xmrig | a30e2ef21de559263bc2bdeb08f32a375c440a52cf9af6ca26b7613276541358

Analysis

max time kernel
130s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
Size

2.1MB
MD5

5b36fb888d16fd053f4697692732d340
SHA1

ae1dac16f81dae286ad2e4e20b405b1a67f3d596
SHA256

a30e2ef21de559263bc2bdeb08f32a375c440a52cf9af6ca26b7613276541358
SHA512

f72b7ee02aa274b1fdd863a09f67b75e41acdf54233b4ba081c806624c2c236859cbe14e4c55ffd3027ebb0c7bf859135b8525c9f7703d7710e7287201ca54b1
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIaHs1PTma87Xx1gr:BemTLkNdfE0pZrf

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3340-0-0x00007FF6A8670000-0x00007FF6A89C4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023429-5.dat	xmrig
behavioral2/files/0x000700000002342d-13.dat	xmrig
behavioral2/files/0x000700000002342e-14.dat	xmrig
behavioral2/memory/4748-62-0x00007FF7AB600000-0x00007FF7AB954000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-74.dat	xmrig
behavioral2/memory/2988-88-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp	xmrig
behavioral2/memory/3716-96-0x00007FF7063C0000-0x00007FF706714000-memory.dmp	xmrig
behavioral2/memory/4356-104-0x00007FF79E0A0000-0x00007FF79E3F4000-memory.dmp	xmrig
behavioral2/memory/4044-107-0x00007FF61C760000-0x00007FF61CAB4000-memory.dmp	xmrig
behavioral2/memory/1180-110-0x00007FF77DC70000-0x00007FF77DFC4000-memory.dmp	xmrig
behavioral2/memory/732-109-0x00007FF683200000-0x00007FF683554000-memory.dmp	xmrig
behavioral2/memory/4716-108-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	xmrig
behavioral2/memory/4580-106-0x00007FF6CA970000-0x00007FF6CACC4000-memory.dmp	xmrig
behavioral2/memory/972-105-0x00007FF60B660000-0x00007FF60B9B4000-memory.dmp	xmrig
behavioral2/memory/3372-103-0x00007FF6BAFB0000-0x00007FF6BB304000-memory.dmp	xmrig
behavioral2/files/0x000700000002343d-101.dat	xmrig
behavioral2/files/0x000700000002343c-99.dat	xmrig
behavioral2/files/0x000700000002343b-97.dat	xmrig
behavioral2/memory/3592-95-0x00007FF6A7300000-0x00007FF6A7654000-memory.dmp	xmrig
behavioral2/files/0x000700000002343a-93.dat	xmrig
behavioral2/files/0x0007000000023438-89.dat	xmrig
behavioral2/files/0x0007000000023437-85.dat	xmrig
behavioral2/memory/1572-77-0x00007FF6B3B90000-0x00007FF6B3EE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-71.dat	xmrig
behavioral2/memory/1628-66-0x00007FF62E2C0000-0x00007FF62E614000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-64.dat	xmrig
behavioral2/files/0x0007000000023434-58.dat	xmrig
behavioral2/files/0x0007000000023430-69.dat	xmrig
behavioral2/files/0x0007000000023435-49.dat	xmrig
behavioral2/files/0x0007000000023431-46.dat	xmrig
behavioral2/memory/4348-45-0x00007FF73EC90000-0x00007FF73EFE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-40.dat	xmrig
behavioral2/files/0x0007000000023433-53.dat	xmrig
behavioral2/memory/1404-30-0x00007FF77E790000-0x00007FF77EAE4000-memory.dmp	xmrig
behavioral2/memory/1836-24-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-116.dat	xmrig
behavioral2/files/0x0007000000023440-143.dat	xmrig
behavioral2/files/0x0007000000023445-161.dat	xmrig
behavioral2/memory/4600-172-0x00007FF67BE10000-0x00007FF67C164000-memory.dmp	xmrig
behavioral2/files/0x0007000000023446-176.dat	xmrig
behavioral2/files/0x0007000000023449-184.dat	xmrig
behavioral2/files/0x000700000002344a-189.dat	xmrig
behavioral2/files/0x000700000002344b-194.dat	xmrig
behavioral2/memory/432-186-0x00007FF6E3D20000-0x00007FF6E4074000-memory.dmp	xmrig
behavioral2/memory/4084-183-0x00007FF65A360000-0x00007FF65A6B4000-memory.dmp	xmrig
behavioral2/memory/2700-182-0x00007FF737C60000-0x00007FF737FB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023448-180.dat	xmrig
behavioral2/files/0x0007000000023447-178.dat	xmrig
behavioral2/memory/2024-175-0x00007FF759720000-0x00007FF759A74000-memory.dmp	xmrig
behavioral2/memory/2004-173-0x00007FF764C50000-0x00007FF764FA4000-memory.dmp	xmrig
behavioral2/memory/4860-165-0x00007FF674810000-0x00007FF674B64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023443-155.dat	xmrig
behavioral2/files/0x0007000000023444-154.dat	xmrig
behavioral2/files/0x0007000000023441-150.dat	xmrig
behavioral2/files/0x0007000000023442-148.dat	xmrig
behavioral2/memory/4112-147-0x00007FF65A790000-0x00007FF65AAE4000-memory.dmp	xmrig
behavioral2/memory/2184-137-0x00007FF7576C0000-0x00007FF757A14000-memory.dmp	xmrig
behavioral2/files/0x000700000002343f-136.dat	xmrig
behavioral2/memory/1864-133-0x00007FF6EB320000-0x00007FF6EB674000-memory.dmp	xmrig
behavioral2/memory/4732-126-0x00007FF7082D0000-0x00007FF708624000-memory.dmp	xmrig
behavioral2/files/0x000800000002342a-121.dat	xmrig
behavioral2/memory/3276-9-0x00007FF695650000-0x00007FF6959A4000-memory.dmp	xmrig
behavioral2/memory/3276-1155-0x00007FF695650000-0x00007FF6959A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3276	WjHjijn.exe
1836	zrbALlv.exe
1404	yFZDAnE.exe
4348	xjIxoUq.exe
4748	OPWUYxS.exe
972	thRJVDu.exe
4580	NUWHoGA.exe
1628	oABXSES.exe
1572	uROdtAU.exe
4044	zBJJsMx.exe
2988	tXWfZLO.exe
4716	pJEqdDq.exe
732	DTqqiDE.exe
3592	zVkvKNe.exe
3716	kLuMPba.exe
1180	rERlzKi.exe
3372	NmGFZWy.exe
4356	OYWBXoB.exe
4732	UibcUSD.exe
4860	IOnRXmc.exe
1864	XECOIAU.exe
4600	wwCLZAI.exe
2184	dMneKaz.exe
2004	CpFvZGB.exe
4112	mIuAjoS.exe
4084	qxHFpst.exe
2024	rSQCIIv.exe
432	ToAZAjA.exe
2700	ZKQsdKw.exe
5092	vEdcTeC.exe
5036	UhfIOCH.exe
1904	dXOiqOn.exe
2000	ylNDPpT.exe
2460	UDraWPK.exe
1120	UhDBmdw.exe
2312	sFYFHCz.exe
516	TrcJOqD.exe
3856	HjFIPPy.exe
3056	KNJYjCj.exe
1776	nRRjULZ.exe
4392	qEyAMFQ.exe
1884	vrgFoHy.exe
2616	rPxmIhD.exe
4032	lebqvJp.exe
3504	jMiIoXV.exe
1080	wdyKDdF.exe
4080	KYzWrNy.exe
1472	muMqAKv.exe
1848	ByYIYVP.exe
1956	ltDLsxL.exe
3964	JYrDFRT.exe
4452	oYNuAJH.exe
1668	mOqkjNP.exe
640	dYZEixJ.exe
2500	OXnRgyY.exe
3448	DjfuQED.exe
4508	cOtrAKe.exe
4492	HpKoVPb.exe
1052	ioslUim.exe
4560	lshQLXk.exe
2212	nrOtRyA.exe
3536	zeXdPqL.exe
5112	OdjagIQ.exe
1976	WwKcPKq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3340-0-0x00007FF6A8670000-0x00007FF6A89C4000-memory.dmp	upx
behavioral2/files/0x0008000000023429-5.dat	upx
behavioral2/files/0x000700000002342d-13.dat	upx
behavioral2/files/0x000700000002342e-14.dat	upx
behavioral2/memory/4748-62-0x00007FF7AB600000-0x00007FF7AB954000-memory.dmp	upx
behavioral2/files/0x0007000000023439-74.dat	upx
behavioral2/memory/2988-88-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp	upx
behavioral2/memory/3716-96-0x00007FF7063C0000-0x00007FF706714000-memory.dmp	upx
behavioral2/memory/4356-104-0x00007FF79E0A0000-0x00007FF79E3F4000-memory.dmp	upx
behavioral2/memory/4044-107-0x00007FF61C760000-0x00007FF61CAB4000-memory.dmp	upx
behavioral2/memory/1180-110-0x00007FF77DC70000-0x00007FF77DFC4000-memory.dmp	upx
behavioral2/memory/732-109-0x00007FF683200000-0x00007FF683554000-memory.dmp	upx
behavioral2/memory/4716-108-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	upx
behavioral2/memory/4580-106-0x00007FF6CA970000-0x00007FF6CACC4000-memory.dmp	upx
behavioral2/memory/972-105-0x00007FF60B660000-0x00007FF60B9B4000-memory.dmp	upx
behavioral2/memory/3372-103-0x00007FF6BAFB0000-0x00007FF6BB304000-memory.dmp	upx
behavioral2/files/0x000700000002343d-101.dat	upx
behavioral2/files/0x000700000002343c-99.dat	upx
behavioral2/files/0x000700000002343b-97.dat	upx
behavioral2/memory/3592-95-0x00007FF6A7300000-0x00007FF6A7654000-memory.dmp	upx
behavioral2/files/0x000700000002343a-93.dat	upx
behavioral2/files/0x0007000000023438-89.dat	upx
behavioral2/files/0x0007000000023437-85.dat	upx
behavioral2/memory/1572-77-0x00007FF6B3B90000-0x00007FF6B3EE4000-memory.dmp	upx
behavioral2/files/0x0007000000023436-71.dat	upx
behavioral2/memory/1628-66-0x00007FF62E2C0000-0x00007FF62E614000-memory.dmp	upx
behavioral2/files/0x0007000000023432-64.dat	upx
behavioral2/files/0x0007000000023434-58.dat	upx
behavioral2/files/0x0007000000023430-69.dat	upx
behavioral2/files/0x0007000000023435-49.dat	upx
behavioral2/files/0x0007000000023431-46.dat	upx
behavioral2/memory/4348-45-0x00007FF73EC90000-0x00007FF73EFE4000-memory.dmp	upx
behavioral2/files/0x000700000002342f-40.dat	upx
behavioral2/files/0x0007000000023433-53.dat	upx
behavioral2/memory/1404-30-0x00007FF77E790000-0x00007FF77EAE4000-memory.dmp	upx
behavioral2/memory/1836-24-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp	upx
behavioral2/files/0x000700000002343e-116.dat	upx
behavioral2/files/0x0007000000023440-143.dat	upx
behavioral2/files/0x0007000000023445-161.dat	upx
behavioral2/memory/4600-172-0x00007FF67BE10000-0x00007FF67C164000-memory.dmp	upx
behavioral2/files/0x0007000000023446-176.dat	upx
behavioral2/files/0x0007000000023449-184.dat	upx
behavioral2/files/0x000700000002344a-189.dat	upx
behavioral2/files/0x000700000002344b-194.dat	upx
behavioral2/memory/432-186-0x00007FF6E3D20000-0x00007FF6E4074000-memory.dmp	upx
behavioral2/memory/4084-183-0x00007FF65A360000-0x00007FF65A6B4000-memory.dmp	upx
behavioral2/memory/2700-182-0x00007FF737C60000-0x00007FF737FB4000-memory.dmp	upx
behavioral2/files/0x0007000000023448-180.dat	upx
behavioral2/files/0x0007000000023447-178.dat	upx
behavioral2/memory/2024-175-0x00007FF759720000-0x00007FF759A74000-memory.dmp	upx
behavioral2/memory/2004-173-0x00007FF764C50000-0x00007FF764FA4000-memory.dmp	upx
behavioral2/memory/4860-165-0x00007FF674810000-0x00007FF674B64000-memory.dmp	upx
behavioral2/files/0x0007000000023443-155.dat	upx
behavioral2/files/0x0007000000023444-154.dat	upx
behavioral2/files/0x0007000000023441-150.dat	upx
behavioral2/files/0x0007000000023442-148.dat	upx
behavioral2/memory/4112-147-0x00007FF65A790000-0x00007FF65AAE4000-memory.dmp	upx
behavioral2/memory/2184-137-0x00007FF7576C0000-0x00007FF757A14000-memory.dmp	upx
behavioral2/files/0x000700000002343f-136.dat	upx
behavioral2/memory/1864-133-0x00007FF6EB320000-0x00007FF6EB674000-memory.dmp	upx
behavioral2/memory/4732-126-0x00007FF7082D0000-0x00007FF708624000-memory.dmp	upx
behavioral2/files/0x000800000002342a-121.dat	upx
behavioral2/memory/3276-9-0x00007FF695650000-0x00007FF6959A4000-memory.dmp	upx
behavioral2/memory/3276-1155-0x00007FF695650000-0x00007FF6959A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nglqnpN.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\VNitXKI.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\uJYNcae.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\TtbumyY.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\ZFLfyvm.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\kLuMPba.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\ltDLsxL.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\OpsIJkD.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\NbbGvHP.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\YsqzJzt.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\lshQLXk.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\EwveHkO.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\oBpkKvc.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\bOxLIBh.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\gEeXcko.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\axVFCiX.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\rqAAxKm.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\InZwTLg.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\DpoXyGd.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\LpURvwa.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\ThtokQt.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\ZAyUUYK.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\mkxiqvI.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\OWgbjRY.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\yFhuIGR.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\GfsAGzs.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\AAehBWu.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\dMneKaz.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\qEyAMFQ.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\njHTgbZ.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\igxTTLg.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\BjIHnjM.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\AVkdPEG.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\JjZxHXa.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\OHmqwPi.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\MJnzNJQ.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\OKqXRtm.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\AMfIERQ.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\DZXmseD.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\mebNbfj.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\joJYxTq.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\RftZKrC.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\ljUEiUW.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\CTluKjK.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\GUCvqIs.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\XCzxykE.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\YfjARxB.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\PoCtSYd.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\QalPZuC.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\jtVgjyR.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\PWsvxsy.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\aomwnIL.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\UtUowLQ.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\muMqAKv.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\tnAGIIr.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\kFUBrWg.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\WuqdqdO.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\TrWTLFR.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\VDoKngg.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\kdfSXQe.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\GvVRGjF.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\ZKQsdKw.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\kQeSegX.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
File created	C:\Windows\System\SQSJhOm.exe	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14976	dwm.exe
Token: SeChangeNotifyPrivilege	14976	dwm.exe
Token: 33	14976	dwm.exe
Token: SeIncBasePriorityPrivilege	14976	dwm.exe
Token: SeShutdownPrivilege	14976	dwm.exe
Token: SeCreatePagefilePrivilege	14976	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 3276	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	83
PID 3340 wrote to memory of 3276	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	83
PID 3340 wrote to memory of 1836	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	84
PID 3340 wrote to memory of 1836	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	84
PID 3340 wrote to memory of 1404	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	85
PID 3340 wrote to memory of 1404	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	85
PID 3340 wrote to memory of 4348	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	86
PID 3340 wrote to memory of 4348	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	86
PID 3340 wrote to memory of 4748	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	87
PID 3340 wrote to memory of 4748	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	87
PID 3340 wrote to memory of 972	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	88
PID 3340 wrote to memory of 972	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	88
PID 3340 wrote to memory of 4580	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	89
PID 3340 wrote to memory of 4580	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	89
PID 3340 wrote to memory of 1628	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	90
PID 3340 wrote to memory of 1628	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	90
PID 3340 wrote to memory of 1572	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	91
PID 3340 wrote to memory of 1572	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	91
PID 3340 wrote to memory of 4044	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	92
PID 3340 wrote to memory of 4044	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	92
PID 3340 wrote to memory of 2988	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	93
PID 3340 wrote to memory of 2988	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	93
PID 3340 wrote to memory of 4716	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	94
PID 3340 wrote to memory of 4716	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	94
PID 3340 wrote to memory of 732	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	95
PID 3340 wrote to memory of 732	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	95
PID 3340 wrote to memory of 3592	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	96
PID 3340 wrote to memory of 3592	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	96
PID 3340 wrote to memory of 3716	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	97
PID 3340 wrote to memory of 3716	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	97
PID 3340 wrote to memory of 1180	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	98
PID 3340 wrote to memory of 1180	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	98
PID 3340 wrote to memory of 3372	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	99
PID 3340 wrote to memory of 3372	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	99
PID 3340 wrote to memory of 4356	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	100
PID 3340 wrote to memory of 4356	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	100
PID 3340 wrote to memory of 4732	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	101
PID 3340 wrote to memory of 4732	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	101
PID 3340 wrote to memory of 4860	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	102
PID 3340 wrote to memory of 4860	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	102
PID 3340 wrote to memory of 1864	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	103
PID 3340 wrote to memory of 1864	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	103
PID 3340 wrote to memory of 4600	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	104
PID 3340 wrote to memory of 4600	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	104
PID 3340 wrote to memory of 2184	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	105
PID 3340 wrote to memory of 2184	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	105
PID 3340 wrote to memory of 2004	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	106
PID 3340 wrote to memory of 2004	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	106
PID 3340 wrote to memory of 4112	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	107
PID 3340 wrote to memory of 4112	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	107
PID 3340 wrote to memory of 4084	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	108
PID 3340 wrote to memory of 4084	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	108
PID 3340 wrote to memory of 2024	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	109
PID 3340 wrote to memory of 2024	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	109
PID 3340 wrote to memory of 432	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	110
PID 3340 wrote to memory of 432	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	110
PID 3340 wrote to memory of 2700	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	111
PID 3340 wrote to memory of 2700	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	111
PID 3340 wrote to memory of 5092	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	112
PID 3340 wrote to memory of 5092	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	112
PID 3340 wrote to memory of 5036	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	113
PID 3340 wrote to memory of 5036	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	113
PID 3340 wrote to memory of 1904	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	114
PID 3340 wrote to memory of 1904	3340	5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5b36fb888d16fd053f4697692732d340_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Windows\System\WjHjijn.exe
  C:\Windows\System\WjHjijn.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\zrbALlv.exe
  C:\Windows\System\zrbALlv.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\yFZDAnE.exe
  C:\Windows\System\yFZDAnE.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\xjIxoUq.exe
  C:\Windows\System\xjIxoUq.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\OPWUYxS.exe
  C:\Windows\System\OPWUYxS.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\thRJVDu.exe
  C:\Windows\System\thRJVDu.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\NUWHoGA.exe
  C:\Windows\System\NUWHoGA.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\oABXSES.exe
  C:\Windows\System\oABXSES.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\uROdtAU.exe
  C:\Windows\System\uROdtAU.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\zBJJsMx.exe
  C:\Windows\System\zBJJsMx.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\tXWfZLO.exe
  C:\Windows\System\tXWfZLO.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\pJEqdDq.exe
  C:\Windows\System\pJEqdDq.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\DTqqiDE.exe
  C:\Windows\System\DTqqiDE.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\zVkvKNe.exe
  C:\Windows\System\zVkvKNe.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\kLuMPba.exe
  C:\Windows\System\kLuMPba.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\rERlzKi.exe
  C:\Windows\System\rERlzKi.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\NmGFZWy.exe
  C:\Windows\System\NmGFZWy.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\OYWBXoB.exe
  C:\Windows\System\OYWBXoB.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\UibcUSD.exe
  C:\Windows\System\UibcUSD.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\IOnRXmc.exe
  C:\Windows\System\IOnRXmc.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\XECOIAU.exe
  C:\Windows\System\XECOIAU.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\wwCLZAI.exe
  C:\Windows\System\wwCLZAI.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\dMneKaz.exe
  C:\Windows\System\dMneKaz.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\CpFvZGB.exe
  C:\Windows\System\CpFvZGB.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\mIuAjoS.exe
  C:\Windows\System\mIuAjoS.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\qxHFpst.exe
  C:\Windows\System\qxHFpst.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\rSQCIIv.exe
  C:\Windows\System\rSQCIIv.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\ToAZAjA.exe
  C:\Windows\System\ToAZAjA.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\ZKQsdKw.exe
  C:\Windows\System\ZKQsdKw.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\vEdcTeC.exe
  C:\Windows\System\vEdcTeC.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\UhfIOCH.exe
  C:\Windows\System\UhfIOCH.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\dXOiqOn.exe
  C:\Windows\System\dXOiqOn.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ylNDPpT.exe
  C:\Windows\System\ylNDPpT.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\UDraWPK.exe
  C:\Windows\System\UDraWPK.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\UhDBmdw.exe
  C:\Windows\System\UhDBmdw.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\sFYFHCz.exe
  C:\Windows\System\sFYFHCz.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\TrcJOqD.exe
  C:\Windows\System\TrcJOqD.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\HjFIPPy.exe
  C:\Windows\System\HjFIPPy.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\KNJYjCj.exe
  C:\Windows\System\KNJYjCj.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\nRRjULZ.exe
  C:\Windows\System\nRRjULZ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\qEyAMFQ.exe
  C:\Windows\System\qEyAMFQ.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\vrgFoHy.exe
  C:\Windows\System\vrgFoHy.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\rPxmIhD.exe
  C:\Windows\System\rPxmIhD.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\lebqvJp.exe
  C:\Windows\System\lebqvJp.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\jMiIoXV.exe
  C:\Windows\System\jMiIoXV.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\wdyKDdF.exe
  C:\Windows\System\wdyKDdF.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\KYzWrNy.exe
  C:\Windows\System\KYzWrNy.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\muMqAKv.exe
  C:\Windows\System\muMqAKv.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\ByYIYVP.exe
  C:\Windows\System\ByYIYVP.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\ltDLsxL.exe
  C:\Windows\System\ltDLsxL.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\JYrDFRT.exe
  C:\Windows\System\JYrDFRT.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\oYNuAJH.exe
  C:\Windows\System\oYNuAJH.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\mOqkjNP.exe
  C:\Windows\System\mOqkjNP.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\dYZEixJ.exe
  C:\Windows\System\dYZEixJ.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\OXnRgyY.exe
  C:\Windows\System\OXnRgyY.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\DjfuQED.exe
  C:\Windows\System\DjfuQED.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\cOtrAKe.exe
  C:\Windows\System\cOtrAKe.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\HpKoVPb.exe
  C:\Windows\System\HpKoVPb.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\ioslUim.exe
  C:\Windows\System\ioslUim.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\lshQLXk.exe
  C:\Windows\System\lshQLXk.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\nrOtRyA.exe
  C:\Windows\System\nrOtRyA.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\zeXdPqL.exe
  C:\Windows\System\zeXdPqL.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\OdjagIQ.exe
  C:\Windows\System\OdjagIQ.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\WwKcPKq.exe
  C:\Windows\System\WwKcPKq.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\KhQyxVn.exe
  C:\Windows\System\KhQyxVn.exe
  2⤵
  PID:4500
- C:\Windows\System\KWjRFIH.exe
  C:\Windows\System\KWjRFIH.exe
  2⤵
  PID:2364
- C:\Windows\System\YXQogjj.exe
  C:\Windows\System\YXQogjj.exe
  2⤵
  PID:4928
- C:\Windows\System\XdnFvSg.exe
  C:\Windows\System\XdnFvSg.exe
  2⤵
  PID:1924
- C:\Windows\System\ZAyUUYK.exe
  C:\Windows\System\ZAyUUYK.exe
  2⤵
  PID:1004
- C:\Windows\System\kmKpHeC.exe
  C:\Windows\System\kmKpHeC.exe
  2⤵
  PID:4208
- C:\Windows\System\yoJYqJc.exe
  C:\Windows\System\yoJYqJc.exe
  2⤵
  PID:1060
- C:\Windows\System\CSPgsII.exe
  C:\Windows\System\CSPgsII.exe
  2⤵
  PID:4476
- C:\Windows\System\TrWTLFR.exe
  C:\Windows\System\TrWTLFR.exe
  2⤵
  PID:4188
- C:\Windows\System\OSYxJzK.exe
  C:\Windows\System\OSYxJzK.exe
  2⤵
  PID:3868
- C:\Windows\System\lJEtHBr.exe
  C:\Windows\System\lJEtHBr.exe
  2⤵
  PID:4412
- C:\Windows\System\HIifiFw.exe
  C:\Windows\System\HIifiFw.exe
  2⤵
  PID:4028
- C:\Windows\System\EnqiKfc.exe
  C:\Windows\System\EnqiKfc.exe
  2⤵
  PID:3952
- C:\Windows\System\BtXRKpR.exe
  C:\Windows\System\BtXRKpR.exe
  2⤵
  PID:3140
- C:\Windows\System\GOiWHjc.exe
  C:\Windows\System\GOiWHjc.exe
  2⤵
  PID:4848
- C:\Windows\System\JcNcBSv.exe
  C:\Windows\System\JcNcBSv.exe
  2⤵
  PID:1316
- C:\Windows\System\aeaEKEb.exe
  C:\Windows\System\aeaEKEb.exe
  2⤵
  PID:4792
- C:\Windows\System\ISKeXDd.exe
  C:\Windows\System\ISKeXDd.exe
  2⤵
  PID:1072
- C:\Windows\System\iqRcgpU.exe
  C:\Windows\System\iqRcgpU.exe
  2⤵
  PID:1688
- C:\Windows\System\JNqYihB.exe
  C:\Windows\System\JNqYihB.exe
  2⤵
  PID:3188
- C:\Windows\System\zsbeMXC.exe
  C:\Windows\System\zsbeMXC.exe
  2⤵
  PID:4784
- C:\Windows\System\jdczirw.exe
  C:\Windows\System\jdczirw.exe
  2⤵
  PID:3428
- C:\Windows\System\ftWYoON.exe
  C:\Windows\System\ftWYoON.exe
  2⤵
  PID:1264
- C:\Windows\System\RfQFAWn.exe
  C:\Windows\System\RfQFAWn.exe
  2⤵
  PID:1540
- C:\Windows\System\AhxAJKR.exe
  C:\Windows\System\AhxAJKR.exe
  2⤵
  PID:5140
- C:\Windows\System\tnAGIIr.exe
  C:\Windows\System\tnAGIIr.exe
  2⤵
  PID:5176
- C:\Windows\System\XFtSZEZ.exe
  C:\Windows\System\XFtSZEZ.exe
  2⤵
  PID:5192
- C:\Windows\System\qrloNms.exe
  C:\Windows\System\qrloNms.exe
  2⤵
  PID:5232
- C:\Windows\System\ppVpvDU.exe
  C:\Windows\System\ppVpvDU.exe
  2⤵
  PID:5248
- C:\Windows\System\SxuIzPy.exe
  C:\Windows\System\SxuIzPy.exe
  2⤵
  PID:5288
- C:\Windows\System\rfOeYpC.exe
  C:\Windows\System\rfOeYpC.exe
  2⤵
  PID:5316
- C:\Windows\System\EuBFLOP.exe
  C:\Windows\System\EuBFLOP.exe
  2⤵
  PID:5344
- C:\Windows\System\NidBhVP.exe
  C:\Windows\System\NidBhVP.exe
  2⤵
  PID:5372
- C:\Windows\System\rwWbZAP.exe
  C:\Windows\System\rwWbZAP.exe
  2⤵
  PID:5400
- C:\Windows\System\pkyevAl.exe
  C:\Windows\System\pkyevAl.exe
  2⤵
  PID:5428
- C:\Windows\System\ZrTdJBZ.exe
  C:\Windows\System\ZrTdJBZ.exe
  2⤵
  PID:5456
- C:\Windows\System\gbjTxBq.exe
  C:\Windows\System\gbjTxBq.exe
  2⤵
  PID:5484
- C:\Windows\System\IAsHBvh.exe
  C:\Windows\System\IAsHBvh.exe
  2⤵
  PID:5508
- C:\Windows\System\PAGKPVM.exe
  C:\Windows\System\PAGKPVM.exe
  2⤵
  PID:5532
- C:\Windows\System\sozPyas.exe
  C:\Windows\System\sozPyas.exe
  2⤵
  PID:5556
- C:\Windows\System\HYsrsBn.exe
  C:\Windows\System\HYsrsBn.exe
  2⤵
  PID:5592
- C:\Windows\System\UcxCfrX.exe
  C:\Windows\System\UcxCfrX.exe
  2⤵
  PID:5624
- C:\Windows\System\kQeSegX.exe
  C:\Windows\System\kQeSegX.exe
  2⤵
  PID:5648
- C:\Windows\System\TLeniqZ.exe
  C:\Windows\System\TLeniqZ.exe
  2⤵
  PID:5672
- C:\Windows\System\nGybJmt.exe
  C:\Windows\System\nGybJmt.exe
  2⤵
  PID:5700
- C:\Windows\System\CgupsJi.exe
  C:\Windows\System\CgupsJi.exe
  2⤵
  PID:5736
- C:\Windows\System\HXaPquQ.exe
  C:\Windows\System\HXaPquQ.exe
  2⤵
  PID:5752
- C:\Windows\System\idqXsTX.exe
  C:\Windows\System\idqXsTX.exe
  2⤵
  PID:5784
- C:\Windows\System\UDXCVNd.exe
  C:\Windows\System\UDXCVNd.exe
  2⤵
  PID:5800
- C:\Windows\System\LZvUUeD.exe
  C:\Windows\System\LZvUUeD.exe
  2⤵
  PID:5844
- C:\Windows\System\LIKnxGC.exe
  C:\Windows\System\LIKnxGC.exe
  2⤵
  PID:5868
- C:\Windows\System\YTzsjec.exe
  C:\Windows\System\YTzsjec.exe
  2⤵
  PID:5900
- C:\Windows\System\MSFKOgQ.exe
  C:\Windows\System\MSFKOgQ.exe
  2⤵
  PID:5924
- C:\Windows\System\fxzIOxR.exe
  C:\Windows\System\fxzIOxR.exe
  2⤵
  PID:5944
- C:\Windows\System\kmTkvBr.exe
  C:\Windows\System\kmTkvBr.exe
  2⤵
  PID:5968
- C:\Windows\System\WeNnInq.exe
  C:\Windows\System\WeNnInq.exe
  2⤵
  PID:6008
- C:\Windows\System\OauPTbj.exe
  C:\Windows\System\OauPTbj.exe
  2⤵
  PID:6040
- C:\Windows\System\LLpTrcV.exe
  C:\Windows\System\LLpTrcV.exe
  2⤵
  PID:6072
- C:\Windows\System\ElvzEOT.exe
  C:\Windows\System\ElvzEOT.exe
  2⤵
  PID:6104
- C:\Windows\System\JOfvqVZ.exe
  C:\Windows\System\JOfvqVZ.exe
  2⤵
  PID:6132
- C:\Windows\System\WQyeLZo.exe
  C:\Windows\System\WQyeLZo.exe
  2⤵
  PID:5136
- C:\Windows\System\TJOdwmt.exe
  C:\Windows\System\TJOdwmt.exe
  2⤵
  PID:5188
- C:\Windows\System\czRielb.exe
  C:\Windows\System\czRielb.exe
  2⤵
  PID:5268
- C:\Windows\System\PywdPTF.exe
  C:\Windows\System\PywdPTF.exe
  2⤵
  PID:5308
- C:\Windows\System\UyrXTjA.exe
  C:\Windows\System\UyrXTjA.exe
  2⤵
  PID:5364
- C:\Windows\System\ZoutEby.exe
  C:\Windows\System\ZoutEby.exe
  2⤵
  PID:5448
- C:\Windows\System\EYwhugZ.exe
  C:\Windows\System\EYwhugZ.exe
  2⤵
  PID:5520
- C:\Windows\System\TPoTtTe.exe
  C:\Windows\System\TPoTtTe.exe
  2⤵
  PID:5576
- C:\Windows\System\DQvQlAQ.exe
  C:\Windows\System\DQvQlAQ.exe
  2⤵
  PID:5668
- C:\Windows\System\gkMAhjZ.exe
  C:\Windows\System\gkMAhjZ.exe
  2⤵
  PID:5728
- C:\Windows\System\PhvGIGU.exe
  C:\Windows\System\PhvGIGU.exe
  2⤵
  PID:5772
- C:\Windows\System\WTVoHpF.exe
  C:\Windows\System\WTVoHpF.exe
  2⤵
  PID:5860
- C:\Windows\System\ctoPbhS.exe
  C:\Windows\System\ctoPbhS.exe
  2⤵
  PID:5916
- C:\Windows\System\kasQTvi.exe
  C:\Windows\System\kasQTvi.exe
  2⤵
  PID:5988
- C:\Windows\System\kdfSXQe.exe
  C:\Windows\System\kdfSXQe.exe
  2⤵
  PID:6024
- C:\Windows\System\uomdHmp.exe
  C:\Windows\System\uomdHmp.exe
  2⤵
  PID:6116
- C:\Windows\System\wKddUse.exe
  C:\Windows\System\wKddUse.exe
  2⤵
  PID:5172
- C:\Windows\System\XCzxykE.exe
  C:\Windows\System\XCzxykE.exe
  2⤵
  PID:5328
- C:\Windows\System\mBthGty.exe
  C:\Windows\System\mBthGty.exe
  2⤵
  PID:5480
- C:\Windows\System\GTkPEAK.exe
  C:\Windows\System\GTkPEAK.exe
  2⤵
  PID:5548
- C:\Windows\System\QjPSjNB.exe
  C:\Windows\System\QjPSjNB.exe
  2⤵
  PID:5760
- C:\Windows\System\RrKzLeb.exe
  C:\Windows\System\RrKzLeb.exe
  2⤵
  PID:5856
- C:\Windows\System\swkshUo.exe
  C:\Windows\System\swkshUo.exe
  2⤵
  PID:6100
- C:\Windows\System\jwAdQEq.exe
  C:\Windows\System\jwAdQEq.exe
  2⤵
  PID:5244
- C:\Windows\System\bPoCRta.exe
  C:\Windows\System\bPoCRta.exe
  2⤵
  PID:5552
- C:\Windows\System\ftdGGQw.exe
  C:\Windows\System\ftdGGQw.exe
  2⤵
  PID:5992
- C:\Windows\System\aeTkCkX.exe
  C:\Windows\System\aeTkCkX.exe
  2⤵
  PID:5444
- C:\Windows\System\xDPOoUr.exe
  C:\Windows\System\xDPOoUr.exe
  2⤵
  PID:6148
- C:\Windows\System\vsDZSKQ.exe
  C:\Windows\System\vsDZSKQ.exe
  2⤵
  PID:6176
- C:\Windows\System\iEFjQFc.exe
  C:\Windows\System\iEFjQFc.exe
  2⤵
  PID:6204
- C:\Windows\System\SqiZDck.exe
  C:\Windows\System\SqiZDck.exe
  2⤵
  PID:6232
- C:\Windows\System\vjYfJfM.exe
  C:\Windows\System\vjYfJfM.exe
  2⤵
  PID:6264
- C:\Windows\System\PoCtSYd.exe
  C:\Windows\System\PoCtSYd.exe
  2⤵
  PID:6300
- C:\Windows\System\mebNbfj.exe
  C:\Windows\System\mebNbfj.exe
  2⤵
  PID:6328
- C:\Windows\System\jJaSSzx.exe
  C:\Windows\System\jJaSSzx.exe
  2⤵
  PID:6348
- C:\Windows\System\HbZcWCt.exe
  C:\Windows\System\HbZcWCt.exe
  2⤵
  PID:6372
- C:\Windows\System\Sczhqbk.exe
  C:\Windows\System\Sczhqbk.exe
  2⤵
  PID:6396
- C:\Windows\System\lOZGtBf.exe
  C:\Windows\System\lOZGtBf.exe
  2⤵
  PID:6416
- C:\Windows\System\BGRHWfU.exe
  C:\Windows\System\BGRHWfU.exe
  2⤵
  PID:6444
- C:\Windows\System\MVflSPz.exe
  C:\Windows\System\MVflSPz.exe
  2⤵
  PID:6480
- C:\Windows\System\biOUYFP.exe
  C:\Windows\System\biOUYFP.exe
  2⤵
  PID:6516
- C:\Windows\System\naWUWKF.exe
  C:\Windows\System\naWUWKF.exe
  2⤵
  PID:6552
- C:\Windows\System\GngVeJG.exe
  C:\Windows\System\GngVeJG.exe
  2⤵
  PID:6572
- C:\Windows\System\QalPZuC.exe
  C:\Windows\System\QalPZuC.exe
  2⤵
  PID:6604
- C:\Windows\System\dFbkupd.exe
  C:\Windows\System\dFbkupd.exe
  2⤵
  PID:6628
- C:\Windows\System\njHTgbZ.exe
  C:\Windows\System\njHTgbZ.exe
  2⤵
  PID:6652
- C:\Windows\System\dMzBITl.exe
  C:\Windows\System\dMzBITl.exe
  2⤵
  PID:6680
- C:\Windows\System\fqqmISV.exe
  C:\Windows\System\fqqmISV.exe
  2⤵
  PID:6724
- C:\Windows\System\bqVDsRQ.exe
  C:\Windows\System\bqVDsRQ.exe
  2⤵
  PID:6744
- C:\Windows\System\FPDmSDC.exe
  C:\Windows\System\FPDmSDC.exe
  2⤵
  PID:6780
- C:\Windows\System\ejDJRpC.exe
  C:\Windows\System\ejDJRpC.exe
  2⤵
  PID:6808
- C:\Windows\System\YfjARxB.exe
  C:\Windows\System\YfjARxB.exe
  2⤵
  PID:6836
- C:\Windows\System\pwrHhfy.exe
  C:\Windows\System\pwrHhfy.exe
  2⤵
  PID:6860
- C:\Windows\System\ofzFdDe.exe
  C:\Windows\System\ofzFdDe.exe
  2⤵
  PID:6892
- C:\Windows\System\cgsTjLC.exe
  C:\Windows\System\cgsTjLC.exe
  2⤵
  PID:6912
- C:\Windows\System\wiErxyR.exe
  C:\Windows\System\wiErxyR.exe
  2⤵
  PID:6936
- C:\Windows\System\qToHeHE.exe
  C:\Windows\System\qToHeHE.exe
  2⤵
  PID:6972
- C:\Windows\System\JqjdOzp.exe
  C:\Windows\System\JqjdOzp.exe
  2⤵
  PID:6992
- C:\Windows\System\MZtIyuP.exe
  C:\Windows\System\MZtIyuP.exe
  2⤵
  PID:7016
- C:\Windows\System\tnMUsfq.exe
  C:\Windows\System\tnMUsfq.exe
  2⤵
  PID:7048
- C:\Windows\System\ZelSZjj.exe
  C:\Windows\System\ZelSZjj.exe
  2⤵
  PID:7064
- C:\Windows\System\yjNChxo.exe
  C:\Windows\System\yjNChxo.exe
  2⤵
  PID:7088
- C:\Windows\System\EiyccXB.exe
  C:\Windows\System\EiyccXB.exe
  2⤵
  PID:7108
- C:\Windows\System\ewYULRv.exe
  C:\Windows\System\ewYULRv.exe
  2⤵
  PID:7144
- C:\Windows\System\EwveHkO.exe
  C:\Windows\System\EwveHkO.exe
  2⤵
  PID:6168
- C:\Windows\System\EIzrFZY.exe
  C:\Windows\System\EIzrFZY.exe
  2⤵
  PID:6228
- C:\Windows\System\OyFRLUK.exe
  C:\Windows\System\OyFRLUK.exe
  2⤵
  PID:6292
- C:\Windows\System\fjpOFMC.exe
  C:\Windows\System\fjpOFMC.exe
  2⤵
  PID:6392
- C:\Windows\System\fxNizrs.exe
  C:\Windows\System\fxNizrs.exe
  2⤵
  PID:6456
- C:\Windows\System\joJYxTq.exe
  C:\Windows\System\joJYxTq.exe
  2⤵
  PID:6532
- C:\Windows\System\QDTVJVp.exe
  C:\Windows\System\QDTVJVp.exe
  2⤵
  PID:6592
- C:\Windows\System\wBXvFOo.exe
  C:\Windows\System\wBXvFOo.exe
  2⤵
  PID:6616
- C:\Windows\System\UmIgTEn.exe
  C:\Windows\System\UmIgTEn.exe
  2⤵
  PID:6720
- C:\Windows\System\NqZLFfR.exe
  C:\Windows\System\NqZLFfR.exe
  2⤵
  PID:6776
- C:\Windows\System\GPqKZyU.exe
  C:\Windows\System\GPqKZyU.exe
  2⤵
  PID:6852
- C:\Windows\System\penEeLz.exe
  C:\Windows\System\penEeLz.exe
  2⤵
  PID:6928
- C:\Windows\System\vsgZbgG.exe
  C:\Windows\System\vsgZbgG.exe
  2⤵
  PID:7012
- C:\Windows\System\BlzjyTI.exe
  C:\Windows\System\BlzjyTI.exe
  2⤵
  PID:7060
- C:\Windows\System\HJLTIQT.exe
  C:\Windows\System\HJLTIQT.exe
  2⤵
  PID:7104
- C:\Windows\System\iUAqmdn.exe
  C:\Windows\System\iUAqmdn.exe
  2⤵
  PID:7164
- C:\Windows\System\zYlEHGB.exe
  C:\Windows\System\zYlEHGB.exe
  2⤵
  PID:6280
- C:\Windows\System\rwivAqe.exe
  C:\Windows\System\rwivAqe.exe
  2⤵
  PID:6524
- C:\Windows\System\TJdKYmA.exe
  C:\Windows\System\TJdKYmA.exe
  2⤵
  PID:6704
- C:\Windows\System\yQEigeQ.exe
  C:\Windows\System\yQEigeQ.exe
  2⤵
  PID:6740
- C:\Windows\System\bZzdfNm.exe
  C:\Windows\System\bZzdfNm.exe
  2⤵
  PID:6876
- C:\Windows\System\CTvoZeT.exe
  C:\Windows\System\CTvoZeT.exe
  2⤵
  PID:6952
- C:\Windows\System\cQmAbXF.exe
  C:\Windows\System\cQmAbXF.exe
  2⤵
  PID:7008
- C:\Windows\System\KwcXSUL.exe
  C:\Windows\System\KwcXSUL.exe
  2⤵
  PID:7156
- C:\Windows\System\nglqnpN.exe
  C:\Windows\System\nglqnpN.exe
  2⤵
  PID:6468
- C:\Windows\System\NDZmGLt.exe
  C:\Windows\System\NDZmGLt.exe
  2⤵
  PID:6648
- C:\Windows\System\SYiRGpZ.exe
  C:\Windows\System\SYiRGpZ.exe
  2⤵
  PID:6804
- C:\Windows\System\bayHdZR.exe
  C:\Windows\System\bayHdZR.exe
  2⤵
  PID:7196
- C:\Windows\System\GrnIZdy.exe
  C:\Windows\System\GrnIZdy.exe
  2⤵
  PID:7228
- C:\Windows\System\jvnYKLG.exe
  C:\Windows\System\jvnYKLG.exe
  2⤵
  PID:7252
- C:\Windows\System\ViLMnxu.exe
  C:\Windows\System\ViLMnxu.exe
  2⤵
  PID:7284
- C:\Windows\System\ZwupQbo.exe
  C:\Windows\System\ZwupQbo.exe
  2⤵
  PID:7308
- C:\Windows\System\pZaRKuE.exe
  C:\Windows\System\pZaRKuE.exe
  2⤵
  PID:7332
- C:\Windows\System\TXNoFJI.exe
  C:\Windows\System\TXNoFJI.exe
  2⤵
  PID:7372
- C:\Windows\System\UMaXfvU.exe
  C:\Windows\System\UMaXfvU.exe
  2⤵
  PID:7412
- C:\Windows\System\BjIHnjM.exe
  C:\Windows\System\BjIHnjM.exe
  2⤵
  PID:7448
- C:\Windows\System\bXgGjZV.exe
  C:\Windows\System\bXgGjZV.exe
  2⤵
  PID:7480
- C:\Windows\System\mkxiqvI.exe
  C:\Windows\System\mkxiqvI.exe
  2⤵
  PID:7512
- C:\Windows\System\NmZvFbN.exe
  C:\Windows\System\NmZvFbN.exe
  2⤵
  PID:7532
- C:\Windows\System\PYZojXB.exe
  C:\Windows\System\PYZojXB.exe
  2⤵
  PID:7564
- C:\Windows\System\KYpqphu.exe
  C:\Windows\System\KYpqphu.exe
  2⤵
  PID:7600
- C:\Windows\System\bdZqSbk.exe
  C:\Windows\System\bdZqSbk.exe
  2⤵
  PID:7640
- C:\Windows\System\tPVlwxc.exe
  C:\Windows\System\tPVlwxc.exe
  2⤵
  PID:7664
- C:\Windows\System\nrvHKmp.exe
  C:\Windows\System\nrvHKmp.exe
  2⤵
  PID:7700
- C:\Windows\System\pKwKErI.exe
  C:\Windows\System\pKwKErI.exe
  2⤵
  PID:7720
- C:\Windows\System\OpsIJkD.exe
  C:\Windows\System\OpsIJkD.exe
  2⤵
  PID:7748
- C:\Windows\System\hntYbDG.exe
  C:\Windows\System\hntYbDG.exe
  2⤵
  PID:7764
- C:\Windows\System\wNVXhdF.exe
  C:\Windows\System\wNVXhdF.exe
  2⤵
  PID:7792
- C:\Windows\System\JNpGbFB.exe
  C:\Windows\System\JNpGbFB.exe
  2⤵
  PID:7820
- C:\Windows\System\WnHAmon.exe
  C:\Windows\System\WnHAmon.exe
  2⤵
  PID:7856
- C:\Windows\System\pLrIifc.exe
  C:\Windows\System\pLrIifc.exe
  2⤵
  PID:7900
- C:\Windows\System\CYRcjHO.exe
  C:\Windows\System\CYRcjHO.exe
  2⤵
  PID:7928
- C:\Windows\System\uSaUEsI.exe
  C:\Windows\System\uSaUEsI.exe
  2⤵
  PID:7944
- C:\Windows\System\IEcRIhM.exe
  C:\Windows\System\IEcRIhM.exe
  2⤵
  PID:7976
- C:\Windows\System\YCKuqFh.exe
  C:\Windows\System\YCKuqFh.exe
  2⤵
  PID:8000
- C:\Windows\System\mWXwSMn.exe
  C:\Windows\System\mWXwSMn.exe
  2⤵
  PID:8028
- C:\Windows\System\asHNSft.exe
  C:\Windows\System\asHNSft.exe
  2⤵
  PID:8064
- C:\Windows\System\dwhMNsK.exe
  C:\Windows\System\dwhMNsK.exe
  2⤵
  PID:8096
- C:\Windows\System\BNFixPX.exe
  C:\Windows\System\BNFixPX.exe
  2⤵
  PID:8116
- C:\Windows\System\bIrpObp.exe
  C:\Windows\System\bIrpObp.exe
  2⤵
  PID:8140
- C:\Windows\System\SsBlqus.exe
  C:\Windows\System\SsBlqus.exe
  2⤵
  PID:8156
- C:\Windows\System\FBAlZrm.exe
  C:\Windows\System\FBAlZrm.exe
  2⤵
  PID:8184
- C:\Windows\System\YluVqIW.exe
  C:\Windows\System\YluVqIW.exe
  2⤵
  PID:6568
- C:\Windows\System\cryGQgZ.exe
  C:\Windows\System\cryGQgZ.exe
  2⤵
  PID:7272
- C:\Windows\System\yLMGoEL.exe
  C:\Windows\System\yLMGoEL.exe
  2⤵
  PID:7356
- C:\Windows\System\hoTXxnj.exe
  C:\Windows\System\hoTXxnj.exe
  2⤵
  PID:7392
- C:\Windows\System\WBzlIZy.exe
  C:\Windows\System\WBzlIZy.exe
  2⤵
  PID:7432
- C:\Windows\System\LeXCghZ.exe
  C:\Windows\System\LeXCghZ.exe
  2⤵
  PID:7524
- C:\Windows\System\yYsyPlx.exe
  C:\Windows\System\yYsyPlx.exe
  2⤵
  PID:7588
- C:\Windows\System\AeAfjTF.exe
  C:\Windows\System\AeAfjTF.exe
  2⤵
  PID:7620
- C:\Windows\System\jACxVfU.exe
  C:\Windows\System\jACxVfU.exe
  2⤵
  PID:7688
- C:\Windows\System\alpcdvC.exe
  C:\Windows\System\alpcdvC.exe
  2⤵
  PID:7780
- C:\Windows\System\pUxvupx.exe
  C:\Windows\System\pUxvupx.exe
  2⤵
  PID:7832
- C:\Windows\System\jlIYhKA.exe
  C:\Windows\System\jlIYhKA.exe
  2⤵
  PID:7884
- C:\Windows\System\upMPJhQ.exe
  C:\Windows\System\upMPJhQ.exe
  2⤵
  PID:7968
- C:\Windows\System\UEdsjJj.exe
  C:\Windows\System\UEdsjJj.exe
  2⤵
  PID:8040
- C:\Windows\System\LDrIChP.exe
  C:\Windows\System\LDrIChP.exe
  2⤵
  PID:8084
- C:\Windows\System\VifhuYQ.exe
  C:\Windows\System\VifhuYQ.exe
  2⤵
  PID:8176
- C:\Windows\System\UiOImEG.exe
  C:\Windows\System\UiOImEG.exe
  2⤵
  PID:7224
- C:\Windows\System\UuwPBjB.exe
  C:\Windows\System\UuwPBjB.exe
  2⤵
  PID:7352
- C:\Windows\System\NMJbngX.exe
  C:\Windows\System\NMJbngX.exe
  2⤵
  PID:7540
- C:\Windows\System\cOaSCmt.exe
  C:\Windows\System\cOaSCmt.exe
  2⤵
  PID:7784
- C:\Windows\System\hiQEtRi.exe
  C:\Windows\System\hiQEtRi.exe
  2⤵
  PID:7852
- C:\Windows\System\FsPEQpz.exe
  C:\Windows\System\FsPEQpz.exe
  2⤵
  PID:7988
- C:\Windows\System\rfFdxzE.exe
  C:\Windows\System\rfFdxzE.exe
  2⤵
  PID:6588
- C:\Windows\System\ulXMsGB.exe
  C:\Windows\System\ulXMsGB.exe
  2⤵
  PID:7608
- C:\Windows\System\ocxXLPZ.exe
  C:\Windows\System\ocxXLPZ.exe
  2⤵
  PID:7896
- C:\Windows\System\XhuuDEM.exe
  C:\Windows\System\XhuuDEM.exe
  2⤵
  PID:7380
- C:\Windows\System\FImxLtB.exe
  C:\Windows\System\FImxLtB.exe
  2⤵
  PID:8152
- C:\Windows\System\HZmAAyp.exe
  C:\Windows\System\HZmAAyp.exe
  2⤵
  PID:8204
- C:\Windows\System\ciXoKoz.exe
  C:\Windows\System\ciXoKoz.exe
  2⤵
  PID:8228
- C:\Windows\System\sgprvsB.exe
  C:\Windows\System\sgprvsB.exe
  2⤵
  PID:8256
- C:\Windows\System\DaJVoTF.exe
  C:\Windows\System\DaJVoTF.exe
  2⤵
  PID:8284
- C:\Windows\System\DxVwElv.exe
  C:\Windows\System\DxVwElv.exe
  2⤵
  PID:8312
- C:\Windows\System\GotrbTx.exe
  C:\Windows\System\GotrbTx.exe
  2⤵
  PID:8344
- C:\Windows\System\LhBYTJc.exe
  C:\Windows\System\LhBYTJc.exe
  2⤵
  PID:8384
- C:\Windows\System\ylzdAQW.exe
  C:\Windows\System\ylzdAQW.exe
  2⤵
  PID:8412
- C:\Windows\System\SeRJCqF.exe
  C:\Windows\System\SeRJCqF.exe
  2⤵
  PID:8432
- C:\Windows\System\DkfKeKf.exe
  C:\Windows\System\DkfKeKf.exe
  2⤵
  PID:8456
- C:\Windows\System\OCQJUpO.exe
  C:\Windows\System\OCQJUpO.exe
  2⤵
  PID:8476
- C:\Windows\System\xmOVuhh.exe
  C:\Windows\System\xmOVuhh.exe
  2⤵
  PID:8516
- C:\Windows\System\jcgtUSM.exe
  C:\Windows\System\jcgtUSM.exe
  2⤵
  PID:8536
- C:\Windows\System\rdsDaXV.exe
  C:\Windows\System\rdsDaXV.exe
  2⤵
  PID:8608
- C:\Windows\System\gouMaCv.exe
  C:\Windows\System\gouMaCv.exe
  2⤵
  PID:8632
- C:\Windows\System\AdxfTLj.exe
  C:\Windows\System\AdxfTLj.exe
  2⤵
  PID:8648
- C:\Windows\System\jgjilLs.exe
  C:\Windows\System\jgjilLs.exe
  2⤵
  PID:8672
- C:\Windows\System\GQLESPW.exe
  C:\Windows\System\GQLESPW.exe
  2⤵
  PID:8704
- C:\Windows\System\lORWvKu.exe
  C:\Windows\System\lORWvKu.exe
  2⤵
  PID:8720
- C:\Windows\System\ZzEaUvT.exe
  C:\Windows\System\ZzEaUvT.exe
  2⤵
  PID:8744
- C:\Windows\System\HyOMwRq.exe
  C:\Windows\System\HyOMwRq.exe
  2⤵
  PID:8772
- C:\Windows\System\gEeXcko.exe
  C:\Windows\System\gEeXcko.exe
  2⤵
  PID:8800
- C:\Windows\System\SIWiBaB.exe
  C:\Windows\System\SIWiBaB.exe
  2⤵
  PID:8840
- C:\Windows\System\bKlIoOg.exe
  C:\Windows\System\bKlIoOg.exe
  2⤵
  PID:8872
- C:\Windows\System\vkNoJIo.exe
  C:\Windows\System\vkNoJIo.exe
  2⤵
  PID:8908
- C:\Windows\System\WchKnID.exe
  C:\Windows\System\WchKnID.exe
  2⤵
  PID:8940
- C:\Windows\System\rzvYfeo.exe
  C:\Windows\System\rzvYfeo.exe
  2⤵
  PID:8956
- C:\Windows\System\dMTgSPq.exe
  C:\Windows\System\dMTgSPq.exe
  2⤵
  PID:8984
- C:\Windows\System\bAMlTMT.exe
  C:\Windows\System\bAMlTMT.exe
  2⤵
  PID:9016
- C:\Windows\System\kupNCnK.exe
  C:\Windows\System\kupNCnK.exe
  2⤵
  PID:9052
- C:\Windows\System\VDoKngg.exe
  C:\Windows\System\VDoKngg.exe
  2⤵
  PID:9084
- C:\Windows\System\SvKRhnZ.exe
  C:\Windows\System\SvKRhnZ.exe
  2⤵
  PID:9116
- C:\Windows\System\muCdrAL.exe
  C:\Windows\System\muCdrAL.exe
  2⤵
  PID:9148
- C:\Windows\System\jizeypX.exe
  C:\Windows\System\jizeypX.exe
  2⤵
  PID:9172
- C:\Windows\System\nKGFpge.exe
  C:\Windows\System\nKGFpge.exe
  2⤵
  PID:9200
- C:\Windows\System\fVZPjDZ.exe
  C:\Windows\System\fVZPjDZ.exe
  2⤵
  PID:8240
- C:\Windows\System\CzUbCKO.exe
  C:\Windows\System\CzUbCKO.exe
  2⤵
  PID:8268
- C:\Windows\System\DvFixmN.exe
  C:\Windows\System\DvFixmN.exe
  2⤵
  PID:8372
- C:\Windows\System\rrruIqX.exe
  C:\Windows\System\rrruIqX.exe
  2⤵
  PID:8400
- C:\Windows\System\SsFuCBx.exe
  C:\Windows\System\SsFuCBx.exe
  2⤵
  PID:8420
- C:\Windows\System\UBwVEbe.exe
  C:\Windows\System\UBwVEbe.exe
  2⤵
  PID:8548
- C:\Windows\System\LZgDHWh.exe
  C:\Windows\System\LZgDHWh.exe
  2⤵
  PID:8644
- C:\Windows\System\BUlGDrm.exe
  C:\Windows\System\BUlGDrm.exe
  2⤵
  PID:8688
- C:\Windows\System\rLmkDji.exe
  C:\Windows\System\rLmkDji.exe
  2⤵
  PID:8764
- C:\Windows\System\wAQGqMS.exe
  C:\Windows\System\wAQGqMS.exe
  2⤵
  PID:8792
- C:\Windows\System\VNitXKI.exe
  C:\Windows\System\VNitXKI.exe
  2⤵
  PID:8860
- C:\Windows\System\lNAjcoB.exe
  C:\Windows\System\lNAjcoB.exe
  2⤵
  PID:8952
- C:\Windows\System\ZTLdnOq.exe
  C:\Windows\System\ZTLdnOq.exe
  2⤵
  PID:9012
- C:\Windows\System\PVsvEDw.exe
  C:\Windows\System\PVsvEDw.exe
  2⤵
  PID:9076
- C:\Windows\System\MYALcHo.exe
  C:\Windows\System\MYALcHo.exe
  2⤵
  PID:9140
- C:\Windows\System\CAnHqkm.exe
  C:\Windows\System\CAnHqkm.exe
  2⤵
  PID:9212
- C:\Windows\System\vzbNFhw.exe
  C:\Windows\System\vzbNFhw.exe
  2⤵
  PID:8304
- C:\Windows\System\cWzPXOv.exe
  C:\Windows\System\cWzPXOv.exe
  2⤵
  PID:8484
- C:\Windows\System\VHFtten.exe
  C:\Windows\System\VHFtten.exe
  2⤵
  PID:7504
- C:\Windows\System\abCKWPP.exe
  C:\Windows\System\abCKWPP.exe
  2⤵
  PID:8808
- C:\Windows\System\iXVuQPL.exe
  C:\Windows\System\iXVuQPL.exe
  2⤵
  PID:8924
- C:\Windows\System\vxRHTBo.exe
  C:\Windows\System\vxRHTBo.exe
  2⤵
  PID:9036
- C:\Windows\System\IjZYJrx.exe
  C:\Windows\System\IjZYJrx.exe
  2⤵
  PID:8368
- C:\Windows\System\TKnuLAt.exe
  C:\Windows\System\TKnuLAt.exe
  2⤵
  PID:8624
- C:\Windows\System\oOFAzAu.exe
  C:\Windows\System\oOFAzAu.exe
  2⤵
  PID:8980
- C:\Windows\System\VuEowPd.exe
  C:\Windows\System\VuEowPd.exe
  2⤵
  PID:8224
- C:\Windows\System\DeLVTwv.exe
  C:\Windows\System\DeLVTwv.exe
  2⤵
  PID:9248
- C:\Windows\System\oeGjDWu.exe
  C:\Windows\System\oeGjDWu.exe
  2⤵
  PID:9272
- C:\Windows\System\OWgbjRY.exe
  C:\Windows\System\OWgbjRY.exe
  2⤵
  PID:9292
- C:\Windows\System\PsRLiOa.exe
  C:\Windows\System\PsRLiOa.exe
  2⤵
  PID:9312
- C:\Windows\System\mhONtyp.exe
  C:\Windows\System\mhONtyp.exe
  2⤵
  PID:9332
- C:\Windows\System\hoMjPvb.exe
  C:\Windows\System\hoMjPvb.exe
  2⤵
  PID:9368
- C:\Windows\System\euVrqIM.exe
  C:\Windows\System\euVrqIM.exe
  2⤵
  PID:9412
- C:\Windows\System\SCrgkUq.exe
  C:\Windows\System\SCrgkUq.exe
  2⤵
  PID:9436
- C:\Windows\System\PdClIlr.exe
  C:\Windows\System\PdClIlr.exe
  2⤵
  PID:9476
- C:\Windows\System\rvTRUWA.exe
  C:\Windows\System\rvTRUWA.exe
  2⤵
  PID:9500
- C:\Windows\System\eIYkCjB.exe
  C:\Windows\System\eIYkCjB.exe
  2⤵
  PID:9520
- C:\Windows\System\dFLnHSG.exe
  C:\Windows\System\dFLnHSG.exe
  2⤵
  PID:9556
- C:\Windows\System\CUGfhAT.exe
  C:\Windows\System\CUGfhAT.exe
  2⤵
  PID:9588
- C:\Windows\System\SbAzScz.exe
  C:\Windows\System\SbAzScz.exe
  2⤵
  PID:9612
- C:\Windows\System\pOPiBLq.exe
  C:\Windows\System\pOPiBLq.exe
  2⤵
  PID:9632
- C:\Windows\System\iCcwgdq.exe
  C:\Windows\System\iCcwgdq.exe
  2⤵
  PID:9648
- C:\Windows\System\dHUrUoC.exe
  C:\Windows\System\dHUrUoC.exe
  2⤵
  PID:9672
- C:\Windows\System\OcEtdQm.exe
  C:\Windows\System\OcEtdQm.exe
  2⤵
  PID:9696
- C:\Windows\System\tEkDyse.exe
  C:\Windows\System\tEkDyse.exe
  2⤵
  PID:9712
- C:\Windows\System\xwnAIak.exe
  C:\Windows\System\xwnAIak.exe
  2⤵
  PID:9728
- C:\Windows\System\UFswyYh.exe
  C:\Windows\System\UFswyYh.exe
  2⤵
  PID:9752
- C:\Windows\System\awTNGAG.exe
  C:\Windows\System\awTNGAG.exe
  2⤵
  PID:9784
- C:\Windows\System\KKBIMqy.exe
  C:\Windows\System\KKBIMqy.exe
  2⤵
  PID:9812
- C:\Windows\System\clkMkXf.exe
  C:\Windows\System\clkMkXf.exe
  2⤵
  PID:9844
- C:\Windows\System\bnXZmVc.exe
  C:\Windows\System\bnXZmVc.exe
  2⤵
  PID:9872
- C:\Windows\System\NUdGwCl.exe
  C:\Windows\System\NUdGwCl.exe
  2⤵
  PID:9912
- C:\Windows\System\oKhTCPd.exe
  C:\Windows\System\oKhTCPd.exe
  2⤵
  PID:9944
- C:\Windows\System\yFhuIGR.exe
  C:\Windows\System\yFhuIGR.exe
  2⤵
  PID:9968
- C:\Windows\System\TWVZavJ.exe
  C:\Windows\System\TWVZavJ.exe
  2⤵
  PID:10008
- C:\Windows\System\jtVgjyR.exe
  C:\Windows\System\jtVgjyR.exe
  2⤵
  PID:10036
- C:\Windows\System\JzXVwWc.exe
  C:\Windows\System\JzXVwWc.exe
  2⤵
  PID:10056
- C:\Windows\System\WuNxYnw.exe
  C:\Windows\System\WuNxYnw.exe
  2⤵
  PID:10096
- C:\Windows\System\OGoPrLd.exe
  C:\Windows\System\OGoPrLd.exe
  2⤵
  PID:10132
- C:\Windows\System\hdjiKst.exe
  C:\Windows\System\hdjiKst.exe
  2⤵
  PID:10156
- C:\Windows\System\NxqCsYa.exe
  C:\Windows\System\NxqCsYa.exe
  2⤵
  PID:10196
- C:\Windows\System\kpcPoCU.exe
  C:\Windows\System\kpcPoCU.exe
  2⤵
  PID:10236
- C:\Windows\System\GfsAGzs.exe
  C:\Windows\System\GfsAGzs.exe
  2⤵
  PID:9164
- C:\Windows\System\XoFNNtd.exe
  C:\Windows\System\XoFNNtd.exe
  2⤵
  PID:9300
- C:\Windows\System\mMmOuDi.exe
  C:\Windows\System\mMmOuDi.exe
  2⤵
  PID:9356
- C:\Windows\System\zToVARD.exe
  C:\Windows\System\zToVARD.exe
  2⤵
  PID:9424
- C:\Windows\System\NnMqtsq.exe
  C:\Windows\System\NnMqtsq.exe
  2⤵
  PID:9492
- C:\Windows\System\nbhHXLu.exe
  C:\Windows\System\nbhHXLu.exe
  2⤵
  PID:9536
- C:\Windows\System\SQSJhOm.exe
  C:\Windows\System\SQSJhOm.exe
  2⤵
  PID:9628
- C:\Windows\System\QyTQPKF.exe
  C:\Windows\System\QyTQPKF.exe
  2⤵
  PID:9644
- C:\Windows\System\JmWGWZh.exe
  C:\Windows\System\JmWGWZh.exe
  2⤵
  PID:9724
- C:\Windows\System\vUnSUWh.exe
  C:\Windows\System\vUnSUWh.exe
  2⤵
  PID:9804
- C:\Windows\System\tMJblGW.exe
  C:\Windows\System\tMJblGW.exe
  2⤵
  PID:9880
- C:\Windows\System\HAIJOtV.exe
  C:\Windows\System\HAIJOtV.exe
  2⤵
  PID:9896
- C:\Windows\System\yMScFVq.exe
  C:\Windows\System\yMScFVq.exe
  2⤵
  PID:10028
- C:\Windows\System\htifjvT.exe
  C:\Windows\System\htifjvT.exe
  2⤵
  PID:10048
- C:\Windows\System\nekAoMU.exe
  C:\Windows\System\nekAoMU.exe
  2⤵
  PID:10120
- C:\Windows\System\nZnkdDY.exe
  C:\Windows\System\nZnkdDY.exe
  2⤵
  PID:10212
- C:\Windows\System\uDJTmLg.exe
  C:\Windows\System\uDJTmLg.exe
  2⤵
  PID:9232
- C:\Windows\System\aMVSxYz.exe
  C:\Windows\System\aMVSxYz.exe
  2⤵
  PID:9304
- C:\Windows\System\ZkGnCjZ.exe
  C:\Windows\System\ZkGnCjZ.exe
  2⤵
  PID:9564
- C:\Windows\System\TEvhaAj.exe
  C:\Windows\System\TEvhaAj.exe
  2⤵
  PID:9664
- C:\Windows\System\hyddhjj.exe
  C:\Windows\System\hyddhjj.exe
  2⤵
  PID:9800
- C:\Windows\System\iqiPnOa.exe
  C:\Windows\System\iqiPnOa.exe
  2⤵
  PID:9992
- C:\Windows\System\LslErWe.exe
  C:\Windows\System\LslErWe.exe
  2⤵
  PID:10168
- C:\Windows\System\SkGNXyn.exe
  C:\Windows\System\SkGNXyn.exe
  2⤵
  PID:9464
- C:\Windows\System\IBAukAv.exe
  C:\Windows\System\IBAukAv.exe
  2⤵
  PID:9604
- C:\Windows\System\BobzicM.exe
  C:\Windows\System\BobzicM.exe
  2⤵
  PID:9932
- C:\Windows\System\DJLzUsb.exe
  C:\Windows\System\DJLzUsb.exe
  2⤵
  PID:9396
- C:\Windows\System\HasLelU.exe
  C:\Windows\System\HasLelU.exe
  2⤵
  PID:9220
- C:\Windows\System\JqqTVaD.exe
  C:\Windows\System\JqqTVaD.exe
  2⤵
  PID:10264
- C:\Windows\System\ngMipSr.exe
  C:\Windows\System\ngMipSr.exe
  2⤵
  PID:10288
- C:\Windows\System\XbFNVrk.exe
  C:\Windows\System\XbFNVrk.exe
  2⤵
  PID:10316
- C:\Windows\System\zTrEKWz.exe
  C:\Windows\System\zTrEKWz.exe
  2⤵
  PID:10348
- C:\Windows\System\yNEbCzj.exe
  C:\Windows\System\yNEbCzj.exe
  2⤵
  PID:10384
- C:\Windows\System\IWnvLTP.exe
  C:\Windows\System\IWnvLTP.exe
  2⤵
  PID:10412
- C:\Windows\System\djXHHnA.exe
  C:\Windows\System\djXHHnA.exe
  2⤵
  PID:10452
- C:\Windows\System\IlMkogv.exe
  C:\Windows\System\IlMkogv.exe
  2⤵
  PID:10480
- C:\Windows\System\mJszHwD.exe
  C:\Windows\System\mJszHwD.exe
  2⤵
  PID:10496
- C:\Windows\System\keqHpWE.exe
  C:\Windows\System\keqHpWE.exe
  2⤵
  PID:10548
- C:\Windows\System\JRqvOnD.exe
  C:\Windows\System\JRqvOnD.exe
  2⤵
  PID:10564
- C:\Windows\System\elwrfUj.exe
  C:\Windows\System\elwrfUj.exe
  2⤵
  PID:10584
- C:\Windows\System\LpURvwa.exe
  C:\Windows\System\LpURvwa.exe
  2⤵
  PID:10620
- C:\Windows\System\ZXIwWzR.exe
  C:\Windows\System\ZXIwWzR.exe
  2⤵
  PID:10636
- C:\Windows\System\tLRUWEz.exe
  C:\Windows\System\tLRUWEz.exe
  2⤵
  PID:10672
- C:\Windows\System\VozWQxm.exe
  C:\Windows\System\VozWQxm.exe
  2⤵
  PID:10696
- C:\Windows\System\dzouDCl.exe
  C:\Windows\System\dzouDCl.exe
  2⤵
  PID:10732
- C:\Windows\System\BRJlCcY.exe
  C:\Windows\System\BRJlCcY.exe
  2⤵
  PID:10760
- C:\Windows\System\SVnHWnb.exe
  C:\Windows\System\SVnHWnb.exe
  2⤵
  PID:10788
- C:\Windows\System\IQFnJTM.exe
  C:\Windows\System\IQFnJTM.exe
  2⤵
  PID:10804
- C:\Windows\System\OLztOXz.exe
  C:\Windows\System\OLztOXz.exe
  2⤵
  PID:10840
- C:\Windows\System\KMZQqaw.exe
  C:\Windows\System\KMZQqaw.exe
  2⤵
  PID:10872
- C:\Windows\System\tpJnPEi.exe
  C:\Windows\System\tpJnPEi.exe
  2⤵
  PID:10900
- C:\Windows\System\ArubtCf.exe
  C:\Windows\System\ArubtCf.exe
  2⤵
  PID:10928
- C:\Windows\System\EmNvlvD.exe
  C:\Windows\System\EmNvlvD.exe
  2⤵
  PID:10956
- C:\Windows\System\BRnLPkR.exe
  C:\Windows\System\BRnLPkR.exe
  2⤵
  PID:10984
- C:\Windows\System\ThtokQt.exe
  C:\Windows\System\ThtokQt.exe
  2⤵
  PID:11008
- C:\Windows\System\GLvBNau.exe
  C:\Windows\System\GLvBNau.exe
  2⤵
  PID:11028
- C:\Windows\System\KcXhhVQ.exe
  C:\Windows\System\KcXhhVQ.exe
  2⤵
  PID:11060
- C:\Windows\System\mWrzhSw.exe
  C:\Windows\System\mWrzhSw.exe
  2⤵
  PID:11092
- C:\Windows\System\GPQnMHl.exe
  C:\Windows\System\GPQnMHl.exe
  2⤵
  PID:11108
- C:\Windows\System\nzCguzw.exe
  C:\Windows\System\nzCguzw.exe
  2⤵
  PID:11140
- C:\Windows\System\AAehBWu.exe
  C:\Windows\System\AAehBWu.exe
  2⤵
  PID:11168
- C:\Windows\System\SncIVCL.exe
  C:\Windows\System\SncIVCL.exe
  2⤵
  PID:11208
- C:\Windows\System\ndhGspy.exe
  C:\Windows\System\ndhGspy.exe
  2⤵
  PID:11232
- C:\Windows\System\EVNbozA.exe
  C:\Windows\System\EVNbozA.exe
  2⤵
  PID:11248
- C:\Windows\System\eNKjiHU.exe
  C:\Windows\System\eNKjiHU.exe
  2⤵
  PID:10208
- C:\Windows\System\bEVAWrX.exe
  C:\Windows\System\bEVAWrX.exe
  2⤵
  PID:10276
- C:\Windows\System\mTNOptE.exe
  C:\Windows\System\mTNOptE.exe
  2⤵
  PID:10332
- C:\Windows\System\WVUCrxo.exe
  C:\Windows\System\WVUCrxo.exe
  2⤵
  PID:10404
- C:\Windows\System\GykaeTt.exe
  C:\Windows\System\GykaeTt.exe
  2⤵
  PID:10488
- C:\Windows\System\FsqPxWk.exe
  C:\Windows\System\FsqPxWk.exe
  2⤵
  PID:10556
- C:\Windows\System\wezIJQp.exe
  C:\Windows\System\wezIJQp.exe
  2⤵
  PID:10628
- C:\Windows\System\KQtQEno.exe
  C:\Windows\System\KQtQEno.exe
  2⤵
  PID:10680
- C:\Windows\System\QfPjjmc.exe
  C:\Windows\System\QfPjjmc.exe
  2⤵
  PID:10716
- C:\Windows\System\YnVBSdC.exe
  C:\Windows\System\YnVBSdC.exe
  2⤵
  PID:10780
- C:\Windows\System\NwrAWJM.exe
  C:\Windows\System\NwrAWJM.exe
  2⤵
  PID:10816
- C:\Windows\System\RmDzTze.exe
  C:\Windows\System\RmDzTze.exe
  2⤵
  PID:10924
- C:\Windows\System\DVuftpv.exe
  C:\Windows\System\DVuftpv.exe
  2⤵
  PID:11024
- C:\Windows\System\DfiJEEe.exe
  C:\Windows\System\DfiJEEe.exe
  2⤵
  PID:11072
- C:\Windows\System\NDKCrvI.exe
  C:\Windows\System\NDKCrvI.exe
  2⤵
  PID:11152
- C:\Windows\System\dSESmaE.exe
  C:\Windows\System\dSESmaE.exe
  2⤵
  PID:11224
- C:\Windows\System\dYWWrNx.exe
  C:\Windows\System\dYWWrNx.exe
  2⤵
  PID:9720
- C:\Windows\System\SpHsRMZ.exe
  C:\Windows\System\SpHsRMZ.exe
  2⤵
  PID:10280
- C:\Windows\System\ENvTPYD.exe
  C:\Windows\System\ENvTPYD.exe
  2⤵
  PID:10464
- C:\Windows\System\IlHupPS.exe
  C:\Windows\System\IlHupPS.exe
  2⤵
  PID:10728
- C:\Windows\System\QDsxLKc.exe
  C:\Windows\System\QDsxLKc.exe
  2⤵
  PID:10868
- C:\Windows\System\HhAKvgY.exe
  C:\Windows\System\HhAKvgY.exe
  2⤵
  PID:11020
- C:\Windows\System\SRltCme.exe
  C:\Windows\System\SRltCme.exe
  2⤵
  PID:9936
- C:\Windows\System\axVFCiX.exe
  C:\Windows\System\axVFCiX.exe
  2⤵
  PID:10356
- C:\Windows\System\RftZKrC.exe
  C:\Windows\System\RftZKrC.exe
  2⤵
  PID:10664
- C:\Windows\System\ljUEiUW.exe
  C:\Windows\System\ljUEiUW.exe
  2⤵
  PID:11200
- C:\Windows\System\uJYNcae.exe
  C:\Windows\System\uJYNcae.exe
  2⤵
  PID:10612
- C:\Windows\System\kUhicPg.exe
  C:\Windows\System\kUhicPg.exe
  2⤵
  PID:10968
- C:\Windows\System\GhVNEkd.exe
  C:\Windows\System\GhVNEkd.exe
  2⤵
  PID:11312
- C:\Windows\System\XaQvQOF.exe
  C:\Windows\System\XaQvQOF.exe
  2⤵
  PID:11328
- C:\Windows\System\qDzHcAT.exe
  C:\Windows\System\qDzHcAT.exe
  2⤵
  PID:11356
- C:\Windows\System\BXifOcQ.exe
  C:\Windows\System\BXifOcQ.exe
  2⤵
  PID:11384
- C:\Windows\System\yFfjYye.exe
  C:\Windows\System\yFfjYye.exe
  2⤵
  PID:11412
- C:\Windows\System\HYbWtnp.exe
  C:\Windows\System\HYbWtnp.exe
  2⤵
  PID:11440
- C:\Windows\System\VQTIERf.exe
  C:\Windows\System\VQTIERf.exe
  2⤵
  PID:11468
- C:\Windows\System\pTLjGkC.exe
  C:\Windows\System\pTLjGkC.exe
  2⤵
  PID:11496
- C:\Windows\System\JjZxHXa.exe
  C:\Windows\System\JjZxHXa.exe
  2⤵
  PID:11524
- C:\Windows\System\CZMLYNp.exe
  C:\Windows\System\CZMLYNp.exe
  2⤵
  PID:11552
- C:\Windows\System\LszqrTj.exe
  C:\Windows\System\LszqrTj.exe
  2⤵
  PID:11576
- C:\Windows\System\cNbcyQI.exe
  C:\Windows\System\cNbcyQI.exe
  2⤵
  PID:11596
- C:\Windows\System\knvMZTW.exe
  C:\Windows\System\knvMZTW.exe
  2⤵
  PID:11616
- C:\Windows\System\bZkVOCB.exe
  C:\Windows\System\bZkVOCB.exe
  2⤵
  PID:11640
- C:\Windows\System\DIuUTMk.exe
  C:\Windows\System\DIuUTMk.exe
  2⤵
  PID:11668
- C:\Windows\System\rXnMydg.exe
  C:\Windows\System\rXnMydg.exe
  2⤵
  PID:11708
- C:\Windows\System\NaURvYf.exe
  C:\Windows\System\NaURvYf.exe
  2⤵
  PID:11736
- C:\Windows\System\ZGglDvL.exe
  C:\Windows\System\ZGglDvL.exe
  2⤵
  PID:11776
- C:\Windows\System\lazfjuH.exe
  C:\Windows\System\lazfjuH.exe
  2⤵
  PID:11792
- C:\Windows\System\oBpkKvc.exe
  C:\Windows\System\oBpkKvc.exe
  2⤵
  PID:11820
- C:\Windows\System\ypAFZZN.exe
  C:\Windows\System\ypAFZZN.exe
  2⤵
  PID:11836
- C:\Windows\System\GvgOPQY.exe
  C:\Windows\System\GvgOPQY.exe
  2⤵
  PID:11876
- C:\Windows\System\AcXopkt.exe
  C:\Windows\System\AcXopkt.exe
  2⤵
  PID:11892
- C:\Windows\System\nUUmLxk.exe
  C:\Windows\System\nUUmLxk.exe
  2⤵
  PID:11932
- C:\Windows\System\ZLXNguc.exe
  C:\Windows\System\ZLXNguc.exe
  2⤵
  PID:11956
- C:\Windows\System\vGabcxy.exe
  C:\Windows\System\vGabcxy.exe
  2⤵
  PID:11988
- C:\Windows\System\OHmqwPi.exe
  C:\Windows\System\OHmqwPi.exe
  2⤵
  PID:12004
- C:\Windows\System\TtbumyY.exe
  C:\Windows\System\TtbumyY.exe
  2⤵
  PID:12032
- C:\Windows\System\WHfPHiy.exe
  C:\Windows\System\WHfPHiy.exe
  2⤵
  PID:12052
- C:\Windows\System\cpBKEjA.exe
  C:\Windows\System\cpBKEjA.exe
  2⤵
  PID:12072
- C:\Windows\System\oQjoYak.exe
  C:\Windows\System\oQjoYak.exe
  2⤵
  PID:12096
- C:\Windows\System\ICbHRkJ.exe
  C:\Windows\System\ICbHRkJ.exe
  2⤵
  PID:12124
- C:\Windows\System\cAJrRPF.exe
  C:\Windows\System\cAJrRPF.exe
  2⤵
  PID:12160
- C:\Windows\System\wdsPOqV.exe
  C:\Windows\System\wdsPOqV.exe
  2⤵
  PID:12200
- C:\Windows\System\oENqFUQ.exe
  C:\Windows\System\oENqFUQ.exe
  2⤵
  PID:12224
- C:\Windows\System\ohgscOe.exe
  C:\Windows\System\ohgscOe.exe
  2⤵
  PID:12256
- C:\Windows\System\vsPbwpN.exe
  C:\Windows\System\vsPbwpN.exe
  2⤵
  PID:11292
- C:\Windows\System\xuIvIOe.exe
  C:\Windows\System\xuIvIOe.exe
  2⤵
  PID:11320
- C:\Windows\System\DbOYDyh.exe
  C:\Windows\System\DbOYDyh.exe
  2⤵
  PID:11368
- C:\Windows\System\RqEDklq.exe
  C:\Windows\System\RqEDklq.exe
  2⤵
  PID:11432
- C:\Windows\System\iEkdYzS.exe
  C:\Windows\System\iEkdYzS.exe
  2⤵
  PID:11508
- C:\Windows\System\kmpbCLG.exe
  C:\Windows\System\kmpbCLG.exe
  2⤵
  PID:11540
- C:\Windows\System\CTluKjK.exe
  C:\Windows\System\CTluKjK.exe
  2⤵
  PID:11680
- C:\Windows\System\UrdfIzP.exe
  C:\Windows\System\UrdfIzP.exe
  2⤵
  PID:11700
- C:\Windows\System\wJFhwLU.exe
  C:\Windows\System\wJFhwLU.exe
  2⤵
  PID:11768
- C:\Windows\System\Mtjodqq.exe
  C:\Windows\System\Mtjodqq.exe
  2⤵
  PID:11808
- C:\Windows\System\ZyjXruJ.exe
  C:\Windows\System\ZyjXruJ.exe
  2⤵
  PID:11912
- C:\Windows\System\zLLlpSh.exe
  C:\Windows\System\zLLlpSh.exe
  2⤵
  PID:11980
- C:\Windows\System\CVCyJWm.exe
  C:\Windows\System\CVCyJWm.exe
  2⤵
  PID:12060
- C:\Windows\System\dUUxoJB.exe
  C:\Windows\System\dUUxoJB.exe
  2⤵
  PID:12168
- C:\Windows\System\yOHzOXL.exe
  C:\Windows\System\yOHzOXL.exe
  2⤵
  PID:12212
- C:\Windows\System\rfouLnY.exe
  C:\Windows\System\rfouLnY.exe
  2⤵
  PID:11308
- C:\Windows\System\yUcKnvR.exe
  C:\Windows\System\yUcKnvR.exe
  2⤵
  PID:11352
- C:\Windows\System\JKeyrJy.exe
  C:\Windows\System\JKeyrJy.exe
  2⤵
  PID:11488
- C:\Windows\System\lbqlKAo.exe
  C:\Windows\System\lbqlKAo.exe
  2⤵
  PID:11584
- C:\Windows\System\ZFLfyvm.exe
  C:\Windows\System\ZFLfyvm.exe
  2⤵
  PID:11732
- C:\Windows\System\qkowdkU.exe
  C:\Windows\System\qkowdkU.exe
  2⤵
  PID:11804
- C:\Windows\System\FVFeSoi.exe
  C:\Windows\System\FVFeSoi.exe
  2⤵
  PID:12040
- C:\Windows\System\pvWzTzZ.exe
  C:\Windows\System\pvWzTzZ.exe
  2⤵
  PID:12192
- C:\Windows\System\oxrbkda.exe
  C:\Windows\System\oxrbkda.exe
  2⤵
  PID:12284
- C:\Windows\System\cCYqoFB.exe
  C:\Windows\System\cCYqoFB.exe
  2⤵
  PID:11692
- C:\Windows\System\ViEVzqm.exe
  C:\Windows\System\ViEVzqm.exe
  2⤵
  PID:11948
- C:\Windows\System\TmKcLPw.exe
  C:\Windows\System\TmKcLPw.exe
  2⤵
  PID:11460
- C:\Windows\System\wlWxYSP.exe
  C:\Windows\System\wlWxYSP.exe
  2⤵
  PID:11380
- C:\Windows\System\mfADUTJ.exe
  C:\Windows\System\mfADUTJ.exe
  2⤵
  PID:12320
- C:\Windows\System\vdvRBcm.exe
  C:\Windows\System\vdvRBcm.exe
  2⤵
  PID:12344
- C:\Windows\System\VlcZsPI.exe
  C:\Windows\System\VlcZsPI.exe
  2⤵
  PID:12364
- C:\Windows\System\gzIHplV.exe
  C:\Windows\System\gzIHplV.exe
  2⤵
  PID:12428
- C:\Windows\System\UeNQYUI.exe
  C:\Windows\System\UeNQYUI.exe
  2⤵
  PID:12444
- C:\Windows\System\VMqxYUa.exe
  C:\Windows\System\VMqxYUa.exe
  2⤵
  PID:12464
- C:\Windows\System\TmmLPRK.exe
  C:\Windows\System\TmmLPRK.exe
  2⤵
  PID:12488
- C:\Windows\System\ibtWFln.exe
  C:\Windows\System\ibtWFln.exe
  2⤵
  PID:12512
- C:\Windows\System\TwbSTLO.exe
  C:\Windows\System\TwbSTLO.exe
  2⤵
  PID:12532
- C:\Windows\System\NFMUral.exe
  C:\Windows\System\NFMUral.exe
  2⤵
  PID:12564
- C:\Windows\System\xDUYZwB.exe
  C:\Windows\System\xDUYZwB.exe
  2⤵
  PID:12592
- C:\Windows\System\WGnwwYq.exe
  C:\Windows\System\WGnwwYq.exe
  2⤵
  PID:12632
- C:\Windows\System\zNJuNxm.exe
  C:\Windows\System\zNJuNxm.exe
  2⤵
  PID:12660
- C:\Windows\System\lmVxsno.exe
  C:\Windows\System\lmVxsno.exe
  2⤵
  PID:12692
- C:\Windows\System\CuBxLPN.exe
  C:\Windows\System\CuBxLPN.exe
  2⤵
  PID:12720
- C:\Windows\System\UCDxRiU.exe
  C:\Windows\System\UCDxRiU.exe
  2⤵
  PID:12744
- C:\Windows\System\sDcjAfr.exe
  C:\Windows\System\sDcjAfr.exe
  2⤵
  PID:12772
- C:\Windows\System\ONBkzRi.exe
  C:\Windows\System\ONBkzRi.exe
  2⤵
  PID:12792
- C:\Windows\System\MJnzNJQ.exe
  C:\Windows\System\MJnzNJQ.exe
  2⤵
  PID:12812
- C:\Windows\System\OvYPhxM.exe
  C:\Windows\System\OvYPhxM.exe
  2⤵
  PID:12844
- C:\Windows\System\kFUBrWg.exe
  C:\Windows\System\kFUBrWg.exe
  2⤵
  PID:12868
- C:\Windows\System\BJSIpHK.exe
  C:\Windows\System\BJSIpHK.exe
  2⤵
  PID:12884
- C:\Windows\System\dELWOjQ.exe
  C:\Windows\System\dELWOjQ.exe
  2⤵
  PID:12916
- C:\Windows\System\xPOFmlk.exe
  C:\Windows\System\xPOFmlk.exe
  2⤵
  PID:12944
- C:\Windows\System\kqcaCtu.exe
  C:\Windows\System\kqcaCtu.exe
  2⤵
  PID:12968
- C:\Windows\System\NcQIRdu.exe
  C:\Windows\System\NcQIRdu.exe
  2⤵
  PID:13000
- C:\Windows\System\hbSjyGG.exe
  C:\Windows\System\hbSjyGG.exe
  2⤵
  PID:13032
- C:\Windows\System\JAltqIN.exe
  C:\Windows\System\JAltqIN.exe
  2⤵
  PID:13072
- C:\Windows\System\bOxLIBh.exe
  C:\Windows\System\bOxLIBh.exe
  2⤵
  PID:13100
- C:\Windows\System\NSjJEYf.exe
  C:\Windows\System\NSjJEYf.exe
  2⤵
  PID:13136
- C:\Windows\System\LptKvUa.exe
  C:\Windows\System\LptKvUa.exe
  2⤵
  PID:13160
- C:\Windows\System\AJEpBJJ.exe
  C:\Windows\System\AJEpBJJ.exe
  2⤵
  PID:13188
- C:\Windows\System\IPYJRYq.exe
  C:\Windows\System\IPYJRYq.exe
  2⤵
  PID:13208
- C:\Windows\System\Qhpkviq.exe
  C:\Windows\System\Qhpkviq.exe
  2⤵
  PID:13248
- C:\Windows\System\duRZkSU.exe
  C:\Windows\System\duRZkSU.exe
  2⤵
  PID:13280
- C:\Windows\System\KaQvCgz.exe
  C:\Windows\System\KaQvCgz.exe
  2⤵
  PID:13304
- C:\Windows\System\GvVRGjF.exe
  C:\Windows\System\GvVRGjF.exe
  2⤵
  PID:12308
- C:\Windows\System\SEMqwiw.exe
  C:\Windows\System\SEMqwiw.exe
  2⤵
  PID:12332
- C:\Windows\System\djyMUGv.exe
  C:\Windows\System\djyMUGv.exe
  2⤵
  PID:12396
- C:\Windows\System\rqAAxKm.exe
  C:\Windows\System\rqAAxKm.exe
  2⤵
  PID:12484
- C:\Windows\System\OYLIgMp.exe
  C:\Windows\System\OYLIgMp.exe
  2⤵
  PID:12504
- C:\Windows\System\zAqCTkR.exe
  C:\Windows\System\zAqCTkR.exe
  2⤵
  PID:12612
- C:\Windows\System\LHCYtWB.exe
  C:\Windows\System\LHCYtWB.exe
  2⤵
  PID:12676
- C:\Windows\System\HujzUez.exe
  C:\Windows\System\HujzUez.exe
  2⤵
  PID:12740
- C:\Windows\System\xYiKgqc.exe
  C:\Windows\System\xYiKgqc.exe
  2⤵
  PID:12864
- C:\Windows\System\jhNayuP.exe
  C:\Windows\System\jhNayuP.exe
  2⤵
  PID:12856
- C:\Windows\System\OcJreGC.exe
  C:\Windows\System\OcJreGC.exe
  2⤵
  PID:12896
- C:\Windows\System\DXvOQCi.exe
  C:\Windows\System\DXvOQCi.exe
  2⤵
  PID:13028
- C:\Windows\System\VMCEnrv.exe
  C:\Windows\System\VMCEnrv.exe
  2⤵
  PID:13128
- C:\Windows\System\ZvQSMsr.exe
  C:\Windows\System\ZvQSMsr.exe
  2⤵
  PID:13168
- C:\Windows\System\iFJhPzj.exe
  C:\Windows\System\iFJhPzj.exe
  2⤵
  PID:13196
- C:\Windows\System\rZhjSPA.exe
  C:\Windows\System\rZhjSPA.exe
  2⤵
  PID:13296
- C:\Windows\System\EOwPLbq.exe
  C:\Windows\System\EOwPLbq.exe
  2⤵
  PID:12336
- C:\Windows\System\UFZrSrR.exe
  C:\Windows\System\UFZrSrR.exe
  2⤵
  PID:12460
- C:\Windows\System\aRjUJmO.exe
  C:\Windows\System\aRjUJmO.exe
  2⤵
  PID:12500
- C:\Windows\System\kIzsjPJ.exe
  C:\Windows\System\kIzsjPJ.exe
  2⤵
  PID:12656
- C:\Windows\System\PWsvxsy.exe
  C:\Windows\System\PWsvxsy.exe
  2⤵
  PID:12828
- C:\Windows\System\kpjkMbh.exe
  C:\Windows\System\kpjkMbh.exe
  2⤵
  PID:13020
- C:\Windows\System\ydqDlgB.exe
  C:\Windows\System\ydqDlgB.exe
  2⤵
  PID:13300
- C:\Windows\System\jPquGWl.exe
  C:\Windows\System\jPquGWl.exe
  2⤵
  PID:12380
- C:\Windows\System\LGdNFSU.exe
  C:\Windows\System\LGdNFSU.exe
  2⤵
  PID:12732
- C:\Windows\System\gvUVaTA.exe
  C:\Windows\System\gvUVaTA.exe
  2⤵
  PID:12672
- C:\Windows\System\lPzJyOG.exe
  C:\Windows\System\lPzJyOG.exe
  2⤵
  PID:13340
- C:\Windows\System\LRjrQiQ.exe
  C:\Windows\System\LRjrQiQ.exe
  2⤵
  PID:13360
- C:\Windows\System\qovktCI.exe
  C:\Windows\System\qovktCI.exe
  2⤵
  PID:13380
- C:\Windows\System\FJvphgw.exe
  C:\Windows\System\FJvphgw.exe
  2⤵
  PID:13416
- C:\Windows\System\PeeKBOT.exe
  C:\Windows\System\PeeKBOT.exe
  2⤵
  PID:13440
- C:\Windows\System\AVkdPEG.exe
  C:\Windows\System\AVkdPEG.exe
  2⤵
  PID:13476
- C:\Windows\System\XkFDbxj.exe
  C:\Windows\System\XkFDbxj.exe
  2⤵
  PID:13504
- C:\Windows\System\SSaXAGM.exe
  C:\Windows\System\SSaXAGM.exe
  2⤵
  PID:13520
- C:\Windows\System\JtPgZAC.exe
  C:\Windows\System\JtPgZAC.exe
  2⤵
  PID:13552
- C:\Windows\System\xOTsFGi.exe
  C:\Windows\System\xOTsFGi.exe
  2⤵
  PID:13576
- C:\Windows\System\YHNDZcA.exe
  C:\Windows\System\YHNDZcA.exe
  2⤵
  PID:13604
- C:\Windows\System\OKqXRtm.exe
  C:\Windows\System\OKqXRtm.exe
  2⤵
  PID:13632
- C:\Windows\System\ZQmOMJh.exe
  C:\Windows\System\ZQmOMJh.exe
  2⤵
  PID:13668
- C:\Windows\System\KPqExCv.exe
  C:\Windows\System\KPqExCv.exe
  2⤵
  PID:13692
- C:\Windows\System\zAZpEle.exe
  C:\Windows\System\zAZpEle.exe
  2⤵
  PID:13728
- C:\Windows\System\uitCLoE.exe
  C:\Windows\System\uitCLoE.exe
  2⤵
  PID:13748
- C:\Windows\System\aomwnIL.exe
  C:\Windows\System\aomwnIL.exe
  2⤵
  PID:13784
- C:\Windows\System\gfXrxAG.exe
  C:\Windows\System\gfXrxAG.exe
  2⤵
  PID:13816
- C:\Windows\System\SwcVaCR.exe
  C:\Windows\System\SwcVaCR.exe
  2⤵
  PID:13852
- C:\Windows\System\sXcwWld.exe
  C:\Windows\System\sXcwWld.exe
  2⤵
  PID:13872
- C:\Windows\System\JGWOhWM.exe
  C:\Windows\System\JGWOhWM.exe
  2⤵
  PID:13900
- C:\Windows\System\IdwPkyI.exe
  C:\Windows\System\IdwPkyI.exe
  2⤵
  PID:13916
- C:\Windows\System\iEFUIBn.exe
  C:\Windows\System\iEFUIBn.exe
  2⤵
  PID:13948
- C:\Windows\System\uRJtgLO.exe
  C:\Windows\System\uRJtgLO.exe
  2⤵
  PID:13980
- C:\Windows\System\XhhyihI.exe
  C:\Windows\System\XhhyihI.exe
  2⤵
  PID:14004
- C:\Windows\System\WABoOmO.exe
  C:\Windows\System\WABoOmO.exe
  2⤵
  PID:14040
- C:\Windows\System\jgOfkVz.exe
  C:\Windows\System\jgOfkVz.exe
  2⤵
  PID:14080
- C:\Windows\System\tLbGhPn.exe
  C:\Windows\System\tLbGhPn.exe
  2⤵
  PID:14108
- C:\Windows\System\KBnsgpn.exe
  C:\Windows\System\KBnsgpn.exe
  2⤵
  PID:14136
- C:\Windows\System\RIehZVL.exe
  C:\Windows\System\RIehZVL.exe
  2⤵
  PID:14164
- C:\Windows\System\huNtRTA.exe
  C:\Windows\System\huNtRTA.exe
  2⤵
  PID:14184
- C:\Windows\System\xLSzxfl.exe
  C:\Windows\System\xLSzxfl.exe
  2⤵
  PID:14208
- C:\Windows\System\bKMtNZY.exe
  C:\Windows\System\bKMtNZY.exe
  2⤵
  PID:14224
- C:\Windows\System\TNxbevz.exe
  C:\Windows\System\TNxbevz.exe
  2⤵
  PID:14260
- C:\Windows\System\XRQJLSW.exe
  C:\Windows\System\XRQJLSW.exe
  2⤵
  PID:14284
- C:\Windows\System\URVmTDw.exe
  C:\Windows\System\URVmTDw.exe
  2⤵
  PID:14320
- C:\Windows\System\cCwIEqa.exe
  C:\Windows\System\cCwIEqa.exe
  2⤵
  PID:13044
- C:\Windows\System\AMfIERQ.exe
  C:\Windows\System\AMfIERQ.exe
  2⤵
  PID:13352
- C:\Windows\System\RTeVbHu.exe
  C:\Windows\System\RTeVbHu.exe
  2⤵
  PID:13372
- C:\Windows\System\HAosEhr.exe
  C:\Windows\System\HAosEhr.exe
  2⤵
  PID:13464
- C:\Windows\System\EsUaYMg.exe
  C:\Windows\System\EsUaYMg.exe
  2⤵
  PID:13532
- C:\Windows\System\YQhIcMg.exe
  C:\Windows\System\YQhIcMg.exe
  2⤵
  PID:13620
- C:\Windows\System\ITXbsZv.exe
  C:\Windows\System\ITXbsZv.exe
  2⤵
  PID:13628
- C:\Windows\System\kaliyic.exe
  C:\Windows\System\kaliyic.exe
  2⤵
  PID:13744
- C:\Windows\System\LRcmUCu.exe
  C:\Windows\System\LRcmUCu.exe
  2⤵
  PID:13800
- C:\Windows\System\QyGYbXG.exe
  C:\Windows\System\QyGYbXG.exe
  2⤵
  PID:4804
- C:\Windows\System\InZwTLg.exe
  C:\Windows\System\InZwTLg.exe
  2⤵
  PID:13868
- C:\Windows\System\twUoTrv.exe
  C:\Windows\System\twUoTrv.exe
  2⤵
  PID:13932
- C:\Windows\System\RvJltAj.exe
  C:\Windows\System\RvJltAj.exe
  2⤵
  PID:14012
- C:\Windows\System\zOgrVGt.exe
  C:\Windows\System\zOgrVGt.exe
  2⤵
  PID:14052
- C:\Windows\System\GCemahK.exe
  C:\Windows\System\GCemahK.exe
  2⤵
  PID:14132
- C:\Windows\System\WuqdqdO.exe
  C:\Windows\System\WuqdqdO.exe
  2⤵
  PID:14196
- C:\Windows\System\tlflpXS.exe
  C:\Windows\System\tlflpXS.exe
  2⤵
  PID:14220
- C:\Windows\System\gAdGsBQ.exe
  C:\Windows\System\gAdGsBQ.exe
  2⤵
  PID:14332
- C:\Windows\System\isCXCNf.exe
  C:\Windows\System\isCXCNf.exe
  2⤵
  PID:12296
- C:\Windows\System\NmzNNVr.exe
  C:\Windows\System\NmzNNVr.exe
  2⤵
  PID:13564
- C:\Windows\System\QQOhzXb.exe
  C:\Windows\System\QQOhzXb.exe
  2⤵
  PID:12620
- C:\Windows\System\HZQAKMy.exe
  C:\Windows\System\HZQAKMy.exe
  2⤵
  PID:13796
- C:\Windows\System\gMoZiou.exe
  C:\Windows\System\gMoZiou.exe
  2⤵
  PID:13892
- C:\Windows\System\wqoPuVk.exe
  C:\Windows\System\wqoPuVk.exe
  2⤵
  PID:14072
- C:\Windows\System\PFvYQSA.exe
  C:\Windows\System\PFvYQSA.exe
  2⤵
  PID:14148
- C:\Windows\System\DpoXyGd.exe
  C:\Windows\System\DpoXyGd.exe
  2⤵
  PID:13328
- C:\Windows\System\siZRktf.exe
  C:\Windows\System\siZRktf.exe
  2⤵
  PID:13404
- C:\Windows\System\yuhNqGM.exe
  C:\Windows\System\yuhNqGM.exe
  2⤵
  PID:13836
- C:\Windows\System\zNmzTcg.exe
  C:\Windows\System\zNmzTcg.exe
  2⤵
  PID:13656
- C:\Windows\System\anItCKX.exe
  C:\Windows\System\anItCKX.exe
  2⤵
  PID:13860
- C:\Windows\System\gLulPWs.exe
  C:\Windows\System\gLulPWs.exe
  2⤵
  PID:14340
- C:\Windows\System\wlmaRbG.exe
  C:\Windows\System\wlmaRbG.exe
  2⤵
  PID:14368
- C:\Windows\System\AdELzOt.exe
  C:\Windows\System\AdELzOt.exe
  2⤵
  PID:14404

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CpFvZGB.exe

Filesize
2.1MB

MD5
94137b105bfbf5fdbc596f684219289e

SHA1
180595b945b08ac1b9c64efe68dbaeca36707728

SHA256
a16c877e2b845a2dbc2d5823d47a18691514dbf477ff4f3e7e77486b7c207be1

SHA512
db8aa3eb5acbf20d2771f687826810fd092839493a09babb92eb6cf60d9aa3b8b82ac3833d0c158e8f5c983cb6c9d14ec41253e034a58c69947f45072239d787

Download Submit
C:\Windows\System\DTqqiDE.exe

Filesize
2.1MB

MD5
85826904602fe7b419f32a3fde41aba0

SHA1
e5abc7b70fbedbe6a6ea2e132d5f7e7ec2cf0572

SHA256
53f7ae65ef7acad657676d6ed47e996f879b9b03ae6a2da427e6d3497de3bd13

SHA512
76174702207eaf5a727abf5db9f78ba3fb69dc5339057e986b4601badc5c10ed8c625e330b8cb3c771cad61bdecfb393198c310ccdfeb2c84e90a91d977331a5

Download Submit
C:\Windows\System\IOnRXmc.exe

Filesize
2.1MB

MD5
23567cc8fd8834dde0fe6cc54bebcd2b

SHA1
37b889d69574a300de5f05710cee01d15ed35abc

SHA256
ba68a7cffcb52929c204840c8ed0082f93ebec1a8943d0a09bb3e2903ce43631

SHA512
56bd9b48854ccd996c80ccb970ab5991aab33613fb9ac9ba813aaa52b5ab960083a3714fecb99626f7e60becc5083a89479fe21bd8278428d2d8a76fc07151b0

Download Submit
C:\Windows\System\NUWHoGA.exe

Filesize
2.1MB

MD5
af4d7b8f39950c22e4016f2548cc608a

SHA1
07fea449ebb4db0a439b7d0aa2ac2861a97995b5

SHA256
f150632724e2c72043d84132bff7489f5f67b4cae3fc6cb6592dbba01626697c

SHA512
c53e95a527484ad37c4a8448d4048d36bc5c177dd48dd3d049f6b83408fb907faffc7f35d4040a60ba3dc2c07f8f91d103b6657fcd181915c491e21958390ab8

Download Submit
C:\Windows\System\NmGFZWy.exe

Filesize
2.1MB

MD5
100a85bd8815578e3ca35146fe7b22c1

SHA1
51cfa45c92f7ccd7ac0c5272e4fa3bf2b1948712

SHA256
278cf944123488c8d9f7294e39d494d89c19c80b1a16059f8102f57acdc49056

SHA512
6faa373c7f79619de59acfc9aee6c2e221a35c892b862a036dcc4f92813d54a4f4cacbf1fe84ba14b2edeeb16d8b80e53c84f06b6cf2adfbaeb63369d352ae78

Download Submit
C:\Windows\System\OPWUYxS.exe

Filesize
2.1MB

MD5
718a6d159e899ca34b65fe5e8fc49f7f

SHA1
7a82a8d3d7c311827e76cd1b43cd83ab85b081bb

SHA256
a5c4ff01334607a45a7eb39f94b34d75c2b5f0ce6be4a95f76525f637415b59f

SHA512
53c60263c9ad99efdb9557f6a38053821a9f9eb692c909789eb17087fc0152190005edcd0cac0c1fddf12c2730614f10bb8007c8ff83e21d8db5e09c15177c13

Download Submit
C:\Windows\System\OYWBXoB.exe

Filesize
2.1MB

MD5
1be77576f4eb7481693d4a151fe4cc64

SHA1
5fa961002dc541cdf30d31f046e2c317e4359c12

SHA256
fde9483678216364b000ab080940498ac546e5d9e2829523485d441bc11ea1f3

SHA512
d447b4eadbe087723956ce95ee7230830a2d4914d99ccc9264b054751dbb599e90d50d92e68902d6e53ef6a91a6d96bcfa94dee805b897d3caaaf7be08c73caa

Download Submit
C:\Windows\System\ToAZAjA.exe

Filesize
2.1MB

MD5
388899a4150c3ffe723b88404399993c

SHA1
4e53f0efbe7c8e0b4ada033c8e11009701235fa0

SHA256
2c9a9888bc71cfd8cd4a9766c21b53fc66db38a1e1d253d9e28b6fe2b595c4c7

SHA512
f6f7af22033a625f080b93ee912309773d2fe28d39a3337380d5beefec2ee2d63555f916b745fd541b924ba912dd0d55101b12dbea431f5aa4b1c339d4120d73

Download Submit
C:\Windows\System\UhfIOCH.exe

Filesize
2.1MB

MD5
c50413425184251345bf02a80021041d

SHA1
c3079e821833d61ee146056d022559c7c56b1f3c

SHA256
51679c5b9cc62996178e880297f7e05f20f8f1189f2fc39a43f8f00e1f737475

SHA512
e3fa78364eed380317d6afcfa901df648f68c4acf6c7956ff30b22ea381e6599ac46cb44bc5a831d805616cd12cfb71da0a3051e843bb9ae68327eef6a6b5091

Download Submit
C:\Windows\System\UibcUSD.exe

Filesize
2.1MB

MD5
f35efc90520b52aa851883c38304f3bc

SHA1
2f1e6b7544e355447fa215959e29e96fe89da2ac

SHA256
831e699cb63e69def586aa3de0baefc088389de14135bc0145196ee603f64417

SHA512
0be28c6b1ac886a5d6f315cc03921ce2a3eba78d622932aa4facaacd4458baf794ea6d19fce59c24e4aedb3b4b0878ff530bfc8bb74bda30077bcb881835cfa4

Download Submit
C:\Windows\System\WjHjijn.exe

Filesize
2.1MB

MD5
53281cea765545030c808b16f1835724

SHA1
56151b164d9f2a5ff379507bed87be809d729c96

SHA256
e7f1534c33c2d9a287cdd07602735816355af24f6d9bc1a4a94fd8879f743c55

SHA512
0a47f4663c0cf4b4ec4d261cc59134ae076667427100cedc8ffcd2c4c570cace25ceeb7b186caa068e8f997989d6fe296453c7d45dc0823f92215db23e2ed5b5

Download Submit
C:\Windows\System\XECOIAU.exe

Filesize
2.1MB

MD5
552b2bf6ca4d29f50d10589b33ed313d

SHA1
3a80363cd8052aa0988dc6ccfac53bbac04b7898

SHA256
6a9599a6306004996e5fea4b63d7591f7d243b036fd7f781db60378496e66d2d

SHA512
bebeaf56a6e6197d96c83bfda882c45a61ac6e63d24eca2fb00eb37e9a08dea97ce4a0b3dff977f3805e4da418b0c38d91ba00e59b94824d19a29f2b65c99b0e

Download Submit
C:\Windows\System\ZKQsdKw.exe

Filesize
2.1MB

MD5
a7d86c15a29428f577d93234cd5d2d8b

SHA1
3b61c7e388bc4fd51db9d46524ccc1b18749c939

SHA256
5e52c7f6ec9ad9a6666465190c0c5229b253d4b35a33368d2321d28879176aba

SHA512
514fbbae5a83e9313d8aa612806d42bac278a32bb86502395d58790ec754a8b4b8ac9966d07bb33921e8ab25c1ac0d65024e6f7c8919aef508332f0aca2537ee

Download Submit
C:\Windows\System\dMneKaz.exe

Filesize
2.1MB

MD5
bfd657f4693e6fad71242e8b7308cb76

SHA1
48b352d3906f94b916ccac294806914738404444

SHA256
36a547611ba36a30e29aa6d232c4a2e0ea3b3f769897e795d23abd023953a7e1

SHA512
0cf5543638cfbba179f05b52c3e3bdac013b9111fdf74f146046a5366dedb42a94e6155127eb0baab1d8b219c01698a86ca60914a5d3902fe99c110c44a2a00c

Download Submit
C:\Windows\System\dXOiqOn.exe

Filesize
2.1MB

MD5
a1c301df8e6bbf930355a84db4d39ee8

SHA1
253a4a75a618a20d27e2b8c2193d1e8973f88a76

SHA256
f6d7a43652c45a603fe9cbed8dc4c4edb9f44cb7126b2ff6dc183c4e16e0ff08

SHA512
cf294f614ce84df88fa4b7a85b27ee346101b05bff6d1207ffe91b9f4d07c98b50d573c2c2265e87e1c1d3db3837ddc72f2a6b2bb2002ef506e2dc9441ff6544

Download Submit
C:\Windows\System\kLuMPba.exe

Filesize
2.1MB

MD5
db41ea77502dab726142af6514da5f1b

SHA1
4972ef8b4ac0b1fde6c76b153c743e4ded0e99d4

SHA256
aa4434a18966aab9a1f5e444978503e4478ac5089152f1e7d59be3d1f13d47b8

SHA512
3f995326cd3f155b41e8d6c512b6bd4161cb5bec572f3f411a64b7c4d3507c60ed4869a327176f28a1aa7febf67cf8b51ea73ada2e6e2620d90ac34633c1875a

Download Submit
C:\Windows\System\mIuAjoS.exe

Filesize
2.1MB

MD5
dd8c389c700e9c3eabe7c1e60cb40b4c

SHA1
594b611ae248a7126a73fc2d158342e044c338fe

SHA256
15e8516fbfe5f2795eaf1a24c04a22fda7d3c19f268ec49cd6991ffee546b1ec

SHA512
14ef9a971db8bc662a069ec174af5246c6954212e811448d249878cf1865e29431213d2d769c43a2d85b56600346e23f3a7fe01e703c3b756a8a21ee832c0be6

Download Submit
C:\Windows\System\oABXSES.exe

Filesize
2.1MB

MD5
47b73b32607a3be9680d20e7b0b44f13

SHA1
b183594db1a326a50c78b000edc06c7764f91104

SHA256
ad27a3d2cf1e70f868200d429b08009d595b49382e82ca2130b0e5c029c9c1e2

SHA512
b6dcd14c0340bc3bc6849070004e1422f534985fd93e23101a13cd71fba28d838af618d2d709c7e5152939d4f73aeb13e99b3e48372cddd0d131c833a9553044

Download Submit
C:\Windows\System\pJEqdDq.exe

Filesize
2.1MB

MD5
c155907752a1410a29757abe9ad55349

SHA1
bb039bde2aa0e6a8d5ec06bbf59d2801df3da67b

SHA256
6e97ff09d6e4a28fcacf0c56962e99807b000e3f15169e3a0506f6b4fc07867f

SHA512
1082e189ffdc00fac4fc084ae2bbe03d42abcd2b9945e8e9ec9fad021b6b33ad147f6407be74081d517346b2fe6898228fedc0e558588cf0d7ba0a24cb1237cc

Download Submit
C:\Windows\System\qxHFpst.exe

Filesize
2.1MB

MD5
7ef3d34f7893e901078f170ef366aaf8

SHA1
5cfd1d637bb57e3b4602bdaf0b5f3710d069f63e

SHA256
64e20f8fa71c0c0782faa3432beb674a1bb0648a32db9e34f7a334c62d33653f

SHA512
88173de81a1c2b3b0ddd57e9dccb3d473b0f93faacb2ce2e3affb0692730aaeeead683fe9355134eaa709770cb2b276e44b233ae7f82d44f1698d4f330d51a5c

Download Submit
C:\Windows\System\rERlzKi.exe

Filesize
2.1MB

MD5
d651d66121ea69fe17c156f48325b4f6

SHA1
41a2e8ade3644a8248f709621341f0535670a526

SHA256
37ada2b9b54d565e2a6577a105d0fbcf0a61986982ed874a0d2fad0c43fcb956

SHA512
2046e0fc67943e27d2fa5bbae150c5d9ebab8be3d3581117027e201b91fc3f491a88c15999b5eb26eeb063f8307cb31ea699b757ae9c69a139ca646152bcd385

Download Submit
C:\Windows\System\rSQCIIv.exe

Filesize
2.1MB

MD5
e5636ed11cb52f3e8999b08f8c58ceb2

SHA1
b6b965958605e45a49287b50f828ea8f1df567a8

SHA256
cde973d2d281dfa19f13de25f10e58b3bbe65030efea20037650d70bf7b3f059

SHA512
f944972ad85b12a3f9ac1989c4ba3d03109d363be2c2a7f7ae3e90dfc1a19f4c017622f28a00ea2287c70cbdf3320b1888b3a652266a5d1e36aacae1dce0d0bf

Download Submit
C:\Windows\System\tXWfZLO.exe

Filesize
2.1MB

MD5
1dd21054602e5268e1c2593a402b8f86

SHA1
8ea5e8c600001feb42b8c45f361105268a887aba

SHA256
227b6f387d8acd18454990aa130d9dc173037d7e911a4f367977feca8e956b9f

SHA512
dc5682ac7f8aae959439b36a3f1d0ce14d564461dbadf94e399d84cce438e144083894cc2c58095b6acb22a4706ce43e82a8c4fa0f4dce9a369091a3f468298d

Download Submit
C:\Windows\System\thRJVDu.exe

Filesize
2.1MB

MD5
3c9d6478cdeeb446b2be755a88330f4c

SHA1
f2c5cda6e978c7768924562e3335711424d92ba4

SHA256
96a8713126d9b20d97ba34659d670abcd794af9fc0e3902725c4186d97218064

SHA512
7b450c48545a32ced17fe3420cc727217e87349ec2cc7a81d7d1c3ae0a6e61d2bfd199f5728bc28650105bfc3520a88127c0a314b803662b78fb4eb4097facd8

Download Submit
C:\Windows\System\uROdtAU.exe

Filesize
2.1MB

MD5
098928276cdeffedf77686c5f7a2c64e

SHA1
ed1db7d815a8389d36a7ac74fb37956cd7b13612

SHA256
def9e07e74622086e69ad4bd071bc6bb04377069de38c11f8ab2273fde896fa2

SHA512
48d5bdcc800d2db40b9bed09fa44472fa2e3d45d546ae50a3f5645ef8d578f021c60f19d197af6343db51c719185adddb40c2b6d23e635a715a6cee971940431

Download Submit
C:\Windows\System\vEdcTeC.exe

Filesize
2.1MB

MD5
c1900815580a4c072d4d561f284a3846

SHA1
a78c0b949f88bc7cdc3a00216c5572cca982c841

SHA256
14187e9ce45d80a02a310144c36bf557baa7b6e6b44c0d64b3f5cd67a49e42ce

SHA512
92982bde64d9fdc26ea8645c1b0bd5b8893a31e2bf6004e169b5b82286ac3bcfa65618cb81c8182ec6c7cefcc08a60601876f2598c9695551c0beece2a2332fc

Download Submit
C:\Windows\System\wwCLZAI.exe

Filesize
2.1MB

MD5
5be7ed5195eb887c7a307569bf2a4efc

SHA1
ef698d549edfc552fd4efe4be09c03d82f072918

SHA256
9985710d03a6d838cd344e6059fbbbd8cbb3c90b8f9be78e5694d19d5cb5d301

SHA512
6a9ee70ba1cffe18641880d7baad633b6bca0c42f976047bccd1481ed5b6c757bf09438764ec3fb8019d53b4674c62cd304651f3d1c7fb5857d022c65c56a0a2

Download Submit
C:\Windows\System\xjIxoUq.exe

Filesize
2.1MB

MD5
313432128504a7308b0d0a46e4e9263d

SHA1
68858a1a27f458fa12e56294e33878d6bc6a316c

SHA256
30d78a42c925e37cf9a657ef03dd34b4c414c382559660fdc94af9e13e3b4438

SHA512
7c7919b4fcd1a4d7f150a059ca9e558d76f1e22d3d9aa2ccd78cb5e3f9a4eb9ca06050cc1eac1e929409411c97916d0d2b6ecf5a8e8e4f89a3936c2cdd63baad

Download Submit
C:\Windows\System\yFZDAnE.exe

Filesize
2.1MB

MD5
85bed761fc4531ae5751bbf2e04c9de3

SHA1
018e14e58889ae048f088b93db32e16387281e2b

SHA256
ebb904fd7926f475b7ba907d6211b6e919967fc66cbbc8eacd11afa0bcdb5003

SHA512
b02b822fe4de8aa4af7602d7e641e97aa14efe7931728775667eeed411562daa47c972d8a5fcd2452d27e6381f92dbb20d1b9c1b6332ecea8ef682a0ceb712a4

Download Submit
C:\Windows\System\ylNDPpT.exe

Filesize
2.1MB

MD5
835a4826952d623bcf194266ddb1935f

SHA1
9672c366f90531a0621235e21e0e961aba2283dc

SHA256
41d25af251a6d14aad1663283621021d3aa7d0af5bed31e93e68c912b4f9eb99

SHA512
c5707ef5610be240597e240f7ae28e53ae89540621d75ae500593b036a40a5d6a6413fa05f3b8c299e40df846039eab8cb067a18737505535a57671660a96286

Download Submit
C:\Windows\System\zBJJsMx.exe

Filesize
2.1MB

MD5
4a04c28ac65e5a6ca481f7b90f562270

SHA1
e0d7ac006bb36f9d22e4b304bf7122fd7790d357

SHA256
9362e4dfcb618c525560cb078d4db4bb0aef1e7fe7d9aaceb79dcc26f681487b

SHA512
c00009241ebfea2914a59a124dbe93974ba792a1b7783d9a5cf25c69637476cb0d973b6432d6529fbc16b2af803c7eb27ac6bb7d0a61c0e995388fc2fc6e1526

Download Submit
C:\Windows\System\zVkvKNe.exe

Filesize
2.1MB

MD5
54b651acd588469fe3e571a968180efb

SHA1
0bb05d7afd39d9a581e0ff0be57b278acb40159d

SHA256
f4758ec986495509f33f8a87c1fdd2983669eb4185dd40f5d14890e34d7cd31a

SHA512
2725a386dd0a18cc332ef867342be8f32193f692d5e619636edc324ed85f070d79c65d1366e95fd7ab665874262fb000c5d36d8dcfad77e44bfbfcb790929fd5

Download Submit
C:\Windows\System\zrbALlv.exe

Filesize
2.1MB

MD5
93d6f91b673dcdf34bd4b72b87e3aaba

SHA1
3b07711b9dd585cc0c0fe523782534ac34590b6f

SHA256
f40a823ae3b5b62c92192dce31056bc80473db09233b5fc13482e53e170c4fa8

SHA512
4edf0887634433c3eac351b86477fdf3cfa3387ea0f9112af7636f8f1419507536a32ae399ee60bd1370a346cc8462ac00f29187538d4b0eb4060ada116faf86

Download Submit
memory/432-186-0x00007FF6E3D20000-0x00007FF6E4074000-memory.dmp

Filesize
3.3MB

Download
memory/432-2183-0x00007FF6E3D20000-0x00007FF6E4074000-memory.dmp

Filesize
3.3MB

Download
memory/732-2168-0x00007FF683200000-0x00007FF683554000-memory.dmp

Filesize
3.3MB

Download
memory/732-109-0x00007FF683200000-0x00007FF683554000-memory.dmp

Filesize
3.3MB

Download
memory/972-2160-0x00007FF60B660000-0x00007FF60B9B4000-memory.dmp

Filesize
3.3MB

Download
memory/972-105-0x00007FF60B660000-0x00007FF60B9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2171-0x00007FF77DC70000-0x00007FF77DFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-110-0x00007FF77DC70000-0x00007FF77DFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-30-0x00007FF77E790000-0x00007FF77EAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-2158-0x00007FF77E790000-0x00007FF77EAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-77-0x00007FF6B3B90000-0x00007FF6B3EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-2163-0x00007FF6B3B90000-0x00007FF6B3EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-66-0x00007FF62E2C0000-0x00007FF62E614000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2162-0x00007FF62E2C0000-0x00007FF62E614000-memory.dmp

Filesize
3.3MB

Download
memory/1836-24-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp

Filesize
3.3MB

Download
memory/1836-2157-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2152-0x00007FF6EB320000-0x00007FF6EB674000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2176-0x00007FF6EB320000-0x00007FF6EB674000-memory.dmp

Filesize
3.3MB

Download
memory/1864-133-0x00007FF6EB320000-0x00007FF6EB674000-memory.dmp

Filesize
3.3MB

Download
memory/2004-173-0x00007FF764C50000-0x00007FF764FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2178-0x00007FF764C50000-0x00007FF764FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2181-0x00007FF759720000-0x00007FF759A74000-memory.dmp

Filesize
3.3MB

Download
memory/2024-175-0x00007FF759720000-0x00007FF759A74000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2153-0x00007FF7576C0000-0x00007FF757A14000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2180-0x00007FF7576C0000-0x00007FF757A14000-memory.dmp

Filesize
3.3MB

Download
memory/2184-137-0x00007FF7576C0000-0x00007FF757A14000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2155-0x00007FF737C60000-0x00007FF737FB4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-182-0x00007FF737C60000-0x00007FF737FB4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2184-0x00007FF737C60000-0x00007FF737FB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2166-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-88-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2150-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2156-0x00007FF695650000-0x00007FF6959A4000-memory.dmp

Filesize
3.3MB

Download
memory/3276-9-0x00007FF695650000-0x00007FF6959A4000-memory.dmp

Filesize
3.3MB

Download
memory/3276-1155-0x00007FF695650000-0x00007FF6959A4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-1-0x000002A344C30000-0x000002A344C40000-memory.dmp

Filesize
64KB

Download
memory/3340-1571-0x00007FF6A8670000-0x00007FF6A89C4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-0-0x00007FF6A8670000-0x00007FF6A89C4000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2172-0x00007FF6BAFB0000-0x00007FF6BB304000-memory.dmp

Filesize
3.3MB

Download
memory/3372-103-0x00007FF6BAFB0000-0x00007FF6BB304000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2151-0x00007FF6A7300000-0x00007FF6A7654000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2169-0x00007FF6A7300000-0x00007FF6A7654000-memory.dmp

Filesize
3.3MB

Download
memory/3592-95-0x00007FF6A7300000-0x00007FF6A7654000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2170-0x00007FF7063C0000-0x00007FF706714000-memory.dmp

Filesize
3.3MB

Download
memory/3716-96-0x00007FF7063C0000-0x00007FF706714000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2161-0x00007FF61C760000-0x00007FF61CAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4044-107-0x00007FF61C760000-0x00007FF61CAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4084-2179-0x00007FF65A360000-0x00007FF65A6B4000-memory.dmp

Filesize
3.3MB

Download
memory/4084-183-0x00007FF65A360000-0x00007FF65A6B4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2182-0x00007FF65A790000-0x00007FF65AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2154-0x00007FF65A790000-0x00007FF65AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-147-0x00007FF65A790000-0x00007FF65AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2159-0x00007FF73EC90000-0x00007FF73EFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-45-0x00007FF73EC90000-0x00007FF73EFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-104-0x00007FF79E0A0000-0x00007FF79E3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2173-0x00007FF79E0A0000-0x00007FF79E3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-106-0x00007FF6CA970000-0x00007FF6CACC4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2164-0x00007FF6CA970000-0x00007FF6CACC4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-172-0x00007FF67BE10000-0x00007FF67C164000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2177-0x00007FF67BE10000-0x00007FF67C164000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2165-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp

Filesize
3.3MB

Download
memory/4716-108-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2174-0x00007FF7082D0000-0x00007FF708624000-memory.dmp

Filesize
3.3MB

Download
memory/4732-126-0x00007FF7082D0000-0x00007FF708624000-memory.dmp

Filesize
3.3MB

Download
memory/4748-62-0x00007FF7AB600000-0x00007FF7AB954000-memory.dmp

Filesize
3.3MB

Download
memory/4748-2167-0x00007FF7AB600000-0x00007FF7AB954000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2175-0x00007FF674810000-0x00007FF674B64000-memory.dmp

Filesize
3.3MB

Download
memory/4860-165-0x00007FF674810000-0x00007FF674B64000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads