xmrig | f078571e2f7a4e8db78a224469c99fb74f10ede82b8e9b640730f34083facd1c

Analysis

max time kernel
113s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
Size

2.4MB
MD5

b5e08aae182fee2953b96ff1d02f2500
SHA1

ba30dfac2b051454d3d5a67e0638b6afe7e0747f
SHA256

f078571e2f7a4e8db78a224469c99fb74f10ede82b8e9b640730f34083facd1c
SHA512

744f822bd0f536c2eeb62b8934030c9cb2ddf50ccec8bac6819484e9a2f78e98aba4ec4eac1a70344ec7c48a494c67d74c40096ac8933207d83d758d353a86be
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Ax4ErWThi7JPaRuSE:BemTLkNdfE0pZrY

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/944-0-0x00007FF66BC80000-0x00007FF66BFD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-12.dat	xmrig
behavioral2/files/0x0007000000023412-19.dat	xmrig
behavioral2/files/0x0008000000023410-18.dat	xmrig
behavioral2/files/0x0007000000023415-29.dat	xmrig
behavioral2/files/0x0007000000023414-28.dat	xmrig
behavioral2/memory/1176-25-0x00007FF7C2B10000-0x00007FF7C2E64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-24.dat	xmrig
behavioral2/memory/436-21-0x00007FF6E6A50000-0x00007FF6E6DA4000-memory.dmp	xmrig
behavioral2/memory/2128-40-0x00007FF7D0BD0000-0x00007FF7D0F24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-50.dat	xmrig
behavioral2/files/0x0007000000023417-55.dat	xmrig
behavioral2/memory/4740-60-0x00007FF6611C0000-0x00007FF661514000-memory.dmp	xmrig
behavioral2/memory/2612-62-0x00007FF6C0BC0000-0x00007FF6C0F14000-memory.dmp	xmrig
behavioral2/memory/2072-61-0x00007FF7E8080000-0x00007FF7E83D4000-memory.dmp	xmrig
behavioral2/memory/208-59-0x00007FF6860E0000-0x00007FF686434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-53.dat	xmrig
behavioral2/memory/2264-52-0x00007FF6BBED0000-0x00007FF6BC224000-memory.dmp	xmrig
behavioral2/memory/2488-51-0x00007FF670B10000-0x00007FF670E64000-memory.dmp	xmrig
behavioral2/memory/3844-47-0x00007FF732850000-0x00007FF732BA4000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-6.dat	xmrig
behavioral2/files/0x0007000000023419-66.dat	xmrig
behavioral2/memory/2844-70-0x00007FF7B5D20000-0x00007FF7B6074000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-74.dat	xmrig
behavioral2/files/0x000900000002340a-76.dat	xmrig
behavioral2/memory/3952-79-0x00007FF6DA3A0000-0x00007FF6DA6F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-86.dat	xmrig
behavioral2/files/0x000700000002341e-102.dat	xmrig
behavioral2/files/0x0007000000023420-112.dat	xmrig
behavioral2/files/0x0007000000023424-128.dat	xmrig
behavioral2/files/0x000700000002342c-174.dat	xmrig
behavioral2/memory/5048-556-0x00007FF7FF8A0000-0x00007FF7FFBF4000-memory.dmp	xmrig
behavioral2/memory/3096-557-0x00007FF68FC40000-0x00007FF68FF94000-memory.dmp	xmrig
behavioral2/memory/3244-558-0x00007FF68B2E0000-0x00007FF68B634000-memory.dmp	xmrig
behavioral2/memory/4352-575-0x00007FF77E840000-0x00007FF77EB94000-memory.dmp	xmrig
behavioral2/memory/3172-593-0x00007FF6FE020000-0x00007FF6FE374000-memory.dmp	xmrig
behavioral2/memory/4920-596-0x00007FF777A30000-0x00007FF777D84000-memory.dmp	xmrig
behavioral2/memory/1840-610-0x00007FF61D3E0000-0x00007FF61D734000-memory.dmp	xmrig
behavioral2/memory/4944-627-0x00007FF669250000-0x00007FF6695A4000-memory.dmp	xmrig
behavioral2/memory/448-628-0x00007FF6A6DF0000-0x00007FF6A7144000-memory.dmp	xmrig
behavioral2/memory/4812-638-0x00007FF654D10000-0x00007FF655064000-memory.dmp	xmrig
behavioral2/memory/3764-634-0x00007FF688560000-0x00007FF6888B4000-memory.dmp	xmrig
behavioral2/memory/5108-587-0x00007FF7EDB80000-0x00007FF7EDED4000-memory.dmp	xmrig
behavioral2/memory/4220-586-0x00007FF78D910000-0x00007FF78DC64000-memory.dmp	xmrig
behavioral2/memory/4380-582-0x00007FF667D80000-0x00007FF6680D4000-memory.dmp	xmrig
behavioral2/memory/4716-569-0x00007FF793430000-0x00007FF793784000-memory.dmp	xmrig
behavioral2/memory/2880-565-0x00007FF770D50000-0x00007FF7710A4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-176.dat	xmrig
behavioral2/files/0x000700000002342d-171.dat	xmrig
behavioral2/files/0x000700000002342b-169.dat	xmrig
behavioral2/files/0x000700000002342a-162.dat	xmrig
behavioral2/files/0x0007000000023429-157.dat	xmrig
behavioral2/files/0x0007000000023428-149.dat	xmrig
behavioral2/files/0x0007000000023427-147.dat	xmrig
behavioral2/files/0x0007000000023426-142.dat	xmrig
behavioral2/files/0x0007000000023425-137.dat	xmrig
behavioral2/files/0x0007000000023423-126.dat	xmrig
behavioral2/files/0x0007000000023422-122.dat	xmrig
behavioral2/files/0x0007000000023421-117.dat	xmrig
behavioral2/files/0x000700000002341f-106.dat	xmrig
behavioral2/files/0x000700000002341d-97.dat	xmrig
behavioral2/files/0x000700000002341c-89.dat	xmrig
behavioral2/memory/1640-83-0x00007FF7D30D0000-0x00007FF7D3424000-memory.dmp	xmrig
behavioral2/memory/3844-2093-0x00007FF732850000-0x00007FF732BA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
436	YUehdLC.exe
208	JgCBReC.exe
1176	vsYfQYI.exe
2128	InJJvsp.exe
4740	BzlXCMJ.exe
2072	eIjPgOA.exe
3844	LmuHQLr.exe
2612	JMdHrpY.exe
2488	yPqzdXN.exe
2264	fPsXwUz.exe
2844	PKEbQGa.exe
3952	eiJCFhH.exe
1640	yIIkbtT.exe
5048	wdEXWkv.exe
4812	ezIQvhn.exe
3096	FZduzcN.exe
3244	HgiAtnH.exe
2880	jlViPJA.exe
4716	WJiVAzL.exe
4352	FrmIzPK.exe
4380	rJAPcFl.exe
4220	zaSLZvH.exe
5108	UCjwevf.exe
3172	yrzwjBe.exe
4920	HCjokZM.exe
1840	smEfDSv.exe
4944	cGGOiFg.exe
448	thxaCno.exe
3764	nSvQbLD.exe
792	eZWRumC.exe
2696	SqCCsyt.exe
556	GgwfTpQ.exe
64	zRaMsKh.exe
1932	VqWZSeJ.exe
388	xJqXhsp.exe
2440	OcDCRYZ.exe
2744	SlcgQJX.exe
1936	NjoSgWs.exe
3208	tuOkPki.exe
2976	RsEmPDR.exe
4052	SDsYDzY.exe
3164	nOnSPGd.exe
1136	rLRrIMd.exe
3908	DxNsPQH.exe
2344	oZcmcby.exe
1112	WwYzOVi.exe
392	nGRTCiZ.exe
3756	fSpJviv.exe
5088	APFCYzg.exe
4308	xYasnBD.exe
2600	HrqwHJh.exe
348	GIoTiIx.exe
1600	CPrcdnb.exe
2860	DwdgZHm.exe
3612	FWAzudD.exe
1200	WPkwVhN.exe
112	JEEguUj.exe
4372	JoeCcdA.exe
4996	hSuatWO.exe
2248	EWgAkxk.exe
1108	BPRrSTA.exe
1980	MQXXEwe.exe
3932	YzlTbjy.exe
2520	BxYOnga.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/944-0-0x00007FF66BC80000-0x00007FF66BFD4000-memory.dmp	upx
behavioral2/files/0x0007000000023411-12.dat	upx
behavioral2/files/0x0007000000023412-19.dat	upx
behavioral2/files/0x0008000000023410-18.dat	upx
behavioral2/files/0x0007000000023415-29.dat	upx
behavioral2/files/0x0007000000023414-28.dat	upx
behavioral2/memory/1176-25-0x00007FF7C2B10000-0x00007FF7C2E64000-memory.dmp	upx
behavioral2/files/0x0007000000023413-24.dat	upx
behavioral2/memory/436-21-0x00007FF6E6A50000-0x00007FF6E6DA4000-memory.dmp	upx
behavioral2/memory/2128-40-0x00007FF7D0BD0000-0x00007FF7D0F24000-memory.dmp	upx
behavioral2/files/0x0007000000023418-50.dat	upx
behavioral2/files/0x0007000000023417-55.dat	upx
behavioral2/memory/4740-60-0x00007FF6611C0000-0x00007FF661514000-memory.dmp	upx
behavioral2/memory/2612-62-0x00007FF6C0BC0000-0x00007FF6C0F14000-memory.dmp	upx
behavioral2/memory/2072-61-0x00007FF7E8080000-0x00007FF7E83D4000-memory.dmp	upx
behavioral2/memory/208-59-0x00007FF6860E0000-0x00007FF686434000-memory.dmp	upx
behavioral2/files/0x0007000000023416-53.dat	upx
behavioral2/memory/2264-52-0x00007FF6BBED0000-0x00007FF6BC224000-memory.dmp	upx
behavioral2/memory/2488-51-0x00007FF670B10000-0x00007FF670E64000-memory.dmp	upx
behavioral2/memory/3844-47-0x00007FF732850000-0x00007FF732BA4000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-6.dat	upx
behavioral2/files/0x0007000000023419-66.dat	upx
behavioral2/memory/2844-70-0x00007FF7B5D20000-0x00007FF7B6074000-memory.dmp	upx
behavioral2/files/0x000700000002341a-74.dat	upx
behavioral2/files/0x000900000002340a-76.dat	upx
behavioral2/memory/3952-79-0x00007FF6DA3A0000-0x00007FF6DA6F4000-memory.dmp	upx
behavioral2/files/0x000700000002341b-86.dat	upx
behavioral2/files/0x000700000002341e-102.dat	upx
behavioral2/files/0x0007000000023420-112.dat	upx
behavioral2/files/0x0007000000023424-128.dat	upx
behavioral2/files/0x000700000002342c-174.dat	upx
behavioral2/memory/5048-556-0x00007FF7FF8A0000-0x00007FF7FFBF4000-memory.dmp	upx
behavioral2/memory/3096-557-0x00007FF68FC40000-0x00007FF68FF94000-memory.dmp	upx
behavioral2/memory/3244-558-0x00007FF68B2E0000-0x00007FF68B634000-memory.dmp	upx
behavioral2/memory/4352-575-0x00007FF77E840000-0x00007FF77EB94000-memory.dmp	upx
behavioral2/memory/3172-593-0x00007FF6FE020000-0x00007FF6FE374000-memory.dmp	upx
behavioral2/memory/4920-596-0x00007FF777A30000-0x00007FF777D84000-memory.dmp	upx
behavioral2/memory/1840-610-0x00007FF61D3E0000-0x00007FF61D734000-memory.dmp	upx
behavioral2/memory/4944-627-0x00007FF669250000-0x00007FF6695A4000-memory.dmp	upx
behavioral2/memory/448-628-0x00007FF6A6DF0000-0x00007FF6A7144000-memory.dmp	upx
behavioral2/memory/4812-638-0x00007FF654D10000-0x00007FF655064000-memory.dmp	upx
behavioral2/memory/3764-634-0x00007FF688560000-0x00007FF6888B4000-memory.dmp	upx
behavioral2/memory/5108-587-0x00007FF7EDB80000-0x00007FF7EDED4000-memory.dmp	upx
behavioral2/memory/4220-586-0x00007FF78D910000-0x00007FF78DC64000-memory.dmp	upx
behavioral2/memory/4380-582-0x00007FF667D80000-0x00007FF6680D4000-memory.dmp	upx
behavioral2/memory/4716-569-0x00007FF793430000-0x00007FF793784000-memory.dmp	upx
behavioral2/memory/2880-565-0x00007FF770D50000-0x00007FF7710A4000-memory.dmp	upx
behavioral2/files/0x000700000002342e-176.dat	upx
behavioral2/files/0x000700000002342d-171.dat	upx
behavioral2/files/0x000700000002342b-169.dat	upx
behavioral2/files/0x000700000002342a-162.dat	upx
behavioral2/files/0x0007000000023429-157.dat	upx
behavioral2/files/0x0007000000023428-149.dat	upx
behavioral2/files/0x0007000000023427-147.dat	upx
behavioral2/files/0x0007000000023426-142.dat	upx
behavioral2/files/0x0007000000023425-137.dat	upx
behavioral2/files/0x0007000000023423-126.dat	upx
behavioral2/files/0x0007000000023422-122.dat	upx
behavioral2/files/0x0007000000023421-117.dat	upx
behavioral2/files/0x000700000002341f-106.dat	upx
behavioral2/files/0x000700000002341d-97.dat	upx
behavioral2/files/0x000700000002341c-89.dat	upx
behavioral2/memory/1640-83-0x00007FF7D30D0000-0x00007FF7D3424000-memory.dmp	upx
behavioral2/memory/3844-2093-0x00007FF732850000-0x00007FF732BA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dbdtyDV.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\KLXPOiS.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\UbXeqdA.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\imGOLgr.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\wNPwseq.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\DyishmF.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\HxgwHcS.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\neAfdDQ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\DfGjCSh.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\UjvbcVX.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\SqMJmvl.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\jsZwIvT.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\aRhDGml.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\VqWZSeJ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\MDXHjlj.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\WTVhjBl.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\eRUJGba.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\OjrQaJJ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\watgZZB.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\cAulAhJ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\VrFuiVq.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\szpbnDd.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\RfBRqMr.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\DCUcJZz.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\pTgfMLl.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\FcTPTZA.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\cHBneAM.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\QormyDr.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\fXBwdYf.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\iFjbYAO.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\YUehdLC.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\lZFjSDm.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\DJORKyJ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\enCLXHI.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\YySwpQf.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\ocKLWmt.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\fzFwKBe.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\GhBShsN.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\GGXyffs.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\HgiAtnH.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\GgwfTpQ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\AVtRKfv.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\DZeDMRe.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\YMDnoNF.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\rNsrflm.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\eSyFbJi.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\ZNnzRIa.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\YvAZWeb.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\mXmtdqJ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\EAOIciq.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\UBCruSe.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\ShCkbhX.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\lQvhsOc.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\AtHwLVG.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\nIKlHPl.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\UKrRhpE.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\nGRTCiZ.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\xvozXpP.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\GXhAwag.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\AgEOtDc.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\QCtNReT.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\zqMkKBU.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\MIbcuJi.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
File created	C:\Windows\System\ggUwWcE.exe	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2108	dwm.exe
Token: SeChangeNotifyPrivilege	2108	dwm.exe
Token: 33	2108	dwm.exe
Token: SeIncBasePriorityPrivilege	2108	dwm.exe
Token: SeShutdownPrivilege	2108	dwm.exe
Token: SeCreatePagefilePrivilege	2108	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 436	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	83
PID 944 wrote to memory of 436	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	83
PID 944 wrote to memory of 1176	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	84
PID 944 wrote to memory of 1176	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	84
PID 944 wrote to memory of 208	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	85
PID 944 wrote to memory of 208	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	85
PID 944 wrote to memory of 2128	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	86
PID 944 wrote to memory of 2128	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	86
PID 944 wrote to memory of 4740	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	87
PID 944 wrote to memory of 4740	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	87
PID 944 wrote to memory of 2072	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	88
PID 944 wrote to memory of 2072	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	88
PID 944 wrote to memory of 3844	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	89
PID 944 wrote to memory of 3844	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	89
PID 944 wrote to memory of 2612	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	90
PID 944 wrote to memory of 2612	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	90
PID 944 wrote to memory of 2488	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	91
PID 944 wrote to memory of 2488	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	91
PID 944 wrote to memory of 2264	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	92
PID 944 wrote to memory of 2264	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	92
PID 944 wrote to memory of 2844	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	93
PID 944 wrote to memory of 2844	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	93
PID 944 wrote to memory of 3952	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	94
PID 944 wrote to memory of 3952	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	94
PID 944 wrote to memory of 1640	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	96
PID 944 wrote to memory of 1640	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	96
PID 944 wrote to memory of 5048	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	97
PID 944 wrote to memory of 5048	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	97
PID 944 wrote to memory of 4812	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	98
PID 944 wrote to memory of 4812	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	98
PID 944 wrote to memory of 3096	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	99
PID 944 wrote to memory of 3096	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	99
PID 944 wrote to memory of 3244	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	100
PID 944 wrote to memory of 3244	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	100
PID 944 wrote to memory of 2880	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	101
PID 944 wrote to memory of 2880	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	101
PID 944 wrote to memory of 4716	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	102
PID 944 wrote to memory of 4716	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	102
PID 944 wrote to memory of 4352	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	103
PID 944 wrote to memory of 4352	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	103
PID 944 wrote to memory of 4380	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	104
PID 944 wrote to memory of 4380	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	104
PID 944 wrote to memory of 4220	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	105
PID 944 wrote to memory of 4220	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	105
PID 944 wrote to memory of 5108	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	106
PID 944 wrote to memory of 5108	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	106
PID 944 wrote to memory of 3172	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	107
PID 944 wrote to memory of 3172	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	107
PID 944 wrote to memory of 4920	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	108
PID 944 wrote to memory of 4920	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	108
PID 944 wrote to memory of 1840	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	109
PID 944 wrote to memory of 1840	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	109
PID 944 wrote to memory of 4944	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	110
PID 944 wrote to memory of 4944	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	110
PID 944 wrote to memory of 448	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	111
PID 944 wrote to memory of 448	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	111
PID 944 wrote to memory of 3764	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	112
PID 944 wrote to memory of 3764	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	112
PID 944 wrote to memory of 792	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	113
PID 944 wrote to memory of 792	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	113
PID 944 wrote to memory of 2696	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	114
PID 944 wrote to memory of 2696	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	114
PID 944 wrote to memory of 556	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	115
PID 944 wrote to memory of 556	944	b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b5e08aae182fee2953b96ff1d02f2500_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\System\YUehdLC.exe
  C:\Windows\System\YUehdLC.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\vsYfQYI.exe
  C:\Windows\System\vsYfQYI.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\JgCBReC.exe
  C:\Windows\System\JgCBReC.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\InJJvsp.exe
  C:\Windows\System\InJJvsp.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\BzlXCMJ.exe
  C:\Windows\System\BzlXCMJ.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\eIjPgOA.exe
  C:\Windows\System\eIjPgOA.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\LmuHQLr.exe
  C:\Windows\System\LmuHQLr.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\JMdHrpY.exe
  C:\Windows\System\JMdHrpY.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\yPqzdXN.exe
  C:\Windows\System\yPqzdXN.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\fPsXwUz.exe
  C:\Windows\System\fPsXwUz.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\PKEbQGa.exe
  C:\Windows\System\PKEbQGa.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\eiJCFhH.exe
  C:\Windows\System\eiJCFhH.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\yIIkbtT.exe
  C:\Windows\System\yIIkbtT.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\wdEXWkv.exe
  C:\Windows\System\wdEXWkv.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\ezIQvhn.exe
  C:\Windows\System\ezIQvhn.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\FZduzcN.exe
  C:\Windows\System\FZduzcN.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\HgiAtnH.exe
  C:\Windows\System\HgiAtnH.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\jlViPJA.exe
  C:\Windows\System\jlViPJA.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\WJiVAzL.exe
  C:\Windows\System\WJiVAzL.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\FrmIzPK.exe
  C:\Windows\System\FrmIzPK.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\rJAPcFl.exe
  C:\Windows\System\rJAPcFl.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\zaSLZvH.exe
  C:\Windows\System\zaSLZvH.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\UCjwevf.exe
  C:\Windows\System\UCjwevf.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\yrzwjBe.exe
  C:\Windows\System\yrzwjBe.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\HCjokZM.exe
  C:\Windows\System\HCjokZM.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\smEfDSv.exe
  C:\Windows\System\smEfDSv.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\cGGOiFg.exe
  C:\Windows\System\cGGOiFg.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\thxaCno.exe
  C:\Windows\System\thxaCno.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\nSvQbLD.exe
  C:\Windows\System\nSvQbLD.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\eZWRumC.exe
  C:\Windows\System\eZWRumC.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\SqCCsyt.exe
  C:\Windows\System\SqCCsyt.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\GgwfTpQ.exe
  C:\Windows\System\GgwfTpQ.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\zRaMsKh.exe
  C:\Windows\System\zRaMsKh.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\VqWZSeJ.exe
  C:\Windows\System\VqWZSeJ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\xJqXhsp.exe
  C:\Windows\System\xJqXhsp.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\OcDCRYZ.exe
  C:\Windows\System\OcDCRYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\SlcgQJX.exe
  C:\Windows\System\SlcgQJX.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\NjoSgWs.exe
  C:\Windows\System\NjoSgWs.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\tuOkPki.exe
  C:\Windows\System\tuOkPki.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\RsEmPDR.exe
  C:\Windows\System\RsEmPDR.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\SDsYDzY.exe
  C:\Windows\System\SDsYDzY.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\nOnSPGd.exe
  C:\Windows\System\nOnSPGd.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\rLRrIMd.exe
  C:\Windows\System\rLRrIMd.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\DxNsPQH.exe
  C:\Windows\System\DxNsPQH.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\oZcmcby.exe
  C:\Windows\System\oZcmcby.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\WwYzOVi.exe
  C:\Windows\System\WwYzOVi.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\nGRTCiZ.exe
  C:\Windows\System\nGRTCiZ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\fSpJviv.exe
  C:\Windows\System\fSpJviv.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\APFCYzg.exe
  C:\Windows\System\APFCYzg.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\xYasnBD.exe
  C:\Windows\System\xYasnBD.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\HrqwHJh.exe
  C:\Windows\System\HrqwHJh.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\GIoTiIx.exe
  C:\Windows\System\GIoTiIx.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\CPrcdnb.exe
  C:\Windows\System\CPrcdnb.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\DwdgZHm.exe
  C:\Windows\System\DwdgZHm.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\FWAzudD.exe
  C:\Windows\System\FWAzudD.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\WPkwVhN.exe
  C:\Windows\System\WPkwVhN.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\JEEguUj.exe
  C:\Windows\System\JEEguUj.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\JoeCcdA.exe
  C:\Windows\System\JoeCcdA.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\hSuatWO.exe
  C:\Windows\System\hSuatWO.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\EWgAkxk.exe
  C:\Windows\System\EWgAkxk.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\BPRrSTA.exe
  C:\Windows\System\BPRrSTA.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\MQXXEwe.exe
  C:\Windows\System\MQXXEwe.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\YzlTbjy.exe
  C:\Windows\System\YzlTbjy.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\BxYOnga.exe
  C:\Windows\System\BxYOnga.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\GMwUAIl.exe
  C:\Windows\System\GMwUAIl.exe
  2⤵
  PID:4676
- C:\Windows\System\YeXdhZE.exe
  C:\Windows\System\YeXdhZE.exe
  2⤵
  PID:2784
- C:\Windows\System\xoUrzou.exe
  C:\Windows\System\xoUrzou.exe
  2⤵
  PID:376
- C:\Windows\System\MDXHjlj.exe
  C:\Windows\System\MDXHjlj.exe
  2⤵
  PID:4892
- C:\Windows\System\HkvGqiS.exe
  C:\Windows\System\HkvGqiS.exe
  2⤵
  PID:1128
- C:\Windows\System\dRqaBJP.exe
  C:\Windows\System\dRqaBJP.exe
  2⤵
  PID:4088
- C:\Windows\System\dkfYRfq.exe
  C:\Windows\System\dkfYRfq.exe
  2⤵
  PID:5040
- C:\Windows\System\ZobZSoZ.exe
  C:\Windows\System\ZobZSoZ.exe
  2⤵
  PID:2728
- C:\Windows\System\AVtRKfv.exe
  C:\Windows\System\AVtRKfv.exe
  2⤵
  PID:3488
- C:\Windows\System\JplKgay.exe
  C:\Windows\System\JplKgay.exe
  2⤵
  PID:2800
- C:\Windows\System\iQGJDZl.exe
  C:\Windows\System\iQGJDZl.exe
  2⤵
  PID:3456
- C:\Windows\System\rPedxRs.exe
  C:\Windows\System\rPedxRs.exe
  2⤵
  PID:1952
- C:\Windows\System\rQJGKmP.exe
  C:\Windows\System\rQJGKmP.exe
  2⤵
  PID:1700
- C:\Windows\System\xvozXpP.exe
  C:\Windows\System\xvozXpP.exe
  2⤵
  PID:3212
- C:\Windows\System\KRdBLqz.exe
  C:\Windows\System\KRdBLqz.exe
  2⤵
  PID:1572
- C:\Windows\System\yusIKdc.exe
  C:\Windows\System\yusIKdc.exe
  2⤵
  PID:2324
- C:\Windows\System\jlytffq.exe
  C:\Windows\System\jlytffq.exe
  2⤵
  PID:656
- C:\Windows\System\tirvSYf.exe
  C:\Windows\System\tirvSYf.exe
  2⤵
  PID:1516
- C:\Windows\System\eihjixM.exe
  C:\Windows\System\eihjixM.exe
  2⤵
  PID:4760
- C:\Windows\System\pqVAfRR.exe
  C:\Windows\System\pqVAfRR.exe
  2⤵
  PID:1372
- C:\Windows\System\awoUtLB.exe
  C:\Windows\System\awoUtLB.exe
  2⤵
  PID:4852
- C:\Windows\System\qrETzIk.exe
  C:\Windows\System\qrETzIk.exe
  2⤵
  PID:1548
- C:\Windows\System\EqACNyf.exe
  C:\Windows\System\EqACNyf.exe
  2⤵
  PID:2056
- C:\Windows\System\YGDtQxG.exe
  C:\Windows\System\YGDtQxG.exe
  2⤵
  PID:4144
- C:\Windows\System\DZeDMRe.exe
  C:\Windows\System\DZeDMRe.exe
  2⤵
  PID:4888
- C:\Windows\System\tYhCazu.exe
  C:\Windows\System\tYhCazu.exe
  2⤵
  PID:3540
- C:\Windows\System\WtMFhaE.exe
  C:\Windows\System\WtMFhaE.exe
  2⤵
  PID:688
- C:\Windows\System\EAVvkPO.exe
  C:\Windows\System\EAVvkPO.exe
  2⤵
  PID:3888
- C:\Windows\System\iAjiByi.exe
  C:\Windows\System\iAjiByi.exe
  2⤵
  PID:4452
- C:\Windows\System\lZFjSDm.exe
  C:\Windows\System\lZFjSDm.exe
  2⤵
  PID:5124
- C:\Windows\System\fcxfqOg.exe
  C:\Windows\System\fcxfqOg.exe
  2⤵
  PID:5152
- C:\Windows\System\szpbnDd.exe
  C:\Windows\System\szpbnDd.exe
  2⤵
  PID:5180
- C:\Windows\System\SgfUVXw.exe
  C:\Windows\System\SgfUVXw.exe
  2⤵
  PID:5208
- C:\Windows\System\rMtHhhO.exe
  C:\Windows\System\rMtHhhO.exe
  2⤵
  PID:5236
- C:\Windows\System\OhItCIx.exe
  C:\Windows\System\OhItCIx.exe
  2⤵
  PID:5264
- C:\Windows\System\WSkvrhz.exe
  C:\Windows\System\WSkvrhz.exe
  2⤵
  PID:5292
- C:\Windows\System\YhDNMCn.exe
  C:\Windows\System\YhDNMCn.exe
  2⤵
  PID:5320
- C:\Windows\System\kveJWRX.exe
  C:\Windows\System\kveJWRX.exe
  2⤵
  PID:5348
- C:\Windows\System\plNnSuc.exe
  C:\Windows\System\plNnSuc.exe
  2⤵
  PID:5376
- C:\Windows\System\LgNFMHi.exe
  C:\Windows\System\LgNFMHi.exe
  2⤵
  PID:5404
- C:\Windows\System\GjZjAak.exe
  C:\Windows\System\GjZjAak.exe
  2⤵
  PID:5432
- C:\Windows\System\sWrcoYu.exe
  C:\Windows\System\sWrcoYu.exe
  2⤵
  PID:5460
- C:\Windows\System\CvlQPRr.exe
  C:\Windows\System\CvlQPRr.exe
  2⤵
  PID:5488
- C:\Windows\System\mIfxPyn.exe
  C:\Windows\System\mIfxPyn.exe
  2⤵
  PID:5516
- C:\Windows\System\OAgdaBX.exe
  C:\Windows\System\OAgdaBX.exe
  2⤵
  PID:5544
- C:\Windows\System\RfBRqMr.exe
  C:\Windows\System\RfBRqMr.exe
  2⤵
  PID:5572
- C:\Windows\System\faxsXLB.exe
  C:\Windows\System\faxsXLB.exe
  2⤵
  PID:5600
- C:\Windows\System\DJORKyJ.exe
  C:\Windows\System\DJORKyJ.exe
  2⤵
  PID:5628
- C:\Windows\System\MLDJzLv.exe
  C:\Windows\System\MLDJzLv.exe
  2⤵
  PID:5656
- C:\Windows\System\AlICcJw.exe
  C:\Windows\System\AlICcJw.exe
  2⤵
  PID:5684
- C:\Windows\System\UoNPokb.exe
  C:\Windows\System\UoNPokb.exe
  2⤵
  PID:5712
- C:\Windows\System\llJjgaM.exe
  C:\Windows\System\llJjgaM.exe
  2⤵
  PID:5740
- C:\Windows\System\oURvylm.exe
  C:\Windows\System\oURvylm.exe
  2⤵
  PID:5768
- C:\Windows\System\HINDAJr.exe
  C:\Windows\System\HINDAJr.exe
  2⤵
  PID:5796
- C:\Windows\System\oWWDRXV.exe
  C:\Windows\System\oWWDRXV.exe
  2⤵
  PID:5824
- C:\Windows\System\BWZywaW.exe
  C:\Windows\System\BWZywaW.exe
  2⤵
  PID:5852
- C:\Windows\System\IxstFqS.exe
  C:\Windows\System\IxstFqS.exe
  2⤵
  PID:5880
- C:\Windows\System\BEZgAVV.exe
  C:\Windows\System\BEZgAVV.exe
  2⤵
  PID:5908
- C:\Windows\System\SzZXcaV.exe
  C:\Windows\System\SzZXcaV.exe
  2⤵
  PID:5936
- C:\Windows\System\FKZLKbH.exe
  C:\Windows\System\FKZLKbH.exe
  2⤵
  PID:5964
- C:\Windows\System\VGlVval.exe
  C:\Windows\System\VGlVval.exe
  2⤵
  PID:5992
- C:\Windows\System\ZsPWTOX.exe
  C:\Windows\System\ZsPWTOX.exe
  2⤵
  PID:6020
- C:\Windows\System\BFLoarA.exe
  C:\Windows\System\BFLoarA.exe
  2⤵
  PID:6048
- C:\Windows\System\WevYjlO.exe
  C:\Windows\System\WevYjlO.exe
  2⤵
  PID:6076
- C:\Windows\System\CHzHbBE.exe
  C:\Windows\System\CHzHbBE.exe
  2⤵
  PID:6104
- C:\Windows\System\zBGPWJu.exe
  C:\Windows\System\zBGPWJu.exe
  2⤵
  PID:6132
- C:\Windows\System\UIqZyMD.exe
  C:\Windows\System\UIqZyMD.exe
  2⤵
  PID:4424
- C:\Windows\System\YJGPrfR.exe
  C:\Windows\System\YJGPrfR.exe
  2⤵
  PID:4396
- C:\Windows\System\MyNxKyJ.exe
  C:\Windows\System\MyNxKyJ.exe
  2⤵
  PID:1944
- C:\Windows\System\jkPwMnR.exe
  C:\Windows\System\jkPwMnR.exe
  2⤵
  PID:5140
- C:\Windows\System\EAOIciq.exe
  C:\Windows\System\EAOIciq.exe
  2⤵
  PID:5200
- C:\Windows\System\nQwlZpo.exe
  C:\Windows\System\nQwlZpo.exe
  2⤵
  PID:5276
- C:\Windows\System\KNGCOPc.exe
  C:\Windows\System\KNGCOPc.exe
  2⤵
  PID:5340
- C:\Windows\System\xSrOtXm.exe
  C:\Windows\System\xSrOtXm.exe
  2⤵
  PID:5396
- C:\Windows\System\AjcJrVn.exe
  C:\Windows\System\AjcJrVn.exe
  2⤵
  PID:5476
- C:\Windows\System\wTRgUlW.exe
  C:\Windows\System\wTRgUlW.exe
  2⤵
  PID:5532
- C:\Windows\System\WTVhjBl.exe
  C:\Windows\System\WTVhjBl.exe
  2⤵
  PID:5592
- C:\Windows\System\ajlbvpL.exe
  C:\Windows\System\ajlbvpL.exe
  2⤵
  PID:5668
- C:\Windows\System\eRUJGba.exe
  C:\Windows\System\eRUJGba.exe
  2⤵
  PID:5728
- C:\Windows\System\SLvuEAZ.exe
  C:\Windows\System\SLvuEAZ.exe
  2⤵
  PID:5788
- C:\Windows\System\YnEYXzQ.exe
  C:\Windows\System\YnEYXzQ.exe
  2⤵
  PID:5864
- C:\Windows\System\OEtNJpE.exe
  C:\Windows\System\OEtNJpE.exe
  2⤵
  PID:5900
- C:\Windows\System\UzsjlNL.exe
  C:\Windows\System\UzsjlNL.exe
  2⤵
  PID:5976
- C:\Windows\System\QWpsyTX.exe
  C:\Windows\System\QWpsyTX.exe
  2⤵
  PID:6036
- C:\Windows\System\owQSaEu.exe
  C:\Windows\System\owQSaEu.exe
  2⤵
  PID:6096
- C:\Windows\System\uzOhwie.exe
  C:\Windows\System\uzOhwie.exe
  2⤵
  PID:5080
- C:\Windows\System\RrGAmaC.exe
  C:\Windows\System\RrGAmaC.exe
  2⤵
  PID:548
- C:\Windows\System\IlsQWUk.exe
  C:\Windows\System\IlsQWUk.exe
  2⤵
  PID:5228
- C:\Windows\System\cDCyuZf.exe
  C:\Windows\System\cDCyuZf.exe
  2⤵
  PID:5364
- C:\Windows\System\UBCruSe.exe
  C:\Windows\System\UBCruSe.exe
  2⤵
  PID:5444
- C:\Windows\System\bMulspt.exe
  C:\Windows\System\bMulspt.exe
  2⤵
  PID:5584
- C:\Windows\System\YRUjtjL.exe
  C:\Windows\System\YRUjtjL.exe
  2⤵
  PID:5724
- C:\Windows\System\qvOQQyn.exe
  C:\Windows\System\qvOQQyn.exe
  2⤵
  PID:5840
- C:\Windows\System\EqGsUze.exe
  C:\Windows\System\EqGsUze.exe
  2⤵
  PID:5956
- C:\Windows\System\MBzAyWy.exe
  C:\Windows\System\MBzAyWy.exe
  2⤵
  PID:4660
- C:\Windows\System\waabLKM.exe
  C:\Windows\System\waabLKM.exe
  2⤵
  PID:4484
- C:\Windows\System\KZBGpcT.exe
  C:\Windows\System\KZBGpcT.exe
  2⤵
  PID:5528
- C:\Windows\System\nHYqgeB.exe
  C:\Windows\System\nHYqgeB.exe
  2⤵
  PID:6068
- C:\Windows\System\ShCkbhX.exe
  C:\Windows\System\ShCkbhX.exe
  2⤵
  PID:3144
- C:\Windows\System\DHubsqV.exe
  C:\Windows\System\DHubsqV.exe
  2⤵
  PID:4008
- C:\Windows\System\YMDnoNF.exe
  C:\Windows\System\YMDnoNF.exe
  2⤵
  PID:2288
- C:\Windows\System\TdhTGDV.exe
  C:\Windows\System\TdhTGDV.exe
  2⤵
  PID:8
- C:\Windows\System\yCMQgUZ.exe
  C:\Windows\System\yCMQgUZ.exe
  2⤵
  PID:808
- C:\Windows\System\CILtyli.exe
  C:\Windows\System\CILtyli.exe
  2⤵
  PID:1000
- C:\Windows\System\bszNHIH.exe
  C:\Windows\System\bszNHIH.exe
  2⤵
  PID:6148
- C:\Windows\System\IdBrpvJ.exe
  C:\Windows\System\IdBrpvJ.exe
  2⤵
  PID:6196
- C:\Windows\System\PskyktD.exe
  C:\Windows\System\PskyktD.exe
  2⤵
  PID:6216
- C:\Windows\System\KYPhckW.exe
  C:\Windows\System\KYPhckW.exe
  2⤵
  PID:6232
- C:\Windows\System\aEkxRRJ.exe
  C:\Windows\System\aEkxRRJ.exe
  2⤵
  PID:6316
- C:\Windows\System\MUHFpWl.exe
  C:\Windows\System\MUHFpWl.exe
  2⤵
  PID:6332
- C:\Windows\System\nBTbfws.exe
  C:\Windows\System\nBTbfws.exe
  2⤵
  PID:6400
- C:\Windows\System\CADWtwo.exe
  C:\Windows\System\CADWtwo.exe
  2⤵
  PID:6436
- C:\Windows\System\ZhIoRTR.exe
  C:\Windows\System\ZhIoRTR.exe
  2⤵
  PID:6452
- C:\Windows\System\uuWkaAV.exe
  C:\Windows\System\uuWkaAV.exe
  2⤵
  PID:6480
- C:\Windows\System\DCUcJZz.exe
  C:\Windows\System\DCUcJZz.exe
  2⤵
  PID:6508
- C:\Windows\System\FxIGUQO.exe
  C:\Windows\System\FxIGUQO.exe
  2⤵
  PID:6552
- C:\Windows\System\FSiHoUa.exe
  C:\Windows\System\FSiHoUa.exe
  2⤵
  PID:6568
- C:\Windows\System\XfDSOWA.exe
  C:\Windows\System\XfDSOWA.exe
  2⤵
  PID:6592
- C:\Windows\System\jNdKOZm.exe
  C:\Windows\System\jNdKOZm.exe
  2⤵
  PID:6616
- C:\Windows\System\vCtVsSZ.exe
  C:\Windows\System\vCtVsSZ.exe
  2⤵
  PID:6668
- C:\Windows\System\LcFdHlZ.exe
  C:\Windows\System\LcFdHlZ.exe
  2⤵
  PID:6732
- C:\Windows\System\EDUjJnJ.exe
  C:\Windows\System\EDUjJnJ.exe
  2⤵
  PID:6760
- C:\Windows\System\uQFFPwB.exe
  C:\Windows\System\uQFFPwB.exe
  2⤵
  PID:6820
- C:\Windows\System\nMNUida.exe
  C:\Windows\System\nMNUida.exe
  2⤵
  PID:6848
- C:\Windows\System\PAIsoQb.exe
  C:\Windows\System\PAIsoQb.exe
  2⤵
  PID:6864
- C:\Windows\System\KjhZgpx.exe
  C:\Windows\System\KjhZgpx.exe
  2⤵
  PID:6884
- C:\Windows\System\rknYLDy.exe
  C:\Windows\System\rknYLDy.exe
  2⤵
  PID:6928
- C:\Windows\System\enCLXHI.exe
  C:\Windows\System\enCLXHI.exe
  2⤵
  PID:6948
- C:\Windows\System\ijEhAuj.exe
  C:\Windows\System\ijEhAuj.exe
  2⤵
  PID:6984
- C:\Windows\System\pTgfMLl.exe
  C:\Windows\System\pTgfMLl.exe
  2⤵
  PID:7004
- C:\Windows\System\lgndlDu.exe
  C:\Windows\System\lgndlDu.exe
  2⤵
  PID:7040
- C:\Windows\System\ZNnzRIa.exe
  C:\Windows\System\ZNnzRIa.exe
  2⤵
  PID:7060
- C:\Windows\System\skWKnwm.exe
  C:\Windows\System\skWKnwm.exe
  2⤵
  PID:7088
- C:\Windows\System\HpRNZhX.exe
  C:\Windows\System\HpRNZhX.exe
  2⤵
  PID:7128
- C:\Windows\System\AOrntaV.exe
  C:\Windows\System\AOrntaV.exe
  2⤵
  PID:7156
- C:\Windows\System\IYphVMQ.exe
  C:\Windows\System\IYphVMQ.exe
  2⤵
  PID:2104
- C:\Windows\System\CoFKVMp.exe
  C:\Windows\System\CoFKVMp.exe
  2⤵
  PID:6180
- C:\Windows\System\FcTPTZA.exe
  C:\Windows\System\FcTPTZA.exe
  2⤵
  PID:6276
- C:\Windows\System\VSNJUEl.exe
  C:\Windows\System\VSNJUEl.exe
  2⤵
  PID:6340
- C:\Windows\System\iEiBVxb.exe
  C:\Windows\System\iEiBVxb.exe
  2⤵
  PID:6464
- C:\Windows\System\IeVuAus.exe
  C:\Windows\System\IeVuAus.exe
  2⤵
  PID:6500
- C:\Windows\System\AZUFtGS.exe
  C:\Windows\System\AZUFtGS.exe
  2⤵
  PID:3236
- C:\Windows\System\XvlUvkJ.exe
  C:\Windows\System\XvlUvkJ.exe
  2⤵
  PID:6536
- C:\Windows\System\IIiFspb.exe
  C:\Windows\System\IIiFspb.exe
  2⤵
  PID:6628
- C:\Windows\System\hhXjVXZ.exe
  C:\Windows\System\hhXjVXZ.exe
  2⤵
  PID:6344
- C:\Windows\System\tRrUdNj.exe
  C:\Windows\System\tRrUdNj.exe
  2⤵
  PID:6176
- C:\Windows\System\BMbgEnv.exe
  C:\Windows\System\BMbgEnv.exe
  2⤵
  PID:6752
- C:\Windows\System\oRGecqh.exe
  C:\Windows\System\oRGecqh.exe
  2⤵
  PID:6816
- C:\Windows\System\cEPcEWV.exe
  C:\Windows\System\cEPcEWV.exe
  2⤵
  PID:6892
- C:\Windows\System\bkTwLXG.exe
  C:\Windows\System\bkTwLXG.exe
  2⤵
  PID:6960
- C:\Windows\System\rPeNGqV.exe
  C:\Windows\System\rPeNGqV.exe
  2⤵
  PID:7052
- C:\Windows\System\Owsgwgc.exe
  C:\Windows\System\Owsgwgc.exe
  2⤵
  PID:7112
- C:\Windows\System\GXhAwag.exe
  C:\Windows\System\GXhAwag.exe
  2⤵
  PID:7144
- C:\Windows\System\uDboLnl.exe
  C:\Windows\System\uDboLnl.exe
  2⤵
  PID:4004
- C:\Windows\System\CDztEeV.exe
  C:\Windows\System\CDztEeV.exe
  2⤵
  PID:6432
- C:\Windows\System\AgEOtDc.exe
  C:\Windows\System\AgEOtDc.exe
  2⤵
  PID:4168
- C:\Windows\System\upNIfZa.exe
  C:\Windows\System\upNIfZa.exe
  2⤵
  PID:6656
- C:\Windows\System\cidcxYN.exe
  C:\Windows\System\cidcxYN.exe
  2⤵
  PID:2748
- C:\Windows\System\yTKsZCY.exe
  C:\Windows\System\yTKsZCY.exe
  2⤵
  PID:6860
- C:\Windows\System\btTBbkZ.exe
  C:\Windows\System\btTBbkZ.exe
  2⤵
  PID:7048
- C:\Windows\System\ypFXHme.exe
  C:\Windows\System\ypFXHme.exe
  2⤵
  PID:4428
- C:\Windows\System\XFHDslN.exe
  C:\Windows\System\XFHDslN.exe
  2⤵
  PID:5508
- C:\Windows\System\JFToMtj.exe
  C:\Windows\System\JFToMtj.exe
  2⤵
  PID:6548
- C:\Windows\System\MXaXnoy.exe
  C:\Windows\System\MXaXnoy.exe
  2⤵
  PID:7120
- C:\Windows\System\nceidWA.exe
  C:\Windows\System\nceidWA.exe
  2⤵
  PID:6612
- C:\Windows\System\HJWbxmv.exe
  C:\Windows\System\HJWbxmv.exe
  2⤵
  PID:6416
- C:\Windows\System\wpmFlGJ.exe
  C:\Windows\System\wpmFlGJ.exe
  2⤵
  PID:7180
- C:\Windows\System\pMMOQpz.exe
  C:\Windows\System\pMMOQpz.exe
  2⤵
  PID:7208
- C:\Windows\System\NsiPVvW.exe
  C:\Windows\System\NsiPVvW.exe
  2⤵
  PID:7236
- C:\Windows\System\rNsrflm.exe
  C:\Windows\System\rNsrflm.exe
  2⤵
  PID:7260
- C:\Windows\System\TOPadCx.exe
  C:\Windows\System\TOPadCx.exe
  2⤵
  PID:7284
- C:\Windows\System\unJgVCt.exe
  C:\Windows\System\unJgVCt.exe
  2⤵
  PID:7308
- C:\Windows\System\pLgSEjp.exe
  C:\Windows\System\pLgSEjp.exe
  2⤵
  PID:7352
- C:\Windows\System\sbHVDxu.exe
  C:\Windows\System\sbHVDxu.exe
  2⤵
  PID:7380
- C:\Windows\System\IeemNNj.exe
  C:\Windows\System\IeemNNj.exe
  2⤵
  PID:7408
- C:\Windows\System\znQoRIB.exe
  C:\Windows\System\znQoRIB.exe
  2⤵
  PID:7428
- C:\Windows\System\nhantfK.exe
  C:\Windows\System\nhantfK.exe
  2⤵
  PID:7452
- C:\Windows\System\rYvAMBh.exe
  C:\Windows\System\rYvAMBh.exe
  2⤵
  PID:7492
- C:\Windows\System\WfmJPUA.exe
  C:\Windows\System\WfmJPUA.exe
  2⤵
  PID:7524
- C:\Windows\System\yaQMDfE.exe
  C:\Windows\System\yaQMDfE.exe
  2⤵
  PID:7564
- C:\Windows\System\pAXxaGn.exe
  C:\Windows\System\pAXxaGn.exe
  2⤵
  PID:7596
- C:\Windows\System\UrGTjwp.exe
  C:\Windows\System\UrGTjwp.exe
  2⤵
  PID:7624
- C:\Windows\System\HhRsZjm.exe
  C:\Windows\System\HhRsZjm.exe
  2⤵
  PID:7652
- C:\Windows\System\vFMtZUl.exe
  C:\Windows\System\vFMtZUl.exe
  2⤵
  PID:7680
- C:\Windows\System\HtQFUIw.exe
  C:\Windows\System\HtQFUIw.exe
  2⤵
  PID:7708
- C:\Windows\System\pvSnqrW.exe
  C:\Windows\System\pvSnqrW.exe
  2⤵
  PID:7736
- C:\Windows\System\YtYNbNj.exe
  C:\Windows\System\YtYNbNj.exe
  2⤵
  PID:7768
- C:\Windows\System\iImJKvd.exe
  C:\Windows\System\iImJKvd.exe
  2⤵
  PID:7792
- C:\Windows\System\nvLkZEy.exe
  C:\Windows\System\nvLkZEy.exe
  2⤵
  PID:7808
- C:\Windows\System\trEXBwy.exe
  C:\Windows\System\trEXBwy.exe
  2⤵
  PID:7836
- C:\Windows\System\daJYzHE.exe
  C:\Windows\System\daJYzHE.exe
  2⤵
  PID:7880
- C:\Windows\System\scsrwUn.exe
  C:\Windows\System\scsrwUn.exe
  2⤵
  PID:7904
- C:\Windows\System\mGCyIHe.exe
  C:\Windows\System\mGCyIHe.exe
  2⤵
  PID:7920
- C:\Windows\System\JJbgOMy.exe
  C:\Windows\System\JJbgOMy.exe
  2⤵
  PID:7956
- C:\Windows\System\RhJiNgm.exe
  C:\Windows\System\RhJiNgm.exe
  2⤵
  PID:7980
- C:\Windows\System\bMmGqSD.exe
  C:\Windows\System\bMmGqSD.exe
  2⤵
  PID:8016
- C:\Windows\System\KaPPsYj.exe
  C:\Windows\System\KaPPsYj.exe
  2⤵
  PID:8044
- C:\Windows\System\zdhSakp.exe
  C:\Windows\System\zdhSakp.exe
  2⤵
  PID:8064
- C:\Windows\System\QCtNReT.exe
  C:\Windows\System\QCtNReT.exe
  2⤵
  PID:8096
- C:\Windows\System\kkeDqBW.exe
  C:\Windows\System\kkeDqBW.exe
  2⤵
  PID:8116
- C:\Windows\System\OgCdyJq.exe
  C:\Windows\System\OgCdyJq.exe
  2⤵
  PID:8132
- C:\Windows\System\fhUNNqL.exe
  C:\Windows\System\fhUNNqL.exe
  2⤵
  PID:8172
- C:\Windows\System\omqXtwq.exe
  C:\Windows\System\omqXtwq.exe
  2⤵
  PID:7192
- C:\Windows\System\VMQyJxL.exe
  C:\Windows\System\VMQyJxL.exe
  2⤵
  PID:7232
- C:\Windows\System\EaZrqhF.exe
  C:\Windows\System\EaZrqhF.exe
  2⤵
  PID:7328
- C:\Windows\System\GRpzCrd.exe
  C:\Windows\System\GRpzCrd.exe
  2⤵
  PID:7372
- C:\Windows\System\UbXeqdA.exe
  C:\Windows\System\UbXeqdA.exe
  2⤵
  PID:7476
- C:\Windows\System\dVImAJP.exe
  C:\Windows\System\dVImAJP.exe
  2⤵
  PID:7560
- C:\Windows\System\zgMQHzz.exe
  C:\Windows\System\zgMQHzz.exe
  2⤵
  PID:7616
- C:\Windows\System\jOQUOzz.exe
  C:\Windows\System\jOQUOzz.exe
  2⤵
  PID:7664
- C:\Windows\System\hGRGUfl.exe
  C:\Windows\System\hGRGUfl.exe
  2⤵
  PID:7748
- C:\Windows\System\BeCUgwj.exe
  C:\Windows\System\BeCUgwj.exe
  2⤵
  PID:7820
- C:\Windows\System\XzesfHh.exe
  C:\Windows\System\XzesfHh.exe
  2⤵
  PID:7856
- C:\Windows\System\oAdJdhL.exe
  C:\Windows\System\oAdJdhL.exe
  2⤵
  PID:7916
- C:\Windows\System\ZsXFlmf.exe
  C:\Windows\System\ZsXFlmf.exe
  2⤵
  PID:8004
- C:\Windows\System\goDpbzB.exe
  C:\Windows\System\goDpbzB.exe
  2⤵
  PID:8076
- C:\Windows\System\gqFkAet.exe
  C:\Windows\System\gqFkAet.exe
  2⤵
  PID:8112
- C:\Windows\System\rATXRac.exe
  C:\Windows\System\rATXRac.exe
  2⤵
  PID:7204
- C:\Windows\System\UKUcoBh.exe
  C:\Windows\System\UKUcoBh.exe
  2⤵
  PID:7376
- C:\Windows\System\BxyJord.exe
  C:\Windows\System\BxyJord.exe
  2⤵
  PID:7512
- C:\Windows\System\cgAVzlb.exe
  C:\Windows\System\cgAVzlb.exe
  2⤵
  PID:7644
- C:\Windows\System\tABgIRX.exe
  C:\Windows\System\tABgIRX.exe
  2⤵
  PID:7832
- C:\Windows\System\tQiLGSS.exe
  C:\Windows\System\tQiLGSS.exe
  2⤵
  PID:8000
- C:\Windows\System\JwvgZQX.exe
  C:\Windows\System\JwvgZQX.exe
  2⤵
  PID:8104
- C:\Windows\System\vXCEEzE.exe
  C:\Windows\System\vXCEEzE.exe
  2⤵
  PID:7360
- C:\Windows\System\ogdgNSG.exe
  C:\Windows\System\ogdgNSG.exe
  2⤵
  PID:7364
- C:\Windows\System\CWkqTTk.exe
  C:\Windows\System\CWkqTTk.exe
  2⤵
  PID:7704
- C:\Windows\System\ukQBFVO.exe
  C:\Windows\System\ukQBFVO.exe
  2⤵
  PID:6364
- C:\Windows\System\FwduPhJ.exe
  C:\Windows\System\FwduPhJ.exe
  2⤵
  PID:8208
- C:\Windows\System\PEMDrME.exe
  C:\Windows\System\PEMDrME.exe
  2⤵
  PID:8228
- C:\Windows\System\HehktwS.exe
  C:\Windows\System\HehktwS.exe
  2⤵
  PID:8264
- C:\Windows\System\KIwwrrt.exe
  C:\Windows\System\KIwwrrt.exe
  2⤵
  PID:8292
- C:\Windows\System\zqMkKBU.exe
  C:\Windows\System\zqMkKBU.exe
  2⤵
  PID:8312
- C:\Windows\System\ApaEilY.exe
  C:\Windows\System\ApaEilY.exe
  2⤵
  PID:8344
- C:\Windows\System\JreSemk.exe
  C:\Windows\System\JreSemk.exe
  2⤵
  PID:8376
- C:\Windows\System\jowuYBj.exe
  C:\Windows\System\jowuYBj.exe
  2⤵
  PID:8404
- C:\Windows\System\jbcswHn.exe
  C:\Windows\System\jbcswHn.exe
  2⤵
  PID:8432
- C:\Windows\System\hYtEzcG.exe
  C:\Windows\System\hYtEzcG.exe
  2⤵
  PID:8452
- C:\Windows\System\GuXIiOZ.exe
  C:\Windows\System\GuXIiOZ.exe
  2⤵
  PID:8480
- C:\Windows\System\neAfdDQ.exe
  C:\Windows\System\neAfdDQ.exe
  2⤵
  PID:8504
- C:\Windows\System\xcOsPkv.exe
  C:\Windows\System\xcOsPkv.exe
  2⤵
  PID:8544
- C:\Windows\System\uRkpjLG.exe
  C:\Windows\System\uRkpjLG.exe
  2⤵
  PID:8588
- C:\Windows\System\jEYgdBS.exe
  C:\Windows\System\jEYgdBS.exe
  2⤵
  PID:8604
- C:\Windows\System\jCGeZNC.exe
  C:\Windows\System\jCGeZNC.exe
  2⤵
  PID:8632
- C:\Windows\System\zCEnRuu.exe
  C:\Windows\System\zCEnRuu.exe
  2⤵
  PID:8652
- C:\Windows\System\uefMaKd.exe
  C:\Windows\System\uefMaKd.exe
  2⤵
  PID:8676
- C:\Windows\System\cwIiTtz.exe
  C:\Windows\System\cwIiTtz.exe
  2⤵
  PID:8716
- C:\Windows\System\OoEfijn.exe
  C:\Windows\System\OoEfijn.exe
  2⤵
  PID:8744
- C:\Windows\System\jttzrWe.exe
  C:\Windows\System\jttzrWe.exe
  2⤵
  PID:8772
- C:\Windows\System\prgwzhg.exe
  C:\Windows\System\prgwzhg.exe
  2⤵
  PID:8808
- C:\Windows\System\ZzbRgHH.exe
  C:\Windows\System\ZzbRgHH.exe
  2⤵
  PID:8828
- C:\Windows\System\hrItbKX.exe
  C:\Windows\System\hrItbKX.exe
  2⤵
  PID:8844
- C:\Windows\System\HVdebhv.exe
  C:\Windows\System\HVdebhv.exe
  2⤵
  PID:8868
- C:\Windows\System\cqVYvTq.exe
  C:\Windows\System\cqVYvTq.exe
  2⤵
  PID:8912
- C:\Windows\System\MKYuCLe.exe
  C:\Windows\System\MKYuCLe.exe
  2⤵
  PID:8948
- C:\Windows\System\ZNqxKnk.exe
  C:\Windows\System\ZNqxKnk.exe
  2⤵
  PID:8968
- C:\Windows\System\jDzeaVU.exe
  C:\Windows\System\jDzeaVU.exe
  2⤵
  PID:8996
- C:\Windows\System\IYoChiR.exe
  C:\Windows\System\IYoChiR.exe
  2⤵
  PID:9012
- C:\Windows\System\IhCYlKg.exe
  C:\Windows\System\IhCYlKg.exe
  2⤵
  PID:9052
- C:\Windows\System\xwbsljw.exe
  C:\Windows\System\xwbsljw.exe
  2⤵
  PID:9080
- C:\Windows\System\nAzSqKv.exe
  C:\Windows\System\nAzSqKv.exe
  2⤵
  PID:9108
- C:\Windows\System\EOGxYPC.exe
  C:\Windows\System\EOGxYPC.exe
  2⤵
  PID:9136
- C:\Windows\System\FctGUuR.exe
  C:\Windows\System\FctGUuR.exe
  2⤵
  PID:9164
- C:\Windows\System\mhmincB.exe
  C:\Windows\System\mhmincB.exe
  2⤵
  PID:9192
- C:\Windows\System\yPMLKZG.exe
  C:\Windows\System\yPMLKZG.exe
  2⤵
  PID:9212
- C:\Windows\System\PjolwhE.exe
  C:\Windows\System\PjolwhE.exe
  2⤵
  PID:8216
- C:\Windows\System\ehjeDDU.exe
  C:\Windows\System\ehjeDDU.exe
  2⤵
  PID:8320
- C:\Windows\System\cuYpXmA.exe
  C:\Windows\System\cuYpXmA.exe
  2⤵
  PID:8368
- C:\Windows\System\bSwGMOo.exe
  C:\Windows\System\bSwGMOo.exe
  2⤵
  PID:8460
- C:\Windows\System\FQDzKoT.exe
  C:\Windows\System\FQDzKoT.exe
  2⤵
  PID:8532
- C:\Windows\System\qliHlrS.exe
  C:\Windows\System\qliHlrS.exe
  2⤵
  PID:8552
- C:\Windows\System\oSiHxCI.exe
  C:\Windows\System\oSiHxCI.exe
  2⤵
  PID:8596
- C:\Windows\System\xljFjIU.exe
  C:\Windows\System\xljFjIU.exe
  2⤵
  PID:8660
- C:\Windows\System\sgQufHx.exe
  C:\Windows\System\sgQufHx.exe
  2⤵
  PID:8728
- C:\Windows\System\brDmxWw.exe
  C:\Windows\System\brDmxWw.exe
  2⤵
  PID:8792
- C:\Windows\System\nIKlHPl.exe
  C:\Windows\System\nIKlHPl.exe
  2⤵
  PID:8864
- C:\Windows\System\JHgKOqH.exe
  C:\Windows\System\JHgKOqH.exe
  2⤵
  PID:8896
- C:\Windows\System\GuNtebv.exe
  C:\Windows\System\GuNtebv.exe
  2⤵
  PID:8988
- C:\Windows\System\sgjoHSx.exe
  C:\Windows\System\sgjoHSx.exe
  2⤵
  PID:9048
- C:\Windows\System\IvyffIQ.exe
  C:\Windows\System\IvyffIQ.exe
  2⤵
  PID:9124
- C:\Windows\System\SimIWPV.exe
  C:\Windows\System\SimIWPV.exe
  2⤵
  PID:9200
- C:\Windows\System\aqjXvcu.exe
  C:\Windows\System\aqjXvcu.exe
  2⤵
  PID:8200
- C:\Windows\System\gOsLNSs.exe
  C:\Windows\System\gOsLNSs.exe
  2⤵
  PID:8360
- C:\Windows\System\GhBShsN.exe
  C:\Windows\System\GhBShsN.exe
  2⤵
  PID:8496
- C:\Windows\System\srqnnYk.exe
  C:\Windows\System\srqnnYk.exe
  2⤵
  PID:8644
- C:\Windows\System\ewyaqOW.exe
  C:\Windows\System\ewyaqOW.exe
  2⤵
  PID:8788
- C:\Windows\System\YvAZWeb.exe
  C:\Windows\System\YvAZWeb.exe
  2⤵
  PID:8892
- C:\Windows\System\ZnbbvSD.exe
  C:\Windows\System\ZnbbvSD.exe
  2⤵
  PID:9120
- C:\Windows\System\UHhrkVG.exe
  C:\Windows\System\UHhrkVG.exe
  2⤵
  PID:8248
- C:\Windows\System\AKCrveS.exe
  C:\Windows\System\AKCrveS.exe
  2⤵
  PID:8516
- C:\Windows\System\yeRElPD.exe
  C:\Windows\System\yeRElPD.exe
  2⤵
  PID:8888
- C:\Windows\System\lPXjtnL.exe
  C:\Windows\System\lPXjtnL.exe
  2⤵
  PID:9184
- C:\Windows\System\hwbABTD.exe
  C:\Windows\System\hwbABTD.exe
  2⤵
  PID:8696
- C:\Windows\System\MExabfp.exe
  C:\Windows\System\MExabfp.exe
  2⤵
  PID:8252
- C:\Windows\System\GFFXLaa.exe
  C:\Windows\System\GFFXLaa.exe
  2⤵
  PID:9220
- C:\Windows\System\GVUXzki.exe
  C:\Windows\System\GVUXzki.exe
  2⤵
  PID:9240
- C:\Windows\System\SpeDJYy.exe
  C:\Windows\System\SpeDJYy.exe
  2⤵
  PID:9280
- C:\Windows\System\ExYilvM.exe
  C:\Windows\System\ExYilvM.exe
  2⤵
  PID:9296
- C:\Windows\System\ackHIoJ.exe
  C:\Windows\System\ackHIoJ.exe
  2⤵
  PID:9328
- C:\Windows\System\oTBHiPJ.exe
  C:\Windows\System\oTBHiPJ.exe
  2⤵
  PID:9368
- C:\Windows\System\DLTfVaO.exe
  C:\Windows\System\DLTfVaO.exe
  2⤵
  PID:9388
- C:\Windows\System\ycYzmfv.exe
  C:\Windows\System\ycYzmfv.exe
  2⤵
  PID:9420
- C:\Windows\System\UfxdWwj.exe
  C:\Windows\System\UfxdWwj.exe
  2⤵
  PID:9444
- C:\Windows\System\eVDDOTA.exe
  C:\Windows\System\eVDDOTA.exe
  2⤵
  PID:9472
- C:\Windows\System\sELcpQU.exe
  C:\Windows\System\sELcpQU.exe
  2⤵
  PID:9508
- C:\Windows\System\AnUHyMZ.exe
  C:\Windows\System\AnUHyMZ.exe
  2⤵
  PID:9528
- C:\Windows\System\mepAQBv.exe
  C:\Windows\System\mepAQBv.exe
  2⤵
  PID:9560
- C:\Windows\System\lEqShIv.exe
  C:\Windows\System\lEqShIv.exe
  2⤵
  PID:9596
- C:\Windows\System\MkwrlAv.exe
  C:\Windows\System\MkwrlAv.exe
  2⤵
  PID:9624
- C:\Windows\System\gTqoUHl.exe
  C:\Windows\System\gTqoUHl.exe
  2⤵
  PID:9640
- C:\Windows\System\lxoqMbq.exe
  C:\Windows\System\lxoqMbq.exe
  2⤵
  PID:9672
- C:\Windows\System\DgrBAJz.exe
  C:\Windows\System\DgrBAJz.exe
  2⤵
  PID:9708
- C:\Windows\System\UKrRhpE.exe
  C:\Windows\System\UKrRhpE.exe
  2⤵
  PID:9724
- C:\Windows\System\DfGjCSh.exe
  C:\Windows\System\DfGjCSh.exe
  2⤵
  PID:9752
- C:\Windows\System\BUdnpfw.exe
  C:\Windows\System\BUdnpfw.exe
  2⤵
  PID:9792
- C:\Windows\System\UTQYUwd.exe
  C:\Windows\System\UTQYUwd.exe
  2⤵
  PID:9820
- C:\Windows\System\MIbcuJi.exe
  C:\Windows\System\MIbcuJi.exe
  2⤵
  PID:9848
- C:\Windows\System\LXwIxSG.exe
  C:\Windows\System\LXwIxSG.exe
  2⤵
  PID:9864
- C:\Windows\System\EDhUbQb.exe
  C:\Windows\System\EDhUbQb.exe
  2⤵
  PID:9900
- C:\Windows\System\MaUjskn.exe
  C:\Windows\System\MaUjskn.exe
  2⤵
  PID:9924
- C:\Windows\System\teIVTLh.exe
  C:\Windows\System\teIVTLh.exe
  2⤵
  PID:9948
- C:\Windows\System\WjSqNel.exe
  C:\Windows\System\WjSqNel.exe
  2⤵
  PID:9964
- C:\Windows\System\VuWbrzg.exe
  C:\Windows\System\VuWbrzg.exe
  2⤵
  PID:10000
- C:\Windows\System\ZGFafZs.exe
  C:\Windows\System\ZGFafZs.exe
  2⤵
  PID:10044
- C:\Windows\System\KqQaRfA.exe
  C:\Windows\System\KqQaRfA.exe
  2⤵
  PID:10080
- C:\Windows\System\JatUySL.exe
  C:\Windows\System\JatUySL.exe
  2⤵
  PID:10104
- C:\Windows\System\CNOPtLn.exe
  C:\Windows\System\CNOPtLn.exe
  2⤵
  PID:10136
- C:\Windows\System\XVqBVWT.exe
  C:\Windows\System\XVqBVWT.exe
  2⤵
  PID:10152
- C:\Windows\System\rIMoNii.exe
  C:\Windows\System\rIMoNii.exe
  2⤵
  PID:10188
- C:\Windows\System\ClvWMun.exe
  C:\Windows\System\ClvWMun.exe
  2⤵
  PID:10208
- C:\Windows\System\eULOqUv.exe
  C:\Windows\System\eULOqUv.exe
  2⤵
  PID:9228
- C:\Windows\System\wSScYmr.exe
  C:\Windows\System\wSScYmr.exe
  2⤵
  PID:9320
- C:\Windows\System\sCbObas.exe
  C:\Windows\System\sCbObas.exe
  2⤵
  PID:9380
- C:\Windows\System\ZQLXUhB.exe
  C:\Windows\System\ZQLXUhB.exe
  2⤵
  PID:9504
- C:\Windows\System\BuIwaIw.exe
  C:\Windows\System\BuIwaIw.exe
  2⤵
  PID:9576
- C:\Windows\System\CjIyiCr.exe
  C:\Windows\System\CjIyiCr.exe
  2⤵
  PID:9636
- C:\Windows\System\wwzdxwE.exe
  C:\Windows\System\wwzdxwE.exe
  2⤵
  PID:9668
- C:\Windows\System\LGhkRYt.exe
  C:\Windows\System\LGhkRYt.exe
  2⤵
  PID:9772
- C:\Windows\System\UBUqKyp.exe
  C:\Windows\System\UBUqKyp.exe
  2⤵
  PID:9808
- C:\Windows\System\VBBtRCq.exe
  C:\Windows\System\VBBtRCq.exe
  2⤵
  PID:9920
- C:\Windows\System\pADUmzv.exe
  C:\Windows\System\pADUmzv.exe
  2⤵
  PID:9936
- C:\Windows\System\YySwpQf.exe
  C:\Windows\System\YySwpQf.exe
  2⤵
  PID:10036
- C:\Windows\System\UuHibXD.exe
  C:\Windows\System\UuHibXD.exe
  2⤵
  PID:10068
- C:\Windows\System\XLJmnXU.exe
  C:\Windows\System\XLJmnXU.exe
  2⤵
  PID:10180
- C:\Windows\System\ysFnbMN.exe
  C:\Windows\System\ysFnbMN.exe
  2⤵
  PID:9236
- C:\Windows\System\MsWMZbJ.exe
  C:\Windows\System\MsWMZbJ.exe
  2⤵
  PID:9408
- C:\Windows\System\ztEPryI.exe
  C:\Windows\System\ztEPryI.exe
  2⤵
  PID:9468
- C:\Windows\System\UOaHgIt.exe
  C:\Windows\System\UOaHgIt.exe
  2⤵
  PID:9588
- C:\Windows\System\XCsGppg.exe
  C:\Windows\System\XCsGppg.exe
  2⤵
  PID:9608
- C:\Windows\System\QuusfLs.exe
  C:\Windows\System\QuusfLs.exe
  2⤵
  PID:9884
- C:\Windows\System\MgQiJvM.exe
  C:\Windows\System\MgQiJvM.exe
  2⤵
  PID:8764
- C:\Windows\System\fCKMBGk.exe
  C:\Windows\System\fCKMBGk.exe
  2⤵
  PID:9288
- C:\Windows\System\PhJySqP.exe
  C:\Windows\System\PhJySqP.exe
  2⤵
  PID:9580
- C:\Windows\System\fxXbBXL.exe
  C:\Windows\System\fxXbBXL.exe
  2⤵
  PID:10228
- C:\Windows\System\xvhwRNE.exe
  C:\Windows\System\xvhwRNE.exe
  2⤵
  PID:9464
- C:\Windows\System\cFYgVlz.exe
  C:\Windows\System\cFYgVlz.exe
  2⤵
  PID:9984
- C:\Windows\System\oMJeUur.exe
  C:\Windows\System\oMJeUur.exe
  2⤵
  PID:10260
- C:\Windows\System\GvqliCe.exe
  C:\Windows\System\GvqliCe.exe
  2⤵
  PID:10288
- C:\Windows\System\BvfVsgt.exe
  C:\Windows\System\BvfVsgt.exe
  2⤵
  PID:10316
- C:\Windows\System\gxkIvKg.exe
  C:\Windows\System\gxkIvKg.exe
  2⤵
  PID:10332
- C:\Windows\System\qTbKTDE.exe
  C:\Windows\System\qTbKTDE.exe
  2⤵
  PID:10364
- C:\Windows\System\CRxJNXp.exe
  C:\Windows\System\CRxJNXp.exe
  2⤵
  PID:10400
- C:\Windows\System\imGOLgr.exe
  C:\Windows\System\imGOLgr.exe
  2⤵
  PID:10428
- C:\Windows\System\GQnwCuv.exe
  C:\Windows\System\GQnwCuv.exe
  2⤵
  PID:10456
- C:\Windows\System\WTtbvyn.exe
  C:\Windows\System\WTtbvyn.exe
  2⤵
  PID:10472
- C:\Windows\System\spoUvia.exe
  C:\Windows\System\spoUvia.exe
  2⤵
  PID:10512
- C:\Windows\System\kSitoZp.exe
  C:\Windows\System\kSitoZp.exe
  2⤵
  PID:10540
- C:\Windows\System\wNPwseq.exe
  C:\Windows\System\wNPwseq.exe
  2⤵
  PID:10576
- C:\Windows\System\zGyYppN.exe
  C:\Windows\System\zGyYppN.exe
  2⤵
  PID:10604
- C:\Windows\System\pNxqurN.exe
  C:\Windows\System\pNxqurN.exe
  2⤵
  PID:10620
- C:\Windows\System\lQvhsOc.exe
  C:\Windows\System\lQvhsOc.exe
  2⤵
  PID:10664
- C:\Windows\System\bEfqIns.exe
  C:\Windows\System\bEfqIns.exe
  2⤵
  PID:10692
- C:\Windows\System\PaAYdIy.exe
  C:\Windows\System\PaAYdIy.exe
  2⤵
  PID:10720
- C:\Windows\System\nimzhxZ.exe
  C:\Windows\System\nimzhxZ.exe
  2⤵
  PID:10748
- C:\Windows\System\vgxCXFy.exe
  C:\Windows\System\vgxCXFy.exe
  2⤵
  PID:10776
- C:\Windows\System\HfVVPpY.exe
  C:\Windows\System\HfVVPpY.exe
  2⤵
  PID:10804
- C:\Windows\System\GSLJVUO.exe
  C:\Windows\System\GSLJVUO.exe
  2⤵
  PID:10828
- C:\Windows\System\EDDydEn.exe
  C:\Windows\System\EDDydEn.exe
  2⤵
  PID:10860
- C:\Windows\System\HBbePOT.exe
  C:\Windows\System\HBbePOT.exe
  2⤵
  PID:10896
- C:\Windows\System\FSCGXXz.exe
  C:\Windows\System\FSCGXXz.exe
  2⤵
  PID:10912
- C:\Windows\System\RnlwyTa.exe
  C:\Windows\System\RnlwyTa.exe
  2⤵
  PID:10940
- C:\Windows\System\zGwXtRK.exe
  C:\Windows\System\zGwXtRK.exe
  2⤵
  PID:10968
- C:\Windows\System\ofwtTAr.exe
  C:\Windows\System\ofwtTAr.exe
  2⤵
  PID:11000
- C:\Windows\System\iYpbnTf.exe
  C:\Windows\System\iYpbnTf.exe
  2⤵
  PID:11028
- C:\Windows\System\gjgfbcn.exe
  C:\Windows\System\gjgfbcn.exe
  2⤵
  PID:11068
- C:\Windows\System\yVLaBlz.exe
  C:\Windows\System\yVLaBlz.exe
  2⤵
  PID:11088
- C:\Windows\System\tfCncet.exe
  C:\Windows\System\tfCncet.exe
  2⤵
  PID:11124
- C:\Windows\System\EDdKrPk.exe
  C:\Windows\System\EDdKrPk.exe
  2⤵
  PID:11156
- C:\Windows\System\EEHbgNf.exe
  C:\Windows\System\EEHbgNf.exe
  2⤵
  PID:11184
- C:\Windows\System\zPFJmtr.exe
  C:\Windows\System\zPFJmtr.exe
  2⤵
  PID:11200
- C:\Windows\System\wPNiNXo.exe
  C:\Windows\System\wPNiNXo.exe
  2⤵
  PID:11228
- C:\Windows\System\HKBeolp.exe
  C:\Windows\System\HKBeolp.exe
  2⤵
  PID:10248
- C:\Windows\System\dbdtyDV.exe
  C:\Windows\System\dbdtyDV.exe
  2⤵
  PID:10308
- C:\Windows\System\UjvbcVX.exe
  C:\Windows\System\UjvbcVX.exe
  2⤵
  PID:10392
- C:\Windows\System\NgnndvZ.exe
  C:\Windows\System\NgnndvZ.exe
  2⤵
  PID:10424
- C:\Windows\System\IkBWYrr.exe
  C:\Windows\System\IkBWYrr.exe
  2⤵
  PID:10504
- C:\Windows\System\QaanXXy.exe
  C:\Windows\System\QaanXXy.exe
  2⤵
  PID:10536
- C:\Windows\System\JTEqVLv.exe
  C:\Windows\System\JTEqVLv.exe
  2⤵
  PID:10648
- C:\Windows\System\MITolaG.exe
  C:\Windows\System\MITolaG.exe
  2⤵
  PID:10688
- C:\Windows\System\TZpeQDA.exe
  C:\Windows\System\TZpeQDA.exe
  2⤵
  PID:10736
- C:\Windows\System\YqtMzVJ.exe
  C:\Windows\System\YqtMzVJ.exe
  2⤵
  PID:10236
- C:\Windows\System\Zcpwfxa.exe
  C:\Windows\System\Zcpwfxa.exe
  2⤵
  PID:10856
- C:\Windows\System\MzhsQhg.exe
  C:\Windows\System\MzhsQhg.exe
  2⤵
  PID:10952
- C:\Windows\System\wtxABMv.exe
  C:\Windows\System\wtxABMv.exe
  2⤵
  PID:10988
- C:\Windows\System\MsMDyyM.exe
  C:\Windows\System\MsMDyyM.exe
  2⤵
  PID:11064
- C:\Windows\System\bkpfbOS.exe
  C:\Windows\System\bkpfbOS.exe
  2⤵
  PID:11140
- C:\Windows\System\wSafajE.exe
  C:\Windows\System\wSafajE.exe
  2⤵
  PID:11176
- C:\Windows\System\wSoGQUK.exe
  C:\Windows\System\wSoGQUK.exe
  2⤵
  PID:11248
- C:\Windows\System\KhOeDpw.exe
  C:\Windows\System\KhOeDpw.exe
  2⤵
  PID:10416
- C:\Windows\System\IqNCRlK.exe
  C:\Windows\System\IqNCRlK.exe
  2⤵
  PID:10596
- C:\Windows\System\NdMcRTC.exe
  C:\Windows\System\NdMcRTC.exe
  2⤵
  PID:10712
- C:\Windows\System\DmJTORs.exe
  C:\Windows\System\DmJTORs.exe
  2⤵
  PID:10824
- C:\Windows\System\BlBKyQx.exe
  C:\Windows\System\BlBKyQx.exe
  2⤵
  PID:11024
- C:\Windows\System\WuuIHRp.exe
  C:\Windows\System\WuuIHRp.exe
  2⤵
  PID:11100
- C:\Windows\System\cHBneAM.exe
  C:\Windows\System\cHBneAM.exe
  2⤵
  PID:10484
- C:\Windows\System\dCFrQgo.exe
  C:\Windows\System\dCFrQgo.exe
  2⤵
  PID:10788
- C:\Windows\System\dREIvkQ.exe
  C:\Windows\System\dREIvkQ.exe
  2⤵
  PID:11260
- C:\Windows\System\hIgovrh.exe
  C:\Windows\System\hIgovrh.exe
  2⤵
  PID:464
- C:\Windows\System\ispllBO.exe
  C:\Windows\System\ispllBO.exe
  2⤵
  PID:10352
- C:\Windows\System\sQXEfHC.exe
  C:\Windows\System\sQXEfHC.exe
  2⤵
  PID:11284
- C:\Windows\System\lpruEsl.exe
  C:\Windows\System\lpruEsl.exe
  2⤵
  PID:11316
- C:\Windows\System\IzmyHhG.exe
  C:\Windows\System\IzmyHhG.exe
  2⤵
  PID:11332
- C:\Windows\System\GGXyffs.exe
  C:\Windows\System\GGXyffs.exe
  2⤵
  PID:11360
- C:\Windows\System\ZGjxALT.exe
  C:\Windows\System\ZGjxALT.exe
  2⤵
  PID:11400
- C:\Windows\System\egVcTON.exe
  C:\Windows\System\egVcTON.exe
  2⤵
  PID:11420
- C:\Windows\System\YZyZtds.exe
  C:\Windows\System\YZyZtds.exe
  2⤵
  PID:11444
- C:\Windows\System\EPkpzKb.exe
  C:\Windows\System\EPkpzKb.exe
  2⤵
  PID:11480
- C:\Windows\System\FrjfZlg.exe
  C:\Windows\System\FrjfZlg.exe
  2⤵
  PID:11512
- C:\Windows\System\YfgZcBC.exe
  C:\Windows\System\YfgZcBC.exe
  2⤵
  PID:11528
- C:\Windows\System\jJjFjKO.exe
  C:\Windows\System\jJjFjKO.exe
  2⤵
  PID:11556
- C:\Windows\System\fQLQtTK.exe
  C:\Windows\System\fQLQtTK.exe
  2⤵
  PID:11584
- C:\Windows\System\ocKLWmt.exe
  C:\Windows\System\ocKLWmt.exe
  2⤵
  PID:11620
- C:\Windows\System\DXTCDyB.exe
  C:\Windows\System\DXTCDyB.exe
  2⤵
  PID:11640
- C:\Windows\System\IzgaXUv.exe
  C:\Windows\System\IzgaXUv.exe
  2⤵
  PID:11680
- C:\Windows\System\JybXYac.exe
  C:\Windows\System\JybXYac.exe
  2⤵
  PID:11708
- C:\Windows\System\DyishmF.exe
  C:\Windows\System\DyishmF.exe
  2⤵
  PID:11736
- C:\Windows\System\ZlnmqSK.exe
  C:\Windows\System\ZlnmqSK.exe
  2⤵
  PID:11756
- C:\Windows\System\igMJsQw.exe
  C:\Windows\System\igMJsQw.exe
  2⤵
  PID:11792
- C:\Windows\System\yVZRJAJ.exe
  C:\Windows\System\yVZRJAJ.exe
  2⤵
  PID:11820
- C:\Windows\System\BzMuCIT.exe
  C:\Windows\System\BzMuCIT.exe
  2⤵
  PID:11848
- C:\Windows\System\IrtpVzb.exe
  C:\Windows\System\IrtpVzb.exe
  2⤵
  PID:11880
- C:\Windows\System\cvgvAFS.exe
  C:\Windows\System\cvgvAFS.exe
  2⤵
  PID:11908
- C:\Windows\System\gHUyKLI.exe
  C:\Windows\System\gHUyKLI.exe
  2⤵
  PID:11936
- C:\Windows\System\avtkIys.exe
  C:\Windows\System\avtkIys.exe
  2⤵
  PID:11952
- C:\Windows\System\AKupaod.exe
  C:\Windows\System\AKupaod.exe
  2⤵
  PID:11992
- C:\Windows\System\cAulAhJ.exe
  C:\Windows\System\cAulAhJ.exe
  2⤵
  PID:12016
- C:\Windows\System\dKIteFY.exe
  C:\Windows\System\dKIteFY.exe
  2⤵
  PID:12048
- C:\Windows\System\PNmzOEh.exe
  C:\Windows\System\PNmzOEh.exe
  2⤵
  PID:12084
- C:\Windows\System\vGVhdqI.exe
  C:\Windows\System\vGVhdqI.exe
  2⤵
  PID:12112
- C:\Windows\System\RozkmWW.exe
  C:\Windows\System\RozkmWW.exe
  2⤵
  PID:12140
- C:\Windows\System\IgStPEs.exe
  C:\Windows\System\IgStPEs.exe
  2⤵
  PID:12168
- C:\Windows\System\ciqFOVr.exe
  C:\Windows\System\ciqFOVr.exe
  2⤵
  PID:12196
- C:\Windows\System\tyDVYSo.exe
  C:\Windows\System\tyDVYSo.exe
  2⤵
  PID:12224
- C:\Windows\System\FzYWJMX.exe
  C:\Windows\System\FzYWJMX.exe
  2⤵
  PID:12244
- C:\Windows\System\PgGxoPd.exe
  C:\Windows\System\PgGxoPd.exe
  2⤵
  PID:12276
- C:\Windows\System\BzdgfDS.exe
  C:\Windows\System\BzdgfDS.exe
  2⤵
  PID:11280
- C:\Windows\System\ggUwWcE.exe
  C:\Windows\System\ggUwWcE.exe
  2⤵
  PID:11324
- C:\Windows\System\tFpeNCJ.exe
  C:\Windows\System\tFpeNCJ.exe
  2⤵
  PID:11396
- C:\Windows\System\vESFRIE.exe
  C:\Windows\System\vESFRIE.exe
  2⤵
  PID:11436
- C:\Windows\System\loazeIm.exe
  C:\Windows\System\loazeIm.exe
  2⤵
  PID:11552
- C:\Windows\System\LacpHbR.exe
  C:\Windows\System\LacpHbR.exe
  2⤵
  PID:11616
- C:\Windows\System\OsMAQwE.exe
  C:\Windows\System\OsMAQwE.exe
  2⤵
  PID:11660
- C:\Windows\System\gVnWIsP.exe
  C:\Windows\System\gVnWIsP.exe
  2⤵
  PID:11704
- C:\Windows\System\WqCXrfO.exe
  C:\Windows\System\WqCXrfO.exe
  2⤵
  PID:11768
- C:\Windows\System\USQamWE.exe
  C:\Windows\System\USQamWE.exe
  2⤵
  PID:11864
- C:\Windows\System\SqMJmvl.exe
  C:\Windows\System\SqMJmvl.exe
  2⤵
  PID:11924
- C:\Windows\System\mhKyfFQ.exe
  C:\Windows\System\mhKyfFQ.exe
  2⤵
  PID:11976
- C:\Windows\System\DePGwoP.exe
  C:\Windows\System\DePGwoP.exe
  2⤵
  PID:12072
- C:\Windows\System\BsOgbHD.exe
  C:\Windows\System\BsOgbHD.exe
  2⤵
  PID:12136
- C:\Windows\System\LwSVzdV.exe
  C:\Windows\System\LwSVzdV.exe
  2⤵
  PID:12180
- C:\Windows\System\RMaXXXJ.exe
  C:\Windows\System\RMaXXXJ.exe
  2⤵
  PID:12252
- C:\Windows\System\MmWzZba.exe
  C:\Windows\System\MmWzZba.exe
  2⤵
  PID:11296
- C:\Windows\System\mkcTWeb.exe
  C:\Windows\System\mkcTWeb.exe
  2⤵
  PID:11440
- C:\Windows\System\ItIpEdg.exe
  C:\Windows\System\ItIpEdg.exe
  2⤵
  PID:11596
- C:\Windows\System\ZVjrEnh.exe
  C:\Windows\System\ZVjrEnh.exe
  2⤵
  PID:11780
- C:\Windows\System\GottbWL.exe
  C:\Windows\System\GottbWL.exe
  2⤵
  PID:11932
- C:\Windows\System\qAeQpps.exe
  C:\Windows\System\qAeQpps.exe
  2⤵
  PID:12104
- C:\Windows\System\xIRcpGa.exe
  C:\Windows\System\xIRcpGa.exe
  2⤵
  PID:12220
- C:\Windows\System\lkYSyFR.exe
  C:\Windows\System\lkYSyFR.exe
  2⤵
  PID:11524
- C:\Windows\System\xhIOwAU.exe
  C:\Windows\System\xhIOwAU.exe
  2⤵
  PID:11868
- C:\Windows\System\BbLZLCV.exe
  C:\Windows\System\BbLZLCV.exe
  2⤵
  PID:12164
- C:\Windows\System\VrFuiVq.exe
  C:\Windows\System\VrFuiVq.exe
  2⤵
  PID:11636
- C:\Windows\System\qRsDerp.exe
  C:\Windows\System\qRsDerp.exe
  2⤵
  PID:11376
- C:\Windows\System\VijjTpe.exe
  C:\Windows\System\VijjTpe.exe
  2⤵
  PID:12308
- C:\Windows\System\ZxEKgUo.exe
  C:\Windows\System\ZxEKgUo.exe
  2⤵
  PID:12348
- C:\Windows\System\TabDrMy.exe
  C:\Windows\System\TabDrMy.exe
  2⤵
  PID:12364
- C:\Windows\System\LEpqNFb.exe
  C:\Windows\System\LEpqNFb.exe
  2⤵
  PID:12384
- C:\Windows\System\kvaMCOA.exe
  C:\Windows\System\kvaMCOA.exe
  2⤵
  PID:12432
- C:\Windows\System\LuxdixC.exe
  C:\Windows\System\LuxdixC.exe
  2⤵
  PID:12460
- C:\Windows\System\bxPrmBt.exe
  C:\Windows\System\bxPrmBt.exe
  2⤵
  PID:12488
- C:\Windows\System\NRtCLmd.exe
  C:\Windows\System\NRtCLmd.exe
  2⤵
  PID:12512
- C:\Windows\System\lUdmyvp.exe
  C:\Windows\System\lUdmyvp.exe
  2⤵
  PID:12528
- C:\Windows\System\ErGTTGW.exe
  C:\Windows\System\ErGTTGW.exe
  2⤵
  PID:12556
- C:\Windows\System\OjrQaJJ.exe
  C:\Windows\System\OjrQaJJ.exe
  2⤵
  PID:12616
- C:\Windows\System\jADWpZH.exe
  C:\Windows\System\jADWpZH.exe
  2⤵
  PID:12632
- C:\Windows\System\aIZaJBr.exe
  C:\Windows\System\aIZaJBr.exe
  2⤵
  PID:12664
- C:\Windows\System\TmhYAjo.exe
  C:\Windows\System\TmhYAjo.exe
  2⤵
  PID:12680
- C:\Windows\System\eFwgpIb.exe
  C:\Windows\System\eFwgpIb.exe
  2⤵
  PID:12708
- C:\Windows\System\pcUSJch.exe
  C:\Windows\System\pcUSJch.exe
  2⤵
  PID:12732
- C:\Windows\System\iDjeZNl.exe
  C:\Windows\System\iDjeZNl.exe
  2⤵
  PID:12776
- C:\Windows\System\iLjhnWr.exe
  C:\Windows\System\iLjhnWr.exe
  2⤵
  PID:12804
- C:\Windows\System\ifrOmOz.exe
  C:\Windows\System\ifrOmOz.exe
  2⤵
  PID:12832
- C:\Windows\System\RIprSWs.exe
  C:\Windows\System\RIprSWs.exe
  2⤵
  PID:12860
- C:\Windows\System\jXxLZAs.exe
  C:\Windows\System\jXxLZAs.exe
  2⤵
  PID:12888
- C:\Windows\System\zzsoqWY.exe
  C:\Windows\System\zzsoqWY.exe
  2⤵
  PID:12916
- C:\Windows\System\fXBwdYf.exe
  C:\Windows\System\fXBwdYf.exe
  2⤵
  PID:12944
- C:\Windows\System\UdxnNZy.exe
  C:\Windows\System\UdxnNZy.exe
  2⤵
  PID:12972
- C:\Windows\System\bFOsIht.exe
  C:\Windows\System\bFOsIht.exe
  2⤵
  PID:13000
- C:\Windows\System\yFnHrKI.exe
  C:\Windows\System\yFnHrKI.exe
  2⤵
  PID:13016
- C:\Windows\System\hbhaFIE.exe
  C:\Windows\System\hbhaFIE.exe
  2⤵
  PID:13040
- C:\Windows\System\qemEvGz.exe
  C:\Windows\System\qemEvGz.exe
  2⤵
  PID:13056
- C:\Windows\System\mLnlCTR.exe
  C:\Windows\System\mLnlCTR.exe
  2⤵
  PID:13088
- C:\Windows\System\rDPxKss.exe
  C:\Windows\System\rDPxKss.exe
  2⤵
  PID:13112
- C:\Windows\System\uHUWsIn.exe
  C:\Windows\System\uHUWsIn.exe
  2⤵
  PID:13152
- C:\Windows\System\tNtruHN.exe
  C:\Windows\System\tNtruHN.exe
  2⤵
  PID:13180
- C:\Windows\System\hylEUnC.exe
  C:\Windows\System\hylEUnC.exe
  2⤵
  PID:13212
- C:\Windows\System\VpmhdBC.exe
  C:\Windows\System\VpmhdBC.exe
  2⤵
  PID:13244
- C:\Windows\System\pNjOeTf.exe
  C:\Windows\System\pNjOeTf.exe
  2⤵
  PID:13268
- C:\Windows\System\eOsHlQW.exe
  C:\Windows\System\eOsHlQW.exe
  2⤵
  PID:13296
- C:\Windows\System\mnbMbDQ.exe
  C:\Windows\System\mnbMbDQ.exe
  2⤵
  PID:12304
- C:\Windows\System\XYsHUKn.exe
  C:\Windows\System\XYsHUKn.exe
  2⤵
  PID:12360
- C:\Windows\System\ksMiWxJ.exe
  C:\Windows\System\ksMiWxJ.exe
  2⤵
  PID:12376
- C:\Windows\System\rQtBpwg.exe
  C:\Windows\System\rQtBpwg.exe
  2⤵
  PID:12444
- C:\Windows\System\rbgfrUV.exe
  C:\Windows\System\rbgfrUV.exe
  2⤵
  PID:12540
- C:\Windows\System\dyacANK.exe
  C:\Windows\System\dyacANK.exe
  2⤵
  PID:12656
- C:\Windows\System\jjQNOap.exe
  C:\Windows\System\jjQNOap.exe
  2⤵
  PID:12700
- C:\Windows\System\pAxcJCc.exe
  C:\Windows\System\pAxcJCc.exe
  2⤵
  PID:12772
- C:\Windows\System\IwGZixW.exe
  C:\Windows\System\IwGZixW.exe
  2⤵
  PID:12848
- C:\Windows\System\RgxQdfc.exe
  C:\Windows\System\RgxQdfc.exe
  2⤵
  PID:12928
- C:\Windows\System\JoTfmLF.exe
  C:\Windows\System\JoTfmLF.exe
  2⤵
  PID:12992
- C:\Windows\System\XDSWuUm.exe
  C:\Windows\System\XDSWuUm.exe
  2⤵
  PID:13064
- C:\Windows\System\jdGwpbT.exe
  C:\Windows\System\jdGwpbT.exe
  2⤵
  PID:13108
- C:\Windows\System\tBXhJaH.exe
  C:\Windows\System\tBXhJaH.exe
  2⤵
  PID:13188
- C:\Windows\System\DnoKKzc.exe
  C:\Windows\System\DnoKKzc.exe
  2⤵
  PID:13240
- C:\Windows\System\ysfHzMR.exe
  C:\Windows\System\ysfHzMR.exe
  2⤵
  PID:1140
- C:\Windows\System\euryDls.exe
  C:\Windows\System\euryDls.exe
  2⤵
  PID:2928
- C:\Windows\System\HxgwHcS.exe
  C:\Windows\System\HxgwHcS.exe
  2⤵
  PID:12420
- C:\Windows\System\BXXxdKU.exe
  C:\Windows\System\BXXxdKU.exe
  2⤵
  PID:12572
- C:\Windows\System\AkubgdW.exe
  C:\Windows\System\AkubgdW.exe
  2⤵
  PID:12612
- C:\Windows\System\ewPbrrS.exe
  C:\Windows\System\ewPbrrS.exe
  2⤵
  PID:12816
- C:\Windows\System\dDvqMlp.exe
  C:\Windows\System\dDvqMlp.exe
  2⤵
  PID:13024
- C:\Windows\System\FRJHtkv.exe
  C:\Windows\System\FRJHtkv.exe
  2⤵
  PID:13164
- C:\Windows\System\znFVdZE.exe
  C:\Windows\System\znFVdZE.exe
  2⤵
  PID:2096
- C:\Windows\System\LxySMGf.exe
  C:\Windows\System\LxySMGf.exe
  2⤵
  PID:11856
- C:\Windows\System\NXxJBsJ.exe
  C:\Windows\System\NXxJBsJ.exe
  2⤵
  PID:12628
- C:\Windows\System\cettehg.exe
  C:\Windows\System\cettehg.exe
  2⤵
  PID:12964
- C:\Windows\System\EusWXbf.exe
  C:\Windows\System\EusWXbf.exe
  2⤵
  PID:13288
- C:\Windows\System\GKsZGDF.exe
  C:\Windows\System\GKsZGDF.exe
  2⤵
  PID:12676
- C:\Windows\System\watgZZB.exe
  C:\Windows\System\watgZZB.exe
  2⤵
  PID:13332
- C:\Windows\System\brdCika.exe
  C:\Windows\System\brdCika.exe
  2⤵
  PID:13348
- C:\Windows\System\MAIGawp.exe
  C:\Windows\System\MAIGawp.exe
  2⤵
  PID:13372
- C:\Windows\System\jsZwIvT.exe
  C:\Windows\System\jsZwIvT.exe
  2⤵
  PID:13404
- C:\Windows\System\cqOWoVv.exe
  C:\Windows\System\cqOWoVv.exe
  2⤵
  PID:13436
- C:\Windows\System\qtnpsbT.exe
  C:\Windows\System\qtnpsbT.exe
  2⤵
  PID:13464
- C:\Windows\System\ITKszhQ.exe
  C:\Windows\System\ITKszhQ.exe
  2⤵
  PID:13500
- C:\Windows\System\NMkMryG.exe
  C:\Windows\System\NMkMryG.exe
  2⤵
  PID:13528
- C:\Windows\System\urjfOAc.exe
  C:\Windows\System\urjfOAc.exe
  2⤵
  PID:13556
- C:\Windows\System\OzYXDJE.exe
  C:\Windows\System\OzYXDJE.exe
  2⤵
  PID:13576
- C:\Windows\System\URccLHc.exe
  C:\Windows\System\URccLHc.exe
  2⤵
  PID:13600
- C:\Windows\System\gDPjBmV.exe
  C:\Windows\System\gDPjBmV.exe
  2⤵
  PID:13616
- C:\Windows\System\FHdlIYz.exe
  C:\Windows\System\FHdlIYz.exe
  2⤵
  PID:13656
- C:\Windows\System\SbzmDNU.exe
  C:\Windows\System\SbzmDNU.exe
  2⤵
  PID:13672
- C:\Windows\System\HiMKrbw.exe
  C:\Windows\System\HiMKrbw.exe
  2⤵
  PID:13700
- C:\Windows\System\vNtnMsl.exe
  C:\Windows\System\vNtnMsl.exe
  2⤵
  PID:13732
- C:\Windows\System\VOpxZgH.exe
  C:\Windows\System\VOpxZgH.exe
  2⤵
  PID:13760
- C:\Windows\System\rcULuId.exe
  C:\Windows\System\rcULuId.exe
  2⤵
  PID:13800
- C:\Windows\System\sFUYpdu.exe
  C:\Windows\System\sFUYpdu.exe
  2⤵
  PID:13836
- C:\Windows\System\KLXPOiS.exe
  C:\Windows\System\KLXPOiS.exe
  2⤵
  PID:13868
- C:\Windows\System\TBhubKx.exe
  C:\Windows\System\TBhubKx.exe
  2⤵
  PID:13896
- C:\Windows\System\EYNLKBm.exe
  C:\Windows\System\EYNLKBm.exe
  2⤵
  PID:13924
- C:\Windows\System\mXmtdqJ.exe
  C:\Windows\System\mXmtdqJ.exe
  2⤵
  PID:13940
- C:\Windows\System\VydgTcy.exe
  C:\Windows\System\VydgTcy.exe
  2⤵
  PID:13980
- C:\Windows\System\mRruQut.exe
  C:\Windows\System\mRruQut.exe
  2⤵
  PID:14008
- C:\Windows\System\rhSHtkv.exe
  C:\Windows\System\rhSHtkv.exe
  2⤵
  PID:14036
- C:\Windows\System\QEtinHv.exe
  C:\Windows\System\QEtinHv.exe
  2⤵
  PID:14052
- C:\Windows\System\AtHwLVG.exe
  C:\Windows\System\AtHwLVG.exe
  2⤵
  PID:14092
- C:\Windows\System\HzINpmE.exe
  C:\Windows\System\HzINpmE.exe
  2⤵
  PID:14120
- C:\Windows\System\KbsayVO.exe
  C:\Windows\System\KbsayVO.exe
  2⤵
  PID:14148
- C:\Windows\System\hyMHWQr.exe
  C:\Windows\System\hyMHWQr.exe
  2⤵
  PID:14176
- C:\Windows\System\nJpqpRJ.exe
  C:\Windows\System\nJpqpRJ.exe
  2⤵
  PID:14196
- C:\Windows\System\LLRBWOV.exe
  C:\Windows\System\LLRBWOV.exe
  2⤵
  PID:14220
- C:\Windows\System\ZZNuafi.exe
  C:\Windows\System\ZZNuafi.exe
  2⤵
  PID:14248
- C:\Windows\System\KzYbRFK.exe
  C:\Windows\System\KzYbRFK.exe
  2⤵
  PID:14276
- C:\Windows\System\ONeccBX.exe
  C:\Windows\System\ONeccBX.exe
  2⤵
  PID:14304
- C:\Windows\System\OxDxFzm.exe
  C:\Windows\System\OxDxFzm.exe
  2⤵
  PID:14320
- C:\Windows\System\VSWoQLq.exe
  C:\Windows\System\VSWoQLq.exe
  2⤵
  PID:13396
- C:\Windows\System\urUBqpy.exe
  C:\Windows\System\urUBqpy.exe
  2⤵
  PID:13452
- C:\Windows\System\lXIDqdL.exe
  C:\Windows\System\lXIDqdL.exe
  2⤵
  PID:13520
- C:\Windows\System\FKbNGBV.exe
  C:\Windows\System\FKbNGBV.exe
  2⤵
  PID:13572
- C:\Windows\System\KsnVLjq.exe
  C:\Windows\System\KsnVLjq.exe
  2⤵
  PID:13648
- C:\Windows\System\uVNREAo.exe
  C:\Windows\System\uVNREAo.exe
  2⤵
  PID:13720
- C:\Windows\System\tWysqdM.exe
  C:\Windows\System\tWysqdM.exe
  2⤵
  PID:13784
- C:\Windows\System\eXUASgn.exe
  C:\Windows\System\eXUASgn.exe
  2⤵
  PID:13864
- C:\Windows\System\SGSOeCU.exe
  C:\Windows\System\SGSOeCU.exe
  2⤵
  PID:13932
- C:\Windows\System\mFKrCxi.exe
  C:\Windows\System\mFKrCxi.exe
  2⤵
  PID:13996
- C:\Windows\System\cIEOAWD.exe
  C:\Windows\System\cIEOAWD.exe
  2⤵
  PID:14236
- C:\Windows\System\xadPjJH.exe
  C:\Windows\System\xadPjJH.exe
  2⤵
  PID:14296
- C:\Windows\System\qhmoMBo.exe
  C:\Windows\System\qhmoMBo.exe
  2⤵
  PID:13640
- C:\Windows\System\THxtlZK.exe
  C:\Windows\System\THxtlZK.exe
  2⤵
  PID:13692
- C:\Windows\System\PjZzccs.exe
  C:\Windows\System\PjZzccs.exe
  2⤵
  PID:14044

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BzlXCMJ.exe

Filesize
2.4MB

MD5
d1e1fb3290b2c4a622bf4c56d4cc0c58

SHA1
92fd9006e41ce4429c8f5078bef263c35faf3d65

SHA256
66bcdb24475eb2fcaa8218dc4bf6039617e36bb9c83c79d7fb90860d64e866b9

SHA512
980b5aea7a7e5d1df9d1c2e66b06b48aab14a969f1dd4605a978a7a102381ab247ed0d3d2530cc5fbe13fdbdb3c0ba47b79174f8b1c69e06eb139e2110c32a20

Download Submit
C:\Windows\System\FZduzcN.exe

Filesize
2.4MB

MD5
027068364f38504f5de694a1f31a2b3f

SHA1
c87d97b974499d5ae64b9856f4c44262f9ae6153

SHA256
99590392246bc29001272f025d5a6f203f5c42a40ae1c0a1823581af97651e68

SHA512
df8cd02d382c4532355cb32473b6e218701afb6f474ff547f70824a972043c65912c326d09674181e99150ce284f9e81accc56c3bb39060f06aed0aae7693970

Download Submit
C:\Windows\System\FrmIzPK.exe

Filesize
2.4MB

MD5
80b4336a4e22fd0107315101678154af

SHA1
855494247ae29a57e0f2c77ad65fc90b2eff6b41

SHA256
7f7efe965d6b42156293e55f9a16462ffbc3b174d159681f9b51167ec2bee430

SHA512
3901c786c0bbf3519770c0ae5f33e7980311aef79452ce178d54ec322a18ec92f95a67610882dabe1c0ca2c8ab40e025ca46d2a594de15e753874d998b22e766

Download Submit
C:\Windows\System\GgwfTpQ.exe

Filesize
2.4MB

MD5
2245c303ee3f906e52aa4e2edef0a275

SHA1
8d793b6fbcde8dd62fa8184e03de42a515dcbede

SHA256
3adb17be8ce173ba4b5bd3947e6d4eb7510dfe67997f3f6513f2311477cf181e

SHA512
ca8e932eced1d1ca6cac6b22cb9038bd75e185d2bd48faf315952cdaefd9d470a63cfe6c5f2f851924392bcc4d4f9082ee29ba38e9b08b88439bb658fbdfd2e7

Download Submit
C:\Windows\System\HCjokZM.exe

Filesize
2.4MB

MD5
d4772dae2466f39b6de206999932e275

SHA1
34e2e46ae0f8b6dc8bb65ec571b790eb2d71013e

SHA256
332c7174db937c96aab9dd15c87e5d1417b1754b8acf06ce116b01c2575a2adf

SHA512
1cf3d154b991709cdde00ff7278e76549d6d4b79830168902a63bdcd7b7fa036405e7113a0f284a085b43ac5609ae67a64a2c724a7d2439521393296cdeb5f9c

Download Submit
C:\Windows\System\HgiAtnH.exe

Filesize
2.4MB

MD5
dd3134950b5932ca49bebdb921c3a299

SHA1
ad55384d1de1292e826188571bcb68e3909ec815

SHA256
bc301470bee127a576b1d92a2bfb2154a77b69c5ec57a21a5d339a01de9a55ac

SHA512
29c36ed121bdf04eeb3a2eaf5efe304e8bf12c6ca474ae1c1583d479d7cbcbc35cb14d2802f9b6b5141cbc8f375849b196ef51b6942e689ea80ea43391b3b9e6

Download Submit
C:\Windows\System\InJJvsp.exe

Filesize
2.4MB

MD5
777c664461b8fa2f76cd27b9d315ff10

SHA1
9fc36e93f642836b7503a134aa2ed7bde17c541c

SHA256
2973cc4e531dd0aeb2101af04e5df2c6f6deaaa40424a4afb7c70e796fcb1071

SHA512
27c55eb115a77d51017539ad2a7dc9aea1320846e2c9585430cf11143f3fa0d10f6ca893384156eded8eae39a911d811001223161dd85e7ecf95d141e09f78bd

Download Submit
C:\Windows\System\JMdHrpY.exe

Filesize
2.4MB

MD5
b83c1ab89b53ce04236aaff8d90b5fc7

SHA1
21c3eef9bf6a25efa4bf37201ed5672e08e3f245

SHA256
c65bc0218512b599d52d24f444bece6ba6596842eb67c74a1c210acfd8b5cbc2

SHA512
16cf983346cdf547f21f9c93a6f95261870e0f4625b7ed5a192019b873f0fe940517936d4111bc1533e841b17522b9d5790bc2b59adeecaa0bc8fc5afcabd1b8

Download Submit
C:\Windows\System\JgCBReC.exe

Filesize
2.4MB

MD5
492655042f840cf198dd22186b422254

SHA1
bf0b722725d64d816f54528b43e147a6ec279707

SHA256
d171250aa6872a4ecd2b092990f658310eb7b72aa823f38cc670850020e8d0b1

SHA512
8e70c78a48a9f118cab09a1ef3c43c5d2a74d655deb0422bfebcd078367739ca26f97a016a8dbe9c271f68cd287e3cba6762594a7e26a8ba122d88b552527dbf

Download Submit
C:\Windows\System\LmuHQLr.exe

Filesize
2.4MB

MD5
89993c2470ce15d527ad3820dc674f15

SHA1
88a1835022f61870089cfe572511af31842d64e8

SHA256
71ec38b1fbbfd418192556885c8738c0d0d007f20b69439422aaaed342b2059e

SHA512
c771e3d6b95f7ea5df466efd1a56c61b0fad14931f1ed6daf7d0904940daf1430a4738d9993459118d50f8d061940eff27d46c784e8779aac06e61062b3ce707

Download Submit
C:\Windows\System\PKEbQGa.exe

Filesize
2.4MB

MD5
b3bb946caff4be12b03861b189da8b53

SHA1
0be746a00d26e2c3dd26942ddaf6793a57c119b0

SHA256
1a481f4259a43eb633477595e9fa2f30282d9c374a58d64cdff254c78d6c12f4

SHA512
9bba8cfaf3ffab4ef8e2725f37b81656120ba8d3cb0f7e57609d5d09c348c18afdd8a5ff910a26cafb9b43c78e3a5bd2c6f758620e2a2c67f42327f8ed04f17e

Download Submit
C:\Windows\System\SqCCsyt.exe

Filesize
2.4MB

MD5
4e7c20c1498b15c354c02108242fb068

SHA1
4cc649101734bcd5a2125ca7005dee8d124db26b

SHA256
e248179e98cdd28daff09c6bddb16fd27304fe7b01cf0441b85c45a45a45afd0

SHA512
25958a85d9609798a103ba5d65d9ae6b4a0ecce91df622bb94c60726d9dba2a2644fcd90ece8e515dd0441ecb3296c8d10e4b4fbc23f5fec4c1dfe14cff87fbf

Download Submit
C:\Windows\System\UCjwevf.exe

Filesize
2.4MB

MD5
f44c66afbb74bc52b565b5b1d2fd0501

SHA1
5f687c76e253e9a938320a175e8a342701c71c43

SHA256
c7493b64b89a721c4eea1990cc46071f92840178893cf689694f4c103b568ecc

SHA512
d1f6117d298314b7bde6a1c50f7fe0d35840942a92dc63f0e006c9ba28b8fcf5ac15c5d344e13d7d3e4d2567fb76091ff0921b4cc2f52d916547a2a90ac17e97

Download Submit
C:\Windows\System\WJiVAzL.exe

Filesize
2.4MB

MD5
4e17e296b278205b0b956508fecef2bb

SHA1
b6a102b583f7bae2f60fda7e938cbad5a373a6f7

SHA256
b0e5dfaf3c5e19dc1a3463fa79b0f6bb7875ad561d4e1d2a16a790b8f01a109d

SHA512
5537bc352e8b7007be036f4aa12ed679d9414e470b5535ad2b189fd34ae615ebc40c131068876cc07b848122d645591dbcb8f59aa86f2bbcb6aa21491b1ca25d

Download Submit
C:\Windows\System\YUehdLC.exe

Filesize
2.4MB

MD5
08dd0de5c310a45b5a63d3950db8563c

SHA1
206b2ca4268f7d8de9ee5a42f7d468059f888151

SHA256
5220668a9f467e20172a1794286e9a63c30888243094d21ee9fffe095e932306

SHA512
9a4314d0f4fbc023439b7d00c31f76822c07aaedb025bff82cad5af1a2536d9a9a06539395d18f153824e76f3ddd82ef5ad9e0fc227c583bd83f77b43310974b

Download Submit
C:\Windows\System\cGGOiFg.exe

Filesize
2.4MB

MD5
a8a1673a23800623fd1e699198b13dce

SHA1
633050945fb783899dc56f4c4c29de4053060a1e

SHA256
1df9496115fdb7511bb718496d534167419f5f3c83e733fc1d14421d41a431c1

SHA512
6f6ae9ad76955b305a4bd59277786d7709f1c80a3e3f7d031947d5c78f19427fff5a0ef8f3c2b876723a023ca051d5c1d11b623846fc0fd95b3d9d711a1336ba

Download Submit
C:\Windows\System\eIjPgOA.exe

Filesize
2.4MB

MD5
af50a88568fa7a7c15ada77672fc0a67

SHA1
1e34fe6d09e6e71e6fd2d289a91fce5566977eca

SHA256
9f92cd6fff6a97a482b1380e907dc30bbbd8735bcd7d5699d4fc2c36c49a1eb7

SHA512
1fcc059c4600ee7cc80c16cd7ddeb4d04250ced2884b95f4fcc42d290e7b96841e6b5efc124dfe18462b8513bd55701fd32aedd96e7c31798ea6db86353ceba4

Download Submit
C:\Windows\System\eZWRumC.exe

Filesize
2.4MB

MD5
b973de567c16d558ccb58ee475c10a16

SHA1
3885490217b06efe5c7a007c90121930f3a01427

SHA256
ead05237a00a2201a09ac92674c632dd2ed2e9bc9525ccceb5009f5b2d296e63

SHA512
d545e2417356ce15e6b1212e36bbeacb6d6cf571e69ae894825a7f704093e07f997de7b30bedeb5fdba9ccb14e0b36c984e5fb88ee8dcf0c17c218d8220b9bcd

Download Submit
C:\Windows\System\eiJCFhH.exe

Filesize
2.4MB

MD5
b6a912751f064e59630e9fcdff9155be

SHA1
a0e38a8ea3f963fec83bc2e7e88522dec77907c4

SHA256
377edc9c0501c2477d5262bc5a8ae1d15231edab4a0f74182b46b47883361f37

SHA512
d1f79aa6f1eacf93464d14046fc2ca9531b33c646d06c50c5d02fc0b7c1faed207af036e5de0615c5abf854cc2807850cf9203ea9d5859387f8b07c18c5cca79

Download Submit
C:\Windows\System\ezIQvhn.exe

Filesize
2.4MB

MD5
bbf4e8be03d6045ac479a0cd9d18165f

SHA1
652504b994540fadde9e677e3033567fc60f410a

SHA256
186642a03c7a8ee6d64bfd521a9794987ab729a535b5ae8734b6be25814ee5db

SHA512
d0d91c076f214b7e1daf74b97edffe5ad2c844ec9fc8265e9ba4b43d1196e1958dad0e1f593e05b5576c6986fef4e1a7e208298a17ec9b8e4fba4e730c3951ff

Download Submit
C:\Windows\System\fPsXwUz.exe

Filesize
2.4MB

MD5
4b7a6acb11240529c9eaaf47a95682be

SHA1
0d4bedaea1961b7195e4f8e1b49c82fd0b121872

SHA256
e861b0256b6e4e485c70377ff7d068e8197e5560a90fa3fb635ba0ad3451ba56

SHA512
6e2a4cbe5a1250af3f529c9f27b241ae216cb74ea382165e09aa6f2c7f50b72a120579ca109b461504815a685e0583468f1d0c2ca2f0558adaa93ce817cc4171

Download Submit
C:\Windows\System\jlViPJA.exe

Filesize
2.4MB

MD5
910bebd72fa5021463b0c41c8bfe719b

SHA1
2a1204d3435ed9f024ebcd5e8cc0812adaa08d8b

SHA256
bfdd190b1f1b64363a4c393d492ae50761d29bc4ccc19b0a7a948cdb984bdc28

SHA512
1fd77e2ef7132a125252c3ca3889fd41efb8a5cbc03071896ca75038699d281a032afff919fb4e63d8cdbbdc6bbd372811d7b0e7091ddfcdc3d43639357ca3ef

Download Submit
C:\Windows\System\nSvQbLD.exe

Filesize
2.4MB

MD5
dc4a4af7325e414f8d12485f0b5de9e6

SHA1
be9b681fe2b1802b40dbcd90fbb2e86689caa39a

SHA256
d4659cb2e07c0c6d4a9d33bdea04968c0f7680227ba0043fe74a6ba671026e70

SHA512
e63dcd53c3803028e53a646d17eba0a6f90d9727acde385e1d315f156490f09b730a19727f1cdbb41c05bb7f3dcb8256c4978a5c009fb6cea118cd954d0277a7

Download Submit
C:\Windows\System\rJAPcFl.exe

Filesize
2.4MB

MD5
f7940511f9773ae0dc2c5a1cb591ffdc

SHA1
7d3d88830cd07943adb5fe644251b59cae3483c2

SHA256
4f633e4c0e5eb61231a3378c6af07acd955c50776c7819ca14e4cd61bc7c808e

SHA512
8d0cff583c23d13bee3d8baadc2829167d072b0b21436acd98e9c5021c8f20d3167205c31d8ccd448b5e2769cd4d02442fa216d99a38c5df4fc3759f9f12ea5f

Download Submit
C:\Windows\System\smEfDSv.exe

Filesize
2.4MB

MD5
b3e31673bbddae4f8ede02e64f1476a9

SHA1
b5228349324b22c0d007b3d057e502874a0ad2d2

SHA256
5b089354500c968c5f49b8b89be51608e9c450b4e0a13181ef37bf48ce4e465d

SHA512
dd286949675b7a44bb90f9a9fd69ee44882fd45a47e0bf442a18bec168cbc22a95ab5028ad67fa7f0b290295bea7890b0835ce86b87c7a2390181c08255bab1e

Download Submit
C:\Windows\System\thxaCno.exe

Filesize
2.4MB

MD5
8c645acf7a8071412f2a94014ac5c6e1

SHA1
51dc147b899d7316eb6130c6c58091d4f839265b

SHA256
ea86fa15b361b7d8217bf4cc02d77658ca476fdaea5f6b9bb1ccbc0561dd3c40

SHA512
1a74f8e3aa91be004a8c69ea77af213911afe3e210b32b02313ff8ac28e5edbdff80d5589f41c77c53f30f767b64fa8d1889647e63ffb9b7e9b2aba1d1db18c2

Download Submit
C:\Windows\System\vsYfQYI.exe

Filesize
2.4MB

MD5
1d8c8d715c544e5ad62643424135d3a7

SHA1
421e218730a2245dab930cd524aa123436835d82

SHA256
dbf8369f9f52b8e97ef8fc436b4cf73bd2d507900878d7fb36ee8e3cc6aa692b

SHA512
425c47017593df73c0ae6fdf8e2cb059587b775b3b5380d890245464f4c97042aa0faa17114972983217e5e14cc4f34f3b8cf8b8f49bde87535d8af3f26712aa

Download Submit
C:\Windows\System\wdEXWkv.exe

Filesize
2.4MB

MD5
a6b17fa440c6f094ab3dd2a828efa820

SHA1
48c55042c3404313468da432976f631188c48da1

SHA256
428e5d9a0d6d4cca5ea6bd8f453d76358023a48470392ce4cf812197410e3097

SHA512
499126538e69be0f523f582ac54c93d351e0b8232a87c8042428a4658cc8499d275b04da5d035a30a22b04bb03395a903fb1d8174d2c15b1bda9f93bfed87f95

Download Submit
C:\Windows\System\yIIkbtT.exe

Filesize
2.4MB

MD5
d171a9b8236aa3b07fb1c2c295c1aa1d

SHA1
f56e60989ef4a1201bb8e36971694405eb566306

SHA256
bdf8144d2224fdcc7a3122b2c7ccc8f68520bcad38a714f2478f54510929294b

SHA512
bb27e4797eba96b3986bb2e93a93d14014f649d5a4afd075c72a6099d1ab890850d40675f3c5ee3d185a5e19bd2355f9e3dd6818c3139a3cdeaf3da8b4517f2f

Download Submit
C:\Windows\System\yPqzdXN.exe

Filesize
2.4MB

MD5
3ca35370f538e90d4885de8c11be6b8a

SHA1
02f4624f81488ad2e971fa543dcfcef4d3e3d550

SHA256
f2c058413f79138757a429fb1e18f77bfaa52c34af8e9d6668c244628e7c32b4

SHA512
43b4e97124e30222a51ea44d258eeb8d2dd5fb26757801cc11371648d034570dbfe26bfe45580b4139c23a87354a1cfabde9ccbae69689b47d32c89a9f69748b

Download Submit
C:\Windows\System\yrzwjBe.exe

Filesize
2.4MB

MD5
cf91415bb13586c2d6fffd450add73d1

SHA1
3e8d28adbcf35117008144760580a464c2d390c1

SHA256
5be2c20e22c1a6410ca2c2cb1fe2b79ed1360bf0df616a5dcbf1c2064afa8db6

SHA512
e79822a7099f26c69f3a190a81e6805dd6fdf78de59ccb42cf258c72e2e81fb1f5be95bb7cb86c5c2b9c33243145fcec4b9fda538b4f764bd11c2e8b23210c09

Download Submit
C:\Windows\System\zRaMsKh.exe

Filesize
2.4MB

MD5
6c89ba230398c39f9e615cc2da512a7c

SHA1
6b0dd8507f77801ccdd0f36ad07bb8184e877d6f

SHA256
38ea7ccd9dc00825732c7052086a14480e53abf137e4335da26f590b41ae7711

SHA512
faf782cd88f190c539458433bd8114fb1b3f5b8a05a030d071503b5519e456c91c7e8297a49690e018578cadec14089b1c19c0a1187a5f3402607b7e3549e5e6

Download Submit
C:\Windows\System\zaSLZvH.exe

Filesize
2.4MB

MD5
2802b0fa3bdbb6bd9f6e785cd0e1c5a4

SHA1
b007af97f089386b28ba8f25a8f84ae3a79a4774

SHA256
2d4d05053be2590e638120e476a49176d20aba9417fc63e42d4bf49a3768f204

SHA512
46e1c7d5efe4f595ce5b05482ed514d4d0c2a4b358cec2536c4d50df31d9ebf81f543332e51f7d8fe494e3145a2b8c8fc35b54a79302f5bf44b66a3335191e0b

Download Submit
memory/208-59-0x00007FF6860E0000-0x00007FF686434000-memory.dmp

Filesize
3.3MB

Download
memory/208-2163-0x00007FF6860E0000-0x00007FF686434000-memory.dmp

Filesize
3.3MB

Download
memory/436-2162-0x00007FF6E6A50000-0x00007FF6E6DA4000-memory.dmp

Filesize
3.3MB

Download
memory/436-21-0x00007FF6E6A50000-0x00007FF6E6DA4000-memory.dmp

Filesize
3.3MB

Download
memory/448-2186-0x00007FF6A6DF0000-0x00007FF6A7144000-memory.dmp

Filesize
3.3MB

Download
memory/448-628-0x00007FF6A6DF0000-0x00007FF6A7144000-memory.dmp

Filesize
3.3MB

Download
memory/944-1-0x000002A062DE0000-0x000002A062DF0000-memory.dmp

Filesize
64KB

Download
memory/944-0-0x00007FF66BC80000-0x00007FF66BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1176-25-0x00007FF7C2B10000-0x00007FF7C2E64000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2165-0x00007FF7C2B10000-0x00007FF7C2E64000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2089-0x00007FF7C2B10000-0x00007FF7C2E64000-memory.dmp

Filesize
3.3MB

Download
memory/1640-83-0x00007FF7D30D0000-0x00007FF7D3424000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2173-0x00007FF7D30D0000-0x00007FF7D3424000-memory.dmp

Filesize
3.3MB

Download
memory/1840-610-0x00007FF61D3E0000-0x00007FF61D734000-memory.dmp

Filesize
3.3MB

Download
memory/1840-2184-0x00007FF61D3E0000-0x00007FF61D734000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2167-0x00007FF7E8080000-0x00007FF7E83D4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-61-0x00007FF7E8080000-0x00007FF7E83D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2166-0x00007FF7D0BD0000-0x00007FF7D0F24000-memory.dmp

Filesize
3.3MB

Download
memory/2128-40-0x00007FF7D0BD0000-0x00007FF7D0F24000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2090-0x00007FF7D0BD0000-0x00007FF7D0F24000-memory.dmp

Filesize
3.3MB

Download
memory/2264-52-0x00007FF6BBED0000-0x00007FF6BC224000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2169-0x00007FF6BBED0000-0x00007FF6BC224000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2160-0x00007FF6BBED0000-0x00007FF6BC224000-memory.dmp

Filesize
3.3MB

Download
memory/2488-51-0x00007FF670B10000-0x00007FF670E64000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2171-0x00007FF670B10000-0x00007FF670E64000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2159-0x00007FF670B10000-0x00007FF670E64000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2170-0x00007FF6C0BC0000-0x00007FF6C0F14000-memory.dmp

Filesize
3.3MB

Download
memory/2612-62-0x00007FF6C0BC0000-0x00007FF6C0F14000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2172-0x00007FF7B5D20000-0x00007FF7B6074000-memory.dmp

Filesize
3.3MB

Download
memory/2844-70-0x00007FF7B5D20000-0x00007FF7B6074000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2179-0x00007FF770D50000-0x00007FF7710A4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-565-0x00007FF770D50000-0x00007FF7710A4000-memory.dmp

Filesize
3.3MB

Download
memory/3096-557-0x00007FF68FC40000-0x00007FF68FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3096-2177-0x00007FF68FC40000-0x00007FF68FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3172-593-0x00007FF6FE020000-0x00007FF6FE374000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2190-0x00007FF6FE020000-0x00007FF6FE374000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2178-0x00007FF68B2E0000-0x00007FF68B634000-memory.dmp

Filesize
3.3MB

Download
memory/3244-558-0x00007FF68B2E0000-0x00007FF68B634000-memory.dmp

Filesize
3.3MB

Download
memory/3764-634-0x00007FF688560000-0x00007FF6888B4000-memory.dmp

Filesize
3.3MB

Download
memory/3764-2185-0x00007FF688560000-0x00007FF6888B4000-memory.dmp

Filesize
3.3MB

Download
memory/3844-47-0x00007FF732850000-0x00007FF732BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3844-2168-0x00007FF732850000-0x00007FF732BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3844-2093-0x00007FF732850000-0x00007FF732BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3952-79-0x00007FF6DA3A0000-0x00007FF6DA6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3952-2174-0x00007FF6DA3A0000-0x00007FF6DA6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2183-0x00007FF78D910000-0x00007FF78DC64000-memory.dmp

Filesize
3.3MB

Download
memory/4220-586-0x00007FF78D910000-0x00007FF78DC64000-memory.dmp

Filesize
3.3MB

Download
memory/4352-2182-0x00007FF77E840000-0x00007FF77EB94000-memory.dmp

Filesize
3.3MB

Download
memory/4352-575-0x00007FF77E840000-0x00007FF77EB94000-memory.dmp

Filesize
3.3MB

Download
memory/4380-2180-0x00007FF667D80000-0x00007FF6680D4000-memory.dmp

Filesize
3.3MB

Download
memory/4380-582-0x00007FF667D80000-0x00007FF6680D4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2181-0x00007FF793430000-0x00007FF793784000-memory.dmp

Filesize
3.3MB

Download
memory/4716-569-0x00007FF793430000-0x00007FF793784000-memory.dmp

Filesize
3.3MB

Download
memory/4740-60-0x00007FF6611C0000-0x00007FF661514000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2164-0x00007FF6611C0000-0x00007FF661514000-memory.dmp

Filesize
3.3MB

Download
memory/4812-638-0x00007FF654D10000-0x00007FF655064000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2176-0x00007FF654D10000-0x00007FF655064000-memory.dmp

Filesize
3.3MB

Download
memory/4920-596-0x00007FF777A30000-0x00007FF777D84000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2187-0x00007FF777A30000-0x00007FF777D84000-memory.dmp

Filesize
3.3MB

Download
memory/4944-627-0x00007FF669250000-0x00007FF6695A4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2189-0x00007FF669250000-0x00007FF6695A4000-memory.dmp

Filesize
3.3MB

Download
memory/5048-556-0x00007FF7FF8A0000-0x00007FF7FFBF4000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2175-0x00007FF7FF8A0000-0x00007FF7FFBF4000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2161-0x00007FF7FF8A0000-0x00007FF7FFBF4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-587-0x00007FF7EDB80000-0x00007FF7EDED4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2188-0x00007FF7EDB80000-0x00007FF7EDED4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads