xmrig | fe2c467145ba9a2e46833ebcf2473f9e278a01c72c703a88dd5266c97d293cda

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
Size

2.7MB
MD5

7588ae37ba0098fd0b9dd4999006e540
SHA1

6841c4519ad7b36788ddc224324988bbc191385a
SHA256

fe2c467145ba9a2e46833ebcf2473f9e278a01c72c703a88dd5266c97d293cda
SHA512

91cb613d0be88863248d779d62790e0e334b2f797c50ff581a2f392802f26245a1538db69a99f94cf0c7e5d6cbbab46d8bd6b4c50b387e7172abf231aedcda9d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdIc1lNpEdxAgQ:BemTLkNdfE0pZrU

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2964-0-0x00007FF653B20000-0x00007FF653E74000-memory.dmp	xmrig
behavioral2/files/0x00080000000233ee-8.dat	xmrig
behavioral2/files/0x00070000000233f2-18.dat	xmrig
behavioral2/files/0x00070000000233f5-29.dat	xmrig
behavioral2/memory/3032-32-0x00007FF7D5A10000-0x00007FF7D5D64000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f8-53.dat	xmrig
behavioral2/files/0x00070000000233fa-60.dat	xmrig
behavioral2/files/0x00070000000233fe-80.dat	xmrig
behavioral2/files/0x0007000000023400-90.dat	xmrig
behavioral2/files/0x0007000000023402-100.dat	xmrig
behavioral2/files/0x0007000000023404-107.dat	xmrig
behavioral2/files/0x000700000002340a-142.dat	xmrig
behavioral2/files/0x000700000002340e-154.dat	xmrig
behavioral2/files/0x0007000000023411-169.dat	xmrig
behavioral2/files/0x000700000002340f-167.dat	xmrig
behavioral2/files/0x0007000000023410-164.dat	xmrig
behavioral2/files/0x000700000002340d-157.dat	xmrig
behavioral2/files/0x000700000002340c-152.dat	xmrig
behavioral2/files/0x000700000002340b-147.dat	xmrig
behavioral2/files/0x0007000000023409-137.dat	xmrig
behavioral2/files/0x0007000000023408-132.dat	xmrig
behavioral2/files/0x0007000000023407-127.dat	xmrig
behavioral2/files/0x0007000000023406-120.dat	xmrig
behavioral2/files/0x0007000000023405-115.dat	xmrig
behavioral2/files/0x0007000000023403-105.dat	xmrig
behavioral2/files/0x0007000000023401-95.dat	xmrig
behavioral2/files/0x00070000000233ff-85.dat	xmrig
behavioral2/files/0x00070000000233fd-75.dat	xmrig
behavioral2/files/0x00070000000233fc-70.dat	xmrig
behavioral2/files/0x00070000000233fb-65.dat	xmrig
behavioral2/files/0x00070000000233f9-58.dat	xmrig
behavioral2/memory/2800-49-0x00007FF694B40000-0x00007FF694E94000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f6-43.dat	xmrig
behavioral2/files/0x00070000000233f4-37.dat	xmrig
behavioral2/memory/4204-35-0x00007FF6E8470000-0x00007FF6E87C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f7-34.dat	xmrig
behavioral2/memory/3188-26-0x00007FF60B0B0000-0x00007FF60B404000-memory.dmp	xmrig
behavioral2/memory/3992-23-0x00007FF754A70000-0x00007FF754DC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f3-21.dat	xmrig
behavioral2/memory/2596-11-0x00007FF79C6C0000-0x00007FF79CA14000-memory.dmp	xmrig
behavioral2/memory/4956-538-0x00007FF6E6190000-0x00007FF6E64E4000-memory.dmp	xmrig
behavioral2/memory/3424-539-0x00007FF658D60000-0x00007FF6590B4000-memory.dmp	xmrig
behavioral2/memory/4440-540-0x00007FF7A1960000-0x00007FF7A1CB4000-memory.dmp	xmrig
behavioral2/memory/4516-541-0x00007FF616120000-0x00007FF616474000-memory.dmp	xmrig
behavioral2/memory/4004-542-0x00007FF725130000-0x00007FF725484000-memory.dmp	xmrig
behavioral2/memory/2912-543-0x00007FF7ECC20000-0x00007FF7ECF74000-memory.dmp	xmrig
behavioral2/memory/1008-544-0x00007FF613210000-0x00007FF613564000-memory.dmp	xmrig
behavioral2/memory/4288-545-0x00007FF642C10000-0x00007FF642F64000-memory.dmp	xmrig
behavioral2/memory/388-546-0x00007FF6B7480000-0x00007FF6B77D4000-memory.dmp	xmrig
behavioral2/memory/2900-547-0x00007FF7FACA0000-0x00007FF7FAFF4000-memory.dmp	xmrig
behavioral2/memory/1416-548-0x00007FF692190000-0x00007FF6924E4000-memory.dmp	xmrig
behavioral2/memory/2072-549-0x00007FF6834F0000-0x00007FF683844000-memory.dmp	xmrig
behavioral2/memory/1640-551-0x00007FF6A3E60000-0x00007FF6A41B4000-memory.dmp	xmrig
behavioral2/memory/4764-552-0x00007FF72D870000-0x00007FF72DBC4000-memory.dmp	xmrig
behavioral2/memory/4868-553-0x00007FF622EF0000-0x00007FF623244000-memory.dmp	xmrig
behavioral2/memory/1044-554-0x00007FF6A6930000-0x00007FF6A6C84000-memory.dmp	xmrig
behavioral2/memory/2576-563-0x00007FF7176B0000-0x00007FF717A04000-memory.dmp	xmrig
behavioral2/memory/4488-567-0x00007FF7D53A0000-0x00007FF7D56F4000-memory.dmp	xmrig
behavioral2/memory/2832-568-0x00007FF670B60000-0x00007FF670EB4000-memory.dmp	xmrig
behavioral2/memory/3312-572-0x00007FF6865D0000-0x00007FF686924000-memory.dmp	xmrig
behavioral2/memory/2816-574-0x00007FF772AE0000-0x00007FF772E34000-memory.dmp	xmrig
behavioral2/memory/884-569-0x00007FF67CA30000-0x00007FF67CD84000-memory.dmp	xmrig
behavioral2/memory/5112-550-0x00007FF7B4F00000-0x00007FF7B5254000-memory.dmp	xmrig
behavioral2/memory/2596-2097-0x00007FF79C6C0000-0x00007FF79CA14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2596	bDiotyQ.exe
3992	sRajjhs.exe
3188	EtjaiUp.exe
3032	taCMVDk.exe
2800	nZtGEpH.exe
4204	VuvvbiD.exe
4956	RJVmjTA.exe
3312	OoSpqeb.exe
3424	HXIAawm.exe
2816	npFEDsw.exe
4440	PZdJvqE.exe
4516	EWjxHsY.exe
4004	fuZFPeF.exe
2912	ESOkdyY.exe
1008	vTjsgwC.exe
4288	YrTvRqo.exe
388	aKnnIXe.exe
2900	IZqPWHA.exe
1416	fDgAYFs.exe
2072	OWykNtX.exe
5112	DkFXOjT.exe
1640	LduRrxz.exe
4764	bUHrBWd.exe
4868	gbZTCvr.exe
1044	EWRhVbe.exe
2576	eLuEXMT.exe
4488	sLCyaoP.exe
2832	AOJYtqn.exe
884	kthBJdU.exe
3956	loEegDA.exe
3208	eRVdzTc.exe
4372	MVfIKzM.exe
2672	qgtfoUL.exe
232	pOksObp.exe
3336	DFKuTGm.exe
4192	NHLQeyG.exe
3596	bCvtgDX.exe
4512	SqnPsLg.exe
4316	ZmGldiP.exe
1880	cYJToSr.exe
2040	OBQIerF.exe
4968	JzyszCc.exe
1916	AVnVqnn.exe
3744	RAtHvch.exe
2168	WmMDhac.exe
4292	KehgodK.exe
732	tzDvcyy.exe
3632	aMmWueX.exe
116	PPdMXDE.exe
1016	VkzOwMA.exe
4396	wewfhrh.exe
4408	yBIzUPR.exe
3092	iqhgHzT.exe
3924	DyGfhME.exe
4776	UFNeSGm.exe
1996	nUHvbBy.exe
2268	CzEyNeA.exe
3356	lKTcSLn.exe
3420	aTkCknX.exe
2020	IXfPmpP.exe
4980	EyKsGLK.exe
4376	BdVVTPQ.exe
4188	ntgnAPA.exe
3504	owHjkaJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2964-0-0x00007FF653B20000-0x00007FF653E74000-memory.dmp	upx
behavioral2/files/0x00080000000233ee-8.dat	upx
behavioral2/files/0x00070000000233f2-18.dat	upx
behavioral2/files/0x00070000000233f5-29.dat	upx
behavioral2/memory/3032-32-0x00007FF7D5A10000-0x00007FF7D5D64000-memory.dmp	upx
behavioral2/files/0x00070000000233f8-53.dat	upx
behavioral2/files/0x00070000000233fa-60.dat	upx
behavioral2/files/0x00070000000233fe-80.dat	upx
behavioral2/files/0x0007000000023400-90.dat	upx
behavioral2/files/0x0007000000023402-100.dat	upx
behavioral2/files/0x0007000000023404-107.dat	upx
behavioral2/files/0x000700000002340a-142.dat	upx
behavioral2/files/0x000700000002340e-154.dat	upx
behavioral2/files/0x0007000000023411-169.dat	upx
behavioral2/files/0x000700000002340f-167.dat	upx
behavioral2/files/0x0007000000023410-164.dat	upx
behavioral2/files/0x000700000002340d-157.dat	upx
behavioral2/files/0x000700000002340c-152.dat	upx
behavioral2/files/0x000700000002340b-147.dat	upx
behavioral2/files/0x0007000000023409-137.dat	upx
behavioral2/files/0x0007000000023408-132.dat	upx
behavioral2/files/0x0007000000023407-127.dat	upx
behavioral2/files/0x0007000000023406-120.dat	upx
behavioral2/files/0x0007000000023405-115.dat	upx
behavioral2/files/0x0007000000023403-105.dat	upx
behavioral2/files/0x0007000000023401-95.dat	upx
behavioral2/files/0x00070000000233ff-85.dat	upx
behavioral2/files/0x00070000000233fd-75.dat	upx
behavioral2/files/0x00070000000233fc-70.dat	upx
behavioral2/files/0x00070000000233fb-65.dat	upx
behavioral2/files/0x00070000000233f9-58.dat	upx
behavioral2/memory/2800-49-0x00007FF694B40000-0x00007FF694E94000-memory.dmp	upx
behavioral2/files/0x00070000000233f6-43.dat	upx
behavioral2/files/0x00070000000233f4-37.dat	upx
behavioral2/memory/4204-35-0x00007FF6E8470000-0x00007FF6E87C4000-memory.dmp	upx
behavioral2/files/0x00070000000233f7-34.dat	upx
behavioral2/memory/3188-26-0x00007FF60B0B0000-0x00007FF60B404000-memory.dmp	upx
behavioral2/memory/3992-23-0x00007FF754A70000-0x00007FF754DC4000-memory.dmp	upx
behavioral2/files/0x00070000000233f3-21.dat	upx
behavioral2/memory/2596-11-0x00007FF79C6C0000-0x00007FF79CA14000-memory.dmp	upx
behavioral2/memory/4956-538-0x00007FF6E6190000-0x00007FF6E64E4000-memory.dmp	upx
behavioral2/memory/3424-539-0x00007FF658D60000-0x00007FF6590B4000-memory.dmp	upx
behavioral2/memory/4440-540-0x00007FF7A1960000-0x00007FF7A1CB4000-memory.dmp	upx
behavioral2/memory/4516-541-0x00007FF616120000-0x00007FF616474000-memory.dmp	upx
behavioral2/memory/4004-542-0x00007FF725130000-0x00007FF725484000-memory.dmp	upx
behavioral2/memory/2912-543-0x00007FF7ECC20000-0x00007FF7ECF74000-memory.dmp	upx
behavioral2/memory/1008-544-0x00007FF613210000-0x00007FF613564000-memory.dmp	upx
behavioral2/memory/4288-545-0x00007FF642C10000-0x00007FF642F64000-memory.dmp	upx
behavioral2/memory/388-546-0x00007FF6B7480000-0x00007FF6B77D4000-memory.dmp	upx
behavioral2/memory/2900-547-0x00007FF7FACA0000-0x00007FF7FAFF4000-memory.dmp	upx
behavioral2/memory/1416-548-0x00007FF692190000-0x00007FF6924E4000-memory.dmp	upx
behavioral2/memory/2072-549-0x00007FF6834F0000-0x00007FF683844000-memory.dmp	upx
behavioral2/memory/1640-551-0x00007FF6A3E60000-0x00007FF6A41B4000-memory.dmp	upx
behavioral2/memory/4764-552-0x00007FF72D870000-0x00007FF72DBC4000-memory.dmp	upx
behavioral2/memory/4868-553-0x00007FF622EF0000-0x00007FF623244000-memory.dmp	upx
behavioral2/memory/1044-554-0x00007FF6A6930000-0x00007FF6A6C84000-memory.dmp	upx
behavioral2/memory/2576-563-0x00007FF7176B0000-0x00007FF717A04000-memory.dmp	upx
behavioral2/memory/4488-567-0x00007FF7D53A0000-0x00007FF7D56F4000-memory.dmp	upx
behavioral2/memory/2832-568-0x00007FF670B60000-0x00007FF670EB4000-memory.dmp	upx
behavioral2/memory/3312-572-0x00007FF6865D0000-0x00007FF686924000-memory.dmp	upx
behavioral2/memory/2816-574-0x00007FF772AE0000-0x00007FF772E34000-memory.dmp	upx
behavioral2/memory/884-569-0x00007FF67CA30000-0x00007FF67CD84000-memory.dmp	upx
behavioral2/memory/5112-550-0x00007FF7B4F00000-0x00007FF7B5254000-memory.dmp	upx
behavioral2/memory/2596-2097-0x00007FF79C6C0000-0x00007FF79CA14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kxSBEPK.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\SRhoVNX.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\pJeJXED.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\nxRrCjq.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\PltSQcP.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\AUSrFMH.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\DuQuOIE.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\gbZTCvr.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\hPcQTJO.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\AfUFzGR.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\cXFOofP.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\gzdmIGm.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\HERfQNF.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\LduRrxz.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\ctFKqmB.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\mWoccmJ.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\hWnIPfB.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\bprGpUz.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\AjaBIDn.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\kbBTXYb.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\PZdJvqE.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\JIvgEJV.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\pKXLsrh.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\vuoSrqY.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\RJVmjTA.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\LFalTpc.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\pkafBEY.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\EDVdUUA.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\UjuecXK.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\WbLnGrr.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\OPkGapM.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\LvnTFKT.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\oqlWRvr.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\zMrfNkM.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\sRajjhs.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\AVnVqnn.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\ANGGmAw.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\wtXfAgV.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\PCMyjew.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\yKScyzu.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\UraFuxx.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\tcmirRI.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\fuZFPeF.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\waFfCUr.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\girHriv.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\avEvFev.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\VmYrNck.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\BEIVzmi.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\heSySOc.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\MxiPNFe.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\XFyTTHW.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\UhYNSMX.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\NJfZlOy.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\vBUWhax.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\EtjaiUp.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\GyEZocR.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\EdaYlrL.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\KZENSIh.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\bXeshZt.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\UCwkgsr.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\TFMUeJq.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\SbhzRsG.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\BIZkIyY.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
File created	C:\Windows\System\GIjWbif.exe	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14816	dwm.exe
Token: SeChangeNotifyPrivilege	14816	dwm.exe
Token: 33	14816	dwm.exe
Token: SeIncBasePriorityPrivilege	14816	dwm.exe
Token: SeShutdownPrivilege	14816	dwm.exe
Token: SeCreatePagefilePrivilege	14816	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2596	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	84
PID 2964 wrote to memory of 2596	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	84
PID 2964 wrote to memory of 3992	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	85
PID 2964 wrote to memory of 3992	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	85
PID 2964 wrote to memory of 3188	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	86
PID 2964 wrote to memory of 3188	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	86
PID 2964 wrote to memory of 3032	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	87
PID 2964 wrote to memory of 3032	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	87
PID 2964 wrote to memory of 2800	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	88
PID 2964 wrote to memory of 2800	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	88
PID 2964 wrote to memory of 4204	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	89
PID 2964 wrote to memory of 4204	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	89
PID 2964 wrote to memory of 4956	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	90
PID 2964 wrote to memory of 4956	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	90
PID 2964 wrote to memory of 3312	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	91
PID 2964 wrote to memory of 3312	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	91
PID 2964 wrote to memory of 3424	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	92
PID 2964 wrote to memory of 3424	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	92
PID 2964 wrote to memory of 2816	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	93
PID 2964 wrote to memory of 2816	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	93
PID 2964 wrote to memory of 4440	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	94
PID 2964 wrote to memory of 4440	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	94
PID 2964 wrote to memory of 4516	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	95
PID 2964 wrote to memory of 4516	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	95
PID 2964 wrote to memory of 4004	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	96
PID 2964 wrote to memory of 4004	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	96
PID 2964 wrote to memory of 2912	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	97
PID 2964 wrote to memory of 2912	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	97
PID 2964 wrote to memory of 1008	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	98
PID 2964 wrote to memory of 1008	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	98
PID 2964 wrote to memory of 4288	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	99
PID 2964 wrote to memory of 4288	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	99
PID 2964 wrote to memory of 388	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	100
PID 2964 wrote to memory of 388	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	100
PID 2964 wrote to memory of 2900	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	101
PID 2964 wrote to memory of 2900	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	101
PID 2964 wrote to memory of 1416	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	102
PID 2964 wrote to memory of 1416	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	102
PID 2964 wrote to memory of 2072	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	103
PID 2964 wrote to memory of 2072	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	103
PID 2964 wrote to memory of 5112	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	104
PID 2964 wrote to memory of 5112	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	104
PID 2964 wrote to memory of 1640	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	105
PID 2964 wrote to memory of 1640	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	105
PID 2964 wrote to memory of 4764	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	106
PID 2964 wrote to memory of 4764	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	106
PID 2964 wrote to memory of 4868	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	107
PID 2964 wrote to memory of 4868	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	107
PID 2964 wrote to memory of 1044	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	108
PID 2964 wrote to memory of 1044	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	108
PID 2964 wrote to memory of 2576	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	109
PID 2964 wrote to memory of 2576	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	109
PID 2964 wrote to memory of 4488	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	110
PID 2964 wrote to memory of 4488	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	110
PID 2964 wrote to memory of 2832	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	111
PID 2964 wrote to memory of 2832	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	111
PID 2964 wrote to memory of 884	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	112
PID 2964 wrote to memory of 884	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	112
PID 2964 wrote to memory of 3956	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	113
PID 2964 wrote to memory of 3956	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	113
PID 2964 wrote to memory of 3208	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	114
PID 2964 wrote to memory of 3208	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	114
PID 2964 wrote to memory of 4372	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	115
PID 2964 wrote to memory of 4372	2964	7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7588ae37ba0098fd0b9dd4999006e540_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\System\bDiotyQ.exe
  C:\Windows\System\bDiotyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\sRajjhs.exe
  C:\Windows\System\sRajjhs.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\EtjaiUp.exe
  C:\Windows\System\EtjaiUp.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\taCMVDk.exe
  C:\Windows\System\taCMVDk.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\nZtGEpH.exe
  C:\Windows\System\nZtGEpH.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\VuvvbiD.exe
  C:\Windows\System\VuvvbiD.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\RJVmjTA.exe
  C:\Windows\System\RJVmjTA.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\OoSpqeb.exe
  C:\Windows\System\OoSpqeb.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\HXIAawm.exe
  C:\Windows\System\HXIAawm.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\npFEDsw.exe
  C:\Windows\System\npFEDsw.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\PZdJvqE.exe
  C:\Windows\System\PZdJvqE.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\EWjxHsY.exe
  C:\Windows\System\EWjxHsY.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\fuZFPeF.exe
  C:\Windows\System\fuZFPeF.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\ESOkdyY.exe
  C:\Windows\System\ESOkdyY.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\vTjsgwC.exe
  C:\Windows\System\vTjsgwC.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\YrTvRqo.exe
  C:\Windows\System\YrTvRqo.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\aKnnIXe.exe
  C:\Windows\System\aKnnIXe.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\IZqPWHA.exe
  C:\Windows\System\IZqPWHA.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\fDgAYFs.exe
  C:\Windows\System\fDgAYFs.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\OWykNtX.exe
  C:\Windows\System\OWykNtX.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\DkFXOjT.exe
  C:\Windows\System\DkFXOjT.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\LduRrxz.exe
  C:\Windows\System\LduRrxz.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\bUHrBWd.exe
  C:\Windows\System\bUHrBWd.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\gbZTCvr.exe
  C:\Windows\System\gbZTCvr.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\EWRhVbe.exe
  C:\Windows\System\EWRhVbe.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\eLuEXMT.exe
  C:\Windows\System\eLuEXMT.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\sLCyaoP.exe
  C:\Windows\System\sLCyaoP.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\AOJYtqn.exe
  C:\Windows\System\AOJYtqn.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\kthBJdU.exe
  C:\Windows\System\kthBJdU.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\loEegDA.exe
  C:\Windows\System\loEegDA.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\eRVdzTc.exe
  C:\Windows\System\eRVdzTc.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\MVfIKzM.exe
  C:\Windows\System\MVfIKzM.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\qgtfoUL.exe
  C:\Windows\System\qgtfoUL.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\pOksObp.exe
  C:\Windows\System\pOksObp.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\DFKuTGm.exe
  C:\Windows\System\DFKuTGm.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\NHLQeyG.exe
  C:\Windows\System\NHLQeyG.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\bCvtgDX.exe
  C:\Windows\System\bCvtgDX.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\SqnPsLg.exe
  C:\Windows\System\SqnPsLg.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ZmGldiP.exe
  C:\Windows\System\ZmGldiP.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\cYJToSr.exe
  C:\Windows\System\cYJToSr.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\OBQIerF.exe
  C:\Windows\System\OBQIerF.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\JzyszCc.exe
  C:\Windows\System\JzyszCc.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\AVnVqnn.exe
  C:\Windows\System\AVnVqnn.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\RAtHvch.exe
  C:\Windows\System\RAtHvch.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\WmMDhac.exe
  C:\Windows\System\WmMDhac.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\KehgodK.exe
  C:\Windows\System\KehgodK.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\tzDvcyy.exe
  C:\Windows\System\tzDvcyy.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\aMmWueX.exe
  C:\Windows\System\aMmWueX.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\PPdMXDE.exe
  C:\Windows\System\PPdMXDE.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\VkzOwMA.exe
  C:\Windows\System\VkzOwMA.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\wewfhrh.exe
  C:\Windows\System\wewfhrh.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\yBIzUPR.exe
  C:\Windows\System\yBIzUPR.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\iqhgHzT.exe
  C:\Windows\System\iqhgHzT.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\DyGfhME.exe
  C:\Windows\System\DyGfhME.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\UFNeSGm.exe
  C:\Windows\System\UFNeSGm.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\nUHvbBy.exe
  C:\Windows\System\nUHvbBy.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\CzEyNeA.exe
  C:\Windows\System\CzEyNeA.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\lKTcSLn.exe
  C:\Windows\System\lKTcSLn.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\aTkCknX.exe
  C:\Windows\System\aTkCknX.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\IXfPmpP.exe
  C:\Windows\System\IXfPmpP.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\EyKsGLK.exe
  C:\Windows\System\EyKsGLK.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\BdVVTPQ.exe
  C:\Windows\System\BdVVTPQ.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\ntgnAPA.exe
  C:\Windows\System\ntgnAPA.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\owHjkaJ.exe
  C:\Windows\System\owHjkaJ.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\ciQrZqm.exe
  C:\Windows\System\ciQrZqm.exe
  2⤵
  PID:4616
- C:\Windows\System\AvNSxbS.exe
  C:\Windows\System\AvNSxbS.exe
  2⤵
  PID:548
- C:\Windows\System\kldTDLj.exe
  C:\Windows\System\kldTDLj.exe
  2⤵
  PID:864
- C:\Windows\System\XPcqNVw.exe
  C:\Windows\System\XPcqNVw.exe
  2⤵
  PID:4688
- C:\Windows\System\JyNQyHx.exe
  C:\Windows\System\JyNQyHx.exe
  2⤵
  PID:2176
- C:\Windows\System\hPcQTJO.exe
  C:\Windows\System\hPcQTJO.exe
  2⤵
  PID:5024
- C:\Windows\System\WTdCYUR.exe
  C:\Windows\System\WTdCYUR.exe
  2⤵
  PID:3196
- C:\Windows\System\iaqYnus.exe
  C:\Windows\System\iaqYnus.exe
  2⤵
  PID:1816
- C:\Windows\System\kBxCtMg.exe
  C:\Windows\System\kBxCtMg.exe
  2⤵
  PID:2324
- C:\Windows\System\GbXxSfR.exe
  C:\Windows\System\GbXxSfR.exe
  2⤵
  PID:1244
- C:\Windows\System\TsEEamP.exe
  C:\Windows\System\TsEEamP.exe
  2⤵
  PID:4736
- C:\Windows\System\UKWtoaA.exe
  C:\Windows\System\UKWtoaA.exe
  2⤵
  PID:1560
- C:\Windows\System\pJeJXED.exe
  C:\Windows\System\pJeJXED.exe
  2⤵
  PID:3376
- C:\Windows\System\UpNHHox.exe
  C:\Windows\System\UpNHHox.exe
  2⤵
  PID:4620
- C:\Windows\System\TXYyOTY.exe
  C:\Windows\System\TXYyOTY.exe
  2⤵
  PID:4804
- C:\Windows\System\jqmKblM.exe
  C:\Windows\System\jqmKblM.exe
  2⤵
  PID:1784
- C:\Windows\System\hkphsIh.exe
  C:\Windows\System\hkphsIh.exe
  2⤵
  PID:4040
- C:\Windows\System\sZWzUgj.exe
  C:\Windows\System\sZWzUgj.exe
  2⤵
  PID:2280
- C:\Windows\System\tStsbZN.exe
  C:\Windows\System\tStsbZN.exe
  2⤵
  PID:3476
- C:\Windows\System\aoGuvOF.exe
  C:\Windows\System\aoGuvOF.exe
  2⤵
  PID:2756
- C:\Windows\System\lZpWjyF.exe
  C:\Windows\System\lZpWjyF.exe
  2⤵
  PID:3896
- C:\Windows\System\DtgQHMC.exe
  C:\Windows\System\DtgQHMC.exe
  2⤵
  PID:5140
- C:\Windows\System\QpkjncA.exe
  C:\Windows\System\QpkjncA.exe
  2⤵
  PID:5168
- C:\Windows\System\JuezoGd.exe
  C:\Windows\System\JuezoGd.exe
  2⤵
  PID:5196
- C:\Windows\System\JIvgEJV.exe
  C:\Windows\System\JIvgEJV.exe
  2⤵
  PID:5224
- C:\Windows\System\yUerjre.exe
  C:\Windows\System\yUerjre.exe
  2⤵
  PID:5252
- C:\Windows\System\ZQAbiZV.exe
  C:\Windows\System\ZQAbiZV.exe
  2⤵
  PID:5276
- C:\Windows\System\AKVkqKx.exe
  C:\Windows\System\AKVkqKx.exe
  2⤵
  PID:5304
- C:\Windows\System\VZeKcOD.exe
  C:\Windows\System\VZeKcOD.exe
  2⤵
  PID:5336
- C:\Windows\System\pHEsPSi.exe
  C:\Windows\System\pHEsPSi.exe
  2⤵
  PID:5364
- C:\Windows\System\xCXCMXD.exe
  C:\Windows\System\xCXCMXD.exe
  2⤵
  PID:5392
- C:\Windows\System\SJxXzpg.exe
  C:\Windows\System\SJxXzpg.exe
  2⤵
  PID:5420
- C:\Windows\System\XeWyZkt.exe
  C:\Windows\System\XeWyZkt.exe
  2⤵
  PID:5448
- C:\Windows\System\GUvDXJP.exe
  C:\Windows\System\GUvDXJP.exe
  2⤵
  PID:5476
- C:\Windows\System\IZhXmuJ.exe
  C:\Windows\System\IZhXmuJ.exe
  2⤵
  PID:5504
- C:\Windows\System\XIYRswS.exe
  C:\Windows\System\XIYRswS.exe
  2⤵
  PID:5532
- C:\Windows\System\tNybLQo.exe
  C:\Windows\System\tNybLQo.exe
  2⤵
  PID:5560
- C:\Windows\System\TuHbpCz.exe
  C:\Windows\System\TuHbpCz.exe
  2⤵
  PID:5588
- C:\Windows\System\MxiPNFe.exe
  C:\Windows\System\MxiPNFe.exe
  2⤵
  PID:5616
- C:\Windows\System\SeprIPY.exe
  C:\Windows\System\SeprIPY.exe
  2⤵
  PID:5644
- C:\Windows\System\BIZkIyY.exe
  C:\Windows\System\BIZkIyY.exe
  2⤵
  PID:5672
- C:\Windows\System\TQGnygb.exe
  C:\Windows\System\TQGnygb.exe
  2⤵
  PID:5700
- C:\Windows\System\orYOJWe.exe
  C:\Windows\System\orYOJWe.exe
  2⤵
  PID:5728
- C:\Windows\System\XlRsfoz.exe
  C:\Windows\System\XlRsfoz.exe
  2⤵
  PID:5756
- C:\Windows\System\ZNQXfcb.exe
  C:\Windows\System\ZNQXfcb.exe
  2⤵
  PID:5784
- C:\Windows\System\RHFABcZ.exe
  C:\Windows\System\RHFABcZ.exe
  2⤵
  PID:5812
- C:\Windows\System\MtjgUtE.exe
  C:\Windows\System\MtjgUtE.exe
  2⤵
  PID:5840
- C:\Windows\System\IRfHwAq.exe
  C:\Windows\System\IRfHwAq.exe
  2⤵
  PID:5868
- C:\Windows\System\zUCiRkL.exe
  C:\Windows\System\zUCiRkL.exe
  2⤵
  PID:5896
- C:\Windows\System\TDDulmE.exe
  C:\Windows\System\TDDulmE.exe
  2⤵
  PID:5924
- C:\Windows\System\jVFIuoI.exe
  C:\Windows\System\jVFIuoI.exe
  2⤵
  PID:5952
- C:\Windows\System\pOLRDwL.exe
  C:\Windows\System\pOLRDwL.exe
  2⤵
  PID:5980
- C:\Windows\System\fQbBwiV.exe
  C:\Windows\System\fQbBwiV.exe
  2⤵
  PID:6008
- C:\Windows\System\LpnqOLT.exe
  C:\Windows\System\LpnqOLT.exe
  2⤵
  PID:6036
- C:\Windows\System\oozsLPz.exe
  C:\Windows\System\oozsLPz.exe
  2⤵
  PID:6064
- C:\Windows\System\RbYALKN.exe
  C:\Windows\System\RbYALKN.exe
  2⤵
  PID:6092
- C:\Windows\System\ilPegrN.exe
  C:\Windows\System\ilPegrN.exe
  2⤵
  PID:6120
- C:\Windows\System\kowSeFh.exe
  C:\Windows\System\kowSeFh.exe
  2⤵
  PID:4072
- C:\Windows\System\TnolASX.exe
  C:\Windows\System\TnolASX.exe
  2⤵
  PID:2440
- C:\Windows\System\bPDRaHj.exe
  C:\Windows\System\bPDRaHj.exe
  2⤵
  PID:4828
- C:\Windows\System\vbMuspa.exe
  C:\Windows\System\vbMuspa.exe
  2⤵
  PID:5124
- C:\Windows\System\nmytJBo.exe
  C:\Windows\System\nmytJBo.exe
  2⤵
  PID:5184
- C:\Windows\System\RltKnjT.exe
  C:\Windows\System\RltKnjT.exe
  2⤵
  PID:5244
- C:\Windows\System\FRDhZmI.exe
  C:\Windows\System\FRDhZmI.exe
  2⤵
  PID:5320
- C:\Windows\System\xTPesjn.exe
  C:\Windows\System\xTPesjn.exe
  2⤵
  PID:5380
- C:\Windows\System\LWANsGV.exe
  C:\Windows\System\LWANsGV.exe
  2⤵
  PID:5440
- C:\Windows\System\DFQoMfD.exe
  C:\Windows\System\DFQoMfD.exe
  2⤵
  PID:5516
- C:\Windows\System\qKMiQnP.exe
  C:\Windows\System\qKMiQnP.exe
  2⤵
  PID:5576
- C:\Windows\System\HmZkdTp.exe
  C:\Windows\System\HmZkdTp.exe
  2⤵
  PID:5632
- C:\Windows\System\vvKTKPg.exe
  C:\Windows\System\vvKTKPg.exe
  2⤵
  PID:5712
- C:\Windows\System\fTqGMhO.exe
  C:\Windows\System\fTqGMhO.exe
  2⤵
  PID:5768
- C:\Windows\System\KMeslgD.exe
  C:\Windows\System\KMeslgD.exe
  2⤵
  PID:5828
- C:\Windows\System\xVDUPhp.exe
  C:\Windows\System\xVDUPhp.exe
  2⤵
  PID:5888
- C:\Windows\System\waFfCUr.exe
  C:\Windows\System\waFfCUr.exe
  2⤵
  PID:5964
- C:\Windows\System\KIvMOYE.exe
  C:\Windows\System\KIvMOYE.exe
  2⤵
  PID:6020
- C:\Windows\System\wQqRDkg.exe
  C:\Windows\System\wQqRDkg.exe
  2⤵
  PID:6056
- C:\Windows\System\FhONnXT.exe
  C:\Windows\System\FhONnXT.exe
  2⤵
  PID:3360
- C:\Windows\System\JvFMXCB.exe
  C:\Windows\System\JvFMXCB.exe
  2⤵
  PID:4948
- C:\Windows\System\OQXWWmG.exe
  C:\Windows\System\OQXWWmG.exe
  2⤵
  PID:1632
- C:\Windows\System\wiFmFiN.exe
  C:\Windows\System\wiFmFiN.exe
  2⤵
  PID:1516
- C:\Windows\System\OPkGapM.exe
  C:\Windows\System\OPkGapM.exe
  2⤵
  PID:5348
- C:\Windows\System\zgFYHLn.exe
  C:\Windows\System\zgFYHLn.exe
  2⤵
  PID:5488
- C:\Windows\System\htSNqLZ.exe
  C:\Windows\System\htSNqLZ.exe
  2⤵
  PID:2384
- C:\Windows\System\JkkAUXT.exe
  C:\Windows\System\JkkAUXT.exe
  2⤵
  PID:5744
- C:\Windows\System\NhiqGVK.exe
  C:\Windows\System\NhiqGVK.exe
  2⤵
  PID:5880
- C:\Windows\System\nUDHaQd.exe
  C:\Windows\System\nUDHaQd.exe
  2⤵
  PID:5992
- C:\Windows\System\Ctnrjvr.exe
  C:\Windows\System\Ctnrjvr.exe
  2⤵
  PID:2696
- C:\Windows\System\oNjURsJ.exe
  C:\Windows\System\oNjURsJ.exe
  2⤵
  PID:6140
- C:\Windows\System\LImpmAg.exe
  C:\Windows\System\LImpmAg.exe
  2⤵
  PID:5156
- C:\Windows\System\MMCLjJT.exe
  C:\Windows\System\MMCLjJT.exe
  2⤵
  PID:3364
- C:\Windows\System\kGYlnXk.exe
  C:\Windows\System\kGYlnXk.exe
  2⤵
  PID:5552
- C:\Windows\System\NzOkuCj.exe
  C:\Windows\System\NzOkuCj.exe
  2⤵
  PID:5860
- C:\Windows\System\pqTsRhE.exe
  C:\Windows\System\pqTsRhE.exe
  2⤵
  PID:6028
- C:\Windows\System\awWikaQ.exe
  C:\Windows\System\awWikaQ.exe
  2⤵
  PID:5660
- C:\Windows\System\cKmFwDG.exe
  C:\Windows\System\cKmFwDG.exe
  2⤵
  PID:3988
- C:\Windows\System\adIPIVa.exe
  C:\Windows\System\adIPIVa.exe
  2⤵
  PID:1260
- C:\Windows\System\NmAABNC.exe
  C:\Windows\System\NmAABNC.exe
  2⤵
  PID:1576
- C:\Windows\System\DjVvsqL.exe
  C:\Windows\System\DjVvsqL.exe
  2⤵
  PID:4680
- C:\Windows\System\YpTyFgu.exe
  C:\Windows\System\YpTyFgu.exe
  2⤵
  PID:1480
- C:\Windows\System\CuPNIet.exe
  C:\Windows\System\CuPNIet.exe
  2⤵
  PID:808
- C:\Windows\System\mLElGHa.exe
  C:\Windows\System\mLElGHa.exe
  2⤵
  PID:6148
- C:\Windows\System\ltFGGkx.exe
  C:\Windows\System\ltFGGkx.exe
  2⤵
  PID:6176
- C:\Windows\System\YCtYJUc.exe
  C:\Windows\System\YCtYJUc.exe
  2⤵
  PID:6200
- C:\Windows\System\uUpTEGc.exe
  C:\Windows\System\uUpTEGc.exe
  2⤵
  PID:6228
- C:\Windows\System\lJJPlFK.exe
  C:\Windows\System\lJJPlFK.exe
  2⤵
  PID:6304
- C:\Windows\System\AodwmgE.exe
  C:\Windows\System\AodwmgE.exe
  2⤵
  PID:6340
- C:\Windows\System\GpFwxPN.exe
  C:\Windows\System\GpFwxPN.exe
  2⤵
  PID:6368
- C:\Windows\System\KIJZBrY.exe
  C:\Windows\System\KIJZBrY.exe
  2⤵
  PID:6384
- C:\Windows\System\XtwIqhr.exe
  C:\Windows\System\XtwIqhr.exe
  2⤵
  PID:6404
- C:\Windows\System\ItmLFMf.exe
  C:\Windows\System\ItmLFMf.exe
  2⤵
  PID:6444
- C:\Windows\System\giIsZIi.exe
  C:\Windows\System\giIsZIi.exe
  2⤵
  PID:6468
- C:\Windows\System\trASGMq.exe
  C:\Windows\System\trASGMq.exe
  2⤵
  PID:6516
- C:\Windows\System\EfkTcRq.exe
  C:\Windows\System\EfkTcRq.exe
  2⤵
  PID:6540
- C:\Windows\System\DnOoGmR.exe
  C:\Windows\System\DnOoGmR.exe
  2⤵
  PID:6560
- C:\Windows\System\poCBfLw.exe
  C:\Windows\System\poCBfLw.exe
  2⤵
  PID:6588
- C:\Windows\System\CJTepVl.exe
  C:\Windows\System\CJTepVl.exe
  2⤵
  PID:6620
- C:\Windows\System\uLRovHM.exe
  C:\Windows\System\uLRovHM.exe
  2⤵
  PID:6660
- C:\Windows\System\UeVXafi.exe
  C:\Windows\System\UeVXafi.exe
  2⤵
  PID:6692
- C:\Windows\System\HRzMfoD.exe
  C:\Windows\System\HRzMfoD.exe
  2⤵
  PID:6720
- C:\Windows\System\NqdFHFK.exe
  C:\Windows\System\NqdFHFK.exe
  2⤵
  PID:6748
- C:\Windows\System\WSMxVgq.exe
  C:\Windows\System\WSMxVgq.exe
  2⤵
  PID:6780
- C:\Windows\System\CjCcTiF.exe
  C:\Windows\System\CjCcTiF.exe
  2⤵
  PID:6808
- C:\Windows\System\dnWedPa.exe
  C:\Windows\System\dnWedPa.exe
  2⤵
  PID:6836
- C:\Windows\System\KNFVSlj.exe
  C:\Windows\System\KNFVSlj.exe
  2⤵
  PID:6864
- C:\Windows\System\sjMdXWw.exe
  C:\Windows\System\sjMdXWw.exe
  2⤵
  PID:6884
- C:\Windows\System\CIFUdGk.exe
  C:\Windows\System\CIFUdGk.exe
  2⤵
  PID:6904
- C:\Windows\System\MIalRHt.exe
  C:\Windows\System\MIalRHt.exe
  2⤵
  PID:6936
- C:\Windows\System\QXToOlo.exe
  C:\Windows\System\QXToOlo.exe
  2⤵
  PID:6976
- C:\Windows\System\GCgkhTF.exe
  C:\Windows\System\GCgkhTF.exe
  2⤵
  PID:6996
- C:\Windows\System\VIuSjAR.exe
  C:\Windows\System\VIuSjAR.exe
  2⤵
  PID:7016
- C:\Windows\System\YhCzeWN.exe
  C:\Windows\System\YhCzeWN.exe
  2⤵
  PID:7060
- C:\Windows\System\hspyiem.exe
  C:\Windows\System\hspyiem.exe
  2⤵
  PID:7084
- C:\Windows\System\mTphBIP.exe
  C:\Windows\System\mTphBIP.exe
  2⤵
  PID:7104
- C:\Windows\System\hJjicGZ.exe
  C:\Windows\System\hJjicGZ.exe
  2⤵
  PID:7120
- C:\Windows\System\lqaATZO.exe
  C:\Windows\System\lqaATZO.exe
  2⤵
  PID:7156
- C:\Windows\System\TmKJXZz.exe
  C:\Windows\System\TmKJXZz.exe
  2⤵
  PID:6168
- C:\Windows\System\MHHZKVF.exe
  C:\Windows\System\MHHZKVF.exe
  2⤵
  PID:6220
- C:\Windows\System\AsKCOjn.exe
  C:\Windows\System\AsKCOjn.exe
  2⤵
  PID:5412
- C:\Windows\System\kkuEGcK.exe
  C:\Windows\System\kkuEGcK.exe
  2⤵
  PID:1928
- C:\Windows\System\xsgDReL.exe
  C:\Windows\System\xsgDReL.exe
  2⤵
  PID:6324
- C:\Windows\System\YglbIBk.exe
  C:\Windows\System\YglbIBk.exe
  2⤵
  PID:6392
- C:\Windows\System\CifJaQd.exe
  C:\Windows\System\CifJaQd.exe
  2⤵
  PID:6452
- C:\Windows\System\LPPKhZX.exe
  C:\Windows\System\LPPKhZX.exe
  2⤵
  PID:6548
- C:\Windows\System\sybbgyM.exe
  C:\Windows\System\sybbgyM.exe
  2⤵
  PID:6604
- C:\Windows\System\XFyTTHW.exe
  C:\Windows\System\XFyTTHW.exe
  2⤵
  PID:6652
- C:\Windows\System\QbBKSlh.exe
  C:\Windows\System\QbBKSlh.exe
  2⤵
  PID:6712
- C:\Windows\System\hJHPaoG.exe
  C:\Windows\System\hJHPaoG.exe
  2⤵
  PID:6768
- C:\Windows\System\GyEZocR.exe
  C:\Windows\System\GyEZocR.exe
  2⤵
  PID:6872
- C:\Windows\System\TmdTYtf.exe
  C:\Windows\System\TmdTYtf.exe
  2⤵
  PID:6916
- C:\Windows\System\wgIQPYo.exe
  C:\Windows\System\wgIQPYo.exe
  2⤵
  PID:6988
- C:\Windows\System\AfUFzGR.exe
  C:\Windows\System\AfUFzGR.exe
  2⤵
  PID:7044
- C:\Windows\System\VwHvsMn.exe
  C:\Windows\System\VwHvsMn.exe
  2⤵
  PID:7144
- C:\Windows\System\NFIGWOH.exe
  C:\Windows\System\NFIGWOH.exe
  2⤵
  PID:4464
- C:\Windows\System\dFdxRdC.exe
  C:\Windows\System\dFdxRdC.exe
  2⤵
  PID:1168
- C:\Windows\System\uQRUMTx.exe
  C:\Windows\System\uQRUMTx.exe
  2⤵
  PID:6424
- C:\Windows\System\OapqBKU.exe
  C:\Windows\System\OapqBKU.exe
  2⤵
  PID:6512
- C:\Windows\System\MfTvOmf.exe
  C:\Windows\System\MfTvOmf.exe
  2⤵
  PID:6704
- C:\Windows\System\LgSeQOq.exe
  C:\Windows\System\LgSeQOq.exe
  2⤵
  PID:6800
- C:\Windows\System\vAOcDfk.exe
  C:\Windows\System\vAOcDfk.exe
  2⤵
  PID:6920
- C:\Windows\System\cIuECTa.exe
  C:\Windows\System\cIuECTa.exe
  2⤵
  PID:6164
- C:\Windows\System\XYQBYhf.exe
  C:\Windows\System\XYQBYhf.exe
  2⤵
  PID:6376
- C:\Windows\System\CxHVpxE.exe
  C:\Windows\System\CxHVpxE.exe
  2⤵
  PID:6580
- C:\Windows\System\TtIxuQk.exe
  C:\Windows\System\TtIxuQk.exe
  2⤵
  PID:2948
- C:\Windows\System\STTBrlL.exe
  C:\Windows\System\STTBrlL.exe
  2⤵
  PID:6708
- C:\Windows\System\FeWZqbO.exe
  C:\Windows\System\FeWZqbO.exe
  2⤵
  PID:7192
- C:\Windows\System\TuYQZjm.exe
  C:\Windows\System\TuYQZjm.exe
  2⤵
  PID:7220
- C:\Windows\System\YeJZaee.exe
  C:\Windows\System\YeJZaee.exe
  2⤵
  PID:7248
- C:\Windows\System\tqIRAYx.exe
  C:\Windows\System\tqIRAYx.exe
  2⤵
  PID:7272
- C:\Windows\System\lgVNkfl.exe
  C:\Windows\System\lgVNkfl.exe
  2⤵
  PID:7292
- C:\Windows\System\olBJCeX.exe
  C:\Windows\System\olBJCeX.exe
  2⤵
  PID:7324
- C:\Windows\System\PLtUhOD.exe
  C:\Windows\System\PLtUhOD.exe
  2⤵
  PID:7360
- C:\Windows\System\WBciKsW.exe
  C:\Windows\System\WBciKsW.exe
  2⤵
  PID:7388
- C:\Windows\System\rYTPdQV.exe
  C:\Windows\System\rYTPdQV.exe
  2⤵
  PID:7416
- C:\Windows\System\fmRGjsY.exe
  C:\Windows\System\fmRGjsY.exe
  2⤵
  PID:7432
- C:\Windows\System\ZQQYuDH.exe
  C:\Windows\System\ZQQYuDH.exe
  2⤵
  PID:7472
- C:\Windows\System\gdkZpfk.exe
  C:\Windows\System\gdkZpfk.exe
  2⤵
  PID:7488
- C:\Windows\System\xjsvHbk.exe
  C:\Windows\System\xjsvHbk.exe
  2⤵
  PID:7528
- C:\Windows\System\KepirYU.exe
  C:\Windows\System\KepirYU.exe
  2⤵
  PID:7556
- C:\Windows\System\NnGoShO.exe
  C:\Windows\System\NnGoShO.exe
  2⤵
  PID:7584
- C:\Windows\System\GKerCSr.exe
  C:\Windows\System\GKerCSr.exe
  2⤵
  PID:7608
- C:\Windows\System\gGDEmGQ.exe
  C:\Windows\System\gGDEmGQ.exe
  2⤵
  PID:7672
- C:\Windows\System\dloIBPA.exe
  C:\Windows\System\dloIBPA.exe
  2⤵
  PID:7688
- C:\Windows\System\YIlYeVL.exe
  C:\Windows\System\YIlYeVL.exe
  2⤵
  PID:7716
- C:\Windows\System\QdhooWo.exe
  C:\Windows\System\QdhooWo.exe
  2⤵
  PID:7732
- C:\Windows\System\yZqjJYW.exe
  C:\Windows\System\yZqjJYW.exe
  2⤵
  PID:7776
- C:\Windows\System\KibchdC.exe
  C:\Windows\System\KibchdC.exe
  2⤵
  PID:7792
- C:\Windows\System\TnEzTbR.exe
  C:\Windows\System\TnEzTbR.exe
  2⤵
  PID:7832
- C:\Windows\System\GqZZHne.exe
  C:\Windows\System\GqZZHne.exe
  2⤵
  PID:7856
- C:\Windows\System\UEEQiwI.exe
  C:\Windows\System\UEEQiwI.exe
  2⤵
  PID:7888
- C:\Windows\System\uwtCNoY.exe
  C:\Windows\System\uwtCNoY.exe
  2⤵
  PID:7908
- C:\Windows\System\EdaYlrL.exe
  C:\Windows\System\EdaYlrL.exe
  2⤵
  PID:7940
- C:\Windows\System\GNbTQqH.exe
  C:\Windows\System\GNbTQqH.exe
  2⤵
  PID:7960
- C:\Windows\System\hXzMJQi.exe
  C:\Windows\System\hXzMJQi.exe
  2⤵
  PID:8000
- C:\Windows\System\hSIcXcD.exe
  C:\Windows\System\hSIcXcD.exe
  2⤵
  PID:8028
- C:\Windows\System\UGPzQro.exe
  C:\Windows\System\UGPzQro.exe
  2⤵
  PID:8056
- C:\Windows\System\FvoJzMw.exe
  C:\Windows\System\FvoJzMw.exe
  2⤵
  PID:8072
- C:\Windows\System\VUNHtMS.exe
  C:\Windows\System\VUNHtMS.exe
  2⤵
  PID:8112
- C:\Windows\System\TglAskn.exe
  C:\Windows\System\TglAskn.exe
  2⤵
  PID:8140
- C:\Windows\System\caniYOq.exe
  C:\Windows\System\caniYOq.exe
  2⤵
  PID:8168
- C:\Windows\System\UQhXGjZ.exe
  C:\Windows\System\UQhXGjZ.exe
  2⤵
  PID:7092
- C:\Windows\System\ywAptaZ.exe
  C:\Windows\System\ywAptaZ.exe
  2⤵
  PID:7204
- C:\Windows\System\TnUifNp.exe
  C:\Windows\System\TnUifNp.exe
  2⤵
  PID:7264
- C:\Windows\System\EAoiTyK.exe
  C:\Windows\System\EAoiTyK.exe
  2⤵
  PID:7348
- C:\Windows\System\byTddgz.exe
  C:\Windows\System\byTddgz.exe
  2⤵
  PID:7428
- C:\Windows\System\tUEWahD.exe
  C:\Windows\System\tUEWahD.exe
  2⤵
  PID:7460
- C:\Windows\System\MMDFcut.exe
  C:\Windows\System\MMDFcut.exe
  2⤵
  PID:7540
- C:\Windows\System\QhtBrQE.exe
  C:\Windows\System\QhtBrQE.exe
  2⤵
  PID:7600
- C:\Windows\System\zptRfvV.exe
  C:\Windows\System\zptRfvV.exe
  2⤵
  PID:7700
- C:\Windows\System\UFlirsI.exe
  C:\Windows\System\UFlirsI.exe
  2⤵
  PID:7752
- C:\Windows\System\EXvNmgJ.exe
  C:\Windows\System\EXvNmgJ.exe
  2⤵
  PID:7848
- C:\Windows\System\CUUrzfI.exe
  C:\Windows\System\CUUrzfI.exe
  2⤵
  PID:7932
- C:\Windows\System\vedIuqC.exe
  C:\Windows\System\vedIuqC.exe
  2⤵
  PID:7980
- C:\Windows\System\cXFOofP.exe
  C:\Windows\System\cXFOofP.exe
  2⤵
  PID:8048
- C:\Windows\System\eqSBTTW.exe
  C:\Windows\System\eqSBTTW.exe
  2⤵
  PID:8064
- C:\Windows\System\nHKvFti.exe
  C:\Windows\System\nHKvFti.exe
  2⤵
  PID:8136
- C:\Windows\System\ZDbWDmC.exe
  C:\Windows\System\ZDbWDmC.exe
  2⤵
  PID:7188
- C:\Windows\System\IpzSmFF.exe
  C:\Windows\System\IpzSmFF.exe
  2⤵
  PID:7356
- C:\Windows\System\dKEfPKi.exe
  C:\Windows\System\dKEfPKi.exe
  2⤵
  PID:7512
- C:\Windows\System\XOhYumL.exe
  C:\Windows\System\XOhYumL.exe
  2⤵
  PID:7684
- C:\Windows\System\AkyrGmR.exe
  C:\Windows\System\AkyrGmR.exe
  2⤵
  PID:7884
- C:\Windows\System\xfvTsSz.exe
  C:\Windows\System\xfvTsSz.exe
  2⤵
  PID:7952
- C:\Windows\System\xVvWLiQ.exe
  C:\Windows\System\xVvWLiQ.exe
  2⤵
  PID:8156
- C:\Windows\System\bcRVhri.exe
  C:\Windows\System\bcRVhri.exe
  2⤵
  PID:7524
- C:\Windows\System\WEkmFTj.exe
  C:\Windows\System\WEkmFTj.exe
  2⤵
  PID:7812
- C:\Windows\System\JwlZJeU.exe
  C:\Windows\System\JwlZJeU.exe
  2⤵
  PID:8044
- C:\Windows\System\fchfYNT.exe
  C:\Windows\System\fchfYNT.exe
  2⤵
  PID:7640
- C:\Windows\System\EmuaGWk.exe
  C:\Windows\System\EmuaGWk.exe
  2⤵
  PID:8160
- C:\Windows\System\SZYsZPt.exe
  C:\Windows\System\SZYsZPt.exe
  2⤵
  PID:8220
- C:\Windows\System\DxfNeuY.exe
  C:\Windows\System\DxfNeuY.exe
  2⤵
  PID:8252
- C:\Windows\System\WRxlqSn.exe
  C:\Windows\System\WRxlqSn.exe
  2⤵
  PID:8268
- C:\Windows\System\Rjnczlw.exe
  C:\Windows\System\Rjnczlw.exe
  2⤵
  PID:8284
- C:\Windows\System\jIDLqYE.exe
  C:\Windows\System\jIDLqYE.exe
  2⤵
  PID:8312
- C:\Windows\System\KOsviyP.exe
  C:\Windows\System\KOsviyP.exe
  2⤵
  PID:8328
- C:\Windows\System\qefgTrX.exe
  C:\Windows\System\qefgTrX.exe
  2⤵
  PID:8380
- C:\Windows\System\KRxAqfq.exe
  C:\Windows\System\KRxAqfq.exe
  2⤵
  PID:8412
- C:\Windows\System\uwkpCwG.exe
  C:\Windows\System\uwkpCwG.exe
  2⤵
  PID:8432
- C:\Windows\System\mQOGdJJ.exe
  C:\Windows\System\mQOGdJJ.exe
  2⤵
  PID:8476
- C:\Windows\System\TBSPVUS.exe
  C:\Windows\System\TBSPVUS.exe
  2⤵
  PID:8504
- C:\Windows\System\ipUmFCI.exe
  C:\Windows\System\ipUmFCI.exe
  2⤵
  PID:8520
- C:\Windows\System\qTXOxvY.exe
  C:\Windows\System\qTXOxvY.exe
  2⤵
  PID:8560
- C:\Windows\System\rCKSAMd.exe
  C:\Windows\System\rCKSAMd.exe
  2⤵
  PID:8576
- C:\Windows\System\DuQuOIE.exe
  C:\Windows\System\DuQuOIE.exe
  2⤵
  PID:8616
- C:\Windows\System\cXrIxFN.exe
  C:\Windows\System\cXrIxFN.exe
  2⤵
  PID:8632
- C:\Windows\System\ANGGmAw.exe
  C:\Windows\System\ANGGmAw.exe
  2⤵
  PID:8660
- C:\Windows\System\UhYNSMX.exe
  C:\Windows\System\UhYNSMX.exe
  2⤵
  PID:8700
- C:\Windows\System\rHVIOeS.exe
  C:\Windows\System\rHVIOeS.exe
  2⤵
  PID:8716
- C:\Windows\System\VVwUXCi.exe
  C:\Windows\System\VVwUXCi.exe
  2⤵
  PID:8732
- C:\Windows\System\RxdwlFI.exe
  C:\Windows\System\RxdwlFI.exe
  2⤵
  PID:8768
- C:\Windows\System\LCqlgJy.exe
  C:\Windows\System\LCqlgJy.exe
  2⤵
  PID:8800
- C:\Windows\System\hxchbyl.exe
  C:\Windows\System\hxchbyl.exe
  2⤵
  PID:8832
- C:\Windows\System\XfKmplr.exe
  C:\Windows\System\XfKmplr.exe
  2⤵
  PID:8860
- C:\Windows\System\OJjQIVJ.exe
  C:\Windows\System\OJjQIVJ.exe
  2⤵
  PID:8900
- C:\Windows\System\KZENSIh.exe
  C:\Windows\System\KZENSIh.exe
  2⤵
  PID:8928
- C:\Windows\System\WbLnGrr.exe
  C:\Windows\System\WbLnGrr.exe
  2⤵
  PID:8944
- C:\Windows\System\BFzljrd.exe
  C:\Windows\System\BFzljrd.exe
  2⤵
  PID:8984
- C:\Windows\System\zHnMTtP.exe
  C:\Windows\System\zHnMTtP.exe
  2⤵
  PID:9012
- C:\Windows\System\oXXIUAm.exe
  C:\Windows\System\oXXIUAm.exe
  2⤵
  PID:9040
- C:\Windows\System\sNijXuP.exe
  C:\Windows\System\sNijXuP.exe
  2⤵
  PID:9068
- C:\Windows\System\zmwQbfp.exe
  C:\Windows\System\zmwQbfp.exe
  2⤵
  PID:9096
- C:\Windows\System\itgHGuO.exe
  C:\Windows\System\itgHGuO.exe
  2⤵
  PID:9120
- C:\Windows\System\CScOmGa.exe
  C:\Windows\System\CScOmGa.exe
  2⤵
  PID:9140
- C:\Windows\System\OaolTTQ.exe
  C:\Windows\System\OaolTTQ.exe
  2⤵
  PID:9160
- C:\Windows\System\nBtnwHB.exe
  C:\Windows\System\nBtnwHB.exe
  2⤵
  PID:9208
- C:\Windows\System\LuUOeQI.exe
  C:\Windows\System\LuUOeQI.exe
  2⤵
  PID:8204
- C:\Windows\System\WqvQivN.exe
  C:\Windows\System\WqvQivN.exe
  2⤵
  PID:8296
- C:\Windows\System\cGYUcYE.exe
  C:\Windows\System\cGYUcYE.exe
  2⤵
  PID:8300
- C:\Windows\System\zQGtoas.exe
  C:\Windows\System\zQGtoas.exe
  2⤵
  PID:8404
- C:\Windows\System\SeQGAKd.exe
  C:\Windows\System\SeQGAKd.exe
  2⤵
  PID:8424
- C:\Windows\System\SAXaAPY.exe
  C:\Windows\System\SAXaAPY.exe
  2⤵
  PID:8572
- C:\Windows\System\KkNgdEg.exe
  C:\Windows\System\KkNgdEg.exe
  2⤵
  PID:8628
- C:\Windows\System\ZMdfknJ.exe
  C:\Windows\System\ZMdfknJ.exe
  2⤵
  PID:8680
- C:\Windows\System\chGIjTo.exe
  C:\Windows\System\chGIjTo.exe
  2⤵
  PID:8760
- C:\Windows\System\yLBBdmd.exe
  C:\Windows\System\yLBBdmd.exe
  2⤵
  PID:8812
- C:\Windows\System\KvilTRm.exe
  C:\Windows\System\KvilTRm.exe
  2⤵
  PID:8872
- C:\Windows\System\zjkLMLp.exe
  C:\Windows\System\zjkLMLp.exe
  2⤵
  PID:8936
- C:\Windows\System\ZAQDmDj.exe
  C:\Windows\System\ZAQDmDj.exe
  2⤵
  PID:9004
- C:\Windows\System\UAwxAkA.exe
  C:\Windows\System\UAwxAkA.exe
  2⤵
  PID:9092
- C:\Windows\System\sPWUyPI.exe
  C:\Windows\System\sPWUyPI.exe
  2⤵
  PID:9180
- C:\Windows\System\edqjdsI.exe
  C:\Windows\System\edqjdsI.exe
  2⤵
  PID:8196
- C:\Windows\System\girHriv.exe
  C:\Windows\System\girHriv.exe
  2⤵
  PID:8356
- C:\Windows\System\MvHFwoS.exe
  C:\Windows\System\MvHFwoS.exe
  2⤵
  PID:8540
- C:\Windows\System\LvnTFKT.exe
  C:\Windows\System\LvnTFKT.exe
  2⤵
  PID:8624
- C:\Windows\System\vRFlJrs.exe
  C:\Windows\System\vRFlJrs.exe
  2⤵
  PID:8788
- C:\Windows\System\nEccdKm.exe
  C:\Windows\System\nEccdKm.exe
  2⤵
  PID:8976
- C:\Windows\System\dQHlmbZ.exe
  C:\Windows\System\dQHlmbZ.exe
  2⤵
  PID:9116
- C:\Windows\System\glCdkuZ.exe
  C:\Windows\System\glCdkuZ.exe
  2⤵
  PID:8276
- C:\Windows\System\oqlWRvr.exe
  C:\Windows\System\oqlWRvr.exe
  2⤵
  PID:8844
- C:\Windows\System\dgtakxW.exe
  C:\Windows\System\dgtakxW.exe
  2⤵
  PID:9080
- C:\Windows\System\hLAFRLQ.exe
  C:\Windows\System\hLAFRLQ.exe
  2⤵
  PID:8764
- C:\Windows\System\wvKPSEI.exe
  C:\Windows\System\wvKPSEI.exe
  2⤵
  PID:9244
- C:\Windows\System\AyzvEmO.exe
  C:\Windows\System\AyzvEmO.exe
  2⤵
  PID:9280
- C:\Windows\System\rOThRiz.exe
  C:\Windows\System\rOThRiz.exe
  2⤵
  PID:9320
- C:\Windows\System\LhMfAvQ.exe
  C:\Windows\System\LhMfAvQ.exe
  2⤵
  PID:9364
- C:\Windows\System\VGDCrZU.exe
  C:\Windows\System\VGDCrZU.exe
  2⤵
  PID:9392
- C:\Windows\System\KjmKaoh.exe
  C:\Windows\System\KjmKaoh.exe
  2⤵
  PID:9436
- C:\Windows\System\XKGLkVQ.exe
  C:\Windows\System\XKGLkVQ.exe
  2⤵
  PID:9472
- C:\Windows\System\IBXcqlU.exe
  C:\Windows\System\IBXcqlU.exe
  2⤵
  PID:9508
- C:\Windows\System\bXeshZt.exe
  C:\Windows\System\bXeshZt.exe
  2⤵
  PID:9536
- C:\Windows\System\gzdmIGm.exe
  C:\Windows\System\gzdmIGm.exe
  2⤵
  PID:9568
- C:\Windows\System\bxqDgAb.exe
  C:\Windows\System\bxqDgAb.exe
  2⤵
  PID:9596
- C:\Windows\System\QgkXmQj.exe
  C:\Windows\System\QgkXmQj.exe
  2⤵
  PID:9628
- C:\Windows\System\UCwkgsr.exe
  C:\Windows\System\UCwkgsr.exe
  2⤵
  PID:9660
- C:\Windows\System\YsKQrGc.exe
  C:\Windows\System\YsKQrGc.exe
  2⤵
  PID:9696
- C:\Windows\System\KhabxSp.exe
  C:\Windows\System\KhabxSp.exe
  2⤵
  PID:9724
- C:\Windows\System\mzaYvmD.exe
  C:\Windows\System\mzaYvmD.exe
  2⤵
  PID:9752
- C:\Windows\System\Lxarxrm.exe
  C:\Windows\System\Lxarxrm.exe
  2⤵
  PID:9780
- C:\Windows\System\iSaJoye.exe
  C:\Windows\System\iSaJoye.exe
  2⤵
  PID:9808
- C:\Windows\System\CikdwFE.exe
  C:\Windows\System\CikdwFE.exe
  2⤵
  PID:9836
- C:\Windows\System\nxRrCjq.exe
  C:\Windows\System\nxRrCjq.exe
  2⤵
  PID:9864
- C:\Windows\System\KyksqSI.exe
  C:\Windows\System\KyksqSI.exe
  2⤵
  PID:9884
- C:\Windows\System\DMVOzfa.exe
  C:\Windows\System\DMVOzfa.exe
  2⤵
  PID:9916
- C:\Windows\System\lgghTKO.exe
  C:\Windows\System\lgghTKO.exe
  2⤵
  PID:9948
- C:\Windows\System\NJfZlOy.exe
  C:\Windows\System\NJfZlOy.exe
  2⤵
  PID:9976
- C:\Windows\System\SEgkyRt.exe
  C:\Windows\System\SEgkyRt.exe
  2⤵
  PID:10004
- C:\Windows\System\uXAGMVm.exe
  C:\Windows\System\uXAGMVm.exe
  2⤵
  PID:10032
- C:\Windows\System\TZazvwb.exe
  C:\Windows\System\TZazvwb.exe
  2⤵
  PID:10068
- C:\Windows\System\kKcrvHs.exe
  C:\Windows\System\kKcrvHs.exe
  2⤵
  PID:10084
- C:\Windows\System\TXDDvRe.exe
  C:\Windows\System\TXDDvRe.exe
  2⤵
  PID:10144
- C:\Windows\System\immFFUG.exe
  C:\Windows\System\immFFUG.exe
  2⤵
  PID:10172
- C:\Windows\System\SpOSmHw.exe
  C:\Windows\System\SpOSmHw.exe
  2⤵
  PID:10200
- C:\Windows\System\AYRjJdv.exe
  C:\Windows\System\AYRjJdv.exe
  2⤵
  PID:10228
- C:\Windows\System\qUXHNiE.exe
  C:\Windows\System\qUXHNiE.exe
  2⤵
  PID:9272
- C:\Windows\System\kbBTXYb.exe
  C:\Windows\System\kbBTXYb.exe
  2⤵
  PID:9348
- C:\Windows\System\LFalTpc.exe
  C:\Windows\System\LFalTpc.exe
  2⤵
  PID:9456
- C:\Windows\System\yfjLDKZ.exe
  C:\Windows\System\yfjLDKZ.exe
  2⤵
  PID:9520
- C:\Windows\System\eXZNNaU.exe
  C:\Windows\System\eXZNNaU.exe
  2⤵
  PID:9592
- C:\Windows\System\bitzmJo.exe
  C:\Windows\System\bitzmJo.exe
  2⤵
  PID:9688
- C:\Windows\System\ppKTefp.exe
  C:\Windows\System\ppKTefp.exe
  2⤵
  PID:7652
- C:\Windows\System\qbQCGMM.exe
  C:\Windows\System\qbQCGMM.exe
  2⤵
  PID:6640
- C:\Windows\System\ctFKqmB.exe
  C:\Windows\System\ctFKqmB.exe
  2⤵
  PID:9800
- C:\Windows\System\QZbRawM.exe
  C:\Windows\System\QZbRawM.exe
  2⤵
  PID:9856
- C:\Windows\System\dUCCmpw.exe
  C:\Windows\System\dUCCmpw.exe
  2⤵
  PID:9940
- C:\Windows\System\oUCUfji.exe
  C:\Windows\System\oUCUfji.exe
  2⤵
  PID:10000
- C:\Windows\System\tiQqQOq.exe
  C:\Windows\System\tiQqQOq.exe
  2⤵
  PID:10104
- C:\Windows\System\gOuoTPt.exe
  C:\Windows\System\gOuoTPt.exe
  2⤵
  PID:10192
- C:\Windows\System\IGnYjZY.exe
  C:\Windows\System\IGnYjZY.exe
  2⤵
  PID:9352
- C:\Windows\System\JHjfuIK.exe
  C:\Windows\System\JHjfuIK.exe
  2⤵
  PID:9548
- C:\Windows\System\IOcfEJB.exe
  C:\Windows\System\IOcfEJB.exe
  2⤵
  PID:9776
- C:\Windows\System\izvdaCa.exe
  C:\Windows\System\izvdaCa.exe
  2⤵
  PID:9972
- C:\Windows\System\bwlRaFg.exe
  C:\Windows\System\bwlRaFg.exe
  2⤵
  PID:9484
- C:\Windows\System\HyCWwuy.exe
  C:\Windows\System\HyCWwuy.exe
  2⤵
  PID:9908
- C:\Windows\System\PBjLnTC.exe
  C:\Windows\System\PBjLnTC.exe
  2⤵
  PID:10260
- C:\Windows\System\eKsnsTo.exe
  C:\Windows\System\eKsnsTo.exe
  2⤵
  PID:10284
- C:\Windows\System\peaoTlK.exe
  C:\Windows\System\peaoTlK.exe
  2⤵
  PID:10308
- C:\Windows\System\gvNzALA.exe
  C:\Windows\System\gvNzALA.exe
  2⤵
  PID:10336
- C:\Windows\System\koJoYUG.exe
  C:\Windows\System\koJoYUG.exe
  2⤵
  PID:10400
- C:\Windows\System\RfgsUmB.exe
  C:\Windows\System\RfgsUmB.exe
  2⤵
  PID:10432
- C:\Windows\System\CGAAUDm.exe
  C:\Windows\System\CGAAUDm.exe
  2⤵
  PID:10464
- C:\Windows\System\nByvBDp.exe
  C:\Windows\System\nByvBDp.exe
  2⤵
  PID:10504
- C:\Windows\System\DqbjzuR.exe
  C:\Windows\System\DqbjzuR.exe
  2⤵
  PID:10536
- C:\Windows\System\ZTiWzwp.exe
  C:\Windows\System\ZTiWzwp.exe
  2⤵
  PID:10564
- C:\Windows\System\Aduyfim.exe
  C:\Windows\System\Aduyfim.exe
  2⤵
  PID:10580
- C:\Windows\System\dYBAwnt.exe
  C:\Windows\System\dYBAwnt.exe
  2⤵
  PID:10600
- C:\Windows\System\bpTfiJu.exe
  C:\Windows\System\bpTfiJu.exe
  2⤵
  PID:10640
- C:\Windows\System\DTzmSIR.exe
  C:\Windows\System\DTzmSIR.exe
  2⤵
  PID:10680
- C:\Windows\System\BZQKwoh.exe
  C:\Windows\System\BZQKwoh.exe
  2⤵
  PID:10708
- C:\Windows\System\WwkyhiF.exe
  C:\Windows\System\WwkyhiF.exe
  2⤵
  PID:10724
- C:\Windows\System\xVDxxkc.exe
  C:\Windows\System\xVDxxkc.exe
  2⤵
  PID:10764
- C:\Windows\System\lxzwocq.exe
  C:\Windows\System\lxzwocq.exe
  2⤵
  PID:10792
- C:\Windows\System\TFMUeJq.exe
  C:\Windows\System\TFMUeJq.exe
  2⤵
  PID:10820
- C:\Windows\System\SbhzRsG.exe
  C:\Windows\System\SbhzRsG.exe
  2⤵
  PID:10848
- C:\Windows\System\mUwdriF.exe
  C:\Windows\System\mUwdriF.exe
  2⤵
  PID:10872
- C:\Windows\System\JBUknsd.exe
  C:\Windows\System\JBUknsd.exe
  2⤵
  PID:10904
- C:\Windows\System\UcFxJhj.exe
  C:\Windows\System\UcFxJhj.exe
  2⤵
  PID:10932
- C:\Windows\System\UAvNbJe.exe
  C:\Windows\System\UAvNbJe.exe
  2⤵
  PID:10952
- C:\Windows\System\KdkTjBj.exe
  C:\Windows\System\KdkTjBj.exe
  2⤵
  PID:10992
- C:\Windows\System\XIuMHho.exe
  C:\Windows\System\XIuMHho.exe
  2⤵
  PID:11020
- C:\Windows\System\FDlaenI.exe
  C:\Windows\System\FDlaenI.exe
  2⤵
  PID:11052
- C:\Windows\System\xuTaVso.exe
  C:\Windows\System\xuTaVso.exe
  2⤵
  PID:11080
- C:\Windows\System\RJodwYm.exe
  C:\Windows\System\RJodwYm.exe
  2⤵
  PID:11108
- C:\Windows\System\uiKbcyZ.exe
  C:\Windows\System\uiKbcyZ.exe
  2⤵
  PID:11136
- C:\Windows\System\paTmYnR.exe
  C:\Windows\System\paTmYnR.exe
  2⤵
  PID:11168
- C:\Windows\System\VQBijNk.exe
  C:\Windows\System\VQBijNk.exe
  2⤵
  PID:11192
- C:\Windows\System\doISoiJ.exe
  C:\Windows\System\doISoiJ.exe
  2⤵
  PID:11228
- C:\Windows\System\pWPvRUY.exe
  C:\Windows\System\pWPvRUY.exe
  2⤵
  PID:11244
- C:\Windows\System\MXPcqyB.exe
  C:\Windows\System\MXPcqyB.exe
  2⤵
  PID:10280
- C:\Windows\System\EqmpNLB.exe
  C:\Windows\System\EqmpNLB.exe
  2⤵
  PID:10412
- C:\Windows\System\avEvFev.exe
  C:\Windows\System\avEvFev.exe
  2⤵
  PID:2468
- C:\Windows\System\nMhjEeW.exe
  C:\Windows\System\nMhjEeW.exe
  2⤵
  PID:10532
- C:\Windows\System\scDwcOZ.exe
  C:\Windows\System\scDwcOZ.exe
  2⤵
  PID:10592
- C:\Windows\System\PjryMcc.exe
  C:\Windows\System\PjryMcc.exe
  2⤵
  PID:10676
- C:\Windows\System\BqBjufg.exe
  C:\Windows\System\BqBjufg.exe
  2⤵
  PID:10744
- C:\Windows\System\bluBlIv.exe
  C:\Windows\System\bluBlIv.exe
  2⤵
  PID:10804
- C:\Windows\System\XfpiyGE.exe
  C:\Windows\System\XfpiyGE.exe
  2⤵
  PID:10868
- C:\Windows\System\EwIexSS.exe
  C:\Windows\System\EwIexSS.exe
  2⤵
  PID:10924
- C:\Windows\System\GDEsiYj.exe
  C:\Windows\System\GDEsiYj.exe
  2⤵
  PID:10988
- C:\Windows\System\EHdGrrz.exe
  C:\Windows\System\EHdGrrz.exe
  2⤵
  PID:11064
- C:\Windows\System\BfqtTol.exe
  C:\Windows\System\BfqtTol.exe
  2⤵
  PID:11120
- C:\Windows\System\cMFcFsM.exe
  C:\Windows\System\cMFcFsM.exe
  2⤵
  PID:11204
- C:\Windows\System\WFAsVJM.exe
  C:\Windows\System\WFAsVJM.exe
  2⤵
  PID:9672
- C:\Windows\System\UlfyHWL.exe
  C:\Windows\System\UlfyHWL.exe
  2⤵
  PID:10424
- C:\Windows\System\BHIYfYY.exe
  C:\Windows\System\BHIYfYY.exe
  2⤵
  PID:10552
- C:\Windows\System\GhaPVJU.exe
  C:\Windows\System\GhaPVJU.exe
  2⤵
  PID:10660
- C:\Windows\System\XkhqZBf.exe
  C:\Windows\System\XkhqZBf.exe
  2⤵
  PID:10840
- C:\Windows\System\UhMDBRx.exe
  C:\Windows\System\UhMDBRx.exe
  2⤵
  PID:10984
- C:\Windows\System\gJmZOfS.exe
  C:\Windows\System\gJmZOfS.exe
  2⤵
  PID:11124
- C:\Windows\System\aIMGWhm.exe
  C:\Windows\System\aIMGWhm.exe
  2⤵
  PID:11260
- C:\Windows\System\VzVDhEt.exe
  C:\Windows\System\VzVDhEt.exe
  2⤵
  PID:10624
- C:\Windows\System\mWoccmJ.exe
  C:\Windows\System\mWoccmJ.exe
  2⤵
  PID:10964
- C:\Windows\System\SakyJxF.exe
  C:\Windows\System\SakyJxF.exe
  2⤵
  PID:10516
- C:\Windows\System\QhrwFWr.exe
  C:\Windows\System\QhrwFWr.exe
  2⤵
  PID:4744
- C:\Windows\System\kKNtiPF.exe
  C:\Windows\System\kKNtiPF.exe
  2⤵
  PID:11240
- C:\Windows\System\zbjrIDa.exe
  C:\Windows\System\zbjrIDa.exe
  2⤵
  PID:11284
- C:\Windows\System\ujbTLfw.exe
  C:\Windows\System\ujbTLfw.exe
  2⤵
  PID:11320
- C:\Windows\System\sLxHKHD.exe
  C:\Windows\System\sLxHKHD.exe
  2⤵
  PID:11348
- C:\Windows\System\LWXlbnD.exe
  C:\Windows\System\LWXlbnD.exe
  2⤵
  PID:11364
- C:\Windows\System\vsXCaeN.exe
  C:\Windows\System\vsXCaeN.exe
  2⤵
  PID:11392
- C:\Windows\System\VhRTgBC.exe
  C:\Windows\System\VhRTgBC.exe
  2⤵
  PID:11420
- C:\Windows\System\VRBYnOR.exe
  C:\Windows\System\VRBYnOR.exe
  2⤵
  PID:11460
- C:\Windows\System\HxLmQxf.exe
  C:\Windows\System\HxLmQxf.exe
  2⤵
  PID:11476
- C:\Windows\System\pKXLsrh.exe
  C:\Windows\System\pKXLsrh.exe
  2⤵
  PID:11516
- C:\Windows\System\GaSTlrK.exe
  C:\Windows\System\GaSTlrK.exe
  2⤵
  PID:11544
- C:\Windows\System\oDZPBVC.exe
  C:\Windows\System\oDZPBVC.exe
  2⤵
  PID:11568
- C:\Windows\System\TexgqjO.exe
  C:\Windows\System\TexgqjO.exe
  2⤵
  PID:11592
- C:\Windows\System\nNNlBFB.exe
  C:\Windows\System\nNNlBFB.exe
  2⤵
  PID:11628
- C:\Windows\System\xBjUIco.exe
  C:\Windows\System\xBjUIco.exe
  2⤵
  PID:11664
- C:\Windows\System\tWPtdMk.exe
  C:\Windows\System\tWPtdMk.exe
  2⤵
  PID:11700
- C:\Windows\System\wgIxuRS.exe
  C:\Windows\System\wgIxuRS.exe
  2⤵
  PID:11728
- C:\Windows\System\AIDKIdO.exe
  C:\Windows\System\AIDKIdO.exe
  2⤵
  PID:11756
- C:\Windows\System\HqjWGju.exe
  C:\Windows\System\HqjWGju.exe
  2⤵
  PID:11784
- C:\Windows\System\wzceIkr.exe
  C:\Windows\System\wzceIkr.exe
  2⤵
  PID:11812
- C:\Windows\System\WmZovTY.exe
  C:\Windows\System\WmZovTY.exe
  2⤵
  PID:11840
- C:\Windows\System\kxSBEPK.exe
  C:\Windows\System\kxSBEPK.exe
  2⤵
  PID:11868
- C:\Windows\System\gHqmRfl.exe
  C:\Windows\System\gHqmRfl.exe
  2⤵
  PID:11884
- C:\Windows\System\VjAGTXa.exe
  C:\Windows\System\VjAGTXa.exe
  2⤵
  PID:11924
- C:\Windows\System\cNezeEu.exe
  C:\Windows\System\cNezeEu.exe
  2⤵
  PID:11952
- C:\Windows\System\QoLgyLA.exe
  C:\Windows\System\QoLgyLA.exe
  2⤵
  PID:11984
- C:\Windows\System\CqKNddH.exe
  C:\Windows\System\CqKNddH.exe
  2⤵
  PID:12012
- C:\Windows\System\vMtQwkS.exe
  C:\Windows\System\vMtQwkS.exe
  2⤵
  PID:12040
- C:\Windows\System\EjaCghb.exe
  C:\Windows\System\EjaCghb.exe
  2⤵
  PID:12068
- C:\Windows\System\uHoEuNc.exe
  C:\Windows\System\uHoEuNc.exe
  2⤵
  PID:12096
- C:\Windows\System\vuoSrqY.exe
  C:\Windows\System\vuoSrqY.exe
  2⤵
  PID:12124
- C:\Windows\System\EgRuCSw.exe
  C:\Windows\System\EgRuCSw.exe
  2⤵
  PID:12152
- C:\Windows\System\GhpMhyT.exe
  C:\Windows\System\GhpMhyT.exe
  2⤵
  PID:12180
- C:\Windows\System\paFyJMR.exe
  C:\Windows\System\paFyJMR.exe
  2⤵
  PID:12208
- C:\Windows\System\cPYXvFR.exe
  C:\Windows\System\cPYXvFR.exe
  2⤵
  PID:12236
- C:\Windows\System\ivNiIdT.exe
  C:\Windows\System\ivNiIdT.exe
  2⤵
  PID:12264
- C:\Windows\System\ZYCrWzu.exe
  C:\Windows\System\ZYCrWzu.exe
  2⤵
  PID:11280
- C:\Windows\System\ElDUyGr.exe
  C:\Windows\System\ElDUyGr.exe
  2⤵
  PID:11360
- C:\Windows\System\BPijZzy.exe
  C:\Windows\System\BPijZzy.exe
  2⤵
  PID:11404
- C:\Windows\System\bpTorNX.exe
  C:\Windows\System\bpTorNX.exe
  2⤵
  PID:11472
- C:\Windows\System\puIvNFr.exe
  C:\Windows\System\puIvNFr.exe
  2⤵
  PID:11540
- C:\Windows\System\PkKRULd.exe
  C:\Windows\System\PkKRULd.exe
  2⤵
  PID:11580
- C:\Windows\System\SRhoVNX.exe
  C:\Windows\System\SRhoVNX.exe
  2⤵
  PID:11660
- C:\Windows\System\uEuiSuO.exe
  C:\Windows\System\uEuiSuO.exe
  2⤵
  PID:11724
- C:\Windows\System\XLrlgaO.exe
  C:\Windows\System\XLrlgaO.exe
  2⤵
  PID:11796
- C:\Windows\System\GbgjntI.exe
  C:\Windows\System\GbgjntI.exe
  2⤵
  PID:11856
- C:\Windows\System\UyXqHEQ.exe
  C:\Windows\System\UyXqHEQ.exe
  2⤵
  PID:11920
- C:\Windows\System\VGJfkHe.exe
  C:\Windows\System\VGJfkHe.exe
  2⤵
  PID:11996
- C:\Windows\System\VmYrNck.exe
  C:\Windows\System\VmYrNck.exe
  2⤵
  PID:12080
- C:\Windows\System\HERfQNF.exe
  C:\Windows\System\HERfQNF.exe
  2⤵
  PID:12192
- C:\Windows\System\nXHBSnK.exe
  C:\Windows\System\nXHBSnK.exe
  2⤵
  PID:12256
- C:\Windows\System\tSXHEJW.exe
  C:\Windows\System\tSXHEJW.exe
  2⤵
  PID:11380
- C:\Windows\System\gBgmjtg.exe
  C:\Windows\System\gBgmjtg.exe
  2⤵
  PID:11536
- C:\Windows\System\hWnIPfB.exe
  C:\Windows\System\hWnIPfB.exe
  2⤵
  PID:11616
- C:\Windows\System\oGyjJjl.exe
  C:\Windows\System\oGyjJjl.exe
  2⤵
  PID:11836
- C:\Windows\System\LuuoOKG.exe
  C:\Windows\System\LuuoOKG.exe
  2⤵
  PID:11972
- C:\Windows\System\xYcGwrn.exe
  C:\Windows\System\xYcGwrn.exe
  2⤵
  PID:12148
- C:\Windows\System\zeVNQcn.exe
  C:\Windows\System\zeVNQcn.exe
  2⤵
  PID:4780
- C:\Windows\System\ZgYXhaj.exe
  C:\Windows\System\ZgYXhaj.exe
  2⤵
  PID:11512
- C:\Windows\System\SVBBuWD.exe
  C:\Windows\System\SVBBuWD.exe
  2⤵
  PID:11780
- C:\Windows\System\utjUCjX.exe
  C:\Windows\System\utjUCjX.exe
  2⤵
  PID:12252
- C:\Windows\System\WgpsMiM.exe
  C:\Windows\System\WgpsMiM.exe
  2⤵
  PID:11752
- C:\Windows\System\jGswuPp.exe
  C:\Windows\System\jGswuPp.exe
  2⤵
  PID:11620
- C:\Windows\System\RGtkYwv.exe
  C:\Windows\System\RGtkYwv.exe
  2⤵
  PID:12304
- C:\Windows\System\OyzJRWT.exe
  C:\Windows\System\OyzJRWT.exe
  2⤵
  PID:12332
- C:\Windows\System\njRnXWz.exe
  C:\Windows\System\njRnXWz.exe
  2⤵
  PID:12360
- C:\Windows\System\mfmHAJg.exe
  C:\Windows\System\mfmHAJg.exe
  2⤵
  PID:12388
- C:\Windows\System\rtiSXuV.exe
  C:\Windows\System\rtiSXuV.exe
  2⤵
  PID:12416
- C:\Windows\System\bprGpUz.exe
  C:\Windows\System\bprGpUz.exe
  2⤵
  PID:12444
- C:\Windows\System\QFMoaul.exe
  C:\Windows\System\QFMoaul.exe
  2⤵
  PID:12472
- C:\Windows\System\UVLTWQL.exe
  C:\Windows\System\UVLTWQL.exe
  2⤵
  PID:12500
- C:\Windows\System\qSykdeR.exe
  C:\Windows\System\qSykdeR.exe
  2⤵
  PID:12528
- C:\Windows\System\FuYVAze.exe
  C:\Windows\System\FuYVAze.exe
  2⤵
  PID:12564
- C:\Windows\System\NIaYUqm.exe
  C:\Windows\System\NIaYUqm.exe
  2⤵
  PID:12592
- C:\Windows\System\GMZdIsB.exe
  C:\Windows\System\GMZdIsB.exe
  2⤵
  PID:12620
- C:\Windows\System\ckUUtJB.exe
  C:\Windows\System\ckUUtJB.exe
  2⤵
  PID:12648
- C:\Windows\System\owpsLny.exe
  C:\Windows\System\owpsLny.exe
  2⤵
  PID:12676
- C:\Windows\System\mauvxdq.exe
  C:\Windows\System\mauvxdq.exe
  2⤵
  PID:12704
- C:\Windows\System\lJfnBlA.exe
  C:\Windows\System\lJfnBlA.exe
  2⤵
  PID:12732
- C:\Windows\System\OrfWhtv.exe
  C:\Windows\System\OrfWhtv.exe
  2⤵
  PID:12760
- C:\Windows\System\kvgEXCT.exe
  C:\Windows\System\kvgEXCT.exe
  2⤵
  PID:12788
- C:\Windows\System\wtXfAgV.exe
  C:\Windows\System\wtXfAgV.exe
  2⤵
  PID:12816
- C:\Windows\System\Kdvpuun.exe
  C:\Windows\System\Kdvpuun.exe
  2⤵
  PID:12844
- C:\Windows\System\grgXvvY.exe
  C:\Windows\System\grgXvvY.exe
  2⤵
  PID:12876
- C:\Windows\System\PCMyjew.exe
  C:\Windows\System\PCMyjew.exe
  2⤵
  PID:12904
- C:\Windows\System\vriVPvf.exe
  C:\Windows\System\vriVPvf.exe
  2⤵
  PID:12932
- C:\Windows\System\sabKRbG.exe
  C:\Windows\System\sabKRbG.exe
  2⤵
  PID:12960
- C:\Windows\System\BQdwkjf.exe
  C:\Windows\System\BQdwkjf.exe
  2⤵
  PID:12988
- C:\Windows\System\hLTDuhh.exe
  C:\Windows\System\hLTDuhh.exe
  2⤵
  PID:13016
- C:\Windows\System\aPuddBi.exe
  C:\Windows\System\aPuddBi.exe
  2⤵
  PID:13044
- C:\Windows\System\pmxBvau.exe
  C:\Windows\System\pmxBvau.exe
  2⤵
  PID:13072
- C:\Windows\System\gFWAvCh.exe
  C:\Windows\System\gFWAvCh.exe
  2⤵
  PID:13100
- C:\Windows\System\eCRknez.exe
  C:\Windows\System\eCRknez.exe
  2⤵
  PID:13128
- C:\Windows\System\mVrTcxz.exe
  C:\Windows\System\mVrTcxz.exe
  2⤵
  PID:13156
- C:\Windows\System\bIWbODy.exe
  C:\Windows\System\bIWbODy.exe
  2⤵
  PID:13184
- C:\Windows\System\FLqOywY.exe
  C:\Windows\System\FLqOywY.exe
  2⤵
  PID:13212
- C:\Windows\System\yKScyzu.exe
  C:\Windows\System\yKScyzu.exe
  2⤵
  PID:13228
- C:\Windows\System\SiwqLFn.exe
  C:\Windows\System\SiwqLFn.exe
  2⤵
  PID:13264
- C:\Windows\System\YHyPtLA.exe
  C:\Windows\System\YHyPtLA.exe
  2⤵
  PID:13296
- C:\Windows\System\gnBsPLk.exe
  C:\Windows\System\gnBsPLk.exe
  2⤵
  PID:12300
- C:\Windows\System\dSWEtPX.exe
  C:\Windows\System\dSWEtPX.exe
  2⤵
  PID:12380
- C:\Windows\System\QHtDmzt.exe
  C:\Windows\System\QHtDmzt.exe
  2⤵
  PID:12440
- C:\Windows\System\ZbpMNLp.exe
  C:\Windows\System\ZbpMNLp.exe
  2⤵
  PID:12512
- C:\Windows\System\CnplIai.exe
  C:\Windows\System\CnplIai.exe
  2⤵
  PID:12576
- C:\Windows\System\LabdeOA.exe
  C:\Windows\System\LabdeOA.exe
  2⤵
  PID:12632
- C:\Windows\System\GFiMFtJ.exe
  C:\Windows\System\GFiMFtJ.exe
  2⤵
  PID:12700
- C:\Windows\System\FhNAMsI.exe
  C:\Windows\System\FhNAMsI.exe
  2⤵
  PID:12772
- C:\Windows\System\jeskpXm.exe
  C:\Windows\System\jeskpXm.exe
  2⤵
  PID:12832
- C:\Windows\System\qakzUEA.exe
  C:\Windows\System\qakzUEA.exe
  2⤵
  PID:12900
- C:\Windows\System\pWwFleM.exe
  C:\Windows\System\pWwFleM.exe
  2⤵
  PID:12972
- C:\Windows\System\PwtXMnz.exe
  C:\Windows\System\PwtXMnz.exe
  2⤵
  PID:13036
- C:\Windows\System\SOATVIF.exe
  C:\Windows\System\SOATVIF.exe
  2⤵
  PID:13096
- C:\Windows\System\qBsecWS.exe
  C:\Windows\System\qBsecWS.exe
  2⤵
  PID:13168
- C:\Windows\System\sVlkqJk.exe
  C:\Windows\System\sVlkqJk.exe
  2⤵
  PID:13224
- C:\Windows\System\Whyrcev.exe
  C:\Windows\System\Whyrcev.exe
  2⤵
  PID:13288
- C:\Windows\System\VzEPILx.exe
  C:\Windows\System\VzEPILx.exe
  2⤵
  PID:12408
- C:\Windows\System\pkafBEY.exe
  C:\Windows\System\pkafBEY.exe
  2⤵
  PID:12552
- C:\Windows\System\ClQihND.exe
  C:\Windows\System\ClQihND.exe
  2⤵
  PID:12692
- C:\Windows\System\GsPfjAi.exe
  C:\Windows\System\GsPfjAi.exe
  2⤵
  PID:12872
- C:\Windows\System\tdwAJsg.exe
  C:\Windows\System\tdwAJsg.exe
  2⤵
  PID:13008
- C:\Windows\System\FXDYMvR.exe
  C:\Windows\System\FXDYMvR.exe
  2⤵
  PID:3296
- C:\Windows\System\EDVdUUA.exe
  C:\Windows\System\EDVdUUA.exe
  2⤵
  PID:13280
- C:\Windows\System\uAAoPdA.exe
  C:\Windows\System\uAAoPdA.exe
  2⤵
  PID:12484
- C:\Windows\System\VNnCvka.exe
  C:\Windows\System\VNnCvka.exe
  2⤵
  PID:12800
- C:\Windows\System\jOznJlE.exe
  C:\Windows\System\jOznJlE.exe
  2⤵
  PID:13196
- C:\Windows\System\GIjWbif.exe
  C:\Windows\System\GIjWbif.exe
  2⤵
  PID:12688
- C:\Windows\System\nHMoBLd.exe
  C:\Windows\System\nHMoBLd.exe
  2⤵
  PID:12672
- C:\Windows\System\dAUnsaH.exe
  C:\Windows\System\dAUnsaH.exe
  2⤵
  PID:13328
- C:\Windows\System\LbMyIAn.exe
  C:\Windows\System\LbMyIAn.exe
  2⤵
  PID:13356
- C:\Windows\System\mPUMfwy.exe
  C:\Windows\System\mPUMfwy.exe
  2⤵
  PID:13384
- C:\Windows\System\iuEuLTj.exe
  C:\Windows\System\iuEuLTj.exe
  2⤵
  PID:13416
- C:\Windows\System\pyQSyvQ.exe
  C:\Windows\System\pyQSyvQ.exe
  2⤵
  PID:13444
- C:\Windows\System\cGKeKsA.exe
  C:\Windows\System\cGKeKsA.exe
  2⤵
  PID:13472
- C:\Windows\System\qTuhxJV.exe
  C:\Windows\System\qTuhxJV.exe
  2⤵
  PID:13500
- C:\Windows\System\tNmQYFj.exe
  C:\Windows\System\tNmQYFj.exe
  2⤵
  PID:13524
- C:\Windows\System\cAWzZxN.exe
  C:\Windows\System\cAWzZxN.exe
  2⤵
  PID:13556
- C:\Windows\System\ekJhhfe.exe
  C:\Windows\System\ekJhhfe.exe
  2⤵
  PID:13576
- C:\Windows\System\WvkWRrl.exe
  C:\Windows\System\WvkWRrl.exe
  2⤵
  PID:13600
- C:\Windows\System\LcKeTJs.exe
  C:\Windows\System\LcKeTJs.exe
  2⤵
  PID:13620
- C:\Windows\System\epaKarK.exe
  C:\Windows\System\epaKarK.exe
  2⤵
  PID:13644
- C:\Windows\System\tgiHuwp.exe
  C:\Windows\System\tgiHuwp.exe
  2⤵
  PID:13680
- C:\Windows\System\BEIVzmi.exe
  C:\Windows\System\BEIVzmi.exe
  2⤵
  PID:13712
- C:\Windows\System\XaTHycR.exe
  C:\Windows\System\XaTHycR.exe
  2⤵
  PID:13732
- C:\Windows\System\IWwCLLy.exe
  C:\Windows\System\IWwCLLy.exe
  2⤵
  PID:13772
- C:\Windows\System\LrgQItC.exe
  C:\Windows\System\LrgQItC.exe
  2⤵
  PID:13808
- C:\Windows\System\XiPpYYp.exe
  C:\Windows\System\XiPpYYp.exe
  2⤵
  PID:13824
- C:\Windows\System\ROtfJdf.exe
  C:\Windows\System\ROtfJdf.exe
  2⤵
  PID:13844
- C:\Windows\System\LPUhyVm.exe
  C:\Windows\System\LPUhyVm.exe
  2⤵
  PID:13892
- C:\Windows\System\xnVXiyb.exe
  C:\Windows\System\xnVXiyb.exe
  2⤵
  PID:13920
- C:\Windows\System\nHQINem.exe
  C:\Windows\System\nHQINem.exe
  2⤵
  PID:13948
- C:\Windows\System\vBUWhax.exe
  C:\Windows\System\vBUWhax.exe
  2⤵
  PID:13972
- C:\Windows\System\tdspbyv.exe
  C:\Windows\System\tdspbyv.exe
  2⤵
  PID:13992
- C:\Windows\System\wcEPmIa.exe
  C:\Windows\System\wcEPmIa.exe
  2⤵
  PID:14028
- C:\Windows\System\DZAjxZx.exe
  C:\Windows\System\DZAjxZx.exe
  2⤵
  PID:14048
- C:\Windows\System\oDBEkfN.exe
  C:\Windows\System\oDBEkfN.exe
  2⤵
  PID:14088
- C:\Windows\System\EBLFKpI.exe
  C:\Windows\System\EBLFKpI.exe
  2⤵
  PID:14116
- C:\Windows\System\mEShmmL.exe
  C:\Windows\System\mEShmmL.exe
  2⤵
  PID:14144
- C:\Windows\System\ywwNgNa.exe
  C:\Windows\System\ywwNgNa.exe
  2⤵
  PID:14172
- C:\Windows\System\eHIKoKC.exe
  C:\Windows\System\eHIKoKC.exe
  2⤵
  PID:14200
- C:\Windows\System\advVoSI.exe
  C:\Windows\System\advVoSI.exe
  2⤵
  PID:14228
- C:\Windows\System\xqPWjCG.exe
  C:\Windows\System\xqPWjCG.exe
  2⤵
  PID:14256
- C:\Windows\System\HCeoVfH.exe
  C:\Windows\System\HCeoVfH.exe
  2⤵
  PID:14284
- C:\Windows\System\ZNHeGps.exe
  C:\Windows\System\ZNHeGps.exe
  2⤵
  PID:14312
- C:\Windows\System\eboydje.exe
  C:\Windows\System\eboydje.exe
  2⤵
  PID:13320
- C:\Windows\System\SyLsorH.exe
  C:\Windows\System\SyLsorH.exe
  2⤵
  PID:13460
- C:\Windows\System\oCsyMRa.exe
  C:\Windows\System\oCsyMRa.exe
  2⤵
  PID:13516
- C:\Windows\System\UraFuxx.exe
  C:\Windows\System\UraFuxx.exe
  2⤵
  PID:2572
- C:\Windows\System\fSFiYDc.exe
  C:\Windows\System\fSFiYDc.exe
  2⤵
  PID:13616
- C:\Windows\System\PpWUDOH.exe
  C:\Windows\System\PpWUDOH.exe
  2⤵
  PID:13656
- C:\Windows\System\HeaVWxe.exe
  C:\Windows\System\HeaVWxe.exe
  2⤵
  PID:13756
- C:\Windows\System\ZqHuFSh.exe
  C:\Windows\System\ZqHuFSh.exe
  2⤵
  PID:13832
- C:\Windows\System\eHWugmv.exe
  C:\Windows\System\eHWugmv.exe
  2⤵
  PID:13908
- C:\Windows\System\tnSUPHV.exe
  C:\Windows\System\tnSUPHV.exe
  2⤵
  PID:13964
- C:\Windows\System\kkpWpPU.exe
  C:\Windows\System\kkpWpPU.exe
  2⤵
  PID:14036
- C:\Windows\System\AfbqGVf.exe
  C:\Windows\System\AfbqGVf.exe
  2⤵
  PID:14104
- C:\Windows\System\EUILAlY.exe
  C:\Windows\System\EUILAlY.exe
  2⤵
  PID:14164
- C:\Windows\System\qQkvvHG.exe
  C:\Windows\System\qQkvvHG.exe
  2⤵
  PID:14224
- C:\Windows\System\YCYvofV.exe
  C:\Windows\System\YCYvofV.exe
  2⤵
  PID:14300
- C:\Windows\System\SFbdwdz.exe
  C:\Windows\System\SFbdwdz.exe
  2⤵
  PID:13428
- C:\Windows\System\rxWjAEm.exe
  C:\Windows\System\rxWjAEm.exe
  2⤵
  PID:13584
- C:\Windows\System\vEaoFDT.exe
  C:\Windows\System\vEaoFDT.exe
  2⤵
  PID:13696
- C:\Windows\System\heSySOc.exe
  C:\Windows\System\heSySOc.exe
  2⤵
  PID:13852
- C:\Windows\System\yTgIVna.exe
  C:\Windows\System\yTgIVna.exe
  2⤵
  PID:14004
- C:\Windows\System\ACDikFq.exe
  C:\Windows\System\ACDikFq.exe
  2⤵
  PID:14160
- C:\Windows\System\HPSTQJw.exe
  C:\Windows\System\HPSTQJw.exe
  2⤵
  PID:14328
- C:\Windows\System\QfFFNTW.exe
  C:\Windows\System\QfFFNTW.exe
  2⤵
  PID:13700
- C:\Windows\System\rfZJzop.exe
  C:\Windows\System\rfZJzop.exe
  2⤵
  PID:13932
- C:\Windows\System\NbUZwFY.exe
  C:\Windows\System\NbUZwFY.exe
  2⤵
  PID:13800

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AOJYtqn.exe

Filesize
2.7MB

MD5
f8dff0cc1fa68f35f4e11c6027c8a301

SHA1
dbdaa85141426d2818678cb1b04bba0419e41a44

SHA256
00484fefd789531ea20d7d76077f309b9619c50dca7a4d21e27c85015148aaa8

SHA512
6f4673d7c32a18c04b9afe782347967a3bfd2ef11b91de62f6a7ea0cd201967cddb7937ec2018c529c0e7f449cebadf6733d266bcab625451d3621ff5f348939

Download Submit
C:\Windows\System\DkFXOjT.exe

Filesize
2.7MB

MD5
c82f14f52c91f8a6e350c76cce69b12a

SHA1
57047d6b20d73a3ef539222fd69fef23e0afb60d

SHA256
67a2605b166c04a06677825b7c00c0052a847dc165e6e78bc81567aea70e0c1f

SHA512
938b2262b999b37acdcec9795a07c9922e3423cd42a72f5114120812628c93196c403b3ad60adbbcf967729dc125023ba5f7462d6adc0b5c2619c8225a576622

Download Submit
C:\Windows\System\ESOkdyY.exe

Filesize
2.7MB

MD5
9d3aa6a4dde391ed7cb063b0885f8252

SHA1
dc152aa7af3aeed3c79c39c758443a290e4134d0

SHA256
5045a5308ed280f26394eacaaceaeeb1d251b31f50bd1b4b74f7963731cec474

SHA512
735051918037217a842e5bb2e6c4880bd834a6b1023066384f34aa8602f8ec8aa80bf48b868c42c23cef0bc48db30cd9bab6f2872ea2791cfa579f7b22275d78

Download Submit
C:\Windows\System\EWRhVbe.exe

Filesize
2.7MB

MD5
0682ac97f62c0e7ba7fade93c8f9c1f9

SHA1
3450db6ec9272e9a6ae9d47069114f7e138b8fbf

SHA256
948a6d780b5c3e84e839e6cf201172df3861d9186296a7ddb8722802363e5a3a

SHA512
1ad3b032496cba4072cc5f57ca261a020b503bca054b18c87be0b039c45a5533966e3dd7b8d4b257fe73c03b13746087d8f80c6367484944fd45e329b1b82509

Download Submit
C:\Windows\System\EWjxHsY.exe

Filesize
2.7MB

MD5
768fd26434e707d2eccb1a1cb0e8993f

SHA1
e4436dd294b4a559bce118d78400cc4d8030cfce

SHA256
99cc3182d5ca43177dc4ac5b56ce240388df93d56b24986deb4e1fd00f5906b0

SHA512
75d3ee232ff720a7f25d79bd52666845af36eea05201dd091b8d23e66bc5bfb282418ad5bd8580c4585623d9d11d08110885e3325069ffce58755c94f0d1de9c

Download Submit
C:\Windows\System\EtjaiUp.exe

Filesize
2.7MB

MD5
f9956e4cd3f72dfc7d10a1c1a73cf034

SHA1
b48c10743b63dab724227454e7c88f0f199ac790

SHA256
7b36e43f389f4129aefd98a81ffd4270b8593e67616effae8f72cc692d19aa0e

SHA512
ec2537a67053b831e0482dd3a9e3c7aa407b1a4985e8bc9666a0d00bb74a166ad020096d6546963c26b5fbaaeb99c363fd86e9f84e8ff47a70d8544102d44fb5

Download Submit
C:\Windows\System\HXIAawm.exe

Filesize
2.7MB

MD5
9d4bc1214faf78ac74f6190647d9bf89

SHA1
2c7d2819e98ab620cf03d4fae8a3304ce2b4f221

SHA256
b4f150fda6ddb940a41e345397fae301d72dfc5360b03ae01a4f01d6ac02a40f

SHA512
946610c1923a6d63404095ebf3ee699c4ce23010f7d8c3357f08f832b1dbc010e46bbcdef56bce7eee9d4a6e28cbe78dc95cfc442ffa02f7d4b2dab3f559f4de

Download Submit
C:\Windows\System\IZqPWHA.exe

Filesize
2.7MB

MD5
d7a4dc9764eab4e5073dec88861c8e07

SHA1
34cd79251ccd437cb86cba52f1dbab4d26c53dd6

SHA256
56d3b9cebe700aa986eee0d8309fd16ff97ceaa7d5582e9a553ab9f353347fcc

SHA512
4a1d917cec26c8bf7dcefe8365d8b7f2dfc56d968d4f6c94ad04f577c5928d491f1fd2ecb4de9adde15feaaa242378ad259b096e0e01bd5cfa7a97fd5a1533d7

Download Submit
C:\Windows\System\LduRrxz.exe

Filesize
2.7MB

MD5
bec81662a0976cb880e234ae11db4fba

SHA1
4bfa2f77587db5f25a696e55f6e84da332f5f2ac

SHA256
6c3701e8a200b14882fad25e464c527ca7653f8da9810117f882f4702de20f49

SHA512
68143962984df447a21ee7224e24f5e8f8ca65b4c257148fb8668d1ac07854a86b0287422a886f36e65d32996a402ee4220d2f9024511507204940e40c47b33b

Download Submit
C:\Windows\System\MVfIKzM.exe

Filesize
2.7MB

MD5
99045d320b3dfe9c9b253b845782dbe4

SHA1
f4b2a121286adf78fbab65cff4c5e7ce5aee210d

SHA256
f9586cdff83175569d9dc468ad2059d3612825aa7c23609df2f2671e0f72d9e0

SHA512
7e497cc16ddceafaf3a57ac53bc81eb641c5517b260debbcea4d84481356cfe3d56806943bd94ec2586a01444b9af308cd57597d117c144dbdde56d531ab2e9b

Download Submit
C:\Windows\System\OWykNtX.exe

Filesize
2.7MB

MD5
066c47fdea0e261e519db55a7bf1a10d

SHA1
b737f43305e06ae2cdeed28f1cc71f5496926682

SHA256
3fbb67f8d37ba1a428344d352d8b3be26668bbfc205a5beb7c77e3f88a1008cc

SHA512
1a7a9c449a5f44a421dce6bf3243d397c4ec63d295114db1e59bdf3448562f2c04b88714f2dd863c30fd7481f6fa7c5ba8e2baf2da801bf2bb886443a1b9f952

Download Submit
C:\Windows\System\OoSpqeb.exe

Filesize
2.7MB

MD5
0a4fbab3f7ddae223256f6849126c39b

SHA1
e37482dac341709063c526712c132871d7ca4934

SHA256
83b66cfd1d62d7a00692d2936e2fcae2f1e07f92de97bc5a6230f69043a404fb

SHA512
f93172cf9e0bc8388ea5998fd27a3d514ea5d8457e541fd49a647a225b791af3dbd72222893f6d8a7847f430ce91ec269db782a9a5dc6862aaf379baed9d2993

Download Submit
C:\Windows\System\PZdJvqE.exe

Filesize
2.7MB

MD5
48108a766b1340b124413888a16e3cf5

SHA1
68a6310681940999d37b1be495e51ab25c8163f2

SHA256
9420661e708d42b855807ed2c29be0ce82614da7bc0d1875ab2d85a7d2218bfb

SHA512
4e8726fda86c740ee7f481db2749c1bed4e12fd4ae407cc0d80d599239068bd7bcd5f9d550cb8b460d2532542c742926ff9b2c81ff9bd9786a4840df0cd696fc

Download Submit
C:\Windows\System\RJVmjTA.exe

Filesize
2.7MB

MD5
694a0a60971f7d00c933c01e0dca4296

SHA1
e8ebc047d3a029bfbca1c5cd3ddbde9e21fe0e33

SHA256
506a8ce88fb7c4cbab67988dc5b76f0fdd833da519d8e41047616379c38dc91a

SHA512
4b6a4ba754a0289078a2672815bef45ae0082410150fa8c65a740207658eac6781f083a3ff84a1794f867b3c4893ffb7388deb547c7fcf85f0ed84d8f1645bfb

Download Submit
C:\Windows\System\VuvvbiD.exe

Filesize
2.7MB

MD5
685c02b418d4b43f2222e1b00fcb8348

SHA1
f5bec452e4487564c04049c64d7f16db52e00000

SHA256
f431901e49d9b4bf91051faaac29625fcac97a9c05f3e224379683ec74c35854

SHA512
9554c2df637810882a95ede586d1e8b85aea2534c73bf2a9c6715c64a38bcb646c433e6243581d402d64b38de98dca72e803d1410b32eac809fa3e1be29fe312

Download Submit
C:\Windows\System\YrTvRqo.exe

Filesize
2.7MB

MD5
0729130f58df27ec3a33e3e880250ec0

SHA1
60b151c2913c43e23a174bbcb7e8ed13e44aa97e

SHA256
7dcbad1952347ce106f3bdb1e0aced9611310696e9c003aec3dbc69b23e8b27f

SHA512
7624ef61e6310c29d3f10b4b1a2977e911f31350fd0c9656189532fa15e66784e7bcb26726bdc4b4a7a7b35d3da6517f47d275dc529263afb966691c33a30c0f

Download Submit
C:\Windows\System\aKnnIXe.exe

Filesize
2.7MB

MD5
caaf8153d84c2a544ae35a2f4952e523

SHA1
db43bed63a16ed4a2c77d6487ee5968660d7ef2b

SHA256
817d332e0859cd709703c7adda419f1e17cc5538dcd014197953a56cda1f0694

SHA512
11e5597ff58b3244c3a4aad9fdf672774e53d9f9892128714070ca2160ebea701c48325952532788c0e8f4177d8b46f1803ae71bcb8719f0a8d8499a743e5d65

Download Submit
C:\Windows\System\bDiotyQ.exe

Filesize
2.7MB

MD5
852adfca281e10f9e3b844c63de62de0

SHA1
963fa6e059b37b66fbd22dfef3c0104aecf65721

SHA256
dbbda708dfb68d99ea120cc8d12ba3d176f51eaf8ddffda53266e6042869529c

SHA512
98edbee2aee0ff0b10c94c8094c0d6e9695b5a90ca230ed66672a3902759e8923f7d1a2a8b64b0bb822da2994d671a8c53ffb15500c77cbcc3f56e4d039b1a88

Download Submit
C:\Windows\System\bUHrBWd.exe

Filesize
2.7MB

MD5
7cea74c08fd2d9ed9e4c09569c51ed3b

SHA1
06e84a43e375fe56d36469ebd18cd84317e552d6

SHA256
fb21387f07f016235ae78ebe3aa43dea5f994cadaadec348970cb2ba980c4275

SHA512
d2ffe20a41d6af8fe27f1ff69b01b2b51f17917c8fa68ea37becb1aace9c429c93ab16b5615885904b387fcbfaed168b5532e7397b1920ecfb36190b5a6b9649

Download Submit
C:\Windows\System\eLuEXMT.exe

Filesize
2.7MB

MD5
8deea5843e915cc58f96a649f4b78f2a

SHA1
35481b8945d3e6178a715a90d6ffd67d26fb6ab7

SHA256
7baab4880f0f35944eccb309f65c1c75beeabbda82a619aad1f3c4e933c01a5d

SHA512
245d1421d2909228932c675b872d0e0224c2958e04a8c173d800f060f0a8974dd3fd91ba42a52c0e5298e32058df70eb0daa934cfd3f5ed9836035e3e14948ed

Download Submit
C:\Windows\System\eRVdzTc.exe

Filesize
2.7MB

MD5
bb17faafab6139f49657caaf36e490b9

SHA1
bf02b4593b845b30d590558e93ddc798c9c49ca4

SHA256
3756edb39007ee4fefa0bba84911e0163d9dc232abb2e6a69ae741bdb36a31ea

SHA512
4bfd3e756692b014b1c7ae2c029135e0670e44ee07ff00035abbf734325790dae0e6cc5c1832dca698d99d962054c52004afc11df439f5cc750da6d6b8710ce7

Download Submit
C:\Windows\System\fDgAYFs.exe

Filesize
2.7MB

MD5
e91c46b7dcc78ad5c57cf7fb17965a7e

SHA1
23d046dd5a85e8f6f6afad0770b3b8265435b55f

SHA256
b62f130caf62fc77cfcd50227bd7332cf0fafeda93db32d902b094fe273ada69

SHA512
1cabddc97cbf1e4b352853b9977e320f7fe65214503f5a1708612901dda541fccadf8685fd0663b8550adcdef769c2bb3f479c1e2c21fe4e6db5bd8be0127c79

Download Submit
C:\Windows\System\fuZFPeF.exe

Filesize
2.7MB

MD5
adc29d5a6f3ac247a1abc05e968510ea

SHA1
ec9894dde3650de36fa8ea33fa9ecdda7aa54755

SHA256
a198f9a96eea32837f1276e9db1f529f2ed0c6902b54245971a17ea91cbfc361

SHA512
5f9d784bcde2f6dedf91099c7b7e847cd0903bbdb8c0803a31b54550cc0a038673da60d4f49cbd9074a8512f0116bd9e807c36e2063177f6946621dba760ddf0

Download Submit
C:\Windows\System\gbZTCvr.exe

Filesize
2.7MB

MD5
51030b872bb991b93a3d59c48f819cf4

SHA1
c84c653eeb75e71c7d95d77aaf9290382474bcd4

SHA256
db962b9e03ebc02d178fc37146ef7019fdeb56c7d3f51cc7ae6f28b75e78fb4b

SHA512
59794d8fcc60f8238badef3abb7b774afa013acf1aee430cbe67234d193ea18e7f31bd7b105114d58bf34b8691cd8c088ddcc16031413b7abd0c9fcb4c21ae29

Download Submit
C:\Windows\System\kthBJdU.exe

Filesize
2.7MB

MD5
dbce9bb7f1388f7590a2913e6cea2f81

SHA1
5660936a62b241b9b3e8453c4fde7a6bc9467917

SHA256
9d2de7ffc8cc5ef3b6be9317580ccb8fcfecdf4cdee2c58d2941d06ec45ffc27

SHA512
d10ae3f63fd4e4ae8e3d89a0be142f8f85a9a332910c0faca59db4c170c8ffc3451d2123a126aa50c2d0be72e7696ea4344e9493b12d12b97eae3b4a566775a8

Download Submit
C:\Windows\System\loEegDA.exe

Filesize
2.7MB

MD5
095682fb112d82ae62bb8e53427416a0

SHA1
709a12d5071b498da468c206a9afb3ac3b83a668

SHA256
653a75ef24e4610d528239b2511ca5dedd3e5010595555e99a198d2796e259df

SHA512
e44c6c8ce7c1418bf8be620cbc348b4986f03c924842f134717591182b130ce18b24d477e06944e0f7b0c591419e7bdd6be63162107b9c8dc3a0cd13e0c79ef7

Download Submit
C:\Windows\System\nZtGEpH.exe

Filesize
2.7MB

MD5
4cf6eda1b52576e3fbff91a2410e0245

SHA1
9ee8ef848dc9660ad1397d80518be218e7fd5052

SHA256
dcf4ad476004fc25921cf65c3c47b43e0643eda113eecb088fe79a8966fffd18

SHA512
1b9ee7c84eb38c087454f8c05d77498a597ae42e84b5a47f634c5f42719ef16fa1ac4a6df405bf0eecb4ae7b564390d82d83112a4bf2ff1ac85191cb7785ab61

Download Submit
C:\Windows\System\npFEDsw.exe

Filesize
2.7MB

MD5
67ab2e1a17cf7da25cc9c9b19c0e282f

SHA1
c9230ad92a5fd0f8c6353b1c6b35189f41c37e07

SHA256
8e1a9e89ca908fea14a840e58f8ff0e2d20fb76c583ffa7037af1e9a70c99b4a

SHA512
cb2be2be47f1240a4bf512ef7adc7d70438405136d9830b4af8342434d28a9c32038f63163ebae2998f9ef66d68efa980f14e8a6e7dee42ce58a6b03dfdb77f9

Download Submit
C:\Windows\System\qgtfoUL.exe

Filesize
2.7MB

MD5
3b686982a4e718833cc2c8163b079d1d

SHA1
e42992f41478b46c67a6ab72428f5afe41821361

SHA256
a8346dd1e5c459ae7c727f7b9c091f483880adf66d49428625b7a204d57123b2

SHA512
bc0c01e2cf1a44f5323b2db9526bda029179de24e710062f768d31ab8880dc25d0dc1402a3676200ca8e790ee83d44b252e691caf157b0e67fd073db639c6eb7

Download Submit
C:\Windows\System\sLCyaoP.exe

Filesize
2.7MB

MD5
6a4bfc93c329ce2654402a298648ff8c

SHA1
a5509f62ac5373bcc6f76a1724e375cb06f0b292

SHA256
c64500ff0e1c1d09d78f60a126a7b3ed148e885cca068521b5ec332164a8368b

SHA512
0ea9092fb57718ef475e0de2060f1f4bff0727012d6a02ea34c4f6124c151984bcb63e71dfd0719c6ac9297636e170246ed88800745a48b73ec2a8e23ab526b5

Download Submit
C:\Windows\System\sRajjhs.exe

Filesize
2.7MB

MD5
c946ba919caffc89e97ed6775b8ac7b0

SHA1
8d139536c95fc1fe12c7698b7c86e0d356062df7

SHA256
aea83f56ee3fa506ab60f10f0b3346216d717f8ec820e4cf70d7c1c1595f4bdd

SHA512
4fc9f022e3700b683b048b554adea3578d5ad5569fc02cbda9217cb2be4b649133837fb547299c179fe0ad7783e64f08e1671641a5a010961c88eec28cc8e413

Download Submit
C:\Windows\System\taCMVDk.exe

Filesize
2.7MB

MD5
c0fa9fb2bf767b667e06f82600537e9a

SHA1
c79742e502c7c14482603dc92ebe96667c8acf28

SHA256
7fb2376cd2a083b166310fc9ade4f9123eba95c2e7b09a19aa7836a645849bf4

SHA512
84de892fe2ed66bc607357add137ec82461a06903f4fc495d7e40abe6c09d65f190356d50a49db2c86c49a728f922a363d5b9f48defafbf4338a9da230e38f4f

Download Submit
C:\Windows\System\vTjsgwC.exe

Filesize
2.7MB

MD5
a92d7df064cfa1034dcaa0289ead1ae7

SHA1
7d855395edf796e408b044c42bb65ead3b962afc

SHA256
dde026587a3b89f3fcbff7526e0a6d5dcdbe14b206a3f4535673828656b99049

SHA512
ce7d31079cd7a4983ff186a61a0e0d78175a5c222ee589df71662fce62a5cd171f722ea6bcf48ba54c331d15afef0ae095d5fe662ce7c4fb2f95bda5b3ffa12e

Download Submit
memory/388-2125-0x00007FF6B7480000-0x00007FF6B77D4000-memory.dmp

Filesize
3.3MB

Download
memory/388-546-0x00007FF6B7480000-0x00007FF6B77D4000-memory.dmp

Filesize
3.3MB

Download
memory/884-569-0x00007FF67CA30000-0x00007FF67CD84000-memory.dmp

Filesize
3.3MB

Download
memory/884-2122-0x00007FF67CA30000-0x00007FF67CD84000-memory.dmp

Filesize
3.3MB

Download
memory/1008-544-0x00007FF613210000-0x00007FF613564000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2115-0x00007FF613210000-0x00007FF613564000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2126-0x00007FF6A6930000-0x00007FF6A6C84000-memory.dmp

Filesize
3.3MB

Download
memory/1044-554-0x00007FF6A6930000-0x00007FF6A6C84000-memory.dmp

Filesize
3.3MB

Download
memory/1416-548-0x00007FF692190000-0x00007FF6924E4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2129-0x00007FF692190000-0x00007FF6924E4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2119-0x00007FF6A3E60000-0x00007FF6A41B4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-551-0x00007FF6A3E60000-0x00007FF6A41B4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2117-0x00007FF6834F0000-0x00007FF683844000-memory.dmp

Filesize
3.3MB

Download
memory/2072-549-0x00007FF6834F0000-0x00007FF683844000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2127-0x00007FF7176B0000-0x00007FF717A04000-memory.dmp

Filesize
3.3MB

Download
memory/2576-563-0x00007FF7176B0000-0x00007FF717A04000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2097-0x00007FF79C6C0000-0x00007FF79CA14000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2101-0x00007FF79C6C0000-0x00007FF79CA14000-memory.dmp

Filesize
3.3MB

Download
memory/2596-11-0x00007FF79C6C0000-0x00007FF79CA14000-memory.dmp

Filesize
3.3MB

Download
memory/2800-49-0x00007FF694B40000-0x00007FF694E94000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2105-0x00007FF694B40000-0x00007FF694E94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2108-0x00007FF772AE0000-0x00007FF772E34000-memory.dmp

Filesize
3.3MB

Download
memory/2816-574-0x00007FF772AE0000-0x00007FF772E34000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2123-0x00007FF670B60000-0x00007FF670EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-568-0x00007FF670B60000-0x00007FF670EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-547-0x00007FF7FACA0000-0x00007FF7FAFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2128-0x00007FF7FACA0000-0x00007FF7FAFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2114-0x00007FF7ECC20000-0x00007FF7ECF74000-memory.dmp

Filesize
3.3MB

Download
memory/2912-543-0x00007FF7ECC20000-0x00007FF7ECF74000-memory.dmp

Filesize
3.3MB

Download
memory/2964-0-0x00007FF653B20000-0x00007FF653E74000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1-0x000001AD07580000-0x000001AD07590000-memory.dmp

Filesize
64KB

Download
memory/3032-32-0x00007FF7D5A10000-0x00007FF7D5D64000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2104-0x00007FF7D5A10000-0x00007FF7D5D64000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2099-0x00007FF7D5A10000-0x00007FF7D5D64000-memory.dmp

Filesize
3.3MB

Download
memory/3188-2103-0x00007FF60B0B0000-0x00007FF60B404000-memory.dmp

Filesize
3.3MB

Download
memory/3188-2098-0x00007FF60B0B0000-0x00007FF60B404000-memory.dmp

Filesize
3.3MB

Download
memory/3188-26-0x00007FF60B0B0000-0x00007FF60B404000-memory.dmp

Filesize
3.3MB

Download
memory/3312-2110-0x00007FF6865D0000-0x00007FF686924000-memory.dmp

Filesize
3.3MB

Download
memory/3312-572-0x00007FF6865D0000-0x00007FF686924000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2109-0x00007FF658D60000-0x00007FF6590B4000-memory.dmp

Filesize
3.3MB

Download
memory/3424-539-0x00007FF658D60000-0x00007FF6590B4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2102-0x00007FF754A70000-0x00007FF754DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-23-0x00007FF754A70000-0x00007FF754DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2113-0x00007FF725130000-0x00007FF725484000-memory.dmp

Filesize
3.3MB

Download
memory/4004-542-0x00007FF725130000-0x00007FF725484000-memory.dmp

Filesize
3.3MB

Download
memory/4204-35-0x00007FF6E8470000-0x00007FF6E87C4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2106-0x00007FF6E8470000-0x00007FF6E87C4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2100-0x00007FF6E8470000-0x00007FF6E87C4000-memory.dmp

Filesize
3.3MB

Download
memory/4288-2116-0x00007FF642C10000-0x00007FF642F64000-memory.dmp

Filesize
3.3MB

Download
memory/4288-545-0x00007FF642C10000-0x00007FF642F64000-memory.dmp

Filesize
3.3MB

Download
memory/4440-2111-0x00007FF7A1960000-0x00007FF7A1CB4000-memory.dmp

Filesize
3.3MB

Download
memory/4440-540-0x00007FF7A1960000-0x00007FF7A1CB4000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2124-0x00007FF7D53A0000-0x00007FF7D56F4000-memory.dmp

Filesize
3.3MB

Download
memory/4488-567-0x00007FF7D53A0000-0x00007FF7D56F4000-memory.dmp

Filesize
3.3MB

Download
memory/4516-541-0x00007FF616120000-0x00007FF616474000-memory.dmp

Filesize
3.3MB

Download
memory/4516-2112-0x00007FF616120000-0x00007FF616474000-memory.dmp

Filesize
3.3MB

Download
memory/4764-552-0x00007FF72D870000-0x00007FF72DBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2121-0x00007FF72D870000-0x00007FF72DBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2120-0x00007FF622EF0000-0x00007FF623244000-memory.dmp

Filesize
3.3MB

Download
memory/4868-553-0x00007FF622EF0000-0x00007FF623244000-memory.dmp

Filesize
3.3MB

Download
memory/4956-538-0x00007FF6E6190000-0x00007FF6E64E4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2107-0x00007FF6E6190000-0x00007FF6E64E4000-memory.dmp

Filesize
3.3MB

Download
memory/5112-550-0x00007FF7B4F00000-0x00007FF7B5254000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2118-0x00007FF7B4F00000-0x00007FF7B5254000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads