xmrig | 17488e2a7906c302ec5db69c1fc60bd6af195f94021e69067790c8066dc33ff3

Analysis

max time kernel
137s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
Size

2.4MB
MD5

d8756370ccdfed49cbc116c0e7297b00
SHA1

946bc466404a4ff014702c0b30c9ae90591b3bf4
SHA256

17488e2a7906c302ec5db69c1fc60bd6af195f94021e69067790c8066dc33ff3
SHA512

a8a2e213fafdc4d5cb76f90c2cf99c030df7a7ff0c4240ce6a9c3bfbf51f2c21f9f626b56ba4a89798ee0ab0a082e506a6db8e048532d683a7ad2ed2ffea3271
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+A4VBqxGLIowx2Jx:BemTLkNdfE0pZrn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4616-0-0x00007FF6E2F40000-0x00007FF6E3294000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/files/0x00080000000233f1-11.dat	xmrig
behavioral2/files/0x00070000000233f6-40.dat	xmrig
behavioral2/files/0x00070000000233f5-42.dat	xmrig
behavioral2/files/0x00070000000233f4-49.dat	xmrig
behavioral2/files/0x00070000000233fc-69.dat	xmrig
behavioral2/files/0x00070000000233fd-82.dat	xmrig
behavioral2/memory/3668-94-0x00007FF65D740000-0x00007FF65DA94000-memory.dmp	xmrig
behavioral2/memory/4688-101-0x00007FF746B50000-0x00007FF746EA4000-memory.dmp	xmrig
behavioral2/memory/2044-104-0x00007FF75D4E0000-0x00007FF75D834000-memory.dmp	xmrig
behavioral2/memory/2332-103-0x00007FF66C510000-0x00007FF66C864000-memory.dmp	xmrig
behavioral2/memory/3524-102-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023400-99.dat	xmrig
behavioral2/files/0x00070000000233ff-97.dat	xmrig
behavioral2/memory/3044-96-0x00007FF679520000-0x00007FF679874000-memory.dmp	xmrig
behavioral2/memory/3604-95-0x00007FF688380000-0x00007FF6886D4000-memory.dmp	xmrig
behavioral2/memory/892-89-0x00007FF786470000-0x00007FF7867C4000-memory.dmp	xmrig
behavioral2/memory/1940-88-0x00007FF732F90000-0x00007FF7332E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fe-85.dat	xmrig
behavioral2/files/0x00070000000233fb-79.dat	xmrig
behavioral2/memory/4380-77-0x00007FF60D500000-0x00007FF60D854000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fa-74.dat	xmrig
behavioral2/memory/4072-72-0x00007FF751010000-0x00007FF751364000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f7-67.dat	xmrig
behavioral2/files/0x00070000000233f9-73.dat	xmrig
behavioral2/memory/3228-61-0x00007FF77C0A0000-0x00007FF77C3F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f8-50.dat	xmrig
behavioral2/memory/5056-46-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	xmrig
behavioral2/memory/3584-44-0x00007FF676730000-0x00007FF676A84000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f3-36.dat	xmrig
behavioral2/memory/4740-30-0x00007FF706F80000-0x00007FF7072D4000-memory.dmp	xmrig
behavioral2/memory/2236-29-0x00007FF777420000-0x00007FF777774000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f2-21.dat	xmrig
behavioral2/memory/2184-10-0x00007FF66BB90000-0x00007FF66BEE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-107.dat	xmrig
behavioral2/files/0x00080000000233ef-117.dat	xmrig
behavioral2/files/0x0007000000023402-116.dat	xmrig
behavioral2/files/0x0007000000023405-134.dat	xmrig
behavioral2/files/0x0007000000023406-151.dat	xmrig
behavioral2/files/0x0007000000023408-162.dat	xmrig
behavioral2/memory/1708-161-0x00007FF6E9710000-0x00007FF6E9A64000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-157.dat	xmrig
behavioral2/memory/2600-156-0x00007FF732DD0000-0x00007FF733124000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-155.dat	xmrig
behavioral2/files/0x0007000000023407-165.dat	xmrig
behavioral2/files/0x0007000000023404-153.dat	xmrig
behavioral2/files/0x0007000000023409-152.dat	xmrig
behavioral2/memory/4252-144-0x00007FF709310000-0x00007FF709664000-memory.dmp	xmrig
behavioral2/memory/552-140-0x00007FF6267D0000-0x00007FF626B24000-memory.dmp	xmrig
behavioral2/memory/4932-137-0x00007FF701600000-0x00007FF701954000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-129.dat	xmrig
behavioral2/memory/676-127-0x00007FF634110000-0x00007FF634464000-memory.dmp	xmrig
behavioral2/memory/2108-170-0x00007FF780B10000-0x00007FF780E64000-memory.dmp	xmrig
behavioral2/memory/3272-201-0x00007FF73BCD0000-0x00007FF73C024000-memory.dmp	xmrig
behavioral2/memory/1944-230-0x00007FF6595B0000-0x00007FF659904000-memory.dmp	xmrig
behavioral2/memory/4412-227-0x00007FF6D1520000-0x00007FF6D1874000-memory.dmp	xmrig
behavioral2/memory/3680-212-0x00007FF750BD0000-0x00007FF750F24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-193.dat	xmrig
behavioral2/files/0x000700000002340f-192.dat	xmrig
behavioral2/files/0x000700000002340c-191.dat	xmrig
behavioral2/memory/4720-188-0x00007FF624720000-0x00007FF624A74000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-190.dat	xmrig
behavioral2/files/0x000700000002340d-179.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2184	IDhVCNd.exe
2236	jkJcjwv.exe
4740	vKVExIm.exe
3044	gmRkmpv.exe
3584	MMmYOmN.exe
4688	HzrtJEO.exe
5056	pgybLSc.exe
3228	ksMvqYG.exe
3524	RKDOizl.exe
4072	ULvVXfO.exe
4380	KJdGJno.exe
2332	rOOQBHM.exe
1940	QurKpul.exe
892	ZaSOitu.exe
3668	XDMVkpp.exe
2044	qHKyVSY.exe
3604	FAxkOEc.exe
676	QCjmuQA.exe
3680	uudBLaC.exe
4932	rUZmLJE.exe
552	ypkafbs.exe
4252	wmFQZBl.exe
2600	qjCOwur.exe
1708	OuQqjOC.exe
4412	LyNnMIr.exe
2108	nTvEuhP.exe
1944	wMNxfid.exe
4720	gxfEsYz.exe
3272	FdFIHfo.exe
4292	kAARNNm.exe
4588	NsEqDxV.exe
3700	SZGhCjc.exe
5016	MBjIhFV.exe
3968	pyGpPcq.exe
944	xgZpnRr.exe
1072	ZpaLWhd.exe
2200	QqhvAGQ.exe
4736	arvkjhz.exe
4216	NLJqrhU.exe
2364	oOyegkJ.exe
4312	lgGJhas.exe
4964	drKVXMK.exe
4552	MEueGPw.exe
2468	vkVgcRC.exe
3132	sMGyHhT.exe
1156	phCPWlN.exe
3188	zWWcOnI.exe
4396	AjPfNjT.exe
4908	CXDpQsL.exe
4544	ZgKtIFb.exe
3836	pvhWhJx.exe
624	YfUannf.exe
4424	lQlJjCz.exe
772	fbZBlaf.exe
2832	TKSGAgG.exe
2724	REUXgVJ.exe
2764	tGwUcmK.exe
4040	eDDirAZ.exe
1420	QyTugIn.exe
2800	HgEROEi.exe
3052	TXGMMgB.exe
4540	LXuimjG.exe
2324	TPHGQhA.exe
3388	LFMqRXq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4616-0-0x00007FF6E2F40000-0x00007FF6E3294000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x00080000000233f1-11.dat	upx
behavioral2/files/0x00070000000233f6-40.dat	upx
behavioral2/files/0x00070000000233f5-42.dat	upx
behavioral2/files/0x00070000000233f4-49.dat	upx
behavioral2/files/0x00070000000233fc-69.dat	upx
behavioral2/files/0x00070000000233fd-82.dat	upx
behavioral2/memory/3668-94-0x00007FF65D740000-0x00007FF65DA94000-memory.dmp	upx
behavioral2/memory/4688-101-0x00007FF746B50000-0x00007FF746EA4000-memory.dmp	upx
behavioral2/memory/2044-104-0x00007FF75D4E0000-0x00007FF75D834000-memory.dmp	upx
behavioral2/memory/2332-103-0x00007FF66C510000-0x00007FF66C864000-memory.dmp	upx
behavioral2/memory/3524-102-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp	upx
behavioral2/files/0x0007000000023400-99.dat	upx
behavioral2/files/0x00070000000233ff-97.dat	upx
behavioral2/memory/3044-96-0x00007FF679520000-0x00007FF679874000-memory.dmp	upx
behavioral2/memory/3604-95-0x00007FF688380000-0x00007FF6886D4000-memory.dmp	upx
behavioral2/memory/892-89-0x00007FF786470000-0x00007FF7867C4000-memory.dmp	upx
behavioral2/memory/1940-88-0x00007FF732F90000-0x00007FF7332E4000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-85.dat	upx
behavioral2/files/0x00070000000233fb-79.dat	upx
behavioral2/memory/4380-77-0x00007FF60D500000-0x00007FF60D854000-memory.dmp	upx
behavioral2/files/0x00070000000233fa-74.dat	upx
behavioral2/memory/4072-72-0x00007FF751010000-0x00007FF751364000-memory.dmp	upx
behavioral2/files/0x00070000000233f7-67.dat	upx
behavioral2/files/0x00070000000233f9-73.dat	upx
behavioral2/memory/3228-61-0x00007FF77C0A0000-0x00007FF77C3F4000-memory.dmp	upx
behavioral2/files/0x00070000000233f8-50.dat	upx
behavioral2/memory/5056-46-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	upx
behavioral2/memory/3584-44-0x00007FF676730000-0x00007FF676A84000-memory.dmp	upx
behavioral2/files/0x00070000000233f3-36.dat	upx
behavioral2/memory/4740-30-0x00007FF706F80000-0x00007FF7072D4000-memory.dmp	upx
behavioral2/memory/2236-29-0x00007FF777420000-0x00007FF777774000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-21.dat	upx
behavioral2/memory/2184-10-0x00007FF66BB90000-0x00007FF66BEE4000-memory.dmp	upx
behavioral2/files/0x0007000000023401-107.dat	upx
behavioral2/files/0x00080000000233ef-117.dat	upx
behavioral2/files/0x0007000000023402-116.dat	upx
behavioral2/files/0x0007000000023405-134.dat	upx
behavioral2/files/0x0007000000023406-151.dat	upx
behavioral2/files/0x0007000000023408-162.dat	upx
behavioral2/memory/1708-161-0x00007FF6E9710000-0x00007FF6E9A64000-memory.dmp	upx
behavioral2/files/0x000700000002340b-157.dat	upx
behavioral2/memory/2600-156-0x00007FF732DD0000-0x00007FF733124000-memory.dmp	upx
behavioral2/files/0x000700000002340a-155.dat	upx
behavioral2/files/0x0007000000023407-165.dat	upx
behavioral2/files/0x0007000000023404-153.dat	upx
behavioral2/files/0x0007000000023409-152.dat	upx
behavioral2/memory/4252-144-0x00007FF709310000-0x00007FF709664000-memory.dmp	upx
behavioral2/memory/552-140-0x00007FF6267D0000-0x00007FF626B24000-memory.dmp	upx
behavioral2/memory/4932-137-0x00007FF701600000-0x00007FF701954000-memory.dmp	upx
behavioral2/files/0x0007000000023403-129.dat	upx
behavioral2/memory/676-127-0x00007FF634110000-0x00007FF634464000-memory.dmp	upx
behavioral2/memory/2108-170-0x00007FF780B10000-0x00007FF780E64000-memory.dmp	upx
behavioral2/memory/3272-201-0x00007FF73BCD0000-0x00007FF73C024000-memory.dmp	upx
behavioral2/memory/1944-230-0x00007FF6595B0000-0x00007FF659904000-memory.dmp	upx
behavioral2/memory/4412-227-0x00007FF6D1520000-0x00007FF6D1874000-memory.dmp	upx
behavioral2/memory/3680-212-0x00007FF750BD0000-0x00007FF750F24000-memory.dmp	upx
behavioral2/files/0x0007000000023410-193.dat	upx
behavioral2/files/0x000700000002340f-192.dat	upx
behavioral2/files/0x000700000002340c-191.dat	upx
behavioral2/memory/4720-188-0x00007FF624720000-0x00007FF624A74000-memory.dmp	upx
behavioral2/files/0x000700000002340e-190.dat	upx
behavioral2/files/0x000700000002340d-179.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GMwFNZV.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\TdDYkLL.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\BQfNlJf.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\hrGAvVd.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\EhQwMPh.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\QCyfCBa.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\bNmubIB.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\LSxpUZQ.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\PBMJFHA.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\AhKzxHz.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\ShhOFLZ.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\vlrbKOW.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\uDuGved.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\fbaXHVa.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\fdLzUFn.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\xTUbWBm.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\QQEQffO.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\SuJyjnt.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\lbjUglK.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\OkUQVnd.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\sqCpyfz.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\LyNnMIr.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\gaXzczM.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\DmPXlHo.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\yEkdYZk.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\yjRQccc.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\CHuIbWR.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\gpVKQyd.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\sQYxAQI.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\ypkafbs.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\MBjIhFV.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\UfPdcJz.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\qbnJTre.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\LCfOtfJ.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\QjbdMKL.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\OyAywIk.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\PpCzodN.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\dDVnoEN.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\jNySeGY.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\CHjtFCF.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\zvDeCQz.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\ZpaLWhd.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\NASbXYe.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\GjNvTOW.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\BMdleFp.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\SxSejEE.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\ShRVnjn.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\MyzzfzW.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\yaEcHsW.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\ZZjxgZK.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\GwGkwIT.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\vegyBOQ.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\kWrEqBZ.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\VsMDlIp.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\xYscoXz.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\DwkaRel.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\NrVQaGE.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\wvGCLlI.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\quRtUuQ.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\wEFrZDE.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\ukvIWUU.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\PmUgDmY.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\WBgbIzB.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
File created	C:\Windows\System\qraMBlC.exe	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1384	dwm.exe
Token: SeChangeNotifyPrivilege	1384	dwm.exe
Token: 33	1384	dwm.exe
Token: SeIncBasePriorityPrivilege	1384	dwm.exe
Token: SeShutdownPrivilege	1384	dwm.exe
Token: SeCreatePagefilePrivilege	1384	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 2184	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	83
PID 4616 wrote to memory of 2184	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	83
PID 4616 wrote to memory of 2236	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	84
PID 4616 wrote to memory of 2236	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	84
PID 4616 wrote to memory of 4740	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	85
PID 4616 wrote to memory of 4740	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	85
PID 4616 wrote to memory of 3044	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	86
PID 4616 wrote to memory of 3044	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	86
PID 4616 wrote to memory of 3584	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	87
PID 4616 wrote to memory of 3584	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	87
PID 4616 wrote to memory of 4688	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	88
PID 4616 wrote to memory of 4688	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	88
PID 4616 wrote to memory of 5056	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	89
PID 4616 wrote to memory of 5056	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	89
PID 4616 wrote to memory of 3228	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	90
PID 4616 wrote to memory of 3228	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	90
PID 4616 wrote to memory of 3524	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	91
PID 4616 wrote to memory of 3524	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	91
PID 4616 wrote to memory of 4072	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	92
PID 4616 wrote to memory of 4072	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	92
PID 4616 wrote to memory of 4380	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	93
PID 4616 wrote to memory of 4380	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	93
PID 4616 wrote to memory of 2332	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	94
PID 4616 wrote to memory of 2332	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	94
PID 4616 wrote to memory of 1940	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	95
PID 4616 wrote to memory of 1940	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	95
PID 4616 wrote to memory of 892	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	96
PID 4616 wrote to memory of 892	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	96
PID 4616 wrote to memory of 3668	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	97
PID 4616 wrote to memory of 3668	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	97
PID 4616 wrote to memory of 2044	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	98
PID 4616 wrote to memory of 2044	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	98
PID 4616 wrote to memory of 3604	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	99
PID 4616 wrote to memory of 3604	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	99
PID 4616 wrote to memory of 676	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	100
PID 4616 wrote to memory of 676	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	100
PID 4616 wrote to memory of 4932	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	101
PID 4616 wrote to memory of 4932	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	101
PID 4616 wrote to memory of 3680	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	102
PID 4616 wrote to memory of 3680	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	102
PID 4616 wrote to memory of 552	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	103
PID 4616 wrote to memory of 552	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	103
PID 4616 wrote to memory of 4252	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	104
PID 4616 wrote to memory of 4252	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	104
PID 4616 wrote to memory of 2600	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	105
PID 4616 wrote to memory of 2600	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	105
PID 4616 wrote to memory of 1708	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	106
PID 4616 wrote to memory of 1708	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	106
PID 4616 wrote to memory of 4412	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	107
PID 4616 wrote to memory of 4412	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	107
PID 4616 wrote to memory of 2108	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	108
PID 4616 wrote to memory of 2108	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	108
PID 4616 wrote to memory of 1944	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	109
PID 4616 wrote to memory of 1944	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	109
PID 4616 wrote to memory of 4720	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	110
PID 4616 wrote to memory of 4720	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	110
PID 4616 wrote to memory of 3272	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	111
PID 4616 wrote to memory of 3272	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	111
PID 4616 wrote to memory of 4292	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	113
PID 4616 wrote to memory of 4292	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	113
PID 4616 wrote to memory of 4588	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	114
PID 4616 wrote to memory of 4588	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	114
PID 4616 wrote to memory of 3700	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	115
PID 4616 wrote to memory of 3700	4616	d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d8756370ccdfed49cbc116c0e7297b00_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\System\IDhVCNd.exe
  C:\Windows\System\IDhVCNd.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\jkJcjwv.exe
  C:\Windows\System\jkJcjwv.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\vKVExIm.exe
  C:\Windows\System\vKVExIm.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\gmRkmpv.exe
  C:\Windows\System\gmRkmpv.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\MMmYOmN.exe
  C:\Windows\System\MMmYOmN.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\HzrtJEO.exe
  C:\Windows\System\HzrtJEO.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\pgybLSc.exe
  C:\Windows\System\pgybLSc.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\ksMvqYG.exe
  C:\Windows\System\ksMvqYG.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\RKDOizl.exe
  C:\Windows\System\RKDOizl.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\ULvVXfO.exe
  C:\Windows\System\ULvVXfO.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\KJdGJno.exe
  C:\Windows\System\KJdGJno.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\rOOQBHM.exe
  C:\Windows\System\rOOQBHM.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\QurKpul.exe
  C:\Windows\System\QurKpul.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ZaSOitu.exe
  C:\Windows\System\ZaSOitu.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\XDMVkpp.exe
  C:\Windows\System\XDMVkpp.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\qHKyVSY.exe
  C:\Windows\System\qHKyVSY.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\FAxkOEc.exe
  C:\Windows\System\FAxkOEc.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\QCjmuQA.exe
  C:\Windows\System\QCjmuQA.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\rUZmLJE.exe
  C:\Windows\System\rUZmLJE.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\uudBLaC.exe
  C:\Windows\System\uudBLaC.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\ypkafbs.exe
  C:\Windows\System\ypkafbs.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\wmFQZBl.exe
  C:\Windows\System\wmFQZBl.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\qjCOwur.exe
  C:\Windows\System\qjCOwur.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\OuQqjOC.exe
  C:\Windows\System\OuQqjOC.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\LyNnMIr.exe
  C:\Windows\System\LyNnMIr.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\nTvEuhP.exe
  C:\Windows\System\nTvEuhP.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\wMNxfid.exe
  C:\Windows\System\wMNxfid.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\gxfEsYz.exe
  C:\Windows\System\gxfEsYz.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\FdFIHfo.exe
  C:\Windows\System\FdFIHfo.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\kAARNNm.exe
  C:\Windows\System\kAARNNm.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\NsEqDxV.exe
  C:\Windows\System\NsEqDxV.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\SZGhCjc.exe
  C:\Windows\System\SZGhCjc.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\MBjIhFV.exe
  C:\Windows\System\MBjIhFV.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\pyGpPcq.exe
  C:\Windows\System\pyGpPcq.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\xgZpnRr.exe
  C:\Windows\System\xgZpnRr.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\ZpaLWhd.exe
  C:\Windows\System\ZpaLWhd.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\QqhvAGQ.exe
  C:\Windows\System\QqhvAGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\arvkjhz.exe
  C:\Windows\System\arvkjhz.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\NLJqrhU.exe
  C:\Windows\System\NLJqrhU.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\oOyegkJ.exe
  C:\Windows\System\oOyegkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\lgGJhas.exe
  C:\Windows\System\lgGJhas.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\drKVXMK.exe
  C:\Windows\System\drKVXMK.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\MEueGPw.exe
  C:\Windows\System\MEueGPw.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\AjPfNjT.exe
  C:\Windows\System\AjPfNjT.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\vkVgcRC.exe
  C:\Windows\System\vkVgcRC.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\sMGyHhT.exe
  C:\Windows\System\sMGyHhT.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\phCPWlN.exe
  C:\Windows\System\phCPWlN.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\zWWcOnI.exe
  C:\Windows\System\zWWcOnI.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\CXDpQsL.exe
  C:\Windows\System\CXDpQsL.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\ZgKtIFb.exe
  C:\Windows\System\ZgKtIFb.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\pvhWhJx.exe
  C:\Windows\System\pvhWhJx.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\YfUannf.exe
  C:\Windows\System\YfUannf.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\lQlJjCz.exe
  C:\Windows\System\lQlJjCz.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\fbZBlaf.exe
  C:\Windows\System\fbZBlaf.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\TKSGAgG.exe
  C:\Windows\System\TKSGAgG.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\REUXgVJ.exe
  C:\Windows\System\REUXgVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\tGwUcmK.exe
  C:\Windows\System\tGwUcmK.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\eDDirAZ.exe
  C:\Windows\System\eDDirAZ.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\QyTugIn.exe
  C:\Windows\System\QyTugIn.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\HgEROEi.exe
  C:\Windows\System\HgEROEi.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\TXGMMgB.exe
  C:\Windows\System\TXGMMgB.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\LXuimjG.exe
  C:\Windows\System\LXuimjG.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\TPHGQhA.exe
  C:\Windows\System\TPHGQhA.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\LFMqRXq.exe
  C:\Windows\System\LFMqRXq.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\xxPYAZH.exe
  C:\Windows\System\xxPYAZH.exe
  2⤵
  PID:3196
- C:\Windows\System\NcEbIMO.exe
  C:\Windows\System\NcEbIMO.exe
  2⤵
  PID:4684
- C:\Windows\System\yOXLfeb.exe
  C:\Windows\System\yOXLfeb.exe
  2⤵
  PID:4428
- C:\Windows\System\WDaatZr.exe
  C:\Windows\System\WDaatZr.exe
  2⤵
  PID:220
- C:\Windows\System\yXNKTQm.exe
  C:\Windows\System\yXNKTQm.exe
  2⤵
  PID:4768
- C:\Windows\System\SipjXlM.exe
  C:\Windows\System\SipjXlM.exe
  2⤵
  PID:4064
- C:\Windows\System\xQxpqYh.exe
  C:\Windows\System\xQxpqYh.exe
  2⤵
  PID:4120
- C:\Windows\System\GmgMCna.exe
  C:\Windows\System\GmgMCna.exe
  2⤵
  PID:916
- C:\Windows\System\LPhivVQ.exe
  C:\Windows\System\LPhivVQ.exe
  2⤵
  PID:2720
- C:\Windows\System\aoLaeTf.exe
  C:\Windows\System\aoLaeTf.exe
  2⤵
  PID:4556
- C:\Windows\System\gBcJiqX.exe
  C:\Windows\System\gBcJiqX.exe
  2⤵
  PID:4408
- C:\Windows\System\hrGAvVd.exe
  C:\Windows\System\hrGAvVd.exe
  2⤵
  PID:2916
- C:\Windows\System\dDpDAYf.exe
  C:\Windows\System\dDpDAYf.exe
  2⤵
  PID:764
- C:\Windows\System\ojGUvnT.exe
  C:\Windows\System\ojGUvnT.exe
  2⤵
  PID:4420
- C:\Windows\System\WBgbIzB.exe
  C:\Windows\System\WBgbIzB.exe
  2⤵
  PID:4828
- C:\Windows\System\dWJkWNY.exe
  C:\Windows\System\dWJkWNY.exe
  2⤵
  PID:1212
- C:\Windows\System\MCXwAJB.exe
  C:\Windows\System\MCXwAJB.exe
  2⤵
  PID:2156
- C:\Windows\System\urJGZxj.exe
  C:\Windows\System\urJGZxj.exe
  2⤵
  PID:3004
- C:\Windows\System\QsEheTo.exe
  C:\Windows\System\QsEheTo.exe
  2⤵
  PID:3360
- C:\Windows\System\XdAyAlW.exe
  C:\Windows\System\XdAyAlW.exe
  2⤵
  PID:2804
- C:\Windows\System\LAMGKeW.exe
  C:\Windows\System\LAMGKeW.exe
  2⤵
  PID:436
- C:\Windows\System\hpBrrcx.exe
  C:\Windows\System\hpBrrcx.exe
  2⤵
  PID:4456
- C:\Windows\System\ZhpSDmD.exe
  C:\Windows\System\ZhpSDmD.exe
  2⤵
  PID:4092
- C:\Windows\System\IRaBCzv.exe
  C:\Windows\System\IRaBCzv.exe
  2⤵
  PID:224
- C:\Windows\System\jwApGnd.exe
  C:\Windows\System\jwApGnd.exe
  2⤵
  PID:4836
- C:\Windows\System\yuDjcTt.exe
  C:\Windows\System\yuDjcTt.exe
  2⤵
  PID:3588
- C:\Windows\System\gdTmoEy.exe
  C:\Windows\System\gdTmoEy.exe
  2⤵
  PID:4212
- C:\Windows\System\ILYHowK.exe
  C:\Windows\System\ILYHowK.exe
  2⤵
  PID:1240
- C:\Windows\System\qrlmgvT.exe
  C:\Windows\System\qrlmgvT.exe
  2⤵
  PID:3600
- C:\Windows\System\Jfxurwy.exe
  C:\Windows\System\Jfxurwy.exe
  2⤵
  PID:2408
- C:\Windows\System\mGkVPsD.exe
  C:\Windows\System\mGkVPsD.exe
  2⤵
  PID:364
- C:\Windows\System\JIyAguv.exe
  C:\Windows\System\JIyAguv.exe
  2⤵
  PID:4992
- C:\Windows\System\fRLrttx.exe
  C:\Windows\System\fRLrttx.exe
  2⤵
  PID:4112
- C:\Windows\System\YakRqkc.exe
  C:\Windows\System\YakRqkc.exe
  2⤵
  PID:4168
- C:\Windows\System\ugmudgH.exe
  C:\Windows\System\ugmudgH.exe
  2⤵
  PID:2148
- C:\Windows\System\LEZNDkX.exe
  C:\Windows\System\LEZNDkX.exe
  2⤵
  PID:1640
- C:\Windows\System\uXQVKev.exe
  C:\Windows\System\uXQVKev.exe
  2⤵
  PID:5128
- C:\Windows\System\qNVaDWb.exe
  C:\Windows\System\qNVaDWb.exe
  2⤵
  PID:5168
- C:\Windows\System\ZsTDaFO.exe
  C:\Windows\System\ZsTDaFO.exe
  2⤵
  PID:5200
- C:\Windows\System\sQYxAQI.exe
  C:\Windows\System\sQYxAQI.exe
  2⤵
  PID:5228
- C:\Windows\System\mVokuZP.exe
  C:\Windows\System\mVokuZP.exe
  2⤵
  PID:5260
- C:\Windows\System\mCyAHSY.exe
  C:\Windows\System\mCyAHSY.exe
  2⤵
  PID:5284
- C:\Windows\System\eEJELdk.exe
  C:\Windows\System\eEJELdk.exe
  2⤵
  PID:5324
- C:\Windows\System\kMWCjyz.exe
  C:\Windows\System\kMWCjyz.exe
  2⤵
  PID:5356
- C:\Windows\System\tNlaioQ.exe
  C:\Windows\System\tNlaioQ.exe
  2⤵
  PID:5384
- C:\Windows\System\ZWRnEph.exe
  C:\Windows\System\ZWRnEph.exe
  2⤵
  PID:5416
- C:\Windows\System\dxvRPOI.exe
  C:\Windows\System\dxvRPOI.exe
  2⤵
  PID:5432
- C:\Windows\System\WThCcwJ.exe
  C:\Windows\System\WThCcwJ.exe
  2⤵
  PID:5464
- C:\Windows\System\VvPJUIV.exe
  C:\Windows\System\VvPJUIV.exe
  2⤵
  PID:5504
- C:\Windows\System\ggOPpbF.exe
  C:\Windows\System\ggOPpbF.exe
  2⤵
  PID:5540
- C:\Windows\System\sCVTLjw.exe
  C:\Windows\System\sCVTLjw.exe
  2⤵
  PID:5560
- C:\Windows\System\dwsUpxN.exe
  C:\Windows\System\dwsUpxN.exe
  2⤵
  PID:5588
- C:\Windows\System\KcIoPbN.exe
  C:\Windows\System\KcIoPbN.exe
  2⤵
  PID:5616
- C:\Windows\System\AJbodAt.exe
  C:\Windows\System\AJbodAt.exe
  2⤵
  PID:5644
- C:\Windows\System\VoQtLNj.exe
  C:\Windows\System\VoQtLNj.exe
  2⤵
  PID:5676
- C:\Windows\System\RCFbpCZ.exe
  C:\Windows\System\RCFbpCZ.exe
  2⤵
  PID:5700
- C:\Windows\System\QRmlCfk.exe
  C:\Windows\System\QRmlCfk.exe
  2⤵
  PID:5728
- C:\Windows\System\TrjUCkk.exe
  C:\Windows\System\TrjUCkk.exe
  2⤵
  PID:5756
- C:\Windows\System\LEFYRod.exe
  C:\Windows\System\LEFYRod.exe
  2⤵
  PID:5792
- C:\Windows\System\efgSZZB.exe
  C:\Windows\System\efgSZZB.exe
  2⤵
  PID:5812
- C:\Windows\System\xYscoXz.exe
  C:\Windows\System\xYscoXz.exe
  2⤵
  PID:5840
- C:\Windows\System\jtpNPEj.exe
  C:\Windows\System\jtpNPEj.exe
  2⤵
  PID:5880
- C:\Windows\System\QHwJeKI.exe
  C:\Windows\System\QHwJeKI.exe
  2⤵
  PID:5916
- C:\Windows\System\EtQlrAL.exe
  C:\Windows\System\EtQlrAL.exe
  2⤵
  PID:5944
- C:\Windows\System\IQMbddl.exe
  C:\Windows\System\IQMbddl.exe
  2⤵
  PID:5972
- C:\Windows\System\OLAVJxe.exe
  C:\Windows\System\OLAVJxe.exe
  2⤵
  PID:6020
- C:\Windows\System\EuyKLlr.exe
  C:\Windows\System\EuyKLlr.exe
  2⤵
  PID:6036
- C:\Windows\System\RMiNbnX.exe
  C:\Windows\System\RMiNbnX.exe
  2⤵
  PID:6068
- C:\Windows\System\YdPAOTq.exe
  C:\Windows\System\YdPAOTq.exe
  2⤵
  PID:6100
- C:\Windows\System\eSomFum.exe
  C:\Windows\System\eSomFum.exe
  2⤵
  PID:6128
- C:\Windows\System\vGSknZn.exe
  C:\Windows\System\vGSknZn.exe
  2⤵
  PID:5156
- C:\Windows\System\PPAIMEY.exe
  C:\Windows\System\PPAIMEY.exe
  2⤵
  PID:5224
- C:\Windows\System\OUKrERf.exe
  C:\Windows\System\OUKrERf.exe
  2⤵
  PID:5252
- C:\Windows\System\CMQBmPi.exe
  C:\Windows\System\CMQBmPi.exe
  2⤵
  PID:5352
- C:\Windows\System\SWGDpOE.exe
  C:\Windows\System\SWGDpOE.exe
  2⤵
  PID:5428
- C:\Windows\System\DwkaRel.exe
  C:\Windows\System\DwkaRel.exe
  2⤵
  PID:5492
- C:\Windows\System\gaXzczM.exe
  C:\Windows\System\gaXzczM.exe
  2⤵
  PID:5572
- C:\Windows\System\EhQwMPh.exe
  C:\Windows\System\EhQwMPh.exe
  2⤵
  PID:5640
- C:\Windows\System\ODXScry.exe
  C:\Windows\System\ODXScry.exe
  2⤵
  PID:5692
- C:\Windows\System\wEjSAoK.exe
  C:\Windows\System\wEjSAoK.exe
  2⤵
  PID:5752
- C:\Windows\System\gtXZIRB.exe
  C:\Windows\System\gtXZIRB.exe
  2⤵
  PID:5836
- C:\Windows\System\fWvOobF.exe
  C:\Windows\System\fWvOobF.exe
  2⤵
  PID:5940
- C:\Windows\System\wqmAaBq.exe
  C:\Windows\System\wqmAaBq.exe
  2⤵
  PID:5936
- C:\Windows\System\txhoEKK.exe
  C:\Windows\System\txhoEKK.exe
  2⤵
  PID:6032
- C:\Windows\System\olnFClp.exe
  C:\Windows\System\olnFClp.exe
  2⤵
  PID:6116
- C:\Windows\System\mlAkARx.exe
  C:\Windows\System\mlAkARx.exe
  2⤵
  PID:5176
- C:\Windows\System\VEPIWsQ.exe
  C:\Windows\System\VEPIWsQ.exe
  2⤵
  PID:5380
- C:\Windows\System\xTUbWBm.exe
  C:\Windows\System\xTUbWBm.exe
  2⤵
  PID:5452
- C:\Windows\System\EnpZQBT.exe
  C:\Windows\System\EnpZQBT.exe
  2⤵
  PID:5552
- C:\Windows\System\DXSqspG.exe
  C:\Windows\System\DXSqspG.exe
  2⤵
  PID:5720
- C:\Windows\System\GQZLldc.exe
  C:\Windows\System\GQZLldc.exe
  2⤵
  PID:6012
- C:\Windows\System\ViTrabi.exe
  C:\Windows\System\ViTrabi.exe
  2⤵
  PID:5140
- C:\Windows\System\NrVQaGE.exe
  C:\Windows\System\NrVQaGE.exe
  2⤵
  PID:5524
- C:\Windows\System\byzgkzf.exe
  C:\Windows\System\byzgkzf.exe
  2⤵
  PID:5928
- C:\Windows\System\rgeGvYq.exe
  C:\Windows\System\rgeGvYq.exe
  2⤵
  PID:5548
- C:\Windows\System\GhdjTZR.exe
  C:\Windows\System\GhdjTZR.exe
  2⤵
  PID:6088
- C:\Windows\System\yaEcHsW.exe
  C:\Windows\System\yaEcHsW.exe
  2⤵
  PID:6160
- C:\Windows\System\zoOJaxQ.exe
  C:\Windows\System\zoOJaxQ.exe
  2⤵
  PID:6196
- C:\Windows\System\qXXXjHW.exe
  C:\Windows\System\qXXXjHW.exe
  2⤵
  PID:6216
- C:\Windows\System\OXNVyyV.exe
  C:\Windows\System\OXNVyyV.exe
  2⤵
  PID:6252
- C:\Windows\System\DmPXlHo.exe
  C:\Windows\System\DmPXlHo.exe
  2⤵
  PID:6272
- C:\Windows\System\DjCemCn.exe
  C:\Windows\System\DjCemCn.exe
  2⤵
  PID:6312
- C:\Windows\System\htLFXbA.exe
  C:\Windows\System\htLFXbA.exe
  2⤵
  PID:6332
- C:\Windows\System\XcPXIJO.exe
  C:\Windows\System\XcPXIJO.exe
  2⤵
  PID:6368
- C:\Windows\System\bPzMWyq.exe
  C:\Windows\System\bPzMWyq.exe
  2⤵
  PID:6404
- C:\Windows\System\mTbsYRY.exe
  C:\Windows\System\mTbsYRY.exe
  2⤵
  PID:6432
- C:\Windows\System\DLMuqPy.exe
  C:\Windows\System\DLMuqPy.exe
  2⤵
  PID:6452
- C:\Windows\System\lawHIpr.exe
  C:\Windows\System\lawHIpr.exe
  2⤵
  PID:6484
- C:\Windows\System\eTZcozH.exe
  C:\Windows\System\eTZcozH.exe
  2⤵
  PID:6508
- C:\Windows\System\wsiOgvX.exe
  C:\Windows\System\wsiOgvX.exe
  2⤵
  PID:6544
- C:\Windows\System\ZZjxgZK.exe
  C:\Windows\System\ZZjxgZK.exe
  2⤵
  PID:6568
- C:\Windows\System\tKUjSqg.exe
  C:\Windows\System\tKUjSqg.exe
  2⤵
  PID:6596
- C:\Windows\System\VMcLuQg.exe
  C:\Windows\System\VMcLuQg.exe
  2⤵
  PID:6632
- C:\Windows\System\CiOsLCa.exe
  C:\Windows\System\CiOsLCa.exe
  2⤵
  PID:6660
- C:\Windows\System\tXusRdB.exe
  C:\Windows\System\tXusRdB.exe
  2⤵
  PID:6684
- C:\Windows\System\EWSPzxX.exe
  C:\Windows\System\EWSPzxX.exe
  2⤵
  PID:6712
- C:\Windows\System\VfQXPwe.exe
  C:\Windows\System\VfQXPwe.exe
  2⤵
  PID:6740
- C:\Windows\System\vfPuAEr.exe
  C:\Windows\System\vfPuAEr.exe
  2⤵
  PID:6768
- C:\Windows\System\LTVqZNf.exe
  C:\Windows\System\LTVqZNf.exe
  2⤵
  PID:6792
- C:\Windows\System\YThMkIf.exe
  C:\Windows\System\YThMkIf.exe
  2⤵
  PID:6824
- C:\Windows\System\sbmMvDH.exe
  C:\Windows\System\sbmMvDH.exe
  2⤵
  PID:6848
- C:\Windows\System\QCyfCBa.exe
  C:\Windows\System\QCyfCBa.exe
  2⤵
  PID:6880
- C:\Windows\System\ZRLITgA.exe
  C:\Windows\System\ZRLITgA.exe
  2⤵
  PID:6908
- C:\Windows\System\pWKuTlA.exe
  C:\Windows\System\pWKuTlA.exe
  2⤵
  PID:6940
- C:\Windows\System\GwGkwIT.exe
  C:\Windows\System\GwGkwIT.exe
  2⤵
  PID:6964
- C:\Windows\System\XpTiEIE.exe
  C:\Windows\System\XpTiEIE.exe
  2⤵
  PID:6996
- C:\Windows\System\SYvKuiR.exe
  C:\Windows\System\SYvKuiR.exe
  2⤵
  PID:7024
- C:\Windows\System\ZcDwPdd.exe
  C:\Windows\System\ZcDwPdd.exe
  2⤵
  PID:7052
- C:\Windows\System\EzThpjI.exe
  C:\Windows\System\EzThpjI.exe
  2⤵
  PID:7084
- C:\Windows\System\CQMecyB.exe
  C:\Windows\System\CQMecyB.exe
  2⤵
  PID:7116
- C:\Windows\System\yEkdYZk.exe
  C:\Windows\System\yEkdYZk.exe
  2⤵
  PID:7136
- C:\Windows\System\kqvxlQj.exe
  C:\Windows\System\kqvxlQj.exe
  2⤵
  PID:6176
- C:\Windows\System\dJqZNzo.exe
  C:\Windows\System\dJqZNzo.exe
  2⤵
  PID:6260
- C:\Windows\System\wrabeZg.exe
  C:\Windows\System\wrabeZg.exe
  2⤵
  PID:6344
- C:\Windows\System\eDZdgMI.exe
  C:\Windows\System\eDZdgMI.exe
  2⤵
  PID:6420
- C:\Windows\System\ojRFnRR.exe
  C:\Windows\System\ojRFnRR.exe
  2⤵
  PID:6500
- C:\Windows\System\SGMagQa.exe
  C:\Windows\System\SGMagQa.exe
  2⤵
  PID:6580
- C:\Windows\System\OqURsMT.exe
  C:\Windows\System\OqURsMT.exe
  2⤵
  PID:6648
- C:\Windows\System\yrhNIrH.exe
  C:\Windows\System\yrhNIrH.exe
  2⤵
  PID:6728
- C:\Windows\System\nPRixqN.exe
  C:\Windows\System\nPRixqN.exe
  2⤵
  PID:6776
- C:\Windows\System\nkxLVqm.exe
  C:\Windows\System\nkxLVqm.exe
  2⤵
  PID:6864
- C:\Windows\System\hcQlvfv.exe
  C:\Windows\System\hcQlvfv.exe
  2⤵
  PID:6920
- C:\Windows\System\fJLyeCq.exe
  C:\Windows\System\fJLyeCq.exe
  2⤵
  PID:6984
- C:\Windows\System\NASbXYe.exe
  C:\Windows\System\NASbXYe.exe
  2⤵
  PID:6000
- C:\Windows\System\tgmEQEW.exe
  C:\Windows\System\tgmEQEW.exe
  2⤵
  PID:7104
- C:\Windows\System\TcNKFWI.exe
  C:\Windows\System\TcNKFWI.exe
  2⤵
  PID:6172
- C:\Windows\System\PaNLXoy.exe
  C:\Windows\System\PaNLXoy.exe
  2⤵
  PID:6364
- C:\Windows\System\UFsMjWu.exe
  C:\Windows\System\UFsMjWu.exe
  2⤵
  PID:6532
- C:\Windows\System\rdzHvQX.exe
  C:\Windows\System\rdzHvQX.exe
  2⤵
  PID:6704
- C:\Windows\System\dSRWNxl.exe
  C:\Windows\System\dSRWNxl.exe
  2⤵
  PID:6812
- C:\Windows\System\aeCUgSZ.exe
  C:\Windows\System\aeCUgSZ.exe
  2⤵
  PID:7016
- C:\Windows\System\JPLRrjr.exe
  C:\Windows\System\JPLRrjr.exe
  2⤵
  PID:5124
- C:\Windows\System\PWAmIuu.exe
  C:\Windows\System\PWAmIuu.exe
  2⤵
  PID:6616
- C:\Windows\System\LTuIBsU.exe
  C:\Windows\System\LTuIBsU.exe
  2⤵
  PID:6948
- C:\Windows\System\zyfUUEt.exe
  C:\Windows\System\zyfUUEt.exe
  2⤵
  PID:6300
- C:\Windows\System\PWINfgN.exe
  C:\Windows\System\PWINfgN.exe
  2⤵
  PID:6492
- C:\Windows\System\YKNmODD.exe
  C:\Windows\System\YKNmODD.exe
  2⤵
  PID:6672
- C:\Windows\System\HxQolcQ.exe
  C:\Windows\System\HxQolcQ.exe
  2⤵
  PID:7172
- C:\Windows\System\mmOotIU.exe
  C:\Windows\System\mmOotIU.exe
  2⤵
  PID:7200
- C:\Windows\System\aJRRMts.exe
  C:\Windows\System\aJRRMts.exe
  2⤵
  PID:7224
- C:\Windows\System\STZWpZq.exe
  C:\Windows\System\STZWpZq.exe
  2⤵
  PID:7256
- C:\Windows\System\QQEQffO.exe
  C:\Windows\System\QQEQffO.exe
  2⤵
  PID:7284
- C:\Windows\System\FEfXPrC.exe
  C:\Windows\System\FEfXPrC.exe
  2⤵
  PID:7320
- C:\Windows\System\LYEKFCb.exe
  C:\Windows\System\LYEKFCb.exe
  2⤵
  PID:7336
- C:\Windows\System\ckWkRRD.exe
  C:\Windows\System\ckWkRRD.exe
  2⤵
  PID:7364
- C:\Windows\System\hOAgckP.exe
  C:\Windows\System\hOAgckP.exe
  2⤵
  PID:7404
- C:\Windows\System\usVFoIN.exe
  C:\Windows\System\usVFoIN.exe
  2⤵
  PID:7460
- C:\Windows\System\yDZpBuu.exe
  C:\Windows\System\yDZpBuu.exe
  2⤵
  PID:7488
- C:\Windows\System\ShhOFLZ.exe
  C:\Windows\System\ShhOFLZ.exe
  2⤵
  PID:7516
- C:\Windows\System\VeMnewS.exe
  C:\Windows\System\VeMnewS.exe
  2⤵
  PID:7532
- C:\Windows\System\vlrbKOW.exe
  C:\Windows\System\vlrbKOW.exe
  2⤵
  PID:7560
- C:\Windows\System\gVEZMWs.exe
  C:\Windows\System\gVEZMWs.exe
  2⤵
  PID:7588
- C:\Windows\System\vteOguh.exe
  C:\Windows\System\vteOguh.exe
  2⤵
  PID:7612
- C:\Windows\System\nHxaLHd.exe
  C:\Windows\System\nHxaLHd.exe
  2⤵
  PID:7636
- C:\Windows\System\LqdyVrN.exe
  C:\Windows\System\LqdyVrN.exe
  2⤵
  PID:7680
- C:\Windows\System\ebKBSsF.exe
  C:\Windows\System\ebKBSsF.exe
  2⤵
  PID:7704
- C:\Windows\System\LCAXPKi.exe
  C:\Windows\System\LCAXPKi.exe
  2⤵
  PID:7732
- C:\Windows\System\wvGCLlI.exe
  C:\Windows\System\wvGCLlI.exe
  2⤵
  PID:7764
- C:\Windows\System\aPDUVAJ.exe
  C:\Windows\System\aPDUVAJ.exe
  2⤵
  PID:7800
- C:\Windows\System\vITwYgJ.exe
  C:\Windows\System\vITwYgJ.exe
  2⤵
  PID:7832
- C:\Windows\System\koExEWc.exe
  C:\Windows\System\koExEWc.exe
  2⤵
  PID:7868
- C:\Windows\System\SSpxyXp.exe
  C:\Windows\System\SSpxyXp.exe
  2⤵
  PID:7896
- C:\Windows\System\HaDQubc.exe
  C:\Windows\System\HaDQubc.exe
  2⤵
  PID:7912
- C:\Windows\System\CPOsjKL.exe
  C:\Windows\System\CPOsjKL.exe
  2⤵
  PID:7928
- C:\Windows\System\NHQIzZh.exe
  C:\Windows\System\NHQIzZh.exe
  2⤵
  PID:7960
- C:\Windows\System\IrmJoSh.exe
  C:\Windows\System\IrmJoSh.exe
  2⤵
  PID:7984
- C:\Windows\System\mRRVjVu.exe
  C:\Windows\System\mRRVjVu.exe
  2⤵
  PID:8004
- C:\Windows\System\aSaOQgM.exe
  C:\Windows\System\aSaOQgM.exe
  2⤵
  PID:8040
- C:\Windows\System\KukjmAN.exe
  C:\Windows\System\KukjmAN.exe
  2⤵
  PID:8080
- C:\Windows\System\BpKFLOl.exe
  C:\Windows\System\BpKFLOl.exe
  2⤵
  PID:8108
- C:\Windows\System\xJgxKpt.exe
  C:\Windows\System\xJgxKpt.exe
  2⤵
  PID:8144
- C:\Windows\System\pRzKEQW.exe
  C:\Windows\System\pRzKEQW.exe
  2⤵
  PID:8168
- C:\Windows\System\VHwgcrK.exe
  C:\Windows\System\VHwgcrK.exe
  2⤵
  PID:7100
- C:\Windows\System\dAUwwgm.exe
  C:\Windows\System\dAUwwgm.exe
  2⤵
  PID:7272
- C:\Windows\System\bEnfexk.exe
  C:\Windows\System\bEnfexk.exe
  2⤵
  PID:7328
- C:\Windows\System\NRLsVQw.exe
  C:\Windows\System\NRLsVQw.exe
  2⤵
  PID:7376
- C:\Windows\System\AsBXevh.exe
  C:\Windows\System\AsBXevh.exe
  2⤵
  PID:7476
- C:\Windows\System\nYRiqvH.exe
  C:\Windows\System\nYRiqvH.exe
  2⤵
  PID:3996
- C:\Windows\System\SCScxje.exe
  C:\Windows\System\SCScxje.exe
  2⤵
  PID:7608
- C:\Windows\System\UtJkLOc.exe
  C:\Windows\System\UtJkLOc.exe
  2⤵
  PID:7668
- C:\Windows\System\XhxLLSa.exe
  C:\Windows\System\XhxLLSa.exe
  2⤵
  PID:7652
- C:\Windows\System\RHBvCti.exe
  C:\Windows\System\RHBvCti.exe
  2⤵
  PID:7744
- C:\Windows\System\OyAywIk.exe
  C:\Windows\System\OyAywIk.exe
  2⤵
  PID:7824
- C:\Windows\System\QZorpka.exe
  C:\Windows\System\QZorpka.exe
  2⤵
  PID:7852
- C:\Windows\System\xhXeHeH.exe
  C:\Windows\System\xhXeHeH.exe
  2⤵
  PID:7968
- C:\Windows\System\HXKgeYh.exe
  C:\Windows\System\HXKgeYh.exe
  2⤵
  PID:8024
- C:\Windows\System\ZhuJcDD.exe
  C:\Windows\System\ZhuJcDD.exe
  2⤵
  PID:8116
- C:\Windows\System\yjRQccc.exe
  C:\Windows\System\yjRQccc.exe
  2⤵
  PID:8124
- C:\Windows\System\XMzgrFa.exe
  C:\Windows\System\XMzgrFa.exe
  2⤵
  PID:7060
- C:\Windows\System\SUvhHda.exe
  C:\Windows\System\SUvhHda.exe
  2⤵
  PID:7244
- C:\Windows\System\CdIFWvQ.exe
  C:\Windows\System\CdIFWvQ.exe
  2⤵
  PID:7472
- C:\Windows\System\pFRulwH.exe
  C:\Windows\System\pFRulwH.exe
  2⤵
  PID:4728
- C:\Windows\System\eULdhlO.exe
  C:\Windows\System\eULdhlO.exe
  2⤵
  PID:7784
- C:\Windows\System\ZYdelTB.exe
  C:\Windows\System\ZYdelTB.exe
  2⤵
  PID:7992
- C:\Windows\System\RukVQSO.exe
  C:\Windows\System\RukVQSO.exe
  2⤵
  PID:8052
- C:\Windows\System\FSJnBGq.exe
  C:\Windows\System\FSJnBGq.exe
  2⤵
  PID:8128
- C:\Windows\System\quRtUuQ.exe
  C:\Windows\System\quRtUuQ.exe
  2⤵
  PID:7348
- C:\Windows\System\bNmubIB.exe
  C:\Windows\System\bNmubIB.exe
  2⤵
  PID:7600
- C:\Windows\System\oHRccvE.exe
  C:\Windows\System\oHRccvE.exe
  2⤵
  PID:8016
- C:\Windows\System\GqQVQcV.exe
  C:\Windows\System\GqQVQcV.exe
  2⤵
  PID:7528
- C:\Windows\System\KfWHOkY.exe
  C:\Windows\System\KfWHOkY.exe
  2⤵
  PID:8060
- C:\Windows\System\jSmdQjB.exe
  C:\Windows\System\jSmdQjB.exe
  2⤵
  PID:8204
- C:\Windows\System\BqhbTNP.exe
  C:\Windows\System\BqhbTNP.exe
  2⤵
  PID:8236
- C:\Windows\System\GkZHtFu.exe
  C:\Windows\System\GkZHtFu.exe
  2⤵
  PID:8272
- C:\Windows\System\odHWGtb.exe
  C:\Windows\System\odHWGtb.exe
  2⤵
  PID:8300
- C:\Windows\System\JjGwmOm.exe
  C:\Windows\System\JjGwmOm.exe
  2⤵
  PID:8332
- C:\Windows\System\TksjDPl.exe
  C:\Windows\System\TksjDPl.exe
  2⤵
  PID:8356
- C:\Windows\System\MpVlcix.exe
  C:\Windows\System\MpVlcix.exe
  2⤵
  PID:8392
- C:\Windows\System\HsBZfso.exe
  C:\Windows\System\HsBZfso.exe
  2⤵
  PID:8412
- C:\Windows\System\FyVjKNP.exe
  C:\Windows\System\FyVjKNP.exe
  2⤵
  PID:8440
- C:\Windows\System\lSNDnQf.exe
  C:\Windows\System\lSNDnQf.exe
  2⤵
  PID:8480
- C:\Windows\System\PBczYgD.exe
  C:\Windows\System\PBczYgD.exe
  2⤵
  PID:8508
- C:\Windows\System\aARFwqs.exe
  C:\Windows\System\aARFwqs.exe
  2⤵
  PID:8524
- C:\Windows\System\kZxihgG.exe
  C:\Windows\System\kZxihgG.exe
  2⤵
  PID:8560
- C:\Windows\System\bimwTFF.exe
  C:\Windows\System\bimwTFF.exe
  2⤵
  PID:8592
- C:\Windows\System\fwOFvZs.exe
  C:\Windows\System\fwOFvZs.exe
  2⤵
  PID:8612
- C:\Windows\System\ypOboqk.exe
  C:\Windows\System\ypOboqk.exe
  2⤵
  PID:8664
- C:\Windows\System\oquIxuP.exe
  C:\Windows\System\oquIxuP.exe
  2⤵
  PID:8680
- C:\Windows\System\GUIVEEM.exe
  C:\Windows\System\GUIVEEM.exe
  2⤵
  PID:8708
- C:\Windows\System\yzJSnuM.exe
  C:\Windows\System\yzJSnuM.exe
  2⤵
  PID:8736
- C:\Windows\System\eEuAEmR.exe
  C:\Windows\System\eEuAEmR.exe
  2⤵
  PID:8764
- C:\Windows\System\czevLoR.exe
  C:\Windows\System\czevLoR.exe
  2⤵
  PID:8792
- C:\Windows\System\uNkguYm.exe
  C:\Windows\System\uNkguYm.exe
  2⤵
  PID:8820
- C:\Windows\System\AbVrwWL.exe
  C:\Windows\System\AbVrwWL.exe
  2⤵
  PID:8852
- C:\Windows\System\fpdbHwp.exe
  C:\Windows\System\fpdbHwp.exe
  2⤵
  PID:8868
- C:\Windows\System\XexyMlY.exe
  C:\Windows\System\XexyMlY.exe
  2⤵
  PID:8892
- C:\Windows\System\wCkwHRt.exe
  C:\Windows\System\wCkwHRt.exe
  2⤵
  PID:8924
- C:\Windows\System\PpCzodN.exe
  C:\Windows\System\PpCzodN.exe
  2⤵
  PID:8964
- C:\Windows\System\PHwejVr.exe
  C:\Windows\System\PHwejVr.exe
  2⤵
  PID:8984
- C:\Windows\System\oTaOKUj.exe
  C:\Windows\System\oTaOKUj.exe
  2⤵
  PID:9016
- C:\Windows\System\qbnJTre.exe
  C:\Windows\System\qbnJTre.exe
  2⤵
  PID:9040
- C:\Windows\System\LSxpUZQ.exe
  C:\Windows\System\LSxpUZQ.exe
  2⤵
  PID:9076
- C:\Windows\System\eyDqFud.exe
  C:\Windows\System\eyDqFud.exe
  2⤵
  PID:9092
- C:\Windows\System\QpwpSvu.exe
  C:\Windows\System\QpwpSvu.exe
  2⤵
  PID:9132
- C:\Windows\System\uyPKKGu.exe
  C:\Windows\System\uyPKKGu.exe
  2⤵
  PID:9160
- C:\Windows\System\hBvMTvl.exe
  C:\Windows\System\hBvMTvl.exe
  2⤵
  PID:9188
- C:\Windows\System\zLUFvDV.exe
  C:\Windows\System\zLUFvDV.exe
  2⤵
  PID:7720
- C:\Windows\System\ECcQVbi.exe
  C:\Windows\System\ECcQVbi.exe
  2⤵
  PID:8216
- C:\Windows\System\STGclei.exe
  C:\Windows\System\STGclei.exe
  2⤵
  PID:8256
- C:\Windows\System\wEFrZDE.exe
  C:\Windows\System\wEFrZDE.exe
  2⤵
  PID:8328
- C:\Windows\System\bSdUEPb.exe
  C:\Windows\System\bSdUEPb.exe
  2⤵
  PID:8408
- C:\Windows\System\LCfOtfJ.exe
  C:\Windows\System\LCfOtfJ.exe
  2⤵
  PID:8460
- C:\Windows\System\nFaZsHw.exe
  C:\Windows\System\nFaZsHw.exe
  2⤵
  PID:3984
- C:\Windows\System\LySQsgV.exe
  C:\Windows\System\LySQsgV.exe
  2⤵
  PID:8536
- C:\Windows\System\OQUlBmh.exe
  C:\Windows\System\OQUlBmh.exe
  2⤵
  PID:8644
- C:\Windows\System\LzKqefv.exe
  C:\Windows\System\LzKqefv.exe
  2⤵
  PID:8720
- C:\Windows\System\ZwoTipA.exe
  C:\Windows\System\ZwoTipA.exe
  2⤵
  PID:8760
- C:\Windows\System\CRdGcBr.exe
  C:\Windows\System\CRdGcBr.exe
  2⤵
  PID:8840
- C:\Windows\System\GkGFPPO.exe
  C:\Windows\System\GkGFPPO.exe
  2⤵
  PID:8916
- C:\Windows\System\eKiBXVH.exe
  C:\Windows\System\eKiBXVH.exe
  2⤵
  PID:8980
- C:\Windows\System\BwDspHL.exe
  C:\Windows\System\BwDspHL.exe
  2⤵
  PID:9000
- C:\Windows\System\GMwFNZV.exe
  C:\Windows\System\GMwFNZV.exe
  2⤵
  PID:9104
- C:\Windows\System\TxhGGlj.exe
  C:\Windows\System\TxhGGlj.exe
  2⤵
  PID:9172
- C:\Windows\System\ETJHrth.exe
  C:\Windows\System\ETJHrth.exe
  2⤵
  PID:8232
- C:\Windows\System\jDzehfN.exe
  C:\Windows\System\jDzehfN.exe
  2⤵
  PID:8368
- C:\Windows\System\irZhzFr.exe
  C:\Windows\System\irZhzFr.exe
  2⤵
  PID:4564
- C:\Windows\System\feIbslQ.exe
  C:\Windows\System\feIbslQ.exe
  2⤵
  PID:8632
- C:\Windows\System\vuOEcIi.exe
  C:\Windows\System\vuOEcIi.exe
  2⤵
  PID:8732
- C:\Windows\System\cmkoMoD.exe
  C:\Windows\System\cmkoMoD.exe
  2⤵
  PID:8944
- C:\Windows\System\MwUkdVk.exe
  C:\Windows\System\MwUkdVk.exe
  2⤵
  PID:4528
- C:\Windows\System\jusOTAz.exe
  C:\Windows\System\jusOTAz.exe
  2⤵
  PID:9084
- C:\Windows\System\WzObCIf.exe
  C:\Windows\System\WzObCIf.exe
  2⤵
  PID:9176
- C:\Windows\System\oPfEszR.exe
  C:\Windows\System\oPfEszR.exe
  2⤵
  PID:8464
- C:\Windows\System\SuJyjnt.exe
  C:\Windows\System\SuJyjnt.exe
  2⤵
  PID:8704
- C:\Windows\System\qPqIkOs.exe
  C:\Windows\System\qPqIkOs.exe
  2⤵
  PID:4156
- C:\Windows\System\IrvMPFC.exe
  C:\Windows\System\IrvMPFC.exe
  2⤵
  PID:1376
- C:\Windows\System\qmxprqK.exe
  C:\Windows\System\qmxprqK.exe
  2⤵
  PID:4472
- C:\Windows\System\FhNUgTa.exe
  C:\Windows\System\FhNUgTa.exe
  2⤵
  PID:9244
- C:\Windows\System\ukvIWUU.exe
  C:\Windows\System\ukvIWUU.exe
  2⤵
  PID:9272
- C:\Windows\System\JxcadNx.exe
  C:\Windows\System\JxcadNx.exe
  2⤵
  PID:9300
- C:\Windows\System\wixbVZO.exe
  C:\Windows\System\wixbVZO.exe
  2⤵
  PID:9328
- C:\Windows\System\nCYWtHo.exe
  C:\Windows\System\nCYWtHo.exe
  2⤵
  PID:9344
- C:\Windows\System\VrgOxHE.exe
  C:\Windows\System\VrgOxHE.exe
  2⤵
  PID:9384
- C:\Windows\System\duUAOhA.exe
  C:\Windows\System\duUAOhA.exe
  2⤵
  PID:9412
- C:\Windows\System\JiEGeCh.exe
  C:\Windows\System\JiEGeCh.exe
  2⤵
  PID:9428
- C:\Windows\System\TdDYkLL.exe
  C:\Windows\System\TdDYkLL.exe
  2⤵
  PID:9464
- C:\Windows\System\vsmqmwU.exe
  C:\Windows\System\vsmqmwU.exe
  2⤵
  PID:9496
- C:\Windows\System\BhqEmsc.exe
  C:\Windows\System\BhqEmsc.exe
  2⤵
  PID:9524
- C:\Windows\System\BhppdVl.exe
  C:\Windows\System\BhppdVl.exe
  2⤵
  PID:9552
- C:\Windows\System\UghjuMh.exe
  C:\Windows\System\UghjuMh.exe
  2⤵
  PID:9572
- C:\Windows\System\RzXYaXy.exe
  C:\Windows\System\RzXYaXy.exe
  2⤵
  PID:9608
- C:\Windows\System\uKOfCQR.exe
  C:\Windows\System\uKOfCQR.exe
  2⤵
  PID:9628
- C:\Windows\System\eWiyODu.exe
  C:\Windows\System\eWiyODu.exe
  2⤵
  PID:9656
- C:\Windows\System\uqkOJui.exe
  C:\Windows\System\uqkOJui.exe
  2⤵
  PID:9688
- C:\Windows\System\ivCDERg.exe
  C:\Windows\System\ivCDERg.exe
  2⤵
  PID:9724
- C:\Windows\System\Atvfxsc.exe
  C:\Windows\System\Atvfxsc.exe
  2⤵
  PID:9740
- C:\Windows\System\dDVnoEN.exe
  C:\Windows\System\dDVnoEN.exe
  2⤵
  PID:9780
- C:\Windows\System\GjNvTOW.exe
  C:\Windows\System\GjNvTOW.exe
  2⤵
  PID:9804
- C:\Windows\System\UrJlbEg.exe
  C:\Windows\System\UrJlbEg.exe
  2⤵
  PID:9836
- C:\Windows\System\lbjUglK.exe
  C:\Windows\System\lbjUglK.exe
  2⤵
  PID:9864
- C:\Windows\System\STDCuoi.exe
  C:\Windows\System\STDCuoi.exe
  2⤵
  PID:9880
- C:\Windows\System\bmDmuJG.exe
  C:\Windows\System\bmDmuJG.exe
  2⤵
  PID:9908
- C:\Windows\System\esqZBBe.exe
  C:\Windows\System\esqZBBe.exe
  2⤵
  PID:9944
- C:\Windows\System\SxGcujH.exe
  C:\Windows\System\SxGcujH.exe
  2⤵
  PID:9964
- C:\Windows\System\pLlFsNg.exe
  C:\Windows\System\pLlFsNg.exe
  2⤵
  PID:9996
- C:\Windows\System\KHRdjxb.exe
  C:\Windows\System\KHRdjxb.exe
  2⤵
  PID:10056
- C:\Windows\System\EmhJdkM.exe
  C:\Windows\System\EmhJdkM.exe
  2⤵
  PID:10072
- C:\Windows\System\cGErEev.exe
  C:\Windows\System\cGErEev.exe
  2⤵
  PID:10100
- C:\Windows\System\TJNsUOb.exe
  C:\Windows\System\TJNsUOb.exe
  2⤵
  PID:10128
- C:\Windows\System\LQXNCOa.exe
  C:\Windows\System\LQXNCOa.exe
  2⤵
  PID:10156
- C:\Windows\System\qQxTwpE.exe
  C:\Windows\System\qQxTwpE.exe
  2⤵
  PID:10184
- C:\Windows\System\BHFxnzj.exe
  C:\Windows\System\BHFxnzj.exe
  2⤵
  PID:10212
- C:\Windows\System\BlRWCzu.exe
  C:\Windows\System\BlRWCzu.exe
  2⤵
  PID:9152
- C:\Windows\System\LEZxYYV.exe
  C:\Windows\System\LEZxYYV.exe
  2⤵
  PID:9256
- C:\Windows\System\lXYArNP.exe
  C:\Windows\System\lXYArNP.exe
  2⤵
  PID:9288
- C:\Windows\System\IhXbPyY.exe
  C:\Windows\System\IhXbPyY.exe
  2⤵
  PID:9364
- C:\Windows\System\FxbLyXa.exe
  C:\Windows\System\FxbLyXa.exe
  2⤵
  PID:9396
- C:\Windows\System\FWHbGvw.exe
  C:\Windows\System\FWHbGvw.exe
  2⤵
  PID:9440
- C:\Windows\System\BMdleFp.exe
  C:\Windows\System\BMdleFp.exe
  2⤵
  PID:9516
- C:\Windows\System\sxDETqy.exe
  C:\Windows\System\sxDETqy.exe
  2⤵
  PID:9584
- C:\Windows\System\zYPTxYt.exe
  C:\Windows\System\zYPTxYt.exe
  2⤵
  PID:9652
- C:\Windows\System\VlgTmJL.exe
  C:\Windows\System\VlgTmJL.exe
  2⤵
  PID:9732
- C:\Windows\System\yaYwvYj.exe
  C:\Windows\System\yaYwvYj.exe
  2⤵
  PID:9812
- C:\Windows\System\OvVnwER.exe
  C:\Windows\System\OvVnwER.exe
  2⤵
  PID:9860
- C:\Windows\System\SBeqRts.exe
  C:\Windows\System\SBeqRts.exe
  2⤵
  PID:9900
- C:\Windows\System\FxPdMzn.exe
  C:\Windows\System\FxPdMzn.exe
  2⤵
  PID:9956
- C:\Windows\System\DyWWvcw.exe
  C:\Windows\System\DyWWvcw.exe
  2⤵
  PID:10084
- C:\Windows\System\hlTafGP.exe
  C:\Windows\System\hlTafGP.exe
  2⤵
  PID:10152
- C:\Windows\System\gYmkukf.exe
  C:\Windows\System\gYmkukf.exe
  2⤵
  PID:9228
- C:\Windows\System\oFyyDxY.exe
  C:\Windows\System\oFyyDxY.exe
  2⤵
  PID:9356
- C:\Windows\System\oCgwcfQ.exe
  C:\Windows\System\oCgwcfQ.exe
  2⤵
  PID:8200
- C:\Windows\System\ZENHZIW.exe
  C:\Windows\System\ZENHZIW.exe
  2⤵
  PID:9640
- C:\Windows\System\JjWlMBo.exe
  C:\Windows\System\JjWlMBo.exe
  2⤵
  PID:9720
- C:\Windows\System\BQfNlJf.exe
  C:\Windows\System\BQfNlJf.exe
  2⤵
  PID:9708
- C:\Windows\System\NHysRcF.exe
  C:\Windows\System\NHysRcF.exe
  2⤵
  PID:10020
- C:\Windows\System\MiacyJo.exe
  C:\Windows\System\MiacyJo.exe
  2⤵
  PID:10208
- C:\Windows\System\qVZXWYk.exe
  C:\Windows\System\qVZXWYk.exe
  2⤵
  PID:9532
- C:\Windows\System\IwVByIk.exe
  C:\Windows\System\IwVByIk.exe
  2⤵
  PID:9928
- C:\Windows\System\GuPlWkt.exe
  C:\Windows\System\GuPlWkt.exe
  2⤵
  PID:9712
- C:\Windows\System\TsOlUuM.exe
  C:\Windows\System\TsOlUuM.exe
  2⤵
  PID:9268
- C:\Windows\System\IbjkblB.exe
  C:\Windows\System\IbjkblB.exe
  2⤵
  PID:10272
- C:\Windows\System\LddCQhY.exe
  C:\Windows\System\LddCQhY.exe
  2⤵
  PID:10296
- C:\Windows\System\WrWnlVZ.exe
  C:\Windows\System\WrWnlVZ.exe
  2⤵
  PID:10320
- C:\Windows\System\wRrUasF.exe
  C:\Windows\System\wRrUasF.exe
  2⤵
  PID:10352
- C:\Windows\System\tsymgaZ.exe
  C:\Windows\System\tsymgaZ.exe
  2⤵
  PID:10384
- C:\Windows\System\rcNAtkq.exe
  C:\Windows\System\rcNAtkq.exe
  2⤵
  PID:10412
- C:\Windows\System\DhEqZSR.exe
  C:\Windows\System\DhEqZSR.exe
  2⤵
  PID:10452
- C:\Windows\System\TbhrWrI.exe
  C:\Windows\System\TbhrWrI.exe
  2⤵
  PID:10468
- C:\Windows\System\RuwrAbc.exe
  C:\Windows\System\RuwrAbc.exe
  2⤵
  PID:10496
- C:\Windows\System\rgStweV.exe
  C:\Windows\System\rgStweV.exe
  2⤵
  PID:10524
- C:\Windows\System\tgKZSYY.exe
  C:\Windows\System\tgKZSYY.exe
  2⤵
  PID:10544
- C:\Windows\System\WlPaHFV.exe
  C:\Windows\System\WlPaHFV.exe
  2⤵
  PID:10584
- C:\Windows\System\PedWFSw.exe
  C:\Windows\System\PedWFSw.exe
  2⤵
  PID:10608
- C:\Windows\System\BwYqbtm.exe
  C:\Windows\System\BwYqbtm.exe
  2⤵
  PID:10624
- C:\Windows\System\HlnlNJK.exe
  C:\Windows\System\HlnlNJK.exe
  2⤵
  PID:10664
- C:\Windows\System\FjDcKIo.exe
  C:\Windows\System\FjDcKIo.exe
  2⤵
  PID:10696
- C:\Windows\System\nFWIEdp.exe
  C:\Windows\System\nFWIEdp.exe
  2⤵
  PID:10720
- C:\Windows\System\lMjecWp.exe
  C:\Windows\System\lMjecWp.exe
  2⤵
  PID:10752
- C:\Windows\System\PDkznrz.exe
  C:\Windows\System\PDkznrz.exe
  2⤵
  PID:10780
- C:\Windows\System\nCnDYdo.exe
  C:\Windows\System\nCnDYdo.exe
  2⤵
  PID:10804
- C:\Windows\System\HSmzPdv.exe
  C:\Windows\System\HSmzPdv.exe
  2⤵
  PID:10832
- C:\Windows\System\tfstJxN.exe
  C:\Windows\System\tfstJxN.exe
  2⤵
  PID:10860
- C:\Windows\System\YFBqEjZ.exe
  C:\Windows\System\YFBqEjZ.exe
  2⤵
  PID:10888
- C:\Windows\System\PIAMcoh.exe
  C:\Windows\System\PIAMcoh.exe
  2⤵
  PID:10916
- C:\Windows\System\pIgBZXb.exe
  C:\Windows\System\pIgBZXb.exe
  2⤵
  PID:10944
- C:\Windows\System\aCERJZs.exe
  C:\Windows\System\aCERJZs.exe
  2⤵
  PID:10984
- C:\Windows\System\XtHeXnZ.exe
  C:\Windows\System\XtHeXnZ.exe
  2⤵
  PID:11000
- C:\Windows\System\jeWpvOJ.exe
  C:\Windows\System\jeWpvOJ.exe
  2⤵
  PID:11016
- C:\Windows\System\ffosvEs.exe
  C:\Windows\System\ffosvEs.exe
  2⤵
  PID:11032
- C:\Windows\System\iRQPVMb.exe
  C:\Windows\System\iRQPVMb.exe
  2⤵
  PID:11080
- C:\Windows\System\ikgcfDc.exe
  C:\Windows\System\ikgcfDc.exe
  2⤵
  PID:11100
- C:\Windows\System\VkeGqYI.exe
  C:\Windows\System\VkeGqYI.exe
  2⤵
  PID:11132
- C:\Windows\System\pYJUNoo.exe
  C:\Windows\System\pYJUNoo.exe
  2⤵
  PID:11164
- C:\Windows\System\slPeyml.exe
  C:\Windows\System\slPeyml.exe
  2⤵
  PID:11196
- C:\Windows\System\yipPlFf.exe
  C:\Windows\System\yipPlFf.exe
  2⤵
  PID:11228
- C:\Windows\System\enlFqzi.exe
  C:\Windows\System\enlFqzi.exe
  2⤵
  PID:11252
- C:\Windows\System\vuIHPiA.exe
  C:\Windows\System\vuIHPiA.exe
  2⤵
  PID:10260
- C:\Windows\System\DcncKvB.exe
  C:\Windows\System\DcncKvB.exe
  2⤵
  PID:10332
- C:\Windows\System\qiLILra.exe
  C:\Windows\System\qiLILra.exe
  2⤵
  PID:10400
- C:\Windows\System\KkFXEIi.exe
  C:\Windows\System\KkFXEIi.exe
  2⤵
  PID:10444
- C:\Windows\System\lJXWExB.exe
  C:\Windows\System\lJXWExB.exe
  2⤵
  PID:10508
- C:\Windows\System\iMsOqfF.exe
  C:\Windows\System\iMsOqfF.exe
  2⤵
  PID:10576
- C:\Windows\System\eMUCmbl.exe
  C:\Windows\System\eMUCmbl.exe
  2⤵
  PID:10636
- C:\Windows\System\sZdelts.exe
  C:\Windows\System\sZdelts.exe
  2⤵
  PID:10680
- C:\Windows\System\ETmQVLB.exe
  C:\Windows\System\ETmQVLB.exe
  2⤵
  PID:10760
- C:\Windows\System\VSJNnjw.exe
  C:\Windows\System\VSJNnjw.exe
  2⤵
  PID:10852
- C:\Windows\System\GLbyluK.exe
  C:\Windows\System\GLbyluK.exe
  2⤵
  PID:10928
- C:\Windows\System\IwRvsyQ.exe
  C:\Windows\System\IwRvsyQ.exe
  2⤵
  PID:10940
- C:\Windows\System\HWLZgTN.exe
  C:\Windows\System\HWLZgTN.exe
  2⤵
  PID:10992
- C:\Windows\System\MbWBHNw.exe
  C:\Windows\System\MbWBHNw.exe
  2⤵
  PID:11044
- C:\Windows\System\dYZPXZh.exe
  C:\Windows\System\dYZPXZh.exe
  2⤵
  PID:11140
- C:\Windows\System\BJOwYvP.exe
  C:\Windows\System\BJOwYvP.exe
  2⤵
  PID:11220
- C:\Windows\System\QLJksZs.exe
  C:\Windows\System\QLJksZs.exe
  2⤵
  PID:10284
- C:\Windows\System\wbWtnng.exe
  C:\Windows\System\wbWtnng.exe
  2⤵
  PID:10392
- C:\Windows\System\kwJtmFG.exe
  C:\Windows\System\kwJtmFG.exe
  2⤵
  PID:10540
- C:\Windows\System\UgnsbOf.exe
  C:\Windows\System\UgnsbOf.exe
  2⤵
  PID:10708
- C:\Windows\System\GtqfuJN.exe
  C:\Windows\System\GtqfuJN.exe
  2⤵
  PID:10800
- C:\Windows\System\uDuGved.exe
  C:\Windows\System\uDuGved.exe
  2⤵
  PID:10996
- C:\Windows\System\wRVEKzs.exe
  C:\Windows\System\wRVEKzs.exe
  2⤵
  PID:11148
- C:\Windows\System\BJmtniv.exe
  C:\Windows\System\BJmtniv.exe
  2⤵
  PID:11192
- C:\Windows\System\YpkeChF.exe
  C:\Windows\System\YpkeChF.exe
  2⤵
  PID:10440
- C:\Windows\System\qOuuEAU.exe
  C:\Windows\System\qOuuEAU.exe
  2⤵
  PID:10908
- C:\Windows\System\JLYJqHV.exe
  C:\Windows\System\JLYJqHV.exe
  2⤵
  PID:11096
- C:\Windows\System\vGjfRNR.exe
  C:\Windows\System\vGjfRNR.exe
  2⤵
  PID:11064
- C:\Windows\System\vwEYqzE.exe
  C:\Windows\System\vwEYqzE.exe
  2⤵
  PID:10732
- C:\Windows\System\ATZWxjs.exe
  C:\Windows\System\ATZWxjs.exe
  2⤵
  PID:11292
- C:\Windows\System\fbaXHVa.exe
  C:\Windows\System\fbaXHVa.exe
  2⤵
  PID:11328
- C:\Windows\System\qwBaHFv.exe
  C:\Windows\System\qwBaHFv.exe
  2⤵
  PID:11344
- C:\Windows\System\UfPdcJz.exe
  C:\Windows\System\UfPdcJz.exe
  2⤵
  PID:11372
- C:\Windows\System\UbscBel.exe
  C:\Windows\System\UbscBel.exe
  2⤵
  PID:11400
- C:\Windows\System\spDiqvl.exe
  C:\Windows\System\spDiqvl.exe
  2⤵
  PID:11424
- C:\Windows\System\VsMDlIp.exe
  C:\Windows\System\VsMDlIp.exe
  2⤵
  PID:11452
- C:\Windows\System\vGDtxSa.exe
  C:\Windows\System\vGDtxSa.exe
  2⤵
  PID:11484
- C:\Windows\System\dGtdqCW.exe
  C:\Windows\System\dGtdqCW.exe
  2⤵
  PID:11512
- C:\Windows\System\sFExKrb.exe
  C:\Windows\System\sFExKrb.exe
  2⤵
  PID:11540
- C:\Windows\System\qzQIKjL.exe
  C:\Windows\System\qzQIKjL.exe
  2⤵
  PID:11568
- C:\Windows\System\bHYSxTE.exe
  C:\Windows\System\bHYSxTE.exe
  2⤵
  PID:11596
- C:\Windows\System\oaMrEcn.exe
  C:\Windows\System\oaMrEcn.exe
  2⤵
  PID:11624
- C:\Windows\System\PBMJFHA.exe
  C:\Windows\System\PBMJFHA.exe
  2⤵
  PID:11640
- C:\Windows\System\FUrDOXu.exe
  C:\Windows\System\FUrDOXu.exe
  2⤵
  PID:11668
- C:\Windows\System\qgVkBGY.exe
  C:\Windows\System\qgVkBGY.exe
  2⤵
  PID:11700
- C:\Windows\System\ycDqtaz.exe
  C:\Windows\System\ycDqtaz.exe
  2⤵
  PID:11736
- C:\Windows\System\hbUWpUG.exe
  C:\Windows\System\hbUWpUG.exe
  2⤵
  PID:11764
- C:\Windows\System\FCYPUjE.exe
  C:\Windows\System\FCYPUjE.exe
  2⤵
  PID:11804
- C:\Windows\System\xVLhbDz.exe
  C:\Windows\System\xVLhbDz.exe
  2⤵
  PID:11832
- C:\Windows\System\dEZkuXL.exe
  C:\Windows\System\dEZkuXL.exe
  2⤵
  PID:11852
- C:\Windows\System\cVWzCIM.exe
  C:\Windows\System\cVWzCIM.exe
  2⤵
  PID:11884
- C:\Windows\System\jNySeGY.exe
  C:\Windows\System\jNySeGY.exe
  2⤵
  PID:11904
- C:\Windows\System\FJnqjQt.exe
  C:\Windows\System\FJnqjQt.exe
  2⤵
  PID:11940
- C:\Windows\System\NIBgNCN.exe
  C:\Windows\System\NIBgNCN.exe
  2⤵
  PID:11960
- C:\Windows\System\Yzxxrbv.exe
  C:\Windows\System\Yzxxrbv.exe
  2⤵
  PID:11996
- C:\Windows\System\wqDZNeF.exe
  C:\Windows\System\wqDZNeF.exe
  2⤵
  PID:12020
- C:\Windows\System\xpeLHbe.exe
  C:\Windows\System\xpeLHbe.exe
  2⤵
  PID:12044
- C:\Windows\System\rjcuLlz.exe
  C:\Windows\System\rjcuLlz.exe
  2⤵
  PID:12072
- C:\Windows\System\GYHuliH.exe
  C:\Windows\System\GYHuliH.exe
  2⤵
  PID:12112
- C:\Windows\System\ETuPKZG.exe
  C:\Windows\System\ETuPKZG.exe
  2⤵
  PID:12140
- C:\Windows\System\JzWVGpV.exe
  C:\Windows\System\JzWVGpV.exe
  2⤵
  PID:12156
- C:\Windows\System\hAPjoHO.exe
  C:\Windows\System\hAPjoHO.exe
  2⤵
  PID:12188
- C:\Windows\System\QwioQEW.exe
  C:\Windows\System\QwioQEW.exe
  2⤵
  PID:12212
- C:\Windows\System\qleZqrA.exe
  C:\Windows\System\qleZqrA.exe
  2⤵
  PID:12248
- C:\Windows\System\QtwUWAE.exe
  C:\Windows\System\QtwUWAE.exe
  2⤵
  PID:10656
- C:\Windows\System\VlLdDxS.exe
  C:\Windows\System\VlLdDxS.exe
  2⤵
  PID:11324
- C:\Windows\System\HTPgItq.exe
  C:\Windows\System\HTPgItq.exe
  2⤵
  PID:11360
- C:\Windows\System\dIRslMV.exe
  C:\Windows\System\dIRslMV.exe
  2⤵
  PID:11444
- C:\Windows\System\ZKpsUqr.exe
  C:\Windows\System\ZKpsUqr.exe
  2⤵
  PID:11524
- C:\Windows\System\WZpwKzE.exe
  C:\Windows\System\WZpwKzE.exe
  2⤵
  PID:11588
- C:\Windows\System\sJdZCTM.exe
  C:\Windows\System\sJdZCTM.exe
  2⤵
  PID:11660
- C:\Windows\System\MpeTQBP.exe
  C:\Windows\System\MpeTQBP.exe
  2⤵
  PID:11724
- C:\Windows\System\gpWfOGT.exe
  C:\Windows\System\gpWfOGT.exe
  2⤵
  PID:11752
- C:\Windows\System\LDsdHsh.exe
  C:\Windows\System\LDsdHsh.exe
  2⤵
  PID:11824
- C:\Windows\System\ESqQXsD.exe
  C:\Windows\System\ESqQXsD.exe
  2⤵
  PID:11892
- C:\Windows\System\HJosbOu.exe
  C:\Windows\System\HJosbOu.exe
  2⤵
  PID:11952
- C:\Windows\System\SomSyOW.exe
  C:\Windows\System\SomSyOW.exe
  2⤵
  PID:12012
- C:\Windows\System\JttpYET.exe
  C:\Windows\System\JttpYET.exe
  2⤵
  PID:12092
- C:\Windows\System\beKSjFS.exe
  C:\Windows\System\beKSjFS.exe
  2⤵
  PID:12152
- C:\Windows\System\NIUlLlV.exe
  C:\Windows\System\NIUlLlV.exe
  2⤵
  PID:12204
- C:\Windows\System\PooZLTP.exe
  C:\Windows\System\PooZLTP.exe
  2⤵
  PID:12284
- C:\Windows\System\FDkdKQh.exe
  C:\Windows\System\FDkdKQh.exe
  2⤵
  PID:11416
- C:\Windows\System\DaJCwwC.exe
  C:\Windows\System\DaJCwwC.exe
  2⤵
  PID:11608
- C:\Windows\System\VgHyzTo.exe
  C:\Windows\System\VgHyzTo.exe
  2⤵
  PID:11684
- C:\Windows\System\JbISzfK.exe
  C:\Windows\System\JbISzfK.exe
  2⤵
  PID:11776
- C:\Windows\System\OMlGWrV.exe
  C:\Windows\System\OMlGWrV.exe
  2⤵
  PID:12004
- C:\Windows\System\wfnRKdr.exe
  C:\Windows\System\wfnRKdr.exe
  2⤵
  PID:12096
- C:\Windows\System\lSnhOYk.exe
  C:\Windows\System\lSnhOYk.exe
  2⤵
  PID:12260
- C:\Windows\System\JZThSqM.exe
  C:\Windows\System\JZThSqM.exe
  2⤵
  PID:11616
- C:\Windows\System\KEyMhqA.exe
  C:\Windows\System\KEyMhqA.exe
  2⤵
  PID:11896
- C:\Windows\System\YbRVXza.exe
  C:\Windows\System\YbRVXza.exe
  2⤵
  PID:12244
- C:\Windows\System\AhKzxHz.exe
  C:\Windows\System\AhKzxHz.exe
  2⤵
  PID:11868
- C:\Windows\System\LyDaUUL.exe
  C:\Windows\System\LyDaUUL.exe
  2⤵
  PID:12296
- C:\Windows\System\wkqzvyO.exe
  C:\Windows\System\wkqzvyO.exe
  2⤵
  PID:12332
- C:\Windows\System\FgJuVbv.exe
  C:\Windows\System\FgJuVbv.exe
  2⤵
  PID:12368
- C:\Windows\System\wacIaGU.exe
  C:\Windows\System\wacIaGU.exe
  2⤵
  PID:12396
- C:\Windows\System\bSFXdYG.exe
  C:\Windows\System\bSFXdYG.exe
  2⤵
  PID:12416
- C:\Windows\System\SKpqfwI.exe
  C:\Windows\System\SKpqfwI.exe
  2⤵
  PID:12444
- C:\Windows\System\gMjKkcP.exe
  C:\Windows\System\gMjKkcP.exe
  2⤵
  PID:12476
- C:\Windows\System\hKRZrIW.exe
  C:\Windows\System\hKRZrIW.exe
  2⤵
  PID:12500
- C:\Windows\System\vTQppUY.exe
  C:\Windows\System\vTQppUY.exe
  2⤵
  PID:12536
- C:\Windows\System\vegyBOQ.exe
  C:\Windows\System\vegyBOQ.exe
  2⤵
  PID:12556
- C:\Windows\System\BaVvxcT.exe
  C:\Windows\System\BaVvxcT.exe
  2⤵
  PID:12584
- C:\Windows\System\FgyZxNk.exe
  C:\Windows\System\FgyZxNk.exe
  2⤵
  PID:12612
- C:\Windows\System\DeAlTZn.exe
  C:\Windows\System\DeAlTZn.exe
  2⤵
  PID:12652
- C:\Windows\System\MjKOEWo.exe
  C:\Windows\System\MjKOEWo.exe
  2⤵
  PID:12692
- C:\Windows\System\zvFFDSd.exe
  C:\Windows\System\zvFFDSd.exe
  2⤵
  PID:12708
- C:\Windows\System\SOpbAFl.exe
  C:\Windows\System\SOpbAFl.exe
  2⤵
  PID:12736
- C:\Windows\System\hslqwJM.exe
  C:\Windows\System\hslqwJM.exe
  2⤵
  PID:12764
- C:\Windows\System\feWhCMT.exe
  C:\Windows\System\feWhCMT.exe
  2⤵
  PID:12792
- C:\Windows\System\cDmRKfB.exe
  C:\Windows\System\cDmRKfB.exe
  2⤵
  PID:12820
- C:\Windows\System\GIAndhZ.exe
  C:\Windows\System\GIAndhZ.exe
  2⤵
  PID:12848
- C:\Windows\System\RulQBNN.exe
  C:\Windows\System\RulQBNN.exe
  2⤵
  PID:12864
- C:\Windows\System\jCDtDHi.exe
  C:\Windows\System\jCDtDHi.exe
  2⤵
  PID:12888
- C:\Windows\System\iPjrxxB.exe
  C:\Windows\System\iPjrxxB.exe
  2⤵
  PID:12908
- C:\Windows\System\QjbdMKL.exe
  C:\Windows\System\QjbdMKL.exe
  2⤵
  PID:12944
- C:\Windows\System\XQlYMzK.exe
  C:\Windows\System\XQlYMzK.exe
  2⤵
  PID:12976
- C:\Windows\System\SxSejEE.exe
  C:\Windows\System\SxSejEE.exe
  2⤵
  PID:13004
- C:\Windows\System\jtytPWS.exe
  C:\Windows\System\jtytPWS.exe
  2⤵
  PID:13032
- C:\Windows\System\QYnBgir.exe
  C:\Windows\System\QYnBgir.exe
  2⤵
  PID:13048
- C:\Windows\System\ShRVnjn.exe
  C:\Windows\System\ShRVnjn.exe
  2⤵
  PID:13076
- C:\Windows\System\ROrzzNb.exe
  C:\Windows\System\ROrzzNb.exe
  2⤵
  PID:13116
- C:\Windows\System\GvSnxmY.exe
  C:\Windows\System\GvSnxmY.exe
  2⤵
  PID:13136
- C:\Windows\System\zukONoD.exe
  C:\Windows\System\zukONoD.exe
  2⤵
  PID:13172
- C:\Windows\System\qraMBlC.exe
  C:\Windows\System\qraMBlC.exe
  2⤵
  PID:13200
- C:\Windows\System\VDQHXkZ.exe
  C:\Windows\System\VDQHXkZ.exe
  2⤵
  PID:13228
- C:\Windows\System\CHuIbWR.exe
  C:\Windows\System\CHuIbWR.exe
  2⤵
  PID:13248
- C:\Windows\System\ouPkcMQ.exe
  C:\Windows\System\ouPkcMQ.exe
  2⤵
  PID:13272
- C:\Windows\System\NOHEOEL.exe
  C:\Windows\System\NOHEOEL.exe
  2⤵
  PID:13304
- C:\Windows\System\zrOPXeL.exe
  C:\Windows\System\zrOPXeL.exe
  2⤵
  PID:12320
- C:\Windows\System\uvPHLxx.exe
  C:\Windows\System\uvPHLxx.exe
  2⤵
  PID:12388
- C:\Windows\System\ZAQfYDA.exe
  C:\Windows\System\ZAQfYDA.exe
  2⤵
  PID:12428
- C:\Windows\System\bfgrgVW.exe
  C:\Windows\System\bfgrgVW.exe
  2⤵
  PID:12496
- C:\Windows\System\BwGKwHN.exe
  C:\Windows\System\BwGKwHN.exe
  2⤵
  PID:12568
- C:\Windows\System\LrcCkik.exe
  C:\Windows\System\LrcCkik.exe
  2⤵
  PID:12648
- C:\Windows\System\CHjtFCF.exe
  C:\Windows\System\CHjtFCF.exe
  2⤵
  PID:12724
- C:\Windows\System\AZGzoeL.exe
  C:\Windows\System\AZGzoeL.exe
  2⤵
  PID:12804
- C:\Windows\System\ZJleqrP.exe
  C:\Windows\System\ZJleqrP.exe
  2⤵
  PID:12876
- C:\Windows\System\ScBaTfq.exe
  C:\Windows\System\ScBaTfq.exe
  2⤵
  PID:12932
- C:\Windows\System\uEFrdJh.exe
  C:\Windows\System\uEFrdJh.exe
  2⤵
  PID:13024
- C:\Windows\System\eOAsfBg.exe
  C:\Windows\System\eOAsfBg.exe
  2⤵
  PID:13072
- C:\Windows\System\iZZoWQw.exe
  C:\Windows\System\iZZoWQw.exe
  2⤵
  PID:13084
- C:\Windows\System\zyWPSvH.exe
  C:\Windows\System\zyWPSvH.exe
  2⤵
  PID:13160
- C:\Windows\System\MyzzfzW.exe
  C:\Windows\System\MyzzfzW.exe
  2⤵
  PID:13220
- C:\Windows\System\NZERnRI.exe
  C:\Windows\System\NZERnRI.exe
  2⤵
  PID:13296
- C:\Windows\System\nWELsjy.exe
  C:\Windows\System\nWELsjy.exe
  2⤵
  PID:2176
- C:\Windows\System\tpKOYfx.exe
  C:\Windows\System\tpKOYfx.exe
  2⤵
  PID:12392
- C:\Windows\System\OQkOmvx.exe
  C:\Windows\System\OQkOmvx.exe
  2⤵
  PID:12440
- C:\Windows\System\dxRoogU.exe
  C:\Windows\System\dxRoogU.exe
  2⤵
  PID:12600
- C:\Windows\System\NgsWRti.exe
  C:\Windows\System\NgsWRti.exe
  2⤵
  PID:12720
- C:\Windows\System\ZezAyaK.exe
  C:\Windows\System\ZezAyaK.exe
  2⤵
  PID:12904
- C:\Windows\System\QuPZJfA.exe
  C:\Windows\System\QuPZJfA.exe
  2⤵
  PID:12968
- C:\Windows\System\GHhbvty.exe
  C:\Windows\System\GHhbvty.exe
  2⤵
  PID:13212
- C:\Windows\System\OkUQVnd.exe
  C:\Windows\System\OkUQVnd.exe
  2⤵
  PID:12316
- C:\Windows\System\tlmNtHm.exe
  C:\Windows\System\tlmNtHm.exe
  2⤵
  PID:12436
- C:\Windows\System\SoAQUoA.exe
  C:\Windows\System\SoAQUoA.exe
  2⤵
  PID:12920
- C:\Windows\System\dwwSNfa.exe
  C:\Windows\System\dwwSNfa.exe
  2⤵
  PID:13288
- C:\Windows\System\jEOrCaT.exe
  C:\Windows\System\jEOrCaT.exe
  2⤵
  PID:13336
- C:\Windows\System\INGSRsc.exe
  C:\Windows\System\INGSRsc.exe
  2⤵
  PID:13368
- C:\Windows\System\sqCpyfz.exe
  C:\Windows\System\sqCpyfz.exe
  2⤵
  PID:13404
- C:\Windows\System\pPiJHcP.exe
  C:\Windows\System\pPiJHcP.exe
  2⤵
  PID:13444
- C:\Windows\System\ZeJhFgf.exe
  C:\Windows\System\ZeJhFgf.exe
  2⤵
  PID:13460
- C:\Windows\System\HOfdzdu.exe
  C:\Windows\System\HOfdzdu.exe
  2⤵
  PID:13484
- C:\Windows\System\uFEtYWz.exe
  C:\Windows\System\uFEtYWz.exe
  2⤵
  PID:13504
- C:\Windows\System\fdLzUFn.exe
  C:\Windows\System\fdLzUFn.exe
  2⤵
  PID:13536
- C:\Windows\System\QdntdTc.exe
  C:\Windows\System\QdntdTc.exe
  2⤵
  PID:13560
- C:\Windows\System\isLOjgP.exe
  C:\Windows\System\isLOjgP.exe
  2⤵
  PID:13596
- C:\Windows\System\zvDeCQz.exe
  C:\Windows\System\zvDeCQz.exe
  2⤵
  PID:13628
- C:\Windows\System\uTDhFjE.exe
  C:\Windows\System\uTDhFjE.exe
  2⤵
  PID:13648
- C:\Windows\System\heuCfzN.exe
  C:\Windows\System\heuCfzN.exe
  2⤵
  PID:13684
- C:\Windows\System\rwuQJJX.exe
  C:\Windows\System\rwuQJJX.exe
  2⤵
  PID:13724
- C:\Windows\System\YREtuRz.exe
  C:\Windows\System\YREtuRz.exe
  2⤵
  PID:13752
- C:\Windows\System\udvlzyT.exe
  C:\Windows\System\udvlzyT.exe
  2⤵
  PID:13792
- C:\Windows\System\PQdwFZp.exe
  C:\Windows\System\PQdwFZp.exe
  2⤵
  PID:13820
- C:\Windows\System\kROPSNM.exe
  C:\Windows\System\kROPSNM.exe
  2⤵
  PID:13840
- C:\Windows\System\uphOvgg.exe
  C:\Windows\System\uphOvgg.exe
  2⤵
  PID:13864
- C:\Windows\System\dmiKncF.exe
  C:\Windows\System\dmiKncF.exe
  2⤵
  PID:13892
- C:\Windows\System\JkoAmqh.exe
  C:\Windows\System\JkoAmqh.exe
  2⤵
  PID:13924
- C:\Windows\System\swTndTl.exe
  C:\Windows\System\swTndTl.exe
  2⤵
  PID:13960
- C:\Windows\System\fCiWVxa.exe
  C:\Windows\System\fCiWVxa.exe
  2⤵
  PID:13976
- C:\Windows\System\FzgosqA.exe
  C:\Windows\System\FzgosqA.exe
  2⤵
  PID:14016
- C:\Windows\System\bgbrJuN.exe
  C:\Windows\System\bgbrJuN.exe
  2⤵
  PID:14036
- C:\Windows\System\CxFvWIt.exe
  C:\Windows\System\CxFvWIt.exe
  2⤵
  PID:14060
- C:\Windows\System\nNoBMXf.exe
  C:\Windows\System\nNoBMXf.exe
  2⤵
  PID:14076
- C:\Windows\System\VBYwJYV.exe
  C:\Windows\System\VBYwJYV.exe
  2⤵
  PID:14108
- C:\Windows\System\FhMOLzc.exe
  C:\Windows\System\FhMOLzc.exe
  2⤵
  PID:14132
- C:\Windows\System\JVNZhuj.exe
  C:\Windows\System\JVNZhuj.exe
  2⤵
  PID:14160
- C:\Windows\System\gpVKQyd.exe
  C:\Windows\System\gpVKQyd.exe
  2⤵
  PID:14200
- C:\Windows\System\QAUBUUb.exe
  C:\Windows\System\QAUBUUb.exe
  2⤵
  PID:14228
- C:\Windows\System\MUsLPeH.exe
  C:\Windows\System\MUsLPeH.exe
  2⤵
  PID:14244
- C:\Windows\System\OfoMpGY.exe
  C:\Windows\System\OfoMpGY.exe
  2⤵
  PID:14276
- C:\Windows\System\SynrGuC.exe
  C:\Windows\System\SynrGuC.exe
  2⤵
  PID:14312
- C:\Windows\System\wPvoCAb.exe
  C:\Windows\System\wPvoCAb.exe
  2⤵
  PID:1512
- C:\Windows\System\fBCIWyk.exe
  C:\Windows\System\fBCIWyk.exe
  2⤵
  PID:13156
- C:\Windows\System\xWLqaFy.exe
  C:\Windows\System\xWLqaFy.exe
  2⤵
  PID:13352
- C:\Windows\System\jRMbnkz.exe
  C:\Windows\System\jRMbnkz.exe
  2⤵
  PID:13456
- C:\Windows\System\ahqnffQ.exe
  C:\Windows\System\ahqnffQ.exe
  2⤵
  PID:13500
- C:\Windows\System\kWrEqBZ.exe
  C:\Windows\System\kWrEqBZ.exe
  2⤵
  PID:13612
- C:\Windows\System\nytUGTx.exe
  C:\Windows\System\nytUGTx.exe
  2⤵
  PID:13636
- C:\Windows\System\EcdhaHZ.exe
  C:\Windows\System\EcdhaHZ.exe
  2⤵
  PID:13704
- C:\Windows\System\SoJCDTF.exe
  C:\Windows\System\SoJCDTF.exe
  2⤵
  PID:13780
- C:\Windows\System\VAxtBVc.exe
  C:\Windows\System\VAxtBVc.exe
  2⤵
  PID:13804
- C:\Windows\System\GMEToLb.exe
  C:\Windows\System\GMEToLb.exe
  2⤵
  PID:13916
- C:\Windows\System\PmUgDmY.exe
  C:\Windows\System\PmUgDmY.exe
  2⤵
  PID:13968
- C:\Windows\System\MNLAEyl.exe
  C:\Windows\System\MNLAEyl.exe
  2⤵
  PID:14052
- C:\Windows\System\JHETRQn.exe
  C:\Windows\System\JHETRQn.exe
  2⤵
  PID:14096
- C:\Windows\System\YZLJvEd.exe
  C:\Windows\System\YZLJvEd.exe
  2⤵
  PID:14216
- C:\Windows\System\VaaAfCU.exe
  C:\Windows\System\VaaAfCU.exe
  2⤵
  PID:14288
- C:\Windows\System\aYPZYhb.exe
  C:\Windows\System\aYPZYhb.exe
  2⤵
  PID:14324
- C:\Windows\System\CjyPBWX.exe
  C:\Windows\System\CjyPBWX.exe
  2⤵
  PID:13324

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\FAxkOEc.exe

Filesize
2.4MB

MD5
46ea0fe7ccbcababe184a5db971d6209

SHA1
0264c4e8a14cc4cf72e8fb8add402a79f758371d

SHA256
d8767198312df08ae13b51ee9045d7473920431c933bc19dde9e623b4278bfd6

SHA512
6c781d222347f0d229839da174862c8af85075ddc258c0441897b1e0c57ca7938fa980b815300c71a4ac722c6a1e392b3492faf380464dd80ce1d5db401d6b03

Download Submit
C:\Windows\System\FdFIHfo.exe

Filesize
2.4MB

MD5
13f999d0c9e2ddbc83ceb27851233427

SHA1
10496441a92dc094bacaa116ed67e4c0853ffba7

SHA256
8d645cb0b37a8958cc7293e640e24edcb42521c4d36301c50c24862a45f26323

SHA512
fd5f168b9f80a156d3e181d1e79f1895ac400c659d74b3679f7870efbfe9b7f1b85ca3623d75fd37faeec912e8f8707659c5e8bf82c178916ea7eaacb72b1197

Download Submit
C:\Windows\System\HzrtJEO.exe

Filesize
2.4MB

MD5
4091a5317cdcf600f423e2d6cc087383

SHA1
77648e161eb04e3f2d6c337260ea56a9de36e7b9

SHA256
0dd9d372d2473a32f7aec9ca42c8526b3e44296ecba1cce22583113454d9c418

SHA512
3de63127a54a1aeb8d23bf6f76dbbc64113726807af932a69b4aa0ffe642feb74eca99e29674591245614e2ff2df5b316a461260bb62fd4c2885f891c885b9a8

Download Submit
C:\Windows\System\IDhVCNd.exe

Filesize
2.4MB

MD5
c5b78857028cbdc228b26239c0ff41ea

SHA1
426b9f30947c3a18f734e0a4ef8fc99a0324db4f

SHA256
08c275fdc33a55222573777dba69d57de08d6384a79c311a01b90d5548efd388

SHA512
6cfc6e9e042e455d1450947f6afcd9f5b285b6b7efc07902341cdb71a299a9557b6afb1e20b7c585497b70e900c056568ea18e2ad9df3177c52b40f37978403c

Download Submit
C:\Windows\System\KJdGJno.exe

Filesize
2.4MB

MD5
d3cf19b04249a6d84df525f14035984e

SHA1
512f24e82f436c77fa38b847063b47c0eca7b241

SHA256
7ece513a9f425b3e226d399e9860ac8a8cfa268b963cdf7c40ba7dbbe059b2e5

SHA512
91b3d3d76f01f9e58e73b05293434a29817bf4cbb3cec743c1afedf5a31d874ba244a8c3c749948a9320b1af25f29fb0bda653ff3635355efeac6f4775d2047f

Download Submit
C:\Windows\System\LyNnMIr.exe

Filesize
2.4MB

MD5
b85c8c4e3d9ba0b69e468302fe14080c

SHA1
31f0b11a886f70f6cb4a0b0cbcd35208b1e2b358

SHA256
b12d992de0705c011cda9485cb56f2c2c26064667021fad988843c5dbddec991

SHA512
e8eb7a7b3069ed080e516cd879300506494adc3526138045dbb906bb14e2b43e3da92622ac6b17a80888421eae27010fc1ad5e3283c76f994f0348bd621a6adb

Download Submit
C:\Windows\System\MBjIhFV.exe

Filesize
2.4MB

MD5
fd1aa7794643056c2ec33d03df60c937

SHA1
80cf8022324ae3b6f190cb65c05e7b6665cd5183

SHA256
2063ff7777bc0ea5b0145c03e3786b6dec8270140dc3afec476b07245cfe924a

SHA512
e91718703d00786ee04e612e53019f58845003eda9afd575e71539eaa1f116161d74b21a83da4da283b7552ac89d5e9c197451ade9fffc57aa06ce3e6d9c9a02

Download Submit
C:\Windows\System\MMmYOmN.exe

Filesize
2.4MB

MD5
db2b7fe857f282a2b6718adb94e6c1f0

SHA1
466acabd77f2f9d0dc24e16ef22d7d457d88a5b9

SHA256
766ab742969b51c0a383f041854ceef6d721addae3d6ce0251f53bb78e75a573

SHA512
878afaaaedce70f094d12555d052e96866ffaa2d85fbaccda76f6b86a60976614adb04e6daa3166f04b7df063e4c88e424b9d7d50053a5aff40b0793b9684d12

Download Submit
C:\Windows\System\NsEqDxV.exe

Filesize
2.4MB

MD5
0d877553515c20b3d4e0fe76d2220b6e

SHA1
14f7dfe66e88913e866e630eceb0cc57b8f758d1

SHA256
61475c5d2cef29ece0a617daa448ff96dc9f94dadcc30b0c858985254e6a57c5

SHA512
f708aae6f71c6a72c36f5a8a96b9dc4dbe6a946a4898ff9c96b012f41299d31ed6ae476f776e52f4e84b8a88cf52b2633a35358ef7b8b5e8835cda00e81bcfb1

Download Submit
C:\Windows\System\OuQqjOC.exe

Filesize
2.4MB

MD5
ad33a36fd5648879984aa36169523ba6

SHA1
571a5130c3b8f21170e1752ca4d08d41849dd57a

SHA256
56efca6781e46c3c9b6cc00c190939874989a76ff2b3b2c34050fb33c388a7d1

SHA512
7f1a98a72df33281387999d3d53b829b9684a4044c573c3fbe80ebe95436433d13cffd27b23d659a91404ecb17a659b47dd77cd4b15a6092729b3b21cd1b591f

Download Submit
C:\Windows\System\QCjmuQA.exe

Filesize
2.4MB

MD5
32fed33d92990cdc236b69604c5e3c88

SHA1
af514dd857547fbe488456cacdd5ce67672da183

SHA256
b3b2a6cdb60671ff8e52268df0cd9feff10e363136320b6ff7bb505b97e9c70d

SHA512
91d5cf2b5885a083312770ab8be31a63a113f105165c795271b41d9b927ec15c7a1cd14e7d4cbf8b01fef570ad82a985ba588791b526cec347ce91072f316de6

Download Submit
C:\Windows\System\QurKpul.exe

Filesize
2.4MB

MD5
d9073c2740ec056db45f5ba548fb0560

SHA1
bd6193cd965564c90f5454b4ddbad65bb6016967

SHA256
482a802af4589a40d1835e2c79651e8c20b8293971e925bba2eed0ece47a9256

SHA512
653a92e8eddc274fe1903433df2298dac2bfb85e0e56ce2e00334d195d2106c9790ece76af67a73c841868e8db5a2d0f20a190a859eb796546fd29ed5f4c0307

Download Submit
C:\Windows\System\RKDOizl.exe

Filesize
2.4MB

MD5
a1b48353bfb41ce0baea4703c450d2c6

SHA1
4d051300a77a83c556d3a4cfa0e4f22e0650c107

SHA256
9739d6fa4715a6120f016fb3dea58fe84bbdd1e37eeacaf87c9b490bfcf70c5d

SHA512
2f8d2b44cc827d0c21ca99628227e058d283cd7791f3991df53e9ccf30b42a3e38a55c7e46fb381d23183268c132ececd180bf87958ee19d90febcba170eb493

Download Submit
C:\Windows\System\SZGhCjc.exe

Filesize
2.4MB

MD5
83ffa5edbd6ce58d2e4e926b4606213e

SHA1
9f0a6cffaf35315b1504323fb214492bd89b75a8

SHA256
13fb1e191883c2831872d218ffcfe4d0b8bff6eaaf27b86295d337fcd4664e29

SHA512
59c0b1ef8d2b9dac52369e906ac18c597a680804b240a7b08062bf77da7014bb1b4e109fdd1badff5f501a8ebf4d1a4e81a79a0d86bd5a056535776e0aebf0a9

Download Submit
C:\Windows\System\ULvVXfO.exe

Filesize
2.4MB

MD5
2c1c895ff96e79cbda254b5a9b4b67e8

SHA1
0882b2b95cbde846f7460cb6e5f26e90c0d01708

SHA256
ddb345b426353b394e00e070682d00fe71ae74bb3452bff03bafb5dd4ce95409

SHA512
6be13fb648ac429f686280299d195b953af3e8b0c8a87e4a221c35ac419da6443dae59b88c869f569b49ae87c7af12b21661a23e8b163d239ad6a3b51f14cb78

Download Submit
C:\Windows\System\XDMVkpp.exe

Filesize
2.4MB

MD5
0413769711784a547fdc24acaa38bad8

SHA1
b265f5f1e164bce92af435c1c16efb25378aa8d2

SHA256
12c1463cfa702da8b1b36ce6e4558447a151af375e5128e9d1976829f85691c7

SHA512
2d572a662e505d265925feaf1ddb5bcca8717f296885b332bb632392170e5fde432eab33e4fe7ce691116387a0d57267a6b9b71800d61126c0592a701e04b377

Download Submit
C:\Windows\System\ZaSOitu.exe

Filesize
2.4MB

MD5
5a30ff3014e01d159fdb852e5aff2e27

SHA1
0593b9e3f98fe00b180a046b020184defd0fd5f9

SHA256
1d8728f2e7c639f8e04b967ce7dd5736baef9e2ca2354dcb452ff7e08fcaf6f4

SHA512
668b59f6efdc2702a887aca7639de6b648a5f52250077d45c18cad0b5c7149b49eddda197123895a4907768e20119f52be4a725f18ef3d1d5887b17b8d4594f2

Download Submit
C:\Windows\System\gmRkmpv.exe

Filesize
2.4MB

MD5
74b9d66379b3a72f8fe635611e2bba82

SHA1
a96ba94796c5b801bfd164a3398dd76b53e233cd

SHA256
eb1a6561a90b3a60258b5b5a15c43e4205a11959475ef197f5304801ba101abd

SHA512
e09b2e6e07a5f21fb07843bec8886dfb6fe47a760e6be886ece9e17bb4006325bb0fc153b2aeea8086ac7f950a840b82b2b25fbf3cd7149dda12de958c00d919

Download Submit
C:\Windows\System\gxfEsYz.exe

Filesize
2.4MB

MD5
36071f78ca9df9ac82ebd7f6d8dde102

SHA1
f74acfe17c77c2279c95e52403500aaac6817ccc

SHA256
fed612e7115974d3d8f25d0aa47368b6df18a4d1b926346c2e68eba3b305c20f

SHA512
0dce95c3385753e417bb1ec9fee22608767b9bca7d1199e501f5fa9dadbcbec37a670a9d39572d329d6d814e1f4702301337014400a33e3351846d72a45c7787

Download Submit
C:\Windows\System\jkJcjwv.exe

Filesize
2.4MB

MD5
8938371da542597277df6a1f8757a15c

SHA1
d8a9dfbc1dfb10b84a4564d90b6bfebfb2fd0a26

SHA256
c41cf90fedf8c9715053109432fb23a3b7218871e88f6f1bf8ad0c798c3f438a

SHA512
69da67cc8439f38138ada95358b5e100b137ad05f0115f906ed1838e677e1d7c3dce4bb2e26831aaad5fea44a31211df18c9b175203418a36eed21c80861986b

Download Submit
C:\Windows\System\kAARNNm.exe

Filesize
2.4MB

MD5
4f3348363bb4715f89e8213afe4d52a7

SHA1
05da6a6ceb682f173fe2f7a9e575da8b38ee3bb0

SHA256
8fa9ab682f12471aa1cb1a75d1e12300418ee8e4164232590cb7dc61d4ce8cac

SHA512
3d24f29ec97b9cac626552ec781556db20896b164ba37dfbad9be21a21da922bf38b6240580aba3f4c47e61481ee42b595037aa6b4f410ec316cf841a76cd592

Download Submit
C:\Windows\System\ksMvqYG.exe

Filesize
2.4MB

MD5
c20b048758b0022ba87af4094d2b2605

SHA1
005a454e6f2135505096082527d9ff9c79016d19

SHA256
eb96f2b277d7ca94158ef57399b1a174e84854edd1ca4e28d5394f9168ead2cf

SHA512
2c7b58688073ae03958ab6799fedd2b07be7f290fc2fcfdab80519d8166dc084a84580e13994ab061a3af3ff6c658e34cf7f5864cde0b8fa51f7f471f48a75c2

Download Submit
C:\Windows\System\nTvEuhP.exe

Filesize
2.4MB

MD5
e760697ac4d153fa223145e1385d12db

SHA1
cf16aa02813a05e0b2cfac76fbcddfd6236e2ab4

SHA256
307d293c77a78ba5a21a0c45af6e589e2c2f67dee5af3d0d2dab0fc1ce3c6bd3

SHA512
eb3f65f7b6341c1a82934d4a28861e2a1f766cf27f5cc1409791bb487e6bad9da6b7cbd7a078ac659d41a20555319cc0c6d07295b6dc42f6c62823d4d577bce3

Download Submit
C:\Windows\System\pgybLSc.exe

Filesize
2.4MB

MD5
485fd25a0ecde368b7d9fabdf02761bc

SHA1
a8292046f4d7d2034e2cb4a0470a37042dcef28f

SHA256
9d7cd67880c62fb689b4966925cd214139679f186100aa6203044503e485bb25

SHA512
3b2b7685a61ad653efcce5cac60241d3b74c91543c315808ac4e11221840672a34c39d68ef59ecb3479f932f1805ff02c415450aa9c379f91faee7363418d743

Download Submit
C:\Windows\System\pyGpPcq.exe

Filesize
2.4MB

MD5
4f59769ac55436b6d38385b9ac0cc8de

SHA1
d5841aa6b312fb5e762eb2e12829b7315392fed9

SHA256
6d0aee6fba96181c436f987b670d53e960094798d6810f28464d7590f351a9c9

SHA512
5c476bb76b7b3cd4b22552542ef531ac7d0abb607bbfbd5b04f433c40a190ab1f38d57cf2084ac4c3b9fca066a4b45416100a17274754b03d4cec07486217a8e

Download Submit
C:\Windows\System\qHKyVSY.exe

Filesize
2.4MB

MD5
3f0dd1099ed556e09bcf811a96bdf964

SHA1
e7559cae0482a19a4984ad3a6dbf8d72c74b89b6

SHA256
172b4337b841a8d08f028ccd4b39e7b65291902a0b085a6a03ecffcc5f36771f

SHA512
a850de62558cd548b44c0c184a504ebf70431e57413303dc6605ff44e9ba804e5d8c7a7f142614fbb6871f63d2155f68b9865dc438f1aba98d5b1a9c7081cc05

Download Submit
C:\Windows\System\qjCOwur.exe

Filesize
2.4MB

MD5
b4f0b4f021a043a2375869746183ad78

SHA1
5798dafe32a017bae77f777bfaba32880595ff97

SHA256
df2b8bc8c01ae6f9a6721cfb65889d7853ec76558be49bd9b2ba7ba0c916b987

SHA512
e7ef266e7608f98c58cd610ed249f9191b0070cc25a5c7341b820e8c5b64d3d534a2bbe0550f0e7315cfa0f039a7930976950f6cf944e99310afb38604e8796e

Download Submit
C:\Windows\System\rOOQBHM.exe

Filesize
2.4MB

MD5
91d1e8a61738fea5739e911391a1db25

SHA1
f59d929e9661a860a5ac20803b054a21ae9f9090

SHA256
de6c849ca73dbfb7b1c4febb8deecc4d02b1e046393b083be8c55101b66d52f7

SHA512
c7d9f626d95f38ebe5e384bab088b98d1562f8dcece06e4ce04baf59b18f116b93c0f3e3e59ec1b651c516e1fb3088d88430b1fee7a1345a4c7a04430350fad6

Download Submit
C:\Windows\System\rUZmLJE.exe

Filesize
2.4MB

MD5
c3e6871713f3682daa9b84b04beebffb

SHA1
4935cf85afe6634a69d7618acdbf01b508ed4166

SHA256
05a51aba884d32eb37bfbd6dacdda9fc6ab85f6a4c8b53a677064bfb934175c3

SHA512
d24ea660db70e5c491091e9dd67aa090d14bbc862c0a29f26d92b24213198db506a880c325a147f863618b88409ef02daa525952e3c4b62345f69464ae1adff3

Download Submit
C:\Windows\System\uudBLaC.exe

Filesize
2.4MB

MD5
45f1b964c597cc6c727055827287e37b

SHA1
d8bfa36323d761780832be353042c4a669014f95

SHA256
b6ba679ba91416816e591f625716c2e467ce8b4745056250188d4d7fe75a1a63

SHA512
e28d19aff0cec8bfcea475e6cc8c381705191ad83e2b1f37cab386ec3df1e6ddbf8612a37f7d86500de0e7823fa79c042e8cce86e7ad972bf05507645d4f0fd1

Download Submit
C:\Windows\System\vKVExIm.exe

Filesize
2.4MB

MD5
71632b72c8f869d600c8aceed4c309b7

SHA1
1a3947ba7dce9ce724335f8514c86faa025a54cf

SHA256
d76427d5f4697edf00c8ceca4f32827cb505557a49f13143d776cb463a8adc0e

SHA512
1b17e08681b14ad8d5a32afc61f43c07c6f9ee05f007d94ab5d30b28ebf6ed2ea2566cc147b23bb377259620cf2ec592c905ad931458fe13ba367f6332a98130

Download Submit
C:\Windows\System\wMNxfid.exe

Filesize
2.4MB

MD5
aad64c972182eaa66456629f2e27a47e

SHA1
39fea0f6c838f1d8bf748ff94234a4f17aa4131b

SHA256
0e78f8491bc91f2441f3a879d5c3dc7dfe274ff8381fbdac434891a7ad0dfd45

SHA512
5e58d1c41b51a20511e89f74f113d5a40f325de25945698f77c2cfa1475dcf7b02b4804590a39f05906eb6185113787a7ec19322f508c4a9e3fd6b2727b63ad3

Download Submit
C:\Windows\System\wmFQZBl.exe

Filesize
2.4MB

MD5
b3cd6467f95a591b64f43b774d9745f5

SHA1
dc55e172554257f6d8de60121b94588b790f5577

SHA256
981d7d3035e6087958ad54474f624cb14ac076ef70d93aab72aec18d31227298

SHA512
bbb8487bc1c51acfdb7417d86b50c334911bcff8e538743805c7e75a4a56d6991dbab1e139ac134f2da3187946bd91794fdda7a27dfdc60eb5e78e284e9c36f8

Download Submit
C:\Windows\System\ypkafbs.exe

Filesize
2.4MB

MD5
4a1cda71d471975df63d9c7db04db7cf

SHA1
61d9b1457907c74a02beafd1094f43d05f23b5a6

SHA256
5eb8b59a859d32316e007ef1ce9302aefdbced43c1fc6bb852cba5ec2bfdd2e1

SHA512
9d1dd0103a393f2abc89b9db49b5618ee9db9416d907604ae0566d56396c9772aee21487b976da349ff0fdf405b18d75864fe9754a01930398fbf710fcb132ed

Download Submit
memory/552-2112-0x00007FF6267D0000-0x00007FF626B24000-memory.dmp

Filesize
3.3MB

Download
memory/552-140-0x00007FF6267D0000-0x00007FF626B24000-memory.dmp

Filesize
3.3MB

Download
memory/676-127-0x00007FF634110000-0x00007FF634464000-memory.dmp

Filesize
3.3MB

Download
memory/676-2110-0x00007FF634110000-0x00007FF634464000-memory.dmp

Filesize
3.3MB

Download
memory/892-2105-0x00007FF786470000-0x00007FF7867C4000-memory.dmp

Filesize
3.3MB

Download
memory/892-89-0x00007FF786470000-0x00007FF7867C4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2092-0x00007FF6E9710000-0x00007FF6E9A64000-memory.dmp

Filesize
3.3MB

Download
memory/1708-161-0x00007FF6E9710000-0x00007FF6E9A64000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2121-0x00007FF6E9710000-0x00007FF6E9A64000-memory.dmp

Filesize
3.3MB

Download
memory/1940-88-0x00007FF732F90000-0x00007FF7332E4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2102-0x00007FF732F90000-0x00007FF7332E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-230-0x00007FF6595B0000-0x00007FF659904000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2119-0x00007FF6595B0000-0x00007FF659904000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2108-0x00007FF75D4E0000-0x00007FF75D834000-memory.dmp

Filesize
3.3MB

Download
memory/2044-104-0x00007FF75D4E0000-0x00007FF75D834000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2117-0x00007FF780B10000-0x00007FF780E64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-170-0x00007FF780B10000-0x00007FF780E64000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2093-0x00007FF66BB90000-0x00007FF66BEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2083-0x00007FF66BB90000-0x00007FF66BEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-10-0x00007FF66BB90000-0x00007FF66BEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-2094-0x00007FF777420000-0x00007FF777774000-memory.dmp

Filesize
3.3MB

Download
memory/2236-29-0x00007FF777420000-0x00007FF777774000-memory.dmp

Filesize
3.3MB

Download
memory/2332-103-0x00007FF66C510000-0x00007FF66C864000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2103-0x00007FF66C510000-0x00007FF66C864000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2091-0x00007FF732DD0000-0x00007FF733124000-memory.dmp

Filesize
3.3MB

Download
memory/2600-156-0x00007FF732DD0000-0x00007FF733124000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2114-0x00007FF732DD0000-0x00007FF733124000-memory.dmp

Filesize
3.3MB

Download
memory/3044-96-0x00007FF679520000-0x00007FF679874000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2096-0x00007FF679520000-0x00007FF679874000-memory.dmp

Filesize
3.3MB

Download
memory/3228-2087-0x00007FF77C0A0000-0x00007FF77C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3228-2100-0x00007FF77C0A0000-0x00007FF77C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3228-61-0x00007FF77C0A0000-0x00007FF77C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-201-0x00007FF73BCD0000-0x00007FF73C024000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2116-0x00007FF73BCD0000-0x00007FF73C024000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2099-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp

Filesize
3.3MB

Download
memory/3524-102-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp

Filesize
3.3MB

Download
memory/3584-2084-0x00007FF676730000-0x00007FF676A84000-memory.dmp

Filesize
3.3MB

Download
memory/3584-2098-0x00007FF676730000-0x00007FF676A84000-memory.dmp

Filesize
3.3MB

Download
memory/3584-44-0x00007FF676730000-0x00007FF676A84000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2089-0x00007FF688380000-0x00007FF6886D4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-95-0x00007FF688380000-0x00007FF6886D4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2109-0x00007FF688380000-0x00007FF6886D4000-memory.dmp

Filesize
3.3MB

Download
memory/3668-94-0x00007FF65D740000-0x00007FF65DA94000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2104-0x00007FF65D740000-0x00007FF65DA94000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2113-0x00007FF750BD0000-0x00007FF750F24000-memory.dmp

Filesize
3.3MB

Download
memory/3680-212-0x00007FF750BD0000-0x00007FF750F24000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2107-0x00007FF751010000-0x00007FF751364000-memory.dmp

Filesize
3.3MB

Download
memory/4072-72-0x00007FF751010000-0x00007FF751364000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2086-0x00007FF751010000-0x00007FF751364000-memory.dmp

Filesize
3.3MB

Download
memory/4252-144-0x00007FF709310000-0x00007FF709664000-memory.dmp

Filesize
3.3MB

Download
memory/4252-2115-0x00007FF709310000-0x00007FF709664000-memory.dmp

Filesize
3.3MB

Download
memory/4252-2090-0x00007FF709310000-0x00007FF709664000-memory.dmp

Filesize
3.3MB

Download
memory/4380-2106-0x00007FF60D500000-0x00007FF60D854000-memory.dmp

Filesize
3.3MB

Download
memory/4380-2088-0x00007FF60D500000-0x00007FF60D854000-memory.dmp

Filesize
3.3MB

Download
memory/4380-77-0x00007FF60D500000-0x00007FF60D854000-memory.dmp

Filesize
3.3MB

Download
memory/4412-2118-0x00007FF6D1520000-0x00007FF6D1874000-memory.dmp

Filesize
3.3MB

Download
memory/4412-227-0x00007FF6D1520000-0x00007FF6D1874000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2082-0x00007FF6E2F40000-0x00007FF6E3294000-memory.dmp

Filesize
3.3MB

Download
memory/4616-1-0x00000214002A0000-0x00000214002B0000-memory.dmp

Filesize
64KB

Download
memory/4616-0-0x00007FF6E2F40000-0x00007FF6E3294000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2097-0x00007FF746B50000-0x00007FF746EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-101-0x00007FF746B50000-0x00007FF746EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-188-0x00007FF624720000-0x00007FF624A74000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2120-0x00007FF624720000-0x00007FF624A74000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2095-0x00007FF706F80000-0x00007FF7072D4000-memory.dmp

Filesize
3.3MB

Download
memory/4740-30-0x00007FF706F80000-0x00007FF7072D4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-137-0x00007FF701600000-0x00007FF701954000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2111-0x00007FF701600000-0x00007FF701954000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2101-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2085-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/5056-46-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads