xmrig | 14bcae0a95c7de1e0173596146bb0d91dbe22ba93c2be16c7b86745271df6330

Analysis

max time kernel
100s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
Size

2.7MB
MD5

bf268f1c0b126d281fc4749c7a8686a0
SHA1

0239797abe5d7f20910692cf5289515780fc278d
SHA256

14bcae0a95c7de1e0173596146bb0d91dbe22ba93c2be16c7b86745271df6330
SHA512

3dece6bda436a1b3dd56139bf03d9beb18cf838ddf9ec0916d5eda817d9d6f9c7e2e5887d7a420179afc1df15c92779a2a2876e0c4f4f249e053e60936aa568f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD53SUDuFEsOn0:BemTLkNdfE0pZrZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2960-0-0x00007FF717A30000-0x00007FF717D84000-memory.dmp	xmrig
behavioral2/files/0x00060000000232a4-5.dat	xmrig
behavioral2/files/0x0007000000023415-7.dat	xmrig
behavioral2/memory/3456-8-0x00007FF68C460000-0x00007FF68C7B4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023408-11.dat	xmrig
behavioral2/memory/404-18-0x00007FF68FA20000-0x00007FF68FD74000-memory.dmp	xmrig
behavioral2/memory/632-12-0x00007FF791AF0000-0x00007FF791E44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-23.dat	xmrig
behavioral2/files/0x000900000002340e-30.dat	xmrig
behavioral2/files/0x0007000000023417-32.dat	xmrig
behavioral2/memory/1388-33-0x00007FF64BD40000-0x00007FF64C094000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-44.dat	xmrig
behavioral2/files/0x0007000000023418-47.dat	xmrig
behavioral2/memory/4216-41-0x00007FF798030000-0x00007FF798384000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-75.dat	xmrig
behavioral2/files/0x0007000000023421-90.dat	xmrig
behavioral2/files/0x0007000000023423-100.dat	xmrig
behavioral2/files/0x0007000000023428-121.dat	xmrig
behavioral2/files/0x000700000002342a-134.dat	xmrig
behavioral2/files/0x000700000002342e-149.dat	xmrig
behavioral2/files/0x000700000002342f-160.dat	xmrig
behavioral2/memory/3840-711-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp	xmrig
behavioral2/memory/888-712-0x00007FF75F9C0000-0x00007FF75FD14000-memory.dmp	xmrig
behavioral2/memory/2892-713-0x00007FF7F94C0000-0x00007FF7F9814000-memory.dmp	xmrig
behavioral2/memory/4884-714-0x00007FF6D8330000-0x00007FF6D8684000-memory.dmp	xmrig
behavioral2/memory/3068-729-0x00007FF6268B0000-0x00007FF626C04000-memory.dmp	xmrig
behavioral2/memory/380-745-0x00007FF71D8C0000-0x00007FF71DC14000-memory.dmp	xmrig
behavioral2/memory/3864-748-0x00007FF6A4800000-0x00007FF6A4B54000-memory.dmp	xmrig
behavioral2/memory/4456-756-0x00007FF732680000-0x00007FF7329D4000-memory.dmp	xmrig
behavioral2/memory/4416-754-0x00007FF6D34F0000-0x00007FF6D3844000-memory.dmp	xmrig
behavioral2/memory/3260-764-0x00007FF667180000-0x00007FF6674D4000-memory.dmp	xmrig
behavioral2/memory/520-767-0x00007FF6D1320000-0x00007FF6D1674000-memory.dmp	xmrig
behavioral2/memory/1724-769-0x00007FF67C8F0000-0x00007FF67CC44000-memory.dmp	xmrig
behavioral2/memory/1632-771-0x00007FF79E160000-0x00007FF79E4B4000-memory.dmp	xmrig
behavioral2/memory/1088-775-0x00007FF6F6D20000-0x00007FF6F7074000-memory.dmp	xmrig
behavioral2/memory/2140-777-0x00007FF78A100000-0x00007FF78A454000-memory.dmp	xmrig
behavioral2/memory/4044-776-0x00007FF6E3910000-0x00007FF6E3C64000-memory.dmp	xmrig
behavioral2/memory/4160-768-0x00007FF7E4010000-0x00007FF7E4364000-memory.dmp	xmrig
behavioral2/memory/760-763-0x00007FF73D7D0000-0x00007FF73DB24000-memory.dmp	xmrig
behavioral2/memory/5088-741-0x00007FF6FADE0000-0x00007FF6FB134000-memory.dmp	xmrig
behavioral2/memory/3720-737-0x00007FF7ADD90000-0x00007FF7AE0E4000-memory.dmp	xmrig
behavioral2/memory/1972-733-0x00007FF6111F0000-0x00007FF611544000-memory.dmp	xmrig
behavioral2/memory/4700-723-0x00007FF797F80000-0x00007FF7982D4000-memory.dmp	xmrig
behavioral2/memory/2116-715-0x00007FF6D4330000-0x00007FF6D4684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-169.dat	xmrig
behavioral2/files/0x0007000000023430-165.dat	xmrig
behavioral2/files/0x0007000000023431-164.dat	xmrig
behavioral2/files/0x000700000002342d-150.dat	xmrig
behavioral2/files/0x000700000002342c-145.dat	xmrig
behavioral2/files/0x000700000002342b-140.dat	xmrig
behavioral2/files/0x0007000000023429-130.dat	xmrig
behavioral2/files/0x0007000000023427-119.dat	xmrig
behavioral2/files/0x0007000000023426-115.dat	xmrig
behavioral2/files/0x0007000000023425-109.dat	xmrig
behavioral2/files/0x0007000000023424-105.dat	xmrig
behavioral2/files/0x0007000000023422-94.dat	xmrig
behavioral2/files/0x0007000000023420-85.dat	xmrig
behavioral2/files/0x000700000002341f-79.dat	xmrig
behavioral2/files/0x000700000002341d-70.dat	xmrig
behavioral2/files/0x000700000002341c-64.dat	xmrig
behavioral2/files/0x000700000002341b-60.dat	xmrig
behavioral2/files/0x000700000002341a-54.dat	xmrig
behavioral2/memory/5032-38-0x00007FF69C170000-0x00007FF69C4C4000-memory.dmp	xmrig
behavioral2/memory/2960-1888-0x00007FF717A30000-0x00007FF717D84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3456	knTelYm.exe
632	uVaWDlp.exe
404	yINMsfa.exe
1388	cPynStG.exe
5032	kNWHTTC.exe
4216	IAyxcDU.exe
3840	HbwOsrc.exe
888	zHBgXfy.exe
2892	tBWKQdB.exe
4884	xZsjSwx.exe
2116	OeyupJk.exe
4700	YsBfriM.exe
3068	dLMXaFv.exe
1972	gxeJJYk.exe
3720	ghMBgOS.exe
5088	QyoajHa.exe
380	RMjaezW.exe
3864	cOqsEhb.exe
4416	ZZhxSbc.exe
4456	jJlJadT.exe
760	yusxTvf.exe
3260	AQySmvP.exe
520	QmEcxhi.exe
4160	btQJjyj.exe
1724	OtGcjoR.exe
1632	wGEXuiy.exe
1088	tCAEwsv.exe
4044	AKZOjgu.exe
2140	nUNTdLT.exe
1908	nGmrXFA.exe
2592	WgLiAoF.exe
4424	YzpbHkz.exe
2532	IKdCSTg.exe
4832	oAkHVzu.exe
4380	BWPOsZm.exe
1300	wvgfLkM.exe
3540	kppPshK.exe
2360	JJiWees.exe
5036	PKQDVDF.exe
2900	xxObqxU.exe
1836	WRlQgvP.exe
2416	qPSBCBK.exe
4312	fcWXgSv.exe
2980	MGxkHsB.exe
2412	UtCFOdO.exe
1404	gbwvTxR.exe
4468	XflnHan.exe
1420	xdJMlNG.exe
3376	AeajWsn.exe
1776	FvXsNkk.exe
3356	QKvffXr.exe
3796	Xgtlzdh.exe
1484	YfQwhJW.exe
1540	pcOIjwu.exe
732	ebmNlWm.exe
1828	wRSOdBw.exe
4960	HiKKqqv.exe
3636	FsaGaOZ.exe
4984	vcDSQkI.exe
4260	xcXTjVK.exe
4732	ufaAxEw.exe
1444	wabzzVn.exe
1040	wLyynqR.exe
4120	XeDqqqe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2960-0-0x00007FF717A30000-0x00007FF717D84000-memory.dmp	upx
behavioral2/files/0x00060000000232a4-5.dat	upx
behavioral2/files/0x0007000000023415-7.dat	upx
behavioral2/memory/3456-8-0x00007FF68C460000-0x00007FF68C7B4000-memory.dmp	upx
behavioral2/files/0x0009000000023408-11.dat	upx
behavioral2/memory/404-18-0x00007FF68FA20000-0x00007FF68FD74000-memory.dmp	upx
behavioral2/memory/632-12-0x00007FF791AF0000-0x00007FF791E44000-memory.dmp	upx
behavioral2/files/0x0007000000023416-23.dat	upx
behavioral2/files/0x000900000002340e-30.dat	upx
behavioral2/files/0x0007000000023417-32.dat	upx
behavioral2/memory/1388-33-0x00007FF64BD40000-0x00007FF64C094000-memory.dmp	upx
behavioral2/files/0x0007000000023419-44.dat	upx
behavioral2/files/0x0007000000023418-47.dat	upx
behavioral2/memory/4216-41-0x00007FF798030000-0x00007FF798384000-memory.dmp	upx
behavioral2/files/0x000700000002341e-75.dat	upx
behavioral2/files/0x0007000000023421-90.dat	upx
behavioral2/files/0x0007000000023423-100.dat	upx
behavioral2/files/0x0007000000023428-121.dat	upx
behavioral2/files/0x000700000002342a-134.dat	upx
behavioral2/files/0x000700000002342e-149.dat	upx
behavioral2/files/0x000700000002342f-160.dat	upx
behavioral2/memory/3840-711-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp	upx
behavioral2/memory/888-712-0x00007FF75F9C0000-0x00007FF75FD14000-memory.dmp	upx
behavioral2/memory/2892-713-0x00007FF7F94C0000-0x00007FF7F9814000-memory.dmp	upx
behavioral2/memory/4884-714-0x00007FF6D8330000-0x00007FF6D8684000-memory.dmp	upx
behavioral2/memory/3068-729-0x00007FF6268B0000-0x00007FF626C04000-memory.dmp	upx
behavioral2/memory/380-745-0x00007FF71D8C0000-0x00007FF71DC14000-memory.dmp	upx
behavioral2/memory/3864-748-0x00007FF6A4800000-0x00007FF6A4B54000-memory.dmp	upx
behavioral2/memory/4456-756-0x00007FF732680000-0x00007FF7329D4000-memory.dmp	upx
behavioral2/memory/4416-754-0x00007FF6D34F0000-0x00007FF6D3844000-memory.dmp	upx
behavioral2/memory/3260-764-0x00007FF667180000-0x00007FF6674D4000-memory.dmp	upx
behavioral2/memory/520-767-0x00007FF6D1320000-0x00007FF6D1674000-memory.dmp	upx
behavioral2/memory/1724-769-0x00007FF67C8F0000-0x00007FF67CC44000-memory.dmp	upx
behavioral2/memory/1632-771-0x00007FF79E160000-0x00007FF79E4B4000-memory.dmp	upx
behavioral2/memory/1088-775-0x00007FF6F6D20000-0x00007FF6F7074000-memory.dmp	upx
behavioral2/memory/2140-777-0x00007FF78A100000-0x00007FF78A454000-memory.dmp	upx
behavioral2/memory/4044-776-0x00007FF6E3910000-0x00007FF6E3C64000-memory.dmp	upx
behavioral2/memory/4160-768-0x00007FF7E4010000-0x00007FF7E4364000-memory.dmp	upx
behavioral2/memory/760-763-0x00007FF73D7D0000-0x00007FF73DB24000-memory.dmp	upx
behavioral2/memory/5088-741-0x00007FF6FADE0000-0x00007FF6FB134000-memory.dmp	upx
behavioral2/memory/3720-737-0x00007FF7ADD90000-0x00007FF7AE0E4000-memory.dmp	upx
behavioral2/memory/1972-733-0x00007FF6111F0000-0x00007FF611544000-memory.dmp	upx
behavioral2/memory/4700-723-0x00007FF797F80000-0x00007FF7982D4000-memory.dmp	upx
behavioral2/memory/2116-715-0x00007FF6D4330000-0x00007FF6D4684000-memory.dmp	upx
behavioral2/files/0x0007000000023432-169.dat	upx
behavioral2/files/0x0007000000023430-165.dat	upx
behavioral2/files/0x0007000000023431-164.dat	upx
behavioral2/files/0x000700000002342d-150.dat	upx
behavioral2/files/0x000700000002342c-145.dat	upx
behavioral2/files/0x000700000002342b-140.dat	upx
behavioral2/files/0x0007000000023429-130.dat	upx
behavioral2/files/0x0007000000023427-119.dat	upx
behavioral2/files/0x0007000000023426-115.dat	upx
behavioral2/files/0x0007000000023425-109.dat	upx
behavioral2/files/0x0007000000023424-105.dat	upx
behavioral2/files/0x0007000000023422-94.dat	upx
behavioral2/files/0x0007000000023420-85.dat	upx
behavioral2/files/0x000700000002341f-79.dat	upx
behavioral2/files/0x000700000002341d-70.dat	upx
behavioral2/files/0x000700000002341c-64.dat	upx
behavioral2/files/0x000700000002341b-60.dat	upx
behavioral2/files/0x000700000002341a-54.dat	upx
behavioral2/memory/5032-38-0x00007FF69C170000-0x00007FF69C4C4000-memory.dmp	upx
behavioral2/memory/2960-1888-0x00007FF717A30000-0x00007FF717D84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VOxCSoQ.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZqJvEIm.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\lKzecsy.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\PpOEpaj.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\NNpmRyV.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\hqCazZb.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\GEiZGlA.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\pmFRONk.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\tBWKQdB.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZXBfIbl.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\bxejGVe.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\wNziYLI.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\IhIccNQ.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\rMrhYMT.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\sKwvNtq.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\gEOqbPI.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\OViddxF.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\RRMfXFO.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\ebmNlWm.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\FsaGaOZ.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\QwkIJZh.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\bgoHhzd.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\PSenyXP.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\luKCvOY.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\oPLhkcp.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\BDJDCJo.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\nfxvymD.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\CmMQpFl.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\fEFTNKd.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\QyqPxMe.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\JRttfkF.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\yeJTZrm.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\VeQSGAP.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\SjNyuXL.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\jIrYxfT.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\HMHMmji.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\LYcXQwN.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\eFlBErV.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\FbZDMal.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\ufaAxEw.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\jgAefan.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\mrICXbk.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\gqydKOZ.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\GpcTbRJ.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\VhtiKqD.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\dPsAEZs.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\RsTLoCv.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\cPynStG.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\VeCuWzT.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\crnzgGv.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\WovmniI.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\uNOxhGV.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\ewDxtgz.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\NbhhtxN.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\NhvsPvn.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\cOEwxiK.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\Xgtlzdh.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\pcOIjwu.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\oyoJNjD.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\IpoGYRD.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\afVcjgr.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\SkWyLUO.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\wabzzVn.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
File created	C:\Windows\System\JlwYaHX.exe	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1012	dwm.exe
Token: SeChangeNotifyPrivilege	1012	dwm.exe
Token: 33	1012	dwm.exe
Token: SeIncBasePriorityPrivilege	1012	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4032	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 3456	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	83
PID 2960 wrote to memory of 3456	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	83
PID 2960 wrote to memory of 632	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	84
PID 2960 wrote to memory of 632	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	84
PID 2960 wrote to memory of 404	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	85
PID 2960 wrote to memory of 404	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	85
PID 2960 wrote to memory of 1388	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	86
PID 2960 wrote to memory of 1388	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	86
PID 2960 wrote to memory of 5032	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	87
PID 2960 wrote to memory of 5032	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	87
PID 2960 wrote to memory of 4216	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	88
PID 2960 wrote to memory of 4216	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	88
PID 2960 wrote to memory of 888	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	89
PID 2960 wrote to memory of 888	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	89
PID 2960 wrote to memory of 3840	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	90
PID 2960 wrote to memory of 3840	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	90
PID 2960 wrote to memory of 2892	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	91
PID 2960 wrote to memory of 2892	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	91
PID 2960 wrote to memory of 4884	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	92
PID 2960 wrote to memory of 4884	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	92
PID 2960 wrote to memory of 2116	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	93
PID 2960 wrote to memory of 2116	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	93
PID 2960 wrote to memory of 4700	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	94
PID 2960 wrote to memory of 4700	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	94
PID 2960 wrote to memory of 3068	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	95
PID 2960 wrote to memory of 3068	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	95
PID 2960 wrote to memory of 1972	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	96
PID 2960 wrote to memory of 1972	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	96
PID 2960 wrote to memory of 3720	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	97
PID 2960 wrote to memory of 3720	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	97
PID 2960 wrote to memory of 5088	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	98
PID 2960 wrote to memory of 5088	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	98
PID 2960 wrote to memory of 380	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	99
PID 2960 wrote to memory of 380	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	99
PID 2960 wrote to memory of 3864	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	100
PID 2960 wrote to memory of 3864	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	100
PID 2960 wrote to memory of 4416	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	101
PID 2960 wrote to memory of 4416	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	101
PID 2960 wrote to memory of 4456	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	102
PID 2960 wrote to memory of 4456	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	102
PID 2960 wrote to memory of 760	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	103
PID 2960 wrote to memory of 760	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	103
PID 2960 wrote to memory of 3260	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	104
PID 2960 wrote to memory of 3260	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	104
PID 2960 wrote to memory of 520	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	105
PID 2960 wrote to memory of 520	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	105
PID 2960 wrote to memory of 4160	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	106
PID 2960 wrote to memory of 4160	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	106
PID 2960 wrote to memory of 1724	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	107
PID 2960 wrote to memory of 1724	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	107
PID 2960 wrote to memory of 1632	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	108
PID 2960 wrote to memory of 1632	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	108
PID 2960 wrote to memory of 1088	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	109
PID 2960 wrote to memory of 1088	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	109
PID 2960 wrote to memory of 4044	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	110
PID 2960 wrote to memory of 4044	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	110
PID 2960 wrote to memory of 2140	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	111
PID 2960 wrote to memory of 2140	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	111
PID 2960 wrote to memory of 1908	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	112
PID 2960 wrote to memory of 1908	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	112
PID 2960 wrote to memory of 2592	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	113
PID 2960 wrote to memory of 2592	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	113
PID 2960 wrote to memory of 4424	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	114
PID 2960 wrote to memory of 4424	2960	bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bf268f1c0b126d281fc4749c7a8686a0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\System\knTelYm.exe
  C:\Windows\System\knTelYm.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\uVaWDlp.exe
  C:\Windows\System\uVaWDlp.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\yINMsfa.exe
  C:\Windows\System\yINMsfa.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\cPynStG.exe
  C:\Windows\System\cPynStG.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\kNWHTTC.exe
  C:\Windows\System\kNWHTTC.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\IAyxcDU.exe
  C:\Windows\System\IAyxcDU.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\zHBgXfy.exe
  C:\Windows\System\zHBgXfy.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\HbwOsrc.exe
  C:\Windows\System\HbwOsrc.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\tBWKQdB.exe
  C:\Windows\System\tBWKQdB.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\xZsjSwx.exe
  C:\Windows\System\xZsjSwx.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\OeyupJk.exe
  C:\Windows\System\OeyupJk.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\YsBfriM.exe
  C:\Windows\System\YsBfriM.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\dLMXaFv.exe
  C:\Windows\System\dLMXaFv.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\gxeJJYk.exe
  C:\Windows\System\gxeJJYk.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ghMBgOS.exe
  C:\Windows\System\ghMBgOS.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\QyoajHa.exe
  C:\Windows\System\QyoajHa.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\RMjaezW.exe
  C:\Windows\System\RMjaezW.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\cOqsEhb.exe
  C:\Windows\System\cOqsEhb.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\ZZhxSbc.exe
  C:\Windows\System\ZZhxSbc.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\jJlJadT.exe
  C:\Windows\System\jJlJadT.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\yusxTvf.exe
  C:\Windows\System\yusxTvf.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\AQySmvP.exe
  C:\Windows\System\AQySmvP.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\QmEcxhi.exe
  C:\Windows\System\QmEcxhi.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\btQJjyj.exe
  C:\Windows\System\btQJjyj.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\OtGcjoR.exe
  C:\Windows\System\OtGcjoR.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\wGEXuiy.exe
  C:\Windows\System\wGEXuiy.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\tCAEwsv.exe
  C:\Windows\System\tCAEwsv.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\AKZOjgu.exe
  C:\Windows\System\AKZOjgu.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\nUNTdLT.exe
  C:\Windows\System\nUNTdLT.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\nGmrXFA.exe
  C:\Windows\System\nGmrXFA.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\WgLiAoF.exe
  C:\Windows\System\WgLiAoF.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\YzpbHkz.exe
  C:\Windows\System\YzpbHkz.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\IKdCSTg.exe
  C:\Windows\System\IKdCSTg.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\oAkHVzu.exe
  C:\Windows\System\oAkHVzu.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\BWPOsZm.exe
  C:\Windows\System\BWPOsZm.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\wvgfLkM.exe
  C:\Windows\System\wvgfLkM.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\kppPshK.exe
  C:\Windows\System\kppPshK.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\JJiWees.exe
  C:\Windows\System\JJiWees.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\PKQDVDF.exe
  C:\Windows\System\PKQDVDF.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\xxObqxU.exe
  C:\Windows\System\xxObqxU.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\WRlQgvP.exe
  C:\Windows\System\WRlQgvP.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\qPSBCBK.exe
  C:\Windows\System\qPSBCBK.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\fcWXgSv.exe
  C:\Windows\System\fcWXgSv.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\MGxkHsB.exe
  C:\Windows\System\MGxkHsB.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\UtCFOdO.exe
  C:\Windows\System\UtCFOdO.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\gbwvTxR.exe
  C:\Windows\System\gbwvTxR.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\XflnHan.exe
  C:\Windows\System\XflnHan.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\xdJMlNG.exe
  C:\Windows\System\xdJMlNG.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\AeajWsn.exe
  C:\Windows\System\AeajWsn.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\FvXsNkk.exe
  C:\Windows\System\FvXsNkk.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\QKvffXr.exe
  C:\Windows\System\QKvffXr.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\Xgtlzdh.exe
  C:\Windows\System\Xgtlzdh.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\YfQwhJW.exe
  C:\Windows\System\YfQwhJW.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\pcOIjwu.exe
  C:\Windows\System\pcOIjwu.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\ebmNlWm.exe
  C:\Windows\System\ebmNlWm.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\wRSOdBw.exe
  C:\Windows\System\wRSOdBw.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\HiKKqqv.exe
  C:\Windows\System\HiKKqqv.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\FsaGaOZ.exe
  C:\Windows\System\FsaGaOZ.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\vcDSQkI.exe
  C:\Windows\System\vcDSQkI.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\xcXTjVK.exe
  C:\Windows\System\xcXTjVK.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\ufaAxEw.exe
  C:\Windows\System\ufaAxEw.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\wabzzVn.exe
  C:\Windows\System\wabzzVn.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\wLyynqR.exe
  C:\Windows\System\wLyynqR.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\XeDqqqe.exe
  C:\Windows\System\XeDqqqe.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\wfFuObh.exe
  C:\Windows\System\wfFuObh.exe
  2⤵
  PID:1532
- C:\Windows\System\STJTOwl.exe
  C:\Windows\System\STJTOwl.exe
  2⤵
  PID:1092
- C:\Windows\System\PVsTxtG.exe
  C:\Windows\System\PVsTxtG.exe
  2⤵
  PID:3684
- C:\Windows\System\jNosXSO.exe
  C:\Windows\System\jNosXSO.exe
  2⤵
  PID:3600
- C:\Windows\System\fIbZEKh.exe
  C:\Windows\System\fIbZEKh.exe
  2⤵
  PID:3240
- C:\Windows\System\iokrzSf.exe
  C:\Windows\System\iokrzSf.exe
  2⤵
  PID:3304
- C:\Windows\System\hQRJGBC.exe
  C:\Windows\System\hQRJGBC.exe
  2⤵
  PID:924
- C:\Windows\System\BhiuyEB.exe
  C:\Windows\System\BhiuyEB.exe
  2⤵
  PID:1472
- C:\Windows\System\ogzTwOM.exe
  C:\Windows\System\ogzTwOM.exe
  2⤵
  PID:4320
- C:\Windows\System\IWQuYNs.exe
  C:\Windows\System\IWQuYNs.exe
  2⤵
  PID:4972
- C:\Windows\System\ItkuXsx.exe
  C:\Windows\System\ItkuXsx.exe
  2⤵
  PID:4452
- C:\Windows\System\ggXclkX.exe
  C:\Windows\System\ggXclkX.exe
  2⤵
  PID:2268
- C:\Windows\System\oMaVLEl.exe
  C:\Windows\System\oMaVLEl.exe
  2⤵
  PID:3900
- C:\Windows\System\YbaaLBa.exe
  C:\Windows\System\YbaaLBa.exe
  2⤵
  PID:4644
- C:\Windows\System\QwkIJZh.exe
  C:\Windows\System\QwkIJZh.exe
  2⤵
  PID:4772
- C:\Windows\System\QdvxQGS.exe
  C:\Windows\System\QdvxQGS.exe
  2⤵
  PID:5112
- C:\Windows\System\ZXBfIbl.exe
  C:\Windows\System\ZXBfIbl.exe
  2⤵
  PID:1036
- C:\Windows\System\BZZEIoH.exe
  C:\Windows\System\BZZEIoH.exe
  2⤵
  PID:5140
- C:\Windows\System\VeCuWzT.exe
  C:\Windows\System\VeCuWzT.exe
  2⤵
  PID:5168
- C:\Windows\System\NnBySQZ.exe
  C:\Windows\System\NnBySQZ.exe
  2⤵
  PID:5196
- C:\Windows\System\JeECQsF.exe
  C:\Windows\System\JeECQsF.exe
  2⤵
  PID:5228
- C:\Windows\System\bfTYrMa.exe
  C:\Windows\System\bfTYrMa.exe
  2⤵
  PID:5252
- C:\Windows\System\cDQoyRL.exe
  C:\Windows\System\cDQoyRL.exe
  2⤵
  PID:5280
- C:\Windows\System\ZlPhnSl.exe
  C:\Windows\System\ZlPhnSl.exe
  2⤵
  PID:5308
- C:\Windows\System\XAHvZTK.exe
  C:\Windows\System\XAHvZTK.exe
  2⤵
  PID:5336
- C:\Windows\System\dNyaKjm.exe
  C:\Windows\System\dNyaKjm.exe
  2⤵
  PID:5364
- C:\Windows\System\NTmpcsi.exe
  C:\Windows\System\NTmpcsi.exe
  2⤵
  PID:5392
- C:\Windows\System\GZwVHQG.exe
  C:\Windows\System\GZwVHQG.exe
  2⤵
  PID:5420
- C:\Windows\System\aVYhLeu.exe
  C:\Windows\System\aVYhLeu.exe
  2⤵
  PID:5448
- C:\Windows\System\RXGizYI.exe
  C:\Windows\System\RXGizYI.exe
  2⤵
  PID:5476
- C:\Windows\System\KBzWJkD.exe
  C:\Windows\System\KBzWJkD.exe
  2⤵
  PID:5504
- C:\Windows\System\FNoIgaD.exe
  C:\Windows\System\FNoIgaD.exe
  2⤵
  PID:5532
- C:\Windows\System\nOFXGix.exe
  C:\Windows\System\nOFXGix.exe
  2⤵
  PID:5560
- C:\Windows\System\UGKBEUR.exe
  C:\Windows\System\UGKBEUR.exe
  2⤵
  PID:5588
- C:\Windows\System\GMIvKIe.exe
  C:\Windows\System\GMIvKIe.exe
  2⤵
  PID:5616
- C:\Windows\System\ioDhcJn.exe
  C:\Windows\System\ioDhcJn.exe
  2⤵
  PID:5644
- C:\Windows\System\JDbwfba.exe
  C:\Windows\System\JDbwfba.exe
  2⤵
  PID:5672
- C:\Windows\System\TkxshPB.exe
  C:\Windows\System\TkxshPB.exe
  2⤵
  PID:5700
- C:\Windows\System\Gcwmirh.exe
  C:\Windows\System\Gcwmirh.exe
  2⤵
  PID:5728
- C:\Windows\System\CofwhTQ.exe
  C:\Windows\System\CofwhTQ.exe
  2⤵
  PID:5756
- C:\Windows\System\yeJTZrm.exe
  C:\Windows\System\yeJTZrm.exe
  2⤵
  PID:5784
- C:\Windows\System\XGGKzlG.exe
  C:\Windows\System\XGGKzlG.exe
  2⤵
  PID:5812
- C:\Windows\System\LhQClFh.exe
  C:\Windows\System\LhQClFh.exe
  2⤵
  PID:5840
- C:\Windows\System\NbnISAP.exe
  C:\Windows\System\NbnISAP.exe
  2⤵
  PID:5868
- C:\Windows\System\zSWssxA.exe
  C:\Windows\System\zSWssxA.exe
  2⤵
  PID:5896
- C:\Windows\System\JSDirNQ.exe
  C:\Windows\System\JSDirNQ.exe
  2⤵
  PID:5928
- C:\Windows\System\eQLLUSA.exe
  C:\Windows\System\eQLLUSA.exe
  2⤵
  PID:5952
- C:\Windows\System\wGhhRAP.exe
  C:\Windows\System\wGhhRAP.exe
  2⤵
  PID:5980
- C:\Windows\System\swZBjNE.exe
  C:\Windows\System\swZBjNE.exe
  2⤵
  PID:6008
- C:\Windows\System\rSRpisY.exe
  C:\Windows\System\rSRpisY.exe
  2⤵
  PID:6036
- C:\Windows\System\oPLhkcp.exe
  C:\Windows\System\oPLhkcp.exe
  2⤵
  PID:6064
- C:\Windows\System\AyiRrGu.exe
  C:\Windows\System\AyiRrGu.exe
  2⤵
  PID:6092
- C:\Windows\System\oVcTFmB.exe
  C:\Windows\System\oVcTFmB.exe
  2⤵
  PID:6120
- C:\Windows\System\GCJzIOT.exe
  C:\Windows\System\GCJzIOT.exe
  2⤵
  PID:3648
- C:\Windows\System\bVynYlT.exe
  C:\Windows\System\bVynYlT.exe
  2⤵
  PID:772
- C:\Windows\System\TZnCJDZ.exe
  C:\Windows\System\TZnCJDZ.exe
  2⤵
  PID:2368
- C:\Windows\System\pXTnekD.exe
  C:\Windows\System\pXTnekD.exe
  2⤵
  PID:5092
- C:\Windows\System\JlwYaHX.exe
  C:\Windows\System\JlwYaHX.exe
  2⤵
  PID:3096
- C:\Windows\System\ArWODHp.exe
  C:\Windows\System\ArWODHp.exe
  2⤵
  PID:1824
- C:\Windows\System\TxVkwkS.exe
  C:\Windows\System\TxVkwkS.exe
  2⤵
  PID:5160
- C:\Windows\System\pNKGYAe.exe
  C:\Windows\System\pNKGYAe.exe
  2⤵
  PID:5236
- C:\Windows\System\PpOEpaj.exe
  C:\Windows\System\PpOEpaj.exe
  2⤵
  PID:5296
- C:\Windows\System\rsjOETt.exe
  C:\Windows\System\rsjOETt.exe
  2⤵
  PID:5376
- C:\Windows\System\lXqfOoq.exe
  C:\Windows\System\lXqfOoq.exe
  2⤵
  PID:5432
- C:\Windows\System\qSTHizk.exe
  C:\Windows\System\qSTHizk.exe
  2⤵
  PID:5492
- C:\Windows\System\CuVeTOw.exe
  C:\Windows\System\CuVeTOw.exe
  2⤵
  PID:5552
- C:\Windows\System\UjIZTWW.exe
  C:\Windows\System\UjIZTWW.exe
  2⤵
  PID:5628
- C:\Windows\System\IVlCwHb.exe
  C:\Windows\System\IVlCwHb.exe
  2⤵
  PID:5688
- C:\Windows\System\twkRObC.exe
  C:\Windows\System\twkRObC.exe
  2⤵
  PID:5748
- C:\Windows\System\fLcBnXG.exe
  C:\Windows\System\fLcBnXG.exe
  2⤵
  PID:5824
- C:\Windows\System\lkkGFJK.exe
  C:\Windows\System\lkkGFJK.exe
  2⤵
  PID:5880
- C:\Windows\System\qhtzSfF.exe
  C:\Windows\System\qhtzSfF.exe
  2⤵
  PID:5944
- C:\Windows\System\BTLYwcc.exe
  C:\Windows\System\BTLYwcc.exe
  2⤵
  PID:6000
- C:\Windows\System\gTpycFi.exe
  C:\Windows\System\gTpycFi.exe
  2⤵
  PID:6076
- C:\Windows\System\lFqIzfV.exe
  C:\Windows\System\lFqIzfV.exe
  2⤵
  PID:6136
- C:\Windows\System\JLoSKUO.exe
  C:\Windows\System\JLoSKUO.exe
  2⤵
  PID:3728
- C:\Windows\System\mpxdhuC.exe
  C:\Windows\System\mpxdhuC.exe
  2⤵
  PID:3656
- C:\Windows\System\bgoHhzd.exe
  C:\Windows\System\bgoHhzd.exe
  2⤵
  PID:5208
- C:\Windows\System\BBzbdRY.exe
  C:\Windows\System\BBzbdRY.exe
  2⤵
  PID:5384
- C:\Windows\System\AUqiXpI.exe
  C:\Windows\System\AUqiXpI.exe
  2⤵
  PID:5520
- C:\Windows\System\LlyFtUY.exe
  C:\Windows\System\LlyFtUY.exe
  2⤵
  PID:5660
- C:\Windows\System\aaOLKuH.exe
  C:\Windows\System\aaOLKuH.exe
  2⤵
  PID:5800
- C:\Windows\System\MXUBwGV.exe
  C:\Windows\System\MXUBwGV.exe
  2⤵
  PID:5968
- C:\Windows\System\swjCZtg.exe
  C:\Windows\System\swjCZtg.exe
  2⤵
  PID:3560
- C:\Windows\System\gWwEXhK.exe
  C:\Windows\System\gWwEXhK.exe
  2⤵
  PID:1648
- C:\Windows\System\rFcfLKB.exe
  C:\Windows\System\rFcfLKB.exe
  2⤵
  PID:6172
- C:\Windows\System\ifgrTHI.exe
  C:\Windows\System\ifgrTHI.exe
  2⤵
  PID:6200
- C:\Windows\System\khCiAxR.exe
  C:\Windows\System\khCiAxR.exe
  2⤵
  PID:6228
- C:\Windows\System\VeQSGAP.exe
  C:\Windows\System\VeQSGAP.exe
  2⤵
  PID:6256
- C:\Windows\System\XwwrhoG.exe
  C:\Windows\System\XwwrhoG.exe
  2⤵
  PID:6284
- C:\Windows\System\sRpjOjw.exe
  C:\Windows\System\sRpjOjw.exe
  2⤵
  PID:6312
- C:\Windows\System\hgRgOCG.exe
  C:\Windows\System\hgRgOCG.exe
  2⤵
  PID:6340
- C:\Windows\System\isXMbwQ.exe
  C:\Windows\System\isXMbwQ.exe
  2⤵
  PID:6368
- C:\Windows\System\wccVyYI.exe
  C:\Windows\System\wccVyYI.exe
  2⤵
  PID:6396
- C:\Windows\System\bxejGVe.exe
  C:\Windows\System\bxejGVe.exe
  2⤵
  PID:6424
- C:\Windows\System\JVyHAfM.exe
  C:\Windows\System\JVyHAfM.exe
  2⤵
  PID:6452
- C:\Windows\System\gtXDWTC.exe
  C:\Windows\System\gtXDWTC.exe
  2⤵
  PID:6480
- C:\Windows\System\oyoJNjD.exe
  C:\Windows\System\oyoJNjD.exe
  2⤵
  PID:6508
- C:\Windows\System\qbuplTJ.exe
  C:\Windows\System\qbuplTJ.exe
  2⤵
  PID:6536
- C:\Windows\System\SMdLojS.exe
  C:\Windows\System\SMdLojS.exe
  2⤵
  PID:6564
- C:\Windows\System\RqkzAFx.exe
  C:\Windows\System\RqkzAFx.exe
  2⤵
  PID:6592
- C:\Windows\System\WzTCVAC.exe
  C:\Windows\System\WzTCVAC.exe
  2⤵
  PID:6620
- C:\Windows\System\XuthDVx.exe
  C:\Windows\System\XuthDVx.exe
  2⤵
  PID:6648
- C:\Windows\System\LQlLaYf.exe
  C:\Windows\System\LQlLaYf.exe
  2⤵
  PID:6676
- C:\Windows\System\EiQKfbS.exe
  C:\Windows\System\EiQKfbS.exe
  2⤵
  PID:6704
- C:\Windows\System\VSMmeEJ.exe
  C:\Windows\System\VSMmeEJ.exe
  2⤵
  PID:6732
- C:\Windows\System\CAWcDyz.exe
  C:\Windows\System\CAWcDyz.exe
  2⤵
  PID:6760
- C:\Windows\System\LEXbCmL.exe
  C:\Windows\System\LEXbCmL.exe
  2⤵
  PID:6788
- C:\Windows\System\JQrJDRI.exe
  C:\Windows\System\JQrJDRI.exe
  2⤵
  PID:6816
- C:\Windows\System\QhslHGP.exe
  C:\Windows\System\QhslHGP.exe
  2⤵
  PID:6844
- C:\Windows\System\iNbWwyN.exe
  C:\Windows\System\iNbWwyN.exe
  2⤵
  PID:6872
- C:\Windows\System\abttfSe.exe
  C:\Windows\System\abttfSe.exe
  2⤵
  PID:6900
- C:\Windows\System\hGUDouJ.exe
  C:\Windows\System\hGUDouJ.exe
  2⤵
  PID:6928
- C:\Windows\System\MrTFssn.exe
  C:\Windows\System\MrTFssn.exe
  2⤵
  PID:6956
- C:\Windows\System\nlPFnxy.exe
  C:\Windows\System\nlPFnxy.exe
  2⤵
  PID:6984
- C:\Windows\System\SjNyuXL.exe
  C:\Windows\System\SjNyuXL.exe
  2⤵
  PID:7012
- C:\Windows\System\ldZtGOD.exe
  C:\Windows\System\ldZtGOD.exe
  2⤵
  PID:7040
- C:\Windows\System\KPHaUgF.exe
  C:\Windows\System\KPHaUgF.exe
  2⤵
  PID:7068
- C:\Windows\System\dPRwreh.exe
  C:\Windows\System\dPRwreh.exe
  2⤵
  PID:7096
- C:\Windows\System\tCxsTPF.exe
  C:\Windows\System\tCxsTPF.exe
  2⤵
  PID:7124
- C:\Windows\System\nyDABbw.exe
  C:\Windows\System\nyDABbw.exe
  2⤵
  PID:7152
- C:\Windows\System\QjGEbvD.exe
  C:\Windows\System\QjGEbvD.exe
  2⤵
  PID:5132
- C:\Windows\System\ZUhUjKf.exe
  C:\Windows\System\ZUhUjKf.exe
  2⤵
  PID:5468
- C:\Windows\System\TFRiBZr.exe
  C:\Windows\System\TFRiBZr.exe
  2⤵
  PID:5776
- C:\Windows\System\YMwDwkX.exe
  C:\Windows\System\YMwDwkX.exe
  2⤵
  PID:1592
- C:\Windows\System\jgAefan.exe
  C:\Windows\System\jgAefan.exe
  2⤵
  PID:6188
- C:\Windows\System\TTLjlAb.exe
  C:\Windows\System\TTLjlAb.exe
  2⤵
  PID:6248
- C:\Windows\System\nJhVtNB.exe
  C:\Windows\System\nJhVtNB.exe
  2⤵
  PID:6324
- C:\Windows\System\RVGQewD.exe
  C:\Windows\System\RVGQewD.exe
  2⤵
  PID:6380
- C:\Windows\System\GCiPRIt.exe
  C:\Windows\System\GCiPRIt.exe
  2⤵
  PID:6440
- C:\Windows\System\ADcUvWz.exe
  C:\Windows\System\ADcUvWz.exe
  2⤵
  PID:6500
- C:\Windows\System\HMAYkeF.exe
  C:\Windows\System\HMAYkeF.exe
  2⤵
  PID:6576
- C:\Windows\System\YirLWci.exe
  C:\Windows\System\YirLWci.exe
  2⤵
  PID:6632
- C:\Windows\System\klEDatp.exe
  C:\Windows\System\klEDatp.exe
  2⤵
  PID:6664
- C:\Windows\System\rwpkcxH.exe
  C:\Windows\System\rwpkcxH.exe
  2⤵
  PID:6724
- C:\Windows\System\LNRrIRr.exe
  C:\Windows\System\LNRrIRr.exe
  2⤵
  PID:6800
- C:\Windows\System\TcBZrgc.exe
  C:\Windows\System\TcBZrgc.exe
  2⤵
  PID:6860
- C:\Windows\System\XCXdCoW.exe
  C:\Windows\System\XCXdCoW.exe
  2⤵
  PID:6920
- C:\Windows\System\ymwNIEP.exe
  C:\Windows\System\ymwNIEP.exe
  2⤵
  PID:6996
- C:\Windows\System\gNHrLEG.exe
  C:\Windows\System\gNHrLEG.exe
  2⤵
  PID:7056
- C:\Windows\System\YvREBvl.exe
  C:\Windows\System\YvREBvl.exe
  2⤵
  PID:7116
- C:\Windows\System\CMlJeCx.exe
  C:\Windows\System\CMlJeCx.exe
  2⤵
  PID:3940
- C:\Windows\System\glFfdOf.exe
  C:\Windows\System\glFfdOf.exe
  2⤵
  PID:5412
- C:\Windows\System\wgbhIex.exe
  C:\Windows\System\wgbhIex.exe
  2⤵
  PID:6156
- C:\Windows\System\PSenyXP.exe
  C:\Windows\System\PSenyXP.exe
  2⤵
  PID:6296
- C:\Windows\System\rXyHVPJ.exe
  C:\Windows\System\rXyHVPJ.exe
  2⤵
  PID:6412
- C:\Windows\System\MWTiYgl.exe
  C:\Windows\System\MWTiYgl.exe
  2⤵
  PID:6492
- C:\Windows\System\BkwXRLM.exe
  C:\Windows\System\BkwXRLM.exe
  2⤵
  PID:4988
- C:\Windows\System\CsSJvYW.exe
  C:\Windows\System\CsSJvYW.exe
  2⤵
  PID:6696
- C:\Windows\System\WaaTrtF.exe
  C:\Windows\System\WaaTrtF.exe
  2⤵
  PID:6772
- C:\Windows\System\FmxaYyK.exe
  C:\Windows\System\FmxaYyK.exe
  2⤵
  PID:6892
- C:\Windows\System\aritDQg.exe
  C:\Windows\System\aritDQg.exe
  2⤵
  PID:7140
- C:\Windows\System\ZbrZTmE.exe
  C:\Windows\System\ZbrZTmE.exe
  2⤵
  PID:5720
- C:\Windows\System\sNjuJsU.exe
  C:\Windows\System\sNjuJsU.exe
  2⤵
  PID:6220
- C:\Windows\System\zxxgepA.exe
  C:\Windows\System\zxxgepA.exe
  2⤵
  PID:1320
- C:\Windows\System\JKhwFJX.exe
  C:\Windows\System\JKhwFJX.exe
  2⤵
  PID:6604
- C:\Windows\System\BXGOEwQ.exe
  C:\Windows\System\BXGOEwQ.exe
  2⤵
  PID:4252
- C:\Windows\System\hAKBOaN.exe
  C:\Windows\System\hAKBOaN.exe
  2⤵
  PID:4512
- C:\Windows\System\WITvjEa.exe
  C:\Windows\System\WITvjEa.exe
  2⤵
  PID:3200
- C:\Windows\System\EVKJtsB.exe
  C:\Windows\System\EVKJtsB.exe
  2⤵
  PID:4276
- C:\Windows\System\mmckekw.exe
  C:\Windows\System\mmckekw.exe
  2⤵
  PID:4640
- C:\Windows\System\crnzgGv.exe
  C:\Windows\System\crnzgGv.exe
  2⤵
  PID:6836
- C:\Windows\System\ujtyexC.exe
  C:\Windows\System\ujtyexC.exe
  2⤵
  PID:6552
- C:\Windows\System\bjWMkSO.exe
  C:\Windows\System\bjWMkSO.exe
  2⤵
  PID:1148
- C:\Windows\System\JWrBrtm.exe
  C:\Windows\System\JWrBrtm.exe
  2⤵
  PID:7196
- C:\Windows\System\ShDQMOY.exe
  C:\Windows\System\ShDQMOY.exe
  2⤵
  PID:7212
- C:\Windows\System\OyWVrha.exe
  C:\Windows\System\OyWVrha.exe
  2⤵
  PID:7228
- C:\Windows\System\YRLkRYE.exe
  C:\Windows\System\YRLkRYE.exe
  2⤵
  PID:7252
- C:\Windows\System\rlmJYRr.exe
  C:\Windows\System\rlmJYRr.exe
  2⤵
  PID:7280
- C:\Windows\System\RjeYenP.exe
  C:\Windows\System\RjeYenP.exe
  2⤵
  PID:7308
- C:\Windows\System\ZgxbnPO.exe
  C:\Windows\System\ZgxbnPO.exe
  2⤵
  PID:7332
- C:\Windows\System\LTRLwSb.exe
  C:\Windows\System\LTRLwSb.exe
  2⤵
  PID:7356
- C:\Windows\System\XHlJTTv.exe
  C:\Windows\System\XHlJTTv.exe
  2⤵
  PID:7384
- C:\Windows\System\RTAJCQX.exe
  C:\Windows\System\RTAJCQX.exe
  2⤵
  PID:7412
- C:\Windows\System\zxqiLIr.exe
  C:\Windows\System\zxqiLIr.exe
  2⤵
  PID:7444
- C:\Windows\System\PGJDePc.exe
  C:\Windows\System\PGJDePc.exe
  2⤵
  PID:7460
- C:\Windows\System\raRtJZj.exe
  C:\Windows\System\raRtJZj.exe
  2⤵
  PID:7488
- C:\Windows\System\wNziYLI.exe
  C:\Windows\System\wNziYLI.exe
  2⤵
  PID:7516
- C:\Windows\System\alsXDku.exe
  C:\Windows\System\alsXDku.exe
  2⤵
  PID:7604
- C:\Windows\System\mqjbRWd.exe
  C:\Windows\System\mqjbRWd.exe
  2⤵
  PID:7644
- C:\Windows\System\lVzpRmM.exe
  C:\Windows\System\lVzpRmM.exe
  2⤵
  PID:7672
- C:\Windows\System\rMrhYMT.exe
  C:\Windows\System\rMrhYMT.exe
  2⤵
  PID:7700
- C:\Windows\System\ZbCFJHr.exe
  C:\Windows\System\ZbCFJHr.exe
  2⤵
  PID:7728
- C:\Windows\System\idrVPDX.exe
  C:\Windows\System\idrVPDX.exe
  2⤵
  PID:7760
- C:\Windows\System\IJFhwHS.exe
  C:\Windows\System\IJFhwHS.exe
  2⤵
  PID:7788
- C:\Windows\System\CzdaKGz.exe
  C:\Windows\System\CzdaKGz.exe
  2⤵
  PID:7808
- C:\Windows\System\CflEqTx.exe
  C:\Windows\System\CflEqTx.exe
  2⤵
  PID:7844
- C:\Windows\System\AxtnqKc.exe
  C:\Windows\System\AxtnqKc.exe
  2⤵
  PID:7872
- C:\Windows\System\fImqmmi.exe
  C:\Windows\System\fImqmmi.exe
  2⤵
  PID:7900
- C:\Windows\System\RmNDgOs.exe
  C:\Windows\System\RmNDgOs.exe
  2⤵
  PID:7928
- C:\Windows\System\hGeAhTp.exe
  C:\Windows\System\hGeAhTp.exe
  2⤵
  PID:7964
- C:\Windows\System\IpoGYRD.exe
  C:\Windows\System\IpoGYRD.exe
  2⤵
  PID:7984
- C:\Windows\System\SqtRymw.exe
  C:\Windows\System\SqtRymw.exe
  2⤵
  PID:8000
- C:\Windows\System\qgnCMoh.exe
  C:\Windows\System\qgnCMoh.exe
  2⤵
  PID:8040
- C:\Windows\System\EbNGhmY.exe
  C:\Windows\System\EbNGhmY.exe
  2⤵
  PID:8056
- C:\Windows\System\jvSpYiL.exe
  C:\Windows\System\jvSpYiL.exe
  2⤵
  PID:8096
- C:\Windows\System\ugNzXAV.exe
  C:\Windows\System\ugNzXAV.exe
  2⤵
  PID:8124
- C:\Windows\System\gWVlhQm.exe
  C:\Windows\System\gWVlhQm.exe
  2⤵
  PID:8152
- C:\Windows\System\PKMZuHo.exe
  C:\Windows\System\PKMZuHo.exe
  2⤵
  PID:8184
- C:\Windows\System\LjKpLHk.exe
  C:\Windows\System\LjKpLHk.exe
  2⤵
  PID:3628
- C:\Windows\System\bYCitMR.exe
  C:\Windows\System\bYCitMR.exe
  2⤵
  PID:7240
- C:\Windows\System\NNpmRyV.exe
  C:\Windows\System\NNpmRyV.exe
  2⤵
  PID:7272
- C:\Windows\System\bhkXiEM.exe
  C:\Windows\System\bhkXiEM.exe
  2⤵
  PID:7348
- C:\Windows\System\hKBpgCX.exe
  C:\Windows\System\hKBpgCX.exe
  2⤵
  PID:4000
- C:\Windows\System\mvZESXs.exe
  C:\Windows\System\mvZESXs.exe
  2⤵
  PID:7396
- C:\Windows\System\kcMaDLN.exe
  C:\Windows\System\kcMaDLN.exe
  2⤵
  PID:7452
- C:\Windows\System\gMZbYwn.exe
  C:\Windows\System\gMZbYwn.exe
  2⤵
  PID:7536
- C:\Windows\System\fKLSGLE.exe
  C:\Windows\System\fKLSGLE.exe
  2⤵
  PID:7556
- C:\Windows\System\laUFKSA.exe
  C:\Windows\System\laUFKSA.exe
  2⤵
  PID:7624
- C:\Windows\System\nmIOGDp.exe
  C:\Windows\System\nmIOGDp.exe
  2⤵
  PID:7664
- C:\Windows\System\Tqidllx.exe
  C:\Windows\System\Tqidllx.exe
  2⤵
  PID:7752
- C:\Windows\System\UUPMXmU.exe
  C:\Windows\System\UUPMXmU.exe
  2⤵
  PID:7816
- C:\Windows\System\AbYsJjQ.exe
  C:\Windows\System\AbYsJjQ.exe
  2⤵
  PID:7884
- C:\Windows\System\JyYOfhu.exe
  C:\Windows\System\JyYOfhu.exe
  2⤵
  PID:7972
- C:\Windows\System\GYyaMeo.exe
  C:\Windows\System\GYyaMeo.exe
  2⤵
  PID:8048
- C:\Windows\System\PinfABu.exe
  C:\Windows\System\PinfABu.exe
  2⤵
  PID:8112
- C:\Windows\System\afVcjgr.exe
  C:\Windows\System\afVcjgr.exe
  2⤵
  PID:8140
- C:\Windows\System\sPmgCTY.exe
  C:\Windows\System\sPmgCTY.exe
  2⤵
  PID:7208
- C:\Windows\System\OOyEzuS.exe
  C:\Windows\System\OOyEzuS.exe
  2⤵
  PID:1608
- C:\Windows\System\HfgEYxd.exe
  C:\Windows\System\HfgEYxd.exe
  2⤵
  PID:4720
- C:\Windows\System\PMiqzAz.exe
  C:\Windows\System\PMiqzAz.exe
  2⤵
  PID:7504
- C:\Windows\System\coWQtdO.exe
  C:\Windows\System\coWQtdO.exe
  2⤵
  PID:7712
- C:\Windows\System\PmjgzrD.exe
  C:\Windows\System\PmjgzrD.exe
  2⤵
  PID:5100
- C:\Windows\System\bnmoIzw.exe
  C:\Windows\System\bnmoIzw.exe
  2⤵
  PID:7940
- C:\Windows\System\KnMdxvS.exe
  C:\Windows\System\KnMdxvS.exe
  2⤵
  PID:8076
- C:\Windows\System\TxHXRpX.exe
  C:\Windows\System\TxHXRpX.exe
  2⤵
  PID:1576
- C:\Windows\System\uoQkcWC.exe
  C:\Windows\System\uoQkcWC.exe
  2⤵
  PID:7612
- C:\Windows\System\OJVeUST.exe
  C:\Windows\System\OJVeUST.exe
  2⤵
  PID:8028
- C:\Windows\System\JrKkPZa.exe
  C:\Windows\System\JrKkPZa.exe
  2⤵
  PID:7480
- C:\Windows\System\ldqKayX.exe
  C:\Windows\System\ldqKayX.exe
  2⤵
  PID:4836
- C:\Windows\System\CadYbxM.exe
  C:\Windows\System\CadYbxM.exe
  2⤵
  PID:8208
- C:\Windows\System\FDyjRzB.exe
  C:\Windows\System\FDyjRzB.exe
  2⤵
  PID:8228
- C:\Windows\System\sTigcwI.exe
  C:\Windows\System\sTigcwI.exe
  2⤵
  PID:8252
- C:\Windows\System\WZgUIZb.exe
  C:\Windows\System\WZgUIZb.exe
  2⤵
  PID:8280
- C:\Windows\System\sJxlxvt.exe
  C:\Windows\System\sJxlxvt.exe
  2⤵
  PID:8316
- C:\Windows\System\luKCvOY.exe
  C:\Windows\System\luKCvOY.exe
  2⤵
  PID:8340
- C:\Windows\System\UznmBtU.exe
  C:\Windows\System\UznmBtU.exe
  2⤵
  PID:8376
- C:\Windows\System\jIrYxfT.exe
  C:\Windows\System\jIrYxfT.exe
  2⤵
  PID:8404
- C:\Windows\System\KkIZXaF.exe
  C:\Windows\System\KkIZXaF.exe
  2⤵
  PID:8436
- C:\Windows\System\MPmTAvN.exe
  C:\Windows\System\MPmTAvN.exe
  2⤵
  PID:8464
- C:\Windows\System\sKwvNtq.exe
  C:\Windows\System\sKwvNtq.exe
  2⤵
  PID:8484
- C:\Windows\System\ApjKSBY.exe
  C:\Windows\System\ApjKSBY.exe
  2⤵
  PID:8508
- C:\Windows\System\hJdXVvF.exe
  C:\Windows\System\hJdXVvF.exe
  2⤵
  PID:8540
- C:\Windows\System\IhIccNQ.exe
  C:\Windows\System\IhIccNQ.exe
  2⤵
  PID:8564
- C:\Windows\System\VOxCSoQ.exe
  C:\Windows\System\VOxCSoQ.exe
  2⤵
  PID:8592
- C:\Windows\System\evttAZC.exe
  C:\Windows\System\evttAZC.exe
  2⤵
  PID:8620
- C:\Windows\System\LPNzvme.exe
  C:\Windows\System\LPNzvme.exe
  2⤵
  PID:8664
- C:\Windows\System\YouYFGY.exe
  C:\Windows\System\YouYFGY.exe
  2⤵
  PID:8700
- C:\Windows\System\WzuOOlR.exe
  C:\Windows\System\WzuOOlR.exe
  2⤵
  PID:8720
- C:\Windows\System\BDJDCJo.exe
  C:\Windows\System\BDJDCJo.exe
  2⤵
  PID:8744
- C:\Windows\System\yKKedIx.exe
  C:\Windows\System\yKKedIx.exe
  2⤵
  PID:8772
- C:\Windows\System\XTbJalu.exe
  C:\Windows\System\XTbJalu.exe
  2⤵
  PID:8800
- C:\Windows\System\ZOYDSbF.exe
  C:\Windows\System\ZOYDSbF.exe
  2⤵
  PID:8856
- C:\Windows\System\JCwxgDW.exe
  C:\Windows\System\JCwxgDW.exe
  2⤵
  PID:8876
- C:\Windows\System\xUbwWXH.exe
  C:\Windows\System\xUbwWXH.exe
  2⤵
  PID:8920
- C:\Windows\System\BZJMKYQ.exe
  C:\Windows\System\BZJMKYQ.exe
  2⤵
  PID:8936
- C:\Windows\System\pqCSFZQ.exe
  C:\Windows\System\pqCSFZQ.exe
  2⤵
  PID:8964
- C:\Windows\System\xelrpgk.exe
  C:\Windows\System\xelrpgk.exe
  2⤵
  PID:9004
- C:\Windows\System\wxSdIcX.exe
  C:\Windows\System\wxSdIcX.exe
  2⤵
  PID:9032
- C:\Windows\System\dEXDgjm.exe
  C:\Windows\System\dEXDgjm.exe
  2⤵
  PID:9060
- C:\Windows\System\bEFKuLm.exe
  C:\Windows\System\bEFKuLm.exe
  2⤵
  PID:9076
- C:\Windows\System\xSyPLoX.exe
  C:\Windows\System\xSyPLoX.exe
  2⤵
  PID:9104
- C:\Windows\System\EDzbQWa.exe
  C:\Windows\System\EDzbQWa.exe
  2⤵
  PID:9144
- C:\Windows\System\IazGsgj.exe
  C:\Windows\System\IazGsgj.exe
  2⤵
  PID:9164
- C:\Windows\System\lYGjMij.exe
  C:\Windows\System\lYGjMij.exe
  2⤵
  PID:9184
- C:\Windows\System\DSkNtnS.exe
  C:\Windows\System\DSkNtnS.exe
  2⤵
  PID:8236
- C:\Windows\System\DskEzMA.exe
  C:\Windows\System\DskEzMA.exe
  2⤵
  PID:8292
- C:\Windows\System\XbSXchc.exe
  C:\Windows\System\XbSXchc.exe
  2⤵
  PID:8356
- C:\Windows\System\zfpOxeI.exe
  C:\Windows\System\zfpOxeI.exe
  2⤵
  PID:8424
- C:\Windows\System\LOiAMYe.exe
  C:\Windows\System\LOiAMYe.exe
  2⤵
  PID:7180
- C:\Windows\System\mrICXbk.exe
  C:\Windows\System\mrICXbk.exe
  2⤵
  PID:7544
- C:\Windows\System\KplhuHL.exe
  C:\Windows\System\KplhuHL.exe
  2⤵
  PID:8480
- C:\Windows\System\cRpDujN.exe
  C:\Windows\System\cRpDujN.exe
  2⤵
  PID:8560
- C:\Windows\System\PGKzVPs.exe
  C:\Windows\System\PGKzVPs.exe
  2⤵
  PID:8604
- C:\Windows\System\NHyyYlS.exe
  C:\Windows\System\NHyyYlS.exe
  2⤵
  PID:8736
- C:\Windows\System\gqydKOZ.exe
  C:\Windows\System\gqydKOZ.exe
  2⤵
  PID:8784
- C:\Windows\System\KTylZZZ.exe
  C:\Windows\System\KTylZZZ.exe
  2⤵
  PID:8816
- C:\Windows\System\XhIdWvH.exe
  C:\Windows\System\XhIdWvH.exe
  2⤵
  PID:8932
- C:\Windows\System\shBBIzQ.exe
  C:\Windows\System\shBBIzQ.exe
  2⤵
  PID:8984
- C:\Windows\System\UyYriRy.exe
  C:\Windows\System\UyYriRy.exe
  2⤵
  PID:7268
- C:\Windows\System\dftUggd.exe
  C:\Windows\System\dftUggd.exe
  2⤵
  PID:9124
- C:\Windows\System\QDGTNRT.exe
  C:\Windows\System\QDGTNRT.exe
  2⤵
  PID:9204
- C:\Windows\System\sfPRZas.exe
  C:\Windows\System\sfPRZas.exe
  2⤵
  PID:8264
- C:\Windows\System\nfxvymD.exe
  C:\Windows\System\nfxvymD.exe
  2⤵
  PID:8396
- C:\Windows\System\NyDggrg.exe
  C:\Windows\System\NyDggrg.exe
  2⤵
  PID:7084
- C:\Windows\System\kCksvFQ.exe
  C:\Windows\System\kCksvFQ.exe
  2⤵
  PID:8580
- C:\Windows\System\qbCFXXv.exe
  C:\Windows\System\qbCFXXv.exe
  2⤵
  PID:8756
- C:\Windows\System\qyyacCC.exe
  C:\Windows\System\qyyacCC.exe
  2⤵
  PID:8896
- C:\Windows\System\nDDzoDG.exe
  C:\Windows\System\nDDzoDG.exe
  2⤵
  PID:9100
- C:\Windows\System\WovmniI.exe
  C:\Windows\System\WovmniI.exe
  2⤵
  PID:8204
- C:\Windows\System\eyQFZuc.exe
  C:\Windows\System\eyQFZuc.exe
  2⤵
  PID:8548
- C:\Windows\System\vifsbcQ.exe
  C:\Windows\System\vifsbcQ.exe
  2⤵
  PID:9024
- C:\Windows\System\EVRVxzF.exe
  C:\Windows\System\EVRVxzF.exe
  2⤵
  PID:8448
- C:\Windows\System\AZIhhbK.exe
  C:\Windows\System\AZIhhbK.exe
  2⤵
  PID:8948
- C:\Windows\System\gBCcDqe.exe
  C:\Windows\System\gBCcDqe.exe
  2⤵
  PID:9224
- C:\Windows\System\VrRYKpz.exe
  C:\Windows\System\VrRYKpz.exe
  2⤵
  PID:9244
- C:\Windows\System\GgpEsZq.exe
  C:\Windows\System\GgpEsZq.exe
  2⤵
  PID:9260
- C:\Windows\System\mxHqoii.exe
  C:\Windows\System\mxHqoii.exe
  2⤵
  PID:9284
- C:\Windows\System\CXNZcva.exe
  C:\Windows\System\CXNZcva.exe
  2⤵
  PID:9340
- C:\Windows\System\kwyqBTB.exe
  C:\Windows\System\kwyqBTB.exe
  2⤵
  PID:9368
- C:\Windows\System\FwupdSk.exe
  C:\Windows\System\FwupdSk.exe
  2⤵
  PID:9396
- C:\Windows\System\zoAQXro.exe
  C:\Windows\System\zoAQXro.exe
  2⤵
  PID:9412
- C:\Windows\System\DWsxCWw.exe
  C:\Windows\System\DWsxCWw.exe
  2⤵
  PID:9444
- C:\Windows\System\VIoyyCB.exe
  C:\Windows\System\VIoyyCB.exe
  2⤵
  PID:9468
- C:\Windows\System\uNOxhGV.exe
  C:\Windows\System\uNOxhGV.exe
  2⤵
  PID:9484
- C:\Windows\System\oxzciuq.exe
  C:\Windows\System\oxzciuq.exe
  2⤵
  PID:9536
- C:\Windows\System\bGHqxdG.exe
  C:\Windows\System\bGHqxdG.exe
  2⤵
  PID:9564
- C:\Windows\System\fvoJWqj.exe
  C:\Windows\System\fvoJWqj.exe
  2⤵
  PID:9592
- C:\Windows\System\UlcfVte.exe
  C:\Windows\System\UlcfVte.exe
  2⤵
  PID:9608
- C:\Windows\System\qujAnbN.exe
  C:\Windows\System\qujAnbN.exe
  2⤵
  PID:9648
- C:\Windows\System\CmMQpFl.exe
  C:\Windows\System\CmMQpFl.exe
  2⤵
  PID:9680
- C:\Windows\System\lFhckgX.exe
  C:\Windows\System\lFhckgX.exe
  2⤵
  PID:9708
- C:\Windows\System\GAugYDg.exe
  C:\Windows\System\GAugYDg.exe
  2⤵
  PID:9736
- C:\Windows\System\XhNJkjp.exe
  C:\Windows\System\XhNJkjp.exe
  2⤵
  PID:9752
- C:\Windows\System\jiHfXco.exe
  C:\Windows\System\jiHfXco.exe
  2⤵
  PID:9780
- C:\Windows\System\cJjPmYs.exe
  C:\Windows\System\cJjPmYs.exe
  2⤵
  PID:9824
- C:\Windows\System\vsTyLUp.exe
  C:\Windows\System\vsTyLUp.exe
  2⤵
  PID:9852
- C:\Windows\System\yOmOlNk.exe
  C:\Windows\System\yOmOlNk.exe
  2⤵
  PID:9880
- C:\Windows\System\ewDxtgz.exe
  C:\Windows\System\ewDxtgz.exe
  2⤵
  PID:9908
- C:\Windows\System\mzGJteb.exe
  C:\Windows\System\mzGJteb.exe
  2⤵
  PID:9936
- C:\Windows\System\pKCzbxK.exe
  C:\Windows\System\pKCzbxK.exe
  2⤵
  PID:9964
- C:\Windows\System\XKcXojR.exe
  C:\Windows\System\XKcXojR.exe
  2⤵
  PID:9980
- C:\Windows\System\fEFTNKd.exe
  C:\Windows\System\fEFTNKd.exe
  2⤵
  PID:10004
- C:\Windows\System\hFmRnhF.exe
  C:\Windows\System\hFmRnhF.exe
  2⤵
  PID:10032
- C:\Windows\System\UlRCfhK.exe
  C:\Windows\System\UlRCfhK.exe
  2⤵
  PID:10080
- C:\Windows\System\HOBSqmc.exe
  C:\Windows\System\HOBSqmc.exe
  2⤵
  PID:10108
- C:\Windows\System\ScoApaN.exe
  C:\Windows\System\ScoApaN.exe
  2⤵
  PID:10136
- C:\Windows\System\wepszft.exe
  C:\Windows\System\wepszft.exe
  2⤵
  PID:10164
- C:\Windows\System\kjgReZd.exe
  C:\Windows\System\kjgReZd.exe
  2⤵
  PID:10192
- C:\Windows\System\JwLGwYL.exe
  C:\Windows\System\JwLGwYL.exe
  2⤵
  PID:10208
- C:\Windows\System\DtULYTu.exe
  C:\Windows\System\DtULYTu.exe
  2⤵
  PID:8796
- C:\Windows\System\jaBNYhJ.exe
  C:\Windows\System\jaBNYhJ.exe
  2⤵
  PID:9252
- C:\Windows\System\gRDjWQU.exe
  C:\Windows\System\gRDjWQU.exe
  2⤵
  PID:9308
- C:\Windows\System\fcXBgnv.exe
  C:\Windows\System\fcXBgnv.exe
  2⤵
  PID:9388
- C:\Windows\System\ChNOqfy.exe
  C:\Windows\System\ChNOqfy.exe
  2⤵
  PID:9480
- C:\Windows\System\JArawWP.exe
  C:\Windows\System\JArawWP.exe
  2⤵
  PID:9524
- C:\Windows\System\VcUBWgm.exe
  C:\Windows\System\VcUBWgm.exe
  2⤵
  PID:9624
- C:\Windows\System\nDZeFFe.exe
  C:\Windows\System\nDZeFFe.exe
  2⤵
  PID:9660
- C:\Windows\System\nBqOohf.exe
  C:\Windows\System\nBqOohf.exe
  2⤵
  PID:9212
- C:\Windows\System\eACCwwb.exe
  C:\Windows\System\eACCwwb.exe
  2⤵
  PID:9800
- C:\Windows\System\nwxsueo.exe
  C:\Windows\System\nwxsueo.exe
  2⤵
  PID:9876
- C:\Windows\System\qHmdhxt.exe
  C:\Windows\System\qHmdhxt.exe
  2⤵
  PID:9932
- C:\Windows\System\EtuJLtD.exe
  C:\Windows\System\EtuJLtD.exe
  2⤵
  PID:9996
- C:\Windows\System\Fjucmlp.exe
  C:\Windows\System\Fjucmlp.exe
  2⤵
  PID:10076
- C:\Windows\System\GpcTbRJ.exe
  C:\Windows\System\GpcTbRJ.exe
  2⤵
  PID:10120
- C:\Windows\System\ALntuyd.exe
  C:\Windows\System\ALntuyd.exe
  2⤵
  PID:10200
- C:\Windows\System\SGMYSWo.exe
  C:\Windows\System\SGMYSWo.exe
  2⤵
  PID:9276
- C:\Windows\System\ZqJvEIm.exe
  C:\Windows\System\ZqJvEIm.exe
  2⤵
  PID:9360
- C:\Windows\System\bRFgqJU.exe
  C:\Windows\System\bRFgqJU.exe
  2⤵
  PID:9504
- C:\Windows\System\mTyEpuC.exe
  C:\Windows\System\mTyEpuC.exe
  2⤵
  PID:9692
- C:\Windows\System\CMfeDBt.exe
  C:\Windows\System\CMfeDBt.exe
  2⤵
  PID:9896
- C:\Windows\System\dSjmeIi.exe
  C:\Windows\System\dSjmeIi.exe
  2⤵
  PID:10028
- C:\Windows\System\eigYTwt.exe
  C:\Windows\System\eigYTwt.exe
  2⤵
  PID:10204
- C:\Windows\System\EgwXuOZ.exe
  C:\Windows\System\EgwXuOZ.exe
  2⤵
  PID:9452
- C:\Windows\System\JxhwqJp.exe
  C:\Windows\System\JxhwqJp.exe
  2⤵
  PID:9836
- C:\Windows\System\OuTfaCt.exe
  C:\Windows\System\OuTfaCt.exe
  2⤵
  PID:10100
- C:\Windows\System\XgudhBu.exe
  C:\Windows\System\XgudhBu.exe
  2⤵
  PID:10060
- C:\Windows\System\awkvidm.exe
  C:\Windows\System\awkvidm.exe
  2⤵
  PID:9764
- C:\Windows\System\PjXUSRJ.exe
  C:\Windows\System\PjXUSRJ.exe
  2⤵
  PID:10268
- C:\Windows\System\gjFoqKB.exe
  C:\Windows\System\gjFoqKB.exe
  2⤵
  PID:10296
- C:\Windows\System\CYzjwad.exe
  C:\Windows\System\CYzjwad.exe
  2⤵
  PID:10320
- C:\Windows\System\VJXiNag.exe
  C:\Windows\System\VJXiNag.exe
  2⤵
  PID:10340
- C:\Windows\System\weGzVlh.exe
  C:\Windows\System\weGzVlh.exe
  2⤵
  PID:10380
- C:\Windows\System\VhtiKqD.exe
  C:\Windows\System\VhtiKqD.exe
  2⤵
  PID:10412
- C:\Windows\System\qamHjOX.exe
  C:\Windows\System\qamHjOX.exe
  2⤵
  PID:10440
- C:\Windows\System\MfkgRcO.exe
  C:\Windows\System\MfkgRcO.exe
  2⤵
  PID:10468
- C:\Windows\System\eDbFAnU.exe
  C:\Windows\System\eDbFAnU.exe
  2⤵
  PID:10496
- C:\Windows\System\hqCazZb.exe
  C:\Windows\System\hqCazZb.exe
  2⤵
  PID:10524
- C:\Windows\System\FXXAowB.exe
  C:\Windows\System\FXXAowB.exe
  2⤵
  PID:10552
- C:\Windows\System\zqQkDiz.exe
  C:\Windows\System\zqQkDiz.exe
  2⤵
  PID:10580
- C:\Windows\System\JVqCOSS.exe
  C:\Windows\System\JVqCOSS.exe
  2⤵
  PID:10608
- C:\Windows\System\scCqAQz.exe
  C:\Windows\System\scCqAQz.exe
  2⤵
  PID:10636
- C:\Windows\System\LVnJAWD.exe
  C:\Windows\System\LVnJAWD.exe
  2⤵
  PID:10660
- C:\Windows\System\EAbIaaV.exe
  C:\Windows\System\EAbIaaV.exe
  2⤵
  PID:10680
- C:\Windows\System\XnYmCSB.exe
  C:\Windows\System\XnYmCSB.exe
  2⤵
  PID:10716
- C:\Windows\System\lqKPBBd.exe
  C:\Windows\System\lqKPBBd.exe
  2⤵
  PID:10736
- C:\Windows\System\oUUqOns.exe
  C:\Windows\System\oUUqOns.exe
  2⤵
  PID:10776
- C:\Windows\System\gEOqbPI.exe
  C:\Windows\System\gEOqbPI.exe
  2⤵
  PID:10804
- C:\Windows\System\GMOVGDV.exe
  C:\Windows\System\GMOVGDV.exe
  2⤵
  PID:10832
- C:\Windows\System\aOapaJY.exe
  C:\Windows\System\aOapaJY.exe
  2⤵
  PID:10860
- C:\Windows\System\ZsbvOUV.exe
  C:\Windows\System\ZsbvOUV.exe
  2⤵
  PID:10892
- C:\Windows\System\ZFHkRBz.exe
  C:\Windows\System\ZFHkRBz.exe
  2⤵
  PID:10920
- C:\Windows\System\BkhSlyH.exe
  C:\Windows\System\BkhSlyH.exe
  2⤵
  PID:10948
- C:\Windows\System\qRzYSjk.exe
  C:\Windows\System\qRzYSjk.exe
  2⤵
  PID:10976
- C:\Windows\System\TBwpSDU.exe
  C:\Windows\System\TBwpSDU.exe
  2⤵
  PID:10992
- C:\Windows\System\JSnRtss.exe
  C:\Windows\System\JSnRtss.exe
  2⤵
  PID:11020
- C:\Windows\System\ibEvUzp.exe
  C:\Windows\System\ibEvUzp.exe
  2⤵
  PID:11056
- C:\Windows\System\ehroKwh.exe
  C:\Windows\System\ehroKwh.exe
  2⤵
  PID:11088
- C:\Windows\System\FXhFOHs.exe
  C:\Windows\System\FXhFOHs.exe
  2⤵
  PID:11116
- C:\Windows\System\kFKwPEX.exe
  C:\Windows\System\kFKwPEX.exe
  2⤵
  PID:11144
- C:\Windows\System\znLmabw.exe
  C:\Windows\System\znLmabw.exe
  2⤵
  PID:11176
- C:\Windows\System\fTDwzOK.exe
  C:\Windows\System\fTDwzOK.exe
  2⤵
  PID:11204
- C:\Windows\System\ZplPPYk.exe
  C:\Windows\System\ZplPPYk.exe
  2⤵
  PID:11220
- C:\Windows\System\XTDBQnd.exe
  C:\Windows\System\XTDBQnd.exe
  2⤵
  PID:11248
- C:\Windows\System\vrpwYlb.exe
  C:\Windows\System\vrpwYlb.exe
  2⤵
  PID:10288
- C:\Windows\System\RJDXIGw.exe
  C:\Windows\System\RJDXIGw.exe
  2⤵
  PID:10336
- C:\Windows\System\AQcqAWC.exe
  C:\Windows\System\AQcqAWC.exe
  2⤵
  PID:10428
- C:\Windows\System\KdebwrZ.exe
  C:\Windows\System\KdebwrZ.exe
  2⤵
  PID:10492
- C:\Windows\System\DZJukBk.exe
  C:\Windows\System\DZJukBk.exe
  2⤵
  PID:10568
- C:\Windows\System\PVyqjkv.exe
  C:\Windows\System\PVyqjkv.exe
  2⤵
  PID:10632
- C:\Windows\System\nNaQtnh.exe
  C:\Windows\System\nNaQtnh.exe
  2⤵
  PID:10676
- C:\Windows\System\iFELzDS.exe
  C:\Windows\System\iFELzDS.exe
  2⤵
  PID:10760
- C:\Windows\System\ZwXfyri.exe
  C:\Windows\System\ZwXfyri.exe
  2⤵
  PID:10796
- C:\Windows\System\ehicmKZ.exe
  C:\Windows\System\ehicmKZ.exe
  2⤵
  PID:10876
- C:\Windows\System\AqtBNCm.exe
  C:\Windows\System\AqtBNCm.exe
  2⤵
  PID:10936
- C:\Windows\System\flsEIFj.exe
  C:\Windows\System\flsEIFj.exe
  2⤵
  PID:11032
- C:\Windows\System\GEiZGlA.exe
  C:\Windows\System\GEiZGlA.exe
  2⤵
  PID:11084
- C:\Windows\System\tapocMy.exe
  C:\Windows\System\tapocMy.exe
  2⤵
  PID:11160
- C:\Windows\System\ArSDfjh.exe
  C:\Windows\System\ArSDfjh.exe
  2⤵
  PID:11200
- C:\Windows\System\vUQEomS.exe
  C:\Windows\System\vUQEomS.exe
  2⤵
  PID:10248
- C:\Windows\System\PuzmcQi.exe
  C:\Windows\System\PuzmcQi.exe
  2⤵
  PID:10456
- C:\Windows\System\AAnXhPF.exe
  C:\Windows\System\AAnXhPF.exe
  2⤵
  PID:10604
- C:\Windows\System\JhbOVfD.exe
  C:\Windows\System\JhbOVfD.exe
  2⤵
  PID:10732
- C:\Windows\System\OoKQbsW.exe
  C:\Windows\System\OoKQbsW.exe
  2⤵
  PID:10916
- C:\Windows\System\bPPHKEP.exe
  C:\Windows\System\bPPHKEP.exe
  2⤵
  PID:11012
- C:\Windows\System\TQJAlsh.exe
  C:\Windows\System\TQJAlsh.exe
  2⤵
  PID:11240
- C:\Windows\System\vFLlVOC.exe
  C:\Windows\System\vFLlVOC.exe
  2⤵
  PID:10328
- C:\Windows\System\itmZIeo.exe
  C:\Windows\System\itmZIeo.exe
  2⤵
  PID:10724
- C:\Windows\System\PyKBGPR.exe
  C:\Windows\System\PyKBGPR.exe
  2⤵
  PID:11112
- C:\Windows\System\GimFNeU.exe
  C:\Windows\System\GimFNeU.exe
  2⤵
  PID:10964
- C:\Windows\System\adXbqSp.exe
  C:\Windows\System\adXbqSp.exe
  2⤵
  PID:11280
- C:\Windows\System\lKzecsy.exe
  C:\Windows\System\lKzecsy.exe
  2⤵
  PID:11308
- C:\Windows\System\gwRfZAt.exe
  C:\Windows\System\gwRfZAt.exe
  2⤵
  PID:11336
- C:\Windows\System\AZydfzJ.exe
  C:\Windows\System\AZydfzJ.exe
  2⤵
  PID:11364
- C:\Windows\System\MobTbsg.exe
  C:\Windows\System\MobTbsg.exe
  2⤵
  PID:11380
- C:\Windows\System\dPsAEZs.exe
  C:\Windows\System\dPsAEZs.exe
  2⤵
  PID:11412
- C:\Windows\System\VOXjHSg.exe
  C:\Windows\System\VOXjHSg.exe
  2⤵
  PID:11448
- C:\Windows\System\fBCuYNC.exe
  C:\Windows\System\fBCuYNC.exe
  2⤵
  PID:11464
- C:\Windows\System\LiqLiBw.exe
  C:\Windows\System\LiqLiBw.exe
  2⤵
  PID:11504
- C:\Windows\System\nBPALKF.exe
  C:\Windows\System\nBPALKF.exe
  2⤵
  PID:11520
- C:\Windows\System\CrBtSZJ.exe
  C:\Windows\System\CrBtSZJ.exe
  2⤵
  PID:11540
- C:\Windows\System\pWdlhuH.exe
  C:\Windows\System\pWdlhuH.exe
  2⤵
  PID:11576
- C:\Windows\System\SkWyLUO.exe
  C:\Windows\System\SkWyLUO.exe
  2⤵
  PID:11596
- C:\Windows\System\yVWPmlz.exe
  C:\Windows\System\yVWPmlz.exe
  2⤵
  PID:11632
- C:\Windows\System\bZxRNKs.exe
  C:\Windows\System\bZxRNKs.exe
  2⤵
  PID:11668
- C:\Windows\System\aRzXNrU.exe
  C:\Windows\System\aRzXNrU.exe
  2⤵
  PID:11688
- C:\Windows\System\VVjluCa.exe
  C:\Windows\System\VVjluCa.exe
  2⤵
  PID:11724
- C:\Windows\System\flZncua.exe
  C:\Windows\System\flZncua.exe
  2⤵
  PID:11760
- C:\Windows\System\tQEoXAu.exe
  C:\Windows\System\tQEoXAu.exe
  2⤵
  PID:11780
- C:\Windows\System\VRronBe.exe
  C:\Windows\System\VRronBe.exe
  2⤵
  PID:11816
- C:\Windows\System\bvZTrXM.exe
  C:\Windows\System\bvZTrXM.exe
  2⤵
  PID:11844
- C:\Windows\System\xsUAlXu.exe
  C:\Windows\System\xsUAlXu.exe
  2⤵
  PID:11860
- C:\Windows\System\VGYavJV.exe
  C:\Windows\System\VGYavJV.exe
  2⤵
  PID:11900
- C:\Windows\System\iqInRrH.exe
  C:\Windows\System\iqInRrH.exe
  2⤵
  PID:11928
- C:\Windows\System\mMnevaf.exe
  C:\Windows\System\mMnevaf.exe
  2⤵
  PID:11956
- C:\Windows\System\ajauEST.exe
  C:\Windows\System\ajauEST.exe
  2⤵
  PID:11984
- C:\Windows\System\VUjjQCr.exe
  C:\Windows\System\VUjjQCr.exe
  2⤵
  PID:12004
- C:\Windows\System\eFlBErV.exe
  C:\Windows\System\eFlBErV.exe
  2⤵
  PID:12028
- C:\Windows\System\PutaIVf.exe
  C:\Windows\System\PutaIVf.exe
  2⤵
  PID:12068
- C:\Windows\System\nMLkTyn.exe
  C:\Windows\System\nMLkTyn.exe
  2⤵
  PID:12084
- C:\Windows\System\JALBIiY.exe
  C:\Windows\System\JALBIiY.exe
  2⤵
  PID:12124
- C:\Windows\System\BEsGIkW.exe
  C:\Windows\System\BEsGIkW.exe
  2⤵
  PID:12152
- C:\Windows\System\OyyWqzJ.exe
  C:\Windows\System\OyyWqzJ.exe
  2⤵
  PID:12180
- C:\Windows\System\eKrTZDl.exe
  C:\Windows\System\eKrTZDl.exe
  2⤵
  PID:12208
- C:\Windows\System\hahkzNI.exe
  C:\Windows\System\hahkzNI.exe
  2⤵
  PID:12236
- C:\Windows\System\mVSHFQR.exe
  C:\Windows\System\mVSHFQR.exe
  2⤵
  PID:12264
- C:\Windows\System\XxBIcFk.exe
  C:\Windows\System\XxBIcFk.exe
  2⤵
  PID:10852
- C:\Windows\System\AgIWFCD.exe
  C:\Windows\System\AgIWFCD.exe
  2⤵
  PID:11320
- C:\Windows\System\mpLDJmL.exe
  C:\Windows\System\mpLDJmL.exe
  2⤵
  PID:11420
- C:\Windows\System\giHtHsH.exe
  C:\Windows\System\giHtHsH.exe
  2⤵
  PID:11480
- C:\Windows\System\RsTLoCv.exe
  C:\Windows\System\RsTLoCv.exe
  2⤵
  PID:11556
- C:\Windows\System\xJkZjMs.exe
  C:\Windows\System\xJkZjMs.exe
  2⤵
  PID:11608
- C:\Windows\System\mRMWqvW.exe
  C:\Windows\System\mRMWqvW.exe
  2⤵
  PID:11684
- C:\Windows\System\pXBLUdh.exe
  C:\Windows\System\pXBLUdh.exe
  2⤵
  PID:11712
- C:\Windows\System\jCLGMHM.exe
  C:\Windows\System\jCLGMHM.exe
  2⤵
  PID:11772
- C:\Windows\System\YANrnEN.exe
  C:\Windows\System\YANrnEN.exe
  2⤵
  PID:11856
- C:\Windows\System\qMFPGhA.exe
  C:\Windows\System\qMFPGhA.exe
  2⤵
  PID:11948
- C:\Windows\System\DMshnCr.exe
  C:\Windows\System\DMshnCr.exe
  2⤵
  PID:12000
- C:\Windows\System\AOVsllz.exe
  C:\Windows\System\AOVsllz.exe
  2⤵
  PID:12044
- C:\Windows\System\ptIcGOG.exe
  C:\Windows\System\ptIcGOG.exe
  2⤵
  PID:12096
- C:\Windows\System\NbhhtxN.exe
  C:\Windows\System\NbhhtxN.exe
  2⤵
  PID:12204
- C:\Windows\System\NJITjCS.exe
  C:\Windows\System\NJITjCS.exe
  2⤵
  PID:11300
- C:\Windows\System\YASLqzO.exe
  C:\Windows\System\YASLqzO.exe
  2⤵
  PID:11460
- C:\Windows\System\KvuaMqd.exe
  C:\Windows\System\KvuaMqd.exe
  2⤵
  PID:11644
- C:\Windows\System\QkaFzuc.exe
  C:\Windows\System\QkaFzuc.exe
  2⤵
  PID:11768
- C:\Windows\System\UaJzeEm.exe
  C:\Windows\System\UaJzeEm.exe
  2⤵
  PID:11980
- C:\Windows\System\metDLjM.exe
  C:\Windows\System\metDLjM.exe
  2⤵
  PID:12048
- C:\Windows\System\vrAERbi.exe
  C:\Windows\System\vrAERbi.exe
  2⤵
  PID:12220
- C:\Windows\System\DSFgNgy.exe
  C:\Windows\System\DSFgNgy.exe
  2⤵
  PID:11528
- C:\Windows\System\wyAEWYD.exe
  C:\Windows\System\wyAEWYD.exe
  2⤵
  PID:11896
- C:\Windows\System\ZSGzHlD.exe
  C:\Windows\System\ZSGzHlD.exe
  2⤵
  PID:12168
- C:\Windows\System\MYsWDsy.exe
  C:\Windows\System\MYsWDsy.exe
  2⤵
  PID:12024
- C:\Windows\System\uPnwjkv.exe
  C:\Windows\System\uPnwjkv.exe
  2⤵
  PID:12300
- C:\Windows\System\LcAvvbb.exe
  C:\Windows\System\LcAvvbb.exe
  2⤵
  PID:12328
- C:\Windows\System\MbMDFyk.exe
  C:\Windows\System\MbMDFyk.exe
  2⤵
  PID:12356
- C:\Windows\System\eoJtBEo.exe
  C:\Windows\System\eoJtBEo.exe
  2⤵
  PID:12372
- C:\Windows\System\PlHvENd.exe
  C:\Windows\System\PlHvENd.exe
  2⤵
  PID:12416
- C:\Windows\System\LPndJqU.exe
  C:\Windows\System\LPndJqU.exe
  2⤵
  PID:12444
- C:\Windows\System\rSCPqoU.exe
  C:\Windows\System\rSCPqoU.exe
  2⤵
  PID:12472
- C:\Windows\System\cuRcgXr.exe
  C:\Windows\System\cuRcgXr.exe
  2⤵
  PID:12500
- C:\Windows\System\CghRXvd.exe
  C:\Windows\System\CghRXvd.exe
  2⤵
  PID:12528
- C:\Windows\System\AMaKJet.exe
  C:\Windows\System\AMaKJet.exe
  2⤵
  PID:12556
- C:\Windows\System\nCbhzfM.exe
  C:\Windows\System\nCbhzfM.exe
  2⤵
  PID:12584
- C:\Windows\System\cLgIcGc.exe
  C:\Windows\System\cLgIcGc.exe
  2⤵
  PID:12612
- C:\Windows\System\XfFGwEu.exe
  C:\Windows\System\XfFGwEu.exe
  2⤵
  PID:12640
- C:\Windows\System\RetNIfD.exe
  C:\Windows\System\RetNIfD.exe
  2⤵
  PID:12668
- C:\Windows\System\tYMdukv.exe
  C:\Windows\System\tYMdukv.exe
  2⤵
  PID:12696
- C:\Windows\System\Jdcbebp.exe
  C:\Windows\System\Jdcbebp.exe
  2⤵
  PID:12724
- C:\Windows\System\kyhFZNl.exe
  C:\Windows\System\kyhFZNl.exe
  2⤵
  PID:12752
- C:\Windows\System\OUuRqfp.exe
  C:\Windows\System\OUuRqfp.exe
  2⤵
  PID:12780
- C:\Windows\System\InYjZhU.exe
  C:\Windows\System\InYjZhU.exe
  2⤵
  PID:12808
- C:\Windows\System\QZnjSon.exe
  C:\Windows\System\QZnjSon.exe
  2⤵
  PID:12836
- C:\Windows\System\awWagvv.exe
  C:\Windows\System\awWagvv.exe
  2⤵
  PID:12864
- C:\Windows\System\RRMfXFO.exe
  C:\Windows\System\RRMfXFO.exe
  2⤵
  PID:12892
- C:\Windows\System\jdMRklh.exe
  C:\Windows\System\jdMRklh.exe
  2⤵
  PID:12920
- C:\Windows\System\GxmhPuG.exe
  C:\Windows\System\GxmhPuG.exe
  2⤵
  PID:12948
- C:\Windows\System\cajpBDn.exe
  C:\Windows\System\cajpBDn.exe
  2⤵
  PID:12976
- C:\Windows\System\rdllkyA.exe
  C:\Windows\System\rdllkyA.exe
  2⤵
  PID:13004
- C:\Windows\System\bywUpAn.exe
  C:\Windows\System\bywUpAn.exe
  2⤵
  PID:13032
- C:\Windows\System\QgIEYHz.exe
  C:\Windows\System\QgIEYHz.exe
  2⤵
  PID:13060
- C:\Windows\System\nqmtnyE.exe
  C:\Windows\System\nqmtnyE.exe
  2⤵
  PID:13088
- C:\Windows\System\SCoEkXb.exe
  C:\Windows\System\SCoEkXb.exe
  2⤵
  PID:13116
- C:\Windows\System\QXtchpG.exe
  C:\Windows\System\QXtchpG.exe
  2⤵
  PID:13144
- C:\Windows\System\dLQWjys.exe
  C:\Windows\System\dLQWjys.exe
  2⤵
  PID:13172
- C:\Windows\System\jXHmWRe.exe
  C:\Windows\System\jXHmWRe.exe
  2⤵
  PID:13200
- C:\Windows\System\FOHFWKj.exe
  C:\Windows\System\FOHFWKj.exe
  2⤵
  PID:13228
- C:\Windows\System\GmYxrvt.exe
  C:\Windows\System\GmYxrvt.exe
  2⤵
  PID:13264
- C:\Windows\System\xPSSNMZ.exe
  C:\Windows\System\xPSSNMZ.exe
  2⤵
  PID:13284
- C:\Windows\System\IsiOEhs.exe
  C:\Windows\System\IsiOEhs.exe
  2⤵
  PID:11924
- C:\Windows\System\RkuMQdr.exe
  C:\Windows\System\RkuMQdr.exe
  2⤵
  PID:12344
- C:\Windows\System\LmXCZsA.exe
  C:\Windows\System\LmXCZsA.exe
  2⤵
  PID:12412
- C:\Windows\System\wptOJgz.exe
  C:\Windows\System\wptOJgz.exe
  2⤵
  PID:12468
- C:\Windows\System\heiQYWx.exe
  C:\Windows\System\heiQYWx.exe
  2⤵
  PID:2464
- C:\Windows\System\RjmnZXy.exe
  C:\Windows\System\RjmnZXy.exe
  2⤵
  PID:12600
- C:\Windows\System\stmWmSq.exe
  C:\Windows\System\stmWmSq.exe
  2⤵
  PID:12664
- C:\Windows\System\vkQfOiv.exe
  C:\Windows\System\vkQfOiv.exe
  2⤵
  PID:12740
- C:\Windows\System\OEabAvC.exe
  C:\Windows\System\OEabAvC.exe
  2⤵
  PID:12820
- C:\Windows\System\SbJHyJx.exe
  C:\Windows\System\SbJHyJx.exe
  2⤵
  PID:12884
- C:\Windows\System\EOehakf.exe
  C:\Windows\System\EOehakf.exe
  2⤵
  PID:12944
- C:\Windows\System\PMtYIYb.exe
  C:\Windows\System\PMtYIYb.exe
  2⤵
  PID:13016
- C:\Windows\System\LCzoTKY.exe
  C:\Windows\System\LCzoTKY.exe
  2⤵
  PID:13080
- C:\Windows\System\OTtekir.exe
  C:\Windows\System\OTtekir.exe
  2⤵
  PID:13140
- C:\Windows\System\suyqXEi.exe
  C:\Windows\System\suyqXEi.exe
  2⤵
  PID:13216
- C:\Windows\System\dZqMsUq.exe
  C:\Windows\System\dZqMsUq.exe
  2⤵
  PID:13276
- C:\Windows\System\atvVzje.exe
  C:\Windows\System\atvVzje.exe
  2⤵
  PID:12340
- C:\Windows\System\RObrMCJ.exe
  C:\Windows\System\RObrMCJ.exe
  2⤵
  PID:12460
- C:\Windows\System\FYpTNjH.exe
  C:\Windows\System\FYpTNjH.exe
  2⤵
  PID:12512
- C:\Windows\System\lmdCGUD.exe
  C:\Windows\System\lmdCGUD.exe
  2⤵
  PID:12552
- C:\Windows\System\ZSFXNnw.exe
  C:\Windows\System\ZSFXNnw.exe
  2⤵
  PID:12804
- C:\Windows\System\XeQYTpu.exe
  C:\Windows\System\XeQYTpu.exe
  2⤵
  PID:12972
- C:\Windows\System\TRddyjE.exe
  C:\Windows\System\TRddyjE.exe
  2⤵
  PID:13128
- C:\Windows\System\GKdImva.exe
  C:\Windows\System\GKdImva.exe
  2⤵
  PID:13304
- C:\Windows\System\rYyBYZG.exe
  C:\Windows\System\rYyBYZG.exe
  2⤵
  PID:3544
- C:\Windows\System\aFTCpDb.exe
  C:\Windows\System\aFTCpDb.exe
  2⤵
  PID:12800
- C:\Windows\System\ZjjxAlE.exe
  C:\Windows\System\ZjjxAlE.exe
  2⤵
  PID:13244
- C:\Windows\System\hLrxjiO.exe
  C:\Windows\System\hLrxjiO.exe
  2⤵
  PID:12388
- C:\Windows\System\EqyFdJo.exe
  C:\Windows\System\EqyFdJo.exe
  2⤵
  PID:13252
- C:\Windows\System\WCgCllS.exe
  C:\Windows\System\WCgCllS.exe
  2⤵
  PID:13340
- C:\Windows\System\OViddxF.exe
  C:\Windows\System\OViddxF.exe
  2⤵
  PID:13376
- C:\Windows\System\QshECxl.exe
  C:\Windows\System\QshECxl.exe
  2⤵
  PID:13392
- C:\Windows\System\HMHMmji.exe
  C:\Windows\System\HMHMmji.exe
  2⤵
  PID:13432
- C:\Windows\System\NrxfyZh.exe
  C:\Windows\System\NrxfyZh.exe
  2⤵
  PID:13460
- C:\Windows\System\MwoLRgk.exe
  C:\Windows\System\MwoLRgk.exe
  2⤵
  PID:13488
- C:\Windows\System\WyCzKYI.exe
  C:\Windows\System\WyCzKYI.exe
  2⤵
  PID:13516
- C:\Windows\System\feYJhOo.exe
  C:\Windows\System\feYJhOo.exe
  2⤵
  PID:13544
- C:\Windows\System\NrcvFQh.exe
  C:\Windows\System\NrcvFQh.exe
  2⤵
  PID:13572
- C:\Windows\System\eARdtUX.exe
  C:\Windows\System\eARdtUX.exe
  2⤵
  PID:13600
- C:\Windows\System\WXgghTr.exe
  C:\Windows\System\WXgghTr.exe
  2⤵
  PID:13616
- C:\Windows\System\zpHKWIT.exe
  C:\Windows\System\zpHKWIT.exe
  2⤵
  PID:13656
- C:\Windows\System\AItkNHM.exe
  C:\Windows\System\AItkNHM.exe
  2⤵
  PID:13684
- C:\Windows\System\FbZDMal.exe
  C:\Windows\System\FbZDMal.exe
  2⤵
  PID:13712
- C:\Windows\System\PKfSwNm.exe
  C:\Windows\System\PKfSwNm.exe
  2⤵
  PID:13736
- C:\Windows\System\RUGQTTA.exe
  C:\Windows\System\RUGQTTA.exe
  2⤵
  PID:13768
- C:\Windows\System\ciUOHUO.exe
  C:\Windows\System\ciUOHUO.exe
  2⤵
  PID:13796
- C:\Windows\System\tCVceSd.exe
  C:\Windows\System\tCVceSd.exe
  2⤵
  PID:13824
- C:\Windows\System\XcCPwat.exe
  C:\Windows\System\XcCPwat.exe
  2⤵
  PID:13852
- C:\Windows\System\HQHcQLR.exe
  C:\Windows\System\HQHcQLR.exe
  2⤵
  PID:13880
- C:\Windows\System\BKaVVfY.exe
  C:\Windows\System\BKaVVfY.exe
  2⤵
  PID:13908
- C:\Windows\System\Kbbnggv.exe
  C:\Windows\System\Kbbnggv.exe
  2⤵
  PID:13936
- C:\Windows\System\LnZkQgl.exe
  C:\Windows\System\LnZkQgl.exe
  2⤵
  PID:13964
- C:\Windows\System\HDHZxLs.exe
  C:\Windows\System\HDHZxLs.exe
  2⤵
  PID:13988
- C:\Windows\System\WbwXCON.exe
  C:\Windows\System\WbwXCON.exe
  2⤵
  PID:14008
- C:\Windows\System\sdijxWT.exe
  C:\Windows\System\sdijxWT.exe
  2⤵
  PID:14032
- C:\Windows\System\LtQuuSX.exe
  C:\Windows\System\LtQuuSX.exe
  2⤵
  PID:14060
- C:\Windows\System\vPxudMS.exe
  C:\Windows\System\vPxudMS.exe
  2⤵
  PID:14092
- C:\Windows\System\BMkmeWF.exe
  C:\Windows\System\BMkmeWF.exe
  2⤵
  PID:14120
- C:\Windows\System\HIbuDae.exe
  C:\Windows\System\HIbuDae.exe
  2⤵
  PID:14148
- C:\Windows\System\uDNCENP.exe
  C:\Windows\System\uDNCENP.exe
  2⤵
  PID:14176
- C:\Windows\System\geYYxrG.exe
  C:\Windows\System\geYYxrG.exe
  2⤵
  PID:14216
- C:\Windows\System\LYcXQwN.exe
  C:\Windows\System\LYcXQwN.exe
  2⤵
  PID:14244
- C:\Windows\System\CYHmnCz.exe
  C:\Windows\System\CYHmnCz.exe
  2⤵
  PID:14272
- C:\Windows\System\qjXFWet.exe
  C:\Windows\System\qjXFWet.exe
  2⤵
  PID:14300
- C:\Windows\System\xJGUIlJ.exe
  C:\Windows\System\xJGUIlJ.exe
  2⤵
  PID:14328
- C:\Windows\System\TpGqFOQ.exe
  C:\Windows\System\TpGqFOQ.exe
  2⤵
  PID:13356
- C:\Windows\System\FhEcKHl.exe
  C:\Windows\System\FhEcKHl.exe
  2⤵
  PID:13404
- C:\Windows\System\lwrPNZq.exe
  C:\Windows\System\lwrPNZq.exe
  2⤵
  PID:13472
- C:\Windows\System\nPpQUBm.exe
  C:\Windows\System\nPpQUBm.exe
  2⤵
  PID:13540
- C:\Windows\System\YLYxsUn.exe
  C:\Windows\System\YLYxsUn.exe
  2⤵
  PID:13612
- C:\Windows\System\MTiTBJY.exe
  C:\Windows\System\MTiTBJY.exe
  2⤵
  PID:13676
- C:\Windows\System\uefaNNL.exe
  C:\Windows\System\uefaNNL.exe
  2⤵
  PID:13744
- C:\Windows\System\QyqPxMe.exe
  C:\Windows\System\QyqPxMe.exe
  2⤵
  PID:13808
- C:\Windows\System\jfpNeZE.exe
  C:\Windows\System\jfpNeZE.exe
  2⤵
  PID:13876
- C:\Windows\System\IoYwZaH.exe
  C:\Windows\System\IoYwZaH.exe
  2⤵
  PID:13928
- C:\Windows\System\NhvsPvn.exe
  C:\Windows\System\NhvsPvn.exe
  2⤵
  PID:14004
- C:\Windows\System\ogCIiBD.exe
  C:\Windows\System\ogCIiBD.exe
  2⤵
  PID:14088
- C:\Windows\System\XVAsgsT.exe
  C:\Windows\System\XVAsgsT.exe
  2⤵
  PID:14132

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1012

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AKZOjgu.exe

Filesize
2.7MB

MD5
658e6102dca4f93ef943874459a8274c

SHA1
7e22509a8a76d6289ba0190eee97a0434394568f

SHA256
415e0343a2735c35bb51422c6f57234944899f9e7bbfefd26af338151561b10c

SHA512
f1b55ddeedaf8014f85c3f61abce4e4491d6a41162d953855afb344b0db7b965952f95a93411b85bfb351c9cdfce5ecdedc6e42030c32475082b04fb231cc431

Download Submit
C:\Windows\System\AQySmvP.exe

Filesize
2.7MB

MD5
54a70832491af83a6802dddab5e3898a

SHA1
0dff674ba1411cf1d209ab91bafb62e78ee25114

SHA256
a7fe3b55d4bfbf4833079ceb0276c96ba787d0696b5b153cfdb45eb353a98a7e

SHA512
ed07684b67abbf0d055ca137fc07b22221e42f98a037e38c3cd24bbdc56b53a1e67e75ef7d628fb5433c6407681a4504621ef1e38d0e950f9c507629704ccafa

Download Submit
C:\Windows\System\HbwOsrc.exe

Filesize
2.7MB

MD5
4d36654e7a67364a72341e975dd22a7a

SHA1
10afca9446b84dbd885b8906e41e7d09c38bdc9a

SHA256
f04762a002762244bceeab09d3f5d4191706c4bf6afdf234b5b41d703d906bdb

SHA512
95c5ac519154db57ee0eab8e53e1df63ac41242d4b362a7612e85cced5b6c5c6fb6414679e8c0d8e8c9d4f17ecd799ab83b756f66772b810f5327217060ad4ce

Download Submit
C:\Windows\System\IAyxcDU.exe

Filesize
2.7MB

MD5
0e36212cb4b5c050949361692acd7c83

SHA1
c57b0feafadf635c97e8b6019ecfb2f478800ca9

SHA256
f6c79bf7cdb2cc5a478aa16dc38628d59439dfcbfbb947c2ca62bb0b2dba6f45

SHA512
d76d99020e3a1f8013f0bf854b58893d6c31a7d1e112f7d9be31529534b0f0999700f57f8de5524c3942bf2bc88bb3b15f3ddfc9fe55299674f1eb78b5a49df6

Download Submit
C:\Windows\System\IKdCSTg.exe

Filesize
2.7MB

MD5
d44895aee85398bc8e04dcce0cf1b405

SHA1
d951a112e2d852cff53a72a583c69e8d4d411be8

SHA256
7c24b6df017e75bdd6dd48b6f8cfe273ecb44cc4400ce58d236a8582b5d46a33

SHA512
db4297b5fefacbfc7b1a391ad6e8ae069635e14f1116bbe445186da533972d579facb6908b12b4027d2a2887767ac8af8d4843d2140ecce36bc0b71ae8075a75

Download Submit
C:\Windows\System\OeyupJk.exe

Filesize
2.7MB

MD5
9e5c11c23cee3dab0304519567ecbc0d

SHA1
8ee955708ffa31fe13353d45ceb18cd26b5bfee1

SHA256
b67492c89d237a0fce3692f1c7a168b1de70b11544b69dea0dd5b7396c9e2787

SHA512
c0a6e214e1f69dbee33da6afa9aea4926cbcd01013d0759ae27bf9fb32bb9445ebfc8aede30a3821660f0a7a6832dd63c0545107280dbe19f0d34d79c49b0e09

Download Submit
C:\Windows\System\OtGcjoR.exe

Filesize
2.7MB

MD5
174cf9aae7bba7e93c1d09c08ddde679

SHA1
d3fba21d61dd7cda3173f6ba8c73afd337ded06c

SHA256
12713648ee4d7ba05e8f911bb651a59a0a2dea80a48c9aabe18a6230a738b304

SHA512
29c6d76b5a2ad7cfb7619991473e457672afc967b529c432545d997d1c8e3be3a9500159c5c61f8ad11e920cfcbb56ae898312e18d4665e1d13942ab89598273

Download Submit
C:\Windows\System\QmEcxhi.exe

Filesize
2.7MB

MD5
fd8004359a64409b8fb1c081405c5f3f

SHA1
3820ea46fe17b785f1b0e9804764a3ab0eb4eb8e

SHA256
d755461866316c178007e0ee256c2a669509f342a622c3c1ad4e3ee2a815db4a

SHA512
8a2528f3a2fcf1a2450f94254957424908e53a117f6ce01dde4dfbaa54a1f93c74b97e2979e32788b183ea585604de20158f5bdd1726e23e3a6a57219dcb1922

Download Submit
C:\Windows\System\QyoajHa.exe

Filesize
2.7MB

MD5
35ecf7ec5d64db9f4dc2efe869ca9389

SHA1
862333266e58f4e0e3922bac1d3f62be31682082

SHA256
c0b430ed3b32073f03f851e4973829010c0d7455adce2f1b029fd5bfbed0b843

SHA512
76abfe7eee5f354e09bd00687103be4b012c05073075834a21e46f87b88e9b4a856e695e9f235df500c263c3a2a1c494c910753fa8618f38b661a456eb8459fc

Download Submit
C:\Windows\System\RMjaezW.exe

Filesize
2.7MB

MD5
21afbdcea032b07de2899b135b192ffb

SHA1
6a3fc414fb506a3a5601483758c2b4f2f06bf563

SHA256
bbbe90357e3aa0b36ba157a900d95d64e4307e7a07d262ff5cffcd32b135ae53

SHA512
0e236013ea5eeff1ab37f803f80ba40cc8bbbb6937687c90cc92d450da63842574094da2e40ccd702062ff96f21620f2b817beab102fd166065166408fde833f

Download Submit
C:\Windows\System\WgLiAoF.exe

Filesize
2.7MB

MD5
b876697ec6b5790fb3bb155b36cf0863

SHA1
576e4f097865de1a5bf7aee3d3cd1e66b1ad5e77

SHA256
5704e13d7197b25b21768086c8fa1d4562fe965c5ba7468541ca5b9628bc9ed1

SHA512
0c62057de63c5ca6a1627ccb462eff06f1987b1022a668c9ec6c9a30788ea26fd0efc33db15549fc5cd87f8fd9e75dad77c8e04b35abbc10017160a88adedc30

Download Submit
C:\Windows\System\YsBfriM.exe

Filesize
2.7MB

MD5
764c5eaeafeab45ad6a1d66279c241a3

SHA1
c7329c8dec3cb15a709e15e3690015d04f661baf

SHA256
8cd86f853d9722f17cea0064b9357715fb08786841d8d1e1cf258bf44b2cc701

SHA512
ed756b84da090537a14c3747559db4eb80befe3292c4f01210bb3cee442fafd310c0382dfd64acb7bbe062c11e23461fceef8c8d67919c4c18e37e767b6eccbc

Download Submit
C:\Windows\System\YzpbHkz.exe

Filesize
2.7MB

MD5
0480587303d59158984de8f5c32524b1

SHA1
4dfdab2e549722f202c9b58cef457e2b31a7c30a

SHA256
0ae7a2cc4d0f6dff42e182d24686d93e3cc0a51cb939d8d00fdf8ede3dd329ba

SHA512
e8d01b533690e8acb176beb10ed52cffc5eb5644fdd3510afc25f5d23cd664bfd38a320d3d79d36ff1611bd66d471ab8ad2c8bb0742ee22b22e5a74904549277

Download Submit
C:\Windows\System\ZZhxSbc.exe

Filesize
2.7MB

MD5
a938d6131b536a6910f57fb1e68a1bae

SHA1
d4ce620565ad0696b95d103bec8b2015f1755a7b

SHA256
0daae5aa0a8f267c67d1a0ca85dfa86835ed6a5311cd23943515153e105f8ab0

SHA512
a51fe0382e1ad47963f44ae500bd457c657aaf1d608ce24057192886c83283bc021e83f992085551e21cbdb2ccc7656b2ec2e78793890b3cb429679acac3bf91

Download Submit
C:\Windows\System\btQJjyj.exe

Filesize
2.7MB

MD5
69681e792648812001c83de836bd9298

SHA1
e89d4571ccb7cdd4466f4742938ae0943334bf77

SHA256
501d2743fd1dc6cf92de3645438e180a676349cea698692899ae1b14c6388937

SHA512
6cc8468505dc07f6ba663943ffd2d8d6b8bb545eac69fe558ebeecb5dc2c1cf4f9c410bb6df08c679c400ae71c194c560924037d559941421002eb719c3f8be5

Download Submit
C:\Windows\System\cOqsEhb.exe

Filesize
2.7MB

MD5
d6f51c5f81b35ba52eb5764cc237a127

SHA1
c8cfd1aef46cfd374d0657371d54b5aac53cc7cf

SHA256
1ba17d7bbb6d39af59c56b5a9a47ca00589a572dbbaadcfe680e4e81fce2b6bb

SHA512
cbf1e697ea8d70e8b6ea10023f9c281039bb1b149371b79c3465a2d79f53198bc8a2a8ef9a47d36ef08ba58020fa96297bbc9e575218a2b8e41116a6f9ad0b4e

Download Submit
C:\Windows\System\cPynStG.exe

Filesize
2.7MB

MD5
509adfae0b8d991067691839781236df

SHA1
635b34b42f22edda4f3d9c37474a42a489418ace

SHA256
977c64478e4bad090913fdae44a85a847757619d03ec64560f1bd22d6ecfd084

SHA512
7286a6c40b120556769f1398ff8ba0aa8aa7317c43f69c4052e8e5443e2d413041e2a15559a5dfa84bc099d2495f2c1d8415bb351a61dabf9af31000582c357d

Download Submit
C:\Windows\System\dLMXaFv.exe

Filesize
2.7MB

MD5
49058dee8cc1045181fbbcbfcff55762

SHA1
3c075ae02e7f115e0eb33b5f391dcd269fe0619f

SHA256
1aa59a65425b60c4185103c4f6443887ac91be4c33756dfb70ac45f224eefbbe

SHA512
8ce1c0cf800e34e823414bb290ca6ccb711f9e727ad0cc4a74bfb95eacabb4d3cc8aba3443981782c0c115f7c4ed1d275052d68ac7cfadfed604200c402a32ba

Download Submit
C:\Windows\System\ghMBgOS.exe

Filesize
2.7MB

MD5
f3673c905d6e32f70cc93b24fc81717c

SHA1
793ef6fdfc3e94d8cdf4ad1bfdbed50221989baf

SHA256
55e061776eae41c8872e498afe5e2f23eccfa5ad4e91a3f0ac9547d46abb9ff2

SHA512
c1f37ff63d36a6f8120b5625b857113003968865d2d0f289e246762bedd742d1578080fef60a94f076b4187eca469c1257e2245e43af2f3275025ef1fad3d03f

Download Submit
C:\Windows\System\gxeJJYk.exe

Filesize
2.7MB

MD5
643760c10c7cc10716ffa943b6860d09

SHA1
58b24752454e9a784a9d41bb50cd61ea3a6bc51a

SHA256
108274fbc5780508c15540ccd87c5397856e68ae1aac7a5077d74f03f6dada09

SHA512
6b621c7ae0823f357ce2fdb061d6902bae19008bcc9666b4318df8c3d43446d782b20f44e92d3032d0157c42abc93495c6e4bb056a7ea5329cfd19ba32d6d1ca

Download Submit
C:\Windows\System\jJlJadT.exe

Filesize
2.7MB

MD5
e24c5349b17a8d3ec4469725f3087939

SHA1
200b17f9ea376d0cadd1d86a00f59a795f80a0e1

SHA256
1931bf6992b0101437f8818a2983f6cd37eb18f87c9b823b5f3607987a807927

SHA512
e45b73abda76e8a756dca169ca3b6496cb0788dc21e4b2d178ca274fef39a71b5ea85c022394f17a15c227569157e2fbb41f84eabc25329610dd6fb7dd74ed3f

Download Submit
C:\Windows\System\kNWHTTC.exe

Filesize
2.7MB

MD5
d3c10012102624b8661814f7023d31e0

SHA1
bd53ac40aa31bd3c411784896bf476f6f8d6450c

SHA256
183911ab5cd5b16914dac598a69f3a4667e0e787ff4b9d930857c3e897eea54f

SHA512
67f32110076d45aa61a06ba339241091ec683c6c026a70710cdc3c5a83f48702427b76b8211f4fbf7974306816ef5f8cc7a9b86ce867a5cd3e4a62feb990286c

Download Submit
C:\Windows\System\knTelYm.exe

Filesize
2.7MB

MD5
b8aa464321136620f3ff0102410c6dba

SHA1
843a20b70e07d92899c7b05e755e2ef8c354fa6f

SHA256
40de1436640e1baed4bfe75e8bd60aeabc58173e0316359b8eb81ebbd6798a24

SHA512
79f45eeacb02f4f081d414946051f8a4540e4078a8ff902f74d455662713ce56a19ba97be526fe637713b9a1f26d8c456f06f745d9adf1a6e7b3c9f97ca377a5

Download Submit
C:\Windows\System\nGmrXFA.exe

Filesize
2.7MB

MD5
f3994218bea584c16ec57ae38447ec7c

SHA1
f0886c3f830b1af40c2cb7d410da9f03eafbd2c0

SHA256
7d8f161498c3d879edbc2323fe724d03d508f8d0b8a5c285705977964d2a770e

SHA512
b36b7166d9d66e43964d48ce4c7c68cc4066ec3eb6b88ea0dfeafbc904b3fee864d62ee2e1cf0040b0b391e0493ee9229c6d750c647a9d2e146c8bd93739a942

Download Submit
C:\Windows\System\nUNTdLT.exe

Filesize
2.7MB

MD5
de53e4acfb93db435e513b552626c4a7

SHA1
84e0f24b5eda7df303e2e334d8e982823de91fbd

SHA256
43e998bde65330629054e47c207c5902b1d83d448fe203e40a695581e0655e84

SHA512
d7d2e14f2d4624a0a39a5f4beede5df9c0c1cdb89f28cb25bd649bd1b0253c61b35f000ba1002af9c456ae2fa716a78ab500368404e3107e37786ee19478cbab

Download Submit
C:\Windows\System\tBWKQdB.exe

Filesize
2.7MB

MD5
6d37fed525168f0b75827c3401a95824

SHA1
aee68f62ca5a3daf6938ee3661f0dce68ed56e65

SHA256
828ed18c6b97ad0438443b9da44ab9773cfe2c16b6f3eccb8628ee83d21f6e7f

SHA512
d7c7516f47dd4491ed16264e9b4a0a40f3f9bda4710541c018fa9ad59ddfd106d95ce5ab2e475df774e32547a13f653459a1143c9657715251ec8a97a65c6f56

Download Submit
C:\Windows\System\tCAEwsv.exe

Filesize
2.7MB

MD5
ebdc494263238ef6eac46a501789324c

SHA1
6814de7ed90bd4d976cf2b29a275440d40c9eb29

SHA256
884d8d1c9e872a222b065eafd83d8ddba417920e2106e9683abb43927c3db620

SHA512
4857dd3a6f7008a2914ceb560bbfa8dd3b7813bbbe3eb225e396bc2e82a1ff70b74a0e2d27408f3868bd7643e7c97d19b1003c24dced1b1c161e1d296250adb7

Download Submit
C:\Windows\System\uVaWDlp.exe

Filesize
2.7MB

MD5
667f15e147bc2045f559ddcc69dc3894

SHA1
6ccb06cc7213d62ab7dd23d0d7367e2accde397d

SHA256
101427d48e130ed596b399215cf78ba01c216d31e2a7a46665775c343b97bce3

SHA512
110651fccea3d8787b67014fc2ddef5110a4589687bafeb315cb28bac616dbe9e4ebd8597ef3ed41a8a61c14187317e84a1fd910db607885ce8974284538edb1

Download Submit
C:\Windows\System\wGEXuiy.exe

Filesize
2.7MB

MD5
36507b660d33c7f403dd51127e074247

SHA1
fdeeb3b791ba1b840b28eb0ff91e20772c798c7e

SHA256
9ba5e2c704608cc8065bc3e93ac32793717a9a0a2a20f409330cf5ba84c413ee

SHA512
d6633c3802700cddb14e5d705ccf3b4ecefd25c816e8125e511c3143d58175e8ec0c26509eae2ee8c4f34bb1a5b5bc206834b2df6b2917b21275dd5fb425f0b2

Download Submit
C:\Windows\System\xZsjSwx.exe

Filesize
2.7MB

MD5
ffec0e9cae6f74b4384afffcb3a3501b

SHA1
559cd82a559b480ec6ecb9b60883bf07d38afdd9

SHA256
38870011723aacb4aa93317d89df8e4b2dc7ce7d666075020a4efa10a7650a3e

SHA512
b3aec8bd4efa8e4c0781e056bc65acb621ebe669c48ba9b1b32937347f09c2d89d8e6da342b5f1ae667b8dad18c2f8859dab301a436fcc1b8ad8210208ee3da2

Download Submit
C:\Windows\System\yINMsfa.exe

Filesize
2.7MB

MD5
b41c713bf664c4245470bcd8c3390b24

SHA1
868982b2ef699164e863467033e8e0d0b9190d60

SHA256
1d005b884f9f2ebde773cdf1f8603b3cc7b4f3ff923ea883be0f1778c3117989

SHA512
ec71a3101dfddef2e56fa7eb9521205b6052086d5a3c9570b2c6273290f6bdcdbc677783ae4c24a2bd656bb2ace460bd3c98773079a91b54123ccaee95186cbe

Download Submit
C:\Windows\System\yusxTvf.exe

Filesize
2.7MB

MD5
5f9b8b908afe264bd29ecc8077ea8320

SHA1
f7ceacef984e981edf9b2ae2614393d976984e13

SHA256
70dba48679337989db9ba31643d5fdb910d464dafacfb266719176ca336eeeea

SHA512
31a1316663bb20090745d9e9ce37ef420275b556f168b9d879e19771e4876b7b2a4cb077177e7f42d23685243aedace12c33db41824c3f5a04c3af15b76f9fe8

Download Submit
C:\Windows\System\zHBgXfy.exe

Filesize
2.7MB

MD5
a8851a10f83a97b168393b1342c6e12f

SHA1
b5c00920633f04412282ba31319aa00c23c8bb78

SHA256
e46a531d272fb4e523d3d4df201b87d40834ee0f0cab20db756573e72d1a504a

SHA512
ddc6af485a975a14e1867ffacf195a8a117c9eddd320d832f53550b71bde2eb0dfdbe101852ceb5858c0c5ee6888199ffa302888d79f0200345952f63f598a4b

Download Submit
memory/380-745-0x00007FF71D8C0000-0x00007FF71DC14000-memory.dmp

Filesize
3.3MB

Download
memory/380-2169-0x00007FF71D8C0000-0x00007FF71DC14000-memory.dmp

Filesize
3.3MB

Download
memory/404-2150-0x00007FF68FA20000-0x00007FF68FD74000-memory.dmp

Filesize
3.3MB

Download
memory/404-18-0x00007FF68FA20000-0x00007FF68FD74000-memory.dmp

Filesize
3.3MB

Download
memory/520-767-0x00007FF6D1320000-0x00007FF6D1674000-memory.dmp

Filesize
3.3MB

Download
memory/520-2161-0x00007FF6D1320000-0x00007FF6D1674000-memory.dmp

Filesize
3.3MB

Download
memory/632-12-0x00007FF791AF0000-0x00007FF791E44000-memory.dmp

Filesize
3.3MB

Download
memory/632-2140-0x00007FF791AF0000-0x00007FF791E44000-memory.dmp

Filesize
3.3MB

Download
memory/632-2149-0x00007FF791AF0000-0x00007FF791E44000-memory.dmp

Filesize
3.3MB

Download
memory/760-763-0x00007FF73D7D0000-0x00007FF73DB24000-memory.dmp

Filesize
3.3MB

Download
memory/760-2166-0x00007FF73D7D0000-0x00007FF73DB24000-memory.dmp

Filesize
3.3MB

Download
memory/888-2154-0x00007FF75F9C0000-0x00007FF75FD14000-memory.dmp

Filesize
3.3MB

Download
memory/888-712-0x00007FF75F9C0000-0x00007FF75FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1088-775-0x00007FF6F6D20000-0x00007FF6F7074000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2171-0x00007FF6F6D20000-0x00007FF6F7074000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2151-0x00007FF64BD40000-0x00007FF64C094000-memory.dmp

Filesize
3.3MB

Download
memory/1388-33-0x00007FF64BD40000-0x00007FF64C094000-memory.dmp

Filesize
3.3MB

Download
memory/1632-2176-0x00007FF79E160000-0x00007FF79E4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-771-0x00007FF79E160000-0x00007FF79E4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-769-0x00007FF67C8F0000-0x00007FF67CC44000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2163-0x00007FF67C8F0000-0x00007FF67CC44000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2160-0x00007FF6111F0000-0x00007FF611544000-memory.dmp

Filesize
3.3MB

Download
memory/1972-733-0x00007FF6111F0000-0x00007FF611544000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2158-0x00007FF6D4330000-0x00007FF6D4684000-memory.dmp

Filesize
3.3MB

Download
memory/2116-715-0x00007FF6D4330000-0x00007FF6D4684000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2168-0x00007FF78A100000-0x00007FF78A454000-memory.dmp

Filesize
3.3MB

Download
memory/2140-777-0x00007FF78A100000-0x00007FF78A454000-memory.dmp

Filesize
3.3MB

Download
memory/2892-713-0x00007FF7F94C0000-0x00007FF7F9814000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2156-0x00007FF7F94C0000-0x00007FF7F9814000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1-0x000001ECBFB20000-0x000001ECBFB30000-memory.dmp

Filesize
64KB

Download
memory/2960-0-0x00007FF717A30000-0x00007FF717D84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1888-0x00007FF717A30000-0x00007FF717D84000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2162-0x00007FF6268B0000-0x00007FF626C04000-memory.dmp

Filesize
3.3MB

Download
memory/3068-729-0x00007FF6268B0000-0x00007FF626C04000-memory.dmp

Filesize
3.3MB

Download
memory/3260-764-0x00007FF667180000-0x00007FF6674D4000-memory.dmp

Filesize
3.3MB

Download
memory/3260-2164-0x00007FF667180000-0x00007FF6674D4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2148-0x00007FF68C460000-0x00007FF68C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-8-0x00007FF68C460000-0x00007FF68C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2173-0x00007FF7ADD90000-0x00007FF7AE0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3720-737-0x00007FF7ADD90000-0x00007FF7AE0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-711-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-2153-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-748-0x00007FF6A4800000-0x00007FF6A4B54000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2170-0x00007FF6A4800000-0x00007FF6A4B54000-memory.dmp

Filesize
3.3MB

Download
memory/4044-776-0x00007FF6E3910000-0x00007FF6E3C64000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2159-0x00007FF6E3910000-0x00007FF6E3C64000-memory.dmp

Filesize
3.3MB

Download
memory/4160-768-0x00007FF7E4010000-0x00007FF7E4364000-memory.dmp

Filesize
3.3MB

Download
memory/4160-2175-0x00007FF7E4010000-0x00007FF7E4364000-memory.dmp

Filesize
3.3MB

Download
memory/4216-41-0x00007FF798030000-0x00007FF798384000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2155-0x00007FF798030000-0x00007FF798384000-memory.dmp

Filesize
3.3MB

Download
memory/4416-754-0x00007FF6D34F0000-0x00007FF6D3844000-memory.dmp

Filesize
3.3MB

Download
memory/4416-2167-0x00007FF6D34F0000-0x00007FF6D3844000-memory.dmp

Filesize
3.3MB

Download
memory/4456-2165-0x00007FF732680000-0x00007FF7329D4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-756-0x00007FF732680000-0x00007FF7329D4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2172-0x00007FF797F80000-0x00007FF7982D4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-723-0x00007FF797F80000-0x00007FF7982D4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2157-0x00007FF6D8330000-0x00007FF6D8684000-memory.dmp

Filesize
3.3MB

Download
memory/4884-714-0x00007FF6D8330000-0x00007FF6D8684000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2152-0x00007FF69C170000-0x00007FF69C4C4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-38-0x00007FF69C170000-0x00007FF69C4C4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2174-0x00007FF6FADE0000-0x00007FF6FB134000-memory.dmp

Filesize
3.3MB

Download
memory/5088-741-0x00007FF6FADE0000-0x00007FF6FB134000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads