xmrig | 789a5b289ae5f45b646437251f9c9f2b9c1f31bcef5cdbe25591090ec3b44000

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
Size

2.1MB
MD5

bf6f9343fd10524e19afad2f83b64e50
SHA1

c2d74ad1742ebe9274b59e7d7b985b4de40ac867
SHA256

789a5b289ae5f45b646437251f9c9f2b9c1f31bcef5cdbe25591090ec3b44000
SHA512

79dc9da1ca9fa2b3c3bebed717008c5f82dd577d9ac29380725a18b6f09cd88c8f2099785897489baaf2a7427dbfa66898e682cbb09b16eb3c911b7f64cfaed3
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOYFB9bbANOkg4:BemTLkNdfE0pZrQ+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/528-0-0x00007FF6245E0000-0x00007FF624934000-memory.dmp	xmrig
behavioral2/files/0x000b0000000233c3-4.dat	xmrig
behavioral2/files/0x0007000000023404-12.dat	xmrig
behavioral2/memory/4712-16-0x00007FF6370E0000-0x00007FF637434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023405-18.dat	xmrig
behavioral2/memory/2596-9-0x00007FF7061F0000-0x00007FF706544000-memory.dmp	xmrig
behavioral2/files/0x0007000000023406-23.dat	xmrig
behavioral2/memory/3508-22-0x00007FF6D14B0000-0x00007FF6D1804000-memory.dmp	xmrig
behavioral2/memory/3364-41-0x00007FF76C0D0000-0x00007FF76C424000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-48.dat	xmrig
behavioral2/files/0x000700000002340c-54.dat	xmrig
behavioral2/files/0x000700000002340d-64.dat	xmrig
behavioral2/files/0x000700000002340e-66.dat	xmrig
behavioral2/files/0x0007000000023411-79.dat	xmrig
behavioral2/files/0x0007000000023412-84.dat	xmrig
behavioral2/files/0x0007000000023415-99.dat	xmrig
behavioral2/files/0x0007000000023417-117.dat	xmrig
behavioral2/files/0x000700000002341c-134.dat	xmrig
behavioral2/files/0x000700000002341e-144.dat	xmrig
behavioral2/files/0x000700000002341f-157.dat	xmrig
behavioral2/files/0x0007000000023423-169.dat	xmrig
behavioral2/memory/3328-451-0x00007FF675D50000-0x00007FF6760A4000-memory.dmp	xmrig
behavioral2/memory/2256-498-0x00007FF7AAEE0000-0x00007FF7AB234000-memory.dmp	xmrig
behavioral2/memory/2492-499-0x00007FF737470000-0x00007FF7377C4000-memory.dmp	xmrig
behavioral2/memory/4448-500-0x00007FF6F2C80000-0x00007FF6F2FD4000-memory.dmp	xmrig
behavioral2/memory/3684-501-0x00007FF673E40000-0x00007FF674194000-memory.dmp	xmrig
behavioral2/memory/1192-502-0x00007FF7ABAB0000-0x00007FF7ABE04000-memory.dmp	xmrig
behavioral2/memory/1300-503-0x00007FF7979C0000-0x00007FF797D14000-memory.dmp	xmrig
behavioral2/memory/60-505-0x00007FF670D10000-0x00007FF671064000-memory.dmp	xmrig
behavioral2/memory/1528-504-0x00007FF744CB0000-0x00007FF745004000-memory.dmp	xmrig
behavioral2/memory/3888-506-0x00007FF6D43B0000-0x00007FF6D4704000-memory.dmp	xmrig
behavioral2/memory/528-1912-0x00007FF6245E0000-0x00007FF624934000-memory.dmp	xmrig
behavioral2/memory/3408-2105-0x00007FF7414A0000-0x00007FF7417F4000-memory.dmp	xmrig
behavioral2/memory/3736-511-0x00007FF618290000-0x00007FF6185E4000-memory.dmp	xmrig
behavioral2/memory/4508-508-0x00007FF7CFAB0000-0x00007FF7CFE04000-memory.dmp	xmrig
behavioral2/memory/1596-491-0x00007FF7DCA70000-0x00007FF7DCDC4000-memory.dmp	xmrig
behavioral2/memory/3480-487-0x00007FF7D9DE0000-0x00007FF7DA134000-memory.dmp	xmrig
behavioral2/memory/2976-475-0x00007FF6D1440000-0x00007FF6D1794000-memory.dmp	xmrig
behavioral2/memory/4744-469-0x00007FF7AF290000-0x00007FF7AF5E4000-memory.dmp	xmrig
behavioral2/memory/4064-468-0x00007FF771370000-0x00007FF7716C4000-memory.dmp	xmrig
behavioral2/memory/2336-461-0x00007FF6574D0000-0x00007FF657824000-memory.dmp	xmrig
behavioral2/memory/2292-458-0x00007FF651D10000-0x00007FF652064000-memory.dmp	xmrig
behavioral2/memory/3724-450-0x00007FF689860000-0x00007FF689BB4000-memory.dmp	xmrig
behavioral2/memory/3568-446-0x00007FF6E1DA0000-0x00007FF6E20F4000-memory.dmp	xmrig
behavioral2/memory/2108-442-0x00007FF701E80000-0x00007FF7021D4000-memory.dmp	xmrig
behavioral2/memory/3408-439-0x00007FF7414A0000-0x00007FF7417F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-167.dat	xmrig
behavioral2/files/0x0007000000023422-164.dat	xmrig
behavioral2/files/0x0007000000023420-162.dat	xmrig
behavioral2/files/0x000700000002341d-147.dat	xmrig
behavioral2/files/0x000700000002341b-137.dat	xmrig
behavioral2/files/0x000700000002341a-132.dat	xmrig
behavioral2/files/0x0007000000023419-127.dat	xmrig
behavioral2/files/0x0007000000023418-122.dat	xmrig
behavioral2/files/0x0007000000023416-112.dat	xmrig
behavioral2/files/0x0007000000023416-104.dat	xmrig
behavioral2/files/0x0007000000023414-102.dat	xmrig
behavioral2/files/0x0007000000023413-97.dat	xmrig
behavioral2/files/0x0007000000023410-82.dat	xmrig
behavioral2/files/0x000700000002340f-77.dat	xmrig
behavioral2/files/0x0007000000023409-60.dat	xmrig
behavioral2/memory/1124-52-0x00007FF6B5220000-0x00007FF6B5574000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-44.dat	xmrig
behavioral2/files/0x0007000000023408-37.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2596	vhwJFlT.exe
4712	TbEFmKE.exe
3508	TmyaHwY.exe
1564	ElQpzQi.exe
3364	xlfvNsq.exe
1124	HuKJVxa.exe
3408	DrSWSND.exe
4508	pnCcHbp.exe
2108	iEMjdHi.exe
3568	ebUINpB.exe
3736	RGCvbVl.exe
3724	gpMTkEO.exe
3328	ShhiHyn.exe
2292	atymQSz.exe
2336	tDyiOfN.exe
4064	rFnvRCD.exe
4744	DFXKElS.exe
2976	sFxOWJz.exe
3480	DZRpafI.exe
1596	gNvtQNK.exe
2256	LTkiTFM.exe
2492	IMNwzxi.exe
4448	BpQIzib.exe
3684	xeYVVEs.exe
1192	aKHWZql.exe
1300	EQRzdvQ.exe
1528	xZkVCnw.exe
60	BWScxdC.exe
3888	gujfdJN.exe
3784	rJNuprw.exe
2968	QwNKmje.exe
3640	ggOTDyA.exe
4100	hCiOLYI.exe
2136	YfVhtXz.exe
4412	IOottkd.exe
3776	VMevXkX.exe
4152	edRFMqh.exe
1780	cHzgbvQ.exe
3164	TTrFSBl.exe
3860	fgiPaEC.exe
3732	USxKRAt.exe
3544	lFHiDec.exe
504	vsiNCtz.exe
3696	AhRXVye.exe
4476	GjYPiEN.exe
2184	OyVQbcn.exe
4444	OsbHtfT.exe
5060	TRoaicd.exe
2500	nXCAFWg.exe
2212	sjrVhPu.exe
864	DbYgFpr.exe
4968	PyMoQkR.exe
3384	hBOsQCG.exe
2388	rXrcXRh.exe
4252	axDOaZa.exe
4560	ypFysvg.exe
1704	HCTRiZL.exe
4068	kkfpsCJ.exe
2204	EJcggBJ.exe
1392	oAXBjxB.exe
4956	ywDHzci.exe
2324	clKTYVt.exe
1056	GaHswoQ.exe
2480	eHOiAnV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/528-0-0x00007FF6245E0000-0x00007FF624934000-memory.dmp	upx
behavioral2/files/0x000b0000000233c3-4.dat	upx
behavioral2/files/0x0007000000023404-12.dat	upx
behavioral2/memory/4712-16-0x00007FF6370E0000-0x00007FF637434000-memory.dmp	upx
behavioral2/files/0x0007000000023405-18.dat	upx
behavioral2/memory/2596-9-0x00007FF7061F0000-0x00007FF706544000-memory.dmp	upx
behavioral2/files/0x0007000000023406-23.dat	upx
behavioral2/memory/3508-22-0x00007FF6D14B0000-0x00007FF6D1804000-memory.dmp	upx
behavioral2/memory/3364-41-0x00007FF76C0D0000-0x00007FF76C424000-memory.dmp	upx
behavioral2/files/0x000700000002340b-48.dat	upx
behavioral2/files/0x000700000002340c-54.dat	upx
behavioral2/files/0x000700000002340d-64.dat	upx
behavioral2/files/0x000700000002340e-66.dat	upx
behavioral2/files/0x0007000000023411-79.dat	upx
behavioral2/files/0x0007000000023412-84.dat	upx
behavioral2/files/0x0007000000023415-99.dat	upx
behavioral2/files/0x0007000000023417-117.dat	upx
behavioral2/files/0x000700000002341c-134.dat	upx
behavioral2/files/0x000700000002341e-144.dat	upx
behavioral2/files/0x000700000002341f-157.dat	upx
behavioral2/files/0x0007000000023423-169.dat	upx
behavioral2/memory/3328-451-0x00007FF675D50000-0x00007FF6760A4000-memory.dmp	upx
behavioral2/memory/2256-498-0x00007FF7AAEE0000-0x00007FF7AB234000-memory.dmp	upx
behavioral2/memory/2492-499-0x00007FF737470000-0x00007FF7377C4000-memory.dmp	upx
behavioral2/memory/4448-500-0x00007FF6F2C80000-0x00007FF6F2FD4000-memory.dmp	upx
behavioral2/memory/3684-501-0x00007FF673E40000-0x00007FF674194000-memory.dmp	upx
behavioral2/memory/1192-502-0x00007FF7ABAB0000-0x00007FF7ABE04000-memory.dmp	upx
behavioral2/memory/1300-503-0x00007FF7979C0000-0x00007FF797D14000-memory.dmp	upx
behavioral2/memory/60-505-0x00007FF670D10000-0x00007FF671064000-memory.dmp	upx
behavioral2/memory/1528-504-0x00007FF744CB0000-0x00007FF745004000-memory.dmp	upx
behavioral2/memory/3888-506-0x00007FF6D43B0000-0x00007FF6D4704000-memory.dmp	upx
behavioral2/memory/528-1912-0x00007FF6245E0000-0x00007FF624934000-memory.dmp	upx
behavioral2/memory/3408-2105-0x00007FF7414A0000-0x00007FF7417F4000-memory.dmp	upx
behavioral2/memory/3736-511-0x00007FF618290000-0x00007FF6185E4000-memory.dmp	upx
behavioral2/memory/4508-508-0x00007FF7CFAB0000-0x00007FF7CFE04000-memory.dmp	upx
behavioral2/memory/1596-491-0x00007FF7DCA70000-0x00007FF7DCDC4000-memory.dmp	upx
behavioral2/memory/3480-487-0x00007FF7D9DE0000-0x00007FF7DA134000-memory.dmp	upx
behavioral2/memory/2976-475-0x00007FF6D1440000-0x00007FF6D1794000-memory.dmp	upx
behavioral2/memory/4744-469-0x00007FF7AF290000-0x00007FF7AF5E4000-memory.dmp	upx
behavioral2/memory/4064-468-0x00007FF771370000-0x00007FF7716C4000-memory.dmp	upx
behavioral2/memory/2336-461-0x00007FF6574D0000-0x00007FF657824000-memory.dmp	upx
behavioral2/memory/2292-458-0x00007FF651D10000-0x00007FF652064000-memory.dmp	upx
behavioral2/memory/3724-450-0x00007FF689860000-0x00007FF689BB4000-memory.dmp	upx
behavioral2/memory/3568-446-0x00007FF6E1DA0000-0x00007FF6E20F4000-memory.dmp	upx
behavioral2/memory/2108-442-0x00007FF701E80000-0x00007FF7021D4000-memory.dmp	upx
behavioral2/memory/3408-439-0x00007FF7414A0000-0x00007FF7417F4000-memory.dmp	upx
behavioral2/files/0x0007000000023421-167.dat	upx
behavioral2/files/0x0007000000023422-164.dat	upx
behavioral2/files/0x0007000000023420-162.dat	upx
behavioral2/files/0x000700000002341d-147.dat	upx
behavioral2/files/0x000700000002341b-137.dat	upx
behavioral2/files/0x000700000002341a-132.dat	upx
behavioral2/files/0x0007000000023419-127.dat	upx
behavioral2/files/0x0007000000023418-122.dat	upx
behavioral2/files/0x0007000000023416-112.dat	upx
behavioral2/files/0x0007000000023416-104.dat	upx
behavioral2/files/0x0007000000023414-102.dat	upx
behavioral2/files/0x0007000000023413-97.dat	upx
behavioral2/files/0x0007000000023410-82.dat	upx
behavioral2/files/0x000700000002340f-77.dat	upx
behavioral2/files/0x0007000000023409-60.dat	upx
behavioral2/memory/1124-52-0x00007FF6B5220000-0x00007FF6B5574000-memory.dmp	upx
behavioral2/files/0x000700000002340a-44.dat	upx
behavioral2/files/0x0007000000023408-37.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HiFGIoX.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\HZukxpu.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\ElQpzQi.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\uJQTiRD.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\DYqsEyB.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\OutqMaE.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\lDlAtCD.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\FEfBtbl.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\WgxQKTp.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\QLTxdVt.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\JkpqDWw.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\owCMtnS.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\NbrHxYv.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\USxKRAt.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\XzDguqj.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\gitmvan.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\PMOciGn.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\wGHCcBQ.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\mulLOVo.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\sUwAeKt.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\RDgDtRa.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\YUvkTzR.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\bXwDOik.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\BHUxUHo.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\yEpaynu.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\AFhKJLX.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\uPOHdDi.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\mZTNDRK.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\gPOUtKm.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\wAtxdLY.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\UaHKqZA.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\BWScxdC.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\kXcXbTF.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\ZJcxJmy.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\ErTzUcR.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\LsrGIPG.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\ISwHdnh.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\aUCAozF.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\TYMGVcI.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\ebUINpB.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\EsxgExb.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\rGNIAuF.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\cNXlTDm.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\cQIKRSC.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\RPoyZOZ.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\alCHYhP.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\FWXZDAR.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\fUSZoBx.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\eFifasF.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\xQOSOgL.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\TmyaHwY.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\ZWSCqqz.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\zJbvtWj.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\SctfRrk.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\YfVhtXz.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\uEejULP.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\RAfvVeq.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\OaPbAGx.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\IythxJi.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\wcYwLXj.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\BGyCRkx.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\kkfpsCJ.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\gNryHqd.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
File created	C:\Windows\System\CbmerUO.exe	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15036	dwm.exe
Token: SeChangeNotifyPrivilege	15036	dwm.exe
Token: 33	15036	dwm.exe
Token: SeIncBasePriorityPrivilege	15036	dwm.exe
Token: SeShutdownPrivilege	15036	dwm.exe
Token: SeCreatePagefilePrivilege	15036	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 2596	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	84
PID 528 wrote to memory of 2596	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	84
PID 528 wrote to memory of 4712	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	85
PID 528 wrote to memory of 4712	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	85
PID 528 wrote to memory of 3508	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	86
PID 528 wrote to memory of 3508	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	86
PID 528 wrote to memory of 1564	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	87
PID 528 wrote to memory of 1564	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	87
PID 528 wrote to memory of 3364	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	88
PID 528 wrote to memory of 3364	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	88
PID 528 wrote to memory of 1124	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	89
PID 528 wrote to memory of 1124	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	89
PID 528 wrote to memory of 3408	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	90
PID 528 wrote to memory of 3408	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	90
PID 528 wrote to memory of 4508	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	91
PID 528 wrote to memory of 4508	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	91
PID 528 wrote to memory of 2108	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	92
PID 528 wrote to memory of 2108	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	92
PID 528 wrote to memory of 3568	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	93
PID 528 wrote to memory of 3568	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	93
PID 528 wrote to memory of 3736	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	94
PID 528 wrote to memory of 3736	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	94
PID 528 wrote to memory of 3724	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	95
PID 528 wrote to memory of 3724	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	95
PID 528 wrote to memory of 3328	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	96
PID 528 wrote to memory of 3328	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	96
PID 528 wrote to memory of 2292	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	97
PID 528 wrote to memory of 2292	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	97
PID 528 wrote to memory of 2336	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	98
PID 528 wrote to memory of 2336	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	98
PID 528 wrote to memory of 4064	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	99
PID 528 wrote to memory of 4064	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	99
PID 528 wrote to memory of 4744	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	100
PID 528 wrote to memory of 4744	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	100
PID 528 wrote to memory of 2976	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	101
PID 528 wrote to memory of 2976	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	101
PID 528 wrote to memory of 3480	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	102
PID 528 wrote to memory of 3480	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	102
PID 528 wrote to memory of 1596	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	103
PID 528 wrote to memory of 1596	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	103
PID 528 wrote to memory of 2256	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	104
PID 528 wrote to memory of 2256	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	104
PID 528 wrote to memory of 2492	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	105
PID 528 wrote to memory of 2492	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	105
PID 528 wrote to memory of 4448	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	106
PID 528 wrote to memory of 4448	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	106
PID 528 wrote to memory of 3684	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	107
PID 528 wrote to memory of 3684	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	107
PID 528 wrote to memory of 1192	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	108
PID 528 wrote to memory of 1192	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	108
PID 528 wrote to memory of 1300	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	109
PID 528 wrote to memory of 1300	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	109
PID 528 wrote to memory of 1528	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	110
PID 528 wrote to memory of 1528	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	110
PID 528 wrote to memory of 60	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	111
PID 528 wrote to memory of 60	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	111
PID 528 wrote to memory of 3888	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	112
PID 528 wrote to memory of 3888	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	112
PID 528 wrote to memory of 3784	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	113
PID 528 wrote to memory of 3784	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	113
PID 528 wrote to memory of 2968	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	114
PID 528 wrote to memory of 2968	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	114
PID 528 wrote to memory of 3640	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	115
PID 528 wrote to memory of 3640	528	bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bf6f9343fd10524e19afad2f83b64e50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:528
- C:\Windows\System\vhwJFlT.exe
  C:\Windows\System\vhwJFlT.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\TbEFmKE.exe
  C:\Windows\System\TbEFmKE.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\TmyaHwY.exe
  C:\Windows\System\TmyaHwY.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\ElQpzQi.exe
  C:\Windows\System\ElQpzQi.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\xlfvNsq.exe
  C:\Windows\System\xlfvNsq.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\HuKJVxa.exe
  C:\Windows\System\HuKJVxa.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\DrSWSND.exe
  C:\Windows\System\DrSWSND.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\pnCcHbp.exe
  C:\Windows\System\pnCcHbp.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\iEMjdHi.exe
  C:\Windows\System\iEMjdHi.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ebUINpB.exe
  C:\Windows\System\ebUINpB.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\RGCvbVl.exe
  C:\Windows\System\RGCvbVl.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\gpMTkEO.exe
  C:\Windows\System\gpMTkEO.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\ShhiHyn.exe
  C:\Windows\System\ShhiHyn.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\atymQSz.exe
  C:\Windows\System\atymQSz.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\tDyiOfN.exe
  C:\Windows\System\tDyiOfN.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\rFnvRCD.exe
  C:\Windows\System\rFnvRCD.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\DFXKElS.exe
  C:\Windows\System\DFXKElS.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\sFxOWJz.exe
  C:\Windows\System\sFxOWJz.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\DZRpafI.exe
  C:\Windows\System\DZRpafI.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\gNvtQNK.exe
  C:\Windows\System\gNvtQNK.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\LTkiTFM.exe
  C:\Windows\System\LTkiTFM.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\IMNwzxi.exe
  C:\Windows\System\IMNwzxi.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\BpQIzib.exe
  C:\Windows\System\BpQIzib.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\xeYVVEs.exe
  C:\Windows\System\xeYVVEs.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\aKHWZql.exe
  C:\Windows\System\aKHWZql.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\EQRzdvQ.exe
  C:\Windows\System\EQRzdvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\xZkVCnw.exe
  C:\Windows\System\xZkVCnw.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\BWScxdC.exe
  C:\Windows\System\BWScxdC.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\gujfdJN.exe
  C:\Windows\System\gujfdJN.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\rJNuprw.exe
  C:\Windows\System\rJNuprw.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\QwNKmje.exe
  C:\Windows\System\QwNKmje.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ggOTDyA.exe
  C:\Windows\System\ggOTDyA.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\hCiOLYI.exe
  C:\Windows\System\hCiOLYI.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\YfVhtXz.exe
  C:\Windows\System\YfVhtXz.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\IOottkd.exe
  C:\Windows\System\IOottkd.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\VMevXkX.exe
  C:\Windows\System\VMevXkX.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\edRFMqh.exe
  C:\Windows\System\edRFMqh.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\cHzgbvQ.exe
  C:\Windows\System\cHzgbvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\TTrFSBl.exe
  C:\Windows\System\TTrFSBl.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\fgiPaEC.exe
  C:\Windows\System\fgiPaEC.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\USxKRAt.exe
  C:\Windows\System\USxKRAt.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\lFHiDec.exe
  C:\Windows\System\lFHiDec.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\vsiNCtz.exe
  C:\Windows\System\vsiNCtz.exe
  2⤵
  - Executes dropped EXE
  PID:504
- C:\Windows\System\AhRXVye.exe
  C:\Windows\System\AhRXVye.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\GjYPiEN.exe
  C:\Windows\System\GjYPiEN.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\OyVQbcn.exe
  C:\Windows\System\OyVQbcn.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\OsbHtfT.exe
  C:\Windows\System\OsbHtfT.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\TRoaicd.exe
  C:\Windows\System\TRoaicd.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\nXCAFWg.exe
  C:\Windows\System\nXCAFWg.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\sjrVhPu.exe
  C:\Windows\System\sjrVhPu.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\DbYgFpr.exe
  C:\Windows\System\DbYgFpr.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\PyMoQkR.exe
  C:\Windows\System\PyMoQkR.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\hBOsQCG.exe
  C:\Windows\System\hBOsQCG.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\rXrcXRh.exe
  C:\Windows\System\rXrcXRh.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\axDOaZa.exe
  C:\Windows\System\axDOaZa.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\ypFysvg.exe
  C:\Windows\System\ypFysvg.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\HCTRiZL.exe
  C:\Windows\System\HCTRiZL.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\kkfpsCJ.exe
  C:\Windows\System\kkfpsCJ.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\EJcggBJ.exe
  C:\Windows\System\EJcggBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\oAXBjxB.exe
  C:\Windows\System\oAXBjxB.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\ywDHzci.exe
  C:\Windows\System\ywDHzci.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\clKTYVt.exe
  C:\Windows\System\clKTYVt.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\GaHswoQ.exe
  C:\Windows\System\GaHswoQ.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\eHOiAnV.exe
  C:\Windows\System\eHOiAnV.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\bqHKurD.exe
  C:\Windows\System\bqHKurD.exe
  2⤵
  PID:1892
- C:\Windows\System\jfHcncD.exe
  C:\Windows\System\jfHcncD.exe
  2⤵
  PID:4176
- C:\Windows\System\nxIPkYL.exe
  C:\Windows\System\nxIPkYL.exe
  2⤵
  PID:4556
- C:\Windows\System\RDgDtRa.exe
  C:\Windows\System\RDgDtRa.exe
  2⤵
  PID:752
- C:\Windows\System\nGssNHX.exe
  C:\Windows\System\nGssNHX.exe
  2⤵
  PID:3196
- C:\Windows\System\YEfaGFo.exe
  C:\Windows\System\YEfaGFo.exe
  2⤵
  PID:4428
- C:\Windows\System\EqmJWfc.exe
  C:\Windows\System\EqmJWfc.exe
  2⤵
  PID:1396
- C:\Windows\System\kbbJjHU.exe
  C:\Windows\System\kbbJjHU.exe
  2⤵
  PID:540
- C:\Windows\System\jRhHHSf.exe
  C:\Windows\System\jRhHHSf.exe
  2⤵
  PID:3624
- C:\Windows\System\vkNghMk.exe
  C:\Windows\System\vkNghMk.exe
  2⤵
  PID:636
- C:\Windows\System\OckiBkB.exe
  C:\Windows\System\OckiBkB.exe
  2⤵
  PID:4368
- C:\Windows\System\VMtIfnT.exe
  C:\Windows\System\VMtIfnT.exe
  2⤵
  PID:5148
- C:\Windows\System\sMhDEay.exe
  C:\Windows\System\sMhDEay.exe
  2⤵
  PID:5172
- C:\Windows\System\ijsMFfN.exe
  C:\Windows\System\ijsMFfN.exe
  2⤵
  PID:5204
- C:\Windows\System\sxqFFJl.exe
  C:\Windows\System\sxqFFJl.exe
  2⤵
  PID:5232
- C:\Windows\System\NBrEJbc.exe
  C:\Windows\System\NBrEJbc.exe
  2⤵
  PID:5260
- C:\Windows\System\EhqaQcp.exe
  C:\Windows\System\EhqaQcp.exe
  2⤵
  PID:5284
- C:\Windows\System\rFjFVfz.exe
  C:\Windows\System\rFjFVfz.exe
  2⤵
  PID:5316
- C:\Windows\System\XzDguqj.exe
  C:\Windows\System\XzDguqj.exe
  2⤵
  PID:5344
- C:\Windows\System\DodUHck.exe
  C:\Windows\System\DodUHck.exe
  2⤵
  PID:5372
- C:\Windows\System\qATJngt.exe
  C:\Windows\System\qATJngt.exe
  2⤵
  PID:5400
- C:\Windows\System\uazkLev.exe
  C:\Windows\System\uazkLev.exe
  2⤵
  PID:5428
- C:\Windows\System\DVJvzOL.exe
  C:\Windows\System\DVJvzOL.exe
  2⤵
  PID:5452
- C:\Windows\System\nuhlyJU.exe
  C:\Windows\System\nuhlyJU.exe
  2⤵
  PID:5484
- C:\Windows\System\TktBTPC.exe
  C:\Windows\System\TktBTPC.exe
  2⤵
  PID:5512
- C:\Windows\System\tPxIqQW.exe
  C:\Windows\System\tPxIqQW.exe
  2⤵
  PID:5540
- C:\Windows\System\hYelqQT.exe
  C:\Windows\System\hYelqQT.exe
  2⤵
  PID:5568
- C:\Windows\System\jychYqD.exe
  C:\Windows\System\jychYqD.exe
  2⤵
  PID:5596
- C:\Windows\System\kRmwHel.exe
  C:\Windows\System\kRmwHel.exe
  2⤵
  PID:5624
- C:\Windows\System\oAhweBi.exe
  C:\Windows\System\oAhweBi.exe
  2⤵
  PID:5652
- C:\Windows\System\LmVsQRI.exe
  C:\Windows\System\LmVsQRI.exe
  2⤵
  PID:5676
- C:\Windows\System\kXcXbTF.exe
  C:\Windows\System\kXcXbTF.exe
  2⤵
  PID:5704
- C:\Windows\System\QUQHvGs.exe
  C:\Windows\System\QUQHvGs.exe
  2⤵
  PID:5732
- C:\Windows\System\EiUeeor.exe
  C:\Windows\System\EiUeeor.exe
  2⤵
  PID:5764
- C:\Windows\System\jsqEWom.exe
  C:\Windows\System\jsqEWom.exe
  2⤵
  PID:5792
- C:\Windows\System\BDxdRAM.exe
  C:\Windows\System\BDxdRAM.exe
  2⤵
  PID:5816
- C:\Windows\System\trjoKys.exe
  C:\Windows\System\trjoKys.exe
  2⤵
  PID:5848
- C:\Windows\System\DvHxLeK.exe
  C:\Windows\System\DvHxLeK.exe
  2⤵
  PID:5876
- C:\Windows\System\AyjWLsr.exe
  C:\Windows\System\AyjWLsr.exe
  2⤵
  PID:5904
- C:\Windows\System\ByDxyAB.exe
  C:\Windows\System\ByDxyAB.exe
  2⤵
  PID:5932
- C:\Windows\System\VLeTElA.exe
  C:\Windows\System\VLeTElA.exe
  2⤵
  PID:5960
- C:\Windows\System\ETpecOO.exe
  C:\Windows\System\ETpecOO.exe
  2⤵
  PID:5988
- C:\Windows\System\cDegnGy.exe
  C:\Windows\System\cDegnGy.exe
  2⤵
  PID:6016
- C:\Windows\System\FlLfKPF.exe
  C:\Windows\System\FlLfKPF.exe
  2⤵
  PID:6044
- C:\Windows\System\TEoWGMR.exe
  C:\Windows\System\TEoWGMR.exe
  2⤵
  PID:6068
- C:\Windows\System\CIckmBS.exe
  C:\Windows\System\CIckmBS.exe
  2⤵
  PID:6100
- C:\Windows\System\zzpvTsv.exe
  C:\Windows\System\zzpvTsv.exe
  2⤵
  PID:6128
- C:\Windows\System\SlROlKs.exe
  C:\Windows\System\SlROlKs.exe
  2⤵
  PID:228
- C:\Windows\System\mloAbEG.exe
  C:\Windows\System\mloAbEG.exe
  2⤵
  PID:2152
- C:\Windows\System\CawWLJT.exe
  C:\Windows\System\CawWLJT.exe
  2⤵
  PID:4336
- C:\Windows\System\iUSAYMy.exe
  C:\Windows\System\iUSAYMy.exe
  2⤵
  PID:4804
- C:\Windows\System\BfUbKWC.exe
  C:\Windows\System\BfUbKWC.exe
  2⤵
  PID:5160
- C:\Windows\System\CvGmSal.exe
  C:\Windows\System\CvGmSal.exe
  2⤵
  PID:5220
- C:\Windows\System\CnTgeYF.exe
  C:\Windows\System\CnTgeYF.exe
  2⤵
  PID:5280
- C:\Windows\System\ERAfDOQ.exe
  C:\Windows\System\ERAfDOQ.exe
  2⤵
  PID:5356
- C:\Windows\System\rjNUpLR.exe
  C:\Windows\System\rjNUpLR.exe
  2⤵
  PID:5392
- C:\Windows\System\FYurELe.exe
  C:\Windows\System\FYurELe.exe
  2⤵
  PID:5472
- C:\Windows\System\eAtQgph.exe
  C:\Windows\System\eAtQgph.exe
  2⤵
  PID:5532
- C:\Windows\System\MJgDmQN.exe
  C:\Windows\System\MJgDmQN.exe
  2⤵
  PID:5608
- C:\Windows\System\uEGJHrE.exe
  C:\Windows\System\uEGJHrE.exe
  2⤵
  PID:5692
- C:\Windows\System\FqmpBxP.exe
  C:\Windows\System\FqmpBxP.exe
  2⤵
  PID:5748
- C:\Windows\System\VcmnaQA.exe
  C:\Windows\System\VcmnaQA.exe
  2⤵
  PID:5860
- C:\Windows\System\nNCDFpy.exe
  C:\Windows\System\nNCDFpy.exe
  2⤵
  PID:5920
- C:\Windows\System\SnqCyBZ.exe
  C:\Windows\System\SnqCyBZ.exe
  2⤵
  PID:6000
- C:\Windows\System\suHfmQS.exe
  C:\Windows\System\suHfmQS.exe
  2⤵
  PID:6056
- C:\Windows\System\mMOqNNv.exe
  C:\Windows\System\mMOqNNv.exe
  2⤵
  PID:1644
- C:\Windows\System\wDBLEkx.exe
  C:\Windows\System\wDBLEkx.exe
  2⤵
  PID:1228
- C:\Windows\System\jzxdWzC.exe
  C:\Windows\System\jzxdWzC.exe
  2⤵
  PID:2708
- C:\Windows\System\jpMaiRk.exe
  C:\Windows\System\jpMaiRk.exe
  2⤵
  PID:1372
- C:\Windows\System\dNKLqnV.exe
  C:\Windows\System\dNKLqnV.exe
  2⤵
  PID:2972
- C:\Windows\System\WUvIoPT.exe
  C:\Windows\System\WUvIoPT.exe
  2⤵
  PID:1188
- C:\Windows\System\iAIpcXY.exe
  C:\Windows\System\iAIpcXY.exe
  2⤵
  PID:1148
- C:\Windows\System\nebfQsI.exe
  C:\Windows\System\nebfQsI.exe
  2⤵
  PID:5724
- C:\Windows\System\rPEfhOJ.exe
  C:\Windows\System\rPEfhOJ.exe
  2⤵
  PID:3052
- C:\Windows\System\YgVUkLu.exe
  C:\Windows\System\YgVUkLu.exe
  2⤵
  PID:5976
- C:\Windows\System\mPsWNck.exe
  C:\Windows\System\mPsWNck.exe
  2⤵
  PID:5756
- C:\Windows\System\jItvhCj.exe
  C:\Windows\System\jItvhCj.exe
  2⤵
  PID:4200
- C:\Windows\System\ykUztVK.exe
  C:\Windows\System\ykUztVK.exe
  2⤵
  PID:2352
- C:\Windows\System\XKORKoU.exe
  C:\Windows\System\XKORKoU.exe
  2⤵
  PID:3772
- C:\Windows\System\RSqYpHe.exe
  C:\Windows\System\RSqYpHe.exe
  2⤵
  PID:1500
- C:\Windows\System\EFbDilL.exe
  C:\Windows\System\EFbDilL.exe
  2⤵
  PID:2852
- C:\Windows\System\cwZPbBN.exe
  C:\Windows\System\cwZPbBN.exe
  2⤵
  PID:3424
- C:\Windows\System\leVmloU.exe
  C:\Windows\System\leVmloU.exe
  2⤵
  PID:3284
- C:\Windows\System\zvNHxZg.exe
  C:\Windows\System\zvNHxZg.exe
  2⤵
  PID:2224
- C:\Windows\System\gitmvan.exe
  C:\Windows\System\gitmvan.exe
  2⤵
  PID:6008
- C:\Windows\System\XQSYFkv.exe
  C:\Windows\System\XQSYFkv.exe
  2⤵
  PID:628
- C:\Windows\System\iIcOdLL.exe
  C:\Windows\System\iIcOdLL.exe
  2⤵
  PID:4372
- C:\Windows\System\zTkZoGe.exe
  C:\Windows\System\zTkZoGe.exe
  2⤵
  PID:4668
- C:\Windows\System\ByYCfqC.exe
  C:\Windows\System\ByYCfqC.exe
  2⤵
  PID:2676
- C:\Windows\System\MvNjIkl.exe
  C:\Windows\System\MvNjIkl.exe
  2⤵
  PID:6168
- C:\Windows\System\SeYQHMa.exe
  C:\Windows\System\SeYQHMa.exe
  2⤵
  PID:6188
- C:\Windows\System\hKQYpAc.exe
  C:\Windows\System\hKQYpAc.exe
  2⤵
  PID:6232
- C:\Windows\System\uhhDVvf.exe
  C:\Windows\System\uhhDVvf.exe
  2⤵
  PID:6252
- C:\Windows\System\pqejqpz.exe
  C:\Windows\System\pqejqpz.exe
  2⤵
  PID:6276
- C:\Windows\System\CXSPnwi.exe
  C:\Windows\System\CXSPnwi.exe
  2⤵
  PID:6308
- C:\Windows\System\ZodqknU.exe
  C:\Windows\System\ZodqknU.exe
  2⤵
  PID:6336
- C:\Windows\System\XyexOhf.exe
  C:\Windows\System\XyexOhf.exe
  2⤵
  PID:6364
- C:\Windows\System\NCexAFM.exe
  C:\Windows\System\NCexAFM.exe
  2⤵
  PID:6396
- C:\Windows\System\cweNrIf.exe
  C:\Windows\System\cweNrIf.exe
  2⤵
  PID:6424
- C:\Windows\System\wmcfxpj.exe
  C:\Windows\System\wmcfxpj.exe
  2⤵
  PID:6452
- C:\Windows\System\OutqMaE.exe
  C:\Windows\System\OutqMaE.exe
  2⤵
  PID:6480
- C:\Windows\System\OmsPSrG.exe
  C:\Windows\System\OmsPSrG.exe
  2⤵
  PID:6508
- C:\Windows\System\xUNImlU.exe
  C:\Windows\System\xUNImlU.exe
  2⤵
  PID:6536
- C:\Windows\System\aCAivcq.exe
  C:\Windows\System\aCAivcq.exe
  2⤵
  PID:6552
- C:\Windows\System\yEpaynu.exe
  C:\Windows\System\yEpaynu.exe
  2⤵
  PID:6580
- C:\Windows\System\dSWrKap.exe
  C:\Windows\System\dSWrKap.exe
  2⤵
  PID:6600
- C:\Windows\System\cLBFEOZ.exe
  C:\Windows\System\cLBFEOZ.exe
  2⤵
  PID:6640
- C:\Windows\System\lnufocr.exe
  C:\Windows\System\lnufocr.exe
  2⤵
  PID:6660
- C:\Windows\System\dDHHzwq.exe
  C:\Windows\System\dDHHzwq.exe
  2⤵
  PID:6704
- C:\Windows\System\TBcxHkV.exe
  C:\Windows\System\TBcxHkV.exe
  2⤵
  PID:6732
- C:\Windows\System\MKFLQWp.exe
  C:\Windows\System\MKFLQWp.exe
  2⤵
  PID:6748
- C:\Windows\System\HQupPZV.exe
  C:\Windows\System\HQupPZV.exe
  2⤵
  PID:6776
- C:\Windows\System\EHvOgLE.exe
  C:\Windows\System\EHvOgLE.exe
  2⤵
  PID:6816
- C:\Windows\System\mXRtirl.exe
  C:\Windows\System\mXRtirl.exe
  2⤵
  PID:6836
- C:\Windows\System\vOfXMzX.exe
  C:\Windows\System\vOfXMzX.exe
  2⤵
  PID:6864
- C:\Windows\System\OTeLfam.exe
  C:\Windows\System\OTeLfam.exe
  2⤵
  PID:6896
- C:\Windows\System\EmGHEKK.exe
  C:\Windows\System\EmGHEKK.exe
  2⤵
  PID:6928
- C:\Windows\System\dilAcix.exe
  C:\Windows\System\dilAcix.exe
  2⤵
  PID:6956
- C:\Windows\System\jEjlBdB.exe
  C:\Windows\System\jEjlBdB.exe
  2⤵
  PID:6992
- C:\Windows\System\SPEAPkr.exe
  C:\Windows\System\SPEAPkr.exe
  2⤵
  PID:7020
- C:\Windows\System\LyaxNLT.exe
  C:\Windows\System\LyaxNLT.exe
  2⤵
  PID:7056
- C:\Windows\System\uEejULP.exe
  C:\Windows\System\uEejULP.exe
  2⤵
  PID:7076
- C:\Windows\System\TPGdlOD.exe
  C:\Windows\System\TPGdlOD.exe
  2⤵
  PID:7108
- C:\Windows\System\MIiVZqC.exe
  C:\Windows\System\MIiVZqC.exe
  2⤵
  PID:7136
- C:\Windows\System\SiXOTud.exe
  C:\Windows\System\SiXOTud.exe
  2⤵
  PID:2068
- C:\Windows\System\aqUIiYT.exe
  C:\Windows\System\aqUIiYT.exe
  2⤵
  PID:2756
- C:\Windows\System\wQtiUTQ.exe
  C:\Windows\System\wQtiUTQ.exe
  2⤵
  PID:6272
- C:\Windows\System\hAwboYy.exe
  C:\Windows\System\hAwboYy.exe
  2⤵
  PID:6320
- C:\Windows\System\dBRSLyV.exe
  C:\Windows\System\dBRSLyV.exe
  2⤵
  PID:6376
- C:\Windows\System\bATHmSQ.exe
  C:\Windows\System\bATHmSQ.exe
  2⤵
  PID:6440
- C:\Windows\System\AFhKJLX.exe
  C:\Windows\System\AFhKJLX.exe
  2⤵
  PID:6544
- C:\Windows\System\lMPIifq.exe
  C:\Windows\System\lMPIifq.exe
  2⤵
  PID:6612
- C:\Windows\System\ZmXsGHb.exe
  C:\Windows\System\ZmXsGHb.exe
  2⤵
  PID:6648
- C:\Windows\System\KnCloXh.exe
  C:\Windows\System\KnCloXh.exe
  2⤵
  PID:6724
- C:\Windows\System\rmVhYRi.exe
  C:\Windows\System\rmVhYRi.exe
  2⤵
  PID:6800
- C:\Windows\System\dODbwKW.exe
  C:\Windows\System\dODbwKW.exe
  2⤵
  PID:6872
- C:\Windows\System\UOnfCvb.exe
  C:\Windows\System\UOnfCvb.exe
  2⤵
  PID:6916
- C:\Windows\System\BLfwRoD.exe
  C:\Windows\System\BLfwRoD.exe
  2⤵
  PID:7004
- C:\Windows\System\gBGQbFI.exe
  C:\Windows\System\gBGQbFI.exe
  2⤵
  PID:7068
- C:\Windows\System\LujdULD.exe
  C:\Windows\System\LujdULD.exe
  2⤵
  PID:7128
- C:\Windows\System\laAmKqV.exe
  C:\Windows\System\laAmKqV.exe
  2⤵
  PID:2412
- C:\Windows\System\LRFSfAj.exe
  C:\Windows\System\LRFSfAj.exe
  2⤵
  PID:6416
- C:\Windows\System\yfExtZK.exe
  C:\Windows\System\yfExtZK.exe
  2⤵
  PID:6504
- C:\Windows\System\LZleGLZ.exe
  C:\Windows\System\LZleGLZ.exe
  2⤵
  PID:6696
- C:\Windows\System\FFgwObt.exe
  C:\Windows\System\FFgwObt.exe
  2⤵
  PID:6824
- C:\Windows\System\nTpfaPT.exe
  C:\Windows\System\nTpfaPT.exe
  2⤵
  PID:6984
- C:\Windows\System\ZnWiqvF.exe
  C:\Windows\System\ZnWiqvF.exe
  2⤵
  PID:6160
- C:\Windows\System\nRlvlQs.exe
  C:\Windows\System\nRlvlQs.exe
  2⤵
  PID:5056
- C:\Windows\System\baSSDIS.exe
  C:\Windows\System\baSSDIS.exe
  2⤵
  PID:6772
- C:\Windows\System\otmhaka.exe
  C:\Windows\System\otmhaka.exe
  2⤵
  PID:6528
- C:\Windows\System\kHzPQau.exe
  C:\Windows\System\kHzPQau.exe
  2⤵
  PID:7156
- C:\Windows\System\WeSnGSk.exe
  C:\Windows\System\WeSnGSk.exe
  2⤵
  PID:7172
- C:\Windows\System\GflaNSW.exe
  C:\Windows\System\GflaNSW.exe
  2⤵
  PID:7208
- C:\Windows\System\FcTlaMt.exe
  C:\Windows\System\FcTlaMt.exe
  2⤵
  PID:7240
- C:\Windows\System\WMoBgse.exe
  C:\Windows\System\WMoBgse.exe
  2⤵
  PID:7284
- C:\Windows\System\HiFGIoX.exe
  C:\Windows\System\HiFGIoX.exe
  2⤵
  PID:7328
- C:\Windows\System\ewmijfq.exe
  C:\Windows\System\ewmijfq.exe
  2⤵
  PID:7372
- C:\Windows\System\yEsGXWL.exe
  C:\Windows\System\yEsGXWL.exe
  2⤵
  PID:7400
- C:\Windows\System\yAcPhWz.exe
  C:\Windows\System\yAcPhWz.exe
  2⤵
  PID:7436
- C:\Windows\System\pXRjQnH.exe
  C:\Windows\System\pXRjQnH.exe
  2⤵
  PID:7468
- C:\Windows\System\SkuwGeR.exe
  C:\Windows\System\SkuwGeR.exe
  2⤵
  PID:7500
- C:\Windows\System\RAfvVeq.exe
  C:\Windows\System\RAfvVeq.exe
  2⤵
  PID:7532
- C:\Windows\System\qOupQDy.exe
  C:\Windows\System\qOupQDy.exe
  2⤵
  PID:7564
- C:\Windows\System\MkxuboO.exe
  C:\Windows\System\MkxuboO.exe
  2⤵
  PID:7584
- C:\Windows\System\VIpjiKl.exe
  C:\Windows\System\VIpjiKl.exe
  2⤵
  PID:7616
- C:\Windows\System\yFTdLyu.exe
  C:\Windows\System\yFTdLyu.exe
  2⤵
  PID:7632
- C:\Windows\System\jmPiPsZ.exe
  C:\Windows\System\jmPiPsZ.exe
  2⤵
  PID:7648
- C:\Windows\System\UAnJMnQ.exe
  C:\Windows\System\UAnJMnQ.exe
  2⤵
  PID:7676
- C:\Windows\System\uwpxFvn.exe
  C:\Windows\System\uwpxFvn.exe
  2⤵
  PID:7720
- C:\Windows\System\LIHIwaV.exe
  C:\Windows\System\LIHIwaV.exe
  2⤵
  PID:7768
- C:\Windows\System\ZJcxJmy.exe
  C:\Windows\System\ZJcxJmy.exe
  2⤵
  PID:7796
- C:\Windows\System\mmHwNAg.exe
  C:\Windows\System\mmHwNAg.exe
  2⤵
  PID:7820
- C:\Windows\System\SoGXALY.exe
  C:\Windows\System\SoGXALY.exe
  2⤵
  PID:7872
- C:\Windows\System\jtZuqxv.exe
  C:\Windows\System\jtZuqxv.exe
  2⤵
  PID:7904
- C:\Windows\System\NdVLyJD.exe
  C:\Windows\System\NdVLyJD.exe
  2⤵
  PID:7936
- C:\Windows\System\uPOHdDi.exe
  C:\Windows\System\uPOHdDi.exe
  2⤵
  PID:7968
- C:\Windows\System\rMjjvtJ.exe
  C:\Windows\System\rMjjvtJ.exe
  2⤵
  PID:8000
- C:\Windows\System\ABJWMlY.exe
  C:\Windows\System\ABJWMlY.exe
  2⤵
  PID:8028
- C:\Windows\System\neINdtB.exe
  C:\Windows\System\neINdtB.exe
  2⤵
  PID:8056
- C:\Windows\System\wDGnKzu.exe
  C:\Windows\System\wDGnKzu.exe
  2⤵
  PID:8076
- C:\Windows\System\JzYCrKg.exe
  C:\Windows\System\JzYCrKg.exe
  2⤵
  PID:8112
- C:\Windows\System\JFciLIo.exe
  C:\Windows\System\JFciLIo.exe
  2⤵
  PID:8140
- C:\Windows\System\lTfXaRh.exe
  C:\Windows\System\lTfXaRh.exe
  2⤵
  PID:8168
- C:\Windows\System\LNWsZoG.exe
  C:\Windows\System\LNWsZoG.exe
  2⤵
  PID:6808
- C:\Windows\System\cPvtUkQ.exe
  C:\Windows\System\cPvtUkQ.exe
  2⤵
  PID:7276
- C:\Windows\System\ZrSIkky.exe
  C:\Windows\System\ZrSIkky.exe
  2⤵
  PID:7360
- C:\Windows\System\IeoxIgi.exe
  C:\Windows\System\IeoxIgi.exe
  2⤵
  PID:7420
- C:\Windows\System\eHwHyHT.exe
  C:\Windows\System\eHwHyHT.exe
  2⤵
  PID:7496
- C:\Windows\System\RPoyZOZ.exe
  C:\Windows\System\RPoyZOZ.exe
  2⤵
  PID:7520
- C:\Windows\System\gnHKleV.exe
  C:\Windows\System\gnHKleV.exe
  2⤵
  PID:7580
- C:\Windows\System\WCOiYjY.exe
  C:\Windows\System\WCOiYjY.exe
  2⤵
  PID:7664
- C:\Windows\System\JLKgPdA.exe
  C:\Windows\System\JLKgPdA.exe
  2⤵
  PID:7740
- C:\Windows\System\mZTNDRK.exe
  C:\Windows\System\mZTNDRK.exe
  2⤵
  PID:7788
- C:\Windows\System\ZYEywur.exe
  C:\Windows\System\ZYEywur.exe
  2⤵
  PID:7836
- C:\Windows\System\KGYjHmW.exe
  C:\Windows\System\KGYjHmW.exe
  2⤵
  PID:7964
- C:\Windows\System\yIaXHVA.exe
  C:\Windows\System\yIaXHVA.exe
  2⤵
  PID:8040
- C:\Windows\System\pQVAucn.exe
  C:\Windows\System\pQVAucn.exe
  2⤵
  PID:8108
- C:\Windows\System\ErTzUcR.exe
  C:\Windows\System\ErTzUcR.exe
  2⤵
  PID:8188
- C:\Windows\System\RkMVbpw.exe
  C:\Windows\System\RkMVbpw.exe
  2⤵
  PID:7356
- C:\Windows\System\LauMhpc.exe
  C:\Windows\System\LauMhpc.exe
  2⤵
  PID:7524
- C:\Windows\System\xePxHDi.exe
  C:\Windows\System\xePxHDi.exe
  2⤵
  PID:7628
- C:\Windows\System\plhApJq.exe
  C:\Windows\System\plhApJq.exe
  2⤵
  PID:7256
- C:\Windows\System\PMOciGn.exe
  C:\Windows\System\PMOciGn.exe
  2⤵
  PID:7892
- C:\Windows\System\EQEwqvS.exe
  C:\Windows\System\EQEwqvS.exe
  2⤵
  PID:8068
- C:\Windows\System\QRBXTlP.exe
  C:\Windows\System\QRBXTlP.exe
  2⤵
  PID:7248
- C:\Windows\System\byqizGi.exe
  C:\Windows\System\byqizGi.exe
  2⤵
  PID:7704
- C:\Windows\System\VfkSGvc.exe
  C:\Windows\System\VfkSGvc.exe
  2⤵
  PID:8024
- C:\Windows\System\EOmbSzR.exe
  C:\Windows\System\EOmbSzR.exe
  2⤵
  PID:7576
- C:\Windows\System\PMTCgjZ.exe
  C:\Windows\System\PMTCgjZ.exe
  2⤵
  PID:7960
- C:\Windows\System\dxZqtAr.exe
  C:\Windows\System\dxZqtAr.exe
  2⤵
  PID:8212
- C:\Windows\System\kOSMKZM.exe
  C:\Windows\System\kOSMKZM.exe
  2⤵
  PID:8232
- C:\Windows\System\jPHYSwX.exe
  C:\Windows\System\jPHYSwX.exe
  2⤵
  PID:8268
- C:\Windows\System\NAddfBa.exe
  C:\Windows\System\NAddfBa.exe
  2⤵
  PID:8300
- C:\Windows\System\OaPbAGx.exe
  C:\Windows\System\OaPbAGx.exe
  2⤵
  PID:8328
- C:\Windows\System\LWoTOXc.exe
  C:\Windows\System\LWoTOXc.exe
  2⤵
  PID:8356
- C:\Windows\System\qLwPfqQ.exe
  C:\Windows\System\qLwPfqQ.exe
  2⤵
  PID:8380
- C:\Windows\System\IUjsVoc.exe
  C:\Windows\System\IUjsVoc.exe
  2⤵
  PID:8416
- C:\Windows\System\skNVsbu.exe
  C:\Windows\System\skNVsbu.exe
  2⤵
  PID:8444
- C:\Windows\System\EtAVJUo.exe
  C:\Windows\System\EtAVJUo.exe
  2⤵
  PID:8472
- C:\Windows\System\FZLmOyO.exe
  C:\Windows\System\FZLmOyO.exe
  2⤵
  PID:8500
- C:\Windows\System\gkDKdXC.exe
  C:\Windows\System\gkDKdXC.exe
  2⤵
  PID:8528
- C:\Windows\System\vxTKnYr.exe
  C:\Windows\System\vxTKnYr.exe
  2⤵
  PID:8568
- C:\Windows\System\ponbJcj.exe
  C:\Windows\System\ponbJcj.exe
  2⤵
  PID:8604
- C:\Windows\System\DfcShXA.exe
  C:\Windows\System\DfcShXA.exe
  2⤵
  PID:8632
- C:\Windows\System\VdfnlIy.exe
  C:\Windows\System\VdfnlIy.exe
  2⤵
  PID:8660
- C:\Windows\System\LcnIfml.exe
  C:\Windows\System\LcnIfml.exe
  2⤵
  PID:8688
- C:\Windows\System\MpsbFaG.exe
  C:\Windows\System\MpsbFaG.exe
  2⤵
  PID:8716
- C:\Windows\System\wGHCcBQ.exe
  C:\Windows\System\wGHCcBQ.exe
  2⤵
  PID:8744
- C:\Windows\System\CnhKxdE.exe
  C:\Windows\System\CnhKxdE.exe
  2⤵
  PID:8772
- C:\Windows\System\JIKQeeF.exe
  C:\Windows\System\JIKQeeF.exe
  2⤵
  PID:8800
- C:\Windows\System\dELNrwF.exe
  C:\Windows\System\dELNrwF.exe
  2⤵
  PID:8828
- C:\Windows\System\lDlAtCD.exe
  C:\Windows\System\lDlAtCD.exe
  2⤵
  PID:8856
- C:\Windows\System\zoCEngU.exe
  C:\Windows\System\zoCEngU.exe
  2⤵
  PID:8884
- C:\Windows\System\YeuDGdP.exe
  C:\Windows\System\YeuDGdP.exe
  2⤵
  PID:8928
- C:\Windows\System\RJBUSGA.exe
  C:\Windows\System\RJBUSGA.exe
  2⤵
  PID:8948
- C:\Windows\System\oIEBIdB.exe
  C:\Windows\System\oIEBIdB.exe
  2⤵
  PID:8984
- C:\Windows\System\QSnROSX.exe
  C:\Windows\System\QSnROSX.exe
  2⤵
  PID:9016
- C:\Windows\System\HKYsvHI.exe
  C:\Windows\System\HKYsvHI.exe
  2⤵
  PID:9064
- C:\Windows\System\aLLteqg.exe
  C:\Windows\System\aLLteqg.exe
  2⤵
  PID:9100
- C:\Windows\System\YthDMwZ.exe
  C:\Windows\System\YthDMwZ.exe
  2⤵
  PID:9144
- C:\Windows\System\LFsadbl.exe
  C:\Windows\System\LFsadbl.exe
  2⤵
  PID:9184
- C:\Windows\System\xVAGLWk.exe
  C:\Windows\System\xVAGLWk.exe
  2⤵
  PID:8224
- C:\Windows\System\FEfBtbl.exe
  C:\Windows\System\FEfBtbl.exe
  2⤵
  PID:8264
- C:\Windows\System\mTGUXqw.exe
  C:\Windows\System\mTGUXqw.exe
  2⤵
  PID:4052
- C:\Windows\System\TFikllO.exe
  C:\Windows\System\TFikllO.exe
  2⤵
  PID:8412
- C:\Windows\System\YbscVZR.exe
  C:\Windows\System\YbscVZR.exe
  2⤵
  PID:8512
- C:\Windows\System\cBMLFeJ.exe
  C:\Windows\System\cBMLFeJ.exe
  2⤵
  PID:928
- C:\Windows\System\GgUNycO.exe
  C:\Windows\System\GgUNycO.exe
  2⤵
  PID:8732
- C:\Windows\System\WgxQKTp.exe
  C:\Windows\System\WgxQKTp.exe
  2⤵
  PID:8812
- C:\Windows\System\xjRoUdl.exe
  C:\Windows\System\xjRoUdl.exe
  2⤵
  PID:8876
- C:\Windows\System\fnBxXxm.exe
  C:\Windows\System\fnBxXxm.exe
  2⤵
  PID:8972
- C:\Windows\System\ECqQIVD.exe
  C:\Windows\System\ECqQIVD.exe
  2⤵
  PID:9028
- C:\Windows\System\bKBIzmO.exe
  C:\Windows\System\bKBIzmO.exe
  2⤵
  PID:9152
- C:\Windows\System\BxGwphm.exe
  C:\Windows\System\BxGwphm.exe
  2⤵
  PID:9208
- C:\Windows\System\bMQOjVw.exe
  C:\Windows\System\bMQOjVw.exe
  2⤵
  PID:8376
- C:\Windows\System\gkbOqzz.exe
  C:\Windows\System\gkbOqzz.exe
  2⤵
  PID:8644
- C:\Windows\System\vYTscDn.exe
  C:\Windows\System\vYTscDn.exe
  2⤵
  PID:8852
- C:\Windows\System\eDEMyWD.exe
  C:\Windows\System\eDEMyWD.exe
  2⤵
  PID:5640
- C:\Windows\System\acSPUVj.exe
  C:\Windows\System\acSPUVj.exe
  2⤵
  PID:8348
- C:\Windows\System\wrXLeYJ.exe
  C:\Windows\System\wrXLeYJ.exe
  2⤵
  PID:8872
- C:\Windows\System\bsKbKtQ.exe
  C:\Windows\System\bsKbKtQ.exe
  2⤵
  PID:8600
- C:\Windows\System\mctHePH.exe
  C:\Windows\System\mctHePH.exe
  2⤵
  PID:9224
- C:\Windows\System\GOtXPSu.exe
  C:\Windows\System\GOtXPSu.exe
  2⤵
  PID:9260
- C:\Windows\System\TUQsewo.exe
  C:\Windows\System\TUQsewo.exe
  2⤵
  PID:9304
- C:\Windows\System\mulLOVo.exe
  C:\Windows\System\mulLOVo.exe
  2⤵
  PID:9324
- C:\Windows\System\fMqaVKq.exe
  C:\Windows\System\fMqaVKq.exe
  2⤵
  PID:9352
- C:\Windows\System\nhVVBQH.exe
  C:\Windows\System\nhVVBQH.exe
  2⤵
  PID:9380
- C:\Windows\System\ZqGcOJw.exe
  C:\Windows\System\ZqGcOJw.exe
  2⤵
  PID:9408
- C:\Windows\System\CLSbwQD.exe
  C:\Windows\System\CLSbwQD.exe
  2⤵
  PID:9436
- C:\Windows\System\XiBixZZ.exe
  C:\Windows\System\XiBixZZ.exe
  2⤵
  PID:9460
- C:\Windows\System\lscseHE.exe
  C:\Windows\System\lscseHE.exe
  2⤵
  PID:9492
- C:\Windows\System\mUfnPaO.exe
  C:\Windows\System\mUfnPaO.exe
  2⤵
  PID:9520
- C:\Windows\System\QLTxdVt.exe
  C:\Windows\System\QLTxdVt.exe
  2⤵
  PID:9548
- C:\Windows\System\YYXcwlI.exe
  C:\Windows\System\YYXcwlI.exe
  2⤵
  PID:9580
- C:\Windows\System\tPBmuWc.exe
  C:\Windows\System\tPBmuWc.exe
  2⤵
  PID:9612
- C:\Windows\System\zciRCqp.exe
  C:\Windows\System\zciRCqp.exe
  2⤵
  PID:9640
- C:\Windows\System\VnNXgWk.exe
  C:\Windows\System\VnNXgWk.exe
  2⤵
  PID:9668
- C:\Windows\System\IythxJi.exe
  C:\Windows\System\IythxJi.exe
  2⤵
  PID:9696
- C:\Windows\System\RoNVyuR.exe
  C:\Windows\System\RoNVyuR.exe
  2⤵
  PID:9724
- C:\Windows\System\wlxyVmd.exe
  C:\Windows\System\wlxyVmd.exe
  2⤵
  PID:9752
- C:\Windows\System\ithujky.exe
  C:\Windows\System\ithujky.exe
  2⤵
  PID:9780
- C:\Windows\System\CFqoKWU.exe
  C:\Windows\System\CFqoKWU.exe
  2⤵
  PID:9808
- C:\Windows\System\dXSAKju.exe
  C:\Windows\System\dXSAKju.exe
  2⤵
  PID:9836
- C:\Windows\System\fkGuJFI.exe
  C:\Windows\System\fkGuJFI.exe
  2⤵
  PID:9868
- C:\Windows\System\NRSOTjf.exe
  C:\Windows\System\NRSOTjf.exe
  2⤵
  PID:9896
- C:\Windows\System\RucfhhB.exe
  C:\Windows\System\RucfhhB.exe
  2⤵
  PID:9924
- C:\Windows\System\YcMYbVe.exe
  C:\Windows\System\YcMYbVe.exe
  2⤵
  PID:9952
- C:\Windows\System\usDMeSx.exe
  C:\Windows\System\usDMeSx.exe
  2⤵
  PID:9980
- C:\Windows\System\gOOfmkO.exe
  C:\Windows\System\gOOfmkO.exe
  2⤵
  PID:10008
- C:\Windows\System\jdHLFeJ.exe
  C:\Windows\System\jdHLFeJ.exe
  2⤵
  PID:10036
- C:\Windows\System\fqKkvEX.exe
  C:\Windows\System\fqKkvEX.exe
  2⤵
  PID:10064
- C:\Windows\System\okyPCPF.exe
  C:\Windows\System\okyPCPF.exe
  2⤵
  PID:10092
- C:\Windows\System\hHQgvsb.exe
  C:\Windows\System\hHQgvsb.exe
  2⤵
  PID:10116
- C:\Windows\System\ZuDzUkr.exe
  C:\Windows\System\ZuDzUkr.exe
  2⤵
  PID:10148
- C:\Windows\System\qBcRYCn.exe
  C:\Windows\System\qBcRYCn.exe
  2⤵
  PID:10176
- C:\Windows\System\sPvpWET.exe
  C:\Windows\System\sPvpWET.exe
  2⤵
  PID:10208
- C:\Windows\System\wcYwLXj.exe
  C:\Windows\System\wcYwLXj.exe
  2⤵
  PID:9204
- C:\Windows\System\rnNFQQa.exe
  C:\Windows\System\rnNFQQa.exe
  2⤵
  PID:9288
- C:\Windows\System\XChRrhC.exe
  C:\Windows\System\XChRrhC.exe
  2⤵
  PID:9348
- C:\Windows\System\ZNSYVTc.exe
  C:\Windows\System\ZNSYVTc.exe
  2⤵
  PID:9404
- C:\Windows\System\pmfmLRM.exe
  C:\Windows\System\pmfmLRM.exe
  2⤵
  PID:9476
- C:\Windows\System\kyrbGbp.exe
  C:\Windows\System\kyrbGbp.exe
  2⤵
  PID:9540
- C:\Windows\System\spGjxRw.exe
  C:\Windows\System\spGjxRw.exe
  2⤵
  PID:9600
- C:\Windows\System\zATmPtJ.exe
  C:\Windows\System\zATmPtJ.exe
  2⤵
  PID:9660
- C:\Windows\System\mKLdgAE.exe
  C:\Windows\System\mKLdgAE.exe
  2⤵
  PID:9736
- C:\Windows\System\TbeJiOe.exe
  C:\Windows\System\TbeJiOe.exe
  2⤵
  PID:9800
- C:\Windows\System\gzqUFgl.exe
  C:\Windows\System\gzqUFgl.exe
  2⤵
  PID:9864
- C:\Windows\System\MjviebC.exe
  C:\Windows\System\MjviebC.exe
  2⤵
  PID:9936
- C:\Windows\System\gBmdwYy.exe
  C:\Windows\System\gBmdwYy.exe
  2⤵
  PID:9972
- C:\Windows\System\QWNypnu.exe
  C:\Windows\System\QWNypnu.exe
  2⤵
  PID:10004
- C:\Windows\System\TDLqGKL.exe
  C:\Windows\System\TDLqGKL.exe
  2⤵
  PID:10080
- C:\Windows\System\gigmojj.exe
  C:\Windows\System\gigmojj.exe
  2⤵
  PID:10196
- C:\Windows\System\QQQVVLQ.exe
  C:\Windows\System\QQQVVLQ.exe
  2⤵
  PID:9336
- C:\Windows\System\ERnaguS.exe
  C:\Windows\System\ERnaguS.exe
  2⤵
  PID:9400
- C:\Windows\System\ZWSCqqz.exe
  C:\Windows\System\ZWSCqqz.exe
  2⤵
  PID:9576
- C:\Windows\System\alCHYhP.exe
  C:\Windows\System\alCHYhP.exe
  2⤵
  PID:9720
- C:\Windows\System\KWctlyn.exe
  C:\Windows\System\KWctlyn.exe
  2⤵
  PID:9860
- C:\Windows\System\PVrjIDm.exe
  C:\Windows\System\PVrjIDm.exe
  2⤵
  PID:9992
- C:\Windows\System\FyTkYEu.exe
  C:\Windows\System\FyTkYEu.exe
  2⤵
  PID:10172
- C:\Windows\System\NTHEAAD.exe
  C:\Windows\System\NTHEAAD.exe
  2⤵
  PID:8256
- C:\Windows\System\tyAgEGX.exe
  C:\Windows\System\tyAgEGX.exe
  2⤵
  PID:9792
- C:\Windows\System\BDfFAdQ.exe
  C:\Windows\System\BDfFAdQ.exe
  2⤵
  PID:10144
- C:\Windows\System\pEUJtfY.exe
  C:\Windows\System\pEUJtfY.exe
  2⤵
  PID:9692
- C:\Windows\System\yzgUoNO.exe
  C:\Windows\System\yzgUoNO.exe
  2⤵
  PID:9256
- C:\Windows\System\ApOQPCu.exe
  C:\Windows\System\ApOQPCu.exe
  2⤵
  PID:10268
- C:\Windows\System\YAcGbMd.exe
  C:\Windows\System\YAcGbMd.exe
  2⤵
  PID:10296
- C:\Windows\System\IPCVCUq.exe
  C:\Windows\System\IPCVCUq.exe
  2⤵
  PID:10324
- C:\Windows\System\JkpqDWw.exe
  C:\Windows\System\JkpqDWw.exe
  2⤵
  PID:10352
- C:\Windows\System\jxzhDNR.exe
  C:\Windows\System\jxzhDNR.exe
  2⤵
  PID:10380
- C:\Windows\System\LBOjBzz.exe
  C:\Windows\System\LBOjBzz.exe
  2⤵
  PID:10408
- C:\Windows\System\irPucdR.exe
  C:\Windows\System\irPucdR.exe
  2⤵
  PID:10440
- C:\Windows\System\bfJkUgh.exe
  C:\Windows\System\bfJkUgh.exe
  2⤵
  PID:10468
- C:\Windows\System\GNyhqmc.exe
  C:\Windows\System\GNyhqmc.exe
  2⤵
  PID:10496
- C:\Windows\System\MiKLqZL.exe
  C:\Windows\System\MiKLqZL.exe
  2⤵
  PID:10524
- C:\Windows\System\gXdiHZz.exe
  C:\Windows\System\gXdiHZz.exe
  2⤵
  PID:10552
- C:\Windows\System\LQLpspN.exe
  C:\Windows\System\LQLpspN.exe
  2⤵
  PID:10580
- C:\Windows\System\RGcRbsv.exe
  C:\Windows\System\RGcRbsv.exe
  2⤵
  PID:10608
- C:\Windows\System\CcREHeG.exe
  C:\Windows\System\CcREHeG.exe
  2⤵
  PID:10636
- C:\Windows\System\bVHaews.exe
  C:\Windows\System\bVHaews.exe
  2⤵
  PID:10664
- C:\Windows\System\byWDcZz.exe
  C:\Windows\System\byWDcZz.exe
  2⤵
  PID:10692
- C:\Windows\System\LsrGIPG.exe
  C:\Windows\System\LsrGIPG.exe
  2⤵
  PID:10720
- C:\Windows\System\uuVsAGq.exe
  C:\Windows\System\uuVsAGq.exe
  2⤵
  PID:10748
- C:\Windows\System\syQbASJ.exe
  C:\Windows\System\syQbASJ.exe
  2⤵
  PID:10776
- C:\Windows\System\xdVschi.exe
  C:\Windows\System\xdVschi.exe
  2⤵
  PID:10804
- C:\Windows\System\gNdFQND.exe
  C:\Windows\System\gNdFQND.exe
  2⤵
  PID:10832
- C:\Windows\System\ivuaBVs.exe
  C:\Windows\System\ivuaBVs.exe
  2⤵
  PID:10860
- C:\Windows\System\LKoZLyK.exe
  C:\Windows\System\LKoZLyK.exe
  2⤵
  PID:10888
- C:\Windows\System\FiGGniw.exe
  C:\Windows\System\FiGGniw.exe
  2⤵
  PID:10916
- C:\Windows\System\rJZQyrC.exe
  C:\Windows\System\rJZQyrC.exe
  2⤵
  PID:10948
- C:\Windows\System\mnRoEXD.exe
  C:\Windows\System\mnRoEXD.exe
  2⤵
  PID:10976
- C:\Windows\System\YESZrHk.exe
  C:\Windows\System\YESZrHk.exe
  2⤵
  PID:11004
- C:\Windows\System\ZQoteBQ.exe
  C:\Windows\System\ZQoteBQ.exe
  2⤵
  PID:11032
- C:\Windows\System\MupgFCC.exe
  C:\Windows\System\MupgFCC.exe
  2⤵
  PID:11052
- C:\Windows\System\NgxZXRO.exe
  C:\Windows\System\NgxZXRO.exe
  2⤵
  PID:11088
- C:\Windows\System\MNbskit.exe
  C:\Windows\System\MNbskit.exe
  2⤵
  PID:11116
- C:\Windows\System\glicDXZ.exe
  C:\Windows\System\glicDXZ.exe
  2⤵
  PID:11144
- C:\Windows\System\jpatmLE.exe
  C:\Windows\System\jpatmLE.exe
  2⤵
  PID:11172
- C:\Windows\System\dQNHPnx.exe
  C:\Windows\System\dQNHPnx.exe
  2⤵
  PID:11200
- C:\Windows\System\waOtwlN.exe
  C:\Windows\System\waOtwlN.exe
  2⤵
  PID:11228
- C:\Windows\System\ZeMobaw.exe
  C:\Windows\System\ZeMobaw.exe
  2⤵
  PID:11256
- C:\Windows\System\BjbxNge.exe
  C:\Windows\System\BjbxNge.exe
  2⤵
  PID:10280
- C:\Windows\System\ZIGhrnZ.exe
  C:\Windows\System\ZIGhrnZ.exe
  2⤵
  PID:10320
- C:\Windows\System\aVVlkYK.exe
  C:\Windows\System\aVVlkYK.exe
  2⤵
  PID:10392
- C:\Windows\System\azqOMsn.exe
  C:\Windows\System\azqOMsn.exe
  2⤵
  PID:10464
- C:\Windows\System\MIHOozZ.exe
  C:\Windows\System\MIHOozZ.exe
  2⤵
  PID:10520
- C:\Windows\System\URYKTkc.exe
  C:\Windows\System\URYKTkc.exe
  2⤵
  PID:10596
- C:\Windows\System\aWKdKGj.exe
  C:\Windows\System\aWKdKGj.exe
  2⤵
  PID:10660
- C:\Windows\System\BRxUeiG.exe
  C:\Windows\System\BRxUeiG.exe
  2⤵
  PID:10712
- C:\Windows\System\RKbkFOG.exe
  C:\Windows\System\RKbkFOG.exe
  2⤵
  PID:10792
- C:\Windows\System\ISwHdnh.exe
  C:\Windows\System\ISwHdnh.exe
  2⤵
  PID:10848
- C:\Windows\System\KgsJSRG.exe
  C:\Windows\System\KgsJSRG.exe
  2⤵
  PID:10912
- C:\Windows\System\mmZUvZL.exe
  C:\Windows\System\mmZUvZL.exe
  2⤵
  PID:10988
- C:\Windows\System\zHeoOfj.exe
  C:\Windows\System\zHeoOfj.exe
  2⤵
  PID:11048
- C:\Windows\System\wbTxvPG.exe
  C:\Windows\System\wbTxvPG.exe
  2⤵
  PID:11108
- C:\Windows\System\ylmDxjt.exe
  C:\Windows\System\ylmDxjt.exe
  2⤵
  PID:11168
- C:\Windows\System\DIvFDeO.exe
  C:\Windows\System\DIvFDeO.exe
  2⤵
  PID:11220
- C:\Windows\System\CIdaDty.exe
  C:\Windows\System\CIdaDty.exe
  2⤵
  PID:5140
- C:\Windows\System\wUNDYjk.exe
  C:\Windows\System\wUNDYjk.exe
  2⤵
  PID:10424
- C:\Windows\System\UyFTNjK.exe
  C:\Windows\System\UyFTNjK.exe
  2⤵
  PID:10576
- C:\Windows\System\VvbKDLt.exe
  C:\Windows\System\VvbKDLt.exe
  2⤵
  PID:10716
- C:\Windows\System\kEqgIRu.exe
  C:\Windows\System\kEqgIRu.exe
  2⤵
  PID:10828
- C:\Windows\System\QyZbtRx.exe
  C:\Windows\System\QyZbtRx.exe
  2⤵
  PID:11024
- C:\Windows\System\KsrRMVg.exe
  C:\Windows\System\KsrRMVg.exe
  2⤵
  PID:11160
- C:\Windows\System\MPioXlY.exe
  C:\Windows\System\MPioXlY.exe
  2⤵
  PID:11224
- C:\Windows\System\qtBtqKG.exe
  C:\Windows\System\qtBtqKG.exe
  2⤵
  PID:10648
- C:\Windows\System\bdxQOBx.exe
  C:\Windows\System\bdxQOBx.exe
  2⤵
  PID:10968
- C:\Windows\System\pRQqzZb.exe
  C:\Windows\System\pRQqzZb.exe
  2⤵
  PID:10856
- C:\Windows\System\FWXZDAR.exe
  C:\Windows\System\FWXZDAR.exe
  2⤵
  PID:11296
- C:\Windows\System\aUCAozF.exe
  C:\Windows\System\aUCAozF.exe
  2⤵
  PID:11324
- C:\Windows\System\lElfBGS.exe
  C:\Windows\System\lElfBGS.exe
  2⤵
  PID:11352
- C:\Windows\System\ezBfmlJ.exe
  C:\Windows\System\ezBfmlJ.exe
  2⤵
  PID:11368
- C:\Windows\System\VRmHIwy.exe
  C:\Windows\System\VRmHIwy.exe
  2⤵
  PID:11400
- C:\Windows\System\gwLgeXV.exe
  C:\Windows\System\gwLgeXV.exe
  2⤵
  PID:11436
- C:\Windows\System\RUtvxwh.exe
  C:\Windows\System\RUtvxwh.exe
  2⤵
  PID:11464
- C:\Windows\System\nnklvFD.exe
  C:\Windows\System\nnklvFD.exe
  2⤵
  PID:11492
- C:\Windows\System\AkRBIme.exe
  C:\Windows\System\AkRBIme.exe
  2⤵
  PID:11520
- C:\Windows\System\wixCXIz.exe
  C:\Windows\System\wixCXIz.exe
  2⤵
  PID:11548
- C:\Windows\System\tBjVMDo.exe
  C:\Windows\System\tBjVMDo.exe
  2⤵
  PID:11576
- C:\Windows\System\sDAhLke.exe
  C:\Windows\System\sDAhLke.exe
  2⤵
  PID:11604
- C:\Windows\System\BGyCRkx.exe
  C:\Windows\System\BGyCRkx.exe
  2⤵
  PID:11632
- C:\Windows\System\fUSZoBx.exe
  C:\Windows\System\fUSZoBx.exe
  2⤵
  PID:11660
- C:\Windows\System\uGyDWqR.exe
  C:\Windows\System\uGyDWqR.exe
  2⤵
  PID:11688
- C:\Windows\System\shopvcu.exe
  C:\Windows\System\shopvcu.exe
  2⤵
  PID:11716
- C:\Windows\System\LuXxUuv.exe
  C:\Windows\System\LuXxUuv.exe
  2⤵
  PID:11744
- C:\Windows\System\XGsZJrW.exe
  C:\Windows\System\XGsZJrW.exe
  2⤵
  PID:11772
- C:\Windows\System\gOqLxta.exe
  C:\Windows\System\gOqLxta.exe
  2⤵
  PID:11800
- C:\Windows\System\TYMGVcI.exe
  C:\Windows\System\TYMGVcI.exe
  2⤵
  PID:11828
- C:\Windows\System\QjkBGch.exe
  C:\Windows\System\QjkBGch.exe
  2⤵
  PID:11856
- C:\Windows\System\fBmwWQv.exe
  C:\Windows\System\fBmwWQv.exe
  2⤵
  PID:11884
- C:\Windows\System\zDJWLzo.exe
  C:\Windows\System\zDJWLzo.exe
  2⤵
  PID:11912
- C:\Windows\System\TzVEMxH.exe
  C:\Windows\System\TzVEMxH.exe
  2⤵
  PID:11940
- C:\Windows\System\UsEQWpY.exe
  C:\Windows\System\UsEQWpY.exe
  2⤵
  PID:11968
- C:\Windows\System\gZLZouh.exe
  C:\Windows\System\gZLZouh.exe
  2⤵
  PID:11996
- C:\Windows\System\wbwWqOg.exe
  C:\Windows\System\wbwWqOg.exe
  2⤵
  PID:12024
- C:\Windows\System\QHFvCjq.exe
  C:\Windows\System\QHFvCjq.exe
  2⤵
  PID:12052
- C:\Windows\System\NZlVXnw.exe
  C:\Windows\System\NZlVXnw.exe
  2⤵
  PID:12080
- C:\Windows\System\vWNlKNs.exe
  C:\Windows\System\vWNlKNs.exe
  2⤵
  PID:12108
- C:\Windows\System\qRLJhkB.exe
  C:\Windows\System\qRLJhkB.exe
  2⤵
  PID:12136
- C:\Windows\System\wFHuOkl.exe
  C:\Windows\System\wFHuOkl.exe
  2⤵
  PID:12164
- C:\Windows\System\ExnpZAo.exe
  C:\Windows\System\ExnpZAo.exe
  2⤵
  PID:12192
- C:\Windows\System\WFzoVxq.exe
  C:\Windows\System\WFzoVxq.exe
  2⤵
  PID:12220
- C:\Windows\System\BGUokgF.exe
  C:\Windows\System\BGUokgF.exe
  2⤵
  PID:12248
- C:\Windows\System\eqdGNvu.exe
  C:\Windows\System\eqdGNvu.exe
  2⤵
  PID:12276
- C:\Windows\System\cBbWgYm.exe
  C:\Windows\System\cBbWgYm.exe
  2⤵
  PID:11288
- C:\Windows\System\zJbvtWj.exe
  C:\Windows\System\zJbvtWj.exe
  2⤵
  PID:11348
- C:\Windows\System\AYjgpRe.exe
  C:\Windows\System\AYjgpRe.exe
  2⤵
  PID:11432
- C:\Windows\System\kGEPhqk.exe
  C:\Windows\System\kGEPhqk.exe
  2⤵
  PID:11488
- C:\Windows\System\wsfiFCB.exe
  C:\Windows\System\wsfiFCB.exe
  2⤵
  PID:11560
- C:\Windows\System\ZHmYWFk.exe
  C:\Windows\System\ZHmYWFk.exe
  2⤵
  PID:11596
- C:\Windows\System\pJqyzvy.exe
  C:\Windows\System\pJqyzvy.exe
  2⤵
  PID:11684
- C:\Windows\System\DYHpscF.exe
  C:\Windows\System\DYHpscF.exe
  2⤵
  PID:5580
- C:\Windows\System\cvxwZbY.exe
  C:\Windows\System\cvxwZbY.exe
  2⤵
  PID:11792
- C:\Windows\System\dSLNhuM.exe
  C:\Windows\System\dSLNhuM.exe
  2⤵
  PID:11852
- C:\Windows\System\nrsTwbE.exe
  C:\Windows\System\nrsTwbE.exe
  2⤵
  PID:11900
- C:\Windows\System\GDgBGKp.exe
  C:\Windows\System\GDgBGKp.exe
  2⤵
  PID:11964
- C:\Windows\System\xUlnihX.exe
  C:\Windows\System\xUlnihX.exe
  2⤵
  PID:12044
- C:\Windows\System\EGNuxNB.exe
  C:\Windows\System\EGNuxNB.exe
  2⤵
  PID:12104
- C:\Windows\System\olehLpJ.exe
  C:\Windows\System\olehLpJ.exe
  2⤵
  PID:12176
- C:\Windows\System\hyuwLlS.exe
  C:\Windows\System\hyuwLlS.exe
  2⤵
  PID:12232
- C:\Windows\System\lZqDptN.exe
  C:\Windows\System\lZqDptN.exe
  2⤵
  PID:11276
- C:\Windows\System\NgCXehA.exe
  C:\Windows\System\NgCXehA.exe
  2⤵
  PID:11420
- C:\Windows\System\LpFzdrI.exe
  C:\Windows\System\LpFzdrI.exe
  2⤵
  PID:11544
- C:\Windows\System\dAUexnZ.exe
  C:\Windows\System\dAUexnZ.exe
  2⤵
  PID:11728
- C:\Windows\System\bxJVIub.exe
  C:\Windows\System\bxJVIub.exe
  2⤵
  PID:11844
- C:\Windows\System\HAgmyIS.exe
  C:\Windows\System\HAgmyIS.exe
  2⤵
  PID:12016
- C:\Windows\System\miQXECL.exe
  C:\Windows\System\miQXECL.exe
  2⤵
  PID:5952
- C:\Windows\System\AhJEtox.exe
  C:\Windows\System\AhJEtox.exe
  2⤵
  PID:12216
- C:\Windows\System\uJQTiRD.exe
  C:\Windows\System\uJQTiRD.exe
  2⤵
  PID:11484
- C:\Windows\System\MulzqwI.exe
  C:\Windows\System\MulzqwI.exe
  2⤵
  PID:11784
- C:\Windows\System\ukOmkvw.exe
  C:\Windows\System\ukOmkvw.exe
  2⤵
  PID:12100
- C:\Windows\System\QUAKUzf.exe
  C:\Windows\System\QUAKUzf.exe
  2⤵
  PID:11652
- C:\Windows\System\TwXjpEY.exe
  C:\Windows\System\TwXjpEY.exe
  2⤵
  PID:11392
- C:\Windows\System\TdRGlTC.exe
  C:\Windows\System\TdRGlTC.exe
  2⤵
  PID:12296
- C:\Windows\System\gPOUtKm.exe
  C:\Windows\System\gPOUtKm.exe
  2⤵
  PID:12324
- C:\Windows\System\oTAuNjo.exe
  C:\Windows\System\oTAuNjo.exe
  2⤵
  PID:12352
- C:\Windows\System\DLNumCd.exe
  C:\Windows\System\DLNumCd.exe
  2⤵
  PID:12380
- C:\Windows\System\hTwQXKY.exe
  C:\Windows\System\hTwQXKY.exe
  2⤵
  PID:12408
- C:\Windows\System\JMMFyAh.exe
  C:\Windows\System\JMMFyAh.exe
  2⤵
  PID:12440
- C:\Windows\System\ecIbimP.exe
  C:\Windows\System\ecIbimP.exe
  2⤵
  PID:12468
- C:\Windows\System\eFifasF.exe
  C:\Windows\System\eFifasF.exe
  2⤵
  PID:12496
- C:\Windows\System\cQIKRSC.exe
  C:\Windows\System\cQIKRSC.exe
  2⤵
  PID:12524
- C:\Windows\System\SctfRrk.exe
  C:\Windows\System\SctfRrk.exe
  2⤵
  PID:12552
- C:\Windows\System\wSkARFo.exe
  C:\Windows\System\wSkARFo.exe
  2⤵
  PID:12580
- C:\Windows\System\KlgiiiF.exe
  C:\Windows\System\KlgiiiF.exe
  2⤵
  PID:12608
- C:\Windows\System\MlOtuAm.exe
  C:\Windows\System\MlOtuAm.exe
  2⤵
  PID:12636
- C:\Windows\System\IyeYJda.exe
  C:\Windows\System\IyeYJda.exe
  2⤵
  PID:12664
- C:\Windows\System\PGxqYRV.exe
  C:\Windows\System\PGxqYRV.exe
  2⤵
  PID:12692
- C:\Windows\System\DzdYDZb.exe
  C:\Windows\System\DzdYDZb.exe
  2⤵
  PID:12720
- C:\Windows\System\tGoeefa.exe
  C:\Windows\System\tGoeefa.exe
  2⤵
  PID:12748
- C:\Windows\System\OdXvUZp.exe
  C:\Windows\System\OdXvUZp.exe
  2⤵
  PID:12776
- C:\Windows\System\mthZrrq.exe
  C:\Windows\System\mthZrrq.exe
  2⤵
  PID:12804
- C:\Windows\System\QWiAIuW.exe
  C:\Windows\System\QWiAIuW.exe
  2⤵
  PID:12832
- C:\Windows\System\NIZQrge.exe
  C:\Windows\System\NIZQrge.exe
  2⤵
  PID:12860
- C:\Windows\System\zFPFthO.exe
  C:\Windows\System\zFPFthO.exe
  2⤵
  PID:12892
- C:\Windows\System\KexnCTV.exe
  C:\Windows\System\KexnCTV.exe
  2⤵
  PID:12920
- C:\Windows\System\vWyewlg.exe
  C:\Windows\System\vWyewlg.exe
  2⤵
  PID:12948
- C:\Windows\System\aEEATsS.exe
  C:\Windows\System\aEEATsS.exe
  2⤵
  PID:12976
- C:\Windows\System\mDftecz.exe
  C:\Windows\System\mDftecz.exe
  2⤵
  PID:13004
- C:\Windows\System\caoymAi.exe
  C:\Windows\System\caoymAi.exe
  2⤵
  PID:13032
- C:\Windows\System\DvRjpCx.exe
  C:\Windows\System\DvRjpCx.exe
  2⤵
  PID:13060
- C:\Windows\System\fmvPpqu.exe
  C:\Windows\System\fmvPpqu.exe
  2⤵
  PID:13088
- C:\Windows\System\YLosznw.exe
  C:\Windows\System\YLosznw.exe
  2⤵
  PID:13116
- C:\Windows\System\lPCvLlp.exe
  C:\Windows\System\lPCvLlp.exe
  2⤵
  PID:13144
- C:\Windows\System\VaiLufa.exe
  C:\Windows\System\VaiLufa.exe
  2⤵
  PID:13172
- C:\Windows\System\MXHmYrd.exe
  C:\Windows\System\MXHmYrd.exe
  2⤵
  PID:13200
- C:\Windows\System\BHUxUHo.exe
  C:\Windows\System\BHUxUHo.exe
  2⤵
  PID:13228
- C:\Windows\System\IeKgZZK.exe
  C:\Windows\System\IeKgZZK.exe
  2⤵
  PID:13256
- C:\Windows\System\erenJJC.exe
  C:\Windows\System\erenJJC.exe
  2⤵
  PID:13284
- C:\Windows\System\oIFdbuY.exe
  C:\Windows\System\oIFdbuY.exe
  2⤵
  PID:10512
- C:\Windows\System\BBnOIvs.exe
  C:\Windows\System\BBnOIvs.exe
  2⤵
  PID:12348
- C:\Windows\System\ggNsbMS.exe
  C:\Windows\System\ggNsbMS.exe
  2⤵
  PID:12420
- C:\Windows\System\BckmEFe.exe
  C:\Windows\System\BckmEFe.exe
  2⤵
  PID:12488
- C:\Windows\System\sUktPPM.exe
  C:\Windows\System\sUktPPM.exe
  2⤵
  PID:12544
- C:\Windows\System\mHZzpoo.exe
  C:\Windows\System\mHZzpoo.exe
  2⤵
  PID:12604
- C:\Windows\System\VspwtIi.exe
  C:\Windows\System\VspwtIi.exe
  2⤵
  PID:12680
- C:\Windows\System\qHlbUHY.exe
  C:\Windows\System\qHlbUHY.exe
  2⤵
  PID:12740
- C:\Windows\System\AGpGLfo.exe
  C:\Windows\System\AGpGLfo.exe
  2⤵
  PID:12800
- C:\Windows\System\waQqMSV.exe
  C:\Windows\System\waQqMSV.exe
  2⤵
  PID:12880
- C:\Windows\System\IXAfXKU.exe
  C:\Windows\System\IXAfXKU.exe
  2⤵
  PID:12944
- C:\Windows\System\jLWqbqW.exe
  C:\Windows\System\jLWqbqW.exe
  2⤵
  PID:13000
- C:\Windows\System\czPSQbl.exe
  C:\Windows\System\czPSQbl.exe
  2⤵
  PID:13072
- C:\Windows\System\sOOetUc.exe
  C:\Windows\System\sOOetUc.exe
  2⤵
  PID:13128
- C:\Windows\System\ovAmSdS.exe
  C:\Windows\System\ovAmSdS.exe
  2⤵
  PID:13192
- C:\Windows\System\puoDjry.exe
  C:\Windows\System\puoDjry.exe
  2⤵
  PID:13252
- C:\Windows\System\XvBWUSQ.exe
  C:\Windows\System\XvBWUSQ.exe
  2⤵
  PID:12320
- C:\Windows\System\wAtxdLY.exe
  C:\Windows\System\wAtxdLY.exe
  2⤵
  PID:12460
- C:\Windows\System\lYRXgDW.exe
  C:\Windows\System\lYRXgDW.exe
  2⤵
  PID:12596
- C:\Windows\System\OiEBXrL.exe
  C:\Windows\System\OiEBXrL.exe
  2⤵
  PID:12772
- C:\Windows\System\dBMSBuf.exe
  C:\Windows\System\dBMSBuf.exe
  2⤵
  PID:12916
- C:\Windows\System\wOBvRwB.exe
  C:\Windows\System\wOBvRwB.exe
  2⤵
  PID:13056
- C:\Windows\System\ihbbcUt.exe
  C:\Windows\System\ihbbcUt.exe
  2⤵
  PID:13224
- C:\Windows\System\JAOcKtf.exe
  C:\Windows\System\JAOcKtf.exe
  2⤵
  PID:12400
- C:\Windows\System\RchBxgF.exe
  C:\Windows\System\RchBxgF.exe
  2⤵
  PID:12736
- C:\Windows\System\gNryHqd.exe
  C:\Windows\System\gNryHqd.exe
  2⤵
  PID:13164
- C:\Windows\System\UdqYGoI.exe
  C:\Windows\System\UdqYGoI.exe
  2⤵
  PID:12712
- C:\Windows\System\pisyBqG.exe
  C:\Windows\System\pisyBqG.exe
  2⤵
  PID:12600
- C:\Windows\System\eHSweKX.exe
  C:\Windows\System\eHSweKX.exe
  2⤵
  PID:13328
- C:\Windows\System\KaRpkDF.exe
  C:\Windows\System\KaRpkDF.exe
  2⤵
  PID:13356
- C:\Windows\System\bTJOauG.exe
  C:\Windows\System\bTJOauG.exe
  2⤵
  PID:13384
- C:\Windows\System\YUvkTzR.exe
  C:\Windows\System\YUvkTzR.exe
  2⤵
  PID:13412
- C:\Windows\System\PRalmzr.exe
  C:\Windows\System\PRalmzr.exe
  2⤵
  PID:13440
- C:\Windows\System\EWxazHl.exe
  C:\Windows\System\EWxazHl.exe
  2⤵
  PID:13468
- C:\Windows\System\bXwDOik.exe
  C:\Windows\System\bXwDOik.exe
  2⤵
  PID:13496
- C:\Windows\System\LdpGHxY.exe
  C:\Windows\System\LdpGHxY.exe
  2⤵
  PID:13524
- C:\Windows\System\uIBEmTq.exe
  C:\Windows\System\uIBEmTq.exe
  2⤵
  PID:13552
- C:\Windows\System\mrRWbdH.exe
  C:\Windows\System\mrRWbdH.exe
  2⤵
  PID:13580
- C:\Windows\System\QYYRFsp.exe
  C:\Windows\System\QYYRFsp.exe
  2⤵
  PID:13608
- C:\Windows\System\piVwzYH.exe
  C:\Windows\System\piVwzYH.exe
  2⤵
  PID:13648
- C:\Windows\System\CbmerUO.exe
  C:\Windows\System\CbmerUO.exe
  2⤵
  PID:13676
- C:\Windows\System\EsxgExb.exe
  C:\Windows\System\EsxgExb.exe
  2⤵
  PID:13704
- C:\Windows\System\xlgKYle.exe
  C:\Windows\System\xlgKYle.exe
  2⤵
  PID:13736
- C:\Windows\System\MTYULxd.exe
  C:\Windows\System\MTYULxd.exe
  2⤵
  PID:13764
- C:\Windows\System\xQcmrnc.exe
  C:\Windows\System\xQcmrnc.exe
  2⤵
  PID:13800
- C:\Windows\System\owCMtnS.exe
  C:\Windows\System\owCMtnS.exe
  2⤵
  PID:13848
- C:\Windows\System\KaXVLwA.exe
  C:\Windows\System\KaXVLwA.exe
  2⤵
  PID:13880
- C:\Windows\System\HjDhDYj.exe
  C:\Windows\System\HjDhDYj.exe
  2⤵
  PID:13908
- C:\Windows\System\rnEoiiA.exe
  C:\Windows\System\rnEoiiA.exe
  2⤵
  PID:13944
- C:\Windows\System\dwcvsPZ.exe
  C:\Windows\System\dwcvsPZ.exe
  2⤵
  PID:13976
- C:\Windows\System\nrQsDpU.exe
  C:\Windows\System\nrQsDpU.exe
  2⤵
  PID:14044
- C:\Windows\System\Nniccam.exe
  C:\Windows\System\Nniccam.exe
  2⤵
  PID:14084
- C:\Windows\System\fQUaliP.exe
  C:\Windows\System\fQUaliP.exe
  2⤵
  PID:14116
- C:\Windows\System\cDgQtOi.exe
  C:\Windows\System\cDgQtOi.exe
  2⤵
  PID:14144
- C:\Windows\System\QQCiwXi.exe
  C:\Windows\System\QQCiwXi.exe
  2⤵
  PID:14160
- C:\Windows\System\vnfEmvf.exe
  C:\Windows\System\vnfEmvf.exe
  2⤵
  PID:14180
- C:\Windows\System\ztSdylf.exe
  C:\Windows\System\ztSdylf.exe
  2⤵
  PID:14196
- C:\Windows\System\lfMGWBN.exe
  C:\Windows\System\lfMGWBN.exe
  2⤵
  PID:14224
- C:\Windows\System\JKtrxCK.exe
  C:\Windows\System\JKtrxCK.exe
  2⤵
  PID:14272
- C:\Windows\System\RedyRMb.exe
  C:\Windows\System\RedyRMb.exe
  2⤵
  PID:14320
- C:\Windows\System\oiebnpF.exe
  C:\Windows\System\oiebnpF.exe
  2⤵
  PID:13316
- C:\Windows\System\pohraPX.exe
  C:\Windows\System\pohraPX.exe
  2⤵
  PID:13348
- C:\Windows\System\HyLWfWO.exe
  C:\Windows\System\HyLWfWO.exe
  2⤵
  PID:13544
- C:\Windows\System\ZuwqLui.exe
  C:\Windows\System\ZuwqLui.exe
  2⤵
  PID:13596
- C:\Windows\System\aSDoLDM.exe
  C:\Windows\System\aSDoLDM.exe
  2⤵
  PID:13656
- C:\Windows\System\xQOSOgL.exe
  C:\Windows\System\xQOSOgL.exe
  2⤵
  PID:5028
- C:\Windows\System\DYqsEyB.exe
  C:\Windows\System\DYqsEyB.exe
  2⤵
  PID:13728
- C:\Windows\System\vszHimK.exe
  C:\Windows\System\vszHimK.exe
  2⤵
  PID:13808
- C:\Windows\System\KbNptEV.exe
  C:\Windows\System\KbNptEV.exe
  2⤵
  PID:13896
- C:\Windows\System\rGNIAuF.exe
  C:\Windows\System\rGNIAuF.exe
  2⤵
  PID:13964
- C:\Windows\System\LZRxUtT.exe
  C:\Windows\System\LZRxUtT.exe
  2⤵
  PID:14036
- C:\Windows\System\adrkrSw.exe
  C:\Windows\System\adrkrSw.exe
  2⤵
  PID:14140
- C:\Windows\System\wRUTPuI.exe
  C:\Windows\System\wRUTPuI.exe
  2⤵
  PID:14188
- C:\Windows\System\nqWrbRH.exe
  C:\Windows\System\nqWrbRH.exe
  2⤵
  PID:14264
- C:\Windows\System\UVTpgWt.exe
  C:\Windows\System\UVTpgWt.exe
  2⤵
  PID:14328
- C:\Windows\System\JwIKfdA.exe
  C:\Windows\System\JwIKfdA.exe
  2⤵
  PID:13512
- C:\Windows\System\xRYSLQB.exe
  C:\Windows\System\xRYSLQB.exe
  2⤵
  PID:1772
- C:\Windows\System\VSYnNoh.exe
  C:\Windows\System\VSYnNoh.exe
  2⤵
  PID:13776
- C:\Windows\System\XwnAonB.exe
  C:\Windows\System\XwnAonB.exe
  2⤵
  PID:13932
- C:\Windows\System\TaBGWVg.exe
  C:\Windows\System\TaBGWVg.exe
  2⤵
  PID:14176
- C:\Windows\System\yOdIoxk.exe
  C:\Windows\System\yOdIoxk.exe
  2⤵
  PID:14332
- C:\Windows\System\LwIKCWZ.exe
  C:\Windows\System\LwIKCWZ.exe
  2⤵
  PID:13628
- C:\Windows\System\jhaMErv.exe
  C:\Windows\System\jhaMErv.exe
  2⤵
  PID:14136
- C:\Windows\System\pzsCAOL.exe
  C:\Windows\System\pzsCAOL.exe
  2⤵
  PID:13576
- C:\Windows\System\pYYKQIS.exe
  C:\Windows\System\pYYKQIS.exe
  2⤵
  PID:13488
- C:\Windows\System\WNmFlbF.exe
  C:\Windows\System\WNmFlbF.exe
  2⤵
  PID:14352
- C:\Windows\System\UaHKqZA.exe
  C:\Windows\System\UaHKqZA.exe
  2⤵
  PID:14392
- C:\Windows\System\qxeFVJn.exe
  C:\Windows\System\qxeFVJn.exe
  2⤵
  PID:14412
- C:\Windows\System\HZukxpu.exe
  C:\Windows\System\HZukxpu.exe
  2⤵
  PID:14440
- C:\Windows\System\XEKdNcK.exe
  C:\Windows\System\XEKdNcK.exe
  2⤵
  PID:14468
- C:\Windows\System\DLcJYxC.exe
  C:\Windows\System\DLcJYxC.exe
  2⤵
  PID:14496
- C:\Windows\System\AQmFDCL.exe
  C:\Windows\System\AQmFDCL.exe
  2⤵
  PID:14524
- C:\Windows\System\PPrjPaO.exe
  C:\Windows\System\PPrjPaO.exe
  2⤵
  PID:14552
- C:\Windows\System\YMVbJbP.exe
  C:\Windows\System\YMVbJbP.exe
  2⤵
  PID:14580
- C:\Windows\System\mekKjGx.exe
  C:\Windows\System\mekKjGx.exe
  2⤵
  PID:14692

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BWScxdC.exe

Filesize
2.1MB

MD5
c7488e5d55e3eac10ecc4d9b775de006

SHA1
a56f25770db25dea2c56d9c00012e135b6356900

SHA256
2c24e3452d7ad9438ff85708ea246043c289caa93f821221a22daf2a133841a5

SHA512
c0d3cf9b87ce518c9449ca5b97e5a20789d06d0afe1a4bc9338599e979044fa0069ab1af329f1696ce83abd2b59846b00834ae8e2ff3af614396305abb0ee074

Download Submit
C:\Windows\System\BpQIzib.exe

Filesize
2.1MB

MD5
1d4545c8bae52f1930874da11da29f49

SHA1
33102a89f8effedde51d453b4964ca629231bf15

SHA256
0196e95f38c084e3b538e7ab2e67a59a9f3a1f01d608eebc176b799f9f1ff4e8

SHA512
244b0258ad51f09a8add8b64086161d0320d5a5608dd5f714509c93f1de0b2314dfb902e62d8b1da5a20e0e2e8d0d0ac65a1a0092f671bd365bd5cf91f334704

Download Submit
C:\Windows\System\DFXKElS.exe

Filesize
2.1MB

MD5
911308f779c556000df0205f68ec2008

SHA1
16d72ab08fd58a91bcd0bdfff3afcff086ac2cae

SHA256
3fa7a715977245f74d859dafa85a587b1e3ba039b8c950fd1fcc957939ef7550

SHA512
e6242e393bbd1c5ccb158556c131f985950aedb58999ee9e9cf78f8198566a84baa5c177de01ab988b0b3bee49663e3a6b3b641de9c77c6f31e8ce545b29873b

Download Submit
C:\Windows\System\DZRpafI.exe

Filesize
2.1MB

MD5
6760da3874d27dc86eeba57fe22fbfc9

SHA1
835aa757ea7dc74811869865ca5161f838b808f6

SHA256
9fdc8176daac1b6995fd38ca6c98d89be7b26e43263aaaba3bf393260b39f9a6

SHA512
f9441c6ff7c6f5d2b1e2104aaf69b315dbfed8e261c71f686983a8883b831cdfe4a3eb6e424d157856fcbe8a335f3d0229adff84f3374e08325919b367ca9d4a

Download Submit
C:\Windows\System\DrSWSND.exe

Filesize
2.1MB

MD5
ee85bd37e423887e26858c10f849f416

SHA1
41481a8d9b8969654f76f17b0ffaafe1b7f512c4

SHA256
99e3ca08b693354c32d78a68f1d052b2a973051277fed55799e1dbddc24d08b3

SHA512
9a1ffd2a027ee14c76d2d0c6f6710875aa23b9469c7016d8d23060fe8aec6b3300eeb46e8e3b814ac77b21f7c3bb2509a0c813ea966e1e2e620ef3d26fe33551

Download Submit
C:\Windows\System\EQRzdvQ.exe

Filesize
2.1MB

MD5
9adaafc61d523cfaca3d36a5ddf4207f

SHA1
cc855f5948fc2eb6659d37d7dfbc4b2cd4ec5caa

SHA256
c17681ffbd8ca6e32a93884e961e6d8074ce75c44c346b3fc4ea06a0f3550d0c

SHA512
d9d51857d093ee42ed1c8c33e68e120c6afd9ff416622d5083e5bb5fb654bfced2f6667aba32a198046ad54b65f50663bf2a7189c7e6be9ff6968a1efeea203a

Download Submit
C:\Windows\System\ElQpzQi.exe

Filesize
2.1MB

MD5
0ae04c5679ee1a72fc9cded64cc12354

SHA1
bbd8ea1285453d62667ad42b6421dafd9c09cf63

SHA256
630a6d079564051e76e22fa0708115aadd77fd420952fa9459afa6bf21f7db78

SHA512
29dcd60c9c8d08ae95703d719fbcae1c4b0f88118522164acf2e13526e0cd8dc08358f0dce4ede22bc12b73c5d0f536d6f9b2cf5344ad823c93c30d2db9287f9

Download Submit
C:\Windows\System\HuKJVxa.exe

Filesize
2.1MB

MD5
e162d7c1198ebd053206d024077551dc

SHA1
3e8ea3e4601790b57c7dc4eb244e9e29da608d90

SHA256
b0dcf569e9be3ed04480e4c0e8ce051228c9ae6930111a57d730ca766c5689e5

SHA512
00b563ca12e0d48997d90924382e73aa47fcb167b0abe1a838f2b929f06b99e3aa378d560b3a8613628c67a9a900b1fcb4a19edce782c731492d7ed897ac9958

Download Submit
C:\Windows\System\IMNwzxi.exe

Filesize
2.1MB

MD5
4884e04661033b929d99a0f129fb984c

SHA1
da534aca41ff56ef5592d3020defbaf727ff233c

SHA256
3f656ce33703acaa2ffdd275662de1ee2f5d39db1dd8d679ccf3a25aebc87c70

SHA512
da3158cbaf9ee652ee1af147ac2922bb05824b9cedbdb3aab47c5cd64fc07e9fa3af967f0a9e13870ae5859dae950ca10866e3cf5123b60555804e3267178cf7

Download Submit
C:\Windows\System\LTkiTFM.exe

Filesize
2.1MB

MD5
0abab976c9735d7cc092379d8fcbf7ef

SHA1
eeff3b881e1f5b9ab2babbe2a12592fce71e85d8

SHA256
209197f789327f5f8e91f06b88e22a4bceb0b0cff1505d31e660ce4f9ae94d39

SHA512
7c1f7a405ba4a2f01181be11404a713f2de1b6f3eb09d7faacd7ca8538e15bc7d2fe094e0c11592ab5d8bc164eb93176653a1d9a6033d9d425cccf7e3dcf5efb

Download Submit
C:\Windows\System\QwNKmje.exe

Filesize
2.1MB

MD5
ebc9f60d2a53968f1103dfbd59c195da

SHA1
3455c5fbb92d4ea647ba019aedcb5bfceda5c5bb

SHA256
ac65448a749b57cc82840e06f6cf3f7447aa8158294359556940271515f7a7f6

SHA512
391cda7ce365fc763d0e8b3684a9746095e34324b3c89f933497c3c92a940e24c6c8042e226077155c0b0e975c669e038ddf7d76763bf9acece1b7864c68ce77

Download Submit
C:\Windows\System\RGCvbVl.exe

Filesize
2.1MB

MD5
f1fcf91b69693cbf8fb3b16cf9dfd649

SHA1
e7d2dfc212ddae56085b622a3dabc4213e064276

SHA256
a6e3526a06be1c345dd2e00582902f9d6db170fc3a54cb7ae33ae060ef3491ef

SHA512
5567afc287ad6c4aa6b657085ae50606b996f3cbfc99ee10a15a65fd005570a91a3ffbee9f55811eb05c0c1b5517fbbd350f87082f169a329b69719689e4d4e4

Download Submit
C:\Windows\System\ShhiHyn.exe

Filesize
2.1MB

MD5
4453bbf0736ae9ae92814d46369f2d10

SHA1
b6db4d31e9ca923fc29090beb5ee8e0e4325be60

SHA256
c2799dfa6c4567bf4f3611a8dbe8fcacc1fe985788de85b8525bea20a74238b5

SHA512
61fe98ede9e8c7558c078a7db003da1ab1011a1258a66b0dc220cae4b7d22cf720fe604cdc823c2295adff196614711c5e41d3d513c5bcbbe68c96ee07e60aa4

Download Submit
C:\Windows\System\TbEFmKE.exe

Filesize
2.1MB

MD5
2357a17fcdb2c9dcfe4cd0c7232c477e

SHA1
11d990cd557ce9caf47e1ec5ae0603537d1c6bb0

SHA256
76b21b025e14b3b990e107e3cf316d1bce9409bab215c4bdf2c44f9acea9cef0

SHA512
a40b98a8791d52ddd0b1b3997b2167879e887c518621fab46f4ce64c4b9b85ffb2cea2a330e864de528f7ed3eede9264dd4b929f7c20c94f64cac2776675a869

Download Submit
C:\Windows\System\TmyaHwY.exe

Filesize
2.1MB

MD5
61c2df33e8fddfecf4dd1c72b7dcdcec

SHA1
d7d70d7d1da090dd9c116334facb88e53629805b

SHA256
40c779d7139f41e2e6e16b53c8813024ec575b536c0d28b18fa5b0bd26494b08

SHA512
cc875b9638d710d2e55fe5e6c6e727e1549c7e9f646e723876b8315f0345c445fb4169715bb22e9ff49e1e98238f4a3689cb288e356d7748936788a5f6517535

Download Submit
C:\Windows\System\aKHWZql.exe

Filesize
2.1MB

MD5
62438e0a6e3bbccacad43b7937aec721

SHA1
ffb0e17b50dcb9a687684835ab61a6e96281cfa7

SHA256
dac5b6fb3deb4feea772a0023c3b90fd802bf976c9c0e176cae623ee4f2c9199

SHA512
6bb839da01ebec9adb8224566fab4414fe0c89c538d7c1b9bd9e4e7df04ff23447d46e2498c1b3f6895aa02bad2422432ece5e7876acfdd1bdc744dd95a2bc89

Download Submit
C:\Windows\System\atymQSz.exe

Filesize
2.1MB

MD5
7cca8f207dbe20d69fd5a4d6297656ef

SHA1
3a7fd2056b256fb6cad63a5652df0737716b2055

SHA256
349486c6e0278a00b31f6e8c834127991f3bda503fd500a36a92f598e07aff0c

SHA512
6a11cd0a3fc8d73130c2d4728bd7f12dcb851575cb6e6282f2391ffc4b1b9fd86fa92380efcf2f545c7c66a1595dc6235b997b94fb6391818f8b99a46294d1d8

Download Submit
C:\Windows\System\ebUINpB.exe

Filesize
2.1MB

MD5
e2e7ca856286964182ddaede779fb533

SHA1
890eafe1b0cbbc7bfeb5eb439774a014abd3ba57

SHA256
f3d6134530fb1e60016463219540bc110de83e7e180868ed8f479966333c5176

SHA512
36ee7df5a249091c2a6a40ce3befa761ce7d02bb0a8fa976a81dca2db5c8a012da9eaabd84575bc7099476b855828df7b63a8adc210cb4be2d2937781a10b805

Download Submit
C:\Windows\System\gNvtQNK.exe

Filesize
2.0MB

MD5
42d8a43971373ca96c546b5db5d87434

SHA1
a29a1e378d7f303ddf18ea9f77011a4c734bdf8e

SHA256
43154dcd2021a02627eea763f60d0c02a2a92c96ca87c8ac33292e140f64a6c7

SHA512
73ff831c25b574078349e169fa73db088123be36e1075e33cc6a38f13c89d69e8331216f2a9d72a2db8c90725d2cf60253d31f0034da4e4e7cabba9e583338a4

Download Submit
C:\Windows\System\gNvtQNK.exe

Filesize
2.1MB

MD5
ba0683a12ec186798f6504da43d3c1de

SHA1
d85b5e97223a29f90a10ef9eafe6224f13a47a16

SHA256
0c3392432772ee82c796838a5da3aa5016df5354a3530fc299dedf891e371bca

SHA512
477116c4c5506970c657d9fbba214741fc5c43a90852bc649b618b9e821699e5854b54d0b99c710fdb18655461d5d65f666f032d93bae0c894933b14f7d9286d

Download Submit
C:\Windows\System\ggOTDyA.exe

Filesize
2.1MB

MD5
cda894d0dad70ca5d9880164f7bfde42

SHA1
7a27e7e5a5b67b70ed9e630ed3c2c205c5f0f91e

SHA256
d8037cf41a4dae1f25aa126870d00c08a22ce595ebe7f7b7a4eb64ceae6bed14

SHA512
940703c95d85356356f318d5d707aedb84a6bc56fc3b9a538de2757a9214bd85e8e70def342b78b14dbff48203fbd315952f649495353dffb5d4e1c0651dd4e3

Download Submit
C:\Windows\System\gpMTkEO.exe

Filesize
2.1MB

MD5
e96392a236064bc121476542b59cb0db

SHA1
ebd159d87fa0073f3f998967116be62f9fb7ec5c

SHA256
d5d78a664568394a494fc0bf9384c2aff3dc6dba7e0e01663ba290c5760eb36c

SHA512
9b9d286ba59c0fea2d85c3ff5d9bca57322162c5bee66317eba425c875fa262b12d4b62e11eff0db770c6f839ddeb674a859d164600aa54705df483a4c1bd8f7

Download Submit
C:\Windows\System\gujfdJN.exe

Filesize
2.1MB

MD5
68b536f8bc5b1aee67447565b987d75c

SHA1
5f17ec775d877e5cd0d0713005f62f06dd0085ad

SHA256
b3869fb4fa65c31a154f01d390b943ae4bacf8f3ba8ecb0674d5dffeb4b9fa8c

SHA512
4f9ca9ef61ecee15ea9383a9912a13aa050161821c03e6e03593d29e2810d8e917715927e36bcc5c4cb162150107fe1ba10e4cc6ec186893089e44d925fe6dcf

Download Submit
C:\Windows\System\hCiOLYI.exe

Filesize
2.1MB

MD5
f00b13cc19e478b75547c59c12200729

SHA1
65db2324b4ec04d151e8320ed38bbb8a141d41d2

SHA256
a225828c54762d4fe557e33ef51684f32ae14a2c8319b3450151002f2a3129f8

SHA512
e8c0ad77e9c99f3f376c36cc48ccfb445799eebbc985463ee06dbdfa3150578db6917fb1ee42779ca9b777d6d84fc2fa77bf0f85ff6bacdb64c69b16ad4cfdb8

Download Submit
C:\Windows\System\iEMjdHi.exe

Filesize
2.1MB

MD5
a66d1b0f8f7d701bafd6e537c1a844fc

SHA1
a73b5748cd257ed9543535f8183b253f04fc526b

SHA256
d54558109aff517f72ca5b07643d1ff6b7b2af1474fb94e7c399415089725c68

SHA512
db8de89c590d2c37d9b572f932a5761d8af66d661503d32f4eff1a33df9c6f09a1614db9f41a49f66423d4a6ea1477a95cce7fbf91a8a2bee20bbfebddc8ef1b

Download Submit
C:\Windows\System\pnCcHbp.exe

Filesize
2.1MB

MD5
b2c65106527be1c1c67b2951b79c0f56

SHA1
0ea0c1ae78ec0e6711786acb4f0972f2dd120318

SHA256
b32cc8131373ed75adf8d8a0de163d8516e926904a8f91597660e759efae0355

SHA512
ad688472395172e906d2991bb87b467f777d81799924824d6582a1e2d32f1dd0e5ae624d5cf46f59876326aee32ec81ef46dc8592c27599d2c684b314b1bc271

Download Submit
C:\Windows\System\rFnvRCD.exe

Filesize
2.1MB

MD5
20e4591ba75b4a3225c514e036c04fee

SHA1
2ad0a6eda68d37c558a8c7e433291d8879e0fa1e

SHA256
509f39d59954a76cb97f1762177853046a237518e267daf2a8a2d448cc93aea1

SHA512
0065f1cff25a955baa80dcba5660db3eb747d7df644758a36e78c6fdd9454b2013c825cb7d77b29e4ddce19b97f59971de69056f689b012c0eec5b5948c29a35

Download Submit
C:\Windows\System\rJNuprw.exe

Filesize
2.1MB

MD5
4d2e5144e4f3f04c911028cba296d567

SHA1
2f6f4371adc5fcc8ab451068740b629dde5f632a

SHA256
3dbec4793596c08753f2dddf269f6ae8c2440c4410a487a52b0462043cc776bb

SHA512
b061bed47f85e8860fc78c8bc68aa3e16eb91819cd8b98a916dbe2d7f68aaf1678f4ad8f3606af7299046781de54e0e00f3834812c7e2921c39023e71673c880

Download Submit
C:\Windows\System\sFxOWJz.exe

Filesize
2.1MB

MD5
e95fef04053b837fec94839a8f69332d

SHA1
666d2f453ed00a6d35c8bda91cdc853abea9b987

SHA256
eaa42a3bf62c223cb5eb0a923db5d8460d9d494b77682cc31b5ef32f01cb59ad

SHA512
2a23dba632344ecaefc0633b6631d9cf7fe96cd9eeebc8322270888a75f335f96cf2dc74a59a23c30c230babb95219545a5fe329b5dd55f7f3dffc0a7e60a054

Download Submit
C:\Windows\System\tDyiOfN.exe

Filesize
2.1MB

MD5
ee84566097c347cc1ca90706bb52dcf6

SHA1
2c24b2067275e7dd85ed9b6036f61cf9ba16364a

SHA256
22d98e3d41f368cd2bc93f1494b7106fd1eca0bb0f0e332fcfe3cd084b979264

SHA512
f5fa19ec810236a77e2a19a4d1aeb3b86f454a7d07b7e3103937d79682799fdf5ac4c1a8a3fc7eaae4166c5437b0522af9114b7e8c0e7be01199322919b8a33c

Download Submit
C:\Windows\System\vhwJFlT.exe

Filesize
2.1MB

MD5
f5d645a01e6256fc1869c660c70aaee3

SHA1
ab7510f26756053104998c793252632f66dc7037

SHA256
d9462f41618cf9aa6eb57ee8b24a70b81aff96d99dd760207355e03f7f0cc964

SHA512
d5e3005b4d33d8dc091e913de97d2ba8a247bd1c623c666dfcefdee2f7c74b78404f416d90d6f834df96086579e058fb64f5170071631d9716f4c32945f14baa

Download Submit
C:\Windows\System\xZkVCnw.exe

Filesize
2.1MB

MD5
3b50afea9038d41aa067b0fbb69ba0d4

SHA1
c41b487fb5f2094ac809194e690594d27973c832

SHA256
c032dadb3bacaba01ceaa121af21b36dcfa8aa7675ba374a73acaef8724ce731

SHA512
6fdf1e956bd5a30ca2ecd2be9e7efb103e4e7775027dfa7d650a3998e877f2dad18ea2c5e269d79233b02c3fd33645e993a6fcaacfabb3cc3939f1333a5ec80a

Download Submit
C:\Windows\System\xeYVVEs.exe

Filesize
2.1MB

MD5
a49a518170c1029303111397c1f1ae26

SHA1
75b84dfcff6f76fe613e77531a4ee9136f652e84

SHA256
bc5a4a77c7f500e2fc381ada1c56ab87af29d5e5f096eb0b9219717c8429b779

SHA512
45b30ccfb714f2bc64c5db11788abab94044f691a052082c37407ee1004bd0d3b090693e1162e1e3ab9078335f198b7ec981dfbfc46f5dc6baaf50b9c918922e

Download Submit
C:\Windows\System\xlfvNsq.exe

Filesize
2.1MB

MD5
bd58772088f20974303e6e669af8c38c

SHA1
895e6f5323fc5b1dfeb48d3c0a4457c50834601a

SHA256
a51bc277c7ea7fbd77a0b822b162c783cfa443e640421e84e86b17e54f219f49

SHA512
54937f2d7a6915985f240ba62b776b1f11b34b86f08c4c0a90d828386e5b630f3e49cb53ec53993d850f3e8ac8559d42e33b20141e4911d8ae0cd70cf9b7af73

Download Submit
memory/60-505-0x00007FF670D10000-0x00007FF671064000-memory.dmp

Filesize
3.3MB

Download
memory/60-2133-0x00007FF670D10000-0x00007FF671064000-memory.dmp

Filesize
3.3MB

Download
memory/528-1912-0x00007FF6245E0000-0x00007FF624934000-memory.dmp

Filesize
3.3MB

Download
memory/528-1-0x0000017C64CD0000-0x0000017C64CE0000-memory.dmp

Filesize
64KB

Download
memory/528-0-0x00007FF6245E0000-0x00007FF624934000-memory.dmp

Filesize
3.3MB

Download
memory/1124-52-0x00007FF6B5220000-0x00007FF6B5574000-memory.dmp

Filesize
3.3MB

Download
memory/1124-2111-0x00007FF6B5220000-0x00007FF6B5574000-memory.dmp

Filesize
3.3MB

Download
memory/1192-502-0x00007FF7ABAB0000-0x00007FF7ABE04000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2130-0x00007FF7ABAB0000-0x00007FF7ABE04000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2131-0x00007FF7979C0000-0x00007FF797D14000-memory.dmp

Filesize
3.3MB

Download
memory/1300-503-0x00007FF7979C0000-0x00007FF797D14000-memory.dmp

Filesize
3.3MB

Download
memory/1528-504-0x00007FF744CB0000-0x00007FF745004000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2132-0x00007FF744CB0000-0x00007FF745004000-memory.dmp

Filesize
3.3MB

Download
memory/1564-34-0x00007FF6DFD30000-0x00007FF6E0084000-memory.dmp

Filesize
3.3MB

Download
memory/1564-2109-0x00007FF6DFD30000-0x00007FF6E0084000-memory.dmp

Filesize
3.3MB

Download
memory/1596-2125-0x00007FF7DCA70000-0x00007FF7DCDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-491-0x00007FF7DCA70000-0x00007FF7DCDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-442-0x00007FF701E80000-0x00007FF7021D4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2113-0x00007FF701E80000-0x00007FF7021D4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-498-0x00007FF7AAEE0000-0x00007FF7AB234000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2126-0x00007FF7AAEE0000-0x00007FF7AB234000-memory.dmp

Filesize
3.3MB

Download
memory/2292-458-0x00007FF651D10000-0x00007FF652064000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2119-0x00007FF651D10000-0x00007FF652064000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2120-0x00007FF6574D0000-0x00007FF657824000-memory.dmp

Filesize
3.3MB

Download
memory/2336-461-0x00007FF6574D0000-0x00007FF657824000-memory.dmp

Filesize
3.3MB

Download
memory/2492-499-0x00007FF737470000-0x00007FF7377C4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2127-0x00007FF737470000-0x00007FF7377C4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-9-0x00007FF7061F0000-0x00007FF706544000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2106-0x00007FF7061F0000-0x00007FF706544000-memory.dmp

Filesize
3.3MB

Download
memory/2976-475-0x00007FF6D1440000-0x00007FF6D1794000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2123-0x00007FF6D1440000-0x00007FF6D1794000-memory.dmp

Filesize
3.3MB

Download
memory/3328-451-0x00007FF675D50000-0x00007FF6760A4000-memory.dmp

Filesize
3.3MB

Download
memory/3328-2118-0x00007FF675D50000-0x00007FF6760A4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-41-0x00007FF76C0D0000-0x00007FF76C424000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2110-0x00007FF76C0D0000-0x00007FF76C424000-memory.dmp

Filesize
3.3MB

Download
memory/3408-439-0x00007FF7414A0000-0x00007FF7417F4000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2115-0x00007FF7414A0000-0x00007FF7417F4000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2105-0x00007FF7414A0000-0x00007FF7417F4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-487-0x00007FF7D9DE0000-0x00007FF7DA134000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2124-0x00007FF7D9DE0000-0x00007FF7DA134000-memory.dmp

Filesize
3.3MB

Download
memory/3508-22-0x00007FF6D14B0000-0x00007FF6D1804000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2108-0x00007FF6D14B0000-0x00007FF6D1804000-memory.dmp

Filesize
3.3MB

Download
memory/3568-446-0x00007FF6E1DA0000-0x00007FF6E20F4000-memory.dmp

Filesize
3.3MB

Download
memory/3568-2114-0x00007FF6E1DA0000-0x00007FF6E20F4000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2129-0x00007FF673E40000-0x00007FF674194000-memory.dmp

Filesize
3.3MB

Download
memory/3684-501-0x00007FF673E40000-0x00007FF674194000-memory.dmp

Filesize
3.3MB

Download
memory/3724-2117-0x00007FF689860000-0x00007FF689BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3724-450-0x00007FF689860000-0x00007FF689BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3736-511-0x00007FF618290000-0x00007FF6185E4000-memory.dmp

Filesize
3.3MB

Download
memory/3736-2116-0x00007FF618290000-0x00007FF6185E4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-506-0x00007FF6D43B0000-0x00007FF6D4704000-memory.dmp

Filesize
3.3MB

Download
memory/3888-2134-0x00007FF6D43B0000-0x00007FF6D4704000-memory.dmp

Filesize
3.3MB

Download
memory/4064-468-0x00007FF771370000-0x00007FF7716C4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-2121-0x00007FF771370000-0x00007FF7716C4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-2128-0x00007FF6F2C80000-0x00007FF6F2FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-500-0x00007FF6F2C80000-0x00007FF6F2FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-508-0x00007FF7CFAB0000-0x00007FF7CFE04000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2112-0x00007FF7CFAB0000-0x00007FF7CFE04000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2107-0x00007FF6370E0000-0x00007FF637434000-memory.dmp

Filesize
3.3MB

Download
memory/4712-16-0x00007FF6370E0000-0x00007FF637434000-memory.dmp

Filesize
3.3MB

Download
memory/4744-469-0x00007FF7AF290000-0x00007FF7AF5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4744-2122-0x00007FF7AF290000-0x00007FF7AF5E4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads