xmrig | a5fe84cc7f105ed1072bb4ee1e43713b9a7ebec52a684f11acf28e92ade6b3f2

Analysis

max time kernel
132s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
Size

1.7MB
MD5

08fa22abee328ee2b6b180729ec4d960
SHA1

c92fca944add2ab1362f42c99271e4b4d7906ba7
SHA256

a5fe84cc7f105ed1072bb4ee1e43713b9a7ebec52a684f11acf28e92ade6b3f2
SHA512

4f254445066d2c8d4daed9297b06c54168ab237f4eaea059d92482efb7237282b487f1dcea4f26697331fa6321f2454b8587447cd38040db889c6b42203d1ac0
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD5/o:BemTLkNdfE0pZr7

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/232-0-0x00007FF795FC0000-0x00007FF796314000-memory.dmp	xmrig
behavioral2/files/0x000500000002328d-5.dat	xmrig
behavioral2/files/0x0007000000023432-8.dat	xmrig
behavioral2/files/0x0007000000023435-30.dat	xmrig
behavioral2/files/0x0007000000023439-53.dat	xmrig
behavioral2/files/0x000700000002343b-69.dat	xmrig
behavioral2/files/0x0007000000023445-102.dat	xmrig
behavioral2/files/0x0007000000023444-97.dat	xmrig
behavioral2/files/0x0007000000023449-129.dat	xmrig
behavioral2/files/0x0007000000023446-153.dat	xmrig
behavioral2/memory/932-170-0x00007FF7A6BE0000-0x00007FF7A6F34000-memory.dmp	xmrig
behavioral2/memory/552-178-0x00007FF792630000-0x00007FF792984000-memory.dmp	xmrig
behavioral2/memory/2080-183-0x00007FF743FD0000-0x00007FF744324000-memory.dmp	xmrig
behavioral2/memory/5104-188-0x00007FF745B50000-0x00007FF745EA4000-memory.dmp	xmrig
behavioral2/memory/3636-195-0x00007FF7CF710000-0x00007FF7CFA64000-memory.dmp	xmrig
behavioral2/memory/2264-197-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp	xmrig
behavioral2/memory/4480-196-0x00007FF602560000-0x00007FF6028B4000-memory.dmp	xmrig
behavioral2/memory/1632-194-0x00007FF644460000-0x00007FF6447B4000-memory.dmp	xmrig
behavioral2/memory/4904-193-0x00007FF6A89F0000-0x00007FF6A8D44000-memory.dmp	xmrig
behavioral2/memory/4192-192-0x00007FF65A620000-0x00007FF65A974000-memory.dmp	xmrig
behavioral2/memory/5064-191-0x00007FF6D6810000-0x00007FF6D6B64000-memory.dmp	xmrig
behavioral2/memory/2544-190-0x00007FF641D00000-0x00007FF642054000-memory.dmp	xmrig
behavioral2/memory/3964-189-0x00007FF662250000-0x00007FF6625A4000-memory.dmp	xmrig
behavioral2/memory/4568-187-0x00007FF764290000-0x00007FF7645E4000-memory.dmp	xmrig
behavioral2/memory/3036-186-0x00007FF6E1910000-0x00007FF6E1C64000-memory.dmp	xmrig
behavioral2/memory/2396-185-0x00007FF7662E0000-0x00007FF766634000-memory.dmp	xmrig
behavioral2/memory/1996-184-0x00007FF639400000-0x00007FF639754000-memory.dmp	xmrig
behavioral2/memory/1780-182-0x00007FF7CE180000-0x00007FF7CE4D4000-memory.dmp	xmrig
behavioral2/memory/732-181-0x00007FF6DE770000-0x00007FF6DEAC4000-memory.dmp	xmrig
behavioral2/memory/2204-180-0x00007FF795E10000-0x00007FF796164000-memory.dmp	xmrig
behavioral2/memory/968-179-0x00007FF6C2720000-0x00007FF6C2A74000-memory.dmp	xmrig
behavioral2/memory/2012-177-0x00007FF7496F0000-0x00007FF749A44000-memory.dmp	xmrig
behavioral2/memory/3772-176-0x00007FF75B8D0000-0x00007FF75BC24000-memory.dmp	xmrig
behavioral2/memory/1368-171-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002344d-168.dat	xmrig
behavioral2/files/0x000700000002344c-166.dat	xmrig
behavioral2/files/0x000700000002344b-164.dat	xmrig
behavioral2/files/0x000700000002344a-162.dat	xmrig
behavioral2/files/0x0007000000023448-158.dat	xmrig
behavioral2/memory/2944-157-0x00007FF633330000-0x00007FF633684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023447-155.dat	xmrig
behavioral2/files/0x0007000000023451-152.dat	xmrig
behavioral2/files/0x0007000000023450-151.dat	xmrig
behavioral2/files/0x000700000002344f-150.dat	xmrig
behavioral2/files/0x000700000002344e-147.dat	xmrig
behavioral2/memory/3712-146-0x00007FF7DCAE0000-0x00007FF7DCE34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023443-139.dat	xmrig
behavioral2/files/0x0007000000023442-132.dat	xmrig
behavioral2/memory/3412-124-0x00007FF7A1F40000-0x00007FF7A2294000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-123.dat	xmrig
behavioral2/files/0x0007000000023440-115.dat	xmrig
behavioral2/files/0x000700000002343f-109.dat	xmrig
behavioral2/files/0x000700000002343e-105.dat	xmrig
behavioral2/files/0x000700000002343d-82.dat	xmrig
behavioral2/files/0x000700000002343c-73.dat	xmrig
behavioral2/files/0x000700000002343a-58.dat	xmrig
behavioral2/files/0x0007000000023438-51.dat	xmrig
behavioral2/files/0x0007000000023437-49.dat	xmrig
behavioral2/files/0x0007000000023436-47.dat	xmrig
behavioral2/files/0x0007000000023434-36.dat	xmrig
behavioral2/memory/2308-31-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-27.dat	xmrig
behavioral2/files/0x0008000000023431-16.dat	xmrig
behavioral2/memory/832-12-0x00007FF6C6450000-0x00007FF6C67A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
832	nwoJyHi.exe
2308	mzMAMjr.exe
3636	EdtTGqZ.exe
3412	IVifIUp.exe
3712	gjgwggq.exe
2944	paHdbSo.exe
4480	xiRsJUX.exe
932	MQWekAJ.exe
1368	PGUjNXt.exe
3772	dehUwdR.exe
2012	JtEdKoK.exe
552	mBDihcy.exe
968	dShcPnF.exe
2204	IpgXdER.exe
732	axOkRZL.exe
1780	SeMUgUi.exe
2080	LGhWkJW.exe
1996	tRupDTK.exe
2396	uBiIOUz.exe
3036	HmeVLJv.exe
4568	cTrUUxp.exe
5104	oyaLLia.exe
3964	JaXRXeU.exe
2544	nQmoslL.exe
2264	nOJFAeE.exe
5064	ihOQmRz.exe
4192	fCPDqvt.exe
4904	GHkQoOj.exe
1632	ZWyrLzx.exe
1812	dImNrlp.exe
4876	wKfxRFu.exe
4252	BHmVEGG.exe
1656	efllSdn.exe
3420	XRAZLYg.exe
3760	caBkeBL.exe
3320	AGxwtKM.exe
3868	FesHlUd.exe
2004	GFwOxOj.exe
5044	CEvmtpf.exe
2536	btfYuvm.exe
1292	WZWBvwc.exe
4052	JsNLcHa.exe
3168	rfqIxxC.exe
3236	vDphhHP.exe
3228	rXkSFBB.exe
224	lBNkYNj.exe
1424	lRaedjx.exe
3840	lpMhKZn.exe
5080	ynWXoQI.exe
4596	OlbDZDk.exe
3780	zBDYSAs.exe
2596	MfCARRQ.exe
920	htWHXVl.exe
4328	WgXqVnu.exe
4464	jmhzPKm.exe
1224	mSEHkTq.exe
3776	oUZFpUb.exe
1228	zYBFgSk.exe
2044	QyEnKoR.exe
2232	JYNlCOH.exe
2916	nHSDTpj.exe
744	GeLOjBB.exe
2112	UJmpZYJ.exe
3012	IgzhfcQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/232-0-0x00007FF795FC0000-0x00007FF796314000-memory.dmp	upx
behavioral2/files/0x000500000002328d-5.dat	upx
behavioral2/files/0x0007000000023432-8.dat	upx
behavioral2/files/0x0007000000023435-30.dat	upx
behavioral2/files/0x0007000000023439-53.dat	upx
behavioral2/files/0x000700000002343b-69.dat	upx
behavioral2/files/0x0007000000023445-102.dat	upx
behavioral2/files/0x0007000000023444-97.dat	upx
behavioral2/files/0x0007000000023449-129.dat	upx
behavioral2/files/0x0007000000023446-153.dat	upx
behavioral2/memory/932-170-0x00007FF7A6BE0000-0x00007FF7A6F34000-memory.dmp	upx
behavioral2/memory/552-178-0x00007FF792630000-0x00007FF792984000-memory.dmp	upx
behavioral2/memory/2080-183-0x00007FF743FD0000-0x00007FF744324000-memory.dmp	upx
behavioral2/memory/5104-188-0x00007FF745B50000-0x00007FF745EA4000-memory.dmp	upx
behavioral2/memory/3636-195-0x00007FF7CF710000-0x00007FF7CFA64000-memory.dmp	upx
behavioral2/memory/2264-197-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp	upx
behavioral2/memory/4480-196-0x00007FF602560000-0x00007FF6028B4000-memory.dmp	upx
behavioral2/memory/1632-194-0x00007FF644460000-0x00007FF6447B4000-memory.dmp	upx
behavioral2/memory/4904-193-0x00007FF6A89F0000-0x00007FF6A8D44000-memory.dmp	upx
behavioral2/memory/4192-192-0x00007FF65A620000-0x00007FF65A974000-memory.dmp	upx
behavioral2/memory/5064-191-0x00007FF6D6810000-0x00007FF6D6B64000-memory.dmp	upx
behavioral2/memory/2544-190-0x00007FF641D00000-0x00007FF642054000-memory.dmp	upx
behavioral2/memory/3964-189-0x00007FF662250000-0x00007FF6625A4000-memory.dmp	upx
behavioral2/memory/4568-187-0x00007FF764290000-0x00007FF7645E4000-memory.dmp	upx
behavioral2/memory/3036-186-0x00007FF6E1910000-0x00007FF6E1C64000-memory.dmp	upx
behavioral2/memory/2396-185-0x00007FF7662E0000-0x00007FF766634000-memory.dmp	upx
behavioral2/memory/1996-184-0x00007FF639400000-0x00007FF639754000-memory.dmp	upx
behavioral2/memory/1780-182-0x00007FF7CE180000-0x00007FF7CE4D4000-memory.dmp	upx
behavioral2/memory/732-181-0x00007FF6DE770000-0x00007FF6DEAC4000-memory.dmp	upx
behavioral2/memory/2204-180-0x00007FF795E10000-0x00007FF796164000-memory.dmp	upx
behavioral2/memory/968-179-0x00007FF6C2720000-0x00007FF6C2A74000-memory.dmp	upx
behavioral2/memory/2012-177-0x00007FF7496F0000-0x00007FF749A44000-memory.dmp	upx
behavioral2/memory/3772-176-0x00007FF75B8D0000-0x00007FF75BC24000-memory.dmp	upx
behavioral2/memory/1368-171-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp	upx
behavioral2/files/0x000700000002344d-168.dat	upx
behavioral2/files/0x000700000002344c-166.dat	upx
behavioral2/files/0x000700000002344b-164.dat	upx
behavioral2/files/0x000700000002344a-162.dat	upx
behavioral2/files/0x0007000000023448-158.dat	upx
behavioral2/memory/2944-157-0x00007FF633330000-0x00007FF633684000-memory.dmp	upx
behavioral2/files/0x0007000000023447-155.dat	upx
behavioral2/files/0x0007000000023451-152.dat	upx
behavioral2/files/0x0007000000023450-151.dat	upx
behavioral2/files/0x000700000002344f-150.dat	upx
behavioral2/files/0x000700000002344e-147.dat	upx
behavioral2/memory/3712-146-0x00007FF7DCAE0000-0x00007FF7DCE34000-memory.dmp	upx
behavioral2/files/0x0007000000023443-139.dat	upx
behavioral2/files/0x0007000000023442-132.dat	upx
behavioral2/memory/3412-124-0x00007FF7A1F40000-0x00007FF7A2294000-memory.dmp	upx
behavioral2/files/0x0007000000023441-123.dat	upx
behavioral2/files/0x0007000000023440-115.dat	upx
behavioral2/files/0x000700000002343f-109.dat	upx
behavioral2/files/0x000700000002343e-105.dat	upx
behavioral2/files/0x000700000002343d-82.dat	upx
behavioral2/files/0x000700000002343c-73.dat	upx
behavioral2/files/0x000700000002343a-58.dat	upx
behavioral2/files/0x0007000000023438-51.dat	upx
behavioral2/files/0x0007000000023437-49.dat	upx
behavioral2/files/0x0007000000023436-47.dat	upx
behavioral2/files/0x0007000000023434-36.dat	upx
behavioral2/memory/2308-31-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp	upx
behavioral2/files/0x0007000000023433-27.dat	upx
behavioral2/files/0x0008000000023431-16.dat	upx
behavioral2/memory/832-12-0x00007FF6C6450000-0x00007FF6C67A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GFwOxOj.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\Hovyctg.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\DQoItHW.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\gmxTmoc.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\cbNrSWN.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\KlshxVu.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\JWEhzQh.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\vfpuPEe.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\fhXAZZu.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\UbPlKVt.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\IVkpOQN.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\XXaLxlj.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\PBdKDEJ.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\XCvDvNi.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\NwsXgjy.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\IwUhBcO.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\oNosRSr.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\gShSSyE.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\eUhCghq.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\GHkQoOj.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\CEvmtpf.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\AAJsfbm.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\wIEmXtK.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\AxeumuU.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\sncjVos.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\hLwZQzY.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\HGsrWDZ.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\UXsCMXa.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\zqFhcMF.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\OIUMslc.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\vsuvuYd.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\blocbAq.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\ESpaWfl.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\fCPDqvt.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\NEGWEBq.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\reqQoEI.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\UHbKuGK.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\eyRolag.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\iwIeHyN.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\sTtLSpk.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\dFHYrcs.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\vxPvKlo.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\hBtkkiH.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\CLEFIim.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\PLEOxhY.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\DpIPZFk.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\yjXbOPg.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\TQOekZz.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\TjLotbY.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\DtoPhoK.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\dyjWVob.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\rnQwUKE.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\vMaBNlF.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\lJxEYYh.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\BJeMNSb.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\pktlzUt.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\gmevTnN.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\OKgzJMC.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\cXORaoH.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\AFdovBw.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\blEFHEr.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\WkBsJBL.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\OXmGWZv.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
File created	C:\Windows\System\FrypFDS.exe	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14180	dwm.exe
Token: SeChangeNotifyPrivilege	14180	dwm.exe
Token: 33	14180	dwm.exe
Token: SeIncBasePriorityPrivilege	14180	dwm.exe
Token: SeShutdownPrivilege	14180	dwm.exe
Token: SeCreatePagefilePrivilege	14180	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 832	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	82
PID 232 wrote to memory of 832	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	82
PID 232 wrote to memory of 2308	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	83
PID 232 wrote to memory of 2308	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	83
PID 232 wrote to memory of 3636	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	84
PID 232 wrote to memory of 3636	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	84
PID 232 wrote to memory of 3412	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	85
PID 232 wrote to memory of 3412	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	85
PID 232 wrote to memory of 3712	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	86
PID 232 wrote to memory of 3712	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	86
PID 232 wrote to memory of 2944	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	87
PID 232 wrote to memory of 2944	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	87
PID 232 wrote to memory of 4480	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	88
PID 232 wrote to memory of 4480	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	88
PID 232 wrote to memory of 932	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	89
PID 232 wrote to memory of 932	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	89
PID 232 wrote to memory of 1368	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	90
PID 232 wrote to memory of 1368	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	90
PID 232 wrote to memory of 3772	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	91
PID 232 wrote to memory of 3772	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	91
PID 232 wrote to memory of 2012	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	92
PID 232 wrote to memory of 2012	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	92
PID 232 wrote to memory of 552	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	93
PID 232 wrote to memory of 552	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	93
PID 232 wrote to memory of 968	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	94
PID 232 wrote to memory of 968	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	94
PID 232 wrote to memory of 2204	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	95
PID 232 wrote to memory of 2204	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	95
PID 232 wrote to memory of 732	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	96
PID 232 wrote to memory of 732	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	96
PID 232 wrote to memory of 1780	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	97
PID 232 wrote to memory of 1780	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	97
PID 232 wrote to memory of 2080	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	98
PID 232 wrote to memory of 2080	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	98
PID 232 wrote to memory of 1996	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	99
PID 232 wrote to memory of 1996	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	99
PID 232 wrote to memory of 2396	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	100
PID 232 wrote to memory of 2396	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	100
PID 232 wrote to memory of 3036	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	101
PID 232 wrote to memory of 3036	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	101
PID 232 wrote to memory of 4568	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	102
PID 232 wrote to memory of 4568	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	102
PID 232 wrote to memory of 5104	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	103
PID 232 wrote to memory of 5104	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	103
PID 232 wrote to memory of 3964	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	104
PID 232 wrote to memory of 3964	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	104
PID 232 wrote to memory of 2544	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	105
PID 232 wrote to memory of 2544	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	105
PID 232 wrote to memory of 2264	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	106
PID 232 wrote to memory of 2264	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	106
PID 232 wrote to memory of 5064	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	107
PID 232 wrote to memory of 5064	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	107
PID 232 wrote to memory of 4192	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	108
PID 232 wrote to memory of 4192	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	108
PID 232 wrote to memory of 4904	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	109
PID 232 wrote to memory of 4904	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	109
PID 232 wrote to memory of 1632	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	110
PID 232 wrote to memory of 1632	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	110
PID 232 wrote to memory of 1812	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	111
PID 232 wrote to memory of 1812	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	111
PID 232 wrote to memory of 4876	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	112
PID 232 wrote to memory of 4876	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	112
PID 232 wrote to memory of 4252	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	113
PID 232 wrote to memory of 4252	232	08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\08fa22abee328ee2b6b180729ec4d960_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\System\nwoJyHi.exe
  C:\Windows\System\nwoJyHi.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\mzMAMjr.exe
  C:\Windows\System\mzMAMjr.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\EdtTGqZ.exe
  C:\Windows\System\EdtTGqZ.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\IVifIUp.exe
  C:\Windows\System\IVifIUp.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\gjgwggq.exe
  C:\Windows\System\gjgwggq.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\paHdbSo.exe
  C:\Windows\System\paHdbSo.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\xiRsJUX.exe
  C:\Windows\System\xiRsJUX.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\MQWekAJ.exe
  C:\Windows\System\MQWekAJ.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\PGUjNXt.exe
  C:\Windows\System\PGUjNXt.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\dehUwdR.exe
  C:\Windows\System\dehUwdR.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\JtEdKoK.exe
  C:\Windows\System\JtEdKoK.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\mBDihcy.exe
  C:\Windows\System\mBDihcy.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\dShcPnF.exe
  C:\Windows\System\dShcPnF.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\IpgXdER.exe
  C:\Windows\System\IpgXdER.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\axOkRZL.exe
  C:\Windows\System\axOkRZL.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\SeMUgUi.exe
  C:\Windows\System\SeMUgUi.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\LGhWkJW.exe
  C:\Windows\System\LGhWkJW.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\tRupDTK.exe
  C:\Windows\System\tRupDTK.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\uBiIOUz.exe
  C:\Windows\System\uBiIOUz.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\HmeVLJv.exe
  C:\Windows\System\HmeVLJv.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\cTrUUxp.exe
  C:\Windows\System\cTrUUxp.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\oyaLLia.exe
  C:\Windows\System\oyaLLia.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\JaXRXeU.exe
  C:\Windows\System\JaXRXeU.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\nQmoslL.exe
  C:\Windows\System\nQmoslL.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\nOJFAeE.exe
  C:\Windows\System\nOJFAeE.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ihOQmRz.exe
  C:\Windows\System\ihOQmRz.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\fCPDqvt.exe
  C:\Windows\System\fCPDqvt.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\GHkQoOj.exe
  C:\Windows\System\GHkQoOj.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\ZWyrLzx.exe
  C:\Windows\System\ZWyrLzx.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\dImNrlp.exe
  C:\Windows\System\dImNrlp.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\wKfxRFu.exe
  C:\Windows\System\wKfxRFu.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\BHmVEGG.exe
  C:\Windows\System\BHmVEGG.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\efllSdn.exe
  C:\Windows\System\efllSdn.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\XRAZLYg.exe
  C:\Windows\System\XRAZLYg.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\caBkeBL.exe
  C:\Windows\System\caBkeBL.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\AGxwtKM.exe
  C:\Windows\System\AGxwtKM.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\FesHlUd.exe
  C:\Windows\System\FesHlUd.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\GFwOxOj.exe
  C:\Windows\System\GFwOxOj.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\CEvmtpf.exe
  C:\Windows\System\CEvmtpf.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\btfYuvm.exe
  C:\Windows\System\btfYuvm.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\WZWBvwc.exe
  C:\Windows\System\WZWBvwc.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\JsNLcHa.exe
  C:\Windows\System\JsNLcHa.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\rfqIxxC.exe
  C:\Windows\System\rfqIxxC.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\vDphhHP.exe
  C:\Windows\System\vDphhHP.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\rXkSFBB.exe
  C:\Windows\System\rXkSFBB.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\lBNkYNj.exe
  C:\Windows\System\lBNkYNj.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\lRaedjx.exe
  C:\Windows\System\lRaedjx.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\lpMhKZn.exe
  C:\Windows\System\lpMhKZn.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\ynWXoQI.exe
  C:\Windows\System\ynWXoQI.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\OlbDZDk.exe
  C:\Windows\System\OlbDZDk.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\zBDYSAs.exe
  C:\Windows\System\zBDYSAs.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\MfCARRQ.exe
  C:\Windows\System\MfCARRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\htWHXVl.exe
  C:\Windows\System\htWHXVl.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\WgXqVnu.exe
  C:\Windows\System\WgXqVnu.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\jmhzPKm.exe
  C:\Windows\System\jmhzPKm.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\mSEHkTq.exe
  C:\Windows\System\mSEHkTq.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\oUZFpUb.exe
  C:\Windows\System\oUZFpUb.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\zYBFgSk.exe
  C:\Windows\System\zYBFgSk.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\QyEnKoR.exe
  C:\Windows\System\QyEnKoR.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\JYNlCOH.exe
  C:\Windows\System\JYNlCOH.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\nHSDTpj.exe
  C:\Windows\System\nHSDTpj.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\GeLOjBB.exe
  C:\Windows\System\GeLOjBB.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\UJmpZYJ.exe
  C:\Windows\System\UJmpZYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\IgzhfcQ.exe
  C:\Windows\System\IgzhfcQ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\jhHNbCW.exe
  C:\Windows\System\jhHNbCW.exe
  2⤵
  PID:2844
- C:\Windows\System\NbWKREt.exe
  C:\Windows\System\NbWKREt.exe
  2⤵
  PID:2768
- C:\Windows\System\UbPlKVt.exe
  C:\Windows\System\UbPlKVt.exe
  2⤵
  PID:3120
- C:\Windows\System\aFUgSTp.exe
  C:\Windows\System\aFUgSTp.exe
  2⤵
  PID:4808
- C:\Windows\System\pskzsKM.exe
  C:\Windows\System\pskzsKM.exe
  2⤵
  PID:4964
- C:\Windows\System\FsBvURi.exe
  C:\Windows\System\FsBvURi.exe
  2⤵
  PID:3888
- C:\Windows\System\TETTQNV.exe
  C:\Windows\System\TETTQNV.exe
  2⤵
  PID:448
- C:\Windows\System\ZHBcNvK.exe
  C:\Windows\System\ZHBcNvK.exe
  2⤵
  PID:3208
- C:\Windows\System\vjikCdD.exe
  C:\Windows\System\vjikCdD.exe
  2⤵
  PID:2168
- C:\Windows\System\ZdfMJQI.exe
  C:\Windows\System\ZdfMJQI.exe
  2⤵
  PID:2724
- C:\Windows\System\lflWRNC.exe
  C:\Windows\System\lflWRNC.exe
  2⤵
  PID:2608
- C:\Windows\System\MjLPHoi.exe
  C:\Windows\System\MjLPHoi.exe
  2⤵
  PID:1964
- C:\Windows\System\FrypFDS.exe
  C:\Windows\System\FrypFDS.exe
  2⤵
  PID:5396
- C:\Windows\System\wujSpdd.exe
  C:\Windows\System\wujSpdd.exe
  2⤵
  PID:5412
- C:\Windows\System\gexiXTz.exe
  C:\Windows\System\gexiXTz.exe
  2⤵
  PID:5432
- C:\Windows\System\GoUHGzS.exe
  C:\Windows\System\GoUHGzS.exe
  2⤵
  PID:5456
- C:\Windows\System\JiJrudp.exe
  C:\Windows\System\JiJrudp.exe
  2⤵
  PID:5472
- C:\Windows\System\FiQoMtC.exe
  C:\Windows\System\FiQoMtC.exe
  2⤵
  PID:5496
- C:\Windows\System\KyplEVT.exe
  C:\Windows\System\KyplEVT.exe
  2⤵
  PID:5528
- C:\Windows\System\NUsiICp.exe
  C:\Windows\System\NUsiICp.exe
  2⤵
  PID:5560
- C:\Windows\System\uUhzTfT.exe
  C:\Windows\System\uUhzTfT.exe
  2⤵
  PID:5592
- C:\Windows\System\XXaLxlj.exe
  C:\Windows\System\XXaLxlj.exe
  2⤵
  PID:5624
- C:\Windows\System\sZMyFzn.exe
  C:\Windows\System\sZMyFzn.exe
  2⤵
  PID:5664
- C:\Windows\System\qIZnAFz.exe
  C:\Windows\System\qIZnAFz.exe
  2⤵
  PID:5704
- C:\Windows\System\bgNoIxH.exe
  C:\Windows\System\bgNoIxH.exe
  2⤵
  PID:5744
- C:\Windows\System\DVZGDdd.exe
  C:\Windows\System\DVZGDdd.exe
  2⤵
  PID:5760
- C:\Windows\System\KFgtaKo.exe
  C:\Windows\System\KFgtaKo.exe
  2⤵
  PID:5780
- C:\Windows\System\EaLbIzH.exe
  C:\Windows\System\EaLbIzH.exe
  2⤵
  PID:5808
- C:\Windows\System\PPvxlsA.exe
  C:\Windows\System\PPvxlsA.exe
  2⤵
  PID:5840
- C:\Windows\System\NyQhtfS.exe
  C:\Windows\System\NyQhtfS.exe
  2⤵
  PID:5880
- C:\Windows\System\lGCIsnm.exe
  C:\Windows\System\lGCIsnm.exe
  2⤵
  PID:5920
- C:\Windows\System\VMyxAGK.exe
  C:\Windows\System\VMyxAGK.exe
  2⤵
  PID:5952
- C:\Windows\System\hBtkkiH.exe
  C:\Windows\System\hBtkkiH.exe
  2⤵
  PID:5992
- C:\Windows\System\jMzoyRo.exe
  C:\Windows\System\jMzoyRo.exe
  2⤵
  PID:6020
- C:\Windows\System\YPgSssx.exe
  C:\Windows\System\YPgSssx.exe
  2⤵
  PID:6048
- C:\Windows\System\qYwVPQa.exe
  C:\Windows\System\qYwVPQa.exe
  2⤵
  PID:6076
- C:\Windows\System\dEvxVbG.exe
  C:\Windows\System\dEvxVbG.exe
  2⤵
  PID:6104
- C:\Windows\System\mYesXPy.exe
  C:\Windows\System\mYesXPy.exe
  2⤵
  PID:6132
- C:\Windows\System\GdvXbeN.exe
  C:\Windows\System\GdvXbeN.exe
  2⤵
  PID:4348
- C:\Windows\System\mfUfQZZ.exe
  C:\Windows\System\mfUfQZZ.exe
  2⤵
  PID:1736
- C:\Windows\System\UteEjOe.exe
  C:\Windows\System\UteEjOe.exe
  2⤵
  PID:4604
- C:\Windows\System\PjadtLU.exe
  C:\Windows\System\PjadtLU.exe
  2⤵
  PID:1204
- C:\Windows\System\COBvcwC.exe
  C:\Windows\System\COBvcwC.exe
  2⤵
  PID:860
- C:\Windows\System\DtoPhoK.exe
  C:\Windows\System\DtoPhoK.exe
  2⤵
  PID:3604
- C:\Windows\System\sunsYcY.exe
  C:\Windows\System\sunsYcY.exe
  2⤵
  PID:4972
- C:\Windows\System\umDEzKK.exe
  C:\Windows\System\umDEzKK.exe
  2⤵
  PID:1316
- C:\Windows\System\jvFYrTW.exe
  C:\Windows\System\jvFYrTW.exe
  2⤵
  PID:3792
- C:\Windows\System\UQAjXKT.exe
  C:\Windows\System\UQAjXKT.exe
  2⤵
  PID:2144
- C:\Windows\System\ExzELuA.exe
  C:\Windows\System\ExzELuA.exe
  2⤵
  PID:4776
- C:\Windows\System\jISfYZr.exe
  C:\Windows\System\jISfYZr.exe
  2⤵
  PID:5188
- C:\Windows\System\LUrJGBW.exe
  C:\Windows\System\LUrJGBW.exe
  2⤵
  PID:4336
- C:\Windows\System\qSgdONP.exe
  C:\Windows\System\qSgdONP.exe
  2⤵
  PID:4720
- C:\Windows\System\VCgdOFQ.exe
  C:\Windows\System\VCgdOFQ.exe
  2⤵
  PID:3724
- C:\Windows\System\wTGVoUx.exe
  C:\Windows\System\wTGVoUx.exe
  2⤵
  PID:1512
- C:\Windows\System\Hovyctg.exe
  C:\Windows\System\Hovyctg.exe
  2⤵
  PID:1800
- C:\Windows\System\CJsoHXU.exe
  C:\Windows\System\CJsoHXU.exe
  2⤵
  PID:1504
- C:\Windows\System\KlTivgV.exe
  C:\Windows\System\KlTivgV.exe
  2⤵
  PID:976
- C:\Windows\System\PxqGZAG.exe
  C:\Windows\System\PxqGZAG.exe
  2⤵
  PID:776
- C:\Windows\System\tigJWlx.exe
  C:\Windows\System\tigJWlx.exe
  2⤵
  PID:4628
- C:\Windows\System\pviGgca.exe
  C:\Windows\System\pviGgca.exe
  2⤵
  PID:1680
- C:\Windows\System\yzxiLQI.exe
  C:\Windows\System\yzxiLQI.exe
  2⤵
  PID:404
- C:\Windows\System\gjPscHs.exe
  C:\Windows\System\gjPscHs.exe
  2⤵
  PID:2076
- C:\Windows\System\UCeYYYJ.exe
  C:\Windows\System\UCeYYYJ.exe
  2⤵
  PID:1960
- C:\Windows\System\yuacHVV.exe
  C:\Windows\System\yuacHVV.exe
  2⤵
  PID:3732
- C:\Windows\System\VAfQdmL.exe
  C:\Windows\System\VAfQdmL.exe
  2⤵
  PID:5300
- C:\Windows\System\xMnKyxD.exe
  C:\Windows\System\xMnKyxD.exe
  2⤵
  PID:5392
- C:\Windows\System\JuDIhKh.exe
  C:\Windows\System\JuDIhKh.exe
  2⤵
  PID:5464
- C:\Windows\System\jonexvY.exe
  C:\Windows\System\jonexvY.exe
  2⤵
  PID:5552
- C:\Windows\System\gmevTnN.exe
  C:\Windows\System\gmevTnN.exe
  2⤵
  PID:5580
- C:\Windows\System\ggEpSdt.exe
  C:\Windows\System\ggEpSdt.exe
  2⤵
  PID:5636
- C:\Windows\System\hQuuFyK.exe
  C:\Windows\System\hQuuFyK.exe
  2⤵
  PID:5756
- C:\Windows\System\wAzAFBw.exe
  C:\Windows\System\wAzAFBw.exe
  2⤵
  PID:5828
- C:\Windows\System\PjUlFYM.exe
  C:\Windows\System\PjUlFYM.exe
  2⤵
  PID:5892
- C:\Windows\System\JRjdxCP.exe
  C:\Windows\System\JRjdxCP.exe
  2⤵
  PID:5948
- C:\Windows\System\yavkQVn.exe
  C:\Windows\System\yavkQVn.exe
  2⤵
  PID:6032
- C:\Windows\System\OwUfyJg.exe
  C:\Windows\System\OwUfyJg.exe
  2⤵
  PID:6116
- C:\Windows\System\DRKzSVj.exe
  C:\Windows\System\DRKzSVj.exe
  2⤵
  PID:3860
- C:\Windows\System\TOjUizn.exe
  C:\Windows\System\TOjUizn.exe
  2⤵
  PID:612
- C:\Windows\System\RxfkRFd.exe
  C:\Windows\System\RxfkRFd.exe
  2⤵
  PID:4864
- C:\Windows\System\HzngTWC.exe
  C:\Windows\System\HzngTWC.exe
  2⤵
  PID:3716
- C:\Windows\System\CsqfysW.exe
  C:\Windows\System\CsqfysW.exe
  2⤵
  PID:4992
- C:\Windows\System\CLEFIim.exe
  C:\Windows\System\CLEFIim.exe
  2⤵
  PID:5224
- C:\Windows\System\Sfywgpf.exe
  C:\Windows\System\Sfywgpf.exe
  2⤵
  PID:1844
- C:\Windows\System\HNZOvZx.exe
  C:\Windows\System\HNZOvZx.exe
  2⤵
  PID:1496
- C:\Windows\System\dxeYNDC.exe
  C:\Windows\System\dxeYNDC.exe
  2⤵
  PID:4816
- C:\Windows\System\VzhtoFL.exe
  C:\Windows\System\VzhtoFL.exe
  2⤵
  PID:3304
- C:\Windows\System\qqomjCg.exe
  C:\Windows\System\qqomjCg.exe
  2⤵
  PID:4124
- C:\Windows\System\eBqpgIC.exe
  C:\Windows\System\eBqpgIC.exe
  2⤵
  PID:5344
- C:\Windows\System\KoFXhVp.exe
  C:\Windows\System\KoFXhVp.exe
  2⤵
  PID:5520
- C:\Windows\System\OKFRskb.exe
  C:\Windows\System\OKFRskb.exe
  2⤵
  PID:5692
- C:\Windows\System\dyjWVob.exe
  C:\Windows\System\dyjWVob.exe
  2⤵
  PID:5864
- C:\Windows\System\tPhhqtx.exe
  C:\Windows\System\tPhhqtx.exe
  2⤵
  PID:5984
- C:\Windows\System\KETJGjf.exe
  C:\Windows\System\KETJGjf.exe
  2⤵
  PID:2488
- C:\Windows\System\smCtNeR.exe
  C:\Windows\System\smCtNeR.exe
  2⤵
  PID:3468
- C:\Windows\System\VZmXIJw.exe
  C:\Windows\System\VZmXIJw.exe
  2⤵
  PID:5156
- C:\Windows\System\XqnyIAb.exe
  C:\Windows\System\XqnyIAb.exe
  2⤵
  PID:2284
- C:\Windows\System\bBlfDoy.exe
  C:\Windows\System\bBlfDoy.exe
  2⤵
  PID:4524
- C:\Windows\System\nHNQMUs.exe
  C:\Windows\System\nHNQMUs.exe
  2⤵
  PID:5644
- C:\Windows\System\yIlegYf.exe
  C:\Windows\System\yIlegYf.exe
  2⤵
  PID:5936
- C:\Windows\System\WEGSXSS.exe
  C:\Windows\System\WEGSXSS.exe
  2⤵
  PID:3784
- C:\Windows\System\rnQwUKE.exe
  C:\Windows\System\rnQwUKE.exe
  2⤵
  PID:3444
- C:\Windows\System\IShKhav.exe
  C:\Windows\System\IShKhav.exe
  2⤵
  PID:5728
- C:\Windows\System\RBcLGod.exe
  C:\Windows\System\RBcLGod.exe
  2⤵
  PID:4244
- C:\Windows\System\haTgyvd.exe
  C:\Windows\System\haTgyvd.exe
  2⤵
  PID:5492
- C:\Windows\System\NEGWEBq.exe
  C:\Windows\System\NEGWEBq.exe
  2⤵
  PID:6164
- C:\Windows\System\mzVlkmT.exe
  C:\Windows\System\mzVlkmT.exe
  2⤵
  PID:6208
- C:\Windows\System\FdbcBVP.exe
  C:\Windows\System\FdbcBVP.exe
  2⤵
  PID:6228
- C:\Windows\System\udetuAL.exe
  C:\Windows\System\udetuAL.exe
  2⤵
  PID:6244
- C:\Windows\System\GSwfnCX.exe
  C:\Windows\System\GSwfnCX.exe
  2⤵
  PID:6276
- C:\Windows\System\XBpsfIw.exe
  C:\Windows\System\XBpsfIw.exe
  2⤵
  PID:6312
- C:\Windows\System\njYOaYJ.exe
  C:\Windows\System\njYOaYJ.exe
  2⤵
  PID:6340
- C:\Windows\System\DXKOrSH.exe
  C:\Windows\System\DXKOrSH.exe
  2⤵
  PID:6368
- C:\Windows\System\EdUgjYO.exe
  C:\Windows\System\EdUgjYO.exe
  2⤵
  PID:6396
- C:\Windows\System\VbHBqFF.exe
  C:\Windows\System\VbHBqFF.exe
  2⤵
  PID:6424
- C:\Windows\System\wredAYs.exe
  C:\Windows\System\wredAYs.exe
  2⤵
  PID:6452
- C:\Windows\System\HIllpKg.exe
  C:\Windows\System\HIllpKg.exe
  2⤵
  PID:6480
- C:\Windows\System\Dwnlrja.exe
  C:\Windows\System\Dwnlrja.exe
  2⤵
  PID:6508
- C:\Windows\System\pkqQHTd.exe
  C:\Windows\System\pkqQHTd.exe
  2⤵
  PID:6536
- C:\Windows\System\nwGclTk.exe
  C:\Windows\System\nwGclTk.exe
  2⤵
  PID:6552
- C:\Windows\System\nsHCkZe.exe
  C:\Windows\System\nsHCkZe.exe
  2⤵
  PID:6568
- C:\Windows\System\HNdiXMK.exe
  C:\Windows\System\HNdiXMK.exe
  2⤵
  PID:6600
- C:\Windows\System\EaGExQo.exe
  C:\Windows\System\EaGExQo.exe
  2⤵
  PID:6628
- C:\Windows\System\reqQoEI.exe
  C:\Windows\System\reqQoEI.exe
  2⤵
  PID:6664
- C:\Windows\System\IEWpoGQ.exe
  C:\Windows\System\IEWpoGQ.exe
  2⤵
  PID:6692
- C:\Windows\System\hXBepHJ.exe
  C:\Windows\System\hXBepHJ.exe
  2⤵
  PID:6728
- C:\Windows\System\UHbKuGK.exe
  C:\Windows\System\UHbKuGK.exe
  2⤵
  PID:6760
- C:\Windows\System\XXyeBBE.exe
  C:\Windows\System\XXyeBBE.exe
  2⤵
  PID:6788
- C:\Windows\System\eMyAHhq.exe
  C:\Windows\System\eMyAHhq.exe
  2⤵
  PID:6816
- C:\Windows\System\TVnrwuv.exe
  C:\Windows\System\TVnrwuv.exe
  2⤵
  PID:6832
- C:\Windows\System\iKejxMO.exe
  C:\Windows\System\iKejxMO.exe
  2⤵
  PID:6872
- C:\Windows\System\DGlxPua.exe
  C:\Windows\System\DGlxPua.exe
  2⤵
  PID:6904
- C:\Windows\System\bGKrhcF.exe
  C:\Windows\System\bGKrhcF.exe
  2⤵
  PID:6928
- C:\Windows\System\MhbRezb.exe
  C:\Windows\System\MhbRezb.exe
  2⤵
  PID:6960
- C:\Windows\System\ObSnlJT.exe
  C:\Windows\System\ObSnlJT.exe
  2⤵
  PID:6988
- C:\Windows\System\OflAuEl.exe
  C:\Windows\System\OflAuEl.exe
  2⤵
  PID:7016
- C:\Windows\System\VZfSEyW.exe
  C:\Windows\System\VZfSEyW.exe
  2⤵
  PID:7036
- C:\Windows\System\ShuRxzI.exe
  C:\Windows\System\ShuRxzI.exe
  2⤵
  PID:7072
- C:\Windows\System\jGqTACi.exe
  C:\Windows\System\jGqTACi.exe
  2⤵
  PID:7108
- C:\Windows\System\EyUghoD.exe
  C:\Windows\System\EyUghoD.exe
  2⤵
  PID:7136
- C:\Windows\System\PkozSSg.exe
  C:\Windows\System\PkozSSg.exe
  2⤵
  PID:7152
- C:\Windows\System\SfBzTyw.exe
  C:\Windows\System\SfBzTyw.exe
  2⤵
  PID:3512
- C:\Windows\System\WETmoBk.exe
  C:\Windows\System\WETmoBk.exe
  2⤵
  PID:6160
- C:\Windows\System\JfapNQy.exe
  C:\Windows\System\JfapNQy.exe
  2⤵
  PID:6224
- C:\Windows\System\BvkunDi.exe
  C:\Windows\System\BvkunDi.exe
  2⤵
  PID:6304
- C:\Windows\System\XCvDvNi.exe
  C:\Windows\System\XCvDvNi.exe
  2⤵
  PID:6392
- C:\Windows\System\BNeUIqL.exe
  C:\Windows\System\BNeUIqL.exe
  2⤵
  PID:6464
- C:\Windows\System\AtSQQEE.exe
  C:\Windows\System\AtSQQEE.exe
  2⤵
  PID:6544
- C:\Windows\System\oYjGikw.exe
  C:\Windows\System\oYjGikw.exe
  2⤵
  PID:6652
- C:\Windows\System\BzUfqbA.exe
  C:\Windows\System\BzUfqbA.exe
  2⤵
  PID:6688
- C:\Windows\System\eyRolag.exe
  C:\Windows\System\eyRolag.exe
  2⤵
  PID:6720
- C:\Windows\System\CuJyvNA.exe
  C:\Windows\System\CuJyvNA.exe
  2⤵
  PID:6748
- C:\Windows\System\AaiPGhO.exe
  C:\Windows\System\AaiPGhO.exe
  2⤵
  PID:6868
- C:\Windows\System\lbRFrFY.exe
  C:\Windows\System\lbRFrFY.exe
  2⤵
  PID:6936
- C:\Windows\System\ywoSgWB.exe
  C:\Windows\System\ywoSgWB.exe
  2⤵
  PID:6984
- C:\Windows\System\VXBwjAn.exe
  C:\Windows\System\VXBwjAn.exe
  2⤵
  PID:7100
- C:\Windows\System\NwsXgjy.exe
  C:\Windows\System\NwsXgjy.exe
  2⤵
  PID:7144
- C:\Windows\System\CKheyhu.exe
  C:\Windows\System\CKheyhu.exe
  2⤵
  PID:6284
- C:\Windows\System\udwdmJe.exe
  C:\Windows\System\udwdmJe.exe
  2⤵
  PID:6520
- C:\Windows\System\cTyiBML.exe
  C:\Windows\System\cTyiBML.exe
  2⤵
  PID:6560
- C:\Windows\System\dZnxzhw.exe
  C:\Windows\System\dZnxzhw.exe
  2⤵
  PID:6704
- C:\Windows\System\kwJyzfu.exe
  C:\Windows\System\kwJyzfu.exe
  2⤵
  PID:6824
- C:\Windows\System\BvZulfY.exe
  C:\Windows\System\BvZulfY.exe
  2⤵
  PID:6924
- C:\Windows\System\dOHkYMp.exe
  C:\Windows\System\dOHkYMp.exe
  2⤵
  PID:7124
- C:\Windows\System\OnRnYJY.exe
  C:\Windows\System\OnRnYJY.exe
  2⤵
  PID:7164
- C:\Windows\System\piHBWni.exe
  C:\Windows\System\piHBWni.exe
  2⤵
  PID:6416
- C:\Windows\System\OKgzJMC.exe
  C:\Windows\System\OKgzJMC.exe
  2⤵
  PID:6744
- C:\Windows\System\McRPGiS.exe
  C:\Windows\System\McRPGiS.exe
  2⤵
  PID:7176
- C:\Windows\System\aJoGqqJ.exe
  C:\Windows\System\aJoGqqJ.exe
  2⤵
  PID:7196
- C:\Windows\System\RpfcnFp.exe
  C:\Windows\System\RpfcnFp.exe
  2⤵
  PID:7216
- C:\Windows\System\awGzXXb.exe
  C:\Windows\System\awGzXXb.exe
  2⤵
  PID:7236
- C:\Windows\System\uxnDepr.exe
  C:\Windows\System\uxnDepr.exe
  2⤵
  PID:7268
- C:\Windows\System\sMJvVeO.exe
  C:\Windows\System\sMJvVeO.exe
  2⤵
  PID:7296
- C:\Windows\System\pWUMJPZ.exe
  C:\Windows\System\pWUMJPZ.exe
  2⤵
  PID:7332
- C:\Windows\System\PfXkYfT.exe
  C:\Windows\System\PfXkYfT.exe
  2⤵
  PID:7364
- C:\Windows\System\fynXzFL.exe
  C:\Windows\System\fynXzFL.exe
  2⤵
  PID:7400
- C:\Windows\System\AjmczhD.exe
  C:\Windows\System\AjmczhD.exe
  2⤵
  PID:7432
- C:\Windows\System\sHsYsvy.exe
  C:\Windows\System\sHsYsvy.exe
  2⤵
  PID:7464
- C:\Windows\System\cXORaoH.exe
  C:\Windows\System\cXORaoH.exe
  2⤵
  PID:7504
- C:\Windows\System\Kzuaxie.exe
  C:\Windows\System\Kzuaxie.exe
  2⤵
  PID:7540
- C:\Windows\System\AwbdOrU.exe
  C:\Windows\System\AwbdOrU.exe
  2⤵
  PID:7564
- C:\Windows\System\RaZKYrh.exe
  C:\Windows\System\RaZKYrh.exe
  2⤵
  PID:7592
- C:\Windows\System\CgyCIWI.exe
  C:\Windows\System\CgyCIWI.exe
  2⤵
  PID:7620
- C:\Windows\System\xQJiffe.exe
  C:\Windows\System\xQJiffe.exe
  2⤵
  PID:7652
- C:\Windows\System\RzfSIlU.exe
  C:\Windows\System\RzfSIlU.exe
  2⤵
  PID:7692
- C:\Windows\System\UfLObIV.exe
  C:\Windows\System\UfLObIV.exe
  2⤵
  PID:7720
- C:\Windows\System\DQoItHW.exe
  C:\Windows\System\DQoItHW.exe
  2⤵
  PID:7756
- C:\Windows\System\GoftCFw.exe
  C:\Windows\System\GoftCFw.exe
  2⤵
  PID:7792
- C:\Windows\System\CTzlZUr.exe
  C:\Windows\System\CTzlZUr.exe
  2⤵
  PID:7824
- C:\Windows\System\qXsArIC.exe
  C:\Windows\System\qXsArIC.exe
  2⤵
  PID:7852
- C:\Windows\System\Ayfrlqa.exe
  C:\Windows\System\Ayfrlqa.exe
  2⤵
  PID:7868
- C:\Windows\System\utKtuKB.exe
  C:\Windows\System\utKtuKB.exe
  2⤵
  PID:7900
- C:\Windows\System\vvtxtvX.exe
  C:\Windows\System\vvtxtvX.exe
  2⤵
  PID:7936
- C:\Windows\System\MVrGtDd.exe
  C:\Windows\System\MVrGtDd.exe
  2⤵
  PID:7964
- C:\Windows\System\JEDaAyg.exe
  C:\Windows\System\JEDaAyg.exe
  2⤵
  PID:7992
- C:\Windows\System\LuVLsty.exe
  C:\Windows\System\LuVLsty.exe
  2⤵
  PID:8024
- C:\Windows\System\CmpAXuM.exe
  C:\Windows\System\CmpAXuM.exe
  2⤵
  PID:8056
- C:\Windows\System\ZVNhDNo.exe
  C:\Windows\System\ZVNhDNo.exe
  2⤵
  PID:8084
- C:\Windows\System\rQlgdXL.exe
  C:\Windows\System\rQlgdXL.exe
  2⤵
  PID:8112
- C:\Windows\System\XNMeVCm.exe
  C:\Windows\System\XNMeVCm.exe
  2⤵
  PID:8140
- C:\Windows\System\aftVyJM.exe
  C:\Windows\System\aftVyJM.exe
  2⤵
  PID:8168
- C:\Windows\System\UKUtiOp.exe
  C:\Windows\System\UKUtiOp.exe
  2⤵
  PID:6256
- C:\Windows\System\qjmIuhJ.exe
  C:\Windows\System\qjmIuhJ.exe
  2⤵
  PID:7172
- C:\Windows\System\fjzhxtk.exe
  C:\Windows\System\fjzhxtk.exe
  2⤵
  PID:7204
- C:\Windows\System\eCJqLMm.exe
  C:\Windows\System\eCJqLMm.exe
  2⤵
  PID:7232
- C:\Windows\System\yFZFqGY.exe
  C:\Windows\System\yFZFqGY.exe
  2⤵
  PID:7288
- C:\Windows\System\vtXrcQi.exe
  C:\Windows\System\vtXrcQi.exe
  2⤵
  PID:7356
- C:\Windows\System\BzOGmjc.exe
  C:\Windows\System\BzOGmjc.exe
  2⤵
  PID:7492
- C:\Windows\System\gnzuXPG.exe
  C:\Windows\System\gnzuXPG.exe
  2⤵
  PID:7552
- C:\Windows\System\ypQicuj.exe
  C:\Windows\System\ypQicuj.exe
  2⤵
  PID:7584
- C:\Windows\System\tLDAmMb.exe
  C:\Windows\System\tLDAmMb.exe
  2⤵
  PID:7608
- C:\Windows\System\qvTSDag.exe
  C:\Windows\System\qvTSDag.exe
  2⤵
  PID:7676
- C:\Windows\System\ICJCPbo.exe
  C:\Windows\System\ICJCPbo.exe
  2⤵
  PID:7748
- C:\Windows\System\TOVzWJH.exe
  C:\Windows\System\TOVzWJH.exe
  2⤵
  PID:7836
- C:\Windows\System\mrZqaDs.exe
  C:\Windows\System\mrZqaDs.exe
  2⤵
  PID:7884
- C:\Windows\System\KJCiYhp.exe
  C:\Windows\System\KJCiYhp.exe
  2⤵
  PID:7956
- C:\Windows\System\KMDMolK.exe
  C:\Windows\System\KMDMolK.exe
  2⤵
  PID:8016
- C:\Windows\System\XYheHum.exe
  C:\Windows\System\XYheHum.exe
  2⤵
  PID:8080
- C:\Windows\System\Ditprfs.exe
  C:\Windows\System\Ditprfs.exe
  2⤵
  PID:8152
- C:\Windows\System\bpoUsjb.exe
  C:\Windows\System\bpoUsjb.exe
  2⤵
  PID:4700
- C:\Windows\System\JLXcACk.exe
  C:\Windows\System\JLXcACk.exe
  2⤵
  PID:6592
- C:\Windows\System\DxAVdpB.exe
  C:\Windows\System\DxAVdpB.exe
  2⤵
  PID:7396
- C:\Windows\System\brCsjtt.exe
  C:\Windows\System\brCsjtt.exe
  2⤵
  PID:7548
- C:\Windows\System\yLOQUjZ.exe
  C:\Windows\System\yLOQUjZ.exe
  2⤵
  PID:7664
- C:\Windows\System\IwUhBcO.exe
  C:\Windows\System\IwUhBcO.exe
  2⤵
  PID:7812
- C:\Windows\System\pixtkqV.exe
  C:\Windows\System\pixtkqV.exe
  2⤵
  PID:7984
- C:\Windows\System\sYzCZAR.exe
  C:\Windows\System\sYzCZAR.exe
  2⤵
  PID:8136
- C:\Windows\System\lZNbnmY.exe
  C:\Windows\System\lZNbnmY.exe
  2⤵
  PID:7256
- C:\Windows\System\oIEAuNw.exe
  C:\Windows\System\oIEAuNw.exe
  2⤵
  PID:1856
- C:\Windows\System\JOQgLyj.exe
  C:\Windows\System\JOQgLyj.exe
  2⤵
  PID:1572
- C:\Windows\System\bFXwVQT.exe
  C:\Windows\System\bFXwVQT.exe
  2⤵
  PID:7224
- C:\Windows\System\OZBfvBe.exe
  C:\Windows\System\OZBfvBe.exe
  2⤵
  PID:7808
- C:\Windows\System\YSjCGBd.exe
  C:\Windows\System\YSjCGBd.exe
  2⤵
  PID:7580
- C:\Windows\System\VxveqtR.exe
  C:\Windows\System\VxveqtR.exe
  2⤵
  PID:8204
- C:\Windows\System\HhZWlLu.exe
  C:\Windows\System\HhZWlLu.exe
  2⤵
  PID:8232
- C:\Windows\System\gmxTmoc.exe
  C:\Windows\System\gmxTmoc.exe
  2⤵
  PID:8252
- C:\Windows\System\NWMkJoD.exe
  C:\Windows\System\NWMkJoD.exe
  2⤵
  PID:8268
- C:\Windows\System\OsVWmOR.exe
  C:\Windows\System\OsVWmOR.exe
  2⤵
  PID:8304
- C:\Windows\System\WTtbmWZ.exe
  C:\Windows\System\WTtbmWZ.exe
  2⤵
  PID:8336
- C:\Windows\System\GcKAoue.exe
  C:\Windows\System\GcKAoue.exe
  2⤵
  PID:8372
- C:\Windows\System\JrkGuiz.exe
  C:\Windows\System\JrkGuiz.exe
  2⤵
  PID:8400
- C:\Windows\System\YcCLnyc.exe
  C:\Windows\System\YcCLnyc.exe
  2⤵
  PID:8432
- C:\Windows\System\MAYOGay.exe
  C:\Windows\System\MAYOGay.exe
  2⤵
  PID:8464
- C:\Windows\System\ZQNtmvt.exe
  C:\Windows\System\ZQNtmvt.exe
  2⤵
  PID:8500
- C:\Windows\System\HUVEvBm.exe
  C:\Windows\System\HUVEvBm.exe
  2⤵
  PID:8528
- C:\Windows\System\xJFFwzQ.exe
  C:\Windows\System\xJFFwzQ.exe
  2⤵
  PID:8544
- C:\Windows\System\FvycOVQ.exe
  C:\Windows\System\FvycOVQ.exe
  2⤵
  PID:8572
- C:\Windows\System\blMcPzX.exe
  C:\Windows\System\blMcPzX.exe
  2⤵
  PID:8612
- C:\Windows\System\AoWrLwK.exe
  C:\Windows\System\AoWrLwK.exe
  2⤵
  PID:8640
- C:\Windows\System\PryeZpd.exe
  C:\Windows\System\PryeZpd.exe
  2⤵
  PID:8668
- C:\Windows\System\jTUyfJt.exe
  C:\Windows\System\jTUyfJt.exe
  2⤵
  PID:8700
- C:\Windows\System\aaCQrVI.exe
  C:\Windows\System\aaCQrVI.exe
  2⤵
  PID:8728
- C:\Windows\System\LyIcnAp.exe
  C:\Windows\System\LyIcnAp.exe
  2⤵
  PID:8744
- C:\Windows\System\nJhUEEf.exe
  C:\Windows\System\nJhUEEf.exe
  2⤵
  PID:8772
- C:\Windows\System\DDPAZHh.exe
  C:\Windows\System\DDPAZHh.exe
  2⤵
  PID:8812
- C:\Windows\System\UHmzhAU.exe
  C:\Windows\System\UHmzhAU.exe
  2⤵
  PID:8840
- C:\Windows\System\ZLZJPQE.exe
  C:\Windows\System\ZLZJPQE.exe
  2⤵
  PID:8868
- C:\Windows\System\TArkvNA.exe
  C:\Windows\System\TArkvNA.exe
  2⤵
  PID:8896
- C:\Windows\System\gzSDWqf.exe
  C:\Windows\System\gzSDWqf.exe
  2⤵
  PID:8924
- C:\Windows\System\jKHvUKL.exe
  C:\Windows\System\jKHvUKL.exe
  2⤵
  PID:8952
- C:\Windows\System\EFcMRMC.exe
  C:\Windows\System\EFcMRMC.exe
  2⤵
  PID:8976
- C:\Windows\System\jxlSguC.exe
  C:\Windows\System\jxlSguC.exe
  2⤵
  PID:9004
- C:\Windows\System\IVkpOQN.exe
  C:\Windows\System\IVkpOQN.exe
  2⤵
  PID:9040
- C:\Windows\System\GaKfpWo.exe
  C:\Windows\System\GaKfpWo.exe
  2⤵
  PID:9072
- C:\Windows\System\odqarLG.exe
  C:\Windows\System\odqarLG.exe
  2⤵
  PID:9100
- C:\Windows\System\JhCsojY.exe
  C:\Windows\System\JhCsojY.exe
  2⤵
  PID:9132
- C:\Windows\System\iwIeHyN.exe
  C:\Windows\System\iwIeHyN.exe
  2⤵
  PID:9160
- C:\Windows\System\YUBIlNJ.exe
  C:\Windows\System\YUBIlNJ.exe
  2⤵
  PID:9196
- C:\Windows\System\RjaFiue.exe
  C:\Windows\System\RjaFiue.exe
  2⤵
  PID:9212
- C:\Windows\System\jFrgJhC.exe
  C:\Windows\System\jFrgJhC.exe
  2⤵
  PID:8244
- C:\Windows\System\cpHsRML.exe
  C:\Windows\System\cpHsRML.exe
  2⤵
  PID:8264
- C:\Windows\System\zStzhTd.exe
  C:\Windows\System\zStzhTd.exe
  2⤵
  PID:8416
- C:\Windows\System\cbVgpNC.exe
  C:\Windows\System\cbVgpNC.exe
  2⤵
  PID:8444
- C:\Windows\System\pEpSnMa.exe
  C:\Windows\System\pEpSnMa.exe
  2⤵
  PID:8516
- C:\Windows\System\iChWHlM.exe
  C:\Windows\System\iChWHlM.exe
  2⤵
  PID:8596
- C:\Windows\System\CKzVJed.exe
  C:\Windows\System\CKzVJed.exe
  2⤵
  PID:8636
- C:\Windows\System\zCjplIX.exe
  C:\Windows\System\zCjplIX.exe
  2⤵
  PID:8688
- C:\Windows\System\lZoAdFi.exe
  C:\Windows\System\lZoAdFi.exe
  2⤵
  PID:8768
- C:\Windows\System\BjdMEtR.exe
  C:\Windows\System\BjdMEtR.exe
  2⤵
  PID:456
- C:\Windows\System\CKjiqlE.exe
  C:\Windows\System\CKjiqlE.exe
  2⤵
  PID:8884
- C:\Windows\System\iezqdfi.exe
  C:\Windows\System\iezqdfi.exe
  2⤵
  PID:8944
- C:\Windows\System\AAJsfbm.exe
  C:\Windows\System\AAJsfbm.exe
  2⤵
  PID:8948
- C:\Windows\System\BBwupmu.exe
  C:\Windows\System\BBwupmu.exe
  2⤵
  PID:9032
- C:\Windows\System\SvGtJlv.exe
  C:\Windows\System\SvGtJlv.exe
  2⤵
  PID:9068
- C:\Windows\System\wQhRcZl.exe
  C:\Windows\System\wQhRcZl.exe
  2⤵
  PID:9116
- C:\Windows\System\eZiSAEA.exe
  C:\Windows\System\eZiSAEA.exe
  2⤵
  PID:8124
- C:\Windows\System\TAInqmq.exe
  C:\Windows\System\TAInqmq.exe
  2⤵
  PID:8364
- C:\Windows\System\PyHpfDh.exe
  C:\Windows\System\PyHpfDh.exe
  2⤵
  PID:8664
- C:\Windows\System\VckYuSL.exe
  C:\Windows\System\VckYuSL.exe
  2⤵
  PID:8756
- C:\Windows\System\EOhPemu.exe
  C:\Windows\System\EOhPemu.exe
  2⤵
  PID:9000
- C:\Windows\System\YBDcBDy.exe
  C:\Windows\System\YBDcBDy.exe
  2⤵
  PID:8240
- C:\Windows\System\egQUFGi.exe
  C:\Windows\System\egQUFGi.exe
  2⤵
  PID:9204
- C:\Windows\System\uAjstSG.exe
  C:\Windows\System\uAjstSG.exe
  2⤵
  PID:8936
- C:\Windows\System\tGYkTQN.exe
  C:\Windows\System\tGYkTQN.exe
  2⤵
  PID:9232
- C:\Windows\System\bnGdnwm.exe
  C:\Windows\System\bnGdnwm.exe
  2⤵
  PID:9264
- C:\Windows\System\fhXDdsA.exe
  C:\Windows\System\fhXDdsA.exe
  2⤵
  PID:9288
- C:\Windows\System\Xmkwdyh.exe
  C:\Windows\System\Xmkwdyh.exe
  2⤵
  PID:9308
- C:\Windows\System\osffPBr.exe
  C:\Windows\System\osffPBr.exe
  2⤵
  PID:9348
- C:\Windows\System\GjfDSaR.exe
  C:\Windows\System\GjfDSaR.exe
  2⤵
  PID:9384
- C:\Windows\System\vMaBNlF.exe
  C:\Windows\System\vMaBNlF.exe
  2⤵
  PID:9420
- C:\Windows\System\yqblCnK.exe
  C:\Windows\System\yqblCnK.exe
  2⤵
  PID:9440
- C:\Windows\System\sFImvjI.exe
  C:\Windows\System\sFImvjI.exe
  2⤵
  PID:9468
- C:\Windows\System\ADzWJSk.exe
  C:\Windows\System\ADzWJSk.exe
  2⤵
  PID:9508
- C:\Windows\System\AFdovBw.exe
  C:\Windows\System\AFdovBw.exe
  2⤵
  PID:9532
- C:\Windows\System\kkdfAVQ.exe
  C:\Windows\System\kkdfAVQ.exe
  2⤵
  PID:9564
- C:\Windows\System\OwHCuOl.exe
  C:\Windows\System\OwHCuOl.exe
  2⤵
  PID:9580
- C:\Windows\System\RhjdFqZ.exe
  C:\Windows\System\RhjdFqZ.exe
  2⤵
  PID:9604
- C:\Windows\System\yxlFKin.exe
  C:\Windows\System\yxlFKin.exe
  2⤵
  PID:9632
- C:\Windows\System\SZTrNTN.exe
  C:\Windows\System\SZTrNTN.exe
  2⤵
  PID:9664
- C:\Windows\System\KNnpLcb.exe
  C:\Windows\System\KNnpLcb.exe
  2⤵
  PID:9692
- C:\Windows\System\gMKllyb.exe
  C:\Windows\System\gMKllyb.exe
  2⤵
  PID:9728
- C:\Windows\System\TyPpPLR.exe
  C:\Windows\System\TyPpPLR.exe
  2⤵
  PID:9760
- C:\Windows\System\EcPGSek.exe
  C:\Windows\System\EcPGSek.exe
  2⤵
  PID:9788
- C:\Windows\System\hLwZQzY.exe
  C:\Windows\System\hLwZQzY.exe
  2⤵
  PID:9824
- C:\Windows\System\LKeZNNH.exe
  C:\Windows\System\LKeZNNH.exe
  2⤵
  PID:9848
- C:\Windows\System\rMiIiMc.exe
  C:\Windows\System\rMiIiMc.exe
  2⤵
  PID:9884
- C:\Windows\System\HGsrWDZ.exe
  C:\Windows\System\HGsrWDZ.exe
  2⤵
  PID:9904
- C:\Windows\System\CeYawOA.exe
  C:\Windows\System\CeYawOA.exe
  2⤵
  PID:9920
- C:\Windows\System\JWEhzQh.exe
  C:\Windows\System\JWEhzQh.exe
  2⤵
  PID:9944
- C:\Windows\System\AfzIpqV.exe
  C:\Windows\System\AfzIpqV.exe
  2⤵
  PID:9960
- C:\Windows\System\UXsCMXa.exe
  C:\Windows\System\UXsCMXa.exe
  2⤵
  PID:9988
- C:\Windows\System\uSriFvD.exe
  C:\Windows\System\uSriFvD.exe
  2⤵
  PID:10016
- C:\Windows\System\dqLJahF.exe
  C:\Windows\System\dqLJahF.exe
  2⤵
  PID:10044
- C:\Windows\System\VozJoOj.exe
  C:\Windows\System\VozJoOj.exe
  2⤵
  PID:10076
- C:\Windows\System\KWLotbl.exe
  C:\Windows\System\KWLotbl.exe
  2⤵
  PID:10112
- C:\Windows\System\ntchbtw.exe
  C:\Windows\System\ntchbtw.exe
  2⤵
  PID:10132
- C:\Windows\System\vDLpdXC.exe
  C:\Windows\System\vDLpdXC.exe
  2⤵
  PID:10172
- C:\Windows\System\EJippZO.exe
  C:\Windows\System\EJippZO.exe
  2⤵
  PID:10204
- C:\Windows\System\kQEwPHQ.exe
  C:\Windows\System\kQEwPHQ.exe
  2⤵
  PID:10232
- C:\Windows\System\BLxTDMu.exe
  C:\Windows\System\BLxTDMu.exe
  2⤵
  PID:8460
- C:\Windows\System\jrxyUSk.exe
  C:\Windows\System\jrxyUSk.exe
  2⤵
  PID:9316
- C:\Windows\System\xiwRPIq.exe
  C:\Windows\System\xiwRPIq.exe
  2⤵
  PID:9344
- C:\Windows\System\TXvsNJw.exe
  C:\Windows\System\TXvsNJw.exe
  2⤵
  PID:9404
- C:\Windows\System\RpIZjyz.exe
  C:\Windows\System\RpIZjyz.exe
  2⤵
  PID:9484
- C:\Windows\System\nEUxGMe.exe
  C:\Windows\System\nEUxGMe.exe
  2⤵
  PID:9548
- C:\Windows\System\lIkEEoz.exe
  C:\Windows\System\lIkEEoz.exe
  2⤵
  PID:9644
- C:\Windows\System\CVcnryD.exe
  C:\Windows\System\CVcnryD.exe
  2⤵
  PID:9652
- C:\Windows\System\DdKILaM.exe
  C:\Windows\System\DdKILaM.exe
  2⤵
  PID:9776
- C:\Windows\System\sKaesJh.exe
  C:\Windows\System\sKaesJh.exe
  2⤵
  PID:3068
- C:\Windows\System\PBdKDEJ.exe
  C:\Windows\System\PBdKDEJ.exe
  2⤵
  PID:4236
- C:\Windows\System\pdhkQAk.exe
  C:\Windows\System\pdhkQAk.exe
  2⤵
  PID:8696
- C:\Windows\System\lJxEYYh.exe
  C:\Windows\System\lJxEYYh.exe
  2⤵
  PID:9872
- C:\Windows\System\zqFhcMF.exe
  C:\Windows\System\zqFhcMF.exe
  2⤵
  PID:9912
- C:\Windows\System\EqIhlCm.exe
  C:\Windows\System\EqIhlCm.exe
  2⤵
  PID:10000
- C:\Windows\System\LyJmuVm.exe
  C:\Windows\System\LyJmuVm.exe
  2⤵
  PID:10096
- C:\Windows\System\QjSBIxs.exe
  C:\Windows\System\QjSBIxs.exe
  2⤵
  PID:10124
- C:\Windows\System\lwpovjd.exe
  C:\Windows\System\lwpovjd.exe
  2⤵
  PID:10192
- C:\Windows\System\OSqMEBD.exe
  C:\Windows\System\OSqMEBD.exe
  2⤵
  PID:9220
- C:\Windows\System\VsECCmM.exe
  C:\Windows\System\VsECCmM.exe
  2⤵
  PID:9432
- C:\Windows\System\BJeMNSb.exe
  C:\Windows\System\BJeMNSb.exe
  2⤵
  PID:9452
- C:\Windows\System\LXOeqvN.exe
  C:\Windows\System\LXOeqvN.exe
  2⤵
  PID:9716
- C:\Windows\System\zfHrssn.exe
  C:\Windows\System\zfHrssn.exe
  2⤵
  PID:9816
- C:\Windows\System\apGnrTR.exe
  C:\Windows\System\apGnrTR.exe
  2⤵
  PID:9976
- C:\Windows\System\XQhxdzJ.exe
  C:\Windows\System\XQhxdzJ.exe
  2⤵
  PID:10084
- C:\Windows\System\Crpnrma.exe
  C:\Windows\System\Crpnrma.exe
  2⤵
  PID:8804
- C:\Windows\System\cbNrSWN.exe
  C:\Windows\System\cbNrSWN.exe
  2⤵
  PID:5084
- C:\Windows\System\DnjQhby.exe
  C:\Windows\System\DnjQhby.exe
  2⤵
  PID:9972
- C:\Windows\System\ffRWWBn.exe
  C:\Windows\System\ffRWWBn.exe
  2⤵
  PID:9456
- C:\Windows\System\SDRFKVU.exe
  C:\Windows\System\SDRFKVU.exe
  2⤵
  PID:10260
- C:\Windows\System\PLEOxhY.exe
  C:\Windows\System\PLEOxhY.exe
  2⤵
  PID:10280
- C:\Windows\System\PAwXDKR.exe
  C:\Windows\System\PAwXDKR.exe
  2⤵
  PID:10296
- C:\Windows\System\lJAcQXA.exe
  C:\Windows\System\lJAcQXA.exe
  2⤵
  PID:10312
- C:\Windows\System\leTymHt.exe
  C:\Windows\System\leTymHt.exe
  2⤵
  PID:10340
- C:\Windows\System\nOMgXdG.exe
  C:\Windows\System\nOMgXdG.exe
  2⤵
  PID:10372
- C:\Windows\System\FdeKsWc.exe
  C:\Windows\System\FdeKsWc.exe
  2⤵
  PID:10404
- C:\Windows\System\mkiYqYb.exe
  C:\Windows\System\mkiYqYb.exe
  2⤵
  PID:10432
- C:\Windows\System\RMxgBOW.exe
  C:\Windows\System\RMxgBOW.exe
  2⤵
  PID:10468
- C:\Windows\System\hclxHwD.exe
  C:\Windows\System\hclxHwD.exe
  2⤵
  PID:10504
- C:\Windows\System\UCDNtYk.exe
  C:\Windows\System\UCDNtYk.exe
  2⤵
  PID:10524
- C:\Windows\System\TDQJPDn.exe
  C:\Windows\System\TDQJPDn.exe
  2⤵
  PID:10560
- C:\Windows\System\ErdFEdv.exe
  C:\Windows\System\ErdFEdv.exe
  2⤵
  PID:10588
- C:\Windows\System\jLADloO.exe
  C:\Windows\System\jLADloO.exe
  2⤵
  PID:10620
- C:\Windows\System\DeaCwTH.exe
  C:\Windows\System\DeaCwTH.exe
  2⤵
  PID:10656
- C:\Windows\System\gtfzxVm.exe
  C:\Windows\System\gtfzxVm.exe
  2⤵
  PID:10680
- C:\Windows\System\qEqatXs.exe
  C:\Windows\System\qEqatXs.exe
  2⤵
  PID:10704
- C:\Windows\System\DdOSZpS.exe
  C:\Windows\System\DdOSZpS.exe
  2⤵
  PID:10740
- C:\Windows\System\ayKyUvG.exe
  C:\Windows\System\ayKyUvG.exe
  2⤵
  PID:10768
- C:\Windows\System\DlXkIeq.exe
  C:\Windows\System\DlXkIeq.exe
  2⤵
  PID:10804
- C:\Windows\System\xZWSqgy.exe
  C:\Windows\System\xZWSqgy.exe
  2⤵
  PID:10824
- C:\Windows\System\ajZWhuE.exe
  C:\Windows\System\ajZWhuE.exe
  2⤵
  PID:10852
- C:\Windows\System\OaxZLkP.exe
  C:\Windows\System\OaxZLkP.exe
  2⤵
  PID:10872
- C:\Windows\System\yRFdzjx.exe
  C:\Windows\System\yRFdzjx.exe
  2⤵
  PID:10904
- C:\Windows\System\OtYhVNH.exe
  C:\Windows\System\OtYhVNH.exe
  2⤵
  PID:10932
- C:\Windows\System\omrxbJM.exe
  C:\Windows\System\omrxbJM.exe
  2⤵
  PID:10964
- C:\Windows\System\AkVUPBr.exe
  C:\Windows\System\AkVUPBr.exe
  2⤵
  PID:10996
- C:\Windows\System\BKjzdiL.exe
  C:\Windows\System\BKjzdiL.exe
  2⤵
  PID:11020
- C:\Windows\System\Tymhqyc.exe
  C:\Windows\System\Tymhqyc.exe
  2⤵
  PID:11052
- C:\Windows\System\cWmYzJQ.exe
  C:\Windows\System\cWmYzJQ.exe
  2⤵
  PID:11076
- C:\Windows\System\uyakdOO.exe
  C:\Windows\System\uyakdOO.exe
  2⤵
  PID:11104
- C:\Windows\System\rnIieYW.exe
  C:\Windows\System\rnIieYW.exe
  2⤵
  PID:11132
- C:\Windows\System\WlWBUqY.exe
  C:\Windows\System\WlWBUqY.exe
  2⤵
  PID:11160
- C:\Windows\System\WDxxTKp.exe
  C:\Windows\System\WDxxTKp.exe
  2⤵
  PID:11188
- C:\Windows\System\YkUgfWe.exe
  C:\Windows\System\YkUgfWe.exe
  2⤵
  PID:11220
- C:\Windows\System\wIEmXtK.exe
  C:\Windows\System\wIEmXtK.exe
  2⤵
  PID:11244
- C:\Windows\System\dhMrXRs.exe
  C:\Windows\System\dhMrXRs.exe
  2⤵
  PID:9296
- C:\Windows\System\oUpDphD.exe
  C:\Windows\System\oUpDphD.exe
  2⤵
  PID:10304
- C:\Windows\System\kxQyqxx.exe
  C:\Windows\System\kxQyqxx.exe
  2⤵
  PID:10324
- C:\Windows\System\EhTLIaU.exe
  C:\Windows\System\EhTLIaU.exe
  2⤵
  PID:10400
- C:\Windows\System\KlshxVu.exe
  C:\Windows\System\KlshxVu.exe
  2⤵
  PID:10416
- C:\Windows\System\OIUMslc.exe
  C:\Windows\System\OIUMslc.exe
  2⤵
  PID:10428
- C:\Windows\System\UXKgXaf.exe
  C:\Windows\System\UXKgXaf.exe
  2⤵
  PID:10520
- C:\Windows\System\DpIPZFk.exe
  C:\Windows\System\DpIPZFk.exe
  2⤵
  PID:10640
- C:\Windows\System\HOMvUnt.exe
  C:\Windows\System\HOMvUnt.exe
  2⤵
  PID:10688
- C:\Windows\System\dWhFDVm.exe
  C:\Windows\System\dWhFDVm.exe
  2⤵
  PID:10732
- C:\Windows\System\OHoWsKf.exe
  C:\Windows\System\OHoWsKf.exe
  2⤵
  PID:10812
- C:\Windows\System\RpgRFyQ.exe
  C:\Windows\System\RpgRFyQ.exe
  2⤵
  PID:10860
- C:\Windows\System\FzRGlvD.exe
  C:\Windows\System\FzRGlvD.exe
  2⤵
  PID:10920
- C:\Windows\System\lUVYGkO.exe
  C:\Windows\System\lUVYGkO.exe
  2⤵
  PID:10976
- C:\Windows\System\RhNzVMH.exe
  C:\Windows\System\RhNzVMH.exe
  2⤵
  PID:11032
- C:\Windows\System\HQHynMw.exe
  C:\Windows\System\HQHynMw.exe
  2⤵
  PID:11120
- C:\Windows\System\Blwbvcr.exe
  C:\Windows\System\Blwbvcr.exe
  2⤵
  PID:11200
- C:\Windows\System\blEFHEr.exe
  C:\Windows\System\blEFHEr.exe
  2⤵
  PID:11256
- C:\Windows\System\ankOFuh.exe
  C:\Windows\System\ankOFuh.exe
  2⤵
  PID:10268
- C:\Windows\System\eaZUGHW.exe
  C:\Windows\System\eaZUGHW.exe
  2⤵
  PID:10368
- C:\Windows\System\VYhsICX.exe
  C:\Windows\System\VYhsICX.exe
  2⤵
  PID:10500
- C:\Windows\System\PvkYOWU.exe
  C:\Windows\System\PvkYOWU.exe
  2⤵
  PID:10644
- C:\Windows\System\ZqaVqGy.exe
  C:\Windows\System\ZqaVqGy.exe
  2⤵
  PID:10848
- C:\Windows\System\IiWuuYj.exe
  C:\Windows\System\IiWuuYj.exe
  2⤵
  PID:11008
- C:\Windows\System\MpFjZPP.exe
  C:\Windows\System\MpFjZPP.exe
  2⤵
  PID:11176
- C:\Windows\System\UgZrunU.exe
  C:\Windows\System\UgZrunU.exe
  2⤵
  PID:10228
- C:\Windows\System\vsuvuYd.exe
  C:\Windows\System\vsuvuYd.exe
  2⤵
  PID:10512
- C:\Windows\System\iIFNkZx.exe
  C:\Windows\System\iIFNkZx.exe
  2⤵
  PID:11016
- C:\Windows\System\Uusxuyn.exe
  C:\Windows\System\Uusxuyn.exe
  2⤵
  PID:11232
- C:\Windows\System\WkBsJBL.exe
  C:\Windows\System\WkBsJBL.exe
  2⤵
  PID:11280
- C:\Windows\System\wqpgQwe.exe
  C:\Windows\System\wqpgQwe.exe
  2⤵
  PID:11320
- C:\Windows\System\OBYFfcf.exe
  C:\Windows\System\OBYFfcf.exe
  2⤵
  PID:11348
- C:\Windows\System\SJBihrh.exe
  C:\Windows\System\SJBihrh.exe
  2⤵
  PID:11372
- C:\Windows\System\cAQdtjD.exe
  C:\Windows\System\cAQdtjD.exe
  2⤵
  PID:11400
- C:\Windows\System\UGluzCT.exe
  C:\Windows\System\UGluzCT.exe
  2⤵
  PID:11428
- C:\Windows\System\imWvgna.exe
  C:\Windows\System\imWvgna.exe
  2⤵
  PID:11460
- C:\Windows\System\SRouTwC.exe
  C:\Windows\System\SRouTwC.exe
  2⤵
  PID:11480
- C:\Windows\System\iFItwHd.exe
  C:\Windows\System\iFItwHd.exe
  2⤵
  PID:11504
- C:\Windows\System\BccVptl.exe
  C:\Windows\System\BccVptl.exe
  2⤵
  PID:11532
- C:\Windows\System\skhrBAw.exe
  C:\Windows\System\skhrBAw.exe
  2⤵
  PID:11556
- C:\Windows\System\EClzFzq.exe
  C:\Windows\System\EClzFzq.exe
  2⤵
  PID:11584
- C:\Windows\System\WFpKnMV.exe
  C:\Windows\System\WFpKnMV.exe
  2⤵
  PID:11612
- C:\Windows\System\oNosRSr.exe
  C:\Windows\System\oNosRSr.exe
  2⤵
  PID:11636
- C:\Windows\System\UVRziEx.exe
  C:\Windows\System\UVRziEx.exe
  2⤵
  PID:11664
- C:\Windows\System\TqabvYT.exe
  C:\Windows\System\TqabvYT.exe
  2⤵
  PID:11692
- C:\Windows\System\WHhaInZ.exe
  C:\Windows\System\WHhaInZ.exe
  2⤵
  PID:11720
- C:\Windows\System\UIbhZqt.exe
  C:\Windows\System\UIbhZqt.exe
  2⤵
  PID:11740
- C:\Windows\System\HRRudRJ.exe
  C:\Windows\System\HRRudRJ.exe
  2⤵
  PID:11768
- C:\Windows\System\oqgoqiZ.exe
  C:\Windows\System\oqgoqiZ.exe
  2⤵
  PID:11796
- C:\Windows\System\FzihUGE.exe
  C:\Windows\System\FzihUGE.exe
  2⤵
  PID:11832
- C:\Windows\System\xYvTgNT.exe
  C:\Windows\System\xYvTgNT.exe
  2⤵
  PID:11868
- C:\Windows\System\nIgySPz.exe
  C:\Windows\System\nIgySPz.exe
  2⤵
  PID:11892
- C:\Windows\System\CCkFJEA.exe
  C:\Windows\System\CCkFJEA.exe
  2⤵
  PID:11920
- C:\Windows\System\zngWxJW.exe
  C:\Windows\System\zngWxJW.exe
  2⤵
  PID:11952
- C:\Windows\System\qdsUSOl.exe
  C:\Windows\System\qdsUSOl.exe
  2⤵
  PID:11976
- C:\Windows\System\igQtKBN.exe
  C:\Windows\System\igQtKBN.exe
  2⤵
  PID:12008
- C:\Windows\System\CDPOFKP.exe
  C:\Windows\System\CDPOFKP.exe
  2⤵
  PID:12040
- C:\Windows\System\glupwiJ.exe
  C:\Windows\System\glupwiJ.exe
  2⤵
  PID:12076
- C:\Windows\System\edKzzCS.exe
  C:\Windows\System\edKzzCS.exe
  2⤵
  PID:12092
- C:\Windows\System\tFDIgcd.exe
  C:\Windows\System\tFDIgcd.exe
  2⤵
  PID:12120
- C:\Windows\System\QZCVVtd.exe
  C:\Windows\System\QZCVVtd.exe
  2⤵
  PID:12144
- C:\Windows\System\jzsanjK.exe
  C:\Windows\System\jzsanjK.exe
  2⤵
  PID:12176
- C:\Windows\System\WUfOdgl.exe
  C:\Windows\System\WUfOdgl.exe
  2⤵
  PID:12204
- C:\Windows\System\DPuotYn.exe
  C:\Windows\System\DPuotYn.exe
  2⤵
  PID:12236
- C:\Windows\System\cBhSuCP.exe
  C:\Windows\System\cBhSuCP.exe
  2⤵
  PID:12260
- C:\Windows\System\sTtLSpk.exe
  C:\Windows\System\sTtLSpk.exe
  2⤵
  PID:12284
- C:\Windows\System\BqdwwZb.exe
  C:\Windows\System\BqdwwZb.exe
  2⤵
  PID:11268
- C:\Windows\System\oLLMAIa.exe
  C:\Windows\System\oLLMAIa.exe
  2⤵
  PID:11368
- C:\Windows\System\oYNFlmC.exe
  C:\Windows\System\oYNFlmC.exe
  2⤵
  PID:11344
- C:\Windows\System\tjDHufP.exe
  C:\Windows\System\tjDHufP.exe
  2⤵
  PID:11456
- C:\Windows\System\kFhHTYs.exe
  C:\Windows\System\kFhHTYs.exe
  2⤵
  PID:11520
- C:\Windows\System\cDJNndR.exe
  C:\Windows\System\cDJNndR.exe
  2⤵
  PID:11544
- C:\Windows\System\vfpuPEe.exe
  C:\Windows\System\vfpuPEe.exe
  2⤵
  PID:11540
- C:\Windows\System\xaTyLRX.exe
  C:\Windows\System\xaTyLRX.exe
  2⤵
  PID:11676
- C:\Windows\System\afKwdwQ.exe
  C:\Windows\System\afKwdwQ.exe
  2⤵
  PID:11756
- C:\Windows\System\Liqvean.exe
  C:\Windows\System\Liqvean.exe
  2⤵
  PID:11820
- C:\Windows\System\FClGnnr.exe
  C:\Windows\System\FClGnnr.exe
  2⤵
  PID:11844
- C:\Windows\System\GhnaTSY.exe
  C:\Windows\System\GhnaTSY.exe
  2⤵
  PID:11996
- C:\Windows\System\cazCvjn.exe
  C:\Windows\System\cazCvjn.exe
  2⤵
  PID:11940
- C:\Windows\System\xUPmPUD.exe
  C:\Windows\System\xUPmPUD.exe
  2⤵
  PID:12068
- C:\Windows\System\fFqBWre.exe
  C:\Windows\System\fFqBWre.exe
  2⤵
  PID:12140
- C:\Windows\System\VFIPkRr.exe
  C:\Windows\System\VFIPkRr.exe
  2⤵
  PID:12156
- C:\Windows\System\qVfeRQs.exe
  C:\Windows\System\qVfeRQs.exe
  2⤵
  PID:12212
- C:\Windows\System\bnRuOKO.exe
  C:\Windows\System\bnRuOKO.exe
  2⤵
  PID:10888
- C:\Windows\System\bBHdmMy.exe
  C:\Windows\System\bBHdmMy.exe
  2⤵
  PID:12268
- C:\Windows\System\WekwIwK.exe
  C:\Windows\System\WekwIwK.exe
  2⤵
  PID:11528
- C:\Windows\System\NzkAEUU.exe
  C:\Windows\System\NzkAEUU.exe
  2⤵
  PID:11500
- C:\Windows\System\FWCXXdK.exe
  C:\Windows\System\FWCXXdK.exe
  2⤵
  PID:11452
- C:\Windows\System\IUAuNSU.exe
  C:\Windows\System\IUAuNSU.exe
  2⤵
  PID:11784
- C:\Windows\System\UVSoZsL.exe
  C:\Windows\System\UVSoZsL.exe
  2⤵
  PID:11932
- C:\Windows\System\eMdeBva.exe
  C:\Windows\System\eMdeBva.exe
  2⤵
  PID:11600
- C:\Windows\System\WbbGWrE.exe
  C:\Windows\System\WbbGWrE.exe
  2⤵
  PID:11912
- C:\Windows\System\ibzAfgl.exe
  C:\Windows\System\ibzAfgl.exe
  2⤵
  PID:12084
- C:\Windows\System\kIuWvbz.exe
  C:\Windows\System\kIuWvbz.exe
  2⤵
  PID:12296
- C:\Windows\System\eUhCghq.exe
  C:\Windows\System\eUhCghq.exe
  2⤵
  PID:12332
- C:\Windows\System\mkRxHHQ.exe
  C:\Windows\System\mkRxHHQ.exe
  2⤵
  PID:12352
- C:\Windows\System\ElcnDmU.exe
  C:\Windows\System\ElcnDmU.exe
  2⤵
  PID:12392
- C:\Windows\System\nITYltI.exe
  C:\Windows\System\nITYltI.exe
  2⤵
  PID:12428
- C:\Windows\System\aeIxPHx.exe
  C:\Windows\System\aeIxPHx.exe
  2⤵
  PID:12460
- C:\Windows\System\jqfsKNS.exe
  C:\Windows\System\jqfsKNS.exe
  2⤵
  PID:12492
- C:\Windows\System\NYLkRlk.exe
  C:\Windows\System\NYLkRlk.exe
  2⤵
  PID:12516
- C:\Windows\System\JWkUiPB.exe
  C:\Windows\System\JWkUiPB.exe
  2⤵
  PID:12540
- C:\Windows\System\zXeOIgO.exe
  C:\Windows\System\zXeOIgO.exe
  2⤵
  PID:12560
- C:\Windows\System\fTHBgyT.exe
  C:\Windows\System\fTHBgyT.exe
  2⤵
  PID:12580
- C:\Windows\System\IdbzFXB.exe
  C:\Windows\System\IdbzFXB.exe
  2⤵
  PID:12616
- C:\Windows\System\KhUfgwg.exe
  C:\Windows\System\KhUfgwg.exe
  2⤵
  PID:12636
- C:\Windows\System\omryLfC.exe
  C:\Windows\System\omryLfC.exe
  2⤵
  PID:12672
- C:\Windows\System\cTFNiCA.exe
  C:\Windows\System\cTFNiCA.exe
  2⤵
  PID:12700
- C:\Windows\System\zniTpGM.exe
  C:\Windows\System\zniTpGM.exe
  2⤵
  PID:12728
- C:\Windows\System\gLVDoVG.exe
  C:\Windows\System\gLVDoVG.exe
  2⤵
  PID:12756
- C:\Windows\System\cjqhlnz.exe
  C:\Windows\System\cjqhlnz.exe
  2⤵
  PID:12772
- C:\Windows\System\blocbAq.exe
  C:\Windows\System\blocbAq.exe
  2⤵
  PID:12808
- C:\Windows\System\tTBMRej.exe
  C:\Windows\System\tTBMRej.exe
  2⤵
  PID:12852
- C:\Windows\System\qspqlVA.exe
  C:\Windows\System\qspqlVA.exe
  2⤵
  PID:12880
- C:\Windows\System\HVMJDHh.exe
  C:\Windows\System\HVMJDHh.exe
  2⤵
  PID:12904
- C:\Windows\System\eYSAPho.exe
  C:\Windows\System\eYSAPho.exe
  2⤵
  PID:12928
- C:\Windows\System\RNFRWDW.exe
  C:\Windows\System\RNFRWDW.exe
  2⤵
  PID:12952
- C:\Windows\System\OrtqAJJ.exe
  C:\Windows\System\OrtqAJJ.exe
  2⤵
  PID:12976
- C:\Windows\System\IUBScpP.exe
  C:\Windows\System\IUBScpP.exe
  2⤵
  PID:13004
- C:\Windows\System\eSMtwNF.exe
  C:\Windows\System\eSMtwNF.exe
  2⤵
  PID:13032
- C:\Windows\System\esfdcta.exe
  C:\Windows\System\esfdcta.exe
  2⤵
  PID:13052
- C:\Windows\System\NkRYxay.exe
  C:\Windows\System\NkRYxay.exe
  2⤵
  PID:13080
- C:\Windows\System\gShSSyE.exe
  C:\Windows\System\gShSSyE.exe
  2⤵
  PID:13108
- C:\Windows\System\rDkcNsH.exe
  C:\Windows\System\rDkcNsH.exe
  2⤵
  PID:13132
- C:\Windows\System\ZQxISKz.exe
  C:\Windows\System\ZQxISKz.exe
  2⤵
  PID:13156
- C:\Windows\System\Tesynlu.exe
  C:\Windows\System\Tesynlu.exe
  2⤵
  PID:13184
- C:\Windows\System\ZRoFPwz.exe
  C:\Windows\System\ZRoFPwz.exe
  2⤵
  PID:13220
- C:\Windows\System\UpFWvjf.exe
  C:\Windows\System\UpFWvjf.exe
  2⤵
  PID:13252
- C:\Windows\System\FNEWYKj.exe
  C:\Windows\System\FNEWYKj.exe
  2⤵
  PID:13280
- C:\Windows\System\hTHkqbN.exe
  C:\Windows\System\hTHkqbN.exe
  2⤵
  PID:13300
- C:\Windows\System\AxeumuU.exe
  C:\Windows\System\AxeumuU.exe
  2⤵
  PID:11340
- C:\Windows\System\WdKpDVL.exe
  C:\Windows\System\WdKpDVL.exe
  2⤵
  PID:11968
- C:\Windows\System\JLRsKZD.exe
  C:\Windows\System\JLRsKZD.exe
  2⤵
  PID:12440
- C:\Windows\System\URPTUFk.exe
  C:\Windows\System\URPTUFk.exe
  2⤵
  PID:11704
- C:\Windows\System\MNDTalV.exe
  C:\Windows\System\MNDTalV.exe
  2⤵
  PID:12308
- C:\Windows\System\XsfreRB.exe
  C:\Windows\System\XsfreRB.exe
  2⤵
  PID:12364
- C:\Windows\System\oIsjBYI.exe
  C:\Windows\System\oIsjBYI.exe
  2⤵
  PID:12536
- C:\Windows\System\ZALLRYs.exe
  C:\Windows\System\ZALLRYs.exe
  2⤵
  PID:12604
- C:\Windows\System\COBivvo.exe
  C:\Windows\System\COBivvo.exe
  2⤵
  PID:12764
- C:\Windows\System\usRgumf.exe
  C:\Windows\System\usRgumf.exe
  2⤵
  PID:12796
- C:\Windows\System\FxyGybV.exe
  C:\Windows\System\FxyGybV.exe
  2⤵
  PID:12720
- C:\Windows\System\VhUQShY.exe
  C:\Windows\System\VhUQShY.exe
  2⤵
  PID:12924
- C:\Windows\System\sncjVos.exe
  C:\Windows\System\sncjVos.exe
  2⤵
  PID:12752
- C:\Windows\System\KbIiTMD.exe
  C:\Windows\System\KbIiTMD.exe
  2⤵
  PID:13064
- C:\Windows\System\WHpIlYl.exe
  C:\Windows\System\WHpIlYl.exe
  2⤵
  PID:13016
- C:\Windows\System\gGuPVVr.exe
  C:\Windows\System\gGuPVVr.exe
  2⤵
  PID:12988
- C:\Windows\System\RRmRKCy.exe
  C:\Windows\System\RRmRKCy.exe
  2⤵
  PID:13204
- C:\Windows\System\eRbhZje.exe
  C:\Windows\System\eRbhZje.exe
  2⤵
  PID:13268
- C:\Windows\System\cMqXZHk.exe
  C:\Windows\System\cMqXZHk.exe
  2⤵
  PID:13216
- C:\Windows\System\TDhAwWr.exe
  C:\Windows\System\TDhAwWr.exe
  2⤵
  PID:12436
- C:\Windows\System\SycASYq.exe
  C:\Windows\System\SycASYq.exe
  2⤵
  PID:12388
- C:\Windows\System\xcrQmIT.exe
  C:\Windows\System\xcrQmIT.exe
  2⤵
  PID:12612
- C:\Windows\System\MkIBBwl.exe
  C:\Windows\System\MkIBBwl.exe
  2⤵
  PID:12512
- C:\Windows\System\GOKUQbi.exe
  C:\Windows\System\GOKUQbi.exe
  2⤵
  PID:12592
- C:\Windows\System\cXdZEOs.exe
  C:\Windows\System\cXdZEOs.exe
  2⤵
  PID:4672
- C:\Windows\System\TCfVenu.exe
  C:\Windows\System\TCfVenu.exe
  2⤵
  PID:12816
- C:\Windows\System\yjXbOPg.exe
  C:\Windows\System\yjXbOPg.exe
  2⤵
  PID:13336
- C:\Windows\System\OeUYuRi.exe
  C:\Windows\System\OeUYuRi.exe
  2⤵
  PID:13368
- C:\Windows\System\KLLiTBr.exe
  C:\Windows\System\KLLiTBr.exe
  2⤵
  PID:13384
- C:\Windows\System\pJStIWm.exe
  C:\Windows\System\pJStIWm.exe
  2⤵
  PID:13416
- C:\Windows\System\neGzdDc.exe
  C:\Windows\System\neGzdDc.exe
  2⤵
  PID:13432
- C:\Windows\System\qUIMRIy.exe
  C:\Windows\System\qUIMRIy.exe
  2⤵
  PID:13452
- C:\Windows\System\zBLFlcd.exe
  C:\Windows\System\zBLFlcd.exe
  2⤵
  PID:13480
- C:\Windows\System\ZaXjbti.exe
  C:\Windows\System\ZaXjbti.exe
  2⤵
  PID:13508
- C:\Windows\System\gBBxFEd.exe
  C:\Windows\System\gBBxFEd.exe
  2⤵
  PID:13544
- C:\Windows\System\QdgvtYX.exe
  C:\Windows\System\QdgvtYX.exe
  2⤵
  PID:13568
- C:\Windows\System\vTTxHWm.exe
  C:\Windows\System\vTTxHWm.exe
  2⤵
  PID:13596
- C:\Windows\System\OpdOINI.exe
  C:\Windows\System\OpdOINI.exe
  2⤵
  PID:13620
- C:\Windows\System\eVTAdaB.exe
  C:\Windows\System\eVTAdaB.exe
  2⤵
  PID:13640
- C:\Windows\System\TQOekZz.exe
  C:\Windows\System\TQOekZz.exe
  2⤵
  PID:13664
- C:\Windows\System\LXRgCEu.exe
  C:\Windows\System\LXRgCEu.exe
  2⤵
  PID:13708
- C:\Windows\System\GJgcZeo.exe
  C:\Windows\System\GJgcZeo.exe
  2⤵
  PID:13724
- C:\Windows\System\zPfbRlz.exe
  C:\Windows\System\zPfbRlz.exe
  2⤵
  PID:13740
- C:\Windows\System\NigGVsJ.exe
  C:\Windows\System\NigGVsJ.exe
  2⤵
  PID:13776
- C:\Windows\System\gOYqcYW.exe
  C:\Windows\System\gOYqcYW.exe
  2⤵
  PID:13800
- C:\Windows\System\SmPyfBC.exe
  C:\Windows\System\SmPyfBC.exe
  2⤵
  PID:13824
- C:\Windows\System\uknGbZa.exe
  C:\Windows\System\uknGbZa.exe
  2⤵
  PID:13848
- C:\Windows\System\AxHdtCE.exe
  C:\Windows\System\AxHdtCE.exe
  2⤵
  PID:13872
- C:\Windows\System\HINiChG.exe
  C:\Windows\System\HINiChG.exe
  2⤵
  PID:13908
- C:\Windows\System\RoJknae.exe
  C:\Windows\System\RoJknae.exe
  2⤵
  PID:13936
- C:\Windows\System\AMiMQOD.exe
  C:\Windows\System\AMiMQOD.exe
  2⤵
  PID:13972
- C:\Windows\System\jthupqz.exe
  C:\Windows\System\jthupqz.exe
  2⤵
  PID:13992
- C:\Windows\System\ESpaWfl.exe
  C:\Windows\System\ESpaWfl.exe
  2⤵
  PID:14016
- C:\Windows\System\emFiMSU.exe
  C:\Windows\System\emFiMSU.exe
  2⤵
  PID:14048
- C:\Windows\System\vqwCxnq.exe
  C:\Windows\System\vqwCxnq.exe
  2⤵
  PID:14064
- C:\Windows\System\vwSABgj.exe
  C:\Windows\System\vwSABgj.exe
  2⤵
  PID:14096
- C:\Windows\System\GGJkucw.exe
  C:\Windows\System\GGJkucw.exe
  2⤵
  PID:14120
- C:\Windows\System\LyDtBuB.exe
  C:\Windows\System\LyDtBuB.exe
  2⤵
  PID:14148
- C:\Windows\System\ZBhTRDk.exe
  C:\Windows\System\ZBhTRDk.exe
  2⤵
  PID:14172
- C:\Windows\System\pUHmMHn.exe
  C:\Windows\System\pUHmMHn.exe
  2⤵
  PID:14200
- C:\Windows\System\ZTPWgrS.exe
  C:\Windows\System\ZTPWgrS.exe
  2⤵
  PID:14228
- C:\Windows\System\pxQQLGh.exe
  C:\Windows\System\pxQQLGh.exe
  2⤵
  PID:14252
- C:\Windows\System\KixFRAj.exe
  C:\Windows\System\KixFRAj.exe
  2⤵
  PID:14272
- C:\Windows\System\zzeDNgO.exe
  C:\Windows\System\zzeDNgO.exe
  2⤵
  PID:14304
- C:\Windows\System\KvgnuwH.exe
  C:\Windows\System\KvgnuwH.exe
  2⤵
  PID:14328
- C:\Windows\System\NXDFpwh.exe
  C:\Windows\System\NXDFpwh.exe
  2⤵
  PID:13072
- C:\Windows\System\xTyXxPe.exe
  C:\Windows\System\xTyXxPe.exe
  2⤵
  PID:12968
- C:\Windows\System\rpzNUAP.exe
  C:\Windows\System\rpzNUAP.exe
  2⤵
  PID:12836
- C:\Windows\System\iFvlUhy.exe
  C:\Windows\System\iFvlUhy.exe
  2⤵
  PID:2020
- C:\Windows\System\REgQDmL.exe
  C:\Windows\System\REgQDmL.exe
  2⤵
  PID:11468
- C:\Windows\System\nGxtWCx.exe
  C:\Windows\System\nGxtWCx.exe
  2⤵
  PID:13400
- C:\Windows\System\ciTkaLL.exe
  C:\Windows\System\ciTkaLL.exe
  2⤵
  PID:13464
- C:\Windows\System\ePwEnlx.exe
  C:\Windows\System\ePwEnlx.exe
  2⤵
  PID:13964
- C:\Windows\System\QGVePBT.exe
  C:\Windows\System\QGVePBT.exe
  2⤵
  PID:14056
- C:\Windows\System\nIoQkAK.exe
  C:\Windows\System\nIoQkAK.exe
  2⤵
  PID:14076
- C:\Windows\System\BrTVOaQ.exe
  C:\Windows\System\BrTVOaQ.exe
  2⤵
  PID:10900
- C:\Windows\System\yXPjbmC.exe
  C:\Windows\System\yXPjbmC.exe
  2⤵
  PID:13984
- C:\Windows\System\YeuFOzc.exe
  C:\Windows\System\YeuFOzc.exe
  2⤵
  PID:14248
- C:\Windows\System\yOyZJgR.exe
  C:\Windows\System\yOyZJgR.exe
  2⤵
  PID:13376
- C:\Windows\System\BcqKQSY.exe
  C:\Windows\System\BcqKQSY.exe
  2⤵
  PID:13152
- C:\Windows\System\cjJTnPm.exe
  C:\Windows\System\cjJTnPm.exe
  2⤵
  PID:13764
- C:\Windows\System\qmkYErw.exe
  C:\Windows\System\qmkYErw.exe
  2⤵
  PID:13900

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BHmVEGG.exe

Filesize
1.7MB

MD5
a75e0dcf6106f2c5f7afc16cce27652c

SHA1
ed0ad322fc71d60cfcb2fb258e0d6504d6f68863

SHA256
64ac6c7e68b9ecbe18520a22ba75fa23725a78a5074038d9efbd85f541613889

SHA512
ccc4fe152c3d0b26463964e9771b724d85d101b7d5e201543c1561ad1423956d245d6a9efa86d7cbf9fe247033ea7b81f40bc14b72fda68a5615c5d2764e58fb

Download Submit
C:\Windows\System\EdtTGqZ.exe

Filesize
1.7MB

MD5
082908df52299d3d309bd981ff8649c0

SHA1
4e1389bc31409de9f9d970aa10fecabf47b52c3c

SHA256
0a94db5e4f74e0ed514412dc18916b77ad5e82f28c10be8e575ee87e30506c42

SHA512
2a3d0e4148116d402f67f5e1f3b3ce70789ad8372fea00718e9fea71c4b7050467277097a4618261e004a9abb58f6e7892a1b1c1c4a05d9b430d25b60d700562

Download Submit
C:\Windows\System\GHkQoOj.exe

Filesize
1.7MB

MD5
09d35ab6020eb3aa3dd9e58e7b014367

SHA1
4dabce3fdce64098e99c4ea57d29529d3f2fc813

SHA256
bd20eb9be51ccad749955c8a773b965a7fea50cc985813ac5a042e9c7b70db10

SHA512
3c6ab312c3a9c110024f083bc59a7e6ac5e74acd5c6c37533631f2db9e6b8701e649f13d41edbe16dec1d44f028342f1f286a63d72d25db554c592ed5180cc48

Download Submit
C:\Windows\System\HmeVLJv.exe

Filesize
1.7MB

MD5
97056ec4fdcd9354566712261b5b66d7

SHA1
9c373f3367a930aaa60adda071d414fa4ace550b

SHA256
006fdfe1b13f106139f88b4d56f8742851ec6c4f3de99b132541cb1eecd5c399

SHA512
ff0fc70457f872cda592a6342b458389e464a38e744abc2022384553fe27064ad5306044c79f1c373cce5be19c9f6175934f7462c274bee43587d172f88114b3

Download Submit
C:\Windows\System\IVifIUp.exe

Filesize
1.7MB

MD5
2c921fbf8663270308f919ba5f6f36da

SHA1
2a1410db05b0f0e1fa8108541c9119511cee5900

SHA256
cddc321219e4b2c49788a10de40e8d0a132d7de41dbf1bfb4f4f3bb53f57fadb

SHA512
1d1227740b4eb0f9d3c9bbed40942ebed41788c8384f9a5d078ca413e207f13e49810075a720be772b3bc23e22263f7e02b3273643c656cd2d704525296a22e4

Download Submit
C:\Windows\System\IpgXdER.exe

Filesize
1.7MB

MD5
266bc831a79ce73b7cf6c64e8f9073ca

SHA1
2723ffed5664ba4751d1297a59b37aceb6db5f08

SHA256
ab38b52e9cb816f5d93310c2d1f43c934cff1d333b9c6788e5dffcb9d436282d

SHA512
adedbd9c039acac9bc09d476c5c5abe542a9a9d096ffda05d75b9148bf8ad82970fd40f5ceb063f225024717dac2d15a9f5f2e9f90007164603672cf8df569db

Download Submit
C:\Windows\System\JaXRXeU.exe

Filesize
1.7MB

MD5
91808feb6958dde9a0eb7bd2377322b3

SHA1
b17ffaa144b7ae6edd04a55a5e8cf71d31bcdd5c

SHA256
1431033ceec73bc85c31ab8ca54a2e1006d914c6f09f21418c12ec9ac9e18aea

SHA512
beee68565e74494b9ab009cf6c7026a04a6cf214cc5b89892731ba3b6be1d9a6e8abdc71351c07dc4093b6531d22773434bc8204fa333361e68732cfc9adde48

Download Submit
C:\Windows\System\JtEdKoK.exe

Filesize
1.7MB

MD5
25f4fbbc02ca2a80a6cdd30a1bc65c62

SHA1
2735f0c4e41b3b385943d3913265f46481845fa7

SHA256
482b2f7e9ef0aaf80aa391721ff6b9abea0599ab1194330fb4e848cc20cdc177

SHA512
0c4d33c00c372a5666809f7f69c663003b9e77ac8fed6e3ca50ea10ddf16420c20a8879b84d1a2d45eab0842977028db3e4c887a058db3ec8d54f48f6117d4eb

Download Submit
C:\Windows\System\LGhWkJW.exe

Filesize
1.7MB

MD5
d143de163e643216e028c18086d315d6

SHA1
39a52fbc00b2ed98280ec1fcac38d7bccbe66272

SHA256
ac8edb0168f7ba7febeac9057236bec4330bf2b4b467fe8328d1f4dd9cf2ef57

SHA512
8aabbf40ae446be7be4152464a0b9f43a360b9e61976dd82c7418820b91d1871c747e3f35f5ed3eb34bb6a127b4612a41158b6d5e0006f5362e52079205e13b5

Download Submit
C:\Windows\System\MQWekAJ.exe

Filesize
1.7MB

MD5
95bc57c3a9c660d4fedffdfa31f741aa

SHA1
4defa88ba50de8e6c6a75696e31dc16cdff79208

SHA256
d30c770025e4140e9e8cccee19abfa671e189a69d464fad21d4c9ca41a339b8a

SHA512
17d8ae2f05b56795133e765dd0bc139e91a0f5a10d5f73bba9e0c4551deefc1151a25298d3e18b84c5656373c7c668cf0507f05c02ccf5293f218100db96bd72

Download Submit
C:\Windows\System\PGUjNXt.exe

Filesize
1.7MB

MD5
aaf80afe045c553a6a98a8184d0bfd02

SHA1
7547eac782ac3e514876feae7cfd4e69a37632e1

SHA256
505d01f9895e7c69d0c0dc0cda1b0b97fcc46117a9e959d94923900a53edfa5f

SHA512
dba40695c1567d4278529b8fcf2551587a46d820397a6b0e7e6d22857fe18987a512958061f050cf132342abfc7737e8ddef4f6973761562d03f810940d8ea1a

Download Submit
C:\Windows\System\SeMUgUi.exe

Filesize
1.7MB

MD5
986d58ed196eae8bd6827f17402d5a07

SHA1
f519cfd7fe4b3011578cf41d4195dc8cb6d72e19

SHA256
2fd6ad04ed72bc74f0d551fd383a557c9ce200485f609542a975be19550c19d5

SHA512
a0acb732eabc854aaf2d69cf210d9f6600f33216479e91735073e8f20e7c5301a3ccd8cff65fd2df1a9ece869e5aeab3ed867d006ba9c6b8dc0264fae07fd9aa

Download Submit
C:\Windows\System\XRAZLYg.exe

Filesize
1.7MB

MD5
a4e0b021d14110bede46d8f14a8bb3a6

SHA1
4297de536d1d7df641443c08e23374c3c4347144

SHA256
cfd997fc1c318ac1574c0859963ef4cff4bf47d496880acc370e59a024018eb7

SHA512
67515795039372e23fa6fac26c7a0aaf9ecad7c823397df8b4e8f632c8e03e1d2a70dc8f48f274a65116c4e45e0f599bdb83b8f751a13eacb6098b6eaef2ed45

Download Submit
C:\Windows\System\ZWyrLzx.exe

Filesize
1.7MB

MD5
b36d4101b22bd333c68cfd0ac7129b30

SHA1
c3f716a45d6c07fe4e2332a8ff23ace75079002d

SHA256
fa1e28dfe9cc777464ab6a990bbd652c4e6fe119c1e13da6b174ae427bac9fe1

SHA512
375704f70a73b06c421fe4730db331ac8a9eac9b30b5d8a74d67a8d1fa4b90fd10cce0f62780d7c7bdfa8d78cf1575990e157e81ff3dc87d4bbaabc1b767c858

Download Submit
C:\Windows\System\axOkRZL.exe

Filesize
1.7MB

MD5
22579e97e0030d473191ca9c89911984

SHA1
eef8b9ec9929457c3d6bb4566a4a5e1548c1e521

SHA256
7001ad989584b90a879d71ebb36f2de85a7a5cf9d06b6dc66a24489a4ac3d738

SHA512
affcb09cc81cf70fc78016c2433879ad20afd38de7ae99cdc73487c2599c4092e2a56f3ee4b6db1b015414cb40e4e0f0ac426d06eaf74dc39a647cd8cbbc935c

Download Submit
C:\Windows\System\cTrUUxp.exe

Filesize
1.7MB

MD5
a50caa535d45db3a1f7f85a969d7de21

SHA1
6f21cda0658c9b6950668263fd7a20616e012064

SHA256
b5ed1d132f4c8198de7dd11adef5496002583fbb85cef6ee393d43bd6152427f

SHA512
2c5ece957e29c28f78dcb6fb8009dd496cb86e51c7f78036e5e9eefc46b567a678f7323eaceb0a0e5dbbd7c6e1789d628d3acc8754646668be4dd82bc26a8c49

Download Submit
C:\Windows\System\dImNrlp.exe

Filesize
1.7MB

MD5
f93a2445d677cab64efb020d102207ec

SHA1
674eb0e78f5b8de7b5b3c32a2903555e21801a9c

SHA256
411b10897359d3dd03182e7e4dca59b2e7bfe5908c9f810572764525f55a551b

SHA512
1ff252835c34468286d7a4528173c20d2b4f585a3d453060e4d1b894eeedeb18aaa4d19b31fb0f19343eaab06902a21063d83d237fa036bda7066f18e0fd9893

Download Submit
C:\Windows\System\dShcPnF.exe

Filesize
1.7MB

MD5
177d09bc963655211c887bad1108fb41

SHA1
da06d017f0cc585b1ae135d939c1eb43371b9cc7

SHA256
aeb2d1b0ef4254cfb9be988b0ade5d3551bf3a1ad2305981d9fe647a48c2d0e0

SHA512
eee8b8e632731aa414a66204058cb094e5f2e61c4db858ff2efacd5d42265dc3891b003b2c97674063ebfd276af759eb2c509aaedad85a73f648fa60f4ffc3ff

Download Submit
C:\Windows\System\dehUwdR.exe

Filesize
1.7MB

MD5
7d9b00cd2d60b43ba699fecbe63673de

SHA1
c0529d4b89d7a26d85eccf9e0ed880b54422aea1

SHA256
bfb0dc294c0912ca9cef12c89e689066bf5f43e2278542fe6449d41855a0f0e3

SHA512
7bd6a3401079828014abaf8e69f4de2982387a3c95df4837e74e69ad0ef91b0d8ce41a3296e18ff6e8f47c587685b5c5f83cd65b30197060e06c28e6e71eaad8

Download Submit
C:\Windows\System\efllSdn.exe

Filesize
1.7MB

MD5
417d5826ca63952ae253710e15a16339

SHA1
6ed48a36ecf1787a023076a97108eed1cf0c5b08

SHA256
1dea791d85db994d118618917043e4a27d49901d8915f898bc84676355acffd8

SHA512
5ef3ba1dc6557ef100e32ab67867481153f170e1e41d7ac29535a3c54fcd2e577017a21493a79e2397e082d36b3afa9b8327cf99394647bdd76fb6022461fc37

Download Submit
C:\Windows\System\fCPDqvt.exe

Filesize
1.7MB

MD5
14969213b1a067ae431f2b6c314cfa96

SHA1
d513e5426618ed184667a2cecbc768ff130a2fdd

SHA256
ae73617b724f4c516c174f638f6277ae7e9cae26fef64d7f90cf5c4f5403dc13

SHA512
3d7e5bd5e68467677aeb39508f42399039fe849e82b6b75c4b73867293b6dd512e9e0639e48313346bb7df5ae46d03fb1052f34552b1aad55528a9cdfd7d74a2

Download Submit
C:\Windows\System\gjgwggq.exe

Filesize
1.7MB

MD5
cbcd40ef463f225efb585712a699ca05

SHA1
97869ddf85decf83873543a47a8025a818b9461e

SHA256
6c933e63ae0b74554fae2e3b95828f781b21697d49f5c68e29ad28fcf715d13a

SHA512
b27a14447fe96cb20de1133b58e10064ded60adbef3dd1ae1a211d67e005109a13c7873347ceddcc88a3cb5f03d520e6e45edceab634936c110ae4257c181dac

Download Submit
C:\Windows\System\ihOQmRz.exe

Filesize
1.7MB

MD5
08623a95e85e02dcf6f0ca73e51b561d

SHA1
6401eebaa5c886a38ac91e75a5323bc82e34a4e8

SHA256
b283b7f61b615a722251f6ed72ac935ddf91d90418caef65303499b8a78dc595

SHA512
348065de915d1b2f3060ecc4961e69304a52338844c44712efb402848c9b67a408a24685b316fe099956be2e5429a2d5b92e26a3189a2ee8407d3bbffdf299fc

Download Submit
C:\Windows\System\mBDihcy.exe

Filesize
1.7MB

MD5
20c99cae7d2bd3f1b426cbe239273cd8

SHA1
d81b0cdf093637b93254cb99c3ca9e81c6259866

SHA256
db39aa3cdcd7a0b5fddc184f46f8820a5c537eca3377bfdc042cabc644e39e2b

SHA512
8c7db342f9e0b408b083204ae51d4ffcde7b7425b2302987f70db97d838cf1f937f059bda1b212f11a64c90c08cf169a82ac793805fb83a1d4c98f9c970bd597

Download Submit
C:\Windows\System\mzMAMjr.exe

Filesize
1.7MB

MD5
7b0c80943d44943f589ad954aae4e06f

SHA1
c952ab6d9ea49d3d5cbc9c32f0fb8227ae175fe9

SHA256
9661f0b841138a7df765693a4cec11c05373cc23dfcae28a2dd9469bba1036be

SHA512
678eedfcf530068db0980b8fdebc5af98ad5d78e866fe6b836ae2a33cee2f6a40e88440b1dc2e476cc9f3b09584723c32f6c42e02d179a80b6182ce07d425dd9

Download Submit
C:\Windows\System\nOJFAeE.exe

Filesize
1.7MB

MD5
2a0f452b238deca81ce6a12e767a374d

SHA1
ed915038baa411232c1dd0062c017d082b175a23

SHA256
d28fc94796537c3dd9ee2cbee22238fba51ca785f4b0964bde0e0cc3e73344ed

SHA512
c7600eb8aac2bd94ac25fc6447ee6f0122eb243ac79a71db446cf50d4c25564ec7290dfd5613709f0ef286d70cbfaf5550c555cd5f4bb4396824728e635c0493

Download Submit
C:\Windows\System\nQmoslL.exe

Filesize
1.7MB

MD5
4a4ebbd30e6905d3aef1f7a2d611ba09

SHA1
1435b2c7ed5d3465aa0d063039300ed5e8e87a81

SHA256
3fe486736278ef4a8706b108e44e7756c2b9d7eda5f606e557c52d4ab43ff8f1

SHA512
762f8d5d5946414273101445b2190935a0de3bba857e1ea298dbb73cb385ef345fe10436f0ef51974fe33862986c762cb58f20757181d134cd3b3df0ac0c75e3

Download Submit
C:\Windows\System\nwoJyHi.exe

Filesize
1.7MB

MD5
4c0211042f8915f7b3f15c31d634fe5c

SHA1
976ddc3ca30242edf97e1a10f24567eab8418d12

SHA256
8b7585243daff138770f52eed7182b1d924377cbde1dbfb54105b511646553e5

SHA512
156351a7c450f3dc27a556ea3ebcd44f71c072b0a0ca2d1d55d00a2d5694df2ca1d89f1e4adba021fa9a1f041d4ca7ff801c0335a16d01c1ef831abf0fdd4bb7

Download Submit
C:\Windows\System\oyaLLia.exe

Filesize
1.7MB

MD5
f625fd94da8fda481360452f8c173a4f

SHA1
c793aeae5abdaf2b1883fdd6739efe1553f0675a

SHA256
10771907fc1583b9a60cfaafb47bcf02ba309dea5a07041052b5e20b1f8f24b1

SHA512
4d409830ad1c717622b49ac978be95c92edf4845c0f9fb0654679a1c7af311d18ef398f1604b38422d52faf47231f5de0cba055258e9cea4645f490451f3cfaf

Download Submit
C:\Windows\System\paHdbSo.exe

Filesize
1.7MB

MD5
e85f9bdcf257628f3f48bbcb962242bd

SHA1
f77c6eeac43a0b7bb246d2b9f09ae60496c55e4d

SHA256
77ec7d3a5756c6e213a37af3495d8fcc7538b744d353f7199120c2356054467f

SHA512
71b6267808c921caf8a33d777216722384a1de6c8f094534ed19602735c2d2f117b9c3a780f025a53382637d7b7c1526e40a9f4a6ba354bf3fafd825ec8c5da3

Download Submit
C:\Windows\System\tRupDTK.exe

Filesize
1.7MB

MD5
1801ca4e4ddc05e20662dc1e0b4f9610

SHA1
0d5095c01694dd7851c4b08cb5a0d9efc0525868

SHA256
2efbb1eac637fde5261608babc398ecbd2a7b5dba1a3f02d2b8b2178da5db87f

SHA512
aa8b2b9f38d8cd427e6e7cf4120dbcd16ab2c92d4276718fdb1c64f1ea980390e129588d34cb9654ac542708de4b21586d38882868dddb67f438cbe70efbc185

Download Submit
C:\Windows\System\uBiIOUz.exe

Filesize
1.7MB

MD5
93ab588f69c00bde726e003a7784417f

SHA1
f569784a0e0eac8123ab59ec1a5fdc286b708f16

SHA256
0ba0725dddbae2f787926fdd9f5c5cb8fc858dbe9f655a30435d0f1766076a02

SHA512
5d4896f9d29ccb577ad4d80b465f32043788735ff58e36e02426b987b1498ef3ea5c4d25c0a03979a1d0aadbffea8f70b79c6112b5ae40e00170c89e4be5682a

Download Submit
C:\Windows\System\wKfxRFu.exe

Filesize
1.7MB

MD5
3aae0ae7fa9804ffe37a6a852658035b

SHA1
f49d94ce17bd0f8a327290dbd0aa00dde0ab48e4

SHA256
8f11739aa644a1de366ded22eb827e0e130b60dbd6248d2a3437704c5ee49f3a

SHA512
4b96308f5f37b66506a96e3100f6a81085f097db7293d6c4d33c76e4ed7dd857671d0c454687cc717d19a2e3d2e3582f128e5a84d6781c2012dfaefbc162884c

Download Submit
C:\Windows\System\xiRsJUX.exe

Filesize
1.7MB

MD5
efa5f40c2ee0db03f98bd52b44e7144c

SHA1
cee0a25c3e17d8b0990445932ea5386dc99bba49

SHA256
493eaf025057f951534a8782ec83140304c5b184c4a111213da7d84b88559e58

SHA512
af8c2a2a8b2aba975df1eaa4c84e1ba5948a5b736013db32e79879ded8b487c26d4f11d02cc47a5c8c8bfc269a1323bf68ae99a5ceef4411ff53d9876934777c

Download Submit
memory/232-1-0x000001C549390000-0x000001C5493A0000-memory.dmp

Filesize
64KB

Download
memory/232-0-0x00007FF795FC0000-0x00007FF796314000-memory.dmp

Filesize
3.3MB

Download
memory/232-2159-0x00007FF795FC0000-0x00007FF796314000-memory.dmp

Filesize
3.3MB

Download
memory/552-2176-0x00007FF792630000-0x00007FF792984000-memory.dmp

Filesize
3.3MB

Download
memory/552-178-0x00007FF792630000-0x00007FF792984000-memory.dmp

Filesize
3.3MB

Download
memory/732-181-0x00007FF6DE770000-0x00007FF6DEAC4000-memory.dmp

Filesize
3.3MB

Download
memory/732-2178-0x00007FF6DE770000-0x00007FF6DEAC4000-memory.dmp

Filesize
3.3MB

Download
memory/832-2163-0x00007FF6C6450000-0x00007FF6C67A4000-memory.dmp

Filesize
3.3MB

Download
memory/832-2160-0x00007FF6C6450000-0x00007FF6C67A4000-memory.dmp

Filesize
3.3MB

Download
memory/832-12-0x00007FF6C6450000-0x00007FF6C67A4000-memory.dmp

Filesize
3.3MB

Download
memory/932-2172-0x00007FF7A6BE0000-0x00007FF7A6F34000-memory.dmp

Filesize
3.3MB

Download
memory/932-170-0x00007FF7A6BE0000-0x00007FF7A6F34000-memory.dmp

Filesize
3.3MB

Download
memory/968-2177-0x00007FF6C2720000-0x00007FF6C2A74000-memory.dmp

Filesize
3.3MB

Download
memory/968-179-0x00007FF6C2720000-0x00007FF6C2A74000-memory.dmp

Filesize
3.3MB

Download
memory/1368-171-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-2174-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-2187-0x00007FF644460000-0x00007FF6447B4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-194-0x00007FF644460000-0x00007FF6447B4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-182-0x00007FF7CE180000-0x00007FF7CE4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2183-0x00007FF7CE180000-0x00007FF7CE4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2180-0x00007FF639400000-0x00007FF639754000-memory.dmp

Filesize
3.3MB

Download
memory/1996-184-0x00007FF639400000-0x00007FF639754000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2173-0x00007FF7496F0000-0x00007FF749A44000-memory.dmp

Filesize
3.3MB

Download
memory/2012-177-0x00007FF7496F0000-0x00007FF749A44000-memory.dmp

Filesize
3.3MB

Download
memory/2080-183-0x00007FF743FD0000-0x00007FF744324000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2179-0x00007FF743FD0000-0x00007FF744324000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2169-0x00007FF795E10000-0x00007FF796164000-memory.dmp

Filesize
3.3MB

Download
memory/2204-180-0x00007FF795E10000-0x00007FF796164000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2191-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp

Filesize
3.3MB

Download
memory/2264-197-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp

Filesize
3.3MB

Download
memory/2308-31-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2161-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2164-0x00007FF7138C0000-0x00007FF713C14000-memory.dmp

Filesize
3.3MB

Download
memory/2396-185-0x00007FF7662E0000-0x00007FF766634000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2182-0x00007FF7662E0000-0x00007FF766634000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2184-0x00007FF641D00000-0x00007FF642054000-memory.dmp

Filesize
3.3MB

Download
memory/2544-190-0x00007FF641D00000-0x00007FF642054000-memory.dmp

Filesize
3.3MB

Download
memory/2944-157-0x00007FF633330000-0x00007FF633684000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2171-0x00007FF633330000-0x00007FF633684000-memory.dmp

Filesize
3.3MB

Download
memory/3036-186-0x00007FF6E1910000-0x00007FF6E1C64000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2175-0x00007FF6E1910000-0x00007FF6E1C64000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2162-0x00007FF7A1F40000-0x00007FF7A2294000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2166-0x00007FF7A1F40000-0x00007FF7A2294000-memory.dmp

Filesize
3.3MB

Download
memory/3412-124-0x00007FF7A1F40000-0x00007FF7A2294000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2165-0x00007FF7CF710000-0x00007FF7CFA64000-memory.dmp

Filesize
3.3MB

Download
memory/3636-195-0x00007FF7CF710000-0x00007FF7CFA64000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2167-0x00007FF7DCAE0000-0x00007FF7DCE34000-memory.dmp

Filesize
3.3MB

Download
memory/3712-146-0x00007FF7DCAE0000-0x00007FF7DCE34000-memory.dmp

Filesize
3.3MB

Download
memory/3772-2168-0x00007FF75B8D0000-0x00007FF75BC24000-memory.dmp

Filesize
3.3MB

Download
memory/3772-176-0x00007FF75B8D0000-0x00007FF75BC24000-memory.dmp

Filesize
3.3MB

Download
memory/3964-189-0x00007FF662250000-0x00007FF6625A4000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2185-0x00007FF662250000-0x00007FF6625A4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2189-0x00007FF65A620000-0x00007FF65A974000-memory.dmp

Filesize
3.3MB

Download
memory/4192-192-0x00007FF65A620000-0x00007FF65A974000-memory.dmp

Filesize
3.3MB

Download
memory/4480-2170-0x00007FF602560000-0x00007FF6028B4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-196-0x00007FF602560000-0x00007FF6028B4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-187-0x00007FF764290000-0x00007FF7645E4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2181-0x00007FF764290000-0x00007FF7645E4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-193-0x00007FF6A89F0000-0x00007FF6A8D44000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2188-0x00007FF6A89F0000-0x00007FF6A8D44000-memory.dmp

Filesize
3.3MB

Download
memory/5064-191-0x00007FF6D6810000-0x00007FF6D6B64000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2190-0x00007FF6D6810000-0x00007FF6D6B64000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2186-0x00007FF745B50000-0x00007FF745EA4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-188-0x00007FF745B50000-0x00007FF745EA4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads