xmrig | f2ee308e410e407083be9625fe85a7ea4b315f92aa30ff894668d7d83ba50265

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
Size

2.3MB
MD5

978ca5f3c19952defd857cc425f74090
SHA1

09333edaa5b41ace12cde239145a3f78279969dd
SHA256

f2ee308e410e407083be9625fe85a7ea4b315f92aa30ff894668d7d83ba50265
SHA512

ed3418634d19b4b67e5d7a21cc0052e42162d95bc8c1f52c0d7014dfa3d37fd5136e8d4c7c4a16ee20fba92b0100c3a777607741e0f2e26bc209c8c170d99838
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQw5UPeNliw8s/E/GYsR:BemTLkNdfE0pZrQK

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4524-0-0x00007FF6F1A20000-0x00007FF6F1D74000-memory.dmp	xmrig
behavioral2/files/0x000a00000002328e-5.dat	xmrig
behavioral2/files/0x0007000000023410-9.dat	xmrig
behavioral2/files/0x000800000002340f-11.dat	xmrig
behavioral2/files/0x0007000000023412-28.dat	xmrig
behavioral2/files/0x0007000000023413-33.dat	xmrig
behavioral2/files/0x0007000000023414-41.dat	xmrig
behavioral2/files/0x0007000000023415-47.dat	xmrig
behavioral2/files/0x0007000000023419-63.dat	xmrig
behavioral2/files/0x000700000002341b-73.dat	xmrig
behavioral2/files/0x0007000000023420-96.dat	xmrig
behavioral2/files/0x0007000000023421-107.dat	xmrig
behavioral2/files/0x0007000000023424-122.dat	xmrig
behavioral2/files/0x000700000002342e-166.dat	xmrig
behavioral2/files/0x000700000002342d-163.dat	xmrig
behavioral2/files/0x000700000002342c-161.dat	xmrig
behavioral2/files/0x000700000002342b-157.dat	xmrig
behavioral2/files/0x000700000002342a-151.dat	xmrig
behavioral2/files/0x0007000000023429-147.dat	xmrig
behavioral2/files/0x0007000000023428-141.dat	xmrig
behavioral2/files/0x0007000000023427-137.dat	xmrig
behavioral2/files/0x0007000000023426-131.dat	xmrig
behavioral2/files/0x0007000000023425-127.dat	xmrig
behavioral2/files/0x0007000000023423-117.dat	xmrig
behavioral2/files/0x0007000000023422-111.dat	xmrig
behavioral2/files/0x000700000002341f-97.dat	xmrig
behavioral2/memory/4860-737-0x00007FF703330000-0x00007FF703684000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-91.dat	xmrig
behavioral2/memory/2368-738-0x00007FF761200000-0x00007FF761554000-memory.dmp	xmrig
behavioral2/memory/2984-740-0x00007FF7F7DC0000-0x00007FF7F8114000-memory.dmp	xmrig
behavioral2/memory/1664-739-0x00007FF739880000-0x00007FF739BD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-87.dat	xmrig
behavioral2/files/0x000700000002341c-82.dat	xmrig
behavioral2/files/0x000700000002341a-71.dat	xmrig
behavioral2/files/0x0007000000023418-59.dat	xmrig
behavioral2/files/0x0007000000023417-56.dat	xmrig
behavioral2/files/0x0007000000023416-52.dat	xmrig
behavioral2/files/0x0007000000023411-24.dat	xmrig
behavioral2/memory/892-21-0x00007FF62CD30000-0x00007FF62D084000-memory.dmp	xmrig
behavioral2/memory/3324-20-0x00007FF7EBDF0000-0x00007FF7EC144000-memory.dmp	xmrig
behavioral2/memory/2696-10-0x00007FF777C90000-0x00007FF777FE4000-memory.dmp	xmrig
behavioral2/memory/3488-741-0x00007FF671DD0000-0x00007FF672124000-memory.dmp	xmrig
behavioral2/memory/4892-742-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp	xmrig
behavioral2/memory/4528-743-0x00007FF73A920000-0x00007FF73AC74000-memory.dmp	xmrig
behavioral2/memory/2472-744-0x00007FF7A84D0000-0x00007FF7A8824000-memory.dmp	xmrig
behavioral2/memory/1168-763-0x00007FF7BCDA0000-0x00007FF7BD0F4000-memory.dmp	xmrig
behavioral2/memory/2488-773-0x00007FF7EF530000-0x00007FF7EF884000-memory.dmp	xmrig
behavioral2/memory/1440-785-0x00007FF622A40000-0x00007FF622D94000-memory.dmp	xmrig
behavioral2/memory/4616-790-0x00007FF7893E0000-0x00007FF789734000-memory.dmp	xmrig
behavioral2/memory/3112-793-0x00007FF701140000-0x00007FF701494000-memory.dmp	xmrig
behavioral2/memory/1916-798-0x00007FF7DCDF0000-0x00007FF7DD144000-memory.dmp	xmrig
behavioral2/memory/4936-802-0x00007FF66CA80000-0x00007FF66CDD4000-memory.dmp	xmrig
behavioral2/memory/2524-805-0x00007FF7CBFF0000-0x00007FF7CC344000-memory.dmp	xmrig
behavioral2/memory/4688-804-0x00007FF78F830000-0x00007FF78FB84000-memory.dmp	xmrig
behavioral2/memory/1896-797-0x00007FF73D7F0000-0x00007FF73DB44000-memory.dmp	xmrig
behavioral2/memory/1464-794-0x00007FF6760A0000-0x00007FF6763F4000-memory.dmp	xmrig
behavioral2/memory/2300-792-0x00007FF7B3340000-0x00007FF7B3694000-memory.dmp	xmrig
behavioral2/memory/2592-789-0x00007FF743980000-0x00007FF743CD4000-memory.dmp	xmrig
behavioral2/memory/4800-782-0x00007FF7849D0000-0x00007FF784D24000-memory.dmp	xmrig
behavioral2/memory/4512-778-0x00007FF605150000-0x00007FF6054A4000-memory.dmp	xmrig
behavioral2/memory/4032-772-0x00007FF695240000-0x00007FF695594000-memory.dmp	xmrig
behavioral2/memory/2380-759-0x00007FF65E770000-0x00007FF65EAC4000-memory.dmp	xmrig
behavioral2/memory/4836-753-0x00007FF775D90000-0x00007FF7760E4000-memory.dmp	xmrig
behavioral2/memory/3324-2170-0x00007FF7EBDF0000-0x00007FF7EC144000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2696	GTqzyWo.exe
3324	bQzIeTt.exe
4688	UpCtsoa.exe
892	IScizRy.exe
2524	VSULuEz.exe
4860	cWMxnxl.exe
2368	nhusPEa.exe
1664	vchDQfu.exe
2984	aDIlZVi.exe
3488	fwqKJYH.exe
4892	TVeGtjQ.exe
4528	BgJLYGB.exe
2472	EEZtzkW.exe
4836	iZnQDeL.exe
2380	PRsEWWQ.exe
1168	lmuKxeO.exe
4032	lApJTVU.exe
2488	yVkHzcD.exe
4512	PJKocTR.exe
4800	apvUsXm.exe
1440	MovTXxS.exe
2592	eXOmdET.exe
4616	ATGudlg.exe
2300	SprWXcm.exe
3112	PeAmDVV.exe
1464	qhJmFBy.exe
1896	jCuKahQ.exe
1916	MhMiFgx.exe
4936	hCtfELA.exe
3908	HywgBIh.exe
3084	kvMiFGA.exe
1960	VsTmRxn.exe
3048	yECzZYP.exe
4808	CsHCbOQ.exe
1732	KIHHzjt.exe
4144	zlhndTs.exe
3068	lnDFKGo.exe
940	PpXcvZa.exe
696	ZkczzbU.exe
5040	ubuzKBJ.exe
2676	pMBNKaa.exe
1452	DnrsGON.exe
4276	FJhxJDz.exe
1412	ttrGRtI.exe
1688	oEtPpNm.exe
4000	dvFCGvz.exe
920	himauFx.exe
1924	dzZMcOF.exe
1648	ufNLdOs.exe
4148	UAoiSre.exe
1772	VAAYmDF.exe
4540	QqgMiUA.exe
1580	JLLGSOk.exe
4332	CXhSYXz.exe
3092	BYCvWYY.exe
2868	ZXcTiOd.exe
4924	AbaTnDK.exe
4084	ONDbvSB.exe
3352	EbENcPO.exe
1028	xfhBSEg.exe
1180	dUuiStE.exe
4968	NGcRiln.exe
4948	rldONpZ.exe
5044	yjPgDNz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4524-0-0x00007FF6F1A20000-0x00007FF6F1D74000-memory.dmp	upx
behavioral2/files/0x000a00000002328e-5.dat	upx
behavioral2/files/0x0007000000023410-9.dat	upx
behavioral2/files/0x000800000002340f-11.dat	upx
behavioral2/files/0x0007000000023412-28.dat	upx
behavioral2/files/0x0007000000023413-33.dat	upx
behavioral2/files/0x0007000000023414-41.dat	upx
behavioral2/files/0x0007000000023415-47.dat	upx
behavioral2/files/0x0007000000023419-63.dat	upx
behavioral2/files/0x000700000002341b-73.dat	upx
behavioral2/files/0x0007000000023420-96.dat	upx
behavioral2/files/0x0007000000023421-107.dat	upx
behavioral2/files/0x0007000000023424-122.dat	upx
behavioral2/files/0x000700000002342e-166.dat	upx
behavioral2/files/0x000700000002342d-163.dat	upx
behavioral2/files/0x000700000002342c-161.dat	upx
behavioral2/files/0x000700000002342b-157.dat	upx
behavioral2/files/0x000700000002342a-151.dat	upx
behavioral2/files/0x0007000000023429-147.dat	upx
behavioral2/files/0x0007000000023428-141.dat	upx
behavioral2/files/0x0007000000023427-137.dat	upx
behavioral2/files/0x0007000000023426-131.dat	upx
behavioral2/files/0x0007000000023425-127.dat	upx
behavioral2/files/0x0007000000023423-117.dat	upx
behavioral2/files/0x0007000000023422-111.dat	upx
behavioral2/files/0x000700000002341f-97.dat	upx
behavioral2/memory/4860-737-0x00007FF703330000-0x00007FF703684000-memory.dmp	upx
behavioral2/files/0x000700000002341e-91.dat	upx
behavioral2/memory/2368-738-0x00007FF761200000-0x00007FF761554000-memory.dmp	upx
behavioral2/memory/2984-740-0x00007FF7F7DC0000-0x00007FF7F8114000-memory.dmp	upx
behavioral2/memory/1664-739-0x00007FF739880000-0x00007FF739BD4000-memory.dmp	upx
behavioral2/files/0x000700000002341d-87.dat	upx
behavioral2/files/0x000700000002341c-82.dat	upx
behavioral2/files/0x000700000002341a-71.dat	upx
behavioral2/files/0x0007000000023418-59.dat	upx
behavioral2/files/0x0007000000023417-56.dat	upx
behavioral2/files/0x0007000000023416-52.dat	upx
behavioral2/files/0x0007000000023411-24.dat	upx
behavioral2/memory/892-21-0x00007FF62CD30000-0x00007FF62D084000-memory.dmp	upx
behavioral2/memory/3324-20-0x00007FF7EBDF0000-0x00007FF7EC144000-memory.dmp	upx
behavioral2/memory/2696-10-0x00007FF777C90000-0x00007FF777FE4000-memory.dmp	upx
behavioral2/memory/3488-741-0x00007FF671DD0000-0x00007FF672124000-memory.dmp	upx
behavioral2/memory/4892-742-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp	upx
behavioral2/memory/4528-743-0x00007FF73A920000-0x00007FF73AC74000-memory.dmp	upx
behavioral2/memory/2472-744-0x00007FF7A84D0000-0x00007FF7A8824000-memory.dmp	upx
behavioral2/memory/1168-763-0x00007FF7BCDA0000-0x00007FF7BD0F4000-memory.dmp	upx
behavioral2/memory/2488-773-0x00007FF7EF530000-0x00007FF7EF884000-memory.dmp	upx
behavioral2/memory/1440-785-0x00007FF622A40000-0x00007FF622D94000-memory.dmp	upx
behavioral2/memory/4616-790-0x00007FF7893E0000-0x00007FF789734000-memory.dmp	upx
behavioral2/memory/3112-793-0x00007FF701140000-0x00007FF701494000-memory.dmp	upx
behavioral2/memory/1916-798-0x00007FF7DCDF0000-0x00007FF7DD144000-memory.dmp	upx
behavioral2/memory/4936-802-0x00007FF66CA80000-0x00007FF66CDD4000-memory.dmp	upx
behavioral2/memory/2524-805-0x00007FF7CBFF0000-0x00007FF7CC344000-memory.dmp	upx
behavioral2/memory/4688-804-0x00007FF78F830000-0x00007FF78FB84000-memory.dmp	upx
behavioral2/memory/1896-797-0x00007FF73D7F0000-0x00007FF73DB44000-memory.dmp	upx
behavioral2/memory/1464-794-0x00007FF6760A0000-0x00007FF6763F4000-memory.dmp	upx
behavioral2/memory/2300-792-0x00007FF7B3340000-0x00007FF7B3694000-memory.dmp	upx
behavioral2/memory/2592-789-0x00007FF743980000-0x00007FF743CD4000-memory.dmp	upx
behavioral2/memory/4800-782-0x00007FF7849D0000-0x00007FF784D24000-memory.dmp	upx
behavioral2/memory/4512-778-0x00007FF605150000-0x00007FF6054A4000-memory.dmp	upx
behavioral2/memory/4032-772-0x00007FF695240000-0x00007FF695594000-memory.dmp	upx
behavioral2/memory/2380-759-0x00007FF65E770000-0x00007FF65EAC4000-memory.dmp	upx
behavioral2/memory/4836-753-0x00007FF775D90000-0x00007FF7760E4000-memory.dmp	upx
behavioral2/memory/3324-2170-0x00007FF7EBDF0000-0x00007FF7EC144000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WOsZzSl.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\LVecUGR.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\GkqKrCO.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\XYxxgNl.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\CLsxDIJ.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\GTqzyWo.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\nwJQYjc.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\IVdsEmj.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\znIsVZQ.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\OBLZRQe.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\fySNFJS.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\bZtJYts.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\WhoZxZn.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\EVCuXrl.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\IScizRy.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\DnrsGON.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\ZAGtmXq.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\pOgPeuK.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\IfoDwAg.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\QhONSVL.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\sSNISRd.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\eDgvMLh.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\JjlogSS.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\QJForCn.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\XwTNylQ.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\gGvHsVA.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\hmFnGah.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\gqjddWZ.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\ubuzKBJ.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\oiuzCcf.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\zYngayN.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\AsRujou.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\QytvAfV.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\KJIjbJk.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\OcSyffE.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\QFKGrit.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\RUncfoH.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\yRFnfNc.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\FPiqdrt.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\GoVhNTw.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\SHEOmHl.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\fHiRBWa.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\zQeFBmp.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\VsTmRxn.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\tqXVjKq.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\EYgPhWF.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\yXzHJGU.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\aknJXuU.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\hUmxPTq.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\pZJKYpI.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\TeRROqG.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\PwBLyqo.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\HcpJUwz.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\PxbweJH.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\nEvDfVS.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\bidBJlv.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\KIXzniQ.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\HRcXdkO.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\UhAeIQp.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\VWaSoFq.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\ZUKoiOU.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\VfEufDE.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\iWMZvXA.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
File created	C:\Windows\System\MqXEnbO.exe	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13788	dwm.exe
Token: SeChangeNotifyPrivilege	13788	dwm.exe
Token: 33	13788	dwm.exe
Token: SeIncBasePriorityPrivilege	13788	dwm.exe
Token: SeShutdownPrivilege	13788	dwm.exe
Token: SeCreatePagefilePrivilege	13788	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 2696	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	83
PID 4524 wrote to memory of 2696	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	83
PID 4524 wrote to memory of 3324	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	84
PID 4524 wrote to memory of 3324	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	84
PID 4524 wrote to memory of 4688	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	85
PID 4524 wrote to memory of 4688	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	85
PID 4524 wrote to memory of 892	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	86
PID 4524 wrote to memory of 892	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	86
PID 4524 wrote to memory of 2524	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	87
PID 4524 wrote to memory of 2524	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	87
PID 4524 wrote to memory of 4860	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	88
PID 4524 wrote to memory of 4860	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	88
PID 4524 wrote to memory of 2368	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	89
PID 4524 wrote to memory of 2368	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	89
PID 4524 wrote to memory of 1664	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	90
PID 4524 wrote to memory of 1664	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	90
PID 4524 wrote to memory of 2984	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	91
PID 4524 wrote to memory of 2984	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	91
PID 4524 wrote to memory of 3488	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	92
PID 4524 wrote to memory of 3488	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	92
PID 4524 wrote to memory of 4892	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	93
PID 4524 wrote to memory of 4892	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	93
PID 4524 wrote to memory of 4528	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	94
PID 4524 wrote to memory of 4528	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	94
PID 4524 wrote to memory of 2472	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	95
PID 4524 wrote to memory of 2472	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	95
PID 4524 wrote to memory of 4836	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	96
PID 4524 wrote to memory of 4836	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	96
PID 4524 wrote to memory of 2380	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	97
PID 4524 wrote to memory of 2380	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	97
PID 4524 wrote to memory of 1168	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	98
PID 4524 wrote to memory of 1168	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	98
PID 4524 wrote to memory of 4032	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	99
PID 4524 wrote to memory of 4032	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	99
PID 4524 wrote to memory of 2488	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	100
PID 4524 wrote to memory of 2488	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	100
PID 4524 wrote to memory of 4512	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	101
PID 4524 wrote to memory of 4512	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	101
PID 4524 wrote to memory of 4800	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	102
PID 4524 wrote to memory of 4800	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	102
PID 4524 wrote to memory of 1440	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	103
PID 4524 wrote to memory of 1440	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	103
PID 4524 wrote to memory of 2592	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	104
PID 4524 wrote to memory of 2592	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	104
PID 4524 wrote to memory of 4616	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	105
PID 4524 wrote to memory of 4616	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	105
PID 4524 wrote to memory of 2300	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	106
PID 4524 wrote to memory of 2300	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	106
PID 4524 wrote to memory of 3112	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	107
PID 4524 wrote to memory of 3112	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	107
PID 4524 wrote to memory of 1464	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	108
PID 4524 wrote to memory of 1464	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	108
PID 4524 wrote to memory of 1896	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	109
PID 4524 wrote to memory of 1896	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	109
PID 4524 wrote to memory of 1916	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	110
PID 4524 wrote to memory of 1916	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	110
PID 4524 wrote to memory of 4936	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	111
PID 4524 wrote to memory of 4936	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	111
PID 4524 wrote to memory of 3908	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	112
PID 4524 wrote to memory of 3908	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	112
PID 4524 wrote to memory of 3084	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	113
PID 4524 wrote to memory of 3084	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	113
PID 4524 wrote to memory of 1960	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	114
PID 4524 wrote to memory of 1960	4524	978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\978ca5f3c19952defd857cc425f74090_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Windows\System\GTqzyWo.exe
  C:\Windows\System\GTqzyWo.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\bQzIeTt.exe
  C:\Windows\System\bQzIeTt.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\UpCtsoa.exe
  C:\Windows\System\UpCtsoa.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\IScizRy.exe
  C:\Windows\System\IScizRy.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\VSULuEz.exe
  C:\Windows\System\VSULuEz.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\cWMxnxl.exe
  C:\Windows\System\cWMxnxl.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\nhusPEa.exe
  C:\Windows\System\nhusPEa.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\vchDQfu.exe
  C:\Windows\System\vchDQfu.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\aDIlZVi.exe
  C:\Windows\System\aDIlZVi.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\fwqKJYH.exe
  C:\Windows\System\fwqKJYH.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\TVeGtjQ.exe
  C:\Windows\System\TVeGtjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\BgJLYGB.exe
  C:\Windows\System\BgJLYGB.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\EEZtzkW.exe
  C:\Windows\System\EEZtzkW.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\iZnQDeL.exe
  C:\Windows\System\iZnQDeL.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\PRsEWWQ.exe
  C:\Windows\System\PRsEWWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\lmuKxeO.exe
  C:\Windows\System\lmuKxeO.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\lApJTVU.exe
  C:\Windows\System\lApJTVU.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\yVkHzcD.exe
  C:\Windows\System\yVkHzcD.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\PJKocTR.exe
  C:\Windows\System\PJKocTR.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\apvUsXm.exe
  C:\Windows\System\apvUsXm.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\MovTXxS.exe
  C:\Windows\System\MovTXxS.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\eXOmdET.exe
  C:\Windows\System\eXOmdET.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ATGudlg.exe
  C:\Windows\System\ATGudlg.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\SprWXcm.exe
  C:\Windows\System\SprWXcm.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\PeAmDVV.exe
  C:\Windows\System\PeAmDVV.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\qhJmFBy.exe
  C:\Windows\System\qhJmFBy.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\jCuKahQ.exe
  C:\Windows\System\jCuKahQ.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\MhMiFgx.exe
  C:\Windows\System\MhMiFgx.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\hCtfELA.exe
  C:\Windows\System\hCtfELA.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\HywgBIh.exe
  C:\Windows\System\HywgBIh.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\kvMiFGA.exe
  C:\Windows\System\kvMiFGA.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\VsTmRxn.exe
  C:\Windows\System\VsTmRxn.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\yECzZYP.exe
  C:\Windows\System\yECzZYP.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\CsHCbOQ.exe
  C:\Windows\System\CsHCbOQ.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\KIHHzjt.exe
  C:\Windows\System\KIHHzjt.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\zlhndTs.exe
  C:\Windows\System\zlhndTs.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\lnDFKGo.exe
  C:\Windows\System\lnDFKGo.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\PpXcvZa.exe
  C:\Windows\System\PpXcvZa.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\ZkczzbU.exe
  C:\Windows\System\ZkczzbU.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\ubuzKBJ.exe
  C:\Windows\System\ubuzKBJ.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\pMBNKaa.exe
  C:\Windows\System\pMBNKaa.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\DnrsGON.exe
  C:\Windows\System\DnrsGON.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\FJhxJDz.exe
  C:\Windows\System\FJhxJDz.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\ttrGRtI.exe
  C:\Windows\System\ttrGRtI.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\oEtPpNm.exe
  C:\Windows\System\oEtPpNm.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\dvFCGvz.exe
  C:\Windows\System\dvFCGvz.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\himauFx.exe
  C:\Windows\System\himauFx.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\dzZMcOF.exe
  C:\Windows\System\dzZMcOF.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ufNLdOs.exe
  C:\Windows\System\ufNLdOs.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\UAoiSre.exe
  C:\Windows\System\UAoiSre.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\VAAYmDF.exe
  C:\Windows\System\VAAYmDF.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\QqgMiUA.exe
  C:\Windows\System\QqgMiUA.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\JLLGSOk.exe
  C:\Windows\System\JLLGSOk.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\CXhSYXz.exe
  C:\Windows\System\CXhSYXz.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\BYCvWYY.exe
  C:\Windows\System\BYCvWYY.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\ZXcTiOd.exe
  C:\Windows\System\ZXcTiOd.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\AbaTnDK.exe
  C:\Windows\System\AbaTnDK.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\ONDbvSB.exe
  C:\Windows\System\ONDbvSB.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\EbENcPO.exe
  C:\Windows\System\EbENcPO.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\xfhBSEg.exe
  C:\Windows\System\xfhBSEg.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\dUuiStE.exe
  C:\Windows\System\dUuiStE.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\NGcRiln.exe
  C:\Windows\System\NGcRiln.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\rldONpZ.exe
  C:\Windows\System\rldONpZ.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\yjPgDNz.exe
  C:\Windows\System\yjPgDNz.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\VqyXmUz.exe
  C:\Windows\System\VqyXmUz.exe
  2⤵
  PID:4896
- C:\Windows\System\rfQbEnI.exe
  C:\Windows\System\rfQbEnI.exe
  2⤵
  PID:100
- C:\Windows\System\HKRkWbF.exe
  C:\Windows\System\HKRkWbF.exe
  2⤵
  PID:1328
- C:\Windows\System\JcKhhHe.exe
  C:\Windows\System\JcKhhHe.exe
  2⤵
  PID:3672
- C:\Windows\System\cVepFbQ.exe
  C:\Windows\System\cVepFbQ.exe
  2⤵
  PID:5076
- C:\Windows\System\VQbWSHU.exe
  C:\Windows\System\VQbWSHU.exe
  2⤵
  PID:4516
- C:\Windows\System\QGidCoh.exe
  C:\Windows\System\QGidCoh.exe
  2⤵
  PID:3656
- C:\Windows\System\rPufptb.exe
  C:\Windows\System\rPufptb.exe
  2⤵
  PID:4760
- C:\Windows\System\MfrkTNx.exe
  C:\Windows\System\MfrkTNx.exe
  2⤵
  PID:532
- C:\Windows\System\QFKGrit.exe
  C:\Windows\System\QFKGrit.exe
  2⤵
  PID:4128
- C:\Windows\System\ozGaoEd.exe
  C:\Windows\System\ozGaoEd.exe
  2⤵
  PID:4404
- C:\Windows\System\GioQcRO.exe
  C:\Windows\System\GioQcRO.exe
  2⤵
  PID:2896
- C:\Windows\System\oiuzCcf.exe
  C:\Windows\System\oiuzCcf.exe
  2⤵
  PID:4264
- C:\Windows\System\smZmSRQ.exe
  C:\Windows\System\smZmSRQ.exe
  2⤵
  PID:468
- C:\Windows\System\tFtaohs.exe
  C:\Windows\System\tFtaohs.exe
  2⤵
  PID:4328
- C:\Windows\System\OUuZswN.exe
  C:\Windows\System\OUuZswN.exe
  2⤵
  PID:4584
- C:\Windows\System\Xxazgrx.exe
  C:\Windows\System\Xxazgrx.exe
  2⤵
  PID:4632
- C:\Windows\System\HzuVKqw.exe
  C:\Windows\System\HzuVKqw.exe
  2⤵
  PID:4232
- C:\Windows\System\skIllSY.exe
  C:\Windows\System\skIllSY.exe
  2⤵
  PID:4208
- C:\Windows\System\OmMqYmF.exe
  C:\Windows\System\OmMqYmF.exe
  2⤵
  PID:2892
- C:\Windows\System\uBxlipE.exe
  C:\Windows\System\uBxlipE.exe
  2⤵
  PID:1056
- C:\Windows\System\vuuoJSn.exe
  C:\Windows\System\vuuoJSn.exe
  2⤵
  PID:4216
- C:\Windows\System\OqDqtei.exe
  C:\Windows\System\OqDqtei.exe
  2⤵
  PID:4380
- C:\Windows\System\XnpKJAx.exe
  C:\Windows\System\XnpKJAx.exe
  2⤵
  PID:5148
- C:\Windows\System\Zbqftem.exe
  C:\Windows\System\Zbqftem.exe
  2⤵
  PID:5176
- C:\Windows\System\ovkSkHT.exe
  C:\Windows\System\ovkSkHT.exe
  2⤵
  PID:5204
- C:\Windows\System\RgQXfQb.exe
  C:\Windows\System\RgQXfQb.exe
  2⤵
  PID:5232
- C:\Windows\System\iWMZvXA.exe
  C:\Windows\System\iWMZvXA.exe
  2⤵
  PID:5260
- C:\Windows\System\mgYtrKv.exe
  C:\Windows\System\mgYtrKv.exe
  2⤵
  PID:5284
- C:\Windows\System\qKoEBEJ.exe
  C:\Windows\System\qKoEBEJ.exe
  2⤵
  PID:5316
- C:\Windows\System\pjatblO.exe
  C:\Windows\System\pjatblO.exe
  2⤵
  PID:5344
- C:\Windows\System\RUncfoH.exe
  C:\Windows\System\RUncfoH.exe
  2⤵
  PID:5372
- C:\Windows\System\nwJQYjc.exe
  C:\Windows\System\nwJQYjc.exe
  2⤵
  PID:5400
- C:\Windows\System\AcIStoB.exe
  C:\Windows\System\AcIStoB.exe
  2⤵
  PID:5428
- C:\Windows\System\PGDrQoS.exe
  C:\Windows\System\PGDrQoS.exe
  2⤵
  PID:5456
- C:\Windows\System\eYfCNGw.exe
  C:\Windows\System\eYfCNGw.exe
  2⤵
  PID:5484
- C:\Windows\System\RNozidU.exe
  C:\Windows\System\RNozidU.exe
  2⤵
  PID:5516
- C:\Windows\System\NjDdEUG.exe
  C:\Windows\System\NjDdEUG.exe
  2⤵
  PID:5548
- C:\Windows\System\uPWLSyh.exe
  C:\Windows\System\uPWLSyh.exe
  2⤵
  PID:5576
- C:\Windows\System\dDEdakP.exe
  C:\Windows\System\dDEdakP.exe
  2⤵
  PID:5600
- C:\Windows\System\mOanAUg.exe
  C:\Windows\System\mOanAUg.exe
  2⤵
  PID:5632
- C:\Windows\System\trKoZkr.exe
  C:\Windows\System\trKoZkr.exe
  2⤵
  PID:5660
- C:\Windows\System\eSkUZwv.exe
  C:\Windows\System\eSkUZwv.exe
  2⤵
  PID:5680
- C:\Windows\System\mCrVarY.exe
  C:\Windows\System\mCrVarY.exe
  2⤵
  PID:5708
- C:\Windows\System\XIIvncd.exe
  C:\Windows\System\XIIvncd.exe
  2⤵
  PID:5736
- C:\Windows\System\DzlnJhz.exe
  C:\Windows\System\DzlnJhz.exe
  2⤵
  PID:5760
- C:\Windows\System\xBnAuea.exe
  C:\Windows\System\xBnAuea.exe
  2⤵
  PID:5792
- C:\Windows\System\OYkjNYk.exe
  C:\Windows\System\OYkjNYk.exe
  2⤵
  PID:5820
- C:\Windows\System\JEGGoJZ.exe
  C:\Windows\System\JEGGoJZ.exe
  2⤵
  PID:5848
- C:\Windows\System\SzWdcDk.exe
  C:\Windows\System\SzWdcDk.exe
  2⤵
  PID:5872
- C:\Windows\System\skrCWwd.exe
  C:\Windows\System\skrCWwd.exe
  2⤵
  PID:5904
- C:\Windows\System\sQxSkhp.exe
  C:\Windows\System\sQxSkhp.exe
  2⤵
  PID:5932
- C:\Windows\System\sXQveWG.exe
  C:\Windows\System\sXQveWG.exe
  2⤵
  PID:5960
- C:\Windows\System\sSNISRd.exe
  C:\Windows\System\sSNISRd.exe
  2⤵
  PID:5984
- C:\Windows\System\uFlRPPk.exe
  C:\Windows\System\uFlRPPk.exe
  2⤵
  PID:6016
- C:\Windows\System\MqXEnbO.exe
  C:\Windows\System\MqXEnbO.exe
  2⤵
  PID:6044
- C:\Windows\System\JvoDSWu.exe
  C:\Windows\System\JvoDSWu.exe
  2⤵
  PID:6072
- C:\Windows\System\QVgfowe.exe
  C:\Windows\System\QVgfowe.exe
  2⤵
  PID:6096
- C:\Windows\System\apSxWzp.exe
  C:\Windows\System\apSxWzp.exe
  2⤵
  PID:6128
- C:\Windows\System\fdbOPmW.exe
  C:\Windows\System\fdbOPmW.exe
  2⤵
  PID:4552
- C:\Windows\System\ogCqVJt.exe
  C:\Windows\System\ogCqVJt.exe
  2⤵
  PID:2688
- C:\Windows\System\fEiADES.exe
  C:\Windows\System\fEiADES.exe
  2⤵
  PID:4344
- C:\Windows\System\qBLhNxX.exe
  C:\Windows\System\qBLhNxX.exe
  2⤵
  PID:5100
- C:\Windows\System\uCzaXUg.exe
  C:\Windows\System\uCzaXUg.exe
  2⤵
  PID:1784
- C:\Windows\System\PWNtoBh.exe
  C:\Windows\System\PWNtoBh.exe
  2⤵
  PID:868
- C:\Windows\System\cQmkKXm.exe
  C:\Windows\System\cQmkKXm.exe
  2⤵
  PID:5160
- C:\Windows\System\SpOeDpk.exe
  C:\Windows\System\SpOeDpk.exe
  2⤵
  PID:5220
- C:\Windows\System\SzfkUnA.exe
  C:\Windows\System\SzfkUnA.exe
  2⤵
  PID:5304
- C:\Windows\System\AqWzDbI.exe
  C:\Windows\System\AqWzDbI.exe
  2⤵
  PID:5360
- C:\Windows\System\YOegSsU.exe
  C:\Windows\System\YOegSsU.exe
  2⤵
  PID:5420
- C:\Windows\System\UDhvFat.exe
  C:\Windows\System\UDhvFat.exe
  2⤵
  PID:5496
- C:\Windows\System\gwlXsHr.exe
  C:\Windows\System\gwlXsHr.exe
  2⤵
  PID:5564
- C:\Windows\System\sOiMRDV.exe
  C:\Windows\System\sOiMRDV.exe
  2⤵
  PID:5624
- C:\Windows\System\KIUlvdv.exe
  C:\Windows\System\KIUlvdv.exe
  2⤵
  PID:5692
- C:\Windows\System\qbstFNF.exe
  C:\Windows\System\qbstFNF.exe
  2⤵
  PID:5752
- C:\Windows\System\XguxZOl.exe
  C:\Windows\System\XguxZOl.exe
  2⤵
  PID:5812
- C:\Windows\System\VXCZjhz.exe
  C:\Windows\System\VXCZjhz.exe
  2⤵
  PID:5888
- C:\Windows\System\psqBJND.exe
  C:\Windows\System\psqBJND.exe
  2⤵
  PID:5948
- C:\Windows\System\ZAGtmXq.exe
  C:\Windows\System\ZAGtmXq.exe
  2⤵
  PID:6008
- C:\Windows\System\zYngayN.exe
  C:\Windows\System\zYngayN.exe
  2⤵
  PID:6064
- C:\Windows\System\QhDCljc.exe
  C:\Windows\System\QhDCljc.exe
  2⤵
  PID:6140
- C:\Windows\System\HwFukrY.exe
  C:\Windows\System\HwFukrY.exe
  2⤵
  PID:3304
- C:\Windows\System\hYQBIYC.exe
  C:\Windows\System\hYQBIYC.exe
  2⤵
  PID:4280
- C:\Windows\System\YIUlJsW.exe
  C:\Windows\System\YIUlJsW.exe
  2⤵
  PID:5192
- C:\Windows\System\hkZZPJt.exe
  C:\Windows\System\hkZZPJt.exe
  2⤵
  PID:5336
- C:\Windows\System\FdODVyx.exe
  C:\Windows\System\FdODVyx.exe
  2⤵
  PID:5472
- C:\Windows\System\vZNOFsM.exe
  C:\Windows\System\vZNOFsM.exe
  2⤵
  PID:5652
- C:\Windows\System\kIdVhwv.exe
  C:\Windows\System\kIdVhwv.exe
  2⤵
  PID:5780
- C:\Windows\System\OtaaZIx.exe
  C:\Windows\System\OtaaZIx.exe
  2⤵
  PID:6148
- C:\Windows\System\TigSqMg.exe
  C:\Windows\System\TigSqMg.exe
  2⤵
  PID:6176
- C:\Windows\System\HRcXdkO.exe
  C:\Windows\System\HRcXdkO.exe
  2⤵
  PID:6208
- C:\Windows\System\rGMxJhV.exe
  C:\Windows\System\rGMxJhV.exe
  2⤵
  PID:6236
- C:\Windows\System\LMxHtQF.exe
  C:\Windows\System\LMxHtQF.exe
  2⤵
  PID:6264
- C:\Windows\System\ntDyapm.exe
  C:\Windows\System\ntDyapm.exe
  2⤵
  PID:6288
- C:\Windows\System\VLXZaCV.exe
  C:\Windows\System\VLXZaCV.exe
  2⤵
  PID:6316
- C:\Windows\System\pyNetbA.exe
  C:\Windows\System\pyNetbA.exe
  2⤵
  PID:6344
- C:\Windows\System\ZUNCTVe.exe
  C:\Windows\System\ZUNCTVe.exe
  2⤵
  PID:6376
- C:\Windows\System\XzXdSaF.exe
  C:\Windows\System\XzXdSaF.exe
  2⤵
  PID:6412
- C:\Windows\System\EWVbcgu.exe
  C:\Windows\System\EWVbcgu.exe
  2⤵
  PID:6444
- C:\Windows\System\kuIqqXf.exe
  C:\Windows\System\kuIqqXf.exe
  2⤵
  PID:6472
- C:\Windows\System\pNnsRwo.exe
  C:\Windows\System\pNnsRwo.exe
  2⤵
  PID:6488
- C:\Windows\System\lRqnaKH.exe
  C:\Windows\System\lRqnaKH.exe
  2⤵
  PID:6516
- C:\Windows\System\FiLvmnR.exe
  C:\Windows\System\FiLvmnR.exe
  2⤵
  PID:6544
- C:\Windows\System\UhAeIQp.exe
  C:\Windows\System\UhAeIQp.exe
  2⤵
  PID:6572
- C:\Windows\System\aQTaLeY.exe
  C:\Windows\System\aQTaLeY.exe
  2⤵
  PID:6596
- C:\Windows\System\LcOjWHp.exe
  C:\Windows\System\LcOjWHp.exe
  2⤵
  PID:6628
- C:\Windows\System\gqwnMlG.exe
  C:\Windows\System\gqwnMlG.exe
  2⤵
  PID:6656
- C:\Windows\System\luXBPHZ.exe
  C:\Windows\System\luXBPHZ.exe
  2⤵
  PID:6684
- C:\Windows\System\LCUGbvj.exe
  C:\Windows\System\LCUGbvj.exe
  2⤵
  PID:6712
- C:\Windows\System\vWclBRw.exe
  C:\Windows\System\vWclBRw.exe
  2⤵
  PID:6740
- C:\Windows\System\qlzUjwd.exe
  C:\Windows\System\qlzUjwd.exe
  2⤵
  PID:6772
- C:\Windows\System\crYpcCX.exe
  C:\Windows\System\crYpcCX.exe
  2⤵
  PID:6804
- C:\Windows\System\IpCZUGt.exe
  C:\Windows\System\IpCZUGt.exe
  2⤵
  PID:6832
- C:\Windows\System\KxKUVrG.exe
  C:\Windows\System\KxKUVrG.exe
  2⤵
  PID:6852
- C:\Windows\System\AeIIsoC.exe
  C:\Windows\System\AeIIsoC.exe
  2⤵
  PID:6880
- C:\Windows\System\Lqphrnr.exe
  C:\Windows\System\Lqphrnr.exe
  2⤵
  PID:6908
- C:\Windows\System\HVvrVPn.exe
  C:\Windows\System\HVvrVPn.exe
  2⤵
  PID:6932
- C:\Windows\System\IVdsEmj.exe
  C:\Windows\System\IVdsEmj.exe
  2⤵
  PID:6968
- C:\Windows\System\uelcsdy.exe
  C:\Windows\System\uelcsdy.exe
  2⤵
  PID:7000
- C:\Windows\System\zscRWBa.exe
  C:\Windows\System\zscRWBa.exe
  2⤵
  PID:7028
- C:\Windows\System\BPjAdEY.exe
  C:\Windows\System\BPjAdEY.exe
  2⤵
  PID:7048
- C:\Windows\System\nEvDfVS.exe
  C:\Windows\System\nEvDfVS.exe
  2⤵
  PID:7076
- C:\Windows\System\dtpBaDA.exe
  C:\Windows\System\dtpBaDA.exe
  2⤵
  PID:7104
- C:\Windows\System\XsRZuvO.exe
  C:\Windows\System\XsRZuvO.exe
  2⤵
  PID:7128
- C:\Windows\System\MNUNKKx.exe
  C:\Windows\System\MNUNKKx.exe
  2⤵
  PID:7160
- C:\Windows\System\QBLAkIO.exe
  C:\Windows\System\QBLAkIO.exe
  2⤵
  PID:5052
- C:\Windows\System\HSoqKfD.exe
  C:\Windows\System\HSoqKfD.exe
  2⤵
  PID:548
- C:\Windows\System\moUPKDw.exe
  C:\Windows\System\moUPKDw.exe
  2⤵
  PID:3308
- C:\Windows\System\LxcESXf.exe
  C:\Windows\System\LxcESXf.exe
  2⤵
  PID:5392
- C:\Windows\System\VPBsNmw.exe
  C:\Windows\System\VPBsNmw.exe
  2⤵
  PID:5720
- C:\Windows\System\yyILCUm.exe
  C:\Windows\System\yyILCUm.exe
  2⤵
  PID:6168
- C:\Windows\System\MioVjRX.exe
  C:\Windows\System\MioVjRX.exe
  2⤵
  PID:6228
- C:\Windows\System\UlzMnCs.exe
  C:\Windows\System\UlzMnCs.exe
  2⤵
  PID:3416
- C:\Windows\System\lsVbaiS.exe
  C:\Windows\System\lsVbaiS.exe
  2⤵
  PID:6360
- C:\Windows\System\DMsDBGr.exe
  C:\Windows\System\DMsDBGr.exe
  2⤵
  PID:6424
- C:\Windows\System\lDJBGVT.exe
  C:\Windows\System\lDJBGVT.exe
  2⤵
  PID:6484
- C:\Windows\System\Xehtgvz.exe
  C:\Windows\System\Xehtgvz.exe
  2⤵
  PID:6556
- C:\Windows\System\cQfDGTQ.exe
  C:\Windows\System\cQfDGTQ.exe
  2⤵
  PID:6616
- C:\Windows\System\wWwXJqg.exe
  C:\Windows\System\wWwXJqg.exe
  2⤵
  PID:6672
- C:\Windows\System\inzEbNV.exe
  C:\Windows\System\inzEbNV.exe
  2⤵
  PID:6752
- C:\Windows\System\LCvSTCk.exe
  C:\Windows\System\LCvSTCk.exe
  2⤵
  PID:6800
- C:\Windows\System\MhTadMP.exe
  C:\Windows\System\MhTadMP.exe
  2⤵
  PID:1988
- C:\Windows\System\MDeBhDl.exe
  C:\Windows\System\MDeBhDl.exe
  2⤵
  PID:4292
- C:\Windows\System\FqrmWMI.exe
  C:\Windows\System\FqrmWMI.exe
  2⤵
  PID:6988
- C:\Windows\System\kaPSwtY.exe
  C:\Windows\System\kaPSwtY.exe
  2⤵
  PID:7044
- C:\Windows\System\BXCnwdI.exe
  C:\Windows\System\BXCnwdI.exe
  2⤵
  PID:7092
- C:\Windows\System\nLqDCrM.exe
  C:\Windows\System\nLqDCrM.exe
  2⤵
  PID:7152
- C:\Windows\System\AmIROPF.exe
  C:\Windows\System\AmIROPF.exe
  2⤵
  PID:4656
- C:\Windows\System\tqXVjKq.exe
  C:\Windows\System\tqXVjKq.exe
  2⤵
  PID:5136
- C:\Windows\System\vcqzFsk.exe
  C:\Windows\System\vcqzFsk.exe
  2⤵
  PID:5860
- C:\Windows\System\OcZQCRd.exe
  C:\Windows\System\OcZQCRd.exe
  2⤵
  PID:6220
- C:\Windows\System\uqnQHoN.exe
  C:\Windows\System\uqnQHoN.exe
  2⤵
  PID:6388
- C:\Windows\System\ijrVFxu.exe
  C:\Windows\System\ijrVFxu.exe
  2⤵
  PID:6508
- C:\Windows\System\ujtxiiB.exe
  C:\Windows\System\ujtxiiB.exe
  2⤵
  PID:6644
- C:\Windows\System\WUeCzMo.exe
  C:\Windows\System\WUeCzMo.exe
  2⤵
  PID:6724
- C:\Windows\System\vXnGPQY.exe
  C:\Windows\System\vXnGPQY.exe
  2⤵
  PID:2720
- C:\Windows\System\pPcIJzf.exe
  C:\Windows\System\pPcIJzf.exe
  2⤵
  PID:6900
- C:\Windows\System\TwmlzVN.exe
  C:\Windows\System\TwmlzVN.exe
  2⤵
  PID:7064
- C:\Windows\System\oYpKNSm.exe
  C:\Windows\System\oYpKNSm.exe
  2⤵
  PID:7120
- C:\Windows\System\ybdKhqQ.exe
  C:\Windows\System\ybdKhqQ.exe
  2⤵
  PID:4372
- C:\Windows\System\vrsCkQB.exe
  C:\Windows\System\vrsCkQB.exe
  2⤵
  PID:556
- C:\Windows\System\rzArFkk.exe
  C:\Windows\System\rzArFkk.exe
  2⤵
  PID:1920
- C:\Windows\System\KZklvNn.exe
  C:\Windows\System\KZklvNn.exe
  2⤵
  PID:6784
- C:\Windows\System\QJForCn.exe
  C:\Windows\System\QJForCn.exe
  2⤵
  PID:6848
- C:\Windows\System\SnLlDko.exe
  C:\Windows\System\SnLlDko.exe
  2⤵
  PID:7016
- C:\Windows\System\QLsPJJi.exe
  C:\Windows\System\QLsPJJi.exe
  2⤵
  PID:7088
- C:\Windows\System\WOsZzSl.exe
  C:\Windows\System\WOsZzSl.exe
  2⤵
  PID:4116
- C:\Windows\System\UxNqNAr.exe
  C:\Windows\System\UxNqNAr.exe
  2⤵
  PID:6532
- C:\Windows\System\QaHpGlt.exe
  C:\Windows\System\QaHpGlt.exe
  2⤵
  PID:1404
- C:\Windows\System\ZMgwram.exe
  C:\Windows\System\ZMgwram.exe
  2⤵
  PID:2312
- C:\Windows\System\WPyltim.exe
  C:\Windows\System\WPyltim.exe
  2⤵
  PID:7188
- C:\Windows\System\TLKaJVw.exe
  C:\Windows\System\TLKaJVw.exe
  2⤵
  PID:7240
- C:\Windows\System\jOqUumJ.exe
  C:\Windows\System\jOqUumJ.exe
  2⤵
  PID:7268
- C:\Windows\System\NZHAOvU.exe
  C:\Windows\System\NZHAOvU.exe
  2⤵
  PID:7296
- C:\Windows\System\roPoEZN.exe
  C:\Windows\System\roPoEZN.exe
  2⤵
  PID:7376
- C:\Windows\System\aoeGZQa.exe
  C:\Windows\System\aoeGZQa.exe
  2⤵
  PID:7392
- C:\Windows\System\VWaSoFq.exe
  C:\Windows\System\VWaSoFq.exe
  2⤵
  PID:7412
- C:\Windows\System\uNQORPg.exe
  C:\Windows\System\uNQORPg.exe
  2⤵
  PID:7428
- C:\Windows\System\MibsypG.exe
  C:\Windows\System\MibsypG.exe
  2⤵
  PID:7464
- C:\Windows\System\FgkKjcK.exe
  C:\Windows\System\FgkKjcK.exe
  2⤵
  PID:7488
- C:\Windows\System\LGgyGjT.exe
  C:\Windows\System\LGgyGjT.exe
  2⤵
  PID:7508
- C:\Windows\System\XBhNfFU.exe
  C:\Windows\System\XBhNfFU.exe
  2⤵
  PID:7544
- C:\Windows\System\pnnpZwN.exe
  C:\Windows\System\pnnpZwN.exe
  2⤵
  PID:7572
- C:\Windows\System\LQiZwDt.exe
  C:\Windows\System\LQiZwDt.exe
  2⤵
  PID:7608
- C:\Windows\System\MHximTn.exe
  C:\Windows\System\MHximTn.exe
  2⤵
  PID:7624
- C:\Windows\System\HcPBxnD.exe
  C:\Windows\System\HcPBxnD.exe
  2⤵
  PID:7676
- C:\Windows\System\QbtLhzK.exe
  C:\Windows\System\QbtLhzK.exe
  2⤵
  PID:7712
- C:\Windows\System\GTOgBlg.exe
  C:\Windows\System\GTOgBlg.exe
  2⤵
  PID:7740
- C:\Windows\System\IxLvSXt.exe
  C:\Windows\System\IxLvSXt.exe
  2⤵
  PID:7768
- C:\Windows\System\PfEllbo.exe
  C:\Windows\System\PfEllbo.exe
  2⤵
  PID:7808
- C:\Windows\System\bSxPrbt.exe
  C:\Windows\System\bSxPrbt.exe
  2⤵
  PID:7824
- C:\Windows\System\QMGnjyA.exe
  C:\Windows\System\QMGnjyA.exe
  2⤵
  PID:7856
- C:\Windows\System\qhTwcMw.exe
  C:\Windows\System\qhTwcMw.exe
  2⤵
  PID:7880
- C:\Windows\System\LVecUGR.exe
  C:\Windows\System\LVecUGR.exe
  2⤵
  PID:7908
- C:\Windows\System\CGozUHw.exe
  C:\Windows\System\CGozUHw.exe
  2⤵
  PID:7936
- C:\Windows\System\yRFnfNc.exe
  C:\Windows\System\yRFnfNc.exe
  2⤵
  PID:7964
- C:\Windows\System\lOyLWiI.exe
  C:\Windows\System\lOyLWiI.exe
  2⤵
  PID:7992
- C:\Windows\System\GmAPnfO.exe
  C:\Windows\System\GmAPnfO.exe
  2⤵
  PID:8032
- C:\Windows\System\IarnqAj.exe
  C:\Windows\System\IarnqAj.exe
  2⤵
  PID:8048
- C:\Windows\System\joHnerW.exe
  C:\Windows\System\joHnerW.exe
  2⤵
  PID:8068
- C:\Windows\System\VvHPXib.exe
  C:\Windows\System\VvHPXib.exe
  2⤵
  PID:8096
- C:\Windows\System\rzTtsSx.exe
  C:\Windows\System\rzTtsSx.exe
  2⤵
  PID:8132
- C:\Windows\System\yKtcPzf.exe
  C:\Windows\System\yKtcPzf.exe
  2⤵
  PID:8148
- C:\Windows\System\fKpQJSP.exe
  C:\Windows\System\fKpQJSP.exe
  2⤵
  PID:8188
- C:\Windows\System\SwyKpbD.exe
  C:\Windows\System\SwyKpbD.exe
  2⤵
  PID:1088
- C:\Windows\System\CDgXGyO.exe
  C:\Windows\System\CDgXGyO.exe
  2⤵
  PID:7208
- C:\Windows\System\WrGWlYb.exe
  C:\Windows\System\WrGWlYb.exe
  2⤵
  PID:7340
- C:\Windows\System\byQKVWL.exe
  C:\Windows\System\byQKVWL.exe
  2⤵
  PID:768
- C:\Windows\System\nbXcmhG.exe
  C:\Windows\System\nbXcmhG.exe
  2⤵
  PID:7172
- C:\Windows\System\vUZOEjb.exe
  C:\Windows\System\vUZOEjb.exe
  2⤵
  PID:7252
- C:\Windows\System\mUCJbye.exe
  C:\Windows\System\mUCJbye.exe
  2⤵
  PID:7388
- C:\Windows\System\HojuElK.exe
  C:\Windows\System\HojuElK.exe
  2⤵
  PID:7440
- C:\Windows\System\ReebqXC.exe
  C:\Windows\System\ReebqXC.exe
  2⤵
  PID:7476
- C:\Windows\System\vrBVeYd.exe
  C:\Windows\System\vrBVeYd.exe
  2⤵
  PID:7560
- C:\Windows\System\TTajsAH.exe
  C:\Windows\System\TTajsAH.exe
  2⤵
  PID:7600
- C:\Windows\System\sfqlcAW.exe
  C:\Windows\System\sfqlcAW.exe
  2⤵
  PID:7704
- C:\Windows\System\YibWFwQ.exe
  C:\Windows\System\YibWFwQ.exe
  2⤵
  PID:7800
- C:\Windows\System\abIbSQp.exe
  C:\Windows\System\abIbSQp.exe
  2⤵
  PID:7836
- C:\Windows\System\KhSozcW.exe
  C:\Windows\System\KhSozcW.exe
  2⤵
  PID:7904
- C:\Windows\System\ZUKoiOU.exe
  C:\Windows\System\ZUKoiOU.exe
  2⤵
  PID:7984
- C:\Windows\System\EYgPhWF.exe
  C:\Windows\System\EYgPhWF.exe
  2⤵
  PID:8028
- C:\Windows\System\CAwhNCi.exe
  C:\Windows\System\CAwhNCi.exe
  2⤵
  PID:8112
- C:\Windows\System\dcttdTV.exe
  C:\Windows\System\dcttdTV.exe
  2⤵
  PID:8176
- C:\Windows\System\TWeWQWL.exe
  C:\Windows\System\TWeWQWL.exe
  2⤵
  PID:7180
- C:\Windows\System\jHPioKD.exe
  C:\Windows\System\jHPioKD.exe
  2⤵
  PID:4992
- C:\Windows\System\vJWEHCT.exe
  C:\Windows\System\vJWEHCT.exe
  2⤵
  PID:6704
- C:\Windows\System\VFVjYem.exe
  C:\Windows\System\VFVjYem.exe
  2⤵
  PID:7424
- C:\Windows\System\nsNelTd.exe
  C:\Windows\System\nsNelTd.exe
  2⤵
  PID:7620
- C:\Windows\System\nLsgnww.exe
  C:\Windows\System\nLsgnww.exe
  2⤵
  PID:7760
- C:\Windows\System\OaDQsDK.exe
  C:\Windows\System\OaDQsDK.exe
  2⤵
  PID:7848
- C:\Windows\System\PxwhcoQ.exe
  C:\Windows\System\PxwhcoQ.exe
  2⤵
  PID:2068
- C:\Windows\System\wzYFloV.exe
  C:\Windows\System\wzYFloV.exe
  2⤵
  PID:7276
- C:\Windows\System\BYDOJyP.exe
  C:\Windows\System\BYDOJyP.exe
  2⤵
  PID:7616
- C:\Windows\System\wSchJRL.exe
  C:\Windows\System\wSchJRL.exe
  2⤵
  PID:1532
- C:\Windows\System\FPiqdrt.exe
  C:\Windows\System\FPiqdrt.exe
  2⤵
  PID:8124
- C:\Windows\System\AUysvBR.exe
  C:\Windows\System\AUysvBR.exe
  2⤵
  PID:8208
- C:\Windows\System\QMqGQZf.exe
  C:\Windows\System\QMqGQZf.exe
  2⤵
  PID:8248
- C:\Windows\System\LNBgzLB.exe
  C:\Windows\System\LNBgzLB.exe
  2⤵
  PID:8264
- C:\Windows\System\uEjaCUf.exe
  C:\Windows\System\uEjaCUf.exe
  2⤵
  PID:8296
- C:\Windows\System\ksyOmCJ.exe
  C:\Windows\System\ksyOmCJ.exe
  2⤵
  PID:8328
- C:\Windows\System\Bvpspus.exe
  C:\Windows\System\Bvpspus.exe
  2⤵
  PID:8348
- C:\Windows\System\eDgvMLh.exe
  C:\Windows\System\eDgvMLh.exe
  2⤵
  PID:8376
- C:\Windows\System\pUbQGuy.exe
  C:\Windows\System\pUbQGuy.exe
  2⤵
  PID:8420
- C:\Windows\System\yqgMjzj.exe
  C:\Windows\System\yqgMjzj.exe
  2⤵
  PID:8456
- C:\Windows\System\YpyYGYw.exe
  C:\Windows\System\YpyYGYw.exe
  2⤵
  PID:8488
- C:\Windows\System\YMILuXp.exe
  C:\Windows\System\YMILuXp.exe
  2⤵
  PID:8524
- C:\Windows\System\GkqKrCO.exe
  C:\Windows\System\GkqKrCO.exe
  2⤵
  PID:8552
- C:\Windows\System\oxLIsNA.exe
  C:\Windows\System\oxLIsNA.exe
  2⤵
  PID:8568
- C:\Windows\System\FbLhPJg.exe
  C:\Windows\System\FbLhPJg.exe
  2⤵
  PID:8608
- C:\Windows\System\TfpTVtO.exe
  C:\Windows\System\TfpTVtO.exe
  2⤵
  PID:8636
- C:\Windows\System\sbslajw.exe
  C:\Windows\System\sbslajw.exe
  2⤵
  PID:8664
- C:\Windows\System\LqXFIen.exe
  C:\Windows\System\LqXFIen.exe
  2⤵
  PID:8688
- C:\Windows\System\JHQoZIM.exe
  C:\Windows\System\JHQoZIM.exe
  2⤵
  PID:8704
- C:\Windows\System\RMgjwTn.exe
  C:\Windows\System\RMgjwTn.exe
  2⤵
  PID:8724
- C:\Windows\System\OryOJRg.exe
  C:\Windows\System\OryOJRg.exe
  2⤵
  PID:8760
- C:\Windows\System\BhyurZL.exe
  C:\Windows\System\BhyurZL.exe
  2⤵
  PID:8784
- C:\Windows\System\PxahgTe.exe
  C:\Windows\System\PxahgTe.exe
  2⤵
  PID:8804
- C:\Windows\System\WUlrpDa.exe
  C:\Windows\System\WUlrpDa.exe
  2⤵
  PID:8840
- C:\Windows\System\vjqiMeu.exe
  C:\Windows\System\vjqiMeu.exe
  2⤵
  PID:8876
- C:\Windows\System\usRyTMO.exe
  C:\Windows\System\usRyTMO.exe
  2⤵
  PID:8912
- C:\Windows\System\DiKWzSH.exe
  C:\Windows\System\DiKWzSH.exe
  2⤵
  PID:8944
- C:\Windows\System\RlCldtH.exe
  C:\Windows\System\RlCldtH.exe
  2⤵
  PID:8972
- C:\Windows\System\obdprhk.exe
  C:\Windows\System\obdprhk.exe
  2⤵
  PID:9000
- C:\Windows\System\ujHgpFa.exe
  C:\Windows\System\ujHgpFa.exe
  2⤵
  PID:9016
- C:\Windows\System\drUnjKd.exe
  C:\Windows\System\drUnjKd.exe
  2⤵
  PID:9060
- C:\Windows\System\ucyxoJC.exe
  C:\Windows\System\ucyxoJC.exe
  2⤵
  PID:9084
- C:\Windows\System\OBLZRQe.exe
  C:\Windows\System\OBLZRQe.exe
  2⤵
  PID:9100
- C:\Windows\System\nBRcgdL.exe
  C:\Windows\System\nBRcgdL.exe
  2⤵
  PID:9124
- C:\Windows\System\xjrtvsr.exe
  C:\Windows\System\xjrtvsr.exe
  2⤵
  PID:9160
- C:\Windows\System\TtAqsRh.exe
  C:\Windows\System\TtAqsRh.exe
  2⤵
  PID:9192
- C:\Windows\System\WvdUxUN.exe
  C:\Windows\System\WvdUxUN.exe
  2⤵
  PID:9212
- C:\Windows\System\OhWufwx.exe
  C:\Windows\System\OhWufwx.exe
  2⤵
  PID:8316
- C:\Windows\System\oEOOCQt.exe
  C:\Windows\System\oEOOCQt.exe
  2⤵
  PID:8388
- C:\Windows\System\ivpdxCu.exe
  C:\Windows\System\ivpdxCu.exe
  2⤵
  PID:8448
- C:\Windows\System\RfjjmtE.exe
  C:\Windows\System\RfjjmtE.exe
  2⤵
  PID:8540
- C:\Windows\System\FGqQrBs.exe
  C:\Windows\System\FGqQrBs.exe
  2⤵
  PID:8584
- C:\Windows\System\KsnFfTf.exe
  C:\Windows\System\KsnFfTf.exe
  2⤵
  PID:8656
- C:\Windows\System\iHQfcKQ.exe
  C:\Windows\System\iHQfcKQ.exe
  2⤵
  PID:8700
- C:\Windows\System\YnyXPNi.exe
  C:\Windows\System\YnyXPNi.exe
  2⤵
  PID:8780
- C:\Windows\System\XCrmMwb.exe
  C:\Windows\System\XCrmMwb.exe
  2⤵
  PID:8864
- C:\Windows\System\ZMeESMk.exe
  C:\Windows\System\ZMeESMk.exe
  2⤵
  PID:8928
- C:\Windows\System\TApEgmM.exe
  C:\Windows\System\TApEgmM.exe
  2⤵
  PID:8984
- C:\Windows\System\XwTNylQ.exe
  C:\Windows\System\XwTNylQ.exe
  2⤵
  PID:9028
- C:\Windows\System\aRtTmSW.exe
  C:\Windows\System\aRtTmSW.exe
  2⤵
  PID:9076
- C:\Windows\System\TzSuytu.exe
  C:\Windows\System\TzSuytu.exe
  2⤵
  PID:9108
- C:\Windows\System\rwOakmA.exe
  C:\Windows\System\rwOakmA.exe
  2⤵
  PID:9204
- C:\Windows\System\lJqYZyV.exe
  C:\Windows\System\lJqYZyV.exe
  2⤵
  PID:8444
- C:\Windows\System\GnNgJhj.exe
  C:\Windows\System\GnNgJhj.exe
  2⤵
  PID:8632
- C:\Windows\System\eDxgCet.exe
  C:\Windows\System\eDxgCet.exe
  2⤵
  PID:8752
- C:\Windows\System\IClFnUG.exe
  C:\Windows\System\IClFnUG.exe
  2⤵
  PID:8820
- C:\Windows\System\QoXUQjy.exe
  C:\Windows\System\QoXUQjy.exe
  2⤵
  PID:8904
- C:\Windows\System\YEZakGs.exe
  C:\Windows\System\YEZakGs.exe
  2⤵
  PID:9176
- C:\Windows\System\BKkXCEq.exe
  C:\Windows\System\BKkXCEq.exe
  2⤵
  PID:8508
- C:\Windows\System\mkFuUnM.exe
  C:\Windows\System\mkFuUnM.exe
  2⤵
  PID:8908
- C:\Windows\System\GoVhNTw.exe
  C:\Windows\System\GoVhNTw.exe
  2⤵
  PID:8772
- C:\Windows\System\xIkDcQN.exe
  C:\Windows\System\xIkDcQN.exe
  2⤵
  PID:9148
- C:\Windows\System\YTncKBw.exe
  C:\Windows\System\YTncKBw.exe
  2⤵
  PID:9236
- C:\Windows\System\YyVhfYb.exe
  C:\Windows\System\YyVhfYb.exe
  2⤵
  PID:9252
- C:\Windows\System\dIYiXxH.exe
  C:\Windows\System\dIYiXxH.exe
  2⤵
  PID:9304
- C:\Windows\System\MtIoenY.exe
  C:\Windows\System\MtIoenY.exe
  2⤵
  PID:9332
- C:\Windows\System\ZYbzhww.exe
  C:\Windows\System\ZYbzhww.exe
  2⤵
  PID:9360
- C:\Windows\System\etQFZOD.exe
  C:\Windows\System\etQFZOD.exe
  2⤵
  PID:9388
- C:\Windows\System\TIyQpBu.exe
  C:\Windows\System\TIyQpBu.exe
  2⤵
  PID:9404
- C:\Windows\System\odXqxdT.exe
  C:\Windows\System\odXqxdT.exe
  2⤵
  PID:9432
- C:\Windows\System\kgtHPSZ.exe
  C:\Windows\System\kgtHPSZ.exe
  2⤵
  PID:9460
- C:\Windows\System\PjZLRji.exe
  C:\Windows\System\PjZLRji.exe
  2⤵
  PID:9488
- C:\Windows\System\eklSMHl.exe
  C:\Windows\System\eklSMHl.exe
  2⤵
  PID:9516
- C:\Windows\System\VwrbMcG.exe
  C:\Windows\System\VwrbMcG.exe
  2⤵
  PID:9544
- C:\Windows\System\hGZeJJn.exe
  C:\Windows\System\hGZeJJn.exe
  2⤵
  PID:9584
- C:\Windows\System\MEDCvGp.exe
  C:\Windows\System\MEDCvGp.exe
  2⤵
  PID:9600
- C:\Windows\System\huQxGCk.exe
  C:\Windows\System\huQxGCk.exe
  2⤵
  PID:9640
- C:\Windows\System\ddgeLoP.exe
  C:\Windows\System\ddgeLoP.exe
  2⤵
  PID:9664
- C:\Windows\System\eYQNYlz.exe
  C:\Windows\System\eYQNYlz.exe
  2⤵
  PID:9684
- C:\Windows\System\czQAwXu.exe
  C:\Windows\System\czQAwXu.exe
  2⤵
  PID:9724
- C:\Windows\System\FFzCqcC.exe
  C:\Windows\System\FFzCqcC.exe
  2⤵
  PID:9740
- C:\Windows\System\sxsvthU.exe
  C:\Windows\System\sxsvthU.exe
  2⤵
  PID:9768
- C:\Windows\System\zHnhydD.exe
  C:\Windows\System\zHnhydD.exe
  2⤵
  PID:9808
- C:\Windows\System\uaELGus.exe
  C:\Windows\System\uaELGus.exe
  2⤵
  PID:9824
- C:\Windows\System\fvuCIWd.exe
  C:\Windows\System\fvuCIWd.exe
  2⤵
  PID:9840
- C:\Windows\System\gpsIiJm.exe
  C:\Windows\System\gpsIiJm.exe
  2⤵
  PID:9864
- C:\Windows\System\TOEvLoZ.exe
  C:\Windows\System\TOEvLoZ.exe
  2⤵
  PID:9888
- C:\Windows\System\RSiBNvL.exe
  C:\Windows\System\RSiBNvL.exe
  2⤵
  PID:9924
- C:\Windows\System\IrJFXJb.exe
  C:\Windows\System\IrJFXJb.exe
  2⤵
  PID:9964
- C:\Windows\System\tjpmsYD.exe
  C:\Windows\System\tjpmsYD.exe
  2⤵
  PID:10004
- C:\Windows\System\JjlogSS.exe
  C:\Windows\System\JjlogSS.exe
  2⤵
  PID:10032
- C:\Windows\System\HgLbzOy.exe
  C:\Windows\System\HgLbzOy.exe
  2⤵
  PID:10048
- C:\Windows\System\OxXcFzn.exe
  C:\Windows\System\OxXcFzn.exe
  2⤵
  PID:10088
- C:\Windows\System\ZNgsLvI.exe
  C:\Windows\System\ZNgsLvI.exe
  2⤵
  PID:10108
- C:\Windows\System\LfOvIMA.exe
  C:\Windows\System\LfOvIMA.exe
  2⤵
  PID:10132
- C:\Windows\System\mYuNzAH.exe
  C:\Windows\System\mYuNzAH.exe
  2⤵
  PID:10160
- C:\Windows\System\SBMQkhs.exe
  C:\Windows\System\SBMQkhs.exe
  2⤵
  PID:10200
- C:\Windows\System\uwGzzrc.exe
  C:\Windows\System\uwGzzrc.exe
  2⤵
  PID:10228
- C:\Windows\System\MYlbWpG.exe
  C:\Windows\System\MYlbWpG.exe
  2⤵
  PID:9248
- C:\Windows\System\uusSCaT.exe
  C:\Windows\System\uusSCaT.exe
  2⤵
  PID:9292
- C:\Windows\System\pOgPeuK.exe
  C:\Windows\System\pOgPeuK.exe
  2⤵
  PID:9384
- C:\Windows\System\KBuVbHj.exe
  C:\Windows\System\KBuVbHj.exe
  2⤵
  PID:9428
- C:\Windows\System\MthdGEm.exe
  C:\Windows\System\MthdGEm.exe
  2⤵
  PID:9476
- C:\Windows\System\NgfSmgo.exe
  C:\Windows\System\NgfSmgo.exe
  2⤵
  PID:9560
- C:\Windows\System\hxincAp.exe
  C:\Windows\System\hxincAp.exe
  2⤵
  PID:9636
- C:\Windows\System\BoZcmbn.exe
  C:\Windows\System\BoZcmbn.exe
  2⤵
  PID:9680
- C:\Windows\System\AsRujou.exe
  C:\Windows\System\AsRujou.exe
  2⤵
  PID:9756
- C:\Windows\System\XSfDOOk.exe
  C:\Windows\System\XSfDOOk.exe
  2⤵
  PID:9792
- C:\Windows\System\TqWsKIA.exe
  C:\Windows\System\TqWsKIA.exe
  2⤵
  PID:9816
- C:\Windows\System\GzKBisE.exe
  C:\Windows\System\GzKBisE.exe
  2⤵
  PID:9904
- C:\Windows\System\QytvAfV.exe
  C:\Windows\System\QytvAfV.exe
  2⤵
  PID:10024
- C:\Windows\System\QYXhMIY.exe
  C:\Windows\System\QYXhMIY.exe
  2⤵
  PID:10096
- C:\Windows\System\IteqfVh.exe
  C:\Windows\System\IteqfVh.exe
  2⤵
  PID:10144
- C:\Windows\System\RWgjrAe.exe
  C:\Windows\System\RWgjrAe.exe
  2⤵
  PID:10208
- C:\Windows\System\LMeIbcv.exe
  C:\Windows\System\LMeIbcv.exe
  2⤵
  PID:9324
- C:\Windows\System\HwwsXUo.exe
  C:\Windows\System\HwwsXUo.exe
  2⤵
  PID:9456
- C:\Windows\System\EGyoace.exe
  C:\Windows\System\EGyoace.exe
  2⤵
  PID:9656
- C:\Windows\System\YGiyNpe.exe
  C:\Windows\System\YGiyNpe.exe
  2⤵
  PID:9716
- C:\Windows\System\DYfOIoG.exe
  C:\Windows\System\DYfOIoG.exe
  2⤵
  PID:9884
- C:\Windows\System\exjIivB.exe
  C:\Windows\System\exjIivB.exe
  2⤵
  PID:10040
- C:\Windows\System\UxAkKgF.exe
  C:\Windows\System\UxAkKgF.exe
  2⤵
  PID:10172
- C:\Windows\System\cnUDnQd.exe
  C:\Windows\System\cnUDnQd.exe
  2⤵
  PID:9420
- C:\Windows\System\UyRoggx.exe
  C:\Windows\System\UyRoggx.exe
  2⤵
  PID:9800
- C:\Windows\System\xXiFxlA.exe
  C:\Windows\System\xXiFxlA.exe
  2⤵
  PID:10020
- C:\Windows\System\zEUqQhu.exe
  C:\Windows\System\zEUqQhu.exe
  2⤵
  PID:9628
- C:\Windows\System\fySNFJS.exe
  C:\Windows\System\fySNFJS.exe
  2⤵
  PID:10244
- C:\Windows\System\OhCYbfV.exe
  C:\Windows\System\OhCYbfV.exe
  2⤵
  PID:10268
- C:\Windows\System\tAMofDo.exe
  C:\Windows\System\tAMofDo.exe
  2⤵
  PID:10300
- C:\Windows\System\dQXFUOV.exe
  C:\Windows\System\dQXFUOV.exe
  2⤵
  PID:10328
- C:\Windows\System\qCPQCkA.exe
  C:\Windows\System\qCPQCkA.exe
  2⤵
  PID:10368
- C:\Windows\System\HDOKwjZ.exe
  C:\Windows\System\HDOKwjZ.exe
  2⤵
  PID:10384
- C:\Windows\System\RtZvjig.exe
  C:\Windows\System\RtZvjig.exe
  2⤵
  PID:10412
- C:\Windows\System\ffdgEsj.exe
  C:\Windows\System\ffdgEsj.exe
  2⤵
  PID:10440
- C:\Windows\System\IQmdjzR.exe
  C:\Windows\System\IQmdjzR.exe
  2⤵
  PID:10468
- C:\Windows\System\FJfntLy.exe
  C:\Windows\System\FJfntLy.exe
  2⤵
  PID:10508
- C:\Windows\System\dtYqcEa.exe
  C:\Windows\System\dtYqcEa.exe
  2⤵
  PID:10536
- C:\Windows\System\ciVwxwE.exe
  C:\Windows\System\ciVwxwE.exe
  2⤵
  PID:10552
- C:\Windows\System\bKRHdvL.exe
  C:\Windows\System\bKRHdvL.exe
  2⤵
  PID:10572
- C:\Windows\System\DZLOeCf.exe
  C:\Windows\System\DZLOeCf.exe
  2⤵
  PID:10608
- C:\Windows\System\aTlaPvK.exe
  C:\Windows\System\aTlaPvK.exe
  2⤵
  PID:10636
- C:\Windows\System\YAtYaQw.exe
  C:\Windows\System\YAtYaQw.exe
  2⤵
  PID:10664
- C:\Windows\System\TPcLFmO.exe
  C:\Windows\System\TPcLFmO.exe
  2⤵
  PID:10692
- C:\Windows\System\UshjajH.exe
  C:\Windows\System\UshjajH.exe
  2⤵
  PID:10720
- C:\Windows\System\WGmcGRJ.exe
  C:\Windows\System\WGmcGRJ.exe
  2⤵
  PID:10748
- C:\Windows\System\qxVGpMX.exe
  C:\Windows\System\qxVGpMX.exe
  2⤵
  PID:10776
- C:\Windows\System\aQAFpyO.exe
  C:\Windows\System\aQAFpyO.exe
  2⤵
  PID:10812
- C:\Windows\System\xFvImfm.exe
  C:\Windows\System\xFvImfm.exe
  2⤵
  PID:10828
- C:\Windows\System\tIkQWvr.exe
  C:\Windows\System\tIkQWvr.exe
  2⤵
  PID:10872
- C:\Windows\System\jgFbPtY.exe
  C:\Windows\System\jgFbPtY.exe
  2⤵
  PID:10888
- C:\Windows\System\zXXqHEl.exe
  C:\Windows\System\zXXqHEl.exe
  2⤵
  PID:10928
- C:\Windows\System\ueqyUPz.exe
  C:\Windows\System\ueqyUPz.exe
  2⤵
  PID:10956
- C:\Windows\System\NKcqrLz.exe
  C:\Windows\System\NKcqrLz.exe
  2⤵
  PID:10972
- C:\Windows\System\PZGqtUY.exe
  C:\Windows\System\PZGqtUY.exe
  2⤵
  PID:11000
- C:\Windows\System\KTAPCTZ.exe
  C:\Windows\System\KTAPCTZ.exe
  2⤵
  PID:11020
- C:\Windows\System\ULMmyCQ.exe
  C:\Windows\System\ULMmyCQ.exe
  2⤵
  PID:11056
- C:\Windows\System\vyFHCpX.exe
  C:\Windows\System\vyFHCpX.exe
  2⤵
  PID:11096
- C:\Windows\System\nCscMYI.exe
  C:\Windows\System\nCscMYI.exe
  2⤵
  PID:11112
- C:\Windows\System\hwTPQxr.exe
  C:\Windows\System\hwTPQxr.exe
  2⤵
  PID:11148
- C:\Windows\System\BEXdZVB.exe
  C:\Windows\System\BEXdZVB.exe
  2⤵
  PID:11168
- C:\Windows\System\LBnnkzz.exe
  C:\Windows\System\LBnnkzz.exe
  2⤵
  PID:11196
- C:\Windows\System\KIerHPi.exe
  C:\Windows\System\KIerHPi.exe
  2⤵
  PID:11216
- C:\Windows\System\EbGSLqD.exe
  C:\Windows\System\EbGSLqD.exe
  2⤵
  PID:11240
- C:\Windows\System\lYIBxqU.exe
  C:\Windows\System\lYIBxqU.exe
  2⤵
  PID:9540
- C:\Windows\System\YUXvUCq.exe
  C:\Windows\System\YUXvUCq.exe
  2⤵
  PID:10260
- C:\Windows\System\earLXXn.exe
  C:\Windows\System\earLXXn.exe
  2⤵
  PID:10320
- C:\Windows\System\mksgOOV.exe
  C:\Windows\System\mksgOOV.exe
  2⤵
  PID:10400
- C:\Windows\System\SHEOmHl.exe
  C:\Windows\System\SHEOmHl.exe
  2⤵
  PID:10432
- C:\Windows\System\WHPrFSD.exe
  C:\Windows\System\WHPrFSD.exe
  2⤵
  PID:10524
- C:\Windows\System\loyCgzm.exe
  C:\Windows\System\loyCgzm.exe
  2⤵
  PID:1616
- C:\Windows\System\EzHQSHJ.exe
  C:\Windows\System\EzHQSHJ.exe
  2⤵
  PID:10656
- C:\Windows\System\qyyOupC.exe
  C:\Windows\System\qyyOupC.exe
  2⤵
  PID:10704
- C:\Windows\System\bqxktJq.exe
  C:\Windows\System\bqxktJq.exe
  2⤵
  PID:10764
- C:\Windows\System\AONCKVL.exe
  C:\Windows\System\AONCKVL.exe
  2⤵
  PID:10852
- C:\Windows\System\Kaeczhw.exe
  C:\Windows\System\Kaeczhw.exe
  2⤵
  PID:10916
- C:\Windows\System\KJIjbJk.exe
  C:\Windows\System\KJIjbJk.exe
  2⤵
  PID:10984
- C:\Windows\System\KKPMzCy.exe
  C:\Windows\System\KKPMzCy.exe
  2⤵
  PID:11052
- C:\Windows\System\tVSxzaC.exe
  C:\Windows\System\tVSxzaC.exe
  2⤵
  PID:11164
- C:\Windows\System\bPiBkgT.exe
  C:\Windows\System\bPiBkgT.exe
  2⤵
  PID:11184
- C:\Windows\System\kPLNGUM.exe
  C:\Windows\System\kPLNGUM.exe
  2⤵
  PID:11204
- C:\Windows\System\dgCvnQl.exe
  C:\Windows\System\dgCvnQl.exe
  2⤵
  PID:10280
- C:\Windows\System\xzNmjsy.exe
  C:\Windows\System\xzNmjsy.exe
  2⤵
  PID:10424
- C:\Windows\System\IfoDwAg.exe
  C:\Windows\System\IfoDwAg.exe
  2⤵
  PID:10428
- C:\Windows\System\bwkufIE.exe
  C:\Windows\System\bwkufIE.exe
  2⤵
  PID:10628
- C:\Windows\System\gGaTkhn.exe
  C:\Windows\System\gGaTkhn.exe
  2⤵
  PID:10856
- C:\Windows\System\xcNjwdf.exe
  C:\Windows\System\xcNjwdf.exe
  2⤵
  PID:10940
- C:\Windows\System\TuQgTYA.exe
  C:\Windows\System\TuQgTYA.exe
  2⤵
  PID:7448
- C:\Windows\System\nxTRAkT.exe
  C:\Windows\System\nxTRAkT.exe
  2⤵
  PID:11088
- C:\Windows\System\nCzRShq.exe
  C:\Windows\System\nCzRShq.exe
  2⤵
  PID:8228
- C:\Windows\System\wIUFTlt.exe
  C:\Windows\System\wIUFTlt.exe
  2⤵
  PID:11188
- C:\Windows\System\NzexQBK.exe
  C:\Windows\System\NzexQBK.exe
  2⤵
  PID:9264
- C:\Windows\System\DAIQsDd.exe
  C:\Windows\System\DAIQsDd.exe
  2⤵
  PID:10736
- C:\Windows\System\KZMzOCT.exe
  C:\Windows\System\KZMzOCT.exe
  2⤵
  PID:8084
- C:\Windows\System\uuwbcIP.exe
  C:\Windows\System\uuwbcIP.exe
  2⤵
  PID:11208
- C:\Windows\System\zvkKGGp.exe
  C:\Windows\System\zvkKGGp.exe
  2⤵
  PID:10800
- C:\Windows\System\eMjhpCB.exe
  C:\Windows\System\eMjhpCB.exe
  2⤵
  PID:7660
- C:\Windows\System\yJjrett.exe
  C:\Windows\System\yJjrett.exe
  2⤵
  PID:11032
- C:\Windows\System\GnrxsJG.exe
  C:\Windows\System\GnrxsJG.exe
  2⤵
  PID:3556
- C:\Windows\System\USPCLie.exe
  C:\Windows\System\USPCLie.exe
  2⤵
  PID:11296
- C:\Windows\System\UiKkQvW.exe
  C:\Windows\System\UiKkQvW.exe
  2⤵
  PID:11320
- C:\Windows\System\DeYNLEq.exe
  C:\Windows\System\DeYNLEq.exe
  2⤵
  PID:11348
- C:\Windows\System\fHiRBWa.exe
  C:\Windows\System\fHiRBWa.exe
  2⤵
  PID:11376
- C:\Windows\System\rtvckUV.exe
  C:\Windows\System\rtvckUV.exe
  2⤵
  PID:11404
- C:\Windows\System\VqeCmXe.exe
  C:\Windows\System\VqeCmXe.exe
  2⤵
  PID:11440
- C:\Windows\System\ILnslzl.exe
  C:\Windows\System\ILnslzl.exe
  2⤵
  PID:11460
- C:\Windows\System\BVitCxS.exe
  C:\Windows\System\BVitCxS.exe
  2⤵
  PID:11496
- C:\Windows\System\tftINIE.exe
  C:\Windows\System\tftINIE.exe
  2⤵
  PID:11516
- C:\Windows\System\xVitFzF.exe
  C:\Windows\System\xVitFzF.exe
  2⤵
  PID:11544
- C:\Windows\System\ozxbvbc.exe
  C:\Windows\System\ozxbvbc.exe
  2⤵
  PID:11584
- C:\Windows\System\pEoxqxH.exe
  C:\Windows\System\pEoxqxH.exe
  2⤵
  PID:11600
- C:\Windows\System\EDkFrNe.exe
  C:\Windows\System\EDkFrNe.exe
  2⤵
  PID:11640
- C:\Windows\System\jBhzUII.exe
  C:\Windows\System\jBhzUII.exe
  2⤵
  PID:11656
- C:\Windows\System\PibJCiH.exe
  C:\Windows\System\PibJCiH.exe
  2⤵
  PID:11684
- C:\Windows\System\WdVhDNw.exe
  C:\Windows\System\WdVhDNw.exe
  2⤵
  PID:11708
- C:\Windows\System\fTgevYv.exe
  C:\Windows\System\fTgevYv.exe
  2⤵
  PID:11740
- C:\Windows\System\PGXDdsC.exe
  C:\Windows\System\PGXDdsC.exe
  2⤵
  PID:11780
- C:\Windows\System\KwQWAsr.exe
  C:\Windows\System\KwQWAsr.exe
  2⤵
  PID:11812
- C:\Windows\System\WlNfKQY.exe
  C:\Windows\System\WlNfKQY.exe
  2⤵
  PID:11832
- C:\Windows\System\KSvmMrk.exe
  C:\Windows\System\KSvmMrk.exe
  2⤵
  PID:11868
- C:\Windows\System\owuSkyi.exe
  C:\Windows\System\owuSkyi.exe
  2⤵
  PID:11896
- C:\Windows\System\GtKTZGN.exe
  C:\Windows\System\GtKTZGN.exe
  2⤵
  PID:11912
- C:\Windows\System\OUKNLje.exe
  C:\Windows\System\OUKNLje.exe
  2⤵
  PID:11952
- C:\Windows\System\WKPtXoJ.exe
  C:\Windows\System\WKPtXoJ.exe
  2⤵
  PID:11968
- C:\Windows\System\tgHwfMz.exe
  C:\Windows\System\tgHwfMz.exe
  2⤵
  PID:11996
- C:\Windows\System\IIzRITG.exe
  C:\Windows\System\IIzRITG.exe
  2⤵
  PID:12032
- C:\Windows\System\bZtJYts.exe
  C:\Windows\System\bZtJYts.exe
  2⤵
  PID:12056
- C:\Windows\System\ciWqUID.exe
  C:\Windows\System\ciWqUID.exe
  2⤵
  PID:12084
- C:\Windows\System\SiKRyDn.exe
  C:\Windows\System\SiKRyDn.exe
  2⤵
  PID:12120
- C:\Windows\System\gzbJMzn.exe
  C:\Windows\System\gzbJMzn.exe
  2⤵
  PID:12148
- C:\Windows\System\bidBJlv.exe
  C:\Windows\System\bidBJlv.exe
  2⤵
  PID:12168
- C:\Windows\System\bkvxAUK.exe
  C:\Windows\System\bkvxAUK.exe
  2⤵
  PID:12208
- C:\Windows\System\TMSEcMt.exe
  C:\Windows\System\TMSEcMt.exe
  2⤵
  PID:12236
- C:\Windows\System\aBsTmBx.exe
  C:\Windows\System\aBsTmBx.exe
  2⤵
  PID:12264
- C:\Windows\System\KywBrna.exe
  C:\Windows\System\KywBrna.exe
  2⤵
  PID:12280
- C:\Windows\System\uBZWqdb.exe
  C:\Windows\System\uBZWqdb.exe
  2⤵
  PID:11312
- C:\Windows\System\gGDNXnV.exe
  C:\Windows\System\gGDNXnV.exe
  2⤵
  PID:11360
- C:\Windows\System\BKPuRVy.exe
  C:\Windows\System\BKPuRVy.exe
  2⤵
  PID:11448
- C:\Windows\System\FekuaAr.exe
  C:\Windows\System\FekuaAr.exe
  2⤵
  PID:11532
- C:\Windows\System\LzQaXNE.exe
  C:\Windows\System\LzQaXNE.exe
  2⤵
  PID:11612
- C:\Windows\System\rMngGYB.exe
  C:\Windows\System\rMngGYB.exe
  2⤵
  PID:11652
- C:\Windows\System\dWVTZct.exe
  C:\Windows\System\dWVTZct.exe
  2⤵
  PID:11732
- C:\Windows\System\IesgiyX.exe
  C:\Windows\System\IesgiyX.exe
  2⤵
  PID:11820
- C:\Windows\System\UwXTmqC.exe
  C:\Windows\System\UwXTmqC.exe
  2⤵
  PID:11880
- C:\Windows\System\xESOcHE.exe
  C:\Windows\System\xESOcHE.exe
  2⤵
  PID:11948
- C:\Windows\System\KIXzniQ.exe
  C:\Windows\System\KIXzniQ.exe
  2⤵
  PID:12040
- C:\Windows\System\lIZlmuD.exe
  C:\Windows\System\lIZlmuD.exe
  2⤵
  PID:12080
- C:\Windows\System\caYvhQa.exe
  C:\Windows\System\caYvhQa.exe
  2⤵
  PID:12144
- C:\Windows\System\SkpbyuI.exe
  C:\Windows\System\SkpbyuI.exe
  2⤵
  PID:12204
- C:\Windows\System\HdqgUUN.exe
  C:\Windows\System\HdqgUUN.exe
  2⤵
  PID:2764
- C:\Windows\System\GNppDbK.exe
  C:\Windows\System\GNppDbK.exe
  2⤵
  PID:11340
- C:\Windows\System\gGvHsVA.exe
  C:\Windows\System\gGvHsVA.exe
  2⤵
  PID:11492
- C:\Windows\System\PyLdboZ.exe
  C:\Windows\System\PyLdboZ.exe
  2⤵
  PID:11636
- C:\Windows\System\vtoegfd.exe
  C:\Windows\System\vtoegfd.exe
  2⤵
  PID:11768
- C:\Windows\System\zoisOyu.exe
  C:\Windows\System\zoisOyu.exe
  2⤵
  PID:11980
- C:\Windows\System\ANbdTOi.exe
  C:\Windows\System\ANbdTOi.exe
  2⤵
  PID:12156
- C:\Windows\System\KuDFLEa.exe
  C:\Windows\System\KuDFLEa.exe
  2⤵
  PID:11364
- C:\Windows\System\vTyUbJz.exe
  C:\Windows\System\vTyUbJz.exe
  2⤵
  PID:11924
- C:\Windows\System\HCGlOZR.exe
  C:\Windows\System\HCGlOZR.exe
  2⤵
  PID:11988
- C:\Windows\System\ecShzHY.exe
  C:\Windows\System\ecShzHY.exe
  2⤵
  PID:12188
- C:\Windows\System\hmFnGah.exe
  C:\Windows\System\hmFnGah.exe
  2⤵
  PID:11724
- C:\Windows\System\OVgoqdh.exe
  C:\Windows\System\OVgoqdh.exe
  2⤵
  PID:12296
- C:\Windows\System\wzaHcVW.exe
  C:\Windows\System\wzaHcVW.exe
  2⤵
  PID:12348
- C:\Windows\System\Wmdzulz.exe
  C:\Windows\System\Wmdzulz.exe
  2⤵
  PID:12376
- C:\Windows\System\bUASstD.exe
  C:\Windows\System\bUASstD.exe
  2⤵
  PID:12392
- C:\Windows\System\aICmUBG.exe
  C:\Windows\System\aICmUBG.exe
  2⤵
  PID:12428
- C:\Windows\System\SphlLfx.exe
  C:\Windows\System\SphlLfx.exe
  2⤵
  PID:12444
- C:\Windows\System\KjBamTt.exe
  C:\Windows\System\KjBamTt.exe
  2⤵
  PID:12464
- C:\Windows\System\gRKscgR.exe
  C:\Windows\System\gRKscgR.exe
  2⤵
  PID:12492
- C:\Windows\System\YnVeqlt.exe
  C:\Windows\System\YnVeqlt.exe
  2⤵
  PID:12528
- C:\Windows\System\UnrbnDJ.exe
  C:\Windows\System\UnrbnDJ.exe
  2⤵
  PID:12560
- C:\Windows\System\YqrDsnu.exe
  C:\Windows\System\YqrDsnu.exe
  2⤵
  PID:12592
- C:\Windows\System\NBaBcSZ.exe
  C:\Windows\System\NBaBcSZ.exe
  2⤵
  PID:12616
- C:\Windows\System\TeRROqG.exe
  C:\Windows\System\TeRROqG.exe
  2⤵
  PID:12644
- C:\Windows\System\PwBLyqo.exe
  C:\Windows\System\PwBLyqo.exe
  2⤵
  PID:12672
- C:\Windows\System\AeTPVfQ.exe
  C:\Windows\System\AeTPVfQ.exe
  2⤵
  PID:12708
- C:\Windows\System\LDxRZBK.exe
  C:\Windows\System\LDxRZBK.exe
  2⤵
  PID:12740
- C:\Windows\System\flaonfN.exe
  C:\Windows\System\flaonfN.exe
  2⤵
  PID:12768
- C:\Windows\System\rbcFAIm.exe
  C:\Windows\System\rbcFAIm.exe
  2⤵
  PID:12796
- C:\Windows\System\XSjWWEV.exe
  C:\Windows\System\XSjWWEV.exe
  2⤵
  PID:12820
- C:\Windows\System\LfYMbzW.exe
  C:\Windows\System\LfYMbzW.exe
  2⤵
  PID:12852
- C:\Windows\System\HcpJUwz.exe
  C:\Windows\System\HcpJUwz.exe
  2⤵
  PID:12880
- C:\Windows\System\tTpXFHU.exe
  C:\Windows\System\tTpXFHU.exe
  2⤵
  PID:12908
- C:\Windows\System\xmqNbOF.exe
  C:\Windows\System\xmqNbOF.exe
  2⤵
  PID:12940
- C:\Windows\System\UMtKMCk.exe
  C:\Windows\System\UMtKMCk.exe
  2⤵
  PID:12968
- C:\Windows\System\zQeFBmp.exe
  C:\Windows\System\zQeFBmp.exe
  2⤵
  PID:12984
- C:\Windows\System\Ruirjwt.exe
  C:\Windows\System\Ruirjwt.exe
  2⤵
  PID:13020
- C:\Windows\System\XKFOceu.exe
  C:\Windows\System\XKFOceu.exe
  2⤵
  PID:13056
- C:\Windows\System\PxbweJH.exe
  C:\Windows\System\PxbweJH.exe
  2⤵
  PID:13084
- C:\Windows\System\GyruHuB.exe
  C:\Windows\System\GyruHuB.exe
  2⤵
  PID:13112
- C:\Windows\System\dUamLWZ.exe
  C:\Windows\System\dUamLWZ.exe
  2⤵
  PID:13128
- C:\Windows\System\WhpjtUp.exe
  C:\Windows\System\WhpjtUp.exe
  2⤵
  PID:13164
- C:\Windows\System\jCxdhBE.exe
  C:\Windows\System\jCxdhBE.exe
  2⤵
  PID:13196
- C:\Windows\System\DpRYgrV.exe
  C:\Windows\System\DpRYgrV.exe
  2⤵
  PID:13224
- C:\Windows\System\BnDrQxM.exe
  C:\Windows\System\BnDrQxM.exe
  2⤵
  PID:13240
- C:\Windows\System\wzkxcXH.exe
  C:\Windows\System\wzkxcXH.exe
  2⤵
  PID:13280
- C:\Windows\System\PygTRbb.exe
  C:\Windows\System\PygTRbb.exe
  2⤵
  PID:13308
- C:\Windows\System\MoTmDIW.exe
  C:\Windows\System\MoTmDIW.exe
  2⤵
  PID:12332
- C:\Windows\System\chMuVqy.exe
  C:\Windows\System\chMuVqy.exe
  2⤵
  PID:12364
- C:\Windows\System\aknJXuU.exe
  C:\Windows\System\aknJXuU.exe
  2⤵
  PID:12436
- C:\Windows\System\YcXLGgT.exe
  C:\Windows\System\YcXLGgT.exe
  2⤵
  PID:12480
- C:\Windows\System\meVRtcn.exe
  C:\Windows\System\meVRtcn.exe
  2⤵
  PID:12556
- C:\Windows\System\DaHynux.exe
  C:\Windows\System\DaHynux.exe
  2⤵
  PID:12612
- C:\Windows\System\MjrbhmI.exe
  C:\Windows\System\MjrbhmI.exe
  2⤵
  PID:12664
- C:\Windows\System\CyZalJL.exe
  C:\Windows\System\CyZalJL.exe
  2⤵
  PID:12752
- C:\Windows\System\MMwttfb.exe
  C:\Windows\System\MMwttfb.exe
  2⤵
  PID:12788
- C:\Windows\System\jyXGbfP.exe
  C:\Windows\System\jyXGbfP.exe
  2⤵
  PID:12892
- C:\Windows\System\DxBLYbn.exe
  C:\Windows\System\DxBLYbn.exe
  2⤵
  PID:12928
- C:\Windows\System\qbCtMfg.exe
  C:\Windows\System\qbCtMfg.exe
  2⤵
  PID:13012
- C:\Windows\System\igPNMat.exe
  C:\Windows\System\igPNMat.exe
  2⤵
  PID:13096
- C:\Windows\System\ztTVlSV.exe
  C:\Windows\System\ztTVlSV.exe
  2⤵
  PID:13180
- C:\Windows\System\pfJydsU.exe
  C:\Windows\System\pfJydsU.exe
  2⤵
  PID:13232
- C:\Windows\System\TVqOCLx.exe
  C:\Windows\System\TVqOCLx.exe
  2⤵
  PID:13304
- C:\Windows\System\GetNPqC.exe
  C:\Windows\System\GetNPqC.exe
  2⤵
  PID:12360
- C:\Windows\System\vYaDGwQ.exe
  C:\Windows\System\vYaDGwQ.exe
  2⤵
  PID:12460
- C:\Windows\System\YWNcVFq.exe
  C:\Windows\System\YWNcVFq.exe
  2⤵
  PID:12588
- C:\Windows\System\MMFkIsz.exe
  C:\Windows\System\MMFkIsz.exe
  2⤵
  PID:12872
- C:\Windows\System\GAEIyLl.exe
  C:\Windows\System\GAEIyLl.exe
  2⤵
  PID:12952
- C:\Windows\System\kANpOKY.exe
  C:\Windows\System\kANpOKY.exe
  2⤵
  PID:13044
- C:\Windows\System\ICiMoGe.exe
  C:\Windows\System\ICiMoGe.exe
  2⤵
  PID:13220
- C:\Windows\System\MddstoF.exe
  C:\Windows\System\MddstoF.exe
  2⤵
  PID:4532
- C:\Windows\System\isasHBm.exe
  C:\Windows\System\isasHBm.exe
  2⤵
  PID:11420
- C:\Windows\System\hUmxPTq.exe
  C:\Windows\System\hUmxPTq.exe
  2⤵
  PID:12636
- C:\Windows\System\gqjddWZ.exe
  C:\Windows\System\gqjddWZ.exe
  2⤵
  PID:13040
- C:\Windows\System\FjhVFRd.exe
  C:\Windows\System\FjhVFRd.exe
  2⤵
  PID:13264
- C:\Windows\System\QxMVCsy.exe
  C:\Windows\System\QxMVCsy.exe
  2⤵
  PID:13192
- C:\Windows\System\wcfaFWY.exe
  C:\Windows\System\wcfaFWY.exe
  2⤵
  PID:12412
- C:\Windows\System\UcxXnks.exe
  C:\Windows\System\UcxXnks.exe
  2⤵
  PID:12516
- C:\Windows\System\ENqWsRm.exe
  C:\Windows\System\ENqWsRm.exe
  2⤵
  PID:13364
- C:\Windows\System\GpqnLZd.exe
  C:\Windows\System\GpqnLZd.exe
  2⤵
  PID:13392
- C:\Windows\System\OOFAsVi.exe
  C:\Windows\System\OOFAsVi.exe
  2⤵
  PID:13408
- C:\Windows\System\ouqZaAG.exe
  C:\Windows\System\ouqZaAG.exe
  2⤵
  PID:13444
- C:\Windows\System\AHZKhif.exe
  C:\Windows\System\AHZKhif.exe
  2⤵
  PID:13476
- C:\Windows\System\qzyWxAE.exe
  C:\Windows\System\qzyWxAE.exe
  2⤵
  PID:13504
- C:\Windows\System\etsGMMa.exe
  C:\Windows\System\etsGMMa.exe
  2⤵
  PID:13532
- C:\Windows\System\ouQKGif.exe
  C:\Windows\System\ouQKGif.exe
  2⤵
  PID:13560
- C:\Windows\System\QGeqICK.exe
  C:\Windows\System\QGeqICK.exe
  2⤵
  PID:13588
- C:\Windows\System\iTbezEs.exe
  C:\Windows\System\iTbezEs.exe
  2⤵
  PID:13604
- C:\Windows\System\qPrAhms.exe
  C:\Windows\System\qPrAhms.exe
  2⤵
  PID:13644
- C:\Windows\System\fuXdYaL.exe
  C:\Windows\System\fuXdYaL.exe
  2⤵
  PID:13672
- C:\Windows\System\vwmiFrA.exe
  C:\Windows\System\vwmiFrA.exe
  2⤵
  PID:13700
- C:\Windows\System\qLUgwfg.exe
  C:\Windows\System\qLUgwfg.exe
  2⤵
  PID:13728
- C:\Windows\System\asPtNFJ.exe
  C:\Windows\System\asPtNFJ.exe
  2⤵
  PID:13744
- C:\Windows\System\YaLZTAP.exe
  C:\Windows\System\YaLZTAP.exe
  2⤵
  PID:13780
- C:\Windows\System\evUXRBE.exe
  C:\Windows\System\evUXRBE.exe
  2⤵
  PID:13800
- C:\Windows\System\xSoEWNm.exe
  C:\Windows\System\xSoEWNm.exe
  2⤵
  PID:13832
- C:\Windows\System\ZHvuinY.exe
  C:\Windows\System\ZHvuinY.exe
  2⤵
  PID:13872
- C:\Windows\System\ihUiyzg.exe
  C:\Windows\System\ihUiyzg.exe
  2⤵
  PID:13904
- C:\Windows\System\ViBYHKZ.exe
  C:\Windows\System\ViBYHKZ.exe
  2⤵
  PID:13932
- C:\Windows\System\bzqwWLe.exe
  C:\Windows\System\bzqwWLe.exe
  2⤵
  PID:13948
- C:\Windows\System\NsTLAXP.exe
  C:\Windows\System\NsTLAXP.exe
  2⤵
  PID:13976
- C:\Windows\System\loJHphY.exe
  C:\Windows\System\loJHphY.exe
  2⤵
  PID:14000
- C:\Windows\System\AqPRxIg.exe
  C:\Windows\System\AqPRxIg.exe
  2⤵
  PID:14024
- C:\Windows\System\ZNeucew.exe
  C:\Windows\System\ZNeucew.exe
  2⤵
  PID:14060
- C:\Windows\System\suNOFUO.exe
  C:\Windows\System\suNOFUO.exe
  2⤵
  PID:14076
- C:\Windows\System\wlEirqZ.exe
  C:\Windows\System\wlEirqZ.exe
  2⤵
  PID:14108
- C:\Windows\System\RQJrQrW.exe
  C:\Windows\System\RQJrQrW.exe
  2⤵
  PID:14136
- C:\Windows\System\lLQckNN.exe
  C:\Windows\System\lLQckNN.exe
  2⤵
  PID:14164
- C:\Windows\System\rXlHXYD.exe
  C:\Windows\System\rXlHXYD.exe
  2⤵
  PID:14196
- C:\Windows\System\TgXxjCf.exe
  C:\Windows\System\TgXxjCf.exe
  2⤵
  PID:14232
- C:\Windows\System\NrVjcYr.exe
  C:\Windows\System\NrVjcYr.exe
  2⤵
  PID:14256
- C:\Windows\System\perEmOz.exe
  C:\Windows\System\perEmOz.exe
  2⤵
  PID:14292
- C:\Windows\System\aPJXtCW.exe
  C:\Windows\System\aPJXtCW.exe
  2⤵
  PID:14308
- C:\Windows\System\ZrcJJQG.exe
  C:\Windows\System\ZrcJJQG.exe
  2⤵
  PID:13076
- C:\Windows\System\EBoBhlN.exe
  C:\Windows\System\EBoBhlN.exe
  2⤵
  PID:13384

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ATGudlg.exe

Filesize
2.3MB

MD5
d1d07498873e1b0d0124a66a4037d3b3

SHA1
a56889f43e0ce9918bdb80ed66364c4035c88757

SHA256
a0eea7e4758c3afa825f4319e1a0368cee923f40cd70a2a2c862a178b4a2e925

SHA512
ffcb36a7a81d6640981f88c9dce20ca3740a57cf1bf0cd622f33be7a02af318c398a855a4a1fe04c5036dcb7878a0aaea49b48c9c6fd6b0635303acd46cef1ac

Download Submit
C:\Windows\System\BgJLYGB.exe

Filesize
2.3MB

MD5
6fcb1dea2bcea1716209918ecc9ce1c4

SHA1
d3a00d1ed9e95dc28d42c3ce381f25ebf7f2910f

SHA256
22c1d7ccb8382ce3a5b2cd6faf0cfcb18f29b901fcf323238182679d5527ed6a

SHA512
f53cf01b8f2c36d14dff7f8443a1b5dcceb3c5c824b1057ebc0abd85ea20a8a3ee2f135cfc10f0c83ff2d1d24ab59f4d4ebcfd194aaa14b8ca8898c80ea5614a

Download Submit
C:\Windows\System\EEZtzkW.exe

Filesize
2.3MB

MD5
c53a77adc2283bef3c8ed08ca9df7047

SHA1
326797bcdf66ac987ca764577b7d9d11fdc46445

SHA256
5e0cdeaa4709d0fbda7c3ff8a26618c1845fd6f4df70fe7ef2c3b33996949b4b

SHA512
d7af356b91e312dc14750661b70ea63ce83a6192aa724769f1641d612b3eff4db0ff9a3d145c69d46915f7cc1a8ff76d56e3e1050b6f29805cadcb6ddbca47a3

Download Submit
C:\Windows\System\GTqzyWo.exe

Filesize
2.3MB

MD5
e8626da611b323399a0986d2f3b67a3c

SHA1
78a801a215618b337edec04bed7a435a6a9b4db9

SHA256
6f73069afb3835a00bc9ffaf7080eea5bc5260261bea36945c820db23f75adcb

SHA512
959e3076be735936b7dbb04e002644c71fdef8e6280f1a032d2af37a20bbe34f3cbf09c0eaaf602d42620ec1dd5089af9a9a165456d891b8c3c82f03d6d82fcc

Download Submit
C:\Windows\System\HywgBIh.exe

Filesize
2.4MB

MD5
bfb00f7596d86997471ec1e1b3331d4a

SHA1
6514e533e89a0a320ce40648d5e47909305a9638

SHA256
c4da0b1529e4537e92660df80bc5d74c6e8a4d9d93e7a716ff98cadf49f46c38

SHA512
7aca2e7c5f7c87289d814f3669458495fcf3f0e90d222e4c53870d7a95c1477410dcb301b42a588ec63d76a67562dc15db5bd5bf5105d1d3a35d026f4e296efb

Download Submit
C:\Windows\System\IScizRy.exe

Filesize
2.3MB

MD5
50164e032c9761bada3cdf8ea83c6963

SHA1
b40c340647de9fa2dbdd99d23c9845f1d1583432

SHA256
e5b687c51a136687a96305c4499a9e41eea48fabe6bef727352de14f1a74e338

SHA512
f4ebf541e46cd5fff360c94e3be1fbea78981cf0c7f0b62fd6ef22ce29424f576ba246b74ba1c0657d382dd02c15e3faff9ca0b830dafb0d794a968296f609f3

Download Submit
C:\Windows\System\MhMiFgx.exe

Filesize
2.4MB

MD5
fe435589b7f7b2d01beef7b2d38f4d7c

SHA1
22d314f04f9d72cacbdbfbcd8f3de388050c0cf2

SHA256
662be4a822805722b2c0eceeb6d9a8067f900c5ed6589f6b6f5e30b87ff1038c

SHA512
173862d080144864cf1eb8ce99ce3e708fab735ad3d65ef072af1b34d61317ef9a9a42a34e7422b30cdc4e03f0a55f00d108da406e36624cb118ff219c21ff57

Download Submit
C:\Windows\System\MovTXxS.exe

Filesize
2.3MB

MD5
8e1ea4278891d37a09c6c311ebf79fbb

SHA1
a5aa4d39dcff6d5c0c0b10a5f3420a60a56154a7

SHA256
681a9d12d9dac946a493844d3fa50150ed49a40ef13027759796c32ebf416377

SHA512
a3711e3b25a57d6e4df5d9c0de14dd2271b46a0da3e2d5b5c19a2948bfc1d3e5f79f461785b832acb0cb1caa6cf5e1b24a308313a3fb6872c9ecc4e6ff64a133

Download Submit
C:\Windows\System\PJKocTR.exe

Filesize
2.3MB

MD5
f84ac1ff7f8908e9101572217be9a220

SHA1
bb0b9ec72d530999044bb4b48205b6fa766fe98c

SHA256
19dc99622399dca32e01065e23aa060ecb85fb9ec8aa33033fe3ad2b086837ce

SHA512
8a44f4fd95c38e4d68d54810640a9bc981007c021699e09b39b725d349f1cc7b5df0e6e8271c560b53d665b371f3c6b1eeeda26f529614f9bdcf2fe33fd07b17

Download Submit
C:\Windows\System\PRsEWWQ.exe

Filesize
2.3MB

MD5
3487e3d0c1d80998e9e6aa693a0e4ee1

SHA1
03ab2c67bab203794b847feac251f931f791b074

SHA256
4eb142cefed505edcad5e5e1039b7f6b3b72a804781b15ec92ae76243d0d2c86

SHA512
218dd99d2a3691b183ea00c982a6d3a9dcf2c7a48e4756ebccc56ab861da273a54dd889738eece47022429ed638bdc4682e89db6ad87b81e32c7fe82dfd63b4a

Download Submit
C:\Windows\System\PeAmDVV.exe

Filesize
2.4MB

MD5
dee56058b17b17198e8d0a893a9f45d6

SHA1
3ea226c91d97f1c1b98d8e875398de666ba15315

SHA256
bb549d8ee3243a2d1c07a80a25a5b55d71047eb3677c8919c12be039df8e1bc8

SHA512
d696829a2784f884e770d897c50a34847670779c7d0313ea7300b4377af40bb7153d71eeb843564dd1f53c55f9f15042a09b0ad613b70fb7f67c48ef071b27f8

Download Submit
C:\Windows\System\SprWXcm.exe

Filesize
2.4MB

MD5
62595011248b0be7e2a95907d1945f9c

SHA1
64ea8968c5fc36245686339b96717151b6504fd7

SHA256
91b1d8167b9f843c5b70285a91db3f162c49458f000e362145dbe85db04596a1

SHA512
4831594c22655baf7c2af510e59950f134c665aa63c4ea5b88763d8e465044dab18441278b865804202e04afc9165499b5f70866a52b3442f1808994d9427b03

Download Submit
C:\Windows\System\TVeGtjQ.exe

Filesize
2.3MB

MD5
d68251e3319470e471eb18971bcc442e

SHA1
80d15addee9d30f4b6d3f39ec6bf08fb383a1c7d

SHA256
207514fa40c776e346845687f83c323beaf649d790c3acd7d1cd975cea39a54c

SHA512
c0cc5f991833d5cbc98a4e919f855d3d53253b0312e2417fd792905debed4fb2945775732e51ec8731274347926bee8e179bafb99fac08c069ff39d49c2edb08

Download Submit
C:\Windows\System\UpCtsoa.exe

Filesize
2.3MB

MD5
e3f73f63661673e7d01ff61ac83e578a

SHA1
c1090e9e08a835a52281aedd008edc61696d9811

SHA256
bb810782b66a69ae8ab847e1f407ef201d08ed7b8ed1f6f980e1450b1181ca0e

SHA512
618e764f43e6bd7710afc18b11bf4e41abc80e05833115227555628502c49ebf9115ac90b974107c50fa9db1bbdbf24b7f803f9b00c3488a8f95d0bcef63d595

Download Submit
C:\Windows\System\VSULuEz.exe

Filesize
2.3MB

MD5
73ec91d0f9030ffb970def690e7acc4c

SHA1
4495474caf8b6ca2d76a02523eba15dc0aa8567d

SHA256
131ad2a3d693fe90d7e076e3b631c372596c5117263f5a39e27a439b30fca2c5

SHA512
7f919711bcf0329596c02f9c4e5aba3017ee7f8b6578c978b340b7e07a00b326e8ff2d045e8a5283fb08d9b5efbf8ee8af4c676533576e72c6a667a3154e70b4

Download Submit
C:\Windows\System\VsTmRxn.exe

Filesize
2.4MB

MD5
157fae7ece8fbf946b0a91559f8c8950

SHA1
2211a2a76ba216aae23294c4752fabc879c3a13d

SHA256
552e7a7d80d515973a778ebb362b902764c675f83eb1ed87927d5c3c56e6ecec

SHA512
a139a73a3d4419ef454902756ad98118f003a7f75bdab85644b6310955e7e32fcc26494e8fd9b75982198b983afa376ac0d0053cca46857bba055d91aaba4899

Download Submit
C:\Windows\System\aDIlZVi.exe

Filesize
2.3MB

MD5
8f11103e791ee6a4f323d3dbd18f0152

SHA1
e90330cce3ffe911324f8e94e3b2686e12ade66d

SHA256
6f0364c5bc3b495dfc3ee814885b7f99c86ceb37f1fd5583e191be1f39aebc87

SHA512
113cd4200675e1dac2a7a6c3a54cc8818bb27ecea9b79e4f9b1f67a5d724c31c5ef65cefcab5f7a072880f82e5a44c473fb7f277b731638ba9de628d2a5b208a

Download Submit
C:\Windows\System\apvUsXm.exe

Filesize
2.3MB

MD5
702eb3f8554d9a14ac5611f6a0e7f6dd

SHA1
05148f34fbad4ff0a388b515253afa5badca2504

SHA256
c26799f17a33fdedbaa291a61d008f0e98d369dd400d3145a2b4a173715602a5

SHA512
fb09888785d7ea4754a35d818580057a70f5f7e54c35c4917318ad63919afee5f53b91567fe37314563ee190a38fb7ba71390b6ed9f2440fab276528a5dc6038

Download Submit
C:\Windows\System\bQzIeTt.exe

Filesize
2.3MB

MD5
b55e89c5ebea61d4a1d693558bbdbff5

SHA1
00ecb2077a966a0940b47e95af9ef55ef805c1c1

SHA256
cd445eeec6504ea37aa2e386511010aa2b3ab150dddcf4dfed73b856b940d7c6

SHA512
21647eab2a005619d417bc38ce411cb9ad309105c9954586b963011a006339ff3743fd7d6de28d21c469fcae8e902493340d25d4d816719165f9466da492e414

Download Submit
C:\Windows\System\cWMxnxl.exe

Filesize
2.3MB

MD5
a178bb60d485536f62c0b142d5d6fb6a

SHA1
215ac6de26acf39e7ca77aa56551cdfd8c78d1a8

SHA256
740603dfd865999f8f03c7ccb5f47840c86c076d1c26c7e97d79be04a90eb24b

SHA512
69d930d56786d49be887f4cea58ebe42510c7acedac45f77e83acf85891a6c2c1a87fe7f08e3126344073aa1e039abc3c9098ac03925b8390872dde26d5a4009

Download Submit
C:\Windows\System\eXOmdET.exe

Filesize
2.3MB

MD5
5b56ca6ce018a090853d775761d2c90d

SHA1
6ec90e063bff246092d470f312c5f943de54dd25

SHA256
50db320f77999c48e15d0a126f72ee232794ca7a967750917d3c8b11d3a208f7

SHA512
a85e9b82ca3d62556ad8ec71d101f66166fbeffe20773432fe43e71a901e81901da660540a05c46b6e8eeacb0afb17252d031984cb854b54fddb0825ab77fcf5

Download Submit
C:\Windows\System\fwqKJYH.exe

Filesize
2.3MB

MD5
fb417220b0bd1511a5cf1a754165355a

SHA1
b64fd5a4165fff026ca8afac4169c7591b428fbc

SHA256
2680169c8d2362b36f9928f1865edd0fa48cbf43e8f6257edda43c9328aee4f5

SHA512
56f31c2d32fc22b9dac6c7e99110bdfc868296b5ef3739c5514a2f48a1995d90690acacaf55e8bef43276e37b1c012f6b7a9710b2f1a31275b23081b85181d39

Download Submit
C:\Windows\System\hCtfELA.exe

Filesize
2.4MB

MD5
9381925f7829763176c26291973b611f

SHA1
f9790266531340991d4be9019d38c1162aaaa8b3

SHA256
a164d7cb1164849ff0802e1bdab2dcfad4a7b5a9e8f1e16c3e76b64492605aff

SHA512
a0c2fc86bbb0afcecf82366d4ab364dbfed388fd5c1f9781221db5e303ea344b354136193a7333d51eaea200ffcc38e7b10f62bf147a87a667d28d0081858823

Download Submit
C:\Windows\System\iZnQDeL.exe

Filesize
2.3MB

MD5
f9085c1a6faf9d1e98cc5abb34089c13

SHA1
480459c136f3947b0a0d87bcd132bc745cd867e4

SHA256
94ce2dcdea6537f77b1931d313e99a83a64f66d5e2d97907bf564c631d1dff01

SHA512
2c32c5dba800d686b4f7a6aa9f210374042d25cd23e62d76503100d74d23f0ec10dd0b29fa4a3e9d9899b3fa60b654242446aa5df67fc3dd4178f257d3982125

Download Submit
C:\Windows\System\jCuKahQ.exe

Filesize
2.4MB

MD5
535598e593d549f75fc913b80a602513

SHA1
1c067a070669a009e7819d369794736762596e34

SHA256
31eb87f001b26b352368faa60c7ae210a37ba0b5d995acdd835e4f2b7ee5351a

SHA512
fd4007fdd5dc04c1280047f873fccfd5496d1ea016643c228f4e704fe79a21146a83cc2724335cbcb53f963103c2743de00c263b67522cc0d6867541e8747409

Download Submit
C:\Windows\System\kvMiFGA.exe

Filesize
2.4MB

MD5
94a31587e2af8c94317a0d08526c3d0c

SHA1
31775faf1bf119e7bd4d8686dcf97ac93b23c29e

SHA256
46943e8c9df86acbd4753886bbef16bae7b761aae0ec7335eec8755f04114bac

SHA512
1af07fc68342e5b5c940601bdd0559b5a6a1c9ad9f98589940c8914117a2fcf6cd03fae01e723abc062b90c6078597e6458ff606243fd9f5a38badf84b7fe991

Download Submit
C:\Windows\System\lApJTVU.exe

Filesize
2.3MB

MD5
96a8b5ab15efc93632dfcf2fc72f3c70

SHA1
3c5327f4b11d6c9beff2db393f17c60dc80e91d4

SHA256
63b20ae37a79a52d8b5e574d7a536d755c834392785566886cfb45a83defb1d1

SHA512
8c13620ddf9607539eef1d6ddad35d3650e4ec8eb351cec2c2b3a85b8420a81ca02aad8b626c1cdbc67ed7755bad7e771900c26c5b134eb90c98fc52012b29c6

Download Submit
C:\Windows\System\lmuKxeO.exe

Filesize
2.3MB

MD5
bcf7a1968c1fc246a6668fc1a1d8aef7

SHA1
2441eab5bfa3edb9d0e9c22f9a5cce95af158cab

SHA256
3d5241f3544109457e7e40aabed966c3bf15c5964bd0a3e416fcbf201c532091

SHA512
2e163505e5792edc823507fa63853d6b1ae3e260f1ccedbeac99473e3799187ca0744a4246ef56ce2beda453072713211282d9a1c5b9b5f88dd681e6e6f32f75

Download Submit
C:\Windows\System\nhusPEa.exe

Filesize
2.3MB

MD5
eee2b50c57fc96bb5a3e73f9b4863fc1

SHA1
6db7801f1fd3fd9d9a3acb950411baac9fe0aea5

SHA256
c49ea9d659631f604e6a98b5d49ec3afb953de8b43bbdffb283411beb1c7fd4e

SHA512
3123bda52d3ecdb95f717bd3aa9e03b1bb5b2277d0f40953532626c96ff9080f4aa662da8edeb0a775289d4a74cc756780f3ed28acd50526ac59944005e36d53

Download Submit
C:\Windows\System\qhJmFBy.exe

Filesize
2.4MB

MD5
1db3ad845bc62c37d93580445699d295

SHA1
74d3742229ba7a6e7d800f75ea25c5135d14dceb

SHA256
f3986b684948f098d45ec488b3e488e7be3c3559078ff78fcd82888243431db5

SHA512
d38f73a0888d157520275f99c9944a7ee2444c53564b04dd0db34c0abf16eae4b8f3a00b7b4c4b187938063dd654d2b8d84c580221f34935a8a6bcc6befd5d7d

Download Submit
C:\Windows\System\vchDQfu.exe

Filesize
2.3MB

MD5
c5a98b5ca4333ecf2e7ba5088d557922

SHA1
0dcb0a9baf2b0670ea35de27443905239f6abd54

SHA256
8c421d760841703556e14dc0a2a21f047918f2ad5f95f7870fb9684505fdd8d1

SHA512
ee05ac0560244411d70e4e0ace92ebcb2d3be28b3d2d99d81a89688ea44319c3accc71fe4c96d45f641f8a9b2bdef5a5e21d3d21e371e696535db4841781ffbf

Download Submit
C:\Windows\System\yECzZYP.exe

Filesize
2.4MB

MD5
4b8490bd1b2fa2a3d08d474140cb7e27

SHA1
7b9e8e9f5c8f507ae25605ea8c6557b2bc553b6b

SHA256
6240d22e23e16449f3a2cf7a3098efcf32e06102e3eb8a03855d185dfebfb0f1

SHA512
64305da1610b931bbf4e3b0ef364ee4ce440483714724728aff2e08ff0be30636c581172024d1308dfd61dc944e3d1a90690eb3b61bf5abecff13944d17393ee

Download Submit
C:\Windows\System\yVkHzcD.exe

Filesize
2.3MB

MD5
87d26d3867bdd6f5cae86e2b231959d0

SHA1
62bc894a379cf87cc6bff0c1a4bc7253f30cdb1e

SHA256
95701e776437913dcdb13e9c862246bd9517415d84252293daad32b51f8d27c8

SHA512
e010673ab791f73452b3bcd244f1b65a8dab1088274ce024546628318a0416f3e20fe889d134294341df32cdf2aea50aa9b33a87544448ad6458c121d5f1855a

Download Submit
memory/892-21-0x00007FF62CD30000-0x00007FF62D084000-memory.dmp

Filesize
3.3MB

Download
memory/892-2174-0x00007FF62CD30000-0x00007FF62D084000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2182-0x00007FF7BCDA0000-0x00007FF7BD0F4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-763-0x00007FF7BCDA0000-0x00007FF7BD0F4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-785-0x00007FF622A40000-0x00007FF622D94000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2198-0x00007FF622A40000-0x00007FF622D94000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2195-0x00007FF6760A0000-0x00007FF6763F4000-memory.dmp

Filesize
3.3MB

Download
memory/1464-794-0x00007FF6760A0000-0x00007FF6763F4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-739-0x00007FF739880000-0x00007FF739BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2180-0x00007FF739880000-0x00007FF739BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1896-797-0x00007FF73D7F0000-0x00007FF73DB44000-memory.dmp

Filesize
3.3MB

Download
memory/1896-2194-0x00007FF73D7F0000-0x00007FF73DB44000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2191-0x00007FF7DCDF0000-0x00007FF7DD144000-memory.dmp

Filesize
3.3MB

Download
memory/1916-798-0x00007FF7DCDF0000-0x00007FF7DD144000-memory.dmp

Filesize
3.3MB

Download
memory/2300-792-0x00007FF7B3340000-0x00007FF7B3694000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2192-0x00007FF7B3340000-0x00007FF7B3694000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2175-0x00007FF761200000-0x00007FF761554000-memory.dmp

Filesize
3.3MB

Download
memory/2368-738-0x00007FF761200000-0x00007FF761554000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2181-0x00007FF65E770000-0x00007FF65EAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-759-0x00007FF65E770000-0x00007FF65EAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-744-0x00007FF7A84D0000-0x00007FF7A8824000-memory.dmp

Filesize
3.3MB

Download
memory/2472-2184-0x00007FF7A84D0000-0x00007FF7A8824000-memory.dmp

Filesize
3.3MB

Download
memory/2488-773-0x00007FF7EF530000-0x00007FF7EF884000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2188-0x00007FF7EF530000-0x00007FF7EF884000-memory.dmp

Filesize
3.3MB

Download
memory/2524-805-0x00007FF7CBFF0000-0x00007FF7CC344000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2185-0x00007FF7CBFF0000-0x00007FF7CC344000-memory.dmp

Filesize
3.3MB

Download
memory/2592-789-0x00007FF743980000-0x00007FF743CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2199-0x00007FF743980000-0x00007FF743CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2171-0x00007FF777C90000-0x00007FF777FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-10-0x00007FF777C90000-0x00007FF777FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-740-0x00007FF7F7DC0000-0x00007FF7F8114000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2183-0x00007FF7F7DC0000-0x00007FF7F8114000-memory.dmp

Filesize
3.3MB

Download
memory/3112-793-0x00007FF701140000-0x00007FF701494000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2193-0x00007FF701140000-0x00007FF701494000-memory.dmp

Filesize
3.3MB

Download
memory/3324-2170-0x00007FF7EBDF0000-0x00007FF7EC144000-memory.dmp

Filesize
3.3MB

Download
memory/3324-20-0x00007FF7EBDF0000-0x00007FF7EC144000-memory.dmp

Filesize
3.3MB

Download
memory/3324-2172-0x00007FF7EBDF0000-0x00007FF7EC144000-memory.dmp

Filesize
3.3MB

Download
memory/3488-741-0x00007FF671DD0000-0x00007FF672124000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2176-0x00007FF671DD0000-0x00007FF672124000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2187-0x00007FF695240000-0x00007FF695594000-memory.dmp

Filesize
3.3MB

Download
memory/4032-772-0x00007FF695240000-0x00007FF695594000-memory.dmp

Filesize
3.3MB

Download
memory/4512-778-0x00007FF605150000-0x00007FF6054A4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2196-0x00007FF605150000-0x00007FF6054A4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-0-0x00007FF6F1A20000-0x00007FF6F1D74000-memory.dmp

Filesize
3.3MB

Download
memory/4524-1-0x00000259BCD10000-0x00000259BCD20000-memory.dmp

Filesize
64KB

Download
memory/4528-743-0x00007FF73A920000-0x00007FF73AC74000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2178-0x00007FF73A920000-0x00007FF73AC74000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2190-0x00007FF7893E0000-0x00007FF789734000-memory.dmp

Filesize
3.3MB

Download
memory/4616-790-0x00007FF7893E0000-0x00007FF789734000-memory.dmp

Filesize
3.3MB

Download
memory/4688-804-0x00007FF78F830000-0x00007FF78FB84000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2173-0x00007FF78F830000-0x00007FF78FB84000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2197-0x00007FF7849D0000-0x00007FF784D24000-memory.dmp

Filesize
3.3MB

Download
memory/4800-782-0x00007FF7849D0000-0x00007FF784D24000-memory.dmp

Filesize
3.3MB

Download
memory/4836-753-0x00007FF775D90000-0x00007FF7760E4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-2179-0x00007FF775D90000-0x00007FF7760E4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-737-0x00007FF703330000-0x00007FF703684000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2186-0x00007FF703330000-0x00007FF703684000-memory.dmp

Filesize
3.3MB

Download
memory/4892-742-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2177-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2189-0x00007FF66CA80000-0x00007FF66CDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-802-0x00007FF66CA80000-0x00007FF66CDD4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads