xmrig | 25f53adb0b8d57904d9092c5914770764bbbb44fb4ef0322f13f9e1ab9d62959

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
Size

1.9MB
MD5

461b16b34417d3fec9ec8a2daf9e7680
SHA1

5ecbee16aedcd951253173e434e26315a433312c
SHA256

25f53adb0b8d57904d9092c5914770764bbbb44fb4ef0322f13f9e1ab9d62959
SHA512

7c414ba9717e15f2e85b4e3c88c0f2669d1cdb9631064e5f3872a0c6773d6470d08f06769608dfb0965db40fa72b7cabe9f694729605e3425832048820efc3b0
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIaHs1PTma87NQ8:BemTLkNdfE0pZrS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2812-0-0x00007FF6231C0000-0x00007FF623514000-memory.dmp	xmrig
behavioral2/files/0x00050000000232a4-5.dat	xmrig
behavioral2/files/0x000a00000002340d-11.dat	xmrig
behavioral2/files/0x0007000000023416-38.dat	xmrig
behavioral2/files/0x0007000000023417-46.dat	xmrig
behavioral2/files/0x000700000002341a-58.dat	xmrig
behavioral2/files/0x000700000002341c-72.dat	xmrig
behavioral2/files/0x0007000000023422-102.dat	xmrig
behavioral2/memory/4644-733-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp	xmrig
behavioral2/memory/4400-732-0x00007FF675DE0000-0x00007FF676134000-memory.dmp	xmrig
behavioral2/memory/1364-734-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp	xmrig
behavioral2/memory/3820-745-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-166.dat	xmrig
behavioral2/files/0x000700000002342e-162.dat	xmrig
behavioral2/files/0x000700000002342f-161.dat	xmrig
behavioral2/files/0x000700000002342d-156.dat	xmrig
behavioral2/files/0x000700000002342c-152.dat	xmrig
behavioral2/files/0x000700000002342b-147.dat	xmrig
behavioral2/files/0x000700000002342a-142.dat	xmrig
behavioral2/files/0x0007000000023429-137.dat	xmrig
behavioral2/files/0x0007000000023428-132.dat	xmrig
behavioral2/files/0x0007000000023427-127.dat	xmrig
behavioral2/files/0x0007000000023426-122.dat	xmrig
behavioral2/files/0x0007000000023425-117.dat	xmrig
behavioral2/files/0x0007000000023424-112.dat	xmrig
behavioral2/files/0x0007000000023423-106.dat	xmrig
behavioral2/files/0x0007000000023421-97.dat	xmrig
behavioral2/files/0x0007000000023420-92.dat	xmrig
behavioral2/files/0x000700000002341f-87.dat	xmrig
behavioral2/files/0x000700000002341e-81.dat	xmrig
behavioral2/files/0x000700000002341d-77.dat	xmrig
behavioral2/files/0x000700000002341b-67.dat	xmrig
behavioral2/files/0x0007000000023419-56.dat	xmrig
behavioral2/files/0x0007000000023418-52.dat	xmrig
behavioral2/files/0x0007000000023415-36.dat	xmrig
behavioral2/files/0x0007000000023414-32.dat	xmrig
behavioral2/files/0x0008000000023413-30.dat	xmrig
behavioral2/memory/1984-24-0x00007FF61A990000-0x00007FF61ACE4000-memory.dmp	xmrig
behavioral2/memory/3776-21-0x00007FF6704E0000-0x00007FF670834000-memory.dmp	xmrig
behavioral2/files/0x0008000000023412-17.dat	xmrig
behavioral2/memory/3052-9-0x00007FF794920000-0x00007FF794C74000-memory.dmp	xmrig
behavioral2/memory/4716-749-0x00007FF70C080000-0x00007FF70C3D4000-memory.dmp	xmrig
behavioral2/memory/4976-752-0x00007FF79E950000-0x00007FF79ECA4000-memory.dmp	xmrig
behavioral2/memory/804-766-0x00007FF7C7A00000-0x00007FF7C7D54000-memory.dmp	xmrig
behavioral2/memory/5064-811-0x00007FF6D6920000-0x00007FF6D6C74000-memory.dmp	xmrig
behavioral2/memory/4556-818-0x00007FF6759B0000-0x00007FF675D04000-memory.dmp	xmrig
behavioral2/memory/2444-804-0x00007FF7ADB30000-0x00007FF7ADE84000-memory.dmp	xmrig
behavioral2/memory/2372-787-0x00007FF7C2FB0000-0x00007FF7C3304000-memory.dmp	xmrig
behavioral2/memory/3528-782-0x00007FF7836B0000-0x00007FF783A04000-memory.dmp	xmrig
behavioral2/memory/4524-776-0x00007FF709C60000-0x00007FF709FB4000-memory.dmp	xmrig
behavioral2/memory/3704-757-0x00007FF73A450000-0x00007FF73A7A4000-memory.dmp	xmrig
behavioral2/memory/3884-828-0x00007FF6E7070000-0x00007FF6E73C4000-memory.dmp	xmrig
behavioral2/memory/3368-836-0x00007FF6E9B50000-0x00007FF6E9EA4000-memory.dmp	xmrig
behavioral2/memory/1056-869-0x00007FF7EF8D0000-0x00007FF7EFC24000-memory.dmp	xmrig
behavioral2/memory/1804-859-0x00007FF6DBD90000-0x00007FF6DC0E4000-memory.dmp	xmrig
behavioral2/memory/1764-851-0x00007FF7D1890000-0x00007FF7D1BE4000-memory.dmp	xmrig
behavioral2/memory/1884-846-0x00007FF652D40000-0x00007FF653094000-memory.dmp	xmrig
behavioral2/memory/4788-841-0x00007FF7DE2E0000-0x00007FF7DE634000-memory.dmp	xmrig
behavioral2/memory/1732-876-0x00007FF620540000-0x00007FF620894000-memory.dmp	xmrig
behavioral2/memory/4216-887-0x00007FF79F3E0000-0x00007FF79F734000-memory.dmp	xmrig
behavioral2/memory/4920-892-0x00007FF715EA0000-0x00007FF7161F4000-memory.dmp	xmrig
behavioral2/memory/3456-901-0x00007FF66CBA0000-0x00007FF66CEF4000-memory.dmp	xmrig
behavioral2/memory/4528-883-0x00007FF678CE0000-0x00007FF679034000-memory.dmp	xmrig
behavioral2/memory/3052-2129-0x00007FF794920000-0x00007FF794C74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3052	DOmuwQT.exe
3776	jUwuHBb.exe
1984	KQERgnL.exe
4400	IxTqMhW.exe
4644	TIHxVNs.exe
1364	NVkreoO.exe
3820	DOCpzzz.exe
4716	sMOtqrE.exe
4976	WNmWjjA.exe
3704	JSLhche.exe
804	DQtjSVW.exe
4524	GbWfRPP.exe
3528	uVZVVHq.exe
2372	fGCemfK.exe
2444	paurmRW.exe
5064	XcsQKwR.exe
4556	wmNwELH.exe
3884	KSCCLHu.exe
3368	RXlSIOo.exe
4788	mBBaFzK.exe
1884	tieYvRP.exe
1764	MWAhmKY.exe
1804	ktrnfAE.exe
1056	PBwaxaQ.exe
1732	eNQzmXU.exe
4528	aYpCAYS.exe
4216	WkkTthh.exe
4920	uKnGRFI.exe
3456	CQwbAuA.exe
3296	XBqeAac.exe
3120	EWEDQiU.exe
2244	JZDwsru.exe
2728	JPXbDPV.exe
4180	PkzdXvc.exe
3620	BJrNvcw.exe
2232	LeoiHLe.exe
1152	GEHoIYO.exe
3604	bIKKJnL.exe
3280	sZYvETv.exe
3228	vTzsLSK.exe
344	aWvygGo.exe
3464	hRzYoYv.exe
3324	syfWwtp.exe
3648	XFJZBNi.exe
5044	qLNRUKK.exe
4824	shqEFFl.exe
1088	mribijy.exe
2704	woQbMnr.exe
2692	GfBSEWQ.exe
2824	pybEcbY.exe
760	lwrZprG.exe
2200	KfScRZE.exe
3584	hcNQAme.exe
912	qqldGBX.exe
4052	sokzGwJ.exe
2260	ajboTUv.exe
3756	eUlfLUK.exe
1824	nJAutAE.exe
5068	rAgfwNU.exe
3708	nzeIPZR.exe
2988	LSxBgtV.exe
2604	eYbKRtY.exe
3216	JyQMBnu.exe
3392	kgXtIAa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2812-0-0x00007FF6231C0000-0x00007FF623514000-memory.dmp	upx
behavioral2/files/0x00050000000232a4-5.dat	upx
behavioral2/files/0x000a00000002340d-11.dat	upx
behavioral2/files/0x0007000000023416-38.dat	upx
behavioral2/files/0x0007000000023417-46.dat	upx
behavioral2/files/0x000700000002341a-58.dat	upx
behavioral2/files/0x000700000002341c-72.dat	upx
behavioral2/files/0x0007000000023422-102.dat	upx
behavioral2/memory/4644-733-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp	upx
behavioral2/memory/4400-732-0x00007FF675DE0000-0x00007FF676134000-memory.dmp	upx
behavioral2/memory/1364-734-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp	upx
behavioral2/memory/3820-745-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp	upx
behavioral2/files/0x0007000000023430-166.dat	upx
behavioral2/files/0x000700000002342e-162.dat	upx
behavioral2/files/0x000700000002342f-161.dat	upx
behavioral2/files/0x000700000002342d-156.dat	upx
behavioral2/files/0x000700000002342c-152.dat	upx
behavioral2/files/0x000700000002342b-147.dat	upx
behavioral2/files/0x000700000002342a-142.dat	upx
behavioral2/files/0x0007000000023429-137.dat	upx
behavioral2/files/0x0007000000023428-132.dat	upx
behavioral2/files/0x0007000000023427-127.dat	upx
behavioral2/files/0x0007000000023426-122.dat	upx
behavioral2/files/0x0007000000023425-117.dat	upx
behavioral2/files/0x0007000000023424-112.dat	upx
behavioral2/files/0x0007000000023423-106.dat	upx
behavioral2/files/0x0007000000023421-97.dat	upx
behavioral2/files/0x0007000000023420-92.dat	upx
behavioral2/files/0x000700000002341f-87.dat	upx
behavioral2/files/0x000700000002341e-81.dat	upx
behavioral2/files/0x000700000002341d-77.dat	upx
behavioral2/files/0x000700000002341b-67.dat	upx
behavioral2/files/0x0007000000023419-56.dat	upx
behavioral2/files/0x0007000000023418-52.dat	upx
behavioral2/files/0x0007000000023415-36.dat	upx
behavioral2/files/0x0007000000023414-32.dat	upx
behavioral2/files/0x0008000000023413-30.dat	upx
behavioral2/memory/1984-24-0x00007FF61A990000-0x00007FF61ACE4000-memory.dmp	upx
behavioral2/memory/3776-21-0x00007FF6704E0000-0x00007FF670834000-memory.dmp	upx
behavioral2/files/0x0008000000023412-17.dat	upx
behavioral2/memory/3052-9-0x00007FF794920000-0x00007FF794C74000-memory.dmp	upx
behavioral2/memory/4716-749-0x00007FF70C080000-0x00007FF70C3D4000-memory.dmp	upx
behavioral2/memory/4976-752-0x00007FF79E950000-0x00007FF79ECA4000-memory.dmp	upx
behavioral2/memory/804-766-0x00007FF7C7A00000-0x00007FF7C7D54000-memory.dmp	upx
behavioral2/memory/5064-811-0x00007FF6D6920000-0x00007FF6D6C74000-memory.dmp	upx
behavioral2/memory/4556-818-0x00007FF6759B0000-0x00007FF675D04000-memory.dmp	upx
behavioral2/memory/2444-804-0x00007FF7ADB30000-0x00007FF7ADE84000-memory.dmp	upx
behavioral2/memory/2372-787-0x00007FF7C2FB0000-0x00007FF7C3304000-memory.dmp	upx
behavioral2/memory/3528-782-0x00007FF7836B0000-0x00007FF783A04000-memory.dmp	upx
behavioral2/memory/4524-776-0x00007FF709C60000-0x00007FF709FB4000-memory.dmp	upx
behavioral2/memory/3704-757-0x00007FF73A450000-0x00007FF73A7A4000-memory.dmp	upx
behavioral2/memory/3884-828-0x00007FF6E7070000-0x00007FF6E73C4000-memory.dmp	upx
behavioral2/memory/3368-836-0x00007FF6E9B50000-0x00007FF6E9EA4000-memory.dmp	upx
behavioral2/memory/1056-869-0x00007FF7EF8D0000-0x00007FF7EFC24000-memory.dmp	upx
behavioral2/memory/1804-859-0x00007FF6DBD90000-0x00007FF6DC0E4000-memory.dmp	upx
behavioral2/memory/1764-851-0x00007FF7D1890000-0x00007FF7D1BE4000-memory.dmp	upx
behavioral2/memory/1884-846-0x00007FF652D40000-0x00007FF653094000-memory.dmp	upx
behavioral2/memory/4788-841-0x00007FF7DE2E0000-0x00007FF7DE634000-memory.dmp	upx
behavioral2/memory/1732-876-0x00007FF620540000-0x00007FF620894000-memory.dmp	upx
behavioral2/memory/4216-887-0x00007FF79F3E0000-0x00007FF79F734000-memory.dmp	upx
behavioral2/memory/4920-892-0x00007FF715EA0000-0x00007FF7161F4000-memory.dmp	upx
behavioral2/memory/3456-901-0x00007FF66CBA0000-0x00007FF66CEF4000-memory.dmp	upx
behavioral2/memory/4528-883-0x00007FF678CE0000-0x00007FF679034000-memory.dmp	upx
behavioral2/memory/3052-2129-0x00007FF794920000-0x00007FF794C74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FYlIpmT.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\qwtgeDK.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\OcFmbnf.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\DOCpzzz.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\ivwFCuP.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\yoveKJb.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\XtSogOq.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\sCVaJdI.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\wmwfWzQ.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\XBqeAac.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\sxRLzrV.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\QroanCJ.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\VSQZUGy.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\klMgGjq.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\aUwcKqy.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\MHLBxDA.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\IhpEwoD.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\tOcehvv.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\IIPQQZe.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\JflYqZn.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\SkubsfA.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\gaDtYdd.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\nwmSPIj.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\qaVJyVt.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\omgchqi.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\cqIcvjV.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\JyQMBnu.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\QBsRldh.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\fRsAtQl.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\dPhQvIP.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\OosEDjf.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\ZghpWuP.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\gkSLBtQ.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\WNmWjjA.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\YkXMYcv.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\kUohaaN.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\fIAFiVc.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\wRLfExc.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\rcAbdBw.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\uDbUIEI.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\AvkGGLj.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\SOnYMWo.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\tasGTRw.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\WtCPvNS.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\nCSXMWe.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\qyiCouh.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\rlYyXEs.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\jVOdBso.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\FsVRLTd.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\FmtjPSQ.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\woQbMnr.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\nxaGBwV.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\TPAPmXC.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\TZNzvzc.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\NlBWNyp.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\RAQLqQM.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\kkusVAH.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\xnkgACj.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\mezlpgm.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\SKeYnZw.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\hcNQAme.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\nXNfXjl.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\cuFmFkU.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
File created	C:\Windows\System\MtxoazA.exe	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13532	dwm.exe
Token: SeChangeNotifyPrivilege	13532	dwm.exe
Token: 33	13532	dwm.exe
Token: SeIncBasePriorityPrivilege	13532	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 3052	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	83
PID 2812 wrote to memory of 3052	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	83
PID 2812 wrote to memory of 3776	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	84
PID 2812 wrote to memory of 3776	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	84
PID 2812 wrote to memory of 1984	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	85
PID 2812 wrote to memory of 1984	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	85
PID 2812 wrote to memory of 4400	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	86
PID 2812 wrote to memory of 4400	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	86
PID 2812 wrote to memory of 4644	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	87
PID 2812 wrote to memory of 4644	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	87
PID 2812 wrote to memory of 1364	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	88
PID 2812 wrote to memory of 1364	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	88
PID 2812 wrote to memory of 3820	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	89
PID 2812 wrote to memory of 3820	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	89
PID 2812 wrote to memory of 4716	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	90
PID 2812 wrote to memory of 4716	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	90
PID 2812 wrote to memory of 4976	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	91
PID 2812 wrote to memory of 4976	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	91
PID 2812 wrote to memory of 3704	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	92
PID 2812 wrote to memory of 3704	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	92
PID 2812 wrote to memory of 804	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	93
PID 2812 wrote to memory of 804	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	93
PID 2812 wrote to memory of 4524	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	94
PID 2812 wrote to memory of 4524	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	94
PID 2812 wrote to memory of 3528	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	95
PID 2812 wrote to memory of 3528	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	95
PID 2812 wrote to memory of 2372	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	96
PID 2812 wrote to memory of 2372	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	96
PID 2812 wrote to memory of 2444	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	97
PID 2812 wrote to memory of 2444	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	97
PID 2812 wrote to memory of 5064	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	98
PID 2812 wrote to memory of 5064	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	98
PID 2812 wrote to memory of 4556	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	99
PID 2812 wrote to memory of 4556	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	99
PID 2812 wrote to memory of 3884	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	100
PID 2812 wrote to memory of 3884	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	100
PID 2812 wrote to memory of 3368	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	101
PID 2812 wrote to memory of 3368	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	101
PID 2812 wrote to memory of 4788	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	102
PID 2812 wrote to memory of 4788	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	102
PID 2812 wrote to memory of 1884	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	103
PID 2812 wrote to memory of 1884	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	103
PID 2812 wrote to memory of 1764	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	104
PID 2812 wrote to memory of 1764	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	104
PID 2812 wrote to memory of 1804	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	105
PID 2812 wrote to memory of 1804	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	105
PID 2812 wrote to memory of 1056	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	106
PID 2812 wrote to memory of 1056	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	106
PID 2812 wrote to memory of 1732	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	107
PID 2812 wrote to memory of 1732	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	107
PID 2812 wrote to memory of 4528	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	108
PID 2812 wrote to memory of 4528	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	108
PID 2812 wrote to memory of 4216	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	109
PID 2812 wrote to memory of 4216	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	109
PID 2812 wrote to memory of 4920	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	110
PID 2812 wrote to memory of 4920	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	110
PID 2812 wrote to memory of 3456	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	111
PID 2812 wrote to memory of 3456	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	111
PID 2812 wrote to memory of 3296	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	112
PID 2812 wrote to memory of 3296	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	112
PID 2812 wrote to memory of 3120	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	113
PID 2812 wrote to memory of 3120	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	113
PID 2812 wrote to memory of 2244	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	114
PID 2812 wrote to memory of 2244	2812	461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\461b16b34417d3fec9ec8a2daf9e7680_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\System\DOmuwQT.exe
  C:\Windows\System\DOmuwQT.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\jUwuHBb.exe
  C:\Windows\System\jUwuHBb.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\KQERgnL.exe
  C:\Windows\System\KQERgnL.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\IxTqMhW.exe
  C:\Windows\System\IxTqMhW.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\TIHxVNs.exe
  C:\Windows\System\TIHxVNs.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\NVkreoO.exe
  C:\Windows\System\NVkreoO.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\DOCpzzz.exe
  C:\Windows\System\DOCpzzz.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\sMOtqrE.exe
  C:\Windows\System\sMOtqrE.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\WNmWjjA.exe
  C:\Windows\System\WNmWjjA.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\JSLhche.exe
  C:\Windows\System\JSLhche.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\DQtjSVW.exe
  C:\Windows\System\DQtjSVW.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\GbWfRPP.exe
  C:\Windows\System\GbWfRPP.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\uVZVVHq.exe
  C:\Windows\System\uVZVVHq.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\fGCemfK.exe
  C:\Windows\System\fGCemfK.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\paurmRW.exe
  C:\Windows\System\paurmRW.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\XcsQKwR.exe
  C:\Windows\System\XcsQKwR.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\wmNwELH.exe
  C:\Windows\System\wmNwELH.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\KSCCLHu.exe
  C:\Windows\System\KSCCLHu.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\RXlSIOo.exe
  C:\Windows\System\RXlSIOo.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\mBBaFzK.exe
  C:\Windows\System\mBBaFzK.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\tieYvRP.exe
  C:\Windows\System\tieYvRP.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\MWAhmKY.exe
  C:\Windows\System\MWAhmKY.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ktrnfAE.exe
  C:\Windows\System\ktrnfAE.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\PBwaxaQ.exe
  C:\Windows\System\PBwaxaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\eNQzmXU.exe
  C:\Windows\System\eNQzmXU.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\aYpCAYS.exe
  C:\Windows\System\aYpCAYS.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\WkkTthh.exe
  C:\Windows\System\WkkTthh.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\uKnGRFI.exe
  C:\Windows\System\uKnGRFI.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\CQwbAuA.exe
  C:\Windows\System\CQwbAuA.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\XBqeAac.exe
  C:\Windows\System\XBqeAac.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\EWEDQiU.exe
  C:\Windows\System\EWEDQiU.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\JZDwsru.exe
  C:\Windows\System\JZDwsru.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\JPXbDPV.exe
  C:\Windows\System\JPXbDPV.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\PkzdXvc.exe
  C:\Windows\System\PkzdXvc.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\BJrNvcw.exe
  C:\Windows\System\BJrNvcw.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\LeoiHLe.exe
  C:\Windows\System\LeoiHLe.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\GEHoIYO.exe
  C:\Windows\System\GEHoIYO.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\bIKKJnL.exe
  C:\Windows\System\bIKKJnL.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\sZYvETv.exe
  C:\Windows\System\sZYvETv.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\vTzsLSK.exe
  C:\Windows\System\vTzsLSK.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\aWvygGo.exe
  C:\Windows\System\aWvygGo.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\hRzYoYv.exe
  C:\Windows\System\hRzYoYv.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\syfWwtp.exe
  C:\Windows\System\syfWwtp.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\XFJZBNi.exe
  C:\Windows\System\XFJZBNi.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\qLNRUKK.exe
  C:\Windows\System\qLNRUKK.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\shqEFFl.exe
  C:\Windows\System\shqEFFl.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\mribijy.exe
  C:\Windows\System\mribijy.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\woQbMnr.exe
  C:\Windows\System\woQbMnr.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\GfBSEWQ.exe
  C:\Windows\System\GfBSEWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\pybEcbY.exe
  C:\Windows\System\pybEcbY.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\lwrZprG.exe
  C:\Windows\System\lwrZprG.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\KfScRZE.exe
  C:\Windows\System\KfScRZE.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\hcNQAme.exe
  C:\Windows\System\hcNQAme.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\qqldGBX.exe
  C:\Windows\System\qqldGBX.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\sokzGwJ.exe
  C:\Windows\System\sokzGwJ.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\ajboTUv.exe
  C:\Windows\System\ajboTUv.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\eUlfLUK.exe
  C:\Windows\System\eUlfLUK.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\nJAutAE.exe
  C:\Windows\System\nJAutAE.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\rAgfwNU.exe
  C:\Windows\System\rAgfwNU.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\nzeIPZR.exe
  C:\Windows\System\nzeIPZR.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\LSxBgtV.exe
  C:\Windows\System\LSxBgtV.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\eYbKRtY.exe
  C:\Windows\System\eYbKRtY.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\JyQMBnu.exe
  C:\Windows\System\JyQMBnu.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\kgXtIAa.exe
  C:\Windows\System\kgXtIAa.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\ltHXkBk.exe
  C:\Windows\System\ltHXkBk.exe
  2⤵
  PID:1144
- C:\Windows\System\HseqBXz.exe
  C:\Windows\System\HseqBXz.exe
  2⤵
  PID:4372
- C:\Windows\System\umGfvgK.exe
  C:\Windows\System\umGfvgK.exe
  2⤵
  PID:3836
- C:\Windows\System\TJpFoRS.exe
  C:\Windows\System\TJpFoRS.exe
  2⤵
  PID:2180
- C:\Windows\System\JinrcFs.exe
  C:\Windows\System\JinrcFs.exe
  2⤵
  PID:4428
- C:\Windows\System\eRfxWKh.exe
  C:\Windows\System\eRfxWKh.exe
  2⤵
  PID:4092
- C:\Windows\System\FYlIpmT.exe
  C:\Windows\System\FYlIpmT.exe
  2⤵
  PID:1784
- C:\Windows\System\ewTPEmo.exe
  C:\Windows\System\ewTPEmo.exe
  2⤵
  PID:1224
- C:\Windows\System\gZxvTVh.exe
  C:\Windows\System\gZxvTVh.exe
  2⤵
  PID:2772
- C:\Windows\System\NFxeWTv.exe
  C:\Windows\System\NFxeWTv.exe
  2⤵
  PID:4324
- C:\Windows\System\tasGTRw.exe
  C:\Windows\System\tasGTRw.exe
  2⤵
  PID:2936
- C:\Windows\System\DHXCSGU.exe
  C:\Windows\System\DHXCSGU.exe
  2⤵
  PID:3372
- C:\Windows\System\ciFqZUw.exe
  C:\Windows\System\ciFqZUw.exe
  2⤵
  PID:5084
- C:\Windows\System\PBqTyMb.exe
  C:\Windows\System\PBqTyMb.exe
  2⤵
  PID:1520
- C:\Windows\System\JylAGiM.exe
  C:\Windows\System\JylAGiM.exe
  2⤵
  PID:5124
- C:\Windows\System\IUTtokT.exe
  C:\Windows\System\IUTtokT.exe
  2⤵
  PID:5148
- C:\Windows\System\MXLSauW.exe
  C:\Windows\System\MXLSauW.exe
  2⤵
  PID:5176
- C:\Windows\System\YDTxQkw.exe
  C:\Windows\System\YDTxQkw.exe
  2⤵
  PID:5204
- C:\Windows\System\tgbtdNk.exe
  C:\Windows\System\tgbtdNk.exe
  2⤵
  PID:5232
- C:\Windows\System\FRCotJZ.exe
  C:\Windows\System\FRCotJZ.exe
  2⤵
  PID:5256
- C:\Windows\System\AQCDgfE.exe
  C:\Windows\System\AQCDgfE.exe
  2⤵
  PID:5284
- C:\Windows\System\rcAbdBw.exe
  C:\Windows\System\rcAbdBw.exe
  2⤵
  PID:5312
- C:\Windows\System\FhZbMVb.exe
  C:\Windows\System\FhZbMVb.exe
  2⤵
  PID:5340
- C:\Windows\System\WtCPvNS.exe
  C:\Windows\System\WtCPvNS.exe
  2⤵
  PID:5368
- C:\Windows\System\iYVyJTs.exe
  C:\Windows\System\iYVyJTs.exe
  2⤵
  PID:5400
- C:\Windows\System\RmmEqxz.exe
  C:\Windows\System\RmmEqxz.exe
  2⤵
  PID:5428
- C:\Windows\System\qPOyPhi.exe
  C:\Windows\System\qPOyPhi.exe
  2⤵
  PID:5456
- C:\Windows\System\GmZeCiL.exe
  C:\Windows\System\GmZeCiL.exe
  2⤵
  PID:5484
- C:\Windows\System\TZNzvzc.exe
  C:\Windows\System\TZNzvzc.exe
  2⤵
  PID:5512
- C:\Windows\System\SzDYDWH.exe
  C:\Windows\System\SzDYDWH.exe
  2⤵
  PID:5540
- C:\Windows\System\KsgVuUY.exe
  C:\Windows\System\KsgVuUY.exe
  2⤵
  PID:5568
- C:\Windows\System\LunHYaF.exe
  C:\Windows\System\LunHYaF.exe
  2⤵
  PID:5596
- C:\Windows\System\JlYTiIc.exe
  C:\Windows\System\JlYTiIc.exe
  2⤵
  PID:5624
- C:\Windows\System\RPDJUpW.exe
  C:\Windows\System\RPDJUpW.exe
  2⤵
  PID:5648
- C:\Windows\System\YqWDeCh.exe
  C:\Windows\System\YqWDeCh.exe
  2⤵
  PID:5680
- C:\Windows\System\BIeIySS.exe
  C:\Windows\System\BIeIySS.exe
  2⤵
  PID:5708
- C:\Windows\System\xTSfZua.exe
  C:\Windows\System\xTSfZua.exe
  2⤵
  PID:5736
- C:\Windows\System\eOlbklz.exe
  C:\Windows\System\eOlbklz.exe
  2⤵
  PID:5764
- C:\Windows\System\DXqbPsr.exe
  C:\Windows\System\DXqbPsr.exe
  2⤵
  PID:5792
- C:\Windows\System\kiVyGGV.exe
  C:\Windows\System\kiVyGGV.exe
  2⤵
  PID:5820
- C:\Windows\System\LasAkxg.exe
  C:\Windows\System\LasAkxg.exe
  2⤵
  PID:5848
- C:\Windows\System\WPlHMcd.exe
  C:\Windows\System\WPlHMcd.exe
  2⤵
  PID:5872
- C:\Windows\System\SkubsfA.exe
  C:\Windows\System\SkubsfA.exe
  2⤵
  PID:5904
- C:\Windows\System\gaDtYdd.exe
  C:\Windows\System\gaDtYdd.exe
  2⤵
  PID:5928
- C:\Windows\System\nwmSPIj.exe
  C:\Windows\System\nwmSPIj.exe
  2⤵
  PID:5960
- C:\Windows\System\shnmhEO.exe
  C:\Windows\System\shnmhEO.exe
  2⤵
  PID:5984
- C:\Windows\System\bpBrxYx.exe
  C:\Windows\System\bpBrxYx.exe
  2⤵
  PID:6012
- C:\Windows\System\yqTKkFx.exe
  C:\Windows\System\yqTKkFx.exe
  2⤵
  PID:6040
- C:\Windows\System\YPQrxwE.exe
  C:\Windows\System\YPQrxwE.exe
  2⤵
  PID:6072
- C:\Windows\System\qmFPwBI.exe
  C:\Windows\System\qmFPwBI.exe
  2⤵
  PID:6096
- C:\Windows\System\QsqNNio.exe
  C:\Windows\System\QsqNNio.exe
  2⤵
  PID:6124
- C:\Windows\System\HGXdgfM.exe
  C:\Windows\System\HGXdgfM.exe
  2⤵
  PID:2036
- C:\Windows\System\CwxNTrA.exe
  C:\Windows\System\CwxNTrA.exe
  2⤵
  PID:936
- C:\Windows\System\nKqekYF.exe
  C:\Windows\System\nKqekYF.exe
  2⤵
  PID:3536
- C:\Windows\System\BtTMwzb.exe
  C:\Windows\System\BtTMwzb.exe
  2⤵
  PID:3260
- C:\Windows\System\hveZdjc.exe
  C:\Windows\System\hveZdjc.exe
  2⤵
  PID:4444
- C:\Windows\System\iMgfPdh.exe
  C:\Windows\System\iMgfPdh.exe
  2⤵
  PID:548
- C:\Windows\System\fVUqdAJ.exe
  C:\Windows\System\fVUqdAJ.exe
  2⤵
  PID:1624
- C:\Windows\System\EIBEwoi.exe
  C:\Windows\System\EIBEwoi.exe
  2⤵
  PID:5140
- C:\Windows\System\qPqdwjj.exe
  C:\Windows\System\qPqdwjj.exe
  2⤵
  PID:5216
- C:\Windows\System\ivwFCuP.exe
  C:\Windows\System\ivwFCuP.exe
  2⤵
  PID:5276
- C:\Windows\System\NrDZFdv.exe
  C:\Windows\System\NrDZFdv.exe
  2⤵
  PID:5336
- C:\Windows\System\Nvwppxv.exe
  C:\Windows\System\Nvwppxv.exe
  2⤵
  PID:5412
- C:\Windows\System\LOLqyFN.exe
  C:\Windows\System\LOLqyFN.exe
  2⤵
  PID:5472
- C:\Windows\System\KmJqpGw.exe
  C:\Windows\System\KmJqpGw.exe
  2⤵
  PID:5532
- C:\Windows\System\lvoeuqb.exe
  C:\Windows\System\lvoeuqb.exe
  2⤵
  PID:5584
- C:\Windows\System\DKDxHup.exe
  C:\Windows\System\DKDxHup.exe
  2⤵
  PID:5644
- C:\Windows\System\XmPjlPQ.exe
  C:\Windows\System\XmPjlPQ.exe
  2⤵
  PID:5720
- C:\Windows\System\dfNUGxl.exe
  C:\Windows\System\dfNUGxl.exe
  2⤵
  PID:5784
- C:\Windows\System\XprIoge.exe
  C:\Windows\System\XprIoge.exe
  2⤵
  PID:5860
- C:\Windows\System\ASJpANm.exe
  C:\Windows\System\ASJpANm.exe
  2⤵
  PID:5920
- C:\Windows\System\huWRDex.exe
  C:\Windows\System\huWRDex.exe
  2⤵
  PID:5980
- C:\Windows\System\ViAyUGh.exe
  C:\Windows\System\ViAyUGh.exe
  2⤵
  PID:6056
- C:\Windows\System\aYubkZt.exe
  C:\Windows\System\aYubkZt.exe
  2⤵
  PID:6112
- C:\Windows\System\LyuFFPz.exe
  C:\Windows\System\LyuFFPz.exe
  2⤵
  PID:432
- C:\Windows\System\cVHmGov.exe
  C:\Windows\System\cVHmGov.exe
  2⤵
  PID:4544
- C:\Windows\System\omErwvD.exe
  C:\Windows\System\omErwvD.exe
  2⤵
  PID:4980
- C:\Windows\System\iCKezhm.exe
  C:\Windows\System\iCKezhm.exe
  2⤵
  PID:5244
- C:\Windows\System\RLQPnzp.exe
  C:\Windows\System\RLQPnzp.exe
  2⤵
  PID:5384
- C:\Windows\System\GwpCOBd.exe
  C:\Windows\System\GwpCOBd.exe
  2⤵
  PID:5500
- C:\Windows\System\zCGRSzo.exe
  C:\Windows\System\zCGRSzo.exe
  2⤵
  PID:5636
- C:\Windows\System\QSJcAmT.exe
  C:\Windows\System\QSJcAmT.exe
  2⤵
  PID:6164
- C:\Windows\System\DLnMVYD.exe
  C:\Windows\System\DLnMVYD.exe
  2⤵
  PID:6192
- C:\Windows\System\tTnczKK.exe
  C:\Windows\System\tTnczKK.exe
  2⤵
  PID:6220
- C:\Windows\System\yVJOQGG.exe
  C:\Windows\System\yVJOQGG.exe
  2⤵
  PID:6248
- C:\Windows\System\OzeLqYr.exe
  C:\Windows\System\OzeLqYr.exe
  2⤵
  PID:6276
- C:\Windows\System\GzTqLJs.exe
  C:\Windows\System\GzTqLJs.exe
  2⤵
  PID:6304
- C:\Windows\System\sAnZckK.exe
  C:\Windows\System\sAnZckK.exe
  2⤵
  PID:6332
- C:\Windows\System\CwaKWeC.exe
  C:\Windows\System\CwaKWeC.exe
  2⤵
  PID:6360
- C:\Windows\System\CmedQkk.exe
  C:\Windows\System\CmedQkk.exe
  2⤵
  PID:6392
- C:\Windows\System\ttONkOA.exe
  C:\Windows\System\ttONkOA.exe
  2⤵
  PID:6416
- C:\Windows\System\pXgMBGx.exe
  C:\Windows\System\pXgMBGx.exe
  2⤵
  PID:6440
- C:\Windows\System\liNnJlq.exe
  C:\Windows\System\liNnJlq.exe
  2⤵
  PID:6468
- C:\Windows\System\cnWNTMS.exe
  C:\Windows\System\cnWNTMS.exe
  2⤵
  PID:6496
- C:\Windows\System\wjckSya.exe
  C:\Windows\System\wjckSya.exe
  2⤵
  PID:6524
- C:\Windows\System\DVeyBRZ.exe
  C:\Windows\System\DVeyBRZ.exe
  2⤵
  PID:6556
- C:\Windows\System\QAWJSAd.exe
  C:\Windows\System\QAWJSAd.exe
  2⤵
  PID:6580
- C:\Windows\System\qaVJyVt.exe
  C:\Windows\System\qaVJyVt.exe
  2⤵
  PID:6608
- C:\Windows\System\gWYKZFT.exe
  C:\Windows\System\gWYKZFT.exe
  2⤵
  PID:6636
- C:\Windows\System\eochaoG.exe
  C:\Windows\System\eochaoG.exe
  2⤵
  PID:6664
- C:\Windows\System\xmEiZuf.exe
  C:\Windows\System\xmEiZuf.exe
  2⤵
  PID:6696
- C:\Windows\System\NlBWNyp.exe
  C:\Windows\System\NlBWNyp.exe
  2⤵
  PID:6720
- C:\Windows\System\MVUVPAV.exe
  C:\Windows\System\MVUVPAV.exe
  2⤵
  PID:6748
- C:\Windows\System\lzJRgyw.exe
  C:\Windows\System\lzJRgyw.exe
  2⤵
  PID:6780
- C:\Windows\System\IgFsuUn.exe
  C:\Windows\System\IgFsuUn.exe
  2⤵
  PID:6808
- C:\Windows\System\UvpXndY.exe
  C:\Windows\System\UvpXndY.exe
  2⤵
  PID:6832
- C:\Windows\System\xazYWnj.exe
  C:\Windows\System\xazYWnj.exe
  2⤵
  PID:6864
- C:\Windows\System\scXbcBo.exe
  C:\Windows\System\scXbcBo.exe
  2⤵
  PID:6888
- C:\Windows\System\azCvvTA.exe
  C:\Windows\System\azCvvTA.exe
  2⤵
  PID:6916
- C:\Windows\System\PyeSbat.exe
  C:\Windows\System\PyeSbat.exe
  2⤵
  PID:6944
- C:\Windows\System\RRQhxQz.exe
  C:\Windows\System\RRQhxQz.exe
  2⤵
  PID:6976
- C:\Windows\System\NnhRstk.exe
  C:\Windows\System\NnhRstk.exe
  2⤵
  PID:7004
- C:\Windows\System\tEDtzVz.exe
  C:\Windows\System\tEDtzVz.exe
  2⤵
  PID:7032
- C:\Windows\System\ZVRyool.exe
  C:\Windows\System\ZVRyool.exe
  2⤵
  PID:7060
- C:\Windows\System\svMUZCK.exe
  C:\Windows\System\svMUZCK.exe
  2⤵
  PID:7088
- C:\Windows\System\xuNApsj.exe
  C:\Windows\System\xuNApsj.exe
  2⤵
  PID:7116
- C:\Windows\System\gKHSNYO.exe
  C:\Windows\System\gKHSNYO.exe
  2⤵
  PID:7140
- C:\Windows\System\MTrCvBJ.exe
  C:\Windows\System\MTrCvBJ.exe
  2⤵
  PID:5696
- C:\Windows\System\uDbUIEI.exe
  C:\Windows\System\uDbUIEI.exe
  2⤵
  PID:5888
- C:\Windows\System\VRcWiLN.exe
  C:\Windows\System\VRcWiLN.exe
  2⤵
  PID:6028
- C:\Windows\System\StEsZJa.exe
  C:\Windows\System\StEsZJa.exe
  2⤵
  PID:4880
- C:\Windows\System\NjrVgBH.exe
  C:\Windows\System\NjrVgBH.exe
  2⤵
  PID:3588
- C:\Windows\System\PQZZGkp.exe
  C:\Windows\System\PQZZGkp.exe
  2⤵
  PID:5364
- C:\Windows\System\eBYEAxY.exe
  C:\Windows\System\eBYEAxY.exe
  2⤵
  PID:6148
- C:\Windows\System\APFhggT.exe
  C:\Windows\System\APFhggT.exe
  2⤵
  PID:6208
- C:\Windows\System\nPkXiZg.exe
  C:\Windows\System\nPkXiZg.exe
  2⤵
  PID:6268
- C:\Windows\System\ERUzoWW.exe
  C:\Windows\System\ERUzoWW.exe
  2⤵
  PID:6344
- C:\Windows\System\QThrMrV.exe
  C:\Windows\System\QThrMrV.exe
  2⤵
  PID:6412
- C:\Windows\System\rTYzcKn.exe
  C:\Windows\System\rTYzcKn.exe
  2⤵
  PID:6484
- C:\Windows\System\sxTyLGs.exe
  C:\Windows\System\sxTyLGs.exe
  2⤵
  PID:6540
- C:\Windows\System\uaisWBu.exe
  C:\Windows\System\uaisWBu.exe
  2⤵
  PID:6600
- C:\Windows\System\uISGRxI.exe
  C:\Windows\System\uISGRxI.exe
  2⤵
  PID:6656
- C:\Windows\System\OQfBNTi.exe
  C:\Windows\System\OQfBNTi.exe
  2⤵
  PID:6716
- C:\Windows\System\kTYSEIV.exe
  C:\Windows\System\kTYSEIV.exe
  2⤵
  PID:6800
- C:\Windows\System\dxdkRnE.exe
  C:\Windows\System\dxdkRnE.exe
  2⤵
  PID:6856
- C:\Windows\System\WXkQhnH.exe
  C:\Windows\System\WXkQhnH.exe
  2⤵
  PID:6912
- C:\Windows\System\qQsffGD.exe
  C:\Windows\System\qQsffGD.exe
  2⤵
  PID:6988
- C:\Windows\System\xyZVdBE.exe
  C:\Windows\System\xyZVdBE.exe
  2⤵
  PID:7024
- C:\Windows\System\YdfINtf.exe
  C:\Windows\System\YdfINtf.exe
  2⤵
  PID:7104
- C:\Windows\System\YEBlqJc.exe
  C:\Windows\System\YEBlqJc.exe
  2⤵
  PID:7160
- C:\Windows\System\yltsjKq.exe
  C:\Windows\System\yltsjKq.exe
  2⤵
  PID:6088
- C:\Windows\System\eDrzJQt.exe
  C:\Windows\System\eDrzJQt.exe
  2⤵
  PID:1124
- C:\Windows\System\ESXYSvs.exe
  C:\Windows\System\ESXYSvs.exe
  2⤵
  PID:3956
- C:\Windows\System\izSLMIA.exe
  C:\Windows\System\izSLMIA.exe
  2⤵
  PID:6320
- C:\Windows\System\mJGzzEo.exe
  C:\Windows\System\mJGzzEo.exe
  2⤵
  PID:6460
- C:\Windows\System\RlPPYSG.exe
  C:\Windows\System\RlPPYSG.exe
  2⤵
  PID:6568
- C:\Windows\System\epeIppU.exe
  C:\Windows\System\epeIppU.exe
  2⤵
  PID:4684
- C:\Windows\System\cNxmDnL.exe
  C:\Windows\System\cNxmDnL.exe
  2⤵
  PID:6768
- C:\Windows\System\olfCpew.exe
  C:\Windows\System\olfCpew.exe
  2⤵
  PID:6904
- C:\Windows\System\tfLqwJZ.exe
  C:\Windows\System\tfLqwJZ.exe
  2⤵
  PID:2184
- C:\Windows\System\rNNfLBE.exe
  C:\Windows\System\rNNfLBE.exe
  2⤵
  PID:7072
- C:\Windows\System\veCCRYS.exe
  C:\Windows\System\veCCRYS.exe
  2⤵
  PID:2136
- C:\Windows\System\aSIJIkS.exe
  C:\Windows\System\aSIJIkS.exe
  2⤵
  PID:5948
- C:\Windows\System\kWUuJEa.exe
  C:\Windows\System\kWUuJEa.exe
  2⤵
  PID:2104
- C:\Windows\System\QHpdcVr.exe
  C:\Windows\System\QHpdcVr.exe
  2⤵
  PID:6400
- C:\Windows\System\QBsRldh.exe
  C:\Windows\System\QBsRldh.exe
  2⤵
  PID:1368
- C:\Windows\System\SugvXcj.exe
  C:\Windows\System\SugvXcj.exe
  2⤵
  PID:6824
- C:\Windows\System\zYxLxiX.exe
  C:\Windows\System\zYxLxiX.exe
  2⤵
  PID:4188
- C:\Windows\System\doJGrzH.exe
  C:\Windows\System\doJGrzH.exe
  2⤵
  PID:2248
- C:\Windows\System\RwXFslt.exe
  C:\Windows\System\RwXFslt.exe
  2⤵
  PID:2040
- C:\Windows\System\PAFJXwF.exe
  C:\Windows\System\PAFJXwF.exe
  2⤵
  PID:6264
- C:\Windows\System\UbWOLSU.exe
  C:\Windows\System\UbWOLSU.exe
  2⤵
  PID:4460
- C:\Windows\System\KxNoMRy.exe
  C:\Windows\System\KxNoMRy.exe
  2⤵
  PID:920
- C:\Windows\System\DVfvthE.exe
  C:\Windows\System\DVfvthE.exe
  2⤵
  PID:6708
- C:\Windows\System\LIxqJeF.exe
  C:\Windows\System\LIxqJeF.exe
  2⤵
  PID:7016
- C:\Windows\System\nCSXMWe.exe
  C:\Windows\System\nCSXMWe.exe
  2⤵
  PID:224
- C:\Windows\System\aZaJYcu.exe
  C:\Windows\System\aZaJYcu.exe
  2⤵
  PID:3692
- C:\Windows\System\RAQLqQM.exe
  C:\Windows\System\RAQLqQM.exe
  2⤵
  PID:2592
- C:\Windows\System\Jnryimc.exe
  C:\Windows\System\Jnryimc.exe
  2⤵
  PID:2160
- C:\Windows\System\AvkGGLj.exe
  C:\Windows\System\AvkGGLj.exe
  2⤵
  PID:4988
- C:\Windows\System\HriFlgv.exe
  C:\Windows\System\HriFlgv.exe
  2⤵
  PID:7192
- C:\Windows\System\wDODNcN.exe
  C:\Windows\System\wDODNcN.exe
  2⤵
  PID:7212
- C:\Windows\System\TikMNYS.exe
  C:\Windows\System\TikMNYS.exe
  2⤵
  PID:7248
- C:\Windows\System\qwtgeDK.exe
  C:\Windows\System\qwtgeDK.exe
  2⤵
  PID:7284
- C:\Windows\System\yOVNnfP.exe
  C:\Windows\System\yOVNnfP.exe
  2⤵
  PID:7312
- C:\Windows\System\WUBcnSf.exe
  C:\Windows\System\WUBcnSf.exe
  2⤵
  PID:7360
- C:\Windows\System\SSnOrBc.exe
  C:\Windows\System\SSnOrBc.exe
  2⤵
  PID:7392
- C:\Windows\System\hzgFsgC.exe
  C:\Windows\System\hzgFsgC.exe
  2⤵
  PID:7416
- C:\Windows\System\fRsAtQl.exe
  C:\Windows\System\fRsAtQl.exe
  2⤵
  PID:7484
- C:\Windows\System\lDjhQAJ.exe
  C:\Windows\System\lDjhQAJ.exe
  2⤵
  PID:7504
- C:\Windows\System\nckozbt.exe
  C:\Windows\System\nckozbt.exe
  2⤵
  PID:7520
- C:\Windows\System\EiBbAyH.exe
  C:\Windows\System\EiBbAyH.exe
  2⤵
  PID:7544
- C:\Windows\System\eiMuZdz.exe
  C:\Windows\System\eiMuZdz.exe
  2⤵
  PID:7564
- C:\Windows\System\PfJgzAH.exe
  C:\Windows\System\PfJgzAH.exe
  2⤵
  PID:7588
- C:\Windows\System\FTswwJa.exe
  C:\Windows\System\FTswwJa.exe
  2⤵
  PID:7676
- C:\Windows\System\EkoNrAJ.exe
  C:\Windows\System\EkoNrAJ.exe
  2⤵
  PID:7756
- C:\Windows\System\kCLHtNk.exe
  C:\Windows\System\kCLHtNk.exe
  2⤵
  PID:7772
- C:\Windows\System\NfWOtSI.exe
  C:\Windows\System\NfWOtSI.exe
  2⤵
  PID:7800
- C:\Windows\System\bvGdGoL.exe
  C:\Windows\System\bvGdGoL.exe
  2⤵
  PID:7820
- C:\Windows\System\pFpmtgh.exe
  C:\Windows\System\pFpmtgh.exe
  2⤵
  PID:7836
- C:\Windows\System\jwecsvk.exe
  C:\Windows\System\jwecsvk.exe
  2⤵
  PID:7876
- C:\Windows\System\ugSldKd.exe
  C:\Windows\System\ugSldKd.exe
  2⤵
  PID:7900
- C:\Windows\System\wRLfExc.exe
  C:\Windows\System\wRLfExc.exe
  2⤵
  PID:7924
- C:\Windows\System\ROWfcoZ.exe
  C:\Windows\System\ROWfcoZ.exe
  2⤵
  PID:7948
- C:\Windows\System\nNISVGX.exe
  C:\Windows\System\nNISVGX.exe
  2⤵
  PID:7968
- C:\Windows\System\JflYqZn.exe
  C:\Windows\System\JflYqZn.exe
  2⤵
  PID:7988
- C:\Windows\System\FrCTrys.exe
  C:\Windows\System\FrCTrys.exe
  2⤵
  PID:8012
- C:\Windows\System\cuFmFkU.exe
  C:\Windows\System\cuFmFkU.exe
  2⤵
  PID:8068
- C:\Windows\System\jejdQDs.exe
  C:\Windows\System\jejdQDs.exe
  2⤵
  PID:8124
- C:\Windows\System\QroanCJ.exe
  C:\Windows\System\QroanCJ.exe
  2⤵
  PID:8140
- C:\Windows\System\aEMWLeH.exe
  C:\Windows\System\aEMWLeH.exe
  2⤵
  PID:8160
- C:\Windows\System\yoveKJb.exe
  C:\Windows\System\yoveKJb.exe
  2⤵
  PID:7200
- C:\Windows\System\SMeoOET.exe
  C:\Windows\System\SMeoOET.exe
  2⤵
  PID:3044
- C:\Windows\System\YPrSphZ.exe
  C:\Windows\System\YPrSphZ.exe
  2⤵
  PID:7172
- C:\Windows\System\BfwmyHD.exe
  C:\Windows\System\BfwmyHD.exe
  2⤵
  PID:7240
- C:\Windows\System\Vqoeyjy.exe
  C:\Windows\System\Vqoeyjy.exe
  2⤵
  PID:7280
- C:\Windows\System\bBUcfCV.exe
  C:\Windows\System\bBUcfCV.exe
  2⤵
  PID:7540
- C:\Windows\System\MtxoazA.exe
  C:\Windows\System\MtxoazA.exe
  2⤵
  PID:7556
- C:\Windows\System\UiyHWEL.exe
  C:\Windows\System\UiyHWEL.exe
  2⤵
  PID:7920
- C:\Windows\System\xrzHEyF.exe
  C:\Windows\System\xrzHEyF.exe
  2⤵
  PID:7960
- C:\Windows\System\nrAExHx.exe
  C:\Windows\System\nrAExHx.exe
  2⤵
  PID:8152
- C:\Windows\System\eJHKcep.exe
  C:\Windows\System\eJHKcep.exe
  2⤵
  PID:8052
- C:\Windows\System\JYjVUzv.exe
  C:\Windows\System\JYjVUzv.exe
  2⤵
  PID:8116
- C:\Windows\System\HQdejxh.exe
  C:\Windows\System\HQdejxh.exe
  2⤵
  PID:1132
- C:\Windows\System\rtlGdTz.exe
  C:\Windows\System\rtlGdTz.exe
  2⤵
  PID:7384
- C:\Windows\System\ITQcmWW.exe
  C:\Windows\System\ITQcmWW.exe
  2⤵
  PID:7428
- C:\Windows\System\ttjuYRq.exe
  C:\Windows\System\ttjuYRq.exe
  2⤵
  PID:7600
- C:\Windows\System\ANgEudc.exe
  C:\Windows\System\ANgEudc.exe
  2⤵
  PID:8076
- C:\Windows\System\uzvgdVO.exe
  C:\Windows\System\uzvgdVO.exe
  2⤵
  PID:6828
- C:\Windows\System\XsIUfTE.exe
  C:\Windows\System\XsIUfTE.exe
  2⤵
  PID:7752
- C:\Windows\System\ndWjhsS.exe
  C:\Windows\System\ndWjhsS.exe
  2⤵
  PID:8000
- C:\Windows\System\omgchqi.exe
  C:\Windows\System\omgchqi.exe
  2⤵
  PID:8184
- C:\Windows\System\yOSuuKC.exe
  C:\Windows\System\yOSuuKC.exe
  2⤵
  PID:7336
- C:\Windows\System\MujxIzi.exe
  C:\Windows\System\MujxIzi.exe
  2⤵
  PID:7576
- C:\Windows\System\mNAUbqE.exe
  C:\Windows\System\mNAUbqE.exe
  2⤵
  PID:7356
- C:\Windows\System\rUaWzMM.exe
  C:\Windows\System\rUaWzMM.exe
  2⤵
  PID:4776
- C:\Windows\System\xwQzLmV.exe
  C:\Windows\System\xwQzLmV.exe
  2⤵
  PID:7236
- C:\Windows\System\zfTcoNQ.exe
  C:\Windows\System\zfTcoNQ.exe
  2⤵
  PID:7476
- C:\Windows\System\rFntlLD.exe
  C:\Windows\System\rFntlLD.exe
  2⤵
  PID:8208
- C:\Windows\System\RbMagZC.exe
  C:\Windows\System\RbMagZC.exe
  2⤵
  PID:8248
- C:\Windows\System\PSmIcWF.exe
  C:\Windows\System\PSmIcWF.exe
  2⤵
  PID:8276
- C:\Windows\System\WECynzp.exe
  C:\Windows\System\WECynzp.exe
  2⤵
  PID:8304
- C:\Windows\System\pnKvHPU.exe
  C:\Windows\System\pnKvHPU.exe
  2⤵
  PID:8320
- C:\Windows\System\ypVuJXW.exe
  C:\Windows\System\ypVuJXW.exe
  2⤵
  PID:8348
- C:\Windows\System\VTVDfmv.exe
  C:\Windows\System\VTVDfmv.exe
  2⤵
  PID:8376
- C:\Windows\System\QsXBUWA.exe
  C:\Windows\System\QsXBUWA.exe
  2⤵
  PID:8404
- C:\Windows\System\xcZJMpU.exe
  C:\Windows\System\xcZJMpU.exe
  2⤵
  PID:8444
- C:\Windows\System\dPhQvIP.exe
  C:\Windows\System\dPhQvIP.exe
  2⤵
  PID:8460
- C:\Windows\System\bABkqaS.exe
  C:\Windows\System\bABkqaS.exe
  2⤵
  PID:8488
- C:\Windows\System\xTPIDXv.exe
  C:\Windows\System\xTPIDXv.exe
  2⤵
  PID:8516
- C:\Windows\System\uJQNhpo.exe
  C:\Windows\System\uJQNhpo.exe
  2⤵
  PID:8544
- C:\Windows\System\DRRkAhM.exe
  C:\Windows\System\DRRkAhM.exe
  2⤵
  PID:8572
- C:\Windows\System\SOnYMWo.exe
  C:\Windows\System\SOnYMWo.exe
  2⤵
  PID:8612
- C:\Windows\System\mGOcAnV.exe
  C:\Windows\System\mGOcAnV.exe
  2⤵
  PID:8640
- C:\Windows\System\QlQRdWY.exe
  C:\Windows\System\QlQRdWY.exe
  2⤵
  PID:8656
- C:\Windows\System\AhETqql.exe
  C:\Windows\System\AhETqql.exe
  2⤵
  PID:8700
- C:\Windows\System\qyiCouh.exe
  C:\Windows\System\qyiCouh.exe
  2⤵
  PID:8724
- C:\Windows\System\Sggefei.exe
  C:\Windows\System\Sggefei.exe
  2⤵
  PID:8740
- C:\Windows\System\hiRaYrx.exe
  C:\Windows\System\hiRaYrx.exe
  2⤵
  PID:8780
- C:\Windows\System\VdIYKTE.exe
  C:\Windows\System\VdIYKTE.exe
  2⤵
  PID:8804
- C:\Windows\System\OosEDjf.exe
  C:\Windows\System\OosEDjf.exe
  2⤵
  PID:8836
- C:\Windows\System\XDwWfxa.exe
  C:\Windows\System\XDwWfxa.exe
  2⤵
  PID:8864
- C:\Windows\System\rlYyXEs.exe
  C:\Windows\System\rlYyXEs.exe
  2⤵
  PID:8880
- C:\Windows\System\nTzklfb.exe
  C:\Windows\System\nTzklfb.exe
  2⤵
  PID:8900
- C:\Windows\System\CQcbaSt.exe
  C:\Windows\System\CQcbaSt.exe
  2⤵
  PID:8924
- C:\Windows\System\KjBWDym.exe
  C:\Windows\System\KjBWDym.exe
  2⤵
  PID:8976
- C:\Windows\System\sRqIjbg.exe
  C:\Windows\System\sRqIjbg.exe
  2⤵
  PID:9004
- C:\Windows\System\fmTbQqk.exe
  C:\Windows\System\fmTbQqk.exe
  2⤵
  PID:9024
- C:\Windows\System\ZrJBvEA.exe
  C:\Windows\System\ZrJBvEA.exe
  2⤵
  PID:9048
- C:\Windows\System\fQZzQBt.exe
  C:\Windows\System\fQZzQBt.exe
  2⤵
  PID:9076
- C:\Windows\System\VSQZUGy.exe
  C:\Windows\System\VSQZUGy.exe
  2⤵
  PID:9104
- C:\Windows\System\MijhIzh.exe
  C:\Windows\System\MijhIzh.exe
  2⤵
  PID:9132
- C:\Windows\System\QHIRsTe.exe
  C:\Windows\System\QHIRsTe.exe
  2⤵
  PID:9164
- C:\Windows\System\gDbFMhE.exe
  C:\Windows\System\gDbFMhE.exe
  2⤵
  PID:9192
- C:\Windows\System\mIlgBov.exe
  C:\Windows\System\mIlgBov.exe
  2⤵
  PID:7204
- C:\Windows\System\UIQgrnD.exe
  C:\Windows\System\UIQgrnD.exe
  2⤵
  PID:8260
- C:\Windows\System\llPTGJQ.exe
  C:\Windows\System\llPTGJQ.exe
  2⤵
  PID:8340
- C:\Windows\System\kUOiJxI.exe
  C:\Windows\System\kUOiJxI.exe
  2⤵
  PID:8396
- C:\Windows\System\yAbrghz.exe
  C:\Windows\System\yAbrghz.exe
  2⤵
  PID:8452
- C:\Windows\System\bOLLrBt.exe
  C:\Windows\System\bOLLrBt.exe
  2⤵
  PID:8500
- C:\Windows\System\SFNtZYy.exe
  C:\Windows\System\SFNtZYy.exe
  2⤵
  PID:8588
- C:\Windows\System\oiDGDnU.exe
  C:\Windows\System\oiDGDnU.exe
  2⤵
  PID:8624
- C:\Windows\System\PkvdbvI.exe
  C:\Windows\System\PkvdbvI.exe
  2⤵
  PID:8720
- C:\Windows\System\WEOOjIW.exe
  C:\Windows\System\WEOOjIW.exe
  2⤵
  PID:8792
- C:\Windows\System\xYAHYWK.exe
  C:\Windows\System\xYAHYWK.exe
  2⤵
  PID:8820
- C:\Windows\System\sWCszFn.exe
  C:\Windows\System\sWCszFn.exe
  2⤵
  PID:8908
- C:\Windows\System\jHaBclb.exe
  C:\Windows\System\jHaBclb.exe
  2⤵
  PID:8968
- C:\Windows\System\xmsddNH.exe
  C:\Windows\System\xmsddNH.exe
  2⤵
  PID:9032
- C:\Windows\System\vqAXhJN.exe
  C:\Windows\System\vqAXhJN.exe
  2⤵
  PID:9044
- C:\Windows\System\uERiGJf.exe
  C:\Windows\System\uERiGJf.exe
  2⤵
  PID:9072
- C:\Windows\System\cQaZxxA.exe
  C:\Windows\System\cQaZxxA.exe
  2⤵
  PID:9188
- C:\Windows\System\uvwFqHr.exe
  C:\Windows\System\uvwFqHr.exe
  2⤵
  PID:8364
- C:\Windows\System\BerjQuq.exe
  C:\Windows\System\BerjQuq.exe
  2⤵
  PID:8456
- C:\Windows\System\qstYaQS.exe
  C:\Windows\System\qstYaQS.exe
  2⤵
  PID:8560
- C:\Windows\System\bXqsypZ.exe
  C:\Windows\System\bXqsypZ.exe
  2⤵
  PID:8772
- C:\Windows\System\WpVfOqI.exe
  C:\Windows\System\WpVfOqI.exe
  2⤵
  PID:9012
- C:\Windows\System\zwNoLlU.exe
  C:\Windows\System\zwNoLlU.exe
  2⤵
  PID:9064
- C:\Windows\System\RzacuKP.exe
  C:\Windows\System\RzacuKP.exe
  2⤵
  PID:9184
- C:\Windows\System\oHcAgod.exe
  C:\Windows\System\oHcAgod.exe
  2⤵
  PID:8440
- C:\Windows\System\VnkyLPo.exe
  C:\Windows\System\VnkyLPo.exe
  2⤵
  PID:8996
- C:\Windows\System\WJqONsN.exe
  C:\Windows\System\WJqONsN.exe
  2⤵
  PID:8424
- C:\Windows\System\ACTSypr.exe
  C:\Windows\System\ACTSypr.exe
  2⤵
  PID:8568
- C:\Windows\System\AOFtASq.exe
  C:\Windows\System\AOFtASq.exe
  2⤵
  PID:9220
- C:\Windows\System\baWfRIg.exe
  C:\Windows\System\baWfRIg.exe
  2⤵
  PID:9248
- C:\Windows\System\kkusVAH.exe
  C:\Windows\System\kkusVAH.exe
  2⤵
  PID:9276
- C:\Windows\System\NrylRvi.exe
  C:\Windows\System\NrylRvi.exe
  2⤵
  PID:9292
- C:\Windows\System\ZghpWuP.exe
  C:\Windows\System\ZghpWuP.exe
  2⤵
  PID:9324
- C:\Windows\System\tLNdLjb.exe
  C:\Windows\System\tLNdLjb.exe
  2⤵
  PID:9364
- C:\Windows\System\yaaxZJw.exe
  C:\Windows\System\yaaxZJw.exe
  2⤵
  PID:9380
- C:\Windows\System\LdcJtPz.exe
  C:\Windows\System\LdcJtPz.exe
  2⤵
  PID:9428
- C:\Windows\System\JtlzSrE.exe
  C:\Windows\System\JtlzSrE.exe
  2⤵
  PID:9456
- C:\Windows\System\zHRmmTx.exe
  C:\Windows\System\zHRmmTx.exe
  2⤵
  PID:9484
- C:\Windows\System\krnAvPM.exe
  C:\Windows\System\krnAvPM.exe
  2⤵
  PID:9512
- C:\Windows\System\BqJPOKD.exe
  C:\Windows\System\BqJPOKD.exe
  2⤵
  PID:9540
- C:\Windows\System\WSFqYjH.exe
  C:\Windows\System\WSFqYjH.exe
  2⤵
  PID:9556
- C:\Windows\System\fBVUjzu.exe
  C:\Windows\System\fBVUjzu.exe
  2⤵
  PID:9584
- C:\Windows\System\onsPbiU.exe
  C:\Windows\System\onsPbiU.exe
  2⤵
  PID:9612
- C:\Windows\System\elJJOdw.exe
  C:\Windows\System\elJJOdw.exe
  2⤵
  PID:9640
- C:\Windows\System\PVWvKDg.exe
  C:\Windows\System\PVWvKDg.exe
  2⤵
  PID:9668
- C:\Windows\System\sWvxWet.exe
  C:\Windows\System\sWvxWet.exe
  2⤵
  PID:9688
- C:\Windows\System\OccMkFC.exe
  C:\Windows\System\OccMkFC.exe
  2⤵
  PID:9736
- C:\Windows\System\crGznqZ.exe
  C:\Windows\System\crGznqZ.exe
  2⤵
  PID:9752
- C:\Windows\System\zTSqaxG.exe
  C:\Windows\System\zTSqaxG.exe
  2⤵
  PID:9792
- C:\Windows\System\YkXMYcv.exe
  C:\Windows\System\YkXMYcv.exe
  2⤵
  PID:9820
- C:\Windows\System\Gdoulzo.exe
  C:\Windows\System\Gdoulzo.exe
  2⤵
  PID:9848
- C:\Windows\System\Cjcfbkn.exe
  C:\Windows\System\Cjcfbkn.exe
  2⤵
  PID:9868
- C:\Windows\System\CjOmQyZ.exe
  C:\Windows\System\CjOmQyZ.exe
  2⤵
  PID:9896
- C:\Windows\System\kHhovsd.exe
  C:\Windows\System\kHhovsd.exe
  2⤵
  PID:9924
- C:\Windows\System\syGUhEk.exe
  C:\Windows\System\syGUhEk.exe
  2⤵
  PID:9960
- C:\Windows\System\EiLYDTI.exe
  C:\Windows\System\EiLYDTI.exe
  2⤵
  PID:9980
- C:\Windows\System\kmPICpO.exe
  C:\Windows\System\kmPICpO.exe
  2⤵
  PID:10020
- C:\Windows\System\XtSogOq.exe
  C:\Windows\System\XtSogOq.exe
  2⤵
  PID:10048
- C:\Windows\System\RgocduO.exe
  C:\Windows\System\RgocduO.exe
  2⤵
  PID:10076
- C:\Windows\System\dyJVUgW.exe
  C:\Windows\System\dyJVUgW.exe
  2⤵
  PID:10104
- C:\Windows\System\wwhyxPF.exe
  C:\Windows\System\wwhyxPF.exe
  2⤵
  PID:10120
- C:\Windows\System\rPRJkNE.exe
  C:\Windows\System\rPRJkNE.exe
  2⤵
  PID:10144
- C:\Windows\System\subyaGg.exe
  C:\Windows\System\subyaGg.exe
  2⤵
  PID:10176
- C:\Windows\System\iuQEpuw.exe
  C:\Windows\System\iuQEpuw.exe
  2⤵
  PID:10204
- C:\Windows\System\yCHoteR.exe
  C:\Windows\System\yCHoteR.exe
  2⤵
  PID:10220
- C:\Windows\System\ITjiXmc.exe
  C:\Windows\System\ITjiXmc.exe
  2⤵
  PID:9268
- C:\Windows\System\bmMDBnV.exe
  C:\Windows\System\bmMDBnV.exe
  2⤵
  PID:9352
- C:\Windows\System\DaljuMZ.exe
  C:\Windows\System\DaljuMZ.exe
  2⤵
  PID:9412
- C:\Windows\System\xxcVicF.exe
  C:\Windows\System\xxcVicF.exe
  2⤵
  PID:9480
- C:\Windows\System\BnJavaT.exe
  C:\Windows\System\BnJavaT.exe
  2⤵
  PID:9552
- C:\Windows\System\oDGVFlY.exe
  C:\Windows\System\oDGVFlY.exe
  2⤵
  PID:9596
- C:\Windows\System\ZjEPjhV.exe
  C:\Windows\System\ZjEPjhV.exe
  2⤵
  PID:9696
- C:\Windows\System\FvIFJRQ.exe
  C:\Windows\System\FvIFJRQ.exe
  2⤵
  PID:9748
- C:\Windows\System\sMPeSza.exe
  C:\Windows\System\sMPeSza.exe
  2⤵
  PID:9804
- C:\Windows\System\SMzXnaJ.exe
  C:\Windows\System\SMzXnaJ.exe
  2⤵
  PID:9880
- C:\Windows\System\uriUYTr.exe
  C:\Windows\System\uriUYTr.exe
  2⤵
  PID:9908
- C:\Windows\System\uxkhbhX.exe
  C:\Windows\System\uxkhbhX.exe
  2⤵
  PID:10008
- C:\Windows\System\qGUqkIw.exe
  C:\Windows\System\qGUqkIw.exe
  2⤵
  PID:10068
- C:\Windows\System\iwlWGaZ.exe
  C:\Windows\System\iwlWGaZ.exe
  2⤵
  PID:10096
- C:\Windows\System\WXUvuVF.exe
  C:\Windows\System\WXUvuVF.exe
  2⤵
  PID:10164
- C:\Windows\System\OVWaQQN.exe
  C:\Windows\System\OVWaQQN.exe
  2⤵
  PID:10200
- C:\Windows\System\uotnPaD.exe
  C:\Windows\System\uotnPaD.exe
  2⤵
  PID:9240
- C:\Windows\System\NxCPosz.exe
  C:\Windows\System\NxCPosz.exe
  2⤵
  PID:9316
- C:\Windows\System\wVDHLRq.exe
  C:\Windows\System\wVDHLRq.exe
  2⤵
  PID:9604
- C:\Windows\System\ExoBHHs.exe
  C:\Windows\System\ExoBHHs.exe
  2⤵
  PID:9724
- C:\Windows\System\DlxQdNt.exe
  C:\Windows\System\DlxQdNt.exe
  2⤵
  PID:9832
- C:\Windows\System\PMTMRDl.exe
  C:\Windows\System\PMTMRDl.exe
  2⤵
  PID:10016
- C:\Windows\System\PTPABRx.exe
  C:\Windows\System\PTPABRx.exe
  2⤵
  PID:10152
- C:\Windows\System\GCBvKdM.exe
  C:\Windows\System\GCBvKdM.exe
  2⤵
  PID:9568
- C:\Windows\System\ceFzfXV.exe
  C:\Windows\System\ceFzfXV.exe
  2⤵
  PID:9864
- C:\Windows\System\pSPlnfR.exe
  C:\Windows\System\pSPlnfR.exe
  2⤵
  PID:10140
- C:\Windows\System\TGIHxEZ.exe
  C:\Windows\System\TGIHxEZ.exe
  2⤵
  PID:10004
- C:\Windows\System\vplRHuJ.exe
  C:\Windows\System\vplRHuJ.exe
  2⤵
  PID:10264
- C:\Windows\System\EtAWxVt.exe
  C:\Windows\System\EtAWxVt.exe
  2⤵
  PID:10284
- C:\Windows\System\IICLPAk.exe
  C:\Windows\System\IICLPAk.exe
  2⤵
  PID:10308
- C:\Windows\System\RaFPZho.exe
  C:\Windows\System\RaFPZho.exe
  2⤵
  PID:10332
- C:\Windows\System\kCNmOWU.exe
  C:\Windows\System\kCNmOWU.exe
  2⤵
  PID:10376
- C:\Windows\System\qIvJpZj.exe
  C:\Windows\System\qIvJpZj.exe
  2⤵
  PID:10412
- C:\Windows\System\AdVyGNm.exe
  C:\Windows\System\AdVyGNm.exe
  2⤵
  PID:10444
- C:\Windows\System\CsifMXD.exe
  C:\Windows\System\CsifMXD.exe
  2⤵
  PID:10472
- C:\Windows\System\HhDsDjj.exe
  C:\Windows\System\HhDsDjj.exe
  2⤵
  PID:10500
- C:\Windows\System\NJSXWSv.exe
  C:\Windows\System\NJSXWSv.exe
  2⤵
  PID:10528
- C:\Windows\System\MLBjSQE.exe
  C:\Windows\System\MLBjSQE.exe
  2⤵
  PID:10556
- C:\Windows\System\DwRzMCp.exe
  C:\Windows\System\DwRzMCp.exe
  2⤵
  PID:10584
- C:\Windows\System\OfiRVNM.exe
  C:\Windows\System\OfiRVNM.exe
  2⤵
  PID:10600
- C:\Windows\System\klMgGjq.exe
  C:\Windows\System\klMgGjq.exe
  2⤵
  PID:10628
- C:\Windows\System\jiZjmet.exe
  C:\Windows\System\jiZjmet.exe
  2⤵
  PID:10652
- C:\Windows\System\OBVZlGJ.exe
  C:\Windows\System\OBVZlGJ.exe
  2⤵
  PID:10688
- C:\Windows\System\INTBrtg.exe
  C:\Windows\System\INTBrtg.exe
  2⤵
  PID:10728
- C:\Windows\System\zcLRMUz.exe
  C:\Windows\System\zcLRMUz.exe
  2⤵
  PID:10756
- C:\Windows\System\RWnEyfJ.exe
  C:\Windows\System\RWnEyfJ.exe
  2⤵
  PID:10784
- C:\Windows\System\qSnNPml.exe
  C:\Windows\System\qSnNPml.exe
  2⤵
  PID:10800
- C:\Windows\System\aUwcKqy.exe
  C:\Windows\System\aUwcKqy.exe
  2⤵
  PID:10840
- C:\Windows\System\MzwgSmP.exe
  C:\Windows\System\MzwgSmP.exe
  2⤵
  PID:10856
- C:\Windows\System\DBOEWHx.exe
  C:\Windows\System\DBOEWHx.exe
  2⤵
  PID:10896
- C:\Windows\System\UhDHZSf.exe
  C:\Windows\System\UhDHZSf.exe
  2⤵
  PID:10924
- C:\Windows\System\SwpbVBf.exe
  C:\Windows\System\SwpbVBf.exe
  2⤵
  PID:10948
- C:\Windows\System\JIhSrwZ.exe
  C:\Windows\System\JIhSrwZ.exe
  2⤵
  PID:10972
- C:\Windows\System\iMxzOum.exe
  C:\Windows\System\iMxzOum.exe
  2⤵
  PID:10996
- C:\Windows\System\bDUZgJf.exe
  C:\Windows\System\bDUZgJf.exe
  2⤵
  PID:11028
- C:\Windows\System\gofhUdP.exe
  C:\Windows\System\gofhUdP.exe
  2⤵
  PID:11052
- C:\Windows\System\VHNswGq.exe
  C:\Windows\System\VHNswGq.exe
  2⤵
  PID:11068
- C:\Windows\System\GwODCOF.exe
  C:\Windows\System\GwODCOF.exe
  2⤵
  PID:11120
- C:\Windows\System\zErtOSp.exe
  C:\Windows\System\zErtOSp.exe
  2⤵
  PID:11144
- C:\Windows\System\YNZYiVl.exe
  C:\Windows\System\YNZYiVl.exe
  2⤵
  PID:11176
- C:\Windows\System\OtAPuen.exe
  C:\Windows\System\OtAPuen.exe
  2⤵
  PID:11200
- C:\Windows\System\sCVaJdI.exe
  C:\Windows\System\sCVaJdI.exe
  2⤵
  PID:11240
- C:\Windows\System\tPwXeII.exe
  C:\Windows\System\tPwXeII.exe
  2⤵
  PID:10188
- C:\Windows\System\lYZNGqt.exe
  C:\Windows\System\lYZNGqt.exe
  2⤵
  PID:10292
- C:\Windows\System\GCBsrip.exe
  C:\Windows\System\GCBsrip.exe
  2⤵
  PID:10368
- C:\Windows\System\FiTDAxb.exe
  C:\Windows\System\FiTDAxb.exe
  2⤵
  PID:10428
- C:\Windows\System\hZRyexd.exe
  C:\Windows\System\hZRyexd.exe
  2⤵
  PID:9828
- C:\Windows\System\NlXaTgj.exe
  C:\Windows\System\NlXaTgj.exe
  2⤵
  PID:10540
- C:\Windows\System\HtdEMLA.exe
  C:\Windows\System\HtdEMLA.exe
  2⤵
  PID:10592
- C:\Windows\System\eSBOOhy.exe
  C:\Windows\System\eSBOOhy.exe
  2⤵
  PID:10684
- C:\Windows\System\LqDVIza.exe
  C:\Windows\System\LqDVIza.exe
  2⤵
  PID:10724
- C:\Windows\System\CLnvtPT.exe
  C:\Windows\System\CLnvtPT.exe
  2⤵
  PID:10776
- C:\Windows\System\MHLBxDA.exe
  C:\Windows\System\MHLBxDA.exe
  2⤵
  PID:10848
- C:\Windows\System\HfhTFnk.exe
  C:\Windows\System\HfhTFnk.exe
  2⤵
  PID:10916
- C:\Windows\System\YHePWAe.exe
  C:\Windows\System\YHePWAe.exe
  2⤵
  PID:11020
- C:\Windows\System\YlwlZpU.exe
  C:\Windows\System\YlwlZpU.exe
  2⤵
  PID:11060
- C:\Windows\System\PGUNMKc.exe
  C:\Windows\System\PGUNMKc.exe
  2⤵
  PID:752
- C:\Windows\System\ePifdmL.exe
  C:\Windows\System\ePifdmL.exe
  2⤵
  PID:11188
- C:\Windows\System\kmCttOz.exe
  C:\Windows\System\kmCttOz.exe
  2⤵
  PID:11256
- C:\Windows\System\VjqNpXw.exe
  C:\Windows\System\VjqNpXw.exe
  2⤵
  PID:10304
- C:\Windows\System\PRqxCHD.exe
  C:\Windows\System\PRqxCHD.exe
  2⤵
  PID:10516
- C:\Windows\System\oGQXbjw.exe
  C:\Windows\System\oGQXbjw.exe
  2⤵
  PID:10616
- C:\Windows\System\dIZASIR.exe
  C:\Windows\System\dIZASIR.exe
  2⤵
  PID:10820
- C:\Windows\System\vRNNzDE.exe
  C:\Windows\System\vRNNzDE.exe
  2⤵
  PID:10980
- C:\Windows\System\cjvbtbh.exe
  C:\Windows\System\cjvbtbh.exe
  2⤵
  PID:11084
- C:\Windows\System\PtfaZUA.exe
  C:\Windows\System\PtfaZUA.exe
  2⤵
  PID:11220
- C:\Windows\System\fWLcXSs.exe
  C:\Windows\System\fWLcXSs.exe
  2⤵
  PID:10596
- C:\Windows\System\jDucypP.exe
  C:\Windows\System\jDucypP.exe
  2⤵
  PID:10888
- C:\Windows\System\YIpMfIn.exe
  C:\Windows\System\YIpMfIn.exe
  2⤵
  PID:11184
- C:\Windows\System\leOscsm.exe
  C:\Windows\System\leOscsm.exe
  2⤵
  PID:10752
- C:\Windows\System\rEtmZxB.exe
  C:\Windows\System\rEtmZxB.exe
  2⤵
  PID:10668
- C:\Windows\System\kUohaaN.exe
  C:\Windows\System\kUohaaN.exe
  2⤵
  PID:11276
- C:\Windows\System\xmowaux.exe
  C:\Windows\System\xmowaux.exe
  2⤵
  PID:11320
- C:\Windows\System\sQMsIcT.exe
  C:\Windows\System\sQMsIcT.exe
  2⤵
  PID:11348
- C:\Windows\System\cbzeuDP.exe
  C:\Windows\System\cbzeuDP.exe
  2⤵
  PID:11376
- C:\Windows\System\jVOdBso.exe
  C:\Windows\System\jVOdBso.exe
  2⤵
  PID:11404
- C:\Windows\System\FsVRLTd.exe
  C:\Windows\System\FsVRLTd.exe
  2⤵
  PID:11420
- C:\Windows\System\cqIcvjV.exe
  C:\Windows\System\cqIcvjV.exe
  2⤵
  PID:11448
- C:\Windows\System\xnkgACj.exe
  C:\Windows\System\xnkgACj.exe
  2⤵
  PID:11488
- C:\Windows\System\iEIutYo.exe
  C:\Windows\System\iEIutYo.exe
  2⤵
  PID:11516
- C:\Windows\System\TDAZwsb.exe
  C:\Windows\System\TDAZwsb.exe
  2⤵
  PID:11544
- C:\Windows\System\bwLcewb.exe
  C:\Windows\System\bwLcewb.exe
  2⤵
  PID:11564
- C:\Windows\System\CJDTykO.exe
  C:\Windows\System\CJDTykO.exe
  2⤵
  PID:11592
- C:\Windows\System\FmtjPSQ.exe
  C:\Windows\System\FmtjPSQ.exe
  2⤵
  PID:11632
- C:\Windows\System\nvdDwvV.exe
  C:\Windows\System\nvdDwvV.exe
  2⤵
  PID:11656
- C:\Windows\System\TZTDIUm.exe
  C:\Windows\System\TZTDIUm.exe
  2⤵
  PID:11684
- C:\Windows\System\RfueiXh.exe
  C:\Windows\System\RfueiXh.exe
  2⤵
  PID:11704
- C:\Windows\System\qvaDzwq.exe
  C:\Windows\System\qvaDzwq.exe
  2⤵
  PID:11732
- C:\Windows\System\qrfrXtw.exe
  C:\Windows\System\qrfrXtw.exe
  2⤵
  PID:11756
- C:\Windows\System\UieKqxH.exe
  C:\Windows\System\UieKqxH.exe
  2⤵
  PID:11780
- C:\Windows\System\DtinCMy.exe
  C:\Windows\System\DtinCMy.exe
  2⤵
  PID:11808
- C:\Windows\System\QDTRseB.exe
  C:\Windows\System\QDTRseB.exe
  2⤵
  PID:11844
- C:\Windows\System\ipwkPds.exe
  C:\Windows\System\ipwkPds.exe
  2⤵
  PID:11884
- C:\Windows\System\ukPxDFm.exe
  C:\Windows\System\ukPxDFm.exe
  2⤵
  PID:11900
- C:\Windows\System\NYIpdjB.exe
  C:\Windows\System\NYIpdjB.exe
  2⤵
  PID:11940
- C:\Windows\System\fwEwBhZ.exe
  C:\Windows\System\fwEwBhZ.exe
  2⤵
  PID:11956
- C:\Windows\System\qKICIUU.exe
  C:\Windows\System\qKICIUU.exe
  2⤵
  PID:11988
- C:\Windows\System\IUddByu.exe
  C:\Windows\System\IUddByu.exe
  2⤵
  PID:12012
- C:\Windows\System\AAjjAZu.exe
  C:\Windows\System\AAjjAZu.exe
  2⤵
  PID:12040
- C:\Windows\System\HTlFLND.exe
  C:\Windows\System\HTlFLND.exe
  2⤵
  PID:12068
- C:\Windows\System\UlCVrAm.exe
  C:\Windows\System\UlCVrAm.exe
  2⤵
  PID:12088
- C:\Windows\System\RfPKbjU.exe
  C:\Windows\System\RfPKbjU.exe
  2⤵
  PID:12116
- C:\Windows\System\QgkfOkT.exe
  C:\Windows\System\QgkfOkT.exe
  2⤵
  PID:12152
- C:\Windows\System\pFbOOpi.exe
  C:\Windows\System\pFbOOpi.exe
  2⤵
  PID:12168
- C:\Windows\System\hoUwuqU.exe
  C:\Windows\System\hoUwuqU.exe
  2⤵
  PID:12200
- C:\Windows\System\kftsieK.exe
  C:\Windows\System\kftsieK.exe
  2⤵
  PID:12224
- C:\Windows\System\qoTuaGh.exe
  C:\Windows\System\qoTuaGh.exe
  2⤵
  PID:12252
- C:\Windows\System\UwcdlCR.exe
  C:\Windows\System\UwcdlCR.exe
  2⤵
  PID:11036
- C:\Windows\System\lPmGqHT.exe
  C:\Windows\System\lPmGqHT.exe
  2⤵
  PID:11312
- C:\Windows\System\qFsCrJa.exe
  C:\Windows\System\qFsCrJa.exe
  2⤵
  PID:11388
- C:\Windows\System\ISeQKGw.exe
  C:\Windows\System\ISeQKGw.exe
  2⤵
  PID:11480
- C:\Windows\System\jzqcsNq.exe
  C:\Windows\System\jzqcsNq.exe
  2⤵
  PID:11512
- C:\Windows\System\xsFXnCM.exe
  C:\Windows\System\xsFXnCM.exe
  2⤵
  PID:11580
- C:\Windows\System\IKcKpdG.exe
  C:\Windows\System\IKcKpdG.exe
  2⤵
  PID:11616
- C:\Windows\System\sxRLzrV.exe
  C:\Windows\System\sxRLzrV.exe
  2⤵
  PID:11692
- C:\Windows\System\fEhceDw.exe
  C:\Windows\System\fEhceDw.exe
  2⤵
  PID:11740
- C:\Windows\System\aJuFTMa.exe
  C:\Windows\System\aJuFTMa.exe
  2⤵
  PID:11804
- C:\Windows\System\vJZHPpn.exe
  C:\Windows\System\vJZHPpn.exe
  2⤵
  PID:11860
- C:\Windows\System\VHfvWEr.exe
  C:\Windows\System\VHfvWEr.exe
  2⤵
  PID:11912
- C:\Windows\System\GdflEni.exe
  C:\Windows\System\GdflEni.exe
  2⤵
  PID:12032
- C:\Windows\System\golWSLP.exe
  C:\Windows\System\golWSLP.exe
  2⤵
  PID:12136
- C:\Windows\System\EbECRtY.exe
  C:\Windows\System\EbECRtY.exe
  2⤵
  PID:12160
- C:\Windows\System\nTuYMQO.exe
  C:\Windows\System\nTuYMQO.exe
  2⤵
  PID:12192
- C:\Windows\System\OaLrHgO.exe
  C:\Windows\System\OaLrHgO.exe
  2⤵
  PID:12232
- C:\Windows\System\pUlDOQM.exe
  C:\Windows\System\pUlDOQM.exe
  2⤵
  PID:11300
- C:\Windows\System\wXUPSPK.exe
  C:\Windows\System\wXUPSPK.exe
  2⤵
  PID:11372
- C:\Windows\System\TPAPmXC.exe
  C:\Windows\System\TPAPmXC.exe
  2⤵
  PID:11552
- C:\Windows\System\nllmPzd.exe
  C:\Windows\System\nllmPzd.exe
  2⤵
  PID:11676
- C:\Windows\System\IhpEwoD.exe
  C:\Windows\System\IhpEwoD.exe
  2⤵
  PID:11920
- C:\Windows\System\qTHqusa.exe
  C:\Windows\System\qTHqusa.exe
  2⤵
  PID:12000
- C:\Windows\System\lJyoVwn.exe
  C:\Windows\System\lJyoVwn.exe
  2⤵
  PID:12180
- C:\Windows\System\gUgmIEA.exe
  C:\Windows\System\gUgmIEA.exe
  2⤵
  PID:2844
- C:\Windows\System\KRbUeHJ.exe
  C:\Windows\System\KRbUeHJ.exe
  2⤵
  PID:11728
- C:\Windows\System\DNIDVVI.exe
  C:\Windows\System\DNIDVVI.exe
  2⤵
  PID:11972
- C:\Windows\System\yOIvfOE.exe
  C:\Windows\System\yOIvfOE.exe
  2⤵
  PID:11624
- C:\Windows\System\qlqRwki.exe
  C:\Windows\System\qlqRwki.exe
  2⤵
  PID:12132
- C:\Windows\System\KwocEiL.exe
  C:\Windows\System\KwocEiL.exe
  2⤵
  PID:12296
- C:\Windows\System\UGKPmPt.exe
  C:\Windows\System\UGKPmPt.exe
  2⤵
  PID:12332
- C:\Windows\System\HjDOOWm.exe
  C:\Windows\System\HjDOOWm.exe
  2⤵
  PID:12360
- C:\Windows\System\SGbSklD.exe
  C:\Windows\System\SGbSklD.exe
  2⤵
  PID:12388
- C:\Windows\System\hUMFcTn.exe
  C:\Windows\System\hUMFcTn.exe
  2⤵
  PID:12420
- C:\Windows\System\RLkqIZM.exe
  C:\Windows\System\RLkqIZM.exe
  2⤵
  PID:12448
- C:\Windows\System\nMjWhFh.exe
  C:\Windows\System\nMjWhFh.exe
  2⤵
  PID:12464
- C:\Windows\System\muoIyNV.exe
  C:\Windows\System\muoIyNV.exe
  2⤵
  PID:12496
- C:\Windows\System\IHiKANa.exe
  C:\Windows\System\IHiKANa.exe
  2⤵
  PID:12524
- C:\Windows\System\LbqroTk.exe
  C:\Windows\System\LbqroTk.exe
  2⤵
  PID:12548
- C:\Windows\System\IFkHweR.exe
  C:\Windows\System\IFkHweR.exe
  2⤵
  PID:12580
- C:\Windows\System\YSYekKf.exe
  C:\Windows\System\YSYekKf.exe
  2⤵
  PID:12604
- C:\Windows\System\MlJHuBC.exe
  C:\Windows\System\MlJHuBC.exe
  2⤵
  PID:12624
- C:\Windows\System\WLlMaXI.exe
  C:\Windows\System\WLlMaXI.exe
  2⤵
  PID:12672
- C:\Windows\System\UObGRuU.exe
  C:\Windows\System\UObGRuU.exe
  2⤵
  PID:12688
- C:\Windows\System\RkoVjsE.exe
  C:\Windows\System\RkoVjsE.exe
  2⤵
  PID:12728
- C:\Windows\System\cHZzsGg.exe
  C:\Windows\System\cHZzsGg.exe
  2⤵
  PID:12752
- C:\Windows\System\zLmjfFY.exe
  C:\Windows\System\zLmjfFY.exe
  2⤵
  PID:12784
- C:\Windows\System\tOcehvv.exe
  C:\Windows\System\tOcehvv.exe
  2⤵
  PID:12812
- C:\Windows\System\RqWrjVi.exe
  C:\Windows\System\RqWrjVi.exe
  2⤵
  PID:12836
- C:\Windows\System\VmmAllJ.exe
  C:\Windows\System\VmmAllJ.exe
  2⤵
  PID:12856
- C:\Windows\System\HzHrwYE.exe
  C:\Windows\System\HzHrwYE.exe
  2⤵
  PID:12896
- C:\Windows\System\qANdCIa.exe
  C:\Windows\System\qANdCIa.exe
  2⤵
  PID:12924
- C:\Windows\System\qTJVpqM.exe
  C:\Windows\System\qTJVpqM.exe
  2⤵
  PID:12948
- C:\Windows\System\apNQPDV.exe
  C:\Windows\System\apNQPDV.exe
  2⤵
  PID:12968
- C:\Windows\System\dUlktmW.exe
  C:\Windows\System\dUlktmW.exe
  2⤵
  PID:13008
- C:\Windows\System\XcRtbll.exe
  C:\Windows\System\XcRtbll.exe
  2⤵
  PID:13036
- C:\Windows\System\SnLfHUF.exe
  C:\Windows\System\SnLfHUF.exe
  2⤵
  PID:13064
- C:\Windows\System\xyduSbS.exe
  C:\Windows\System\xyduSbS.exe
  2⤵
  PID:13084
- C:\Windows\System\quGtUmk.exe
  C:\Windows\System\quGtUmk.exe
  2⤵
  PID:13108
- C:\Windows\System\ppPnDcX.exe
  C:\Windows\System\ppPnDcX.exe
  2⤵
  PID:13124
- C:\Windows\System\UIAsuRz.exe
  C:\Windows\System\UIAsuRz.exe
  2⤵
  PID:13148
- C:\Windows\System\ctEDcxb.exe
  C:\Windows\System\ctEDcxb.exe
  2⤵
  PID:13204
- C:\Windows\System\otNQlCr.exe
  C:\Windows\System\otNQlCr.exe
  2⤵
  PID:13232
- C:\Windows\System\csBFSKW.exe
  C:\Windows\System\csBFSKW.exe
  2⤵
  PID:13260
- C:\Windows\System\OdvviFK.exe
  C:\Windows\System\OdvviFK.exe
  2⤵
  PID:13288
- C:\Windows\System\ikpUlih.exe
  C:\Windows\System\ikpUlih.exe
  2⤵
  PID:12292
- C:\Windows\System\QDsKSKl.exe
  C:\Windows\System\QDsKSKl.exe
  2⤵
  PID:12316
- C:\Windows\System\GnTUJum.exe
  C:\Windows\System\GnTUJum.exe
  2⤵
  PID:12432
- C:\Windows\System\nxaGBwV.exe
  C:\Windows\System\nxaGBwV.exe
  2⤵
  PID:12508
- C:\Windows\System\KwhlTse.exe
  C:\Windows\System\KwhlTse.exe
  2⤵
  PID:12532
- C:\Windows\System\FzbwKnF.exe
  C:\Windows\System\FzbwKnF.exe
  2⤵
  PID:12600
- C:\Windows\System\qqmhnEn.exe
  C:\Windows\System\qqmhnEn.exe
  2⤵
  PID:12648
- C:\Windows\System\YHhWVPQ.exe
  C:\Windows\System\YHhWVPQ.exe
  2⤵
  PID:3976
- C:\Windows\System\JzrVteJ.exe
  C:\Windows\System\JzrVteJ.exe
  2⤵
  PID:12772
- C:\Windows\System\sKoMhpD.exe
  C:\Windows\System\sKoMhpD.exe
  2⤵
  PID:12820
- C:\Windows\System\OcFmbnf.exe
  C:\Windows\System\OcFmbnf.exe
  2⤵
  PID:12908
- C:\Windows\System\fIAFiVc.exe
  C:\Windows\System\fIAFiVc.exe
  2⤵
  PID:12980
- C:\Windows\System\ASWBCbk.exe
  C:\Windows\System\ASWBCbk.exe
  2⤵
  PID:13052
- C:\Windows\System\LRqorLo.exe
  C:\Windows\System\LRqorLo.exe
  2⤵
  PID:4780
- C:\Windows\System\YoduvTi.exe
  C:\Windows\System\YoduvTi.exe
  2⤵
  PID:13096
- C:\Windows\System\sXhSLtW.exe
  C:\Windows\System\sXhSLtW.exe
  2⤵
  PID:13116
- C:\Windows\System\WTDhlXG.exe
  C:\Windows\System\WTDhlXG.exe
  2⤵
  PID:13188
- C:\Windows\System\lvXnUUh.exe
  C:\Windows\System\lvXnUUh.exe
  2⤵
  PID:13252
- C:\Windows\System\IIPQQZe.exe
  C:\Windows\System\IIPQQZe.exe
  2⤵
  PID:13304
- C:\Windows\System\RDQvaxj.exe
  C:\Windows\System\RDQvaxj.exe
  2⤵
  PID:12460
- C:\Windows\System\gFwnfkj.exe
  C:\Windows\System\gFwnfkj.exe
  2⤵
  PID:12544
- C:\Windows\System\pnsJpMC.exe
  C:\Windows\System\pnsJpMC.exe
  2⤵
  PID:4796
- C:\Windows\System\sifYCkr.exe
  C:\Windows\System\sifYCkr.exe
  2⤵
  PID:12844
- C:\Windows\System\wrfADnz.exe
  C:\Windows\System\wrfADnz.exe
  2⤵
  PID:13048
- C:\Windows\System\qCwRAWI.exe
  C:\Windows\System\qCwRAWI.exe
  2⤵
  PID:13092
- C:\Windows\System\CXIiBEa.exe
  C:\Windows\System\CXIiBEa.exe
  2⤵
  PID:13308
- C:\Windows\System\UieurWu.exe
  C:\Windows\System\UieurWu.exe
  2⤵
  PID:12456
- C:\Windows\System\aKmZejD.exe
  C:\Windows\System\aKmZejD.exe
  2⤵
  PID:12852
- C:\Windows\System\GHAhYpk.exe
  C:\Windows\System\GHAhYpk.exe
  2⤵
  PID:468
- C:\Windows\System\vMYYppa.exe
  C:\Windows\System\vMYYppa.exe
  2⤵
  PID:12808
- C:\Windows\System\pzhBtLC.exe
  C:\Windows\System\pzhBtLC.exe
  2⤵
  PID:12596
- C:\Windows\System\sjBhWeE.exe
  C:\Windows\System\sjBhWeE.exe
  2⤵
  PID:13324
- C:\Windows\System\mezlpgm.exe
  C:\Windows\System\mezlpgm.exe
  2⤵
  PID:13356
- C:\Windows\System\MiMowRH.exe
  C:\Windows\System\MiMowRH.exe
  2⤵
  PID:13384
- C:\Windows\System\dmHDRnG.exe
  C:\Windows\System\dmHDRnG.exe
  2⤵
  PID:13400
- C:\Windows\System\lAGeWwK.exe
  C:\Windows\System\lAGeWwK.exe
  2⤵
  PID:13428
- C:\Windows\System\hARVVVv.exe
  C:\Windows\System\hARVVVv.exe
  2⤵
  PID:13468
- C:\Windows\System\SKeYnZw.exe
  C:\Windows\System\SKeYnZw.exe
  2⤵
  PID:13496
- C:\Windows\System\ykYHRGo.exe
  C:\Windows\System\ykYHRGo.exe
  2⤵
  PID:13512
- C:\Windows\System\afvwhZM.exe
  C:\Windows\System\afvwhZM.exe
  2⤵
  PID:13552
- C:\Windows\System\KejrPIH.exe
  C:\Windows\System\KejrPIH.exe
  2⤵
  PID:13580
- C:\Windows\System\qvFUMTi.exe
  C:\Windows\System\qvFUMTi.exe
  2⤵
  PID:13600
- C:\Windows\System\eWtEZRZ.exe
  C:\Windows\System\eWtEZRZ.exe
  2⤵
  PID:13636
- C:\Windows\System\PlhQLWa.exe
  C:\Windows\System\PlhQLWa.exe
  2⤵
  PID:13664
- C:\Windows\System\ecGBTiD.exe
  C:\Windows\System\ecGBTiD.exe
  2⤵
  PID:13684
- C:\Windows\System\tlbtetv.exe
  C:\Windows\System\tlbtetv.exe
  2⤵
  PID:13712
- C:\Windows\System\lWQojWF.exe
  C:\Windows\System\lWQojWF.exe
  2⤵
  PID:13736
- C:\Windows\System\KzicIPu.exe
  C:\Windows\System\KzicIPu.exe
  2⤵
  PID:13752
- C:\Windows\System\PiLUtWn.exe
  C:\Windows\System\PiLUtWn.exe
  2⤵
  PID:13804
- C:\Windows\System\OINpcoX.exe
  C:\Windows\System\OINpcoX.exe
  2⤵
  PID:13820
- C:\Windows\System\PGfEFLh.exe
  C:\Windows\System\PGfEFLh.exe
  2⤵
  PID:13836
- C:\Windows\System\nldOgow.exe
  C:\Windows\System\nldOgow.exe
  2⤵
  PID:13888
- C:\Windows\System\KpakQNh.exe
  C:\Windows\System\KpakQNh.exe
  2⤵
  PID:13904
- C:\Windows\System\OWadrJv.exe
  C:\Windows\System\OWadrJv.exe
  2⤵
  PID:13944
- C:\Windows\System\nXNfXjl.exe
  C:\Windows\System\nXNfXjl.exe
  2⤵
  PID:13972
- C:\Windows\System\ckqrZSO.exe
  C:\Windows\System\ckqrZSO.exe
  2⤵
  PID:14000
- C:\Windows\System\UhTjMTg.exe
  C:\Windows\System\UhTjMTg.exe
  2⤵
  PID:14028
- C:\Windows\System\sTDRhxN.exe
  C:\Windows\System\sTDRhxN.exe
  2⤵
  PID:14056
- C:\Windows\System\pjiFBMS.exe
  C:\Windows\System\pjiFBMS.exe
  2⤵
  PID:14084
- C:\Windows\System\hnjTenY.exe
  C:\Windows\System\hnjTenY.exe
  2⤵
  PID:14100
- C:\Windows\System\eGxwjop.exe
  C:\Windows\System\eGxwjop.exe
  2⤵
  PID:14136
- C:\Windows\System\zYmmFyD.exe
  C:\Windows\System\zYmmFyD.exe
  2⤵
  PID:14168
- C:\Windows\System\MzhhpoY.exe
  C:\Windows\System\MzhhpoY.exe
  2⤵
  PID:14184
- C:\Windows\System\czAfYLv.exe
  C:\Windows\System\czAfYLv.exe
  2⤵
  PID:14200
- C:\Windows\System\NAfaUNA.exe
  C:\Windows\System\NAfaUNA.exe
  2⤵
  PID:14236
- C:\Windows\System\goDHIJB.exe
  C:\Windows\System\goDHIJB.exe
  2⤵
  PID:14268
- C:\Windows\System\YOhZFxO.exe
  C:\Windows\System\YOhZFxO.exe
  2⤵
  PID:14284
- C:\Windows\System\kqKQlzZ.exe
  C:\Windows\System\kqKQlzZ.exe
  2⤵
  PID:13320
- C:\Windows\System\aOSRdKC.exe
  C:\Windows\System\aOSRdKC.exe
  2⤵
  PID:13348
- C:\Windows\System\KdXwMZq.exe
  C:\Windows\System\KdXwMZq.exe
  2⤵
  PID:13420
- C:\Windows\System\tHZHeOv.exe
  C:\Windows\System\tHZHeOv.exe
  2⤵
  PID:13484
- C:\Windows\System\AahbhNv.exe
  C:\Windows\System\AahbhNv.exe
  2⤵
  PID:13548
- C:\Windows\System\KznRCuQ.exe
  C:\Windows\System\KznRCuQ.exe
  2⤵
  PID:13596

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CQwbAuA.exe

Filesize
1.9MB

MD5
2406274dcdb176b90d4021ed9a06d090

SHA1
4649f1512cd4b58049bf2091d651f8347f7b21ba

SHA256
e9ca3408d0a887c8c4e55e67ea4eda7f7346d6c8787043e6895a405cccbbcb88

SHA512
4cd2cbf7b098bc009ad6c6954759f2a9a334296ff91bfa0cb33ed9b938ec9942b2e4cbeec7c9f78187318bfb2e89bea050dffb513bf11f751d14eb0a16e3b1a4

Download Submit
C:\Windows\System\DOCpzzz.exe

Filesize
1.9MB

MD5
55e07796734eaddb7d84506f8a939ade

SHA1
6fa990c7c7957ca16a3360811d7ec26545e46356

SHA256
01bab97d09fd7157343059b6c2d6943117cf8cf9a94d40a8035d1c8b0d886a0b

SHA512
712c36491e143e30884a8f301b5576fc6ff3dd83df1e3e916b5efddd1e87e6461aebae89d9ed87f9c377ff988db0cc5f09e093d57e321f20bc80d3c375b4a40f

Download Submit
C:\Windows\System\DOmuwQT.exe

Filesize
1.9MB

MD5
b58c4d39cfaaa9d3f5db0ba67ad48d7d

SHA1
e1ad28f667bc2a3df0ddc0e76554e2769b44df40

SHA256
3eb450507166f8d518ee48817d0564afb78f088a09247bda96e05b4f863b6e8f

SHA512
0f59689ed42e9028a3d363ede81deec925a265e415a1c26abe6374a2e31d77a51f0e220659bbbc6a76b0ab23b8e39c8a7f9e3c3e3be572e857080ba54cc03b2c

Download Submit
C:\Windows\System\DQtjSVW.exe

Filesize
1.9MB

MD5
c81abd172e1f73e1399b789bb3b1eed5

SHA1
2f67d09066cf849b87ad09689afa8301cba4d5bb

SHA256
e468cc414be5650a7c597d91e3b7f7a0d0a6b5f709b0c456a97683d0415cba9f

SHA512
f5ee4139de0de475064164f72cf09e4a8b1fd164c7d436a5b07f3de0476f71eb76999336498dbbfd302d308eb396dc38437bb44bfd0a88780032e08f90914c7f

Download Submit
C:\Windows\System\EWEDQiU.exe

Filesize
1.9MB

MD5
e78984dd39ffa97b023256d245389091

SHA1
7c51eaadb492e97265e99610312adf5628638ea3

SHA256
b90840cbc87aa33fa04955fc5ed96313baa70c0dae721249033b829146153f55

SHA512
2d94dd064af2f1e3f81db98cf9191e7fde73adcbba52a9e1a76611d9c26d03a112ad6df12817716e1331e1e094a4e3581d3619b25282d70146447c5c44951771

Download Submit
C:\Windows\System\GbWfRPP.exe

Filesize
1.9MB

MD5
ca007d2c02b0b587309762440f8d65b1

SHA1
7b1508191b3753ca0a0f7cfc97088fcaa84d8a1d

SHA256
01311bd741887fd0c6b063f3ccc0c6f088e359ec723a55c16da6148c4eea424e

SHA512
f97116712fc75f06f716edd2c33e5bc03b7d60b025cc553c4d6a7cfe94b4d8286f7f15b6aa5febd707b4731f9d9be605932ef161437e229baebd4c722ba3398c

Download Submit
C:\Windows\System\IxTqMhW.exe

Filesize
1.9MB

MD5
e081dcbcb5f16dbfdb635ba74c736384

SHA1
c5443b3b341ea7d6e0b3f4d0c26e15ec94b79e4f

SHA256
7f6928bae9beb7d4f534d93f6ae2075d6d30db68731def64540b7df5b566b027

SHA512
02e65db570ee206e3e0e0141c28bf951729c141aaf39e1e649b923da5c13d9579f3f2e7c683c333b670db3995aab074a0e21bd21be453764e1e8cf730f333999

Download Submit
C:\Windows\System\JPXbDPV.exe

Filesize
1.9MB

MD5
3e78308fa2ce553d63d5626b246fe339

SHA1
fbafabe7b22bef94671fce71f137a9a371fd6fd6

SHA256
3a62f8f964d02305852f0469a783e67d73d77b2ab890b1d118b52361634f1120

SHA512
8a31de4df78c489f0be04ddfa987dd0154fb97516f50d92a7ab3889681324641a035c95e4d3a7ba9576deac279b6eda5d00da9b8dc1ea6c3b17230909be6b309

Download Submit
C:\Windows\System\JSLhche.exe

Filesize
1.9MB

MD5
617f42abea6b7c81fa6dd8ab16311b52

SHA1
c9f732d1b346afa569cfa5f05f93afdf40cedf9d

SHA256
68283845e33d36028526d9b159bfcdb95b7fbe263329bdcc3058a0524be8ee3c

SHA512
5838e9c58fb38e10ecce0f21f824777bb264360019ccb7204b7dbef5fe2629724e149c207b31411677de649636d9e1ad631936a186e032ad40100715842db0f2

Download Submit
C:\Windows\System\JZDwsru.exe

Filesize
1.9MB

MD5
4cd4a9e39cc3f795f050cfa97db4b315

SHA1
da7a1609bada85a05d8fe96ffaab07307bda586e

SHA256
cca6ac4c57c5d90cab6771d6e7c0c1dcf6468c218a89ed74e8fa00278f63b57a

SHA512
a195abea56999f025ac64268ef28967b177612063f11253d0bf1c44eb2763e15d91403ec0ac991c90b552913cfe09265faf0b1acf1c65cf615f9b78d56c08f77

Download Submit
C:\Windows\System\KQERgnL.exe

Filesize
1.9MB

MD5
94f9ff1f9f195cc8966d1ce1c3a34e27

SHA1
e900a06db6fa500c4b4970040e48182df2da1e6b

SHA256
8ee4eff3ae0d55236cf53f4d3a0396fb6c6b76c29b23ba54bebc78c883cb52ac

SHA512
af4438f9803f1527129d436e8975819797b56d8f0a2f0fbd5b67a6f9efe1a215bd110a8018092b262a27bb1670cb474c40c9f60eb9f39e5b6c97fb5268c541d1

Download Submit
C:\Windows\System\KSCCLHu.exe

Filesize
1.9MB

MD5
a1bd2dd0938066361e30ad0253ebe13a

SHA1
8b637a75e9cfe82b995c18a63713c8f34d05072e

SHA256
76ace50eb8a4af406d3d71c4500025f02fdc94dff1eeb4b8408bdbb55ca2d243

SHA512
9dedeef4aa7266f216c94f5bf97bf427f04e035a20c2e4cc2c1d0af8b51a82d243fed27eef0fa54729fa5dc1294aacc6289fd2153d40764221fc8f32aff72014

Download Submit
C:\Windows\System\MWAhmKY.exe

Filesize
1.9MB

MD5
8beaba1724487b55ae561fed25f2215d

SHA1
6a6da64618fe635027bf296ee6c54266722f1cc7

SHA256
6aaaca1319a8cb8081c0b9dcb352bb6c6edac161906a0895ee57e305e38586c3

SHA512
bfcd4d258880ed53e798499e5e28ea4fdd983fb516ff9c83810cd696c117803cc357078ffbe178c9e448ef530471175fb7d29ee0a0c3e601e556ffdbf5b169c9

Download Submit
C:\Windows\System\NVkreoO.exe

Filesize
1.9MB

MD5
3e3796d8a85490ca05cab0316fbf06de

SHA1
2d1fbd544868484994e26786f17438d215b14eab

SHA256
1ae5233fa0adf53f922cba782c56a0840a27369231a01c42666bc3b80703145d

SHA512
ba07d1106a2d94c4962c91178a672805978e8129524e91d6f7a25d49d5718f05a2b42e3dd1662615cbafae0be7dde327f36f3662c8ca4ea2b3050e232df5e20e

Download Submit
C:\Windows\System\PBwaxaQ.exe

Filesize
1.9MB

MD5
62afdfb058436b33cc2435adba2e1ab5

SHA1
c773234e2fe07e4dc1a6546dc82251822aca1610

SHA256
afdbd810d9354ce07143ff156797b5260055bdc343eb14f324cc8186b6357b76

SHA512
eb1777e9be007a7c1e1e675caf81402abb8f4df8ef31fd7e4035f33db756383d31c3d049ae957b5f5e465b2706419467abc1c515c3bc83b8e94ff0415f9860bd

Download Submit
C:\Windows\System\RXlSIOo.exe

Filesize
1.9MB

MD5
e69f64af7a43f9e6ef0117bba457e644

SHA1
e1e5654e3951b69460c38e0967c398686c0c6335

SHA256
213219deddbbf11012d0dc9ea77fc816a0ed420af5ea41950f15b22227853f6a

SHA512
c633017ac9db3cffcb35a31a6c36215ee95f2a4199e8689e3e0e49028e9ec0257f4b211851283b86e9fdbb764f53f5181da342b4e38cdd0f611afa3fb30cfa59

Download Submit
C:\Windows\System\TIHxVNs.exe

Filesize
1.9MB

MD5
c2cbbe4f7c1b441a403bd23c9365c0f2

SHA1
5508029a3706af0e869edb3827168f99dbadbf54

SHA256
5ff690041bd5dd1f4527b1269e81d7b2ca31028547cf582a7b2a2610f8da390a

SHA512
e9d7bbd3e622f47d0ac0c65d208d5795c9634690a99210ea94906148ecca8d5cc841f6f50596fc1fa3b91faf08a55a4a9a0cb9d0e5597537bf9c31ae0678c4fc

Download Submit
C:\Windows\System\WNmWjjA.exe

Filesize
1.9MB

MD5
2600d9f0b96d387f77adceea5544413e

SHA1
f911a56119efde339c571439709f6fecfa27162e

SHA256
128964f12afb0507d7fe575af3f4f5cd61a8bb6efa1248449a749413b6ffdb60

SHA512
e160fbf43331ae964275167347ebe7496d34329ed94dcf8eaa85e07fe7cc2eb4a1c130336ae3935159defd1cf3aa7f51d642393cdfea56c962fde83710d7941e

Download Submit
C:\Windows\System\WkkTthh.exe

Filesize
1.9MB

MD5
6691106a0f42802c54ef22bd255ed002

SHA1
9d8a2e00cd262a496b31445639ce90ef393f8ec4

SHA256
e43fd35265e69b1f64240349c03a874fcb33672ef52bdd4881d60b422269f904

SHA512
4adf3ac5464d37db342f034ed089ceb03401257df8e7a1b9ff07ca8c30a73777779fda663a9ad6572422b2483661cc8648b3084de575db3ecaf6e924bf143b16

Download Submit
C:\Windows\System\XBqeAac.exe

Filesize
1.9MB

MD5
d10ba3506dd4a92f21c618e48697e601

SHA1
be1dda7880b0813b7ae2b2983670ff26da530600

SHA256
4ceff6fbfffab6530587635b15d1d15099a2bee1dac4cc29b081e4f09a1ba1e4

SHA512
15dfdae4bf14880646e4c98261e890e80c59d9b39a2eeaeef5fd12f9f84667861edd75d13049f5770434fde23423c9560d1913691fa110fc0c3b5707d62ea96a

Download Submit
C:\Windows\System\XcsQKwR.exe

Filesize
1.9MB

MD5
158219decb35574dd442544316dec5c1

SHA1
47c4cf26d9cef497d580cec0cd52eafc35e129d9

SHA256
a9740d96a74f3f57302ec0accc81866f83d52ac7ac5531d2c5b89a38d9c35b11

SHA512
b4db3fdb4e3b80f44a151c2080d035182fb675db8825afa562a40adf2e0fd3668c84a7813e89a037e15e15cf6382a3b243d0994d733b6ca48fd4ce44c7fb9057

Download Submit
C:\Windows\System\aYpCAYS.exe

Filesize
1.9MB

MD5
1ba8a9cadeac8fb23225704aa6984e8b

SHA1
092b14bd126476fb0a375df078457846337291e1

SHA256
f54bbc5963612cb166a2dd72fe321a75a5c75c7fc9318af5f0eb83b27ed76dd9

SHA512
d68efd02926beb17e7b92e47caf9a761d877e134f94dd4e9471ff13b3e684c4edbeec3b85ceab1556458893a0cdb05eaad7bc58eb8766ebb8f64a4193360eb37

Download Submit
C:\Windows\System\eNQzmXU.exe

Filesize
1.9MB

MD5
9bbbd7e85bc70f26242a6597a5838dce

SHA1
19d466728a22cd28ccec96777f5c27bbe8c2eff5

SHA256
100c97960ca37f9136eff15438b5f1967a6c297bed6aa3156a16cf97b21a9925

SHA512
5a3f220c9bc632b9d96b16a57bfba77e3b3e565ec3cfc3f55bee1284b2ed938f2f3af0f8f3a96908046bbb72e57d105d8b539d2e77f32bcd2480ba1a97608318

Download Submit
C:\Windows\System\fGCemfK.exe

Filesize
1.9MB

MD5
452eb8c565348d6b234e23168c7b02e0

SHA1
fbc42306114d8981c5ab8b508c022433373c48db

SHA256
81fee600177faf6da74bf9b2e2928a436f3f4ceb13597c56683c097d9fd32f4f

SHA512
97e3a5e58a6b7306c9fe1299f43553dba097b242e1ba0ede0cb79dd65386cd4797446559c6b873a837dfc3023d919739bc03b68796a3324bf961299f5305cf12

Download Submit
C:\Windows\System\jUwuHBb.exe

Filesize
1.9MB

MD5
0a08a9103a660732f7477fafcd2fa8e3

SHA1
c0fd549d9b1d13f89fd51559fc166dc71e6a3ec1

SHA256
9d945c33ebf53706e9d59215190b1b826aea1bd12abad1caeec013ed97b1cb46

SHA512
4729f98a41c8d315d28bf18f02d7c1a9242eeb180bc0e38b6eb9bc68067b4cfb9096b8d1688f165271ea5ecb3bbc4f2b301c68aa639d86b4e4cdea65a1cd0205

Download Submit
C:\Windows\System\ktrnfAE.exe

Filesize
1.9MB

MD5
aa84fc08c82ecd480047cd782fd53794

SHA1
6dfa48d995bcab595c4ae03563f834b6adcb98aa

SHA256
c8be6ce8d7d183c82c63d1dbec8bb7d8d7ae384fc8cb14ef91b75d6da4a8b42b

SHA512
76326b480f143fbeba8b21bc1eba331c52d9d045a7f51089d1a9d43541472ed0bd0cde6fc443cddc7e7e65915e0e393235a7b1be2ce9a087ab08767dbe63d2dc

Download Submit
C:\Windows\System\mBBaFzK.exe

Filesize
1.9MB

MD5
20098505d5a4c9d7c3b51ce0e533c0f0

SHA1
54b885dc874ac451c68e4533734e06b8251b2000

SHA256
905d6a2527077c9b0ee11788c19666dc7a7e77f433ac8aaa266010185d31266a

SHA512
b37a7e5983bc641bf85c5405a107f9544218a3364bef854d8c4a84e0da7a75af6731aa64322c87e0c08cad49949f355c90940bbba5a09ecb666f38e349b6e459

Download Submit
C:\Windows\System\paurmRW.exe

Filesize
1.9MB

MD5
ff483b4911ea3fe714b9dde7389e6f49

SHA1
3c9da96ee6beaec572b9556c86de87531999a225

SHA256
ec7ac57070bcd6d2434e8723993f19d317fc2c5e3a530304cd629a41e45cc243

SHA512
ce042437340d37b9256005f24f27d767f7df0c2914248163fcdb17f1ade16e89213f261ef9d148784386c2919c454c8edbb778aa8c8646bc36f1d19cc6db8983

Download Submit
C:\Windows\System\sMOtqrE.exe

Filesize
1.9MB

MD5
7b8290f5347876ebfbadbda76ab9b31f

SHA1
6fea7cf30069d9faf1a4ee78797946df4f688f63

SHA256
fcbb2723445c1ae527cae67b655f16a356e40e3d69d210e3033d21dd9a00240a

SHA512
537bc3243925012b546f6d977a85a55ab796f478ea58d84a52ec6e49dc2c453238a0e29d677aedbde5a276558b112f4359dddb6d5569c0066117da5feb2484a9

Download Submit
C:\Windows\System\tieYvRP.exe

Filesize
1.9MB

MD5
885a0c2f4b9f4643bc93394de9034cf1

SHA1
772fe6d4d79dd55aef980837ee428791fda077a6

SHA256
b29adfe4c7fe6a054d1e61851abd0f55d020bfd0abb8da5ee6de4a62a3ae8048

SHA512
efa28a82ba84a5ddf0cc6c91f4a09e1233cf21f9bbba7284ac64f5ca4ae4f19554f3d7ed2949b17b45c0af45c780430e9d162654b55d97a87318a3c83abfdfa9

Download Submit
C:\Windows\System\uKnGRFI.exe

Filesize
1.9MB

MD5
e27fd60be13a733cdef075d5fc7ff12b

SHA1
6821198ce956bfa7ceeec624f199911d3acc648f

SHA256
2c45e59316a6c453b630018db555043e3de9b7e85906fdfa9164d36f20f545af

SHA512
215cfbb0fa52af7cd4d1e06567cbec86cf99740af877335f7109f8bf658b53a125691b095dd44099bd004639cf9639391ee02909d6009bceb37083ee1fedbe41

Download Submit
C:\Windows\System\uVZVVHq.exe

Filesize
1.9MB

MD5
3a874a6055c995bfb6f40507b1afcc3e

SHA1
9d81021bcf7e58a80592cf508edadba6c052b774

SHA256
2c26a7632176eb1a7d7b83a0d6e8c5387d195ba801e2a61d9c171cbfe4c669d7

SHA512
337e5495033cb52d75540ef136275ed4d48493527a5c1d5df12e569c85fd78062f5e1e5d16cd5cb71ca86c14e442651507b0e9db2cc64d94aff14939973f76e3

Download Submit
C:\Windows\System\wmNwELH.exe

Filesize
1.9MB

MD5
27031a18dc8d7e19c891178ea0c0d0f4

SHA1
55a1df70b346f6a77b65ba7123f18e8390621d71

SHA256
bd4bf7dc2f952fcee0c3b104c166fb265fb340195e542d7c334b08d2664a26ce

SHA512
d72cb778773c0ef0299dc440bdcaba84c846f7195a4f57e4e47eae8a25d4045917b4b7257291ee010a406cd655eb8d98df33d3c0df7efecedfb2029c9f99b5dd

Download Submit
memory/804-766-0x00007FF7C7A00000-0x00007FF7C7D54000-memory.dmp

Filesize
3.3MB

Download
memory/804-2140-0x00007FF7C7A00000-0x00007FF7C7D54000-memory.dmp

Filesize
3.3MB

Download
memory/1056-869-0x00007FF7EF8D0000-0x00007FF7EFC24000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2155-0x00007FF7EF8D0000-0x00007FF7EFC24000-memory.dmp

Filesize
3.3MB

Download
memory/1364-734-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2138-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-2154-0x00007FF620540000-0x00007FF620894000-memory.dmp

Filesize
3.3MB

Download
memory/1732-876-0x00007FF620540000-0x00007FF620894000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2153-0x00007FF7D1890000-0x00007FF7D1BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-851-0x00007FF7D1890000-0x00007FF7D1BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2156-0x00007FF6DBD90000-0x00007FF6DC0E4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-859-0x00007FF6DBD90000-0x00007FF6DC0E4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-846-0x00007FF652D40000-0x00007FF653094000-memory.dmp

Filesize
3.3MB

Download
memory/1884-2141-0x00007FF652D40000-0x00007FF653094000-memory.dmp

Filesize
3.3MB

Download
memory/1984-24-0x00007FF61A990000-0x00007FF61ACE4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2133-0x00007FF61A990000-0x00007FF61ACE4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2149-0x00007FF7C2FB0000-0x00007FF7C3304000-memory.dmp

Filesize
3.3MB

Download
memory/2372-787-0x00007FF7C2FB0000-0x00007FF7C3304000-memory.dmp

Filesize
3.3MB

Download
memory/2444-804-0x00007FF7ADB30000-0x00007FF7ADE84000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2148-0x00007FF7ADB30000-0x00007FF7ADE84000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1-0x0000029A80770000-0x0000029A80780000-memory.dmp

Filesize
64KB

Download
memory/2812-0-0x00007FF6231C0000-0x00007FF623514000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2131-0x00007FF794920000-0x00007FF794C74000-memory.dmp

Filesize
3.3MB

Download
memory/3052-9-0x00007FF794920000-0x00007FF794C74000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2129-0x00007FF794920000-0x00007FF794C74000-memory.dmp

Filesize
3.3MB

Download
memory/3368-2144-0x00007FF6E9B50000-0x00007FF6E9EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-836-0x00007FF6E9B50000-0x00007FF6E9EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-901-0x00007FF66CBA0000-0x00007FF66CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2157-0x00007FF66CBA0000-0x00007FF66CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-782-0x00007FF7836B0000-0x00007FF783A04000-memory.dmp

Filesize
3.3MB

Download
memory/3528-2139-0x00007FF7836B0000-0x00007FF783A04000-memory.dmp

Filesize
3.3MB

Download
memory/3704-2146-0x00007FF73A450000-0x00007FF73A7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3704-757-0x00007FF73A450000-0x00007FF73A7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2130-0x00007FF6704E0000-0x00007FF670834000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2132-0x00007FF6704E0000-0x00007FF670834000-memory.dmp

Filesize
3.3MB

Download
memory/3776-21-0x00007FF6704E0000-0x00007FF670834000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2136-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3820-745-0x00007FF6BA470000-0x00007FF6BA7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-828-0x00007FF6E7070000-0x00007FF6E73C4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2147-0x00007FF6E7070000-0x00007FF6E73C4000-memory.dmp

Filesize
3.3MB

Download
memory/4216-887-0x00007FF79F3E0000-0x00007FF79F734000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2158-0x00007FF79F3E0000-0x00007FF79F734000-memory.dmp

Filesize
3.3MB

Download
memory/4400-2135-0x00007FF675DE0000-0x00007FF676134000-memory.dmp

Filesize
3.3MB

Download
memory/4400-732-0x00007FF675DE0000-0x00007FF676134000-memory.dmp

Filesize
3.3MB

Download
memory/4524-776-0x00007FF709C60000-0x00007FF709FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2145-0x00007FF709C60000-0x00007FF709FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2152-0x00007FF678CE0000-0x00007FF679034000-memory.dmp

Filesize
3.3MB

Download
memory/4528-883-0x00007FF678CE0000-0x00007FF679034000-memory.dmp

Filesize
3.3MB

Download
memory/4556-2143-0x00007FF6759B0000-0x00007FF675D04000-memory.dmp

Filesize
3.3MB

Download
memory/4556-818-0x00007FF6759B0000-0x00007FF675D04000-memory.dmp

Filesize
3.3MB

Download
memory/4644-733-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2134-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2137-0x00007FF70C080000-0x00007FF70C3D4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-749-0x00007FF70C080000-0x00007FF70C3D4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-841-0x00007FF7DE2E0000-0x00007FF7DE634000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2150-0x00007FF7DE2E0000-0x00007FF7DE634000-memory.dmp

Filesize
3.3MB

Download
memory/4920-892-0x00007FF715EA0000-0x00007FF7161F4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2159-0x00007FF715EA0000-0x00007FF7161F4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2142-0x00007FF79E950000-0x00007FF79ECA4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-752-0x00007FF79E950000-0x00007FF79ECA4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-811-0x00007FF6D6920000-0x00007FF6D6C74000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2151-0x00007FF6D6920000-0x00007FF6D6C74000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads