xmrig | b5e9d85bc996b3b76d36a782096e729f526685cdf06fd66246e2330f60792133

Analysis

max time kernel
139s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
Size

2.0MB
MD5

5a47738c9ff275a85f3d5017b47c8100
SHA1

5e6cdd4d2269cb716f17a5ab279c3426dc1aa96f
SHA256

b5e9d85bc996b3b76d36a782096e729f526685cdf06fd66246e2330f60792133
SHA512

d413a6f6b8dd07597cd6f33c2a8a93d034b8cc68c7ec674f7de18857af8b51fa7c177f9906b3a2ddff7a9d19b6ff5c3c490b8c19a98a8d4e002051355d76bad5
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQHxlNwQT:oemTLkNdfE0pZrQP

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4572-0-0x00007FF60E850000-0x00007FF60EBA4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023423-5.dat	xmrig
behavioral2/files/0x0007000000023427-13.dat	xmrig
behavioral2/files/0x0007000000023428-15.dat	xmrig
behavioral2/files/0x000700000002342d-43.dat	xmrig
behavioral2/files/0x0007000000023431-58.dat	xmrig
behavioral2/files/0x0007000000023437-77.dat	xmrig
behavioral2/files/0x000700000002343b-117.dat	xmrig
behavioral2/memory/1808-147-0x00007FF6AA900000-0x00007FF6AAC54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-169.dat	xmrig
behavioral2/memory/4176-180-0x00007FF73FF00000-0x00007FF740254000-memory.dmp	xmrig
behavioral2/memory/2684-185-0x00007FF78F5F0000-0x00007FF78F944000-memory.dmp	xmrig
behavioral2/memory/3264-191-0x00007FF625480000-0x00007FF6257D4000-memory.dmp	xmrig
behavioral2/memory/2944-194-0x00007FF6E3FF0000-0x00007FF6E4344000-memory.dmp	xmrig
behavioral2/memory/4696-193-0x00007FF7A0DC0000-0x00007FF7A1114000-memory.dmp	xmrig
behavioral2/memory/916-192-0x00007FF72E6C0000-0x00007FF72EA14000-memory.dmp	xmrig
behavioral2/memory/3348-190-0x00007FF7440C0000-0x00007FF744414000-memory.dmp	xmrig
behavioral2/memory/1012-189-0x00007FF7A5AF0000-0x00007FF7A5E44000-memory.dmp	xmrig
behavioral2/memory/1264-188-0x00007FF668820000-0x00007FF668B74000-memory.dmp	xmrig
behavioral2/memory/1920-187-0x00007FF759AE0000-0x00007FF759E34000-memory.dmp	xmrig
behavioral2/memory/996-186-0x00007FF797E50000-0x00007FF7981A4000-memory.dmp	xmrig
behavioral2/memory/4932-184-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp	xmrig
behavioral2/memory/2276-183-0x00007FF7F56D0000-0x00007FF7F5A24000-memory.dmp	xmrig
behavioral2/memory/4400-182-0x00007FF7665C0000-0x00007FF766914000-memory.dmp	xmrig
behavioral2/memory/1164-181-0x00007FF6BA000000-0x00007FF6BA354000-memory.dmp	xmrig
behavioral2/files/0x0007000000023444-176.dat	xmrig
behavioral2/memory/3960-175-0x00007FF658E60000-0x00007FF6591B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023443-173.dat	xmrig
behavioral2/files/0x0007000000023442-171.dat	xmrig
behavioral2/files/0x0007000000023440-167.dat	xmrig
behavioral2/files/0x000700000002343f-165.dat	xmrig
behavioral2/memory/4580-164-0x00007FF6E2160000-0x00007FF6E24B4000-memory.dmp	xmrig
behavioral2/memory/4056-163-0x00007FF7CCA20000-0x00007FF7CCD74000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-161.dat	xmrig
behavioral2/files/0x000700000002343d-159.dat	xmrig
behavioral2/files/0x000700000002343c-157.dat	xmrig
behavioral2/files/0x0007000000023446-153.dat	xmrig
behavioral2/files/0x0007000000023445-152.dat	xmrig
behavioral2/files/0x000700000002343a-150.dat	xmrig
behavioral2/memory/4300-148-0x00007FF75CD50000-0x00007FF75D0A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-134.dat	xmrig
behavioral2/files/0x0007000000023438-132.dat	xmrig
behavioral2/memory/884-129-0x00007FF737B20000-0x00007FF737E74000-memory.dmp	xmrig
behavioral2/memory/1644-126-0x00007FF6B77E0000-0x00007FF6B7B34000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-108.dat	xmrig
behavioral2/memory/5084-107-0x00007FF6B4B70000-0x00007FF6B4EC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-102.dat	xmrig
behavioral2/files/0x0007000000023433-113.dat	xmrig
behavioral2/files/0x0007000000023430-92.dat	xmrig
behavioral2/files/0x000700000002342e-90.dat	xmrig
behavioral2/memory/4044-88-0x00007FF7C1E30000-0x00007FF7C2184000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-82.dat	xmrig
behavioral2/files/0x0007000000023434-81.dat	xmrig
behavioral2/files/0x0007000000023435-80.dat	xmrig
behavioral2/memory/4512-78-0x00007FF62B2C0000-0x00007FF62B614000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-70.dat	xmrig
behavioral2/memory/3764-66-0x00007FF777CC0000-0x00007FF778014000-memory.dmp	xmrig
behavioral2/memory/2828-61-0x00007FF653680000-0x00007FF6539D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-50.dat	xmrig
behavioral2/files/0x0007000000023429-40.dat	xmrig
behavioral2/memory/1744-28-0x00007FF754300000-0x00007FF754654000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-32.dat	xmrig
behavioral2/memory/4896-12-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp	xmrig
behavioral2/memory/4572-2054-0x00007FF60E850000-0x00007FF60EBA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4896	BQBMIXf.exe
1744	DHjCsvL.exe
2828	FEsIqXc.exe
1012	OXyltBQ.exe
3764	GIWnfgK.exe
4512	INdvhos.exe
4044	SpbFpDC.exe
3348	IPLiYMg.exe
5084	hTtHadx.exe
1644	kOQZbdz.exe
884	xgeAUTi.exe
1808	zpQSUBt.exe
3264	oOTjguN.exe
4300	SUbSIQU.exe
4056	gshfsnI.exe
4580	ZmQvwcr.exe
3960	fSKREgE.exe
4176	YBlgpbW.exe
916	CNXEIvE.exe
1164	nnugpzJ.exe
4696	MCKtLVa.exe
4400	aBrQogo.exe
2276	tdKAmgT.exe
4932	LarVrwv.exe
2684	iNQlEbw.exe
2944	HRPveLj.exe
996	rUuNYBl.exe
1920	kJrdOuF.exe
1264	xEOdHhI.exe
2348	YlNkdUo.exe
4524	IfiHeDf.exe
4584	gfFPhFl.exe
3756	JbBTrHJ.exe
1628	oZNaKVe.exe
3396	abEKtVI.exe
3460	rQLoFfi.exe
3236	LOgaUyJ.exe
1672	zUxUZxt.exe
3228	ItizcEf.exe
4364	NLtpfrP.exe
632	PwPmYEK.exe
4612	sHFUTUB.exe
3012	SZZcnWB.exe
952	nvRJONM.exe
5088	OVUkQfJ.exe
408	oNGisji.exe
2420	RJHLMoS.exe
3576	jheEzcy.exe
4152	yoOllka.exe
3908	VeAvAwp.exe
1972	CzihjSJ.exe
4448	zfIjYWO.exe
2184	EEhhvvs.exe
3164	gTvCtSM.exe
3480	QsPXNVf.exe
3008	BCMXNEu.exe
2052	YUuzEQp.exe
1180	hRlQOOu.exe
1740	RomVkYQ.exe
540	vEleWct.exe
5004	NjDHimV.exe
4984	sgyPhMg.exe
3608	ICEJLQZ.exe
400	ZqMwqym.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4572-0-0x00007FF60E850000-0x00007FF60EBA4000-memory.dmp	upx
behavioral2/files/0x0008000000023423-5.dat	upx
behavioral2/files/0x0007000000023427-13.dat	upx
behavioral2/files/0x0007000000023428-15.dat	upx
behavioral2/files/0x000700000002342d-43.dat	upx
behavioral2/files/0x0007000000023431-58.dat	upx
behavioral2/files/0x0007000000023437-77.dat	upx
behavioral2/files/0x000700000002343b-117.dat	upx
behavioral2/memory/1808-147-0x00007FF6AA900000-0x00007FF6AAC54000-memory.dmp	upx
behavioral2/files/0x0007000000023441-169.dat	upx
behavioral2/memory/4176-180-0x00007FF73FF00000-0x00007FF740254000-memory.dmp	upx
behavioral2/memory/2684-185-0x00007FF78F5F0000-0x00007FF78F944000-memory.dmp	upx
behavioral2/memory/3264-191-0x00007FF625480000-0x00007FF6257D4000-memory.dmp	upx
behavioral2/memory/2944-194-0x00007FF6E3FF0000-0x00007FF6E4344000-memory.dmp	upx
behavioral2/memory/4696-193-0x00007FF7A0DC0000-0x00007FF7A1114000-memory.dmp	upx
behavioral2/memory/916-192-0x00007FF72E6C0000-0x00007FF72EA14000-memory.dmp	upx
behavioral2/memory/3348-190-0x00007FF7440C0000-0x00007FF744414000-memory.dmp	upx
behavioral2/memory/1012-189-0x00007FF7A5AF0000-0x00007FF7A5E44000-memory.dmp	upx
behavioral2/memory/1264-188-0x00007FF668820000-0x00007FF668B74000-memory.dmp	upx
behavioral2/memory/1920-187-0x00007FF759AE0000-0x00007FF759E34000-memory.dmp	upx
behavioral2/memory/996-186-0x00007FF797E50000-0x00007FF7981A4000-memory.dmp	upx
behavioral2/memory/4932-184-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp	upx
behavioral2/memory/2276-183-0x00007FF7F56D0000-0x00007FF7F5A24000-memory.dmp	upx
behavioral2/memory/4400-182-0x00007FF7665C0000-0x00007FF766914000-memory.dmp	upx
behavioral2/memory/1164-181-0x00007FF6BA000000-0x00007FF6BA354000-memory.dmp	upx
behavioral2/files/0x0007000000023444-176.dat	upx
behavioral2/memory/3960-175-0x00007FF658E60000-0x00007FF6591B4000-memory.dmp	upx
behavioral2/files/0x0007000000023443-173.dat	upx
behavioral2/files/0x0007000000023442-171.dat	upx
behavioral2/files/0x0007000000023440-167.dat	upx
behavioral2/files/0x000700000002343f-165.dat	upx
behavioral2/memory/4580-164-0x00007FF6E2160000-0x00007FF6E24B4000-memory.dmp	upx
behavioral2/memory/4056-163-0x00007FF7CCA20000-0x00007FF7CCD74000-memory.dmp	upx
behavioral2/files/0x000700000002343e-161.dat	upx
behavioral2/files/0x000700000002343d-159.dat	upx
behavioral2/files/0x000700000002343c-157.dat	upx
behavioral2/files/0x0007000000023446-153.dat	upx
behavioral2/files/0x0007000000023445-152.dat	upx
behavioral2/files/0x000700000002343a-150.dat	upx
behavioral2/memory/4300-148-0x00007FF75CD50000-0x00007FF75D0A4000-memory.dmp	upx
behavioral2/files/0x0007000000023439-134.dat	upx
behavioral2/files/0x0007000000023438-132.dat	upx
behavioral2/memory/884-129-0x00007FF737B20000-0x00007FF737E74000-memory.dmp	upx
behavioral2/memory/1644-126-0x00007FF6B77E0000-0x00007FF6B7B34000-memory.dmp	upx
behavioral2/files/0x000700000002342f-108.dat	upx
behavioral2/memory/5084-107-0x00007FF6B4B70000-0x00007FF6B4EC4000-memory.dmp	upx
behavioral2/files/0x0007000000023432-102.dat	upx
behavioral2/files/0x0007000000023433-113.dat	upx
behavioral2/files/0x0007000000023430-92.dat	upx
behavioral2/files/0x000700000002342e-90.dat	upx
behavioral2/memory/4044-88-0x00007FF7C1E30000-0x00007FF7C2184000-memory.dmp	upx
behavioral2/files/0x0007000000023436-82.dat	upx
behavioral2/files/0x0007000000023434-81.dat	upx
behavioral2/files/0x0007000000023435-80.dat	upx
behavioral2/memory/4512-78-0x00007FF62B2C0000-0x00007FF62B614000-memory.dmp	upx
behavioral2/files/0x000700000002342c-70.dat	upx
behavioral2/memory/3764-66-0x00007FF777CC0000-0x00007FF778014000-memory.dmp	upx
behavioral2/memory/2828-61-0x00007FF653680000-0x00007FF6539D4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-50.dat	upx
behavioral2/files/0x0007000000023429-40.dat	upx
behavioral2/memory/1744-28-0x00007FF754300000-0x00007FF754654000-memory.dmp	upx
behavioral2/files/0x000700000002342a-32.dat	upx
behavioral2/memory/4896-12-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp	upx
behavioral2/memory/4572-2054-0x00007FF60E850000-0x00007FF60EBA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CNXEIvE.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\ICEJLQZ.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\rIFQtsg.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\KUNETAq.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\tXOOWxs.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\trmDFbC.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\dCGUoSm.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\NDsibza.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\babtXOT.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\TJCMIJY.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\LadExvP.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\nOqdHAj.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\PRtHCln.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\thukANS.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\nmmzPtm.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\xPmniIv.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\nSpppUG.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\vEleWct.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\oeCTTeR.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\qnVhhdn.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\CDhGMKS.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\eGBLgad.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\GAxCXfs.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\FffadGh.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\bJaKuCa.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\fRCgVaV.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\rPKjPpW.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\SgyhSJo.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\oOTjguN.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\KzYFkKh.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\EoJgTXV.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\nvVLmqW.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\IjovDUs.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\HVASfUY.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\xvtyZJz.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\wkIHfTY.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\ZBEPben.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\chWxKwf.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\kDOuWRA.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\AQlzujc.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\stNEgKL.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\iAHOHlZ.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\hsAwRsz.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\arBPZev.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\CzihjSJ.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\fXtCeRk.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\nEDwWWC.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\IjDpYah.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\ielRJPB.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\jkUEexJ.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\QuZLhde.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\SQMgOUv.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\xFPFrit.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\ZPcAbfo.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\zfIjYWO.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\txupJoZ.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\YRmSeLL.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\ZrltjEP.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\DHilxBh.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\PKVOXmC.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\kGoOiZN.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\vKezGwN.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\PLUMrXO.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
File created	C:\Windows\System\jIARNCP.exe	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14748	dwm.exe
Token: SeChangeNotifyPrivilege	14748	dwm.exe
Token: 33	14748	dwm.exe
Token: SeIncBasePriorityPrivilege	14748	dwm.exe
Token: SeShutdownPrivilege	14748	dwm.exe
Token: SeCreatePagefilePrivilege	14748	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 4896	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	84
PID 4572 wrote to memory of 4896	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	84
PID 4572 wrote to memory of 1744	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	85
PID 4572 wrote to memory of 1744	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	85
PID 4572 wrote to memory of 2828	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	86
PID 4572 wrote to memory of 2828	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	86
PID 4572 wrote to memory of 3764	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	87
PID 4572 wrote to memory of 3764	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	87
PID 4572 wrote to memory of 1012	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	88
PID 4572 wrote to memory of 1012	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	88
PID 4572 wrote to memory of 4512	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	89
PID 4572 wrote to memory of 4512	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	89
PID 4572 wrote to memory of 4044	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	90
PID 4572 wrote to memory of 4044	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	90
PID 4572 wrote to memory of 3348	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	91
PID 4572 wrote to memory of 3348	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	91
PID 4572 wrote to memory of 5084	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	92
PID 4572 wrote to memory of 5084	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	92
PID 4572 wrote to memory of 1644	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	93
PID 4572 wrote to memory of 1644	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	93
PID 4572 wrote to memory of 884	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	94
PID 4572 wrote to memory of 884	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	94
PID 4572 wrote to memory of 1808	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	95
PID 4572 wrote to memory of 1808	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	95
PID 4572 wrote to memory of 3264	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	96
PID 4572 wrote to memory of 3264	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	96
PID 4572 wrote to memory of 4300	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	97
PID 4572 wrote to memory of 4300	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	97
PID 4572 wrote to memory of 4056	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	98
PID 4572 wrote to memory of 4056	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	98
PID 4572 wrote to memory of 4580	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	99
PID 4572 wrote to memory of 4580	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	99
PID 4572 wrote to memory of 3960	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	100
PID 4572 wrote to memory of 3960	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	100
PID 4572 wrote to memory of 4176	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	101
PID 4572 wrote to memory of 4176	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	101
PID 4572 wrote to memory of 916	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	102
PID 4572 wrote to memory of 916	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	102
PID 4572 wrote to memory of 1164	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	103
PID 4572 wrote to memory of 1164	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	103
PID 4572 wrote to memory of 4696	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	104
PID 4572 wrote to memory of 4696	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	104
PID 4572 wrote to memory of 4400	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	105
PID 4572 wrote to memory of 4400	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	105
PID 4572 wrote to memory of 2276	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	106
PID 4572 wrote to memory of 2276	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	106
PID 4572 wrote to memory of 4932	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	107
PID 4572 wrote to memory of 4932	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	107
PID 4572 wrote to memory of 2684	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	108
PID 4572 wrote to memory of 2684	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	108
PID 4572 wrote to memory of 2944	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	109
PID 4572 wrote to memory of 2944	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	109
PID 4572 wrote to memory of 996	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	110
PID 4572 wrote to memory of 996	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	110
PID 4572 wrote to memory of 1920	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	111
PID 4572 wrote to memory of 1920	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	111
PID 4572 wrote to memory of 1264	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	112
PID 4572 wrote to memory of 1264	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	112
PID 4572 wrote to memory of 2348	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	113
PID 4572 wrote to memory of 2348	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	113
PID 4572 wrote to memory of 4524	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	114
PID 4572 wrote to memory of 4524	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	114
PID 4572 wrote to memory of 4584	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	115
PID 4572 wrote to memory of 4584	4572	5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a47738c9ff275a85f3d5017b47c8100_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\System\BQBMIXf.exe
  C:\Windows\System\BQBMIXf.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\DHjCsvL.exe
  C:\Windows\System\DHjCsvL.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\FEsIqXc.exe
  C:\Windows\System\FEsIqXc.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\GIWnfgK.exe
  C:\Windows\System\GIWnfgK.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\OXyltBQ.exe
  C:\Windows\System\OXyltBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\INdvhos.exe
  C:\Windows\System\INdvhos.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\SpbFpDC.exe
  C:\Windows\System\SpbFpDC.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\IPLiYMg.exe
  C:\Windows\System\IPLiYMg.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\hTtHadx.exe
  C:\Windows\System\hTtHadx.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\kOQZbdz.exe
  C:\Windows\System\kOQZbdz.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\xgeAUTi.exe
  C:\Windows\System\xgeAUTi.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\zpQSUBt.exe
  C:\Windows\System\zpQSUBt.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\oOTjguN.exe
  C:\Windows\System\oOTjguN.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\SUbSIQU.exe
  C:\Windows\System\SUbSIQU.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\gshfsnI.exe
  C:\Windows\System\gshfsnI.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\ZmQvwcr.exe
  C:\Windows\System\ZmQvwcr.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\fSKREgE.exe
  C:\Windows\System\fSKREgE.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\YBlgpbW.exe
  C:\Windows\System\YBlgpbW.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\CNXEIvE.exe
  C:\Windows\System\CNXEIvE.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\nnugpzJ.exe
  C:\Windows\System\nnugpzJ.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\MCKtLVa.exe
  C:\Windows\System\MCKtLVa.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\aBrQogo.exe
  C:\Windows\System\aBrQogo.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\tdKAmgT.exe
  C:\Windows\System\tdKAmgT.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\LarVrwv.exe
  C:\Windows\System\LarVrwv.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\iNQlEbw.exe
  C:\Windows\System\iNQlEbw.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\HRPveLj.exe
  C:\Windows\System\HRPveLj.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\rUuNYBl.exe
  C:\Windows\System\rUuNYBl.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\kJrdOuF.exe
  C:\Windows\System\kJrdOuF.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\xEOdHhI.exe
  C:\Windows\System\xEOdHhI.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\YlNkdUo.exe
  C:\Windows\System\YlNkdUo.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\IfiHeDf.exe
  C:\Windows\System\IfiHeDf.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\gfFPhFl.exe
  C:\Windows\System\gfFPhFl.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\JbBTrHJ.exe
  C:\Windows\System\JbBTrHJ.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\oZNaKVe.exe
  C:\Windows\System\oZNaKVe.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\abEKtVI.exe
  C:\Windows\System\abEKtVI.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\rQLoFfi.exe
  C:\Windows\System\rQLoFfi.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\LOgaUyJ.exe
  C:\Windows\System\LOgaUyJ.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\zUxUZxt.exe
  C:\Windows\System\zUxUZxt.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ItizcEf.exe
  C:\Windows\System\ItizcEf.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\NLtpfrP.exe
  C:\Windows\System\NLtpfrP.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\PwPmYEK.exe
  C:\Windows\System\PwPmYEK.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\sHFUTUB.exe
  C:\Windows\System\sHFUTUB.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\SZZcnWB.exe
  C:\Windows\System\SZZcnWB.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\nvRJONM.exe
  C:\Windows\System\nvRJONM.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\OVUkQfJ.exe
  C:\Windows\System\OVUkQfJ.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\oNGisji.exe
  C:\Windows\System\oNGisji.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\RJHLMoS.exe
  C:\Windows\System\RJHLMoS.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\jheEzcy.exe
  C:\Windows\System\jheEzcy.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\yoOllka.exe
  C:\Windows\System\yoOllka.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\CzihjSJ.exe
  C:\Windows\System\CzihjSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\VeAvAwp.exe
  C:\Windows\System\VeAvAwp.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\zfIjYWO.exe
  C:\Windows\System\zfIjYWO.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\EEhhvvs.exe
  C:\Windows\System\EEhhvvs.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\gTvCtSM.exe
  C:\Windows\System\gTvCtSM.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\QsPXNVf.exe
  C:\Windows\System\QsPXNVf.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\BCMXNEu.exe
  C:\Windows\System\BCMXNEu.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\YUuzEQp.exe
  C:\Windows\System\YUuzEQp.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\hRlQOOu.exe
  C:\Windows\System\hRlQOOu.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\RomVkYQ.exe
  C:\Windows\System\RomVkYQ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\vEleWct.exe
  C:\Windows\System\vEleWct.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\NjDHimV.exe
  C:\Windows\System\NjDHimV.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\sgyPhMg.exe
  C:\Windows\System\sgyPhMg.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\ICEJLQZ.exe
  C:\Windows\System\ICEJLQZ.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\ZqMwqym.exe
  C:\Windows\System\ZqMwqym.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\sBCYTvf.exe
  C:\Windows\System\sBCYTvf.exe
  2⤵
  PID:4412
- C:\Windows\System\UgMwwua.exe
  C:\Windows\System\UgMwwua.exe
  2⤵
  PID:1596
- C:\Windows\System\ZIJFkDV.exe
  C:\Windows\System\ZIJFkDV.exe
  2⤵
  PID:4700
- C:\Windows\System\qQtkpqz.exe
  C:\Windows\System\qQtkpqz.exe
  2⤵
  PID:2640
- C:\Windows\System\PsFKKGK.exe
  C:\Windows\System\PsFKKGK.exe
  2⤵
  PID:4128
- C:\Windows\System\yFuAsUK.exe
  C:\Windows\System\yFuAsUK.exe
  2⤵
  PID:1036
- C:\Windows\System\fXUbBFT.exe
  C:\Windows\System\fXUbBFT.exe
  2⤵
  PID:3828
- C:\Windows\System\vTNOTbl.exe
  C:\Windows\System\vTNOTbl.exe
  2⤵
  PID:2784
- C:\Windows\System\MVmdDhl.exe
  C:\Windows\System\MVmdDhl.exe
  2⤵
  PID:2544
- C:\Windows\System\kqggABB.exe
  C:\Windows\System\kqggABB.exe
  2⤵
  PID:4092
- C:\Windows\System\WTlNKTw.exe
  C:\Windows\System\WTlNKTw.exe
  2⤵
  PID:4452
- C:\Windows\System\JOXJblI.exe
  C:\Windows\System\JOXJblI.exe
  2⤵
  PID:1196
- C:\Windows\System\YUmrbeX.exe
  C:\Windows\System\YUmrbeX.exe
  2⤵
  PID:4232
- C:\Windows\System\DdeXEFJ.exe
  C:\Windows\System\DdeXEFJ.exe
  2⤵
  PID:3956
- C:\Windows\System\oyHthNw.exe
  C:\Windows\System\oyHthNw.exe
  2⤵
  PID:2800
- C:\Windows\System\mSSIkgs.exe
  C:\Windows\System\mSSIkgs.exe
  2⤵
  PID:4988
- C:\Windows\System\SiNtTXy.exe
  C:\Windows\System\SiNtTXy.exe
  2⤵
  PID:1392
- C:\Windows\System\ZdHYaHH.exe
  C:\Windows\System\ZdHYaHH.exe
  2⤵
  PID:1936
- C:\Windows\System\RKoxxmB.exe
  C:\Windows\System\RKoxxmB.exe
  2⤵
  PID:4368
- C:\Windows\System\hAUDKRa.exe
  C:\Windows\System\hAUDKRa.exe
  2⤵
  PID:4068
- C:\Windows\System\VMBDgqG.exe
  C:\Windows\System\VMBDgqG.exe
  2⤵
  PID:1092
- C:\Windows\System\ENdRniA.exe
  C:\Windows\System\ENdRniA.exe
  2⤵
  PID:3976
- C:\Windows\System\vTNvQwc.exe
  C:\Windows\System\vTNvQwc.exe
  2⤵
  PID:5048
- C:\Windows\System\OrTvnXT.exe
  C:\Windows\System\OrTvnXT.exe
  2⤵
  PID:4296
- C:\Windows\System\fQUHLiy.exe
  C:\Windows\System\fQUHLiy.exe
  2⤵
  PID:2412
- C:\Windows\System\txupJoZ.exe
  C:\Windows\System\txupJoZ.exe
  2⤵
  PID:4852
- C:\Windows\System\BJbmEzT.exe
  C:\Windows\System\BJbmEzT.exe
  2⤵
  PID:4304
- C:\Windows\System\DKAoqJe.exe
  C:\Windows\System\DKAoqJe.exe
  2⤵
  PID:1540
- C:\Windows\System\aYTTjdx.exe
  C:\Windows\System\aYTTjdx.exe
  2⤵
  PID:3224
- C:\Windows\System\KyzffxT.exe
  C:\Windows\System\KyzffxT.exe
  2⤵
  PID:4604
- C:\Windows\System\EIadnjx.exe
  C:\Windows\System\EIadnjx.exe
  2⤵
  PID:4880
- C:\Windows\System\hsnCFJj.exe
  C:\Windows\System\hsnCFJj.exe
  2⤵
  PID:5156
- C:\Windows\System\qRccBVz.exe
  C:\Windows\System\qRccBVz.exe
  2⤵
  PID:5200
- C:\Windows\System\Ypnzvcb.exe
  C:\Windows\System\Ypnzvcb.exe
  2⤵
  PID:5236
- C:\Windows\System\BajSUpv.exe
  C:\Windows\System\BajSUpv.exe
  2⤵
  PID:5268
- C:\Windows\System\RNuviGt.exe
  C:\Windows\System\RNuviGt.exe
  2⤵
  PID:5296
- C:\Windows\System\ajmXPwI.exe
  C:\Windows\System\ajmXPwI.exe
  2⤵
  PID:5324
- C:\Windows\System\HprjXjd.exe
  C:\Windows\System\HprjXjd.exe
  2⤵
  PID:5348
- C:\Windows\System\VelJdmY.exe
  C:\Windows\System\VelJdmY.exe
  2⤵
  PID:5380
- C:\Windows\System\PRtHCln.exe
  C:\Windows\System\PRtHCln.exe
  2⤵
  PID:5404
- C:\Windows\System\GNyPzcN.exe
  C:\Windows\System\GNyPzcN.exe
  2⤵
  PID:5432
- C:\Windows\System\ZQBTPFk.exe
  C:\Windows\System\ZQBTPFk.exe
  2⤵
  PID:5468
- C:\Windows\System\wkIHfTY.exe
  C:\Windows\System\wkIHfTY.exe
  2⤵
  PID:5496
- C:\Windows\System\OfnvGsz.exe
  C:\Windows\System\OfnvGsz.exe
  2⤵
  PID:5524
- C:\Windows\System\eRpXbpX.exe
  C:\Windows\System\eRpXbpX.exe
  2⤵
  PID:5552
- C:\Windows\System\WpwAyRe.exe
  C:\Windows\System\WpwAyRe.exe
  2⤵
  PID:5580
- C:\Windows\System\rXSPElU.exe
  C:\Windows\System\rXSPElU.exe
  2⤵
  PID:5612
- C:\Windows\System\pJIPZhQ.exe
  C:\Windows\System\pJIPZhQ.exe
  2⤵
  PID:5628
- C:\Windows\System\TRqODMa.exe
  C:\Windows\System\TRqODMa.exe
  2⤵
  PID:5652
- C:\Windows\System\SFbvMJM.exe
  C:\Windows\System\SFbvMJM.exe
  2⤵
  PID:5688
- C:\Windows\System\rtzreSZ.exe
  C:\Windows\System\rtzreSZ.exe
  2⤵
  PID:5720
- C:\Windows\System\AmWbwCx.exe
  C:\Windows\System\AmWbwCx.exe
  2⤵
  PID:5748
- C:\Windows\System\KbozvhJ.exe
  C:\Windows\System\KbozvhJ.exe
  2⤵
  PID:5784
- C:\Windows\System\QAakLGy.exe
  C:\Windows\System\QAakLGy.exe
  2⤵
  PID:5812
- C:\Windows\System\KmcKran.exe
  C:\Windows\System\KmcKran.exe
  2⤵
  PID:5840
- C:\Windows\System\jmrkmWZ.exe
  C:\Windows\System\jmrkmWZ.exe
  2⤵
  PID:5868
- C:\Windows\System\VFkFpTU.exe
  C:\Windows\System\VFkFpTU.exe
  2⤵
  PID:5908
- C:\Windows\System\fEQWgAh.exe
  C:\Windows\System\fEQWgAh.exe
  2⤵
  PID:5940
- C:\Windows\System\NZfupWX.exe
  C:\Windows\System\NZfupWX.exe
  2⤵
  PID:5968
- C:\Windows\System\fYxdLra.exe
  C:\Windows\System\fYxdLra.exe
  2⤵
  PID:5996
- C:\Windows\System\dlRbjiN.exe
  C:\Windows\System\dlRbjiN.exe
  2⤵
  PID:6024
- C:\Windows\System\Shrhktj.exe
  C:\Windows\System\Shrhktj.exe
  2⤵
  PID:6052
- C:\Windows\System\OIEozbF.exe
  C:\Windows\System\OIEozbF.exe
  2⤵
  PID:6080
- C:\Windows\System\fbHEYCh.exe
  C:\Windows\System\fbHEYCh.exe
  2⤵
  PID:6112
- C:\Windows\System\HvlTYgL.exe
  C:\Windows\System\HvlTYgL.exe
  2⤵
  PID:6136
- C:\Windows\System\LqIrdce.exe
  C:\Windows\System\LqIrdce.exe
  2⤵
  PID:5140
- C:\Windows\System\stNEgKL.exe
  C:\Windows\System\stNEgKL.exe
  2⤵
  PID:5248
- C:\Windows\System\HxYkWLE.exe
  C:\Windows\System\HxYkWLE.exe
  2⤵
  PID:5312
- C:\Windows\System\vyXwAdG.exe
  C:\Windows\System\vyXwAdG.exe
  2⤵
  PID:5372
- C:\Windows\System\rIFQtsg.exe
  C:\Windows\System\rIFQtsg.exe
  2⤵
  PID:5444
- C:\Windows\System\hnaUjON.exe
  C:\Windows\System\hnaUjON.exe
  2⤵
  PID:5508
- C:\Windows\System\IjovDUs.exe
  C:\Windows\System\IjovDUs.exe
  2⤵
  PID:5576
- C:\Windows\System\VtEVQcM.exe
  C:\Windows\System\VtEVQcM.exe
  2⤵
  PID:5644
- C:\Windows\System\GbosOym.exe
  C:\Windows\System\GbosOym.exe
  2⤵
  PID:5700
- C:\Windows\System\BtqQcFF.exe
  C:\Windows\System\BtqQcFF.exe
  2⤵
  PID:5780
- C:\Windows\System\cNvSIYi.exe
  C:\Windows\System\cNvSIYi.exe
  2⤵
  PID:5836
- C:\Windows\System\srFgfwA.exe
  C:\Windows\System\srFgfwA.exe
  2⤵
  PID:5924
- C:\Windows\System\gUXwsnd.exe
  C:\Windows\System\gUXwsnd.exe
  2⤵
  PID:5984
- C:\Windows\System\EZXCZrz.exe
  C:\Windows\System\EZXCZrz.exe
  2⤵
  PID:6048
- C:\Windows\System\mqDnIHG.exe
  C:\Windows\System\mqDnIHG.exe
  2⤵
  PID:5076
- C:\Windows\System\ZEVYpFI.exe
  C:\Windows\System\ZEVYpFI.exe
  2⤵
  PID:5288
- C:\Windows\System\twlygRB.exe
  C:\Windows\System\twlygRB.exe
  2⤵
  PID:5428
- C:\Windows\System\yKIEAHo.exe
  C:\Windows\System\yKIEAHo.exe
  2⤵
  PID:5624
- C:\Windows\System\AovJhuD.exe
  C:\Windows\System\AovJhuD.exe
  2⤵
  PID:5832
- C:\Windows\System\AHRmeVn.exe
  C:\Windows\System\AHRmeVn.exe
  2⤵
  PID:5960
- C:\Windows\System\hTJxZkj.exe
  C:\Windows\System\hTJxZkj.exe
  2⤵
  PID:5188
- C:\Windows\System\RMCRAds.exe
  C:\Windows\System\RMCRAds.exe
  2⤵
  PID:5548
- C:\Windows\System\slXKwwQ.exe
  C:\Windows\System\slXKwwQ.exe
  2⤵
  PID:5964
- C:\Windows\System\pcxRNQJ.exe
  C:\Windows\System\pcxRNQJ.exe
  2⤵
  PID:5424
- C:\Windows\System\xUBEdHp.exe
  C:\Windows\System\xUBEdHp.exe
  2⤵
  PID:6152
- C:\Windows\System\yjkYobO.exe
  C:\Windows\System\yjkYobO.exe
  2⤵
  PID:6180
- C:\Windows\System\LRrKdXc.exe
  C:\Windows\System\LRrKdXc.exe
  2⤵
  PID:6208
- C:\Windows\System\Gxbzckc.exe
  C:\Windows\System\Gxbzckc.exe
  2⤵
  PID:6236
- C:\Windows\System\thukANS.exe
  C:\Windows\System\thukANS.exe
  2⤵
  PID:6268
- C:\Windows\System\oPXGfAS.exe
  C:\Windows\System\oPXGfAS.exe
  2⤵
  PID:6296
- C:\Windows\System\YRmSeLL.exe
  C:\Windows\System\YRmSeLL.exe
  2⤵
  PID:6324
- C:\Windows\System\nAMtyYk.exe
  C:\Windows\System\nAMtyYk.exe
  2⤵
  PID:6352
- C:\Windows\System\KUNETAq.exe
  C:\Windows\System\KUNETAq.exe
  2⤵
  PID:6388
- C:\Windows\System\TRFnASp.exe
  C:\Windows\System\TRFnASp.exe
  2⤵
  PID:6416
- C:\Windows\System\EQTJiaE.exe
  C:\Windows\System\EQTJiaE.exe
  2⤵
  PID:6444
- C:\Windows\System\rIgVHVp.exe
  C:\Windows\System\rIgVHVp.exe
  2⤵
  PID:6464
- C:\Windows\System\DwSYLtc.exe
  C:\Windows\System\DwSYLtc.exe
  2⤵
  PID:6496
- C:\Windows\System\rVSGIHt.exe
  C:\Windows\System\rVSGIHt.exe
  2⤵
  PID:6524
- C:\Windows\System\fXtCeRk.exe
  C:\Windows\System\fXtCeRk.exe
  2⤵
  PID:6552
- C:\Windows\System\rYAPVLF.exe
  C:\Windows\System\rYAPVLF.exe
  2⤵
  PID:6580
- C:\Windows\System\tYBbDQd.exe
  C:\Windows\System\tYBbDQd.exe
  2⤵
  PID:6596
- C:\Windows\System\xzxmkux.exe
  C:\Windows\System\xzxmkux.exe
  2⤵
  PID:6612
- C:\Windows\System\lFvgdEF.exe
  C:\Windows\System\lFvgdEF.exe
  2⤵
  PID:6644
- C:\Windows\System\ZmFyjnO.exe
  C:\Windows\System\ZmFyjnO.exe
  2⤵
  PID:6680
- C:\Windows\System\XnIcqzC.exe
  C:\Windows\System\XnIcqzC.exe
  2⤵
  PID:6720
- C:\Windows\System\iAHOHlZ.exe
  C:\Windows\System\iAHOHlZ.exe
  2⤵
  PID:6748
- C:\Windows\System\bFlOENn.exe
  C:\Windows\System\bFlOENn.exe
  2⤵
  PID:6776
- C:\Windows\System\lYXupdh.exe
  C:\Windows\System\lYXupdh.exe
  2⤵
  PID:6804
- C:\Windows\System\VrOfqza.exe
  C:\Windows\System\VrOfqza.exe
  2⤵
  PID:6832
- C:\Windows\System\nLlAkKL.exe
  C:\Windows\System\nLlAkKL.exe
  2⤵
  PID:6860
- C:\Windows\System\ZOKDrNo.exe
  C:\Windows\System\ZOKDrNo.exe
  2⤵
  PID:6888
- C:\Windows\System\LpzrXNT.exe
  C:\Windows\System\LpzrXNT.exe
  2⤵
  PID:6916
- C:\Windows\System\EjmygyH.exe
  C:\Windows\System\EjmygyH.exe
  2⤵
  PID:6944
- C:\Windows\System\NxIAlmH.exe
  C:\Windows\System\NxIAlmH.exe
  2⤵
  PID:6972
- C:\Windows\System\BmVFzCp.exe
  C:\Windows\System\BmVFzCp.exe
  2⤵
  PID:7000
- C:\Windows\System\WlcysGq.exe
  C:\Windows\System\WlcysGq.exe
  2⤵
  PID:7028
- C:\Windows\System\dEqumRB.exe
  C:\Windows\System\dEqumRB.exe
  2⤵
  PID:7060
- C:\Windows\System\bnzVofw.exe
  C:\Windows\System\bnzVofw.exe
  2⤵
  PID:7096
- C:\Windows\System\TiTTsqn.exe
  C:\Windows\System\TiTTsqn.exe
  2⤵
  PID:7132
- C:\Windows\System\UkkNsXv.exe
  C:\Windows\System\UkkNsXv.exe
  2⤵
  PID:7160
- C:\Windows\System\VzReCyy.exe
  C:\Windows\System\VzReCyy.exe
  2⤵
  PID:6176
- C:\Windows\System\lROqftY.exe
  C:\Windows\System\lROqftY.exe
  2⤵
  PID:2872
- C:\Windows\System\wENRvul.exe
  C:\Windows\System\wENRvul.exe
  2⤵
  PID:6308
- C:\Windows\System\bQqJwpy.exe
  C:\Windows\System\bQqJwpy.exe
  2⤵
  PID:6372
- C:\Windows\System\FcIDqkU.exe
  C:\Windows\System\FcIDqkU.exe
  2⤵
  PID:6436
- C:\Windows\System\RGevsSQ.exe
  C:\Windows\System\RGevsSQ.exe
  2⤵
  PID:6508
- C:\Windows\System\UNKMNFF.exe
  C:\Windows\System\UNKMNFF.exe
  2⤵
  PID:6572
- C:\Windows\System\NfRiSfs.exe
  C:\Windows\System\NfRiSfs.exe
  2⤵
  PID:6604
- C:\Windows\System\GAJnJEN.exe
  C:\Windows\System\GAJnJEN.exe
  2⤵
  PID:6668
- C:\Windows\System\rlaZwQC.exe
  C:\Windows\System\rlaZwQC.exe
  2⤵
  PID:6704
- C:\Windows\System\cCOYvjQ.exe
  C:\Windows\System\cCOYvjQ.exe
  2⤵
  PID:6740
- C:\Windows\System\ZrltjEP.exe
  C:\Windows\System\ZrltjEP.exe
  2⤵
  PID:6816
- C:\Windows\System\jIARNCP.exe
  C:\Windows\System\jIARNCP.exe
  2⤵
  PID:6872
- C:\Windows\System\TwoMLZi.exe
  C:\Windows\System\TwoMLZi.exe
  2⤵
  PID:6956
- C:\Windows\System\guGTkIs.exe
  C:\Windows\System\guGTkIs.exe
  2⤵
  PID:7040
- C:\Windows\System\JabWLkG.exe
  C:\Windows\System\JabWLkG.exe
  2⤵
  PID:7152
- C:\Windows\System\TBykBxd.exe
  C:\Windows\System\TBykBxd.exe
  2⤵
  PID:6264
- C:\Windows\System\lDgyCqO.exe
  C:\Windows\System\lDgyCqO.exe
  2⤵
  PID:6408
- C:\Windows\System\AicwRDa.exe
  C:\Windows\System\AicwRDa.exe
  2⤵
  PID:6564
- C:\Windows\System\FMzSSlh.exe
  C:\Windows\System\FMzSSlh.exe
  2⤵
  PID:6772
- C:\Windows\System\nEDwWWC.exe
  C:\Windows\System\nEDwWWC.exe
  2⤵
  PID:6856
- C:\Windows\System\yjFwrDV.exe
  C:\Windows\System\yjFwrDV.exe
  2⤵
  PID:6996
- C:\Windows\System\HVASfUY.exe
  C:\Windows\System\HVASfUY.exe
  2⤵
  PID:7128
- C:\Windows\System\SZnmReG.exe
  C:\Windows\System\SZnmReG.exe
  2⤵
  PID:6692
- C:\Windows\System\EXuIZSe.exe
  C:\Windows\System\EXuIZSe.exe
  2⤵
  PID:6912
- C:\Windows\System\FukeuKo.exe
  C:\Windows\System\FukeuKo.exe
  2⤵
  PID:6400
- C:\Windows\System\dnjSFoj.exe
  C:\Windows\System\dnjSFoj.exe
  2⤵
  PID:6336
- C:\Windows\System\WXLhKzn.exe
  C:\Windows\System\WXLhKzn.exe
  2⤵
  PID:7184
- C:\Windows\System\vQzcGVq.exe
  C:\Windows\System\vQzcGVq.exe
  2⤵
  PID:7212
- C:\Windows\System\ZZJkVQn.exe
  C:\Windows\System\ZZJkVQn.exe
  2⤵
  PID:7244
- C:\Windows\System\kXgTfyA.exe
  C:\Windows\System\kXgTfyA.exe
  2⤵
  PID:7268
- C:\Windows\System\MCXXJoh.exe
  C:\Windows\System\MCXXJoh.exe
  2⤵
  PID:7296
- C:\Windows\System\IjDpYah.exe
  C:\Windows\System\IjDpYah.exe
  2⤵
  PID:7324
- C:\Windows\System\xwiCeIS.exe
  C:\Windows\System\xwiCeIS.exe
  2⤵
  PID:7352
- C:\Windows\System\yakUnjg.exe
  C:\Windows\System\yakUnjg.exe
  2⤵
  PID:7380
- C:\Windows\System\ielRJPB.exe
  C:\Windows\System\ielRJPB.exe
  2⤵
  PID:7408
- C:\Windows\System\HcLnZzv.exe
  C:\Windows\System\HcLnZzv.exe
  2⤵
  PID:7444
- C:\Windows\System\vHXBAqI.exe
  C:\Windows\System\vHXBAqI.exe
  2⤵
  PID:7472
- C:\Windows\System\zJVqVFi.exe
  C:\Windows\System\zJVqVFi.exe
  2⤵
  PID:7500
- C:\Windows\System\KSaoYQn.exe
  C:\Windows\System\KSaoYQn.exe
  2⤵
  PID:7516
- C:\Windows\System\oivpuLj.exe
  C:\Windows\System\oivpuLj.exe
  2⤵
  PID:7540
- C:\Windows\System\lbBuCVG.exe
  C:\Windows\System\lbBuCVG.exe
  2⤵
  PID:7568
- C:\Windows\System\WtByOPA.exe
  C:\Windows\System\WtByOPA.exe
  2⤵
  PID:7608
- C:\Windows\System\kFXvJvI.exe
  C:\Windows\System\kFXvJvI.exe
  2⤵
  PID:7628
- C:\Windows\System\bdsBMds.exe
  C:\Windows\System\bdsBMds.exe
  2⤵
  PID:7668
- C:\Windows\System\sOrrBjY.exe
  C:\Windows\System\sOrrBjY.exe
  2⤵
  PID:7704
- C:\Windows\System\tRogOIL.exe
  C:\Windows\System\tRogOIL.exe
  2⤵
  PID:7732
- C:\Windows\System\uTdDbGf.exe
  C:\Windows\System\uTdDbGf.exe
  2⤵
  PID:7764
- C:\Windows\System\KLBjdBG.exe
  C:\Windows\System\KLBjdBG.exe
  2⤵
  PID:7800
- C:\Windows\System\hfpbkmB.exe
  C:\Windows\System\hfpbkmB.exe
  2⤵
  PID:7832
- C:\Windows\System\mBGvTaP.exe
  C:\Windows\System\mBGvTaP.exe
  2⤵
  PID:7860
- C:\Windows\System\TJumEbl.exe
  C:\Windows\System\TJumEbl.exe
  2⤵
  PID:7892
- C:\Windows\System\fRCgVaV.exe
  C:\Windows\System\fRCgVaV.exe
  2⤵
  PID:7920
- C:\Windows\System\fqrrwke.exe
  C:\Windows\System\fqrrwke.exe
  2⤵
  PID:7940
- C:\Windows\System\KJkWcpe.exe
  C:\Windows\System\KJkWcpe.exe
  2⤵
  PID:7976
- C:\Windows\System\qouzEHP.exe
  C:\Windows\System\qouzEHP.exe
  2⤵
  PID:8004
- C:\Windows\System\JApiYyw.exe
  C:\Windows\System\JApiYyw.exe
  2⤵
  PID:8028
- C:\Windows\System\snxZgrz.exe
  C:\Windows\System\snxZgrz.exe
  2⤵
  PID:8064
- C:\Windows\System\MZusQti.exe
  C:\Windows\System\MZusQti.exe
  2⤵
  PID:8080
- C:\Windows\System\tXOOWxs.exe
  C:\Windows\System\tXOOWxs.exe
  2⤵
  PID:8112
- C:\Windows\System\twxPxzf.exe
  C:\Windows\System\twxPxzf.exe
  2⤵
  PID:8148
- C:\Windows\System\kBMlbuR.exe
  C:\Windows\System\kBMlbuR.exe
  2⤵
  PID:8164
- C:\Windows\System\APXraFM.exe
  C:\Windows\System\APXraFM.exe
  2⤵
  PID:7108
- C:\Windows\System\qriEBrG.exe
  C:\Windows\System\qriEBrG.exe
  2⤵
  PID:7232
- C:\Windows\System\REduLbZ.exe
  C:\Windows\System\REduLbZ.exe
  2⤵
  PID:7280
- C:\Windows\System\dPegFAG.exe
  C:\Windows\System\dPegFAG.exe
  2⤵
  PID:7336
- C:\Windows\System\zlrHenX.exe
  C:\Windows\System\zlrHenX.exe
  2⤵
  PID:7440
- C:\Windows\System\EWhHCTZ.exe
  C:\Windows\System\EWhHCTZ.exe
  2⤵
  PID:7496
- C:\Windows\System\xOHQESf.exe
  C:\Windows\System\xOHQESf.exe
  2⤵
  PID:7564
- C:\Windows\System\NWqsUVy.exe
  C:\Windows\System\NWqsUVy.exe
  2⤵
  PID:7616
- C:\Windows\System\qQxejPJ.exe
  C:\Windows\System\qQxejPJ.exe
  2⤵
  PID:7484
- C:\Windows\System\mhjelrv.exe
  C:\Windows\System\mhjelrv.exe
  2⤵
  PID:7784
- C:\Windows\System\JbeCroG.exe
  C:\Windows\System\JbeCroG.exe
  2⤵
  PID:7884
- C:\Windows\System\aVkksGH.exe
  C:\Windows\System\aVkksGH.exe
  2⤵
  PID:7932
- C:\Windows\System\KivrAoa.exe
  C:\Windows\System\KivrAoa.exe
  2⤵
  PID:8000
- C:\Windows\System\XXegoUC.exe
  C:\Windows\System\XXegoUC.exe
  2⤵
  PID:8076
- C:\Windows\System\fwPvwsz.exe
  C:\Windows\System\fwPvwsz.exe
  2⤵
  PID:8132
- C:\Windows\System\fntROgO.exe
  C:\Windows\System\fntROgO.exe
  2⤵
  PID:7252
- C:\Windows\System\oFSSqUt.exe
  C:\Windows\System\oFSSqUt.exe
  2⤵
  PID:7392
- C:\Windows\System\KhNpcby.exe
  C:\Windows\System\KhNpcby.exe
  2⤵
  PID:7468
- C:\Windows\System\lAaPSLZ.exe
  C:\Windows\System\lAaPSLZ.exe
  2⤵
  PID:7636
- C:\Windows\System\vPENPtA.exe
  C:\Windows\System\vPENPtA.exe
  2⤵
  PID:7788
- C:\Windows\System\RXtxPez.exe
  C:\Windows\System\RXtxPez.exe
  2⤵
  PID:7972
- C:\Windows\System\uarvpky.exe
  C:\Windows\System\uarvpky.exe
  2⤵
  PID:8140
- C:\Windows\System\hsAwRsz.exe
  C:\Windows\System\hsAwRsz.exe
  2⤵
  PID:7292
- C:\Windows\System\ZAohHkv.exe
  C:\Windows\System\ZAohHkv.exe
  2⤵
  PID:7644
- C:\Windows\System\jleiLNA.exe
  C:\Windows\System\jleiLNA.exe
  2⤵
  PID:7196
- C:\Windows\System\XMCjstT.exe
  C:\Windows\System\XMCjstT.exe
  2⤵
  PID:7364
- C:\Windows\System\zhhuYRl.exe
  C:\Windows\System\zhhuYRl.exe
  2⤵
  PID:7376
- C:\Windows\System\IToHXLg.exe
  C:\Windows\System\IToHXLg.exe
  2⤵
  PID:8216
- C:\Windows\System\EFTTXqb.exe
  C:\Windows\System\EFTTXqb.exe
  2⤵
  PID:8244
- C:\Windows\System\FIPRRuJ.exe
  C:\Windows\System\FIPRRuJ.exe
  2⤵
  PID:8276
- C:\Windows\System\coJibsJ.exe
  C:\Windows\System\coJibsJ.exe
  2⤵
  PID:8320
- C:\Windows\System\XMpAHsu.exe
  C:\Windows\System\XMpAHsu.exe
  2⤵
  PID:8340
- C:\Windows\System\BfXkPdJ.exe
  C:\Windows\System\BfXkPdJ.exe
  2⤵
  PID:8368
- C:\Windows\System\OzPgPnv.exe
  C:\Windows\System\OzPgPnv.exe
  2⤵
  PID:8396
- C:\Windows\System\caOFCTY.exe
  C:\Windows\System\caOFCTY.exe
  2⤵
  PID:8436
- C:\Windows\System\DkedDlT.exe
  C:\Windows\System\DkedDlT.exe
  2⤵
  PID:8480
- C:\Windows\System\LAxCBtr.exe
  C:\Windows\System\LAxCBtr.exe
  2⤵
  PID:8496
- C:\Windows\System\lqkELzS.exe
  C:\Windows\System\lqkELzS.exe
  2⤵
  PID:8512
- C:\Windows\System\XxszHol.exe
  C:\Windows\System\XxszHol.exe
  2⤵
  PID:8544
- C:\Windows\System\fetIVAJ.exe
  C:\Windows\System\fetIVAJ.exe
  2⤵
  PID:8568
- C:\Windows\System\zhZCSVd.exe
  C:\Windows\System\zhZCSVd.exe
  2⤵
  PID:8592
- C:\Windows\System\dsjBRMP.exe
  C:\Windows\System\dsjBRMP.exe
  2⤵
  PID:8628
- C:\Windows\System\tyWlIKq.exe
  C:\Windows\System\tyWlIKq.exe
  2⤵
  PID:8652
- C:\Windows\System\UKuNjzb.exe
  C:\Windows\System\UKuNjzb.exe
  2⤵
  PID:8696
- C:\Windows\System\cPgIvLo.exe
  C:\Windows\System\cPgIvLo.exe
  2⤵
  PID:8724
- C:\Windows\System\KhLZMrG.exe
  C:\Windows\System\KhLZMrG.exe
  2⤵
  PID:8760
- C:\Windows\System\IOncRAU.exe
  C:\Windows\System\IOncRAU.exe
  2⤵
  PID:8776
- C:\Windows\System\pFokPLE.exe
  C:\Windows\System\pFokPLE.exe
  2⤵
  PID:8796
- C:\Windows\System\RbvDOEk.exe
  C:\Windows\System\RbvDOEk.exe
  2⤵
  PID:8824
- C:\Windows\System\WIlhMnK.exe
  C:\Windows\System\WIlhMnK.exe
  2⤵
  PID:8852
- C:\Windows\System\BJUGHbW.exe
  C:\Windows\System\BJUGHbW.exe
  2⤵
  PID:8892
- C:\Windows\System\VDZoASq.exe
  C:\Windows\System\VDZoASq.exe
  2⤵
  PID:8920
- C:\Windows\System\VWyxLGG.exe
  C:\Windows\System\VWyxLGG.exe
  2⤵
  PID:8960
- C:\Windows\System\uUbpHcj.exe
  C:\Windows\System\uUbpHcj.exe
  2⤵
  PID:8976
- C:\Windows\System\sTxiUcS.exe
  C:\Windows\System\sTxiUcS.exe
  2⤵
  PID:9004
- C:\Windows\System\NdRKwNk.exe
  C:\Windows\System\NdRKwNk.exe
  2⤵
  PID:9032
- C:\Windows\System\hOTogJs.exe
  C:\Windows\System\hOTogJs.exe
  2⤵
  PID:9060
- C:\Windows\System\kOUldjF.exe
  C:\Windows\System\kOUldjF.exe
  2⤵
  PID:9080
- C:\Windows\System\WroSKux.exe
  C:\Windows\System\WroSKux.exe
  2⤵
  PID:9108
- C:\Windows\System\hvoNPcj.exe
  C:\Windows\System\hvoNPcj.exe
  2⤵
  PID:9144
- C:\Windows\System\rawfmSm.exe
  C:\Windows\System\rawfmSm.exe
  2⤵
  PID:9172
- C:\Windows\System\QOtqrgx.exe
  C:\Windows\System\QOtqrgx.exe
  2⤵
  PID:9200
- C:\Windows\System\PsWhtwf.exe
  C:\Windows\System\PsWhtwf.exe
  2⤵
  PID:7840
- C:\Windows\System\fEbVjzV.exe
  C:\Windows\System\fEbVjzV.exe
  2⤵
  PID:8268
- C:\Windows\System\OegUgow.exe
  C:\Windows\System\OegUgow.exe
  2⤵
  PID:8336
- C:\Windows\System\zibUDhz.exe
  C:\Windows\System\zibUDhz.exe
  2⤵
  PID:8392
- C:\Windows\System\tOOFLov.exe
  C:\Windows\System\tOOFLov.exe
  2⤵
  PID:8448
- C:\Windows\System\ZjDpJTY.exe
  C:\Windows\System\ZjDpJTY.exe
  2⤵
  PID:8524
- C:\Windows\System\lOUCSOv.exe
  C:\Windows\System\lOUCSOv.exe
  2⤵
  PID:8580
- C:\Windows\System\tfBHnMg.exe
  C:\Windows\System\tfBHnMg.exe
  2⤵
  PID:8680
- C:\Windows\System\BwiTmGk.exe
  C:\Windows\System\BwiTmGk.exe
  2⤵
  PID:8740
- C:\Windows\System\gjNiNKt.exe
  C:\Windows\System\gjNiNKt.exe
  2⤵
  PID:8784
- C:\Windows\System\gEVokcJ.exe
  C:\Windows\System\gEVokcJ.exe
  2⤵
  PID:8868
- C:\Windows\System\yfUPYBQ.exe
  C:\Windows\System\yfUPYBQ.exe
  2⤵
  PID:8972
- C:\Windows\System\IvCzYom.exe
  C:\Windows\System\IvCzYom.exe
  2⤵
  PID:9044
- C:\Windows\System\tYDXOsn.exe
  C:\Windows\System\tYDXOsn.exe
  2⤵
  PID:9160
- C:\Windows\System\cCIXRMy.exe
  C:\Windows\System\cCIXRMy.exe
  2⤵
  PID:8228
- C:\Windows\System\NaGSsMA.exe
  C:\Windows\System\NaGSsMA.exe
  2⤵
  PID:8408
- C:\Windows\System\llmGogc.exe
  C:\Windows\System\llmGogc.exe
  2⤵
  PID:8616
- C:\Windows\System\CniXaAH.exe
  C:\Windows\System\CniXaAH.exe
  2⤵
  PID:8716
- C:\Windows\System\BLDtrcG.exe
  C:\Windows\System\BLDtrcG.exe
  2⤵
  PID:8952
- C:\Windows\System\FcyZlzj.exe
  C:\Windows\System\FcyZlzj.exe
  2⤵
  PID:8992
- C:\Windows\System\lFYlxRs.exe
  C:\Windows\System\lFYlxRs.exe
  2⤵
  PID:9188
- C:\Windows\System\xdsceDi.exe
  C:\Windows\System\xdsceDi.exe
  2⤵
  PID:8944
- C:\Windows\System\trmDFbC.exe
  C:\Windows\System\trmDFbC.exe
  2⤵
  PID:8876
- C:\Windows\System\bTlvCzv.exe
  C:\Windows\System\bTlvCzv.exe
  2⤵
  PID:9236
- C:\Windows\System\IhlsBtj.exe
  C:\Windows\System\IhlsBtj.exe
  2⤵
  PID:9272
- C:\Windows\System\qJUvPDD.exe
  C:\Windows\System\qJUvPDD.exe
  2⤵
  PID:9288
- C:\Windows\System\UXGSXLo.exe
  C:\Windows\System\UXGSXLo.exe
  2⤵
  PID:9316
- C:\Windows\System\KzYFkKh.exe
  C:\Windows\System\KzYFkKh.exe
  2⤵
  PID:9356
- C:\Windows\System\npaDizb.exe
  C:\Windows\System\npaDizb.exe
  2⤵
  PID:9388
- C:\Windows\System\RuOunwj.exe
  C:\Windows\System\RuOunwj.exe
  2⤵
  PID:9412
- C:\Windows\System\yTmJaWd.exe
  C:\Windows\System\yTmJaWd.exe
  2⤵
  PID:9436
- C:\Windows\System\QrRYHte.exe
  C:\Windows\System\QrRYHte.exe
  2⤵
  PID:9452
- C:\Windows\System\okfglSp.exe
  C:\Windows\System\okfglSp.exe
  2⤵
  PID:9468
- C:\Windows\System\cyAlZmj.exe
  C:\Windows\System\cyAlZmj.exe
  2⤵
  PID:9496
- C:\Windows\System\TRbzalB.exe
  C:\Windows\System\TRbzalB.exe
  2⤵
  PID:9524
- C:\Windows\System\NICvGoz.exe
  C:\Windows\System\NICvGoz.exe
  2⤵
  PID:9552
- C:\Windows\System\dsekHwW.exe
  C:\Windows\System\dsekHwW.exe
  2⤵
  PID:9584
- C:\Windows\System\Ztwrjef.exe
  C:\Windows\System\Ztwrjef.exe
  2⤵
  PID:9620
- C:\Windows\System\iFfSzVX.exe
  C:\Windows\System\iFfSzVX.exe
  2⤵
  PID:9648
- C:\Windows\System\YvlGLCP.exe
  C:\Windows\System\YvlGLCP.exe
  2⤵
  PID:9684
- C:\Windows\System\GVJgesF.exe
  C:\Windows\System\GVJgesF.exe
  2⤵
  PID:9700
- C:\Windows\System\RtyVuUD.exe
  C:\Windows\System\RtyVuUD.exe
  2⤵
  PID:9736
- C:\Windows\System\ouGxeRK.exe
  C:\Windows\System\ouGxeRK.exe
  2⤵
  PID:9764
- C:\Windows\System\ZWAKLHd.exe
  C:\Windows\System\ZWAKLHd.exe
  2⤵
  PID:9800
- C:\Windows\System\LfqIYwY.exe
  C:\Windows\System\LfqIYwY.exe
  2⤵
  PID:9836
- C:\Windows\System\cbMDPtT.exe
  C:\Windows\System\cbMDPtT.exe
  2⤵
  PID:9884
- C:\Windows\System\xdHeBVz.exe
  C:\Windows\System\xdHeBVz.exe
  2⤵
  PID:9900
- C:\Windows\System\EOinpPc.exe
  C:\Windows\System\EOinpPc.exe
  2⤵
  PID:9936
- C:\Windows\System\rPKjPpW.exe
  C:\Windows\System\rPKjPpW.exe
  2⤵
  PID:9976
- C:\Windows\System\yAkfZMa.exe
  C:\Windows\System\yAkfZMa.exe
  2⤵
  PID:10008
- C:\Windows\System\KPnhswF.exe
  C:\Windows\System\KPnhswF.exe
  2⤵
  PID:10056
- C:\Windows\System\wlcIKCu.exe
  C:\Windows\System\wlcIKCu.exe
  2⤵
  PID:10096
- C:\Windows\System\xJJscpB.exe
  C:\Windows\System\xJJscpB.exe
  2⤵
  PID:10116
- C:\Windows\System\iiKkKHW.exe
  C:\Windows\System\iiKkKHW.exe
  2⤵
  PID:10144
- C:\Windows\System\ueDoAEy.exe
  C:\Windows\System\ueDoAEy.exe
  2⤵
  PID:10176
- C:\Windows\System\eyxLoJW.exe
  C:\Windows\System\eyxLoJW.exe
  2⤵
  PID:10212
- C:\Windows\System\DtgdgPQ.exe
  C:\Windows\System\DtgdgPQ.exe
  2⤵
  PID:8904
- C:\Windows\System\pkaPwHy.exe
  C:\Windows\System\pkaPwHy.exe
  2⤵
  PID:9256
- C:\Windows\System\sBUFDNm.exe
  C:\Windows\System\sBUFDNm.exe
  2⤵
  PID:9372
- C:\Windows\System\hdCATyU.exe
  C:\Windows\System\hdCATyU.exe
  2⤵
  PID:9448
- C:\Windows\System\wkehTnt.exe
  C:\Windows\System\wkehTnt.exe
  2⤵
  PID:9476
- C:\Windows\System\xdBMQKO.exe
  C:\Windows\System\xdBMQKO.exe
  2⤵
  PID:9512
- C:\Windows\System\omsUZpe.exe
  C:\Windows\System\omsUZpe.exe
  2⤵
  PID:9636
- C:\Windows\System\jYFwGba.exe
  C:\Windows\System\jYFwGba.exe
  2⤵
  PID:9712
- C:\Windows\System\oEsAZjU.exe
  C:\Windows\System\oEsAZjU.exe
  2⤵
  PID:9696
- C:\Windows\System\pevEQme.exe
  C:\Windows\System\pevEQme.exe
  2⤵
  PID:9772
- C:\Windows\System\cbPTIHU.exe
  C:\Windows\System\cbPTIHU.exe
  2⤵
  PID:9896
- C:\Windows\System\eNohWFC.exe
  C:\Windows\System\eNohWFC.exe
  2⤵
  PID:9920
- C:\Windows\System\KndgVZN.exe
  C:\Windows\System\KndgVZN.exe
  2⤵
  PID:9960
- C:\Windows\System\dCGUoSm.exe
  C:\Windows\System\dCGUoSm.exe
  2⤵
  PID:10076
- C:\Windows\System\GAxCXfs.exe
  C:\Windows\System\GAxCXfs.exe
  2⤵
  PID:10172
- C:\Windows\System\nmmzPtm.exe
  C:\Windows\System\nmmzPtm.exe
  2⤵
  PID:9224
- C:\Windows\System\KeZadhD.exe
  C:\Windows\System\KeZadhD.exe
  2⤵
  PID:9344
- C:\Windows\System\VAYRHRi.exe
  C:\Windows\System\VAYRHRi.exe
  2⤵
  PID:9424
- C:\Windows\System\baIhHeJ.exe
  C:\Windows\System\baIhHeJ.exe
  2⤵
  PID:9544
- C:\Windows\System\MJtRJxv.exe
  C:\Windows\System\MJtRJxv.exe
  2⤵
  PID:9608
- C:\Windows\System\IGrEkdr.exe
  C:\Windows\System\IGrEkdr.exe
  2⤵
  PID:9832
- C:\Windows\System\pAEdyCH.exe
  C:\Windows\System\pAEdyCH.exe
  2⤵
  PID:10036
- C:\Windows\System\HTxBXlT.exe
  C:\Windows\System\HTxBXlT.exe
  2⤵
  PID:9280
- C:\Windows\System\wiTYHQG.exe
  C:\Windows\System\wiTYHQG.exe
  2⤵
  PID:9380
- C:\Windows\System\OSsPwvS.exe
  C:\Windows\System\OSsPwvS.exe
  2⤵
  PID:10004
- C:\Windows\System\cuebjjV.exe
  C:\Windows\System\cuebjjV.exe
  2⤵
  PID:10244
- C:\Windows\System\qqSDLMT.exe
  C:\Windows\System\qqSDLMT.exe
  2⤵
  PID:10272
- C:\Windows\System\DHHLjlm.exe
  C:\Windows\System\DHHLjlm.exe
  2⤵
  PID:10300
- C:\Windows\System\phLGTHj.exe
  C:\Windows\System\phLGTHj.exe
  2⤵
  PID:10336
- C:\Windows\System\oFnBkuQ.exe
  C:\Windows\System\oFnBkuQ.exe
  2⤵
  PID:10372
- C:\Windows\System\HnyzgeX.exe
  C:\Windows\System\HnyzgeX.exe
  2⤵
  PID:10396
- C:\Windows\System\ZBEPben.exe
  C:\Windows\System\ZBEPben.exe
  2⤵
  PID:10428
- C:\Windows\System\bJWeRAg.exe
  C:\Windows\System\bJWeRAg.exe
  2⤵
  PID:10468
- C:\Windows\System\airakJd.exe
  C:\Windows\System\airakJd.exe
  2⤵
  PID:10504
- C:\Windows\System\pvIIYlz.exe
  C:\Windows\System\pvIIYlz.exe
  2⤵
  PID:10536
- C:\Windows\System\EKSBwqB.exe
  C:\Windows\System\EKSBwqB.exe
  2⤵
  PID:10556
- C:\Windows\System\jkUEexJ.exe
  C:\Windows\System\jkUEexJ.exe
  2⤵
  PID:10576
- C:\Windows\System\OjdVihy.exe
  C:\Windows\System\OjdVihy.exe
  2⤵
  PID:10592
- C:\Windows\System\adQJJAp.exe
  C:\Windows\System\adQJJAp.exe
  2⤵
  PID:10612
- C:\Windows\System\UIJyrAv.exe
  C:\Windows\System\UIJyrAv.exe
  2⤵
  PID:10652
- C:\Windows\System\TEYkwyH.exe
  C:\Windows\System\TEYkwyH.exe
  2⤵
  PID:10676
- C:\Windows\System\zMkEIuJ.exe
  C:\Windows\System\zMkEIuJ.exe
  2⤵
  PID:10700
- C:\Windows\System\JNsKLUh.exe
  C:\Windows\System\JNsKLUh.exe
  2⤵
  PID:10732
- C:\Windows\System\UZprxnQ.exe
  C:\Windows\System\UZprxnQ.exe
  2⤵
  PID:10760
- C:\Windows\System\aoomaiQ.exe
  C:\Windows\System\aoomaiQ.exe
  2⤵
  PID:10800
- C:\Windows\System\MdssZnW.exe
  C:\Windows\System\MdssZnW.exe
  2⤵
  PID:10840
- C:\Windows\System\QPTnSQC.exe
  C:\Windows\System\QPTnSQC.exe
  2⤵
  PID:10860
- C:\Windows\System\gjcXaFz.exe
  C:\Windows\System\gjcXaFz.exe
  2⤵
  PID:10888
- C:\Windows\System\PNVelVO.exe
  C:\Windows\System\PNVelVO.exe
  2⤵
  PID:10928
- C:\Windows\System\JNviQWT.exe
  C:\Windows\System\JNviQWT.exe
  2⤵
  PID:10960
- C:\Windows\System\CNVHIJQ.exe
  C:\Windows\System\CNVHIJQ.exe
  2⤵
  PID:10992
- C:\Windows\System\tcVZxYB.exe
  C:\Windows\System\tcVZxYB.exe
  2⤵
  PID:11028
- C:\Windows\System\NDsibza.exe
  C:\Windows\System\NDsibza.exe
  2⤵
  PID:11064
- C:\Windows\System\gHDJRPj.exe
  C:\Windows\System\gHDJRPj.exe
  2⤵
  PID:11100
- C:\Windows\System\ITiCHab.exe
  C:\Windows\System\ITiCHab.exe
  2⤵
  PID:11120
- C:\Windows\System\nKqUVTu.exe
  C:\Windows\System\nKqUVTu.exe
  2⤵
  PID:11144
- C:\Windows\System\xEcEStp.exe
  C:\Windows\System\xEcEStp.exe
  2⤵
  PID:11180
- C:\Windows\System\JIYPIsJ.exe
  C:\Windows\System\JIYPIsJ.exe
  2⤵
  PID:11200
- C:\Windows\System\QuZLhde.exe
  C:\Windows\System\QuZLhde.exe
  2⤵
  PID:11236
- C:\Windows\System\RiLUYUE.exe
  C:\Windows\System\RiLUYUE.exe
  2⤵
  PID:11260
- C:\Windows\System\JQvILrb.exe
  C:\Windows\System\JQvILrb.exe
  2⤵
  PID:9572
- C:\Windows\System\jQpvUIx.exe
  C:\Windows\System\jQpvUIx.exe
  2⤵
  PID:9660
- C:\Windows\System\tzWkpwX.exe
  C:\Windows\System\tzWkpwX.exe
  2⤵
  PID:10332
- C:\Windows\System\mZZcnDc.exe
  C:\Windows\System\mZZcnDc.exe
  2⤵
  PID:10408
- C:\Windows\System\QcmyQRk.exe
  C:\Windows\System\QcmyQRk.exe
  2⤵
  PID:10524
- C:\Windows\System\AXDpKMb.exe
  C:\Windows\System\AXDpKMb.exe
  2⤵
  PID:10564
- C:\Windows\System\bOyVQhD.exe
  C:\Windows\System\bOyVQhD.exe
  2⤵
  PID:10608
- C:\Windows\System\oQLQCuN.exe
  C:\Windows\System\oQLQCuN.exe
  2⤵
  PID:8836
- C:\Windows\System\TMBjzfJ.exe
  C:\Windows\System\TMBjzfJ.exe
  2⤵
  PID:10712
- C:\Windows\System\jFTWMfs.exe
  C:\Windows\System\jFTWMfs.exe
  2⤵
  PID:10748
- C:\Windows\System\QiNmtaZ.exe
  C:\Windows\System\QiNmtaZ.exe
  2⤵
  PID:10780
- C:\Windows\System\TkgWMyf.exe
  C:\Windows\System\TkgWMyf.exe
  2⤵
  PID:10924
- C:\Windows\System\wopAqwf.exe
  C:\Windows\System\wopAqwf.exe
  2⤵
  PID:11020
- C:\Windows\System\ioWDlzF.exe
  C:\Windows\System\ioWDlzF.exe
  2⤵
  PID:11088
- C:\Windows\System\babtXOT.exe
  C:\Windows\System\babtXOT.exe
  2⤵
  PID:11112
- C:\Windows\System\UUZMefG.exe
  C:\Windows\System\UUZMefG.exe
  2⤵
  PID:11216
- C:\Windows\System\oSuVaqC.exe
  C:\Windows\System\oSuVaqC.exe
  2⤵
  PID:10280
- C:\Windows\System\CWKreBH.exe
  C:\Windows\System\CWKreBH.exe
  2⤵
  PID:10448
- C:\Windows\System\BxiUgvP.exe
  C:\Windows\System\BxiUgvP.exe
  2⤵
  PID:10552
- C:\Windows\System\dbVtZLg.exe
  C:\Windows\System\dbVtZLg.exe
  2⤵
  PID:10588
- C:\Windows\System\PhrfZVH.exe
  C:\Windows\System\PhrfZVH.exe
  2⤵
  PID:10880
- C:\Windows\System\RKPVmnd.exe
  C:\Windows\System\RKPVmnd.exe
  2⤵
  PID:11012
- C:\Windows\System\bXvJhtQ.exe
  C:\Windows\System\bXvJhtQ.exe
  2⤵
  PID:11192
- C:\Windows\System\FfFQFvX.exe
  C:\Windows\System\FfFQFvX.exe
  2⤵
  PID:10488
- C:\Windows\System\JzRoqVm.exe
  C:\Windows\System\JzRoqVm.exe
  2⤵
  PID:10828
- C:\Windows\System\KzWuqpD.exe
  C:\Windows\System\KzWuqpD.exe
  2⤵
  PID:10392
- C:\Windows\System\KrZjGAK.exe
  C:\Windows\System\KrZjGAK.exe
  2⤵
  PID:10452
- C:\Windows\System\nVKYYNs.exe
  C:\Windows\System\nVKYYNs.exe
  2⤵
  PID:11084
- C:\Windows\System\JgecVjf.exe
  C:\Windows\System\JgecVjf.exe
  2⤵
  PID:11300
- C:\Windows\System\MSWHUoK.exe
  C:\Windows\System\MSWHUoK.exe
  2⤵
  PID:11316
- C:\Windows\System\woHgCdo.exe
  C:\Windows\System\woHgCdo.exe
  2⤵
  PID:11356
- C:\Windows\System\LuwOuuT.exe
  C:\Windows\System\LuwOuuT.exe
  2⤵
  PID:11380
- C:\Windows\System\SGsGnRJ.exe
  C:\Windows\System\SGsGnRJ.exe
  2⤵
  PID:11400
- C:\Windows\System\DLjWtBV.exe
  C:\Windows\System\DLjWtBV.exe
  2⤵
  PID:11436
- C:\Windows\System\EoJgTXV.exe
  C:\Windows\System\EoJgTXV.exe
  2⤵
  PID:11464
- C:\Windows\System\UagpuGD.exe
  C:\Windows\System\UagpuGD.exe
  2⤵
  PID:11496
- C:\Windows\System\chWxKwf.exe
  C:\Windows\System\chWxKwf.exe
  2⤵
  PID:11520
- C:\Windows\System\kDOuWRA.exe
  C:\Windows\System\kDOuWRA.exe
  2⤵
  PID:11540
- C:\Windows\System\XJvutrq.exe
  C:\Windows\System\XJvutrq.exe
  2⤵
  PID:11568
- C:\Windows\System\EBvxBgX.exe
  C:\Windows\System\EBvxBgX.exe
  2⤵
  PID:11600
- C:\Windows\System\AEEnBET.exe
  C:\Windows\System\AEEnBET.exe
  2⤵
  PID:11624
- C:\Windows\System\oeCTTeR.exe
  C:\Windows\System\oeCTTeR.exe
  2⤵
  PID:11640
- C:\Windows\System\tsrVhoa.exe
  C:\Windows\System\tsrVhoa.exe
  2⤵
  PID:11668
- C:\Windows\System\xPmniIv.exe
  C:\Windows\System\xPmniIv.exe
  2⤵
  PID:11700
- C:\Windows\System\EoZJDQz.exe
  C:\Windows\System\EoZJDQz.exe
  2⤵
  PID:11736
- C:\Windows\System\RnrAjtE.exe
  C:\Windows\System\RnrAjtE.exe
  2⤵
  PID:11776
- C:\Windows\System\UnPcDnY.exe
  C:\Windows\System\UnPcDnY.exe
  2⤵
  PID:11800
- C:\Windows\System\RCYIxcz.exe
  C:\Windows\System\RCYIxcz.exe
  2⤵
  PID:11832
- C:\Windows\System\YmHTMLl.exe
  C:\Windows\System\YmHTMLl.exe
  2⤵
  PID:11860
- C:\Windows\System\cbBVrMx.exe
  C:\Windows\System\cbBVrMx.exe
  2⤵
  PID:11888
- C:\Windows\System\VkApakV.exe
  C:\Windows\System\VkApakV.exe
  2⤵
  PID:11908
- C:\Windows\System\hCQfItz.exe
  C:\Windows\System\hCQfItz.exe
  2⤵
  PID:11932
- C:\Windows\System\SONJZAh.exe
  C:\Windows\System\SONJZAh.exe
  2⤵
  PID:11960
- C:\Windows\System\wksxTSJ.exe
  C:\Windows\System\wksxTSJ.exe
  2⤵
  PID:11996
- C:\Windows\System\DHilxBh.exe
  C:\Windows\System\DHilxBh.exe
  2⤵
  PID:12024
- C:\Windows\System\nSpppUG.exe
  C:\Windows\System\nSpppUG.exe
  2⤵
  PID:12048
- C:\Windows\System\UBXEhNA.exe
  C:\Windows\System\UBXEhNA.exe
  2⤵
  PID:12072
- C:\Windows\System\JJNtmKO.exe
  C:\Windows\System\JJNtmKO.exe
  2⤵
  PID:12112
- C:\Windows\System\pOkbWRp.exe
  C:\Windows\System\pOkbWRp.exe
  2⤵
  PID:12132
- C:\Windows\System\vfDQUEA.exe
  C:\Windows\System\vfDQUEA.exe
  2⤵
  PID:12164
- C:\Windows\System\mNiWdGy.exe
  C:\Windows\System\mNiWdGy.exe
  2⤵
  PID:12184
- C:\Windows\System\PzUEjey.exe
  C:\Windows\System\PzUEjey.exe
  2⤵
  PID:12216
- C:\Windows\System\afhPlVG.exe
  C:\Windows\System\afhPlVG.exe
  2⤵
  PID:12240
- C:\Windows\System\FfhZDQv.exe
  C:\Windows\System\FfhZDQv.exe
  2⤵
  PID:12264
- C:\Windows\System\WsTIImW.exe
  C:\Windows\System\WsTIImW.exe
  2⤵
  PID:11272
- C:\Windows\System\szGCDBc.exe
  C:\Windows\System\szGCDBc.exe
  2⤵
  PID:11332
- C:\Windows\System\knyNfKO.exe
  C:\Windows\System\knyNfKO.exe
  2⤵
  PID:11412
- C:\Windows\System\HTKomER.exe
  C:\Windows\System\HTKomER.exe
  2⤵
  PID:11484
- C:\Windows\System\FuEHCxJ.exe
  C:\Windows\System\FuEHCxJ.exe
  2⤵
  PID:11528
- C:\Windows\System\irPXoXZ.exe
  C:\Windows\System\irPXoXZ.exe
  2⤵
  PID:11584
- C:\Windows\System\TJCMIJY.exe
  C:\Windows\System\TJCMIJY.exe
  2⤵
  PID:11692
- C:\Windows\System\qnVhhdn.exe
  C:\Windows\System\qnVhhdn.exe
  2⤵
  PID:11732
- C:\Windows\System\SdqkNMc.exe
  C:\Windows\System\SdqkNMc.exe
  2⤵
  PID:11760
- C:\Windows\System\BfKLKcT.exe
  C:\Windows\System\BfKLKcT.exe
  2⤵
  PID:11852
- C:\Windows\System\CzxRBpp.exe
  C:\Windows\System\CzxRBpp.exe
  2⤵
  PID:11924
- C:\Windows\System\MvoCART.exe
  C:\Windows\System\MvoCART.exe
  2⤵
  PID:11952
- C:\Windows\System\awSyrzn.exe
  C:\Windows\System\awSyrzn.exe
  2⤵
  PID:12032
- C:\Windows\System\dHxrarW.exe
  C:\Windows\System\dHxrarW.exe
  2⤵
  PID:12120
- C:\Windows\System\CDhGMKS.exe
  C:\Windows\System\CDhGMKS.exe
  2⤵
  PID:12232
- C:\Windows\System\AQlzujc.exe
  C:\Windows\System\AQlzujc.exe
  2⤵
  PID:12260
- C:\Windows\System\OPsGNYs.exe
  C:\Windows\System\OPsGNYs.exe
  2⤵
  PID:11424
- C:\Windows\System\sRFFLsg.exe
  C:\Windows\System\sRFFLsg.exe
  2⤵
  PID:11372
- C:\Windows\System\LbOCmJw.exe
  C:\Windows\System\LbOCmJw.exe
  2⤵
  PID:11636
- C:\Windows\System\wuezCMe.exe
  C:\Windows\System\wuezCMe.exe
  2⤵
  PID:11684
- C:\Windows\System\CDJcWrt.exe
  C:\Windows\System\CDJcWrt.exe
  2⤵
  PID:11880
- C:\Windows\System\DzGatqm.exe
  C:\Windows\System\DzGatqm.exe
  2⤵
  PID:12148
- C:\Windows\System\LadExvP.exe
  C:\Windows\System\LadExvP.exe
  2⤵
  PID:12236
- C:\Windows\System\YFFhHLt.exe
  C:\Windows\System\YFFhHLt.exe
  2⤵
  PID:11556
- C:\Windows\System\PKVOXmC.exe
  C:\Windows\System\PKVOXmC.exe
  2⤵
  PID:11948
- C:\Windows\System\vgyKEbe.exe
  C:\Windows\System\vgyKEbe.exe
  2⤵
  PID:11536
- C:\Windows\System\TIJqxin.exe
  C:\Windows\System\TIJqxin.exe
  2⤵
  PID:12328
- C:\Windows\System\zdWgINd.exe
  C:\Windows\System\zdWgINd.exe
  2⤵
  PID:12356
- C:\Windows\System\jFIPLGR.exe
  C:\Windows\System\jFIPLGR.exe
  2⤵
  PID:12388
- C:\Windows\System\jtiJqTg.exe
  C:\Windows\System\jtiJqTg.exe
  2⤵
  PID:12416
- C:\Windows\System\WjewLpA.exe
  C:\Windows\System\WjewLpA.exe
  2⤵
  PID:12444
- C:\Windows\System\aGURZph.exe
  C:\Windows\System\aGURZph.exe
  2⤵
  PID:12484
- C:\Windows\System\rqPiukL.exe
  C:\Windows\System\rqPiukL.exe
  2⤵
  PID:12504
- C:\Windows\System\vfUOclW.exe
  C:\Windows\System\vfUOclW.exe
  2⤵
  PID:12528
- C:\Windows\System\AxIpHaR.exe
  C:\Windows\System\AxIpHaR.exe
  2⤵
  PID:12568
- C:\Windows\System\zlfLPWm.exe
  C:\Windows\System\zlfLPWm.exe
  2⤵
  PID:12588
- C:\Windows\System\nOqdHAj.exe
  C:\Windows\System\nOqdHAj.exe
  2⤵
  PID:12624
- C:\Windows\System\hRQYUfp.exe
  C:\Windows\System\hRQYUfp.exe
  2⤵
  PID:12652
- C:\Windows\System\RxkXgmh.exe
  C:\Windows\System\RxkXgmh.exe
  2⤵
  PID:12668
- C:\Windows\System\XwEDabW.exe
  C:\Windows\System\XwEDabW.exe
  2⤵
  PID:12688
- C:\Windows\System\mbKGbDE.exe
  C:\Windows\System\mbKGbDE.exe
  2⤵
  PID:12704
- C:\Windows\System\SQMgOUv.exe
  C:\Windows\System\SQMgOUv.exe
  2⤵
  PID:12728
- C:\Windows\System\PKNrdqR.exe
  C:\Windows\System\PKNrdqR.exe
  2⤵
  PID:12752
- C:\Windows\System\ugZoYff.exe
  C:\Windows\System\ugZoYff.exe
  2⤵
  PID:12784
- C:\Windows\System\UMWfLwI.exe
  C:\Windows\System\UMWfLwI.exe
  2⤵
  PID:12820
- C:\Windows\System\qFxoXRJ.exe
  C:\Windows\System\qFxoXRJ.exe
  2⤵
  PID:12844
- C:\Windows\System\EPgNqbb.exe
  C:\Windows\System\EPgNqbb.exe
  2⤵
  PID:12880
- C:\Windows\System\JoeWJfk.exe
  C:\Windows\System\JoeWJfk.exe
  2⤵
  PID:12912
- C:\Windows\System\WWYDxJy.exe
  C:\Windows\System\WWYDxJy.exe
  2⤵
  PID:12936
- C:\Windows\System\UuIcWxw.exe
  C:\Windows\System\UuIcWxw.exe
  2⤵
  PID:12972
- C:\Windows\System\cSIEKff.exe
  C:\Windows\System\cSIEKff.exe
  2⤵
  PID:12992
- C:\Windows\System\reFOMpu.exe
  C:\Windows\System\reFOMpu.exe
  2⤵
  PID:13020
- C:\Windows\System\BahViCy.exe
  C:\Windows\System\BahViCy.exe
  2⤵
  PID:13056
- C:\Windows\System\CLgoeds.exe
  C:\Windows\System\CLgoeds.exe
  2⤵
  PID:13088
- C:\Windows\System\iTsFpdx.exe
  C:\Windows\System\iTsFpdx.exe
  2⤵
  PID:13112
- C:\Windows\System\oAdxIhM.exe
  C:\Windows\System\oAdxIhM.exe
  2⤵
  PID:13144
- C:\Windows\System\wmMkBwh.exe
  C:\Windows\System\wmMkBwh.exe
  2⤵
  PID:13184
- C:\Windows\System\DtYpZUJ.exe
  C:\Windows\System\DtYpZUJ.exe
  2⤵
  PID:13204
- C:\Windows\System\SgyhSJo.exe
  C:\Windows\System\SgyhSJo.exe
  2⤵
  PID:13232
- C:\Windows\System\bLODlQV.exe
  C:\Windows\System\bLODlQV.exe
  2⤵
  PID:13260
- C:\Windows\System\FffadGh.exe
  C:\Windows\System\FffadGh.exe
  2⤵
  PID:13284
- C:\Windows\System\HPQSYOt.exe
  C:\Windows\System\HPQSYOt.exe
  2⤵
  PID:11472
- C:\Windows\System\xRqXnay.exe
  C:\Windows\System\xRqXnay.exe
  2⤵
  PID:12004
- C:\Windows\System\TVnLjdR.exe
  C:\Windows\System\TVnLjdR.exe
  2⤵
  PID:12364
- C:\Windows\System\gTgvdwH.exe
  C:\Windows\System\gTgvdwH.exe
  2⤵
  PID:12400
- C:\Windows\System\TEkHKXr.exe
  C:\Windows\System\TEkHKXr.exe
  2⤵
  PID:12520
- C:\Windows\System\ZgRYpeH.exe
  C:\Windows\System\ZgRYpeH.exe
  2⤵
  PID:12608
- C:\Windows\System\JDJHTWj.exe
  C:\Windows\System\JDJHTWj.exe
  2⤵
  PID:12660
- C:\Windows\System\QNCirPk.exe
  C:\Windows\System\QNCirPk.exe
  2⤵
  PID:12716
- C:\Windows\System\KOYvmsY.exe
  C:\Windows\System\KOYvmsY.exe
  2⤵
  PID:12740
- C:\Windows\System\kGoOiZN.exe
  C:\Windows\System\kGoOiZN.exe
  2⤵
  PID:12832
- C:\Windows\System\arBPZev.exe
  C:\Windows\System\arBPZev.exe
  2⤵
  PID:12908
- C:\Windows\System\OFYwSxr.exe
  C:\Windows\System\OFYwSxr.exe
  2⤵
  PID:13012
- C:\Windows\System\AEgMfad.exe
  C:\Windows\System\AEgMfad.exe
  2⤵
  PID:13064
- C:\Windows\System\zrlGKaj.exe
  C:\Windows\System\zrlGKaj.exe
  2⤵
  PID:13132
- C:\Windows\System\NfpePpj.exe
  C:\Windows\System\NfpePpj.exe
  2⤵
  PID:13164
- C:\Windows\System\zIywVYu.exe
  C:\Windows\System\zIywVYu.exe
  2⤵
  PID:13240
- C:\Windows\System\fqDEBsY.exe
  C:\Windows\System\fqDEBsY.exe
  2⤵
  PID:13308
- C:\Windows\System\eGBLgad.exe
  C:\Windows\System\eGBLgad.exe
  2⤵
  PID:12476
- C:\Windows\System\HnRIfFv.exe
  C:\Windows\System\HnRIfFv.exe
  2⤵
  PID:12584
- C:\Windows\System\IDoSjtA.exe
  C:\Windows\System\IDoSjtA.exe
  2⤵
  PID:12796
- C:\Windows\System\LWcCCLF.exe
  C:\Windows\System\LWcCCLF.exe
  2⤵
  PID:12860
- C:\Windows\System\IZuyRMC.exe
  C:\Windows\System\IZuyRMC.exe
  2⤵
  PID:13008
- C:\Windows\System\YchMeur.exe
  C:\Windows\System\YchMeur.exe
  2⤵
  PID:13228
- C:\Windows\System\vKezGwN.exe
  C:\Windows\System\vKezGwN.exe
  2⤵
  PID:12384
- C:\Windows\System\QFoEovc.exe
  C:\Windows\System\QFoEovc.exe
  2⤵
  PID:12700
- C:\Windows\System\MCguQtZ.exe
  C:\Windows\System\MCguQtZ.exe
  2⤵
  PID:12932
- C:\Windows\System\avpWhRM.exe
  C:\Windows\System\avpWhRM.exe
  2⤵
  PID:12552
- C:\Windows\System\tTfAPnp.exe
  C:\Windows\System\tTfAPnp.exe
  2⤵
  PID:13136
- C:\Windows\System\dfcORqR.exe
  C:\Windows\System\dfcORqR.exe
  2⤵
  PID:13324
- C:\Windows\System\WkJXZWN.exe
  C:\Windows\System\WkJXZWN.exe
  2⤵
  PID:13356
- C:\Windows\System\TIAyjya.exe
  C:\Windows\System\TIAyjya.exe
  2⤵
  PID:13384
- C:\Windows\System\sCRHBqk.exe
  C:\Windows\System\sCRHBqk.exe
  2⤵
  PID:13416
- C:\Windows\System\ddBrcEP.exe
  C:\Windows\System\ddBrcEP.exe
  2⤵
  PID:13440
- C:\Windows\System\uFCkmCr.exe
  C:\Windows\System\uFCkmCr.exe
  2⤵
  PID:13464
- C:\Windows\System\sFoOleV.exe
  C:\Windows\System\sFoOleV.exe
  2⤵
  PID:13492
- C:\Windows\System\RsXFEbB.exe
  C:\Windows\System\RsXFEbB.exe
  2⤵
  PID:13520
- C:\Windows\System\kSTJpcr.exe
  C:\Windows\System\kSTJpcr.exe
  2⤵
  PID:13548
- C:\Windows\System\murIMHL.exe
  C:\Windows\System\murIMHL.exe
  2⤵
  PID:13572
- C:\Windows\System\zZWsMxG.exe
  C:\Windows\System\zZWsMxG.exe
  2⤵
  PID:13588
- C:\Windows\System\mPNCWhJ.exe
  C:\Windows\System\mPNCWhJ.exe
  2⤵
  PID:13604
- C:\Windows\System\JGqOrDL.exe
  C:\Windows\System\JGqOrDL.exe
  2⤵
  PID:13632
- C:\Windows\System\wzKPuYk.exe
  C:\Windows\System\wzKPuYk.exe
  2⤵
  PID:13664
- C:\Windows\System\xvtyZJz.exe
  C:\Windows\System\xvtyZJz.exe
  2⤵
  PID:13692
- C:\Windows\System\oMBvTat.exe
  C:\Windows\System\oMBvTat.exe
  2⤵
  PID:13724
- C:\Windows\System\JnEoRSF.exe
  C:\Windows\System\JnEoRSF.exe
  2⤵
  PID:13756
- C:\Windows\System\bJaKuCa.exe
  C:\Windows\System\bJaKuCa.exe
  2⤵
  PID:13780
- C:\Windows\System\XzNPcTb.exe
  C:\Windows\System\XzNPcTb.exe
  2⤵
  PID:13808
- C:\Windows\System\mNGKziX.exe
  C:\Windows\System\mNGKziX.exe
  2⤵
  PID:13840
- C:\Windows\System\hgLiAgA.exe
  C:\Windows\System\hgLiAgA.exe
  2⤵
  PID:13864
- C:\Windows\System\xFPFrit.exe
  C:\Windows\System\xFPFrit.exe
  2⤵
  PID:13900
- C:\Windows\System\bGzFWxq.exe
  C:\Windows\System\bGzFWxq.exe
  2⤵
  PID:13928
- C:\Windows\System\ZUvuUiT.exe
  C:\Windows\System\ZUvuUiT.exe
  2⤵
  PID:13964
- C:\Windows\System\dEpbRKH.exe
  C:\Windows\System\dEpbRKH.exe
  2⤵
  PID:14000
- C:\Windows\System\uMIsXkK.exe
  C:\Windows\System\uMIsXkK.exe
  2⤵
  PID:14024
- C:\Windows\System\NEJtHxB.exe
  C:\Windows\System\NEJtHxB.exe
  2⤵
  PID:14052
- C:\Windows\System\GTxLjGh.exe
  C:\Windows\System\GTxLjGh.exe
  2⤵
  PID:14088
- C:\Windows\System\yPcxKtJ.exe
  C:\Windows\System\yPcxKtJ.exe
  2⤵
  PID:14108
- C:\Windows\System\tJwxXey.exe
  C:\Windows\System\tJwxXey.exe
  2⤵
  PID:14136
- C:\Windows\System\DyVXFwp.exe
  C:\Windows\System\DyVXFwp.exe
  2⤵
  PID:14164
- C:\Windows\System\FoTIsbK.exe
  C:\Windows\System\FoTIsbK.exe
  2⤵
  PID:14192
- C:\Windows\System\ZPcAbfo.exe
  C:\Windows\System\ZPcAbfo.exe
  2⤵
  PID:14212
- C:\Windows\System\JjXoywZ.exe
  C:\Windows\System\JjXoywZ.exe
  2⤵
  PID:14248
- C:\Windows\System\wxXlRxl.exe
  C:\Windows\System\wxXlRxl.exe
  2⤵
  PID:14284
- C:\Windows\System\zoUuOjN.exe
  C:\Windows\System\zoUuOjN.exe
  2⤵
  PID:14316
- C:\Windows\System\OPLJsEV.exe
  C:\Windows\System\OPLJsEV.exe
  2⤵
  PID:13276
- C:\Windows\System\dOZKYyd.exe
  C:\Windows\System\dOZKYyd.exe
  2⤵
  PID:13344
- C:\Windows\System\UjFHTdv.exe
  C:\Windows\System\UjFHTdv.exe
  2⤵
  PID:13424
- C:\Windows\System\OEfqwPB.exe
  C:\Windows\System\OEfqwPB.exe
  2⤵
  PID:13504
- C:\Windows\System\OcwnPoF.exe
  C:\Windows\System\OcwnPoF.exe
  2⤵
  PID:13580
- C:\Windows\System\YtATQBt.exe
  C:\Windows\System\YtATQBt.exe
  2⤵
  PID:13616
- C:\Windows\System\TxeRCQX.exe
  C:\Windows\System\TxeRCQX.exe
  2⤵
  PID:13656
- C:\Windows\System\FLDdqQp.exe
  C:\Windows\System\FLDdqQp.exe
  2⤵
  PID:13648
- C:\Windows\System\NGbdtjS.exe
  C:\Windows\System\NGbdtjS.exe
  2⤵
  PID:440
- C:\Windows\System\FNTMLyN.exe
  C:\Windows\System\FNTMLyN.exe
  2⤵
  PID:13828
- C:\Windows\System\Rumqdll.exe
  C:\Windows\System\Rumqdll.exe
  2⤵
  PID:13880
- C:\Windows\System\nvVLmqW.exe
  C:\Windows\System\nvVLmqW.exe
  2⤵
  PID:13984
- C:\Windows\System\LSrDPPC.exe
  C:\Windows\System\LSrDPPC.exe
  2⤵
  PID:14020
- C:\Windows\System\rwsvPiG.exe
  C:\Windows\System\rwsvPiG.exe
  2⤵
  PID:14080
- C:\Windows\System\vNQZdFf.exe
  C:\Windows\System\vNQZdFf.exe
  2⤵
  PID:14104
- C:\Windows\System\bdeAMHZ.exe
  C:\Windows\System\bdeAMHZ.exe
  2⤵
  PID:14184
- C:\Windows\System\AlRLUYL.exe
  C:\Windows\System\AlRLUYL.exe
  2⤵
  PID:14268
- C:\Windows\System\DUCmrBE.exe
  C:\Windows\System\DUCmrBE.exe
  2⤵
  PID:12956
- C:\Windows\System\lDRekyR.exe
  C:\Windows\System\lDRekyR.exe
  2⤵
  PID:13448
- C:\Windows\System\AYFJMjh.exe
  C:\Windows\System\AYFJMjh.exe
  2⤵
  PID:13568
- C:\Windows\System\WpCnTTJ.exe
  C:\Windows\System\WpCnTTJ.exe
  2⤵
  PID:13688
- C:\Windows\System\bvmzsGW.exe
  C:\Windows\System\bvmzsGW.exe
  2⤵
  PID:13800
- C:\Windows\System\cfBwskY.exe
  C:\Windows\System\cfBwskY.exe
  2⤵
  PID:13940
- C:\Windows\System\bZMXwPS.exe
  C:\Windows\System\bZMXwPS.exe
  2⤵
  PID:14132
- C:\Windows\System\QutUtTj.exe
  C:\Windows\System\QutUtTj.exe
  2⤵
  PID:14236
- C:\Windows\System\ydJHWAL.exe
  C:\Windows\System\ydJHWAL.exe
  2⤵
  PID:14324
- C:\Windows\System\vxoxMOd.exe
  C:\Windows\System\vxoxMOd.exe
  2⤵
  PID:13720
- C:\Windows\System\kzHiFYL.exe
  C:\Windows\System\kzHiFYL.exe
  2⤵
  PID:13796
- C:\Windows\System\bYjQsAD.exe
  C:\Windows\System\bYjQsAD.exe
  2⤵
  PID:14064

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:4604

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BQBMIXf.exe

Filesize
2.0MB

MD5
5d7ad3c689b388805e4112da32d69cfc

SHA1
deb9c0fa137bb2ca8d7d11408280554ee043f0ff

SHA256
1ad3c16b0a0a7be8d7dd804113b321092b590b7f4da763273dfdf597a9f0458d

SHA512
2fd36826f156a2b62f962c4cd01bcf6b53355640b52c739de09c78a9822ad64c78f09eca466cf6d18247f9c7d87c2e136956475f55038eb5eba5226017a59e56

Download Submit
C:\Windows\System\CNXEIvE.exe

Filesize
2.0MB

MD5
5b1ac7e25799d8fdfbae67f2b08f1596

SHA1
ccc1fdfb95cbda3fa712573caa07cc9109421eda

SHA256
aaba10e2ac2e70bea0998819b6017f92b5876017d8714c6866462c6c84b035af

SHA512
eb902d1abc740179a3a52cee499fb2295f5121cf69480d64a69c53995216871c49f1eaabf28aa655be5b78eb54d06080901c1a3b946488c7da96ca662c6b0fa0

Download Submit
C:\Windows\System\DHjCsvL.exe

Filesize
2.0MB

MD5
322a7147b943794d22fec64c9c1dadfb

SHA1
00fc8e1e568da1af9f59e96e98df689ddfb95019

SHA256
ce1b80f4d3f18bec62855c6c0fefd73cb430f3980c5683a1334d350068968958

SHA512
07eff3b81004ec765548dd517443d6dc68074a22c835b47fcfe641e18654a2dd60d870d41d30bd83edbdd07d03198424f3db6de94b9febc5645b4420f1f0a628

Download Submit
C:\Windows\System\FEsIqXc.exe

Filesize
2.0MB

MD5
12d52a5324b7c4061cbfcaed795fe4d2

SHA1
3fc0634435d6002c0c9165d014f1e22fa31e8f48

SHA256
84c590648e507fa1c1faf627d70d3a76e47b2528f207ba7ee60c5ee398f7a66d

SHA512
9b3fa2ce9b2bcd0992afd489ccc7e7c7f30a60ff34d3af39f584d41d8d97ddbb989ea2f1ebddacebfd501fca002e386aacaf7e6db62780cf246c69862f5e08bc

Download Submit
C:\Windows\System\GIWnfgK.exe

Filesize
2.0MB

MD5
c8b9d81d428e86e7db5615061f954bc5

SHA1
0af9b3f1f4e645dc6b154a417744946e2f79f590

SHA256
5156af460c46535f84bf59e2d70cbf2080d1d36a168cd385eb0d59afe65890da

SHA512
39dc959d7d3e433f953f25bc54498f6595ea180d9b94e608dc116475b814b117185a822bbccc576a41291217b7081a6c132e3e4b89b09bcb28c4dfd5a59f23b3

Download Submit
C:\Windows\System\HRPveLj.exe

Filesize
2.0MB

MD5
02c0157ecf1eef0ec30433852063057a

SHA1
35748ee3f8bf7ab9c47561c911725dd30fce3751

SHA256
75d7369de234b4e2b573297877ba23013659d314096123e994170c8eab466935

SHA512
fdc357adacff672e938fb137826e26321d89529d0130f08a18a94c131339f4d4db501408ac45ad5aecf1bdbff1dfb8d78d799ac9dd326bdf2159ba19290009e9

Download Submit
C:\Windows\System\INdvhos.exe

Filesize
2.0MB

MD5
068501358b04d51b1b34bb9936c3b51c

SHA1
18556d347011a5d6011ec2171e6423db154e31f7

SHA256
f1ea4972186331e5e02c0abb9036951d04422cc661b11268b3d34a6688bc1567

SHA512
18afdfd5482ca50e4fb9d3b6c3e36834b2bf19c6e492ec941fbcbce27699a0279d4b22556dee901d186578ed732232ad75f184a31315d0902c238a38702ea4ae

Download Submit
C:\Windows\System\IPLiYMg.exe

Filesize
2.0MB

MD5
42e636bb9010c58863151cbe835b9175

SHA1
d4f30ee4a4f8926d1b9377da8b03a83c683dadb7

SHA256
1617ac4729704dbd3e9f16049edc7e5e70ae874dde9debaf8e23db484dd4454f

SHA512
41ec28babf95d7f08eff3295fb9631162e75b0849b0e5f4d0098591ef282c03b70327162b6713d9b8be5570f71c187619ad1f019bd2bb7858684040715508358

Download Submit
C:\Windows\System\IfiHeDf.exe

Filesize
2.0MB

MD5
764b7be06b3acc7f4cccb6d5acc71528

SHA1
737d7ac9f62420e42ea8b31e7c8d1c6fb7eb967e

SHA256
e090be741fb8dbae6c3c394dd0087add55474aaac35f52a3f0a51e381cc249ac

SHA512
85f36f54355e6f6ee5562755439c495a01c370a24c4bd223ab7c65038a025e921fc98da5e68ae20bcc7a3b26b7475b99e9d249eb1ef98f26d9fb2f6ebfd5bd0a

Download Submit
C:\Windows\System\JbBTrHJ.exe

Filesize
2.0MB

MD5
b3a2cc4207b001f1cfc86fa3d27d1e2b

SHA1
127c56134e14a8577a0bf3cb195fb57866f3d310

SHA256
764ea1a18b96552232fd7488110aa0dd7baebd3c1660a6ca3a4db36fd25a7ee4

SHA512
6d7826b7d38b45661ba4155c11ee6a4c9d376310a67c0590198d16b1c5c2e0956770061d3365045f7a142362c49692a51180d86a1e1211e161562c0f06fd3cca

Download Submit
C:\Windows\System\LarVrwv.exe

Filesize
2.0MB

MD5
8f4f9cae960c3b7c27c0d27f4f9e17da

SHA1
39d84b6ef72a914e35bdc33d3ec1e0748f5d9b30

SHA256
297fae6a305c5ab5ce40386279f91fb5d9b334240ed8b8b902f3ba906edaad34

SHA512
14c4d39804dd462a423fb680166838944b44da8b180ac982a5ff4b05adf695620fedf5124d4ab1982d035af80c2630b74b51ff4c9ef9dd51508089452be8e0ad

Download Submit
C:\Windows\System\MCKtLVa.exe

Filesize
2.0MB

MD5
c4ac65448b059d38881d0b3fa4f87c0f

SHA1
0f657ab172067a0106c6fe9153a944e162c48151

SHA256
04630ae18dacf6e80ae5594dd981399e2155fd8f5ea9dabf82a6a22095174f6b

SHA512
e95864e92eb685d0cd6c05dff31ed985f0a801de161b6366904b7133c7700398b6a7ce2c35757ffc9917777b60c021cf062128e3f3801d50ca3eb4061feed6c0

Download Submit
C:\Windows\System\OXyltBQ.exe

Filesize
2.0MB

MD5
2cfba1a5c78ccfa51ae75b6449d6f042

SHA1
caa0f84bcf76f5a770d3598d5af4f6120251ccca

SHA256
a54ba8155d055a8ecf18d90928a814887ff853b44ede38ed76c9d03e12f86ce2

SHA512
e3f8f4adcb6f09d55e4713b2760ec54264dfd5bd9fbb1fc2857149a60c63ba39d77178e66d29e7297fdd53d338e9eaf8e47a488f1f8c3560d6515ebecddbac3b

Download Submit
C:\Windows\System\SUbSIQU.exe

Filesize
2.0MB

MD5
2a82e919a4c2730255ec49b72900fcc1

SHA1
83efb4a2689b413784f820d8ce6dfea695c0ea6a

SHA256
5d3c4f94fab646802ec821e4cb8d9c2268d02de04368eb3ba3c15925996f5b99

SHA512
ef418fe06134578d16a07a4837219a6764b44532f9aa84f9d573b59c50a2768f279add9a7c1651e21cb5a223204cdc5fc5d3adeafec0bbec278ab0d6b336e1b0

Download Submit
C:\Windows\System\SpbFpDC.exe

Filesize
2.0MB

MD5
5f1733e45af0b93eda0b5ea7c12a7c0b

SHA1
5437ab4f64813a05bd3a3a7b2f4e45e1b72c1566

SHA256
19ec3cfa4838892e46d2647c21bc27356e292df19f79a09b30665540fe87db42

SHA512
a75dfcdfd984c57334eab27c977b35241a7f78f7fc8fdf36370f86e35b6d86616fd7d1f5305469f02d6eb11b53df183632c82008130eee8c8d66bb960eee4e09

Download Submit
C:\Windows\System\YBlgpbW.exe

Filesize
2.0MB

MD5
4a1bbfbacd9da259e116c9473c69644f

SHA1
e1d22e084943c946cc772cc6e5ef3f395b62d6d7

SHA256
622c4e75e1138a6c06c0ff5bc3d9ae678d60df2dd38e5682edbe280f7b800ff6

SHA512
c9bc5264347abe017ee42882369fd9eda5b05afa214a04f689c95893aa2ca458e1ed1884069d3377b562d283803e7eeca3a7547c957c2043956b54082dc21df5

Download Submit
C:\Windows\System\YlNkdUo.exe

Filesize
2.0MB

MD5
76bb7fe0d732bd1b702ce76ad2463d7f

SHA1
7a147018a61d030c0006761318bec65812b9180e

SHA256
8c24bec589e0673b0186a9ca2eae84103d714872a66fc8e6f8246ab595960cec

SHA512
d556f8d99633a5f6d58f37406eccad551883861ebec483d2ef57969fe297d40c1b1c9d0f25c7737299c6f949ddee465804b9fce92bc15b1a2dbe060bfb67222c

Download Submit
C:\Windows\System\ZmQvwcr.exe

Filesize
2.0MB

MD5
c8bdcf1c4f2206246ae3d7afb5bfcb8c

SHA1
b36b2cc6ef1bce16748388af508c1894e4a5cf6f

SHA256
98980d923c5022a2fdd516ec5115635e3b7825b6a7f4257889dfa469505be039

SHA512
90d5f2ad87b9627eb202548dc6331228ffd372655961de7f814a986ba35b4547e5e08e1cfe266e32caa39e61dbdd5b941a5fa0a3967bdb1b7729749ee83d4c80

Download Submit
C:\Windows\System\aBrQogo.exe

Filesize
2.0MB

MD5
6b925192fd20844e7f26f6fab67ffb86

SHA1
7b702fa6ef197dac3c1e181fe4080aed7e384514

SHA256
2ff6f835320b1dbaa34a78b55decadd43d5b06d676aa834ee94e7d8e5c47df86

SHA512
fa6db01e6566baf76d0245ae36f0c19690ef94a452d5b709f8ddacd1979194858146b6cd86ad487e83991dd4186e059c51ab0f4610730f8a99db2ce080a9a6d6

Download Submit
C:\Windows\System\fSKREgE.exe

Filesize
2.0MB

MD5
91ce275ef377e918d151f47f4e7a8078

SHA1
dfd2ce9f8b3e2a1c6fed969fa1324f5dfaade439

SHA256
2459adf56e3580629bcbc3a666d279e979d1f9f6bf9bcd3d3ea54d21574c5311

SHA512
cb4eacc4650a2030f09ec500240f4f41c08fe47fe1e66322a4a81ae1aacbfecf45eed34f88f271e82474e4bf54ad32c32ca4ce5ab99292b7277b4ab559797e7f

Download Submit
C:\Windows\System\gfFPhFl.exe

Filesize
2.0MB

MD5
fcd9a1ab456abdfe2551694b255086b3

SHA1
deb2818a7a680fb7b46c85c507722aa2e0cd1dfd

SHA256
a946143bc447e36721eb7e0eae3007ef03351b91711a1cc75298cdb5cbfd0a1c

SHA512
9193b60bcef3e836355153c99a493416e01e806e88f550232538afa61da8ddd8c71811b46acc8e9c392f104b69feb5dc0372bd1446035d19114ba3b71dcd703a

Download Submit
C:\Windows\System\gshfsnI.exe

Filesize
2.0MB

MD5
b9bd0a9435d3fed7e4fd7414a1f2b7eb

SHA1
b33cb7f1a1b225fc8b38035589590229d548fbbd

SHA256
0c59c29e738d0469baf95e8110e71026ca5a472e65ba95cf58ab5ccd1b69e209

SHA512
d92b044a7abcef2b14364c8cf6bcd0d120b405d35f42f5200f82143091e6069071cca0ea38abc4d0081dd0a18f9f9829641e1b78d678814e203b2ff53dfe9486

Download Submit
C:\Windows\System\hTtHadx.exe

Filesize
2.0MB

MD5
01031cc02b2a27d829f2bb4174853f2f

SHA1
c86b19d67b92cd1c0c80bf71f732a0b9100952d9

SHA256
f76c21dcb79f9c96b4f1c34e117308846cf8025269848166613eeedcc4b7d513

SHA512
4849a4eef5c573fcf6ddc94c43c60d8720401e25d7c432ef43991960b093a7767ef56edbfcdcf8f491c2062b56af04d87644c1958fdecc237ae9474637cc3fbd

Download Submit
C:\Windows\System\iNQlEbw.exe

Filesize
2.0MB

MD5
58b33d154e6ece61535e6ef4ccd448bb

SHA1
8b8ee4d2aa10f41051001d71ec2194ba2a46e030

SHA256
34c174b606d130a2b95d7179d0e134f281bfee5be183d36faf5a288abbdf8199

SHA512
66003a7827ef222b654dc9443d22067355adc0e1cec31b70a6bafe11a65f4d1b14ec4bea2b047883835f2f5c330462534c5c7eb14966982405bd551fe34b20d0

Download Submit
C:\Windows\System\kJrdOuF.exe

Filesize
2.0MB

MD5
71ae568f78c4a45fd9b113d0ebba96a4

SHA1
c2c47cf3fd9733c39159fb40330b99daf63b646d

SHA256
b4ddc6daeb8bb9554753b9ece9bc117399c528942cde89c62f61553e7495c19c

SHA512
90493ea0a6e3d3c7927c1667c6f2e01ff60546efd67b32fb414670721d251368f76c3709d7e9b0b8b981734607e0c30a0b574de448f102c44c1b6dd948f0c820

Download Submit
C:\Windows\System\kOQZbdz.exe

Filesize
2.0MB

MD5
195b9fce6ef13ab3adb62a54cc25c56c

SHA1
9523f28785d96219dea8fa7a6b1fab8dc1e9b6e9

SHA256
9373aa79e9715d25e2de17834f27cbcf93758728fbbd4d1b2f98f48663651319

SHA512
a98cafd872a49d530e9ae847ae34ba2869aeb0e57d4115266e2d7e7e08428dc31d26921aecc9e1703a93d155d13bf3bc29ce72de0da059f922dde9dc04256205

Download Submit
C:\Windows\System\nnugpzJ.exe

Filesize
2.0MB

MD5
6da27d88dec9759ad05ac9eeecfd2224

SHA1
c57997c736e99e82745c6672232a76e7d68f869b

SHA256
aa33c51fd6ea499ad75ebefcf563d6718dafc7910ebc97a620d2d14b8f516b8d

SHA512
bcc534525ba59e81c479088dfa0212395c6f948590174133639361c72165bb562a3eda48984f8f60672d977ee737d9fd9ef1b0df4ff366af08e78f184373ec55

Download Submit
C:\Windows\System\oOTjguN.exe

Filesize
2.0MB

MD5
127fe7dee308b9383cecfbb4a5a33113

SHA1
b783a8b563e6869e513c2e1070e9a3ea196d75be

SHA256
decbf55c6ea45840f949d42a63af179d6a01b132306473fc06e6e016942090f9

SHA512
afbd2f187ac86e4dd839d0a05acb37ca38281cc4d7ec4915c768ca4d23a01510b94a071813452e19e6a05253c10976041b7c3d918e976eafe20d10ff8b1630f8

Download Submit
C:\Windows\System\rUuNYBl.exe

Filesize
2.0MB

MD5
12f0a8d8833bca01443526559899b04c

SHA1
8d088949cf301e34a5a4d5fbf1477d05bbf96279

SHA256
5bf469df709db859b2452a28ca4095801a8295d53883e852162e9558d1f5d09b

SHA512
a357436d452cfda5e34c8c15be06581ea74a586712f9eefa8085a95d04fc9c61a847cefad8d9497b8f1e4366e78747c903b44cd957a9670a3f6080331eddcba7

Download Submit
C:\Windows\System\tdKAmgT.exe

Filesize
2.0MB

MD5
aecb5f65397041b5952504666e405e8a

SHA1
6c48d7f09221bc6ffded995e6e3c462ad6aaa706

SHA256
03187d14b8aca8e2e1444e419e67ebcf4d2a8ebef9472bd49d4e409b706ac65f

SHA512
8c59efc423903644bbb9278a5da18bce88aa34d900df986ecae2959cd2a34016066d128597459d64c99db18c9293639982014f389a77e8754f34d53f3d4cdfa4

Download Submit
C:\Windows\System\xEOdHhI.exe

Filesize
2.0MB

MD5
6990151365ca35121ecb902671744743

SHA1
3334baff7c80684b038256f96820244805e28e85

SHA256
d0dc14128143f52aad8091aaea36f0b9d5cb5be3887fad9fe4ae833895745a68

SHA512
7184c8e87cc4bec06b14650884cd365b91dd229002194ad60f27214d8c39d7ebd3d390735f1b10e205b7391275f243f8b3f2370b380bd6bec61beb588c091bc1

Download Submit
C:\Windows\System\xgeAUTi.exe

Filesize
2.0MB

MD5
0f414676b744e17598996db11d23be1f

SHA1
d2e319f62927c8825dc5daaba7b52d915db2ae29

SHA256
59d8c8aaedaa67c218c8bc0dd6e596d791c0e73c98e7107cdc38d9be2b46af88

SHA512
208162bc9f38d6209c0277bc44baca0917b6eb201580dec19fd8edc7fc0155f9d480d9d4262c5dca0c7a94a4e3b2704bf2ef8e9906da7545884049bfe55b83af

Download Submit
C:\Windows\System\zpQSUBt.exe

Filesize
2.0MB

MD5
f9af5a698b1e4e2bf0d6ca54d0c482fc

SHA1
e3b06d59e67d70dd708a8299146a7d88fb99e28c

SHA256
42c367625817032ad4d60111003226506f121031af3def186e62e5b52faf2ce6

SHA512
9e107f255e830254a27149afc19d6ba4364b57927d3a35c02410ad1e81d8283143741985031a8eec8f0afdf13757843c724da1971576bb9ca9adb9a5a12260e7

Download Submit
memory/884-129-0x00007FF737B20000-0x00007FF737E74000-memory.dmp

Filesize
3.3MB

Download
memory/884-2072-0x00007FF737B20000-0x00007FF737E74000-memory.dmp

Filesize
3.3MB

Download
memory/916-2077-0x00007FF72E6C0000-0x00007FF72EA14000-memory.dmp

Filesize
3.3MB

Download
memory/916-192-0x00007FF72E6C0000-0x00007FF72EA14000-memory.dmp

Filesize
3.3MB

Download
memory/996-2085-0x00007FF797E50000-0x00007FF7981A4000-memory.dmp

Filesize
3.3MB

Download
memory/996-186-0x00007FF797E50000-0x00007FF7981A4000-memory.dmp

Filesize
3.3MB

Download
memory/1012-189-0x00007FF7A5AF0000-0x00007FF7A5E44000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2063-0x00007FF7A5AF0000-0x00007FF7A5E44000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2078-0x00007FF6BA000000-0x00007FF6BA354000-memory.dmp

Filesize
3.3MB

Download
memory/1164-181-0x00007FF6BA000000-0x00007FF6BA354000-memory.dmp

Filesize
3.3MB

Download
memory/1264-2087-0x00007FF668820000-0x00007FF668B74000-memory.dmp

Filesize
3.3MB

Download
memory/1264-188-0x00007FF668820000-0x00007FF668B74000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2069-0x00007FF6B77E0000-0x00007FF6B7B34000-memory.dmp

Filesize
3.3MB

Download
memory/1644-126-0x00007FF6B77E0000-0x00007FF6B7B34000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2058-0x00007FF6B77E0000-0x00007FF6B7B34000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2062-0x00007FF754300000-0x00007FF754654000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2056-0x00007FF754300000-0x00007FF754654000-memory.dmp

Filesize
3.3MB

Download
memory/1744-28-0x00007FF754300000-0x00007FF754654000-memory.dmp

Filesize
3.3MB

Download
memory/1808-147-0x00007FF6AA900000-0x00007FF6AAC54000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2066-0x00007FF6AA900000-0x00007FF6AAC54000-memory.dmp

Filesize
3.3MB

Download
memory/1920-187-0x00007FF759AE0000-0x00007FF759E34000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2084-0x00007FF759AE0000-0x00007FF759E34000-memory.dmp

Filesize
3.3MB

Download
memory/2276-183-0x00007FF7F56D0000-0x00007FF7F5A24000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2083-0x00007FF7F56D0000-0x00007FF7F5A24000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2081-0x00007FF78F5F0000-0x00007FF78F944000-memory.dmp

Filesize
3.3MB

Download
memory/2684-185-0x00007FF78F5F0000-0x00007FF78F944000-memory.dmp

Filesize
3.3MB

Download
memory/2828-61-0x00007FF653680000-0x00007FF6539D4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2061-0x00007FF653680000-0x00007FF6539D4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-194-0x00007FF6E3FF0000-0x00007FF6E4344000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2088-0x00007FF6E3FF0000-0x00007FF6E4344000-memory.dmp

Filesize
3.3MB

Download
memory/3264-191-0x00007FF625480000-0x00007FF6257D4000-memory.dmp

Filesize
3.3MB

Download
memory/3264-2071-0x00007FF625480000-0x00007FF6257D4000-memory.dmp

Filesize
3.3MB

Download
memory/3348-190-0x00007FF7440C0000-0x00007FF744414000-memory.dmp

Filesize
3.3MB

Download
memory/3348-2067-0x00007FF7440C0000-0x00007FF744414000-memory.dmp

Filesize
3.3MB

Download
memory/3764-66-0x00007FF777CC0000-0x00007FF778014000-memory.dmp

Filesize
3.3MB

Download
memory/3764-2064-0x00007FF777CC0000-0x00007FF778014000-memory.dmp

Filesize
3.3MB

Download
memory/3960-175-0x00007FF658E60000-0x00007FF6591B4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2074-0x00007FF658E60000-0x00007FF6591B4000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2068-0x00007FF7C1E30000-0x00007FF7C2184000-memory.dmp

Filesize
3.3MB

Download
memory/4044-88-0x00007FF7C1E30000-0x00007FF7C2184000-memory.dmp

Filesize
3.3MB

Download
memory/4056-163-0x00007FF7CCA20000-0x00007FF7CCD74000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2076-0x00007FF7CCA20000-0x00007FF7CCD74000-memory.dmp

Filesize
3.3MB

Download
memory/4176-2073-0x00007FF73FF00000-0x00007FF740254000-memory.dmp

Filesize
3.3MB

Download
memory/4176-180-0x00007FF73FF00000-0x00007FF740254000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2059-0x00007FF75CD50000-0x00007FF75D0A4000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2082-0x00007FF75CD50000-0x00007FF75D0A4000-memory.dmp

Filesize
3.3MB

Download
memory/4300-148-0x00007FF75CD50000-0x00007FF75D0A4000-memory.dmp

Filesize
3.3MB

Download
memory/4400-2080-0x00007FF7665C0000-0x00007FF766914000-memory.dmp

Filesize
3.3MB

Download
memory/4400-182-0x00007FF7665C0000-0x00007FF766914000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2065-0x00007FF62B2C0000-0x00007FF62B614000-memory.dmp

Filesize
3.3MB

Download
memory/4512-78-0x00007FF62B2C0000-0x00007FF62B614000-memory.dmp

Filesize
3.3MB

Download
memory/4572-1-0x000002CA69400000-0x000002CA69410000-memory.dmp

Filesize
64KB

Download
memory/4572-2054-0x00007FF60E850000-0x00007FF60EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-0-0x00007FF60E850000-0x00007FF60EBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2075-0x00007FF6E2160000-0x00007FF6E24B4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-164-0x00007FF6E2160000-0x00007FF6E24B4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-193-0x00007FF7A0DC0000-0x00007FF7A1114000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2086-0x00007FF7A0DC0000-0x00007FF7A1114000-memory.dmp

Filesize
3.3MB

Download
memory/4896-12-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2055-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2060-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2079-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

Filesize
3.3MB

Download
memory/4932-184-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2057-0x00007FF6B4B70000-0x00007FF6B4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-107-0x00007FF6B4B70000-0x00007FF6B4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2070-0x00007FF6B4B70000-0x00007FF6B4EC4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads