xmrig | e351a397b6c3ef75c87bf0f18048abdd729c611696a5ec6aca67c5d24a315bdf

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
Size

2.2MB
MD5

52a55ecc832da3fbef8a5e6f83770c30
SHA1

7c3cfd7fd818d85b0b15cfb939b1629054870e91
SHA256

e351a397b6c3ef75c87bf0f18048abdd729c611696a5ec6aca67c5d24a315bdf
SHA512

e29d1545b319ff5ff20e1a1ed87ecd54bc782d03b684e08b61a39e468289501f72ca2294d4347a12bbc6a9f4299eddbc95e0c60380fcfc9f78d7f0b490e75084
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGJLuIaRNGIVB:BemTLkNdfE0pZr5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2796-0-0x00007FF7D5AD0000-0x00007FF7D5E24000-memory.dmp	xmrig
behavioral2/files/0x0008000000023407-4.dat	xmrig
behavioral2/memory/4832-27-0x00007FF7F4010000-0x00007FF7F4364000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-43.dat	xmrig
behavioral2/files/0x0007000000023412-55.dat	xmrig
behavioral2/files/0x0007000000023415-70.dat	xmrig
behavioral2/files/0x000700000002341c-117.dat	xmrig
behavioral2/files/0x0007000000023417-131.dat	xmrig
behavioral2/files/0x000700000002341e-158.dat	xmrig
behavioral2/files/0x000700000002342b-187.dat	xmrig
behavioral2/memory/1192-200-0x00007FF666C10000-0x00007FF666F64000-memory.dmp	xmrig
behavioral2/memory/3204-210-0x00007FF672A70000-0x00007FF672DC4000-memory.dmp	xmrig
behavioral2/memory/364-218-0x00007FF79BA70000-0x00007FF79BDC4000-memory.dmp	xmrig
behavioral2/memory/2028-217-0x00007FF7CFAF0000-0x00007FF7CFE44000-memory.dmp	xmrig
behavioral2/memory/1908-216-0x00007FF64EE20000-0x00007FF64F174000-memory.dmp	xmrig
behavioral2/memory/992-215-0x00007FF73C3D0000-0x00007FF73C724000-memory.dmp	xmrig
behavioral2/memory/4796-214-0x00007FF74E0F0000-0x00007FF74E444000-memory.dmp	xmrig
behavioral2/memory/212-213-0x00007FF7C8B10000-0x00007FF7C8E64000-memory.dmp	xmrig
behavioral2/memory/1800-212-0x00007FF6184B0000-0x00007FF618804000-memory.dmp	xmrig
behavioral2/memory/4660-211-0x00007FF6100F0000-0x00007FF610444000-memory.dmp	xmrig
behavioral2/memory/4548-209-0x00007FF602A00000-0x00007FF602D54000-memory.dmp	xmrig
behavioral2/memory/5080-207-0x00007FF6DD8E0000-0x00007FF6DDC34000-memory.dmp	xmrig
behavioral2/memory/1528-201-0x00007FF76FC40000-0x00007FF76FF94000-memory.dmp	xmrig
behavioral2/memory/4936-192-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp	xmrig
behavioral2/memory/1424-191-0x00007FF7256A0000-0x00007FF7259F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-184.dat	xmrig
behavioral2/memory/1220-183-0x00007FF7BFAF0000-0x00007FF7BFE44000-memory.dmp	xmrig
behavioral2/memory/2608-182-0x00007FF6AA330000-0x00007FF6AA684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-181.dat	xmrig
behavioral2/files/0x0007000000023428-180.dat	xmrig
behavioral2/files/0x0007000000023427-179.dat	xmrig
behavioral2/files/0x0007000000023426-174.dat	xmrig
behavioral2/files/0x0007000000023425-171.dat	xmrig
behavioral2/files/0x0007000000023422-168.dat	xmrig
behavioral2/files/0x0007000000023424-167.dat	xmrig
behavioral2/files/0x000700000002341a-165.dat	xmrig
behavioral2/files/0x0007000000023420-162.dat	xmrig
behavioral2/files/0x000700000002341f-160.dat	xmrig
behavioral2/files/0x000700000002341d-155.dat	xmrig
behavioral2/files/0x0007000000023423-152.dat	xmrig
behavioral2/memory/4996-150-0x00007FF6CCD40000-0x00007FF6CD094000-memory.dmp	xmrig
behavioral2/memory/2764-148-0x00007FF612E80000-0x00007FF6131D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-139.dat	xmrig
behavioral2/files/0x0007000000023419-133.dat	xmrig
behavioral2/memory/4540-130-0x00007FF72DD30000-0x00007FF72E084000-memory.dmp	xmrig
behavioral2/memory/2424-129-0x00007FF685E50000-0x00007FF6861A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-126.dat	xmrig
behavioral2/files/0x0007000000023421-125.dat	xmrig
behavioral2/files/0x0007000000023416-120.dat	xmrig
behavioral2/memory/436-110-0x00007FF6D9550000-0x00007FF6D98A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-106.dat	xmrig
behavioral2/files/0x0007000000023411-83.dat	xmrig
behavioral2/memory/2124-80-0x00007FF648A80000-0x00007FF648DD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-76.dat	xmrig
behavioral2/memory/3392-75-0x00007FF7C1910000-0x00007FF7C1C64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-71.dat	xmrig
behavioral2/files/0x0007000000023410-79.dat	xmrig
behavioral2/files/0x000700000002340c-66.dat	xmrig
behavioral2/memory/1164-63-0x00007FF768490000-0x00007FF7687E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-60.dat	xmrig
behavioral2/memory/4792-47-0x00007FF7B4A80000-0x00007FF7B4DD4000-memory.dmp	xmrig
behavioral2/memory/2652-44-0x00007FF6BAE60000-0x00007FF6BB1B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-30.dat	xmrig
behavioral2/files/0x000700000002340b-25.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4744	fWbbzRI.exe
4832	YosRuDl.exe
2652	lHwfbvF.exe
4792	aglooKX.exe
1800	KqPvhSJ.exe
212	ZxUdZXd.exe
1164	GTlmfNC.exe
3392	FVmwGWf.exe
4796	MIxmgQs.exe
2124	DVcXlss.exe
436	xCjauar.exe
2424	HFziKMA.exe
4540	CDbcTkz.exe
992	tEFEaDq.exe
2764	dEOezZJ.exe
4996	oizAxoK.exe
1908	PKndElA.exe
2608	nNsXIUd.exe
1220	jCVUrNx.exe
1424	nVnaEHp.exe
2028	NvWcwmd.exe
4936	ZrIbwCS.exe
1192	jqFsuFN.exe
1528	VqWAQbn.exe
5080	pQxVUMj.exe
4548	ZOJsIXP.exe
3204	QQffDZJ.exe
4660	JRTKazj.exe
364	popeQXV.exe
4924	Evlygfh.exe
1172	qOuWQLh.exe
428	trwjNUI.exe
1616	DInQoZV.exe
4368	aZLuAMT.exe
3592	jmYbEyg.exe
3200	zJBzzhd.exe
5032	sQyygiQ.exe
536	IQALhOg.exe
4196	EiZZsLk.exe
4132	ncEtpoR.exe
3984	LPmwYgZ.exe
4388	sEAAvtM.exe
3400	zFjnTOD.exe
4984	XhomEKF.exe
3804	YPBoKLl.exe
1088	lefkUpy.exe
3216	jJrwzTK.exe
1388	OfCKHqh.exe
1844	nbbXwTC.exe
2512	sZthVKM.exe
1152	yKXsMJE.exe
5012	WZeQbSe.exe
5040	qdZLcFB.exe
716	iHxEPYw.exe
4724	gWezzbu.exe
2120	HjgruSy.exe
1584	IIdmgDn.exe
4592	KxriUZX.exe
4116	WUhDWIY.exe
3056	iFWQWeH.exe
832	iHmGJjY.exe
2892	HjmoksJ.exe
1476	xAJrYRi.exe
1860	FsyGtRo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2796-0-0x00007FF7D5AD0000-0x00007FF7D5E24000-memory.dmp	upx
behavioral2/files/0x0008000000023407-4.dat	upx
behavioral2/memory/4832-27-0x00007FF7F4010000-0x00007FF7F4364000-memory.dmp	upx
behavioral2/files/0x000700000002340e-43.dat	upx
behavioral2/files/0x0007000000023412-55.dat	upx
behavioral2/files/0x0007000000023415-70.dat	upx
behavioral2/files/0x000700000002341c-117.dat	upx
behavioral2/files/0x0007000000023417-131.dat	upx
behavioral2/files/0x000700000002341e-158.dat	upx
behavioral2/files/0x000700000002342b-187.dat	upx
behavioral2/memory/1192-200-0x00007FF666C10000-0x00007FF666F64000-memory.dmp	upx
behavioral2/memory/3204-210-0x00007FF672A70000-0x00007FF672DC4000-memory.dmp	upx
behavioral2/memory/364-218-0x00007FF79BA70000-0x00007FF79BDC4000-memory.dmp	upx
behavioral2/memory/2028-217-0x00007FF7CFAF0000-0x00007FF7CFE44000-memory.dmp	upx
behavioral2/memory/1908-216-0x00007FF64EE20000-0x00007FF64F174000-memory.dmp	upx
behavioral2/memory/992-215-0x00007FF73C3D0000-0x00007FF73C724000-memory.dmp	upx
behavioral2/memory/4796-214-0x00007FF74E0F0000-0x00007FF74E444000-memory.dmp	upx
behavioral2/memory/212-213-0x00007FF7C8B10000-0x00007FF7C8E64000-memory.dmp	upx
behavioral2/memory/1800-212-0x00007FF6184B0000-0x00007FF618804000-memory.dmp	upx
behavioral2/memory/4660-211-0x00007FF6100F0000-0x00007FF610444000-memory.dmp	upx
behavioral2/memory/4548-209-0x00007FF602A00000-0x00007FF602D54000-memory.dmp	upx
behavioral2/memory/5080-207-0x00007FF6DD8E0000-0x00007FF6DDC34000-memory.dmp	upx
behavioral2/memory/1528-201-0x00007FF76FC40000-0x00007FF76FF94000-memory.dmp	upx
behavioral2/memory/4936-192-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp	upx
behavioral2/memory/1424-191-0x00007FF7256A0000-0x00007FF7259F4000-memory.dmp	upx
behavioral2/files/0x000700000002342a-184.dat	upx
behavioral2/memory/1220-183-0x00007FF7BFAF0000-0x00007FF7BFE44000-memory.dmp	upx
behavioral2/memory/2608-182-0x00007FF6AA330000-0x00007FF6AA684000-memory.dmp	upx
behavioral2/files/0x0007000000023429-181.dat	upx
behavioral2/files/0x0007000000023428-180.dat	upx
behavioral2/files/0x0007000000023427-179.dat	upx
behavioral2/files/0x0007000000023426-174.dat	upx
behavioral2/files/0x0007000000023425-171.dat	upx
behavioral2/files/0x0007000000023422-168.dat	upx
behavioral2/files/0x0007000000023424-167.dat	upx
behavioral2/files/0x000700000002341a-165.dat	upx
behavioral2/files/0x0007000000023420-162.dat	upx
behavioral2/files/0x000700000002341f-160.dat	upx
behavioral2/files/0x000700000002341d-155.dat	upx
behavioral2/files/0x0007000000023423-152.dat	upx
behavioral2/memory/4996-150-0x00007FF6CCD40000-0x00007FF6CD094000-memory.dmp	upx
behavioral2/memory/2764-148-0x00007FF612E80000-0x00007FF6131D4000-memory.dmp	upx
behavioral2/files/0x000700000002341b-139.dat	upx
behavioral2/files/0x0007000000023419-133.dat	upx
behavioral2/memory/4540-130-0x00007FF72DD30000-0x00007FF72E084000-memory.dmp	upx
behavioral2/memory/2424-129-0x00007FF685E50000-0x00007FF6861A4000-memory.dmp	upx
behavioral2/files/0x0007000000023418-126.dat	upx
behavioral2/files/0x0007000000023421-125.dat	upx
behavioral2/files/0x0007000000023416-120.dat	upx
behavioral2/memory/436-110-0x00007FF6D9550000-0x00007FF6D98A4000-memory.dmp	upx
behavioral2/files/0x0007000000023414-106.dat	upx
behavioral2/files/0x0007000000023411-83.dat	upx
behavioral2/memory/2124-80-0x00007FF648A80000-0x00007FF648DD4000-memory.dmp	upx
behavioral2/files/0x000700000002340d-76.dat	upx
behavioral2/memory/3392-75-0x00007FF7C1910000-0x00007FF7C1C64000-memory.dmp	upx
behavioral2/files/0x0007000000023413-71.dat	upx
behavioral2/files/0x0007000000023410-79.dat	upx
behavioral2/files/0x000700000002340c-66.dat	upx
behavioral2/memory/1164-63-0x00007FF768490000-0x00007FF7687E4000-memory.dmp	upx
behavioral2/files/0x000700000002340f-60.dat	upx
behavioral2/memory/4792-47-0x00007FF7B4A80000-0x00007FF7B4DD4000-memory.dmp	upx
behavioral2/memory/2652-44-0x00007FF6BAE60000-0x00007FF6BB1B4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-30.dat	upx
behavioral2/files/0x000700000002340b-25.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LPmwYgZ.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\bhFdSCR.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\kWynhhb.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\gWezzbu.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\pTLYhHf.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\hvioTTH.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\UAtAuxN.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\MyVUPpz.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\WZeQbSe.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\CDVqYfc.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\FvLkpMk.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\jqFsuFN.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\IbQLpBW.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\CmxCqyz.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\GWndWJx.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\pugyhxX.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\pXbUnLx.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\lUwhOoj.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\MRfkAba.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\agbvJuS.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\hjaodGf.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\nvGNuTN.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\ImqeZxR.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\UvLZUKX.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\vdWDnnP.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\xAJrYRi.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\ufwvDGk.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\hubMWIj.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\kaoatec.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\CAUxHAj.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\cwxnOSO.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\FdzlcUC.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\VShKqtD.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\CFLjFrE.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\qyfNWoQ.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\FyJFWcp.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\UukZIem.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\VqWAQbn.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\BGqLBDe.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\mSNwoCe.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\kzHDtmT.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\jUlaHey.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\pMmwdnZ.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\ICbcpgr.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\ftlSPyn.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\hCRFPue.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\sophEua.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\lnYNBnG.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\FSXasHG.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\mRJgMhy.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\NgJIyqD.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\xfBvOUB.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\aZLuAMT.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\YPBoKLl.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\WrtgrQd.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\QHFMIiQ.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\shYQDSp.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\TvDqZMD.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\EdOJGLH.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\KGoHJmb.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\EefXeKg.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\zyMBLly.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\iHxEPYw.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
File created	C:\Windows\System\SpljHeA.exe	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15080	dwm.exe
Token: SeChangeNotifyPrivilege	15080	dwm.exe
Token: 33	15080	dwm.exe
Token: SeIncBasePriorityPrivilege	15080	dwm.exe
Token: SeShutdownPrivilege	15080	dwm.exe
Token: SeCreatePagefilePrivilege	15080	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 4744	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	83
PID 2796 wrote to memory of 4744	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	83
PID 2796 wrote to memory of 4832	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	84
PID 2796 wrote to memory of 4832	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	84
PID 2796 wrote to memory of 2652	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	85
PID 2796 wrote to memory of 2652	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	85
PID 2796 wrote to memory of 4792	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	86
PID 2796 wrote to memory of 4792	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	86
PID 2796 wrote to memory of 1800	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	87
PID 2796 wrote to memory of 1800	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	87
PID 2796 wrote to memory of 212	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	88
PID 2796 wrote to memory of 212	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	88
PID 2796 wrote to memory of 1164	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	89
PID 2796 wrote to memory of 1164	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	89
PID 2796 wrote to memory of 3392	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	90
PID 2796 wrote to memory of 3392	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	90
PID 2796 wrote to memory of 2424	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	91
PID 2796 wrote to memory of 2424	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	91
PID 2796 wrote to memory of 4796	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	92
PID 2796 wrote to memory of 4796	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	92
PID 2796 wrote to memory of 2124	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	93
PID 2796 wrote to memory of 2124	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	93
PID 2796 wrote to memory of 436	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	94
PID 2796 wrote to memory of 436	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	94
PID 2796 wrote to memory of 4540	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	95
PID 2796 wrote to memory of 4540	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	95
PID 2796 wrote to memory of 992	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	96
PID 2796 wrote to memory of 992	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	96
PID 2796 wrote to memory of 2764	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	97
PID 2796 wrote to memory of 2764	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	97
PID 2796 wrote to memory of 4996	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	98
PID 2796 wrote to memory of 4996	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	98
PID 2796 wrote to memory of 2608	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	99
PID 2796 wrote to memory of 2608	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	99
PID 2796 wrote to memory of 1908	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	100
PID 2796 wrote to memory of 1908	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	100
PID 2796 wrote to memory of 1220	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	101
PID 2796 wrote to memory of 1220	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	101
PID 2796 wrote to memory of 1424	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	102
PID 2796 wrote to memory of 1424	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	102
PID 2796 wrote to memory of 2028	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	103
PID 2796 wrote to memory of 2028	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	103
PID 2796 wrote to memory of 4936	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	104
PID 2796 wrote to memory of 4936	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	104
PID 2796 wrote to memory of 1192	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	105
PID 2796 wrote to memory of 1192	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	105
PID 2796 wrote to memory of 1528	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	106
PID 2796 wrote to memory of 1528	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	106
PID 2796 wrote to memory of 5080	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	107
PID 2796 wrote to memory of 5080	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	107
PID 2796 wrote to memory of 4548	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	108
PID 2796 wrote to memory of 4548	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	108
PID 2796 wrote to memory of 3204	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	109
PID 2796 wrote to memory of 3204	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	109
PID 2796 wrote to memory of 4660	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	110
PID 2796 wrote to memory of 4660	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	110
PID 2796 wrote to memory of 364	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	111
PID 2796 wrote to memory of 364	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	111
PID 2796 wrote to memory of 4924	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	112
PID 2796 wrote to memory of 4924	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	112
PID 2796 wrote to memory of 1172	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	113
PID 2796 wrote to memory of 1172	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	113
PID 2796 wrote to memory of 428	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	114
PID 2796 wrote to memory of 428	2796	52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\52a55ecc832da3fbef8a5e6f83770c30_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\System\fWbbzRI.exe
  C:\Windows\System\fWbbzRI.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\YosRuDl.exe
  C:\Windows\System\YosRuDl.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\lHwfbvF.exe
  C:\Windows\System\lHwfbvF.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\aglooKX.exe
  C:\Windows\System\aglooKX.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\KqPvhSJ.exe
  C:\Windows\System\KqPvhSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ZxUdZXd.exe
  C:\Windows\System\ZxUdZXd.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\GTlmfNC.exe
  C:\Windows\System\GTlmfNC.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\FVmwGWf.exe
  C:\Windows\System\FVmwGWf.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\HFziKMA.exe
  C:\Windows\System\HFziKMA.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\MIxmgQs.exe
  C:\Windows\System\MIxmgQs.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\DVcXlss.exe
  C:\Windows\System\DVcXlss.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xCjauar.exe
  C:\Windows\System\xCjauar.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\CDbcTkz.exe
  C:\Windows\System\CDbcTkz.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\tEFEaDq.exe
  C:\Windows\System\tEFEaDq.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\dEOezZJ.exe
  C:\Windows\System\dEOezZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\oizAxoK.exe
  C:\Windows\System\oizAxoK.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\nNsXIUd.exe
  C:\Windows\System\nNsXIUd.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\PKndElA.exe
  C:\Windows\System\PKndElA.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\jCVUrNx.exe
  C:\Windows\System\jCVUrNx.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\nVnaEHp.exe
  C:\Windows\System\nVnaEHp.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\NvWcwmd.exe
  C:\Windows\System\NvWcwmd.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ZrIbwCS.exe
  C:\Windows\System\ZrIbwCS.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\jqFsuFN.exe
  C:\Windows\System\jqFsuFN.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\VqWAQbn.exe
  C:\Windows\System\VqWAQbn.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\pQxVUMj.exe
  C:\Windows\System\pQxVUMj.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\ZOJsIXP.exe
  C:\Windows\System\ZOJsIXP.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\QQffDZJ.exe
  C:\Windows\System\QQffDZJ.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\JRTKazj.exe
  C:\Windows\System\JRTKazj.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\popeQXV.exe
  C:\Windows\System\popeQXV.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\Evlygfh.exe
  C:\Windows\System\Evlygfh.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\qOuWQLh.exe
  C:\Windows\System\qOuWQLh.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\trwjNUI.exe
  C:\Windows\System\trwjNUI.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\DInQoZV.exe
  C:\Windows\System\DInQoZV.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\aZLuAMT.exe
  C:\Windows\System\aZLuAMT.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\jmYbEyg.exe
  C:\Windows\System\jmYbEyg.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\zJBzzhd.exe
  C:\Windows\System\zJBzzhd.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\sQyygiQ.exe
  C:\Windows\System\sQyygiQ.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\IQALhOg.exe
  C:\Windows\System\IQALhOg.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\EiZZsLk.exe
  C:\Windows\System\EiZZsLk.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\ncEtpoR.exe
  C:\Windows\System\ncEtpoR.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\LPmwYgZ.exe
  C:\Windows\System\LPmwYgZ.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\sEAAvtM.exe
  C:\Windows\System\sEAAvtM.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\zFjnTOD.exe
  C:\Windows\System\zFjnTOD.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\XhomEKF.exe
  C:\Windows\System\XhomEKF.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\YPBoKLl.exe
  C:\Windows\System\YPBoKLl.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\jJrwzTK.exe
  C:\Windows\System\jJrwzTK.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\lefkUpy.exe
  C:\Windows\System\lefkUpy.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\OfCKHqh.exe
  C:\Windows\System\OfCKHqh.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\nbbXwTC.exe
  C:\Windows\System\nbbXwTC.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\sZthVKM.exe
  C:\Windows\System\sZthVKM.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\WZeQbSe.exe
  C:\Windows\System\WZeQbSe.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\yKXsMJE.exe
  C:\Windows\System\yKXsMJE.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\qdZLcFB.exe
  C:\Windows\System\qdZLcFB.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\gWezzbu.exe
  C:\Windows\System\gWezzbu.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\iHxEPYw.exe
  C:\Windows\System\iHxEPYw.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\HjgruSy.exe
  C:\Windows\System\HjgruSy.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\IIdmgDn.exe
  C:\Windows\System\IIdmgDn.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\KxriUZX.exe
  C:\Windows\System\KxriUZX.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\WUhDWIY.exe
  C:\Windows\System\WUhDWIY.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\iFWQWeH.exe
  C:\Windows\System\iFWQWeH.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\iHmGJjY.exe
  C:\Windows\System\iHmGJjY.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\HjmoksJ.exe
  C:\Windows\System\HjmoksJ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\xAJrYRi.exe
  C:\Windows\System\xAJrYRi.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\FsyGtRo.exe
  C:\Windows\System\FsyGtRo.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\EkOIEUH.exe
  C:\Windows\System\EkOIEUH.exe
  2⤵
  PID:2476
- C:\Windows\System\PHDzUnx.exe
  C:\Windows\System\PHDzUnx.exe
  2⤵
  PID:3856
- C:\Windows\System\tDhpuAn.exe
  C:\Windows\System\tDhpuAn.exe
  2⤵
  PID:2024
- C:\Windows\System\BbgkiGs.exe
  C:\Windows\System\BbgkiGs.exe
  2⤵
  PID:2728
- C:\Windows\System\cQqkHbi.exe
  C:\Windows\System\cQqkHbi.exe
  2⤵
  PID:4892
- C:\Windows\System\UoSIQPZ.exe
  C:\Windows\System\UoSIQPZ.exe
  2⤵
  PID:532
- C:\Windows\System\ehHCgzS.exe
  C:\Windows\System\ehHCgzS.exe
  2⤵
  PID:4956
- C:\Windows\System\OmqicHd.exe
  C:\Windows\System\OmqicHd.exe
  2⤵
  PID:3776
- C:\Windows\System\tEACzTx.exe
  C:\Windows\System\tEACzTx.exe
  2⤵
  PID:1148
- C:\Windows\System\TXGrpqB.exe
  C:\Windows\System\TXGrpqB.exe
  2⤵
  PID:3184
- C:\Windows\System\SmYhPpR.exe
  C:\Windows\System\SmYhPpR.exe
  2⤵
  PID:2916
- C:\Windows\System\dwjfIzT.exe
  C:\Windows\System\dwjfIzT.exe
  2⤵
  PID:1572
- C:\Windows\System\GWcQzhe.exe
  C:\Windows\System\GWcQzhe.exe
  2⤵
  PID:1552
- C:\Windows\System\nFcBJiI.exe
  C:\Windows\System\nFcBJiI.exe
  2⤵
  PID:3900
- C:\Windows\System\IbQLpBW.exe
  C:\Windows\System\IbQLpBW.exe
  2⤵
  PID:4404
- C:\Windows\System\zXLpEcu.exe
  C:\Windows\System\zXLpEcu.exe
  2⤵
  PID:2168
- C:\Windows\System\qhjUtCP.exe
  C:\Windows\System\qhjUtCP.exe
  2⤵
  PID:4280
- C:\Windows\System\DAwrlsx.exe
  C:\Windows\System\DAwrlsx.exe
  2⤵
  PID:2192
- C:\Windows\System\pXbUnLx.exe
  C:\Windows\System\pXbUnLx.exe
  2⤵
  PID:2264
- C:\Windows\System\LEkMVUr.exe
  C:\Windows\System\LEkMVUr.exe
  2⤵
  PID:4612
- C:\Windows\System\CDPEfay.exe
  C:\Windows\System\CDPEfay.exe
  2⤵
  PID:2992
- C:\Windows\System\NgWFjFF.exe
  C:\Windows\System\NgWFjFF.exe
  2⤵
  PID:4124
- C:\Windows\System\mMMhELN.exe
  C:\Windows\System\mMMhELN.exe
  2⤵
  PID:648
- C:\Windows\System\bKsapEu.exe
  C:\Windows\System\bKsapEu.exe
  2⤵
  PID:1196
- C:\Windows\System\WMvVefU.exe
  C:\Windows\System\WMvVefU.exe
  2⤵
  PID:4204
- C:\Windows\System\VhqWouC.exe
  C:\Windows\System\VhqWouC.exe
  2⤵
  PID:4524
- C:\Windows\System\tienMCN.exe
  C:\Windows\System\tienMCN.exe
  2⤵
  PID:4076
- C:\Windows\System\EHEnVAT.exe
  C:\Windows\System\EHEnVAT.exe
  2⤵
  PID:4696
- C:\Windows\System\ZBUTmPt.exe
  C:\Windows\System\ZBUTmPt.exe
  2⤵
  PID:5140
- C:\Windows\System\RzFXnuK.exe
  C:\Windows\System\RzFXnuK.exe
  2⤵
  PID:5188
- C:\Windows\System\ufwvDGk.exe
  C:\Windows\System\ufwvDGk.exe
  2⤵
  PID:5224
- C:\Windows\System\rvSniPQ.exe
  C:\Windows\System\rvSniPQ.exe
  2⤵
  PID:5256
- C:\Windows\System\edAXAdC.exe
  C:\Windows\System\edAXAdC.exe
  2⤵
  PID:5288
- C:\Windows\System\QIADVBw.exe
  C:\Windows\System\QIADVBw.exe
  2⤵
  PID:5316
- C:\Windows\System\SOwjmxq.exe
  C:\Windows\System\SOwjmxq.exe
  2⤵
  PID:5344
- C:\Windows\System\gDWlYdd.exe
  C:\Windows\System\gDWlYdd.exe
  2⤵
  PID:5372
- C:\Windows\System\GoSMfCH.exe
  C:\Windows\System\GoSMfCH.exe
  2⤵
  PID:5408
- C:\Windows\System\keIIbqH.exe
  C:\Windows\System\keIIbqH.exe
  2⤵
  PID:5424
- C:\Windows\System\ExXVpfJ.exe
  C:\Windows\System\ExXVpfJ.exe
  2⤵
  PID:5464
- C:\Windows\System\fBbJvTP.exe
  C:\Windows\System\fBbJvTP.exe
  2⤵
  PID:5496
- C:\Windows\System\hsfXaig.exe
  C:\Windows\System\hsfXaig.exe
  2⤵
  PID:5536
- C:\Windows\System\QJfqSnD.exe
  C:\Windows\System\QJfqSnD.exe
  2⤵
  PID:5572
- C:\Windows\System\ftlSPyn.exe
  C:\Windows\System\ftlSPyn.exe
  2⤵
  PID:5604
- C:\Windows\System\GAUOStO.exe
  C:\Windows\System\GAUOStO.exe
  2⤵
  PID:5628
- C:\Windows\System\fqZQNRg.exe
  C:\Windows\System\fqZQNRg.exe
  2⤵
  PID:5656
- C:\Windows\System\YLuFShN.exe
  C:\Windows\System\YLuFShN.exe
  2⤵
  PID:5688
- C:\Windows\System\pvjHYVe.exe
  C:\Windows\System\pvjHYVe.exe
  2⤵
  PID:5720
- C:\Windows\System\Nqjbstb.exe
  C:\Windows\System\Nqjbstb.exe
  2⤵
  PID:5748
- C:\Windows\System\AngqUaW.exe
  C:\Windows\System\AngqUaW.exe
  2⤵
  PID:5776
- C:\Windows\System\bHeGdLd.exe
  C:\Windows\System\bHeGdLd.exe
  2⤵
  PID:5808
- C:\Windows\System\GSEHfiD.exe
  C:\Windows\System\GSEHfiD.exe
  2⤵
  PID:5848
- C:\Windows\System\KtqJHCZ.exe
  C:\Windows\System\KtqJHCZ.exe
  2⤵
  PID:5880
- C:\Windows\System\rgDVloX.exe
  C:\Windows\System\rgDVloX.exe
  2⤵
  PID:5896
- C:\Windows\System\pTLYhHf.exe
  C:\Windows\System\pTLYhHf.exe
  2⤵
  PID:5928
- C:\Windows\System\NeUJpok.exe
  C:\Windows\System\NeUJpok.exe
  2⤵
  PID:5964
- C:\Windows\System\XnmkzJJ.exe
  C:\Windows\System\XnmkzJJ.exe
  2⤵
  PID:5992
- C:\Windows\System\BhDmjNG.exe
  C:\Windows\System\BhDmjNG.exe
  2⤵
  PID:6024
- C:\Windows\System\vaVVecA.exe
  C:\Windows\System\vaVVecA.exe
  2⤵
  PID:6048
- C:\Windows\System\vUCfxVG.exe
  C:\Windows\System\vUCfxVG.exe
  2⤵
  PID:6080
- C:\Windows\System\IszmheQ.exe
  C:\Windows\System\IszmheQ.exe
  2⤵
  PID:6112
- C:\Windows\System\ttBibkd.exe
  C:\Windows\System\ttBibkd.exe
  2⤵
  PID:5124
- C:\Windows\System\fcCVsmX.exe
  C:\Windows\System\fcCVsmX.exe
  2⤵
  PID:5220
- C:\Windows\System\gAlmBZs.exe
  C:\Windows\System\gAlmBZs.exe
  2⤵
  PID:5284
- C:\Windows\System\zuFyjrO.exe
  C:\Windows\System\zuFyjrO.exe
  2⤵
  PID:5300
- C:\Windows\System\lFZdCkz.exe
  C:\Windows\System\lFZdCkz.exe
  2⤵
  PID:540
- C:\Windows\System\YvMWtlG.exe
  C:\Windows\System\YvMWtlG.exe
  2⤵
  PID:5400
- C:\Windows\System\qrpoNwp.exe
  C:\Windows\System\qrpoNwp.exe
  2⤵
  PID:5448
- C:\Windows\System\AYLYBSs.exe
  C:\Windows\System\AYLYBSs.exe
  2⤵
  PID:5548
- C:\Windows\System\HynOsPu.exe
  C:\Windows\System\HynOsPu.exe
  2⤵
  PID:5620
- C:\Windows\System\NqpuVPj.exe
  C:\Windows\System\NqpuVPj.exe
  2⤵
  PID:5684
- C:\Windows\System\NGRxZZc.exe
  C:\Windows\System\NGRxZZc.exe
  2⤵
  PID:5760
- C:\Windows\System\lUwhOoj.exe
  C:\Windows\System\lUwhOoj.exe
  2⤵
  PID:3596
- C:\Windows\System\uzhJtHN.exe
  C:\Windows\System\uzhJtHN.exe
  2⤵
  PID:5872
- C:\Windows\System\gvWRVDC.exe
  C:\Windows\System\gvWRVDC.exe
  2⤵
  PID:5956
- C:\Windows\System\qMOtIdD.exe
  C:\Windows\System\qMOtIdD.exe
  2⤵
  PID:6004
- C:\Windows\System\ARwLudR.exe
  C:\Windows\System\ARwLudR.exe
  2⤵
  PID:6040
- C:\Windows\System\HpvSlYm.exe
  C:\Windows\System\HpvSlYm.exe
  2⤵
  PID:6076
- C:\Windows\System\onfxYeI.exe
  C:\Windows\System\onfxYeI.exe
  2⤵
  PID:6136
- C:\Windows\System\iXindJh.exe
  C:\Windows\System\iXindJh.exe
  2⤵
  PID:696
- C:\Windows\System\fleeuea.exe
  C:\Windows\System\fleeuea.exe
  2⤵
  PID:5416
- C:\Windows\System\BwepoVu.exe
  C:\Windows\System\BwepoVu.exe
  2⤵
  PID:5648
- C:\Windows\System\kzHDtmT.exe
  C:\Windows\System\kzHDtmT.exe
  2⤵
  PID:5892
- C:\Windows\System\AoHuyAC.exe
  C:\Windows\System\AoHuyAC.exe
  2⤵
  PID:6032
- C:\Windows\System\VShKqtD.exe
  C:\Windows\System\VShKqtD.exe
  2⤵
  PID:5248
- C:\Windows\System\IoyOGlW.exe
  C:\Windows\System\IoyOGlW.exe
  2⤵
  PID:5384
- C:\Windows\System\wBsXghJ.exe
  C:\Windows\System\wBsXghJ.exe
  2⤵
  PID:5732
- C:\Windows\System\UsIBXZm.exe
  C:\Windows\System\UsIBXZm.exe
  2⤵
  PID:5216
- C:\Windows\System\uvhRqIN.exe
  C:\Windows\System\uvhRqIN.exe
  2⤵
  PID:5976
- C:\Windows\System\WahGZon.exe
  C:\Windows\System\WahGZon.exe
  2⤵
  PID:6152
- C:\Windows\System\bxVKkfV.exe
  C:\Windows\System\bxVKkfV.exe
  2⤵
  PID:6176
- C:\Windows\System\SscAJvQ.exe
  C:\Windows\System\SscAJvQ.exe
  2⤵
  PID:6208
- C:\Windows\System\JImopWA.exe
  C:\Windows\System\JImopWA.exe
  2⤵
  PID:6236
- C:\Windows\System\jUlaHey.exe
  C:\Windows\System\jUlaHey.exe
  2⤵
  PID:6268
- C:\Windows\System\Jlxcryl.exe
  C:\Windows\System\Jlxcryl.exe
  2⤵
  PID:6292
- C:\Windows\System\yiWnOyi.exe
  C:\Windows\System\yiWnOyi.exe
  2⤵
  PID:6320
- C:\Windows\System\OiqsiAw.exe
  C:\Windows\System\OiqsiAw.exe
  2⤵
  PID:6356
- C:\Windows\System\MVBVoxG.exe
  C:\Windows\System\MVBVoxG.exe
  2⤵
  PID:6384
- C:\Windows\System\bYkVyUM.exe
  C:\Windows\System\bYkVyUM.exe
  2⤵
  PID:6428
- C:\Windows\System\NTPhglX.exe
  C:\Windows\System\NTPhglX.exe
  2⤵
  PID:6472
- C:\Windows\System\pkbvJNY.exe
  C:\Windows\System\pkbvJNY.exe
  2⤵
  PID:6500
- C:\Windows\System\hptXFyZ.exe
  C:\Windows\System\hptXFyZ.exe
  2⤵
  PID:6528
- C:\Windows\System\fzEcSXM.exe
  C:\Windows\System\fzEcSXM.exe
  2⤵
  PID:6556
- C:\Windows\System\zHdAzkQ.exe
  C:\Windows\System\zHdAzkQ.exe
  2⤵
  PID:6584
- C:\Windows\System\ojoXAlp.exe
  C:\Windows\System\ojoXAlp.exe
  2⤵
  PID:6612
- C:\Windows\System\qgUPMQR.exe
  C:\Windows\System\qgUPMQR.exe
  2⤵
  PID:6640
- C:\Windows\System\ZcABYrO.exe
  C:\Windows\System\ZcABYrO.exe
  2⤵
  PID:6676
- C:\Windows\System\HdUfdJG.exe
  C:\Windows\System\HdUfdJG.exe
  2⤵
  PID:6696
- C:\Windows\System\lHpShVp.exe
  C:\Windows\System\lHpShVp.exe
  2⤵
  PID:6724
- C:\Windows\System\aKiQbmX.exe
  C:\Windows\System\aKiQbmX.exe
  2⤵
  PID:6752
- C:\Windows\System\FDtBWDy.exe
  C:\Windows\System\FDtBWDy.exe
  2⤵
  PID:6780
- C:\Windows\System\pDXNOWo.exe
  C:\Windows\System\pDXNOWo.exe
  2⤵
  PID:6808
- C:\Windows\System\OCDebXd.exe
  C:\Windows\System\OCDebXd.exe
  2⤵
  PID:6836
- C:\Windows\System\IpGhFlZ.exe
  C:\Windows\System\IpGhFlZ.exe
  2⤵
  PID:6864
- C:\Windows\System\qCIZomH.exe
  C:\Windows\System\qCIZomH.exe
  2⤵
  PID:6896
- C:\Windows\System\cHnHekg.exe
  C:\Windows\System\cHnHekg.exe
  2⤵
  PID:6920
- C:\Windows\System\WrtgrQd.exe
  C:\Windows\System\WrtgrQd.exe
  2⤵
  PID:6948
- C:\Windows\System\BvvLZqO.exe
  C:\Windows\System\BvvLZqO.exe
  2⤵
  PID:6980
- C:\Windows\System\KebsMrL.exe
  C:\Windows\System\KebsMrL.exe
  2⤵
  PID:7016
- C:\Windows\System\eQnNIBv.exe
  C:\Windows\System\eQnNIBv.exe
  2⤵
  PID:7044
- C:\Windows\System\kRpGjaI.exe
  C:\Windows\System\kRpGjaI.exe
  2⤵
  PID:7072
- C:\Windows\System\wElXnUa.exe
  C:\Windows\System\wElXnUa.exe
  2⤵
  PID:7100
- C:\Windows\System\JxaKEMN.exe
  C:\Windows\System\JxaKEMN.exe
  2⤵
  PID:7132
- C:\Windows\System\tARtoUw.exe
  C:\Windows\System\tARtoUw.exe
  2⤵
  PID:7160
- C:\Windows\System\ZCNDduL.exe
  C:\Windows\System\ZCNDduL.exe
  2⤵
  PID:6192
- C:\Windows\System\tzFXXch.exe
  C:\Windows\System\tzFXXch.exe
  2⤵
  PID:6256
- C:\Windows\System\iQmOBwQ.exe
  C:\Windows\System\iQmOBwQ.exe
  2⤵
  PID:6332
- C:\Windows\System\ZGiQXBp.exe
  C:\Windows\System\ZGiQXBp.exe
  2⤵
  PID:6416
- C:\Windows\System\rgjEJbs.exe
  C:\Windows\System\rgjEJbs.exe
  2⤵
  PID:6492
- C:\Windows\System\NkYNWca.exe
  C:\Windows\System\NkYNWca.exe
  2⤵
  PID:6552
- C:\Windows\System\hjaodGf.exe
  C:\Windows\System\hjaodGf.exe
  2⤵
  PID:6608
- C:\Windows\System\kcPOSau.exe
  C:\Windows\System\kcPOSau.exe
  2⤵
  PID:6692
- C:\Windows\System\CZqstyd.exe
  C:\Windows\System\CZqstyd.exe
  2⤵
  PID:6744
- C:\Windows\System\TdfbsCL.exe
  C:\Windows\System\TdfbsCL.exe
  2⤵
  PID:6804
- C:\Windows\System\hubMWIj.exe
  C:\Windows\System\hubMWIj.exe
  2⤵
  PID:6876
- C:\Windows\System\kRkJkkQ.exe
  C:\Windows\System\kRkJkkQ.exe
  2⤵
  PID:6932
- C:\Windows\System\EzQGnXp.exe
  C:\Windows\System\EzQGnXp.exe
  2⤵
  PID:7028
- C:\Windows\System\zUaoQoD.exe
  C:\Windows\System\zUaoQoD.exe
  2⤵
  PID:7084
- C:\Windows\System\SPAdhGr.exe
  C:\Windows\System\SPAdhGr.exe
  2⤵
  PID:7152
- C:\Windows\System\frKWoPd.exe
  C:\Windows\System\frKWoPd.exe
  2⤵
  PID:6248
- C:\Windows\System\apMLaDt.exe
  C:\Windows\System\apMLaDt.exe
  2⤵
  PID:6444
- C:\Windows\System\VtkmLSB.exe
  C:\Windows\System\VtkmLSB.exe
  2⤵
  PID:6596
- C:\Windows\System\MRfkAba.exe
  C:\Windows\System\MRfkAba.exe
  2⤵
  PID:6736
- C:\Windows\System\vnkjBWm.exe
  C:\Windows\System\vnkjBWm.exe
  2⤵
  PID:6916
- C:\Windows\System\AnWqAIu.exe
  C:\Windows\System\AnWqAIu.exe
  2⤵
  PID:7064
- C:\Windows\System\OiexvJb.exe
  C:\Windows\System\OiexvJb.exe
  2⤵
  PID:6232
- C:\Windows\System\uKQAQjp.exe
  C:\Windows\System\uKQAQjp.exe
  2⤵
  PID:6668
- C:\Windows\System\kqmaloj.exe
  C:\Windows\System\kqmaloj.exe
  2⤵
  PID:7012
- C:\Windows\System\DHishrB.exe
  C:\Windows\System\DHishrB.exe
  2⤵
  PID:6796
- C:\Windows\System\HpLNbqf.exe
  C:\Windows\System\HpLNbqf.exe
  2⤵
  PID:7172
- C:\Windows\System\iYrxSRk.exe
  C:\Windows\System\iYrxSRk.exe
  2⤵
  PID:7220
- C:\Windows\System\ufrpiYq.exe
  C:\Windows\System\ufrpiYq.exe
  2⤵
  PID:7252
- C:\Windows\System\ixPnpjo.exe
  C:\Windows\System\ixPnpjo.exe
  2⤵
  PID:7280
- C:\Windows\System\yPAqCRl.exe
  C:\Windows\System\yPAqCRl.exe
  2⤵
  PID:7328
- C:\Windows\System\SevnMPo.exe
  C:\Windows\System\SevnMPo.exe
  2⤵
  PID:7364
- C:\Windows\System\cvonRyk.exe
  C:\Windows\System\cvonRyk.exe
  2⤵
  PID:7404
- C:\Windows\System\mPjFGRE.exe
  C:\Windows\System\mPjFGRE.exe
  2⤵
  PID:7440
- C:\Windows\System\hDBKHDK.exe
  C:\Windows\System\hDBKHDK.exe
  2⤵
  PID:7476
- C:\Windows\System\fOltdHX.exe
  C:\Windows\System\fOltdHX.exe
  2⤵
  PID:7516
- C:\Windows\System\pcQfDaO.exe
  C:\Windows\System\pcQfDaO.exe
  2⤵
  PID:7536
- C:\Windows\System\TXAqJIA.exe
  C:\Windows\System\TXAqJIA.exe
  2⤵
  PID:7588
- C:\Windows\System\KIHMGGo.exe
  C:\Windows\System\KIHMGGo.exe
  2⤵
  PID:7620
- C:\Windows\System\nBCtmXF.exe
  C:\Windows\System\nBCtmXF.exe
  2⤵
  PID:7652
- C:\Windows\System\ZoYhBxR.exe
  C:\Windows\System\ZoYhBxR.exe
  2⤵
  PID:7692
- C:\Windows\System\QHFMIiQ.exe
  C:\Windows\System\QHFMIiQ.exe
  2⤵
  PID:7732
- C:\Windows\System\OWhwPsM.exe
  C:\Windows\System\OWhwPsM.exe
  2⤵
  PID:7764
- C:\Windows\System\hrNseUH.exe
  C:\Windows\System\hrNseUH.exe
  2⤵
  PID:7796
- C:\Windows\System\ZYgDGdF.exe
  C:\Windows\System\ZYgDGdF.exe
  2⤵
  PID:7832
- C:\Windows\System\KGoHJmb.exe
  C:\Windows\System\KGoHJmb.exe
  2⤵
  PID:7864
- C:\Windows\System\CDVqYfc.exe
  C:\Windows\System\CDVqYfc.exe
  2⤵
  PID:7884
- C:\Windows\System\XqeGZSF.exe
  C:\Windows\System\XqeGZSF.exe
  2⤵
  PID:7916
- C:\Windows\System\hCRFPue.exe
  C:\Windows\System\hCRFPue.exe
  2⤵
  PID:7940
- C:\Windows\System\uciCFmO.exe
  C:\Windows\System\uciCFmO.exe
  2⤵
  PID:7968
- C:\Windows\System\nqezUBb.exe
  C:\Windows\System\nqezUBb.exe
  2⤵
  PID:7988
- C:\Windows\System\shYQDSp.exe
  C:\Windows\System\shYQDSp.exe
  2⤵
  PID:8028
- C:\Windows\System\EiDTljI.exe
  C:\Windows\System\EiDTljI.exe
  2⤵
  PID:8064
- C:\Windows\System\rLNeqYb.exe
  C:\Windows\System\rLNeqYb.exe
  2⤵
  PID:8092
- C:\Windows\System\LWfrPBt.exe
  C:\Windows\System\LWfrPBt.exe
  2⤵
  PID:8120
- C:\Windows\System\vyAZLIV.exe
  C:\Windows\System\vyAZLIV.exe
  2⤵
  PID:8148
- C:\Windows\System\aKMxTlp.exe
  C:\Windows\System\aKMxTlp.exe
  2⤵
  PID:8176
- C:\Windows\System\OvhoYSa.exe
  C:\Windows\System\OvhoYSa.exe
  2⤵
  PID:7208
- C:\Windows\System\NiRIYKZ.exe
  C:\Windows\System\NiRIYKZ.exe
  2⤵
  PID:7272
- C:\Windows\System\aJsMkTI.exe
  C:\Windows\System\aJsMkTI.exe
  2⤵
  PID:7372
- C:\Windows\System\nYPltKc.exe
  C:\Windows\System\nYPltKc.exe
  2⤵
  PID:7460
- C:\Windows\System\PDPeueA.exe
  C:\Windows\System\PDPeueA.exe
  2⤵
  PID:7568
- C:\Windows\System\faMGArR.exe
  C:\Windows\System\faMGArR.exe
  2⤵
  PID:7680
- C:\Windows\System\xAcogAC.exe
  C:\Windows\System\xAcogAC.exe
  2⤵
  PID:7792
- C:\Windows\System\gJuNFfS.exe
  C:\Windows\System\gJuNFfS.exe
  2⤵
  PID:7852
- C:\Windows\System\lDGHvTw.exe
  C:\Windows\System\lDGHvTw.exe
  2⤵
  PID:7924
- C:\Windows\System\aHcivfN.exe
  C:\Windows\System\aHcivfN.exe
  2⤵
  PID:7976
- C:\Windows\System\RyjuXDe.exe
  C:\Windows\System\RyjuXDe.exe
  2⤵
  PID:8048
- C:\Windows\System\dwaZOFg.exe
  C:\Windows\System\dwaZOFg.exe
  2⤵
  PID:8112
- C:\Windows\System\EzCXyCO.exe
  C:\Windows\System\EzCXyCO.exe
  2⤵
  PID:8172
- C:\Windows\System\oRQBKec.exe
  C:\Windows\System\oRQBKec.exe
  2⤵
  PID:7316
- C:\Windows\System\MoriEqT.exe
  C:\Windows\System\MoriEqT.exe
  2⤵
  PID:7528
- C:\Windows\System\aGDAjrF.exe
  C:\Windows\System\aGDAjrF.exe
  2⤵
  PID:7756
- C:\Windows\System\vbiznwJ.exe
  C:\Windows\System\vbiznwJ.exe
  2⤵
  PID:7928
- C:\Windows\System\DNAUrDc.exe
  C:\Windows\System\DNAUrDc.exe
  2⤵
  PID:8088
- C:\Windows\System\NFqqJSN.exe
  C:\Windows\System\NFqqJSN.exe
  2⤵
  PID:4788
- C:\Windows\System\dXykzHX.exe
  C:\Windows\System\dXykzHX.exe
  2⤵
  PID:7848
- C:\Windows\System\BqzZjdP.exe
  C:\Windows\System\BqzZjdP.exe
  2⤵
  PID:6576
- C:\Windows\System\OwQDJyH.exe
  C:\Windows\System\OwQDJyH.exe
  2⤵
  PID:8076
- C:\Windows\System\sFIHPpE.exe
  C:\Windows\System\sFIHPpE.exe
  2⤵
  PID:8208
- C:\Windows\System\lWxePIy.exe
  C:\Windows\System\lWxePIy.exe
  2⤵
  PID:8236
- C:\Windows\System\nrtLDqw.exe
  C:\Windows\System\nrtLDqw.exe
  2⤵
  PID:8264
- C:\Windows\System\BVjrzCh.exe
  C:\Windows\System\BVjrzCh.exe
  2⤵
  PID:8292
- C:\Windows\System\nFmAKoq.exe
  C:\Windows\System\nFmAKoq.exe
  2⤵
  PID:8320
- C:\Windows\System\DxnXzcK.exe
  C:\Windows\System\DxnXzcK.exe
  2⤵
  PID:8348
- C:\Windows\System\TeVrUru.exe
  C:\Windows\System\TeVrUru.exe
  2⤵
  PID:8376
- C:\Windows\System\jaddkpX.exe
  C:\Windows\System\jaddkpX.exe
  2⤵
  PID:8408
- C:\Windows\System\lekHuaa.exe
  C:\Windows\System\lekHuaa.exe
  2⤵
  PID:8432
- C:\Windows\System\StuDeHw.exe
  C:\Windows\System\StuDeHw.exe
  2⤵
  PID:8464
- C:\Windows\System\jaoRsNi.exe
  C:\Windows\System\jaoRsNi.exe
  2⤵
  PID:8492
- C:\Windows\System\niabIio.exe
  C:\Windows\System\niabIio.exe
  2⤵
  PID:8528
- C:\Windows\System\cxlLEqY.exe
  C:\Windows\System\cxlLEqY.exe
  2⤵
  PID:8556
- C:\Windows\System\WlTlXfc.exe
  C:\Windows\System\WlTlXfc.exe
  2⤵
  PID:8584
- C:\Windows\System\XzUOswz.exe
  C:\Windows\System\XzUOswz.exe
  2⤵
  PID:8612
- C:\Windows\System\cCuBguF.exe
  C:\Windows\System\cCuBguF.exe
  2⤵
  PID:8640
- C:\Windows\System\iTybmSH.exe
  C:\Windows\System\iTybmSH.exe
  2⤵
  PID:8672
- C:\Windows\System\gjussLI.exe
  C:\Windows\System\gjussLI.exe
  2⤵
  PID:8696
- C:\Windows\System\apFOUwm.exe
  C:\Windows\System\apFOUwm.exe
  2⤵
  PID:8724
- C:\Windows\System\hbuzrvP.exe
  C:\Windows\System\hbuzrvP.exe
  2⤵
  PID:8760
- C:\Windows\System\paGBcYO.exe
  C:\Windows\System\paGBcYO.exe
  2⤵
  PID:8780
- C:\Windows\System\CFLjFrE.exe
  C:\Windows\System\CFLjFrE.exe
  2⤵
  PID:8808
- C:\Windows\System\kgIbLCw.exe
  C:\Windows\System\kgIbLCw.exe
  2⤵
  PID:8840
- C:\Windows\System\GdAddzc.exe
  C:\Windows\System\GdAddzc.exe
  2⤵
  PID:8864
- C:\Windows\System\BGqLBDe.exe
  C:\Windows\System\BGqLBDe.exe
  2⤵
  PID:8892
- C:\Windows\System\LejjxDk.exe
  C:\Windows\System\LejjxDk.exe
  2⤵
  PID:8920
- C:\Windows\System\XpySwHz.exe
  C:\Windows\System\XpySwHz.exe
  2⤵
  PID:8948
- C:\Windows\System\HYcbTIv.exe
  C:\Windows\System\HYcbTIv.exe
  2⤵
  PID:8980
- C:\Windows\System\WZSbzKA.exe
  C:\Windows\System\WZSbzKA.exe
  2⤵
  PID:9008
- C:\Windows\System\efKaLbV.exe
  C:\Windows\System\efKaLbV.exe
  2⤵
  PID:9032
- C:\Windows\System\KBZsMdK.exe
  C:\Windows\System\KBZsMdK.exe
  2⤵
  PID:9048
- C:\Windows\System\pMmwdnZ.exe
  C:\Windows\System\pMmwdnZ.exe
  2⤵
  PID:9064
- C:\Windows\System\SWvJtnw.exe
  C:\Windows\System\SWvJtnw.exe
  2⤵
  PID:9092
- C:\Windows\System\YAttczu.exe
  C:\Windows\System\YAttczu.exe
  2⤵
  PID:9124
- C:\Windows\System\nvGNuTN.exe
  C:\Windows\System\nvGNuTN.exe
  2⤵
  PID:9164
- C:\Windows\System\pPhLcuq.exe
  C:\Windows\System\pPhLcuq.exe
  2⤵
  PID:9200
- C:\Windows\System\jbontdy.exe
  C:\Windows\System\jbontdy.exe
  2⤵
  PID:8220
- C:\Windows\System\tcXwuhv.exe
  C:\Windows\System\tcXwuhv.exe
  2⤵
  PID:8276
- C:\Windows\System\mEBEpLC.exe
  C:\Windows\System\mEBEpLC.exe
  2⤵
  PID:8316
- C:\Windows\System\mWJkSCE.exe
  C:\Windows\System\mWJkSCE.exe
  2⤵
  PID:8420
- C:\Windows\System\gGTblNu.exe
  C:\Windows\System\gGTblNu.exe
  2⤵
  PID:8460
- C:\Windows\System\GxQpQFC.exe
  C:\Windows\System\GxQpQFC.exe
  2⤵
  PID:8524
- C:\Windows\System\AlELCQh.exe
  C:\Windows\System\AlELCQh.exe
  2⤵
  PID:8608
- C:\Windows\System\uSxGDaI.exe
  C:\Windows\System\uSxGDaI.exe
  2⤵
  PID:8660
- C:\Windows\System\dOATWNQ.exe
  C:\Windows\System\dOATWNQ.exe
  2⤵
  PID:8716
- C:\Windows\System\XHvVGwy.exe
  C:\Windows\System\XHvVGwy.exe
  2⤵
  PID:8792
- C:\Windows\System\aRjAIhv.exe
  C:\Windows\System\aRjAIhv.exe
  2⤵
  PID:8832
- C:\Windows\System\BrWuGXd.exe
  C:\Windows\System\BrWuGXd.exe
  2⤵
  PID:8932
- C:\Windows\System\FAJIcKT.exe
  C:\Windows\System\FAJIcKT.exe
  2⤵
  PID:9016
- C:\Windows\System\AjlaeXQ.exe
  C:\Windows\System\AjlaeXQ.exe
  2⤵
  PID:9076
- C:\Windows\System\ZGQgdxm.exe
  C:\Windows\System\ZGQgdxm.exe
  2⤵
  PID:9112
- C:\Windows\System\MXIKegy.exe
  C:\Windows\System\MXIKegy.exe
  2⤵
  PID:9192
- C:\Windows\System\uPbqTrb.exe
  C:\Windows\System\uPbqTrb.exe
  2⤵
  PID:8288
- C:\Windows\System\ZkSLDKB.exe
  C:\Windows\System\ZkSLDKB.exe
  2⤵
  PID:8456
- C:\Windows\System\qyfNWoQ.exe
  C:\Windows\System\qyfNWoQ.exe
  2⤵
  PID:8632
- C:\Windows\System\eCAlEzr.exe
  C:\Windows\System\eCAlEzr.exe
  2⤵
  PID:8768
- C:\Windows\System\kiGnnoo.exe
  C:\Windows\System\kiGnnoo.exe
  2⤵
  PID:8904
- C:\Windows\System\DgxMmOb.exe
  C:\Windows\System\DgxMmOb.exe
  2⤵
  PID:9000
- C:\Windows\System\DVtWBlb.exe
  C:\Windows\System\DVtWBlb.exe
  2⤵
  PID:9156
- C:\Windows\System\KFIMVLB.exe
  C:\Windows\System\KFIMVLB.exe
  2⤵
  PID:8568
- C:\Windows\System\nHwvcxV.exe
  C:\Windows\System\nHwvcxV.exe
  2⤵
  PID:8828
- C:\Windows\System\KAJuYfL.exe
  C:\Windows\System\KAJuYfL.exe
  2⤵
  PID:9144
- C:\Windows\System\vdrdSBC.exe
  C:\Windows\System\vdrdSBC.exe
  2⤵
  PID:8692
- C:\Windows\System\FyJFWcp.exe
  C:\Windows\System\FyJFWcp.exe
  2⤵
  PID:8200
- C:\Windows\System\ImqeZxR.exe
  C:\Windows\System\ImqeZxR.exe
  2⤵
  PID:9248
- C:\Windows\System\FaJmxjw.exe
  C:\Windows\System\FaJmxjw.exe
  2⤵
  PID:9288
- C:\Windows\System\zYaixWg.exe
  C:\Windows\System\zYaixWg.exe
  2⤵
  PID:9304
- C:\Windows\System\hCgajhU.exe
  C:\Windows\System\hCgajhU.exe
  2⤵
  PID:9344
- C:\Windows\System\NrGLceU.exe
  C:\Windows\System\NrGLceU.exe
  2⤵
  PID:9372
- C:\Windows\System\CmxCqyz.exe
  C:\Windows\System\CmxCqyz.exe
  2⤵
  PID:9404
- C:\Windows\System\OxORkyu.exe
  C:\Windows\System\OxORkyu.exe
  2⤵
  PID:9428
- C:\Windows\System\bhFdSCR.exe
  C:\Windows\System\bhFdSCR.exe
  2⤵
  PID:9456
- C:\Windows\System\RnNEPMs.exe
  C:\Windows\System\RnNEPMs.exe
  2⤵
  PID:9496
- C:\Windows\System\oEtZPMC.exe
  C:\Windows\System\oEtZPMC.exe
  2⤵
  PID:9512
- C:\Windows\System\zQtuZIo.exe
  C:\Windows\System\zQtuZIo.exe
  2⤵
  PID:9528
- C:\Windows\System\lprVgZd.exe
  C:\Windows\System\lprVgZd.exe
  2⤵
  PID:9556
- C:\Windows\System\gikQUXD.exe
  C:\Windows\System\gikQUXD.exe
  2⤵
  PID:9596
- C:\Windows\System\BFuVGQo.exe
  C:\Windows\System\BFuVGQo.exe
  2⤵
  PID:9636
- C:\Windows\System\FqXCGYb.exe
  C:\Windows\System\FqXCGYb.exe
  2⤵
  PID:9664
- C:\Windows\System\KUklqda.exe
  C:\Windows\System\KUklqda.exe
  2⤵
  PID:9692
- C:\Windows\System\nVQDHsy.exe
  C:\Windows\System\nVQDHsy.exe
  2⤵
  PID:9720
- C:\Windows\System\pjyKaXg.exe
  C:\Windows\System\pjyKaXg.exe
  2⤵
  PID:9748
- C:\Windows\System\NCTenMO.exe
  C:\Windows\System\NCTenMO.exe
  2⤵
  PID:9764
- C:\Windows\System\pXyvaqv.exe
  C:\Windows\System\pXyvaqv.exe
  2⤵
  PID:9784
- C:\Windows\System\SUSRUyw.exe
  C:\Windows\System\SUSRUyw.exe
  2⤵
  PID:9832
- C:\Windows\System\IEZWwcY.exe
  C:\Windows\System\IEZWwcY.exe
  2⤵
  PID:9848
- C:\Windows\System\HFbNtvU.exe
  C:\Windows\System\HFbNtvU.exe
  2⤵
  PID:9880
- C:\Windows\System\WsyvpxX.exe
  C:\Windows\System\WsyvpxX.exe
  2⤵
  PID:9904
- C:\Windows\System\TEUebDT.exe
  C:\Windows\System\TEUebDT.exe
  2⤵
  PID:9940
- C:\Windows\System\ecoiZwm.exe
  C:\Windows\System\ecoiZwm.exe
  2⤵
  PID:9960
- C:\Windows\System\kaoatec.exe
  C:\Windows\System\kaoatec.exe
  2⤵
  PID:9992
- C:\Windows\System\iDVHrPm.exe
  C:\Windows\System\iDVHrPm.exe
  2⤵
  PID:10016
- C:\Windows\System\KWuuZxA.exe
  C:\Windows\System\KWuuZxA.exe
  2⤵
  PID:10052
- C:\Windows\System\mRJgMhy.exe
  C:\Windows\System\mRJgMhy.exe
  2⤵
  PID:10084
- C:\Windows\System\SpljHeA.exe
  C:\Windows\System\SpljHeA.exe
  2⤵
  PID:10112
- C:\Windows\System\DjEOXkg.exe
  C:\Windows\System\DjEOXkg.exe
  2⤵
  PID:10128
- C:\Windows\System\nurRQzn.exe
  C:\Windows\System\nurRQzn.exe
  2⤵
  PID:10160
- C:\Windows\System\MOaSIFS.exe
  C:\Windows\System\MOaSIFS.exe
  2⤵
  PID:10184
- C:\Windows\System\rlvkJJD.exe
  C:\Windows\System\rlvkJJD.exe
  2⤵
  PID:10212
- C:\Windows\System\sophEua.exe
  C:\Windows\System\sophEua.exe
  2⤵
  PID:8428
- C:\Windows\System\ZzbaYNV.exe
  C:\Windows\System\ZzbaYNV.exe
  2⤵
  PID:7676
- C:\Windows\System\CAUxHAj.exe
  C:\Windows\System\CAUxHAj.exe
  2⤵
  PID:9296
- C:\Windows\System\CCrLWss.exe
  C:\Windows\System\CCrLWss.exe
  2⤵
  PID:9392
- C:\Windows\System\TAGyDbJ.exe
  C:\Windows\System\TAGyDbJ.exe
  2⤵
  PID:9468
- C:\Windows\System\DrTDJoI.exe
  C:\Windows\System\DrTDJoI.exe
  2⤵
  PID:9524
- C:\Windows\System\zcKrwDz.exe
  C:\Windows\System\zcKrwDz.exe
  2⤵
  PID:9572
- C:\Windows\System\NTEqeUv.exe
  C:\Windows\System\NTEqeUv.exe
  2⤵
  PID:9660
- C:\Windows\System\wrDBkfr.exe
  C:\Windows\System\wrDBkfr.exe
  2⤵
  PID:9780
- C:\Windows\System\jpxSEKu.exe
  C:\Windows\System\jpxSEKu.exe
  2⤵
  PID:9868
- C:\Windows\System\qJmsJKz.exe
  C:\Windows\System\qJmsJKz.exe
  2⤵
  PID:9892
- C:\Windows\System\XYNPGqj.exe
  C:\Windows\System\XYNPGqj.exe
  2⤵
  PID:10028
- C:\Windows\System\eqsZVkg.exe
  C:\Windows\System\eqsZVkg.exe
  2⤵
  PID:10096
- C:\Windows\System\LMfFTDA.exe
  C:\Windows\System\LMfFTDA.exe
  2⤵
  PID:10140
- C:\Windows\System\yyqtBHu.exe
  C:\Windows\System\yyqtBHu.exe
  2⤵
  PID:9260
- C:\Windows\System\rEOEZTn.exe
  C:\Windows\System\rEOEZTn.exe
  2⤵
  PID:9328
- C:\Windows\System\gXjQNgX.exe
  C:\Windows\System\gXjQNgX.exe
  2⤵
  PID:9364
- C:\Windows\System\PHEWvTC.exe
  C:\Windows\System\PHEWvTC.exe
  2⤵
  PID:9484
- C:\Windows\System\HbrwwYg.exe
  C:\Windows\System\HbrwwYg.exe
  2⤵
  PID:9624
- C:\Windows\System\JWPDtMf.exe
  C:\Windows\System\JWPDtMf.exe
  2⤵
  PID:9916
- C:\Windows\System\fEXAOKo.exe
  C:\Windows\System\fEXAOKo.exe
  2⤵
  PID:10120
- C:\Windows\System\tYDdgtd.exe
  C:\Windows\System\tYDdgtd.exe
  2⤵
  PID:10144
- C:\Windows\System\wTheRwx.exe
  C:\Windows\System\wTheRwx.exe
  2⤵
  PID:8912
- C:\Windows\System\iBlxFMf.exe
  C:\Windows\System\iBlxFMf.exe
  2⤵
  PID:9844
- C:\Windows\System\duWxWtO.exe
  C:\Windows\System\duWxWtO.exe
  2⤵
  PID:9300
- C:\Windows\System\FvLkpMk.exe
  C:\Windows\System\FvLkpMk.exe
  2⤵
  PID:10280
- C:\Windows\System\KzzQiQa.exe
  C:\Windows\System\KzzQiQa.exe
  2⤵
  PID:10308
- C:\Windows\System\CmWjIAM.exe
  C:\Windows\System\CmWjIAM.exe
  2⤵
  PID:10324
- C:\Windows\System\nvrXFHa.exe
  C:\Windows\System\nvrXFHa.exe
  2⤵
  PID:10352
- C:\Windows\System\ZdCbhNe.exe
  C:\Windows\System\ZdCbhNe.exe
  2⤵
  PID:10388
- C:\Windows\System\SrMtblC.exe
  C:\Windows\System\SrMtblC.exe
  2⤵
  PID:10416
- C:\Windows\System\WPLVwGn.exe
  C:\Windows\System\WPLVwGn.exe
  2⤵
  PID:10448
- C:\Windows\System\DgHvSHg.exe
  C:\Windows\System\DgHvSHg.exe
  2⤵
  PID:10476
- C:\Windows\System\GltlwMh.exe
  C:\Windows\System\GltlwMh.exe
  2⤵
  PID:10496
- C:\Windows\System\pRThRZD.exe
  C:\Windows\System\pRThRZD.exe
  2⤵
  PID:10520
- C:\Windows\System\CahRHDn.exe
  C:\Windows\System\CahRHDn.exe
  2⤵
  PID:10548
- C:\Windows\System\WbpEhsF.exe
  C:\Windows\System\WbpEhsF.exe
  2⤵
  PID:10588
- C:\Windows\System\vYBarUm.exe
  C:\Windows\System\vYBarUm.exe
  2⤵
  PID:10616
- C:\Windows\System\TwCCSwz.exe
  C:\Windows\System\TwCCSwz.exe
  2⤵
  PID:10644
- C:\Windows\System\ulrObsd.exe
  C:\Windows\System\ulrObsd.exe
  2⤵
  PID:10668
- C:\Windows\System\PoiCveG.exe
  C:\Windows\System\PoiCveG.exe
  2⤵
  PID:10692
- C:\Windows\System\QMXtGuU.exe
  C:\Windows\System\QMXtGuU.exe
  2⤵
  PID:10728
- C:\Windows\System\sseINUC.exe
  C:\Windows\System\sseINUC.exe
  2⤵
  PID:10744
- C:\Windows\System\NdUErTX.exe
  C:\Windows\System\NdUErTX.exe
  2⤵
  PID:10764
- C:\Windows\System\edLXesS.exe
  C:\Windows\System\edLXesS.exe
  2⤵
  PID:10812
- C:\Windows\System\KELSwsu.exe
  C:\Windows\System\KELSwsu.exe
  2⤵
  PID:10840
- C:\Windows\System\HgcpTSg.exe
  C:\Windows\System\HgcpTSg.exe
  2⤵
  PID:10868
- C:\Windows\System\vZJJUNc.exe
  C:\Windows\System\vZJJUNc.exe
  2⤵
  PID:10884
- C:\Windows\System\vwAEDTQ.exe
  C:\Windows\System\vwAEDTQ.exe
  2⤵
  PID:10912
- C:\Windows\System\DBDNtVE.exe
  C:\Windows\System\DBDNtVE.exe
  2⤵
  PID:10940
- C:\Windows\System\UukZIem.exe
  C:\Windows\System\UukZIem.exe
  2⤵
  PID:10972
- C:\Windows\System\GcPwhjF.exe
  C:\Windows\System\GcPwhjF.exe
  2⤵
  PID:10996
- C:\Windows\System\peUkLkL.exe
  C:\Windows\System\peUkLkL.exe
  2⤵
  PID:11024
- C:\Windows\System\XuYLQRQ.exe
  C:\Windows\System\XuYLQRQ.exe
  2⤵
  PID:11052
- C:\Windows\System\JHnWbrY.exe
  C:\Windows\System\JHnWbrY.exe
  2⤵
  PID:11076
- C:\Windows\System\ZNlPMgj.exe
  C:\Windows\System\ZNlPMgj.exe
  2⤵
  PID:11100
- C:\Windows\System\GWndWJx.exe
  C:\Windows\System\GWndWJx.exe
  2⤵
  PID:11136
- C:\Windows\System\pmLFgsJ.exe
  C:\Windows\System\pmLFgsJ.exe
  2⤵
  PID:11168
- C:\Windows\System\lKoCPYO.exe
  C:\Windows\System\lKoCPYO.exe
  2⤵
  PID:11192
- C:\Windows\System\kCOAdmj.exe
  C:\Windows\System\kCOAdmj.exe
  2⤵
  PID:11220
- C:\Windows\System\IGJUmNK.exe
  C:\Windows\System\IGJUmNK.exe
  2⤵
  PID:11252
- C:\Windows\System\UPwiuiv.exe
  C:\Windows\System\UPwiuiv.exe
  2⤵
  PID:9592
- C:\Windows\System\VFiNbPK.exe
  C:\Windows\System\VFiNbPK.exe
  2⤵
  PID:10292
- C:\Windows\System\KOIvxYD.exe
  C:\Windows\System\KOIvxYD.exe
  2⤵
  PID:10364
- C:\Windows\System\MyXEqhO.exe
  C:\Windows\System\MyXEqhO.exe
  2⤵
  PID:10436
- C:\Windows\System\GlXtECX.exe
  C:\Windows\System\GlXtECX.exe
  2⤵
  PID:10484
- C:\Windows\System\uOsWZvG.exe
  C:\Windows\System\uOsWZvG.exe
  2⤵
  PID:10560
- C:\Windows\System\TQfQqRO.exe
  C:\Windows\System\TQfQqRO.exe
  2⤵
  PID:10608
- C:\Windows\System\UBEbQlg.exe
  C:\Windows\System\UBEbQlg.exe
  2⤵
  PID:10716
- C:\Windows\System\jBCANSD.exe
  C:\Windows\System\jBCANSD.exe
  2⤵
  PID:10752
- C:\Windows\System\FRtyQUN.exe
  C:\Windows\System\FRtyQUN.exe
  2⤵
  PID:10828
- C:\Windows\System\CnPMmQW.exe
  C:\Windows\System\CnPMmQW.exe
  2⤵
  PID:10908
- C:\Windows\System\PYcfhkm.exe
  C:\Windows\System\PYcfhkm.exe
  2⤵
  PID:10980
- C:\Windows\System\gnGRcFK.exe
  C:\Windows\System\gnGRcFK.exe
  2⤵
  PID:11016
- C:\Windows\System\AhSPtSD.exe
  C:\Windows\System\AhSPtSD.exe
  2⤵
  PID:11092
- C:\Windows\System\NgJIyqD.exe
  C:\Windows\System\NgJIyqD.exe
  2⤵
  PID:11120
- C:\Windows\System\GkDEORJ.exe
  C:\Windows\System\GkDEORJ.exe
  2⤵
  PID:11188
- C:\Windows\System\qtEYJSu.exe
  C:\Windows\System\qtEYJSu.exe
  2⤵
  PID:11248
- C:\Windows\System\Uhpaspw.exe
  C:\Windows\System\Uhpaspw.exe
  2⤵
  PID:10252
- C:\Windows\System\FFcDuur.exe
  C:\Windows\System\FFcDuur.exe
  2⤵
  PID:10424
- C:\Windows\System\MogMGWw.exe
  C:\Windows\System\MogMGWw.exe
  2⤵
  PID:10660
- C:\Windows\System\WFgxFUH.exe
  C:\Windows\System\WFgxFUH.exe
  2⤵
  PID:10824
- C:\Windows\System\pUfMTLl.exe
  C:\Windows\System\pUfMTLl.exe
  2⤵
  PID:11044
- C:\Windows\System\WPRkTfV.exe
  C:\Windows\System\WPRkTfV.exe
  2⤵
  PID:11204
- C:\Windows\System\rOLrSBr.exe
  C:\Windows\System\rOLrSBr.exe
  2⤵
  PID:11108
- C:\Windows\System\ICbcpgr.exe
  C:\Windows\System\ICbcpgr.exe
  2⤵
  PID:10540
- C:\Windows\System\yOPOvtQ.exe
  C:\Windows\System\yOPOvtQ.exe
  2⤵
  PID:10832
- C:\Windows\System\AntzSvh.exe
  C:\Windows\System\AntzSvh.exe
  2⤵
  PID:11176
- C:\Windows\System\hvioTTH.exe
  C:\Windows\System\hvioTTH.exe
  2⤵
  PID:10740
- C:\Windows\System\myehfHA.exe
  C:\Windows\System\myehfHA.exe
  2⤵
  PID:11288
- C:\Windows\System\hhKSdtC.exe
  C:\Windows\System\hhKSdtC.exe
  2⤵
  PID:11312
- C:\Windows\System\yDqWFKP.exe
  C:\Windows\System\yDqWFKP.exe
  2⤵
  PID:11348
- C:\Windows\System\EvMxASE.exe
  C:\Windows\System\EvMxASE.exe
  2⤵
  PID:11372
- C:\Windows\System\PcUSZzg.exe
  C:\Windows\System\PcUSZzg.exe
  2⤵
  PID:11392
- C:\Windows\System\HsBpPyd.exe
  C:\Windows\System\HsBpPyd.exe
  2⤵
  PID:11420
- C:\Windows\System\JqUDwXr.exe
  C:\Windows\System\JqUDwXr.exe
  2⤵
  PID:11448
- C:\Windows\System\pSdxYfk.exe
  C:\Windows\System\pSdxYfk.exe
  2⤵
  PID:11480
- C:\Windows\System\LZdwpbf.exe
  C:\Windows\System\LZdwpbf.exe
  2⤵
  PID:11508
- C:\Windows\System\iPyUOpI.exe
  C:\Windows\System\iPyUOpI.exe
  2⤵
  PID:11544
- C:\Windows\System\ACznZmj.exe
  C:\Windows\System\ACznZmj.exe
  2⤵
  PID:11560
- C:\Windows\System\svBzZuP.exe
  C:\Windows\System\svBzZuP.exe
  2⤵
  PID:11588
- C:\Windows\System\JSPKzjF.exe
  C:\Windows\System\JSPKzjF.exe
  2⤵
  PID:11628
- C:\Windows\System\gNVQVao.exe
  C:\Windows\System\gNVQVao.exe
  2⤵
  PID:11644
- C:\Windows\System\wAFaaUs.exe
  C:\Windows\System\wAFaaUs.exe
  2⤵
  PID:11676
- C:\Windows\System\DYIUqOv.exe
  C:\Windows\System\DYIUqOv.exe
  2⤵
  PID:11716
- C:\Windows\System\eCKRUIX.exe
  C:\Windows\System\eCKRUIX.exe
  2⤵
  PID:11744
- C:\Windows\System\ZdaXpOO.exe
  C:\Windows\System\ZdaXpOO.exe
  2⤵
  PID:11768
- C:\Windows\System\FFQYbMS.exe
  C:\Windows\System\FFQYbMS.exe
  2⤵
  PID:11800
- C:\Windows\System\ywpyrnE.exe
  C:\Windows\System\ywpyrnE.exe
  2⤵
  PID:11820
- C:\Windows\System\lXZifWF.exe
  C:\Windows\System\lXZifWF.exe
  2⤵
  PID:11848
- C:\Windows\System\itJHIUA.exe
  C:\Windows\System\itJHIUA.exe
  2⤵
  PID:11876
- C:\Windows\System\oHfZpmc.exe
  C:\Windows\System\oHfZpmc.exe
  2⤵
  PID:11908
- C:\Windows\System\yVQWcnl.exe
  C:\Windows\System\yVQWcnl.exe
  2⤵
  PID:11936
- C:\Windows\System\WlEorgK.exe
  C:\Windows\System\WlEorgK.exe
  2⤵
  PID:11964
- C:\Windows\System\TXGPVFu.exe
  C:\Windows\System\TXGPVFu.exe
  2⤵
  PID:11984
- C:\Windows\System\DHGqJZV.exe
  C:\Windows\System\DHGqJZV.exe
  2⤵
  PID:12020
- C:\Windows\System\WnWRBDB.exe
  C:\Windows\System\WnWRBDB.exe
  2⤵
  PID:12036
- C:\Windows\System\UdDpsSd.exe
  C:\Windows\System\UdDpsSd.exe
  2⤵
  PID:12060
- C:\Windows\System\yHFZxhD.exe
  C:\Windows\System\yHFZxhD.exe
  2⤵
  PID:12084
- C:\Windows\System\ljXfLMJ.exe
  C:\Windows\System\ljXfLMJ.exe
  2⤵
  PID:12116
- C:\Windows\System\fqYRAOw.exe
  C:\Windows\System\fqYRAOw.exe
  2⤵
  PID:12152
- C:\Windows\System\EMYHNcB.exe
  C:\Windows\System\EMYHNcB.exe
  2⤵
  PID:12168
- C:\Windows\System\ghXwODz.exe
  C:\Windows\System\ghXwODz.exe
  2⤵
  PID:12196
- C:\Windows\System\qfSixJG.exe
  C:\Windows\System\qfSixJG.exe
  2⤵
  PID:12224
- C:\Windows\System\xTnZLOJ.exe
  C:\Windows\System\xTnZLOJ.exe
  2⤵
  PID:12264
- C:\Windows\System\fsjuDvG.exe
  C:\Windows\System\fsjuDvG.exe
  2⤵
  PID:10536
- C:\Windows\System\csAulfi.exe
  C:\Windows\System\csAulfi.exe
  2⤵
  PID:11308
- C:\Windows\System\oqphlrM.exe
  C:\Windows\System\oqphlrM.exe
  2⤵
  PID:11404
- C:\Windows\System\uZIFUXy.exe
  C:\Windows\System\uZIFUXy.exe
  2⤵
  PID:11432
- C:\Windows\System\OfnHGfe.exe
  C:\Windows\System\OfnHGfe.exe
  2⤵
  PID:11536
- C:\Windows\System\BjFaFfj.exe
  C:\Windows\System\BjFaFfj.exe
  2⤵
  PID:11556
- C:\Windows\System\pbZziEh.exe
  C:\Windows\System\pbZziEh.exe
  2⤵
  PID:11668
- C:\Windows\System\PZSzLXZ.exe
  C:\Windows\System\PZSzLXZ.exe
  2⤵
  PID:11736
- C:\Windows\System\IrPbgeB.exe
  C:\Windows\System\IrPbgeB.exe
  2⤵
  PID:11788
- C:\Windows\System\kxDDmQS.exe
  C:\Windows\System\kxDDmQS.exe
  2⤵
  PID:11812
- C:\Windows\System\htHyMAI.exe
  C:\Windows\System\htHyMAI.exe
  2⤵
  PID:11872
- C:\Windows\System\juaqBXx.exe
  C:\Windows\System\juaqBXx.exe
  2⤵
  PID:11952
- C:\Windows\System\gobLVcU.exe
  C:\Windows\System\gobLVcU.exe
  2⤵
  PID:12032
- C:\Windows\System\FwaOSJc.exe
  C:\Windows\System\FwaOSJc.exe
  2⤵
  PID:12100
- C:\Windows\System\cAPXSBy.exe
  C:\Windows\System\cAPXSBy.exe
  2⤵
  PID:12184
- C:\Windows\System\BZOujPI.exe
  C:\Windows\System\BZOujPI.exe
  2⤵
  PID:12212
- C:\Windows\System\SCflOAD.exe
  C:\Windows\System\SCflOAD.exe
  2⤵
  PID:12276
- C:\Windows\System\kAngiWW.exe
  C:\Windows\System\kAngiWW.exe
  2⤵
  PID:11320
- C:\Windows\System\uwOiEhA.exe
  C:\Windows\System\uwOiEhA.exe
  2⤵
  PID:11516
- C:\Windows\System\KuLyisZ.exe
  C:\Windows\System\KuLyisZ.exe
  2⤵
  PID:11704
- C:\Windows\System\BWlYrtK.exe
  C:\Windows\System\BWlYrtK.exe
  2⤵
  PID:11856
- C:\Windows\System\WUoZPyI.exe
  C:\Windows\System\WUoZPyI.exe
  2⤵
  PID:11996
- C:\Windows\System\DsYiEBw.exe
  C:\Windows\System\DsYiEBw.exe
  2⤵
  PID:12216
- C:\Windows\System\vqvRjoV.exe
  C:\Windows\System\vqvRjoV.exe
  2⤵
  PID:11300
- C:\Windows\System\XeYFNeE.exe
  C:\Windows\System\XeYFNeE.exe
  2⤵
  PID:11944
- C:\Windows\System\GikzQkG.exe
  C:\Windows\System\GikzQkG.exe
  2⤵
  PID:11412
- C:\Windows\System\GYNxkLy.exe
  C:\Windows\System\GYNxkLy.exe
  2⤵
  PID:12236
- C:\Windows\System\zlMEOyE.exe
  C:\Windows\System\zlMEOyE.exe
  2⤵
  PID:11740
- C:\Windows\System\uXpNysj.exe
  C:\Windows\System\uXpNysj.exe
  2⤵
  PID:12312
- C:\Windows\System\nixUJLR.exe
  C:\Windows\System\nixUJLR.exe
  2⤵
  PID:12328
- C:\Windows\System\cwxnOSO.exe
  C:\Windows\System\cwxnOSO.exe
  2⤵
  PID:12360
- C:\Windows\System\wFaCdWB.exe
  C:\Windows\System\wFaCdWB.exe
  2⤵
  PID:12396
- C:\Windows\System\nAlKUnJ.exe
  C:\Windows\System\nAlKUnJ.exe
  2⤵
  PID:12424
- C:\Windows\System\ueYejqH.exe
  C:\Windows\System\ueYejqH.exe
  2⤵
  PID:12440
- C:\Windows\System\GShVlwa.exe
  C:\Windows\System\GShVlwa.exe
  2⤵
  PID:12468
- C:\Windows\System\ZdYMyGg.exe
  C:\Windows\System\ZdYMyGg.exe
  2⤵
  PID:12512
- C:\Windows\System\TrFdnXY.exe
  C:\Windows\System\TrFdnXY.exe
  2⤵
  PID:12540
- C:\Windows\System\bMdyUpQ.exe
  C:\Windows\System\bMdyUpQ.exe
  2⤵
  PID:12568
- C:\Windows\System\zsmLqZw.exe
  C:\Windows\System\zsmLqZw.exe
  2⤵
  PID:12584
- C:\Windows\System\pKFZidb.exe
  C:\Windows\System\pKFZidb.exe
  2⤵
  PID:12628
- C:\Windows\System\FcrcFhf.exe
  C:\Windows\System\FcrcFhf.exe
  2⤵
  PID:12664
- C:\Windows\System\iCyjXjC.exe
  C:\Windows\System\iCyjXjC.exe
  2⤵
  PID:12692
- C:\Windows\System\tGLOGBg.exe
  C:\Windows\System\tGLOGBg.exe
  2⤵
  PID:12708
- C:\Windows\System\AUzYjgg.exe
  C:\Windows\System\AUzYjgg.exe
  2⤵
  PID:12744
- C:\Windows\System\oydZrYM.exe
  C:\Windows\System\oydZrYM.exe
  2⤵
  PID:12772
- C:\Windows\System\uBWdPow.exe
  C:\Windows\System\uBWdPow.exe
  2⤵
  PID:12792
- C:\Windows\System\HSVxygC.exe
  C:\Windows\System\HSVxygC.exe
  2⤵
  PID:12820
- C:\Windows\System\tigItPw.exe
  C:\Windows\System\tigItPw.exe
  2⤵
  PID:12848
- C:\Windows\System\xfBvOUB.exe
  C:\Windows\System\xfBvOUB.exe
  2⤵
  PID:12876
- C:\Windows\System\CbzuLUp.exe
  C:\Windows\System\CbzuLUp.exe
  2⤵
  PID:12896
- C:\Windows\System\RvRUsPy.exe
  C:\Windows\System\RvRUsPy.exe
  2⤵
  PID:12920
- C:\Windows\System\mDKukxa.exe
  C:\Windows\System\mDKukxa.exe
  2⤵
  PID:12948
- C:\Windows\System\ALpLiUm.exe
  C:\Windows\System\ALpLiUm.exe
  2⤵
  PID:12976
- C:\Windows\System\lihRXtQ.exe
  C:\Windows\System\lihRXtQ.exe
  2⤵
  PID:13016
- C:\Windows\System\dWDFsCO.exe
  C:\Windows\System\dWDFsCO.exe
  2⤵
  PID:13044
- C:\Windows\System\fjAthji.exe
  C:\Windows\System\fjAthji.exe
  2⤵
  PID:13060
- C:\Windows\System\eFXxHVv.exe
  C:\Windows\System\eFXxHVv.exe
  2⤵
  PID:13088
- C:\Windows\System\grkhNCN.exe
  C:\Windows\System\grkhNCN.exe
  2⤵
  PID:13104
- C:\Windows\System\grJmwsM.exe
  C:\Windows\System\grJmwsM.exe
  2⤵
  PID:13136
- C:\Windows\System\pugyhxX.exe
  C:\Windows\System\pugyhxX.exe
  2⤵
  PID:13176
- C:\Windows\System\RBBJbdi.exe
  C:\Windows\System\RBBJbdi.exe
  2⤵
  PID:13220
- C:\Windows\System\FLKVfsL.exe
  C:\Windows\System\FLKVfsL.exe
  2⤵
  PID:13240
- C:\Windows\System\OtwqBnl.exe
  C:\Windows\System\OtwqBnl.exe
  2⤵
  PID:13268
- C:\Windows\System\NSVCYFj.exe
  C:\Windows\System\NSVCYFj.exe
  2⤵
  PID:13308
- C:\Windows\System\LKZfALa.exe
  C:\Windows\System\LKZfALa.exe
  2⤵
  PID:12380
- C:\Windows\System\LFAZeuf.exe
  C:\Windows\System\LFAZeuf.exe
  2⤵
  PID:12384
- C:\Windows\System\hcqnTLc.exe
  C:\Windows\System\hcqnTLc.exe
  2⤵
  PID:12456
- C:\Windows\System\ggyrBTG.exe
  C:\Windows\System\ggyrBTG.exe
  2⤵
  PID:12552
- C:\Windows\System\NGTIcxw.exe
  C:\Windows\System\NGTIcxw.exe
  2⤵
  PID:12648
- C:\Windows\System\TXCulUt.exe
  C:\Windows\System\TXCulUt.exe
  2⤵
  PID:12700
- C:\Windows\System\IjpPcVM.exe
  C:\Windows\System\IjpPcVM.exe
  2⤵
  PID:12784
- C:\Windows\System\SjUwDnY.exe
  C:\Windows\System\SjUwDnY.exe
  2⤵
  PID:12912
- C:\Windows\System\Dmubapr.exe
  C:\Windows\System\Dmubapr.exe
  2⤵
  PID:12936
- C:\Windows\System\lXTtDOI.exe
  C:\Windows\System\lXTtDOI.exe
  2⤵
  PID:12988
- C:\Windows\System\EefXeKg.exe
  C:\Windows\System\EefXeKg.exe
  2⤵
  PID:13080
- C:\Windows\System\sNzGoxc.exe
  C:\Windows\System\sNzGoxc.exe
  2⤵
  PID:13192
- C:\Windows\System\vUERfMk.exe
  C:\Windows\System\vUERfMk.exe
  2⤵
  PID:13236
- C:\Windows\System\tqikUmL.exe
  C:\Windows\System\tqikUmL.exe
  2⤵
  PID:12136
- C:\Windows\System\YVoPRmu.exe
  C:\Windows\System\YVoPRmu.exe
  2⤵
  PID:12320
- C:\Windows\System\UAtAuxN.exe
  C:\Windows\System\UAtAuxN.exe
  2⤵
  PID:12604
- C:\Windows\System\zYIMaFN.exe
  C:\Windows\System\zYIMaFN.exe
  2⤵
  PID:12680
- C:\Windows\System\dFCMXBd.exe
  C:\Windows\System\dFCMXBd.exe
  2⤵
  PID:12904
- C:\Windows\System\aJsRzRz.exe
  C:\Windows\System\aJsRzRz.exe
  2⤵
  PID:13132
- C:\Windows\System\gJkpGHa.exe
  C:\Windows\System\gJkpGHa.exe
  2⤵
  PID:4720
- C:\Windows\System\vdWDnnP.exe
  C:\Windows\System\vdWDnnP.exe
  2⤵
  PID:3700
- C:\Windows\System\mSNwoCe.exe
  C:\Windows\System\mSNwoCe.exe
  2⤵
  PID:12764
- C:\Windows\System\Kyaaplf.exe
  C:\Windows\System\Kyaaplf.exe
  2⤵
  PID:12372
- C:\Windows\System\pFDLJFZ.exe
  C:\Windows\System\pFDLJFZ.exe
  2⤵
  PID:13332
- C:\Windows\System\YmsEUPB.exe
  C:\Windows\System\YmsEUPB.exe
  2⤵
  PID:13368
- C:\Windows\System\OruGYaF.exe
  C:\Windows\System\OruGYaF.exe
  2⤵
  PID:13396
- C:\Windows\System\GAVvLLQ.exe
  C:\Windows\System\GAVvLLQ.exe
  2⤵
  PID:13428
- C:\Windows\System\BEcuhpp.exe
  C:\Windows\System\BEcuhpp.exe
  2⤵
  PID:13460
- C:\Windows\System\NDBlKxT.exe
  C:\Windows\System\NDBlKxT.exe
  2⤵
  PID:13484
- C:\Windows\System\UxFRXZS.exe
  C:\Windows\System\UxFRXZS.exe
  2⤵
  PID:13512
- C:\Windows\System\iemKZpN.exe
  C:\Windows\System\iemKZpN.exe
  2⤵
  PID:13552
- C:\Windows\System\XGYLPvj.exe
  C:\Windows\System\XGYLPvj.exe
  2⤵
  PID:13576
- C:\Windows\System\DYPYyfb.exe
  C:\Windows\System\DYPYyfb.exe
  2⤵
  PID:13608
- C:\Windows\System\CgxpWYq.exe
  C:\Windows\System\CgxpWYq.exe
  2⤵
  PID:13644
- C:\Windows\System\DSSHwnH.exe
  C:\Windows\System\DSSHwnH.exe
  2⤵
  PID:13676
- C:\Windows\System\aNuSqbo.exe
  C:\Windows\System\aNuSqbo.exe
  2⤵
  PID:13704
- C:\Windows\System\JMxnunL.exe
  C:\Windows\System\JMxnunL.exe
  2⤵
  PID:13744
- C:\Windows\System\brcLYme.exe
  C:\Windows\System\brcLYme.exe
  2⤵
  PID:13784
- C:\Windows\System\OSDEGqd.exe
  C:\Windows\System\OSDEGqd.exe
  2⤵
  PID:13812
- C:\Windows\System\mnNvhYB.exe
  C:\Windows\System\mnNvhYB.exe
  2⤵
  PID:13840
- C:\Windows\System\STJHHhN.exe
  C:\Windows\System\STJHHhN.exe
  2⤵
  PID:13856
- C:\Windows\System\tAZQsyU.exe
  C:\Windows\System\tAZQsyU.exe
  2⤵
  PID:13872
- C:\Windows\System\yOpKoOH.exe
  C:\Windows\System\yOpKoOH.exe
  2⤵
  PID:13888
- C:\Windows\System\ZJJtzVV.exe
  C:\Windows\System\ZJJtzVV.exe
  2⤵
  PID:13912
- C:\Windows\System\ZJVRcsb.exe
  C:\Windows\System\ZJVRcsb.exe
  2⤵
  PID:13932
- C:\Windows\System\WUCTNbN.exe
  C:\Windows\System\WUCTNbN.exe
  2⤵
  PID:13948
- C:\Windows\System\lnYNBnG.exe
  C:\Windows\System\lnYNBnG.exe
  2⤵
  PID:13980
- C:\Windows\System\TvDqZMD.exe
  C:\Windows\System\TvDqZMD.exe
  2⤵
  PID:14004
- C:\Windows\System\fPDyUQQ.exe
  C:\Windows\System\fPDyUQQ.exe
  2⤵
  PID:14040
- C:\Windows\System\LyoSSKl.exe
  C:\Windows\System\LyoSSKl.exe
  2⤵
  PID:14080
- C:\Windows\System\kuzmDar.exe
  C:\Windows\System\kuzmDar.exe
  2⤵
  PID:14124
- C:\Windows\System\YyyALef.exe
  C:\Windows\System\YyyALef.exe
  2⤵
  PID:14152
- C:\Windows\System\yEyVqoF.exe
  C:\Windows\System\yEyVqoF.exe
  2⤵
  PID:14184
- C:\Windows\System\zIgXHth.exe
  C:\Windows\System\zIgXHth.exe
  2⤵
  PID:14224
- C:\Windows\System\UWmpOOv.exe
  C:\Windows\System\UWmpOOv.exe
  2⤵
  PID:14264
- C:\Windows\System\cxyZFIZ.exe
  C:\Windows\System\cxyZFIZ.exe
  2⤵
  PID:14300
- C:\Windows\System\hBmTWzU.exe
  C:\Windows\System\hBmTWzU.exe
  2⤵
  PID:14320
- C:\Windows\System\UUaCFts.exe
  C:\Windows\System\UUaCFts.exe
  2⤵
  PID:13116
- C:\Windows\System\yrnWVta.exe
  C:\Windows\System\yrnWVta.exe
  2⤵
  PID:13344
- C:\Windows\System\gjdomWf.exe
  C:\Windows\System\gjdomWf.exe
  2⤵
  PID:13324
- C:\Windows\System\agbvJuS.exe
  C:\Windows\System\agbvJuS.exe
  2⤵
  PID:13392
- C:\Windows\System\CvNqNcV.exe
  C:\Windows\System\CvNqNcV.exe
  2⤵
  PID:13572
- C:\Windows\System\bgsLxTE.exe
  C:\Windows\System\bgsLxTE.exe
  2⤵
  PID:13524
- C:\Windows\System\vcTvrYT.exe
  C:\Windows\System\vcTvrYT.exe
  2⤵
  PID:13692
- C:\Windows\System\QdUZnud.exe
  C:\Windows\System\QdUZnud.exe
  2⤵
  PID:13728
- C:\Windows\System\EdOJGLH.exe
  C:\Windows\System\EdOJGLH.exe
  2⤵
  PID:13884
- C:\Windows\System\NJIFOzy.exe
  C:\Windows\System\NJIFOzy.exe
  2⤵
  PID:13924
- C:\Windows\System\cEPwZiW.exe
  C:\Windows\System\cEPwZiW.exe
  2⤵
  PID:13976
- C:\Windows\System\rBzFcYw.exe
  C:\Windows\System\rBzFcYw.exe
  2⤵
  PID:13996
- C:\Windows\System\JWrGHBq.exe
  C:\Windows\System\JWrGHBq.exe
  2⤵
  PID:14100
- C:\Windows\System\drsxSOC.exe
  C:\Windows\System\drsxSOC.exe
  2⤵
  PID:14140
- C:\Windows\System\Qcvbgmp.exe
  C:\Windows\System\Qcvbgmp.exe
  2⤵
  PID:14216
- C:\Windows\System\itbBUfe.exe
  C:\Windows\System\itbBUfe.exe
  2⤵
  PID:14276
- C:\Windows\System\GhdNMLS.exe
  C:\Windows\System\GhdNMLS.exe
  2⤵
  PID:14316
- C:\Windows\System\CSHFCTW.exe
  C:\Windows\System\CSHFCTW.exe
  2⤵
  PID:13440
- C:\Windows\System\LoiAuRI.exe
  C:\Windows\System\LoiAuRI.exe
  2⤵
  PID:13548
- C:\Windows\System\aKeqCgm.exe
  C:\Windows\System\aKeqCgm.exe
  2⤵
  PID:13688
- C:\Windows\System\JiaifTl.exe
  C:\Windows\System\JiaifTl.exe
  2⤵
  PID:13808
- C:\Windows\System\SzOhmqO.exe
  C:\Windows\System\SzOhmqO.exe
  2⤵
  PID:13944
- C:\Windows\System\luoVWIw.exe
  C:\Windows\System\luoVWIw.exe
  2⤵
  PID:14052
- C:\Windows\System\xPbQqwf.exe
  C:\Windows\System\xPbQqwf.exe
  2⤵
  PID:13124
- C:\Windows\System\WSMFfzL.exe
  C:\Windows\System\WSMFfzL.exe
  2⤵
  PID:13828
- C:\Windows\System\FWGEEeF.exe
  C:\Windows\System\FWGEEeF.exe
  2⤵
  PID:14164
- C:\Windows\System\gcQJZCf.exe
  C:\Windows\System\gcQJZCf.exe
  2⤵
  PID:12520
- C:\Windows\System\UvLZUKX.exe
  C:\Windows\System\UvLZUKX.exe
  2⤵
  PID:14348
- C:\Windows\System\Rvmgiid.exe
  C:\Windows\System\Rvmgiid.exe
  2⤵
  PID:14368
- C:\Windows\System\RkKTQQW.exe
  C:\Windows\System\RkKTQQW.exe
  2⤵
  PID:14392
- C:\Windows\System\jyrVwuP.exe
  C:\Windows\System\jyrVwuP.exe
  2⤵
  PID:14416
- C:\Windows\System\lCdlWiz.exe
  C:\Windows\System\lCdlWiz.exe
  2⤵
  PID:14448
- C:\Windows\System\AEHasfc.exe
  C:\Windows\System\AEHasfc.exe
  2⤵
  PID:14476
- C:\Windows\System\uHFIrQd.exe
  C:\Windows\System\uHFIrQd.exe
  2⤵
  PID:14504
- C:\Windows\System\BIqZTmH.exe
  C:\Windows\System\BIqZTmH.exe
  2⤵
  PID:14532

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:540

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CDbcTkz.exe

Filesize
2.2MB

MD5
e74b86560aa118e23d544ea30d1d4925

SHA1
c3734523686d27f3a97c14633c116cce2a02e9e8

SHA256
b4370c6301327c9126b2e85b098c7fa223bfeb567e50196ebab461accc5eeae8

SHA512
8f12a818ee7af70fe5299c8579e622beba8e31c4a5e1bed5632d09221fd2e7e5eb735a9b74ca7d689b0f956773d4213e3cc4488b277e4d398038dcd90f679656

Download Submit
C:\Windows\System\DInQoZV.exe

Filesize
2.2MB

MD5
1bfb140e84195bff048912673adced2a

SHA1
9a2637f21414ecce7829b5381603a949ac8a32ee

SHA256
79b8d370000b7c4b4d84bc9bf37c29b8d329b1c502ea1f7747dd2142a7118a07

SHA512
7bf1c1e330d0f1de3fb3f7a3d22b56c2c2ddb22182e8094298e1e7561004174fe54c1bef6d66780c93e59c968375e8d1e92f9cf7d813a6f7bc6d88732a4c5da7

Download Submit
C:\Windows\System\DVcXlss.exe

Filesize
2.2MB

MD5
caddd691dc6b72dc7895f7e1b70a5203

SHA1
b0c34be40b63ad287820da75b51623546a35e852

SHA256
e74bbd4db8e097ae9caa89d205d9175cc85c51447a4f82a9b6bf2afd4612b272

SHA512
5e44acf37fd77584b8be00a168d8514294b1396f3412e5a66e43903e3c3aea721e588f48a127a85b52787dd1c3d9c9429c40a64daec0ac9b36ea937b84a14d8f

Download Submit
C:\Windows\System\Evlygfh.exe

Filesize
2.2MB

MD5
d60f159393b17b69427da28de59c09a8

SHA1
1646ffcd3483ea0b608e94efe066f6960946a297

SHA256
dfaf0708f03c5265b81791a9717f7390e74a8f683886ddcb432275f670c0593d

SHA512
c3870c400b37f5b7e94cef610ba8d03060bbf0dff4abe5224e0ef88fe6d322e9ebb31b54a267b6ef7ae93bc788c671c3be0336c107e2be35925fc99d6c5a3c62

Download Submit
C:\Windows\System\FVmwGWf.exe

Filesize
2.2MB

MD5
a8f1885f84e77634a733e19cd65d6fe0

SHA1
17fd1aa6ce929930fa34d192590cb50015269fb6

SHA256
fa0e7f7550ad90abbc4e05240f78aaff57becaafc2635ee172ba3e832854607c

SHA512
ac11f8ab8e8ffa787ba6baa3930fcfb42a426dbb0a2d85fbbd855f801a4b5a258a1a3207b42e18a3cd6fbdac606d0065d41e51d015b3bb6b7b535098b3dbe82a

Download Submit
C:\Windows\System\GTlmfNC.exe

Filesize
2.2MB

MD5
900a5859d1c88f736e8424ff34903f0b

SHA1
348579bd0334bd331932ee47b0135fc79ef0b96c

SHA256
e4d6114bbd02f37c9f8625ff3ddeb5b2cfce59322303fdbd4d824768535241c6

SHA512
6b4bd4c70a63dd3b38c1acdc6b3342e21afaacb793676d85bc951d5c35bf90b0aaae1a447a32fee1ece600c9a42a7a75f6fca3b44b287a5285708211e14b12ed

Download Submit
C:\Windows\System\HFziKMA.exe

Filesize
2.2MB

MD5
59a852fce8d830f5a1debdd8cbb11c4e

SHA1
4db9bc162ad2d1b78cd25ec0cf9f662c771d2a69

SHA256
bdc9f83b8df6fd390201812b2ef2bfbf7b86705b54398a01e9989d3cf60f5126

SHA512
185eb85bc6757a0d770a88a1c697b2fbf46b5cc9af30da706e6375c5c62cd1e9ed5cbed7827f613d8f4fa4b7db31f00979e9d0868df03ce2aaf3be31147b6020

Download Submit
C:\Windows\System\JRTKazj.exe

Filesize
2.2MB

MD5
80ba961f3af865760f4bbd6ef21a1002

SHA1
fb19d9f25307a736c871c55d00f2726b20ac076c

SHA256
7783097f117618c4e127f76ce46f0b97200c371c104ac2d60f519461ed5fbc9c

SHA512
365e22e4ac196c96a7c8d77849c68e0cd3de7c3c8e3d753cc10b39a4bf483359b37b1ae1bfe9fd90532995ca0355e24386351a031e7c7d0329599f3a996c16dc

Download Submit
C:\Windows\System\KqPvhSJ.exe

Filesize
2.2MB

MD5
c72adf09218c89eff7c25785388575ea

SHA1
138565dac1b7e487b6bdc27933b2f603459fa084

SHA256
d95259cd9586e45ea05f633d7671d1de05ce1d6ea116021d8a7c3059c221b887

SHA512
8f18f9227da6570882c56cf05bea03eee58d03def3e5c1ac59d3c746ad3b8799ccf385d121633b0123adedc77f4075c20208840a72e964e0a34be9749b12c008

Download Submit
C:\Windows\System\MIxmgQs.exe

Filesize
2.2MB

MD5
e06f897605e1c69f23e259b9483baf38

SHA1
d89c64e1552c53c81c2d68f93757a9edd78a896b

SHA256
36cafa716f842646c2e8b50a6bfe31743487bf69d8bfc61b7131f12df1ade1c6

SHA512
89018975d28b0ee53a5c53dded6adf79585a6c09c22df7a1d146084c985012bc07a51b71732f6cecbc669bdabff9741b1d4b87836744dc67e1af98e748e04e58

Download Submit
C:\Windows\System\NvWcwmd.exe

Filesize
2.2MB

MD5
4e31beb2eca74b874e3058168cca97e4

SHA1
ba1e1afa487146686ead35c41e6f4ce3d4bdea1d

SHA256
9ca1b8c77cea55accbc0d74f6c311eb1458262a8ce3bbc57ce20587f8f3cd55d

SHA512
464478944651a3766885334328cf93c177b367b7c3a0b3e4a2203355d741e06a52d43a23890b6632a8eb52f35d692bff4ac96b4924c246c0df6651df951c9820

Download Submit
C:\Windows\System\PKndElA.exe

Filesize
2.2MB

MD5
a05865863b0bee91927602b73e49a71c

SHA1
cf2f055fa04f2d7745b299179fa7781d9c1e6c76

SHA256
79dd3152baefe016df05c69be48965996074e2538181367b85d77e0afe8e113e

SHA512
4e2acc3c1689aa12f9373a4256920ed11d12ae0d5acb3112a65e0877fc621f386dbe1cd4a580e2ef5bad4aa127454aacb077f8d5053455db14dc68e59813e7fc

Download Submit
C:\Windows\System\QQffDZJ.exe

Filesize
2.2MB

MD5
75270ce770c975b14d8e98be37d6d47e

SHA1
f5564fb4c57fae0154516835b7c8f57f632d5565

SHA256
5ec4e89a25d69680634275fead12a86d77e0643102fbf166da029a5d36ed825d

SHA512
0d7b4c74bc852c91621f99a91fe03ad44bcd7abddf4e681ee53e51413b4fd974f49b24e1df8e1611c31f458fddce96ba94d836cb511769fd9fe061988caf5d93

Download Submit
C:\Windows\System\VqWAQbn.exe

Filesize
2.2MB

MD5
462745082b019688681c3686cc4367d4

SHA1
6c74aab6ff048652005399138179b937da5e7465

SHA256
a5cef7edef0ca4b003492cd46f3d588804d26d23f296cf66d805972ff8aae3b6

SHA512
c30a74ae67e419478162b212ed747fbd629abba4a432a30c1f8916091f618dfbcb46ea2a02126a9fdc77375127f20194d6ab6b65dfadfd57eb1c76dc91755610

Download Submit
C:\Windows\System\YosRuDl.exe

Filesize
2.2MB

MD5
1f4b8036d487e68d571ddbfb01b7ffba

SHA1
b38e0e1eb0246673c36750a897e33a35f8296785

SHA256
1dc0623bec5e0097cffc79bcdd3c860fff074baf65fb49b6461bfc9a552833b7

SHA512
fc4209b3df166354e1e2bb46821182a1ce60130bd9c00a17615e46e54b3401e73df19e9788941f75e1ad1a29cf0351b5d74c8351000ba1bc013c1f7e60dfe8fb

Download Submit
C:\Windows\System\ZOJsIXP.exe

Filesize
2.2MB

MD5
2c34acb8e94e151788a0c907baf7cd7c

SHA1
83f5a9ed483f1c90684985cf1b453ee2f7dfca81

SHA256
688ca2745b77bf3e4e7e68aa07498ab3409ff4f59493288399f2ba68b6159f5c

SHA512
a672e1af6a4e7f6ac3787c59da77e6af0d7e077c57371cbe1aae55053e1c85f877181a8010d87ddd187c5ec43d78d79fbd8c46b7c671e3aca30f24de65560423

Download Submit
C:\Windows\System\ZrIbwCS.exe

Filesize
2.2MB

MD5
fbbd22e25fa75b6f7cbf8257594bd0f2

SHA1
83d0c00827780f00c66256997542285f5cd1abe0

SHA256
53c65ad3657130798150286fa7a473835afaaa2980fc4ecd695b224800109651

SHA512
8d5987a6f0ae95d6cedcc94eb5717e09f9ec934c6e9f0d46a60cc54daec25ae26c04c125762851f3d4ea4407417b9973ab1d92ffbb7bb27a7d751702cbfcc089

Download Submit
C:\Windows\System\ZxUdZXd.exe

Filesize
2.2MB

MD5
8931233c94183eb28a8a6866f669b368

SHA1
b220d99a9a7e87f7a106490f007a23ce67ace7e6

SHA256
4e44d7d3d2137de3e96e2d93ddfd1750e061f7caf5727f44b68fcafa4e8ac223

SHA512
4043ec9ec1318395b2f3573d8edfea4291c14762c268637aaed69b4d8c34f73a290ec0238b1c809fc564b8be29c9316a580a79b5169793e7a428a9025250b036

Download Submit
C:\Windows\System\aZLuAMT.exe

Filesize
2.2MB

MD5
a9e80b2a88390b3b8555d6f8a8565b2c

SHA1
eb66bbe71f2aa34d2ba922e1b07279037bf31186

SHA256
b8fb51c0b804b0e26333e9bb6188fa00bafdcd20b37aba246407d4a01143e997

SHA512
4d69db8f5eb8720640933a61767792b2626ed4c8f51655c2db79d8498abbf395784ae91e9b2051737ca237fe10cf0f6948f1ce14398c9135180e887757646a8c

Download Submit
C:\Windows\System\aglooKX.exe

Filesize
2.2MB

MD5
3f0d5590204806c7d43e0e25dc9fde51

SHA1
046eaadde38e18892e5780e93af6a6577c3fd20b

SHA256
0f995ceb1a3aa5990c91e2082be6c1d8592dc8e40c3868f3b293892d8127ef98

SHA512
17007ea09afe432589311efb7c50f4e90e1a9ee0b76e0d90ace27f540e0dfc5e67661e332c2bf0d7d6b55cb23776774b1e599f664208559a14e2bbbe27341a2d

Download Submit
C:\Windows\System\dEOezZJ.exe

Filesize
2.2MB

MD5
2b3937095e225ffeb4e21b2e7b95eb8a

SHA1
cb4ab33cdbabb154dab64dc92b4a1ec1d5869464

SHA256
2723414ffe9f6e947eb2505583a9c89eb8a61d26894b3c28383264f289137c0b

SHA512
a2e8baa2aa96b827d0ed61f86e3143735ef98297991a4de959be65127fce169367bfbb94ae00b3a95a3999e9c145e3740b061ab3f25362aa03ca75b5a39f54ff

Download Submit
C:\Windows\System\fWbbzRI.exe

Filesize
2.2MB

MD5
0c20537b4bb678a741f0f56f96d5ddda

SHA1
7b3fb7bb677f03fe591b4bd0ca8ab5673f8c3687

SHA256
a4fa4498e6d37b06b1626668322d649e0392b8dfc936e6c8441b8086cb46e68e

SHA512
c646591ea8623eb8705ee4b36476475f35e547e7cfcd2a926628abfac915650ce3d3bb9222cac041491120cca2cf18868ea37518097ceb52f823c1f1b9a2aa1d

Download Submit
C:\Windows\System\jCVUrNx.exe

Filesize
2.2MB

MD5
9be169003260283e63b197331014d8be

SHA1
ee3b54b78887253bae39c2cee853b637ef06db3a

SHA256
54a1a37f7981530624c36c2a9d4d76f017f4535f5a23a7b600281c48824c867f

SHA512
a5137c5daf2d9281300eaac81a23e1082c0327970d3b4bde0f993638d54d9021530b83ca2b64ce96d080a69a067595cd492d0e3352cf0e44d50f01de79889640

Download Submit
C:\Windows\System\jmYbEyg.exe

Filesize
2.2MB

MD5
1f454c6e71be7034bd712c91deddeab3

SHA1
9c6fdb84cba3d1e2756617123a26a9eade5b11b8

SHA256
59e9fa8c81b75627554c132b1513cf2e8617f6adc134d5a1a612e7b44b588c25

SHA512
17fb94e2d13599000035104c729f33b5b0ae5f653f31989b9e060eefc64f92ae8f5c27a1c5c7b88a7c737a68a3e4f7ae0fac4d84ce743d26f1789cd97aa0189f

Download Submit
C:\Windows\System\jqFsuFN.exe

Filesize
2.2MB

MD5
493599a619756c97fcc381b46cfd87e0

SHA1
3871d8a9ad0c1c4793a0ec980180be906465799c

SHA256
dcaff240cf3c90c7d1e0ab755b6d5e14cd727001b5c23abf5e9afafa7996e0e0

SHA512
4bda002728c32561710a195dcb5ccf7d1ae80d2e4f7291ade26873f01e69c9d69d080b45224adf702cd6900b18889a4c7650566173f6d8b8afba29577800e8e0

Download Submit
C:\Windows\System\lHwfbvF.exe

Filesize
2.2MB

MD5
c540d3602bbf9e695a0d91bf80e97d5e

SHA1
16e654bb63ef1f40890063fc3a68592bd5c50c34

SHA256
b33c574a19cdbfceff768e2a56c7e77d61856dc0b093ef1358ef9569429deb1a

SHA512
cf7dec70e95827e136a8e3f4b77583057c07d49676e8d1440320a38bcb7c0cdc2069ae3cdc68ce3d4d49e52f35c5f4af78dddddf6ac8691b7a4a8dbe56992b51

Download Submit
C:\Windows\System\nNsXIUd.exe

Filesize
2.2MB

MD5
2a9bfb04e680c5e48cb9b3493d71f3a1

SHA1
3a52399d2eb7548d3afef824d35c9b2e55f15d50

SHA256
e2e966310bb40e33ec5b0adaddfb4b488c7ac70233f18fd7eb664c8a264136e4

SHA512
543cc66aa093ff618e84f9d69883fec4537ce929c23c2c7e37a066d3083c14e4f306b0b5d50a0fdba85996e07b303e431b5e3b640980da50d768ca65d12597c3

Download Submit
C:\Windows\System\nVnaEHp.exe

Filesize
2.2MB

MD5
3d3a3da6ed5a2e23c6c9ff86dd1b0ebf

SHA1
7dbd1ed32321556bd5888f2ab796f1d4300f3b04

SHA256
3eaae7535747380009c8b322a22271b0bc606380540d9e95f716f2984f5abb76

SHA512
78d4605fa06eb37a23886e8f3cf9535a7009069504636ef4a858d6de302f4febdbab2f39a863cb9b06f1cc34ad19140a73c2d2c9914c435a877ca7fda787d099

Download Submit
C:\Windows\System\oizAxoK.exe

Filesize
2.2MB

MD5
4f8548221783185717c4495bff4a3ac8

SHA1
4542b72f288939c6b7bfd26ce87a2d3ac05fa948

SHA256
5bd4b4e5bfbb7efa208089e7b30e7609c4b3d233fe33705abed7d84ed7ff6ad9

SHA512
fbb9db2f4b7233cc47643b521dfdfda2543c34bf39ebb3020b0d93230494db86b0e6011b219805f97f6682b662c0ea9bddc5d4cf2e28c955c26b2d9c04a83880

Download Submit
C:\Windows\System\pQxVUMj.exe

Filesize
2.2MB

MD5
f17e2add5a3026a05485a8e9c983af70

SHA1
170c9ed28fdfcf21bd7c824b22dbffb92f4ee8f3

SHA256
be7b22d090b99a3865e3b526edc91a72a590bd98743f3469a1d53b2d6c347204

SHA512
c7c02fd0e3abfda18024f0de884fd11c6009d0311e770848515f29c2e9dbb27aae2a745a96c62610dc1864b68d380581a72c05d8dede4b69d7d3c397ef4cbcd0

Download Submit
C:\Windows\System\popeQXV.exe

Filesize
2.2MB

MD5
2e001d176dad345a5bc0d3b543aef633

SHA1
425f6ed878841eeac1fa47c7eb169bd3e40b0224

SHA256
1e0ab7f66b826527b13e7552124efe2a0c9ad0d6dd02131023500a06199c37a9

SHA512
88bf555462e37d51b8f671339f27bf88436caa2783ec7dd7e32b0e756df68b8d75d374c01cade8069792f30ecb907be8e4fca232f4ed43f80a94f2df68dd760c

Download Submit
C:\Windows\System\qOuWQLh.exe

Filesize
2.2MB

MD5
2ad802899223b8b442b7243bd6c84cf2

SHA1
3f7142165dfeacc27213fef5149af5ea7d1363e5

SHA256
2931049741ab6a0e68f7a51c6bc018ac12dfffda2c5b2ef55532f88faa78930d

SHA512
abbeeace08d1e650fb94b17000685ee10f2b4bce85180d7dcc16edad2d7164ab657199032e6b0982d9b2ae8cac5a129ff4bf9bb869d84d7654cb04d7e56af19e

Download Submit
C:\Windows\System\sQyygiQ.exe

Filesize
2.2MB

MD5
1022dc294fe13cd8df87f7cab2279aec

SHA1
7524a7dc51b22ee1f36d2ec84d618e6440c33168

SHA256
dddf40ba0edf9084ffeea32105bd9f3b8ca668c5ce90bb0b606fa0e8544dc9f0

SHA512
9af02732eca8c3d69c07315fa902c2a9f05642062ad6816bf3f0b16c22f95a53355ad3bad0f9d239b4798ad2077a3b57cf9ae4f3d6c1c9556bfe165be7805d45

Download Submit
C:\Windows\System\tEFEaDq.exe

Filesize
2.2MB

MD5
cc387b30521ae67a4444bbde40e1c35a

SHA1
ebbd5ef8c5c19f7771339ebdaa8afaa763236024

SHA256
441b1aaeaed69bb5959b939123b537ee45ee5664d070e1db0612e033873fc50e

SHA512
a8c8cdef9855d5f22dc40c874bfbfb1a11086095a07091b366918a670125e138ccc9a4c713e1a81de650a8add7160afe3c4691446209c6c625511f1919be462f

Download Submit
C:\Windows\System\trwjNUI.exe

Filesize
2.2MB

MD5
9efc663187655789506fa1cf6e907806

SHA1
8f1874828d8ce1cf93625f4d9e00e723340d9978

SHA256
49cad98443d11b4f0ce1ecd5bebce0ac224469c6a0520dce3e071b5e1047c9e1

SHA512
90596afa8e8b51af4425b75cc03e16fe09e0f2decb73295091fb1f15762b231c7acf0cf4141fbfd638d26dff6728116091c1791e7858ee78217b6a4ad59bae16

Download Submit
C:\Windows\System\xCjauar.exe

Filesize
2.2MB

MD5
f16e01e69865f3f3ac3b90e649ab81af

SHA1
1716492fea66c8607cc8cacfda21a4a9797d33a8

SHA256
5bd893256d1e662b81e82af02613c038bf7a011bfa644bbd28fefc7a7672be2a

SHA512
1e8b234f7ce2af44b08f1eb255886eec878342bf12baa63899f922511eecac87e93f1cb4ce86731fa487db4beb750664af0ef9ef1c697ad5dc46d5c837d6e7f8

Download Submit
C:\Windows\System\zJBzzhd.exe

Filesize
2.2MB

MD5
5028c05238576b7ac2d8be1bcc6b2069

SHA1
cc3dd5c6d10416aab5a5e330399841fdc194472c

SHA256
a75695ee8835ac90086a231885da51251417ddee6d08d1771a9790b9409a8557

SHA512
789ff002cafd5418f6d39b166530e38bc926127f4f382c192fa0b433613c0a9245eca0f0f3665bff41d9d9e31b31a763aaef0514f76c2644591abd0c3d7ef300

Download Submit
memory/212-213-0x00007FF7C8B10000-0x00007FF7C8E64000-memory.dmp

Filesize
3.3MB

Download
memory/212-2113-0x00007FF7C8B10000-0x00007FF7C8E64000-memory.dmp

Filesize
3.3MB

Download
memory/364-2131-0x00007FF79BA70000-0x00007FF79BDC4000-memory.dmp

Filesize
3.3MB

Download
memory/364-218-0x00007FF79BA70000-0x00007FF79BDC4000-memory.dmp

Filesize
3.3MB

Download
memory/436-110-0x00007FF6D9550000-0x00007FF6D98A4000-memory.dmp

Filesize
3.3MB

Download
memory/436-2111-0x00007FF6D9550000-0x00007FF6D98A4000-memory.dmp

Filesize
3.3MB

Download
memory/436-2100-0x00007FF6D9550000-0x00007FF6D98A4000-memory.dmp

Filesize
3.3MB

Download
memory/992-2118-0x00007FF73C3D0000-0x00007FF73C724000-memory.dmp

Filesize
3.3MB

Download
memory/992-215-0x00007FF73C3D0000-0x00007FF73C724000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2114-0x00007FF768490000-0x00007FF7687E4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2098-0x00007FF768490000-0x00007FF7687E4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-63-0x00007FF768490000-0x00007FF7687E4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-200-0x00007FF666C10000-0x00007FF666F64000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2124-0x00007FF666C10000-0x00007FF666F64000-memory.dmp

Filesize
3.3MB

Download
memory/1220-183-0x00007FF7BFAF0000-0x00007FF7BFE44000-memory.dmp

Filesize
3.3MB

Download
memory/1220-2121-0x00007FF7BFAF0000-0x00007FF7BFE44000-memory.dmp

Filesize
3.3MB

Download
memory/1424-191-0x00007FF7256A0000-0x00007FF7259F4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2102-0x00007FF7256A0000-0x00007FF7259F4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2123-0x00007FF7256A0000-0x00007FF7259F4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2122-0x00007FF76FC40000-0x00007FF76FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1528-201-0x00007FF76FC40000-0x00007FF76FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1800-212-0x00007FF6184B0000-0x00007FF618804000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2104-0x00007FF6184B0000-0x00007FF618804000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2117-0x00007FF64EE20000-0x00007FF64F174000-memory.dmp

Filesize
3.3MB

Download
memory/1908-216-0x00007FF64EE20000-0x00007FF64F174000-memory.dmp

Filesize
3.3MB

Download
memory/2028-217-0x00007FF7CFAF0000-0x00007FF7CFE44000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2128-0x00007FF7CFAF0000-0x00007FF7CFE44000-memory.dmp

Filesize
3.3MB

Download
memory/2124-80-0x00007FF648A80000-0x00007FF648DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2115-0x00007FF648A80000-0x00007FF648DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2101-0x00007FF648A80000-0x00007FF648DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2108-0x00007FF685E50000-0x00007FF6861A4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-129-0x00007FF685E50000-0x00007FF6861A4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2120-0x00007FF6AA330000-0x00007FF6AA684000-memory.dmp

Filesize
3.3MB

Download
memory/2608-182-0x00007FF6AA330000-0x00007FF6AA684000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2097-0x00007FF6BAE60000-0x00007FF6BB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2107-0x00007FF6BAE60000-0x00007FF6BB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-44-0x00007FF6BAE60000-0x00007FF6BB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2116-0x00007FF612E80000-0x00007FF6131D4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-148-0x00007FF612E80000-0x00007FF6131D4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1-0x0000024290E30000-0x0000024290E40000-memory.dmp

Filesize
64KB

Download
memory/2796-2095-0x00007FF7D5AD0000-0x00007FF7D5E24000-memory.dmp

Filesize
3.3MB

Download
memory/2796-0-0x00007FF7D5AD0000-0x00007FF7D5E24000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2127-0x00007FF672A70000-0x00007FF672DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-210-0x00007FF672A70000-0x00007FF672DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2099-0x00007FF7C1910000-0x00007FF7C1C64000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2112-0x00007FF7C1910000-0x00007FF7C1C64000-memory.dmp

Filesize
3.3MB

Download
memory/3392-75-0x00007FF7C1910000-0x00007FF7C1C64000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2109-0x00007FF72DD30000-0x00007FF72E084000-memory.dmp

Filesize
3.3MB

Download
memory/4540-130-0x00007FF72DD30000-0x00007FF72E084000-memory.dmp

Filesize
3.3MB

Download
memory/4548-209-0x00007FF602A00000-0x00007FF602D54000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2126-0x00007FF602A00000-0x00007FF602D54000-memory.dmp

Filesize
3.3MB

Download
memory/4660-211-0x00007FF6100F0000-0x00007FF610444000-memory.dmp

Filesize
3.3MB

Download
memory/4660-2129-0x00007FF6100F0000-0x00007FF610444000-memory.dmp

Filesize
3.3MB

Download
memory/4744-12-0x00007FF6F5350000-0x00007FF6F56A4000-memory.dmp

Filesize
3.3MB

Download
memory/4744-2103-0x00007FF6F5350000-0x00007FF6F56A4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2105-0x00007FF7B4A80000-0x00007FF7B4DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-47-0x00007FF7B4A80000-0x00007FF7B4DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2110-0x00007FF74E0F0000-0x00007FF74E444000-memory.dmp

Filesize
3.3MB

Download
memory/4796-214-0x00007FF74E0F0000-0x00007FF74E444000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2096-0x00007FF7F4010000-0x00007FF7F4364000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2106-0x00007FF7F4010000-0x00007FF7F4364000-memory.dmp

Filesize
3.3MB

Download
memory/4832-27-0x00007FF7F4010000-0x00007FF7F4364000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2125-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp

Filesize
3.3MB

Download
memory/4936-192-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2119-0x00007FF6CCD40000-0x00007FF6CD094000-memory.dmp

Filesize
3.3MB

Download
memory/4996-150-0x00007FF6CCD40000-0x00007FF6CD094000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2130-0x00007FF6DD8E0000-0x00007FF6DDC34000-memory.dmp

Filesize
3.3MB

Download
memory/5080-207-0x00007FF6DD8E0000-0x00007FF6DDC34000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads