xmrig | f613635c47566cc9e258b764ff488296ac644987ca006f4c55216e6eaee823ca

Analysis

max time kernel
136s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
Size

2.0MB
MD5

b1973ce51cd0432da70d891cd5538680
SHA1

5eb194e212a12174b12e1a4a751252417d9128c3
SHA256

f613635c47566cc9e258b764ff488296ac644987ca006f4c55216e6eaee823ca
SHA512

3705f8b24be36f9ee089ba4ac62bf1cdc2365d3dc9c235427338bf78d246e2d735af3d6df251bb4c1f52f474c30eb8a0f88c6b528315eeb4fc29290b96c0cbff
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOY7CH09QhCv:BemTLkNdfE0pZrQF

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/604-0-0x00007FF6E5200000-0x00007FF6E5554000-memory.dmp	xmrig
behavioral2/files/0x000900000002328e-5.dat	xmrig
behavioral2/files/0x0007000000023407-18.dat	xmrig
behavioral2/files/0x000700000002340c-61.dat	xmrig
behavioral2/files/0x0007000000023413-73.dat	xmrig
behavioral2/files/0x0007000000023416-95.dat	xmrig
behavioral2/files/0x000700000002341a-116.dat	xmrig
behavioral2/files/0x000700000002341e-149.dat	xmrig
behavioral2/files/0x0007000000023422-175.dat	xmrig
behavioral2/files/0x0007000000023424-172.dat	xmrig
behavioral2/memory/1228-214-0x00007FF6DB210000-0x00007FF6DB564000-memory.dmp	xmrig
behavioral2/memory/3268-231-0x00007FF6AC010000-0x00007FF6AC364000-memory.dmp	xmrig
behavioral2/memory/372-239-0x00007FF604B40000-0x00007FF604E94000-memory.dmp	xmrig
behavioral2/memory/3156-244-0x00007FF6C7F10000-0x00007FF6C8264000-memory.dmp	xmrig
behavioral2/memory/3216-243-0x00007FF7A67A0000-0x00007FF7A6AF4000-memory.dmp	xmrig
behavioral2/memory/2464-242-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp	xmrig
behavioral2/memory/3916-241-0x00007FF6298F0000-0x00007FF629C44000-memory.dmp	xmrig
behavioral2/memory/3484-240-0x00007FF667A10000-0x00007FF667D64000-memory.dmp	xmrig
behavioral2/memory/2756-238-0x00007FF7B5C90000-0x00007FF7B5FE4000-memory.dmp	xmrig
behavioral2/memory/2644-237-0x00007FF79FBF0000-0x00007FF79FF44000-memory.dmp	xmrig
behavioral2/memory/2684-236-0x00007FF727A00000-0x00007FF727D54000-memory.dmp	xmrig
behavioral2/memory/4576-235-0x00007FF62A7C0000-0x00007FF62AB14000-memory.dmp	xmrig
behavioral2/memory/4748-234-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp	xmrig
behavioral2/memory/4352-233-0x00007FF6DFBA0000-0x00007FF6DFEF4000-memory.dmp	xmrig
behavioral2/memory/3732-232-0x00007FF6331A0000-0x00007FF6334F4000-memory.dmp	xmrig
behavioral2/memory/1844-230-0x00007FF76A430000-0x00007FF76A784000-memory.dmp	xmrig
behavioral2/memory/4716-229-0x00007FF6D4E20000-0x00007FF6D5174000-memory.dmp	xmrig
behavioral2/memory/3680-228-0x00007FF7E3F10000-0x00007FF7E4264000-memory.dmp	xmrig
behavioral2/memory/2068-226-0x00007FF637450000-0x00007FF6377A4000-memory.dmp	xmrig
behavioral2/memory/1628-213-0x00007FF763560000-0x00007FF7638B4000-memory.dmp	xmrig
behavioral2/memory/2876-210-0x00007FF74A790000-0x00007FF74AAE4000-memory.dmp	xmrig
behavioral2/memory/3160-209-0x00007FF692370000-0x00007FF6926C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-169.dat	xmrig
behavioral2/files/0x0007000000023421-163.dat	xmrig
behavioral2/files/0x0007000000023420-153.dat	xmrig
behavioral2/files/0x000700000002341f-151.dat	xmrig
behavioral2/files/0x000700000002341d-147.dat	xmrig
behavioral2/files/0x000700000002341c-145.dat	xmrig
behavioral2/files/0x000700000002341b-143.dat	xmrig
behavioral2/files/0x0007000000023419-139.dat	xmrig
behavioral2/files/0x0007000000023418-137.dat	xmrig
behavioral2/files/0x0007000000023417-131.dat	xmrig
behavioral2/files/0x0007000000023414-125.dat	xmrig
behavioral2/memory/880-122-0x00007FF7F7C80000-0x00007FF7F7FD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-110.dat	xmrig
behavioral2/memory/1216-102-0x00007FF621410000-0x00007FF621764000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-101.dat	xmrig
behavioral2/files/0x0007000000023415-89.dat	xmrig
behavioral2/files/0x0007000000023412-88.dat	xmrig
behavioral2/files/0x0007000000023410-85.dat	xmrig
behavioral2/files/0x000700000002340a-79.dat	xmrig
behavioral2/memory/3192-70-0x00007FF770A80000-0x00007FF770DD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-69.dat	xmrig
behavioral2/files/0x000700000002340e-66.dat	xmrig
behavioral2/files/0x0007000000023409-58.dat	xmrig
behavioral2/memory/4996-55-0x00007FF770CB0000-0x00007FF771004000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-64.dat	xmrig
behavioral2/memory/8-42-0x00007FF7CEC70000-0x00007FF7CEFC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-39.dat	xmrig
behavioral2/memory/1284-25-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp	xmrig
behavioral2/files/0x0008000000023405-24.dat	xmrig
behavioral2/files/0x0007000000023406-21.dat	xmrig
behavioral2/memory/1560-16-0x00007FF7FF820000-0x00007FF7FFB74000-memory.dmp	xmrig
behavioral2/memory/4996-2140-0x00007FF770CB0000-0x00007FF771004000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1560	jUXXlJt.exe
2756	PSqehSb.exe
1284	eJwEcmw.exe
372	ooCKDHc.exe
8	nJNrVJq.exe
4996	GreAkBZ.exe
3484	nicUpsN.exe
3192	hWzCFoo.exe
1216	JWOxqoK.exe
880	xYkLDuu.exe
3160	UZAtwKO.exe
3916	sROPNvS.exe
2876	qrUlcEF.exe
1628	DnQCxHZ.exe
2464	iCaNIfM.exe
1228	eKcdJsj.exe
2068	rmAFMYg.exe
3680	gwdIbtj.exe
4716	RElBNkf.exe
1844	CvaTklw.exe
3216	EiBhcpT.exe
3268	XxoaHoO.exe
3732	HpufXfN.exe
4352	nEhkvQj.exe
3156	BOTEZDx.exe
4748	nllmlIP.exe
4576	uypJJBL.exe
2684	PcxUdZY.exe
2644	ThkCLcW.exe
3036	tEtnhNg.exe
4052	OuXzwuO.exe
3248	VbWyHgn.exe
1076	FvZCcUL.exe
664	vIjgzBJ.exe
3672	eMfcuCK.exe
2192	WLaPQQZ.exe
2612	FZpNwBN.exe
3832	lCRtpZK.exe
3556	rdKVlWR.exe
3960	yJDzBZM.exe
2444	sAJDYMt.exe
2872	qSvWePX.exe
3356	HnhuoOm.exe
4960	GpVvNCe.exe
1236	jYPyweP.exe
2384	ZsALLEG.exe
4952	xUneQuo.exe
3172	JfzjZqd.exe
1492	pXEFJcW.exe
3364	CAsSzJz.exe
2396	ykPrgFG.exe
4320	xguOHVz.exe
2392	mWrsVgm.exe
3596	zapYKaX.exe
3756	MhFqBsn.exe
4524	TgmhcRI.exe
2220	dsTIiWz.exe
4364	OcjQOyf.exe
3200	CcbzPhK.exe
1824	jfGRvvC.exe
4168	vppnbsu.exe
4140	nYJCgnM.exe
4876	wGNxFpL.exe
1676	rwtKOyI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/604-0-0x00007FF6E5200000-0x00007FF6E5554000-memory.dmp	upx
behavioral2/files/0x000900000002328e-5.dat	upx
behavioral2/files/0x0007000000023407-18.dat	upx
behavioral2/files/0x000700000002340c-61.dat	upx
behavioral2/files/0x0007000000023413-73.dat	upx
behavioral2/files/0x0007000000023416-95.dat	upx
behavioral2/files/0x000700000002341a-116.dat	upx
behavioral2/files/0x000700000002341e-149.dat	upx
behavioral2/files/0x0007000000023422-175.dat	upx
behavioral2/files/0x0007000000023424-172.dat	upx
behavioral2/memory/1228-214-0x00007FF6DB210000-0x00007FF6DB564000-memory.dmp	upx
behavioral2/memory/3268-231-0x00007FF6AC010000-0x00007FF6AC364000-memory.dmp	upx
behavioral2/memory/372-239-0x00007FF604B40000-0x00007FF604E94000-memory.dmp	upx
behavioral2/memory/3156-244-0x00007FF6C7F10000-0x00007FF6C8264000-memory.dmp	upx
behavioral2/memory/3216-243-0x00007FF7A67A0000-0x00007FF7A6AF4000-memory.dmp	upx
behavioral2/memory/2464-242-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp	upx
behavioral2/memory/3916-241-0x00007FF6298F0000-0x00007FF629C44000-memory.dmp	upx
behavioral2/memory/3484-240-0x00007FF667A10000-0x00007FF667D64000-memory.dmp	upx
behavioral2/memory/2756-238-0x00007FF7B5C90000-0x00007FF7B5FE4000-memory.dmp	upx
behavioral2/memory/2644-237-0x00007FF79FBF0000-0x00007FF79FF44000-memory.dmp	upx
behavioral2/memory/2684-236-0x00007FF727A00000-0x00007FF727D54000-memory.dmp	upx
behavioral2/memory/4576-235-0x00007FF62A7C0000-0x00007FF62AB14000-memory.dmp	upx
behavioral2/memory/4748-234-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp	upx
behavioral2/memory/4352-233-0x00007FF6DFBA0000-0x00007FF6DFEF4000-memory.dmp	upx
behavioral2/memory/3732-232-0x00007FF6331A0000-0x00007FF6334F4000-memory.dmp	upx
behavioral2/memory/1844-230-0x00007FF76A430000-0x00007FF76A784000-memory.dmp	upx
behavioral2/memory/4716-229-0x00007FF6D4E20000-0x00007FF6D5174000-memory.dmp	upx
behavioral2/memory/3680-228-0x00007FF7E3F10000-0x00007FF7E4264000-memory.dmp	upx
behavioral2/memory/2068-226-0x00007FF637450000-0x00007FF6377A4000-memory.dmp	upx
behavioral2/memory/1628-213-0x00007FF763560000-0x00007FF7638B4000-memory.dmp	upx
behavioral2/memory/2876-210-0x00007FF74A790000-0x00007FF74AAE4000-memory.dmp	upx
behavioral2/memory/3160-209-0x00007FF692370000-0x00007FF6926C4000-memory.dmp	upx
behavioral2/files/0x0007000000023423-169.dat	upx
behavioral2/files/0x0007000000023421-163.dat	upx
behavioral2/files/0x0007000000023420-153.dat	upx
behavioral2/files/0x000700000002341f-151.dat	upx
behavioral2/files/0x000700000002341d-147.dat	upx
behavioral2/files/0x000700000002341c-145.dat	upx
behavioral2/files/0x000700000002341b-143.dat	upx
behavioral2/files/0x0007000000023419-139.dat	upx
behavioral2/files/0x0007000000023418-137.dat	upx
behavioral2/files/0x0007000000023417-131.dat	upx
behavioral2/files/0x0007000000023414-125.dat	upx
behavioral2/memory/880-122-0x00007FF7F7C80000-0x00007FF7F7FD4000-memory.dmp	upx
behavioral2/files/0x0007000000023411-110.dat	upx
behavioral2/memory/1216-102-0x00007FF621410000-0x00007FF621764000-memory.dmp	upx
behavioral2/files/0x000700000002340f-101.dat	upx
behavioral2/files/0x0007000000023415-89.dat	upx
behavioral2/files/0x0007000000023412-88.dat	upx
behavioral2/files/0x0007000000023410-85.dat	upx
behavioral2/files/0x000700000002340a-79.dat	upx
behavioral2/memory/3192-70-0x00007FF770A80000-0x00007FF770DD4000-memory.dmp	upx
behavioral2/files/0x000700000002340b-69.dat	upx
behavioral2/files/0x000700000002340e-66.dat	upx
behavioral2/files/0x0007000000023409-58.dat	upx
behavioral2/memory/4996-55-0x00007FF770CB0000-0x00007FF771004000-memory.dmp	upx
behavioral2/files/0x000700000002340d-64.dat	upx
behavioral2/memory/8-42-0x00007FF7CEC70000-0x00007FF7CEFC4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-39.dat	upx
behavioral2/memory/1284-25-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp	upx
behavioral2/files/0x0008000000023405-24.dat	upx
behavioral2/files/0x0007000000023406-21.dat	upx
behavioral2/memory/1560-16-0x00007FF7FF820000-0x00007FF7FFB74000-memory.dmp	upx
behavioral2/memory/4996-2140-0x00007FF770CB0000-0x00007FF771004000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OuXzwuO.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\RVdGPKg.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\GHigBaB.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\sXYFrNo.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\nllmlIP.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\TgmhcRI.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\KjeRBLx.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\RGkOsZK.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\NScdbqj.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\kVOWwtK.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\tbCHavf.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\KMUrUkc.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\VvrXRiz.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\ZkrnmXb.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\ujZsQeg.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\rkDrunD.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\cYYfvRp.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\XzzPbBt.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\weNSedt.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\CvaTklw.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\wGNxFpL.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\ITHUFbC.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\JrAbwzJ.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\ReQooSi.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\EBYuMsL.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\UXxevZk.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\NkPqhVG.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\FqCUPyv.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\OzMwbbo.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\qtmpcYu.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\FxQjdIv.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\BxXzPAx.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\EcqwWoB.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\NiqQWpH.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\LniBqJS.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\VwdgGZb.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\miqjpIN.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\kMYNLsz.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\UkSpBXO.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\XoOnuSw.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\YofFwkw.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\Ykvcsca.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\XwcllYm.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\XKRBODf.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\vgGZULO.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\aUXANbh.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\VyIlqIY.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\qrUscaH.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\HjpTWKQ.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\xFbHVCz.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\KgTBihl.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\rdKVlWR.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\KSfaPoR.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\MTwLPeJ.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\piUAGSG.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\wHydwVQ.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\nEhkvQj.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\HiIgHcg.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\yhUpUPh.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\KBclAOW.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\ixiHYPk.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\HJBLLGT.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\BFpLpqY.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
File created	C:\Windows\System\nJNrVJq.exe	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13904	dwm.exe
Token: SeChangeNotifyPrivilege	13904	dwm.exe
Token: 33	13904	dwm.exe
Token: SeIncBasePriorityPrivilege	13904	dwm.exe
Token: SeShutdownPrivilege	13904	dwm.exe
Token: SeCreatePagefilePrivilege	13904	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 604 wrote to memory of 1560	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	84
PID 604 wrote to memory of 1560	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	84
PID 604 wrote to memory of 1284	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	85
PID 604 wrote to memory of 1284	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	85
PID 604 wrote to memory of 2756	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	86
PID 604 wrote to memory of 2756	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	86
PID 604 wrote to memory of 372	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	87
PID 604 wrote to memory of 372	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	87
PID 604 wrote to memory of 8	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	88
PID 604 wrote to memory of 8	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	88
PID 604 wrote to memory of 4996	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	89
PID 604 wrote to memory of 4996	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	89
PID 604 wrote to memory of 880	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	90
PID 604 wrote to memory of 880	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	90
PID 604 wrote to memory of 3484	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	91
PID 604 wrote to memory of 3484	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	91
PID 604 wrote to memory of 3192	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	92
PID 604 wrote to memory of 3192	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	92
PID 604 wrote to memory of 1216	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	93
PID 604 wrote to memory of 1216	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	93
PID 604 wrote to memory of 3160	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	94
PID 604 wrote to memory of 3160	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	94
PID 604 wrote to memory of 1628	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	95
PID 604 wrote to memory of 1628	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	95
PID 604 wrote to memory of 3916	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	96
PID 604 wrote to memory of 3916	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	96
PID 604 wrote to memory of 2876	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	97
PID 604 wrote to memory of 2876	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	97
PID 604 wrote to memory of 2068	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	98
PID 604 wrote to memory of 2068	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	98
PID 604 wrote to memory of 2464	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	99
PID 604 wrote to memory of 2464	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	99
PID 604 wrote to memory of 1228	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	100
PID 604 wrote to memory of 1228	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	100
PID 604 wrote to memory of 3680	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	101
PID 604 wrote to memory of 3680	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	101
PID 604 wrote to memory of 4716	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	102
PID 604 wrote to memory of 4716	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	102
PID 604 wrote to memory of 1844	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	103
PID 604 wrote to memory of 1844	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	103
PID 604 wrote to memory of 3216	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	104
PID 604 wrote to memory of 3216	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	104
PID 604 wrote to memory of 3268	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	105
PID 604 wrote to memory of 3268	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	105
PID 604 wrote to memory of 3732	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	106
PID 604 wrote to memory of 3732	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	106
PID 604 wrote to memory of 4352	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	107
PID 604 wrote to memory of 4352	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	107
PID 604 wrote to memory of 3156	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	108
PID 604 wrote to memory of 3156	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	108
PID 604 wrote to memory of 4748	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	109
PID 604 wrote to memory of 4748	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	109
PID 604 wrote to memory of 4576	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	110
PID 604 wrote to memory of 4576	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	110
PID 604 wrote to memory of 2684	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	111
PID 604 wrote to memory of 2684	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	111
PID 604 wrote to memory of 2644	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	112
PID 604 wrote to memory of 2644	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	112
PID 604 wrote to memory of 3036	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	113
PID 604 wrote to memory of 3036	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	113
PID 604 wrote to memory of 4052	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	114
PID 604 wrote to memory of 4052	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	114
PID 604 wrote to memory of 3248	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	115
PID 604 wrote to memory of 3248	604	b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b1973ce51cd0432da70d891cd5538680_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:604
- C:\Windows\System\jUXXlJt.exe
  C:\Windows\System\jUXXlJt.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\eJwEcmw.exe
  C:\Windows\System\eJwEcmw.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\PSqehSb.exe
  C:\Windows\System\PSqehSb.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ooCKDHc.exe
  C:\Windows\System\ooCKDHc.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\nJNrVJq.exe
  C:\Windows\System\nJNrVJq.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\GreAkBZ.exe
  C:\Windows\System\GreAkBZ.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\xYkLDuu.exe
  C:\Windows\System\xYkLDuu.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\nicUpsN.exe
  C:\Windows\System\nicUpsN.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\hWzCFoo.exe
  C:\Windows\System\hWzCFoo.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\JWOxqoK.exe
  C:\Windows\System\JWOxqoK.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\UZAtwKO.exe
  C:\Windows\System\UZAtwKO.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\DnQCxHZ.exe
  C:\Windows\System\DnQCxHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\sROPNvS.exe
  C:\Windows\System\sROPNvS.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\qrUlcEF.exe
  C:\Windows\System\qrUlcEF.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\rmAFMYg.exe
  C:\Windows\System\rmAFMYg.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\iCaNIfM.exe
  C:\Windows\System\iCaNIfM.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\eKcdJsj.exe
  C:\Windows\System\eKcdJsj.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\gwdIbtj.exe
  C:\Windows\System\gwdIbtj.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\RElBNkf.exe
  C:\Windows\System\RElBNkf.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\CvaTklw.exe
  C:\Windows\System\CvaTklw.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\EiBhcpT.exe
  C:\Windows\System\EiBhcpT.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\XxoaHoO.exe
  C:\Windows\System\XxoaHoO.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\HpufXfN.exe
  C:\Windows\System\HpufXfN.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\nEhkvQj.exe
  C:\Windows\System\nEhkvQj.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\BOTEZDx.exe
  C:\Windows\System\BOTEZDx.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\nllmlIP.exe
  C:\Windows\System\nllmlIP.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\uypJJBL.exe
  C:\Windows\System\uypJJBL.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\PcxUdZY.exe
  C:\Windows\System\PcxUdZY.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ThkCLcW.exe
  C:\Windows\System\ThkCLcW.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\tEtnhNg.exe
  C:\Windows\System\tEtnhNg.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\OuXzwuO.exe
  C:\Windows\System\OuXzwuO.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\VbWyHgn.exe
  C:\Windows\System\VbWyHgn.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\FvZCcUL.exe
  C:\Windows\System\FvZCcUL.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\vIjgzBJ.exe
  C:\Windows\System\vIjgzBJ.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\eMfcuCK.exe
  C:\Windows\System\eMfcuCK.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\WLaPQQZ.exe
  C:\Windows\System\WLaPQQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\FZpNwBN.exe
  C:\Windows\System\FZpNwBN.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\lCRtpZK.exe
  C:\Windows\System\lCRtpZK.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\rdKVlWR.exe
  C:\Windows\System\rdKVlWR.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\yJDzBZM.exe
  C:\Windows\System\yJDzBZM.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\sAJDYMt.exe
  C:\Windows\System\sAJDYMt.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\qSvWePX.exe
  C:\Windows\System\qSvWePX.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\HnhuoOm.exe
  C:\Windows\System\HnhuoOm.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\GpVvNCe.exe
  C:\Windows\System\GpVvNCe.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\jYPyweP.exe
  C:\Windows\System\jYPyweP.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\ZsALLEG.exe
  C:\Windows\System\ZsALLEG.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\xUneQuo.exe
  C:\Windows\System\xUneQuo.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\JfzjZqd.exe
  C:\Windows\System\JfzjZqd.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\pXEFJcW.exe
  C:\Windows\System\pXEFJcW.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\CAsSzJz.exe
  C:\Windows\System\CAsSzJz.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\ykPrgFG.exe
  C:\Windows\System\ykPrgFG.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\xguOHVz.exe
  C:\Windows\System\xguOHVz.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\mWrsVgm.exe
  C:\Windows\System\mWrsVgm.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\zapYKaX.exe
  C:\Windows\System\zapYKaX.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\MhFqBsn.exe
  C:\Windows\System\MhFqBsn.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\TgmhcRI.exe
  C:\Windows\System\TgmhcRI.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\dsTIiWz.exe
  C:\Windows\System\dsTIiWz.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\OcjQOyf.exe
  C:\Windows\System\OcjQOyf.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\CcbzPhK.exe
  C:\Windows\System\CcbzPhK.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\jfGRvvC.exe
  C:\Windows\System\jfGRvvC.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\vppnbsu.exe
  C:\Windows\System\vppnbsu.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\nYJCgnM.exe
  C:\Windows\System\nYJCgnM.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\wGNxFpL.exe
  C:\Windows\System\wGNxFpL.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\rwtKOyI.exe
  C:\Windows\System\rwtKOyI.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\hCZVWHE.exe
  C:\Windows\System\hCZVWHE.exe
  2⤵
  PID:4316
- C:\Windows\System\mCPWOKp.exe
  C:\Windows\System\mCPWOKp.exe
  2⤵
  PID:1412
- C:\Windows\System\PcisOnD.exe
  C:\Windows\System\PcisOnD.exe
  2⤵
  PID:4220
- C:\Windows\System\GWQjAJs.exe
  C:\Windows\System\GWQjAJs.exe
  2⤵
  PID:3656
- C:\Windows\System\ybqcBmy.exe
  C:\Windows\System\ybqcBmy.exe
  2⤵
  PID:4412
- C:\Windows\System\jhJxSlh.exe
  C:\Windows\System\jhJxSlh.exe
  2⤵
  PID:440
- C:\Windows\System\iWlpazR.exe
  C:\Windows\System\iWlpazR.exe
  2⤵
  PID:4400
- C:\Windows\System\aSnVSaj.exe
  C:\Windows\System\aSnVSaj.exe
  2⤵
  PID:3092
- C:\Windows\System\DrxYnHd.exe
  C:\Windows\System\DrxYnHd.exe
  2⤵
  PID:2300
- C:\Windows\System\SVjltNr.exe
  C:\Windows\System\SVjltNr.exe
  2⤵
  PID:1248
- C:\Windows\System\jQnUTIQ.exe
  C:\Windows\System\jQnUTIQ.exe
  2⤵
  PID:2012
- C:\Windows\System\vDkCwfR.exe
  C:\Windows\System\vDkCwfR.exe
  2⤵
  PID:1060
- C:\Windows\System\tbCHavf.exe
  C:\Windows\System\tbCHavf.exe
  2⤵
  PID:380
- C:\Windows\System\LniBqJS.exe
  C:\Windows\System\LniBqJS.exe
  2⤵
  PID:4360
- C:\Windows\System\WkTgWFE.exe
  C:\Windows\System\WkTgWFE.exe
  2⤵
  PID:3616
- C:\Windows\System\Rgnotfe.exe
  C:\Windows\System\Rgnotfe.exe
  2⤵
  PID:2676
- C:\Windows\System\MCRWWVt.exe
  C:\Windows\System\MCRWWVt.exe
  2⤵
  PID:2524
- C:\Windows\System\dZnpRkr.exe
  C:\Windows\System\dZnpRkr.exe
  2⤵
  PID:4256
- C:\Windows\System\AtJkVKZ.exe
  C:\Windows\System\AtJkVKZ.exe
  2⤵
  PID:3308
- C:\Windows\System\ZhBxjJB.exe
  C:\Windows\System\ZhBxjJB.exe
  2⤵
  PID:2400
- C:\Windows\System\DThjXTR.exe
  C:\Windows\System\DThjXTR.exe
  2⤵
  PID:4304
- C:\Windows\System\UyZwCBJ.exe
  C:\Windows\System\UyZwCBJ.exe
  2⤵
  PID:4516
- C:\Windows\System\QubuzBU.exe
  C:\Windows\System\QubuzBU.exe
  2⤵
  PID:2092
- C:\Windows\System\KMUrUkc.exe
  C:\Windows\System\KMUrUkc.exe
  2⤵
  PID:2492
- C:\Windows\System\PadGwsa.exe
  C:\Windows\System\PadGwsa.exe
  2⤵
  PID:4528
- C:\Windows\System\aFmxOlp.exe
  C:\Windows\System\aFmxOlp.exe
  2⤵
  PID:3296
- C:\Windows\System\JrADmzZ.exe
  C:\Windows\System\JrADmzZ.exe
  2⤵
  PID:3148
- C:\Windows\System\nrFtNpk.exe
  C:\Windows\System\nrFtNpk.exe
  2⤵
  PID:4056
- C:\Windows\System\ITHUFbC.exe
  C:\Windows\System\ITHUFbC.exe
  2⤵
  PID:4712
- C:\Windows\System\rviwwsF.exe
  C:\Windows\System\rviwwsF.exe
  2⤵
  PID:2144
- C:\Windows\System\sSoWNTB.exe
  C:\Windows\System\sSoWNTB.exe
  2⤵
  PID:1852
- C:\Windows\System\XAVXnBr.exe
  C:\Windows\System\XAVXnBr.exe
  2⤵
  PID:1648
- C:\Windows\System\DjuePAq.exe
  C:\Windows\System\DjuePAq.exe
  2⤵
  PID:2096
- C:\Windows\System\VgOyUNb.exe
  C:\Windows\System\VgOyUNb.exe
  2⤵
  PID:3420
- C:\Windows\System\IBfJeGD.exe
  C:\Windows\System\IBfJeGD.exe
  2⤵
  PID:1688
- C:\Windows\System\kfUJWFZ.exe
  C:\Windows\System\kfUJWFZ.exe
  2⤵
  PID:5024
- C:\Windows\System\JrAbwzJ.exe
  C:\Windows\System\JrAbwzJ.exe
  2⤵
  PID:4012
- C:\Windows\System\AaicGoe.exe
  C:\Windows\System\AaicGoe.exe
  2⤵
  PID:5136
- C:\Windows\System\GuAaonP.exe
  C:\Windows\System\GuAaonP.exe
  2⤵
  PID:5168
- C:\Windows\System\OfjqRqm.exe
  C:\Windows\System\OfjqRqm.exe
  2⤵
  PID:5196
- C:\Windows\System\hlQouPg.exe
  C:\Windows\System\hlQouPg.exe
  2⤵
  PID:5224
- C:\Windows\System\ThnimaT.exe
  C:\Windows\System\ThnimaT.exe
  2⤵
  PID:5252
- C:\Windows\System\WoThFKz.exe
  C:\Windows\System\WoThFKz.exe
  2⤵
  PID:5276
- C:\Windows\System\wxXaIms.exe
  C:\Windows\System\wxXaIms.exe
  2⤵
  PID:5304
- C:\Windows\System\uFcKMed.exe
  C:\Windows\System\uFcKMed.exe
  2⤵
  PID:5332
- C:\Windows\System\InSKEym.exe
  C:\Windows\System\InSKEym.exe
  2⤵
  PID:5368
- C:\Windows\System\xMmLLZc.exe
  C:\Windows\System\xMmLLZc.exe
  2⤵
  PID:5396
- C:\Windows\System\wWfzeXe.exe
  C:\Windows\System\wWfzeXe.exe
  2⤵
  PID:5416
- C:\Windows\System\fxdhQMN.exe
  C:\Windows\System\fxdhQMN.exe
  2⤵
  PID:5452
- C:\Windows\System\xfvqVco.exe
  C:\Windows\System\xfvqVco.exe
  2⤵
  PID:5472
- C:\Windows\System\OzMwbbo.exe
  C:\Windows\System\OzMwbbo.exe
  2⤵
  PID:5500
- C:\Windows\System\ZUoWrnk.exe
  C:\Windows\System\ZUoWrnk.exe
  2⤵
  PID:5528
- C:\Windows\System\QAhYBFc.exe
  C:\Windows\System\QAhYBFc.exe
  2⤵
  PID:5556
- C:\Windows\System\VwdgGZb.exe
  C:\Windows\System\VwdgGZb.exe
  2⤵
  PID:5588
- C:\Windows\System\IBnZsbV.exe
  C:\Windows\System\IBnZsbV.exe
  2⤵
  PID:5616
- C:\Windows\System\HudDYlC.exe
  C:\Windows\System\HudDYlC.exe
  2⤵
  PID:5644
- C:\Windows\System\nYfrcTm.exe
  C:\Windows\System\nYfrcTm.exe
  2⤵
  PID:5672
- C:\Windows\System\ohfUwNh.exe
  C:\Windows\System\ohfUwNh.exe
  2⤵
  PID:5696
- C:\Windows\System\tOlORIE.exe
  C:\Windows\System\tOlORIE.exe
  2⤵
  PID:5736
- C:\Windows\System\OtjBngI.exe
  C:\Windows\System\OtjBngI.exe
  2⤵
  PID:5756
- C:\Windows\System\yOZBkvH.exe
  C:\Windows\System\yOZBkvH.exe
  2⤵
  PID:5788
- C:\Windows\System\EifnPrE.exe
  C:\Windows\System\EifnPrE.exe
  2⤵
  PID:5816
- C:\Windows\System\vrSGoZS.exe
  C:\Windows\System\vrSGoZS.exe
  2⤵
  PID:5844
- C:\Windows\System\kPPwbmP.exe
  C:\Windows\System\kPPwbmP.exe
  2⤵
  PID:5872
- C:\Windows\System\AoSDHBn.exe
  C:\Windows\System\AoSDHBn.exe
  2⤵
  PID:5896
- C:\Windows\System\bIjraFF.exe
  C:\Windows\System\bIjraFF.exe
  2⤵
  PID:5928
- C:\Windows\System\kAiQhrG.exe
  C:\Windows\System\kAiQhrG.exe
  2⤵
  PID:5956
- C:\Windows\System\RAJXcYE.exe
  C:\Windows\System\RAJXcYE.exe
  2⤵
  PID:5980
- C:\Windows\System\BWgzKWl.exe
  C:\Windows\System\BWgzKWl.exe
  2⤵
  PID:6016
- C:\Windows\System\znVuEzq.exe
  C:\Windows\System\znVuEzq.exe
  2⤵
  PID:6044
- C:\Windows\System\QvwOkxh.exe
  C:\Windows\System\QvwOkxh.exe
  2⤵
  PID:6068
- C:\Windows\System\Amcboir.exe
  C:\Windows\System\Amcboir.exe
  2⤵
  PID:6096
- C:\Windows\System\PAKdlAv.exe
  C:\Windows\System\PAKdlAv.exe
  2⤵
  PID:6120
- C:\Windows\System\sxViqaD.exe
  C:\Windows\System\sxViqaD.exe
  2⤵
  PID:5128
- C:\Windows\System\aZfERYI.exe
  C:\Windows\System\aZfERYI.exe
  2⤵
  PID:5204
- C:\Windows\System\wHGZyfF.exe
  C:\Windows\System\wHGZyfF.exe
  2⤵
  PID:5268
- C:\Windows\System\FCDyNji.exe
  C:\Windows\System\FCDyNji.exe
  2⤵
  PID:5328
- C:\Windows\System\yeBIXgc.exe
  C:\Windows\System\yeBIXgc.exe
  2⤵
  PID:5404
- C:\Windows\System\nWkTyDE.exe
  C:\Windows\System\nWkTyDE.exe
  2⤵
  PID:5460
- C:\Windows\System\DglFEOG.exe
  C:\Windows\System\DglFEOG.exe
  2⤵
  PID:5516
- C:\Windows\System\HiIgHcg.exe
  C:\Windows\System\HiIgHcg.exe
  2⤵
  PID:5596
- C:\Windows\System\OziQKnC.exe
  C:\Windows\System\OziQKnC.exe
  2⤵
  PID:5660
- C:\Windows\System\GjnoSjZ.exe
  C:\Windows\System\GjnoSjZ.exe
  2⤵
  PID:5724
- C:\Windows\System\GWPcNXz.exe
  C:\Windows\System\GWPcNXz.exe
  2⤵
  PID:5796
- C:\Windows\System\ldJnMVH.exe
  C:\Windows\System\ldJnMVH.exe
  2⤵
  PID:5852
- C:\Windows\System\yhUpUPh.exe
  C:\Windows\System\yhUpUPh.exe
  2⤵
  PID:5916
- C:\Windows\System\XhuACpo.exe
  C:\Windows\System\XhuACpo.exe
  2⤵
  PID:5992
- C:\Windows\System\UIoQfjn.exe
  C:\Windows\System\UIoQfjn.exe
  2⤵
  PID:6052
- C:\Windows\System\QdxRqJg.exe
  C:\Windows\System\QdxRqJg.exe
  2⤵
  PID:6116
- C:\Windows\System\guNGQtS.exe
  C:\Windows\System\guNGQtS.exe
  2⤵
  PID:5216
- C:\Windows\System\xJorBDm.exe
  C:\Windows\System\xJorBDm.exe
  2⤵
  PID:5380
- C:\Windows\System\smLCcng.exe
  C:\Windows\System\smLCcng.exe
  2⤵
  PID:5484
- C:\Windows\System\AnPqEWB.exe
  C:\Windows\System\AnPqEWB.exe
  2⤵
  PID:5680
- C:\Windows\System\uRJZHEb.exe
  C:\Windows\System\uRJZHEb.exe
  2⤵
  PID:5832
- C:\Windows\System\pJJKiCV.exe
  C:\Windows\System\pJJKiCV.exe
  2⤵
  PID:5972
- C:\Windows\System\IcudFad.exe
  C:\Windows\System\IcudFad.exe
  2⤵
  PID:6104
- C:\Windows\System\ISjeONu.exe
  C:\Windows\System\ISjeONu.exe
  2⤵
  PID:5440
- C:\Windows\System\soaBzgc.exe
  C:\Windows\System\soaBzgc.exe
  2⤵
  PID:5768
- C:\Windows\System\OyDkzeT.exe
  C:\Windows\System\OyDkzeT.exe
  2⤵
  PID:6032
- C:\Windows\System\ReQooSi.exe
  C:\Windows\System\ReQooSi.exe
  2⤵
  PID:5908
- C:\Windows\System\UnEPfVG.exe
  C:\Windows\System\UnEPfVG.exe
  2⤵
  PID:6148
- C:\Windows\System\spOXNhf.exe
  C:\Windows\System\spOXNhf.exe
  2⤵
  PID:6164
- C:\Windows\System\QTNwGOF.exe
  C:\Windows\System\QTNwGOF.exe
  2⤵
  PID:6180
- C:\Windows\System\GeEziGw.exe
  C:\Windows\System\GeEziGw.exe
  2⤵
  PID:6196
- C:\Windows\System\oFLSTwo.exe
  C:\Windows\System\oFLSTwo.exe
  2⤵
  PID:6228
- C:\Windows\System\wtrRsYj.exe
  C:\Windows\System\wtrRsYj.exe
  2⤵
  PID:6268
- C:\Windows\System\UxpTXof.exe
  C:\Windows\System\UxpTXof.exe
  2⤵
  PID:6288
- C:\Windows\System\BhXWunb.exe
  C:\Windows\System\BhXWunb.exe
  2⤵
  PID:6320
- C:\Windows\System\Azxfxhi.exe
  C:\Windows\System\Azxfxhi.exe
  2⤵
  PID:6360
- C:\Windows\System\qanSaJO.exe
  C:\Windows\System\qanSaJO.exe
  2⤵
  PID:6396
- C:\Windows\System\nHXcaSM.exe
  C:\Windows\System\nHXcaSM.exe
  2⤵
  PID:6428
- C:\Windows\System\COvhGEZ.exe
  C:\Windows\System\COvhGEZ.exe
  2⤵
  PID:6468
- C:\Windows\System\XSvVuVT.exe
  C:\Windows\System\XSvVuVT.exe
  2⤵
  PID:6500
- C:\Windows\System\TgyoEBh.exe
  C:\Windows\System\TgyoEBh.exe
  2⤵
  PID:6524
- C:\Windows\System\eLuUTjW.exe
  C:\Windows\System\eLuUTjW.exe
  2⤵
  PID:6556
- C:\Windows\System\PfBjvnK.exe
  C:\Windows\System\PfBjvnK.exe
  2⤵
  PID:6584
- C:\Windows\System\KSfaPoR.exe
  C:\Windows\System\KSfaPoR.exe
  2⤵
  PID:6608
- C:\Windows\System\MREzWeP.exe
  C:\Windows\System\MREzWeP.exe
  2⤵
  PID:6636
- C:\Windows\System\CQYbnrX.exe
  C:\Windows\System\CQYbnrX.exe
  2⤵
  PID:6664
- C:\Windows\System\zdVHhkL.exe
  C:\Windows\System\zdVHhkL.exe
  2⤵
  PID:6692
- C:\Windows\System\yvhBWFD.exe
  C:\Windows\System\yvhBWFD.exe
  2⤵
  PID:6720
- C:\Windows\System\eyTGrXx.exe
  C:\Windows\System\eyTGrXx.exe
  2⤵
  PID:6752
- C:\Windows\System\dFvbRdo.exe
  C:\Windows\System\dFvbRdo.exe
  2⤵
  PID:6780
- C:\Windows\System\KnOiuuf.exe
  C:\Windows\System\KnOiuuf.exe
  2⤵
  PID:6808
- C:\Windows\System\AwRxOVY.exe
  C:\Windows\System\AwRxOVY.exe
  2⤵
  PID:6836
- C:\Windows\System\ScEgJrI.exe
  C:\Windows\System\ScEgJrI.exe
  2⤵
  PID:6864
- C:\Windows\System\MISQbeC.exe
  C:\Windows\System\MISQbeC.exe
  2⤵
  PID:6892
- C:\Windows\System\miaXOQp.exe
  C:\Windows\System\miaXOQp.exe
  2⤵
  PID:6920
- C:\Windows\System\mttFbFL.exe
  C:\Windows\System\mttFbFL.exe
  2⤵
  PID:6948
- C:\Windows\System\TPzpYoH.exe
  C:\Windows\System\TPzpYoH.exe
  2⤵
  PID:6964
- C:\Windows\System\wYXadWv.exe
  C:\Windows\System\wYXadWv.exe
  2⤵
  PID:7004
- C:\Windows\System\SIBgQgB.exe
  C:\Windows\System\SIBgQgB.exe
  2⤵
  PID:7036
- C:\Windows\System\wyaYlha.exe
  C:\Windows\System\wyaYlha.exe
  2⤵
  PID:7068
- C:\Windows\System\YbdjWyn.exe
  C:\Windows\System\YbdjWyn.exe
  2⤵
  PID:7088
- C:\Windows\System\ZzzwVxS.exe
  C:\Windows\System\ZzzwVxS.exe
  2⤵
  PID:7124
- C:\Windows\System\aUNXwaR.exe
  C:\Windows\System\aUNXwaR.exe
  2⤵
  PID:7144
- C:\Windows\System\hvaLelR.exe
  C:\Windows\System\hvaLelR.exe
  2⤵
  PID:5316
- C:\Windows\System\waUCpJW.exe
  C:\Windows\System\waUCpJW.exe
  2⤵
  PID:6220
- C:\Windows\System\AnQiwMk.exe
  C:\Windows\System\AnQiwMk.exe
  2⤵
  PID:6248
- C:\Windows\System\XeUBQJi.exe
  C:\Windows\System\XeUBQJi.exe
  2⤵
  PID:6312
- C:\Windows\System\dScyFGo.exe
  C:\Windows\System\dScyFGo.exe
  2⤵
  PID:6384
- C:\Windows\System\awQpVHz.exe
  C:\Windows\System\awQpVHz.exe
  2⤵
  PID:6456
- C:\Windows\System\SvFOHql.exe
  C:\Windows\System\SvFOHql.exe
  2⤵
  PID:6516
- C:\Windows\System\NFQAgMt.exe
  C:\Windows\System\NFQAgMt.exe
  2⤵
  PID:6592
- C:\Windows\System\vteKfAb.exe
  C:\Windows\System\vteKfAb.exe
  2⤵
  PID:6652
- C:\Windows\System\aSyBQsg.exe
  C:\Windows\System\aSyBQsg.exe
  2⤵
  PID:6712
- C:\Windows\System\khtTljw.exe
  C:\Windows\System\khtTljw.exe
  2⤵
  PID:6788
- C:\Windows\System\AmDyXFl.exe
  C:\Windows\System\AmDyXFl.exe
  2⤵
  PID:6852
- C:\Windows\System\XkZqeOO.exe
  C:\Windows\System\XkZqeOO.exe
  2⤵
  PID:6932
- C:\Windows\System\PfiGhid.exe
  C:\Windows\System\PfiGhid.exe
  2⤵
  PID:6960
- C:\Windows\System\YQUDIxt.exe
  C:\Windows\System\YQUDIxt.exe
  2⤵
  PID:7052
- C:\Windows\System\umkTTWu.exe
  C:\Windows\System\umkTTWu.exe
  2⤵
  PID:7108
- C:\Windows\System\ycAowku.exe
  C:\Windows\System\ycAowku.exe
  2⤵
  PID:6176
- C:\Windows\System\qlDtgBh.exe
  C:\Windows\System\qlDtgBh.exe
  2⤵
  PID:6304
- C:\Windows\System\UwZVxTy.exe
  C:\Windows\System\UwZVxTy.exe
  2⤵
  PID:6452
- C:\Windows\System\MTwLPeJ.exe
  C:\Windows\System\MTwLPeJ.exe
  2⤵
  PID:6624
- C:\Windows\System\MTPJZjL.exe
  C:\Windows\System\MTPJZjL.exe
  2⤵
  PID:6772
- C:\Windows\System\fSXCNxO.exe
  C:\Windows\System\fSXCNxO.exe
  2⤵
  PID:6944
- C:\Windows\System\jIglqpp.exe
  C:\Windows\System\jIglqpp.exe
  2⤵
  PID:7080
- C:\Windows\System\BoDeZqT.exe
  C:\Windows\System\BoDeZqT.exe
  2⤵
  PID:6224
- C:\Windows\System\GBdugDK.exe
  C:\Windows\System\GBdugDK.exe
  2⤵
  PID:6548
- C:\Windows\System\iqrjUOo.exe
  C:\Windows\System\iqrjUOo.exe
  2⤵
  PID:6916
- C:\Windows\System\UahpLQN.exe
  C:\Windows\System\UahpLQN.exe
  2⤵
  PID:6380
- C:\Windows\System\CQvvetn.exe
  C:\Windows\System\CQvvetn.exe
  2⤵
  PID:7164
- C:\Windows\System\yvpurCz.exe
  C:\Windows\System\yvpurCz.exe
  2⤵
  PID:7180
- C:\Windows\System\ablSFqN.exe
  C:\Windows\System\ablSFqN.exe
  2⤵
  PID:7212
- C:\Windows\System\fKxOXKw.exe
  C:\Windows\System\fKxOXKw.exe
  2⤵
  PID:7236
- C:\Windows\System\OShrwBg.exe
  C:\Windows\System\OShrwBg.exe
  2⤵
  PID:7264
- C:\Windows\System\tIXAEWN.exe
  C:\Windows\System\tIXAEWN.exe
  2⤵
  PID:7292
- C:\Windows\System\hvYBLZd.exe
  C:\Windows\System\hvYBLZd.exe
  2⤵
  PID:7320
- C:\Windows\System\uMgffJO.exe
  C:\Windows\System\uMgffJO.exe
  2⤵
  PID:7352
- C:\Windows\System\qHhOUJa.exe
  C:\Windows\System\qHhOUJa.exe
  2⤵
  PID:7380
- C:\Windows\System\miqjpIN.exe
  C:\Windows\System\miqjpIN.exe
  2⤵
  PID:7404
- C:\Windows\System\tcLzXKr.exe
  C:\Windows\System\tcLzXKr.exe
  2⤵
  PID:7432
- C:\Windows\System\qtmpcYu.exe
  C:\Windows\System\qtmpcYu.exe
  2⤵
  PID:7460
- C:\Windows\System\kMYNLsz.exe
  C:\Windows\System\kMYNLsz.exe
  2⤵
  PID:7488
- C:\Windows\System\wmNFAcP.exe
  C:\Windows\System\wmNFAcP.exe
  2⤵
  PID:7520
- C:\Windows\System\lOOlxKo.exe
  C:\Windows\System\lOOlxKo.exe
  2⤵
  PID:7544
- C:\Windows\System\KBclAOW.exe
  C:\Windows\System\KBclAOW.exe
  2⤵
  PID:7572
- C:\Windows\System\GpZfXQt.exe
  C:\Windows\System\GpZfXQt.exe
  2⤵
  PID:7600
- C:\Windows\System\cqKtufg.exe
  C:\Windows\System\cqKtufg.exe
  2⤵
  PID:7632
- C:\Windows\System\ZlhSFsv.exe
  C:\Windows\System\ZlhSFsv.exe
  2⤵
  PID:7664
- C:\Windows\System\pOHCSEb.exe
  C:\Windows\System\pOHCSEb.exe
  2⤵
  PID:7692
- C:\Windows\System\PuJJQeP.exe
  C:\Windows\System\PuJJQeP.exe
  2⤵
  PID:7720
- C:\Windows\System\vdFwYlf.exe
  C:\Windows\System\vdFwYlf.exe
  2⤵
  PID:7744
- C:\Windows\System\EBYuMsL.exe
  C:\Windows\System\EBYuMsL.exe
  2⤵
  PID:7772
- C:\Windows\System\jEmCyDw.exe
  C:\Windows\System\jEmCyDw.exe
  2⤵
  PID:7800
- C:\Windows\System\sFtvUlT.exe
  C:\Windows\System\sFtvUlT.exe
  2⤵
  PID:7828
- C:\Windows\System\ywasGef.exe
  C:\Windows\System\ywasGef.exe
  2⤵
  PID:7856
- C:\Windows\System\VFkxLtB.exe
  C:\Windows\System\VFkxLtB.exe
  2⤵
  PID:7884
- C:\Windows\System\XwcllYm.exe
  C:\Windows\System\XwcllYm.exe
  2⤵
  PID:7912
- C:\Windows\System\HbRBrSm.exe
  C:\Windows\System\HbRBrSm.exe
  2⤵
  PID:7940
- C:\Windows\System\kRvjjNb.exe
  C:\Windows\System\kRvjjNb.exe
  2⤵
  PID:7968
- C:\Windows\System\TDsarCL.exe
  C:\Windows\System\TDsarCL.exe
  2⤵
  PID:7996
- C:\Windows\System\veoGLYr.exe
  C:\Windows\System\veoGLYr.exe
  2⤵
  PID:8024
- C:\Windows\System\ZszYzFX.exe
  C:\Windows\System\ZszYzFX.exe
  2⤵
  PID:8052
- C:\Windows\System\PflQGTB.exe
  C:\Windows\System\PflQGTB.exe
  2⤵
  PID:8080
- C:\Windows\System\yPntTdJ.exe
  C:\Windows\System\yPntTdJ.exe
  2⤵
  PID:8108
- C:\Windows\System\aSoJzdo.exe
  C:\Windows\System\aSoJzdo.exe
  2⤵
  PID:8136
- C:\Windows\System\EmqWOVb.exe
  C:\Windows\System\EmqWOVb.exe
  2⤵
  PID:8164
- C:\Windows\System\QOwJess.exe
  C:\Windows\System\QOwJess.exe
  2⤵
  PID:7044
- C:\Windows\System\JgLctwz.exe
  C:\Windows\System\JgLctwz.exe
  2⤵
  PID:7228
- C:\Windows\System\WmZXcTd.exe
  C:\Windows\System\WmZXcTd.exe
  2⤵
  PID:7284
- C:\Windows\System\TczZmPs.exe
  C:\Windows\System\TczZmPs.exe
  2⤵
  PID:7344
- C:\Windows\System\VUiFcMd.exe
  C:\Windows\System\VUiFcMd.exe
  2⤵
  PID:7400
- C:\Windows\System\AmdVVQa.exe
  C:\Windows\System\AmdVVQa.exe
  2⤵
  PID:1496
- C:\Windows\System\ezcaHGr.exe
  C:\Windows\System\ezcaHGr.exe
  2⤵
  PID:7556
- C:\Windows\System\rvQFrmi.exe
  C:\Windows\System\rvQFrmi.exe
  2⤵
  PID:7620
- C:\Windows\System\dznRjNn.exe
  C:\Windows\System\dznRjNn.exe
  2⤵
  PID:7684
- C:\Windows\System\NvWcAMk.exe
  C:\Windows\System\NvWcAMk.exe
  2⤵
  PID:7736
- C:\Windows\System\xBTrBup.exe
  C:\Windows\System\xBTrBup.exe
  2⤵
  PID:7812
- C:\Windows\System\ouetwUw.exe
  C:\Windows\System\ouetwUw.exe
  2⤵
  PID:7852
- C:\Windows\System\EdbXTOl.exe
  C:\Windows\System\EdbXTOl.exe
  2⤵
  PID:7924
- C:\Windows\System\VhLIGai.exe
  C:\Windows\System\VhLIGai.exe
  2⤵
  PID:7980
- C:\Windows\System\eiZxDLn.exe
  C:\Windows\System\eiZxDLn.exe
  2⤵
  PID:8016
- C:\Windows\System\LVZMJrz.exe
  C:\Windows\System\LVZMJrz.exe
  2⤵
  PID:8100
- C:\Windows\System\epSXykF.exe
  C:\Windows\System\epSXykF.exe
  2⤵
  PID:8160
- C:\Windows\System\rkDrunD.exe
  C:\Windows\System\rkDrunD.exe
  2⤵
  PID:7276
- C:\Windows\System\zRjRTZZ.exe
  C:\Windows\System\zRjRTZZ.exe
  2⤵
  PID:7388
- C:\Windows\System\JIAYWKf.exe
  C:\Windows\System\JIAYWKf.exe
  2⤵
  PID:7508
- C:\Windows\System\wxkuUAA.exe
  C:\Windows\System\wxkuUAA.exe
  2⤵
  PID:7672
- C:\Windows\System\xfEXzDp.exe
  C:\Windows\System\xfEXzDp.exe
  2⤵
  PID:7848
- C:\Windows\System\qZeYOuK.exe
  C:\Windows\System\qZeYOuK.exe
  2⤵
  PID:8020
- C:\Windows\System\KJwcjaz.exe
  C:\Windows\System\KJwcjaz.exe
  2⤵
  PID:7204
- C:\Windows\System\VvrXRiz.exe
  C:\Windows\System\VvrXRiz.exe
  2⤵
  PID:8092
- C:\Windows\System\jgADyvV.exe
  C:\Windows\System\jgADyvV.exe
  2⤵
  PID:7820
- C:\Windows\System\ayCYwWC.exe
  C:\Windows\System\ayCYwWC.exe
  2⤵
  PID:8072
- C:\Windows\System\mNdtHhB.exe
  C:\Windows\System\mNdtHhB.exe
  2⤵
  PID:2268
- C:\Windows\System\hFzOAVG.exe
  C:\Windows\System\hFzOAVG.exe
  2⤵
  PID:8128
- C:\Windows\System\BwuOQwn.exe
  C:\Windows\System\BwuOQwn.exe
  2⤵
  PID:2312
- C:\Windows\System\bVbjQTc.exe
  C:\Windows\System\bVbjQTc.exe
  2⤵
  PID:8212
- C:\Windows\System\OPjZBcW.exe
  C:\Windows\System\OPjZBcW.exe
  2⤵
  PID:8240
- C:\Windows\System\DWXuxFG.exe
  C:\Windows\System\DWXuxFG.exe
  2⤵
  PID:8268
- C:\Windows\System\NOCUcWF.exe
  C:\Windows\System\NOCUcWF.exe
  2⤵
  PID:8288
- C:\Windows\System\cnUkopb.exe
  C:\Windows\System\cnUkopb.exe
  2⤵
  PID:8324
- C:\Windows\System\SgWqpwK.exe
  C:\Windows\System\SgWqpwK.exe
  2⤵
  PID:8340
- C:\Windows\System\juJFedn.exe
  C:\Windows\System\juJFedn.exe
  2⤵
  PID:8372
- C:\Windows\System\ixiHYPk.exe
  C:\Windows\System\ixiHYPk.exe
  2⤵
  PID:8412
- C:\Windows\System\HjpTWKQ.exe
  C:\Windows\System\HjpTWKQ.exe
  2⤵
  PID:8452
- C:\Windows\System\aeaQubQ.exe
  C:\Windows\System\aeaQubQ.exe
  2⤵
  PID:8472
- C:\Windows\System\XKRBODf.exe
  C:\Windows\System\XKRBODf.exe
  2⤵
  PID:8500
- C:\Windows\System\XpuTcOF.exe
  C:\Windows\System\XpuTcOF.exe
  2⤵
  PID:8528
- C:\Windows\System\ZbTJcVd.exe
  C:\Windows\System\ZbTJcVd.exe
  2⤵
  PID:8556
- C:\Windows\System\XCXImKU.exe
  C:\Windows\System\XCXImKU.exe
  2⤵
  PID:8584
- C:\Windows\System\VnyLHMR.exe
  C:\Windows\System\VnyLHMR.exe
  2⤵
  PID:8612
- C:\Windows\System\QEhWYyF.exe
  C:\Windows\System\QEhWYyF.exe
  2⤵
  PID:8640
- C:\Windows\System\aQhhECW.exe
  C:\Windows\System\aQhhECW.exe
  2⤵
  PID:8668
- C:\Windows\System\KjeRBLx.exe
  C:\Windows\System\KjeRBLx.exe
  2⤵
  PID:8696
- C:\Windows\System\ZKoTJll.exe
  C:\Windows\System\ZKoTJll.exe
  2⤵
  PID:8724
- C:\Windows\System\NhqcWkI.exe
  C:\Windows\System\NhqcWkI.exe
  2⤵
  PID:8752
- C:\Windows\System\OdiPNjJ.exe
  C:\Windows\System\OdiPNjJ.exe
  2⤵
  PID:8780
- C:\Windows\System\AVhMDyv.exe
  C:\Windows\System\AVhMDyv.exe
  2⤵
  PID:8808
- C:\Windows\System\nsLkDWd.exe
  C:\Windows\System\nsLkDWd.exe
  2⤵
  PID:8836
- C:\Windows\System\rMWnBvn.exe
  C:\Windows\System\rMWnBvn.exe
  2⤵
  PID:8864
- C:\Windows\System\oXBPvjQ.exe
  C:\Windows\System\oXBPvjQ.exe
  2⤵
  PID:8892
- C:\Windows\System\XpdcFmt.exe
  C:\Windows\System\XpdcFmt.exe
  2⤵
  PID:8920
- C:\Windows\System\xBYJvfF.exe
  C:\Windows\System\xBYJvfF.exe
  2⤵
  PID:8948
- C:\Windows\System\iRmxsWK.exe
  C:\Windows\System\iRmxsWK.exe
  2⤵
  PID:8976
- C:\Windows\System\rJGorOZ.exe
  C:\Windows\System\rJGorOZ.exe
  2⤵
  PID:9004
- C:\Windows\System\FnUhqEl.exe
  C:\Windows\System\FnUhqEl.exe
  2⤵
  PID:9020
- C:\Windows\System\JdBZwdM.exe
  C:\Windows\System\JdBZwdM.exe
  2⤵
  PID:9060
- C:\Windows\System\SuTKguj.exe
  C:\Windows\System\SuTKguj.exe
  2⤵
  PID:9088
- C:\Windows\System\qsXvAfO.exe
  C:\Windows\System\qsXvAfO.exe
  2⤵
  PID:9116
- C:\Windows\System\NudbFSu.exe
  C:\Windows\System\NudbFSu.exe
  2⤵
  PID:9144
- C:\Windows\System\FYlHjXg.exe
  C:\Windows\System\FYlHjXg.exe
  2⤵
  PID:9172
- C:\Windows\System\ljjznSb.exe
  C:\Windows\System\ljjznSb.exe
  2⤵
  PID:9200
- C:\Windows\System\nWXSuBa.exe
  C:\Windows\System\nWXSuBa.exe
  2⤵
  PID:8224
- C:\Windows\System\ZtqZDzO.exe
  C:\Windows\System\ZtqZDzO.exe
  2⤵
  PID:8280
- C:\Windows\System\UXxevZk.exe
  C:\Windows\System\UXxevZk.exe
  2⤵
  PID:8312
- C:\Windows\System\wuVFOym.exe
  C:\Windows\System\wuVFOym.exe
  2⤵
  PID:8396
- C:\Windows\System\cFhBvoJ.exe
  C:\Windows\System\cFhBvoJ.exe
  2⤵
  PID:8488
- C:\Windows\System\piUAGSG.exe
  C:\Windows\System\piUAGSG.exe
  2⤵
  PID:8548
- C:\Windows\System\ZkrnmXb.exe
  C:\Windows\System\ZkrnmXb.exe
  2⤵
  PID:8608
- C:\Windows\System\ZQGpZkf.exe
  C:\Windows\System\ZQGpZkf.exe
  2⤵
  PID:8680
- C:\Windows\System\OefKvoN.exe
  C:\Windows\System\OefKvoN.exe
  2⤵
  PID:8720
- C:\Windows\System\OtwEFpQ.exe
  C:\Windows\System\OtwEFpQ.exe
  2⤵
  PID:8796
- C:\Windows\System\RGkOsZK.exe
  C:\Windows\System\RGkOsZK.exe
  2⤵
  PID:8856
- C:\Windows\System\wWmRjcA.exe
  C:\Windows\System\wWmRjcA.exe
  2⤵
  PID:1108
- C:\Windows\System\ObUAxed.exe
  C:\Windows\System\ObUAxed.exe
  2⤵
  PID:8912
- C:\Windows\System\AlaAhwi.exe
  C:\Windows\System\AlaAhwi.exe
  2⤵
  PID:8964
- C:\Windows\System\zyvOPRx.exe
  C:\Windows\System\zyvOPRx.exe
  2⤵
  PID:9044
- C:\Windows\System\EMfKBVX.exe
  C:\Windows\System\EMfKBVX.exe
  2⤵
  PID:9108
- C:\Windows\System\FStIDXW.exe
  C:\Windows\System\FStIDXW.exe
  2⤵
  PID:9184
- C:\Windows\System\vgGZULO.exe
  C:\Windows\System\vgGZULO.exe
  2⤵
  PID:8308
- C:\Windows\System\HYedskP.exe
  C:\Windows\System\HYedskP.exe
  2⤵
  PID:8424
- C:\Windows\System\pigcQKR.exe
  C:\Windows\System\pigcQKR.exe
  2⤵
  PID:8632
- C:\Windows\System\MeekWHj.exe
  C:\Windows\System\MeekWHj.exe
  2⤵
  PID:8744
- C:\Windows\System\ePTdmQt.exe
  C:\Windows\System\ePTdmQt.exe
  2⤵
  PID:3236
- C:\Windows\System\ffjfLbx.exe
  C:\Windows\System\ffjfLbx.exe
  2⤵
  PID:9012
- C:\Windows\System\UkSpBXO.exe
  C:\Windows\System\UkSpBXO.exe
  2⤵
  PID:8208
- C:\Windows\System\vbpSmfO.exe
  C:\Windows\System\vbpSmfO.exe
  2⤵
  PID:8576
- C:\Windows\System\XWhwoGs.exe
  C:\Windows\System\XWhwoGs.exe
  2⤵
  PID:1984
- C:\Windows\System\jsJYHsX.exe
  C:\Windows\System\jsJYHsX.exe
  2⤵
  PID:8352
- C:\Windows\System\CVClekO.exe
  C:\Windows\System\CVClekO.exe
  2⤵
  PID:9212
- C:\Windows\System\Rrklppo.exe
  C:\Windows\System\Rrklppo.exe
  2⤵
  PID:9236
- C:\Windows\System\paSxPFr.exe
  C:\Windows\System\paSxPFr.exe
  2⤵
  PID:9252
- C:\Windows\System\uItUdOo.exe
  C:\Windows\System\uItUdOo.exe
  2⤵
  PID:9300
- C:\Windows\System\ZlMpHBM.exe
  C:\Windows\System\ZlMpHBM.exe
  2⤵
  PID:9328
- C:\Windows\System\lwQUfdD.exe
  C:\Windows\System\lwQUfdD.exe
  2⤵
  PID:9356
- C:\Windows\System\zFyaHgP.exe
  C:\Windows\System\zFyaHgP.exe
  2⤵
  PID:9384
- C:\Windows\System\gLbBYqg.exe
  C:\Windows\System\gLbBYqg.exe
  2⤵
  PID:9412
- C:\Windows\System\YFvvctq.exe
  C:\Windows\System\YFvvctq.exe
  2⤵
  PID:9440
- C:\Windows\System\KDiNEaa.exe
  C:\Windows\System\KDiNEaa.exe
  2⤵
  PID:9468
- C:\Windows\System\TmZMLFL.exe
  C:\Windows\System\TmZMLFL.exe
  2⤵
  PID:9484
- C:\Windows\System\EQImbYb.exe
  C:\Windows\System\EQImbYb.exe
  2⤵
  PID:9512
- C:\Windows\System\gZnrgVC.exe
  C:\Windows\System\gZnrgVC.exe
  2⤵
  PID:9540
- C:\Windows\System\orKLpTu.exe
  C:\Windows\System\orKLpTu.exe
  2⤵
  PID:9568
- C:\Windows\System\pechZBg.exe
  C:\Windows\System\pechZBg.exe
  2⤵
  PID:9596
- C:\Windows\System\ChWrKZJ.exe
  C:\Windows\System\ChWrKZJ.exe
  2⤵
  PID:9636
- C:\Windows\System\NScdbqj.exe
  C:\Windows\System\NScdbqj.exe
  2⤵
  PID:9664
- C:\Windows\System\hNmQFxb.exe
  C:\Windows\System\hNmQFxb.exe
  2⤵
  PID:9692
- C:\Windows\System\BuAnofO.exe
  C:\Windows\System\BuAnofO.exe
  2⤵
  PID:9720
- C:\Windows\System\KCubaTz.exe
  C:\Windows\System\KCubaTz.exe
  2⤵
  PID:9748
- C:\Windows\System\CmtdSLA.exe
  C:\Windows\System\CmtdSLA.exe
  2⤵
  PID:9776
- C:\Windows\System\ErrbVCu.exe
  C:\Windows\System\ErrbVCu.exe
  2⤵
  PID:9804
- C:\Windows\System\yMRtBXs.exe
  C:\Windows\System\yMRtBXs.exe
  2⤵
  PID:9832
- C:\Windows\System\weNSedt.exe
  C:\Windows\System\weNSedt.exe
  2⤵
  PID:9860
- C:\Windows\System\dvawSHt.exe
  C:\Windows\System\dvawSHt.exe
  2⤵
  PID:9888
- C:\Windows\System\GSYQgnB.exe
  C:\Windows\System\GSYQgnB.exe
  2⤵
  PID:9916
- C:\Windows\System\zIhqhiv.exe
  C:\Windows\System\zIhqhiv.exe
  2⤵
  PID:9932
- C:\Windows\System\jnPYCeW.exe
  C:\Windows\System\jnPYCeW.exe
  2⤵
  PID:9964
- C:\Windows\System\RzESKWc.exe
  C:\Windows\System\RzESKWc.exe
  2⤵
  PID:10000
- C:\Windows\System\lJFpcay.exe
  C:\Windows\System\lJFpcay.exe
  2⤵
  PID:10028
- C:\Windows\System\XhzGdjN.exe
  C:\Windows\System\XhzGdjN.exe
  2⤵
  PID:10056
- C:\Windows\System\qdNIQJt.exe
  C:\Windows\System\qdNIQJt.exe
  2⤵
  PID:10084
- C:\Windows\System\YUzsUha.exe
  C:\Windows\System\YUzsUha.exe
  2⤵
  PID:10112
- C:\Windows\System\nGpRgVI.exe
  C:\Windows\System\nGpRgVI.exe
  2⤵
  PID:10140
- C:\Windows\System\uHPiifV.exe
  C:\Windows\System\uHPiifV.exe
  2⤵
  PID:10168
- C:\Windows\System\XBstHoU.exe
  C:\Windows\System\XBstHoU.exe
  2⤵
  PID:10196
- C:\Windows\System\xAMBbzN.exe
  C:\Windows\System\xAMBbzN.exe
  2⤵
  PID:10224
- C:\Windows\System\EoaPmel.exe
  C:\Windows\System\EoaPmel.exe
  2⤵
  PID:9228
- C:\Windows\System\xlrlkod.exe
  C:\Windows\System\xlrlkod.exe
  2⤵
  PID:9280
- C:\Windows\System\feoJZde.exe
  C:\Windows\System\feoJZde.exe
  2⤵
  PID:9352
- C:\Windows\System\NWnheVu.exe
  C:\Windows\System\NWnheVu.exe
  2⤵
  PID:9424
- C:\Windows\System\YEGZKOg.exe
  C:\Windows\System\YEGZKOg.exe
  2⤵
  PID:9476
- C:\Windows\System\OuhuXKd.exe
  C:\Windows\System\OuhuXKd.exe
  2⤵
  PID:9536
- C:\Windows\System\PsVaNKM.exe
  C:\Windows\System\PsVaNKM.exe
  2⤵
  PID:9592
- C:\Windows\System\cbIJgKB.exe
  C:\Windows\System\cbIJgKB.exe
  2⤵
  PID:9684
- C:\Windows\System\XJSnfZA.exe
  C:\Windows\System\XJSnfZA.exe
  2⤵
  PID:9744
- C:\Windows\System\BqMvODQ.exe
  C:\Windows\System\BqMvODQ.exe
  2⤵
  PID:9800
- C:\Windows\System\qtDfkLN.exe
  C:\Windows\System\qtDfkLN.exe
  2⤵
  PID:4136
- C:\Windows\System\xaszPCy.exe
  C:\Windows\System\xaszPCy.exe
  2⤵
  PID:9952
- C:\Windows\System\XoOnuSw.exe
  C:\Windows\System\XoOnuSw.exe
  2⤵
  PID:10012
- C:\Windows\System\VyIlqIY.exe
  C:\Windows\System\VyIlqIY.exe
  2⤵
  PID:10052
- C:\Windows\System\yOKFcny.exe
  C:\Windows\System\yOKFcny.exe
  2⤵
  PID:10108
- C:\Windows\System\BWTMGam.exe
  C:\Windows\System\BWTMGam.exe
  2⤵
  PID:10136
- C:\Windows\System\nlXIUgi.exe
  C:\Windows\System\nlXIUgi.exe
  2⤵
  PID:10188
- C:\Windows\System\jOqKClB.exe
  C:\Windows\System\jOqKClB.exe
  2⤵
  PID:10236
- C:\Windows\System\WQcPWHE.exe
  C:\Windows\System\WQcPWHE.exe
  2⤵
  PID:9348
- C:\Windows\System\joSqhCC.exe
  C:\Windows\System\joSqhCC.exe
  2⤵
  PID:9460
- C:\Windows\System\COFghWN.exe
  C:\Windows\System\COFghWN.exe
  2⤵
  PID:9648
- C:\Windows\System\eXNMSpP.exe
  C:\Windows\System\eXNMSpP.exe
  2⤵
  PID:9824
- C:\Windows\System\uvyIAcn.exe
  C:\Windows\System\uvyIAcn.exe
  2⤵
  PID:9924
- C:\Windows\System\BBYhzLd.exe
  C:\Windows\System\BBYhzLd.exe
  2⤵
  PID:10128
- C:\Windows\System\raQBKTw.exe
  C:\Windows\System\raQBKTw.exe
  2⤵
  PID:10156
- C:\Windows\System\FxQjdIv.exe
  C:\Windows\System\FxQjdIv.exe
  2⤵
  PID:9712
- C:\Windows\System\cgjhcfI.exe
  C:\Windows\System\cgjhcfI.exe
  2⤵
  PID:10208
- C:\Windows\System\ZxhhBZN.exe
  C:\Windows\System\ZxhhBZN.exe
  2⤵
  PID:10096
- C:\Windows\System\NMffOEN.exe
  C:\Windows\System\NMffOEN.exe
  2⤵
  PID:10272
- C:\Windows\System\HJBLLGT.exe
  C:\Windows\System\HJBLLGT.exe
  2⤵
  PID:10308
- C:\Windows\System\YAeSEvD.exe
  C:\Windows\System\YAeSEvD.exe
  2⤵
  PID:10336
- C:\Windows\System\oefwDou.exe
  C:\Windows\System\oefwDou.exe
  2⤵
  PID:10364
- C:\Windows\System\uypGYgN.exe
  C:\Windows\System\uypGYgN.exe
  2⤵
  PID:10396
- C:\Windows\System\RVdGPKg.exe
  C:\Windows\System\RVdGPKg.exe
  2⤵
  PID:10424
- C:\Windows\System\xFbHVCz.exe
  C:\Windows\System\xFbHVCz.exe
  2⤵
  PID:10444
- C:\Windows\System\JBOQwBt.exe
  C:\Windows\System\JBOQwBt.exe
  2⤵
  PID:10480
- C:\Windows\System\qDhOFEe.exe
  C:\Windows\System\qDhOFEe.exe
  2⤵
  PID:10508
- C:\Windows\System\kjcSFKV.exe
  C:\Windows\System\kjcSFKV.exe
  2⤵
  PID:10540
- C:\Windows\System\WCVSAdZ.exe
  C:\Windows\System\WCVSAdZ.exe
  2⤵
  PID:10568
- C:\Windows\System\UCpiOPQ.exe
  C:\Windows\System\UCpiOPQ.exe
  2⤵
  PID:10596
- C:\Windows\System\HkvzjsC.exe
  C:\Windows\System\HkvzjsC.exe
  2⤵
  PID:10624
- C:\Windows\System\NRsyDWI.exe
  C:\Windows\System\NRsyDWI.exe
  2⤵
  PID:10652
- C:\Windows\System\yVnRGlI.exe
  C:\Windows\System\yVnRGlI.exe
  2⤵
  PID:10680
- C:\Windows\System\zIFlFjB.exe
  C:\Windows\System\zIFlFjB.exe
  2⤵
  PID:10708
- C:\Windows\System\FEpPfaA.exe
  C:\Windows\System\FEpPfaA.exe
  2⤵
  PID:10736
- C:\Windows\System\cSCIcyd.exe
  C:\Windows\System\cSCIcyd.exe
  2⤵
  PID:10764
- C:\Windows\System\blGevVB.exe
  C:\Windows\System\blGevVB.exe
  2⤵
  PID:10784
- C:\Windows\System\OwwbIVy.exe
  C:\Windows\System\OwwbIVy.exe
  2⤵
  PID:10820
- C:\Windows\System\iikoPZl.exe
  C:\Windows\System\iikoPZl.exe
  2⤵
  PID:10852
- C:\Windows\System\NrXHimV.exe
  C:\Windows\System\NrXHimV.exe
  2⤵
  PID:10868
- C:\Windows\System\JkgbXAI.exe
  C:\Windows\System\JkgbXAI.exe
  2⤵
  PID:10888
- C:\Windows\System\CRaGrkA.exe
  C:\Windows\System\CRaGrkA.exe
  2⤵
  PID:10916
- C:\Windows\System\ljzKxAQ.exe
  C:\Windows\System\ljzKxAQ.exe
  2⤵
  PID:10952
- C:\Windows\System\DcPmytM.exe
  C:\Windows\System\DcPmytM.exe
  2⤵
  PID:10980
- C:\Windows\System\zFZmByB.exe
  C:\Windows\System\zFZmByB.exe
  2⤵
  PID:11016
- C:\Windows\System\wzLRbJp.exe
  C:\Windows\System\wzLRbJp.exe
  2⤵
  PID:11044
- C:\Windows\System\IaATHOC.exe
  C:\Windows\System\IaATHOC.exe
  2⤵
  PID:11076
- C:\Windows\System\ietTLwQ.exe
  C:\Windows\System\ietTLwQ.exe
  2⤵
  PID:11104
- C:\Windows\System\whyCeto.exe
  C:\Windows\System\whyCeto.exe
  2⤵
  PID:11132
- C:\Windows\System\AmhSMYG.exe
  C:\Windows\System\AmhSMYG.exe
  2⤵
  PID:11160
- C:\Windows\System\FmqLBdT.exe
  C:\Windows\System\FmqLBdT.exe
  2⤵
  PID:11188
- C:\Windows\System\eNrnQra.exe
  C:\Windows\System\eNrnQra.exe
  2⤵
  PID:11220
- C:\Windows\System\vBagqux.exe
  C:\Windows\System\vBagqux.exe
  2⤵
  PID:11236
- C:\Windows\System\kVZOUDi.exe
  C:\Windows\System\kVZOUDi.exe
  2⤵
  PID:11252
- C:\Windows\System\FapiDGn.exe
  C:\Windows\System\FapiDGn.exe
  2⤵
  PID:10268
- C:\Windows\System\zorakaM.exe
  C:\Windows\System\zorakaM.exe
  2⤵
  PID:10376
- C:\Windows\System\GTQaMor.exe
  C:\Windows\System\GTQaMor.exe
  2⤵
  PID:2472
- C:\Windows\System\ItwWqxP.exe
  C:\Windows\System\ItwWqxP.exe
  2⤵
  PID:10440
- C:\Windows\System\xxdpxif.exe
  C:\Windows\System\xxdpxif.exe
  2⤵
  PID:10536
- C:\Windows\System\eUqBCdi.exe
  C:\Windows\System\eUqBCdi.exe
  2⤵
  PID:10608
- C:\Windows\System\OrBAMKO.exe
  C:\Windows\System\OrBAMKO.exe
  2⤵
  PID:10668
- C:\Windows\System\CzGTRAF.exe
  C:\Windows\System\CzGTRAF.exe
  2⤵
  PID:10748
- C:\Windows\System\IITqMWd.exe
  C:\Windows\System\IITqMWd.exe
  2⤵
  PID:10816
- C:\Windows\System\avjmGaV.exe
  C:\Windows\System\avjmGaV.exe
  2⤵
  PID:10864
- C:\Windows\System\WZqCpNP.exe
  C:\Windows\System\WZqCpNP.exe
  2⤵
  PID:10900
- C:\Windows\System\oJNRzJR.exe
  C:\Windows\System\oJNRzJR.exe
  2⤵
  PID:10964
- C:\Windows\System\WrCOHHz.exe
  C:\Windows\System\WrCOHHz.exe
  2⤵
  PID:11060
- C:\Windows\System\aUXANbh.exe
  C:\Windows\System\aUXANbh.exe
  2⤵
  PID:11128
- C:\Windows\System\GRwkkqW.exe
  C:\Windows\System\GRwkkqW.exe
  2⤵
  PID:11228
- C:\Windows\System\BFpLpqY.exe
  C:\Windows\System\BFpLpqY.exe
  2⤵
  PID:9456
- C:\Windows\System\BITrzos.exe
  C:\Windows\System\BITrzos.exe
  2⤵
  PID:3856
- C:\Windows\System\RVWzHAQ.exe
  C:\Windows\System\RVWzHAQ.exe
  2⤵
  PID:10520
- C:\Windows\System\wZzjxZp.exe
  C:\Windows\System\wZzjxZp.exe
  2⤵
  PID:10700
- C:\Windows\System\yqibSsj.exe
  C:\Windows\System\yqibSsj.exe
  2⤵
  PID:10848
- C:\Windows\System\PBKMASc.exe
  C:\Windows\System\PBKMASc.exe
  2⤵
  PID:10992
- C:\Windows\System\ekNRFGX.exe
  C:\Windows\System\ekNRFGX.exe
  2⤵
  PID:11180
- C:\Windows\System\meHQFLl.exe
  C:\Windows\System\meHQFLl.exe
  2⤵
  PID:10388
- C:\Windows\System\urTHqBv.exe
  C:\Windows\System\urTHqBv.exe
  2⤵
  PID:10672
- C:\Windows\System\wpvvoSl.exe
  C:\Windows\System\wpvvoSl.exe
  2⤵
  PID:11124
- C:\Windows\System\mkduFnj.exe
  C:\Windows\System\mkduFnj.exe
  2⤵
  PID:10592
- C:\Windows\System\JhrYiwe.exe
  C:\Windows\System\JhrYiwe.exe
  2⤵
  PID:10436
- C:\Windows\System\hbCJPet.exe
  C:\Windows\System\hbCJPet.exe
  2⤵
  PID:11288
- C:\Windows\System\LcZRqsb.exe
  C:\Windows\System\LcZRqsb.exe
  2⤵
  PID:11316
- C:\Windows\System\iqRHMBy.exe
  C:\Windows\System\iqRHMBy.exe
  2⤵
  PID:11344
- C:\Windows\System\moJlwtO.exe
  C:\Windows\System\moJlwtO.exe
  2⤵
  PID:11372
- C:\Windows\System\AMSZRRi.exe
  C:\Windows\System\AMSZRRi.exe
  2⤵
  PID:11400
- C:\Windows\System\GluSKSK.exe
  C:\Windows\System\GluSKSK.exe
  2⤵
  PID:11428
- C:\Windows\System\dTqboEa.exe
  C:\Windows\System\dTqboEa.exe
  2⤵
  PID:11456
- C:\Windows\System\BxXzPAx.exe
  C:\Windows\System\BxXzPAx.exe
  2⤵
  PID:11484
- C:\Windows\System\ujZsQeg.exe
  C:\Windows\System\ujZsQeg.exe
  2⤵
  PID:11512
- C:\Windows\System\sGbkOuh.exe
  C:\Windows\System\sGbkOuh.exe
  2⤵
  PID:11540
- C:\Windows\System\JBfrESO.exe
  C:\Windows\System\JBfrESO.exe
  2⤵
  PID:11568
- C:\Windows\System\KjVzZkX.exe
  C:\Windows\System\KjVzZkX.exe
  2⤵
  PID:11596
- C:\Windows\System\tlfzNBm.exe
  C:\Windows\System\tlfzNBm.exe
  2⤵
  PID:11624
- C:\Windows\System\VOXVfEp.exe
  C:\Windows\System\VOXVfEp.exe
  2⤵
  PID:11652
- C:\Windows\System\HMmrxjh.exe
  C:\Windows\System\HMmrxjh.exe
  2⤵
  PID:11672
- C:\Windows\System\KREtAMm.exe
  C:\Windows\System\KREtAMm.exe
  2⤵
  PID:11696
- C:\Windows\System\SIhlDRs.exe
  C:\Windows\System\SIhlDRs.exe
  2⤵
  PID:11736
- C:\Windows\System\LffKkTa.exe
  C:\Windows\System\LffKkTa.exe
  2⤵
  PID:11752
- C:\Windows\System\qatbNZz.exe
  C:\Windows\System\qatbNZz.exe
  2⤵
  PID:11768
- C:\Windows\System\nsJdDpd.exe
  C:\Windows\System\nsJdDpd.exe
  2⤵
  PID:11804
- C:\Windows\System\eMfkPrY.exe
  C:\Windows\System\eMfkPrY.exe
  2⤵
  PID:11836
- C:\Windows\System\PHFwzKj.exe
  C:\Windows\System\PHFwzKj.exe
  2⤵
  PID:11864
- C:\Windows\System\hcgwoSr.exe
  C:\Windows\System\hcgwoSr.exe
  2⤵
  PID:11884
- C:\Windows\System\hwrulJm.exe
  C:\Windows\System\hwrulJm.exe
  2⤵
  PID:11900
- C:\Windows\System\obQzXic.exe
  C:\Windows\System\obQzXic.exe
  2⤵
  PID:11928
- C:\Windows\System\LAEIyLX.exe
  C:\Windows\System\LAEIyLX.exe
  2⤵
  PID:11952
- C:\Windows\System\XZkEFTX.exe
  C:\Windows\System\XZkEFTX.exe
  2⤵
  PID:11984
- C:\Windows\System\klOlPTA.exe
  C:\Windows\System\klOlPTA.exe
  2⤵
  PID:12008
- C:\Windows\System\KzOuQDo.exe
  C:\Windows\System\KzOuQDo.exe
  2⤵
  PID:12044
- C:\Windows\System\KkAogBI.exe
  C:\Windows\System\KkAogBI.exe
  2⤵
  PID:12076
- C:\Windows\System\fSeMJiE.exe
  C:\Windows\System\fSeMJiE.exe
  2⤵
  PID:12108
- C:\Windows\System\ZboqZQu.exe
  C:\Windows\System\ZboqZQu.exe
  2⤵
  PID:12128
- C:\Windows\System\RGBYMkX.exe
  C:\Windows\System\RGBYMkX.exe
  2⤵
  PID:12144
- C:\Windows\System\GqxeBKD.exe
  C:\Windows\System\GqxeBKD.exe
  2⤵
  PID:12160
- C:\Windows\System\qEnehze.exe
  C:\Windows\System\qEnehze.exe
  2⤵
  PID:12184
- C:\Windows\System\NkPqhVG.exe
  C:\Windows\System\NkPqhVG.exe
  2⤵
  PID:12204
- C:\Windows\System\DQWEPua.exe
  C:\Windows\System\DQWEPua.exe
  2⤵
  PID:12228
- C:\Windows\System\VihPKir.exe
  C:\Windows\System\VihPKir.exe
  2⤵
  PID:12256
- C:\Windows\System\SmdCFVV.exe
  C:\Windows\System\SmdCFVV.exe
  2⤵
  PID:10316
- C:\Windows\System\wtcJJiW.exe
  C:\Windows\System\wtcJJiW.exe
  2⤵
  PID:11328
- C:\Windows\System\YzcHNqJ.exe
  C:\Windows\System\YzcHNqJ.exe
  2⤵
  PID:11396
- C:\Windows\System\LVKRXvk.exe
  C:\Windows\System\LVKRXvk.exe
  2⤵
  PID:11448
- C:\Windows\System\zCoffTK.exe
  C:\Windows\System\zCoffTK.exe
  2⤵
  PID:11508
- C:\Windows\System\yiozugw.exe
  C:\Windows\System\yiozugw.exe
  2⤵
  PID:11584
- C:\Windows\System\ccgSPBU.exe
  C:\Windows\System\ccgSPBU.exe
  2⤵
  PID:11644
- C:\Windows\System\cYYfvRp.exe
  C:\Windows\System\cYYfvRp.exe
  2⤵
  PID:11748
- C:\Windows\System\sbkBKWa.exe
  C:\Windows\System\sbkBKWa.exe
  2⤵
  PID:11796
- C:\Windows\System\OdWfbdw.exe
  C:\Windows\System\OdWfbdw.exe
  2⤵
  PID:11896
- C:\Windows\System\BDEzXKI.exe
  C:\Windows\System\BDEzXKI.exe
  2⤵
  PID:11908
- C:\Windows\System\zJmuoRL.exe
  C:\Windows\System\zJmuoRL.exe
  2⤵
  PID:12000
- C:\Windows\System\iIaypBo.exe
  C:\Windows\System\iIaypBo.exe
  2⤵
  PID:10720
- C:\Windows\System\QfUQQac.exe
  C:\Windows\System\QfUQQac.exe
  2⤵
  PID:12136
- C:\Windows\System\xxvBNxl.exe
  C:\Windows\System\xxvBNxl.exe
  2⤵
  PID:12172
- C:\Windows\System\mRjDvvB.exe
  C:\Windows\System\mRjDvvB.exe
  2⤵
  PID:12284
- C:\Windows\System\lCMZgch.exe
  C:\Windows\System\lCMZgch.exe
  2⤵
  PID:11308
- C:\Windows\System\qEXICiP.exe
  C:\Windows\System\qEXICiP.exe
  2⤵
  PID:11580
- C:\Windows\System\DXeNyCV.exe
  C:\Windows\System\DXeNyCV.exe
  2⤵
  PID:11648
- C:\Windows\System\ZHCMmTT.exe
  C:\Windows\System\ZHCMmTT.exe
  2⤵
  PID:11788
- C:\Windows\System\lRBgdiZ.exe
  C:\Windows\System\lRBgdiZ.exe
  2⤵
  PID:11940
- C:\Windows\System\AxbdBHp.exe
  C:\Windows\System\AxbdBHp.exe
  2⤵
  PID:12024
- C:\Windows\System\KfTjWzL.exe
  C:\Windows\System\KfTjWzL.exe
  2⤵
  PID:12088
- C:\Windows\System\vCgajBB.exe
  C:\Windows\System\vCgajBB.exe
  2⤵
  PID:11420
- C:\Windows\System\caReknY.exe
  C:\Windows\System\caReknY.exe
  2⤵
  PID:11708
- C:\Windows\System\qLGgfgs.exe
  C:\Windows\System\qLGgfgs.exe
  2⤵
  PID:12240
- C:\Windows\System\HFOBIZW.exe
  C:\Windows\System\HFOBIZW.exe
  2⤵
  PID:12304
- C:\Windows\System\GHigBaB.exe
  C:\Windows\System\GHigBaB.exe
  2⤵
  PID:12328
- C:\Windows\System\MvVNHwL.exe
  C:\Windows\System\MvVNHwL.exe
  2⤵
  PID:12348
- C:\Windows\System\XzzPbBt.exe
  C:\Windows\System\XzzPbBt.exe
  2⤵
  PID:12380
- C:\Windows\System\GfuFIGB.exe
  C:\Windows\System\GfuFIGB.exe
  2⤵
  PID:12408
- C:\Windows\System\mRcIuzW.exe
  C:\Windows\System\mRcIuzW.exe
  2⤵
  PID:12452
- C:\Windows\System\vdxfjYs.exe
  C:\Windows\System\vdxfjYs.exe
  2⤵
  PID:12488
- C:\Windows\System\tlUNSmO.exe
  C:\Windows\System\tlUNSmO.exe
  2⤵
  PID:12520
- C:\Windows\System\SdxRnjo.exe
  C:\Windows\System\SdxRnjo.exe
  2⤵
  PID:12552
- C:\Windows\System\HrQyKVa.exe
  C:\Windows\System\HrQyKVa.exe
  2⤵
  PID:12568
- C:\Windows\System\pwgqCud.exe
  C:\Windows\System\pwgqCud.exe
  2⤵
  PID:12592
- C:\Windows\System\fzoopkl.exe
  C:\Windows\System\fzoopkl.exe
  2⤵
  PID:12620
- C:\Windows\System\loqiSBC.exe
  C:\Windows\System\loqiSBC.exe
  2⤵
  PID:12648
- C:\Windows\System\jxNdJbm.exe
  C:\Windows\System\jxNdJbm.exe
  2⤵
  PID:12676
- C:\Windows\System\GBuAzOX.exe
  C:\Windows\System\GBuAzOX.exe
  2⤵
  PID:12696
- C:\Windows\System\KCiobWS.exe
  C:\Windows\System\KCiobWS.exe
  2⤵
  PID:12712
- C:\Windows\System\YofFwkw.exe
  C:\Windows\System\YofFwkw.exe
  2⤵
  PID:12740
- C:\Windows\System\WdDBEug.exe
  C:\Windows\System\WdDBEug.exe
  2⤵
  PID:12772
- C:\Windows\System\UEBTtug.exe
  C:\Windows\System\UEBTtug.exe
  2⤵
  PID:12808
- C:\Windows\System\QJjlvWF.exe
  C:\Windows\System\QJjlvWF.exe
  2⤵
  PID:12844
- C:\Windows\System\qsnPojL.exe
  C:\Windows\System\qsnPojL.exe
  2⤵
  PID:12876
- C:\Windows\System\cwLxAzz.exe
  C:\Windows\System\cwLxAzz.exe
  2⤵
  PID:12892
- C:\Windows\System\XRfOorF.exe
  C:\Windows\System\XRfOorF.exe
  2⤵
  PID:12916
- C:\Windows\System\xdjzxqG.exe
  C:\Windows\System\xdjzxqG.exe
  2⤵
  PID:12944
- C:\Windows\System\sXYFrNo.exe
  C:\Windows\System\sXYFrNo.exe
  2⤵
  PID:12964
- C:\Windows\System\aHLSuOK.exe
  C:\Windows\System\aHLSuOK.exe
  2⤵
  PID:12984
- C:\Windows\System\KgTBihl.exe
  C:\Windows\System\KgTBihl.exe
  2⤵
  PID:13004
- C:\Windows\System\bBhIJxY.exe
  C:\Windows\System\bBhIJxY.exe
  2⤵
  PID:13032
- C:\Windows\System\kVOWwtK.exe
  C:\Windows\System\kVOWwtK.exe
  2⤵
  PID:13064
- C:\Windows\System\EPNjufx.exe
  C:\Windows\System\EPNjufx.exe
  2⤵
  PID:13092
- C:\Windows\System\SmyuDcZ.exe
  C:\Windows\System\SmyuDcZ.exe
  2⤵
  PID:13124
- C:\Windows\System\NiqQWpH.exe
  C:\Windows\System\NiqQWpH.exe
  2⤵
  PID:13144
- C:\Windows\System\rlgqfGo.exe
  C:\Windows\System\rlgqfGo.exe
  2⤵
  PID:13168
- C:\Windows\System\ctwggYs.exe
  C:\Windows\System\ctwggYs.exe
  2⤵
  PID:13204
- C:\Windows\System\yconuVA.exe
  C:\Windows\System\yconuVA.exe
  2⤵
  PID:13244
- C:\Windows\System\wHydwVQ.exe
  C:\Windows\System\wHydwVQ.exe
  2⤵
  PID:13280
- C:\Windows\System\mHVsPZU.exe
  C:\Windows\System\mHVsPZU.exe
  2⤵
  PID:13308
- C:\Windows\System\lelSrAC.exe
  C:\Windows\System\lelSrAC.exe
  2⤵
  PID:12196
- C:\Windows\System\SQObctZ.exe
  C:\Windows\System\SQObctZ.exe
  2⤵
  PID:12320
- C:\Windows\System\CRVjLUo.exe
  C:\Windows\System\CRVjLUo.exe
  2⤵
  PID:12360
- C:\Windows\System\mUmwMFT.exe
  C:\Windows\System\mUmwMFT.exe
  2⤵
  PID:12476
- C:\Windows\System\oZaRahA.exe
  C:\Windows\System\oZaRahA.exe
  2⤵
  PID:12748
- C:\Windows\System\TaCfNYo.exe
  C:\Windows\System\TaCfNYo.exe
  2⤵
  PID:12756
- C:\Windows\System\BLquIOj.exe
  C:\Windows\System\BLquIOj.exe
  2⤵
  PID:12868
- C:\Windows\System\KWPoPNV.exe
  C:\Windows\System\KWPoPNV.exe
  2⤵
  PID:4804
- C:\Windows\System\HGCLYcD.exe
  C:\Windows\System\HGCLYcD.exe
  2⤵
  PID:12884
- C:\Windows\System\ZqUlpPA.exe
  C:\Windows\System\ZqUlpPA.exe
  2⤵
  PID:13028
- C:\Windows\System\lMuPwZs.exe
  C:\Windows\System\lMuPwZs.exe
  2⤵
  PID:12996
- C:\Windows\System\HoCVuQo.exe
  C:\Windows\System\HoCVuQo.exe
  2⤵
  PID:13000
- C:\Windows\System\FLvFUQI.exe
  C:\Windows\System\FLvFUQI.exe
  2⤵
  PID:13104
- C:\Windows\System\VAGufav.exe
  C:\Windows\System\VAGufav.exe
  2⤵
  PID:13188
- C:\Windows\System\Ykvcsca.exe
  C:\Windows\System\Ykvcsca.exe
  2⤵
  PID:13228
- C:\Windows\System\IKxdaXM.exe
  C:\Windows\System\IKxdaXM.exe
  2⤵
  PID:13304
- C:\Windows\System\jXXOZeU.exe
  C:\Windows\System\jXXOZeU.exe
  2⤵
  PID:12372
- C:\Windows\System\meICRqK.exe
  C:\Windows\System\meICRqK.exe
  2⤵
  PID:12688
- C:\Windows\System\snDUJqx.exe
  C:\Windows\System\snDUJqx.exe
  2⤵
  PID:12708
- C:\Windows\System\KzHvWir.exe
  C:\Windows\System\KzHvWir.exe
  2⤵
  PID:2124
- C:\Windows\System\hstkptD.exe
  C:\Windows\System\hstkptD.exe
  2⤵
  PID:13100
- C:\Windows\System\QAqOKMO.exe
  C:\Windows\System\QAqOKMO.exe
  2⤵
  PID:13272
- C:\Windows\System\wOBqFPl.exe
  C:\Windows\System\wOBqFPl.exe
  2⤵
  PID:12296
- C:\Windows\System\xfQelUz.exe
  C:\Windows\System\xfQelUz.exe
  2⤵
  PID:12548
- C:\Windows\System\zUdkEmb.exe
  C:\Windows\System\zUdkEmb.exe
  2⤵
  PID:12952
- C:\Windows\System\XvcpolZ.exe
  C:\Windows\System\XvcpolZ.exe
  2⤵
  PID:13196
- C:\Windows\System\yOLbkAM.exe
  C:\Windows\System\yOLbkAM.exe
  2⤵
  PID:10840
- C:\Windows\System\WWMxBxX.exe
  C:\Windows\System\WWMxBxX.exe
  2⤵
  PID:13224
- C:\Windows\System\vWuqJcs.exe
  C:\Windows\System\vWuqJcs.exe
  2⤵
  PID:13320
- C:\Windows\System\NaqVXyi.exe
  C:\Windows\System\NaqVXyi.exe
  2⤵
  PID:13356
- C:\Windows\System\hNceRCy.exe
  C:\Windows\System\hNceRCy.exe
  2⤵
  PID:13388
- C:\Windows\System\lIzKOeX.exe
  C:\Windows\System\lIzKOeX.exe
  2⤵
  PID:13412
- C:\Windows\System\ierpjjc.exe
  C:\Windows\System\ierpjjc.exe
  2⤵
  PID:13428
- C:\Windows\System\XiUgzFn.exe
  C:\Windows\System\XiUgzFn.exe
  2⤵
  PID:13448
- C:\Windows\System\hblSfbF.exe
  C:\Windows\System\hblSfbF.exe
  2⤵
  PID:13472
- C:\Windows\System\TtpSaqh.exe
  C:\Windows\System\TtpSaqh.exe
  2⤵
  PID:13492
- C:\Windows\System\NQgxKOz.exe
  C:\Windows\System\NQgxKOz.exe
  2⤵
  PID:13508
- C:\Windows\System\JsUGNYH.exe
  C:\Windows\System\JsUGNYH.exe
  2⤵
  PID:13552
- C:\Windows\System\OydRhVw.exe
  C:\Windows\System\OydRhVw.exe
  2⤵
  PID:13584
- C:\Windows\System\cFlftBl.exe
  C:\Windows\System\cFlftBl.exe
  2⤵
  PID:13616
- C:\Windows\System\QprHpBu.exe
  C:\Windows\System\QprHpBu.exe
  2⤵
  PID:13652
- C:\Windows\System\XKiCcBy.exe
  C:\Windows\System\XKiCcBy.exe
  2⤵
  PID:13672
- C:\Windows\System\ddNkcXd.exe
  C:\Windows\System\ddNkcXd.exe
  2⤵
  PID:13696
- C:\Windows\System\rPAhNZN.exe
  C:\Windows\System\rPAhNZN.exe
  2⤵
  PID:13728
- C:\Windows\System\vCiJoyr.exe
  C:\Windows\System\vCiJoyr.exe
  2⤵
  PID:13752
- C:\Windows\System\NTFOlDE.exe
  C:\Windows\System\NTFOlDE.exe
  2⤵
  PID:13780
- C:\Windows\System\CCTkvoh.exe
  C:\Windows\System\CCTkvoh.exe
  2⤵
  PID:13800
- C:\Windows\System\FWkIvPS.exe
  C:\Windows\System\FWkIvPS.exe
  2⤵
  PID:13828
- C:\Windows\System\VfCRHza.exe
  C:\Windows\System\VfCRHza.exe
  2⤵
  PID:13880
- C:\Windows\System\bNJDFFd.exe
  C:\Windows\System\bNJDFFd.exe
  2⤵
  PID:13896
- C:\Windows\System\AjXCyuN.exe
  C:\Windows\System\AjXCyuN.exe
  2⤵
  PID:13912
- C:\Windows\System\hePnzBw.exe
  C:\Windows\System\hePnzBw.exe
  2⤵
  PID:13944
- C:\Windows\System\CGFZaXv.exe
  C:\Windows\System\CGFZaXv.exe
  2⤵
  PID:13976
- C:\Windows\System\AHGPVRF.exe
  C:\Windows\System\AHGPVRF.exe
  2⤵
  PID:14008
- C:\Windows\System\LMffXJY.exe
  C:\Windows\System\LMffXJY.exe
  2⤵
  PID:14028
- C:\Windows\System\CATbtle.exe
  C:\Windows\System\CATbtle.exe
  2⤵
  PID:14060
- C:\Windows\System\VEecKMc.exe
  C:\Windows\System\VEecKMc.exe
  2⤵
  PID:14084
- C:\Windows\System\KIIjAQX.exe
  C:\Windows\System\KIIjAQX.exe
  2⤵
  PID:14124
- C:\Windows\System\lupwpmL.exe
  C:\Windows\System\lupwpmL.exe
  2⤵
  PID:14152
- C:\Windows\System\EcqwWoB.exe
  C:\Windows\System\EcqwWoB.exe
  2⤵
  PID:14184
- C:\Windows\System\znIGbXV.exe
  C:\Windows\System\znIGbXV.exe
  2⤵
  PID:14212
- C:\Windows\System\FSxvWDF.exe
  C:\Windows\System\FSxvWDF.exe
  2⤵
  PID:14248
- C:\Windows\System\hMwriKr.exe
  C:\Windows\System\hMwriKr.exe
  2⤵
  PID:14280
- C:\Windows\System\QwUXtuR.exe
  C:\Windows\System\QwUXtuR.exe
  2⤵
  PID:14316
- C:\Windows\System\RwuYFOP.exe
  C:\Windows\System\RwuYFOP.exe
  2⤵
  PID:12972
- C:\Windows\System\VtizkHT.exe
  C:\Windows\System\VtizkHT.exe
  2⤵
  PID:13376
- C:\Windows\System\DhjOHBp.exe
  C:\Windows\System\DhjOHBp.exe
  2⤵
  PID:13404
- C:\Windows\System\qAzFngy.exe
  C:\Windows\System\qAzFngy.exe
  2⤵
  PID:13504
- C:\Windows\System\KzddToy.exe
  C:\Windows\System\KzddToy.exe
  2⤵
  PID:13604
- C:\Windows\System\ebGtRgF.exe
  C:\Windows\System\ebGtRgF.exe
  2⤵
  PID:13664

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BOTEZDx.exe

Filesize
2.0MB

MD5
55ee24044b7c973c44ef60142464eba4

SHA1
759445c488b5a426ecd1b67b4ac7112499cbaab4

SHA256
a2948fa3e5a6eac5fc604ebe6baf91546e5b71ef7dfbd76d214d87f0113f2a5a

SHA512
b5d277cf05fb58faef7c90270d7c386da5056db5b2ceaee59e051b8629717bb6d07344aaad9a30d395ada9023b61e85d0e0d1bbc39928abe6e28b9ec4ac07221

Download Submit
C:\Windows\System\CvaTklw.exe

Filesize
2.0MB

MD5
9411ea9fab2cdbabebba778e4ec481ec

SHA1
e3b2ce004949b0da63c7dfdcff584577b7b5435e

SHA256
0dc753479d31712aa3a59e96e4aa00b61338d49a21b4c7daf412e0709ccf6d74

SHA512
3ca7dae90e89d1e2ca49f7f374b2eba96793ec0e25e7554694ae1b792846f166ff7109d9eb3141dba034f0408cda1d359f2b2cbb7c0daffa4eef4fc3fac2bd20

Download Submit
C:\Windows\System\DnQCxHZ.exe

Filesize
2.0MB

MD5
1393b218f155e97778f5f1b85610c2d7

SHA1
5a982d568fca376af10ebedb8f5c555a11574327

SHA256
d37d7c7af4f162157485d324e13cc0c4f74f2d41df1a07dbe0bbae5ea4911686

SHA512
d321cf1c2a334487e20b7ad610817f5e4ae7cb4d18ea8a544e85b6fe39c6b22f6f15f5686a18798af18d72814c05fb830b14dfde663c88a2a9782e14bdfce3fe

Download Submit
C:\Windows\System\EiBhcpT.exe

Filesize
2.0MB

MD5
57a7b8a0a314a43da33aa47e05633d9e

SHA1
e48773772dc66fff16e4aedda6958c9a63b10c96

SHA256
cd9eda9bc821e5e7da5ee0a4f11b167c927f1569c266e4f598631eb452ad9723

SHA512
5b98a5645c1d8c62c8cdc0b8cf04aec8c84ccbf3cf8c696534f43f2d415f1e015dbf5bdbbe5f7b95bcf185093e966c154d8da6ad56ee1036203728a63990b69b

Download Submit
C:\Windows\System\FvZCcUL.exe

Filesize
2.0MB

MD5
947d1f13999e4e77e6b6456dbecd235d

SHA1
5327897793cbb9d48ac22f5d5736aa3c0a56d96b

SHA256
84c5383835a1d67e5434ff82d1e988d4c2beca5b4c457fc84e98cf0398b01970

SHA512
3855b424b00a61379add775a92b82a834562eedaaa1ef544c3119a34001ad4b9b050437f275b08ed5ff71ce35c2b4a4db3c16166897edd75a4ed280b12e2dee7

Download Submit
C:\Windows\System\GreAkBZ.exe

Filesize
2.0MB

MD5
fe7539ec3f6e252146ff2baea1ed0fce

SHA1
bfcf76627e3a81fbd3be3f440337a5da345daa8b

SHA256
053aaeab224ad7f002db0168376abdde74b715bd155d7d581b62f945b902ff3a

SHA512
a4d74a329661c4cd75a75843e9163776ebe01dfd37a7aa237943a003b44ffecb7cb4218013116cc3f5c7d929329065108673cc8b7dd129dec00579e73be6358b

Download Submit
C:\Windows\System\HpufXfN.exe

Filesize
2.0MB

MD5
9502fe42596492b5e6d20889ed8181c4

SHA1
3358f36b20954645d55a4d720790e3b8d6bc73b1

SHA256
a162892dccb59f33e45aac946e41b4e4c3159bb22d57c16c63b11d5361a507f0

SHA512
79496dba6cda4fde2d74fa9dbfc22d4693f7da4d764fd24615400b943b1b598a88fe84b6017d9816e2e2400519eaf36d41adb2361513f38c748e807077035aa5

Download Submit
C:\Windows\System\JWOxqoK.exe

Filesize
2.0MB

MD5
98cea661ef65271ab8f267fe79056b93

SHA1
b62a1215b7d6024b1e439324de00b7f2d02b1de6

SHA256
a4ddad1074cc4d9fc0033590573ec6e65479f068c5aeac62873c45cdfa157d93

SHA512
d92c2a14e30d0e512bcdc608467c8bb7bada124d9469b3f0da3885404a131d4dbc67ce76d687fd8fdc1f8d1d5b78811a6a1f3c7e62e70622c2ff470a46325ed3

Download Submit
C:\Windows\System\OuXzwuO.exe

Filesize
2.0MB

MD5
d86aaa329f590fe37a0fc29a3661dfd4

SHA1
cbe37ae043548da2971726ba178cc267aa2e3dc2

SHA256
4f63337fd7717e2a243e0f8bc714fa19136fefba54359ab88501eb6aa624d4b7

SHA512
81222bf38ae47c23f3b94562d3f00c33fce1f5d686bd596503bcf1da19c5bb87a088bfcf99868750b58fd1235be8b45525012a9632e3ff64649f31746ec94d0c

Download Submit
C:\Windows\System\PSqehSb.exe

Filesize
2.0MB

MD5
724e93cd1651a7f7ff37d5800867ab74

SHA1
c5a6612ff10074af64d1925a82b5c19735a3ac88

SHA256
2e17d6e634faaeb47e4d53651bfc9e8be676dc649cf2e64ffa599520c0e277c6

SHA512
9bdef377894e2878eccb0c4b0dfd443c1f2ace2f42cff3a9a4e365cbea33a9326d7e3f476fa78449ec8da4a6d99c944039bcf1413dc157c44d1e192f0d6391d8

Download Submit
C:\Windows\System\PcxUdZY.exe

Filesize
2.0MB

MD5
a552f5ccf65c5531ba32a1b4a7c167a2

SHA1
2b4da1acc50c7873b6a4e189b21b28d090863a7b

SHA256
7a90a16f909f329eb3dc6c1102074f1e342b24075b841f8d675bf7099fe0fc97

SHA512
55572186d06fd6493c9ae7689fe2f620b5f6bc61193c3f6bf994567eb1ea153995710fd152bd79029f460a8925890aca19a710c2774ccd266ced258997a230f6

Download Submit
C:\Windows\System\RElBNkf.exe

Filesize
2.0MB

MD5
fe4f92ddd409a90ff7b2aea2b3a070a3

SHA1
9075c4cba18b974a2123695726e1e06668b3e33a

SHA256
a99913953e42ee102d4d5b7554c7998420fea1d15bd4c10b66adae12d836ec51

SHA512
5eca5ecdf7df0a5f58f572995e813fb3bc32dcd04a028c6b317079423da3da5e3dde565f7a7ce6e878d796d57e3af415dfb8bf1fb178fc0e524856ce7f7823dc

Download Submit
C:\Windows\System\ThkCLcW.exe

Filesize
2.0MB

MD5
a66be1f8be2c9591d05cd82fd3081706

SHA1
5b9c9d0b60b9da9a2979ce048fbae0dfee154e05

SHA256
c57681611d851ecb94e79a44b94f5b4b1532f9a5f8770afebae4d26470e03828

SHA512
3d106013b5e962df7f69528f84fcbe86afe8a7a2f8ced5e06d2d891fbe0ba0434ddead48c4ea8033931dcfefe2067f1f6c5952b1d549054acc92f7d24cf12ab0

Download Submit
C:\Windows\System\UZAtwKO.exe

Filesize
2.0MB

MD5
52a1d21148ec170c2eee7fd4ce0b36c6

SHA1
af4db1eb20e1078eeb57b2b6212f627c9b45ff27

SHA256
12eccc095f9f208dd4df7d359c58077db1eadb7e0d93466b9ea9752dae7caecc

SHA512
e784862a3c8095455dc6f81319b35623586770ec195c0f0a0274c5f8cdd8a77298f46d6d11a86af8e6c84ba2c21967bad0eef972c0ca37f2f9129b8865296fd6

Download Submit
C:\Windows\System\VbWyHgn.exe

Filesize
2.0MB

MD5
b49acc892bbd9d1dd54899bd3b6cb2df

SHA1
abb30849b28dc1e57c1c5e2d30c642c889b8c7f2

SHA256
493068a545c4b2b1c85d98afaab44bd67b02e020b79058ebd28c244daa919b79

SHA512
83d727ea03dfb4095e296381e74a1660753951ccda5800aaf89c7d3b408f3cde616e3887821cd25dbb63285c84ea4e9e3cb7ff7d581b52a95bbced229faaf5f7

Download Submit
C:\Windows\System\XxoaHoO.exe

Filesize
2.0MB

MD5
a3127bde3dc60d869dfffd84859edd2a

SHA1
c160865904ef3afec1d04beaef7f4dd10c4c5fed

SHA256
a1ee6a58a26b2ebc80d9c7988ef2c2bc02010a3d9aace0ed754ddffa9410ae42

SHA512
a749914cbe90104526eecb82bd4581fb409c506d53d5c4e60fdbda2ffe383f3b2d28b3fad76c1a9a7cc0e454b6980393b698ab529099bb1e68d29c6986e1c36a

Download Submit
C:\Windows\System\eJwEcmw.exe

Filesize
2.0MB

MD5
0846d54e4ba26309b4a2a9cc769cbd40

SHA1
3c1b2523ec68532b2a8c3a8bc2365048387d9851

SHA256
07f5b055e3baedc910699152ff9fdfc4c1419aa55fb21cb67f394d2e343e1a67

SHA512
4626de6139da8d5575f877d70fbf31bcc7c3afa9541900acd68770b6a4fef4ebde37186e7e621fe1921c8136f04032986bd9e6850e6a65058eac9f467c62b6a1

Download Submit
C:\Windows\System\eKcdJsj.exe

Filesize
2.0MB

MD5
611563fec138560b656c9579fe9bdd53

SHA1
876c9612cf68d3242ee60df2330551c023470c8d

SHA256
d029f911d365aa44fd0f7519e1f85201590441d9b9ea1893d02db47074c5cd38

SHA512
a3e712ebede69d5d1695452594d5661ff1d1c3778b6e2cc229657a7a5a7852b1b3efd82ddbc91298af64e376392b4c2c79ab050ec74f7518b11416788213dd92

Download Submit
C:\Windows\System\gwdIbtj.exe

Filesize
2.0MB

MD5
b5847e488833cbcb0d53a5b2736e5dff

SHA1
3ad59c1a202107e88727eb534dcae444de0a84dc

SHA256
7a9f9ffd94f576c1b4a5cdc614d7e94c6a4e4e18270f8102cd7588dec7b8ef73

SHA512
82895ded25334c85d740751ea9687bab6e533ef30c9cc43c9d556b7e6b1478c3e8790cd27793ec852c6c942905f40e8db6f9e80862cf1762e0d23176720135fe

Download Submit
C:\Windows\System\hWzCFoo.exe

Filesize
2.0MB

MD5
f9d1c96a96edae1b440aecc3c0fa9746

SHA1
91bacfd3244e7301ad03e7cf9b077a2839f36976

SHA256
3be8778a975153fabe74c3bc6f8915a93e6656ec4614198f7e0d25f400f9b056

SHA512
9c7fb61ac672b7f9e2ed9e57a2920cdd3d2d2bf6feb90ae7e4f8692a40b01659c4cc5a5227918c06734d531e68cb399ad000d9251ec6f6a6d665367fe9378f36

Download Submit
C:\Windows\System\iCaNIfM.exe

Filesize
2.0MB

MD5
56b235a9c65ce63b4623ec2767e6955a

SHA1
eae8ba2e7a87671672a962f9590c745ca59ac6ca

SHA256
6f2d29f551ecebeb2c6ff879944660eb2e3e626b1dd6bb9a8eb3e79c7e566950

SHA512
e3e084967e767f59aa3bf8c7746d5bacb0e25bbe5d0c048e3bfbdbe8085409ce2179594cb702bba79b4f18750b9d90d21877561bce4a4743295123b7c6248427

Download Submit
C:\Windows\System\jUXXlJt.exe

Filesize
2.0MB

MD5
f35fa2b41fabf90441ef68d5eb95a821

SHA1
4afaf0190bb073e2060f354d2184cc4596ae2db1

SHA256
c44f0c209362b0342d1b910d610cec8c2448fe48c14dc0d25ee3af5a4704e74e

SHA512
afcb959b62f690f1792e434206ceded0f4b4e109f1ed075c44631ed8ce3cb6a193e8d82b45173f8834d2419dafefed14d7240b339f9a71b693ca613905493381

Download Submit
C:\Windows\System\nEhkvQj.exe

Filesize
2.0MB

MD5
f7b09f0c967449ae14890e478ed716dd

SHA1
880078afe8f6b89d8be0b104263cef276fde715b

SHA256
1f5c670f00a64b748a7476ff463feea0f3cb5087f4fe78dff7ba9306a3c9c813

SHA512
bf111d427d1a13fbeab8205b0d204f266d238f84f0adb4ea297865c4651ad9dd7d00b441fd76df4840abccbac6f285ba67563355587d12ef36d7ddecb3e50c65

Download Submit
C:\Windows\System\nJNrVJq.exe

Filesize
2.0MB

MD5
c73c52fca72b4013ffd7cc2c868c7143

SHA1
bd81a61fb4508ac5626e0308656a729fbfa22d64

SHA256
4bdde09d613cba37ec179c15a3f55d7185f8387337afa4e167bf552c33a6fe28

SHA512
410f31bc8b0c53467444b80c928c7beccb6b651001eb2e4709c15e2e188f488a2fde7106d55d4de34a520676e194738de6de99fb327a6580dbdc03bd5c5d95cc

Download Submit
C:\Windows\System\nicUpsN.exe

Filesize
2.0MB

MD5
d18abba3de704b41504799377e4d8ed9

SHA1
afa1b255a31b91f818059e2ac2d60240039ad6cb

SHA256
f811c5133cc133e7ee50a253f05ef7a659f2f7eca40339e2ef5bf288f2dca5a3

SHA512
bb6c3b8789c905534e197aff9e5a43eb4c9cec1126235719162d876943e19c70a7d922af65a2e4e89b376a23982db21f92841dfb000bd3e0133a6ce845f71507

Download Submit
C:\Windows\System\nllmlIP.exe

Filesize
2.0MB

MD5
60948ca6701a17002986bb7f00dfacb1

SHA1
2dbc2e7018180eae419b864c8e7665f8e71fcfe5

SHA256
3501e4b89d24489f5e6ed5f7b139b6664224f6d1472cf1b7be4e69507bc27e3a

SHA512
5e0a38ac03da328feaf9f3b8a44b8ebd3c8680b6823bb9ee130c9d13550d29d8b5ce092b606bb74e6150a45ed54cb0600cf28e4df8a73ab8a3a28c898926756b

Download Submit
C:\Windows\System\ooCKDHc.exe

Filesize
2.0MB

MD5
fe8f5920f6b486fd824a417568673f46

SHA1
c3042b9f33e1d0a639f32cbf1c4f3f2f22d22622

SHA256
e868248c62794909518e1e0e44a36b3ff6372a43fdc53be09d02a276fbad4c43

SHA512
b3b5699a1f853cfadcefe028dace819df503004d6913aa270f225f6f5427914143738d1181240d65473397ce87a72dcdee4c9ba4fe36bd871550d25cb96a3763

Download Submit
C:\Windows\System\qrUlcEF.exe

Filesize
2.0MB

MD5
e4c4dae60a0ac55237ebec5351bcc91f

SHA1
ebcab1795c41c159233570b7e7175048fce774a5

SHA256
26b78625490ed0478e1c645d38d21c17c0bb3926a4adfb0292dadb7c171abee6

SHA512
bc7468c4bc0ba0d45ece75d9dbb828dccfb6fd97d75dcfdc68fcace2c5859a1f347aebda34d5bd7ecd079c2f92653a7a3200697c6a4fe92cff4dcca00139e314

Download Submit
C:\Windows\System\rmAFMYg.exe

Filesize
2.0MB

MD5
510cffe6e86184e242656642d6e7dc23

SHA1
b901236d382cdacb60730c602223627951fe3561

SHA256
de3d9512384e25ffc83b57032ed2361a2d8da245810fc3b42a303679401e4351

SHA512
535a44892bebc7de74563aa33584d360be6ddea3697fee8fb5beb69257faa4f89f2ed0b7b73389462e8168e7c8bf8c42a49a3c69a1da0e20290787fca815e360

Download Submit
C:\Windows\System\sROPNvS.exe

Filesize
2.0MB

MD5
151cbff8d3d362d2bb9301fa856dbb16

SHA1
09dbac861fe621e47af03054841b9f50b86773c8

SHA256
0db14e304e6206b44a0d72a071db88845be5d33d78e18a3a31096e9dd8d60e01

SHA512
1b75bceb20be409db9efb9d9d34b9602484082f1892815e38aa7d1e73ac1697faa7db2925df81b86fb9863373280d1094be20153dedcf8356f8f8d663ee7dc28

Download Submit
C:\Windows\System\tEtnhNg.exe

Filesize
2.0MB

MD5
b0ba01d9a98e5c0e007c693fa7b5adfd

SHA1
b487546f60d9b11439e60c49c83cfe5abf583842

SHA256
3848ea7ce5949dacec4d7152142f62b9af539c9121a099f880f4701e158e07d3

SHA512
e73a3f9991373aede0a89551e722c0d5441db965206c4d4e1d64b397eaaf90d3eabbbce866ba44c8a79a5973a1a3a5d6d5774c40e93134c8bd8f08f471fbed4b

Download Submit
C:\Windows\System\uypJJBL.exe

Filesize
2.0MB

MD5
bc9b7be1f2dd2ddab4080dd8b5a3a93b

SHA1
7af759b79b3edb44a31ff91e21e0c0a42dacf026

SHA256
1637609df1414edce76a7b2d3fce7b49fadac937a2bc51c45f2d69c192ecdbad

SHA512
4fd1a0e50e27006bbdc036e381b324541685a4234cad98e71f876c7a9f841aaa90e467dbf7926b7392752b8ac8e507900d3264e30447d039a086c2373ae50606

Download Submit
C:\Windows\System\xYkLDuu.exe

Filesize
2.0MB

MD5
45a65b59da25b22a371eb14f1c5a26a1

SHA1
874a5cb51616b130b11d5eb9fbab763e0065970d

SHA256
188923a60ee047f3a710aeb893bd45203c89f7095d1b3af7837b277941156bb5

SHA512
6534710a5f75ab038200626724acbdb518c9085f1c9dbf53c948892d5e049d356bd92d6d974d782eaa72c9d734a40295770659c8bee1d2b48429ea0cacdd11fe

Download Submit
memory/8-42-0x00007FF7CEC70000-0x00007FF7CEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/8-2147-0x00007FF7CEC70000-0x00007FF7CEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/8-2142-0x00007FF7CEC70000-0x00007FF7CEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/372-2145-0x00007FF604B40000-0x00007FF604E94000-memory.dmp

Filesize
3.3MB

Download
memory/372-239-0x00007FF604B40000-0x00007FF604E94000-memory.dmp

Filesize
3.3MB

Download
memory/604-1-0x000001F0EBF60000-0x000001F0EBF70000-memory.dmp

Filesize
64KB

Download
memory/604-0-0x00007FF6E5200000-0x00007FF6E5554000-memory.dmp

Filesize
3.3MB

Download
memory/880-122-0x00007FF7F7C80000-0x00007FF7F7FD4000-memory.dmp

Filesize
3.3MB

Download
memory/880-2150-0x00007FF7F7C80000-0x00007FF7F7FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-102-0x00007FF621410000-0x00007FF621764000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2151-0x00007FF621410000-0x00007FF621764000-memory.dmp

Filesize
3.3MB

Download
memory/1228-2166-0x00007FF6DB210000-0x00007FF6DB564000-memory.dmp

Filesize
3.3MB

Download
memory/1228-214-0x00007FF6DB210000-0x00007FF6DB564000-memory.dmp

Filesize
3.3MB

Download
memory/1284-2146-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp

Filesize
3.3MB

Download
memory/1284-25-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp

Filesize
3.3MB

Download
memory/1560-16-0x00007FF7FF820000-0x00007FF7FFB74000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2143-0x00007FF7FF820000-0x00007FF7FFB74000-memory.dmp

Filesize
3.3MB

Download
memory/1628-213-0x00007FF763560000-0x00007FF7638B4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2170-0x00007FF763560000-0x00007FF7638B4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-230-0x00007FF76A430000-0x00007FF76A784000-memory.dmp

Filesize
3.3MB

Download
memory/1844-2165-0x00007FF76A430000-0x00007FF76A784000-memory.dmp

Filesize
3.3MB

Download
memory/2068-226-0x00007FF637450000-0x00007FF6377A4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2152-0x00007FF637450000-0x00007FF6377A4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2163-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp

Filesize
3.3MB

Download
memory/2464-242-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp

Filesize
3.3MB

Download
memory/2644-2149-0x00007FF79FBF0000-0x00007FF79FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-237-0x00007FF79FBF0000-0x00007FF79FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2156-0x00007FF727A00000-0x00007FF727D54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-236-0x00007FF727A00000-0x00007FF727D54000-memory.dmp

Filesize
3.3MB

Download
memory/2756-238-0x00007FF7B5C90000-0x00007FF7B5FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2144-0x00007FF7B5C90000-0x00007FF7B5FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2168-0x00007FF74A790000-0x00007FF74AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-210-0x00007FF74A790000-0x00007FF74AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3156-2159-0x00007FF6C7F10000-0x00007FF6C8264000-memory.dmp

Filesize
3.3MB

Download
memory/3156-244-0x00007FF6C7F10000-0x00007FF6C8264000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2154-0x00007FF692370000-0x00007FF6926C4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-209-0x00007FF692370000-0x00007FF6926C4000-memory.dmp

Filesize
3.3MB

Download
memory/3192-2141-0x00007FF770A80000-0x00007FF770DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3192-2148-0x00007FF770A80000-0x00007FF770DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3192-70-0x00007FF770A80000-0x00007FF770DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-243-0x00007FF7A67A0000-0x00007FF7A6AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2164-0x00007FF7A67A0000-0x00007FF7A6AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2162-0x00007FF6AC010000-0x00007FF6AC364000-memory.dmp

Filesize
3.3MB

Download
memory/3268-231-0x00007FF6AC010000-0x00007FF6AC364000-memory.dmp

Filesize
3.3MB

Download
memory/3484-2169-0x00007FF667A10000-0x00007FF667D64000-memory.dmp

Filesize
3.3MB

Download
memory/3484-240-0x00007FF667A10000-0x00007FF667D64000-memory.dmp

Filesize
3.3MB

Download
memory/3680-228-0x00007FF7E3F10000-0x00007FF7E4264000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2155-0x00007FF7E3F10000-0x00007FF7E4264000-memory.dmp

Filesize
3.3MB

Download
memory/3732-232-0x00007FF6331A0000-0x00007FF6334F4000-memory.dmp

Filesize
3.3MB

Download
memory/3732-2161-0x00007FF6331A0000-0x00007FF6334F4000-memory.dmp

Filesize
3.3MB

Download
memory/3916-2171-0x00007FF6298F0000-0x00007FF629C44000-memory.dmp

Filesize
3.3MB

Download
memory/3916-241-0x00007FF6298F0000-0x00007FF629C44000-memory.dmp

Filesize
3.3MB

Download
memory/4352-2160-0x00007FF6DFBA0000-0x00007FF6DFEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4352-233-0x00007FF6DFBA0000-0x00007FF6DFEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2157-0x00007FF62A7C0000-0x00007FF62AB14000-memory.dmp

Filesize
3.3MB

Download
memory/4576-235-0x00007FF62A7C0000-0x00007FF62AB14000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2167-0x00007FF6D4E20000-0x00007FF6D5174000-memory.dmp

Filesize
3.3MB

Download
memory/4716-229-0x00007FF6D4E20000-0x00007FF6D5174000-memory.dmp

Filesize
3.3MB

Download
memory/4748-2158-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp

Filesize
3.3MB

Download
memory/4748-234-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp

Filesize
3.3MB

Download
memory/4996-55-0x00007FF770CB0000-0x00007FF771004000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2153-0x00007FF770CB0000-0x00007FF771004000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2140-0x00007FF770CB0000-0x00007FF771004000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads