xmrig | e977e10af30400a98687c59e4f9ba2bb041fe1a1dee90cd0f8b1ee98cfe166e0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
Size

2.7MB
MD5

6dd80ed3473add23def92fe95a5d9780
SHA1

af69a3cbc9454b16e7dcca9ed43e7ca97d88924f
SHA256

e977e10af30400a98687c59e4f9ba2bb041fe1a1dee90cd0f8b1ee98cfe166e0
SHA512

b1bcf1ed2000cbfd20e0d68cffbc11fe83590aa457c3bb7edcd063a4f0d5c718384dbcd359a2f5f8e438106ea61e7a30bd691e646136eb7f739a43e41154057f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Aj4k3SJCavKM1W7FINqR:BemTLkNdfE0pZrU

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4724-0-0x00007FF67EF40000-0x00007FF67F294000-memory.dmp	xmrig
behavioral2/files/0x0008000000023431-4.dat	xmrig
behavioral2/files/0x0007000000023439-9.dat	xmrig
behavioral2/files/0x0007000000023438-11.dat	xmrig
behavioral2/memory/4496-14-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp	xmrig
behavioral2/files/0x000700000002343a-24.dat	xmrig
behavioral2/memory/1624-28-0x00007FF6ACA40000-0x00007FF6ACD94000-memory.dmp	xmrig
behavioral2/memory/3308-34-0x00007FF7F6330000-0x00007FF7F6684000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-37.dat	xmrig
behavioral2/memory/1172-36-0x00007FF60CC70000-0x00007FF60CFC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343b-32.dat	xmrig
behavioral2/memory/448-20-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp	xmrig
behavioral2/memory/3452-17-0x00007FF68BED0000-0x00007FF68C224000-memory.dmp	xmrig
behavioral2/files/0x000700000002343d-41.dat	xmrig
behavioral2/files/0x0008000000023435-46.dat	xmrig
behavioral2/memory/4156-49-0x00007FF66EFF0000-0x00007FF66F344000-memory.dmp	xmrig
behavioral2/files/0x000700000002343f-54.dat	xmrig
behavioral2/files/0x0007000000023440-58.dat	xmrig
behavioral2/memory/1640-51-0x00007FF7F1C10000-0x00007FF7F1F64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-64.dat	xmrig
behavioral2/files/0x0007000000023443-73.dat	xmrig
behavioral2/files/0x0007000000023447-97.dat	xmrig
behavioral2/files/0x0007000000023449-107.dat	xmrig
behavioral2/files/0x000700000002344d-127.dat	xmrig
behavioral2/files/0x0007000000023454-156.dat	xmrig
behavioral2/files/0x0007000000023455-167.dat	xmrig
behavioral2/memory/1196-313-0x00007FF7855B0000-0x00007FF785904000-memory.dmp	xmrig
behavioral2/memory/4800-318-0x00007FF6AA550000-0x00007FF6AA8A4000-memory.dmp	xmrig
behavioral2/memory/4792-325-0x00007FF687A80000-0x00007FF687DD4000-memory.dmp	xmrig
behavioral2/memory/3852-337-0x00007FF60BE10000-0x00007FF60C164000-memory.dmp	xmrig
behavioral2/memory/5092-340-0x00007FF746AA0000-0x00007FF746DF4000-memory.dmp	xmrig
behavioral2/memory/2384-342-0x00007FF655680000-0x00007FF6559D4000-memory.dmp	xmrig
behavioral2/memory/1936-344-0x00007FF6721D0000-0x00007FF672524000-memory.dmp	xmrig
behavioral2/memory/3836-346-0x00007FF71AA50000-0x00007FF71ADA4000-memory.dmp	xmrig
behavioral2/memory/916-347-0x00007FF76A720000-0x00007FF76AA74000-memory.dmp	xmrig
behavioral2/memory/5008-345-0x00007FF7806A0000-0x00007FF7809F4000-memory.dmp	xmrig
behavioral2/memory/4876-343-0x00007FF6F8010000-0x00007FF6F8364000-memory.dmp	xmrig
behavioral2/memory/1532-341-0x00007FF6AD210000-0x00007FF6AD564000-memory.dmp	xmrig
behavioral2/memory/4532-339-0x00007FF7F8200000-0x00007FF7F8554000-memory.dmp	xmrig
behavioral2/memory/4752-338-0x00007FF66D720000-0x00007FF66DA74000-memory.dmp	xmrig
behavioral2/memory/2632-336-0x00007FF75E6C0000-0x00007FF75EA14000-memory.dmp	xmrig
behavioral2/memory/4892-330-0x00007FF7C4FF0000-0x00007FF7C5344000-memory.dmp	xmrig
behavioral2/memory/2336-329-0x00007FF72CBA0000-0x00007FF72CEF4000-memory.dmp	xmrig
behavioral2/memory/2892-317-0x00007FF7C64A0000-0x00007FF7C67F4000-memory.dmp	xmrig
behavioral2/memory/2092-324-0x00007FF69AB00000-0x00007FF69AE54000-memory.dmp	xmrig
behavioral2/memory/216-311-0x00007FF64AB70000-0x00007FF64AEC4000-memory.dmp	xmrig
behavioral2/memory/4224-308-0x00007FF771BB0000-0x00007FF771F04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023457-171.dat	xmrig
behavioral2/files/0x0007000000023456-166.dat	xmrig
behavioral2/files/0x0007000000023453-157.dat	xmrig
behavioral2/files/0x0007000000023452-152.dat	xmrig
behavioral2/files/0x0007000000023451-147.dat	xmrig
behavioral2/files/0x0007000000023450-142.dat	xmrig
behavioral2/files/0x000700000002344f-136.dat	xmrig
behavioral2/files/0x000700000002344e-132.dat	xmrig
behavioral2/files/0x000700000002344c-122.dat	xmrig
behavioral2/files/0x000700000002344b-116.dat	xmrig
behavioral2/files/0x000700000002344a-112.dat	xmrig
behavioral2/files/0x0007000000023448-101.dat	xmrig
behavioral2/files/0x0007000000023446-92.dat	xmrig
behavioral2/files/0x0007000000023445-87.dat	xmrig
behavioral2/files/0x0007000000023444-81.dat	xmrig
behavioral2/files/0x0007000000023442-71.dat	xmrig
behavioral2/memory/4724-939-0x00007FF67EF40000-0x00007FF67F294000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4496	rnAFOBk.exe
3452	gAdtXbD.exe
448	zukqSGN.exe
1624	Dxqwuvp.exe
3308	OzJeUdh.exe
1172	XjvrjdU.exe
4156	ArRlrPv.exe
1640	AnlMZwl.exe
4224	HjQosIe.exe
916	RWtCAkh.exe
216	IYgkuvz.exe
1196	ruTJsqw.exe
2892	YoeaMqu.exe
4800	OdKwDSi.exe
2092	xMGfhCH.exe
4792	aikuBdN.exe
2336	VeAJcWH.exe
4892	thhHqag.exe
2632	pgNDiMV.exe
3852	XIqeDQr.exe
4752	GaeSXca.exe
4532	kkdxZGk.exe
5092	iBwXdQi.exe
1532	uYcBKwj.exe
2384	ekSvoKD.exe
4876	MnbJgAu.exe
1936	BSzXccn.exe
5008	uoJMzYR.exe
3836	ZJIEpcB.exe
4028	InsLTzR.exe
368	tfFJbWz.exe
4696	PHYBcAW.exe
2352	flYJLjq.exe
2628	jxuKGzZ.exe
3040	RcAtAgF.exe
4268	TFvOlEs.exe
1912	xcbMZQX.exe
5048	oDPWbmS.exe
3368	VJgwhXo.exe
3932	aWptmts.exe
4332	LFyBkWb.exe
4348	TKthbbL.exe
2748	DEiYVks.exe
4676	wJBVfGR.exe
4128	hmnUsiY.exe
716	xGlgXhF.exe
3204	vqefsiY.exe
1896	uUOahqp.exe
3644	EjBcWpP.exe
536	UbVrsog.exe
400	JQHyApI.exe
4576	jolAwrB.exe
1824	oIcLZoX.exe
2128	IIaDCXU.exe
3872	koIrCVY.exe
5104	ykNlOAM.exe
4856	RETiera.exe
5108	DXBtLQX.exe
4316	eqHpfmu.exe
2508	fcNDIDM.exe
4372	XfDdEud.exe
4936	ojYanbY.exe
3024	aIyMfYK.exe
4512	ZOuwtHV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4724-0-0x00007FF67EF40000-0x00007FF67F294000-memory.dmp	upx
behavioral2/files/0x0008000000023431-4.dat	upx
behavioral2/files/0x0007000000023439-9.dat	upx
behavioral2/files/0x0007000000023438-11.dat	upx
behavioral2/memory/4496-14-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp	upx
behavioral2/files/0x000700000002343a-24.dat	upx
behavioral2/memory/1624-28-0x00007FF6ACA40000-0x00007FF6ACD94000-memory.dmp	upx
behavioral2/memory/3308-34-0x00007FF7F6330000-0x00007FF7F6684000-memory.dmp	upx
behavioral2/files/0x000700000002343c-37.dat	upx
behavioral2/memory/1172-36-0x00007FF60CC70000-0x00007FF60CFC4000-memory.dmp	upx
behavioral2/files/0x000700000002343b-32.dat	upx
behavioral2/memory/448-20-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp	upx
behavioral2/memory/3452-17-0x00007FF68BED0000-0x00007FF68C224000-memory.dmp	upx
behavioral2/files/0x000700000002343d-41.dat	upx
behavioral2/files/0x0008000000023435-46.dat	upx
behavioral2/memory/4156-49-0x00007FF66EFF0000-0x00007FF66F344000-memory.dmp	upx
behavioral2/files/0x000700000002343f-54.dat	upx
behavioral2/files/0x0007000000023440-58.dat	upx
behavioral2/memory/1640-51-0x00007FF7F1C10000-0x00007FF7F1F64000-memory.dmp	upx
behavioral2/files/0x0007000000023441-64.dat	upx
behavioral2/files/0x0007000000023443-73.dat	upx
behavioral2/files/0x0007000000023447-97.dat	upx
behavioral2/files/0x0007000000023449-107.dat	upx
behavioral2/files/0x000700000002344d-127.dat	upx
behavioral2/files/0x0007000000023454-156.dat	upx
behavioral2/files/0x0007000000023455-167.dat	upx
behavioral2/memory/1196-313-0x00007FF7855B0000-0x00007FF785904000-memory.dmp	upx
behavioral2/memory/4800-318-0x00007FF6AA550000-0x00007FF6AA8A4000-memory.dmp	upx
behavioral2/memory/4792-325-0x00007FF687A80000-0x00007FF687DD4000-memory.dmp	upx
behavioral2/memory/3852-337-0x00007FF60BE10000-0x00007FF60C164000-memory.dmp	upx
behavioral2/memory/5092-340-0x00007FF746AA0000-0x00007FF746DF4000-memory.dmp	upx
behavioral2/memory/2384-342-0x00007FF655680000-0x00007FF6559D4000-memory.dmp	upx
behavioral2/memory/1936-344-0x00007FF6721D0000-0x00007FF672524000-memory.dmp	upx
behavioral2/memory/3836-346-0x00007FF71AA50000-0x00007FF71ADA4000-memory.dmp	upx
behavioral2/memory/916-347-0x00007FF76A720000-0x00007FF76AA74000-memory.dmp	upx
behavioral2/memory/5008-345-0x00007FF7806A0000-0x00007FF7809F4000-memory.dmp	upx
behavioral2/memory/4876-343-0x00007FF6F8010000-0x00007FF6F8364000-memory.dmp	upx
behavioral2/memory/1532-341-0x00007FF6AD210000-0x00007FF6AD564000-memory.dmp	upx
behavioral2/memory/4532-339-0x00007FF7F8200000-0x00007FF7F8554000-memory.dmp	upx
behavioral2/memory/4752-338-0x00007FF66D720000-0x00007FF66DA74000-memory.dmp	upx
behavioral2/memory/2632-336-0x00007FF75E6C0000-0x00007FF75EA14000-memory.dmp	upx
behavioral2/memory/4892-330-0x00007FF7C4FF0000-0x00007FF7C5344000-memory.dmp	upx
behavioral2/memory/2336-329-0x00007FF72CBA0000-0x00007FF72CEF4000-memory.dmp	upx
behavioral2/memory/2892-317-0x00007FF7C64A0000-0x00007FF7C67F4000-memory.dmp	upx
behavioral2/memory/2092-324-0x00007FF69AB00000-0x00007FF69AE54000-memory.dmp	upx
behavioral2/memory/216-311-0x00007FF64AB70000-0x00007FF64AEC4000-memory.dmp	upx
behavioral2/memory/4224-308-0x00007FF771BB0000-0x00007FF771F04000-memory.dmp	upx
behavioral2/files/0x0007000000023457-171.dat	upx
behavioral2/files/0x0007000000023456-166.dat	upx
behavioral2/files/0x0007000000023453-157.dat	upx
behavioral2/files/0x0007000000023452-152.dat	upx
behavioral2/files/0x0007000000023451-147.dat	upx
behavioral2/files/0x0007000000023450-142.dat	upx
behavioral2/files/0x000700000002344f-136.dat	upx
behavioral2/files/0x000700000002344e-132.dat	upx
behavioral2/files/0x000700000002344c-122.dat	upx
behavioral2/files/0x000700000002344b-116.dat	upx
behavioral2/files/0x000700000002344a-112.dat	upx
behavioral2/files/0x0007000000023448-101.dat	upx
behavioral2/files/0x0007000000023446-92.dat	upx
behavioral2/files/0x0007000000023445-87.dat	upx
behavioral2/files/0x0007000000023444-81.dat	upx
behavioral2/files/0x0007000000023442-71.dat	upx
behavioral2/memory/4724-939-0x00007FF67EF40000-0x00007FF67F294000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FVhMinj.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\MnbJgAu.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\JQHyApI.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\toYlJUs.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\FXyaGKn.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\kIzOsAD.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\AsLehZM.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\NJIPvTc.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\MKlYrgS.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\njfYoUs.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\HPJYxKc.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\usmtZWZ.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\RryMqbZ.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\rrxzHRt.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\wczaPnz.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\vRLLmkE.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\hWJLeKy.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\xPwRsos.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\fTDefHC.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\OvIiQtI.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\hmnUsiY.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\VNbXGWB.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\YGsnuct.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\FRQmwal.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\VPfYWdM.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\KzMgzLn.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\KjjIJFK.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\IpoSkgr.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\fVPpDhY.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\HQhfkEt.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\akHmoQh.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\FOwaXiZ.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\mHDQNRQ.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\FLcRMTz.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\KcUtgtQ.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\WTqkzMq.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\QjMSqyU.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\vrdMsWc.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\kFJxgxp.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\LYwhURt.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\JNmzHqy.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\vpkQvEk.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\VELjDDz.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\etNOpGx.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\cZLOVKC.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\rhdhfmN.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\YYjWhKM.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\eAfoORk.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\gLVgFTS.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\wcHJvfu.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\qrRQjQJ.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\dcsnQkt.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\uPCoHtI.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\YPUaOFd.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\JeyRMBu.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\ExHLwrh.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\VEqlBTJ.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\vdmgseV.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\aWptmts.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\ZTLRXbY.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\OEHiKss.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\ljPciOU.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\OGAMvLI.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
File created	C:\Windows\System\rgUEFsG.exe	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15240	dwm.exe
Token: SeChangeNotifyPrivilege	15240	dwm.exe
Token: 33	15240	dwm.exe
Token: SeIncBasePriorityPrivilege	15240	dwm.exe
Token: SeShutdownPrivilege	15240	dwm.exe
Token: SeCreatePagefilePrivilege	15240	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 4496	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	84
PID 4724 wrote to memory of 4496	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	84
PID 4724 wrote to memory of 3452	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	85
PID 4724 wrote to memory of 3452	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	85
PID 4724 wrote to memory of 448	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	86
PID 4724 wrote to memory of 448	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	86
PID 4724 wrote to memory of 1624	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	87
PID 4724 wrote to memory of 1624	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	87
PID 4724 wrote to memory of 3308	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	88
PID 4724 wrote to memory of 3308	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	88
PID 4724 wrote to memory of 1172	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	89
PID 4724 wrote to memory of 1172	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	89
PID 4724 wrote to memory of 4156	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	90
PID 4724 wrote to memory of 4156	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	90
PID 4724 wrote to memory of 1640	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	91
PID 4724 wrote to memory of 1640	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	91
PID 4724 wrote to memory of 4224	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	92
PID 4724 wrote to memory of 4224	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	92
PID 4724 wrote to memory of 916	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	93
PID 4724 wrote to memory of 916	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	93
PID 4724 wrote to memory of 216	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	94
PID 4724 wrote to memory of 216	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	94
PID 4724 wrote to memory of 1196	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	95
PID 4724 wrote to memory of 1196	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	95
PID 4724 wrote to memory of 2892	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	96
PID 4724 wrote to memory of 2892	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	96
PID 4724 wrote to memory of 4800	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	97
PID 4724 wrote to memory of 4800	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	97
PID 4724 wrote to memory of 2092	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	98
PID 4724 wrote to memory of 2092	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	98
PID 4724 wrote to memory of 4792	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	99
PID 4724 wrote to memory of 4792	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	99
PID 4724 wrote to memory of 2336	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	100
PID 4724 wrote to memory of 2336	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	100
PID 4724 wrote to memory of 4892	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	101
PID 4724 wrote to memory of 4892	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	101
PID 4724 wrote to memory of 2632	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	102
PID 4724 wrote to memory of 2632	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	102
PID 4724 wrote to memory of 3852	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	103
PID 4724 wrote to memory of 3852	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	103
PID 4724 wrote to memory of 4752	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	104
PID 4724 wrote to memory of 4752	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	104
PID 4724 wrote to memory of 4532	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	105
PID 4724 wrote to memory of 4532	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	105
PID 4724 wrote to memory of 5092	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	106
PID 4724 wrote to memory of 5092	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	106
PID 4724 wrote to memory of 1532	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	107
PID 4724 wrote to memory of 1532	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	107
PID 4724 wrote to memory of 2384	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	108
PID 4724 wrote to memory of 2384	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	108
PID 4724 wrote to memory of 4876	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	109
PID 4724 wrote to memory of 4876	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	109
PID 4724 wrote to memory of 1936	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	110
PID 4724 wrote to memory of 1936	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	110
PID 4724 wrote to memory of 5008	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	111
PID 4724 wrote to memory of 5008	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	111
PID 4724 wrote to memory of 3836	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	112
PID 4724 wrote to memory of 3836	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	112
PID 4724 wrote to memory of 4028	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	113
PID 4724 wrote to memory of 4028	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	113
PID 4724 wrote to memory of 368	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	114
PID 4724 wrote to memory of 368	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	114
PID 4724 wrote to memory of 4696	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	115
PID 4724 wrote to memory of 4696	4724	6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6dd80ed3473add23def92fe95a5d9780_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Windows\System\rnAFOBk.exe
  C:\Windows\System\rnAFOBk.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\gAdtXbD.exe
  C:\Windows\System\gAdtXbD.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\zukqSGN.exe
  C:\Windows\System\zukqSGN.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\Dxqwuvp.exe
  C:\Windows\System\Dxqwuvp.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\OzJeUdh.exe
  C:\Windows\System\OzJeUdh.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\XjvrjdU.exe
  C:\Windows\System\XjvrjdU.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\ArRlrPv.exe
  C:\Windows\System\ArRlrPv.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\AnlMZwl.exe
  C:\Windows\System\AnlMZwl.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\HjQosIe.exe
  C:\Windows\System\HjQosIe.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\RWtCAkh.exe
  C:\Windows\System\RWtCAkh.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\IYgkuvz.exe
  C:\Windows\System\IYgkuvz.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\ruTJsqw.exe
  C:\Windows\System\ruTJsqw.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\YoeaMqu.exe
  C:\Windows\System\YoeaMqu.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\OdKwDSi.exe
  C:\Windows\System\OdKwDSi.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\xMGfhCH.exe
  C:\Windows\System\xMGfhCH.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\aikuBdN.exe
  C:\Windows\System\aikuBdN.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\VeAJcWH.exe
  C:\Windows\System\VeAJcWH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\thhHqag.exe
  C:\Windows\System\thhHqag.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\pgNDiMV.exe
  C:\Windows\System\pgNDiMV.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\XIqeDQr.exe
  C:\Windows\System\XIqeDQr.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\GaeSXca.exe
  C:\Windows\System\GaeSXca.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\kkdxZGk.exe
  C:\Windows\System\kkdxZGk.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\iBwXdQi.exe
  C:\Windows\System\iBwXdQi.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\uYcBKwj.exe
  C:\Windows\System\uYcBKwj.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\ekSvoKD.exe
  C:\Windows\System\ekSvoKD.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\MnbJgAu.exe
  C:\Windows\System\MnbJgAu.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\BSzXccn.exe
  C:\Windows\System\BSzXccn.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\uoJMzYR.exe
  C:\Windows\System\uoJMzYR.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\ZJIEpcB.exe
  C:\Windows\System\ZJIEpcB.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\InsLTzR.exe
  C:\Windows\System\InsLTzR.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\tfFJbWz.exe
  C:\Windows\System\tfFJbWz.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\PHYBcAW.exe
  C:\Windows\System\PHYBcAW.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\flYJLjq.exe
  C:\Windows\System\flYJLjq.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\jxuKGzZ.exe
  C:\Windows\System\jxuKGzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\RcAtAgF.exe
  C:\Windows\System\RcAtAgF.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\TFvOlEs.exe
  C:\Windows\System\TFvOlEs.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\xcbMZQX.exe
  C:\Windows\System\xcbMZQX.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\oDPWbmS.exe
  C:\Windows\System\oDPWbmS.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\VJgwhXo.exe
  C:\Windows\System\VJgwhXo.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\aWptmts.exe
  C:\Windows\System\aWptmts.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\LFyBkWb.exe
  C:\Windows\System\LFyBkWb.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\TKthbbL.exe
  C:\Windows\System\TKthbbL.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\DEiYVks.exe
  C:\Windows\System\DEiYVks.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wJBVfGR.exe
  C:\Windows\System\wJBVfGR.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\hmnUsiY.exe
  C:\Windows\System\hmnUsiY.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\xGlgXhF.exe
  C:\Windows\System\xGlgXhF.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\vqefsiY.exe
  C:\Windows\System\vqefsiY.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\uUOahqp.exe
  C:\Windows\System\uUOahqp.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\EjBcWpP.exe
  C:\Windows\System\EjBcWpP.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\UbVrsog.exe
  C:\Windows\System\UbVrsog.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\JQHyApI.exe
  C:\Windows\System\JQHyApI.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\jolAwrB.exe
  C:\Windows\System\jolAwrB.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\oIcLZoX.exe
  C:\Windows\System\oIcLZoX.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\IIaDCXU.exe
  C:\Windows\System\IIaDCXU.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\koIrCVY.exe
  C:\Windows\System\koIrCVY.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\ykNlOAM.exe
  C:\Windows\System\ykNlOAM.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\RETiera.exe
  C:\Windows\System\RETiera.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\DXBtLQX.exe
  C:\Windows\System\DXBtLQX.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\eqHpfmu.exe
  C:\Windows\System\eqHpfmu.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\fcNDIDM.exe
  C:\Windows\System\fcNDIDM.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XfDdEud.exe
  C:\Windows\System\XfDdEud.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\ojYanbY.exe
  C:\Windows\System\ojYanbY.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\aIyMfYK.exe
  C:\Windows\System\aIyMfYK.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ZOuwtHV.exe
  C:\Windows\System\ZOuwtHV.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\qrRQjQJ.exe
  C:\Windows\System\qrRQjQJ.exe
  2⤵
  PID:4168
- C:\Windows\System\cZAqUsE.exe
  C:\Windows\System\cZAqUsE.exe
  2⤵
  PID:2392
- C:\Windows\System\aNouurG.exe
  C:\Windows\System\aNouurG.exe
  2⤵
  PID:2032
- C:\Windows\System\porcHwf.exe
  C:\Windows\System\porcHwf.exe
  2⤵
  PID:2980
- C:\Windows\System\HPJYxKc.exe
  C:\Windows\System\HPJYxKc.exe
  2⤵
  PID:772
- C:\Windows\System\sbfQatW.exe
  C:\Windows\System\sbfQatW.exe
  2⤵
  PID:3672
- C:\Windows\System\HLeoJTx.exe
  C:\Windows\System\HLeoJTx.exe
  2⤵
  PID:1696
- C:\Windows\System\hLHntqm.exe
  C:\Windows\System\hLHntqm.exe
  2⤵
  PID:4308
- C:\Windows\System\zVerNLF.exe
  C:\Windows\System\zVerNLF.exe
  2⤵
  PID:4920
- C:\Windows\System\YSiziFD.exe
  C:\Windows\System\YSiziFD.exe
  2⤵
  PID:3116
- C:\Windows\System\POAzQtM.exe
  C:\Windows\System\POAzQtM.exe
  2⤵
  PID:4836
- C:\Windows\System\rSnhVmu.exe
  C:\Windows\System\rSnhVmu.exe
  2⤵
  PID:4784
- C:\Windows\System\EOsurPc.exe
  C:\Windows\System\EOsurPc.exe
  2⤵
  PID:3912
- C:\Windows\System\fvFdrMo.exe
  C:\Windows\System\fvFdrMo.exe
  2⤵
  PID:5160
- C:\Windows\System\CVXsXkM.exe
  C:\Windows\System\CVXsXkM.exe
  2⤵
  PID:5188
- C:\Windows\System\JDCSCxq.exe
  C:\Windows\System\JDCSCxq.exe
  2⤵
  PID:5208
- C:\Windows\System\nDdJaBa.exe
  C:\Windows\System\nDdJaBa.exe
  2⤵
  PID:5244
- C:\Windows\System\FZasgUi.exe
  C:\Windows\System\FZasgUi.exe
  2⤵
  PID:5264
- C:\Windows\System\XgsVoWe.exe
  C:\Windows\System\XgsVoWe.exe
  2⤵
  PID:5284
- C:\Windows\System\neuBuTx.exe
  C:\Windows\System\neuBuTx.exe
  2⤵
  PID:5312
- C:\Windows\System\ytyTIye.exe
  C:\Windows\System\ytyTIye.exe
  2⤵
  PID:5348
- C:\Windows\System\gNxcohn.exe
  C:\Windows\System\gNxcohn.exe
  2⤵
  PID:5372
- C:\Windows\System\aYgAwBf.exe
  C:\Windows\System\aYgAwBf.exe
  2⤵
  PID:5728
- C:\Windows\System\QfPsfcN.exe
  C:\Windows\System\QfPsfcN.exe
  2⤵
  PID:5760
- C:\Windows\System\SbWZCRw.exe
  C:\Windows\System\SbWZCRw.exe
  2⤵
  PID:5788
- C:\Windows\System\AwCrAUz.exe
  C:\Windows\System\AwCrAUz.exe
  2⤵
  PID:5844
- C:\Windows\System\KdRaAJz.exe
  C:\Windows\System\KdRaAJz.exe
  2⤵
  PID:5876
- C:\Windows\System\Debbyxp.exe
  C:\Windows\System\Debbyxp.exe
  2⤵
  PID:5920
- C:\Windows\System\RyDgtrk.exe
  C:\Windows\System\RyDgtrk.exe
  2⤵
  PID:5956
- C:\Windows\System\dfudVGG.exe
  C:\Windows\System\dfudVGG.exe
  2⤵
  PID:5984
- C:\Windows\System\SFSMRsy.exe
  C:\Windows\System\SFSMRsy.exe
  2⤵
  PID:6024
- C:\Windows\System\mHDQNRQ.exe
  C:\Windows\System\mHDQNRQ.exe
  2⤵
  PID:6052
- C:\Windows\System\DMJsTrI.exe
  C:\Windows\System\DMJsTrI.exe
  2⤵
  PID:6124
- C:\Windows\System\NTSRStL.exe
  C:\Windows\System\NTSRStL.exe
  2⤵
  PID:4172
- C:\Windows\System\eppenUk.exe
  C:\Windows\System\eppenUk.exe
  2⤵
  PID:5156
- C:\Windows\System\qMXnwyv.exe
  C:\Windows\System\qMXnwyv.exe
  2⤵
  PID:5240
- C:\Windows\System\yrySvRu.exe
  C:\Windows\System\yrySvRu.exe
  2⤵
  PID:5300
- C:\Windows\System\iIajoXx.exe
  C:\Windows\System\iIajoXx.exe
  2⤵
  PID:5364
- C:\Windows\System\zTIOHip.exe
  C:\Windows\System\zTIOHip.exe
  2⤵
  PID:2776
- C:\Windows\System\tLfWuxW.exe
  C:\Windows\System\tLfWuxW.exe
  2⤵
  PID:2008
- C:\Windows\System\OtyTVDo.exe
  C:\Windows\System\OtyTVDo.exe
  2⤵
  PID:4400
- C:\Windows\System\VtAiukl.exe
  C:\Windows\System\VtAiukl.exe
  2⤵
  PID:2176
- C:\Windows\System\mScbNmQ.exe
  C:\Windows\System\mScbNmQ.exe
  2⤵
  PID:3356
- C:\Windows\System\zjvAJFy.exe
  C:\Windows\System\zjvAJFy.exe
  2⤵
  PID:1672
- C:\Windows\System\ClVumEc.exe
  C:\Windows\System\ClVumEc.exe
  2⤵
  PID:5748
- C:\Windows\System\ESyjoeW.exe
  C:\Windows\System\ESyjoeW.exe
  2⤵
  PID:452
- C:\Windows\System\ayXtEpu.exe
  C:\Windows\System\ayXtEpu.exe
  2⤵
  PID:1048
- C:\Windows\System\xIouzyu.exe
  C:\Windows\System\xIouzyu.exe
  2⤵
  PID:2920
- C:\Windows\System\MMLZqJC.exe
  C:\Windows\System\MMLZqJC.exe
  2⤵
  PID:3592
- C:\Windows\System\uQSeFYw.exe
  C:\Windows\System\uQSeFYw.exe
  2⤵
  PID:2488
- C:\Windows\System\RWcllpH.exe
  C:\Windows\System\RWcllpH.exe
  2⤵
  PID:6008
- C:\Windows\System\XadwybH.exe
  C:\Windows\System\XadwybH.exe
  2⤵
  PID:4068
- C:\Windows\System\odjHbyf.exe
  C:\Windows\System\odjHbyf.exe
  2⤵
  PID:5180
- C:\Windows\System\FVKKXck.exe
  C:\Windows\System\FVKKXck.exe
  2⤵
  PID:5340
- C:\Windows\System\vwFLxQH.exe
  C:\Windows\System\vwFLxQH.exe
  2⤵
  PID:1892
- C:\Windows\System\xdtmbOP.exe
  C:\Windows\System\xdtmbOP.exe
  2⤵
  PID:1148
- C:\Windows\System\NCkmUNJ.exe
  C:\Windows\System\NCkmUNJ.exe
  2⤵
  PID:5588
- C:\Windows\System\DzHXAUo.exe
  C:\Windows\System\DzHXAUo.exe
  2⤵
  PID:3648
- C:\Windows\System\iEAYJHF.exe
  C:\Windows\System\iEAYJHF.exe
  2⤵
  PID:1920
- C:\Windows\System\GJlojOr.exe
  C:\Windows\System\GJlojOr.exe
  2⤵
  PID:6080
- C:\Windows\System\JNmzHqy.exe
  C:\Windows\System\JNmzHqy.exe
  2⤵
  PID:2132
- C:\Windows\System\MhrcRJg.exe
  C:\Windows\System\MhrcRJg.exe
  2⤵
  PID:5716
- C:\Windows\System\ZuTADWu.exe
  C:\Windows\System\ZuTADWu.exe
  2⤵
  PID:5824
- C:\Windows\System\IpoSkgr.exe
  C:\Windows\System\IpoSkgr.exe
  2⤵
  PID:5484
- C:\Windows\System\TyNUSdU.exe
  C:\Windows\System\TyNUSdU.exe
  2⤵
  PID:1788
- C:\Windows\System\gARbkkk.exe
  C:\Windows\System\gARbkkk.exe
  2⤵
  PID:6164
- C:\Windows\System\tDuFkRX.exe
  C:\Windows\System\tDuFkRX.exe
  2⤵
  PID:6192
- C:\Windows\System\FLcRMTz.exe
  C:\Windows\System\FLcRMTz.exe
  2⤵
  PID:6228
- C:\Windows\System\spmFUHn.exe
  C:\Windows\System\spmFUHn.exe
  2⤵
  PID:6252
- C:\Windows\System\DACeRnZ.exe
  C:\Windows\System\DACeRnZ.exe
  2⤵
  PID:6276
- C:\Windows\System\cLAwbiI.exe
  C:\Windows\System\cLAwbiI.exe
  2⤵
  PID:6304
- C:\Windows\System\zNKpZvp.exe
  C:\Windows\System\zNKpZvp.exe
  2⤵
  PID:6332
- C:\Windows\System\xCfMyvp.exe
  C:\Windows\System\xCfMyvp.exe
  2⤵
  PID:6360
- C:\Windows\System\vwAMPqR.exe
  C:\Windows\System\vwAMPqR.exe
  2⤵
  PID:6388
- C:\Windows\System\nLgVBDc.exe
  C:\Windows\System\nLgVBDc.exe
  2⤵
  PID:6416
- C:\Windows\System\JziKXZB.exe
  C:\Windows\System\JziKXZB.exe
  2⤵
  PID:6444
- C:\Windows\System\cWjJonh.exe
  C:\Windows\System\cWjJonh.exe
  2⤵
  PID:6472
- C:\Windows\System\yVJaAdI.exe
  C:\Windows\System\yVJaAdI.exe
  2⤵
  PID:6500
- C:\Windows\System\qZwTuHH.exe
  C:\Windows\System\qZwTuHH.exe
  2⤵
  PID:6528
- C:\Windows\System\uyqhKpz.exe
  C:\Windows\System\uyqhKpz.exe
  2⤵
  PID:6556
- C:\Windows\System\ZvaXEFK.exe
  C:\Windows\System\ZvaXEFK.exe
  2⤵
  PID:6584
- C:\Windows\System\NwtUkrB.exe
  C:\Windows\System\NwtUkrB.exe
  2⤵
  PID:6612
- C:\Windows\System\sYGFxcj.exe
  C:\Windows\System\sYGFxcj.exe
  2⤵
  PID:6640
- C:\Windows\System\pECCSXk.exe
  C:\Windows\System\pECCSXk.exe
  2⤵
  PID:6668
- C:\Windows\System\qFMHXEC.exe
  C:\Windows\System\qFMHXEC.exe
  2⤵
  PID:6700
- C:\Windows\System\HbtzfHk.exe
  C:\Windows\System\HbtzfHk.exe
  2⤵
  PID:6724
- C:\Windows\System\AePvDUo.exe
  C:\Windows\System\AePvDUo.exe
  2⤵
  PID:6756
- C:\Windows\System\iRLOjwv.exe
  C:\Windows\System\iRLOjwv.exe
  2⤵
  PID:6788
- C:\Windows\System\RnhfJnK.exe
  C:\Windows\System\RnhfJnK.exe
  2⤵
  PID:6816
- C:\Windows\System\MLPkaIE.exe
  C:\Windows\System\MLPkaIE.exe
  2⤵
  PID:6848
- C:\Windows\System\TmApeKJ.exe
  C:\Windows\System\TmApeKJ.exe
  2⤵
  PID:6876
- C:\Windows\System\uJUKtjK.exe
  C:\Windows\System\uJUKtjK.exe
  2⤵
  PID:6908
- C:\Windows\System\NpACjhH.exe
  C:\Windows\System\NpACjhH.exe
  2⤵
  PID:6940
- C:\Windows\System\ZTLRXbY.exe
  C:\Windows\System\ZTLRXbY.exe
  2⤵
  PID:6960
- C:\Windows\System\uroIEza.exe
  C:\Windows\System\uroIEza.exe
  2⤵
  PID:6988
- C:\Windows\System\ZgjiJHO.exe
  C:\Windows\System\ZgjiJHO.exe
  2⤵
  PID:7024
- C:\Windows\System\aoZNYyc.exe
  C:\Windows\System\aoZNYyc.exe
  2⤵
  PID:7052
- C:\Windows\System\vnYbBcV.exe
  C:\Windows\System\vnYbBcV.exe
  2⤵
  PID:7072
- C:\Windows\System\oHIOpAK.exe
  C:\Windows\System\oHIOpAK.exe
  2⤵
  PID:7104
- C:\Windows\System\brwdwnM.exe
  C:\Windows\System\brwdwnM.exe
  2⤵
  PID:7128
- C:\Windows\System\vYuaEmQ.exe
  C:\Windows\System\vYuaEmQ.exe
  2⤵
  PID:7156
- C:\Windows\System\vVZyVyx.exe
  C:\Windows\System\vVZyVyx.exe
  2⤵
  PID:6204
- C:\Windows\System\kmPllPn.exe
  C:\Windows\System\kmPllPn.exe
  2⤵
  PID:6240
- C:\Windows\System\pGzylNb.exe
  C:\Windows\System\pGzylNb.exe
  2⤵
  PID:6300
- C:\Windows\System\QppCTDn.exe
  C:\Windows\System\QppCTDn.exe
  2⤵
  PID:6328
- C:\Windows\System\xjidQmH.exe
  C:\Windows\System\xjidQmH.exe
  2⤵
  PID:6400
- C:\Windows\System\vpkQvEk.exe
  C:\Windows\System\vpkQvEk.exe
  2⤵
  PID:6440
- C:\Windows\System\FmMsLGA.exe
  C:\Windows\System\FmMsLGA.exe
  2⤵
  PID:6520
- C:\Windows\System\pmNSTPT.exe
  C:\Windows\System\pmNSTPT.exe
  2⤵
  PID:5416
- C:\Windows\System\LCUPRik.exe
  C:\Windows\System\LCUPRik.exe
  2⤵
  PID:6596
- C:\Windows\System\vTzclum.exe
  C:\Windows\System\vTzclum.exe
  2⤵
  PID:6652
- C:\Windows\System\KvCtwOP.exe
  C:\Windows\System\KvCtwOP.exe
  2⤵
  PID:6744
- C:\Windows\System\OwDHLrn.exe
  C:\Windows\System\OwDHLrn.exe
  2⤵
  PID:6812
- C:\Windows\System\RvpkBhU.exe
  C:\Windows\System\RvpkBhU.exe
  2⤵
  PID:6872
- C:\Windows\System\RyynqNq.exe
  C:\Windows\System\RyynqNq.exe
  2⤵
  PID:6948
- C:\Windows\System\KcUtgtQ.exe
  C:\Windows\System\KcUtgtQ.exe
  2⤵
  PID:7008
- C:\Windows\System\kIzOsAD.exe
  C:\Windows\System\kIzOsAD.exe
  2⤵
  PID:7092
- C:\Windows\System\iramcWy.exe
  C:\Windows\System\iramcWy.exe
  2⤵
  PID:7124
- C:\Windows\System\EJmYNyP.exe
  C:\Windows\System\EJmYNyP.exe
  2⤵
  PID:6216
- C:\Windows\System\dHaFyIr.exe
  C:\Windows\System\dHaFyIr.exe
  2⤵
  PID:6292
- C:\Windows\System\vMVorSb.exe
  C:\Windows\System\vMVorSb.exe
  2⤵
  PID:6380
- C:\Windows\System\bYPjHgQ.exe
  C:\Windows\System\bYPjHgQ.exe
  2⤵
  PID:6580
- C:\Windows\System\IgeqUwQ.exe
  C:\Windows\System\IgeqUwQ.exe
  2⤵
  PID:6716
- C:\Windows\System\QeouqUv.exe
  C:\Windows\System\QeouqUv.exe
  2⤵
  PID:6868
- C:\Windows\System\HeAPcDL.exe
  C:\Windows\System\HeAPcDL.exe
  2⤵
  PID:7036
- C:\Windows\System\gAmmHpZ.exe
  C:\Windows\System\gAmmHpZ.exe
  2⤵
  PID:6272
- C:\Windows\System\yDlwpmf.exe
  C:\Windows\System\yDlwpmf.exe
  2⤵
  PID:6436
- C:\Windows\System\AWHokRV.exe
  C:\Windows\System\AWHokRV.exe
  2⤵
  PID:6844
- C:\Windows\System\kGhxllo.exe
  C:\Windows\System\kGhxllo.exe
  2⤵
  PID:6632
- C:\Windows\System\hJzeGtf.exe
  C:\Windows\System\hJzeGtf.exe
  2⤵
  PID:6636
- C:\Windows\System\SuSqFLH.exe
  C:\Windows\System\SuSqFLH.exe
  2⤵
  PID:6552
- C:\Windows\System\EKcszxR.exe
  C:\Windows\System\EKcszxR.exe
  2⤵
  PID:7192
- C:\Windows\System\pptxLFK.exe
  C:\Windows\System\pptxLFK.exe
  2⤵
  PID:7228
- C:\Windows\System\dZACdri.exe
  C:\Windows\System\dZACdri.exe
  2⤵
  PID:7248
- C:\Windows\System\kgZhZOF.exe
  C:\Windows\System\kgZhZOF.exe
  2⤵
  PID:7288
- C:\Windows\System\VNbXGWB.exe
  C:\Windows\System\VNbXGWB.exe
  2⤵
  PID:7308
- C:\Windows\System\GkUFgyH.exe
  C:\Windows\System\GkUFgyH.exe
  2⤵
  PID:7348
- C:\Windows\System\rJsHGbL.exe
  C:\Windows\System\rJsHGbL.exe
  2⤵
  PID:7368
- C:\Windows\System\Itrewxn.exe
  C:\Windows\System\Itrewxn.exe
  2⤵
  PID:7400
- C:\Windows\System\WEdtRVe.exe
  C:\Windows\System\WEdtRVe.exe
  2⤵
  PID:7432
- C:\Windows\System\dcsnQkt.exe
  C:\Windows\System\dcsnQkt.exe
  2⤵
  PID:7460
- C:\Windows\System\ovohKPO.exe
  C:\Windows\System\ovohKPO.exe
  2⤵
  PID:7484
- C:\Windows\System\BqgXSpf.exe
  C:\Windows\System\BqgXSpf.exe
  2⤵
  PID:7528
- C:\Windows\System\KTsEMxo.exe
  C:\Windows\System\KTsEMxo.exe
  2⤵
  PID:7580
- C:\Windows\System\NsbJTwv.exe
  C:\Windows\System\NsbJTwv.exe
  2⤵
  PID:7600
- C:\Windows\System\KMVQTRW.exe
  C:\Windows\System\KMVQTRW.exe
  2⤵
  PID:7628
- C:\Windows\System\vJRxouX.exe
  C:\Windows\System\vJRxouX.exe
  2⤵
  PID:7664
- C:\Windows\System\hWJLeKy.exe
  C:\Windows\System\hWJLeKy.exe
  2⤵
  PID:7692
- C:\Windows\System\bnTJlit.exe
  C:\Windows\System\bnTJlit.exe
  2⤵
  PID:7720
- C:\Windows\System\lhZrPSa.exe
  C:\Windows\System\lhZrPSa.exe
  2⤵
  PID:7744
- C:\Windows\System\oMmePBY.exe
  C:\Windows\System\oMmePBY.exe
  2⤵
  PID:7768
- C:\Windows\System\MZVbxkY.exe
  C:\Windows\System\MZVbxkY.exe
  2⤵
  PID:7800
- C:\Windows\System\vDMfEGy.exe
  C:\Windows\System\vDMfEGy.exe
  2⤵
  PID:7824
- C:\Windows\System\NgmcvsI.exe
  C:\Windows\System\NgmcvsI.exe
  2⤵
  PID:7856
- C:\Windows\System\tZJbHAg.exe
  C:\Windows\System\tZJbHAg.exe
  2⤵
  PID:7880
- C:\Windows\System\HQhfkEt.exe
  C:\Windows\System\HQhfkEt.exe
  2⤵
  PID:7908
- C:\Windows\System\WTqkzMq.exe
  C:\Windows\System\WTqkzMq.exe
  2⤵
  PID:7944
- C:\Windows\System\QjMSqyU.exe
  C:\Windows\System\QjMSqyU.exe
  2⤵
  PID:7964
- C:\Windows\System\wcxpAFQ.exe
  C:\Windows\System\wcxpAFQ.exe
  2⤵
  PID:7992
- C:\Windows\System\pIWfLQj.exe
  C:\Windows\System\pIWfLQj.exe
  2⤵
  PID:8024
- C:\Windows\System\IHkqxqN.exe
  C:\Windows\System\IHkqxqN.exe
  2⤵
  PID:8056
- C:\Windows\System\ylLUXjn.exe
  C:\Windows\System\ylLUXjn.exe
  2⤵
  PID:8084
- C:\Windows\System\yMMmZAl.exe
  C:\Windows\System\yMMmZAl.exe
  2⤵
  PID:8116
- C:\Windows\System\jmEwYRL.exe
  C:\Windows\System\jmEwYRL.exe
  2⤵
  PID:8144
- C:\Windows\System\xPPeYPv.exe
  C:\Windows\System\xPPeYPv.exe
  2⤵
  PID:8176
- C:\Windows\System\uWAqvfb.exe
  C:\Windows\System\uWAqvfb.exe
  2⤵
  PID:7180
- C:\Windows\System\bkmhgXL.exe
  C:\Windows\System\bkmhgXL.exe
  2⤵
  PID:7244
- C:\Windows\System\SIhkSNV.exe
  C:\Windows\System\SIhkSNV.exe
  2⤵
  PID:7324
- C:\Windows\System\chAytlc.exe
  C:\Windows\System\chAytlc.exe
  2⤵
  PID:7384
- C:\Windows\System\RCtcJHo.exe
  C:\Windows\System\RCtcJHo.exe
  2⤵
  PID:7448
- C:\Windows\System\ozBxsDj.exe
  C:\Windows\System\ozBxsDj.exe
  2⤵
  PID:7516
- C:\Windows\System\dBBBRBD.exe
  C:\Windows\System\dBBBRBD.exe
  2⤵
  PID:7596
- C:\Windows\System\UJHyeCx.exe
  C:\Windows\System\UJHyeCx.exe
  2⤵
  PID:7672
- C:\Windows\System\EmMUDoN.exe
  C:\Windows\System\EmMUDoN.exe
  2⤵
  PID:7736
- C:\Windows\System\TMXoztj.exe
  C:\Windows\System\TMXoztj.exe
  2⤵
  PID:7808
- C:\Windows\System\znPXwjT.exe
  C:\Windows\System\znPXwjT.exe
  2⤵
  PID:7848
- C:\Windows\System\ANomljq.exe
  C:\Windows\System\ANomljq.exe
  2⤵
  PID:7928
- C:\Windows\System\cZqxjRn.exe
  C:\Windows\System\cZqxjRn.exe
  2⤵
  PID:7988
- C:\Windows\System\eIyUwdM.exe
  C:\Windows\System\eIyUwdM.exe
  2⤵
  PID:8068
- C:\Windows\System\EOnQSsK.exe
  C:\Windows\System\EOnQSsK.exe
  2⤵
  PID:8128
- C:\Windows\System\JaRdbeu.exe
  C:\Windows\System\JaRdbeu.exe
  2⤵
  PID:6324
- C:\Windows\System\lZmTTXV.exe
  C:\Windows\System\lZmTTXV.exe
  2⤵
  PID:7296
- C:\Windows\System\cZLOVKC.exe
  C:\Windows\System\cZLOVKC.exe
  2⤵
  PID:7472
- C:\Windows\System\akhAMOa.exe
  C:\Windows\System\akhAMOa.exe
  2⤵
  PID:7496
- C:\Windows\System\AuWyuwq.exe
  C:\Windows\System\AuWyuwq.exe
  2⤵
  PID:7764
- C:\Windows\System\UlUzmVY.exe
  C:\Windows\System\UlUzmVY.exe
  2⤵
  PID:7956
- C:\Windows\System\eOpzzFW.exe
  C:\Windows\System\eOpzzFW.exe
  2⤵
  PID:8044
- C:\Windows\System\ZDrRSwN.exe
  C:\Windows\System\ZDrRSwN.exe
  2⤵
  PID:7264
- C:\Windows\System\LsDPQkD.exe
  C:\Windows\System\LsDPQkD.exe
  2⤵
  PID:7624
- C:\Windows\System\xKxtqof.exe
  C:\Windows\System\xKxtqof.exe
  2⤵
  PID:7976
- C:\Windows\System\BVmCvhx.exe
  C:\Windows\System\BVmCvhx.exe
  2⤵
  PID:7592
- C:\Windows\System\QskMcrW.exe
  C:\Windows\System\QskMcrW.exe
  2⤵
  PID:7392
- C:\Windows\System\TBsYVua.exe
  C:\Windows\System\TBsYVua.exe
  2⤵
  PID:8208
- C:\Windows\System\noMhDWH.exe
  C:\Windows\System\noMhDWH.exe
  2⤵
  PID:8236
- C:\Windows\System\rcTTkxv.exe
  C:\Windows\System\rcTTkxv.exe
  2⤵
  PID:8264
- C:\Windows\System\pJccdwk.exe
  C:\Windows\System\pJccdwk.exe
  2⤵
  PID:8280
- C:\Windows\System\vrdMsWc.exe
  C:\Windows\System\vrdMsWc.exe
  2⤵
  PID:8320
- C:\Windows\System\KaPiJZB.exe
  C:\Windows\System\KaPiJZB.exe
  2⤵
  PID:8336
- C:\Windows\System\zsOjhZQ.exe
  C:\Windows\System\zsOjhZQ.exe
  2⤵
  PID:8364
- C:\Windows\System\IHlDLog.exe
  C:\Windows\System\IHlDLog.exe
  2⤵
  PID:8392
- C:\Windows\System\eqBoePi.exe
  C:\Windows\System\eqBoePi.exe
  2⤵
  PID:8432
- C:\Windows\System\vvupkdk.exe
  C:\Windows\System\vvupkdk.exe
  2⤵
  PID:8460
- C:\Windows\System\huzKScr.exe
  C:\Windows\System\huzKScr.exe
  2⤵
  PID:8488
- C:\Windows\System\KBYgEHg.exe
  C:\Windows\System\KBYgEHg.exe
  2⤵
  PID:8504
- C:\Windows\System\iwWUnBe.exe
  C:\Windows\System\iwWUnBe.exe
  2⤵
  PID:8528
- C:\Windows\System\YKONEsN.exe
  C:\Windows\System\YKONEsN.exe
  2⤵
  PID:8548
- C:\Windows\System\uvoTWyy.exe
  C:\Windows\System\uvoTWyy.exe
  2⤵
  PID:8600
- C:\Windows\System\YOXJRWg.exe
  C:\Windows\System\YOXJRWg.exe
  2⤵
  PID:8632
- C:\Windows\System\nEbBPpT.exe
  C:\Windows\System\nEbBPpT.exe
  2⤵
  PID:8660
- C:\Windows\System\oDmKZMr.exe
  C:\Windows\System\oDmKZMr.exe
  2⤵
  PID:8688
- C:\Windows\System\yYlYOUP.exe
  C:\Windows\System\yYlYOUP.exe
  2⤵
  PID:8712
- C:\Windows\System\UYwCbPo.exe
  C:\Windows\System\UYwCbPo.exe
  2⤵
  PID:8732
- C:\Windows\System\EMorWRk.exe
  C:\Windows\System\EMorWRk.exe
  2⤵
  PID:8756
- C:\Windows\System\mnwRMIu.exe
  C:\Windows\System\mnwRMIu.exe
  2⤵
  PID:8796
- C:\Windows\System\MPJPjcl.exe
  C:\Windows\System\MPJPjcl.exe
  2⤵
  PID:8816
- C:\Windows\System\IKJDigh.exe
  C:\Windows\System\IKJDigh.exe
  2⤵
  PID:8844
- C:\Windows\System\nnzgzwI.exe
  C:\Windows\System\nnzgzwI.exe
  2⤵
  PID:8868
- C:\Windows\System\uPCoHtI.exe
  C:\Windows\System\uPCoHtI.exe
  2⤵
  PID:8884
- C:\Windows\System\Hfvgjly.exe
  C:\Windows\System\Hfvgjly.exe
  2⤵
  PID:8912
- C:\Windows\System\PjatAHa.exe
  C:\Windows\System\PjatAHa.exe
  2⤵
  PID:8940
- C:\Windows\System\UmipXjQ.exe
  C:\Windows\System\UmipXjQ.exe
  2⤵
  PID:8964
- C:\Windows\System\psJwtXe.exe
  C:\Windows\System\psJwtXe.exe
  2⤵
  PID:8992
- C:\Windows\System\lCaPYEf.exe
  C:\Windows\System\lCaPYEf.exe
  2⤵
  PID:9020
- C:\Windows\System\tGVvjZM.exe
  C:\Windows\System\tGVvjZM.exe
  2⤵
  PID:9044
- C:\Windows\System\szkBnpH.exe
  C:\Windows\System\szkBnpH.exe
  2⤵
  PID:9072
- C:\Windows\System\uRENPtg.exe
  C:\Windows\System\uRENPtg.exe
  2⤵
  PID:9092
- C:\Windows\System\GfSMMEi.exe
  C:\Windows\System\GfSMMEi.exe
  2⤵
  PID:9116
- C:\Windows\System\uNkgNlH.exe
  C:\Windows\System\uNkgNlH.exe
  2⤵
  PID:9156
- C:\Windows\System\IYqYuRV.exe
  C:\Windows\System\IYqYuRV.exe
  2⤵
  PID:9196
- C:\Windows\System\hnabGWL.exe
  C:\Windows\System\hnabGWL.exe
  2⤵
  PID:8200
- C:\Windows\System\xPwRsos.exe
  C:\Windows\System\xPwRsos.exe
  2⤵
  PID:8272
- C:\Windows\System\YPUaOFd.exe
  C:\Windows\System\YPUaOFd.exe
  2⤵
  PID:8380
- C:\Windows\System\TFirwNe.exe
  C:\Windows\System\TFirwNe.exe
  2⤵
  PID:8480
- C:\Windows\System\BcFGsNB.exe
  C:\Windows\System\BcFGsNB.exe
  2⤵
  PID:8516
- C:\Windows\System\tvUIbNW.exe
  C:\Windows\System\tvUIbNW.exe
  2⤵
  PID:8608
- C:\Windows\System\UYOfhfU.exe
  C:\Windows\System\UYOfhfU.exe
  2⤵
  PID:8652
- C:\Windows\System\gOahggX.exe
  C:\Windows\System\gOahggX.exe
  2⤵
  PID:8708
- C:\Windows\System\culSyYb.exe
  C:\Windows\System\culSyYb.exe
  2⤵
  PID:8788
- C:\Windows\System\VdvZeCq.exe
  C:\Windows\System\VdvZeCq.exe
  2⤵
  PID:8840
- C:\Windows\System\FVhMinj.exe
  C:\Windows\System\FVhMinj.exe
  2⤵
  PID:8924
- C:\Windows\System\smIurNW.exe
  C:\Windows\System\smIurNW.exe
  2⤵
  PID:9008
- C:\Windows\System\MpVhAye.exe
  C:\Windows\System\MpVhAye.exe
  2⤵
  PID:9004
- C:\Windows\System\XdnASuW.exe
  C:\Windows\System\XdnASuW.exe
  2⤵
  PID:9112
- C:\Windows\System\dIKbdWV.exe
  C:\Windows\System\dIKbdWV.exe
  2⤵
  PID:9188
- C:\Windows\System\bplqVFp.exe
  C:\Windows\System\bplqVFp.exe
  2⤵
  PID:8012
- C:\Windows\System\PHtZqei.exe
  C:\Windows\System\PHtZqei.exe
  2⤵
  PID:8420
- C:\Windows\System\nOMhWpO.exe
  C:\Windows\System\nOMhWpO.exe
  2⤵
  PID:8572
- C:\Windows\System\AziCkMZ.exe
  C:\Windows\System\AziCkMZ.exe
  2⤵
  PID:8704
- C:\Windows\System\cACdmxO.exe
  C:\Windows\System\cACdmxO.exe
  2⤵
  PID:8880
- C:\Windows\System\WLHiTdk.exe
  C:\Windows\System\WLHiTdk.exe
  2⤵
  PID:9068
- C:\Windows\System\BTvEMrs.exe
  C:\Windows\System\BTvEMrs.exe
  2⤵
  PID:9208
- C:\Windows\System\tcxSbSh.exe
  C:\Windows\System\tcxSbSh.exe
  2⤵
  PID:8520
- C:\Windows\System\fVPpDhY.exe
  C:\Windows\System\fVPpDhY.exe
  2⤵
  PID:9000
- C:\Windows\System\OEHiKss.exe
  C:\Windows\System\OEHiKss.exe
  2⤵
  PID:9224
- C:\Windows\System\DHmgheO.exe
  C:\Windows\System\DHmgheO.exe
  2⤵
  PID:9248
- C:\Windows\System\pRWoSEj.exe
  C:\Windows\System\pRWoSEj.exe
  2⤵
  PID:9276
- C:\Windows\System\QZLDZmx.exe
  C:\Windows\System\QZLDZmx.exe
  2⤵
  PID:9320
- C:\Windows\System\FZtLzCy.exe
  C:\Windows\System\FZtLzCy.exe
  2⤵
  PID:9360
- C:\Windows\System\Ecqoioj.exe
  C:\Windows\System\Ecqoioj.exe
  2⤵
  PID:9380
- C:\Windows\System\NxQgddG.exe
  C:\Windows\System\NxQgddG.exe
  2⤵
  PID:9416
- C:\Windows\System\uDfOksR.exe
  C:\Windows\System\uDfOksR.exe
  2⤵
  PID:9440
- C:\Windows\System\WTRwOyR.exe
  C:\Windows\System\WTRwOyR.exe
  2⤵
  PID:9460
- C:\Windows\System\UhWPNSQ.exe
  C:\Windows\System\UhWPNSQ.exe
  2⤵
  PID:9496
- C:\Windows\System\MsJGSqW.exe
  C:\Windows\System\MsJGSqW.exe
  2⤵
  PID:9540
- C:\Windows\System\AQNkFXv.exe
  C:\Windows\System\AQNkFXv.exe
  2⤵
  PID:9568
- C:\Windows\System\QolTFvU.exe
  C:\Windows\System\QolTFvU.exe
  2⤵
  PID:9608
- C:\Windows\System\rhdhfmN.exe
  C:\Windows\System\rhdhfmN.exe
  2⤵
  PID:9632
- C:\Windows\System\oGuZAoQ.exe
  C:\Windows\System\oGuZAoQ.exe
  2⤵
  PID:9660
- C:\Windows\System\JeyRMBu.exe
  C:\Windows\System\JeyRMBu.exe
  2⤵
  PID:9692
- C:\Windows\System\HUYqHbO.exe
  C:\Windows\System\HUYqHbO.exe
  2⤵
  PID:9732
- C:\Windows\System\mkgNjoh.exe
  C:\Windows\System\mkgNjoh.exe
  2⤵
  PID:9772
- C:\Windows\System\mUMylmg.exe
  C:\Windows\System\mUMylmg.exe
  2⤵
  PID:9796
- C:\Windows\System\kZHtkoI.exe
  C:\Windows\System\kZHtkoI.exe
  2⤵
  PID:9824
- C:\Windows\System\qzpMtXk.exe
  C:\Windows\System\qzpMtXk.exe
  2⤵
  PID:9848
- C:\Windows\System\OBvKDOr.exe
  C:\Windows\System\OBvKDOr.exe
  2⤵
  PID:9888
- C:\Windows\System\KyOqVSx.exe
  C:\Windows\System\KyOqVSx.exe
  2⤵
  PID:9924
- C:\Windows\System\yvvgNLf.exe
  C:\Windows\System\yvvgNLf.exe
  2⤵
  PID:9944
- C:\Windows\System\JNbYlEA.exe
  C:\Windows\System\JNbYlEA.exe
  2⤵
  PID:9984
- C:\Windows\System\ZqbxchY.exe
  C:\Windows\System\ZqbxchY.exe
  2⤵
  PID:10000
- C:\Windows\System\PaarOJt.exe
  C:\Windows\System\PaarOJt.exe
  2⤵
  PID:10020
- C:\Windows\System\SblyQTo.exe
  C:\Windows\System\SblyQTo.exe
  2⤵
  PID:10040
- C:\Windows\System\AsLehZM.exe
  C:\Windows\System\AsLehZM.exe
  2⤵
  PID:10084
- C:\Windows\System\aWMoJrY.exe
  C:\Windows\System\aWMoJrY.exe
  2⤵
  PID:10120
- C:\Windows\System\ueucVoJ.exe
  C:\Windows\System\ueucVoJ.exe
  2⤵
  PID:10152
- C:\Windows\System\KIPaUCu.exe
  C:\Windows\System\KIPaUCu.exe
  2⤵
  PID:10188
- C:\Windows\System\YcNjxTd.exe
  C:\Windows\System\YcNjxTd.exe
  2⤵
  PID:10208
- C:\Windows\System\wACqNOp.exe
  C:\Windows\System\wACqNOp.exe
  2⤵
  PID:8812
- C:\Windows\System\fmrjXXh.exe
  C:\Windows\System\fmrjXXh.exe
  2⤵
  PID:9332
- C:\Windows\System\nziBGtI.exe
  C:\Windows\System\nziBGtI.exe
  2⤵
  PID:9368
- C:\Windows\System\iIfIOYl.exe
  C:\Windows\System\iIfIOYl.exe
  2⤵
  PID:9436
- C:\Windows\System\yQKKNkQ.exe
  C:\Windows\System\yQKKNkQ.exe
  2⤵
  PID:9508
- C:\Windows\System\noHVrcJ.exe
  C:\Windows\System\noHVrcJ.exe
  2⤵
  PID:9564
- C:\Windows\System\fTDefHC.exe
  C:\Windows\System\fTDefHC.exe
  2⤵
  PID:9680
- C:\Windows\System\toYlJUs.exe
  C:\Windows\System\toYlJUs.exe
  2⤵
  PID:9728
- C:\Windows\System\hCOIAQv.exe
  C:\Windows\System\hCOIAQv.exe
  2⤵
  PID:9784
- C:\Windows\System\ydtXUim.exe
  C:\Windows\System\ydtXUim.exe
  2⤵
  PID:9868
- C:\Windows\System\YhoVHju.exe
  C:\Windows\System\YhoVHju.exe
  2⤵
  PID:9932
- C:\Windows\System\GkzUWym.exe
  C:\Windows\System\GkzUWym.exe
  2⤵
  PID:10008
- C:\Windows\System\PJdjVgt.exe
  C:\Windows\System\PJdjVgt.exe
  2⤵
  PID:10060
- C:\Windows\System\hfmSZaD.exe
  C:\Windows\System\hfmSZaD.exe
  2⤵
  PID:10112
- C:\Windows\System\ExHLwrh.exe
  C:\Windows\System\ExHLwrh.exe
  2⤵
  PID:10180
- C:\Windows\System\STxuNWK.exe
  C:\Windows\System\STxuNWK.exe
  2⤵
  PID:8956
- C:\Windows\System\PKWYVyj.exe
  C:\Windows\System\PKWYVyj.exe
  2⤵
  PID:9148
- C:\Windows\System\bmJELYT.exe
  C:\Windows\System\bmJELYT.exe
  2⤵
  PID:9708
- C:\Windows\System\SbITOBE.exe
  C:\Windows\System\SbITOBE.exe
  2⤵
  PID:9820
- C:\Windows\System\NvBwgbp.exe
  C:\Windows\System\NvBwgbp.exe
  2⤵
  PID:10080
- C:\Windows\System\RfmcGaP.exe
  C:\Windows\System\RfmcGaP.exe
  2⤵
  PID:10160
- C:\Windows\System\syAcJuX.exe
  C:\Windows\System\syAcJuX.exe
  2⤵
  PID:9652
- C:\Windows\System\VPezSgD.exe
  C:\Windows\System\VPezSgD.exe
  2⤵
  PID:9392
- C:\Windows\System\rqvdNnY.exe
  C:\Windows\System\rqvdNnY.exe
  2⤵
  PID:10244
- C:\Windows\System\kPoRfJD.exe
  C:\Windows\System\kPoRfJD.exe
  2⤵
  PID:10260
- C:\Windows\System\CwwuDqT.exe
  C:\Windows\System\CwwuDqT.exe
  2⤵
  PID:10296
- C:\Windows\System\GCyqPLc.exe
  C:\Windows\System\GCyqPLc.exe
  2⤵
  PID:10316
- C:\Windows\System\ljPciOU.exe
  C:\Windows\System\ljPciOU.exe
  2⤵
  PID:10344
- C:\Windows\System\sJazjde.exe
  C:\Windows\System\sJazjde.exe
  2⤵
  PID:10376
- C:\Windows\System\jBfbkSm.exe
  C:\Windows\System\jBfbkSm.exe
  2⤵
  PID:10408
- C:\Windows\System\LLWHUqP.exe
  C:\Windows\System\LLWHUqP.exe
  2⤵
  PID:10440
- C:\Windows\System\ZDpomLm.exe
  C:\Windows\System\ZDpomLm.exe
  2⤵
  PID:10468
- C:\Windows\System\klbQIds.exe
  C:\Windows\System\klbQIds.exe
  2⤵
  PID:10512
- C:\Windows\System\CNjPaiL.exe
  C:\Windows\System\CNjPaiL.exe
  2⤵
  PID:10540
- C:\Windows\System\wpuMKUv.exe
  C:\Windows\System\wpuMKUv.exe
  2⤵
  PID:10568
- C:\Windows\System\zdRcpPM.exe
  C:\Windows\System\zdRcpPM.exe
  2⤵
  PID:10596
- C:\Windows\System\COmLHKq.exe
  C:\Windows\System\COmLHKq.exe
  2⤵
  PID:10628
- C:\Windows\System\QQXWxBM.exe
  C:\Windows\System\QQXWxBM.exe
  2⤵
  PID:10656
- C:\Windows\System\WBDAaVD.exe
  C:\Windows\System\WBDAaVD.exe
  2⤵
  PID:10684
- C:\Windows\System\YpmOccD.exe
  C:\Windows\System\YpmOccD.exe
  2⤵
  PID:10712
- C:\Windows\System\smWIlsS.exe
  C:\Windows\System\smWIlsS.exe
  2⤵
  PID:10732
- C:\Windows\System\oOHBUkY.exe
  C:\Windows\System\oOHBUkY.exe
  2⤵
  PID:10756
- C:\Windows\System\MaFdBsS.exe
  C:\Windows\System\MaFdBsS.exe
  2⤵
  PID:10784
- C:\Windows\System\dbecMol.exe
  C:\Windows\System\dbecMol.exe
  2⤵
  PID:10800
- C:\Windows\System\WiYTOpc.exe
  C:\Windows\System\WiYTOpc.exe
  2⤵
  PID:10840
- C:\Windows\System\MPQGkWS.exe
  C:\Windows\System\MPQGkWS.exe
  2⤵
  PID:10880
- C:\Windows\System\DqYskCB.exe
  C:\Windows\System\DqYskCB.exe
  2⤵
  PID:10904
- C:\Windows\System\FTuEngY.exe
  C:\Windows\System\FTuEngY.exe
  2⤵
  PID:10924
- C:\Windows\System\EhvIwQj.exe
  C:\Windows\System\EhvIwQj.exe
  2⤵
  PID:10952
- C:\Windows\System\wczaPnz.exe
  C:\Windows\System\wczaPnz.exe
  2⤵
  PID:10972
- C:\Windows\System\sqvbduO.exe
  C:\Windows\System\sqvbduO.exe
  2⤵
  PID:11012
- C:\Windows\System\lWChEep.exe
  C:\Windows\System\lWChEep.exe
  2⤵
  PID:11052
- C:\Windows\System\SRjXyFG.exe
  C:\Windows\System\SRjXyFG.exe
  2⤵
  PID:11068
- C:\Windows\System\uZQjfXH.exe
  C:\Windows\System\uZQjfXH.exe
  2⤵
  PID:11092
- C:\Windows\System\ojTBnap.exe
  C:\Windows\System\ojTBnap.exe
  2⤵
  PID:11112
- C:\Windows\System\XgqkjmD.exe
  C:\Windows\System\XgqkjmD.exe
  2⤵
  PID:11136
- C:\Windows\System\yFVbqMY.exe
  C:\Windows\System\yFVbqMY.exe
  2⤵
  PID:11192
- C:\Windows\System\kFJxgxp.exe
  C:\Windows\System\kFJxgxp.exe
  2⤵
  PID:11220
- C:\Windows\System\PLrZIpJ.exe
  C:\Windows\System\PLrZIpJ.exe
  2⤵
  PID:11248
- C:\Windows\System\PEjYCur.exe
  C:\Windows\System\PEjYCur.exe
  2⤵
  PID:10064
- C:\Windows\System\qkJjSxp.exe
  C:\Windows\System\qkJjSxp.exe
  2⤵
  PID:10308
- C:\Windows\System\HNagjzZ.exe
  C:\Windows\System\HNagjzZ.exe
  2⤵
  PID:10372
- C:\Windows\System\JcqtNFv.exe
  C:\Windows\System\JcqtNFv.exe
  2⤵
  PID:10428
- C:\Windows\System\TtMUqom.exe
  C:\Windows\System\TtMUqom.exe
  2⤵
  PID:10508
- C:\Windows\System\yivenCD.exe
  C:\Windows\System\yivenCD.exe
  2⤵
  PID:10564
- C:\Windows\System\oMyZdhZ.exe
  C:\Windows\System\oMyZdhZ.exe
  2⤵
  PID:10648
- C:\Windows\System\IXVylom.exe
  C:\Windows\System\IXVylom.exe
  2⤵
  PID:10704
- C:\Windows\System\YsTLLzp.exe
  C:\Windows\System\YsTLLzp.exe
  2⤵
  PID:10728
- C:\Windows\System\WbvjZhR.exe
  C:\Windows\System\WbvjZhR.exe
  2⤵
  PID:10792
- C:\Windows\System\rwinRRU.exe
  C:\Windows\System\rwinRRU.exe
  2⤵
  PID:10872
- C:\Windows\System\OtGbDsn.exe
  C:\Windows\System\OtGbDsn.exe
  2⤵
  PID:10912
- C:\Windows\System\hpZAZXy.exe
  C:\Windows\System\hpZAZXy.exe
  2⤵
  PID:11032
- C:\Windows\System\FdwrFig.exe
  C:\Windows\System\FdwrFig.exe
  2⤵
  PID:11152
- C:\Windows\System\MgrEZCa.exe
  C:\Windows\System\MgrEZCa.exe
  2⤵
  PID:11176
- C:\Windows\System\QhSpfEj.exe
  C:\Windows\System\QhSpfEj.exe
  2⤵
  PID:11216
- C:\Windows\System\MijYzwy.exe
  C:\Windows\System\MijYzwy.exe
  2⤵
  PID:10280
- C:\Windows\System\yVDtiaP.exe
  C:\Windows\System\yVDtiaP.exe
  2⤵
  PID:10436
- C:\Windows\System\VCtKtUc.exe
  C:\Windows\System\VCtKtUc.exe
  2⤵
  PID:10552
- C:\Windows\System\RWxQbqe.exe
  C:\Windows\System\RWxQbqe.exe
  2⤵
  PID:10740
- C:\Windows\System\vrwyROf.exe
  C:\Windows\System\vrwyROf.exe
  2⤵
  PID:10852
- C:\Windows\System\SDpTQTJ.exe
  C:\Windows\System\SDpTQTJ.exe
  2⤵
  PID:10980
- C:\Windows\System\qVyHLMu.exe
  C:\Windows\System\qVyHLMu.exe
  2⤵
  PID:11048
- C:\Windows\System\vsLqRTX.exe
  C:\Windows\System\vsLqRTX.exe
  2⤵
  PID:10176
- C:\Windows\System\qSSfGAf.exe
  C:\Windows\System\qSSfGAf.exe
  2⤵
  PID:11204
- C:\Windows\System\YYjWhKM.exe
  C:\Windows\System\YYjWhKM.exe
  2⤵
  PID:10536
- C:\Windows\System\BBSpKly.exe
  C:\Windows\System\BBSpKly.exe
  2⤵
  PID:9580
- C:\Windows\System\oDdmFbJ.exe
  C:\Windows\System\oDdmFbJ.exe
  2⤵
  PID:10896
- C:\Windows\System\usmtZWZ.exe
  C:\Windows\System\usmtZWZ.exe
  2⤵
  PID:10400
- C:\Windows\System\AcbzhTu.exe
  C:\Windows\System\AcbzhTu.exe
  2⤵
  PID:10312
- C:\Windows\System\pPIuZBp.exe
  C:\Windows\System\pPIuZBp.exe
  2⤵
  PID:11272
- C:\Windows\System\KAGYgMo.exe
  C:\Windows\System\KAGYgMo.exe
  2⤵
  PID:11312
- C:\Windows\System\kOllxPj.exe
  C:\Windows\System\kOllxPj.exe
  2⤵
  PID:11344
- C:\Windows\System\AqymKSP.exe
  C:\Windows\System\AqymKSP.exe
  2⤵
  PID:11380
- C:\Windows\System\gyZiuEh.exe
  C:\Windows\System\gyZiuEh.exe
  2⤵
  PID:11408
- C:\Windows\System\oIlAsHe.exe
  C:\Windows\System\oIlAsHe.exe
  2⤵
  PID:11452
- C:\Windows\System\OtnTPbZ.exe
  C:\Windows\System\OtnTPbZ.exe
  2⤵
  PID:11488
- C:\Windows\System\QQKJEqj.exe
  C:\Windows\System\QQKJEqj.exe
  2⤵
  PID:11520
- C:\Windows\System\kaQRywn.exe
  C:\Windows\System\kaQRywn.exe
  2⤵
  PID:11548
- C:\Windows\System\ndwpjHR.exe
  C:\Windows\System\ndwpjHR.exe
  2⤵
  PID:11572
- C:\Windows\System\POyFywL.exe
  C:\Windows\System\POyFywL.exe
  2⤵
  PID:11808
- C:\Windows\System\RKsZOxp.exe
  C:\Windows\System\RKsZOxp.exe
  2⤵
  PID:11824
- C:\Windows\System\VEqlBTJ.exe
  C:\Windows\System\VEqlBTJ.exe
  2⤵
  PID:11840
- C:\Windows\System\OGAMvLI.exe
  C:\Windows\System\OGAMvLI.exe
  2⤵
  PID:11872
- C:\Windows\System\oOcGmVq.exe
  C:\Windows\System\oOcGmVq.exe
  2⤵
  PID:11908
- C:\Windows\System\LvJFCtq.exe
  C:\Windows\System\LvJFCtq.exe
  2⤵
  PID:11936
- C:\Windows\System\dDunsHC.exe
  C:\Windows\System\dDunsHC.exe
  2⤵
  PID:11976
- C:\Windows\System\wBwbqny.exe
  C:\Windows\System\wBwbqny.exe
  2⤵
  PID:12004
- C:\Windows\System\TUxMSGF.exe
  C:\Windows\System\TUxMSGF.exe
  2⤵
  PID:12028
- C:\Windows\System\lFBNUMS.exe
  C:\Windows\System\lFBNUMS.exe
  2⤵
  PID:12048
- C:\Windows\System\AcCVxDp.exe
  C:\Windows\System\AcCVxDp.exe
  2⤵
  PID:12076
- C:\Windows\System\vRLLmkE.exe
  C:\Windows\System\vRLLmkE.exe
  2⤵
  PID:12104
- C:\Windows\System\NJIPvTc.exe
  C:\Windows\System\NJIPvTc.exe
  2⤵
  PID:12144
- C:\Windows\System\hWWpeLK.exe
  C:\Windows\System\hWWpeLK.exe
  2⤵
  PID:12160
- C:\Windows\System\ENLxMcG.exe
  C:\Windows\System\ENLxMcG.exe
  2⤵
  PID:12188
- C:\Windows\System\rXKOKBP.exe
  C:\Windows\System\rXKOKBP.exe
  2⤵
  PID:12216
- C:\Windows\System\IDdRpJN.exe
  C:\Windows\System\IDdRpJN.exe
  2⤵
  PID:12236
- C:\Windows\System\zrRbQrR.exe
  C:\Windows\System\zrRbQrR.exe
  2⤵
  PID:12268
- C:\Windows\System\FXyaGKn.exe
  C:\Windows\System\FXyaGKn.exe
  2⤵
  PID:11108
- C:\Windows\System\EqwgMhr.exe
  C:\Windows\System\EqwgMhr.exe
  2⤵
  PID:11356
- C:\Windows\System\LGghFeg.exe
  C:\Windows\System\LGghFeg.exe
  2⤵
  PID:11428
- C:\Windows\System\pAmoQqi.exe
  C:\Windows\System\pAmoQqi.exe
  2⤵
  PID:11484
- C:\Windows\System\lhOapGZ.exe
  C:\Windows\System\lhOapGZ.exe
  2⤵
  PID:11532
- C:\Windows\System\LMwSeFz.exe
  C:\Windows\System\LMwSeFz.exe
  2⤵
  PID:11604
- C:\Windows\System\ORMMizq.exe
  C:\Windows\System\ORMMizq.exe
  2⤵
  PID:11652
- C:\Windows\System\CjRxuGe.exe
  C:\Windows\System\CjRxuGe.exe
  2⤵
  PID:11680
- C:\Windows\System\MAJhdMW.exe
  C:\Windows\System\MAJhdMW.exe
  2⤵
  PID:11708
- C:\Windows\System\BqPXAgM.exe
  C:\Windows\System\BqPXAgM.exe
  2⤵
  PID:11740
- C:\Windows\System\IxMlfso.exe
  C:\Windows\System\IxMlfso.exe
  2⤵
  PID:11772
- C:\Windows\System\TZKkVgM.exe
  C:\Windows\System\TZKkVgM.exe
  2⤵
  PID:11628
- C:\Windows\System\blCPhjd.exe
  C:\Windows\System\blCPhjd.exe
  2⤵
  PID:11804
- C:\Windows\System\JnvBNBl.exe
  C:\Windows\System\JnvBNBl.exe
  2⤵
  PID:11888
- C:\Windows\System\xvZNbaV.exe
  C:\Windows\System\xvZNbaV.exe
  2⤵
  PID:11988
- C:\Windows\System\zUmzQhy.exe
  C:\Windows\System\zUmzQhy.exe
  2⤵
  PID:12044
- C:\Windows\System\aXtPMTl.exe
  C:\Windows\System\aXtPMTl.exe
  2⤵
  PID:12124
- C:\Windows\System\fQqbVik.exe
  C:\Windows\System\fQqbVik.exe
  2⤵
  PID:12184
- C:\Windows\System\jzewKZH.exe
  C:\Windows\System\jzewKZH.exe
  2⤵
  PID:12256
- C:\Windows\System\bAOPWOT.exe
  C:\Windows\System\bAOPWOT.exe
  2⤵
  PID:12252
- C:\Windows\System\TCDHlrJ.exe
  C:\Windows\System\TCDHlrJ.exe
  2⤵
  PID:1684
- C:\Windows\System\LmHtsyW.exe
  C:\Windows\System\LmHtsyW.exe
  2⤵
  PID:11504
- C:\Windows\System\zmwLGqm.exe
  C:\Windows\System\zmwLGqm.exe
  2⤵
  PID:11648
- C:\Windows\System\FzTKNhR.exe
  C:\Windows\System\FzTKNhR.exe
  2⤵
  PID:11724
- C:\Windows\System\MKlYrgS.exe
  C:\Windows\System\MKlYrgS.exe
  2⤵
  PID:11820
- C:\Windows\System\PKRgZmr.exe
  C:\Windows\System\PKRgZmr.exe
  2⤵
  PID:12020
- C:\Windows\System\rgUEFsG.exe
  C:\Windows\System\rgUEFsG.exe
  2⤵
  PID:12156
- C:\Windows\System\FowEZvV.exe
  C:\Windows\System\FowEZvV.exe
  2⤵
  PID:11308
- C:\Windows\System\liVORNJ.exe
  C:\Windows\System\liVORNJ.exe
  2⤵
  PID:11636
- C:\Windows\System\rlaphoo.exe
  C:\Windows\System\rlaphoo.exe
  2⤵
  PID:11788
- C:\Windows\System\gBKMHth.exe
  C:\Windows\System\gBKMHth.exe
  2⤵
  PID:12224
- C:\Windows\System\fKpMiLR.exe
  C:\Windows\System\fKpMiLR.exe
  2⤵
  PID:11852
- C:\Windows\System\qEYAfdm.exe
  C:\Windows\System\qEYAfdm.exe
  2⤵
  PID:11336
- C:\Windows\System\vBtlHtD.exe
  C:\Windows\System\vBtlHtD.exe
  2⤵
  PID:12308
- C:\Windows\System\wDsTeXy.exe
  C:\Windows\System\wDsTeXy.exe
  2⤵
  PID:12328
- C:\Windows\System\KdLycIb.exe
  C:\Windows\System\KdLycIb.exe
  2⤵
  PID:12360
- C:\Windows\System\AlhdxYO.exe
  C:\Windows\System\AlhdxYO.exe
  2⤵
  PID:12404
- C:\Windows\System\KKxfObi.exe
  C:\Windows\System\KKxfObi.exe
  2⤵
  PID:12420
- C:\Windows\System\jWdppcp.exe
  C:\Windows\System\jWdppcp.exe
  2⤵
  PID:12440
- C:\Windows\System\MYJAOgk.exe
  C:\Windows\System\MYJAOgk.exe
  2⤵
  PID:12468
- C:\Windows\System\zEqJMgx.exe
  C:\Windows\System\zEqJMgx.exe
  2⤵
  PID:12500
- C:\Windows\System\qDrcqMR.exe
  C:\Windows\System\qDrcqMR.exe
  2⤵
  PID:12536
- C:\Windows\System\WckDtWi.exe
  C:\Windows\System\WckDtWi.exe
  2⤵
  PID:12560
- C:\Windows\System\CqyfNxp.exe
  C:\Windows\System\CqyfNxp.exe
  2⤵
  PID:12580
- C:\Windows\System\PBYireH.exe
  C:\Windows\System\PBYireH.exe
  2⤵
  PID:12620
- C:\Windows\System\FpOopdG.exe
  C:\Windows\System\FpOopdG.exe
  2⤵
  PID:12652
- C:\Windows\System\zGtcxOs.exe
  C:\Windows\System\zGtcxOs.exe
  2⤵
  PID:12684
- C:\Windows\System\cZofEXz.exe
  C:\Windows\System\cZofEXz.exe
  2⤵
  PID:12724
- C:\Windows\System\RnYxWXC.exe
  C:\Windows\System\RnYxWXC.exe
  2⤵
  PID:12748
- C:\Windows\System\eAfoORk.exe
  C:\Windows\System\eAfoORk.exe
  2⤵
  PID:12776
- C:\Windows\System\YQJrVYv.exe
  C:\Windows\System\YQJrVYv.exe
  2⤵
  PID:12792
- C:\Windows\System\UsRYYJn.exe
  C:\Windows\System\UsRYYJn.exe
  2⤵
  PID:12828
- C:\Windows\System\LiXkbyU.exe
  C:\Windows\System\LiXkbyU.exe
  2⤵
  PID:12848
- C:\Windows\System\ajLOmhs.exe
  C:\Windows\System\ajLOmhs.exe
  2⤵
  PID:12876
- C:\Windows\System\GDJDLgE.exe
  C:\Windows\System\GDJDLgE.exe
  2⤵
  PID:12900
- C:\Windows\System\cPkqons.exe
  C:\Windows\System\cPkqons.exe
  2⤵
  PID:12944
- C:\Windows\System\eqflWiy.exe
  C:\Windows\System\eqflWiy.exe
  2⤵
  PID:12972
- C:\Windows\System\XxkNchn.exe
  C:\Windows\System\XxkNchn.exe
  2⤵
  PID:13004
- C:\Windows\System\YABHrca.exe
  C:\Windows\System\YABHrca.exe
  2⤵
  PID:13020
- C:\Windows\System\pQoGhXC.exe
  C:\Windows\System\pQoGhXC.exe
  2⤵
  PID:13044
- C:\Windows\System\zppvLhR.exe
  C:\Windows\System\zppvLhR.exe
  2⤵
  PID:13076
- C:\Windows\System\kJRmdnM.exe
  C:\Windows\System\kJRmdnM.exe
  2⤵
  PID:13096
- C:\Windows\System\UCJgVEl.exe
  C:\Windows\System\UCJgVEl.exe
  2⤵
  PID:13128
- C:\Windows\System\MnYixij.exe
  C:\Windows\System\MnYixij.exe
  2⤵
  PID:13164
- C:\Windows\System\vGENVMk.exe
  C:\Windows\System\vGENVMk.exe
  2⤵
  PID:13196
- C:\Windows\System\vDIuzIt.exe
  C:\Windows\System\vDIuzIt.exe
  2⤵
  PID:13228
- C:\Windows\System\eRqLotL.exe
  C:\Windows\System\eRqLotL.exe
  2⤵
  PID:13248
- C:\Windows\System\nfsVrJK.exe
  C:\Windows\System\nfsVrJK.exe
  2⤵
  PID:13272
- C:\Windows\System\HjIDdqJ.exe
  C:\Windows\System\HjIDdqJ.exe
  2⤵
  PID:5816
- C:\Windows\System\qMBDgPk.exe
  C:\Windows\System\qMBDgPk.exe
  2⤵
  PID:12324
- C:\Windows\System\SZGQwsh.exe
  C:\Windows\System\SZGQwsh.exe
  2⤵
  PID:12400
- C:\Windows\System\TlOvIwL.exe
  C:\Windows\System\TlOvIwL.exe
  2⤵
  PID:12480
- C:\Windows\System\OwkHvMy.exe
  C:\Windows\System\OwkHvMy.exe
  2⤵
  PID:12528
- C:\Windows\System\xetRqLJ.exe
  C:\Windows\System\xetRqLJ.exe
  2⤵
  PID:5564
- C:\Windows\System\birMFGg.exe
  C:\Windows\System\birMFGg.exe
  2⤵
  PID:5556
- C:\Windows\System\vfOiIQa.exe
  C:\Windows\System\vfOiIQa.exe
  2⤵
  PID:12588
- C:\Windows\System\yvRMcth.exe
  C:\Windows\System\yvRMcth.exe
  2⤵
  PID:12640
- C:\Windows\System\HLNkRsb.exe
  C:\Windows\System\HLNkRsb.exe
  2⤵
  PID:4704
- C:\Windows\System\PvNOeCJ.exe
  C:\Windows\System\PvNOeCJ.exe
  2⤵
  PID:12760
- C:\Windows\System\FcqqJWe.exe
  C:\Windows\System\FcqqJWe.exe
  2⤵
  PID:12868
- C:\Windows\System\njfYoUs.exe
  C:\Windows\System\njfYoUs.exe
  2⤵
  PID:12928
- C:\Windows\System\YGsnuct.exe
  C:\Windows\System\YGsnuct.exe
  2⤵
  PID:12960
- C:\Windows\System\TcvCTxl.exe
  C:\Windows\System\TcvCTxl.exe
  2⤵
  PID:13068
- C:\Windows\System\vvzVUcv.exe
  C:\Windows\System\vvzVUcv.exe
  2⤵
  PID:13084
- C:\Windows\System\LSVJXst.exe
  C:\Windows\System\LSVJXst.exe
  2⤵
  PID:13220
- C:\Windows\System\EqoXdPX.exe
  C:\Windows\System\EqoXdPX.exe
  2⤵
  PID:13264
- C:\Windows\System\akHmoQh.exe
  C:\Windows\System\akHmoQh.exe
  2⤵
  PID:11736
- C:\Windows\System\SIsrTAi.exe
  C:\Windows\System\SIsrTAi.exe
  2⤵
  PID:12380
- C:\Windows\System\FRQmwal.exe
  C:\Windows\System\FRQmwal.exe
  2⤵
  PID:12436
- C:\Windows\System\VPfYWdM.exe
  C:\Windows\System\VPfYWdM.exe
  2⤵
  PID:5528
- C:\Windows\System\JJHHysu.exe
  C:\Windows\System\JJHHysu.exe
  2⤵
  PID:12600
- C:\Windows\System\CBGemEO.exe
  C:\Windows\System\CBGemEO.exe
  2⤵
  PID:12812
- C:\Windows\System\WIaPqyH.exe
  C:\Windows\System\WIaPqyH.exe
  2⤵
  PID:12936
- C:\Windows\System\FKxiyGb.exe
  C:\Windows\System\FKxiyGb.exe
  2⤵
  PID:13056
- C:\Windows\System\mBflqSj.exe
  C:\Windows\System\mBflqSj.exe
  2⤵
  PID:13108
- C:\Windows\System\zDdJywh.exe
  C:\Windows\System\zDdJywh.exe
  2⤵
  PID:12316
- C:\Windows\System\YqNAALU.exe
  C:\Windows\System\YqNAALU.exe
  2⤵
  PID:12668
- C:\Windows\System\kxwPIhg.exe
  C:\Windows\System\kxwPIhg.exe
  2⤵
  PID:12908
- C:\Windows\System\QVFNzDO.exe
  C:\Windows\System\QVFNzDO.exe
  2⤵
  PID:13244
- C:\Windows\System\fOBhjHd.exe
  C:\Windows\System\fOBhjHd.exe
  2⤵
  PID:12576
- C:\Windows\System\YYsEsyM.exe
  C:\Windows\System\YYsEsyM.exe
  2⤵
  PID:13284
- C:\Windows\System\gJAjEcp.exe
  C:\Windows\System\gJAjEcp.exe
  2⤵
  PID:13328
- C:\Windows\System\YNThNNY.exe
  C:\Windows\System\YNThNNY.exe
  2⤵
  PID:13372
- C:\Windows\System\alYVamA.exe
  C:\Windows\System\alYVamA.exe
  2⤵
  PID:13400
- C:\Windows\System\NxLmjzb.exe
  C:\Windows\System\NxLmjzb.exe
  2⤵
  PID:13428
- C:\Windows\System\NgarXds.exe
  C:\Windows\System\NgarXds.exe
  2⤵
  PID:13456
- C:\Windows\System\ZXRgrTJ.exe
  C:\Windows\System\ZXRgrTJ.exe
  2⤵
  PID:13484
- C:\Windows\System\yAxWeOH.exe
  C:\Windows\System\yAxWeOH.exe
  2⤵
  PID:13512
- C:\Windows\System\vnZjsUr.exe
  C:\Windows\System\vnZjsUr.exe
  2⤵
  PID:13536
- C:\Windows\System\NynIIys.exe
  C:\Windows\System\NynIIys.exe
  2⤵
  PID:13568
- C:\Windows\System\fjVODTW.exe
  C:\Windows\System\fjVODTW.exe
  2⤵
  PID:13596
- C:\Windows\System\sBJnFCd.exe
  C:\Windows\System\sBJnFCd.exe
  2⤵
  PID:13624
- C:\Windows\System\YzKOUBe.exe
  C:\Windows\System\YzKOUBe.exe
  2⤵
  PID:13640
- C:\Windows\System\wpcXsjx.exe
  C:\Windows\System\wpcXsjx.exe
  2⤵
  PID:13656
- C:\Windows\System\alZFRRq.exe
  C:\Windows\System\alZFRRq.exe
  2⤵
  PID:13672
- C:\Windows\System\ohzAjKG.exe
  C:\Windows\System\ohzAjKG.exe
  2⤵
  PID:13700
- C:\Windows\System\VjlkUsN.exe
  C:\Windows\System\VjlkUsN.exe
  2⤵
  PID:13748
- C:\Windows\System\SyWawME.exe
  C:\Windows\System\SyWawME.exe
  2⤵
  PID:13776
- C:\Windows\System\SUzdOOb.exe
  C:\Windows\System\SUzdOOb.exe
  2⤵
  PID:13796
- C:\Windows\System\hyghfyF.exe
  C:\Windows\System\hyghfyF.exe
  2⤵
  PID:13852
- C:\Windows\System\PngWlrk.exe
  C:\Windows\System\PngWlrk.exe
  2⤵
  PID:13884
- C:\Windows\System\jUHCHKu.exe
  C:\Windows\System\jUHCHKu.exe
  2⤵
  PID:13904
- C:\Windows\System\RjNodIl.exe
  C:\Windows\System\RjNodIl.exe
  2⤵
  PID:13936
- C:\Windows\System\vdmgseV.exe
  C:\Windows\System\vdmgseV.exe
  2⤵
  PID:13960
- C:\Windows\System\QbUEtOv.exe
  C:\Windows\System\QbUEtOv.exe
  2⤵
  PID:13996
- C:\Windows\System\QKXDcaQ.exe
  C:\Windows\System\QKXDcaQ.exe
  2⤵
  PID:14024
- C:\Windows\System\ZUjDIIs.exe
  C:\Windows\System\ZUjDIIs.exe
  2⤵
  PID:14048
- C:\Windows\System\LYwhURt.exe
  C:\Windows\System\LYwhURt.exe
  2⤵
  PID:14072
- C:\Windows\System\LxJqxrj.exe
  C:\Windows\System\LxJqxrj.exe
  2⤵
  PID:14104
- C:\Windows\System\gLVgFTS.exe
  C:\Windows\System\gLVgFTS.exe
  2⤵
  PID:14136
- C:\Windows\System\LknyUpD.exe
  C:\Windows\System\LknyUpD.exe
  2⤵
  PID:14164
- C:\Windows\System\jaILnfr.exe
  C:\Windows\System\jaILnfr.exe
  2⤵
  PID:14192
- C:\Windows\System\VgUTvTA.exe
  C:\Windows\System\VgUTvTA.exe
  2⤵
  PID:14220
- C:\Windows\System\nZqSDPi.exe
  C:\Windows\System\nZqSDPi.exe
  2⤵
  PID:14248
- C:\Windows\System\vSmHtJr.exe
  C:\Windows\System\vSmHtJr.exe
  2⤵
  PID:14276
- C:\Windows\System\IdcDlKH.exe
  C:\Windows\System\IdcDlKH.exe
  2⤵
  PID:14304
- C:\Windows\System\DzDaPdi.exe
  C:\Windows\System\DzDaPdi.exe
  2⤵
  PID:14324
- C:\Windows\System\GgVCmKK.exe
  C:\Windows\System\GgVCmKK.exe
  2⤵
  PID:5568
- C:\Windows\System\dLhDASS.exe
  C:\Windows\System\dLhDASS.exe
  2⤵
  PID:13384
- C:\Windows\System\FOwaXiZ.exe
  C:\Windows\System\FOwaXiZ.exe
  2⤵
  PID:13476
- C:\Windows\System\xgQMiDc.exe
  C:\Windows\System\xgQMiDc.exe
  2⤵
  PID:13544
- C:\Windows\System\ZwaIeFe.exe
  C:\Windows\System\ZwaIeFe.exe
  2⤵
  PID:13588
- C:\Windows\System\CqWmgtY.exe
  C:\Windows\System\CqWmgtY.exe
  2⤵
  PID:4756
- C:\Windows\System\vBMUJbG.exe
  C:\Windows\System\vBMUJbG.exe
  2⤵
  PID:4604
- C:\Windows\System\DbxVsLY.exe
  C:\Windows\System\DbxVsLY.exe
  2⤵
  PID:13688
- C:\Windows\System\RhjdNSt.exe
  C:\Windows\System\RhjdNSt.exe
  2⤵
  PID:13768
- C:\Windows\System\LGXQtXo.exe
  C:\Windows\System\LGXQtXo.exe
  2⤵
  PID:13820
- C:\Windows\System\aKHzftQ.exe
  C:\Windows\System\aKHzftQ.exe
  2⤵
  PID:13912
- C:\Windows\System\gwcbggM.exe
  C:\Windows\System\gwcbggM.exe
  2⤵
  PID:13956
- C:\Windows\System\YLFGvOx.exe
  C:\Windows\System\YLFGvOx.exe
  2⤵
  PID:14016
- C:\Windows\System\GoMQkWM.exe
  C:\Windows\System\GoMQkWM.exe
  2⤵
  PID:14120
- C:\Windows\System\WKbGjLE.exe
  C:\Windows\System\WKbGjLE.exe
  2⤵
  PID:14188
- C:\Windows\System\BVGaHGr.exe
  C:\Windows\System\BVGaHGr.exe
  2⤵
  PID:14232
- C:\Windows\System\kLWShYg.exe
  C:\Windows\System\kLWShYg.exe
  2⤵
  PID:14264
- C:\Windows\System\WmtLUvI.exe
  C:\Windows\System\WmtLUvI.exe
  2⤵
  PID:13012
- C:\Windows\System\ZDAZDId.exe
  C:\Windows\System\ZDAZDId.exe
  2⤵
  PID:13452
- C:\Windows\System\mukgdbh.exe
  C:\Windows\System\mukgdbh.exe
  2⤵
  PID:13648
- C:\Windows\System\iAHTrfr.exe
  C:\Windows\System\iAHTrfr.exe
  2⤵
  PID:4476
- C:\Windows\System\NrtVgcI.exe
  C:\Windows\System\NrtVgcI.exe
  2⤵
  PID:13876
- C:\Windows\System\TWKVQJh.exe
  C:\Windows\System\TWKVQJh.exe
  2⤵
  PID:13992
- C:\Windows\System\KBehLoY.exe
  C:\Windows\System\KBehLoY.exe
  2⤵
  PID:14152
- C:\Windows\System\AfrgDUt.exe
  C:\Windows\System\AfrgDUt.exe
  2⤵
  PID:13360
- C:\Windows\System\DgmNpAb.exe
  C:\Windows\System\DgmNpAb.exe
  2⤵
  PID:13528
- C:\Windows\System\XjkSvHJ.exe
  C:\Windows\System\XjkSvHJ.exe
  2⤵
  PID:13928
- C:\Windows\System\BKBZilg.exe
  C:\Windows\System\BKBZilg.exe
  2⤵
  PID:13944
- C:\Windows\System\IEqQLka.exe
  C:\Windows\System\IEqQLka.exe
  2⤵
  PID:13352
- C:\Windows\System\siWnXOm.exe
  C:\Windows\System\siWnXOm.exe
  2⤵
  PID:13388
- C:\Windows\System\bkeFwAo.exe
  C:\Windows\System\bkeFwAo.exe
  2⤵
  PID:14364
- C:\Windows\System\KzMgzLn.exe
  C:\Windows\System\KzMgzLn.exe
  2⤵
  PID:14392
- C:\Windows\System\wcHJvfu.exe
  C:\Windows\System\wcHJvfu.exe
  2⤵
  PID:14420
- C:\Windows\System\vaRWSCO.exe
  C:\Windows\System\vaRWSCO.exe
  2⤵
  PID:14448
- C:\Windows\System\OvIiQtI.exe
  C:\Windows\System\OvIiQtI.exe
  2⤵
  PID:14476
- C:\Windows\System\qOTqvuG.exe
  C:\Windows\System\qOTqvuG.exe
  2⤵
  PID:14504
- C:\Windows\System\zuxRskA.exe
  C:\Windows\System\zuxRskA.exe
  2⤵
  PID:14528
- C:\Windows\System\tTDoggP.exe
  C:\Windows\System\tTDoggP.exe
  2⤵
  PID:14548
- C:\Windows\System\lEMvIxf.exe
  C:\Windows\System\lEMvIxf.exe
  2⤵
  PID:14588
- C:\Windows\System\BzkBPpH.exe
  C:\Windows\System\BzkBPpH.exe
  2⤵
  PID:14604
- C:\Windows\System\RredxCd.exe
  C:\Windows\System\RredxCd.exe
  2⤵
  PID:14620
- C:\Windows\System\qLhMVsb.exe
  C:\Windows\System\qLhMVsb.exe
  2⤵
  PID:14644
- C:\Windows\System\qCqpWhi.exe
  C:\Windows\System\qCqpWhi.exe
  2⤵
  PID:14688
- C:\Windows\System\kWabBDh.exe
  C:\Windows\System\kWabBDh.exe
  2⤵
  PID:14716
- C:\Windows\System\ulgnmuR.exe
  C:\Windows\System\ulgnmuR.exe
  2⤵
  PID:14744
- C:\Windows\System\yAeyHMi.exe
  C:\Windows\System\yAeyHMi.exe
  2⤵
  PID:14784
- C:\Windows\System\aEOodJO.exe
  C:\Windows\System\aEOodJO.exe
  2⤵
  PID:14812
- C:\Windows\System\etcxvON.exe
  C:\Windows\System\etcxvON.exe
  2⤵
  PID:14840
- C:\Windows\System\BBDGSEE.exe
  C:\Windows\System\BBDGSEE.exe
  2⤵
  PID:14856

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AnlMZwl.exe

Filesize
2.7MB

MD5
bcc68eb683b1ab2ce7acc28cbc2f4bad

SHA1
8c34e421667d9d1a8c00315f2a4babd5c7307588

SHA256
042f40be9114e90bd0cad9dc3491284a2553393f23b68c4128fef62ebc1e5fd3

SHA512
4b6d822be96b6b20e0ac270fc1b253fd4f5f4c97ad27fea87070f6c36a28b334d39f807920e96efccfe1330ca74c3a33a1938a3640f391575c91971d697b9a42

Download Submit
C:\Windows\System\ArRlrPv.exe

Filesize
2.7MB

MD5
9def4f890fcacec675ce2ea281ffc222

SHA1
4dafac42468a3490d712e4ada7fa4e2b5bda715b

SHA256
e5b2f2eb96779bb97dc660e258d007f519711293543dc743f4f9704ac7db30da

SHA512
f5b875ef177e0b2a106a1138622bc0c418a4313bde6900a78af16122d54ba00897d903803808dd4bea53a749470ede523d84a181f97c0f23a0da01891b44f77c

Download Submit
C:\Windows\System\BSzXccn.exe

Filesize
2.7MB

MD5
066af0d3671262a15478f3bfe7fa1bf4

SHA1
9f097e90dd80141fd558d2518527c6b417a6b004

SHA256
43484625adbb2f55dbebeb328cbe114122bc4bc5ab072074aae8118c30b1b8f2

SHA512
de90761b2073851a705b8b8db14321f442efb77023bcfb3491305a7af0cdca9905bd33b07fb8e080378852ce7268cd60c418eb687ee02e8842969e5e271338b6

Download Submit
C:\Windows\System\Dxqwuvp.exe

Filesize
2.7MB

MD5
30f8fcf4d42f6446367a605015e653ee

SHA1
abd8dad61b957ad6046e2148e3ceb5000df6e4a5

SHA256
a57f2c04335cb90e5fb32d85f24f7b28ca23846dca51b118aeb56bcfc02b3e3a

SHA512
31f7e987e8182331512429806359d3f9cb97a01c0a9688c8f12d762744e52e6f0beb59dd407aefb3594acf04cb49e90e8313722e1f6ca072d12e2d9f4b716645

Download Submit
C:\Windows\System\GaeSXca.exe

Filesize
2.7MB

MD5
983c05e215af1c1f7d1671cfd061661d

SHA1
716303a002967dcaf94aa54e37996b5f3d9d2767

SHA256
1a485b6f2eeb059b379cb24cad5b0776b0dbc6bce7155be6dedfda6de915c43d

SHA512
f60624f10d6bd46debfe77cc2887d82ee9fcccb6e11d7d18e4bb1e26dfe55095019a877309d5d437a209348ca5a0da22ab4a90dadcdf81882e64692909ed693a

Download Submit
C:\Windows\System\HjQosIe.exe

Filesize
2.7MB

MD5
f93125e0e2c6d860052a94b597f06b1d

SHA1
2fc81bc24c17abb44f844137eaa780dd6855a2ae

SHA256
f9224db498d31b46713a0461f49e2b7befaa17226ac381c57e25982a32c015f1

SHA512
55ce0bbb1162de19399a93e6b3694d516bb126aeb6f0d8f87c4a69454ea43479826d5689706c6e1cc0d72c4e6587b22df1495977c1c629732779693ff5089b05

Download Submit
C:\Windows\System\IYgkuvz.exe

Filesize
2.7MB

MD5
62af422dbd48ae3cefeac2729f08c9f9

SHA1
f76dd19371fd21101bf01fa5ab9374db6ebe830c

SHA256
594b537e8e0500b44e98b5a0b5de0a3d8dd7a433c58ae7d2aaf1cc50ec49dc46

SHA512
0cd23d39b882f6b2e07c623d0019316cf427ddb048a03ba9f9c423cfe604b116bbffa4827eadaa2cfba5fc011fc03c4e300a9a99eea4474d53316117145f592e

Download Submit
C:\Windows\System\InsLTzR.exe

Filesize
2.7MB

MD5
ca2c2ddf470bbb6608e7041b7830ed06

SHA1
4d386ce3c709fd4de9b2906afd28af3efd550aeb

SHA256
8c905a9828b85d9e8e11ce596055b2779eec4bd1780176b41faba629bc56cc73

SHA512
dd804767aaeb2d64026fbf45771f1829966c0f38d2e5a4eb763e602902a6dd8d89d7046c5899dcf8ea7f477e4cf63448d72627531f208078e1aec3ca76162aec

Download Submit
C:\Windows\System\MnbJgAu.exe

Filesize
2.7MB

MD5
08f176a5fb4f462f93100a811c4c6515

SHA1
967984cb1799899422485122fd49da5bf47febc8

SHA256
bb67e3e4f5d99bafe20acbdb85cd7fc07d33bad99382e05b68ee35fd0b3b6814

SHA512
d03036b5463d7d393258a942a6f3d84d43094a491c685202915eb127adc0c20dcaa11b8071803a23f21313bef73d3c1615b0e349b4412c1e0de62d8576961a42

Download Submit
C:\Windows\System\OdKwDSi.exe

Filesize
2.7MB

MD5
e2bd3056c310f3ece1bf5e9f7adb653d

SHA1
38f9cac096cc5690be25b8215a74249c7d9c2839

SHA256
42cc98aa87a559fd9cb39f9ac66f5c05b36853407371981d6c5f78db0ee7e233

SHA512
edbe298daa505567173e68bc437679cf3aa2c59d68063e0a8c329e36a3f0d9a37281b0139ed77b5dbec9270feb0719580462c78175fd74fab38183035ec0a3d3

Download Submit
C:\Windows\System\OzJeUdh.exe

Filesize
2.7MB

MD5
d634707c833393c30f99f0333ca37c41

SHA1
0770c3e9d7a715e669db3daced7c9568fb3c2043

SHA256
cc86ca47fa8e3b338669eb0588cc9daafadd8c4c6fb6c5d1d9fdfa41a3938539

SHA512
debe3e17b11b86ac66e77ed5c3aafc3b1f249abdbb0f8ca0e13f0bc925a265b8c6a345ae4e8486d38aaca7b51cd0a275ce25d3bd94f1cc7dfe7662529b627d9d

Download Submit
C:\Windows\System\PHYBcAW.exe

Filesize
2.7MB

MD5
f31af21df4d18ab16f06ed992adfd301

SHA1
a77b59be30079b18475b715392a63bbdb4a313ef

SHA256
bb3d0f0244307dec06d86756c09a71cf693940c39dd9262bc8089899693ba2ea

SHA512
08bcc8603c476a59cafcaa014793ce0e30f2d34192764231fd66e3730c6fd9564878a68429cf0fb4295139767a8d5077417007ca92f064e47046c5d11d642e10

Download Submit
C:\Windows\System\RWtCAkh.exe

Filesize
2.7MB

MD5
638b3cc3798315566043360289bca0e7

SHA1
04ba5e1dea565db58c86892d20ae570154b99256

SHA256
3d8d318270e500c03bd30f7c4527a97d67416fc3996754357fa1ed93db684c31

SHA512
c34b63dce50730c59ba853bf2ba8f9a803c79c7d3f48ef3566253768a5181f0136d3ad73afad9caed65156a9ee1655c91b88de6968d79a169efc03885685caaa

Download Submit
C:\Windows\System\VeAJcWH.exe

Filesize
2.7MB

MD5
1bb6d6b2b65ce9e6245d5149b83ae7f5

SHA1
e281b435b9973eb0c42ed9c4a1f85679fc3e5695

SHA256
c3e98f33441d72d17f67f2cc4568aa7722ea7287d39bf400ac26386bafe16bb0

SHA512
55dab89ac06d00f58fac20d45b8866341a74c24c8f5cbfb27e9ae71ddbe2648e5ec297b165726d5af853a0dda696d5741a06424f0f17126abd63331d410ff7ae

Download Submit
C:\Windows\System\XIqeDQr.exe

Filesize
2.7MB

MD5
270a4a1fb9ddf2e8493a31fd74061a88

SHA1
3aa02fdc3c752773240ff3d7d087971ebd660b8b

SHA256
a9ab5b58d781d26d2b919bfd3fd55df6677a397278e5e373bf06ae2a02a812e5

SHA512
119b9bfc29dceccd300e131601747167791d96f1f5f242bca0b4f78172baf02b96e8f50b3f2605afceaf0fb665857407a7b40a809c1493fb0cc3a30940a37712

Download Submit
C:\Windows\System\XjvrjdU.exe

Filesize
2.7MB

MD5
91068a5ff6653442d7c9ba430684251e

SHA1
3f369c9f743cab25ed97a7b9c593e21ed1fa4c7b

SHA256
34f5e1acb5c2bc210c80abc4f60f8e29c0188691164057eadcd8cc19fb617774

SHA512
51c43006a3a17b8d5f8b95d23cb159de34e761c8b566fdb959a8de038604293d594782486ec525aa32ae149694f6a5dc8eb5e3b4ad868e34aa88362d76a72a62

Download Submit
C:\Windows\System\YoeaMqu.exe

Filesize
2.7MB

MD5
c55cf24174061dbff5ea5d49fc16b88d

SHA1
3849849fb459d201a183bbfedab0cb4430dd9ccf

SHA256
540e155a15299d144f62371fd178c29798a6c498f0488cd77baffa136dd9c048

SHA512
f3f226d5803b243b62edb03441bd3bacdd058593de6a8b6648d1e32edba29dd3d8d7100a37f6e04235cc78d1424f5abfcf8e1abfb6b455f68270ca7323b2be3c

Download Submit
C:\Windows\System\ZJIEpcB.exe

Filesize
2.7MB

MD5
31cce2fdc2d0c48667963b664489f034

SHA1
1f62167a449c9cdb0866fd34ab767ef6b5e4aa9a

SHA256
dcd4d44c12efdfbb4590252ba49812df798308dec0eacd7c6f4d0a7a5fe777ce

SHA512
0867d724fe575a93d9b57211dfeae87fb52c697edc337641cb3032ccb252aa6aa3bf44fa8be991672c82af5dbc7981f501935888f1a395ae5d07761966df1d00

Download Submit
C:\Windows\System\aikuBdN.exe

Filesize
2.7MB

MD5
1e7cf1658fb17831eed6f3d8cf4507b0

SHA1
303dd37766e5fea11ef1212de52bcabef3169c71

SHA256
3f8b317b44caf32958ce572ed8d66461098caa2a5985b0b20521d0c22ec6f680

SHA512
5a4f19236a9ca9f76b08078ae40f6ba4a8756ddefa8c78db8b6aa01aedbd244b66d81ac86e18fb8fae08d94c3f10a84c108652f99f45df5331a32dd44255de32

Download Submit
C:\Windows\System\ekSvoKD.exe

Filesize
2.7MB

MD5
ccfddff589639c8cb3abc2758bcfcfd4

SHA1
a2fe7837079a4dadadca8ccbda186b726addfc5b

SHA256
4f46759ce902d3598b6548e8fd33e2fefe4980d03d66331acb4941b81e968019

SHA512
7327ffa31c19ca2811c017a218c6684ce7574e7680ad2c7f99dd8f814067d9a31ce1279177ad4d73d58375a8fb97930a5ad9334978cd0fc0ba873bbca713c4c2

Download Submit
C:\Windows\System\flYJLjq.exe

Filesize
2.7MB

MD5
3edd829ed6452e8f0dc7f64ce1336bc7

SHA1
302c4ed4b2e39ee424556f503b92e8e6ab5d0531

SHA256
1844627834f3b749c52d5a6f6e3af558eff583bd4ce6bf83843dcc1cd9674488

SHA512
44a5433359ea15ee61775b7f90937095d9e62efa4d5402538ad58ca90a91d48f12cec4e39e91521ffd82f076101da33c1c1c4e32e44c446b0d5c20a8e102fdf5

Download Submit
C:\Windows\System\gAdtXbD.exe

Filesize
2.7MB

MD5
4baa03a1eb8570f6f8e3b5d1266f92ac

SHA1
488c2e3fc70cd454de677c1fa8272e4c181c4942

SHA256
686d838090dd02c06fba139d6766ede1f12df9b6a29947272094260c9582f39f

SHA512
cdc3135d91f6556335f40975f50176875650b7a730383d0968496701b420e5422f3b63c52c9d6be1ef8498f70a10725ac47090aead7d4efba77e152876e95fb4

Download Submit
C:\Windows\System\iBwXdQi.exe

Filesize
2.7MB

MD5
0cd6548eee69e8c78842554b447b9444

SHA1
84785fb0151324f5704e169f07bb83ec101b05a7

SHA256
51071823e6e4eeb7bb3057fa92426d3d879e8823ff78b15ecf44661bad4383ca

SHA512
4ba71bf1153306e03c5193ccb6f3c97e2aed35d843aa08c8728402d7651d6c356e38a349f5da4a440ad6d74cf2aee485f4532f86bb2db252ace0f404bca46310

Download Submit
C:\Windows\System\kkdxZGk.exe

Filesize
2.7MB

MD5
2a1191b911e929f89d23ce5f4f6897b2

SHA1
a9b1fe41cadac77857966e87bf6ee8b90999bf65

SHA256
70dd82550ac18e57e8a84ab0730d904396ace2160376e610846c337116ec9964

SHA512
c5235aeff4ae56d415f5a716da891a945050d0bf08ab8cd44c8df1d46a8e530b6853c82becec1f5bcd6fae37750a8ec0b7a5117c3b2c28991292091097b10ea7

Download Submit
C:\Windows\System\pgNDiMV.exe

Filesize
2.7MB

MD5
5c3ff3256f23fd3cca7280378df8f2d2

SHA1
f76ec92429434901ed32b1b33a0ae8c723c74e8e

SHA256
f0175bccf5c7d4d29b01094a57577490e12f1d3a63615c2592ba7c8922f0a895

SHA512
5af8e6a31906012bcd080bd51d4e754798f2de5cbb5203820ade38589405f94f1c32b551da844026e09436a075a10baf9e511ad31d336e0f35a085d699409ef1

Download Submit
C:\Windows\System\rnAFOBk.exe

Filesize
2.7MB

MD5
8f254e5835393600fb93368cb7c55ea4

SHA1
6b7aa72ec5921e5c1300a0e5bcf185b91c752063

SHA256
701b6d5e469cd64012d799ef066cbef4f6ba2076a317d6783b35f48ce5056324

SHA512
c06dde65508f00a7c7d33567208921b6e9f05aeeec442af34cef59d0ea03e0e91e4105adb8317cf6665cebe1803de43a20a307e98fe597405af87e7a9aa97108

Download Submit
C:\Windows\System\ruTJsqw.exe

Filesize
2.7MB

MD5
2b6bf99e11b97a80bc880321edac6761

SHA1
e375784ab6a4c7ac4e0edf3181fdec3cdf2df95f

SHA256
a9c15ca3904b568a727f322ba06af7db7282f1a9962e0aef7ca2f0338b8f3c05

SHA512
04fd094235aaf27dd4913858ee7bba174e6cf86e663f87ca3b723adbc6e5dc39c99d9dd3677587a1abdbc1cf88740354e461e06eae22530eaf27dde7c8223197

Download Submit
C:\Windows\System\tfFJbWz.exe

Filesize
2.7MB

MD5
cebd3410ad1cbd7d58db6f50e78be26e

SHA1
354a47a67d0c443b628406d2f2455b7f68b77549

SHA256
ed40cc75dd31065c6f5f1be91a5b96fd2c768f0fc456f8e0fefafc9f148582c2

SHA512
e8084f98a04df7626b8909783452661af6980b4fff166a5fa21c955abe6405acedebf9ca160825c436dcf2f18d5227de8ee3aa75bfe7fab1d1f026f2d495d330

Download Submit
C:\Windows\System\thhHqag.exe

Filesize
2.7MB

MD5
89719f224fda964a6a432565687a9d34

SHA1
95fd5a7a01e23d3623c777348b6811cb4c4a4bc6

SHA256
c85a4459ba7b0a1a6581752453256cbde8f9c59170a27e6ebe34f96a66439bbd

SHA512
03520fb2ff66ac59bc06a42f39b705a352d967b95924e5725ae66ebf8bc57f22b6cd6f5a4d0b4e39fb7f7b58bc1af55526c4f543292f9719283b9fda861dd216

Download Submit
C:\Windows\System\uYcBKwj.exe

Filesize
2.7MB

MD5
d778f8adfdcda9e2ebbd9ad93e375b82

SHA1
902764d0676b0b914310aedcff612064e53e7618

SHA256
0540bdb05e839e2c004923f451c366f2e3b7248ba9bf8191a4330efda3332955

SHA512
518da4d0f8cdc44251bba088189eeef08e65e27c9af81fa1248a98329ca6765a5773087ce7ea8eeb444f8c1c7b40718840256bda9983237eb8c278bea0437306

Download Submit
C:\Windows\System\uoJMzYR.exe

Filesize
2.7MB

MD5
3cdf974bec388d516f9edd934ac202d5

SHA1
bfdddf51d7bff67f1a2691b5b24e7b67912db5ef

SHA256
083811068d42740c6777c0e8dfc6f348bad7514fccc72c4cea95219c2eb5c1da

SHA512
430c40d2fe1633403f4f3d4a4d171d6b868f68e8b64ae7896fe4f445060a0424d4b051ba5bf627690fa1b53c5be3eeb8270b90480d672989a01aa2101a07046b

Download Submit
C:\Windows\System\xMGfhCH.exe

Filesize
2.7MB

MD5
76d9bf4d1db872fb492d83e8248e0699

SHA1
f2c6d758bba478362ef8978cf4bc31426111ac58

SHA256
a63b53efccd31e37b0ecc22a9094fa568c7112b35ba7d5896ac63b44487b0425

SHA512
36ea4da6bcbecdf5a04f89a4f2a7d8d859a64fb7b49e5bae421fe3c24ff48b40191fecade6cfbb8bb0c3424d1af3f5f40aad2c8a0774d7054c4281e9a2c698fd

Download Submit
C:\Windows\System\zukqSGN.exe

Filesize
2.7MB

MD5
bfcb60ed890e5f3c7d65efa8812f5673

SHA1
d0001c6e0fe98ad79e0bf9d12d5fcc14fc8f84fe

SHA256
3565c65dc93da998f806ffc5f5128ee4b960d292c472b1562077834132c64446

SHA512
586acd471e7b6b24cd88e3c875fbf5d68ae310a183e7af97e545a44181bb3ed8bf9a4c592d4a8dc95c41814e6acf783f52b12d7a1ad12869e664cf13693b5c66

Download Submit
memory/216-311-0x00007FF64AB70000-0x00007FF64AEC4000-memory.dmp

Filesize
3.3MB

Download
memory/216-2109-0x00007FF64AB70000-0x00007FF64AEC4000-memory.dmp

Filesize
3.3MB

Download
memory/448-20-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp

Filesize
3.3MB

Download
memory/448-1667-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp

Filesize
3.3MB

Download
memory/448-2099-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp

Filesize
3.3MB

Download
memory/916-347-0x00007FF76A720000-0x00007FF76AA74000-memory.dmp

Filesize
3.3MB

Download
memory/916-2106-0x00007FF76A720000-0x00007FF76AA74000-memory.dmp

Filesize
3.3MB

Download
memory/1172-36-0x00007FF60CC70000-0x00007FF60CFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-2096-0x00007FF60CC70000-0x00007FF60CFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-2102-0x00007FF60CC70000-0x00007FF60CFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-2108-0x00007FF7855B0000-0x00007FF785904000-memory.dmp

Filesize
3.3MB

Download
memory/1196-313-0x00007FF7855B0000-0x00007FF785904000-memory.dmp

Filesize
3.3MB

Download
memory/1532-2121-0x00007FF6AD210000-0x00007FF6AD564000-memory.dmp

Filesize
3.3MB

Download
memory/1532-341-0x00007FF6AD210000-0x00007FF6AD564000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2100-0x00007FF6ACA40000-0x00007FF6ACD94000-memory.dmp

Filesize
3.3MB

Download
memory/1624-28-0x00007FF6ACA40000-0x00007FF6ACD94000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2104-0x00007FF7F1C10000-0x00007FF7F1F64000-memory.dmp

Filesize
3.3MB

Download
memory/1640-51-0x00007FF7F1C10000-0x00007FF7F1F64000-memory.dmp

Filesize
3.3MB

Download
memory/1936-344-0x00007FF6721D0000-0x00007FF672524000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2115-0x00007FF6721D0000-0x00007FF672524000-memory.dmp

Filesize
3.3MB

Download
memory/2092-324-0x00007FF69AB00000-0x00007FF69AE54000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2111-0x00007FF69AB00000-0x00007FF69AE54000-memory.dmp

Filesize
3.3MB

Download
memory/2336-329-0x00007FF72CBA0000-0x00007FF72CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2113-0x00007FF72CBA0000-0x00007FF72CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-342-0x00007FF655680000-0x00007FF6559D4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2118-0x00007FF655680000-0x00007FF6559D4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-336-0x00007FF75E6C0000-0x00007FF75EA14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2124-0x00007FF75E6C0000-0x00007FF75EA14000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2107-0x00007FF7C64A0000-0x00007FF7C67F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-317-0x00007FF7C64A0000-0x00007FF7C67F4000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2101-0x00007FF7F6330000-0x00007FF7F6684000-memory.dmp

Filesize
3.3MB

Download
memory/3308-34-0x00007FF7F6330000-0x00007FF7F6684000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2095-0x00007FF7F6330000-0x00007FF7F6684000-memory.dmp

Filesize
3.3MB

Download
memory/3452-17-0x00007FF68BED0000-0x00007FF68C224000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2098-0x00007FF68BED0000-0x00007FF68C224000-memory.dmp

Filesize
3.3MB

Download
memory/3836-2116-0x00007FF71AA50000-0x00007FF71ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/3836-346-0x00007FF71AA50000-0x00007FF71ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2123-0x00007FF60BE10000-0x00007FF60C164000-memory.dmp

Filesize
3.3MB

Download
memory/3852-337-0x00007FF60BE10000-0x00007FF60C164000-memory.dmp

Filesize
3.3MB

Download
memory/4156-49-0x00007FF66EFF0000-0x00007FF66F344000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2103-0x00007FF66EFF0000-0x00007FF66F344000-memory.dmp

Filesize
3.3MB

Download
memory/4224-2105-0x00007FF771BB0000-0x00007FF771F04000-memory.dmp

Filesize
3.3MB

Download
memory/4224-308-0x00007FF771BB0000-0x00007FF771F04000-memory.dmp

Filesize
3.3MB

Download
memory/4496-14-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2097-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2119-0x00007FF7F8200000-0x00007FF7F8554000-memory.dmp

Filesize
3.3MB

Download
memory/4532-339-0x00007FF7F8200000-0x00007FF7F8554000-memory.dmp

Filesize
3.3MB

Download
memory/4724-0-0x00007FF67EF40000-0x00007FF67F294000-memory.dmp

Filesize
3.3MB

Download
memory/4724-1-0x0000025752260000-0x0000025752270000-memory.dmp

Filesize
64KB

Download
memory/4724-939-0x00007FF67EF40000-0x00007FF67F294000-memory.dmp

Filesize
3.3MB

Download
memory/4752-338-0x00007FF66D720000-0x00007FF66DA74000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2122-0x00007FF66D720000-0x00007FF66DA74000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2112-0x00007FF687A80000-0x00007FF687DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-325-0x00007FF687A80000-0x00007FF687DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-318-0x00007FF6AA550000-0x00007FF6AA8A4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2110-0x00007FF6AA550000-0x00007FF6AA8A4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-2117-0x00007FF6F8010000-0x00007FF6F8364000-memory.dmp

Filesize
3.3MB

Download
memory/4876-343-0x00007FF6F8010000-0x00007FF6F8364000-memory.dmp

Filesize
3.3MB

Download
memory/4892-330-0x00007FF7C4FF0000-0x00007FF7C5344000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2125-0x00007FF7C4FF0000-0x00007FF7C5344000-memory.dmp

Filesize
3.3MB

Download
memory/5008-345-0x00007FF7806A0000-0x00007FF7809F4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2114-0x00007FF7806A0000-0x00007FF7809F4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-2120-0x00007FF746AA0000-0x00007FF746DF4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-340-0x00007FF746AA0000-0x00007FF746DF4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads