory/2020-149-0x00007FF6B5270000-0x00007FF6B55C4000-memory.dmp	xmrig
behavioral2/memory/4216-148-0x00007FF793270000-0x00007FF7935C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-145.dat	xmrig
behavioral2/files/0x0007000000023418-141.dat	xmrig
behavioral2/files/0x000700000002341c-134.dat	xmrig
behavioral2/files/0x000700000002341b-132.dat	xmrig
behavioral2/files/0x000700000002341a-128.dat	xmrig
behavioral2/memory/3596-124-0x00007FF6D5BC0000-0x00007FF6D5F14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-117.dat	xmrig
behavioral2/memory/3680-109-0x00007FF6A1CD0000-0x00007FF6A2024000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-95.dat	xmrig
behavioral2/memory/3032-91-0x00007FF74F040000-0x00007FF74F394000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-88.dat	xmrig
behavioral2/memory/2152-62-0x00007FF714A40000-0x00007FF714D94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-60.dat	xmrig
behavioral2/memory/4620-51-0x00007FF71F1B0000-0x00007FF71F504000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-64.dat	xmrig
behavioral2/files/0x000700000002340e-43.dat	xmrig
behavioral2/memory/816-40-0x00007FF642950000-0x00007FF642CA4000-memory.dmp	xmrig
behavioral2/memory/3076-33-0x00007FF7B8D10000-0x00007FF7B9064000-memory.dmp	xmrig
behavioral2/memory/636-27-0x00007FF649090000-0x00007FF6493E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-28.dat	xmrig
behavioral2/memory/2548-25-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp	xmrig
behavioral2/memory/4424-21-0x00007FF7F60C0000-0x00007FF7F6414000-memory.dmp	xmrig
behavioral2/memory/2548-2127-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp	xmrig
behavioral2/memory/636-2128-0x00007FF649090000-0x00007FF6493E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2436	GACGZRu.exe
4424	Afuizwa.exe
3076	NxeMxFw.exe
2548	lvGzNLV.exe
636	DpklneR.exe
816	oKDHebO.exe
320	NyfKRGB.exe
4620	KBTlZlj.exe
2344	PXlHVeI.exe
2152	KLRwabv.exe
4744	efMIDcs.exe
3032	rigtfSE.exe
3680	dsmqqzd.exe
3428	AfWJcbV.exe
3596	ERJsktT.exe
4216	xnGXOwW.exe
2020	pVEIBOO.exe
3580	bNOlQmd.exe
3468	fEEAkgb.exe
1964	svLVIHT.exe
4948	DGmwtgn.exe
3400	MYuZaQg.exe
400	RrIipUs.exe
1740	FZjXOfq.exe
1184	PIjAcMF.exe
4540	XxusmBC.exe
2352	vHjcHBM.exe
5100	ovzKWuz.exe
2592	GwGpSyo.exe
4376	OfxWqQA.exe
4952	EzFEHrr.exe
3868	jRIvDHM.exe
2272	RTuFtAc.exe
1208	JCecPeC.exe
3516	MDGCPFr.exe
1088	eRjkFKk.exe
3572	mHDOCSM.exe
812	HBfUWLj.exe
3672	ImztAYk.exe
2176	csXWdty.exe
4700	efOIPNe.exe
4912	gzCmVVh.exe
2244	imcnHeF.exe
3736	vJPJkWw.exe
4844	HwcNqdp.exe
4776	hPmultC.exe
4224	anCyGcs.exe
2496	kMAEmXw.exe
2864	ZoHuarB.exe
1792	MqGTqGq.exe
820	YQSAFHW.exe
1684	rHYFLYH.exe
4320	wGhAHrR.exe
3912	XIQUMYc.exe
3320	lBNaNtp.exe
4188	VCxktwX.exe
528	qYoVDMW.exe
1048	zmlobTa.exe
3220	saDldlE.exe
4180	sSOCQau.exe
892	bjZlSJU.exe
4572	LncYPJF.exe
2384	yRmeVpN.exe
944	FLuUckr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3688-0-0x00007FF77B8B0000-0x00007FF77BC04000-memory.dmp	upx
behavioral2/files/0x000700000002340d-7.dat	upx
behavioral2/files/0x0008000000022f51-13.dat	upx
behavioral2/files/0x000800000002340c-10.dat	upx
behavioral2/memory/2436-11-0x00007FF74E7A0000-0x00007FF74EAF4000-memory.dmp	upx
behavioral2/files/0x0007000000023410-36.dat	upx
behavioral2/files/0x0007000000023411-55.dat	upx
behavioral2/files/0x0007000000023416-71.dat	upx
behavioral2/files/0x000700000002341d-100.dat	upx
behavioral2/files/0x0007000000023423-111.dat	upx
behavioral2/files/0x0007000000023424-130.dat	upx
behavioral2/files/0x0007000000023428-162.dat	upx
behavioral2/memory/1964-176-0x00007FF794750000-0x00007FF794AA4000-memory.dmp	upx
behavioral2/memory/5100-183-0x00007FF66C260000-0x00007FF66C5B4000-memory.dmp	upx
behavioral2/memory/1184-189-0x00007FF6692C0000-0x00007FF669614000-memory.dmp	upx
behavioral2/memory/2352-191-0x00007FF6CCA60000-0x00007FF6CCDB4000-memory.dmp	upx
behavioral2/memory/4540-190-0x00007FF69FF90000-0x00007FF6A02E4000-memory.dmp	upx
behavioral2/memory/3428-188-0x00007FF6E92D0000-0x00007FF6E9624000-memory.dmp	upx
behavioral2/memory/4744-187-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp	upx
behavioral2/memory/2344-186-0x00007FF735B60000-0x00007FF735EB4000-memory.dmp	upx
behavioral2/memory/320-185-0x00007FF65CDB0000-0x00007FF65D104000-memory.dmp	upx
behavioral2/memory/2592-184-0x00007FF6ED200000-0x00007FF6ED554000-memory.dmp	upx
behavioral2/memory/1740-182-0x00007FF7FB060000-0x00007FF7FB3B4000-memory.dmp	upx
behavioral2/memory/400-181-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp	upx
behavioral2/memory/3400-180-0x00007FF609A30000-0x00007FF609D84000-memory.dmp	upx
behavioral2/files/0x0007000000023429-178.dat	upx
behavioral2/memory/4948-177-0x00007FF776130000-0x00007FF776484000-memory.dmp	upx
behavioral2/memory/3468-173-0x00007FF612AE0000-0x00007FF612E34000-memory.dmp	upx
behavioral2/files/0x0007000000023427-171.dat	upx
behavioral2/files/0x000800000002340a-169.dat	upx
behavioral2/files/0x0007000000023426-167.dat	upx
behavioral2/files/0x0007000000023425-164.dat	upx
behavioral2/memory/3580-163-0x00007FF609EC0000-0x00007FF60A214000-memory.dmp	upx
behavioral2/files/0x0007000000023419-158.dat	upx
behavioral2/files/0x0007000000023422-156.dat	upx
behavioral2/files/0x0007000000023421-154.dat	upx
behavioral2/files/0x0007000000023420-152.dat	upx
behavioral2/files/0x000700000002341f-150.dat	upx
behavioral2/memory/2020-149-0x00007FF6B5270000-0x00007FF6B55C4000-memory.dmp	upx
behavioral2/memory/4216-148-0x00007FF793270000-0x00007FF7935C4000-memory.dmp	upx
behavioral2/files/0x000700000002341e-145.dat	upx
behavioral2/files/0x0007000000023418-141.dat	upx
behavioral2/files/0x000700000002341c-134.dat	upx
behavioral2/files/0x000700000002341b-132.dat	upx
behavioral2/files/0x000700000002341a-128.dat	upx
behavioral2/memory/3596-124-0x00007FF6D5BC0000-0x00007FF6D5F14000-memory.dmp	upx
behavioral2/files/0x0007000000023417-117.dat	upx
behavioral2/memory/3680-109-0x00007FF6A1CD0000-0x00007FF6A2024000-memory.dmp	upx
behavioral2/files/0x0007000000023415-95.dat	upx
behavioral2/memory/3032-91-0x00007FF74F040000-0x00007FF74F394000-memory.dmp	upx
behavioral2/files/0x0007000000023414-88.dat	upx
behavioral2/memory/2152-62-0x00007FF714A40000-0x00007FF714D94000-memory.dmp	upx
behavioral2/files/0x0007000000023412-60.dat	upx
behavioral2/memory/4620-51-0x00007FF71F1B0000-0x00007FF71F504000-memory.dmp	upx
behavioral2/files/0x0007000000023413-64.dat	upx
behavioral2/files/0x000700000002340e-43.dat	upx
behavioral2/memory/816-40-0x00007FF642950000-0x00007FF642CA4000-memory.dmp	upx
behavioral2/memory/3076-33-0x00007FF7B8D10000-0x00007FF7B9064000-memory.dmp	upx
behavioral2/memory/636-27-0x00007FF649090000-0x00007FF6493E4000-memory.dmp	upx
behavioral2/files/0x000700000002340f-28.dat	upx
behavioral2/memory/2548-25-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp	upx
behavioral2/memory/4424-21-0x00007FF7F60C0000-0x00007FF7F6414000-memory.dmp	upx
behavioral2/memory/2548-2127-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp	upx
behavioral2/memory/636-2128-0x00007FF649090000-0x00007FF6493E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rHYFLYH.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\jzQCbjL.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\iwdkkdG.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\AscMtOb.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\DkMxPWW.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\kMAEmXw.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\GIwwcAC.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\bDtfWDp.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\eabxzNn.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\mfotUga.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\DftOUXz.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\RmqsGxG.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\xYIKnAq.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\sfYxhrc.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\xknBoGC.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\digEeUq.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\dRuuvny.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\NacKuOv.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\GUGyKwt.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\MqGTqGq.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\bPMimdi.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\pxjvtCd.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\FyFCbAD.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\CsGUTqk.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\cUGfDal.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\UesgOmp.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\scagsBG.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\MiaCdJK.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\MfQjrKD.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\pkYEBlT.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\PILYKVK.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\AJihQzX.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\AtvZqCX.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\KBTlZlj.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\MVvUpUx.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\IFVRSgW.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\rfdhqro.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\saDldlE.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\kzYkEHZ.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\xJTTzRY.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\UUblasc.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\hPmultC.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\XIQUMYc.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\HFUsUjt.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\lQapjDf.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\haAXBJN.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\rilHMHz.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\LncYPJF.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\OrssvHg.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\ZDEsKme.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\NvJdrIn.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\AlywBtf.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\OOwEdVr.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\aDOXHVU.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\vkVTfOp.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\iphwUmt.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\LOGtTsz.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\toKzgzB.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\dbkHVHZ.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\pVEIBOO.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\qYoVDMW.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\DquPuVW.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\agYmqEe.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
File created	C:\Windows\System\yRmeVpN.exe	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3288	dwm.exe
Token: SeChangeNotifyPrivilege	3288	dwm.exe
Token: 33	3288	dwm.exe
Token: SeIncBasePriorityPrivilege	3288	dwm.exe
Token: SeShutdownPrivilege	3288	dwm.exe
Token: SeCreatePagefilePrivilege	3288	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 2436	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	82
PID 3688 wrote to memory of 2436	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	82
PID 3688 wrote to memory of 4424	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	83
PID 3688 wrote to memory of 4424	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	83
PID 3688 wrote to memory of 3076	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	84
PID 3688 wrote to memory of 3076	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	84
PID 3688 wrote to memory of 2548	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	85
PID 3688 wrote to memory of 2548	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	85
PID 3688 wrote to memory of 636	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	86
PID 3688 wrote to memory of 636	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	86
PID 3688 wrote to memory of 816	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	87
PID 3688 wrote to memory of 816	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	87
PID 3688 wrote to memory of 320	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	88
PID 3688 wrote to memory of 320	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	88
PID 3688 wrote to memory of 4620	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	90
PID 3688 wrote to memory of 4620	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	90
PID 3688 wrote to memory of 2344	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	91
PID 3688 wrote to memory of 2344	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	91
PID 3688 wrote to memory of 2152	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	92
PID 3688 wrote to memory of 2152	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	92
PID 3688 wrote to memory of 4744	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	93
PID 3688 wrote to memory of 4744	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	93
PID 3688 wrote to memory of 3032	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	94
PID 3688 wrote to memory of 3032	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	94
PID 3688 wrote to memory of 3680	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	95
PID 3688 wrote to memory of 3680	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	95
PID 3688 wrote to memory of 3580	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	96
PID 3688 wrote to memory of 3580	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	96
PID 3688 wrote to memory of 1740	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	97
PID 3688 wrote to memory of 1740	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	97
PID 3688 wrote to memory of 3428	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	98
PID 3688 wrote to memory of 3428	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	98
PID 3688 wrote to memory of 3596	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	99
PID 3688 wrote to memory of 3596	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	99
PID 3688 wrote to memory of 4216	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	100
PID 3688 wrote to memory of 4216	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	100
PID 3688 wrote to memory of 2020	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	101
PID 3688 wrote to memory of 2020	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	101
PID 3688 wrote to memory of 3468	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	102
PID 3688 wrote to memory of 3468	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	102
PID 3688 wrote to memory of 1964	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	103
PID 3688 wrote to memory of 1964	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	103
PID 3688 wrote to memory of 4948	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	104
PID 3688 wrote to memory of 4948	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	104
PID 3688 wrote to memory of 3400	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	105
PID 3688 wrote to memory of 3400	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	105
PID 3688 wrote to memory of 400	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	106
PID 3688 wrote to memory of 400	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	106
PID 3688 wrote to memory of 1184	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	107
PID 3688 wrote to memory of 1184	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	107
PID 3688 wrote to memory of 4540	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	108
PID 3688 wrote to memory of 4540	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	108
PID 3688 wrote to memory of 2352	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	109
PID 3688 wrote to memory of 2352	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	109
PID 3688 wrote to memory of 5100	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	110
PID 3688 wrote to memory of 5100	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	110
PID 3688 wrote to memory of 2592	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	111
PID 3688 wrote to memory of 2592	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	111
PID 3688 wrote to memory of 4376	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	112
PID 3688 wrote to memory of 4376	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	112
PID 3688 wrote to memory of 4952	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	113
PID 3688 wrote to memory of 4952	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	113
PID 3688 wrote to memory of 3868	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	114
PID 3688 wrote to memory of 3868	3688	0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0cdfb62e6086c5072e05ef53b76dc000_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Windows\System\GACGZRu.exe
  C:\Windows\System\GACGZRu.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\Afuizwa.exe
  C:\Windows\System\Afuizwa.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\NxeMxFw.exe
  C:\Windows\System\NxeMxFw.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\lvGzNLV.exe
  C:\Windows\System\lvGzNLV.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\DpklneR.exe
  C:\Windows\System\DpklneR.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\oKDHebO.exe
  C:\Windows\System\oKDHebO.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\NyfKRGB.exe
  C:\Windows\System\NyfKRGB.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\KBTlZlj.exe
  C:\Windows\System\KBTlZlj.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\PXlHVeI.exe
  C:\Windows\System\PXlHVeI.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\KLRwabv.exe
  C:\Windows\System\KLRwabv.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\efMIDcs.exe
  C:\Windows\System\efMIDcs.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\rigtfSE.exe
  C:\Windows\System\rigtfSE.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\dsmqqzd.exe
  C:\Windows\System\dsmqqzd.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\bNOlQmd.exe
  C:\Windows\System\bNOlQmd.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\FZjXOfq.exe
  C:\Windows\System\FZjXOfq.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\AfWJcbV.exe
  C:\Windows\System\AfWJcbV.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\ERJsktT.exe
  C:\Windows\System\ERJsktT.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\xnGXOwW.exe
  C:\Windows\System\xnGXOwW.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\pVEIBOO.exe
  C:\Windows\System\pVEIBOO.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\fEEAkgb.exe
  C:\Windows\System\fEEAkgb.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\svLVIHT.exe
  C:\Windows\System\svLVIHT.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\DGmwtgn.exe
  C:\Windows\System\DGmwtgn.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\MYuZaQg.exe
  C:\Windows\System\MYuZaQg.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\RrIipUs.exe
  C:\Windows\System\RrIipUs.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\PIjAcMF.exe
  C:\Windows\System\PIjAcMF.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\XxusmBC.exe
  C:\Windows\System\XxusmBC.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\vHjcHBM.exe
  C:\Windows\System\vHjcHBM.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ovzKWuz.exe
  C:\Windows\System\ovzKWuz.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\GwGpSyo.exe
  C:\Windows\System\GwGpSyo.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\OfxWqQA.exe
  C:\Windows\System\OfxWqQA.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\EzFEHrr.exe
  C:\Windows\System\EzFEHrr.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\jRIvDHM.exe
  C:\Windows\System\jRIvDHM.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\RTuFtAc.exe
  C:\Windows\System\RTuFtAc.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\JCecPeC.exe
  C:\Windows\System\JCecPeC.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\MDGCPFr.exe
  C:\Windows\System\MDGCPFr.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\eRjkFKk.exe
  C:\Windows\System\eRjkFKk.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\mHDOCSM.exe
  C:\Windows\System\mHDOCSM.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\HBfUWLj.exe
  C:\Windows\System\HBfUWLj.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\ImztAYk.exe
  C:\Windows\System\ImztAYk.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\csXWdty.exe
  C:\Windows\System\csXWdty.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\efOIPNe.exe
  C:\Windows\System\efOIPNe.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\gzCmVVh.exe
  C:\Windows\System\gzCmVVh.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\imcnHeF.exe
  C:\Windows\System\imcnHeF.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\vJPJkWw.exe
  C:\Windows\System\vJPJkWw.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\HwcNqdp.exe
  C:\Windows\System\HwcNqdp.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\hPmultC.exe
  C:\Windows\System\hPmultC.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\anCyGcs.exe
  C:\Windows\System\anCyGcs.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\kMAEmXw.exe
  C:\Windows\System\kMAEmXw.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\ZoHuarB.exe
  C:\Windows\System\ZoHuarB.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\MqGTqGq.exe
  C:\Windows\System\MqGTqGq.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\YQSAFHW.exe
  C:\Windows\System\YQSAFHW.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\rHYFLYH.exe
  C:\Windows\System\rHYFLYH.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\wGhAHrR.exe
  C:\Windows\System\wGhAHrR.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\XIQUMYc.exe
  C:\Windows\System\XIQUMYc.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\lBNaNtp.exe
  C:\Windows\System\lBNaNtp.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\VCxktwX.exe
  C:\Windows\System\VCxktwX.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\qYoVDMW.exe
  C:\Windows\System\qYoVDMW.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\zmlobTa.exe
  C:\Windows\System\zmlobTa.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\saDldlE.exe
  C:\Windows\System\saDldlE.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\sSOCQau.exe
  C:\Windows\System\sSOCQau.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\bjZlSJU.exe
  C:\Windows\System\bjZlSJU.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\LncYPJF.exe
  C:\Windows\System\LncYPJF.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\yRmeVpN.exe
  C:\Windows\System\yRmeVpN.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\FLuUckr.exe
  C:\Windows\System\FLuUckr.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\dqbYzug.exe
  C:\Windows\System\dqbYzug.exe
  2⤵
  PID:3300
- C:\Windows\System\QSAnEhS.exe
  C:\Windows\System\QSAnEhS.exe
  2⤵
  PID:2224
- C:\Windows\System\BqZjnhH.exe
  C:\Windows\System\BqZjnhH.exe
  2⤵
  PID:1364
- C:\Windows\System\gzJUnaB.exe
  C:\Windows\System\gzJUnaB.exe
  2⤵
  PID:1696
- C:\Windows\System\yUOdytn.exe
  C:\Windows\System\yUOdytn.exe
  2⤵
  PID:4128
- C:\Windows\System\GIwwcAC.exe
  C:\Windows\System\GIwwcAC.exe
  2⤵
  PID:3180
- C:\Windows\System\WkzXVmp.exe
  C:\Windows\System\WkzXVmp.exe
  2⤵
  PID:1260
- C:\Windows\System\mlwEPcR.exe
  C:\Windows\System\mlwEPcR.exe
  2⤵
  PID:1020
- C:\Windows\System\PXUeNCX.exe
  C:\Windows\System\PXUeNCX.exe
  2⤵
  PID:1304
- C:\Windows\System\HZmJZcs.exe
  C:\Windows\System\HZmJZcs.exe
  2⤵
  PID:3156
- C:\Windows\System\gpbQgVn.exe
  C:\Windows\System\gpbQgVn.exe
  2⤵
  PID:3204
- C:\Windows\System\ubRoTpp.exe
  C:\Windows\System\ubRoTpp.exe
  2⤵
  PID:1560
- C:\Windows\System\bPMimdi.exe
  C:\Windows\System\bPMimdi.exe
  2⤵
  PID:872
- C:\Windows\System\hxMSPRW.exe
  C:\Windows\System\hxMSPRW.exe
  2⤵
  PID:3636
- C:\Windows\System\UHoTdYG.exe
  C:\Windows\System\UHoTdYG.exe
  2⤵
  PID:3040
- C:\Windows\System\DquPuVW.exe
  C:\Windows\System\DquPuVW.exe
  2⤵
  PID:2828
- C:\Windows\System\oEbCtEw.exe
  C:\Windows\System\oEbCtEw.exe
  2⤵
  PID:4716
- C:\Windows\System\sfYxhrc.exe
  C:\Windows\System\sfYxhrc.exe
  2⤵
  PID:2076
- C:\Windows\System\POheneR.exe
  C:\Windows\System\POheneR.exe
  2⤵
  PID:1952
- C:\Windows\System\hPanMuM.exe
  C:\Windows\System\hPanMuM.exe
  2⤵
  PID:5044
- C:\Windows\System\IrAVAmi.exe
  C:\Windows\System\IrAVAmi.exe
  2⤵
  PID:1500
- C:\Windows\System\KVJmfvm.exe
  C:\Windows\System\KVJmfvm.exe
  2⤵
  PID:4564
- C:\Windows\System\bDtfWDp.exe
  C:\Windows\System\bDtfWDp.exe
  2⤵
  PID:3820
- C:\Windows\System\sAsqhFM.exe
  C:\Windows\System\sAsqhFM.exe
  2⤵
  PID:3852
- C:\Windows\System\kzYkEHZ.exe
  C:\Windows\System\kzYkEHZ.exe
  2⤵
  PID:448
- C:\Windows\System\IezKQMj.exe
  C:\Windows\System\IezKQMj.exe
  2⤵
  PID:3016
- C:\Windows\System\BnLKmmu.exe
  C:\Windows\System\BnLKmmu.exe
  2⤵
  PID:3844
- C:\Windows\System\xunOekQ.exe
  C:\Windows\System\xunOekQ.exe
  2⤵
  PID:5132
- C:\Windows\System\sNcaELQ.exe
  C:\Windows\System\sNcaELQ.exe
  2⤵
  PID:5168
- C:\Windows\System\SmClKaR.exe
  C:\Windows\System\SmClKaR.exe
  2⤵
  PID:5184
- C:\Windows\System\oyAXpOy.exe
  C:\Windows\System\oyAXpOy.exe
  2⤵
  PID:5212
- C:\Windows\System\AoDEyeG.exe
  C:\Windows\System\AoDEyeG.exe
  2⤵
  PID:5240
- C:\Windows\System\osPWQhT.exe
  C:\Windows\System\osPWQhT.exe
  2⤵
  PID:5280
- C:\Windows\System\dmGVBNc.exe
  C:\Windows\System\dmGVBNc.exe
  2⤵
  PID:5296
- C:\Windows\System\dVqZXjY.exe
  C:\Windows\System\dVqZXjY.exe
  2⤵
  PID:5332
- C:\Windows\System\NtvbsiN.exe
  C:\Windows\System\NtvbsiN.exe
  2⤵
  PID:5356
- C:\Windows\System\DVYAFUj.exe
  C:\Windows\System\DVYAFUj.exe
  2⤵
  PID:5380
- C:\Windows\System\iTZwSWY.exe
  C:\Windows\System\iTZwSWY.exe
  2⤵
  PID:5400
- C:\Windows\System\yhryPjv.exe
  C:\Windows\System\yhryPjv.exe
  2⤵
  PID:5436
- C:\Windows\System\wQJYtqn.exe
  C:\Windows\System\wQJYtqn.exe
  2⤵
  PID:5464
- C:\Windows\System\cRHgOtc.exe
  C:\Windows\System\cRHgOtc.exe
  2⤵
  PID:5492
- C:\Windows\System\scagsBG.exe
  C:\Windows\System\scagsBG.exe
  2⤵
  PID:5516
- C:\Windows\System\ryPQUYd.exe
  C:\Windows\System\ryPQUYd.exe
  2⤵
  PID:5548
- C:\Windows\System\kYCQmgI.exe
  C:\Windows\System\kYCQmgI.exe
  2⤵
  PID:5592
- C:\Windows\System\ewQcsGt.exe
  C:\Windows\System\ewQcsGt.exe
  2⤵
  PID:5616
- C:\Windows\System\BpsDwbR.exe
  C:\Windows\System\BpsDwbR.exe
  2⤵
  PID:5632
- C:\Windows\System\opEAGTp.exe
  C:\Windows\System\opEAGTp.exe
  2⤵
  PID:5672
- C:\Windows\System\pxjvtCd.exe
  C:\Windows\System\pxjvtCd.exe
  2⤵
  PID:5700
- C:\Windows\System\hexLJeQ.exe
  C:\Windows\System\hexLJeQ.exe
  2⤵
  PID:5716
- C:\Windows\System\MnfkiDT.exe
  C:\Windows\System\MnfkiDT.exe
  2⤵
  PID:5732
- C:\Windows\System\HZIFNtM.exe
  C:\Windows\System\HZIFNtM.exe
  2⤵
  PID:5752
- C:\Windows\System\RGzOkWq.exe
  C:\Windows\System\RGzOkWq.exe
  2⤵
  PID:5784
- C:\Windows\System\QdyyDmp.exe
  C:\Windows\System\QdyyDmp.exe
  2⤵
  PID:5816
- C:\Windows\System\frTEvsB.exe
  C:\Windows\System\frTEvsB.exe
  2⤵
  PID:5844
- C:\Windows\System\iyOwMGJ.exe
  C:\Windows\System\iyOwMGJ.exe
  2⤵
  PID:5876
- C:\Windows\System\ZzTXTXy.exe
  C:\Windows\System\ZzTXTXy.exe
  2⤵
  PID:5912
- C:\Windows\System\OoTCSKy.exe
  C:\Windows\System\OoTCSKy.exe
  2⤵
  PID:5952
- C:\Windows\System\zGSjhuY.exe
  C:\Windows\System\zGSjhuY.exe
  2⤵
  PID:5980
- C:\Windows\System\lVrEFhf.exe
  C:\Windows\System\lVrEFhf.exe
  2⤵
  PID:6004
- C:\Windows\System\jzQCbjL.exe
  C:\Windows\System\jzQCbjL.exe
  2⤵
  PID:6020
- C:\Windows\System\GdwVavv.exe
  C:\Windows\System\GdwVavv.exe
  2⤵
  PID:6040
- C:\Windows\System\lDvTmuW.exe
  C:\Windows\System\lDvTmuW.exe
  2⤵
  PID:6080
- C:\Windows\System\iwdkkdG.exe
  C:\Windows\System\iwdkkdG.exe
  2⤵
  PID:6112
- C:\Windows\System\EodPgIx.exe
  C:\Windows\System\EodPgIx.exe
  2⤵
  PID:6136
- C:\Windows\System\QXkDjpo.exe
  C:\Windows\System\QXkDjpo.exe
  2⤵
  PID:5152
- C:\Windows\System\lGKmAic.exe
  C:\Windows\System\lGKmAic.exe
  2⤵
  PID:5208
- C:\Windows\System\kUiJZCD.exe
  C:\Windows\System\kUiJZCD.exe
  2⤵
  PID:5312
- C:\Windows\System\vbFBwag.exe
  C:\Windows\System\vbFBwag.exe
  2⤵
  PID:5372
- C:\Windows\System\iOQBtSz.exe
  C:\Windows\System\iOQBtSz.exe
  2⤵
  PID:5420
- C:\Windows\System\RiKLhHs.exe
  C:\Windows\System\RiKLhHs.exe
  2⤵
  PID:5480
- C:\Windows\System\yIVsyEw.exe
  C:\Windows\System\yIVsyEw.exe
  2⤵
  PID:5544
- C:\Windows\System\zKXqpjg.exe
  C:\Windows\System\zKXqpjg.exe
  2⤵
  PID:5628
- C:\Windows\System\agYmqEe.exe
  C:\Windows\System\agYmqEe.exe
  2⤵
  PID:5692
- C:\Windows\System\CpVPwBv.exe
  C:\Windows\System\CpVPwBv.exe
  2⤵
  PID:5776
- C:\Windows\System\ToqfEXP.exe
  C:\Windows\System\ToqfEXP.exe
  2⤵
  PID:5768
- C:\Windows\System\pYzTQLp.exe
  C:\Windows\System\pYzTQLp.exe
  2⤵
  PID:5860
- C:\Windows\System\QReZKPg.exe
  C:\Windows\System\QReZKPg.exe
  2⤵
  PID:5940
- C:\Windows\System\HFUsUjt.exe
  C:\Windows\System\HFUsUjt.exe
  2⤵
  PID:6064
- C:\Windows\System\PRmamAc.exe
  C:\Windows\System\PRmamAc.exe
  2⤵
  PID:6092
- C:\Windows\System\TClbRrz.exe
  C:\Windows\System\TClbRrz.exe
  2⤵
  PID:1604
- C:\Windows\System\sGBtpkF.exe
  C:\Windows\System\sGBtpkF.exe
  2⤵
  PID:5236
- C:\Windows\System\FteZPmg.exe
  C:\Windows\System\FteZPmg.exe
  2⤵
  PID:5460
- C:\Windows\System\IfQrOvt.exe
  C:\Windows\System\IfQrOvt.exe
  2⤵
  PID:5604
- C:\Windows\System\bWeOyVN.exe
  C:\Windows\System\bWeOyVN.exe
  2⤵
  PID:5712
- C:\Windows\System\rYkQsVu.exe
  C:\Windows\System\rYkQsVu.exe
  2⤵
  PID:5884
- C:\Windows\System\OrssvHg.exe
  C:\Windows\System\OrssvHg.exe
  2⤵
  PID:6012
- C:\Windows\System\RqJdhbp.exe
  C:\Windows\System\RqJdhbp.exe
  2⤵
  PID:5176
- C:\Windows\System\ZDEsKme.exe
  C:\Windows\System\ZDEsKme.exe
  2⤵
  PID:5684
- C:\Windows\System\SJmFefI.exe
  C:\Windows\System\SJmFefI.exe
  2⤵
  PID:5996
- C:\Windows\System\gZLHqEh.exe
  C:\Windows\System\gZLHqEh.exe
  2⤵
  PID:5568
- C:\Windows\System\FZnGdau.exe
  C:\Windows\System\FZnGdau.exe
  2⤵
  PID:5896
- C:\Windows\System\iELCMQB.exe
  C:\Windows\System\iELCMQB.exe
  2⤵
  PID:6164
- C:\Windows\System\cvdRfWt.exe
  C:\Windows\System\cvdRfWt.exe
  2⤵
  PID:6196
- C:\Windows\System\mvIMEGd.exe
  C:\Windows\System\mvIMEGd.exe
  2⤵
  PID:6228
- C:\Windows\System\cpLLCjB.exe
  C:\Windows\System\cpLLCjB.exe
  2⤵
  PID:6280
- C:\Windows\System\nkFAtVR.exe
  C:\Windows\System\nkFAtVR.exe
  2⤵
  PID:6304
- C:\Windows\System\DtpflNB.exe
  C:\Windows\System\DtpflNB.exe
  2⤵
  PID:6336
- C:\Windows\System\IbtgYcg.exe
  C:\Windows\System\IbtgYcg.exe
  2⤵
  PID:6364
- C:\Windows\System\BAhCbVH.exe
  C:\Windows\System\BAhCbVH.exe
  2⤵
  PID:6388
- C:\Windows\System\lhAOirx.exe
  C:\Windows\System\lhAOirx.exe
  2⤵
  PID:6420
- C:\Windows\System\HZxAANv.exe
  C:\Windows\System\HZxAANv.exe
  2⤵
  PID:6456
- C:\Windows\System\wkYBkFU.exe
  C:\Windows\System\wkYBkFU.exe
  2⤵
  PID:6480
- C:\Windows\System\dvfrYAe.exe
  C:\Windows\System\dvfrYAe.exe
  2⤵
  PID:6512
- C:\Windows\System\fyzVtjw.exe
  C:\Windows\System\fyzVtjw.exe
  2⤵
  PID:6536
- C:\Windows\System\hLBAahG.exe
  C:\Windows\System\hLBAahG.exe
  2⤵
  PID:6564
- C:\Windows\System\fzZorWJ.exe
  C:\Windows\System\fzZorWJ.exe
  2⤵
  PID:6596
- C:\Windows\System\yFmMoVi.exe
  C:\Windows\System\yFmMoVi.exe
  2⤵
  PID:6620
- C:\Windows\System\JqXAbED.exe
  C:\Windows\System\JqXAbED.exe
  2⤵
  PID:6648
- C:\Windows\System\cqKiipm.exe
  C:\Windows\System\cqKiipm.exe
  2⤵
  PID:6676
- C:\Windows\System\FOGWEQI.exe
  C:\Windows\System\FOGWEQI.exe
  2⤵
  PID:6704
- C:\Windows\System\LPzaEzN.exe
  C:\Windows\System\LPzaEzN.exe
  2⤵
  PID:6732
- C:\Windows\System\lQapjDf.exe
  C:\Windows\System\lQapjDf.exe
  2⤵
  PID:6760
- C:\Windows\System\esMgpTy.exe
  C:\Windows\System\esMgpTy.exe
  2⤵
  PID:6788
- C:\Windows\System\Xymkrrt.exe
  C:\Windows\System\Xymkrrt.exe
  2⤵
  PID:6824
- C:\Windows\System\sUJdFDu.exe
  C:\Windows\System\sUJdFDu.exe
  2⤵
  PID:6844
- C:\Windows\System\XwnPLLc.exe
  C:\Windows\System\XwnPLLc.exe
  2⤵
  PID:6876
- C:\Windows\System\eZpSTNq.exe
  C:\Windows\System\eZpSTNq.exe
  2⤵
  PID:6900
- C:\Windows\System\TZcNUBp.exe
  C:\Windows\System\TZcNUBp.exe
  2⤵
  PID:6920
- C:\Windows\System\qLxKlhs.exe
  C:\Windows\System\qLxKlhs.exe
  2⤵
  PID:6944
- C:\Windows\System\rHYJVee.exe
  C:\Windows\System\rHYJVee.exe
  2⤵
  PID:6964
- C:\Windows\System\pEfHTZI.exe
  C:\Windows\System\pEfHTZI.exe
  2⤵
  PID:6992
- C:\Windows\System\yradrRm.exe
  C:\Windows\System\yradrRm.exe
  2⤵
  PID:7016
- C:\Windows\System\YeeOglP.exe
  C:\Windows\System\YeeOglP.exe
  2⤵
  PID:7044
- C:\Windows\System\KjHPIqn.exe
  C:\Windows\System\KjHPIqn.exe
  2⤵
  PID:7080
- C:\Windows\System\PILYKVK.exe
  C:\Windows\System\PILYKVK.exe
  2⤵
  PID:7116
- C:\Windows\System\zbALTdx.exe
  C:\Windows\System\zbALTdx.exe
  2⤵
  PID:7152
- C:\Windows\System\WTlqOGW.exe
  C:\Windows\System\WTlqOGW.exe
  2⤵
  PID:6184
- C:\Windows\System\CsGUTqk.exe
  C:\Windows\System\CsGUTqk.exe
  2⤵
  PID:6260
- C:\Windows\System\rwOSJpo.exe
  C:\Windows\System\rwOSJpo.exe
  2⤵
  PID:6344
- C:\Windows\System\xknBoGC.exe
  C:\Windows\System\xknBoGC.exe
  2⤵
  PID:6408
- C:\Windows\System\ZkrSvCA.exe
  C:\Windows\System\ZkrSvCA.exe
  2⤵
  PID:6476
- C:\Windows\System\WaOLmgi.exe
  C:\Windows\System\WaOLmgi.exe
  2⤵
  PID:6532
- C:\Windows\System\JocKQkT.exe
  C:\Windows\System\JocKQkT.exe
  2⤵
  PID:6612
- C:\Windows\System\kjuegwq.exe
  C:\Windows\System\kjuegwq.exe
  2⤵
  PID:6668
- C:\Windows\System\bVAxufm.exe
  C:\Windows\System\bVAxufm.exe
  2⤵
  PID:6744
- C:\Windows\System\LlfaIiQ.exe
  C:\Windows\System\LlfaIiQ.exe
  2⤵
  PID:6800
- C:\Windows\System\uEYaSIT.exe
  C:\Windows\System\uEYaSIT.exe
  2⤵
  PID:6884
- C:\Windows\System\zDIBnJi.exe
  C:\Windows\System\zDIBnJi.exe
  2⤵
  PID:6960
- C:\Windows\System\pBPgwQd.exe
  C:\Windows\System\pBPgwQd.exe
  2⤵
  PID:7008
- C:\Windows\System\ooSnoZE.exe
  C:\Windows\System\ooSnoZE.exe
  2⤵
  PID:7036
- C:\Windows\System\aDOXHVU.exe
  C:\Windows\System\aDOXHVU.exe
  2⤵
  PID:7128
- C:\Windows\System\VhVDgej.exe
  C:\Windows\System\VhVDgej.exe
  2⤵
  PID:6292
- C:\Windows\System\GDtDusW.exe
  C:\Windows\System\GDtDusW.exe
  2⤵
  PID:6380
- C:\Windows\System\qgLebVS.exe
  C:\Windows\System\qgLebVS.exe
  2⤵
  PID:6584
- C:\Windows\System\dzRVCtw.exe
  C:\Windows\System\dzRVCtw.exe
  2⤵
  PID:6724
- C:\Windows\System\MVvUpUx.exe
  C:\Windows\System\MVvUpUx.exe
  2⤵
  PID:6912
- C:\Windows\System\KvSSoaj.exe
  C:\Windows\System\KvSSoaj.exe
  2⤵
  PID:7028
- C:\Windows\System\GUamOvZ.exe
  C:\Windows\System\GUamOvZ.exe
  2⤵
  PID:6236
- C:\Windows\System\sfHlwjg.exe
  C:\Windows\System\sfHlwjg.exe
  2⤵
  PID:6560
- C:\Windows\System\Chhzmdm.exe
  C:\Windows\System\Chhzmdm.exe
  2⤵
  PID:6952
- C:\Windows\System\AlywBtf.exe
  C:\Windows\System\AlywBtf.exe
  2⤵
  PID:6784
- C:\Windows\System\MXLFumo.exe
  C:\Windows\System\MXLFumo.exe
  2⤵
  PID:7184
- C:\Windows\System\PfJPqai.exe
  C:\Windows\System\PfJPqai.exe
  2⤵
  PID:7212
- C:\Windows\System\CNXmkqj.exe
  C:\Windows\System\CNXmkqj.exe
  2⤵
  PID:7252
- C:\Windows\System\bIdBFGn.exe
  C:\Windows\System\bIdBFGn.exe
  2⤵
  PID:7292
- C:\Windows\System\zuIDMVZ.exe
  C:\Windows\System\zuIDMVZ.exe
  2⤵
  PID:7308
- C:\Windows\System\KzFHdSy.exe
  C:\Windows\System\KzFHdSy.exe
  2⤵
  PID:7336
- C:\Windows\System\SpXkMbY.exe
  C:\Windows\System\SpXkMbY.exe
  2⤵
  PID:7372
- C:\Windows\System\AcAEwBK.exe
  C:\Windows\System\AcAEwBK.exe
  2⤵
  PID:7396
- C:\Windows\System\APhbdPJ.exe
  C:\Windows\System\APhbdPJ.exe
  2⤵
  PID:7424
- C:\Windows\System\XSMdMGq.exe
  C:\Windows\System\XSMdMGq.exe
  2⤵
  PID:7452
- C:\Windows\System\NOkJaWC.exe
  C:\Windows\System\NOkJaWC.exe
  2⤵
  PID:7480
- C:\Windows\System\zdXyATu.exe
  C:\Windows\System\zdXyATu.exe
  2⤵
  PID:7508
- C:\Windows\System\UcyeZJl.exe
  C:\Windows\System\UcyeZJl.exe
  2⤵
  PID:7544
- C:\Windows\System\UvZrjSP.exe
  C:\Windows\System\UvZrjSP.exe
  2⤵
  PID:7568
- C:\Windows\System\nJMSELD.exe
  C:\Windows\System\nJMSELD.exe
  2⤵
  PID:7592
- C:\Windows\System\MidRymf.exe
  C:\Windows\System\MidRymf.exe
  2⤵
  PID:7640
- C:\Windows\System\TOnhtfj.exe
  C:\Windows\System\TOnhtfj.exe
  2⤵
  PID:7660
- C:\Windows\System\DNVIdsP.exe
  C:\Windows\System\DNVIdsP.exe
  2⤵
  PID:7688
- C:\Windows\System\HjLmOBx.exe
  C:\Windows\System\HjLmOBx.exe
  2⤵
  PID:7732
- C:\Windows\System\SsHHNaQ.exe
  C:\Windows\System\SsHHNaQ.exe
  2⤵
  PID:7760
- C:\Windows\System\ywRUqqG.exe
  C:\Windows\System\ywRUqqG.exe
  2⤵
  PID:7788
- C:\Windows\System\cZUjstA.exe
  C:\Windows\System\cZUjstA.exe
  2⤵
  PID:7804
- C:\Windows\System\NghdHuu.exe
  C:\Windows\System\NghdHuu.exe
  2⤵
  PID:7832
- C:\Windows\System\WNDRgdQ.exe
  C:\Windows\System\WNDRgdQ.exe
  2⤵
  PID:7848
- C:\Windows\System\yNIxGlX.exe
  C:\Windows\System\yNIxGlX.exe
  2⤵
  PID:7880
- C:\Windows\System\OBISkSH.exe
  C:\Windows\System\OBISkSH.exe
  2⤵
  PID:7904
- C:\Windows\System\TykWfbE.exe
  C:\Windows\System\TykWfbE.exe
  2⤵
  PID:7952
- C:\Windows\System\MshgGhq.exe
  C:\Windows\System\MshgGhq.exe
  2⤵
  PID:7976
- C:\Windows\System\SzAhkta.exe
  C:\Windows\System\SzAhkta.exe
  2⤵
  PID:8000
- C:\Windows\System\OrUtvHk.exe
  C:\Windows\System\OrUtvHk.exe
  2⤵
  PID:8032
- C:\Windows\System\WLZiAQE.exe
  C:\Windows\System\WLZiAQE.exe
  2⤵
  PID:8060
- C:\Windows\System\vrpJEWP.exe
  C:\Windows\System\vrpJEWP.exe
  2⤵
  PID:8100
- C:\Windows\System\bAxpYof.exe
  C:\Windows\System\bAxpYof.exe
  2⤵
  PID:8116
- C:\Windows\System\VYxBTOG.exe
  C:\Windows\System\VYxBTOG.exe
  2⤵
  PID:8148
- C:\Windows\System\LOJpBcp.exe
  C:\Windows\System\LOJpBcp.exe
  2⤵
  PID:8164
- C:\Windows\System\mgwqYFM.exe
  C:\Windows\System\mgwqYFM.exe
  2⤵
  PID:6384
- C:\Windows\System\JjnEbiD.exe
  C:\Windows\System\JjnEbiD.exe
  2⤵
  PID:7232
- C:\Windows\System\qZdpzSK.exe
  C:\Windows\System\qZdpzSK.exe
  2⤵
  PID:7328
- C:\Windows\System\piKHmdg.exe
  C:\Windows\System\piKHmdg.exe
  2⤵
  PID:7392
- C:\Windows\System\yJvtulR.exe
  C:\Windows\System\yJvtulR.exe
  2⤵
  PID:7436
- C:\Windows\System\LtTUTNB.exe
  C:\Windows\System\LtTUTNB.exe
  2⤵
  PID:7532
- C:\Windows\System\igyPeLj.exe
  C:\Windows\System\igyPeLj.exe
  2⤵
  PID:7588
- C:\Windows\System\PQEatyW.exe
  C:\Windows\System\PQEatyW.exe
  2⤵
  PID:7652
- C:\Windows\System\MiaCdJK.exe
  C:\Windows\System\MiaCdJK.exe
  2⤵
  PID:7728
- C:\Windows\System\GZlJXHX.exe
  C:\Windows\System\GZlJXHX.exe
  2⤵
  PID:7780
- C:\Windows\System\xJTTzRY.exe
  C:\Windows\System\xJTTzRY.exe
  2⤵
  PID:7820
- C:\Windows\System\GMHVZaf.exe
  C:\Windows\System\GMHVZaf.exe
  2⤵
  PID:7824
- C:\Windows\System\ExUocoX.exe
  C:\Windows\System\ExUocoX.exe
  2⤵
  PID:7916
- C:\Windows\System\IFVRSgW.exe
  C:\Windows\System\IFVRSgW.exe
  2⤵
  PID:7992
- C:\Windows\System\ZLGHsVj.exe
  C:\Windows\System\ZLGHsVj.exe
  2⤵
  PID:8072
- C:\Windows\System\LOGtTsz.exe
  C:\Windows\System\LOGtTsz.exe
  2⤵
  PID:8156
- C:\Windows\System\dXYkVYj.exe
  C:\Windows\System\dXYkVYj.exe
  2⤵
  PID:7284
- C:\Windows\System\rYLopey.exe
  C:\Windows\System\rYLopey.exe
  2⤵
  PID:6916
- C:\Windows\System\vkVTfOp.exe
  C:\Windows\System\vkVTfOp.exe
  2⤵
  PID:7488
- C:\Windows\System\rsnChXl.exe
  C:\Windows\System\rsnChXl.exe
  2⤵
  PID:7696
- C:\Windows\System\FAKczHD.exe
  C:\Windows\System\FAKczHD.exe
  2⤵
  PID:7776
- C:\Windows\System\KnQMSSy.exe
  C:\Windows\System\KnQMSSy.exe
  2⤵
  PID:7932
- C:\Windows\System\JFNJKhr.exe
  C:\Windows\System\JFNJKhr.exe
  2⤵
  PID:7972
- C:\Windows\System\GifqUKn.exe
  C:\Windows\System\GifqUKn.exe
  2⤵
  PID:7360
- C:\Windows\System\uEUQGqJ.exe
  C:\Windows\System\uEUQGqJ.exe
  2⤵
  PID:7408
- C:\Windows\System\AacegyX.exe
  C:\Windows\System\AacegyX.exe
  2⤵
  PID:7720
- C:\Windows\System\YQFBkdW.exe
  C:\Windows\System\YQFBkdW.exe
  2⤵
  PID:8024
- C:\Windows\System\pbvfSVj.exe
  C:\Windows\System\pbvfSVj.exe
  2⤵
  PID:7900
- C:\Windows\System\fPtTXgB.exe
  C:\Windows\System\fPtTXgB.exe
  2⤵
  PID:8224
- C:\Windows\System\hZNlams.exe
  C:\Windows\System\hZNlams.exe
  2⤵
  PID:8272
- C:\Windows\System\FkRhQdM.exe
  C:\Windows\System\FkRhQdM.exe
  2⤵
  PID:8288
- C:\Windows\System\aeVEutr.exe
  C:\Windows\System\aeVEutr.exe
  2⤵
  PID:8308
- C:\Windows\System\AlvvwWE.exe
  C:\Windows\System\AlvvwWE.exe
  2⤵
  PID:8340
- C:\Windows\System\UUblasc.exe
  C:\Windows\System\UUblasc.exe
  2⤵
  PID:8364
- C:\Windows\System\uJdgDxa.exe
  C:\Windows\System\uJdgDxa.exe
  2⤵
  PID:8400
- C:\Windows\System\iyUkqSy.exe
  C:\Windows\System\iyUkqSy.exe
  2⤵
  PID:8428
- C:\Windows\System\YuShFhD.exe
  C:\Windows\System\YuShFhD.exe
  2⤵
  PID:8460
- C:\Windows\System\zGCsZmW.exe
  C:\Windows\System\zGCsZmW.exe
  2⤵
  PID:8496
- C:\Windows\System\eOsLRVv.exe
  C:\Windows\System\eOsLRVv.exe
  2⤵
  PID:8524
- C:\Windows\System\ALyeBQU.exe
  C:\Windows\System\ALyeBQU.exe
  2⤵
  PID:8544
- C:\Windows\System\HLsRQkP.exe
  C:\Windows\System\HLsRQkP.exe
  2⤵
  PID:8568
- C:\Windows\System\MfQjrKD.exe
  C:\Windows\System\MfQjrKD.exe
  2⤵
  PID:8592
- C:\Windows\System\AKztnjZ.exe
  C:\Windows\System\AKztnjZ.exe
  2⤵
  PID:8628
- C:\Windows\System\yaNruGy.exe
  C:\Windows\System\yaNruGy.exe
  2⤵
  PID:8652
- C:\Windows\System\jYTEbKE.exe
  C:\Windows\System\jYTEbKE.exe
  2⤵
  PID:8676
- C:\Windows\System\qrTveXD.exe
  C:\Windows\System\qrTveXD.exe
  2⤵
  PID:8704
- C:\Windows\System\tSBtuUn.exe
  C:\Windows\System\tSBtuUn.exe
  2⤵
  PID:8744
- C:\Windows\System\OOwEdVr.exe
  C:\Windows\System\OOwEdVr.exe
  2⤵
  PID:8776
- C:\Windows\System\qyXIBnT.exe
  C:\Windows\System\qyXIBnT.exe
  2⤵
  PID:8792
- C:\Windows\System\YaMlyBA.exe
  C:\Windows\System\YaMlyBA.exe
  2⤵
  PID:8808
- C:\Windows\System\FyFCbAD.exe
  C:\Windows\System\FyFCbAD.exe
  2⤵
  PID:8828
- C:\Windows\System\VJOcvhv.exe
  C:\Windows\System\VJOcvhv.exe
  2⤵
  PID:8856
- C:\Windows\System\digEeUq.exe
  C:\Windows\System\digEeUq.exe
  2⤵
  PID:8880
- C:\Windows\System\WjEsROr.exe
  C:\Windows\System\WjEsROr.exe
  2⤵
  PID:8904
- C:\Windows\System\SytNpeH.exe
  C:\Windows\System\SytNpeH.exe
  2⤵
  PID:8928
- C:\Windows\System\toKzgzB.exe
  C:\Windows\System\toKzgzB.exe
  2⤵
  PID:8988
- C:\Windows\System\NacKuOv.exe
  C:\Windows\System\NacKuOv.exe
  2⤵
  PID:9012
- C:\Windows\System\MYigAty.exe
  C:\Windows\System\MYigAty.exe
  2⤵
  PID:9044
- C:\Windows\System\FzuCUJL.exe
  C:\Windows\System\FzuCUJL.exe
  2⤵
  PID:9076
- C:\Windows\System\edEgmkC.exe
  C:\Windows\System\edEgmkC.exe
  2⤵
  PID:9100
- C:\Windows\System\IPSJOAE.exe
  C:\Windows\System\IPSJOAE.exe
  2⤵
  PID:9140
- C:\Windows\System\BPEMqym.exe
  C:\Windows\System\BPEMqym.exe
  2⤵
  PID:9180
- C:\Windows\System\QLAPYUL.exe
  C:\Windows\System\QLAPYUL.exe
  2⤵
  PID:9208
- C:\Windows\System\SeLIAGS.exe
  C:\Windows\System\SeLIAGS.exe
  2⤵
  PID:7560
- C:\Windows\System\NvJdrIn.exe
  C:\Windows\System\NvJdrIn.exe
  2⤵
  PID:8260
- C:\Windows\System\hmkatbZ.exe
  C:\Windows\System\hmkatbZ.exe
  2⤵
  PID:8324
- C:\Windows\System\zgydvLI.exe
  C:\Windows\System\zgydvLI.exe
  2⤵
  PID:3460
- C:\Windows\System\XBJLvbi.exe
  C:\Windows\System\XBJLvbi.exe
  2⤵
  PID:8480
- C:\Windows\System\ufFssGX.exe
  C:\Windows\System\ufFssGX.exe
  2⤵
  PID:8508
- C:\Windows\System\hfOvHjz.exe
  C:\Windows\System\hfOvHjz.exe
  2⤵
  PID:8588
- C:\Windows\System\OYOTsvl.exe
  C:\Windows\System\OYOTsvl.exe
  2⤵
  PID:8612
- C:\Windows\System\DdLVtmn.exe
  C:\Windows\System\DdLVtmn.exe
  2⤵
  PID:8764
- C:\Windows\System\pFRcYEF.exe
  C:\Windows\System\pFRcYEF.exe
  2⤵
  PID:8800
- C:\Windows\System\aUgICMz.exe
  C:\Windows\System\aUgICMz.exe
  2⤵
  PID:8816
- C:\Windows\System\sXWWmaD.exe
  C:\Windows\System\sXWWmaD.exe
  2⤵
  PID:8944
- C:\Windows\System\lAUlRCv.exe
  C:\Windows\System\lAUlRCv.exe
  2⤵
  PID:8984
- C:\Windows\System\AphiUvP.exe
  C:\Windows\System\AphiUvP.exe
  2⤵
  PID:9060
- C:\Windows\System\YDKTVBU.exe
  C:\Windows\System\YDKTVBU.exe
  2⤵
  PID:9152
- C:\Windows\System\FqxQvUD.exe
  C:\Windows\System\FqxQvUD.exe
  2⤵
  PID:9192
- C:\Windows\System\cLjMOPx.exe
  C:\Windows\System\cLjMOPx.exe
  2⤵
  PID:8280
- C:\Windows\System\jUQrKRj.exe
  C:\Windows\System\jUQrKRj.exe
  2⤵
  PID:8392
- C:\Windows\System\DPYVdYH.exe
  C:\Windows\System\DPYVdYH.exe
  2⤵
  PID:7260
- C:\Windows\System\iGURTXn.exe
  C:\Windows\System\iGURTXn.exe
  2⤵
  PID:8516
- C:\Windows\System\tTKaxph.exe
  C:\Windows\System\tTKaxph.exe
  2⤵
  PID:8664
- C:\Windows\System\sRYqunD.exe
  C:\Windows\System\sRYqunD.exe
  2⤵
  PID:8740
- C:\Windows\System\xkJgBTu.exe
  C:\Windows\System\xkJgBTu.exe
  2⤵
  PID:9028
- C:\Windows\System\iCHCUdd.exe
  C:\Windows\System\iCHCUdd.exe
  2⤵
  PID:8200
- C:\Windows\System\dRuuvny.exe
  C:\Windows\System\dRuuvny.exe
  2⤵
  PID:7248
- C:\Windows\System\tGUlBhZ.exe
  C:\Windows\System\tGUlBhZ.exe
  2⤵
  PID:8580
- C:\Windows\System\XgXvMKF.exe
  C:\Windows\System\XgXvMKF.exe
  2⤵
  PID:9052
- C:\Windows\System\ZzOgpuC.exe
  C:\Windows\System\ZzOgpuC.exe
  2⤵
  PID:8444
- C:\Windows\System\FdGLZea.exe
  C:\Windows\System\FdGLZea.exe
  2⤵
  PID:9248
- C:\Windows\System\KcErYiq.exe
  C:\Windows\System\KcErYiq.exe
  2⤵
  PID:9280
- C:\Windows\System\cUGfDal.exe
  C:\Windows\System\cUGfDal.exe
  2⤵
  PID:9300
- C:\Windows\System\bxeItHw.exe
  C:\Windows\System\bxeItHw.exe
  2⤵
  PID:9320
- C:\Windows\System\QFXEpTw.exe
  C:\Windows\System\QFXEpTw.exe
  2⤵
  PID:9356
- C:\Windows\System\bjcPQBD.exe
  C:\Windows\System\bjcPQBD.exe
  2⤵
  PID:9388
- C:\Windows\System\ORnPnUW.exe
  C:\Windows\System\ORnPnUW.exe
  2⤵
  PID:9432
- C:\Windows\System\RJTriUS.exe
  C:\Windows\System\RJTriUS.exe
  2⤵
  PID:9460
- C:\Windows\System\rfdhqro.exe
  C:\Windows\System\rfdhqro.exe
  2⤵
  PID:9480
- C:\Windows\System\YwVrcbf.exe
  C:\Windows\System\YwVrcbf.exe
  2⤵
  PID:9500
- C:\Windows\System\oQRYFPw.exe
  C:\Windows\System\oQRYFPw.exe
  2⤵
  PID:9524
- C:\Windows\System\eSZGdRO.exe
  C:\Windows\System\eSZGdRO.exe
  2⤵
  PID:9560
- C:\Windows\System\RlPZrRD.exe
  C:\Windows\System\RlPZrRD.exe
  2⤵
  PID:9580
- C:\Windows\System\xLhKdBB.exe
  C:\Windows\System\xLhKdBB.exe
  2⤵
  PID:9616
- C:\Windows\System\jRhELcx.exe
  C:\Windows\System\jRhELcx.exe
  2⤵
  PID:9636
- C:\Windows\System\iLZViMU.exe
  C:\Windows\System\iLZViMU.exe
  2⤵
  PID:9664
- C:\Windows\System\FbQCKeX.exe
  C:\Windows\System\FbQCKeX.exe
  2⤵
  PID:9692
- C:\Windows\System\FpTnqbk.exe
  C:\Windows\System\FpTnqbk.exe
  2⤵
  PID:9724
- C:\Windows\System\nuWMzPM.exe
  C:\Windows\System\nuWMzPM.exe
  2⤵
  PID:9748
- C:\Windows\System\mXDvdOK.exe
  C:\Windows\System\mXDvdOK.exe
  2⤵
  PID:9776
- C:\Windows\System\exZABst.exe
  C:\Windows\System\exZABst.exe
  2⤵
  PID:9804
- C:\Windows\System\jdXIqDL.exe
  C:\Windows\System\jdXIqDL.exe
  2⤵
  PID:9844
- C:\Windows\System\xPAvZat.exe
  C:\Windows\System\xPAvZat.exe
  2⤵
  PID:9872
- C:\Windows\System\ZxRYNLw.exe
  C:\Windows\System\ZxRYNLw.exe
  2⤵
  PID:9900
- C:\Windows\System\eRskOGT.exe
  C:\Windows\System\eRskOGT.exe
  2⤵
  PID:9916
- C:\Windows\System\tDeYTZY.exe
  C:\Windows\System\tDeYTZY.exe
  2⤵
  PID:9948
- C:\Windows\System\YPkJwaQ.exe
  C:\Windows\System\YPkJwaQ.exe
  2⤵
  PID:9976
- C:\Windows\System\DLcQnAj.exe
  C:\Windows\System\DLcQnAj.exe
  2⤵
  PID:10012
- C:\Windows\System\OQGXEGL.exe
  C:\Windows\System\OQGXEGL.exe
  2⤵
  PID:10044
- C:\Windows\System\JdmZjWJ.exe
  C:\Windows\System\JdmZjWJ.exe
  2⤵
  PID:10064
- C:\Windows\System\jWyndSp.exe
  C:\Windows\System\jWyndSp.exe
  2⤵
  PID:10084
- C:\Windows\System\VQayQmj.exe
  C:\Windows\System\VQayQmj.exe
  2⤵
  PID:10112
- C:\Windows\System\yufnFDr.exe
  C:\Windows\System\yufnFDr.exe
  2⤵
  PID:10136
- C:\Windows\System\tLMVNEh.exe
  C:\Windows\System\tLMVNEh.exe
  2⤵
  PID:10164
- C:\Windows\System\yXPKpLx.exe
  C:\Windows\System\yXPKpLx.exe
  2⤵
  PID:10208
- C:\Windows\System\kavufgT.exe
  C:\Windows\System\kavufgT.exe
  2⤵
  PID:8804
- C:\Windows\System\Xclmewv.exe
  C:\Windows\System\Xclmewv.exe
  2⤵
  PID:9240
- C:\Windows\System\PRmKrvi.exe
  C:\Windows\System\PRmKrvi.exe
  2⤵
  PID:9344
- C:\Windows\System\AJihQzX.exe
  C:\Windows\System\AJihQzX.exe
  2⤵
  PID:9384
- C:\Windows\System\HQCYUIj.exe
  C:\Windows\System\HQCYUIj.exe
  2⤵
  PID:9468
- C:\Windows\System\ZzxRTTv.exe
  C:\Windows\System\ZzxRTTv.exe
  2⤵
  PID:9516
- C:\Windows\System\qtoVAkB.exe
  C:\Windows\System\qtoVAkB.exe
  2⤵
  PID:9544
- C:\Windows\System\FQRUvEB.exe
  C:\Windows\System\FQRUvEB.exe
  2⤵
  PID:9660
- C:\Windows\System\mfotUga.exe
  C:\Windows\System\mfotUga.exe
  2⤵
  PID:9732
- C:\Windows\System\RUZkKBR.exe
  C:\Windows\System\RUZkKBR.exe
  2⤵
  PID:9764
- C:\Windows\System\oiHcmrC.exe
  C:\Windows\System\oiHcmrC.exe
  2⤵
  PID:9828
- C:\Windows\System\ZClrXPG.exe
  C:\Windows\System\ZClrXPG.exe
  2⤵
  PID:9928
- C:\Windows\System\Bmncqey.exe
  C:\Windows\System\Bmncqey.exe
  2⤵
  PID:10024
- C:\Windows\System\QtvuCbC.exe
  C:\Windows\System\QtvuCbC.exe
  2⤵
  PID:10052
- C:\Windows\System\OQsaWjG.exe
  C:\Windows\System\OQsaWjG.exe
  2⤵
  PID:10128
- C:\Windows\System\evKbsjo.exe
  C:\Windows\System\evKbsjo.exe
  2⤵
  PID:10152
- C:\Windows\System\hRBSlBC.exe
  C:\Windows\System\hRBSlBC.exe
  2⤵
  PID:1172
- C:\Windows\System\AtvZqCX.exe
  C:\Windows\System\AtvZqCX.exe
  2⤵
  PID:9428
- C:\Windows\System\gNLAzRY.exe
  C:\Windows\System\gNLAzRY.exe
  2⤵
  PID:9548
- C:\Windows\System\GCXrbUg.exe
  C:\Windows\System\GCXrbUg.exe
  2⤵
  PID:9608
- C:\Windows\System\TdyjwTa.exe
  C:\Windows\System\TdyjwTa.exe
  2⤵
  PID:9740
- C:\Windows\System\bRznHlh.exe
  C:\Windows\System\bRznHlh.exe
  2⤵
  PID:9884
- C:\Windows\System\jWewcxi.exe
  C:\Windows\System\jWewcxi.exe
  2⤵
  PID:10100
- C:\Windows\System\WHcHwgt.exe
  C:\Windows\System\WHcHwgt.exe
  2⤵
  PID:10220
- C:\Windows\System\GyiHsIJ.exe
  C:\Windows\System\GyiHsIJ.exe
  2⤵
  PID:9512
- C:\Windows\System\TBchhIn.exe
  C:\Windows\System\TBchhIn.exe
  2⤵
  PID:9744
- C:\Windows\System\KHoUnTp.exe
  C:\Windows\System\KHoUnTp.exe
  2⤵
  PID:10028
- C:\Windows\System\uRXxHIS.exe
  C:\Windows\System\uRXxHIS.exe
  2⤵
  PID:4240
- C:\Windows\System\JXyxxYn.exe
  C:\Windows\System\JXyxxYn.exe
  2⤵
  PID:3508
- C:\Windows\System\uqnICBZ.exe
  C:\Windows\System\uqnICBZ.exe
  2⤵
  PID:9340
- C:\Windows\System\pmtIyYb.exe
  C:\Windows\System\pmtIyYb.exe
  2⤵
  PID:10276
- C:\Windows\System\aeakstv.exe
  C:\Windows\System\aeakstv.exe
  2⤵
  PID:10292
- C:\Windows\System\puIzzuk.exe
  C:\Windows\System\puIzzuk.exe
  2⤵
  PID:10328
- C:\Windows\System\QKcTDFm.exe
  C:\Windows\System\QKcTDFm.exe
  2⤵
  PID:10360
- C:\Windows\System\jAvmgYv.exe
  C:\Windows\System\jAvmgYv.exe
  2⤵
  PID:10376
- C:\Windows\System\POfOVKj.exe
  C:\Windows\System\POfOVKj.exe
  2⤵
  PID:10408
- C:\Windows\System\dOZFFWb.exe
  C:\Windows\System\dOZFFWb.exe
  2⤵
  PID:10444
- C:\Windows\System\nHcrRVc.exe
  C:\Windows\System\nHcrRVc.exe
  2⤵
  PID:10472
- C:\Windows\System\xupNpip.exe
  C:\Windows\System\xupNpip.exe
  2⤵
  PID:10488
- C:\Windows\System\IDjKlVX.exe
  C:\Windows\System\IDjKlVX.exe
  2⤵
  PID:10508
- C:\Windows\System\FRbGSjh.exe
  C:\Windows\System\FRbGSjh.exe
  2⤵
  PID:10540
- C:\Windows\System\QlrCOWI.exe
  C:\Windows\System\QlrCOWI.exe
  2⤵
  PID:10560
- C:\Windows\System\CtIKNZs.exe
  C:\Windows\System\CtIKNZs.exe
  2⤵
  PID:10588
- C:\Windows\System\rjOqpHO.exe
  C:\Windows\System\rjOqpHO.exe
  2⤵
  PID:10624
- C:\Windows\System\SlfIJwI.exe
  C:\Windows\System\SlfIJwI.exe
  2⤵
  PID:10660
- C:\Windows\System\onnlYdw.exe
  C:\Windows\System\onnlYdw.exe
  2⤵
  PID:10692
- C:\Windows\System\JeIrPnH.exe
  C:\Windows\System\JeIrPnH.exe
  2⤵
  PID:10712
- C:\Windows\System\eyYAfuH.exe
  C:\Windows\System\eyYAfuH.exe
  2⤵
  PID:10740
- C:\Windows\System\YEpiKJt.exe
  C:\Windows\System\YEpiKJt.exe
  2⤵
  PID:10768
- C:\Windows\System\ZmkCYnM.exe
  C:\Windows\System\ZmkCYnM.exe
  2⤵
  PID:10796
- C:\Windows\System\KJFWvOp.exe
  C:\Windows\System\KJFWvOp.exe
  2⤵
  PID:10824
- C:\Windows\System\zQBZmMN.exe
  C:\Windows\System\zQBZmMN.exe
  2⤵
  PID:10856
- C:\Windows\System\DuJJchh.exe
  C:\Windows\System\DuJJchh.exe
  2⤵
  PID:10888
- C:\Windows\System\eabxzNn.exe
  C:\Windows\System\eabxzNn.exe
  2⤵
  PID:10920
- C:\Windows\System\MzBhlcl.exe
  C:\Windows\System\MzBhlcl.exe
  2⤵
  PID:10936
- C:\Windows\System\YwQZLzT.exe
  C:\Windows\System\YwQZLzT.exe
  2⤵
  PID:10952
- C:\Windows\System\QbjANfl.exe
  C:\Windows\System\QbjANfl.exe
  2⤵
  PID:10980
- C:\Windows\System\ZdGVFhe.exe
  C:\Windows\System\ZdGVFhe.exe
  2⤵
  PID:11016
- C:\Windows\System\vaPIzrR.exe
  C:\Windows\System\vaPIzrR.exe
  2⤵
  PID:11052
- C:\Windows\System\mzaXNls.exe
  C:\Windows\System\mzaXNls.exe
  2⤵
  PID:11076
- C:\Windows\System\gHyZwjd.exe
  C:\Windows\System\gHyZwjd.exe
  2⤵
  PID:11112
- C:\Windows\System\XzIunSw.exe
  C:\Windows\System\XzIunSw.exe
  2⤵
  PID:11132
- C:\Windows\System\uKnCXKI.exe
  C:\Windows\System\uKnCXKI.exe
  2⤵
  PID:11172
- C:\Windows\System\wxACcUh.exe
  C:\Windows\System\wxACcUh.exe
  2⤵
  PID:11188
- C:\Windows\System\QVAKpOi.exe
  C:\Windows\System\QVAKpOi.exe
  2⤵
  PID:11216
- C:\Windows\System\nApqRGy.exe
  C:\Windows\System\nApqRGy.exe
  2⤵
  PID:11244
- C:\Windows\System\bERyPWD.exe
  C:\Windows\System\bERyPWD.exe
  2⤵
  PID:10248
- C:\Windows\System\sMCYynP.exe
  C:\Windows\System\sMCYynP.exe
  2⤵
  PID:10348
- C:\Windows\System\cOhdRUz.exe
  C:\Windows\System\cOhdRUz.exe
  2⤵
  PID:10388
- C:\Windows\System\sZqLgkD.exe
  C:\Windows\System\sZqLgkD.exe
  2⤵
  PID:10460
- C:\Windows\System\HulJOEN.exe
  C:\Windows\System\HulJOEN.exe
  2⤵
  PID:10516
- C:\Windows\System\sKvELpF.exe
  C:\Windows\System\sKvELpF.exe
  2⤵
  PID:10576
- C:\Windows\System\ZfrLfzG.exe
  C:\Windows\System\ZfrLfzG.exe
  2⤵
  PID:10672
- C:\Windows\System\aFnFTMk.exe
  C:\Windows\System\aFnFTMk.exe
  2⤵
  PID:10704
- C:\Windows\System\pkYEBlT.exe
  C:\Windows\System\pkYEBlT.exe
  2⤵
  PID:10756
- C:\Windows\System\RQTLSvs.exe
  C:\Windows\System\RQTLSvs.exe
  2⤵
  PID:10808
- C:\Windows\System\AscMtOb.exe
  C:\Windows\System\AscMtOb.exe
  2⤵
  PID:10908
- C:\Windows\System\gInfZSw.exe
  C:\Windows\System\gInfZSw.exe
  2⤵
  PID:10968
- C:\Windows\System\HvzSCdF.exe
  C:\Windows\System\HvzSCdF.exe
  2⤵
  PID:11068
- C:\Windows\System\GUGyKwt.exe
  C:\Windows\System\GUGyKwt.exe
  2⤵
  PID:11120
- C:\Windows\System\dHedVHA.exe
  C:\Windows\System\dHedVHA.exe
  2⤵
  PID:11184
- C:\Windows\System\CVylNlD.exe
  C:\Windows\System\CVylNlD.exe
  2⤵
  PID:11224
- C:\Windows\System\GVpUEca.exe
  C:\Windows\System\GVpUEca.exe
  2⤵
  PID:10304
- C:\Windows\System\qdexrFL.exe
  C:\Windows\System\qdexrFL.exe
  2⤵
  PID:10428
- C:\Windows\System\mWTalLy.exe
  C:\Windows\System\mWTalLy.exe
  2⤵
  PID:10552
- C:\Windows\System\uDggneQ.exe
  C:\Windows\System\uDggneQ.exe
  2⤵
  PID:10728
- C:\Windows\System\ryyvcRU.exe
  C:\Windows\System\ryyvcRU.exe
  2⤵
  PID:10928
- C:\Windows\System\BLzsPME.exe
  C:\Windows\System\BLzsPME.exe
  2⤵
  PID:9316
- C:\Windows\System\bOiVuER.exe
  C:\Windows\System\bOiVuER.exe
  2⤵
  PID:11204
- C:\Windows\System\XjVfMlY.exe
  C:\Windows\System\XjVfMlY.exe
  2⤵
  PID:10396
- C:\Windows\System\FgPCOlP.exe
  C:\Windows\System\FgPCOlP.exe
  2⤵
  PID:10644
- C:\Windows\System\cWITLwH.exe
  C:\Windows\System\cWITLwH.exe
  2⤵
  PID:10944
- C:\Windows\System\uAmtSAZ.exe
  C:\Windows\System\uAmtSAZ.exe
  2⤵
  PID:10708
- C:\Windows\System\WjcZZSf.exe
  C:\Windows\System\WjcZZSf.exe
  2⤵
  PID:10260
- C:\Windows\System\oTKpzZi.exe
  C:\Windows\System\oTKpzZi.exe
  2⤵
  PID:11292
- C:\Windows\System\lsSjtcK.exe
  C:\Windows\System\lsSjtcK.exe
  2⤵
  PID:11316
- C:\Windows\System\bOIXkmW.exe
  C:\Windows\System\bOIXkmW.exe
  2⤵
  PID:11336
- C:\Windows\System\GJgsmSm.exe
  C:\Windows\System\GJgsmSm.exe
  2⤵
  PID:11360
- C:\Windows\System\OBOYsCl.exe
  C:\Windows\System\OBOYsCl.exe
  2⤵
  PID:11392
- C:\Windows\System\lfFeKqE.exe
  C:\Windows\System\lfFeKqE.exe
  2⤵
  PID:11420
- C:\Windows\System\sERqYQh.exe
  C:\Windows\System\sERqYQh.exe
  2⤵
  PID:11464
- C:\Windows\System\LnrZhtY.exe
  C:\Windows\System\LnrZhtY.exe
  2⤵
  PID:11508
- C:\Windows\System\JjWtRnX.exe
  C:\Windows\System\JjWtRnX.exe
  2⤵
  PID:11524
- C:\Windows\System\twtXhGc.exe
  C:\Windows\System\twtXhGc.exe
  2⤵
  PID:11552
- C:\Windows\System\hUvaGer.exe
  C:\Windows\System\hUvaGer.exe
  2⤵
  PID:11580
- C:\Windows\System\JmqyFfy.exe
  C:\Windows\System\JmqyFfy.exe
  2⤵
  PID:11608
- C:\Windows\System\QwjVGWg.exe
  C:\Windows\System\QwjVGWg.exe
  2⤵
  PID:11632
- C:\Windows\System\TxQAxYi.exe
  C:\Windows\System\TxQAxYi.exe
  2⤵
  PID:11664
- C:\Windows\System\oRriRkm.exe
  C:\Windows\System\oRriRkm.exe
  2⤵
  PID:11688
- C:\Windows\System\XmsFVhM.exe
  C:\Windows\System\XmsFVhM.exe
  2⤵
  PID:11720
- C:\Windows\System\UjSbqrt.exe
  C:\Windows\System\UjSbqrt.exe
  2⤵
  PID:11744
- C:\Windows\System\jwxOAwW.exe
  C:\Windows\System\jwxOAwW.exe
  2⤵
  PID:11772
- C:\Windows\System\WgNpNuO.exe
  C:\Windows\System\WgNpNuO.exe
  2⤵
  PID:11792
- C:\Windows\System\itTIkFp.exe
  C:\Windows\System\itTIkFp.exe
  2⤵
  PID:11820
- C:\Windows\System\bsrcgmD.exe
  C:\Windows\System\bsrcgmD.exe
  2⤵
  PID:11864
- C:\Windows\System\cMjgtxs.exe
  C:\Windows\System\cMjgtxs.exe
  2⤵
  PID:11888
- C:\Windows\System\ncXYrvM.exe
  C:\Windows\System\ncXYrvM.exe
  2⤵
  PID:11908
- C:\Windows\System\TVDHSFx.exe
  C:\Windows\System\TVDHSFx.exe
  2⤵
  PID:11936
- C:\Windows\System\rHZOqcQ.exe
  C:\Windows\System\rHZOqcQ.exe
  2⤵
  PID:11964
- C:\Windows\System\qvyEKnL.exe
  C:\Windows\System\qvyEKnL.exe
  2⤵
  PID:12000
- C:\Windows\System\BnQMggz.exe
  C:\Windows\System\BnQMggz.exe
  2⤵
  PID:12020
- C:\Windows\System\WIlyiIF.exe
  C:\Windows\System\WIlyiIF.exe
  2⤵
  PID:12048
- C:\Windows\System\PdbxknN.exe
  C:\Windows\System\PdbxknN.exe
  2⤵
  PID:12076
- C:\Windows\System\pvMUKmG.exe
  C:\Windows\System\pvMUKmG.exe
  2⤵
  PID:12092
- C:\Windows\System\onRWpIb.exe
  C:\Windows\System\onRWpIb.exe
  2⤵
  PID:12120
- C:\Windows\System\vwaqrIL.exe
  C:\Windows\System\vwaqrIL.exe
  2⤵
  PID:12160
- C:\Windows\System\XcHIudj.exe
  C:\Windows\System\XcHIudj.exe
  2⤵
  PID:12188
- C:\Windows\System\FkBNDJj.exe
  C:\Windows\System\FkBNDJj.exe
  2⤵
  PID:12220
- C:\Windows\System\AjXCpSs.exe
  C:\Windows\System\AjXCpSs.exe
  2⤵
  PID:12244
- C:\Windows\System\EtgZcDa.exe
  C:\Windows\System\EtgZcDa.exe
  2⤵
  PID:12272
- C:\Windows\System\xAYVLUd.exe
  C:\Windows\System\xAYVLUd.exe
  2⤵
  PID:11276
- C:\Windows\System\XyKkpSz.exe
  C:\Windows\System\XyKkpSz.exe
  2⤵
  PID:11384
- C:\Windows\System\EBDBiID.exe
  C:\Windows\System\EBDBiID.exe
  2⤵
  PID:11376
- C:\Windows\System\incWMym.exe
  C:\Windows\System\incWMym.exe
  2⤵
  PID:11476
- C:\Windows\System\vvHjyCQ.exe
  C:\Windows\System\vvHjyCQ.exe
  2⤵
  PID:11492
- C:\Windows\System\JVYKrWa.exe
  C:\Windows\System\JVYKrWa.exe
  2⤵
  PID:11596
- C:\Windows\System\ZSTdcbK.exe
  C:\Windows\System\ZSTdcbK.exe
  2⤵
  PID:11620
- C:\Windows\System\EnvUwiE.exe
  C:\Windows\System\EnvUwiE.exe
  2⤵
  PID:11708
- C:\Windows\System\VswpMrm.exe
  C:\Windows\System\VswpMrm.exe
  2⤵
  PID:11764
- C:\Windows\System\hGawbNu.exe
  C:\Windows\System\hGawbNu.exe
  2⤵
  PID:11852
- C:\Windows\System\haAXBJN.exe
  C:\Windows\System\haAXBJN.exe
  2⤵
  PID:11900
- C:\Windows\System\LQxxTba.exe
  C:\Windows\System\LQxxTba.exe
  2⤵
  PID:11980
- C:\Windows\System\sGwnsxb.exe
  C:\Windows\System\sGwnsxb.exe
  2⤵
  PID:12008
- C:\Windows\System\UfBLJIu.exe
  C:\Windows\System\UfBLJIu.exe
  2⤵
  PID:12068
- C:\Windows\System\hatlsfR.exe
  C:\Windows\System\hatlsfR.exe
  2⤵
  PID:12140
- C:\Windows\System\dbkHVHZ.exe
  C:\Windows\System\dbkHVHZ.exe
  2⤵
  PID:12236
- C:\Windows\System\GyDaVzp.exe
  C:\Windows\System\GyDaVzp.exe
  2⤵
  PID:10780
- C:\Windows\System\qvLsxEK.exe
  C:\Windows\System\qvLsxEK.exe
  2⤵
  PID:11428
- C:\Windows\System\LlvpSDL.exe
  C:\Windows\System\LlvpSDL.exe
  2⤵
  PID:11564
- C:\Windows\System\tVrGlJu.exe
  C:\Windows\System\tVrGlJu.exe
  2⤵
  PID:11704
- C:\Windows\System\aSPSNaN.exe
  C:\Windows\System\aSPSNaN.exe
  2⤵
  PID:11872
- C:\Windows\System\ydFNKIw.exe
  C:\Windows\System\ydFNKIw.exe
  2⤵
  PID:11976
- C:\Windows\System\UesgOmp.exe
  C:\Windows\System\UesgOmp.exe
  2⤵
  PID:12180
- C:\Windows\System\tvKXfRC.exe
  C:\Windows\System\tvKXfRC.exe
  2⤵
  PID:12260
- C:\Windows\System\eUFaRfi.exe
  C:\Windows\System\eUFaRfi.exe
  2⤵
  PID:11160
- C:\Windows\System\feKKaxu.exe
  C:\Windows\System\feKKaxu.exe
  2⤵
  PID:11956
- C:\Windows\System\mItoGFk.exe
  C:\Windows\System\mItoGFk.exe
  2⤵
  PID:12064
- C:\Windows\System\enKbqIs.exe
  C:\Windows\System\enKbqIs.exe
  2⤵
  PID:11728
- C:\Windows\System\TjFPKvU.exe
  C:\Windows\System\TjFPKvU.exe
  2⤵
  PID:12292
- C:\Windows\System\nNAyGay.exe
  C:\Windows\System\nNAyGay.exe
  2⤵
  PID:12328
- C:\Windows\System\hegnTRo.exe
  C:\Windows\System\hegnTRo.exe
  2⤵
  PID:12360
- C:\Windows\System\rFHtFXe.exe
  C:\Windows\System\rFHtFXe.exe
  2⤵
  PID:12392
- C:\Windows\System\bxdAQQf.exe
  C:\Windows\System\bxdAQQf.exe
  2⤵
  PID:12424
- C:\Windows\System\DftOUXz.exe
  C:\Windows\System\DftOUXz.exe
  2⤵
  PID:12452
- C:\Windows\System\EkdRaWN.exe
  C:\Windows\System\EkdRaWN.exe
  2⤵
  PID:12476
- C:\Windows\System\MOQggjP.exe
  C:\Windows\System\MOQggjP.exe
  2⤵
  PID:12504
- C:\Windows\System\uTkgeSY.exe
  C:\Windows\System\uTkgeSY.exe
  2⤵
  PID:12532
- C:\Windows\System\lKlrdeZ.exe
  C:\Windows\System\lKlrdeZ.exe
  2⤵
  PID:12564
- C:\Windows\System\lDHnsgc.exe
  C:\Windows\System\lDHnsgc.exe
  2⤵
  PID:12596
- C:\Windows\System\FxAhUXQ.exe
  C:\Windows\System\FxAhUXQ.exe
  2⤵
  PID:12628
- C:\Windows\System\INZOPRB.exe
  C:\Windows\System\INZOPRB.exe
  2⤵
  PID:12648
- C:\Windows\System\LaAHjTt.exe
  C:\Windows\System\LaAHjTt.exe
  2⤵
  PID:12684
- C:\Windows\System\gPiSdvo.exe
  C:\Windows\System\gPiSdvo.exe
  2⤵
  PID:12716
- C:\Windows\System\blmZEei.exe
  C:\Windows\System\blmZEei.exe
  2⤵
  PID:12744
- C:\Windows\System\PsRAESa.exe
  C:\Windows\System\PsRAESa.exe
  2⤵
  PID:12768
- C:\Windows\System\Owxvdru.exe
  C:\Windows\System\Owxvdru.exe
  2⤵
  PID:12800
- C:\Windows\System\VseJKdb.exe
  C:\Windows\System\VseJKdb.exe
  2⤵
  PID:12824
- C:\Windows\System\NupMorf.exe
  C:\Windows\System\NupMorf.exe
  2⤵
  PID:12848
- C:\Windows\System\zvMXtNn.exe
  C:\Windows\System\zvMXtNn.exe
  2⤵
  PID:12864
- C:\Windows\System\msKXzCS.exe
  C:\Windows\System\msKXzCS.exe
  2⤵
  PID:12904
- C:\Windows\System\azpiWUY.exe
  C:\Windows\System\azpiWUY.exe
  2⤵
  PID:12928
- C:\Windows\System\DRkBLnn.exe
  C:\Windows\System\DRkBLnn.exe
  2⤵
  PID:12948
- C:\Windows\System\LvzMtCL.exe
  C:\Windows\System\LvzMtCL.exe
  2⤵
  PID:12984
- C:\Windows\System\OsjOBOA.exe
  C:\Windows\System\OsjOBOA.exe
  2⤵
  PID:13004
- C:\Windows\System\afqFhGz.exe
  C:\Windows\System\afqFhGz.exe
  2⤵
  PID:13032
- C:\Windows\System\ZozVDCj.exe
  C:\Windows\System\ZozVDCj.exe
  2⤵
  PID:13064
- C:\Windows\System\JlXhxPW.exe
  C:\Windows\System\JlXhxPW.exe
  2⤵
  PID:13100
- C:\Windows\System\gkWtqcr.exe
  C:\Windows\System\gkWtqcr.exe
  2⤵
  PID:13136
- C:\Windows\System\HxIWqYL.exe
  C:\Windows\System\HxIWqYL.exe
  2⤵
  PID:13168
- C:\Windows\System\jYZumyO.exe
  C:\Windows\System\jYZumyO.exe
  2⤵
  PID:13184
- C:\Windows\System\RXhuomZ.exe
  C:\Windows\System\RXhuomZ.exe
  2⤵
  PID:13200
- C:\Windows\System\wFZGSJy.exe
  C:\Windows\System\wFZGSJy.exe
  2⤵
  PID:13224
- C:\Windows\System\dRKXynV.exe
  C:\Windows\System\dRKXynV.exe
  2⤵
  PID:13248
- C:\Windows\System\fsHnyED.exe
  C:\Windows\System\fsHnyED.exe
  2⤵
  PID:13284
- C:\Windows\System\JDZXves.exe
  C:\Windows\System\JDZXves.exe
  2⤵
  PID:11536
- C:\Windows\System\DkMxPWW.exe
  C:\Windows\System\DkMxPWW.exe
  2⤵
  PID:12312
- C:\Windows\System\uCArzrC.exe
  C:\Windows\System\uCArzrC.exe
  2⤵
  PID:12400
- C:\Windows\System\xlcVSzd.exe
  C:\Windows\System\xlcVSzd.exe
  2⤵
  PID:12472
- C:\Windows\System\gkWdEBD.exe
  C:\Windows\System\gkWdEBD.exe
  2⤵
  PID:12548
- C:\Windows\System\ryEDzDk.exe
  C:\Windows\System\ryEDzDk.exe
  2⤵
  PID:12588
- C:\Windows\System\dQgsmpA.exe
  C:\Windows\System\dQgsmpA.exe
  2⤵
  PID:3808
- C:\Windows\System\EvfSZky.exe
  C:\Windows\System\EvfSZky.exe
  2⤵
  PID:12732
- C:\Windows\System\zSAGnBe.exe
  C:\Windows\System\zSAGnBe.exe
  2⤵
  PID:12808
- C:\Windows\System\RfKmKln.exe
  C:\Windows\System\RfKmKln.exe
  2⤵
  PID:12856
- C:\Windows\System\RPrQZYQ.exe
  C:\Windows\System\RPrQZYQ.exe
  2⤵
  PID:12976
- C:\Windows\System\nrHYXdO.exe
  C:\Windows\System\nrHYXdO.exe
  2⤵
  PID:13024
- C:\Windows\System\hsOQBqP.exe
  C:\Windows\System\hsOQBqP.exe
  2⤵
  PID:13092
- C:\Windows\System\VoWEBcC.exe
  C:\Windows\System\VoWEBcC.exe
  2⤵
  PID:13148
- C:\Windows\System\tbgJAQF.exe
  C:\Windows\System\tbgJAQF.exe
  2⤵
  PID:13176
- C:\Windows\System\simdZZX.exe
  C:\Windows\System\simdZZX.exe
  2⤵
  PID:13272
- C:\Windows\System\RgjLemV.exe
  C:\Windows\System\RgjLemV.exe
  2⤵
  PID:12324
- C:\Windows\System\WthwNUE.exe
  C:\Windows\System\WthwNUE.exe
  2⤵
  PID:12444
- C:\Windows\System\bmiOzHV.exe
  C:\Windows\System\bmiOzHV.exe
  2⤵
  PID:12544
- C:\Windows\System\HSCgRWP.exe
  C:\Windows\System\HSCgRWP.exe
  2⤵
  PID:12756
- C:\Windows\System\eytrFMe.exe
  C:\Windows\System\eytrFMe.exe
  2⤵
  PID:12832
- C:\Windows\System\KoWjePJ.exe
  C:\Windows\System\KoWjePJ.exe
  2⤵
  PID:12960
- C:\Windows\System\ZRuHsVz.exe
  C:\Windows\System\ZRuHsVz.exe
  2⤵
  PID:13080
- C:\Windows\System\ZQhCPty.exe
  C:\Windows\System\ZQhCPty.exe
  2⤵
  PID:13268
- C:\Windows\System\ppWCglq.exe
  C:\Windows\System\ppWCglq.exe
  2⤵
  PID:12496
- C:\Windows\System\juBunEU.exe
  C:\Windows\System\juBunEU.exe
  2⤵
  PID:12712
- C:\Windows\System\gwOxXNA.exe
  C:\Windows\System\gwOxXNA.exe
  2⤵
  PID:13196
- C:\Windows\System\PrGCxEt.exe
  C:\Windows\System\PrGCxEt.exe
  2⤵
  PID:13056
- C:\Windows\System\nnRybGK.exe
  C:\Windows\System\nnRybGK.exe
  2⤵
  PID:13324
- C:\Windows\System\bTqWXcb.exe
  C:\Windows\System\bTqWXcb.exe
  2⤵
  PID:13348
- C:\Windows\System\fiiJIQZ.exe
  C:\Windows\System\fiiJIQZ.exe
  2⤵
  PID:13384
- C:\Windows\System\aPFswUU.exe
  C:\Windows\System\aPFswUU.exe
  2⤵
  PID:13424
- C:\Windows\System\yOKGRyy.exe
  C:\Windows\System\yOKGRyy.exe
  2⤵
  PID:13448
- C:\Windows\System\NftvFWK.exe
  C:\Windows\System\NftvFWK.exe
  2⤵
  PID:13476
- C:\Windows\System\DaYrKfy.exe
  C:\Windows\System\DaYrKfy.exe
  2⤵
  PID:13492
- C:\Windows\System\JeWIhyo.exe
  C:\Windows\System\JeWIhyo.exe
  2⤵
  PID:13516
- C:\Windows\System\OgPRhOV.exe
  C:\Windows\System\OgPRhOV.exe
  2⤵
  PID:13548
- C:\Windows\System\HKBSqzs.exe
  C:\Windows\System\HKBSqzs.exe
  2⤵
  PID:13572
- C:\Windows\System\hlBFoTA.exe
  C:\Windows\System\hlBFoTA.exe
  2⤵
  PID:13600
- C:\Windows\System\LutvjjQ.exe
  C:\Windows\System\LutvjjQ.exe
  2⤵
  PID:13620
- C:\Windows\System\fglGUlr.exe
  C:\Windows\System\fglGUlr.exe
  2⤵
  PID:13636
- C:\Windows\System\DfMfvvb.exe
  C:\Windows\System\DfMfvvb.exe
  2⤵
  PID:13684
- C:\Windows\System\XGZNkWM.exe
  C:\Windows\System\XGZNkWM.exe
  2⤵
  PID:13720
- C:\Windows\System\CMUGMdk.exe
  C:\Windows\System\CMUGMdk.exe
  2⤵
  PID:13736
- C:\Windows\System\ToxSrGy.exe
  C:\Windows\System\ToxSrGy.exe
  2⤵
  PID:13756
- C:\Windows\System\geomjtE.exe
  C:\Windows\System\geomjtE.exe
  2⤵
  PID:13784
- C:\Windows\System\PvgVRBi.exe
  C:\Windows\System\PvgVRBi.exe
  2⤵
  PID:13820
- C:\Windows\System\WAySEox.exe
  C:\Windows\System\WAySEox.exe
  2⤵
  PID:13856
- C:\Windows\System\BNoenrn.exe
  C:\Windows\System\BNoenrn.exe
  2⤵
  PID:13884
- C:\Windows\System\UgjnCKr.exe
  C:\Windows\System\UgjnCKr.exe
  2⤵
  PID:13912
- C:\Windows\System\SYlihSt.exe
  C:\Windows\System\SYlihSt.exe
  2⤵
  PID:13944
- C:\Windows\System\kAqYbHH.exe
  C:\Windows\System\kAqYbHH.exe
  2⤵
  PID:13976
- C:\Windows\System\PKqmqVF.exe
  C:\Windows\System\PKqmqVF.exe
  2⤵
  PID:14012
- C:\Windows\System\NyUGdVq.exe
  C:\Windows\System\NyUGdVq.exe
  2⤵
  PID:14028
- C:\Windows\System\rilHMHz.exe
  C:\Windows\System\rilHMHz.exe
  2⤵
  PID:14056
- C:\Windows\System\qvkchnJ.exe
  C:\Windows\System\qvkchnJ.exe
  2⤵
  PID:14088
- C:\Windows\System\tnyUaeV.exe
  C:\Windows\System\tnyUaeV.exe
  2⤵
  PID:14108
- C:\Windows\System\PXujMcr.exe
  C:\Windows\System\PXujMcr.exe
  2⤵
  PID:14148
- C:\Windows\System\gpBNTcA.exe
  C:\Windows\System\gpBNTcA.exe
  2⤵
  PID:14184
- C:\Windows\System\ochfaLo.exe
  C:\Windows\System\ochfaLo.exe
  2⤵
  PID:14212
- C:\Windows\System\StvdoYK.exe
  C:\Windows\System\StvdoYK.exe
  2⤵
  PID:14240
- C:\Windows\System\NsRuxJS.exe
  C:\Windows\System\NsRuxJS.exe
  2⤵
  PID:14264
- C:\Windows\System\RmqsGxG.exe
  C:\Windows\System\RmqsGxG.exe
  2⤵
  PID:14284
- C:\Windows\System\xFFTVMV.exe
  C:\Windows\System\xFFTVMV.exe
  2⤵
  PID:14320
- C:\Windows\System\jvSPYUQ.exe
  C:\Windows\System\jvSPYUQ.exe
  2⤵
  PID:13344
- C:\Windows\System\rGTqXwk.exe
  C:\Windows\System\rGTqXwk.exe
  2⤵
  PID:13364
- C:\Windows\System\iphwUmt.exe
  C:\Windows\System\iphwUmt.exe
  2⤵
  PID:13460
- C:\Windows\System\gNQlFdm.exe
  C:\Windows\System\gNQlFdm.exe
  2⤵
  PID:13508
- C:\Windows\System\FslrlqN.exe
  C:\Windows\System\FslrlqN.exe
  2⤵
  PID:13556
- C:\Windows\System\QpvTYDs.exe
  C:\Windows\System\QpvTYDs.exe
  2⤵
  PID:13588
- C:\Windows\System\RuiIjxK.exe
  C:\Windows\System\RuiIjxK.exe
  2⤵
  PID:13592
- C:\Windows\System\HRiHbCA.exe
  C:\Windows\System\HRiHbCA.exe
  2⤵
  PID:13664
- C:\Windows\System\SSudWKP.exe
  C:\Windows\System\SSudWKP.exe
  2⤵
  PID:13744
- C:\Windows\System\egbsHKq.exe
  C:\Windows\System\egbsHKq.exe
  2⤵
  PID:13836
- C:\Windows\System\etFlITo.exe
  C:\Windows\System\etFlITo.exe
  2⤵
  PID:13848
- C:\Windows\System\WqOvtdq.exe
  C:\Windows\System\WqOvtdq.exe
  2⤵
  PID:13900
- C:\Windows\System\rKgmvlr.exe
  C:\Windows\System\rKgmvlr.exe
  2⤵
  PID:14000
- C:\Windows\System\XuHqwMK.exe
  C:\Windows\System\XuHqwMK.exe
  2⤵
  PID:14020
- C:\Windows\System\uwZZWgM.exe
  C:\Windows\System\uwZZWgM.exe
  2⤵
  PID:14100
- C:\Windows\System\UnqsBGy.exe
  C:\Windows\System\UnqsBGy.exe
  2⤵
  PID:14140
- C:\Windows\System\WtPvPQy.exe
  C:\Windows\System\WtPvPQy.exe
  2⤵
  PID:14260
- C:\Windows\System\COkRUPV.exe
  C:\Windows\System\COkRUPV.exe
  2⤵
  PID:12368
- C:\Windows\System\QMgiYGx.exe
  C:\Windows\System\QMgiYGx.exe
  2⤵
  PID:13400
- C:\Windows\System\WfnHgFj.exe
  C:\Windows\System\WfnHgFj.exe
  2⤵
  PID:4760
- C:\Windows\System\ClADbBp.exe
  C:\Windows\System\ClADbBp.exe
  2⤵
  PID:13628
- C:\Windows\System\fNGVJaM.exe
  C:\Windows\System\fNGVJaM.exe
  2⤵
  PID:13896
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13896 -s 252
    3⤵
    PID:1848

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfWJcbV.exe

Filesize
2.6MB

MD5
3da3bb46f5bc65762a64774e7d2b0b50

SHA1
73a66b839e5953d5f179971d20f0af93bbb33d27

SHA256
795cb7110cd9822f1a4bbaf4a8b214c8bc8b04648d3731625eb481f377da1346

SHA512
1efdf49d9591479c7f3e0926c357085b197ba2bdcc2531f9e654b1cdf727a56cda202345051452db9b14796380e3a5de23c486d51b20f6b375ab8661f719dcd1

Download Submit
C:\Windows\System\Afuizwa.exe

Filesize
2.6MB

MD5
74ca5ba33637bfce419eaedbfb8afb97

SHA1
ce42eb3c6db9cedaddd4a039bf4ca1ab06a97b00

SHA256
7a5330ba29ba1bb831deac7ac24df6dae4e6f5adfed58d79bcbd963db47349b7

SHA512
fa7568e2e77431a096fa68250d56e0e1291244078db2d22d21c95114a4a6e51a4d69ec4c3ce0f01759378e05a65f68fd6330d91dc0d91bbbf90150d72e97539b

Download Submit
C:\Windows\System\DGmwtgn.exe

Filesize
2.6MB

MD5
12caa742a480aea03704f35d4be4d1f2

SHA1
2b30e1ca55371fc6e2d508daf44f76fca7f4a0ad

SHA256
b8c3d1f4fd12ecac8cab198050e384763de009e9bf0cd88c00d429ac995ff326

SHA512
ab8afce841a57d87127ab9387323cd8dafb3a7b64edd72ffa91d044cfd71889dd557c36ee50783d67cdc9a07dbbc8cce4f7b60a8a393aefee48c891f937310b8

Download Submit
C:\Windows\System\DpklneR.exe

Filesize
2.6MB

MD5
8f2a304ea1a498b9c694f1ef9f08829d

SHA1
a36bc059dc0d9a88ace8fed6c15b15db66d0ad77

SHA256
6babfc539353811f142f138e467eba47463d92ca8821036aea77f271ddced171

SHA512
3650d24996ba6397f90d6d972d27f14bfd7d947b154f2351dc2b73ff427b028180651b0488054adb2a1507bdc4b2b9e2c8a12a59970b87b91d3d8b104f2ac214

Download Submit
C:\Windows\System\ERJsktT.exe

Filesize
2.6MB

MD5
fa406942f107b28333ed9dfb50babd21

SHA1
fe92ff9653ebc423ad3d948aeed9785e5b6fe5d4

SHA256
b3419b33112c86ddf91e7580a49e2b15a183142915ae503dd5d7627d68de2d90

SHA512
1664c4c0d86f567feb9f8c18eb0e7141c85bdf79bf86c7971ab2679144498caadb19e396f6624d9f9a90e5599d0276abf7b77eb357de4e9775b747c862f314ee

Download Submit
C:\Windows\System\EzFEHrr.exe

Filesize
2.6MB

MD5
168d64a91f179798a768280c07f00fb7

SHA1
9b2599fccad2f85e5d4c6b13a7ee0dbfe46bf51c

SHA256
ce5566c0fbd60cb16ef250b1b7d064d323ccd8ad097a95d560836595fb6644df

SHA512
3064639f5dca459bbe97ed59b0051d946af62124610434456c2c416961613efdc615191639f43858435db6bcbf0b9b654a5bda88d97b07ec56569dd93993b85c

Download Submit
C:\Windows\System\FZjXOfq.exe

Filesize
2.6MB

MD5
140afd917c5f4cb114e7ab076b5c260a

SHA1
4b26d9cbcdf7d72e8c17f0b66cc4144def61a131

SHA256
41dd2e2637c4cd9d44e542985d289f5030b8fede937621ddf12353da0f9f906f

SHA512
2400175dada7a9f426241cb876bbfebf6c5fdd53ec3dc2905b82450dad7e1a935723c671eb87bb2d0c0ff2fb5e547bc6600bfef50cf0d207943b9de8f395db82

Download Submit
C:\Windows\System\GACGZRu.exe

Filesize
2.6MB

MD5
b74f7c92929e96df89c3fa2608a453bc

SHA1
27fad232359bb402eb6cd89c076ada11fbe1dd30

SHA256
622cc06d09a9c40965027c7995b3ad177ec4de16c1f31a5b25c10bb5d2cfdc60

SHA512
3b01bfe5ddd4891723ebee5e3810e25ba84f49049576875872bd4250842c4950e4caa1b885f107e0781ddd17340882ca91167619fa5f78b4eb2b3063b9b52b72

Download Submit
C:\Windows\System\GwGpSyo.exe

Filesize
2.6MB

MD5
c288de92a9c3fbc4edab978471f90156

SHA1
2734465562ffa96689e7f23c017c138ea4c687f4

SHA256
0f785c162910ce0b8c30ad7d8704d48b70269143fdc9f6e12bab8b03b64d4773

SHA512
7f204ae22078e5168c8c81668a1c50a700f4d190384749c22afeb4c6cf2d06158d46ab4565ad0efcf9cc490a0711d0229fc563571d8e506ad930ae63d54fc1bb

Download Submit
C:\Windows\System\KBTlZlj.exe

Filesize
2.6MB

MD5
a9be2909350625e6e277c0efd0bcf8d1

SHA1
1ba24780a50a1c30a11da423eb6ec2c8fb0f5aaa

SHA256
a47265c202e0a472cff5e9ecbd93dea4141001e853f13d3afb75f70e08fc0ffa

SHA512
d2a8d106cf6a435b4679dcbdd289a80d687442e5afc6fe25b5d2d7dee308c0e61a8a66d4c0b24eb650a0ad05a7ebe1c67f04520f21a2b9c3b3644aa717b5ccd1

Download Submit
C:\Windows\System\KLRwabv.exe

Filesize
2.6MB

MD5
a1ef93dd4f3674c3cac6f6925abdfc97

SHA1
eb78b74dbdbc19ea4f0989c5f32ed4304e427116

SHA256
b5e34dc682a570e35ea364c42c4510aa73f9b65d4a3529f210fc161782b662b7

SHA512
90ad4d9c18b191862201eec12bc8a6b0b15a696eddc9a1c0c94fdece08b69012687d1d828c6b7582478f03162ff6022aaae622fe64809538e96b0532a5a1acbd

Download Submit
C:\Windows\System\MYuZaQg.exe

Filesize
2.6MB

MD5
bd2069fac1452f3888948b2799cbb973

SHA1
ee54214c1839808140c0f2d317403c7503ee4f0f

SHA256
ddd335ed923f77b1cc98988f5db983e3245ce284fc217cf71893131280c38644

SHA512
a99e3ab773e18fc60e3e76b68daa125614db7e5ec1a8e87bb55633ad9c72380c6fe76db9810e74339162f45d9f72dcc5066d397b354b098a36501831d7f0419f

Download Submit
C:\Windows\System\NxeMxFw.exe

Filesize
2.6MB

MD5
d5a226e5a61fc7b69486777b02fc0651

SHA1
3571046437d9c5cee1807ecc28086126521572e2

SHA256
a03b090bd146fc265e1757045e04d0dc8d3cabc3cacedea2003a4d47a850c746

SHA512
5fa35cdb5ab703a7703049fe934c9c778e2cac1ab7b53102529d26543dd8fe89b014abf74f4e53d2b0a2b181f3f92b990001c9e2dc55cf6a84a6b39c3ba739da

Download Submit
C:\Windows\System\NyfKRGB.exe

Filesize
2.6MB

MD5
fa0381bb78d4c8cf3b45c15b7c17cc15

SHA1
3992940d6e07720b97ba0d672b37bb6232671c12

SHA256
75c73168f959b0ce46c07bdc9cdecf76828d0a514498f25af2bb39a7bc8c4a4e

SHA512
0bcccb20d1acc6e15738228e5c2c871955f1d9c970cb4958504c74d4d857d637240b2a51d86a59bfa1098fdc1c8df947869c8376e6a5dddca37335e200eeb950

Download Submit
C:\Windows\System\OfxWqQA.exe

Filesize
2.6MB

MD5
1cc776a9dda2f156c4f37a4e3dfad258

SHA1
3296cf60af8f89af701d99fc7254887b71f1e561

SHA256
19917082d40055a3cb23564ce425de24e524bd7cfeada09d5377023ea5c826db

SHA512
ccd68b5765dadd8f5de8f1e147f18667d030b011e14954cb09521a0ec535b0c04a6d5779af98ab52710113f64281a8c8d5d39a66782824baf092250567ea1b6a

Download Submit
C:\Windows\System\PIjAcMF.exe

Filesize
2.6MB

MD5
ef6bf9cd4320fac9fbbdec046d44e705

SHA1
525c3b1990c4c1fe24856d7568942700d10130ac

SHA256
755495350e999e22c4fc4ba204ec51bf301460b411075a3a6f285451f4c402c2

SHA512
8d33e6d3166daaf59c94355d77d2f67e6030c6eb518f1a7a087d18aa81be8edd6cba59f036953939d45a0c70d48857b5c6aef42f4dffc2afab5ff7837864a696

Download Submit
C:\Windows\System\PXlHVeI.exe

Filesize
2.6MB

MD5
fe22712c46025513177d78393937e2b2

SHA1
d1f9f0b9211a18d70d2d3290bea5eee9747dd8b5

SHA256
b4ccb7b8e59b480d60c81a48aa7f6435402343731ec8e604167c75fb4e79c16b

SHA512
9b7e0a531161914311733f78147e8a5cd5154d1eaec88038f40a26d4f6cd46c4d13e15f57032626255d34c8f1a6fcd4d355daf659ea2f1f11eeec67d36e735e5

Download Submit
C:\Windows\System\RrIipUs.exe

Filesize
2.6MB

MD5
a6561d2e3751eea24fb9e8626c2fca3e

SHA1
a2599da2ecfc4801e5f2eaa4508ec8066e3081f8

SHA256
9f1584542f693924829a578fb0d95acecddde438aff1974116c7b8aae8002951

SHA512
a2429621b7f1ca8c557f38c2ac748f829ad9404e12ba0f66ba5864b897be9ee60dc0f2ea30b88e37215fd2421fe36443ea1db9033771e3b03b674a6a23d4ee67

Download Submit
C:\Windows\System\XxusmBC.exe

Filesize
2.6MB

MD5
4146dd72d08e543bb021bda9673dcf5b

SHA1
59312b27741af574c8a67156cdba674a91a09e03

SHA256
3c492f037bcc37b058050ab58e023056edbb85e8bfcc122b48d72376d5d173fd

SHA512
c1e3d2384169dbabb0c389d42cbbc001075bcf1cba1e2648d9ef6342fe61e6034235e2abe3b1db244229c4c9537c2196ba9233f327d13d30a315dc880be3878f

Download Submit
C:\Windows\System\bNOlQmd.exe

Filesize
2.6MB

MD5
e89f0f397dc002e0f149af2d5fb54d87

SHA1
dddbc2638d101189f0d6f157419d4f93d0d07e3f

SHA256
0f7ea535f5694c3e1460b63ac3bfaf8ad7499e35e6f07a818b375cc9421886f3

SHA512
3307f3fcc7c2f60198b2eb1e0c36a85d2df1f1c23d23fdf8cc9b62d9a1a57cebb910a68f5e0bc90c65fe884ebec84740c9b05e04b7a6f64030fd820537cf668b

Download Submit
C:\Windows\System\dsmqqzd.exe

Filesize
2.6MB

MD5
e6945c3c1c544f8aee254b5984b17cc2

SHA1
c82fb4e1b99659984414c649fbc80fabf4d7117e

SHA256
bb2893423b69c7d054dad9867514b7e2c7bebdde426568f9bb4e06413acab0b2

SHA512
716c00424071f0a7da317f8dc5ef42459020544bf42728bd3a5401f0b8150df8e1722659ba0ff9045b70829ae2dbb8c9ff041584ac488dfef834073efce54c6e

Download Submit
C:\Windows\System\efMIDcs.exe

Filesize
2.6MB

MD5
d5c802d761a1253f37d831e9b47810f6

SHA1
cd360ce27710f579310ff9488cd6b6fd5161c3cc

SHA256
6eb9a4e94666350e2c10d32edd5a4cf83463e0f96ec318070ef4bfe78d48e72d

SHA512
61c4ec72133350d89379509dbe2bd32959d3a77ba0741c822e86e200a914ee14b93185cea04d2f40dca1df654083601a8a2952d685cabf8a3f1f8e46c46efb90

Download Submit
C:\Windows\System\fEEAkgb.exe

Filesize
2.6MB

MD5
c08e98f088b0459f4c2a4315b92259da

SHA1
0cb4748c37b9ac8066d7e6f121ad8ea03788fdb0

SHA256
54efadfa20c09a262f4e06b862db25dbe383b42b24b13496ee79134df2e89987

SHA512
7d1b92931dfa29100365112362e67c044d917ab99ccbcf6896d210d4af9b21d279ac34c3583b7b028ef1b974eeb6e768991127fa1df5d7a305af1d4c16b00a87

Download Submit
C:\Windows\System\jRIvDHM.exe

Filesize
2.6MB

MD5
7a2ff72aa111d20d2f4c3b34cc2f750b

SHA1
a5a8c9149538cadc0b2e117e790749ac69dc37c9

SHA256
11a7eaabd5e5879093f5ba137aeb5842a21986a503651daa8511c2dea997d025

SHA512
e7c10e8593d798a12e53646ccdf1fc8102d7cf541d20314953bdec5d597caa3e049972c5e9b4c392b5b1be400c06500190890e81f0d1d5f2b99f971b326b7fe5

Download Submit
C:\Windows\System\lvGzNLV.exe

Filesize
2.6MB

MD5
bcb1d5389f6f2159cc2383a96e108867

SHA1
3dbeec709d1964544e2569d1bbfea613aebe523a

SHA256
537010443e1dfc9e7fcd72afdbcef656a54a7b49716bb29eef93f0302d98c1c0

SHA512
72799b3aa83fba5c292c1a0f03859d15b77ff7cb6720673219aa6d07345bd6eab8fc13f3369f1698b1fe94134403ffbe6d8aa87044d18fff817311c6a0b5a706

Download Submit
C:\Windows\System\oKDHebO.exe

Filesize
2.6MB

MD5
5d39df97e3f62cd548746caa79edada2

SHA1
2a6b19130b256f4d30d5c0086041d19c4a07deff

SHA256
ca3f1f3dca2281fead834daeec0fe0f5c47479f1fce83847a798c8605894a20b

SHA512
ce32e5aa7feea37bec8a45b51a0f0c58eb54230d4dddc8c1053deeb30a46be6eb45e7bbbf4f018fdc29e94bb411a5367820b3c961bf83b10a2c0ef65754aa006

Download Submit
C:\Windows\System\ovzKWuz.exe

Filesize
2.6MB

MD5
8d30111a3dc15c815288481588928097

SHA1
aa77ef9606c63acf6a33a748a4110d0aca7ce28c

SHA256
784657ba5610b09ffb0685a35e8614e3112367cd03c62158c31e313fb941e2fd

SHA512
4a58352ca0db4c605d5d3cdf2f385cc9bff50b23da313647afaebcaf6125b528f8366972a3e4d771b5fee3f440ef81803f625f99927e8e99648116855e51468f

Download Submit
C:\Windows\System\pVEIBOO.exe

Filesize
2.6MB

MD5
91566f74d454b0d9b05f877a2a690f7f

SHA1
074cfd9cfdc441748b4887bd3655e33e0540a2c4

SHA256
bebfedad680f143d6db912db92220ebb71a50be9cbaf2f0f61ed99e94a2aa7c0

SHA512
9b6edc1a80766d05220cca49dd51fabb6ec412813a70418450397d31604430fcd6f8db594d1d80a6c79270f1cbd4dccdf3d647e8ca3eb16a882b66c7b3ee9024

Download Submit
C:\Windows\System\rigtfSE.exe

Filesize
2.6MB

MD5
b165c22d6d9057960627d0a101987e75

SHA1
b3b130a5ff870ac7054b0291feda4892859fa1b6

SHA256
2d764fa7f347ff053d73a822dff0be691b6aa444962bd83ad962148181f919c7

SHA512
a893142f76fc2f483a290eb433faae872409c06be36716cf100d9f122bfa214cb82b8c33417a385540bd487fb69aef200b3d6980ec1a5f8ef34311fdeb2ef831

Download Submit
C:\Windows\System\svLVIHT.exe

Filesize
2.6MB

MD5
9862745d8db5961cefc97d2d0a2729f9

SHA1
f1196de1305c9d72c10702de55d7d2dcbb828831

SHA256
cfea71c7fc40d0e8555c28c6c943ab0e83deb8b98e44e82346fec31b2fb5c49b

SHA512
fea484b697879b51a4e9eb202949c3c35e5013d5ae0f45da9e1dc91a3936f5090ac4f2a0ae4e7c1fedec33dfd68f3a31ae28c57fa40e03069c680b8d7eceeee1

Download Submit
C:\Windows\System\vHjcHBM.exe

Filesize
2.6MB

MD5
48e059dae57987e3bcda8807da3e1062

SHA1
e65ce54535dd53727dc3f0a07f25f04dbda02de7

SHA256
8efac5c2ae00ce2750989116ee2fb8ce066794cb667384deeb72aad5c024dff9

SHA512
fd9e5e388d9ed7fef503fb86471218f4f52419e4d75c064d54e41597f23d9a9f5b460f12a23bf7ff4bcac7fd9e22e83fdc93b6f8961d6233c39c878f4c4eca11

Download Submit
C:\Windows\System\xnGXOwW.exe

Filesize
2.6MB

MD5
13378da6d6d8d88ce35287beebe80c1d

SHA1
59646fed36c58749beff197729c982e6372f037a

SHA256
5ee9a3d7156856a8767701f67c6fa9f2d23cb931303ca69c72cfd20e68ce2420

SHA512
34cf6bd4840fbf1c5c7ce10d654250e57bc5c64a1914a58c5537424365f050a680a26d2fcb4cdf309d289f1e12057947ca05a21a9a25ff3115749197e5ae2491

Download Submit
memory/320-185-0x00007FF65CDB0000-0x00007FF65D104000-memory.dmp

Filesize
3.3MB

Download
memory/320-2145-0x00007FF65CDB0000-0x00007FF65D104000-memory.dmp

Filesize
3.3MB

Download
memory/400-181-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp

Filesize
3.3MB

Download
memory/400-2146-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp

Filesize
3.3MB

Download
memory/636-2140-0x00007FF649090000-0x00007FF6493E4000-memory.dmp

Filesize
3.3MB

Download
memory/636-27-0x00007FF649090000-0x00007FF6493E4000-memory.dmp

Filesize
3.3MB

Download
memory/636-2128-0x00007FF649090000-0x00007FF6493E4000-memory.dmp

Filesize
3.3MB

Download
memory/816-40-0x00007FF642950000-0x00007FF642CA4000-memory.dmp

Filesize
3.3MB

Download
memory/816-2130-0x00007FF642950000-0x00007FF642CA4000-memory.dmp

Filesize
3.3MB

Download
memory/816-2139-0x00007FF642950000-0x00007FF642CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1184-189-0x00007FF6692C0000-0x00007FF669614000-memory.dmp

Filesize
3.3MB

Download
memory/1184-2161-0x00007FF6692C0000-0x00007FF669614000-memory.dmp

Filesize
3.3MB

Download
memory/1740-2151-0x00007FF7FB060000-0x00007FF7FB3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-182-0x00007FF7FB060000-0x00007FF7FB3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2155-0x00007FF794750000-0x00007FF794AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-176-0x00007FF794750000-0x00007FF794AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2020-149-0x00007FF6B5270000-0x00007FF6B55C4000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2154-0x00007FF6B5270000-0x00007FF6B55C4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2132-0x00007FF714A40000-0x00007FF714D94000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2158-0x00007FF714A40000-0x00007FF714D94000-memory.dmp

Filesize
3.3MB

Download
memory/2152-62-0x00007FF714A40000-0x00007FF714D94000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2144-0x00007FF735B60000-0x00007FF735EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-186-0x00007FF735B60000-0x00007FF735EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-191-0x00007FF6CCA60000-0x00007FF6CCDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2147-0x00007FF6CCA60000-0x00007FF6CCDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2137-0x00007FF74E7A0000-0x00007FF74EAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-11-0x00007FF74E7A0000-0x00007FF74EAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2142-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-25-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2127-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-184-0x00007FF6ED200000-0x00007FF6ED554000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2149-0x00007FF6ED200000-0x00007FF6ED554000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2164-0x00007FF74F040000-0x00007FF74F394000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2133-0x00007FF74F040000-0x00007FF74F394000-memory.dmp

Filesize
3.3MB

Download
memory/3032-91-0x00007FF74F040000-0x00007FF74F394000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2141-0x00007FF7B8D10000-0x00007FF7B9064000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2129-0x00007FF7B8D10000-0x00007FF7B9064000-memory.dmp

Filesize
3.3MB

Download
memory/3076-33-0x00007FF7B8D10000-0x00007FF7B9064000-memory.dmp

Filesize
3.3MB

Download
memory/3400-2165-0x00007FF609A30000-0x00007FF609D84000-memory.dmp

Filesize
3.3MB

Download
memory/3400-180-0x00007FF609A30000-0x00007FF609D84000-memory.dmp

Filesize
3.3MB

Download
memory/3428-2156-0x00007FF6E92D0000-0x00007FF6E9624000-memory.dmp

Filesize
3.3MB

Download
memory/3428-188-0x00007FF6E92D0000-0x00007FF6E9624000-memory.dmp

Filesize
3.3MB

Download
memory/3468-173-0x00007FF612AE0000-0x00007FF612E34000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2153-0x00007FF612AE0000-0x00007FF612E34000-memory.dmp

Filesize
3.3MB

Download
memory/3580-163-0x00007FF609EC0000-0x00007FF60A214000-memory.dmp

Filesize
3.3MB

Download
memory/3580-2152-0x00007FF609EC0000-0x00007FF60A214000-memory.dmp

Filesize
3.3MB

Download
memory/3596-124-0x00007FF6D5BC0000-0x00007FF6D5F14000-memory.dmp

Filesize
3.3MB

Download
memory/3596-2157-0x00007FF6D5BC0000-0x00007FF6D5F14000-memory.dmp

Filesize
3.3MB

Download
memory/3596-2135-0x00007FF6D5BC0000-0x00007FF6D5F14000-memory.dmp

Filesize
3.3MB

Download
memory/3680-109-0x00007FF6A1CD0000-0x00007FF6A2024000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2162-0x00007FF6A1CD0000-0x00007FF6A2024000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2134-0x00007FF6A1CD0000-0x00007FF6A2024000-memory.dmp

Filesize
3.3MB

Download
memory/3688-1-0x000001DB81750000-0x000001DB81760000-memory.dmp

Filesize
64KB

Download
memory/3688-0-0x00007FF77B8B0000-0x00007FF77BC04000-memory.dmp

Filesize
3.3MB

Download
memory/4216-148-0x00007FF793270000-0x00007FF7935C4000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2148-0x00007FF793270000-0x00007FF7935C4000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2136-0x00007FF793270000-0x00007FF7935C4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2138-0x00007FF7F60C0000-0x00007FF7F6414000-memory.dmp

Filesize
3.3MB

Download
memory/4424-21-0x00007FF7F60C0000-0x00007FF7F6414000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2160-0x00007FF69FF90000-0x00007FF6A02E4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-190-0x00007FF69FF90000-0x00007FF6A02E4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-51-0x00007FF71F1B0000-0x00007FF71F504000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2143-0x00007FF71F1B0000-0x00007FF71F504000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2131-0x00007FF71F1B0000-0x00007FF71F504000-memory.dmp

Filesize
3.3MB

Download
memory/4744-187-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp

Filesize
3.3MB

Download
memory/4744-2159-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2150-0x00007FF776130000-0x00007FF776484000-memory.dmp

Filesize
3.3MB

Download
memory/4948-177-0x00007FF776130000-0x00007FF776484000-memory.dmp

Filesize
3.3MB

Download
memory/5100-183-0x00007FF66C260000-0x00007FF66C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2163-0x00007FF66C260000-0x00007FF66C5B4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads