xmrig | 2cded8726f64c866c666acaa9f0c762342f19b0fcc100510e69c2c6dea1103d9

Analysis

max time kernel
123s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
Size

2.6MB
MD5

6bd6aaf8fd99672e928869a67646e9b0
SHA1

2c1b39508e7926e6754be48dde20b6c1d7471e7c
SHA256

2cded8726f64c866c666acaa9f0c762342f19b0fcc100510e69c2c6dea1103d9
SHA512

3c27fdeb938a37df0d57c5def46473f22bf25bb8beeda60ed670bba6ee184c3e041659e6b7d3b645c585b8182e70875819b9c78fda99afb810ece7263c2b25fe
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPFo4BqyPa:BemTLkNdfE0pZrV56utgpPFox

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4196-0-0x00007FF77C520000-0x00007FF77C874000-memory.dmp	xmrig
behavioral2/files/0x00090000000233fa-5.dat	xmrig
behavioral2/files/0x0007000000023406-9.dat	xmrig
behavioral2/files/0x0008000000023405-11.dat	xmrig
behavioral2/memory/2928-13-0x00007FF66B820000-0x00007FF66BB74000-memory.dmp	xmrig
behavioral2/memory/3900-18-0x00007FF68DA90000-0x00007FF68DDE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-22.dat	xmrig
behavioral2/memory/3928-17-0x00007FF7EBF80000-0x00007FF7EC2D4000-memory.dmp	xmrig
behavioral2/memory/2648-24-0x00007FF693A20000-0x00007FF693D74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-28.dat	xmrig
behavioral2/files/0x0008000000023403-35.dat	xmrig
behavioral2/files/0x000700000002340a-47.dat	xmrig
behavioral2/files/0x0007000000023409-41.dat	xmrig
behavioral2/memory/5340-39-0x00007FF6E1070000-0x00007FF6E13C4000-memory.dmp	xmrig
behavioral2/memory/5952-36-0x00007FF6B0340000-0x00007FF6B0694000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-52.dat	xmrig
behavioral2/memory/5000-57-0x00007FF7EDC20000-0x00007FF7EDF74000-memory.dmp	xmrig
behavioral2/memory/4192-64-0x00007FF767600000-0x00007FF767954000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-69.dat	xmrig
behavioral2/files/0x000700000002340c-67.dat	xmrig
behavioral2/memory/488-66-0x00007FF62D880000-0x00007FF62DBD4000-memory.dmp	xmrig
behavioral2/memory/2928-65-0x00007FF66B820000-0x00007FF66BB74000-memory.dmp	xmrig
behavioral2/memory/4196-62-0x00007FF77C520000-0x00007FF77C874000-memory.dmp	xmrig
behavioral2/memory/4984-53-0x00007FF665D00000-0x00007FF666054000-memory.dmp	xmrig
behavioral2/memory/4176-51-0x00007FF656460000-0x00007FF6567B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-79.dat	xmrig
behavioral2/files/0x000800000002337f-76.dat	xmrig
behavioral2/memory/4572-85-0x00007FF780AF0000-0x00007FF780E44000-memory.dmp	xmrig
behavioral2/files/0x000800000002340f-82.dat	xmrig
behavioral2/memory/3020-92-0x00007FF693720000-0x00007FF693A74000-memory.dmp	xmrig
behavioral2/memory/5764-97-0x00007FF628320000-0x00007FF628674000-memory.dmp	xmrig
behavioral2/memory/5640-103-0x00007FF7FDFC0000-0x00007FF7FE314000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-110.dat	xmrig
behavioral2/files/0x0007000000023413-114.dat	xmrig
behavioral2/files/0x0007000000023416-121.dat	xmrig
behavioral2/files/0x0007000000023415-119.dat	xmrig
behavioral2/files/0x0003000000022ab6-149.dat	xmrig
behavioral2/files/0x0008000000023363-159.dat	xmrig
behavioral2/files/0x000b000000023369-175.dat	xmrig
behavioral2/memory/2340-603-0x00007FF61BA30000-0x00007FF61BD84000-memory.dmp	xmrig
behavioral2/memory/5648-601-0x00007FF6D9080000-0x00007FF6D93D4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023375-183.dat	xmrig
behavioral2/files/0x0008000000023367-173.dat	xmrig
behavioral2/files/0x0008000000023366-169.dat	xmrig
behavioral2/files/0x0008000000023364-163.dat	xmrig
behavioral2/files/0x0003000000022abf-153.dat	xmrig
behavioral2/files/0x0010000000016964-143.dat	xmrig
behavioral2/files/0x0006000000016924-136.dat	xmrig
behavioral2/files/0x000b00000000002c-131.dat	xmrig
behavioral2/files/0x0007000000023417-126.dat	xmrig
behavioral2/memory/5036-109-0x00007FF7EF690000-0x00007FF7EF9E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-100.dat	xmrig
behavioral2/memory/3900-102-0x00007FF68DA90000-0x00007FF68DDE4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023411-95.dat	xmrig
behavioral2/memory/2044-89-0x00007FF7836A0000-0x00007FF7839F4000-memory.dmp	xmrig
behavioral2/memory/1960-635-0x00007FF6E57F0000-0x00007FF6E5B44000-memory.dmp	xmrig
behavioral2/memory/3260-642-0x00007FF7D0020000-0x00007FF7D0374000-memory.dmp	xmrig
behavioral2/memory/1796-629-0x00007FF72BE10000-0x00007FF72C164000-memory.dmp	xmrig
behavioral2/memory/3844-623-0x00007FF646FC0000-0x00007FF647314000-memory.dmp	xmrig
behavioral2/memory/4548-617-0x00007FF7726B0000-0x00007FF772A04000-memory.dmp	xmrig
behavioral2/memory/4968-614-0x00007FF79C920000-0x00007FF79CC74000-memory.dmp	xmrig
behavioral2/memory/392-613-0x00007FF6CAF00000-0x00007FF6CB254000-memory.dmp	xmrig
behavioral2/memory/4072-608-0x00007FF7E3AD0000-0x00007FF7E3E24000-memory.dmp	xmrig
behavioral2/memory/5100-645-0x00007FF6B2F80000-0x00007FF6B32D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2928	JhKIQDJ.exe
3928	PYXWWgG.exe
3900	cIqtGit.exe
2648	bnlAJMp.exe
5952	LjRaHPp.exe
5340	sXqpGAi.exe
4176	rWkJEWh.exe
4984	KTsFovp.exe
5000	nTFwvlR.exe
488	upGkjbR.exe
4192	vZyRWsm.exe
4572	HAXoEYf.exe
2044	szMPoIN.exe
3020	ISHVbIx.exe
5764	koIxzTD.exe
5640	vrfmcCr.exe
5036	RFxZcuP.exe
5100	HyixyqW.exe
5648	cYRQmrs.exe
5596	hXyqobC.exe
2340	lwlHdvy.exe
4072	gJaYrRH.exe
392	bMyJHFk.exe
4968	ImmjzPd.exe
4548	vXGWsQe.exe
3844	JUwXXaF.exe
1796	sWeZWNS.exe
1960	cEqrkss.exe
3260	emjNpQZ.exe
2236	Hmfgvft.exe
1012	koegemL.exe
2848	KfyYbBv.exe
5540	HHQnSZF.exe
5260	zUtIGGU.exe
5888	EfXFHaQ.exe
2792	ZpXEfVJ.exe
5636	JyjyoMa.exe
428	TRPPMtI.exe
3100	hwifSrk.exe
3052	OhjVUDd.exe
4600	JZZGxPp.exe
4888	KRcqFnl.exe
388	SEFIgKW.exe
3080	RghTyZY.exe
5136	GGcVwVf.exe
5460	AnWSkZY.exe
760	PJikvpx.exe
5676	sjpimmN.exe
5608	QAqaLpS.exe
3376	UOquLzk.exe
2136	yQuMxHV.exe
4356	tMeNklp.exe
2672	SHrGlXW.exe
2664	wEtEjvc.exe
2660	wgXJoip.exe
1360	FkAWFfO.exe
3148	WdTdDGR.exe
5028	fnxvLLm.exe
4396	pksyvxH.exe
5288	HTibzQE.exe
4308	BtSzqqU.exe
6096	utAdXRG.exe
6112	ASReDRD.exe
5652	KWsntsP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4196-0-0x00007FF77C520000-0x00007FF77C874000-memory.dmp	upx
behavioral2/files/0x00090000000233fa-5.dat	upx
behavioral2/files/0x0007000000023406-9.dat	upx
behavioral2/files/0x0008000000023405-11.dat	upx
behavioral2/memory/2928-13-0x00007FF66B820000-0x00007FF66BB74000-memory.dmp	upx
behavioral2/memory/3900-18-0x00007FF68DA90000-0x00007FF68DDE4000-memory.dmp	upx
behavioral2/files/0x0007000000023407-22.dat	upx
behavioral2/memory/3928-17-0x00007FF7EBF80000-0x00007FF7EC2D4000-memory.dmp	upx
behavioral2/memory/2648-24-0x00007FF693A20000-0x00007FF693D74000-memory.dmp	upx
behavioral2/files/0x0007000000023408-28.dat	upx
behavioral2/files/0x0008000000023403-35.dat	upx
behavioral2/files/0x000700000002340a-47.dat	upx
behavioral2/files/0x0007000000023409-41.dat	upx
behavioral2/memory/5340-39-0x00007FF6E1070000-0x00007FF6E13C4000-memory.dmp	upx
behavioral2/memory/5952-36-0x00007FF6B0340000-0x00007FF6B0694000-memory.dmp	upx
behavioral2/files/0x000700000002340b-52.dat	upx
behavioral2/memory/5000-57-0x00007FF7EDC20000-0x00007FF7EDF74000-memory.dmp	upx
behavioral2/memory/4192-64-0x00007FF767600000-0x00007FF767954000-memory.dmp	upx
behavioral2/files/0x000700000002340d-69.dat	upx
behavioral2/files/0x000700000002340c-67.dat	upx
behavioral2/memory/488-66-0x00007FF62D880000-0x00007FF62DBD4000-memory.dmp	upx
behavioral2/memory/2928-65-0x00007FF66B820000-0x00007FF66BB74000-memory.dmp	upx
behavioral2/memory/4196-62-0x00007FF77C520000-0x00007FF77C874000-memory.dmp	upx
behavioral2/memory/4984-53-0x00007FF665D00000-0x00007FF666054000-memory.dmp	upx
behavioral2/memory/4176-51-0x00007FF656460000-0x00007FF6567B4000-memory.dmp	upx
behavioral2/files/0x000700000002340e-79.dat	upx
behavioral2/files/0x000800000002337f-76.dat	upx
behavioral2/memory/4572-85-0x00007FF780AF0000-0x00007FF780E44000-memory.dmp	upx
behavioral2/files/0x000800000002340f-82.dat	upx
behavioral2/memory/3020-92-0x00007FF693720000-0x00007FF693A74000-memory.dmp	upx
behavioral2/memory/5764-97-0x00007FF628320000-0x00007FF628674000-memory.dmp	upx
behavioral2/memory/5640-103-0x00007FF7FDFC0000-0x00007FF7FE314000-memory.dmp	upx
behavioral2/files/0x0007000000023414-110.dat	upx
behavioral2/files/0x0007000000023413-114.dat	upx
behavioral2/files/0x0007000000023416-121.dat	upx
behavioral2/files/0x0007000000023415-119.dat	upx
behavioral2/files/0x0003000000022ab6-149.dat	upx
behavioral2/files/0x0008000000023363-159.dat	upx
behavioral2/files/0x000b000000023369-175.dat	upx
behavioral2/memory/2340-603-0x00007FF61BA30000-0x00007FF61BD84000-memory.dmp	upx
behavioral2/memory/5648-601-0x00007FF6D9080000-0x00007FF6D93D4000-memory.dmp	upx
behavioral2/files/0x000b000000023375-183.dat	upx
behavioral2/files/0x0008000000023367-173.dat	upx
behavioral2/files/0x0008000000023366-169.dat	upx
behavioral2/files/0x0008000000023364-163.dat	upx
behavioral2/files/0x0003000000022abf-153.dat	upx
behavioral2/files/0x0010000000016964-143.dat	upx
behavioral2/files/0x0006000000016924-136.dat	upx
behavioral2/files/0x000b00000000002c-131.dat	upx
behavioral2/files/0x0007000000023417-126.dat	upx
behavioral2/memory/5036-109-0x00007FF7EF690000-0x00007FF7EF9E4000-memory.dmp	upx
behavioral2/files/0x0007000000023412-100.dat	upx
behavioral2/memory/3900-102-0x00007FF68DA90000-0x00007FF68DDE4000-memory.dmp	upx
behavioral2/files/0x0008000000023411-95.dat	upx
behavioral2/memory/2044-89-0x00007FF7836A0000-0x00007FF7839F4000-memory.dmp	upx
behavioral2/memory/1960-635-0x00007FF6E57F0000-0x00007FF6E5B44000-memory.dmp	upx
behavioral2/memory/3260-642-0x00007FF7D0020000-0x00007FF7D0374000-memory.dmp	upx
behavioral2/memory/1796-629-0x00007FF72BE10000-0x00007FF72C164000-memory.dmp	upx
behavioral2/memory/3844-623-0x00007FF646FC0000-0x00007FF647314000-memory.dmp	upx
behavioral2/memory/4548-617-0x00007FF7726B0000-0x00007FF772A04000-memory.dmp	upx
behavioral2/memory/4968-614-0x00007FF79C920000-0x00007FF79CC74000-memory.dmp	upx
behavioral2/memory/392-613-0x00007FF6CAF00000-0x00007FF6CB254000-memory.dmp	upx
behavioral2/memory/4072-608-0x00007FF7E3AD0000-0x00007FF7E3E24000-memory.dmp	upx
behavioral2/memory/5100-645-0x00007FF6B2F80000-0x00007FF6B32D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wOFUpzO.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\hyvcHFz.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\xPCaUjU.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\NEqLhsv.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\MXhTkFo.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\FawgXlp.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\TQCDwdx.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\hYZjbpF.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\CAxLJsL.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\aIbxtby.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\ISHVbIx.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\PJikvpx.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\GDYBjxx.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\DfbKkJp.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\UDWxEAy.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\AoSgsCW.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\BxEjSAA.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\HuaQthn.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\BOpbyQw.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\djSSutt.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\CEXizzr.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\mcZLhTS.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\qgDwgkt.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\KASYJbR.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\ZVHoeCd.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\oeysPRL.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\VVtdsts.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\RfFzZgc.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\vwMSXHp.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\emjNpQZ.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\WdtpDdy.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\aCxefRt.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\VAzRmqe.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\OTaFemN.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\bElLTwu.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\gJaYrRH.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\ItyQbGw.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\THnpmnk.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\SOsddQA.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\ZuNfqxK.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\rejprAP.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\axUdvBf.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\dCnceAX.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\ASReDRD.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\NDKXDlw.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\WZIMhZU.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\aykiEeW.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\dJgtpJm.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\bJRaucr.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\koIxzTD.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\SEFIgKW.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\okwyBjg.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\ngpPmwl.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\BgjMZMM.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\XgWKmcg.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\RqGtahO.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\OxEecIc.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\kYFxFCe.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\WdTdDGR.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\CHuCXXq.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\JcCQLBl.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\NhzpvBx.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\LjRaHPp.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
File created	C:\Windows\System\ORrjifi.exe	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15096	dwm.exe
Token: SeChangeNotifyPrivilege	15096	dwm.exe
Token: 33	15096	dwm.exe
Token: SeIncBasePriorityPrivilege	15096	dwm.exe
Token: SeShutdownPrivilege	15096	dwm.exe
Token: SeCreatePagefilePrivilege	15096	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 2928	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	83
PID 4196 wrote to memory of 2928	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	83
PID 4196 wrote to memory of 3928	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	85
PID 4196 wrote to memory of 3928	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	85
PID 4196 wrote to memory of 3900	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	86
PID 4196 wrote to memory of 3900	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	86
PID 4196 wrote to memory of 2648	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	87
PID 4196 wrote to memory of 2648	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	87
PID 4196 wrote to memory of 5952	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	89
PID 4196 wrote to memory of 5952	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	89
PID 4196 wrote to memory of 5340	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	91
PID 4196 wrote to memory of 5340	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	91
PID 4196 wrote to memory of 4176	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	92
PID 4196 wrote to memory of 4176	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	92
PID 4196 wrote to memory of 4984	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	93
PID 4196 wrote to memory of 4984	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	93
PID 4196 wrote to memory of 5000	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	94
PID 4196 wrote to memory of 5000	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	94
PID 4196 wrote to memory of 488	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	95
PID 4196 wrote to memory of 488	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	95
PID 4196 wrote to memory of 4192	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	96
PID 4196 wrote to memory of 4192	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	96
PID 4196 wrote to memory of 4572	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	97
PID 4196 wrote to memory of 4572	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	97
PID 4196 wrote to memory of 2044	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	99
PID 4196 wrote to memory of 2044	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	99
PID 4196 wrote to memory of 3020	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	100
PID 4196 wrote to memory of 3020	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	100
PID 4196 wrote to memory of 5764	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	101
PID 4196 wrote to memory of 5764	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	101
PID 4196 wrote to memory of 5640	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	102
PID 4196 wrote to memory of 5640	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	102
PID 4196 wrote to memory of 5036	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	103
PID 4196 wrote to memory of 5036	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	103
PID 4196 wrote to memory of 5100	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	104
PID 4196 wrote to memory of 5100	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	104
PID 4196 wrote to memory of 5648	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	105
PID 4196 wrote to memory of 5648	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	105
PID 4196 wrote to memory of 5596	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	106
PID 4196 wrote to memory of 5596	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	106
PID 4196 wrote to memory of 2340	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	107
PID 4196 wrote to memory of 2340	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	107
PID 4196 wrote to memory of 4072	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	108
PID 4196 wrote to memory of 4072	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	108
PID 4196 wrote to memory of 392	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	109
PID 4196 wrote to memory of 392	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	109
PID 4196 wrote to memory of 4968	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	110
PID 4196 wrote to memory of 4968	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	110
PID 4196 wrote to memory of 4548	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	111
PID 4196 wrote to memory of 4548	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	111
PID 4196 wrote to memory of 3844	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	112
PID 4196 wrote to memory of 3844	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	112
PID 4196 wrote to memory of 1796	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	113
PID 4196 wrote to memory of 1796	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	113
PID 4196 wrote to memory of 1960	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	114
PID 4196 wrote to memory of 1960	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	114
PID 4196 wrote to memory of 3260	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	115
PID 4196 wrote to memory of 3260	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	115
PID 4196 wrote to memory of 2236	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	116
PID 4196 wrote to memory of 2236	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	116
PID 4196 wrote to memory of 1012	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	117
PID 4196 wrote to memory of 1012	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	117
PID 4196 wrote to memory of 2848	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	118
PID 4196 wrote to memory of 2848	4196	6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6bd6aaf8fd99672e928869a67646e9b0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Windows\System\JhKIQDJ.exe
  C:\Windows\System\JhKIQDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\PYXWWgG.exe
  C:\Windows\System\PYXWWgG.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\cIqtGit.exe
  C:\Windows\System\cIqtGit.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\bnlAJMp.exe
  C:\Windows\System\bnlAJMp.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\LjRaHPp.exe
  C:\Windows\System\LjRaHPp.exe
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\System\sXqpGAi.exe
  C:\Windows\System\sXqpGAi.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System\rWkJEWh.exe
  C:\Windows\System\rWkJEWh.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\KTsFovp.exe
  C:\Windows\System\KTsFovp.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\nTFwvlR.exe
  C:\Windows\System\nTFwvlR.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\upGkjbR.exe
  C:\Windows\System\upGkjbR.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\vZyRWsm.exe
  C:\Windows\System\vZyRWsm.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\HAXoEYf.exe
  C:\Windows\System\HAXoEYf.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\szMPoIN.exe
  C:\Windows\System\szMPoIN.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\ISHVbIx.exe
  C:\Windows\System\ISHVbIx.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\koIxzTD.exe
  C:\Windows\System\koIxzTD.exe
  2⤵
  - Executes dropped EXE
  PID:5764
- C:\Windows\System\vrfmcCr.exe
  C:\Windows\System\vrfmcCr.exe
  2⤵
  - Executes dropped EXE
  PID:5640
- C:\Windows\System\RFxZcuP.exe
  C:\Windows\System\RFxZcuP.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\HyixyqW.exe
  C:\Windows\System\HyixyqW.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\cYRQmrs.exe
  C:\Windows\System\cYRQmrs.exe
  2⤵
  - Executes dropped EXE
  PID:5648
- C:\Windows\System\hXyqobC.exe
  C:\Windows\System\hXyqobC.exe
  2⤵
  - Executes dropped EXE
  PID:5596
- C:\Windows\System\lwlHdvy.exe
  C:\Windows\System\lwlHdvy.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\gJaYrRH.exe
  C:\Windows\System\gJaYrRH.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\bMyJHFk.exe
  C:\Windows\System\bMyJHFk.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\ImmjzPd.exe
  C:\Windows\System\ImmjzPd.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\vXGWsQe.exe
  C:\Windows\System\vXGWsQe.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\JUwXXaF.exe
  C:\Windows\System\JUwXXaF.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\sWeZWNS.exe
  C:\Windows\System\sWeZWNS.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\cEqrkss.exe
  C:\Windows\System\cEqrkss.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\emjNpQZ.exe
  C:\Windows\System\emjNpQZ.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\Hmfgvft.exe
  C:\Windows\System\Hmfgvft.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\koegemL.exe
  C:\Windows\System\koegemL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\KfyYbBv.exe
  C:\Windows\System\KfyYbBv.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\HHQnSZF.exe
  C:\Windows\System\HHQnSZF.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System\zUtIGGU.exe
  C:\Windows\System\zUtIGGU.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\EfXFHaQ.exe
  C:\Windows\System\EfXFHaQ.exe
  2⤵
  - Executes dropped EXE
  PID:5888
- C:\Windows\System\ZpXEfVJ.exe
  C:\Windows\System\ZpXEfVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\JyjyoMa.exe
  C:\Windows\System\JyjyoMa.exe
  2⤵
  - Executes dropped EXE
  PID:5636
- C:\Windows\System\TRPPMtI.exe
  C:\Windows\System\TRPPMtI.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\hwifSrk.exe
  C:\Windows\System\hwifSrk.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\OhjVUDd.exe
  C:\Windows\System\OhjVUDd.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\JZZGxPp.exe
  C:\Windows\System\JZZGxPp.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\KRcqFnl.exe
  C:\Windows\System\KRcqFnl.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\SEFIgKW.exe
  C:\Windows\System\SEFIgKW.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\RghTyZY.exe
  C:\Windows\System\RghTyZY.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\GGcVwVf.exe
  C:\Windows\System\GGcVwVf.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\AnWSkZY.exe
  C:\Windows\System\AnWSkZY.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Windows\System\PJikvpx.exe
  C:\Windows\System\PJikvpx.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\sjpimmN.exe
  C:\Windows\System\sjpimmN.exe
  2⤵
  - Executes dropped EXE
  PID:5676
- C:\Windows\System\QAqaLpS.exe
  C:\Windows\System\QAqaLpS.exe
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Windows\System\UOquLzk.exe
  C:\Windows\System\UOquLzk.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\yQuMxHV.exe
  C:\Windows\System\yQuMxHV.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\tMeNklp.exe
  C:\Windows\System\tMeNklp.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\SHrGlXW.exe
  C:\Windows\System\SHrGlXW.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\wEtEjvc.exe
  C:\Windows\System\wEtEjvc.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\wgXJoip.exe
  C:\Windows\System\wgXJoip.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\FkAWFfO.exe
  C:\Windows\System\FkAWFfO.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\WdTdDGR.exe
  C:\Windows\System\WdTdDGR.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\fnxvLLm.exe
  C:\Windows\System\fnxvLLm.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\pksyvxH.exe
  C:\Windows\System\pksyvxH.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\HTibzQE.exe
  C:\Windows\System\HTibzQE.exe
  2⤵
  - Executes dropped EXE
  PID:5288
- C:\Windows\System\BtSzqqU.exe
  C:\Windows\System\BtSzqqU.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\utAdXRG.exe
  C:\Windows\System\utAdXRG.exe
  2⤵
  - Executes dropped EXE
  PID:6096
- C:\Windows\System\ASReDRD.exe
  C:\Windows\System\ASReDRD.exe
  2⤵
  - Executes dropped EXE
  PID:6112
- C:\Windows\System\KWsntsP.exe
  C:\Windows\System\KWsntsP.exe
  2⤵
  - Executes dropped EXE
  PID:5652
- C:\Windows\System\sEHzHNE.exe
  C:\Windows\System\sEHzHNE.exe
  2⤵
  PID:5892
- C:\Windows\System\DKZVSts.exe
  C:\Windows\System\DKZVSts.exe
  2⤵
  PID:3936
- C:\Windows\System\zvIMIxO.exe
  C:\Windows\System\zvIMIxO.exe
  2⤵
  PID:3200
- C:\Windows\System\mPrORvf.exe
  C:\Windows\System\mPrORvf.exe
  2⤵
  PID:4480
- C:\Windows\System\lGvlMAt.exe
  C:\Windows\System\lGvlMAt.exe
  2⤵
  PID:4712
- C:\Windows\System\Fqsyzpg.exe
  C:\Windows\System\Fqsyzpg.exe
  2⤵
  PID:4320
- C:\Windows\System\AxCRyge.exe
  C:\Windows\System\AxCRyge.exe
  2⤵
  PID:2372
- C:\Windows\System\InPTCOu.exe
  C:\Windows\System\InPTCOu.exe
  2⤵
  PID:4136
- C:\Windows\System\PYgHAop.exe
  C:\Windows\System\PYgHAop.exe
  2⤵
  PID:5188
- C:\Windows\System\jYKxEYV.exe
  C:\Windows\System\jYKxEYV.exe
  2⤵
  PID:1804
- C:\Windows\System\cIOmGPf.exe
  C:\Windows\System\cIOmGPf.exe
  2⤵
  PID:1576
- C:\Windows\System\IhJWGjW.exe
  C:\Windows\System\IhJWGjW.exe
  2⤵
  PID:1492
- C:\Windows\System\QqzXfTQ.exe
  C:\Windows\System\QqzXfTQ.exe
  2⤵
  PID:936
- C:\Windows\System\kRTyQxL.exe
  C:\Windows\System\kRTyQxL.exe
  2⤵
  PID:1712
- C:\Windows\System\wfJEUAX.exe
  C:\Windows\System\wfJEUAX.exe
  2⤵
  PID:4276
- C:\Windows\System\ORrjifi.exe
  C:\Windows\System\ORrjifi.exe
  2⤵
  PID:1984
- C:\Windows\System\cQECsDW.exe
  C:\Windows\System\cQECsDW.exe
  2⤵
  PID:5324
- C:\Windows\System\bPIGWDI.exe
  C:\Windows\System\bPIGWDI.exe
  2⤵
  PID:3488
- C:\Windows\System\eLkaPRP.exe
  C:\Windows\System\eLkaPRP.exe
  2⤵
  PID:6012
- C:\Windows\System\WNFkias.exe
  C:\Windows\System\WNFkias.exe
  2⤵
  PID:3632
- C:\Windows\System\nVNCOsh.exe
  C:\Windows\System\nVNCOsh.exe
  2⤵
  PID:4652
- C:\Windows\System\FMscgZd.exe
  C:\Windows\System\FMscgZd.exe
  2⤵
  PID:4992
- C:\Windows\System\sUoUSya.exe
  C:\Windows\System\sUoUSya.exe
  2⤵
  PID:2764
- C:\Windows\System\rAtxeHW.exe
  C:\Windows\System\rAtxeHW.exe
  2⤵
  PID:5448
- C:\Windows\System\PNRBJQy.exe
  C:\Windows\System\PNRBJQy.exe
  2⤵
  PID:5576
- C:\Windows\System\UjUCyoW.exe
  C:\Windows\System\UjUCyoW.exe
  2⤵
  PID:5544
- C:\Windows\System\fVfUcCY.exe
  C:\Windows\System\fVfUcCY.exe
  2⤵
  PID:5044
- C:\Windows\System\WGoBUfI.exe
  C:\Windows\System\WGoBUfI.exe
  2⤵
  PID:1340
- C:\Windows\System\SvGWtJF.exe
  C:\Windows\System\SvGWtJF.exe
  2⤵
  PID:5904
- C:\Windows\System\kWmKFgM.exe
  C:\Windows\System\kWmKFgM.exe
  2⤵
  PID:1844
- C:\Windows\System\HbTGvaS.exe
  C:\Windows\System\HbTGvaS.exe
  2⤵
  PID:2288
- C:\Windows\System\oesxJmm.exe
  C:\Windows\System\oesxJmm.exe
  2⤵
  PID:5304
- C:\Windows\System\QBBMozW.exe
  C:\Windows\System\QBBMozW.exe
  2⤵
  PID:116
- C:\Windows\System\HyBvqrz.exe
  C:\Windows\System\HyBvqrz.exe
  2⤵
  PID:1768
- C:\Windows\System\GFCgYVP.exe
  C:\Windows\System\GFCgYVP.exe
  2⤵
  PID:4400
- C:\Windows\System\SzpJyXT.exe
  C:\Windows\System\SzpJyXT.exe
  2⤵
  PID:1388
- C:\Windows\System\PWQfLnX.exe
  C:\Windows\System\PWQfLnX.exe
  2⤵
  PID:5292
- C:\Windows\System\dCGfYCo.exe
  C:\Windows\System\dCGfYCo.exe
  2⤵
  PID:2200
- C:\Windows\System\NrWcxaB.exe
  C:\Windows\System\NrWcxaB.exe
  2⤵
  PID:1632
- C:\Windows\System\okwyBjg.exe
  C:\Windows\System\okwyBjg.exe
  2⤵
  PID:4924
- C:\Windows\System\VjzvmMo.exe
  C:\Windows\System\VjzvmMo.exe
  2⤵
  PID:3028
- C:\Windows\System\MGPekuZ.exe
  C:\Windows\System\MGPekuZ.exe
  2⤵
  PID:5440
- C:\Windows\System\FJEDPoj.exe
  C:\Windows\System\FJEDPoj.exe
  2⤵
  PID:5240
- C:\Windows\System\FxlyJKm.exe
  C:\Windows\System\FxlyJKm.exe
  2⤵
  PID:1608
- C:\Windows\System\RAMhbqN.exe
  C:\Windows\System\RAMhbqN.exe
  2⤵
  PID:3896
- C:\Windows\System\EfrhBMC.exe
  C:\Windows\System\EfrhBMC.exe
  2⤵
  PID:4532
- C:\Windows\System\gqgzTGK.exe
  C:\Windows\System\gqgzTGK.exe
  2⤵
  PID:3848
- C:\Windows\System\oLwFKBM.exe
  C:\Windows\System\oLwFKBM.exe
  2⤵
  PID:4312
- C:\Windows\System\pKTmWmG.exe
  C:\Windows\System\pKTmWmG.exe
  2⤵
  PID:4800
- C:\Windows\System\AHqTIhk.exe
  C:\Windows\System\AHqTIhk.exe
  2⤵
  PID:4812
- C:\Windows\System\SrvWCif.exe
  C:\Windows\System\SrvWCif.exe
  2⤵
  PID:5388
- C:\Windows\System\ngpPmwl.exe
  C:\Windows\System\ngpPmwl.exe
  2⤵
  PID:5148
- C:\Windows\System\MBHbwjG.exe
  C:\Windows\System\MBHbwjG.exe
  2⤵
  PID:1764
- C:\Windows\System\qmyTveP.exe
  C:\Windows\System\qmyTveP.exe
  2⤵
  PID:4996
- C:\Windows\System\hdvuxla.exe
  C:\Windows\System\hdvuxla.exe
  2⤵
  PID:1572
- C:\Windows\System\nBgMjjl.exe
  C:\Windows\System\nBgMjjl.exe
  2⤵
  PID:5580
- C:\Windows\System\PAkhWWJ.exe
  C:\Windows\System\PAkhWWJ.exe
  2⤵
  PID:6108
- C:\Windows\System\rLNkwtE.exe
  C:\Windows\System\rLNkwtE.exe
  2⤵
  PID:1152
- C:\Windows\System\BFcvHsC.exe
  C:\Windows\System\BFcvHsC.exe
  2⤵
  PID:3644
- C:\Windows\System\FCSSsFX.exe
  C:\Windows\System\FCSSsFX.exe
  2⤵
  PID:4856
- C:\Windows\System\cGGMavK.exe
  C:\Windows\System\cGGMavK.exe
  2⤵
  PID:1116
- C:\Windows\System\zSefyzU.exe
  C:\Windows\System\zSefyzU.exe
  2⤵
  PID:436
- C:\Windows\System\NDKXDlw.exe
  C:\Windows\System\NDKXDlw.exe
  2⤵
  PID:3992
- C:\Windows\System\pDGLhcq.exe
  C:\Windows\System\pDGLhcq.exe
  2⤵
  PID:2924
- C:\Windows\System\XJYHkbG.exe
  C:\Windows\System\XJYHkbG.exe
  2⤵
  PID:2840
- C:\Windows\System\dTbZWuK.exe
  C:\Windows\System\dTbZWuK.exe
  2⤵
  PID:3288
- C:\Windows\System\UhkrBak.exe
  C:\Windows\System\UhkrBak.exe
  2⤵
  PID:5432
- C:\Windows\System\QwGOPZb.exe
  C:\Windows\System\QwGOPZb.exe
  2⤵
  PID:1900
- C:\Windows\System\EojNNCi.exe
  C:\Windows\System\EojNNCi.exe
  2⤵
  PID:5412
- C:\Windows\System\BVyKxJS.exe
  C:\Windows\System\BVyKxJS.exe
  2⤵
  PID:2684
- C:\Windows\System\oxUUiVB.exe
  C:\Windows\System\oxUUiVB.exe
  2⤵
  PID:1540
- C:\Windows\System\dhBQzaU.exe
  C:\Windows\System\dhBQzaU.exe
  2⤵
  PID:3636
- C:\Windows\System\HisVyXH.exe
  C:\Windows\System\HisVyXH.exe
  2⤵
  PID:4516
- C:\Windows\System\izoXdFK.exe
  C:\Windows\System\izoXdFK.exe
  2⤵
  PID:2296
- C:\Windows\System\IHAvuXi.exe
  C:\Windows\System\IHAvuXi.exe
  2⤵
  PID:3952
- C:\Windows\System\FgzXnSc.exe
  C:\Windows\System\FgzXnSc.exe
  2⤵
  PID:6152
- C:\Windows\System\pbUruQl.exe
  C:\Windows\System\pbUruQl.exe
  2⤵
  PID:6180
- C:\Windows\System\QxTazNE.exe
  C:\Windows\System\QxTazNE.exe
  2⤵
  PID:6208
- C:\Windows\System\WXsFrkh.exe
  C:\Windows\System\WXsFrkh.exe
  2⤵
  PID:6236
- C:\Windows\System\XWlUAIO.exe
  C:\Windows\System\XWlUAIO.exe
  2⤵
  PID:6264
- C:\Windows\System\ypJtJYP.exe
  C:\Windows\System\ypJtJYP.exe
  2⤵
  PID:6292
- C:\Windows\System\KzFeHVi.exe
  C:\Windows\System\KzFeHVi.exe
  2⤵
  PID:6320
- C:\Windows\System\hyvcHFz.exe
  C:\Windows\System\hyvcHFz.exe
  2⤵
  PID:6348
- C:\Windows\System\WdtpDdy.exe
  C:\Windows\System\WdtpDdy.exe
  2⤵
  PID:6376
- C:\Windows\System\FcodLCi.exe
  C:\Windows\System\FcodLCi.exe
  2⤵
  PID:6404
- C:\Windows\System\pAhujMG.exe
  C:\Windows\System\pAhujMG.exe
  2⤵
  PID:6432
- C:\Windows\System\dhyaPzW.exe
  C:\Windows\System\dhyaPzW.exe
  2⤵
  PID:6460
- C:\Windows\System\XJmEcQX.exe
  C:\Windows\System\XJmEcQX.exe
  2⤵
  PID:6488
- C:\Windows\System\QdxadiB.exe
  C:\Windows\System\QdxadiB.exe
  2⤵
  PID:6516
- C:\Windows\System\MhbyZAg.exe
  C:\Windows\System\MhbyZAg.exe
  2⤵
  PID:6544
- C:\Windows\System\LnCbakY.exe
  C:\Windows\System\LnCbakY.exe
  2⤵
  PID:6572
- C:\Windows\System\nWflFBj.exe
  C:\Windows\System\nWflFBj.exe
  2⤵
  PID:6600
- C:\Windows\System\XAXDwLJ.exe
  C:\Windows\System\XAXDwLJ.exe
  2⤵
  PID:6628
- C:\Windows\System\IMqRFAm.exe
  C:\Windows\System\IMqRFAm.exe
  2⤵
  PID:6656
- C:\Windows\System\VHAmKlM.exe
  C:\Windows\System\VHAmKlM.exe
  2⤵
  PID:6684
- C:\Windows\System\UVtnLEB.exe
  C:\Windows\System\UVtnLEB.exe
  2⤵
  PID:6712
- C:\Windows\System\ZUOUwkh.exe
  C:\Windows\System\ZUOUwkh.exe
  2⤵
  PID:6744
- C:\Windows\System\krbLJtT.exe
  C:\Windows\System\krbLJtT.exe
  2⤵
  PID:6776
- C:\Windows\System\OHYjSSr.exe
  C:\Windows\System\OHYjSSr.exe
  2⤵
  PID:6804
- C:\Windows\System\BbckDkl.exe
  C:\Windows\System\BbckDkl.exe
  2⤵
  PID:6832
- C:\Windows\System\Megduvc.exe
  C:\Windows\System\Megduvc.exe
  2⤵
  PID:6864
- C:\Windows\System\bIZKtVK.exe
  C:\Windows\System\bIZKtVK.exe
  2⤵
  PID:6892
- C:\Windows\System\JkKzBFH.exe
  C:\Windows\System\JkKzBFH.exe
  2⤵
  PID:6920
- C:\Windows\System\bmbYebc.exe
  C:\Windows\System\bmbYebc.exe
  2⤵
  PID:6944
- C:\Windows\System\cCBxFgS.exe
  C:\Windows\System\cCBxFgS.exe
  2⤵
  PID:6976
- C:\Windows\System\UuAhCOy.exe
  C:\Windows\System\UuAhCOy.exe
  2⤵
  PID:7000
- C:\Windows\System\RBmSFKe.exe
  C:\Windows\System\RBmSFKe.exe
  2⤵
  PID:7028
- C:\Windows\System\eUSYmio.exe
  C:\Windows\System\eUSYmio.exe
  2⤵
  PID:7076
- C:\Windows\System\IFPZpvc.exe
  C:\Windows\System\IFPZpvc.exe
  2⤵
  PID:7128
- C:\Windows\System\UcRCUtq.exe
  C:\Windows\System\UcRCUtq.exe
  2⤵
  PID:7152
- C:\Windows\System\NFXrZmB.exe
  C:\Windows\System\NFXrZmB.exe
  2⤵
  PID:1924
- C:\Windows\System\WxdYaVw.exe
  C:\Windows\System\WxdYaVw.exe
  2⤵
  PID:212
- C:\Windows\System\ZVHoeCd.exe
  C:\Windows\System\ZVHoeCd.exe
  2⤵
  PID:1416
- C:\Windows\System\NXFbsIJ.exe
  C:\Windows\System\NXFbsIJ.exe
  2⤵
  PID:3748
- C:\Windows\System\xVXAaKN.exe
  C:\Windows\System\xVXAaKN.exe
  2⤵
  PID:6248
- C:\Windows\System\hatSJCo.exe
  C:\Windows\System\hatSJCo.exe
  2⤵
  PID:6304
- C:\Windows\System\LSJNCze.exe
  C:\Windows\System\LSJNCze.exe
  2⤵
  PID:6388
- C:\Windows\System\kIlUppu.exe
  C:\Windows\System\kIlUppu.exe
  2⤵
  PID:5588
- C:\Windows\System\GfgVHwy.exe
  C:\Windows\System\GfgVHwy.exe
  2⤵
  PID:6480
- C:\Windows\System\DGTXxZZ.exe
  C:\Windows\System\DGTXxZZ.exe
  2⤵
  PID:6556
- C:\Windows\System\zsmTyCo.exe
  C:\Windows\System\zsmTyCo.exe
  2⤵
  PID:3924
- C:\Windows\System\ojPmoPi.exe
  C:\Windows\System\ojPmoPi.exe
  2⤵
  PID:6648
- C:\Windows\System\iZzkvxq.exe
  C:\Windows\System\iZzkvxq.exe
  2⤵
  PID:6796
- C:\Windows\System\CCjvHhJ.exe
  C:\Windows\System\CCjvHhJ.exe
  2⤵
  PID:7016
- C:\Windows\System\AyZhpSB.exe
  C:\Windows\System\AyZhpSB.exe
  2⤵
  PID:7108
- C:\Windows\System\zUEzSVl.exe
  C:\Windows\System\zUEzSVl.exe
  2⤵
  PID:1352
- C:\Windows\System\RCcCVDP.exe
  C:\Windows\System\RCcCVDP.exe
  2⤵
  PID:5592
- C:\Windows\System\uoKioAN.exe
  C:\Windows\System\uoKioAN.exe
  2⤵
  PID:7160
- C:\Windows\System\ZyiqDUL.exe
  C:\Windows\System\ZyiqDUL.exe
  2⤵
  PID:5436
- C:\Windows\System\BgjMZMM.exe
  C:\Windows\System\BgjMZMM.exe
  2⤵
  PID:888
- C:\Windows\System\fubyaXO.exe
  C:\Windows\System\fubyaXO.exe
  2⤵
  PID:6616
- C:\Windows\System\mGBoqGV.exe
  C:\Windows\System\mGBoqGV.exe
  2⤵
  PID:1408
- C:\Windows\System\NJysVQg.exe
  C:\Windows\System\NJysVQg.exe
  2⤵
  PID:6820
- C:\Windows\System\gOpAdgR.exe
  C:\Windows\System\gOpAdgR.exe
  2⤵
  PID:6908
- C:\Windows\System\oeysPRL.exe
  C:\Windows\System\oeysPRL.exe
  2⤵
  PID:448
- C:\Windows\System\vbiaXHC.exe
  C:\Windows\System\vbiaXHC.exe
  2⤵
  PID:6256
- C:\Windows\System\WZIMhZU.exe
  C:\Windows\System\WZIMhZU.exe
  2⤵
  PID:1224
- C:\Windows\System\zBoZRov.exe
  C:\Windows\System\zBoZRov.exe
  2⤵
  PID:2692
- C:\Windows\System\lxuQaZU.exe
  C:\Windows\System\lxuQaZU.exe
  2⤵
  PID:4220
- C:\Windows\System\BvetJot.exe
  C:\Windows\System\BvetJot.exe
  2⤵
  PID:7088
- C:\Windows\System\PMMDwSa.exe
  C:\Windows\System\PMMDwSa.exe
  2⤵
  PID:7120
- C:\Windows\System\DfnkHtP.exe
  C:\Windows\System\DfnkHtP.exe
  2⤵
  PID:6444
- C:\Windows\System\RoLErrS.exe
  C:\Windows\System\RoLErrS.exe
  2⤵
  PID:6700
- C:\Windows\System\Vvethzr.exe
  C:\Windows\System\Vvethzr.exe
  2⤵
  PID:6792
- C:\Windows\System\xPCaUjU.exe
  C:\Windows\System\xPCaUjU.exe
  2⤵
  PID:6996
- C:\Windows\System\aCxefRt.exe
  C:\Windows\System\aCxefRt.exe
  2⤵
  PID:5064
- C:\Windows\System\ScvqPtc.exe
  C:\Windows\System\ScvqPtc.exe
  2⤵
  PID:6588
- C:\Windows\System\pxhjoja.exe
  C:\Windows\System\pxhjoja.exe
  2⤵
  PID:7136
- C:\Windows\System\SfWpPGL.exe
  C:\Windows\System\SfWpPGL.exe
  2⤵
  PID:4876
- C:\Windows\System\IVAeEKS.exe
  C:\Windows\System\IVAeEKS.exe
  2⤵
  PID:7180
- C:\Windows\System\SwleeHl.exe
  C:\Windows\System\SwleeHl.exe
  2⤵
  PID:7208
- C:\Windows\System\uFDOimu.exe
  C:\Windows\System\uFDOimu.exe
  2⤵
  PID:7236
- C:\Windows\System\EatBiwL.exe
  C:\Windows\System\EatBiwL.exe
  2⤵
  PID:7256
- C:\Windows\System\iisxDdn.exe
  C:\Windows\System\iisxDdn.exe
  2⤵
  PID:7284
- C:\Windows\System\ydEyUos.exe
  C:\Windows\System\ydEyUos.exe
  2⤵
  PID:7324
- C:\Windows\System\MLuPhvo.exe
  C:\Windows\System\MLuPhvo.exe
  2⤵
  PID:7340
- C:\Windows\System\KnTQACr.exe
  C:\Windows\System\KnTQACr.exe
  2⤵
  PID:7368
- C:\Windows\System\MfLmGni.exe
  C:\Windows\System\MfLmGni.exe
  2⤵
  PID:7400
- C:\Windows\System\MdWYPXx.exe
  C:\Windows\System\MdWYPXx.exe
  2⤵
  PID:7424
- C:\Windows\System\SXckdkE.exe
  C:\Windows\System\SXckdkE.exe
  2⤵
  PID:7468
- C:\Windows\System\xstdBxv.exe
  C:\Windows\System\xstdBxv.exe
  2⤵
  PID:7488
- C:\Windows\System\OHpCoco.exe
  C:\Windows\System\OHpCoco.exe
  2⤵
  PID:7524
- C:\Windows\System\XnRqOkE.exe
  C:\Windows\System\XnRqOkE.exe
  2⤵
  PID:7556
- C:\Windows\System\xkIJRVd.exe
  C:\Windows\System\xkIJRVd.exe
  2⤵
  PID:7576
- C:\Windows\System\CBOqEpm.exe
  C:\Windows\System\CBOqEpm.exe
  2⤵
  PID:7612
- C:\Windows\System\wzkngkn.exe
  C:\Windows\System\wzkngkn.exe
  2⤵
  PID:7628
- C:\Windows\System\gmzpYOl.exe
  C:\Windows\System\gmzpYOl.exe
  2⤵
  PID:7660
- C:\Windows\System\orBODtZ.exe
  C:\Windows\System\orBODtZ.exe
  2⤵
  PID:7692
- C:\Windows\System\ftTqaMK.exe
  C:\Windows\System\ftTqaMK.exe
  2⤵
  PID:7716
- C:\Windows\System\WywhwLA.exe
  C:\Windows\System\WywhwLA.exe
  2⤵
  PID:7744
- C:\Windows\System\TxvxCad.exe
  C:\Windows\System\TxvxCad.exe
  2⤵
  PID:7784
- C:\Windows\System\ZkfvpuY.exe
  C:\Windows\System\ZkfvpuY.exe
  2⤵
  PID:7812
- C:\Windows\System\axUdvBf.exe
  C:\Windows\System\axUdvBf.exe
  2⤵
  PID:7828
- C:\Windows\System\vmsttqh.exe
  C:\Windows\System\vmsttqh.exe
  2⤵
  PID:7868
- C:\Windows\System\VpXdcUf.exe
  C:\Windows\System\VpXdcUf.exe
  2⤵
  PID:7896
- C:\Windows\System\pvNcxHh.exe
  C:\Windows\System\pvNcxHh.exe
  2⤵
  PID:7928
- C:\Windows\System\ZWhMMFD.exe
  C:\Windows\System\ZWhMMFD.exe
  2⤵
  PID:7956
- C:\Windows\System\wmJUIQm.exe
  C:\Windows\System\wmJUIQm.exe
  2⤵
  PID:7972
- C:\Windows\System\cnlOKrA.exe
  C:\Windows\System\cnlOKrA.exe
  2⤵
  PID:8012
- C:\Windows\System\nZColrJ.exe
  C:\Windows\System\nZColrJ.exe
  2⤵
  PID:8040
- C:\Windows\System\tvSOVtj.exe
  C:\Windows\System\tvSOVtj.exe
  2⤵
  PID:8056
- C:\Windows\System\tYTwIiH.exe
  C:\Windows\System\tYTwIiH.exe
  2⤵
  PID:8092
- C:\Windows\System\GShOyVU.exe
  C:\Windows\System\GShOyVU.exe
  2⤵
  PID:8124
- C:\Windows\System\MWVFyoK.exe
  C:\Windows\System\MWVFyoK.exe
  2⤵
  PID:8152
- C:\Windows\System\iRtbIuB.exe
  C:\Windows\System\iRtbIuB.exe
  2⤵
  PID:8180
- C:\Windows\System\bevocfZ.exe
  C:\Windows\System\bevocfZ.exe
  2⤵
  PID:7200
- C:\Windows\System\FsAlSfu.exe
  C:\Windows\System\FsAlSfu.exe
  2⤵
  PID:7272
- C:\Windows\System\KMIKbUq.exe
  C:\Windows\System\KMIKbUq.exe
  2⤵
  PID:7336
- C:\Windows\System\qhSCcZx.exe
  C:\Windows\System\qhSCcZx.exe
  2⤵
  PID:7388
- C:\Windows\System\rMjmRmE.exe
  C:\Windows\System\rMjmRmE.exe
  2⤵
  PID:7456
- C:\Windows\System\ZazLNZJ.exe
  C:\Windows\System\ZazLNZJ.exe
  2⤵
  PID:7520
- C:\Windows\System\FzQlwCt.exe
  C:\Windows\System\FzQlwCt.exe
  2⤵
  PID:7564
- C:\Windows\System\vlhDPTK.exe
  C:\Windows\System\vlhDPTK.exe
  2⤵
  PID:7624
- C:\Windows\System\WnVErrc.exe
  C:\Windows\System\WnVErrc.exe
  2⤵
  PID:7708
- C:\Windows\System\vutVvNB.exe
  C:\Windows\System\vutVvNB.exe
  2⤵
  PID:7072
- C:\Windows\System\zJZsvim.exe
  C:\Windows\System\zJZsvim.exe
  2⤵
  PID:7840
- C:\Windows\System\QRgfxFH.exe
  C:\Windows\System\QRgfxFH.exe
  2⤵
  PID:7920
- C:\Windows\System\XgRgXiU.exe
  C:\Windows\System\XgRgXiU.exe
  2⤵
  PID:7964
- C:\Windows\System\XgWKmcg.exe
  C:\Windows\System\XgWKmcg.exe
  2⤵
  PID:8028
- C:\Windows\System\aYZHAxd.exe
  C:\Windows\System\aYZHAxd.exe
  2⤵
  PID:8112
- C:\Windows\System\kSdqGak.exe
  C:\Windows\System\kSdqGak.exe
  2⤵
  PID:8168
- C:\Windows\System\dRXrVAZ.exe
  C:\Windows\System\dRXrVAZ.exe
  2⤵
  PID:7280
- C:\Windows\System\XCdBRvw.exe
  C:\Windows\System\XCdBRvw.exe
  2⤵
  PID:7420
- C:\Windows\System\kUyOkMg.exe
  C:\Windows\System\kUyOkMg.exe
  2⤵
  PID:7480
- C:\Windows\System\vYHfKBs.exe
  C:\Windows\System\vYHfKBs.exe
  2⤵
  PID:7672
- C:\Windows\System\eSMQsnO.exe
  C:\Windows\System\eSMQsnO.exe
  2⤵
  PID:7808
- C:\Windows\System\rCzuqFB.exe
  C:\Windows\System\rCzuqFB.exe
  2⤵
  PID:8048
- C:\Windows\System\BOpbyQw.exe
  C:\Windows\System\BOpbyQw.exe
  2⤵
  PID:7172
- C:\Windows\System\WGgFVKO.exe
  C:\Windows\System\WGgFVKO.exe
  2⤵
  PID:7380
- C:\Windows\System\gVrLiik.exe
  C:\Windows\System\gVrLiik.exe
  2⤵
  PID:7768
- C:\Windows\System\UZDITTd.exe
  C:\Windows\System\UZDITTd.exe
  2⤵
  PID:8000
- C:\Windows\System\VayEMkp.exe
  C:\Windows\System\VayEMkp.exe
  2⤵
  PID:7512
- C:\Windows\System\ItyQbGw.exe
  C:\Windows\System\ItyQbGw.exe
  2⤵
  PID:8204
- C:\Windows\System\THnpmnk.exe
  C:\Windows\System\THnpmnk.exe
  2⤵
  PID:8232
- C:\Windows\System\WwUwzuy.exe
  C:\Windows\System\WwUwzuy.exe
  2⤵
  PID:8248
- C:\Windows\System\mtCZPWt.exe
  C:\Windows\System\mtCZPWt.exe
  2⤵
  PID:8288
- C:\Windows\System\fbmaUsY.exe
  C:\Windows\System\fbmaUsY.exe
  2⤵
  PID:8316
- C:\Windows\System\abwVRju.exe
  C:\Windows\System\abwVRju.exe
  2⤵
  PID:8344
- C:\Windows\System\SOsddQA.exe
  C:\Windows\System\SOsddQA.exe
  2⤵
  PID:8372
- C:\Windows\System\FdCjmzI.exe
  C:\Windows\System\FdCjmzI.exe
  2⤵
  PID:8408
- C:\Windows\System\redKSeo.exe
  C:\Windows\System\redKSeo.exe
  2⤵
  PID:8428
- C:\Windows\System\ojVCtlt.exe
  C:\Windows\System\ojVCtlt.exe
  2⤵
  PID:8456
- C:\Windows\System\GzFIOAo.exe
  C:\Windows\System\GzFIOAo.exe
  2⤵
  PID:8484
- C:\Windows\System\WwiSugN.exe
  C:\Windows\System\WwiSugN.exe
  2⤵
  PID:8516
- C:\Windows\System\VhsVkQP.exe
  C:\Windows\System\VhsVkQP.exe
  2⤵
  PID:8532
- C:\Windows\System\WWlCrUm.exe
  C:\Windows\System\WWlCrUm.exe
  2⤵
  PID:8564
- C:\Windows\System\SnItDLC.exe
  C:\Windows\System\SnItDLC.exe
  2⤵
  PID:8588
- C:\Windows\System\cxAcZBP.exe
  C:\Windows\System\cxAcZBP.exe
  2⤵
  PID:8624
- C:\Windows\System\NOrMWLh.exe
  C:\Windows\System\NOrMWLh.exe
  2⤵
  PID:8644
- C:\Windows\System\ZgkmNST.exe
  C:\Windows\System\ZgkmNST.exe
  2⤵
  PID:8668
- C:\Windows\System\YhlYMLl.exe
  C:\Windows\System\YhlYMLl.exe
  2⤵
  PID:8728
- C:\Windows\System\mUKvzsW.exe
  C:\Windows\System\mUKvzsW.exe
  2⤵
  PID:8744
- C:\Windows\System\ZjHlway.exe
  C:\Windows\System\ZjHlway.exe
  2⤵
  PID:8772
- C:\Windows\System\VAzRmqe.exe
  C:\Windows\System\VAzRmqe.exe
  2⤵
  PID:8788
- C:\Windows\System\uPWgLfx.exe
  C:\Windows\System\uPWgLfx.exe
  2⤵
  PID:8816
- C:\Windows\System\JyVxOIS.exe
  C:\Windows\System\JyVxOIS.exe
  2⤵
  PID:8852
- C:\Windows\System\BdoBxVf.exe
  C:\Windows\System\BdoBxVf.exe
  2⤵
  PID:8884
- C:\Windows\System\aykiEeW.exe
  C:\Windows\System\aykiEeW.exe
  2⤵
  PID:8908
- C:\Windows\System\JSzSBKc.exe
  C:\Windows\System\JSzSBKc.exe
  2⤵
  PID:8940
- C:\Windows\System\KscnIKL.exe
  C:\Windows\System\KscnIKL.exe
  2⤵
  PID:8972
- C:\Windows\System\VbnyzXn.exe
  C:\Windows\System\VbnyzXn.exe
  2⤵
  PID:8996
- C:\Windows\System\loRcjlH.exe
  C:\Windows\System\loRcjlH.exe
  2⤵
  PID:9012
- C:\Windows\System\VfpIhJY.exe
  C:\Windows\System\VfpIhJY.exe
  2⤵
  PID:9048
- C:\Windows\System\UZzYYUS.exe
  C:\Windows\System\UZzYYUS.exe
  2⤵
  PID:9084
- C:\Windows\System\IbGICIh.exe
  C:\Windows\System\IbGICIh.exe
  2⤵
  PID:9108
- C:\Windows\System\aIbxtby.exe
  C:\Windows\System\aIbxtby.exe
  2⤵
  PID:9136
- C:\Windows\System\yWLBExh.exe
  C:\Windows\System\yWLBExh.exe
  2⤵
  PID:9164
- C:\Windows\System\bZdIfgz.exe
  C:\Windows\System\bZdIfgz.exe
  2⤵
  PID:9188
- C:\Windows\System\msliTIk.exe
  C:\Windows\System\msliTIk.exe
  2⤵
  PID:7644
- C:\Windows\System\LQiaUjN.exe
  C:\Windows\System\LQiaUjN.exe
  2⤵
  PID:8268
- C:\Windows\System\amoSlPf.exe
  C:\Windows\System\amoSlPf.exe
  2⤵
  PID:8300
- C:\Windows\System\LeeHxGR.exe
  C:\Windows\System\LeeHxGR.exe
  2⤵
  PID:8324
- C:\Windows\System\FHVXLGF.exe
  C:\Windows\System\FHVXLGF.exe
  2⤵
  PID:8384
- C:\Windows\System\XkHioxX.exe
  C:\Windows\System\XkHioxX.exe
  2⤵
  PID:8424
- C:\Windows\System\djSSutt.exe
  C:\Windows\System\djSSutt.exe
  2⤵
  PID:8496
- C:\Windows\System\RqGtahO.exe
  C:\Windows\System\RqGtahO.exe
  2⤵
  PID:8632
- C:\Windows\System\RBwdduo.exe
  C:\Windows\System\RBwdduo.exe
  2⤵
  PID:8652
- C:\Windows\System\dCnceAX.exe
  C:\Windows\System\dCnceAX.exe
  2⤵
  PID:8756
- C:\Windows\System\Uihxzth.exe
  C:\Windows\System\Uihxzth.exe
  2⤵
  PID:8800
- C:\Windows\System\IVliGpy.exe
  C:\Windows\System\IVliGpy.exe
  2⤵
  PID:8832
- C:\Windows\System\NAczJie.exe
  C:\Windows\System\NAczJie.exe
  2⤵
  PID:8956
- C:\Windows\System\SLmKicB.exe
  C:\Windows\System\SLmKicB.exe
  2⤵
  PID:9044
- C:\Windows\System\WkyfHDI.exe
  C:\Windows\System\WkyfHDI.exe
  2⤵
  PID:9092
- C:\Windows\System\HfvpoZg.exe
  C:\Windows\System\HfvpoZg.exe
  2⤵
  PID:9180
- C:\Windows\System\vQTatqr.exe
  C:\Windows\System\vQTatqr.exe
  2⤵
  PID:8196
- C:\Windows\System\VVtdsts.exe
  C:\Windows\System\VVtdsts.exe
  2⤵
  PID:8368
- C:\Windows\System\Luwqsjo.exe
  C:\Windows\System\Luwqsjo.exe
  2⤵
  PID:8476
- C:\Windows\System\HuWlhoK.exe
  C:\Windows\System\HuWlhoK.exe
  2⤵
  PID:8688
- C:\Windows\System\lPEnwdG.exe
  C:\Windows\System\lPEnwdG.exe
  2⤵
  PID:8844
- C:\Windows\System\xSWygZG.exe
  C:\Windows\System\xSWygZG.exe
  2⤵
  PID:9036
- C:\Windows\System\taLZFrD.exe
  C:\Windows\System\taLZFrD.exe
  2⤵
  PID:9156
- C:\Windows\System\LtPcjBS.exe
  C:\Windows\System\LtPcjBS.exe
  2⤵
  PID:8512
- C:\Windows\System\cmivrXw.exe
  C:\Windows\System\cmivrXw.exe
  2⤵
  PID:8704
- C:\Windows\System\vGEQeYo.exe
  C:\Windows\System\vGEQeYo.exe
  2⤵
  PID:9120
- C:\Windows\System\MFBWuiL.exe
  C:\Windows\System\MFBWuiL.exe
  2⤵
  PID:8356
- C:\Windows\System\QtUPJYf.exe
  C:\Windows\System\QtUPJYf.exe
  2⤵
  PID:9004
- C:\Windows\System\AntofDj.exe
  C:\Windows\System\AntofDj.exe
  2⤵
  PID:9244
- C:\Windows\System\efiJNXN.exe
  C:\Windows\System\efiJNXN.exe
  2⤵
  PID:9276
- C:\Windows\System\SoBkZIX.exe
  C:\Windows\System\SoBkZIX.exe
  2⤵
  PID:9304
- C:\Windows\System\XYrQYrE.exe
  C:\Windows\System\XYrQYrE.exe
  2⤵
  PID:9332
- C:\Windows\System\OGMyMkr.exe
  C:\Windows\System\OGMyMkr.exe
  2⤵
  PID:9364
- C:\Windows\System\LTWlaba.exe
  C:\Windows\System\LTWlaba.exe
  2⤵
  PID:9380
- C:\Windows\System\PBbkqSK.exe
  C:\Windows\System\PBbkqSK.exe
  2⤵
  PID:9408
- C:\Windows\System\REeyonG.exe
  C:\Windows\System\REeyonG.exe
  2⤵
  PID:9448
- C:\Windows\System\NEqLhsv.exe
  C:\Windows\System\NEqLhsv.exe
  2⤵
  PID:9476
- C:\Windows\System\gkmrGqi.exe
  C:\Windows\System\gkmrGqi.exe
  2⤵
  PID:9520
- C:\Windows\System\XHxeSci.exe
  C:\Windows\System\XHxeSci.exe
  2⤵
  PID:9536
- C:\Windows\System\jpLnuKN.exe
  C:\Windows\System\jpLnuKN.exe
  2⤵
  PID:9564
- C:\Windows\System\obDPpye.exe
  C:\Windows\System\obDPpye.exe
  2⤵
  PID:9592
- C:\Windows\System\QwjilZA.exe
  C:\Windows\System\QwjilZA.exe
  2⤵
  PID:9620
- C:\Windows\System\eyNBfDM.exe
  C:\Windows\System\eyNBfDM.exe
  2⤵
  PID:9648
- C:\Windows\System\rYQZXXo.exe
  C:\Windows\System\rYQZXXo.exe
  2⤵
  PID:9676
- C:\Windows\System\ejDZAzw.exe
  C:\Windows\System\ejDZAzw.exe
  2⤵
  PID:9704
- C:\Windows\System\mVpHvHK.exe
  C:\Windows\System\mVpHvHK.exe
  2⤵
  PID:9720
- C:\Windows\System\mVDaRLY.exe
  C:\Windows\System\mVDaRLY.exe
  2⤵
  PID:9760
- C:\Windows\System\WPZZzUz.exe
  C:\Windows\System\WPZZzUz.exe
  2⤵
  PID:9788
- C:\Windows\System\QdimPoT.exe
  C:\Windows\System\QdimPoT.exe
  2⤵
  PID:9804
- C:\Windows\System\xpExDxd.exe
  C:\Windows\System\xpExDxd.exe
  2⤵
  PID:9832
- C:\Windows\System\TtcvIVt.exe
  C:\Windows\System\TtcvIVt.exe
  2⤵
  PID:9860
- C:\Windows\System\YEYREhA.exe
  C:\Windows\System\YEYREhA.exe
  2⤵
  PID:9892
- C:\Windows\System\BXLJGZw.exe
  C:\Windows\System\BXLJGZw.exe
  2⤵
  PID:9928
- C:\Windows\System\kGoxoim.exe
  C:\Windows\System\kGoxoim.exe
  2⤵
  PID:9944
- C:\Windows\System\ZQbFDTj.exe
  C:\Windows\System\ZQbFDTj.exe
  2⤵
  PID:9984
- C:\Windows\System\cwdPTZd.exe
  C:\Windows\System\cwdPTZd.exe
  2⤵
  PID:10004
- C:\Windows\System\MuWfYIi.exe
  C:\Windows\System\MuWfYIi.exe
  2⤵
  PID:10028
- C:\Windows\System\DJPpaMK.exe
  C:\Windows\System\DJPpaMK.exe
  2⤵
  PID:10056
- C:\Windows\System\MXhTkFo.exe
  C:\Windows\System\MXhTkFo.exe
  2⤵
  PID:10096
- C:\Windows\System\UGtFsHU.exe
  C:\Windows\System\UGtFsHU.exe
  2⤵
  PID:10124
- C:\Windows\System\sxwlwAM.exe
  C:\Windows\System\sxwlwAM.exe
  2⤵
  PID:10140
- C:\Windows\System\fOOtfHE.exe
  C:\Windows\System\fOOtfHE.exe
  2⤵
  PID:10180
- C:\Windows\System\yLFqXhQ.exe
  C:\Windows\System\yLFqXhQ.exe
  2⤵
  PID:10212
- C:\Windows\System\DYwDcZN.exe
  C:\Windows\System\DYwDcZN.exe
  2⤵
  PID:8240
- C:\Windows\System\NXdmART.exe
  C:\Windows\System\NXdmART.exe
  2⤵
  PID:9272
- C:\Windows\System\FawgXlp.exe
  C:\Windows\System\FawgXlp.exe
  2⤵
  PID:9348
- C:\Windows\System\FXenArF.exe
  C:\Windows\System\FXenArF.exe
  2⤵
  PID:9376
- C:\Windows\System\biVfsPL.exe
  C:\Windows\System\biVfsPL.exe
  2⤵
  PID:9468
- C:\Windows\System\KEUVtgK.exe
  C:\Windows\System\KEUVtgK.exe
  2⤵
  PID:2304
- C:\Windows\System\OqzVqIv.exe
  C:\Windows\System\OqzVqIv.exe
  2⤵
  PID:9580
- C:\Windows\System\oeqvhxN.exe
  C:\Windows\System\oeqvhxN.exe
  2⤵
  PID:9644
- C:\Windows\System\HMOFxdX.exe
  C:\Windows\System\HMOFxdX.exe
  2⤵
  PID:9688
- C:\Windows\System\OxEecIc.exe
  C:\Windows\System\OxEecIc.exe
  2⤵
  PID:9736
- C:\Windows\System\WEjfAOo.exe
  C:\Windows\System\WEjfAOo.exe
  2⤵
  PID:9856
- C:\Windows\System\EAoEXSG.exe
  C:\Windows\System\EAoEXSG.exe
  2⤵
  PID:9908
- C:\Windows\System\JzWWubR.exe
  C:\Windows\System\JzWWubR.exe
  2⤵
  PID:9960
- C:\Windows\System\vTTfxMF.exe
  C:\Windows\System\vTTfxMF.exe
  2⤵
  PID:10044
- C:\Windows\System\lnjerEV.exe
  C:\Windows\System\lnjerEV.exe
  2⤵
  PID:10116
- C:\Windows\System\lICOBgi.exe
  C:\Windows\System\lICOBgi.exe
  2⤵
  PID:10152
- C:\Windows\System\mKITUJk.exe
  C:\Windows\System\mKITUJk.exe
  2⤵
  PID:10236
- C:\Windows\System\QmBAutk.exe
  C:\Windows\System\QmBAutk.exe
  2⤵
  PID:9356
- C:\Windows\System\GwqnbzX.exe
  C:\Windows\System\GwqnbzX.exe
  2⤵
  PID:9484
- C:\Windows\System\xBBjPDB.exe
  C:\Windows\System\xBBjPDB.exe
  2⤵
  PID:9576
- C:\Windows\System\uNvWETv.exe
  C:\Windows\System\uNvWETv.exe
  2⤵
  PID:9784
- C:\Windows\System\xxJkhKl.exe
  C:\Windows\System\xxJkhKl.exe
  2⤵
  PID:9972
- C:\Windows\System\PfdaBhy.exe
  C:\Windows\System\PfdaBhy.exe
  2⤵
  PID:10048
- C:\Windows\System\KaYTinY.exe
  C:\Windows\System\KaYTinY.exe
  2⤵
  PID:10132
- C:\Windows\System\euTaMLY.exe
  C:\Windows\System\euTaMLY.exe
  2⤵
  PID:10232
- C:\Windows\System\BPdurQs.exe
  C:\Windows\System\BPdurQs.exe
  2⤵
  PID:9444
- C:\Windows\System\wvTlsCd.exe
  C:\Windows\System\wvTlsCd.exe
  2⤵
  PID:9940
- C:\Windows\System\GtxVZiq.exe
  C:\Windows\System\GtxVZiq.exe
  2⤵
  PID:9748
- C:\Windows\System\GhScgbP.exe
  C:\Windows\System\GhScgbP.exe
  2⤵
  PID:10108
- C:\Windows\System\RLzEymh.exe
  C:\Windows\System\RLzEymh.exe
  2⤵
  PID:10256
- C:\Windows\System\oLPIXGI.exe
  C:\Windows\System\oLPIXGI.exe
  2⤵
  PID:10284
- C:\Windows\System\KaRydRV.exe
  C:\Windows\System\KaRydRV.exe
  2⤵
  PID:10300
- C:\Windows\System\HZXTAwg.exe
  C:\Windows\System\HZXTAwg.exe
  2⤵
  PID:10328
- C:\Windows\System\dyCzuvA.exe
  C:\Windows\System\dyCzuvA.exe
  2⤵
  PID:10368
- C:\Windows\System\StXuXDi.exe
  C:\Windows\System\StXuXDi.exe
  2⤵
  PID:10396
- C:\Windows\System\KMFjjlQ.exe
  C:\Windows\System\KMFjjlQ.exe
  2⤵
  PID:10412
- C:\Windows\System\xULeZqQ.exe
  C:\Windows\System\xULeZqQ.exe
  2⤵
  PID:10436
- C:\Windows\System\BRyVnue.exe
  C:\Windows\System\BRyVnue.exe
  2⤵
  PID:10468
- C:\Windows\System\PuFjEbe.exe
  C:\Windows\System\PuFjEbe.exe
  2⤵
  PID:10492
- C:\Windows\System\hIpKvkm.exe
  C:\Windows\System\hIpKvkm.exe
  2⤵
  PID:10536
- C:\Windows\System\hUKRKoD.exe
  C:\Windows\System\hUKRKoD.exe
  2⤵
  PID:10564
- C:\Windows\System\rHDbbMg.exe
  C:\Windows\System\rHDbbMg.exe
  2⤵
  PID:10592
- C:\Windows\System\PyYVDzz.exe
  C:\Windows\System\PyYVDzz.exe
  2⤵
  PID:10620
- C:\Windows\System\tEKALYj.exe
  C:\Windows\System\tEKALYj.exe
  2⤵
  PID:10648
- C:\Windows\System\KMyRyRI.exe
  C:\Windows\System\KMyRyRI.exe
  2⤵
  PID:10676
- C:\Windows\System\RfFzZgc.exe
  C:\Windows\System\RfFzZgc.exe
  2⤵
  PID:10704
- C:\Windows\System\CEXizzr.exe
  C:\Windows\System\CEXizzr.exe
  2⤵
  PID:10732
- C:\Windows\System\liiSISa.exe
  C:\Windows\System\liiSISa.exe
  2⤵
  PID:10760
- C:\Windows\System\AqXDiJq.exe
  C:\Windows\System\AqXDiJq.exe
  2⤵
  PID:10780
- C:\Windows\System\dczpVZk.exe
  C:\Windows\System\dczpVZk.exe
  2⤵
  PID:10812
- C:\Windows\System\IGQBAiR.exe
  C:\Windows\System\IGQBAiR.exe
  2⤵
  PID:10832
- C:\Windows\System\CpwahgS.exe
  C:\Windows\System\CpwahgS.exe
  2⤵
  PID:10860
- C:\Windows\System\XbvLDSr.exe
  C:\Windows\System\XbvLDSr.exe
  2⤵
  PID:10900
- C:\Windows\System\IRcKzLB.exe
  C:\Windows\System\IRcKzLB.exe
  2⤵
  PID:10924
- C:\Windows\System\KYpmWQR.exe
  C:\Windows\System\KYpmWQR.exe
  2⤵
  PID:10956
- C:\Windows\System\wDsljny.exe
  C:\Windows\System\wDsljny.exe
  2⤵
  PID:10984
- C:\Windows\System\gnhehuH.exe
  C:\Windows\System\gnhehuH.exe
  2⤵
  PID:11012
- C:\Windows\System\vxJRDgL.exe
  C:\Windows\System\vxJRDgL.exe
  2⤵
  PID:11040
- C:\Windows\System\aZQSNnR.exe
  C:\Windows\System\aZQSNnR.exe
  2⤵
  PID:11068
- C:\Windows\System\xyrFXpF.exe
  C:\Windows\System\xyrFXpF.exe
  2⤵
  PID:11096
- C:\Windows\System\Btrpdei.exe
  C:\Windows\System\Btrpdei.exe
  2⤵
  PID:11132
- C:\Windows\System\fXBTtFH.exe
  C:\Windows\System\fXBTtFH.exe
  2⤵
  PID:11160
- C:\Windows\System\zFfnMux.exe
  C:\Windows\System\zFfnMux.exe
  2⤵
  PID:11188
- C:\Windows\System\NycxbsG.exe
  C:\Windows\System\NycxbsG.exe
  2⤵
  PID:11216
- C:\Windows\System\JlxmFIX.exe
  C:\Windows\System\JlxmFIX.exe
  2⤵
  PID:11248
- C:\Windows\System\bUZRLas.exe
  C:\Windows\System\bUZRLas.exe
  2⤵
  PID:9428
- C:\Windows\System\tmoOmoq.exe
  C:\Windows\System\tmoOmoq.exe
  2⤵
  PID:10296
- C:\Windows\System\lYzMGwb.exe
  C:\Windows\System\lYzMGwb.exe
  2⤵
  PID:10360
- C:\Windows\System\KOsQVbE.exe
  C:\Windows\System\KOsQVbE.exe
  2⤵
  PID:10404
- C:\Windows\System\tZtmfPP.exe
  C:\Windows\System\tZtmfPP.exe
  2⤵
  PID:10448
- C:\Windows\System\pJAmhOz.exe
  C:\Windows\System\pJAmhOz.exe
  2⤵
  PID:10456
- C:\Windows\System\cRuvRUO.exe
  C:\Windows\System\cRuvRUO.exe
  2⤵
  PID:10584
- C:\Windows\System\CRQAXDh.exe
  C:\Windows\System\CRQAXDh.exe
  2⤵
  PID:10668
- C:\Windows\System\zjVaJFz.exe
  C:\Windows\System\zjVaJFz.exe
  2⤵
  PID:10716
- C:\Windows\System\YBRfBst.exe
  C:\Windows\System\YBRfBst.exe
  2⤵
  PID:10804
- C:\Windows\System\JCusvkz.exe
  C:\Windows\System\JCusvkz.exe
  2⤵
  PID:10828
- C:\Windows\System\ltYJkxK.exe
  C:\Windows\System\ltYJkxK.exe
  2⤵
  PID:10896
- C:\Windows\System\mtxCQru.exe
  C:\Windows\System\mtxCQru.exe
  2⤵
  PID:10952
- C:\Windows\System\nMRAegD.exe
  C:\Windows\System\nMRAegD.exe
  2⤵
  PID:11004
- C:\Windows\System\XeXGNRT.exe
  C:\Windows\System\XeXGNRT.exe
  2⤵
  PID:9260
- C:\Windows\System\jFTxfHF.exe
  C:\Windows\System\jFTxfHF.exe
  2⤵
  PID:11180
- C:\Windows\System\aegcUzj.exe
  C:\Windows\System\aegcUzj.exe
  2⤵
  PID:11244
- C:\Windows\System\dyBNCuL.exe
  C:\Windows\System\dyBNCuL.exe
  2⤵
  PID:10280
- C:\Windows\System\RvlRhpe.exe
  C:\Windows\System\RvlRhpe.exe
  2⤵
  PID:10384
- C:\Windows\System\dJgtpJm.exe
  C:\Windows\System\dJgtpJm.exe
  2⤵
  PID:10548
- C:\Windows\System\eDPcBkh.exe
  C:\Windows\System\eDPcBkh.exe
  2⤵
  PID:10660
- C:\Windows\System\VtEAjlo.exe
  C:\Windows\System\VtEAjlo.exe
  2⤵
  PID:10824
- C:\Windows\System\nwJPdbY.exe
  C:\Windows\System\nwJPdbY.exe
  2⤵
  PID:11024
- C:\Windows\System\bTXQETr.exe
  C:\Windows\System\bTXQETr.exe
  2⤵
  PID:11144
- C:\Windows\System\exBsgEn.exe
  C:\Windows\System\exBsgEn.exe
  2⤵
  PID:11232
- C:\Windows\System\CHuCXXq.exe
  C:\Windows\System\CHuCXXq.exe
  2⤵
  PID:10520
- C:\Windows\System\JrVsTDh.exe
  C:\Windows\System\JrVsTDh.exe
  2⤵
  PID:10644
- C:\Windows\System\UOhHMVF.exe
  C:\Windows\System\UOhHMVF.exe
  2⤵
  PID:11172
- C:\Windows\System\UCjLVyh.exe
  C:\Windows\System\UCjLVyh.exe
  2⤵
  PID:1136
- C:\Windows\System\iJEBuNb.exe
  C:\Windows\System\iJEBuNb.exe
  2⤵
  PID:10724
- C:\Windows\System\JJLbSyz.exe
  C:\Windows\System\JJLbSyz.exe
  2⤵
  PID:11292
- C:\Windows\System\YaGOdDp.exe
  C:\Windows\System\YaGOdDp.exe
  2⤵
  PID:11320
- C:\Windows\System\gMJPWVB.exe
  C:\Windows\System\gMJPWVB.exe
  2⤵
  PID:11344
- C:\Windows\System\TrTSMUj.exe
  C:\Windows\System\TrTSMUj.exe
  2⤵
  PID:11376
- C:\Windows\System\jSFzHRW.exe
  C:\Windows\System\jSFzHRW.exe
  2⤵
  PID:11404
- C:\Windows\System\IVdhqgX.exe
  C:\Windows\System\IVdhqgX.exe
  2⤵
  PID:11432
- C:\Windows\System\GpcyMOW.exe
  C:\Windows\System\GpcyMOW.exe
  2⤵
  PID:11460
- C:\Windows\System\JqcZkbZ.exe
  C:\Windows\System\JqcZkbZ.exe
  2⤵
  PID:11488
- C:\Windows\System\tKWUfiZ.exe
  C:\Windows\System\tKWUfiZ.exe
  2⤵
  PID:11516
- C:\Windows\System\KDMHOMZ.exe
  C:\Windows\System\KDMHOMZ.exe
  2⤵
  PID:11544
- C:\Windows\System\GDYBjxx.exe
  C:\Windows\System\GDYBjxx.exe
  2⤵
  PID:11572
- C:\Windows\System\cCAdUmW.exe
  C:\Windows\System\cCAdUmW.exe
  2⤵
  PID:11600
- C:\Windows\System\YdxgGLm.exe
  C:\Windows\System\YdxgGLm.exe
  2⤵
  PID:11628
- C:\Windows\System\EOMmfGK.exe
  C:\Windows\System\EOMmfGK.exe
  2⤵
  PID:11656
- C:\Windows\System\OTaFemN.exe
  C:\Windows\System\OTaFemN.exe
  2⤵
  PID:11684
- C:\Windows\System\yghwIOH.exe
  C:\Windows\System\yghwIOH.exe
  2⤵
  PID:11724
- C:\Windows\System\XJCElsy.exe
  C:\Windows\System\XJCElsy.exe
  2⤵
  PID:11748
- C:\Windows\System\vTHlxPt.exe
  C:\Windows\System\vTHlxPt.exe
  2⤵
  PID:11772
- C:\Windows\System\rhEyLgf.exe
  C:\Windows\System\rhEyLgf.exe
  2⤵
  PID:11800
- C:\Windows\System\ISGWtYl.exe
  C:\Windows\System\ISGWtYl.exe
  2⤵
  PID:11828
- C:\Windows\System\upreRpU.exe
  C:\Windows\System\upreRpU.exe
  2⤵
  PID:11856
- C:\Windows\System\loDToqS.exe
  C:\Windows\System\loDToqS.exe
  2⤵
  PID:11884
- C:\Windows\System\fGILkeD.exe
  C:\Windows\System\fGILkeD.exe
  2⤵
  PID:11912
- C:\Windows\System\LyiRJRW.exe
  C:\Windows\System\LyiRJRW.exe
  2⤵
  PID:11940
- C:\Windows\System\XvOEtjW.exe
  C:\Windows\System\XvOEtjW.exe
  2⤵
  PID:11968
- C:\Windows\System\GmsarQz.exe
  C:\Windows\System\GmsarQz.exe
  2⤵
  PID:11996
- C:\Windows\System\ZWBqrgr.exe
  C:\Windows\System\ZWBqrgr.exe
  2⤵
  PID:12024
- C:\Windows\System\Mosvzws.exe
  C:\Windows\System\Mosvzws.exe
  2⤵
  PID:12052
- C:\Windows\System\vUzsVvW.exe
  C:\Windows\System\vUzsVvW.exe
  2⤵
  PID:12080
- C:\Windows\System\lQGnBYm.exe
  C:\Windows\System\lQGnBYm.exe
  2⤵
  PID:12108
- C:\Windows\System\eYZZWfv.exe
  C:\Windows\System\eYZZWfv.exe
  2⤵
  PID:12136
- C:\Windows\System\bNYPxAp.exe
  C:\Windows\System\bNYPxAp.exe
  2⤵
  PID:12164
- C:\Windows\System\sxsjJWb.exe
  C:\Windows\System\sxsjJWb.exe
  2⤵
  PID:12192
- C:\Windows\System\ZFaJBvC.exe
  C:\Windows\System\ZFaJBvC.exe
  2⤵
  PID:12220
- C:\Windows\System\WOmOrNH.exe
  C:\Windows\System\WOmOrNH.exe
  2⤵
  PID:12248
- C:\Windows\System\fOoFMMr.exe
  C:\Windows\System\fOoFMMr.exe
  2⤵
  PID:12284
- C:\Windows\System\Wjzeove.exe
  C:\Windows\System\Wjzeove.exe
  2⤵
  PID:11304
- C:\Windows\System\JsIsczz.exe
  C:\Windows\System\JsIsczz.exe
  2⤵
  PID:11372
- C:\Windows\System\RxIkETm.exe
  C:\Windows\System\RxIkETm.exe
  2⤵
  PID:11444
- C:\Windows\System\YVOsucZ.exe
  C:\Windows\System\YVOsucZ.exe
  2⤵
  PID:11508
- C:\Windows\System\mlnsIaa.exe
  C:\Windows\System\mlnsIaa.exe
  2⤵
  PID:11568
- C:\Windows\System\DhtQBtX.exe
  C:\Windows\System\DhtQBtX.exe
  2⤵
  PID:11624
- C:\Windows\System\vHSvgqR.exe
  C:\Windows\System\vHSvgqR.exe
  2⤵
  PID:11668
- C:\Windows\System\MNGIaoL.exe
  C:\Windows\System\MNGIaoL.exe
  2⤵
  PID:6024
- C:\Windows\System\bTeEuOw.exe
  C:\Windows\System\bTeEuOw.exe
  2⤵
  PID:4272
- C:\Windows\System\RpWZwmV.exe
  C:\Windows\System\RpWZwmV.exe
  2⤵
  PID:3096
- C:\Windows\System\bJRaucr.exe
  C:\Windows\System\bJRaucr.exe
  2⤵
  PID:11732
- C:\Windows\System\srvwKvt.exe
  C:\Windows\System\srvwKvt.exe
  2⤵
  PID:11756
- C:\Windows\System\hNJRLkq.exe
  C:\Windows\System\hNJRLkq.exe
  2⤵
  PID:11816
- C:\Windows\System\ZuNfqxK.exe
  C:\Windows\System\ZuNfqxK.exe
  2⤵
  PID:11880
- C:\Windows\System\jXrizAa.exe
  C:\Windows\System\jXrizAa.exe
  2⤵
  PID:11952
- C:\Windows\System\KAPbNyP.exe
  C:\Windows\System\KAPbNyP.exe
  2⤵
  PID:12012
- C:\Windows\System\qQnKzwU.exe
  C:\Windows\System\qQnKzwU.exe
  2⤵
  PID:12120
- C:\Windows\System\XuGenno.exe
  C:\Windows\System\XuGenno.exe
  2⤵
  PID:12156
- C:\Windows\System\orQRWgt.exe
  C:\Windows\System\orQRWgt.exe
  2⤵
  PID:12212
- C:\Windows\System\ewvNfoY.exe
  C:\Windows\System\ewvNfoY.exe
  2⤵
  PID:2396
- C:\Windows\System\zvDpmqB.exe
  C:\Windows\System\zvDpmqB.exe
  2⤵
  PID:11420
- C:\Windows\System\ljlCzbf.exe
  C:\Windows\System\ljlCzbf.exe
  2⤵
  PID:11564
- C:\Windows\System\mlBoknw.exe
  C:\Windows\System\mlBoknw.exe
  2⤵
  PID:6992
- C:\Windows\System\jmGDBsc.exe
  C:\Windows\System\jmGDBsc.exe
  2⤵
  PID:4788
- C:\Windows\System\iFvHtNV.exe
  C:\Windows\System\iFvHtNV.exe
  2⤵
  PID:6132
- C:\Windows\System\aMsAqbv.exe
  C:\Windows\System\aMsAqbv.exe
  2⤵
  PID:11116
- C:\Windows\System\VNOjIah.exe
  C:\Windows\System\VNOjIah.exe
  2⤵
  PID:4920
- C:\Windows\System\wjdguez.exe
  C:\Windows\System\wjdguez.exe
  2⤵
  PID:11908
- C:\Windows\System\EmVJlBz.exe
  C:\Windows\System\EmVJlBz.exe
  2⤵
  PID:12072
- C:\Windows\System\GGIRtnn.exe
  C:\Windows\System\GGIRtnn.exe
  2⤵
  PID:12132
- C:\Windows\System\imNRPiA.exe
  C:\Windows\System\imNRPiA.exe
  2⤵
  PID:12280
- C:\Windows\System\RkGmczJ.exe
  C:\Windows\System\RkGmczJ.exe
  2⤵
  PID:11760
- C:\Windows\System\ircqvah.exe
  C:\Windows\System\ircqvah.exe
  2⤵
  PID:7300
- C:\Windows\System\PQvFOBy.exe
  C:\Windows\System\PQvFOBy.exe
  2⤵
  PID:11812
- C:\Windows\System\CMhYqme.exe
  C:\Windows\System\CMhYqme.exe
  2⤵
  PID:12240
- C:\Windows\System\keEleBu.exe
  C:\Windows\System\keEleBu.exe
  2⤵
  PID:12008
- C:\Windows\System\OJbNgsv.exe
  C:\Windows\System\OJbNgsv.exe
  2⤵
  PID:12308
- C:\Windows\System\YspNCRE.exe
  C:\Windows\System\YspNCRE.exe
  2⤵
  PID:12324
- C:\Windows\System\sptqMNI.exe
  C:\Windows\System\sptqMNI.exe
  2⤵
  PID:12352
- C:\Windows\System\rOvyBjG.exe
  C:\Windows\System\rOvyBjG.exe
  2⤵
  PID:12392
- C:\Windows\System\qmmUJmy.exe
  C:\Windows\System\qmmUJmy.exe
  2⤵
  PID:12408
- C:\Windows\System\qUmmlyj.exe
  C:\Windows\System\qUmmlyj.exe
  2⤵
  PID:12456
- C:\Windows\System\IlRLWlu.exe
  C:\Windows\System\IlRLWlu.exe
  2⤵
  PID:12472
- C:\Windows\System\WhrLjtd.exe
  C:\Windows\System\WhrLjtd.exe
  2⤵
  PID:12512
- C:\Windows\System\BIioLFM.exe
  C:\Windows\System\BIioLFM.exe
  2⤵
  PID:12528
- C:\Windows\System\EEmMkGw.exe
  C:\Windows\System\EEmMkGw.exe
  2⤵
  PID:12556
- C:\Windows\System\saudsLg.exe
  C:\Windows\System\saudsLg.exe
  2⤵
  PID:12584
- C:\Windows\System\tszmdOG.exe
  C:\Windows\System\tszmdOG.exe
  2⤵
  PID:12624
- C:\Windows\System\IgJmdiq.exe
  C:\Windows\System\IgJmdiq.exe
  2⤵
  PID:12656
- C:\Windows\System\rejprAP.exe
  C:\Windows\System\rejprAP.exe
  2⤵
  PID:12684
- C:\Windows\System\hqjnUie.exe
  C:\Windows\System\hqjnUie.exe
  2⤵
  PID:12712
- C:\Windows\System\RiwriyS.exe
  C:\Windows\System\RiwriyS.exe
  2⤵
  PID:12732
- C:\Windows\System\RAddYVB.exe
  C:\Windows\System\RAddYVB.exe
  2⤵
  PID:12756
- C:\Windows\System\tPxCMIH.exe
  C:\Windows\System\tPxCMIH.exe
  2⤵
  PID:12796
- C:\Windows\System\kYFxFCe.exe
  C:\Windows\System\kYFxFCe.exe
  2⤵
  PID:12828
- C:\Windows\System\fTyQduE.exe
  C:\Windows\System\fTyQduE.exe
  2⤵
  PID:12856
- C:\Windows\System\vJunTep.exe
  C:\Windows\System\vJunTep.exe
  2⤵
  PID:12888
- C:\Windows\System\RZaohps.exe
  C:\Windows\System\RZaohps.exe
  2⤵
  PID:12912
- C:\Windows\System\UMXHKXP.exe
  C:\Windows\System\UMXHKXP.exe
  2⤵
  PID:12932
- C:\Windows\System\myqZJZL.exe
  C:\Windows\System\myqZJZL.exe
  2⤵
  PID:12972
- C:\Windows\System\fSwWdrC.exe
  C:\Windows\System\fSwWdrC.exe
  2⤵
  PID:13012
- C:\Windows\System\mdoBUMO.exe
  C:\Windows\System\mdoBUMO.exe
  2⤵
  PID:13032
- C:\Windows\System\kBAhFwu.exe
  C:\Windows\System\kBAhFwu.exe
  2⤵
  PID:13060
- C:\Windows\System\hYZjbpF.exe
  C:\Windows\System\hYZjbpF.exe
  2⤵
  PID:13088
- C:\Windows\System\hSFsevF.exe
  C:\Windows\System\hSFsevF.exe
  2⤵
  PID:13116
- C:\Windows\System\gvZpIxo.exe
  C:\Windows\System\gvZpIxo.exe
  2⤵
  PID:13144
- C:\Windows\System\zjrqJsQ.exe
  C:\Windows\System\zjrqJsQ.exe
  2⤵
  PID:13172
- C:\Windows\System\mCURYEl.exe
  C:\Windows\System\mCURYEl.exe
  2⤵
  PID:13200
- C:\Windows\System\gTZMfvx.exe
  C:\Windows\System\gTZMfvx.exe
  2⤵
  PID:13228
- C:\Windows\System\iwpIqED.exe
  C:\Windows\System\iwpIqED.exe
  2⤵
  PID:13256
- C:\Windows\System\DfbKkJp.exe
  C:\Windows\System\DfbKkJp.exe
  2⤵
  PID:13284
- C:\Windows\System\JcCQLBl.exe
  C:\Windows\System\JcCQLBl.exe
  2⤵
  PID:1232
- C:\Windows\System\giZUtLD.exe
  C:\Windows\System\giZUtLD.exe
  2⤵
  PID:12340
- C:\Windows\System\pexEZFA.exe
  C:\Windows\System\pexEZFA.exe
  2⤵
  PID:12400
- C:\Windows\System\ipQGVCc.exe
  C:\Windows\System\ipQGVCc.exe
  2⤵
  PID:12448
- C:\Windows\System\GGWLQlA.exe
  C:\Windows\System\GGWLQlA.exe
  2⤵
  PID:12548
- C:\Windows\System\GJIPOPY.exe
  C:\Windows\System\GJIPOPY.exe
  2⤵
  PID:12608
- C:\Windows\System\hOBqkNo.exe
  C:\Windows\System\hOBqkNo.exe
  2⤵
  PID:12676
- C:\Windows\System\QVDPlxO.exe
  C:\Windows\System\QVDPlxO.exe
  2⤵
  PID:12744
- C:\Windows\System\MsveXsR.exe
  C:\Windows\System\MsveXsR.exe
  2⤵
  PID:12792
- C:\Windows\System\wZUEBoL.exe
  C:\Windows\System\wZUEBoL.exe
  2⤵
  PID:12848
- C:\Windows\System\FwNdifo.exe
  C:\Windows\System\FwNdifo.exe
  2⤵
  PID:12924
- C:\Windows\System\RfYeGwa.exe
  C:\Windows\System\RfYeGwa.exe
  2⤵
  PID:12184
- C:\Windows\System\zJUvNKo.exe
  C:\Windows\System\zJUvNKo.exe
  2⤵
  PID:12964
- C:\Windows\System\UDWxEAy.exe
  C:\Windows\System\UDWxEAy.exe
  2⤵
  PID:13028
- C:\Windows\System\SSZgitv.exe
  C:\Windows\System\SSZgitv.exe
  2⤵
  PID:13084
- C:\Windows\System\ONKGYBA.exe
  C:\Windows\System\ONKGYBA.exe
  2⤵
  PID:13156
- C:\Windows\System\csqsnmK.exe
  C:\Windows\System\csqsnmK.exe
  2⤵
  PID:13220
- C:\Windows\System\NhzpvBx.exe
  C:\Windows\System\NhzpvBx.exe
  2⤵
  PID:13296
- C:\Windows\System\MbcHivP.exe
  C:\Windows\System\MbcHivP.exe
  2⤵
  PID:12388
- C:\Windows\System\TWogWwK.exe
  C:\Windows\System\TWogWwK.exe
  2⤵
  PID:12544
- C:\Windows\System\NjvRFLT.exe
  C:\Windows\System\NjvRFLT.exe
  2⤵
  PID:12648
- C:\Windows\System\yrPaisR.exe
  C:\Windows\System\yrPaisR.exe
  2⤵
  PID:12824
- C:\Windows\System\OlckQId.exe
  C:\Windows\System\OlckQId.exe
  2⤵
  PID:6904
- C:\Windows\System\fBBhSHt.exe
  C:\Windows\System\fBBhSHt.exe
  2⤵
  PID:13044
- C:\Windows\System\VBvPQrP.exe
  C:\Windows\System\VBvPQrP.exe
  2⤵
  PID:13196
- C:\Windows\System\mwyOiEN.exe
  C:\Windows\System\mwyOiEN.exe
  2⤵
  PID:12344
- C:\Windows\System\STSwfhb.exe
  C:\Windows\System\STSwfhb.exe
  2⤵
  PID:12768
- C:\Windows\System\KiNGmsX.exe
  C:\Windows\System\KiNGmsX.exe
  2⤵
  PID:6824
- C:\Windows\System\mcZLhTS.exe
  C:\Windows\System\mcZLhTS.exe
  2⤵
  PID:12316
- C:\Windows\System\eRdcOFX.exe
  C:\Windows\System\eRdcOFX.exe
  2⤵
  PID:13192
- C:\Windows\System\TNkXJDP.exe
  C:\Windows\System\TNkXJDP.exe
  2⤵
  PID:13320
- C:\Windows\System\qgDwgkt.exe
  C:\Windows\System\qgDwgkt.exe
  2⤵
  PID:13348
- C:\Windows\System\zVoKCUz.exe
  C:\Windows\System\zVoKCUz.exe
  2⤵
  PID:13376
- C:\Windows\System\tFysIPe.exe
  C:\Windows\System\tFysIPe.exe
  2⤵
  PID:13404
- C:\Windows\System\fHWUFSP.exe
  C:\Windows\System\fHWUFSP.exe
  2⤵
  PID:13436
- C:\Windows\System\bifNidc.exe
  C:\Windows\System\bifNidc.exe
  2⤵
  PID:13464
- C:\Windows\System\ZnfxwCi.exe
  C:\Windows\System\ZnfxwCi.exe
  2⤵
  PID:13496
- C:\Windows\System\uJneDWC.exe
  C:\Windows\System\uJneDWC.exe
  2⤵
  PID:13524
- C:\Windows\System\vwMSXHp.exe
  C:\Windows\System\vwMSXHp.exe
  2⤵
  PID:13552
- C:\Windows\System\gtAjKNc.exe
  C:\Windows\System\gtAjKNc.exe
  2⤵
  PID:13580
- C:\Windows\System\IGjPNGf.exe
  C:\Windows\System\IGjPNGf.exe
  2⤵
  PID:13608
- C:\Windows\System\jmJlcNZ.exe
  C:\Windows\System\jmJlcNZ.exe
  2⤵
  PID:13636
- C:\Windows\System\YwsqUSv.exe
  C:\Windows\System\YwsqUSv.exe
  2⤵
  PID:13676
- C:\Windows\System\ElEsIzJ.exe
  C:\Windows\System\ElEsIzJ.exe
  2⤵
  PID:13728
- C:\Windows\System\VHvqtBR.exe
  C:\Windows\System\VHvqtBR.exe
  2⤵
  PID:13764
- C:\Windows\System\DHMFJDb.exe
  C:\Windows\System\DHMFJDb.exe
  2⤵
  PID:13792
- C:\Windows\System\CAxLJsL.exe
  C:\Windows\System\CAxLJsL.exe
  2⤵
  PID:13812
- C:\Windows\System\JvKClkH.exe
  C:\Windows\System\JvKClkH.exe
  2⤵
  PID:13836
- C:\Windows\System\fUqKCdR.exe
  C:\Windows\System\fUqKCdR.exe
  2⤵
  PID:13864
- C:\Windows\System\QJkmtKz.exe
  C:\Windows\System\QJkmtKz.exe
  2⤵
  PID:13904
- C:\Windows\System\EirCQBO.exe
  C:\Windows\System\EirCQBO.exe
  2⤵
  PID:13924
- C:\Windows\System\zvglifQ.exe
  C:\Windows\System\zvglifQ.exe
  2⤵
  PID:13956
- C:\Windows\System\RZRxOpP.exe
  C:\Windows\System\RZRxOpP.exe
  2⤵
  PID:13984
- C:\Windows\System\RgFcLLA.exe
  C:\Windows\System\RgFcLLA.exe
  2⤵
  PID:14016
- C:\Windows\System\pwOUgFT.exe
  C:\Windows\System\pwOUgFT.exe
  2⤵
  PID:14052
- C:\Windows\System\FFXGZyq.exe
  C:\Windows\System\FFXGZyq.exe
  2⤵
  PID:14068
- C:\Windows\System\iaKmUPA.exe
  C:\Windows\System\iaKmUPA.exe
  2⤵
  PID:14096
- C:\Windows\System\OQmdLfp.exe
  C:\Windows\System\OQmdLfp.exe
  2⤵
  PID:14124
- C:\Windows\System\TbyNyPB.exe
  C:\Windows\System\TbyNyPB.exe
  2⤵
  PID:14152
- C:\Windows\System\rRfISrI.exe
  C:\Windows\System\rRfISrI.exe
  2⤵
  PID:14176
- C:\Windows\System\PYXRsDV.exe
  C:\Windows\System\PYXRsDV.exe
  2⤵
  PID:14204
- C:\Windows\System\yyDZdkj.exe
  C:\Windows\System\yyDZdkj.exe
  2⤵
  PID:14244
- C:\Windows\System\nnYMXBq.exe
  C:\Windows\System\nnYMXBq.exe
  2⤵
  PID:14276
- C:\Windows\System\TEakiAc.exe
  C:\Windows\System\TEakiAc.exe
  2⤵
  PID:14320
- C:\Windows\System\cDQossA.exe
  C:\Windows\System\cDQossA.exe
  2⤵
  PID:12908
- C:\Windows\System\NJusDYu.exe
  C:\Windows\System\NJusDYu.exe
  2⤵
  PID:13340
- C:\Windows\System\EEMlcIl.exe
  C:\Windows\System\EEMlcIl.exe
  2⤵
  PID:13452
- C:\Windows\System\bElLTwu.exe
  C:\Windows\System\bElLTwu.exe
  2⤵
  PID:13492
- C:\Windows\System\XLqEveT.exe
  C:\Windows\System\XLqEveT.exe
  2⤵
  PID:13540
- C:\Windows\System\vWvCrVB.exe
  C:\Windows\System\vWvCrVB.exe
  2⤵
  PID:13576
- C:\Windows\System\OmsgHKG.exe
  C:\Windows\System\OmsgHKG.exe
  2⤵
  PID:13668
- C:\Windows\System\Exohwpi.exe
  C:\Windows\System\Exohwpi.exe
  2⤵
  PID:3908
- C:\Windows\System\AoSgsCW.exe
  C:\Windows\System\AoSgsCW.exe
  2⤵
  PID:13808
- C:\Windows\System\BpjuqJi.exe
  C:\Windows\System\BpjuqJi.exe
  2⤵
  PID:13852
- C:\Windows\System\WbZuIeP.exe
  C:\Windows\System\WbZuIeP.exe
  2⤵
  PID:13920
- C:\Windows\System\zVzHRCr.exe
  C:\Windows\System\zVzHRCr.exe
  2⤵
  PID:13996
- C:\Windows\System\wOFUpzO.exe
  C:\Windows\System\wOFUpzO.exe
  2⤵
  PID:14080
- C:\Windows\System\TQCDwdx.exe
  C:\Windows\System\TQCDwdx.exe
  2⤵
  PID:14116
- C:\Windows\System\bIYyZIA.exe
  C:\Windows\System\bIYyZIA.exe
  2⤵
  PID:14196
- C:\Windows\System\CXHWDff.exe
  C:\Windows\System\CXHWDff.exe
  2⤵
  PID:14268
- C:\Windows\System\ElQFIGh.exe
  C:\Windows\System\ElQFIGh.exe
  2⤵
  PID:13704
- C:\Windows\System\BJukgRW.exe
  C:\Windows\System\BJukgRW.exe
  2⤵
  PID:14312
- C:\Windows\System\FPdRXzd.exe
  C:\Windows\System\FPdRXzd.exe
  2⤵
  PID:13332
- C:\Windows\System\HHkIETn.exe
  C:\Windows\System\HHkIETn.exe
  2⤵
  PID:13652
- C:\Windows\System\KASYJbR.exe
  C:\Windows\System\KASYJbR.exe
  2⤵
  PID:13604
- C:\Windows\System\QBTFkRn.exe
  C:\Windows\System\QBTFkRn.exe
  2⤵
  PID:1092
- C:\Windows\System\kYikfTc.exe
  C:\Windows\System\kYikfTc.exe
  2⤵
  PID:13848
- C:\Windows\System\hymLqGl.exe
  C:\Windows\System\hymLqGl.exe
  2⤵
  PID:13976
- C:\Windows\System\isaTEIS.exe
  C:\Windows\System\isaTEIS.exe
  2⤵
  PID:14140
- C:\Windows\System\bbeCZIJ.exe
  C:\Windows\System\bbeCZIJ.exe
  2⤵
  PID:13724
- C:\Windows\System\kEdxuAO.exe
  C:\Windows\System\kEdxuAO.exe
  2⤵
  PID:13388
- C:\Windows\System\tALIbvF.exe
  C:\Windows\System\tALIbvF.exe
  2⤵
  PID:4468
- C:\Windows\System\rfyDKkx.exe
  C:\Windows\System\rfyDKkx.exe
  2⤵
  PID:14064
- C:\Windows\System\uCDgbUa.exe
  C:\Windows\System\uCDgbUa.exe
  2⤵
  PID:14296
- C:\Windows\System\ktthUmf.exe
  C:\Windows\System\ktthUmf.exe
  2⤵
  PID:13244
- C:\Windows\System\bsuxUGt.exe
  C:\Windows\System\bsuxUGt.exe
  2⤵
  PID:13480
- C:\Windows\System\xzDeefI.exe
  C:\Windows\System\xzDeefI.exe
  2⤵
  PID:14356
- C:\Windows\System\XIEBmRr.exe
  C:\Windows\System\XIEBmRr.exe
  2⤵
  PID:14464
- C:\Windows\System\KpCzItX.exe
  C:\Windows\System\KpCzItX.exe
  2⤵
  PID:14488

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\HAXoEYf.exe

Filesize
2.6MB

MD5
34472da0be21a66b6cc6a1042f7ae27a

SHA1
62fcc77e2d3e3327ab617516bcd601aa82ff53fe

SHA256
e6cb2b69c91238f4ba3e84f994563b8b94e1095c79fad06570559b2a347d961d

SHA512
34fe72b8354a6f82ecd68f93308a2f70e4ac9189fc3fddff4b58f308644c3004a08fa9849481d85b2203e27bc74dff9555c2ce55f5c9c7f821e9a6b5503ab738

Download Submit
C:\Windows\System\Hmfgvft.exe

Filesize
2.6MB

MD5
97bc3cbc3d8c493676a28de10626c88b

SHA1
8f6581e7c8bb2b1fd7aa52ddee159de878d717cc

SHA256
1f59595e96c571a61137b5b5c009351b58c3d8dc01a4d7db7937da8c6d1b33ce

SHA512
ff1e4cb82f5fc86537819b52c90ebe1b0c57d94c401092726646f81af394a0389cb7f9600715a18cb3d44e661abe3d68e4182ca7068281a8d43033ea16fe8d4b

Download Submit
C:\Windows\System\HyixyqW.exe

Filesize
2.6MB

MD5
222827b53fd94c5351ef4dc08d32541a

SHA1
9e38ec626e8b665d19078281e1b04fab19dc2b07

SHA256
d6e5906ed8d6cbfc4f40c6d35af5a9bead6e160759fdac8a63b1c3625bfe62f7

SHA512
1d0285b5e5f30cd278f2bdea8e049875ae23dffc21f9c3efa20ec171ae8523b30631eb3d97e0e315847e99c4911f27c9edefa189947e8a83d0097d3e7d4f595e

Download Submit
C:\Windows\System\ISHVbIx.exe

Filesize
2.6MB

MD5
be6249fcd1e41d7f2280710fdb0a931a

SHA1
7f8982e5fbf716d1347516c23a26b0fca9f3c1cc

SHA256
99c3d3d4c718825a31e1c2119d64c9a021d868ed75bdad793ca5d52a4def2c7c

SHA512
e7e03fa7991b0948245a1f9797cca0d5cd0f8043df7dc74806a5a1dfc79defbf3b01c841bd30f29700bf0e2fddc26cc73fa2525d081b433bd910a41354177d50

Download Submit
C:\Windows\System\ImmjzPd.exe

Filesize
2.6MB

MD5
53b8533e4628c4ea337462576242e5ab

SHA1
d1b3fc6faa4cbf982196ac00ffd2c6cefbb9db17

SHA256
daf47236069823bc4b6c310c5abb965930b69f3216e95195585fad10c2697884

SHA512
69aa41f947a5756b21f0624d7ae590f59ca971b4716c5a316fcb938f9e5e56894d4ff885e8c5ebc29208e928dbb08708013fc5f632085153ad3db61224eaa4d8

Download Submit
C:\Windows\System\JUwXXaF.exe

Filesize
2.6MB

MD5
1716422c121f12ae5e5d54a2675396f5

SHA1
89108b3517a4d2219cd32b4c09ebf764ab58bc1a

SHA256
6abb7f3e627a47df3129c4fcb29d960605f1535a02f1e797bcc13e78fb89a21e

SHA512
de0058b09b12c3977fa948a8a9c5880d42df1fe64585411a20eec271b2deaac14c3477eeb66f9775ed906c77e11f4b7cbb6ef4cd75f98503eb030f902f6a60dd

Download Submit
C:\Windows\System\JhKIQDJ.exe

Filesize
2.6MB

MD5
533a17ce9f55f45b76ad9f70831a169a

SHA1
7bc5a56b3945d783d2887745cc4814e64689f8ae

SHA256
a61e1e6019cd4c3bc19e513151b6a66b5714b5ab21567033c8425737e3a531dc

SHA512
01183c8f15818ad250001bf6faa652ccc9af3c2565ebe5f54952c0a6f45ccf2552554f8bd756737f42dfe8b02772b32a6403dc936b35b4e3be8d9f60fa70736c

Download Submit
C:\Windows\System\KTsFovp.exe

Filesize
2.6MB

MD5
138fbf62770a959c6851cd4407298374

SHA1
24cff21691f1aaa42a56c82464c11f155a629340

SHA256
ee46d5f96fec0f5046fc48e98dbda81c024f774367dfc1aac2b48a35076d9c56

SHA512
1ab56c700751201894463278abfdbfaf7179eca98e0fbd9cdcaf760eab6699ef297f8fa3b6d8adc4449dfb2cb32b965c8e2c05571d3a4fdae10e433f37604c82

Download Submit
C:\Windows\System\KfyYbBv.exe

Filesize
2.6MB

MD5
bf803bca619c27487d7462172397ba47

SHA1
61f6d94bc9aae11a2b610ef50ac9f96dba225a79

SHA256
99667d4a0c60a5c3fb42312dd3c92b67e59090222e78c234c77a22606fbeeb63

SHA512
7e902f00fb7fa1ce6bc9da525c2a7bdc592e05cb2234ac79fd296637f0080f339cbc242d733f1c4f7942e81881ed606c0964a8ea98c6bc5d7f7e3bd7f94b565c

Download Submit
C:\Windows\System\LjRaHPp.exe

Filesize
2.6MB

MD5
ed5a4b166624753b970babb9fd69185b

SHA1
e3c1c2670c3607ccd7b6216bce2fe9aeb6803b7e

SHA256
96f119ba6dfdf0ac78f0de9bb71e78d0c055786c3cd481a3304808114aa6d486

SHA512
9f839a50aaf0a9dc4071035007b1c1cf72128edc28f42d446ba8c947dc1ba5508dd8f174c540a7436fc28cb86479815e596a4feb490fc1d9934c9ecd70388914

Download Submit
C:\Windows\System\PYXWWgG.exe

Filesize
2.6MB

MD5
ae54114aad923872453e0c62364ecf4c

SHA1
3a1e85d4349142fbd8f9231e2de27ee677d50de7

SHA256
99ad28aae872466c34f168d3557c5c9e648f69597feaee40fc26513991e4a9a0

SHA512
7f00757ec61561892a6c625b1720232cb2b953e5dd8d87f9612039c4e62924687ddeeec1a067a81761cce330872354196ba5a492f1790c0175f5fcad8161bb55

Download Submit
C:\Windows\System\RFxZcuP.exe

Filesize
2.6MB

MD5
40a80eb6f041564aa94613cf3c8b07bb

SHA1
418b25f651e089985e44011100c8d807e9e67eb9

SHA256
fabf49ff12f3fcaad43fd982334a5609275284ec5abfbbf433fad05441c7fc74

SHA512
885449148fb92a24ace8a998990ddda173604f3f208cf53baccd7aef66de674d2026a70d9e69ecbce9964e0a8f05e9d30a49a69c010c82406ea8608ecd7591fc

Download Submit
C:\Windows\System\bMyJHFk.exe

Filesize
2.6MB

MD5
aa40e400d7fd70efe481284376957a0d

SHA1
35305ad15087bbcf13a6d05023eee9497770b325

SHA256
50ac6d82ddbc4c5196a463dfc3656128f012f888bb6cba50f6006a9d3eff654e

SHA512
21b20cd207668fe1cb523d470bedcf630401747c0add1b7acb7931c9e99558ff3353260d77a1a990d8303ccd53e46fac013e5998549482030591896b65815b6b

Download Submit
C:\Windows\System\bnlAJMp.exe

Filesize
2.6MB

MD5
46c0beea19ea8ffea2b1e2d4366c1af3

SHA1
f99f8fe6b0ae7837d88824fade7afc490706dca6

SHA256
fa8e02d71d68707b9d7cb0a00d004b5c881e668ddf192a2ad5d5e0538fc72a33

SHA512
b108c71c0f4e10ca0f9ed9cb2dcdadb8d95e8509625d0408af25a590d5fd49abb0f2f2ed9d0b116bf517314fefb5fc2187fe30149b7cf771b1d835be079f601a

Download Submit
C:\Windows\System\cEqrkss.exe

Filesize
2.6MB

MD5
d1b3c773c5fd0976aaf162416ede7e60

SHA1
ca8bbcd41b543356bf78289d810a04ead949edc7

SHA256
3b7bfdb942c50f91322c02fa08cec30389bb93063bdad6c6ae901ff2c96f4a1b

SHA512
7726117462e58351c809ca614859aa241494ed7028ab6ecca09e2582523a093d038cdde0a0ada109194288079e67e729935e9ae912cac4bbc72e70dbf5a83fc6

Download Submit
C:\Windows\System\cIqtGit.exe

Filesize
2.6MB

MD5
c5b15f4b9ceb1ed76c7868a07c359e4a

SHA1
0b184d38f6c4ffce895bc982470d8d436dad12c4

SHA256
e031747443147788cf5d613cb80b6816047e406c0c14977f29e8344530179fd6

SHA512
d40481d4e2fb64b9975e127c5dd0ae57c825e263ae885182f066cab18710117a3a74d1c2e99658aaa957b5853f2d036ca6e4c81ffe5861d0477bb925f8823345

Download Submit
C:\Windows\System\cYRQmrs.exe

Filesize
2.6MB

MD5
4a86028e9b824023b646478d65114025

SHA1
1f9473c18af0c5742ab657bc59951000eee047ef

SHA256
da46de07894d2643dee1d01c0f7a5012a769058cd6850ac6c50ba1f68beda6a7

SHA512
b9dd33b6477e41563ceee83cf2ff28a0a5cd98ab6528c1722608495f7251e23175be5f72bb23d9854d9693cbfa8011be31603da549ca2f3dcfdb6215878cbbb0

Download Submit
C:\Windows\System\emjNpQZ.exe

Filesize
2.6MB

MD5
7e420c230f8250a86b9547b3926f180a

SHA1
d64e5dfe920d732aee9233c365844391dd9d7117

SHA256
927878b375fae8a35d2c6618e7ef1ecb4da785a9b8a8657fb8e7f27ef69ab17f

SHA512
790455cdb397fbb7b36dfec3883dbff098eeae8f22610df910ca8a783742b7f71ec14a33469bbf7e3f48dd251770d6b35b69b451fde0a64654a3da2b48049a5e

Download Submit
C:\Windows\System\gJaYrRH.exe

Filesize
2.6MB

MD5
738b150c4a102db670bdc6bfe344d0e9

SHA1
1678f88403ced64b945b0d7600ad09377026a170

SHA256
e360af6669eb9dd0983d2d09df127b7953f154751cb5a193c0b8b9db5563f2e6

SHA512
8afc529d825730fb65ee6c1d6f7d69d6e70c84f747d96d8efcb5473e42f107241bc49e02a0f0c68bb1a958f92809e2ea552f266474b4e9dbfd71d532d8075a8c

Download Submit
C:\Windows\System\hXyqobC.exe

Filesize
2.6MB

MD5
7bbcb99426fab2a7674147aba899182c

SHA1
4bc42d3a723ffb4eb7c27f0f209e2b9d85487ee1

SHA256
6fab17b523572535fa2bc341aded8e9b688951a50564393946c68eb4a1d1b943

SHA512
87c287d0d40811ad8ea3924b0b13824dfc6e025e141d76184da8aedef44890196a9c6981623e7d618bcdadfc91f43d37bbc96355632e00799fcd2b197a7378a3

Download Submit
C:\Windows\System\koIxzTD.exe

Filesize
2.6MB

MD5
b476d7932b4f2443864506e15c5868df

SHA1
ffa4f89082b894130a329758b74b35ae9cb04b58

SHA256
e063fb3bf19fd018a4e49627086db4be801e9c65145d42fff1aef762ad2b95ca

SHA512
efd5fae024cd08c2c298296d18a301dc26bea3a4d9f7dc42d6419cffec35cd5e5ed0dc33294876e4b5a5bc61e5f631bb8e627b977b6b7b436c6498c0247091a3

Download Submit
C:\Windows\System\koegemL.exe

Filesize
2.6MB

MD5
21b9e84a8f585961fcd0fadad473d6b0

SHA1
baf6c041efc432ee506a4705b0497f07a541185c

SHA256
9589768657316b3ef4415d5087f411ea00a853b9ec1c65e14c0e6239dc62e109

SHA512
5173d8bf088c2e6e9afa48d572050d75813055541b25cd39d826036c63fd02f701b52116a895f33e4f129d0bebe3eb07d84640e2171a83f16361a46faecf84ba

Download Submit
C:\Windows\System\lwlHdvy.exe

Filesize
2.6MB

MD5
edcb3ea39c293afc58b226227dd78fe7

SHA1
718f1849dba87240e3b8e2623689e4cf3cc2022c

SHA256
7821272610738fd4e46b2759f10bd65870c7e688d6a730c3f7fc3cf7ac6c1250

SHA512
6873a03db344bfaae6f7111b7ac90421efa9d521000178932eea9d9463f9257570765d58fc3b8dacaa36ab035a309f44586ba310e320e38e7e0aad920de194bc

Download Submit
C:\Windows\System\nTFwvlR.exe

Filesize
2.6MB

MD5
b1a59c0de7cfdcf7204acbd80fe19ced

SHA1
392ca889b8045cea5b662d5cdf9758943a39ccdd

SHA256
e020f52585a09074201757d14487c459c5b993710a747195525daf7be2ee99ee

SHA512
f2051ee4c1342a293bf4df47d0791c8cb12be2f6cc2d4a72bab78a3d6482b7efa7e0f8a087189efa93e80425402a84d11cdef138c42187f59bfbd8734bcfa5d2

Download Submit
C:\Windows\System\rWkJEWh.exe

Filesize
2.6MB

MD5
ca3911c6b0fa9c4c1862a3edce6f4538

SHA1
d6f03f8bccee4a85de343e0288ee95696d782184

SHA256
da84cb216480b43e0db6c145899f2842501c84906d92f2f7e63c43120fda022a

SHA512
9d3c41262487c8eb82b87c423af90e8318ed6c538a6cd2dc5e6f4615449d3f2b1fbafe9f584ed890ed9dfd9d7ff895563969a663d2875efa7607cfbee18fed5f

Download Submit
C:\Windows\System\sWeZWNS.exe

Filesize
2.6MB

MD5
cfb2d521c750df133f59cdfbaa4cdf30

SHA1
ecf28b0da6c8b5dd1d65efe4be74aad70a3bfedc

SHA256
7f97181cd317b25de68804d32b730e8099d0581763f2f23535ee58e60ec90fe3

SHA512
57cd87d0067507ad36789465bd3f14e1c957c3eb354e092023630db8efaaf6740638aa5cf3a37c432162da04600a97c3cff196d66485c10edf596d06789b8171

Download Submit
C:\Windows\System\sXqpGAi.exe

Filesize
2.6MB

MD5
65d32f96bbf2b7308d96dfe0ae724ff9

SHA1
3740ed135237782640fc57136e3d52cd46df0b32

SHA256
b409af775a12083f0bbbb79e3d0ebe4d1d9360d1b1de05d030bdde838ecce388

SHA512
9acf81444fceb7e84894fbf85f20b3dbadd2ae556770304c4bb7a5064f2b435547552ecb8d22b797f6a7e9a001af2c10643fd79da3c8725c2259986acebd1783

Download Submit
C:\Windows\System\szMPoIN.exe

Filesize
2.6MB

MD5
78fd0797c52482d6459f17911e15cbf2

SHA1
805500df7eeda347ee165debac755e703e4581ad

SHA256
8fe8403dccf8a1f4f177b15f386353cf39477081c0cb436ab4cd89a5476990cd

SHA512
e59be9594d32753e57536bc0b516d9caa1e8513a3ac29c3973b74111a78741d158dbec7d5da6ef2e7f1d91294a1359dc354e00145929e42fa1bcb0d833e7ba68

Download Submit
C:\Windows\System\upGkjbR.exe

Filesize
2.6MB

MD5
a9e15a775441b8d38a808056f1655849

SHA1
9ab6f82500ea5806d880b6e22252a622a4ca5fa4

SHA256
bb3c5831e62a1ac23b99a129226c2e124bd97138c8684fb5fcb6b5f11816b3a8

SHA512
544914d875e3d2a6cc817cff42ff8e3bf5f379d6e0b145c61a09a27123230e050a3ceda2b5182d667028d93d1688998dc09346b0e7614e9eec43cd7757dd98f8

Download Submit
C:\Windows\System\vXGWsQe.exe

Filesize
2.6MB

MD5
f76e3455dde959fce183e1cb3d4c063f

SHA1
2e434719beaf6cc65becff91ce87cd875b1b4151

SHA256
ef5f0119a0e142a07dcbf1e4296b886633e8c5b016c4ff8d978fe90376a7cf27

SHA512
7c85139a708318b8645c6229026f6b83de2786f6cc71631d1aba5e73fa25e812c1a11fa057e06ac350d32cda2ebb60ab3f0daa6da92137455a1d2c32b192216d

Download Submit
C:\Windows\System\vZyRWsm.exe

Filesize
2.6MB

MD5
164c37f8008a5e87240c08f0ea3d91b5

SHA1
4161b5e9eeecddfc3ea19048797db22546896f8b

SHA256
abe088b0afc751a855fa70ddd2e92ccc4bc2db53f9c088a61a51393434fc5c4c

SHA512
b091028c9ee8fdb95a25fd22421e05dfb798a52c7d7df88163c757c80840dd50529ee419bac7945fa05d4a76ffc0d7fc427b34ae2d3847b8fa53086ef15af27c

Download Submit
C:\Windows\System\vrfmcCr.exe

Filesize
2.6MB

MD5
195d48d413e0afc1058f9fc42685ec9c

SHA1
f63316340f245a3748c9be98956640cc99d122a0

SHA256
7619311096eb2bf8273f1de31f583a3bb787905b9012a672560807a6684bd33a

SHA512
01f5b430249a413660ba017114c1c77c0f90bc8e2496dbdcdfd0f04ac19e22e531190ffc748bdf89d9113587270271f8d5b86ea711b675f6fe41d58ad5c144d0

Download Submit
memory/392-2222-0x00007FF6CAF00000-0x00007FF6CB254000-memory.dmp

Filesize
3.3MB

Download
memory/392-613-0x00007FF6CAF00000-0x00007FF6CB254000-memory.dmp

Filesize
3.3MB

Download
memory/488-2194-0x00007FF62D880000-0x00007FF62DBD4000-memory.dmp

Filesize
3.3MB

Download
memory/488-2207-0x00007FF62D880000-0x00007FF62DBD4000-memory.dmp

Filesize
3.3MB

Download
memory/488-66-0x00007FF62D880000-0x00007FF62DBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2225-0x00007FF72BE10000-0x00007FF72C164000-memory.dmp

Filesize
3.3MB

Download
memory/1796-629-0x00007FF72BE10000-0x00007FF72C164000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2226-0x00007FF6E57F0000-0x00007FF6E5B44000-memory.dmp

Filesize
3.3MB

Download
memory/1960-635-0x00007FF6E57F0000-0x00007FF6E5B44000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2195-0x00007FF7836A0000-0x00007FF7839F4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-89-0x00007FF7836A0000-0x00007FF7839F4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2212-0x00007FF7836A0000-0x00007FF7839F4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-603-0x00007FF61BA30000-0x00007FF61BD84000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2223-0x00007FF61BA30000-0x00007FF61BD84000-memory.dmp

Filesize
3.3MB

Download
memory/2648-24-0x00007FF693A20000-0x00007FF693D74000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2202-0x00007FF693A20000-0x00007FF693D74000-memory.dmp

Filesize
3.3MB

Download
memory/2928-65-0x00007FF66B820000-0x00007FF66BB74000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2199-0x00007FF66B820000-0x00007FF66BB74000-memory.dmp

Filesize
3.3MB

Download
memory/2928-13-0x00007FF66B820000-0x00007FF66BB74000-memory.dmp

Filesize
3.3MB

Download
memory/3020-92-0x00007FF693720000-0x00007FF693A74000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2211-0x00007FF693720000-0x00007FF693A74000-memory.dmp

Filesize
3.3MB

Download
memory/3260-2227-0x00007FF7D0020000-0x00007FF7D0374000-memory.dmp

Filesize
3.3MB

Download
memory/3260-642-0x00007FF7D0020000-0x00007FF7D0374000-memory.dmp

Filesize
3.3MB

Download
memory/3844-2219-0x00007FF646FC0000-0x00007FF647314000-memory.dmp

Filesize
3.3MB

Download
memory/3844-623-0x00007FF646FC0000-0x00007FF647314000-memory.dmp

Filesize
3.3MB

Download
memory/3900-2201-0x00007FF68DA90000-0x00007FF68DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-102-0x00007FF68DA90000-0x00007FF68DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-18-0x00007FF68DA90000-0x00007FF68DDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-17-0x00007FF7EBF80000-0x00007FF7EC2D4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2200-0x00007FF7EBF80000-0x00007FF7EC2D4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2224-0x00007FF7E3AD0000-0x00007FF7E3E24000-memory.dmp

Filesize
3.3MB

Download
memory/4072-608-0x00007FF7E3AD0000-0x00007FF7E3E24000-memory.dmp

Filesize
3.3MB

Download
memory/4176-2204-0x00007FF656460000-0x00007FF6567B4000-memory.dmp

Filesize
3.3MB

Download
memory/4176-51-0x00007FF656460000-0x00007FF6567B4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2206-0x00007FF767600000-0x00007FF767954000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2020-0x00007FF767600000-0x00007FF767954000-memory.dmp

Filesize
3.3MB

Download
memory/4192-64-0x00007FF767600000-0x00007FF767954000-memory.dmp

Filesize
3.3MB

Download
memory/4196-0-0x00007FF77C520000-0x00007FF77C874000-memory.dmp

Filesize
3.3MB

Download
memory/4196-1-0x0000023E9E1E0000-0x0000023E9E1F0000-memory.dmp

Filesize
64KB

Download
memory/4196-62-0x00007FF77C520000-0x00007FF77C874000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2220-0x00007FF7726B0000-0x00007FF772A04000-memory.dmp

Filesize
3.3MB

Download
memory/4548-617-0x00007FF7726B0000-0x00007FF772A04000-memory.dmp

Filesize
3.3MB

Download
memory/4572-85-0x00007FF780AF0000-0x00007FF780E44000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2210-0x00007FF780AF0000-0x00007FF780E44000-memory.dmp

Filesize
3.3MB

Download
memory/4968-614-0x00007FF79C920000-0x00007FF79CC74000-memory.dmp

Filesize
3.3MB

Download
memory/4968-2221-0x00007FF79C920000-0x00007FF79CC74000-memory.dmp

Filesize
3.3MB

Download
memory/4984-53-0x00007FF665D00000-0x00007FF666054000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2208-0x00007FF665D00000-0x00007FF666054000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2018-0x00007FF7EDC20000-0x00007FF7EDF74000-memory.dmp

Filesize
3.3MB

Download
memory/5000-57-0x00007FF7EDC20000-0x00007FF7EDF74000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2209-0x00007FF7EDC20000-0x00007FF7EDF74000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2216-0x00007FF7EF690000-0x00007FF7EF9E4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2198-0x00007FF7EF690000-0x00007FF7EF9E4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-109-0x00007FF7EF690000-0x00007FF7EF9E4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2214-0x00007FF6B2F80000-0x00007FF6B32D4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-645-0x00007FF6B2F80000-0x00007FF6B32D4000-memory.dmp

Filesize
3.3MB

Download
memory/5340-655-0x00007FF6E1070000-0x00007FF6E13C4000-memory.dmp

Filesize
3.3MB

Download
memory/5340-39-0x00007FF6E1070000-0x00007FF6E13C4000-memory.dmp

Filesize
3.3MB

Download
memory/5340-2205-0x00007FF6E1070000-0x00007FF6E13C4000-memory.dmp

Filesize
3.3MB

Download
memory/5596-2215-0x00007FF709000000-0x00007FF709354000-memory.dmp

Filesize
3.3MB

Download
memory/5596-651-0x00007FF709000000-0x00007FF709354000-memory.dmp

Filesize
3.3MB

Download
memory/5640-103-0x00007FF7FDFC0000-0x00007FF7FE314000-memory.dmp

Filesize
3.3MB

Download
memory/5640-2218-0x00007FF7FDFC0000-0x00007FF7FE314000-memory.dmp

Filesize
3.3MB

Download
memory/5640-2197-0x00007FF7FDFC0000-0x00007FF7FE314000-memory.dmp

Filesize
3.3MB

Download
memory/5648-2217-0x00007FF6D9080000-0x00007FF6D93D4000-memory.dmp

Filesize
3.3MB

Download
memory/5648-601-0x00007FF6D9080000-0x00007FF6D93D4000-memory.dmp

Filesize
3.3MB

Download
memory/5764-2213-0x00007FF628320000-0x00007FF628674000-memory.dmp

Filesize
3.3MB

Download
memory/5764-2196-0x00007FF628320000-0x00007FF628674000-memory.dmp

Filesize
3.3MB

Download
memory/5764-97-0x00007FF628320000-0x00007FF628674000-memory.dmp

Filesize
3.3MB

Download
memory/5952-36-0x00007FF6B0340000-0x00007FF6B0694000-memory.dmp

Filesize
3.3MB

Download
memory/5952-2203-0x00007FF6B0340000-0x00007FF6B0694000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads