xmrig | 5e3f1e8f8d2a56cffe4ae54206b5d82c2ecd1346a04c824e95d2a2928d9656ab

Analysis

max time kernel
148s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
Size

2.1MB
MD5

299f80ad7f8170c1ec508c9a00363e10
SHA1

0b7feb990848c5840782f92893e2d81528a0267a
SHA256

5e3f1e8f8d2a56cffe4ae54206b5d82c2ecd1346a04c824e95d2a2928d9656ab
SHA512

0efd8aeebaaf21c451778312bad3f226140ba82a81a74b963dda7c51f294fcc5b02b7144e9674197c835986fd596d639a234c20eae9c247b878e6051990245ad
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxxZeLdi:BemTLkNdfE0pZrQh

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3412-0-0x00007FF6FF660000-0x00007FF6FF9B4000-memory.dmp	xmrig
behavioral2/files/0x0004000000023266-5.dat	xmrig
behavioral2/files/0x000900000002340b-13.dat	xmrig
behavioral2/files/0x000700000002340e-39.dat	xmrig
behavioral2/files/0x000700000002340f-27.dat	xmrig
behavioral2/memory/1576-26-0x00007FF638570000-0x00007FF6388C4000-memory.dmp	xmrig
behavioral2/files/0x000800000002340d-21.dat	xmrig
behavioral2/memory/404-36-0x00007FF7B44B0000-0x00007FF7B4804000-memory.dmp	xmrig
behavioral2/memory/3972-55-0x00007FF7022A0000-0x00007FF7025F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-70.dat	xmrig
behavioral2/files/0x0007000000023414-86.dat	xmrig
behavioral2/files/0x0007000000023419-134.dat	xmrig
behavioral2/files/0x000700000002341d-114.dat	xmrig
behavioral2/files/0x000700000002341e-158.dat	xmrig
behavioral2/files/0x000700000002342e-191.dat	xmrig
behavioral2/memory/412-208-0x00007FF622560000-0x00007FF6228B4000-memory.dmp	xmrig
behavioral2/memory/3528-216-0x00007FF6AA810000-0x00007FF6AAB64000-memory.dmp	xmrig
behavioral2/memory/1388-215-0x00007FF64E6A0000-0x00007FF64E9F4000-memory.dmp	xmrig
behavioral2/memory/4900-214-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp	xmrig
behavioral2/memory/1188-213-0x00007FF686DA0000-0x00007FF6870F4000-memory.dmp	xmrig
behavioral2/memory/1588-212-0x00007FF7B1BE0000-0x00007FF7B1F34000-memory.dmp	xmrig
behavioral2/memory/1960-211-0x00007FF7F29F0000-0x00007FF7F2D44000-memory.dmp	xmrig
behavioral2/memory/3184-210-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp	xmrig
behavioral2/memory/1892-209-0x00007FF729340000-0x00007FF729694000-memory.dmp	xmrig
behavioral2/memory/3884-207-0x00007FF67AE20000-0x00007FF67B174000-memory.dmp	xmrig
behavioral2/memory/4356-204-0x00007FF7B1FB0000-0x00007FF7B2304000-memory.dmp	xmrig
behavioral2/memory/3812-203-0x00007FF6C69D0000-0x00007FF6C6D24000-memory.dmp	xmrig
behavioral2/memory/392-199-0x00007FF7985E0000-0x00007FF798934000-memory.dmp	xmrig
behavioral2/memory/2128-198-0x00007FF695010000-0x00007FF695364000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-185.dat	xmrig
behavioral2/memory/1908-183-0x00007FF71A1C0000-0x00007FF71A514000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-180.dat	xmrig
behavioral2/memory/3868-176-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-171.dat	xmrig
behavioral2/files/0x000700000002342b-169.dat	xmrig
behavioral2/files/0x0007000000023424-165.dat	xmrig
behavioral2/files/0x000700000002342a-164.dat	xmrig
behavioral2/files/0x0007000000023423-162.dat	xmrig
behavioral2/files/0x0007000000023429-160.dat	xmrig
behavioral2/memory/440-154-0x00007FF65CAF0000-0x00007FF65CE44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-153.dat	xmrig
behavioral2/memory/1832-152-0x00007FF63FCA0000-0x00007FF63FFF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-151.dat	xmrig
behavioral2/files/0x0007000000023421-145.dat	xmrig
behavioral2/files/0x000700000002341f-141.dat	xmrig
behavioral2/memory/4936-138-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp	xmrig
behavioral2/memory/1296-137-0x00007FF722D10000-0x00007FF723064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-132.dat	xmrig
behavioral2/files/0x0007000000023417-130.dat	xmrig
behavioral2/files/0x0007000000023426-128.dat	xmrig
behavioral2/files/0x0007000000023425-127.dat	xmrig
behavioral2/files/0x0007000000023420-123.dat	xmrig
behavioral2/files/0x0007000000023413-120.dat	xmrig
behavioral2/files/0x000700000002341b-118.dat	xmrig
behavioral2/memory/1016-112-0x00007FF6EC3F0000-0x00007FF6EC744000-memory.dmp	xmrig
behavioral2/memory/1556-108-0x00007FF602280000-0x00007FF6025D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-105.dat	xmrig
behavioral2/files/0x000700000002341c-99.dat	xmrig
behavioral2/files/0x0007000000023416-95.dat	xmrig
behavioral2/files/0x000700000002341a-89.dat	xmrig
behavioral2/memory/1008-85-0x00007FF6DEA70000-0x00007FF6DEDC4000-memory.dmp	xmrig
behavioral2/memory/4732-82-0x00007FF680CC0000-0x00007FF681014000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-91.dat	xmrig
behavioral2/memory/1168-63-0x00007FF61C6A0000-0x00007FF61C9F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3364	KXtwktI.exe
1576	TVfEyHH.exe
404	sqUVDGC.exe
3184	pnUTLoK.exe
3972	LbfARMa.exe
1960	ktrMfjB.exe
1168	dCZBGWC.exe
1588	VkfVlWd.exe
4732	jtpcgzH.exe
1008	zfMndpW.exe
1188	DwhcfYN.exe
4900	WCtXOgH.exe
1556	WNVCYrT.exe
1016	aAzKRzf.exe
1296	KVyXfAv.exe
4936	eNdlGks.exe
1832	kKsmdww.exe
440	GJfCDXW.exe
1388	ESHiALQ.exe
3868	OhKUuxG.exe
1908	OaYLsHs.exe
2128	dhBhLLO.exe
1892	yxLHapW.exe
3528	NMzliCz.exe
392	WkAvRBy.exe
3812	rVPJnya.exe
4356	MrENyWr.exe
3884	ZCbQQGG.exe
412	KJXHnTf.exe
4304	BmLWqIn.exe
2864	jrMfHfG.exe
4180	vMgrKsq.exe
4064	ZnZbyVC.exe
1672	JzviHUp.exe
4008	nXmtuAV.exe
4252	xeHKnyK.exe
1340	EYCkUDa.exe
1324	jwIsDoU.exe
3952	KOQCIMO.exe
2340	fVpPLrC.exe
2016	CNaLIMW.exe
1448	UdZTpEG.exe
1828	CWdqVLR.exe
3648	triuUay.exe
4884	zzzrLpY.exe
2968	hMVoUtO.exe
1688	SewvhUS.exe
1628	GGVjjvx.exe
2460	muyVzeQ.exe
456	csNXltM.exe
4424	iIoTXdv.exe
4556	zOiWNLb.exe
3120	iomrOuG.exe
2432	UlYLzRN.exe
4764	xAPhtBo.exe
1956	HVnSdAp.exe
2732	OsGDkLZ.exe
1440	LMEbjTO.exe
2724	zRzgeTJ.exe
4880	ZRWqHVo.exe
1020	yrMtgpB.exe
1572	ztrTNlU.exe
1568	BpkahUW.exe
3024	mHGGjaE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3412-0-0x00007FF6FF660000-0x00007FF6FF9B4000-memory.dmp	upx
behavioral2/files/0x0004000000023266-5.dat	upx
behavioral2/files/0x000900000002340b-13.dat	upx
behavioral2/files/0x000700000002340e-39.dat	upx
behavioral2/files/0x000700000002340f-27.dat	upx
behavioral2/memory/1576-26-0x00007FF638570000-0x00007FF6388C4000-memory.dmp	upx
behavioral2/files/0x000800000002340d-21.dat	upx
behavioral2/memory/404-36-0x00007FF7B44B0000-0x00007FF7B4804000-memory.dmp	upx
behavioral2/memory/3972-55-0x00007FF7022A0000-0x00007FF7025F4000-memory.dmp	upx
behavioral2/files/0x0007000000023410-70.dat	upx
behavioral2/files/0x0007000000023414-86.dat	upx
behavioral2/files/0x0007000000023419-134.dat	upx
behavioral2/files/0x000700000002341d-114.dat	upx
behavioral2/files/0x000700000002341e-158.dat	upx
behavioral2/files/0x000700000002342e-191.dat	upx
behavioral2/memory/412-208-0x00007FF622560000-0x00007FF6228B4000-memory.dmp	upx
behavioral2/memory/3528-216-0x00007FF6AA810000-0x00007FF6AAB64000-memory.dmp	upx
behavioral2/memory/1388-215-0x00007FF64E6A0000-0x00007FF64E9F4000-memory.dmp	upx
behavioral2/memory/4900-214-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp	upx
behavioral2/memory/1188-213-0x00007FF686DA0000-0x00007FF6870F4000-memory.dmp	upx
behavioral2/memory/1588-212-0x00007FF7B1BE0000-0x00007FF7B1F34000-memory.dmp	upx
behavioral2/memory/1960-211-0x00007FF7F29F0000-0x00007FF7F2D44000-memory.dmp	upx
behavioral2/memory/3184-210-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp	upx
behavioral2/memory/1892-209-0x00007FF729340000-0x00007FF729694000-memory.dmp	upx
behavioral2/memory/3884-207-0x00007FF67AE20000-0x00007FF67B174000-memory.dmp	upx
behavioral2/memory/4356-204-0x00007FF7B1FB0000-0x00007FF7B2304000-memory.dmp	upx
behavioral2/memory/3812-203-0x00007FF6C69D0000-0x00007FF6C6D24000-memory.dmp	upx
behavioral2/memory/392-199-0x00007FF7985E0000-0x00007FF798934000-memory.dmp	upx
behavioral2/memory/2128-198-0x00007FF695010000-0x00007FF695364000-memory.dmp	upx
behavioral2/files/0x000700000002342d-185.dat	upx
behavioral2/memory/1908-183-0x00007FF71A1C0000-0x00007FF71A514000-memory.dmp	upx
behavioral2/files/0x000700000002342c-180.dat	upx
behavioral2/memory/3868-176-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp	upx
behavioral2/files/0x0007000000023427-171.dat	upx
behavioral2/files/0x000700000002342b-169.dat	upx
behavioral2/files/0x0007000000023424-165.dat	upx
behavioral2/files/0x000700000002342a-164.dat	upx
behavioral2/files/0x0007000000023423-162.dat	upx
behavioral2/files/0x0007000000023429-160.dat	upx
behavioral2/memory/440-154-0x00007FF65CAF0000-0x00007FF65CE44000-memory.dmp	upx
behavioral2/files/0x0007000000023422-153.dat	upx
behavioral2/memory/1832-152-0x00007FF63FCA0000-0x00007FF63FFF4000-memory.dmp	upx
behavioral2/files/0x0007000000023428-151.dat	upx
behavioral2/files/0x0007000000023421-145.dat	upx
behavioral2/files/0x000700000002341f-141.dat	upx
behavioral2/memory/4936-138-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp	upx
behavioral2/memory/1296-137-0x00007FF722D10000-0x00007FF723064000-memory.dmp	upx
behavioral2/files/0x0007000000023418-132.dat	upx
behavioral2/files/0x0007000000023417-130.dat	upx
behavioral2/files/0x0007000000023426-128.dat	upx
behavioral2/files/0x0007000000023425-127.dat	upx
behavioral2/files/0x0007000000023420-123.dat	upx
behavioral2/files/0x0007000000023413-120.dat	upx
behavioral2/files/0x000700000002341b-118.dat	upx
behavioral2/memory/1016-112-0x00007FF6EC3F0000-0x00007FF6EC744000-memory.dmp	upx
behavioral2/memory/1556-108-0x00007FF602280000-0x00007FF6025D4000-memory.dmp	upx
behavioral2/files/0x0007000000023415-105.dat	upx
behavioral2/files/0x000700000002341c-99.dat	upx
behavioral2/files/0x0007000000023416-95.dat	upx
behavioral2/files/0x000700000002341a-89.dat	upx
behavioral2/memory/1008-85-0x00007FF6DEA70000-0x00007FF6DEDC4000-memory.dmp	upx
behavioral2/memory/4732-82-0x00007FF680CC0000-0x00007FF681014000-memory.dmp	upx
behavioral2/files/0x0007000000023412-91.dat	upx
behavioral2/memory/1168-63-0x00007FF61C6A0000-0x00007FF61C9F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MvbZyJa.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\DYRSgox.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\zVWNpeB.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\DSCvuWk.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\ledyccU.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\wPKLNAD.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\oEpEYja.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\InQxwjL.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\bhNESRI.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\JTfCORv.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\YKnhVwX.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\FeIETvm.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\rtyszSk.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\KcbrPaz.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\efTRaxA.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\JHzIRDl.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\wpEKYVl.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\kWFMNoS.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\RKIVizL.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\NAdDrBv.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\MQgJwPH.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\gNraAVK.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\cIOWYgK.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\zFBAcrK.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\PypTxBf.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\JPOaMxD.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\NSBtuKG.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\sTUNFqF.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\cVObDBy.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\hPmUJKo.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\nBxlprF.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\nXmtuAV.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\oRbLyBy.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\PNMYkbL.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\FlVAYxd.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\eRhOZoj.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\OcwXxiK.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\HoGWgcS.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\lkKsYYJ.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\UXQmOHq.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\PWtVnyw.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\vBDWBiw.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\xeHKnyK.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\muyVzeQ.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\VAXYPhL.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\ZZbiTOY.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\MRPlfid.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\GJiXygt.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\GjcChhb.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\LAdKxoB.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\zLfPlNr.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\MIUyYXQ.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\IJgRwGY.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\zUmQoba.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\PtmZzqp.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\qGGGZTr.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\Iymnhat.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\aUsbwnC.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\XpTHFln.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\ZSdAWaC.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\YoXicqk.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\VzlkVIV.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\wzIxZst.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
File created	C:\Windows\System\rFfyfEp.exe	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14896	dwm.exe
Token: SeChangeNotifyPrivilege	14896	dwm.exe
Token: 33	14896	dwm.exe
Token: SeIncBasePriorityPrivilege	14896	dwm.exe
Token: SeShutdownPrivilege	14896	dwm.exe
Token: SeCreatePagefilePrivilege	14896	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 3364	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	85
PID 3412 wrote to memory of 3364	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	85
PID 3412 wrote to memory of 1576	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	86
PID 3412 wrote to memory of 1576	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	86
PID 3412 wrote to memory of 404	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	87
PID 3412 wrote to memory of 404	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	87
PID 3412 wrote to memory of 3184	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	88
PID 3412 wrote to memory of 3184	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	88
PID 3412 wrote to memory of 3972	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	89
PID 3412 wrote to memory of 3972	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	89
PID 3412 wrote to memory of 1960	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	90
PID 3412 wrote to memory of 1960	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	90
PID 3412 wrote to memory of 1168	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	91
PID 3412 wrote to memory of 1168	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	91
PID 3412 wrote to memory of 1588	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	92
PID 3412 wrote to memory of 1588	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	92
PID 3412 wrote to memory of 4732	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	93
PID 3412 wrote to memory of 4732	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	93
PID 3412 wrote to memory of 1008	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	94
PID 3412 wrote to memory of 1008	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	94
PID 3412 wrote to memory of 1556	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	95
PID 3412 wrote to memory of 1556	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	95
PID 3412 wrote to memory of 1188	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	96
PID 3412 wrote to memory of 1188	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	96
PID 3412 wrote to memory of 4900	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	97
PID 3412 wrote to memory of 4900	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	97
PID 3412 wrote to memory of 1016	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	98
PID 3412 wrote to memory of 1016	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	98
PID 3412 wrote to memory of 1296	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	99
PID 3412 wrote to memory of 1296	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	99
PID 3412 wrote to memory of 4936	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	100
PID 3412 wrote to memory of 4936	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	100
PID 3412 wrote to memory of 1832	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	101
PID 3412 wrote to memory of 1832	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	101
PID 3412 wrote to memory of 440	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	102
PID 3412 wrote to memory of 440	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	102
PID 3412 wrote to memory of 1892	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	103
PID 3412 wrote to memory of 1892	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	103
PID 3412 wrote to memory of 1388	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	104
PID 3412 wrote to memory of 1388	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	104
PID 3412 wrote to memory of 3868	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	105
PID 3412 wrote to memory of 3868	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	105
PID 3412 wrote to memory of 1908	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	106
PID 3412 wrote to memory of 1908	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	106
PID 3412 wrote to memory of 2128	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	107
PID 3412 wrote to memory of 2128	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	107
PID 3412 wrote to memory of 3528	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	108
PID 3412 wrote to memory of 3528	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	108
PID 3412 wrote to memory of 392	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	109
PID 3412 wrote to memory of 392	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	109
PID 3412 wrote to memory of 3812	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	110
PID 3412 wrote to memory of 3812	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	110
PID 3412 wrote to memory of 4356	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	111
PID 3412 wrote to memory of 4356	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	111
PID 3412 wrote to memory of 3884	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	112
PID 3412 wrote to memory of 3884	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	112
PID 3412 wrote to memory of 412	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	113
PID 3412 wrote to memory of 412	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	113
PID 3412 wrote to memory of 4304	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	114
PID 3412 wrote to memory of 4304	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	114
PID 3412 wrote to memory of 2864	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	115
PID 3412 wrote to memory of 2864	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	115
PID 3412 wrote to memory of 4180	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	116
PID 3412 wrote to memory of 4180	3412	299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\299f80ad7f8170c1ec508c9a00363e10_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Windows\System\KXtwktI.exe
  C:\Windows\System\KXtwktI.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\TVfEyHH.exe
  C:\Windows\System\TVfEyHH.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\sqUVDGC.exe
  C:\Windows\System\sqUVDGC.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\pnUTLoK.exe
  C:\Windows\System\pnUTLoK.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\LbfARMa.exe
  C:\Windows\System\LbfARMa.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\ktrMfjB.exe
  C:\Windows\System\ktrMfjB.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\dCZBGWC.exe
  C:\Windows\System\dCZBGWC.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\VkfVlWd.exe
  C:\Windows\System\VkfVlWd.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\jtpcgzH.exe
  C:\Windows\System\jtpcgzH.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\zfMndpW.exe
  C:\Windows\System\zfMndpW.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\WNVCYrT.exe
  C:\Windows\System\WNVCYrT.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\DwhcfYN.exe
  C:\Windows\System\DwhcfYN.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\WCtXOgH.exe
  C:\Windows\System\WCtXOgH.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\aAzKRzf.exe
  C:\Windows\System\aAzKRzf.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\KVyXfAv.exe
  C:\Windows\System\KVyXfAv.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\eNdlGks.exe
  C:\Windows\System\eNdlGks.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\kKsmdww.exe
  C:\Windows\System\kKsmdww.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\GJfCDXW.exe
  C:\Windows\System\GJfCDXW.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\yxLHapW.exe
  C:\Windows\System\yxLHapW.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\ESHiALQ.exe
  C:\Windows\System\ESHiALQ.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\OhKUuxG.exe
  C:\Windows\System\OhKUuxG.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\OaYLsHs.exe
  C:\Windows\System\OaYLsHs.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\dhBhLLO.exe
  C:\Windows\System\dhBhLLO.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\NMzliCz.exe
  C:\Windows\System\NMzliCz.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\WkAvRBy.exe
  C:\Windows\System\WkAvRBy.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\rVPJnya.exe
  C:\Windows\System\rVPJnya.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\MrENyWr.exe
  C:\Windows\System\MrENyWr.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\ZCbQQGG.exe
  C:\Windows\System\ZCbQQGG.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\KJXHnTf.exe
  C:\Windows\System\KJXHnTf.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\BmLWqIn.exe
  C:\Windows\System\BmLWqIn.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\jrMfHfG.exe
  C:\Windows\System\jrMfHfG.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\vMgrKsq.exe
  C:\Windows\System\vMgrKsq.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\ZnZbyVC.exe
  C:\Windows\System\ZnZbyVC.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\JzviHUp.exe
  C:\Windows\System\JzviHUp.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\nXmtuAV.exe
  C:\Windows\System\nXmtuAV.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\xeHKnyK.exe
  C:\Windows\System\xeHKnyK.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\EYCkUDa.exe
  C:\Windows\System\EYCkUDa.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\jwIsDoU.exe
  C:\Windows\System\jwIsDoU.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\KOQCIMO.exe
  C:\Windows\System\KOQCIMO.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\fVpPLrC.exe
  C:\Windows\System\fVpPLrC.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\CNaLIMW.exe
  C:\Windows\System\CNaLIMW.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\UdZTpEG.exe
  C:\Windows\System\UdZTpEG.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\CWdqVLR.exe
  C:\Windows\System\CWdqVLR.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\triuUay.exe
  C:\Windows\System\triuUay.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\zzzrLpY.exe
  C:\Windows\System\zzzrLpY.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\hMVoUtO.exe
  C:\Windows\System\hMVoUtO.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\SewvhUS.exe
  C:\Windows\System\SewvhUS.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\GGVjjvx.exe
  C:\Windows\System\GGVjjvx.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\muyVzeQ.exe
  C:\Windows\System\muyVzeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\csNXltM.exe
  C:\Windows\System\csNXltM.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\iIoTXdv.exe
  C:\Windows\System\iIoTXdv.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\zOiWNLb.exe
  C:\Windows\System\zOiWNLb.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\iomrOuG.exe
  C:\Windows\System\iomrOuG.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\UlYLzRN.exe
  C:\Windows\System\UlYLzRN.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\xAPhtBo.exe
  C:\Windows\System\xAPhtBo.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\HVnSdAp.exe
  C:\Windows\System\HVnSdAp.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\OsGDkLZ.exe
  C:\Windows\System\OsGDkLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\LMEbjTO.exe
  C:\Windows\System\LMEbjTO.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\zRzgeTJ.exe
  C:\Windows\System\zRzgeTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ZRWqHVo.exe
  C:\Windows\System\ZRWqHVo.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\yrMtgpB.exe
  C:\Windows\System\yrMtgpB.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\ztrTNlU.exe
  C:\Windows\System\ztrTNlU.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\BpkahUW.exe
  C:\Windows\System\BpkahUW.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\mHGGjaE.exe
  C:\Windows\System\mHGGjaE.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\qdgDYZw.exe
  C:\Windows\System\qdgDYZw.exe
  2⤵
  PID:4692
- C:\Windows\System\EPoeHEd.exe
  C:\Windows\System\EPoeHEd.exe
  2⤵
  PID:2264
- C:\Windows\System\HvsAAWH.exe
  C:\Windows\System\HvsAAWH.exe
  2⤵
  PID:4132
- C:\Windows\System\zHJjoXD.exe
  C:\Windows\System\zHJjoXD.exe
  2⤵
  PID:3016
- C:\Windows\System\zqUwqkI.exe
  C:\Windows\System\zqUwqkI.exe
  2⤵
  PID:3060
- C:\Windows\System\ARHdrvH.exe
  C:\Windows\System\ARHdrvH.exe
  2⤵
  PID:4484
- C:\Windows\System\cjMnNkt.exe
  C:\Windows\System\cjMnNkt.exe
  2⤵
  PID:5032
- C:\Windows\System\AiGFClI.exe
  C:\Windows\System\AiGFClI.exe
  2⤵
  PID:3712
- C:\Windows\System\wUKReES.exe
  C:\Windows\System\wUKReES.exe
  2⤵
  PID:4620
- C:\Windows\System\fawJmki.exe
  C:\Windows\System\fawJmki.exe
  2⤵
  PID:1676
- C:\Windows\System\TIwqklB.exe
  C:\Windows\System\TIwqklB.exe
  2⤵
  PID:1228
- C:\Windows\System\dKJvFlw.exe
  C:\Windows\System\dKJvFlw.exe
  2⤵
  PID:1912
- C:\Windows\System\PajYaxN.exe
  C:\Windows\System\PajYaxN.exe
  2⤵
  PID:4988
- C:\Windows\System\HPqETLL.exe
  C:\Windows\System\HPqETLL.exe
  2⤵
  PID:2172
- C:\Windows\System\VHuNOFi.exe
  C:\Windows\System\VHuNOFi.exe
  2⤵
  PID:3096
- C:\Windows\System\InQxwjL.exe
  C:\Windows\System\InQxwjL.exe
  2⤵
  PID:2024
- C:\Windows\System\zbpzeAz.exe
  C:\Windows\System\zbpzeAz.exe
  2⤵
  PID:1964
- C:\Windows\System\BjyvosY.exe
  C:\Windows\System\BjyvosY.exe
  2⤵
  PID:4552
- C:\Windows\System\oUPGVTJ.exe
  C:\Windows\System\oUPGVTJ.exe
  2⤵
  PID:3976
- C:\Windows\System\LitSEYV.exe
  C:\Windows\System\LitSEYV.exe
  2⤵
  PID:2992
- C:\Windows\System\bCgZqLy.exe
  C:\Windows\System\bCgZqLy.exe
  2⤵
  PID:5096
- C:\Windows\System\OsAuNzQ.exe
  C:\Windows\System\OsAuNzQ.exe
  2⤵
  PID:4568
- C:\Windows\System\MSgucZr.exe
  C:\Windows\System\MSgucZr.exe
  2⤵
  PID:3564
- C:\Windows\System\eRcNbxG.exe
  C:\Windows\System\eRcNbxG.exe
  2⤵
  PID:3144
- C:\Windows\System\DSCvuWk.exe
  C:\Windows\System\DSCvuWk.exe
  2⤵
  PID:3476
- C:\Windows\System\holXNFQ.exe
  C:\Windows\System\holXNFQ.exe
  2⤵
  PID:4896
- C:\Windows\System\ACRRDZD.exe
  C:\Windows\System\ACRRDZD.exe
  2⤵
  PID:728
- C:\Windows\System\TPniBso.exe
  C:\Windows\System\TPniBso.exe
  2⤵
  PID:4560
- C:\Windows\System\lEzPCUt.exe
  C:\Windows\System\lEzPCUt.exe
  2⤵
  PID:2376
- C:\Windows\System\GJiXygt.exe
  C:\Windows\System\GJiXygt.exe
  2⤵
  PID:4564
- C:\Windows\System\glTLnLH.exe
  C:\Windows\System\glTLnLH.exe
  2⤵
  PID:2116
- C:\Windows\System\OkAtbms.exe
  C:\Windows\System\OkAtbms.exe
  2⤵
  PID:4148
- C:\Windows\System\dRcMSiI.exe
  C:\Windows\System\dRcMSiI.exe
  2⤵
  PID:3056
- C:\Windows\System\DmKIiYJ.exe
  C:\Windows\System\DmKIiYJ.exe
  2⤵
  PID:4296
- C:\Windows\System\DuXjJqU.exe
  C:\Windows\System\DuXjJqU.exe
  2⤵
  PID:5016
- C:\Windows\System\HqZEFTw.exe
  C:\Windows\System\HqZEFTw.exe
  2⤵
  PID:4448
- C:\Windows\System\jRKNxig.exe
  C:\Windows\System\jRKNxig.exe
  2⤵
  PID:3656
- C:\Windows\System\Eggzcpb.exe
  C:\Windows\System\Eggzcpb.exe
  2⤵
  PID:5128
- C:\Windows\System\bhNESRI.exe
  C:\Windows\System\bhNESRI.exe
  2⤵
  PID:5172
- C:\Windows\System\PHRPWck.exe
  C:\Windows\System\PHRPWck.exe
  2⤵
  PID:5200
- C:\Windows\System\txyMVfM.exe
  C:\Windows\System\txyMVfM.exe
  2⤵
  PID:5228
- C:\Windows\System\fGQSaHH.exe
  C:\Windows\System\fGQSaHH.exe
  2⤵
  PID:5248
- C:\Windows\System\nASvNRM.exe
  C:\Windows\System\nASvNRM.exe
  2⤵
  PID:5284
- C:\Windows\System\qKgdGKJ.exe
  C:\Windows\System\qKgdGKJ.exe
  2⤵
  PID:5312
- C:\Windows\System\lLbqonl.exe
  C:\Windows\System\lLbqonl.exe
  2⤵
  PID:5344
- C:\Windows\System\slmKhMN.exe
  C:\Windows\System\slmKhMN.exe
  2⤵
  PID:5372
- C:\Windows\System\QBdfOqW.exe
  C:\Windows\System\QBdfOqW.exe
  2⤵
  PID:5408
- C:\Windows\System\sTUNFqF.exe
  C:\Windows\System\sTUNFqF.exe
  2⤵
  PID:5436
- C:\Windows\System\dTlZRqw.exe
  C:\Windows\System\dTlZRqw.exe
  2⤵
  PID:5472
- C:\Windows\System\MyJrpJZ.exe
  C:\Windows\System\MyJrpJZ.exe
  2⤵
  PID:5496
- C:\Windows\System\tkJdQRw.exe
  C:\Windows\System\tkJdQRw.exe
  2⤵
  PID:5524
- C:\Windows\System\SbEsGtB.exe
  C:\Windows\System\SbEsGtB.exe
  2⤵
  PID:5556
- C:\Windows\System\JTfCORv.exe
  C:\Windows\System\JTfCORv.exe
  2⤵
  PID:5584
- C:\Windows\System\AMQNWya.exe
  C:\Windows\System\AMQNWya.exe
  2⤵
  PID:5612
- C:\Windows\System\zChmRaY.exe
  C:\Windows\System\zChmRaY.exe
  2⤵
  PID:5640
- C:\Windows\System\YzhlNJT.exe
  C:\Windows\System\YzhlNJT.exe
  2⤵
  PID:5664
- C:\Windows\System\KcbrPaz.exe
  C:\Windows\System\KcbrPaz.exe
  2⤵
  PID:5700
- C:\Windows\System\QqauJCU.exe
  C:\Windows\System\QqauJCU.exe
  2⤵
  PID:5732
- C:\Windows\System\mUUVXKB.exe
  C:\Windows\System\mUUVXKB.exe
  2⤵
  PID:5764
- C:\Windows\System\FAYVkiJ.exe
  C:\Windows\System\FAYVkiJ.exe
  2⤵
  PID:5800
- C:\Windows\System\KipMhAu.exe
  C:\Windows\System\KipMhAu.exe
  2⤵
  PID:5836
- C:\Windows\System\qeJwMAy.exe
  C:\Windows\System\qeJwMAy.exe
  2⤵
  PID:5876
- C:\Windows\System\uikkbEd.exe
  C:\Windows\System\uikkbEd.exe
  2⤵
  PID:5904
- C:\Windows\System\JSddkzn.exe
  C:\Windows\System\JSddkzn.exe
  2⤵
  PID:5940
- C:\Windows\System\nXLvWWk.exe
  C:\Windows\System\nXLvWWk.exe
  2⤵
  PID:5964
- C:\Windows\System\nndXQmZ.exe
  C:\Windows\System\nndXQmZ.exe
  2⤵
  PID:5996
- C:\Windows\System\cXjVxFZ.exe
  C:\Windows\System\cXjVxFZ.exe
  2⤵
  PID:6032
- C:\Windows\System\xKTzvBr.exe
  C:\Windows\System\xKTzvBr.exe
  2⤵
  PID:6060
- C:\Windows\System\NaQSLjG.exe
  C:\Windows\System\NaQSLjG.exe
  2⤵
  PID:6100
- C:\Windows\System\RUsbylI.exe
  C:\Windows\System\RUsbylI.exe
  2⤵
  PID:6132
- C:\Windows\System\onIdqna.exe
  C:\Windows\System\onIdqna.exe
  2⤵
  PID:5156
- C:\Windows\System\wtMVvrJ.exe
  C:\Windows\System\wtMVvrJ.exe
  2⤵
  PID:5236
- C:\Windows\System\dVFGmmI.exe
  C:\Windows\System\dVFGmmI.exe
  2⤵
  PID:2688
- C:\Windows\System\NCHmDSo.exe
  C:\Windows\System\NCHmDSo.exe
  2⤵
  PID:3140
- C:\Windows\System\iyBllqp.exe
  C:\Windows\System\iyBllqp.exe
  2⤵
  PID:4136
- C:\Windows\System\MrVTKJq.exe
  C:\Windows\System\MrVTKJq.exe
  2⤵
  PID:5480
- C:\Windows\System\SvkTldI.exe
  C:\Windows\System\SvkTldI.exe
  2⤵
  PID:5596
- C:\Windows\System\kCRizxN.exe
  C:\Windows\System\kCRizxN.exe
  2⤵
  PID:5656
- C:\Windows\System\ICnLATx.exe
  C:\Windows\System\ICnLATx.exe
  2⤵
  PID:5716
- C:\Windows\System\ZqCAORD.exe
  C:\Windows\System\ZqCAORD.exe
  2⤵
  PID:5796
- C:\Windows\System\PLgJSRw.exe
  C:\Windows\System\PLgJSRw.exe
  2⤵
  PID:5884
- C:\Windows\System\VakqqmE.exe
  C:\Windows\System\VakqqmE.exe
  2⤵
  PID:5960
- C:\Windows\System\lkKsYYJ.exe
  C:\Windows\System\lkKsYYJ.exe
  2⤵
  PID:6052
- C:\Windows\System\aToOrzA.exe
  C:\Windows\System\aToOrzA.exe
  2⤵
  PID:6128
- C:\Windows\System\JUMGmSQ.exe
  C:\Windows\System\JUMGmSQ.exe
  2⤵
  PID:5272
- C:\Windows\System\GjcChhb.exe
  C:\Windows\System\GjcChhb.exe
  2⤵
  PID:5328
- C:\Windows\System\sCEYDRj.exe
  C:\Windows\System\sCEYDRj.exe
  2⤵
  PID:5492
- C:\Windows\System\osHLlHn.exe
  C:\Windows\System\osHLlHn.exe
  2⤵
  PID:5516
- C:\Windows\System\VzlkVIV.exe
  C:\Windows\System\VzlkVIV.exe
  2⤵
  PID:5676
- C:\Windows\System\CdbfrEy.exe
  C:\Windows\System\CdbfrEy.exe
  2⤵
  PID:5832
- C:\Windows\System\islEIbv.exe
  C:\Windows\System\islEIbv.exe
  2⤵
  PID:6040
- C:\Windows\System\ewQVcMJ.exe
  C:\Windows\System\ewQVcMJ.exe
  2⤵
  PID:4432
- C:\Windows\System\ZdWEtwM.exe
  C:\Windows\System\ZdWEtwM.exe
  2⤵
  PID:6048
- C:\Windows\System\vYhFBei.exe
  C:\Windows\System\vYhFBei.exe
  2⤵
  PID:5956
- C:\Windows\System\OuwjWQL.exe
  C:\Windows\System\OuwjWQL.exe
  2⤵
  PID:6080
- C:\Windows\System\bRXmEPw.exe
  C:\Windows\System\bRXmEPw.exe
  2⤵
  PID:6152
- C:\Windows\System\eSJqdpl.exe
  C:\Windows\System\eSJqdpl.exe
  2⤵
  PID:6184
- C:\Windows\System\HegwavX.exe
  C:\Windows\System\HegwavX.exe
  2⤵
  PID:6208
- C:\Windows\System\lCQoAPx.exe
  C:\Windows\System\lCQoAPx.exe
  2⤵
  PID:6236
- C:\Windows\System\dZTzBlK.exe
  C:\Windows\System\dZTzBlK.exe
  2⤵
  PID:6264
- C:\Windows\System\MkmFCdv.exe
  C:\Windows\System\MkmFCdv.exe
  2⤵
  PID:6296
- C:\Windows\System\oLivAIp.exe
  C:\Windows\System\oLivAIp.exe
  2⤵
  PID:6324
- C:\Windows\System\huoPWLp.exe
  C:\Windows\System\huoPWLp.exe
  2⤵
  PID:6352
- C:\Windows\System\cLRmWgw.exe
  C:\Windows\System\cLRmWgw.exe
  2⤵
  PID:6380
- C:\Windows\System\RtMOYgK.exe
  C:\Windows\System\RtMOYgK.exe
  2⤵
  PID:6408
- C:\Windows\System\gpjkfhB.exe
  C:\Windows\System\gpjkfhB.exe
  2⤵
  PID:6440
- C:\Windows\System\BIvXSGQ.exe
  C:\Windows\System\BIvXSGQ.exe
  2⤵
  PID:6456
- C:\Windows\System\jRMBqQm.exe
  C:\Windows\System\jRMBqQm.exe
  2⤵
  PID:6480
- C:\Windows\System\FhCZNSS.exe
  C:\Windows\System\FhCZNSS.exe
  2⤵
  PID:6512
- C:\Windows\System\bNkNIZz.exe
  C:\Windows\System\bNkNIZz.exe
  2⤵
  PID:6552
- C:\Windows\System\vDzrQlS.exe
  C:\Windows\System\vDzrQlS.exe
  2⤵
  PID:6584
- C:\Windows\System\cIOWYgK.exe
  C:\Windows\System\cIOWYgK.exe
  2⤵
  PID:6628
- C:\Windows\System\oXkldwT.exe
  C:\Windows\System\oXkldwT.exe
  2⤵
  PID:6648
- C:\Windows\System\ledyccU.exe
  C:\Windows\System\ledyccU.exe
  2⤵
  PID:6676
- C:\Windows\System\XhZSVQL.exe
  C:\Windows\System\XhZSVQL.exe
  2⤵
  PID:6704
- C:\Windows\System\FPUrlZi.exe
  C:\Windows\System\FPUrlZi.exe
  2⤵
  PID:6732
- C:\Windows\System\jJQIejt.exe
  C:\Windows\System\jJQIejt.exe
  2⤵
  PID:6760
- C:\Windows\System\oidnPwG.exe
  C:\Windows\System\oidnPwG.exe
  2⤵
  PID:6788
- C:\Windows\System\UIrUDpc.exe
  C:\Windows\System\UIrUDpc.exe
  2⤵
  PID:6820
- C:\Windows\System\oCGqMtT.exe
  C:\Windows\System\oCGqMtT.exe
  2⤵
  PID:6844
- C:\Windows\System\dAZIxQL.exe
  C:\Windows\System\dAZIxQL.exe
  2⤵
  PID:6872
- C:\Windows\System\bVvwIRz.exe
  C:\Windows\System\bVvwIRz.exe
  2⤵
  PID:6892
- C:\Windows\System\DsHdpsi.exe
  C:\Windows\System\DsHdpsi.exe
  2⤵
  PID:6928
- C:\Windows\System\SbDAuce.exe
  C:\Windows\System\SbDAuce.exe
  2⤵
  PID:6960
- C:\Windows\System\HQlBneE.exe
  C:\Windows\System\HQlBneE.exe
  2⤵
  PID:6988
- C:\Windows\System\FSHallH.exe
  C:\Windows\System\FSHallH.exe
  2⤵
  PID:7016
- C:\Windows\System\UfSrrjO.exe
  C:\Windows\System\UfSrrjO.exe
  2⤵
  PID:7048
- C:\Windows\System\puwvmtD.exe
  C:\Windows\System\puwvmtD.exe
  2⤵
  PID:7072
- C:\Windows\System\zMIzNay.exe
  C:\Windows\System\zMIzNay.exe
  2⤵
  PID:7100
- C:\Windows\System\owsimvJ.exe
  C:\Windows\System\owsimvJ.exe
  2⤵
  PID:7128
- C:\Windows\System\vLGImow.exe
  C:\Windows\System\vLGImow.exe
  2⤵
  PID:7156
- C:\Windows\System\zFBAcrK.exe
  C:\Windows\System\zFBAcrK.exe
  2⤵
  PID:6172
- C:\Windows\System\ODjXImK.exe
  C:\Windows\System\ODjXImK.exe
  2⤵
  PID:6220
- C:\Windows\System\efTRaxA.exe
  C:\Windows\System\efTRaxA.exe
  2⤵
  PID:6276
- C:\Windows\System\zrhQhhj.exe
  C:\Windows\System\zrhQhhj.exe
  2⤵
  PID:6364
- C:\Windows\System\PypTxBf.exe
  C:\Windows\System\PypTxBf.exe
  2⤵
  PID:6432
- C:\Windows\System\TLWkgix.exe
  C:\Windows\System\TLWkgix.exe
  2⤵
  PID:6508
- C:\Windows\System\IEJxwnW.exe
  C:\Windows\System\IEJxwnW.exe
  2⤵
  PID:6580
- C:\Windows\System\LAdKxoB.exe
  C:\Windows\System\LAdKxoB.exe
  2⤵
  PID:6644
- C:\Windows\System\zLfPlNr.exe
  C:\Windows\System\zLfPlNr.exe
  2⤵
  PID:6716
- C:\Windows\System\UecAAJk.exe
  C:\Windows\System\UecAAJk.exe
  2⤵
  PID:6784
- C:\Windows\System\BIqBlIX.exe
  C:\Windows\System\BIqBlIX.exe
  2⤵
  PID:6828
- C:\Windows\System\jAeanrK.exe
  C:\Windows\System\jAeanrK.exe
  2⤵
  PID:6880
- C:\Windows\System\wbLGFng.exe
  C:\Windows\System\wbLGFng.exe
  2⤵
  PID:6956
- C:\Windows\System\SzMXjwQ.exe
  C:\Windows\System\SzMXjwQ.exe
  2⤵
  PID:7028
- C:\Windows\System\MTdAfbl.exe
  C:\Windows\System\MTdAfbl.exe
  2⤵
  PID:7112
- C:\Windows\System\UKkkjln.exe
  C:\Windows\System\UKkkjln.exe
  2⤵
  PID:7152
- C:\Windows\System\ViwjTXv.exe
  C:\Windows\System\ViwjTXv.exe
  2⤵
  PID:5824
- C:\Windows\System\edwACDb.exe
  C:\Windows\System\edwACDb.exe
  2⤵
  PID:6420
- C:\Windows\System\idKbTkF.exe
  C:\Windows\System\idKbTkF.exe
  2⤵
  PID:6572
- C:\Windows\System\UWyKNHL.exe
  C:\Windows\System\UWyKNHL.exe
  2⤵
  PID:6744
- C:\Windows\System\kgyjORS.exe
  C:\Windows\System\kgyjORS.exe
  2⤵
  PID:6900
- C:\Windows\System\jFGRVsd.exe
  C:\Windows\System\jFGRVsd.exe
  2⤵
  PID:7012
- C:\Windows\System\UXQmOHq.exe
  C:\Windows\System\UXQmOHq.exe
  2⤵
  PID:6164
- C:\Windows\System\VHshWlV.exe
  C:\Windows\System\VHshWlV.exe
  2⤵
  PID:6640
- C:\Windows\System\RkexmRp.exe
  C:\Windows\System\RkexmRp.exe
  2⤵
  PID:7084
- C:\Windows\System\wzIxZst.exe
  C:\Windows\System\wzIxZst.exe
  2⤵
  PID:5652
- C:\Windows\System\garPmWr.exe
  C:\Windows\System\garPmWr.exe
  2⤵
  PID:6800
- C:\Windows\System\orOEgAu.exe
  C:\Windows\System\orOEgAu.exe
  2⤵
  PID:7184
- C:\Windows\System\PpRhOYQ.exe
  C:\Windows\System\PpRhOYQ.exe
  2⤵
  PID:7216
- C:\Windows\System\ivSFaFZ.exe
  C:\Windows\System\ivSFaFZ.exe
  2⤵
  PID:7240
- C:\Windows\System\ikRCVCy.exe
  C:\Windows\System\ikRCVCy.exe
  2⤵
  PID:7268
- C:\Windows\System\JvMngcD.exe
  C:\Windows\System\JvMngcD.exe
  2⤵
  PID:7296
- C:\Windows\System\fsuKzou.exe
  C:\Windows\System\fsuKzou.exe
  2⤵
  PID:7324
- C:\Windows\System\zIhTLAX.exe
  C:\Windows\System\zIhTLAX.exe
  2⤵
  PID:7352
- C:\Windows\System\ROFERRT.exe
  C:\Windows\System\ROFERRT.exe
  2⤵
  PID:7376
- C:\Windows\System\rsXqkvt.exe
  C:\Windows\System\rsXqkvt.exe
  2⤵
  PID:7408
- C:\Windows\System\cZofhfE.exe
  C:\Windows\System\cZofhfE.exe
  2⤵
  PID:7436
- C:\Windows\System\doHYZvr.exe
  C:\Windows\System\doHYZvr.exe
  2⤵
  PID:7464
- C:\Windows\System\DmhxZyH.exe
  C:\Windows\System\DmhxZyH.exe
  2⤵
  PID:7492
- C:\Windows\System\tWrmyvN.exe
  C:\Windows\System\tWrmyvN.exe
  2⤵
  PID:7520
- C:\Windows\System\gHwCggH.exe
  C:\Windows\System\gHwCggH.exe
  2⤵
  PID:7548
- C:\Windows\System\rFfyfEp.exe
  C:\Windows\System\rFfyfEp.exe
  2⤵
  PID:7576
- C:\Windows\System\CBHwVnY.exe
  C:\Windows\System\CBHwVnY.exe
  2⤵
  PID:7604
- C:\Windows\System\qRatpth.exe
  C:\Windows\System\qRatpth.exe
  2⤵
  PID:7632
- C:\Windows\System\ywmxOGL.exe
  C:\Windows\System\ywmxOGL.exe
  2⤵
  PID:7664
- C:\Windows\System\QXlxDgN.exe
  C:\Windows\System\QXlxDgN.exe
  2⤵
  PID:7700
- C:\Windows\System\NgsHkuH.exe
  C:\Windows\System\NgsHkuH.exe
  2⤵
  PID:7728
- C:\Windows\System\HUBKrXj.exe
  C:\Windows\System\HUBKrXj.exe
  2⤵
  PID:7760
- C:\Windows\System\lGQCfyX.exe
  C:\Windows\System\lGQCfyX.exe
  2⤵
  PID:7784
- C:\Windows\System\vYnoGwB.exe
  C:\Windows\System\vYnoGwB.exe
  2⤵
  PID:7820
- C:\Windows\System\HnvNqoS.exe
  C:\Windows\System\HnvNqoS.exe
  2⤵
  PID:7844
- C:\Windows\System\KqjDgFr.exe
  C:\Windows\System\KqjDgFr.exe
  2⤵
  PID:7872
- C:\Windows\System\FjriHUY.exe
  C:\Windows\System\FjriHUY.exe
  2⤵
  PID:7908
- C:\Windows\System\BLkCZbz.exe
  C:\Windows\System\BLkCZbz.exe
  2⤵
  PID:7944
- C:\Windows\System\RKIVizL.exe
  C:\Windows\System\RKIVizL.exe
  2⤵
  PID:7972
- C:\Windows\System\GOSvmep.exe
  C:\Windows\System\GOSvmep.exe
  2⤵
  PID:8000
- C:\Windows\System\rRIvnwx.exe
  C:\Windows\System\rRIvnwx.exe
  2⤵
  PID:8028
- C:\Windows\System\PrBAYsH.exe
  C:\Windows\System\PrBAYsH.exe
  2⤵
  PID:8056
- C:\Windows\System\YKnhVwX.exe
  C:\Windows\System\YKnhVwX.exe
  2⤵
  PID:8084
- C:\Windows\System\ygIjdrD.exe
  C:\Windows\System\ygIjdrD.exe
  2⤵
  PID:8112
- C:\Windows\System\wsOUrhY.exe
  C:\Windows\System\wsOUrhY.exe
  2⤵
  PID:8128
- C:\Windows\System\YJGAfrY.exe
  C:\Windows\System\YJGAfrY.exe
  2⤵
  PID:8144
- C:\Windows\System\cTKcUDz.exe
  C:\Windows\System\cTKcUDz.exe
  2⤵
  PID:8160
- C:\Windows\System\sSDbcPE.exe
  C:\Windows\System\sSDbcPE.exe
  2⤵
  PID:8184
- C:\Windows\System\xkdlTAI.exe
  C:\Windows\System\xkdlTAI.exe
  2⤵
  PID:7208
- C:\Windows\System\wPKLNAD.exe
  C:\Windows\System\wPKLNAD.exe
  2⤵
  PID:7260
- C:\Windows\System\vaGUVzD.exe
  C:\Windows\System\vaGUVzD.exe
  2⤵
  PID:7348
- C:\Windows\System\TWbMHYb.exe
  C:\Windows\System\TWbMHYb.exe
  2⤵
  PID:7432
- C:\Windows\System\AQNoyzS.exe
  C:\Windows\System\AQNoyzS.exe
  2⤵
  PID:7516
- C:\Windows\System\hoDPkfq.exe
  C:\Windows\System\hoDPkfq.exe
  2⤵
  PID:7596
- C:\Windows\System\DbeLBtJ.exe
  C:\Windows\System\DbeLBtJ.exe
  2⤵
  PID:7692
- C:\Windows\System\HhZmRVr.exe
  C:\Windows\System\HhZmRVr.exe
  2⤵
  PID:7752
- C:\Windows\System\iYWUWsf.exe
  C:\Windows\System\iYWUWsf.exe
  2⤵
  PID:7808
- C:\Windows\System\TWDRsRh.exe
  C:\Windows\System\TWDRsRh.exe
  2⤵
  PID:7856
- C:\Windows\System\KuQhOlE.exe
  C:\Windows\System\KuQhOlE.exe
  2⤵
  PID:7956
- C:\Windows\System\ehiCpQe.exe
  C:\Windows\System\ehiCpQe.exe
  2⤵
  PID:8048
- C:\Windows\System\xdwuzNb.exe
  C:\Windows\System\xdwuzNb.exe
  2⤵
  PID:8104
- C:\Windows\System\uDyOaQc.exe
  C:\Windows\System\uDyOaQc.exe
  2⤵
  PID:8156
- C:\Windows\System\dlBVxfK.exe
  C:\Windows\System\dlBVxfK.exe
  2⤵
  PID:8152
- C:\Windows\System\dOxvDad.exe
  C:\Windows\System\dOxvDad.exe
  2⤵
  PID:7456
- C:\Windows\System\ACxxhFB.exe
  C:\Windows\System\ACxxhFB.exe
  2⤵
  PID:7544
- C:\Windows\System\RGHaepT.exe
  C:\Windows\System\RGHaepT.exe
  2⤵
  PID:7676
- C:\Windows\System\xmpcIhK.exe
  C:\Windows\System\xmpcIhK.exe
  2⤵
  PID:7792
- C:\Windows\System\blEddOG.exe
  C:\Windows\System\blEddOG.exe
  2⤵
  PID:7984
- C:\Windows\System\bqMPTyp.exe
  C:\Windows\System\bqMPTyp.exe
  2⤵
  PID:7400
- C:\Windows\System\tKzvwKM.exe
  C:\Windows\System\tKzvwKM.exe
  2⤵
  PID:6376
- C:\Windows\System\dfswodT.exe
  C:\Windows\System\dfswodT.exe
  2⤵
  PID:7232
- C:\Windows\System\TEmAHrw.exe
  C:\Windows\System\TEmAHrw.exe
  2⤵
  PID:8204
- C:\Windows\System\YoFNtEY.exe
  C:\Windows\System\YoFNtEY.exe
  2⤵
  PID:8224
- C:\Windows\System\dTRwNoi.exe
  C:\Windows\System\dTRwNoi.exe
  2⤵
  PID:8260
- C:\Windows\System\NMlKMjK.exe
  C:\Windows\System\NMlKMjK.exe
  2⤵
  PID:8300
- C:\Windows\System\aLcWrsl.exe
  C:\Windows\System\aLcWrsl.exe
  2⤵
  PID:8324
- C:\Windows\System\cVObDBy.exe
  C:\Windows\System\cVObDBy.exe
  2⤵
  PID:8360
- C:\Windows\System\LcUoRXo.exe
  C:\Windows\System\LcUoRXo.exe
  2⤵
  PID:8388
- C:\Windows\System\WkJQJwT.exe
  C:\Windows\System\WkJQJwT.exe
  2⤵
  PID:8424
- C:\Windows\System\wqHhvle.exe
  C:\Windows\System\wqHhvle.exe
  2⤵
  PID:8464
- C:\Windows\System\qCfuLCq.exe
  C:\Windows\System\qCfuLCq.exe
  2⤵
  PID:8492
- C:\Windows\System\JHzIRDl.exe
  C:\Windows\System\JHzIRDl.exe
  2⤵
  PID:8520
- C:\Windows\System\asNVBvk.exe
  C:\Windows\System\asNVBvk.exe
  2⤵
  PID:8548
- C:\Windows\System\wpEKYVl.exe
  C:\Windows\System\wpEKYVl.exe
  2⤵
  PID:8576
- C:\Windows\System\zUmQoba.exe
  C:\Windows\System\zUmQoba.exe
  2⤵
  PID:8604
- C:\Windows\System\wTiHFjD.exe
  C:\Windows\System\wTiHFjD.exe
  2⤵
  PID:8632
- C:\Windows\System\kYBQyff.exe
  C:\Windows\System\kYBQyff.exe
  2⤵
  PID:8660
- C:\Windows\System\otqLDoT.exe
  C:\Windows\System\otqLDoT.exe
  2⤵
  PID:8688
- C:\Windows\System\ldtTwBP.exe
  C:\Windows\System\ldtTwBP.exe
  2⤵
  PID:8724
- C:\Windows\System\IOMVUpA.exe
  C:\Windows\System\IOMVUpA.exe
  2⤵
  PID:8752
- C:\Windows\System\JtkccnR.exe
  C:\Windows\System\JtkccnR.exe
  2⤵
  PID:8780
- C:\Windows\System\NeeyYTr.exe
  C:\Windows\System\NeeyYTr.exe
  2⤵
  PID:8808
- C:\Windows\System\ChWqNUy.exe
  C:\Windows\System\ChWqNUy.exe
  2⤵
  PID:8836
- C:\Windows\System\YTDHAFC.exe
  C:\Windows\System\YTDHAFC.exe
  2⤵
  PID:8864
- C:\Windows\System\ELKLTFv.exe
  C:\Windows\System\ELKLTFv.exe
  2⤵
  PID:8900
- C:\Windows\System\tBoMwVx.exe
  C:\Windows\System\tBoMwVx.exe
  2⤵
  PID:8932
- C:\Windows\System\IFaSTUu.exe
  C:\Windows\System\IFaSTUu.exe
  2⤵
  PID:8960
- C:\Windows\System\BIOmTeG.exe
  C:\Windows\System\BIOmTeG.exe
  2⤵
  PID:8988
- C:\Windows\System\sRCNwCA.exe
  C:\Windows\System\sRCNwCA.exe
  2⤵
  PID:9016
- C:\Windows\System\gXwavHl.exe
  C:\Windows\System\gXwavHl.exe
  2⤵
  PID:9044
- C:\Windows\System\VOXJWLF.exe
  C:\Windows\System\VOXJWLF.exe
  2⤵
  PID:9072
- C:\Windows\System\FeIETvm.exe
  C:\Windows\System\FeIETvm.exe
  2⤵
  PID:9100
- C:\Windows\System\gFzMEdI.exe
  C:\Windows\System\gFzMEdI.exe
  2⤵
  PID:9128
- C:\Windows\System\jNEQEAI.exe
  C:\Windows\System\jNEQEAI.exe
  2⤵
  PID:9156
- C:\Windows\System\hPmUJKo.exe
  C:\Windows\System\hPmUJKo.exe
  2⤵
  PID:9188
- C:\Windows\System\pzQXmNT.exe
  C:\Windows\System\pzQXmNT.exe
  2⤵
  PID:8040
- C:\Windows\System\wiogDIK.exe
  C:\Windows\System\wiogDIK.exe
  2⤵
  PID:8256
- C:\Windows\System\wcXnxUb.exe
  C:\Windows\System\wcXnxUb.exe
  2⤵
  PID:8352
- C:\Windows\System\kgOPRqi.exe
  C:\Windows\System\kgOPRqi.exe
  2⤵
  PID:8400
- C:\Windows\System\AtNFzpd.exe
  C:\Windows\System\AtNFzpd.exe
  2⤵
  PID:3220
- C:\Windows\System\JMQpVwp.exe
  C:\Windows\System\JMQpVwp.exe
  2⤵
  PID:8544
- C:\Windows\System\syzkhNW.exe
  C:\Windows\System\syzkhNW.exe
  2⤵
  PID:8596
- C:\Windows\System\AmTfIKV.exe
  C:\Windows\System\AmTfIKV.exe
  2⤵
  PID:8644
- C:\Windows\System\RUztHrh.exe
  C:\Windows\System\RUztHrh.exe
  2⤵
  PID:8736
- C:\Windows\System\ssPXqSR.exe
  C:\Windows\System\ssPXqSR.exe
  2⤵
  PID:8800
- C:\Windows\System\XpbsKwa.exe
  C:\Windows\System\XpbsKwa.exe
  2⤵
  PID:8860
- C:\Windows\System\zQlfHsG.exe
  C:\Windows\System\zQlfHsG.exe
  2⤵
  PID:8944
- C:\Windows\System\jFFevKx.exe
  C:\Windows\System\jFFevKx.exe
  2⤵
  PID:9008
- C:\Windows\System\DMOwTaS.exe
  C:\Windows\System\DMOwTaS.exe
  2⤵
  PID:9084
- C:\Windows\System\MvbZyJa.exe
  C:\Windows\System\MvbZyJa.exe
  2⤵
  PID:9140
- C:\Windows\System\djGptAu.exe
  C:\Windows\System\djGptAu.exe
  2⤵
  PID:9212
- C:\Windows\System\xceoAIj.exe
  C:\Windows\System\xceoAIj.exe
  2⤵
  PID:8372
- C:\Windows\System\TjTdMPM.exe
  C:\Windows\System\TjTdMPM.exe
  2⤵
  PID:8512
- C:\Windows\System\VPmaJbS.exe
  C:\Windows\System\VPmaJbS.exe
  2⤵
  PID:8792
- C:\Windows\System\YFPlmyy.exe
  C:\Windows\System\YFPlmyy.exe
  2⤵
  PID:8896
- C:\Windows\System\BuUOcOO.exe
  C:\Windows\System\BuUOcOO.exe
  2⤵
  PID:9068
- C:\Windows\System\ENhwDPp.exe
  C:\Windows\System\ENhwDPp.exe
  2⤵
  PID:9180
- C:\Windows\System\gvpdCyt.exe
  C:\Windows\System\gvpdCyt.exe
  2⤵
  PID:9148
- C:\Windows\System\gJobaEG.exe
  C:\Windows\System\gJobaEG.exe
  2⤵
  PID:8828
- C:\Windows\System\muWyvuw.exe
  C:\Windows\System\muWyvuw.exe
  2⤵
  PID:8288
- C:\Windows\System\aTRhGnu.exe
  C:\Windows\System\aTRhGnu.exe
  2⤵
  PID:9224
- C:\Windows\System\DQYNTHb.exe
  C:\Windows\System\DQYNTHb.exe
  2⤵
  PID:9240
- C:\Windows\System\nBxlprF.exe
  C:\Windows\System\nBxlprF.exe
  2⤵
  PID:9260
- C:\Windows\System\DSONlOX.exe
  C:\Windows\System\DSONlOX.exe
  2⤵
  PID:9280
- C:\Windows\System\jsbwLHk.exe
  C:\Windows\System\jsbwLHk.exe
  2⤵
  PID:9312
- C:\Windows\System\TewmxtM.exe
  C:\Windows\System\TewmxtM.exe
  2⤵
  PID:9356
- C:\Windows\System\okyhLIa.exe
  C:\Windows\System\okyhLIa.exe
  2⤵
  PID:9380
- C:\Windows\System\YAZJEHZ.exe
  C:\Windows\System\YAZJEHZ.exe
  2⤵
  PID:9416
- C:\Windows\System\zNIWNWF.exe
  C:\Windows\System\zNIWNWF.exe
  2⤵
  PID:9452
- C:\Windows\System\oEpEYja.exe
  C:\Windows\System\oEpEYja.exe
  2⤵
  PID:9492
- C:\Windows\System\gYSMtJt.exe
  C:\Windows\System\gYSMtJt.exe
  2⤵
  PID:9536
- C:\Windows\System\cwsQyKD.exe
  C:\Windows\System\cwsQyKD.exe
  2⤵
  PID:9556
- C:\Windows\System\hWwwJmg.exe
  C:\Windows\System\hWwwJmg.exe
  2⤵
  PID:9588
- C:\Windows\System\szldmte.exe
  C:\Windows\System\szldmte.exe
  2⤵
  PID:9620
- C:\Windows\System\MoVadRd.exe
  C:\Windows\System\MoVadRd.exe
  2⤵
  PID:9664
- C:\Windows\System\UjHsWNf.exe
  C:\Windows\System\UjHsWNf.exe
  2⤵
  PID:9700
- C:\Windows\System\vCuLLDI.exe
  C:\Windows\System\vCuLLDI.exe
  2⤵
  PID:9740
- C:\Windows\System\amCXzUL.exe
  C:\Windows\System\amCXzUL.exe
  2⤵
  PID:9776
- C:\Windows\System\jtnWASc.exe
  C:\Windows\System\jtnWASc.exe
  2⤵
  PID:9828
- C:\Windows\System\oRbLyBy.exe
  C:\Windows\System\oRbLyBy.exe
  2⤵
  PID:9868
- C:\Windows\System\vAlacgl.exe
  C:\Windows\System\vAlacgl.exe
  2⤵
  PID:9904
- C:\Windows\System\QmMLHkr.exe
  C:\Windows\System\QmMLHkr.exe
  2⤵
  PID:9932
- C:\Windows\System\HPkcewa.exe
  C:\Windows\System\HPkcewa.exe
  2⤵
  PID:9964
- C:\Windows\System\OpIoOHN.exe
  C:\Windows\System\OpIoOHN.exe
  2⤵
  PID:10008
- C:\Windows\System\pgFpFIg.exe
  C:\Windows\System\pgFpFIg.exe
  2⤵
  PID:10044
- C:\Windows\System\srHdFbM.exe
  C:\Windows\System\srHdFbM.exe
  2⤵
  PID:10088
- C:\Windows\System\MIumwpO.exe
  C:\Windows\System\MIumwpO.exe
  2⤵
  PID:10120
- C:\Windows\System\zWJJWIC.exe
  C:\Windows\System\zWJJWIC.exe
  2⤵
  PID:10136
- C:\Windows\System\sArJnnt.exe
  C:\Windows\System\sArJnnt.exe
  2⤵
  PID:10176
- C:\Windows\System\RnyhdPj.exe
  C:\Windows\System\RnyhdPj.exe
  2⤵
  PID:10196
- C:\Windows\System\oslvMpt.exe
  C:\Windows\System\oslvMpt.exe
  2⤵
  PID:10232
- C:\Windows\System\hDfInTz.exe
  C:\Windows\System\hDfInTz.exe
  2⤵
  PID:8716
- C:\Windows\System\wiPxvFy.exe
  C:\Windows\System\wiPxvFy.exe
  2⤵
  PID:9268
- C:\Windows\System\GEzewzr.exe
  C:\Windows\System\GEzewzr.exe
  2⤵
  PID:9304
- C:\Windows\System\PqVGeyk.exe
  C:\Windows\System\PqVGeyk.exe
  2⤵
  PID:9428
- C:\Windows\System\NAdDrBv.exe
  C:\Windows\System\NAdDrBv.exe
  2⤵
  PID:9448
- C:\Windows\System\yxKJPTf.exe
  C:\Windows\System\yxKJPTf.exe
  2⤵
  PID:9552
- C:\Windows\System\SuJgeBV.exe
  C:\Windows\System\SuJgeBV.exe
  2⤵
  PID:9636
- C:\Windows\System\KoFpCpm.exe
  C:\Windows\System\KoFpCpm.exe
  2⤵
  PID:9760
- C:\Windows\System\FaWTomI.exe
  C:\Windows\System\FaWTomI.exe
  2⤵
  PID:9804
- C:\Windows\System\rtyszSk.exe
  C:\Windows\System\rtyszSk.exe
  2⤵
  PID:9900
- C:\Windows\System\aUsbwnC.exe
  C:\Windows\System\aUsbwnC.exe
  2⤵
  PID:9928
- C:\Windows\System\PtmZzqp.exe
  C:\Windows\System\PtmZzqp.exe
  2⤵
  PID:10036
- C:\Windows\System\FRNDdhZ.exe
  C:\Windows\System\FRNDdhZ.exe
  2⤵
  PID:10108
- C:\Windows\System\tepcPwd.exe
  C:\Windows\System\tepcPwd.exe
  2⤵
  PID:10192
- C:\Windows\System\FjXgHvg.exe
  C:\Windows\System\FjXgHvg.exe
  2⤵
  PID:9036
- C:\Windows\System\acJeHGa.exe
  C:\Windows\System\acJeHGa.exe
  2⤵
  PID:9392
- C:\Windows\System\LDImEMI.exe
  C:\Windows\System\LDImEMI.exe
  2⤵
  PID:9764
- C:\Windows\System\hCpwNGz.exe
  C:\Windows\System\hCpwNGz.exe
  2⤵
  PID:9892
- C:\Windows\System\PQbpjec.exe
  C:\Windows\System\PQbpjec.exe
  2⤵
  PID:10072
- C:\Windows\System\lGnNJMb.exe
  C:\Windows\System\lGnNJMb.exe
  2⤵
  PID:8588
- C:\Windows\System\RNBOkzA.exe
  C:\Windows\System\RNBOkzA.exe
  2⤵
  PID:9676
- C:\Windows\System\hbWPVGw.exe
  C:\Windows\System\hbWPVGw.exe
  2⤵
  PID:10156
- C:\Windows\System\cqlmLhu.exe
  C:\Windows\System\cqlmLhu.exe
  2⤵
  PID:10004
- C:\Windows\System\NfnsiSt.exe
  C:\Windows\System\NfnsiSt.exe
  2⤵
  PID:10248
- C:\Windows\System\MQgJwPH.exe
  C:\Windows\System\MQgJwPH.exe
  2⤵
  PID:10276
- C:\Windows\System\dQHaogj.exe
  C:\Windows\System\dQHaogj.exe
  2⤵
  PID:10304
- C:\Windows\System\kDwbnAl.exe
  C:\Windows\System\kDwbnAl.exe
  2⤵
  PID:10332
- C:\Windows\System\qGGGZTr.exe
  C:\Windows\System\qGGGZTr.exe
  2⤵
  PID:10360
- C:\Windows\System\ZZbiTOY.exe
  C:\Windows\System\ZZbiTOY.exe
  2⤵
  PID:10388
- C:\Windows\System\SHnahjq.exe
  C:\Windows\System\SHnahjq.exe
  2⤵
  PID:10416
- C:\Windows\System\NSBtuKG.exe
  C:\Windows\System\NSBtuKG.exe
  2⤵
  PID:10444
- C:\Windows\System\rPjedVi.exe
  C:\Windows\System\rPjedVi.exe
  2⤵
  PID:10472
- C:\Windows\System\NvDIELj.exe
  C:\Windows\System\NvDIELj.exe
  2⤵
  PID:10500
- C:\Windows\System\GUGgObd.exe
  C:\Windows\System\GUGgObd.exe
  2⤵
  PID:10528
- C:\Windows\System\PWtVnyw.exe
  C:\Windows\System\PWtVnyw.exe
  2⤵
  PID:10556
- C:\Windows\System\GaKSikT.exe
  C:\Windows\System\GaKSikT.exe
  2⤵
  PID:10584
- C:\Windows\System\NLecojw.exe
  C:\Windows\System\NLecojw.exe
  2⤵
  PID:10612
- C:\Windows\System\UTlLdtz.exe
  C:\Windows\System\UTlLdtz.exe
  2⤵
  PID:10644
- C:\Windows\System\WKIjLOC.exe
  C:\Windows\System\WKIjLOC.exe
  2⤵
  PID:10672
- C:\Windows\System\DjbWLGf.exe
  C:\Windows\System\DjbWLGf.exe
  2⤵
  PID:10700
- C:\Windows\System\BTZlMSE.exe
  C:\Windows\System\BTZlMSE.exe
  2⤵
  PID:10728
- C:\Windows\System\caJisnP.exe
  C:\Windows\System\caJisnP.exe
  2⤵
  PID:10756
- C:\Windows\System\CDCXkvm.exe
  C:\Windows\System\CDCXkvm.exe
  2⤵
  PID:10784
- C:\Windows\System\aMmfDpx.exe
  C:\Windows\System\aMmfDpx.exe
  2⤵
  PID:10812
- C:\Windows\System\kklYNjg.exe
  C:\Windows\System\kklYNjg.exe
  2⤵
  PID:10840
- C:\Windows\System\mJSSNEG.exe
  C:\Windows\System\mJSSNEG.exe
  2⤵
  PID:10868
- C:\Windows\System\DuakOtD.exe
  C:\Windows\System\DuakOtD.exe
  2⤵
  PID:10900
- C:\Windows\System\XpTHFln.exe
  C:\Windows\System\XpTHFln.exe
  2⤵
  PID:10928
- C:\Windows\System\OoEGEuH.exe
  C:\Windows\System\OoEGEuH.exe
  2⤵
  PID:10956
- C:\Windows\System\xExNzEr.exe
  C:\Windows\System\xExNzEr.exe
  2⤵
  PID:10984
- C:\Windows\System\AHtoHdR.exe
  C:\Windows\System\AHtoHdR.exe
  2⤵
  PID:11012
- C:\Windows\System\RjfzzAw.exe
  C:\Windows\System\RjfzzAw.exe
  2⤵
  PID:11044
- C:\Windows\System\JXNfecI.exe
  C:\Windows\System\JXNfecI.exe
  2⤵
  PID:11076
- C:\Windows\System\UNYHhIH.exe
  C:\Windows\System\UNYHhIH.exe
  2⤵
  PID:11108
- C:\Windows\System\vgmVwYH.exe
  C:\Windows\System\vgmVwYH.exe
  2⤵
  PID:11140
- C:\Windows\System\gkMHalM.exe
  C:\Windows\System\gkMHalM.exe
  2⤵
  PID:11168
- C:\Windows\System\PNMYkbL.exe
  C:\Windows\System\PNMYkbL.exe
  2⤵
  PID:11196
- C:\Windows\System\UjgGtbX.exe
  C:\Windows\System\UjgGtbX.exe
  2⤵
  PID:11224
- C:\Windows\System\PcegUwA.exe
  C:\Windows\System\PcegUwA.exe
  2⤵
  PID:11252
- C:\Windows\System\JMUZiSY.exe
  C:\Windows\System\JMUZiSY.exe
  2⤵
  PID:10272
- C:\Windows\System\nFVHjQd.exe
  C:\Windows\System\nFVHjQd.exe
  2⤵
  PID:10344
- C:\Windows\System\mybfncM.exe
  C:\Windows\System\mybfncM.exe
  2⤵
  PID:10400
- C:\Windows\System\TTbNnZO.exe
  C:\Windows\System\TTbNnZO.exe
  2⤵
  PID:10464
- C:\Windows\System\DLNYMjv.exe
  C:\Windows\System\DLNYMjv.exe
  2⤵
  PID:10524
- C:\Windows\System\vbggQLW.exe
  C:\Windows\System\vbggQLW.exe
  2⤵
  PID:10596
- C:\Windows\System\IaNaQmr.exe
  C:\Windows\System\IaNaQmr.exe
  2⤵
  PID:10664
- C:\Windows\System\kAaSTkn.exe
  C:\Windows\System\kAaSTkn.exe
  2⤵
  PID:10724
- C:\Windows\System\TQzKuJd.exe
  C:\Windows\System\TQzKuJd.exe
  2⤵
  PID:10796
- C:\Windows\System\lagSRVs.exe
  C:\Windows\System\lagSRVs.exe
  2⤵
  PID:10860
- C:\Windows\System\CbQlewa.exe
  C:\Windows\System\CbQlewa.exe
  2⤵
  PID:10924
- C:\Windows\System\jRRKgqD.exe
  C:\Windows\System\jRRKgqD.exe
  2⤵
  PID:10996
- C:\Windows\System\XWNypui.exe
  C:\Windows\System\XWNypui.exe
  2⤵
  PID:11068
- C:\Windows\System\MtzHSja.exe
  C:\Windows\System\MtzHSja.exe
  2⤵
  PID:11132
- C:\Windows\System\HwdItlC.exe
  C:\Windows\System\HwdItlC.exe
  2⤵
  PID:11192
- C:\Windows\System\hsyFooA.exe
  C:\Windows\System\hsyFooA.exe
  2⤵
  PID:10260
- C:\Windows\System\kwJRxdW.exe
  C:\Windows\System\kwJRxdW.exe
  2⤵
  PID:10440
- C:\Windows\System\WFyatLY.exe
  C:\Windows\System\WFyatLY.exe
  2⤵
  PID:10624
- C:\Windows\System\LWpKpXG.exe
  C:\Windows\System\LWpKpXG.exe
  2⤵
  PID:10776
- C:\Windows\System\tDSawlo.exe
  C:\Windows\System\tDSawlo.exe
  2⤵
  PID:10920
- C:\Windows\System\RhEmwbF.exe
  C:\Windows\System\RhEmwbF.exe
  2⤵
  PID:11100
- C:\Windows\System\MPrqeSE.exe
  C:\Windows\System\MPrqeSE.exe
  2⤵
  PID:10356
- C:\Windows\System\WsrMqdX.exe
  C:\Windows\System\WsrMqdX.exe
  2⤵
  PID:10576
- C:\Windows\System\LmBnPWl.exe
  C:\Windows\System\LmBnPWl.exe
  2⤵
  PID:10980
- C:\Windows\System\otBSnhG.exe
  C:\Windows\System\otBSnhG.exe
  2⤵
  PID:10520
- C:\Windows\System\LdNHqtu.exe
  C:\Windows\System\LdNHqtu.exe
  2⤵
  PID:10428
- C:\Windows\System\dDkVCfe.exe
  C:\Windows\System\dDkVCfe.exe
  2⤵
  PID:11280
- C:\Windows\System\JPOaMxD.exe
  C:\Windows\System\JPOaMxD.exe
  2⤵
  PID:11308
- C:\Windows\System\IyVmKdH.exe
  C:\Windows\System\IyVmKdH.exe
  2⤵
  PID:11336
- C:\Windows\System\GBQxDab.exe
  C:\Windows\System\GBQxDab.exe
  2⤵
  PID:11364
- C:\Windows\System\qVEkXJF.exe
  C:\Windows\System\qVEkXJF.exe
  2⤵
  PID:11396
- C:\Windows\System\DQvYDGD.exe
  C:\Windows\System\DQvYDGD.exe
  2⤵
  PID:11436
- C:\Windows\System\VmTXskR.exe
  C:\Windows\System\VmTXskR.exe
  2⤵
  PID:11452
- C:\Windows\System\VwsHVrZ.exe
  C:\Windows\System\VwsHVrZ.exe
  2⤵
  PID:11480
- C:\Windows\System\xeVfjvL.exe
  C:\Windows\System\xeVfjvL.exe
  2⤵
  PID:11508
- C:\Windows\System\QHDYphQ.exe
  C:\Windows\System\QHDYphQ.exe
  2⤵
  PID:11536
- C:\Windows\System\rmItiQG.exe
  C:\Windows\System\rmItiQG.exe
  2⤵
  PID:11564
- C:\Windows\System\DCXeYLS.exe
  C:\Windows\System\DCXeYLS.exe
  2⤵
  PID:11592
- C:\Windows\System\CxMHBpf.exe
  C:\Windows\System\CxMHBpf.exe
  2⤵
  PID:11620
- C:\Windows\System\vBDWBiw.exe
  C:\Windows\System\vBDWBiw.exe
  2⤵
  PID:11648
- C:\Windows\System\PZhhIUx.exe
  C:\Windows\System\PZhhIUx.exe
  2⤵
  PID:11676
- C:\Windows\System\nOLwmNl.exe
  C:\Windows\System\nOLwmNl.exe
  2⤵
  PID:11704
- C:\Windows\System\fMmVQaM.exe
  C:\Windows\System\fMmVQaM.exe
  2⤵
  PID:11732
- C:\Windows\System\ycYLIeI.exe
  C:\Windows\System\ycYLIeI.exe
  2⤵
  PID:11760
- C:\Windows\System\rudkxeo.exe
  C:\Windows\System\rudkxeo.exe
  2⤵
  PID:11788
- C:\Windows\System\tkbIIhl.exe
  C:\Windows\System\tkbIIhl.exe
  2⤵
  PID:11816
- C:\Windows\System\mPKjBdk.exe
  C:\Windows\System\mPKjBdk.exe
  2⤵
  PID:11844
- C:\Windows\System\lvMXhAS.exe
  C:\Windows\System\lvMXhAS.exe
  2⤵
  PID:11872
- C:\Windows\System\CtgNBIm.exe
  C:\Windows\System\CtgNBIm.exe
  2⤵
  PID:11900
- C:\Windows\System\dASRqKZ.exe
  C:\Windows\System\dASRqKZ.exe
  2⤵
  PID:11928
- C:\Windows\System\ZZsTVpi.exe
  C:\Windows\System\ZZsTVpi.exe
  2⤵
  PID:11948
- C:\Windows\System\MOymqYJ.exe
  C:\Windows\System\MOymqYJ.exe
  2⤵
  PID:11984
- C:\Windows\System\BmPZcrk.exe
  C:\Windows\System\BmPZcrk.exe
  2⤵
  PID:12012
- C:\Windows\System\mXzzSHv.exe
  C:\Windows\System\mXzzSHv.exe
  2⤵
  PID:12040
- C:\Windows\System\idoVxAd.exe
  C:\Windows\System\idoVxAd.exe
  2⤵
  PID:12068
- C:\Windows\System\WjlCyYV.exe
  C:\Windows\System\WjlCyYV.exe
  2⤵
  PID:12096
- C:\Windows\System\SjibXWt.exe
  C:\Windows\System\SjibXWt.exe
  2⤵
  PID:12124
- C:\Windows\System\FlVAYxd.exe
  C:\Windows\System\FlVAYxd.exe
  2⤵
  PID:12152
- C:\Windows\System\AMuWTRq.exe
  C:\Windows\System\AMuWTRq.exe
  2⤵
  PID:12180
- C:\Windows\System\EwOPVwx.exe
  C:\Windows\System\EwOPVwx.exe
  2⤵
  PID:12208
- C:\Windows\System\CVYOlzh.exe
  C:\Windows\System\CVYOlzh.exe
  2⤵
  PID:12236
- C:\Windows\System\OnmcqMi.exe
  C:\Windows\System\OnmcqMi.exe
  2⤵
  PID:12264
- C:\Windows\System\EewoqTh.exe
  C:\Windows\System\EewoqTh.exe
  2⤵
  PID:11276
- C:\Windows\System\zklwVvU.exe
  C:\Windows\System\zklwVvU.exe
  2⤵
  PID:11348
- C:\Windows\System\zqRLtuu.exe
  C:\Windows\System\zqRLtuu.exe
  2⤵
  PID:11416
- C:\Windows\System\TTeDSGY.exe
  C:\Windows\System\TTeDSGY.exe
  2⤵
  PID:11476
- C:\Windows\System\DeeOfGP.exe
  C:\Windows\System\DeeOfGP.exe
  2⤵
  PID:11532
- C:\Windows\System\AwPvxWD.exe
  C:\Windows\System\AwPvxWD.exe
  2⤵
  PID:11604
- C:\Windows\System\DNWqeyD.exe
  C:\Windows\System\DNWqeyD.exe
  2⤵
  PID:11668
- C:\Windows\System\rUEyhjq.exe
  C:\Windows\System\rUEyhjq.exe
  2⤵
  PID:11728
- C:\Windows\System\EDrrMZT.exe
  C:\Windows\System\EDrrMZT.exe
  2⤵
  PID:11784
- C:\Windows\System\mMqTYTX.exe
  C:\Windows\System\mMqTYTX.exe
  2⤵
  PID:11856
- C:\Windows\System\NUgxRTm.exe
  C:\Windows\System\NUgxRTm.exe
  2⤵
  PID:11920
- C:\Windows\System\iYbaybt.exe
  C:\Windows\System\iYbaybt.exe
  2⤵
  PID:11996
- C:\Windows\System\ATdYdVP.exe
  C:\Windows\System\ATdYdVP.exe
  2⤵
  PID:12036
- C:\Windows\System\CqIfmfa.exe
  C:\Windows\System\CqIfmfa.exe
  2⤵
  PID:12108
- C:\Windows\System\lSKEGBe.exe
  C:\Windows\System\lSKEGBe.exe
  2⤵
  PID:12172
- C:\Windows\System\sXDlMgZ.exe
  C:\Windows\System\sXDlMgZ.exe
  2⤵
  PID:12248
- C:\Windows\System\qiVphKO.exe
  C:\Windows\System\qiVphKO.exe
  2⤵
  PID:11332
- C:\Windows\System\PPRnnTd.exe
  C:\Windows\System\PPRnnTd.exe
  2⤵
  PID:11392
- C:\Windows\System\fEDQbJU.exe
  C:\Windows\System\fEDQbJU.exe
  2⤵
  PID:11660
- C:\Windows\System\XxxyoaW.exe
  C:\Windows\System\XxxyoaW.exe
  2⤵
  PID:11812
- C:\Windows\System\XbcWPaQ.exe
  C:\Windows\System\XbcWPaQ.exe
  2⤵
  PID:11956
- C:\Windows\System\PrQrumR.exe
  C:\Windows\System\PrQrumR.exe
  2⤵
  PID:12136
- C:\Windows\System\kWBmgeQ.exe
  C:\Windows\System\kWBmgeQ.exe
  2⤵
  PID:12260
- C:\Windows\System\zVqQYjh.exe
  C:\Windows\System\zVqQYjh.exe
  2⤵
  PID:11584
- C:\Windows\System\EBHahlj.exe
  C:\Windows\System\EBHahlj.exe
  2⤵
  PID:11912
- C:\Windows\System\nITthbl.exe
  C:\Windows\System\nITthbl.exe
  2⤵
  PID:12228
- C:\Windows\System\qKqJddB.exe
  C:\Windows\System\qKqJddB.exe
  2⤵
  PID:12220
- C:\Windows\System\VAXYPhL.exe
  C:\Windows\System\VAXYPhL.exe
  2⤵
  PID:12292
- C:\Windows\System\UBKCcKi.exe
  C:\Windows\System\UBKCcKi.exe
  2⤵
  PID:12328
- C:\Windows\System\xCyYJZZ.exe
  C:\Windows\System\xCyYJZZ.exe
  2⤵
  PID:12368
- C:\Windows\System\cNBWfCj.exe
  C:\Windows\System\cNBWfCj.exe
  2⤵
  PID:12392
- C:\Windows\System\ecwUgIB.exe
  C:\Windows\System\ecwUgIB.exe
  2⤵
  PID:12432
- C:\Windows\System\gNraAVK.exe
  C:\Windows\System\gNraAVK.exe
  2⤵
  PID:12464
- C:\Windows\System\LITzRWs.exe
  C:\Windows\System\LITzRWs.exe
  2⤵
  PID:12512
- C:\Windows\System\vjkpzII.exe
  C:\Windows\System\vjkpzII.exe
  2⤵
  PID:12540
- C:\Windows\System\tGJNxCF.exe
  C:\Windows\System\tGJNxCF.exe
  2⤵
  PID:12572
- C:\Windows\System\bfuyhuN.exe
  C:\Windows\System\bfuyhuN.exe
  2⤵
  PID:12604
- C:\Windows\System\eRhOZoj.exe
  C:\Windows\System\eRhOZoj.exe
  2⤵
  PID:12636
- C:\Windows\System\DoSpFMo.exe
  C:\Windows\System\DoSpFMo.exe
  2⤵
  PID:12680
- C:\Windows\System\yGfmRbP.exe
  C:\Windows\System\yGfmRbP.exe
  2⤵
  PID:12712
- C:\Windows\System\nRnaykR.exe
  C:\Windows\System\nRnaykR.exe
  2⤵
  PID:12740
- C:\Windows\System\ryWPlQv.exe
  C:\Windows\System\ryWPlQv.exe
  2⤵
  PID:12772
- C:\Windows\System\ipwfOQZ.exe
  C:\Windows\System\ipwfOQZ.exe
  2⤵
  PID:12800
- C:\Windows\System\dGxYFew.exe
  C:\Windows\System\dGxYFew.exe
  2⤵
  PID:12828
- C:\Windows\System\kXfxDnJ.exe
  C:\Windows\System\kXfxDnJ.exe
  2⤵
  PID:12856
- C:\Windows\System\EPjdrPL.exe
  C:\Windows\System\EPjdrPL.exe
  2⤵
  PID:12884
- C:\Windows\System\OtJzFjT.exe
  C:\Windows\System\OtJzFjT.exe
  2⤵
  PID:12912
- C:\Windows\System\CCROwzP.exe
  C:\Windows\System\CCROwzP.exe
  2⤵
  PID:12940
- C:\Windows\System\UvJkwwA.exe
  C:\Windows\System\UvJkwwA.exe
  2⤵
  PID:12968
- C:\Windows\System\bGvnVQN.exe
  C:\Windows\System\bGvnVQN.exe
  2⤵
  PID:12996
- C:\Windows\System\EJmpzXA.exe
  C:\Windows\System\EJmpzXA.exe
  2⤵
  PID:13024
- C:\Windows\System\LThXKqZ.exe
  C:\Windows\System\LThXKqZ.exe
  2⤵
  PID:13052
- C:\Windows\System\OcwXxiK.exe
  C:\Windows\System\OcwXxiK.exe
  2⤵
  PID:13080
- C:\Windows\System\bXWSxTs.exe
  C:\Windows\System\bXWSxTs.exe
  2⤵
  PID:13120
- C:\Windows\System\MHwvpjk.exe
  C:\Windows\System\MHwvpjk.exe
  2⤵
  PID:13140
- C:\Windows\System\DYRSgox.exe
  C:\Windows\System\DYRSgox.exe
  2⤵
  PID:13168
- C:\Windows\System\kWFMNoS.exe
  C:\Windows\System\kWFMNoS.exe
  2⤵
  PID:13196
- C:\Windows\System\JSnJHYJ.exe
  C:\Windows\System\JSnJHYJ.exe
  2⤵
  PID:13212
- C:\Windows\System\EVcqvAD.exe
  C:\Windows\System\EVcqvAD.exe
  2⤵
  PID:13240
- C:\Windows\System\JzZWoQq.exe
  C:\Windows\System\JzZWoQq.exe
  2⤵
  PID:13280
- C:\Windows\System\RlTQFwL.exe
  C:\Windows\System\RlTQFwL.exe
  2⤵
  PID:13308
- C:\Windows\System\jiWSKjc.exe
  C:\Windows\System\jiWSKjc.exe
  2⤵
  PID:12360
- C:\Windows\System\zVWNpeB.exe
  C:\Windows\System\zVWNpeB.exe
  2⤵
  PID:12416
- C:\Windows\System\zrjKwge.exe
  C:\Windows\System\zrjKwge.exe
  2⤵
  PID:12520
- C:\Windows\System\rklnqGC.exe
  C:\Windows\System\rklnqGC.exe
  2⤵
  PID:12592
- C:\Windows\System\qQWYwwO.exe
  C:\Windows\System\qQWYwwO.exe
  2⤵
  PID:12672
- C:\Windows\System\Iymnhat.exe
  C:\Windows\System\Iymnhat.exe
  2⤵
  PID:12760
- C:\Windows\System\ThlmPSt.exe
  C:\Windows\System\ThlmPSt.exe
  2⤵
  PID:12848
- C:\Windows\System\dUMhsbU.exe
  C:\Windows\System\dUMhsbU.exe
  2⤵
  PID:12924
- C:\Windows\System\GnqQLbQ.exe
  C:\Windows\System\GnqQLbQ.exe
  2⤵
  PID:12992
- C:\Windows\System\HedQGjv.exe
  C:\Windows\System\HedQGjv.exe
  2⤵
  PID:13064
- C:\Windows\System\WrbnWnf.exe
  C:\Windows\System\WrbnWnf.exe
  2⤵
  PID:13104
- C:\Windows\System\Fnnpypy.exe
  C:\Windows\System\Fnnpypy.exe
  2⤵
  PID:11884
- C:\Windows\System\AQUFTwV.exe
  C:\Windows\System\AQUFTwV.exe
  2⤵
  PID:13208
- C:\Windows\System\FNUixUU.exe
  C:\Windows\System\FNUixUU.exe
  2⤵
  PID:13296
- C:\Windows\System\GxkbcKg.exe
  C:\Windows\System\GxkbcKg.exe
  2⤵
  PID:12348
- C:\Windows\System\YEdeImt.exe
  C:\Windows\System\YEdeImt.exe
  2⤵
  PID:12524
- C:\Windows\System\gIzKEnC.exe
  C:\Windows\System\gIzKEnC.exe
  2⤵
  PID:12732
- C:\Windows\System\fjofJpu.exe
  C:\Windows\System\fjofJpu.exe
  2⤵
  PID:12904
- C:\Windows\System\GqWCKcG.exe
  C:\Windows\System\GqWCKcG.exe
  2⤵
  PID:13044
- C:\Windows\System\mIafvUO.exe
  C:\Windows\System\mIafvUO.exe
  2⤵
  PID:13180
- C:\Windows\System\uWZVELt.exe
  C:\Windows\System\uWZVELt.exe
  2⤵
  PID:12316
- C:\Windows\System\sWwWtgu.exe
  C:\Windows\System\sWwWtgu.exe
  2⤵
  PID:12792
- C:\Windows\System\MIUyYXQ.exe
  C:\Windows\System\MIUyYXQ.exe
  2⤵
  PID:13160
- C:\Windows\System\xfOpZJg.exe
  C:\Windows\System\xfOpZJg.exe
  2⤵
  PID:12736
- C:\Windows\System\LWtaAHz.exe
  C:\Windows\System\LWtaAHz.exe
  2⤵
  PID:12376
- C:\Windows\System\PLeWazR.exe
  C:\Windows\System\PLeWazR.exe
  2⤵
  PID:13320
- C:\Windows\System\oQEJuUr.exe
  C:\Windows\System\oQEJuUr.exe
  2⤵
  PID:13348
- C:\Windows\System\ZSdAWaC.exe
  C:\Windows\System\ZSdAWaC.exe
  2⤵
  PID:13376
- C:\Windows\System\HSHcAWl.exe
  C:\Windows\System\HSHcAWl.exe
  2⤵
  PID:13404
- C:\Windows\System\xItPHcq.exe
  C:\Windows\System\xItPHcq.exe
  2⤵
  PID:13432
- C:\Windows\System\csuieyf.exe
  C:\Windows\System\csuieyf.exe
  2⤵
  PID:13460
- C:\Windows\System\QhTFGKf.exe
  C:\Windows\System\QhTFGKf.exe
  2⤵
  PID:13492
- C:\Windows\System\Lzppaws.exe
  C:\Windows\System\Lzppaws.exe
  2⤵
  PID:13520
- C:\Windows\System\UHZlrcj.exe
  C:\Windows\System\UHZlrcj.exe
  2⤵
  PID:13548
- C:\Windows\System\YoXicqk.exe
  C:\Windows\System\YoXicqk.exe
  2⤵
  PID:13576
- C:\Windows\System\qJelmaX.exe
  C:\Windows\System\qJelmaX.exe
  2⤵
  PID:13604
- C:\Windows\System\qQhxVrE.exe
  C:\Windows\System\qQhxVrE.exe
  2⤵
  PID:13632
- C:\Windows\System\ypgXmgE.exe
  C:\Windows\System\ypgXmgE.exe
  2⤵
  PID:13660
- C:\Windows\System\tEcXLCU.exe
  C:\Windows\System\tEcXLCU.exe
  2⤵
  PID:13688
- C:\Windows\System\qGyozIt.exe
  C:\Windows\System\qGyozIt.exe
  2⤵
  PID:13716
- C:\Windows\System\ZRyupfr.exe
  C:\Windows\System\ZRyupfr.exe
  2⤵
  PID:13744
- C:\Windows\System\LRkmGKi.exe
  C:\Windows\System\LRkmGKi.exe
  2⤵
  PID:13772
- C:\Windows\System\rQdcWDE.exe
  C:\Windows\System\rQdcWDE.exe
  2⤵
  PID:13800
- C:\Windows\System\DsEGFFt.exe
  C:\Windows\System\DsEGFFt.exe
  2⤵
  PID:13828
- C:\Windows\System\kEaFDjV.exe
  C:\Windows\System\kEaFDjV.exe
  2⤵
  PID:13856
- C:\Windows\System\PXlfIoa.exe
  C:\Windows\System\PXlfIoa.exe
  2⤵
  PID:13884
- C:\Windows\System\AJoNbvn.exe
  C:\Windows\System\AJoNbvn.exe
  2⤵
  PID:13912
- C:\Windows\System\TKaICDP.exe
  C:\Windows\System\TKaICDP.exe
  2⤵
  PID:13940
- C:\Windows\System\dgUORfc.exe
  C:\Windows\System\dgUORfc.exe
  2⤵
  PID:13968
- C:\Windows\System\KzyivyO.exe
  C:\Windows\System\KzyivyO.exe
  2⤵
  PID:13996
- C:\Windows\System\RWaesVu.exe
  C:\Windows\System\RWaesVu.exe
  2⤵
  PID:14024
- C:\Windows\System\erJCKav.exe
  C:\Windows\System\erJCKav.exe
  2⤵
  PID:14052
- C:\Windows\System\iEocfwz.exe
  C:\Windows\System\iEocfwz.exe
  2⤵
  PID:14080
- C:\Windows\System\ICzgter.exe
  C:\Windows\System\ICzgter.exe
  2⤵
  PID:14108
- C:\Windows\System\AWhZrQo.exe
  C:\Windows\System\AWhZrQo.exe
  2⤵
  PID:14124
- C:\Windows\System\hkwKxDY.exe
  C:\Windows\System\hkwKxDY.exe
  2⤵
  PID:14164
- C:\Windows\System\EDMNNud.exe
  C:\Windows\System\EDMNNud.exe
  2⤵
  PID:14192
- C:\Windows\System\jUDmTQv.exe
  C:\Windows\System\jUDmTQv.exe
  2⤵
  PID:14224
- C:\Windows\System\geSVaJc.exe
  C:\Windows\System\geSVaJc.exe
  2⤵
  PID:14248
- C:\Windows\System\dHTRIXz.exe
  C:\Windows\System\dHTRIXz.exe
  2⤵
  PID:14276
- C:\Windows\System\zuBkeyE.exe
  C:\Windows\System\zuBkeyE.exe
  2⤵
  PID:14308
- C:\Windows\System\xQSHfWG.exe
  C:\Windows\System\xQSHfWG.exe
  2⤵
  PID:13092
- C:\Windows\System\GseAmEJ.exe
  C:\Windows\System\GseAmEJ.exe
  2⤵
  PID:13372
- C:\Windows\System\JUIcbfQ.exe
  C:\Windows\System\JUIcbfQ.exe
  2⤵
  PID:13452
- C:\Windows\System\IJgRwGY.exe
  C:\Windows\System\IJgRwGY.exe
  2⤵
  PID:13516
- C:\Windows\System\BNhKIEV.exe
  C:\Windows\System\BNhKIEV.exe
  2⤵
  PID:13588
- C:\Windows\System\CQMDCUQ.exe
  C:\Windows\System\CQMDCUQ.exe
  2⤵
  PID:13648
- C:\Windows\System\LOXGYhW.exe
  C:\Windows\System\LOXGYhW.exe
  2⤵
  PID:13712
- C:\Windows\System\aLItpyU.exe
  C:\Windows\System\aLItpyU.exe
  2⤵
  PID:2528
- C:\Windows\System\ibZusiq.exe
  C:\Windows\System\ibZusiq.exe
  2⤵
  PID:13784
- C:\Windows\System\UjwrOra.exe
  C:\Windows\System\UjwrOra.exe
  2⤵
  PID:13848
- C:\Windows\System\qreuYLm.exe
  C:\Windows\System\qreuYLm.exe
  2⤵
  PID:13908
- C:\Windows\System\TosAgwH.exe
  C:\Windows\System\TosAgwH.exe
  2⤵
  PID:13980
- C:\Windows\System\PUorgqS.exe
  C:\Windows\System\PUorgqS.exe
  2⤵
  PID:14044
- C:\Windows\System\SYNfreB.exe
  C:\Windows\System\SYNfreB.exe
  2⤵
  PID:14100
- C:\Windows\System\yOUPKuA.exe
  C:\Windows\System\yOUPKuA.exe
  2⤵
  PID:14176
- C:\Windows\System\iLrExGL.exe
  C:\Windows\System\iLrExGL.exe
  2⤵
  PID:14236
- C:\Windows\System\LsHqluQ.exe
  C:\Windows\System\LsHqluQ.exe
  2⤵
  PID:14304
- C:\Windows\System\GOSkJGW.exe
  C:\Windows\System\GOSkJGW.exe
  2⤵
  PID:13400
- C:\Windows\System\CvIanCE.exe
  C:\Windows\System\CvIanCE.exe
  2⤵
  PID:13572
- C:\Windows\System\rHYwOTj.exe
  C:\Windows\System\rHYwOTj.exe
  2⤵
  PID:13708
- C:\Windows\System\oPjXibw.exe
  C:\Windows\System\oPjXibw.exe
  2⤵
  PID:13812
- C:\Windows\System\XvsdcDz.exe
  C:\Windows\System\XvsdcDz.exe
  2⤵
  PID:13960
- C:\Windows\System\iqIJUFt.exe
  C:\Windows\System\iqIJUFt.exe
  2⤵
  PID:14096
- C:\Windows\System\gRWEvwt.exe
  C:\Windows\System\gRWEvwt.exe
  2⤵
  PID:14268
- C:\Windows\System\zCpDsmi.exe
  C:\Windows\System\zCpDsmi.exe
  2⤵
  PID:13512
- C:\Windows\System\xOtajSA.exe
  C:\Windows\System\xOtajSA.exe
  2⤵
  PID:13764
- C:\Windows\System\VTrbMfQ.exe
  C:\Windows\System\VTrbMfQ.exe
  2⤵
  PID:14160
- C:\Windows\System\dqVtezy.exe
  C:\Windows\System\dqVtezy.exe
  2⤵
  PID:13700
- C:\Windows\System\ujFPhpW.exe
  C:\Windows\System\ujFPhpW.exe
  2⤵
  PID:13684
- C:\Windows\System\vpFFkYv.exe
  C:\Windows\System\vpFFkYv.exe
  2⤵
  PID:14352
- C:\Windows\System\XOTjWdM.exe
  C:\Windows\System\XOTjWdM.exe
  2⤵
  PID:14380

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BmLWqIn.exe

Filesize
2.1MB

MD5
0a77a2d7f6c912bde46ea15233e46a38

SHA1
bba84afbccf4715d04e5f21378908f31c0ef8e84

SHA256
acb00dde3959a5d34f9c4afd13aaf34e0079691dacd9dc939dd444ce5d174a24

SHA512
7e3e45a78430dee09c5a5d586a90af818cfb26efdef23be208bf403cd0a44f917f1d8475124cb4ef63c606fbd264fae33e8464f0e8f4bda81b57ffff091122c6

Download Submit
C:\Windows\System\DwhcfYN.exe

Filesize
2.1MB

MD5
90ca767dd247aac429fdfea85eb342c3

SHA1
c51732c1be048f4387a8494a781d2fd4bfc05f56

SHA256
44f2af713b34766ced138c67725148061134241907093cb8b54c6cc2bd2899df

SHA512
c550b50516685e0922d0a04802dd72e1134c8e7126dbfbb38079205e69618b5fbfd34d4c63c3aa7abfc3897e4c3760e7849d7fb3c2b461eb4560e3b0c14be20f

Download Submit
C:\Windows\System\ESHiALQ.exe

Filesize
2.1MB

MD5
04abb549be002ee54cf10161768441a0

SHA1
cdd92f2e5e6130fc424e86cc622a7ea4f2c4c724

SHA256
2cbd639d5ef31b5a8838c04525689428b9ac3fbf9c409f4fb471c1d5aa5870fe

SHA512
37d102ce9960fc4d346b5287ae98831631d0bc5d0b988a893ac171615cda4fbf53715c2a20a4070102b87e2aeac9c31395434c48e27131a481163a34a7236366

Download Submit
C:\Windows\System\GJfCDXW.exe

Filesize
2.1MB

MD5
14d473a4f13ca833fa49d7b254e58f6b

SHA1
2f1b7d9c8098d86d13f88a24370f29656cdf6ae6

SHA256
ebdf2fa482898e48a3e87c9f30c342e6a6ed194af889defcf9bb0ef590eb2a17

SHA512
3ff3149b7efdd64a1aaecb799e3c2313a9528b1165d12d724c518be506531152824895814084d6c7f3523728686043741d252602655a3f143632dcffce1874db

Download Submit
C:\Windows\System\JzviHUp.exe

Filesize
2.1MB

MD5
cd4da539fd36acff3c1c7e8dc1bef333

SHA1
255f82a4ed79246cf9891557d028bf34f54c350d

SHA256
b26419a6fcacd10e1e5f1b36ef6029d271ca056638a6c2288802f45664489ad1

SHA512
200101e0411dbddc26ad17750d9c59c31852c02e435130f8e118903a1d1e65069c5581d5bbc460c31b59f55d0980137752ac4fd8eed1f805a08bcc93c384978a

Download Submit
C:\Windows\System\KJXHnTf.exe

Filesize
2.1MB

MD5
f9110988f997063b7de5e106290ab62e

SHA1
18447635229f0f50ea927d79dfcd3533f36164e4

SHA256
243d0212e6c66a81d97fd74709ed8981b8b64e946f3c0e0b276be0be5a0c7450

SHA512
01cb94377287cf0821f78a79de6ee1cf015b456fa591403e02e14d113a7177cb08ab75e0819d4f64829f18b2084373396f1b69e2786bf987b24bf6b249d6ae01

Download Submit
C:\Windows\System\KVyXfAv.exe

Filesize
2.1MB

MD5
e9c398a7026c3dd9908e90813723e3b7

SHA1
fdc254d5d945df18e5af4cb9a9777d580e4e5b73

SHA256
3ffeed06cc5461ff86c511cc33ea3c91278b5fd3cb339f69eee1ee180eb9d6da

SHA512
f90fc6bc2bb64fea734824c7a44697373af8fcc4ab2cb8e904c6482ea58e0529b5b26fe9bdfac6c840985163b669901b37144e06e1580c787553b230665eee55

Download Submit
C:\Windows\System\KXtwktI.exe

Filesize
2.1MB

MD5
c40576b2c1876797c052169563921a8c

SHA1
cfc6575b4fe53918df5c835b6df2949f8fa691e5

SHA256
96a241267607acb07cc23ad063fdbe8e8755e6e05e9b6aa98e29d785ef7708b1

SHA512
96f7f2aa41a651e7f08395563d32c0d74fe1af37588c5edd164634b80d2488a800541824825abb27bf2fcd24187d7d2882c7d4caef779318f41cdc951ca84d91

Download Submit
C:\Windows\System\LbfARMa.exe

Filesize
2.1MB

MD5
6b0b9a7758198fa818953c6edb72ef90

SHA1
ecc33f5e94f9bfe8ef54d586b1d72453b5c0b48b

SHA256
c88306cd251c908f6605f022ff5a360430457b88a7440422b21ee54a7b818eb1

SHA512
fef9e8bdf4be51d9917e72f7a7ed6b653359ad38b7f49c73a1cf091ac8b77803b2164bc5e9e3696d2a8109cc74f2fc88282076ecc88eb51db01903425758a168

Download Submit
C:\Windows\System\MrENyWr.exe

Filesize
2.1MB

MD5
5964c4882a51cfa774fe006a55db98a8

SHA1
8fdfe9783e6e5cc584bf7d1eeb3fceb659e0de77

SHA256
db0fb1cef72a2e472f1f16bb3edc9d09e1335ec32794967805a545fdab7fd2a7

SHA512
01aff8af72ad488a4afff174543897db9d8a4ec47c741c757cdecd1755e7686b94a60150bd16e3d92b1e3d932b6722bc99f6dc317c8009527c6a2da4a0570095

Download Submit
C:\Windows\System\NMzliCz.exe

Filesize
2.1MB

MD5
084b42a32b40466f6fe657f4612ab27f

SHA1
7bfe34aecc4b812e18d557f20e714f122f3930aa

SHA256
392b3c1abf0ea16e576adef4a9055287eaf417f9a98634a0992020a6e071f4d6

SHA512
1896cdbd44eb3c791164e576a9deb3ce6ede5402dd43406ae4bbaabf2da1c4487aeae6a59b8829621117b3522faa1f9bce2ee612777e886cdc4568ad54c08341

Download Submit
C:\Windows\System\OaYLsHs.exe

Filesize
2.1MB

MD5
781e7cce210c7d18fb366880b60da026

SHA1
86a496c1053d7877e5b45cb7c54535db4ef41a63

SHA256
7ca19bfd55c22f1a22e9016c09e10703fb01662001a503042cf208d8090d5f85

SHA512
7447cf8265577f49d1709d14210ac40ba0533c5dd15dc62391c74f0bac4209d258ecd43a5ff893243bc9c0c6e3ced3899984baa250e57f0162047dae5b8061bd

Download Submit
C:\Windows\System\OhKUuxG.exe

Filesize
2.1MB

MD5
5ebed06d95f1b11329867caa939352ac

SHA1
6272c8f56a7214ac2e906c55cfada0ffa79e7553

SHA256
534c2ce288109dcb71fa6565f39c999d4c92569e01d99d9f6da04eb4deedb386

SHA512
1dbe431077af32015f683c40ceb464a9f6694e18656777b47721825399b8c53405a5edd897d712eaa80586bde192f5c58cc15ae0863ee99aff9dc78655d051ea

Download Submit
C:\Windows\System\TVfEyHH.exe

Filesize
2.1MB

MD5
b56ac6364d7204181182c5d3b3ce52d4

SHA1
b24ddec58125b25dd1a1148a5dcff7837295aff8

SHA256
2e3cfa23ba3855d8efb2a9913977f563027e59df3e868e706bf458b4735f730d

SHA512
0d03ad89e6d0b6364cf950e871ced657c3309a2585b21476b2d7d78f4231dc77fe98889d7e24831d9f2a4299957f6d3a665955034a00a40bc192b3a212543568

Download Submit
C:\Windows\System\VkfVlWd.exe

Filesize
2.1MB

MD5
8c7975a58a2982af9161567f5946c079

SHA1
1d7c25fb8540486eb40d9a626f89573d30b7a6fe

SHA256
dd6aced3181f363083206af095d3672489cda3d93556aa4d9e6204190e9adbd5

SHA512
14f69affc8009531663d73cbc32a37d80cf4e57cc49e543103ccd89342ccc66b88d1c228ee0ce132f3d3f9f52e98c45e0e14e5d4467a032f54f7946f997a5b99

Download Submit
C:\Windows\System\WCtXOgH.exe

Filesize
2.1MB

MD5
89baf562a4d9484c684bf07fb9e68188

SHA1
94c590a998668c7e2268dbc04c7db2abd9729e8f

SHA256
258df515787741104c473efd8f523ca6013ed0cb3dfd0804ee2d61ef0461bc29

SHA512
f65f1c6fcc8c0684cade81afd86e7c3b853e5bad9bd00a2dc58d000d784bacb1f2d015004d179cb9fa6eed84c473a69cdebddf189a3fceefc520e35144e91122

Download Submit
C:\Windows\System\WNVCYrT.exe

Filesize
2.1MB

MD5
3c4c7a48eb47f26c0527632ac43486c6

SHA1
990f7f7b072337722eaf1a3d24b598dfa176c7f5

SHA256
e32b96a96e62bb50a543d7ea0f8227395d709a028cb6ff52f64984235e5404e9

SHA512
1c74f90b6e6db1b6bd087adacf2e918c864f5706f1675e2aaef367061615a495b38cc947f9e9103c052960c8501b35d79f9cd5cf97ffc91804907379180ef222

Download Submit
C:\Windows\System\WkAvRBy.exe

Filesize
2.1MB

MD5
8c15fb725faa266bc79cbc551a58786d

SHA1
b239904a1ed5d6205b116fc5e8d024ae9ddbc318

SHA256
9be945301a55a5d2733c4bb526d03db208ff00be308f69f9f954c1ef639b094b

SHA512
bf93b35dcfbcaadece68a9c8ef24fc648d2bd6089b74e99d3d8bd6d30de14790a9f136744249fd668a9cec0cc0904305cebb98bee56dc18ac22a4b8d7b202751

Download Submit
C:\Windows\System\ZCbQQGG.exe

Filesize
2.1MB

MD5
1e70836be902f0ad0a39d11fa4d0a587

SHA1
db4fe9949c2fe86ff5b5516d6054321af7fd584f

SHA256
0597092d7586dc6274a3e86e1975766675f8c2618efaa645800d0edd3563a4f2

SHA512
299b06d8b62bd15010bc954731e11169087de9771c5ea71d9f1db7218e5a944b4d974630c9811d0e32d263bd0a3404acfc4154ef7dc54abd22a54f13d1ddfd5b

Download Submit
C:\Windows\System\ZnZbyVC.exe

Filesize
2.1MB

MD5
39660fb1c275fb7f30c32110f40c7b3a

SHA1
b64a4920c8fc5bca7e4f53b579bb131136a6b1fc

SHA256
e72b0cc6d37c090a3b8b321d60c1f00b1209390854b199c20fcb43f36cabdc82

SHA512
3ca7d25ee2b2a7ff0ee0f210c3d58e8b8599cc822e411440b9f4bd6587114a04b684af186cedb05ce5210cc57c1252763ebf10dd453af2b01fbcfde4393ee448

Download Submit
C:\Windows\System\aAzKRzf.exe

Filesize
2.1MB

MD5
bec13ac84dccc139910d3bd8a8afa9b3

SHA1
70e00b87cbfcf6119ed264334ecfe026e4670164

SHA256
2dbe7c8a789faaa5419e34fdf967688d5dec55e10a8c7380e0952cc2fe3296ed

SHA512
75e680198cd4a506775bb9a39f86d626e8bc6710823c39715ae904cda36a43b0e79348ef5448854682d173779b2604a13b9810f7e1e5019d6bb1698133553a2b

Download Submit
C:\Windows\System\dCZBGWC.exe

Filesize
2.1MB

MD5
08907d528250711a657ad4f426b2e129

SHA1
d89152c01f1df657e49be95f4741d29ce81f88bd

SHA256
b7fdd2f4af7131ba8b9a01d933aae98aa66f6f32314a440600d85223926e7e9b

SHA512
7846da9c76870ce51022d417db9fe8c71cf590f5d6895eebf67848bce841e44e36de9660cef54886b616bad86348698915917dcb11e065ae104d0cd258e9240a

Download Submit
C:\Windows\System\dhBhLLO.exe

Filesize
2.1MB

MD5
29cd29f0b3d1dbb7713b3746d56b8dca

SHA1
44552c0023cf7a4638842f1524b76f38b2eec150

SHA256
0e5ba21803890a0868f5e72a1bbe70d43cdebcd69428982ca4cfaf6affad09b8

SHA512
e13de5f5d8cb24f8c1e93f4d96a6c5ec40c22fef79d1ef65e5f84ca5e683bf08cff72038faf77578572d77f64503664ff35bc48cfc5d98272398b021840e0dcb

Download Submit
C:\Windows\System\eNdlGks.exe

Filesize
2.1MB

MD5
c5e2a06a48cd06ed3e37a15cb06c2ddd

SHA1
3e0ec1f6e004337c303196a3666b92c3f8564ea2

SHA256
20038de19965a2a5bf713dd5e421353ce3c291b7d193d8bb07229426885f772d

SHA512
5b13879004f6b80d4c73d52e62a5aaea4fee25038905c362318a08f5c4b3271643a6c2472ede3874f702e296cb710591cabe0998156931304a21e7af5d475e69

Download Submit
C:\Windows\System\jrMfHfG.exe

Filesize
2.1MB

MD5
83f4ea9997fa91add0193d702b21e4c5

SHA1
4b9167a829b2e53f303241282504176481dd6ba3

SHA256
20055c780b039e33699120b73c4854376c466f03465452f53e99b95b0f854fd3

SHA512
210501b2aced9a88e58eac12d29628926a85d853004124eddc873d050055c266a819fae4c64a3c70306baa026340b89c1ad0cacc4d702720d9e52175abb75ef5

Download Submit
C:\Windows\System\jtpcgzH.exe

Filesize
2.1MB

MD5
2a7c1a687cbcde4266fc4d1306405e62

SHA1
48e9d72a20fa6b74a57e6156b9237ad408302a4b

SHA256
0206bb32e7de57d1da975930ad62c0852be6574702183df16bb7c2605e785197

SHA512
4ba5aa3ddf5d9292cfe417bf77e06d258f3ee1d77d10b274936e6e9590bb6ed15653a5e9a90492b11181d5a1f2f347f38d2dd8ff71654f4f3379a33cf817f2cd

Download Submit
C:\Windows\System\kKsmdww.exe

Filesize
2.1MB

MD5
b5560492137c59a68e8c7010a5135475

SHA1
6a5941e671955df21edf867df422039b5bff33fe

SHA256
420bf824cb4573f340ed95f54d55dddba39b3639da9b22ed53fe4645a9c1990a

SHA512
307a501e1620ca20af42082eef410098c351e6ffa9532a0e49cb88e466a4227d88aeebdb323707ab9ad48ec398c6367793b8db6074bf74a8161d1ddab92faf58

Download Submit
C:\Windows\System\ktrMfjB.exe

Filesize
2.1MB

MD5
7c60b4a66faac83007cf25278c007004

SHA1
248dcb9daa19095ae103f6770d62a873be55e52d

SHA256
dd4d9fcd4c74d9d87fb4f00296c59d861f0be33cd574ecfc6510761473b2c8b6

SHA512
5fe99c563bec8f2eba1dd1d1b9c0d9217b5cc953d3a58ff6f5d83122c980b72b9b4a91f6b3820aaebb78d6fcbcac37b622894f83e8ab904986f57cc20c0c4eeb

Download Submit
C:\Windows\System\nXmtuAV.exe

Filesize
2.1MB

MD5
501739836a809dae773007a6be37021f

SHA1
80afad20bb53424d42546312e5a3ccca737b1369

SHA256
a2083503485f5d07125af4c7e44eb626c84047805d3a80b837ebb1b74ae71e8c

SHA512
5fe4f782d2ebe6ce8d924f0465899ba077da5b233610d5e256a9c903718e6e73b8bc02e6ceb0b08dfb0c3171d45751e400a3800b8f10e45800670ba5db588b78

Download Submit
C:\Windows\System\pnUTLoK.exe

Filesize
2.1MB

MD5
63b58d532855e6d036ecd1721004b4ac

SHA1
e25164dc8d668dff38a40c7bf952a4bfcbabaa75

SHA256
343ea495412fe4e689c94c6265de2809d4647de112066265c150a3a48bdf8846

SHA512
9408bbcb67f23773e577ff43c2fa32eb08179207e85804231bbd39337a5747cb2dae6dc2de04e32d26a7a9c78dd2bced9fcc0ebdb3f8056292aa170917b42037

Download Submit
C:\Windows\System\rVPJnya.exe

Filesize
2.1MB

MD5
a928f9f6583ff3b2f83d799d780b1d15

SHA1
b983a53b6d04ba403cc2e9f825f594b36548338f

SHA256
0f47696b553476f35616d7a56c7e36d3095dfe701c98c3e8988513d81c7c4092

SHA512
e2e4dd9b5e1441fbbe0c991756e9e4e4d74ae54fa295b6d008debe138c30c0781189ea4e085ea36119a1fade79c43c66295b23874e550c3a83e40495583565a3

Download Submit
C:\Windows\System\sqUVDGC.exe

Filesize
2.1MB

MD5
b208ee2b3d82066f11d521d55659a19f

SHA1
ec23c4082d4da6c8aa469d7315b0c335223a9ba1

SHA256
c631c69a3b2b291b2c0ef75cde36034ec924a76ac959ebc24d339c9f0cc9e237

SHA512
30a219807c34124185ea28f1c415760abf1588f328b3b60bd3c35a0d1c2993c085a62fc65c0b99103c4999f62b8c3dccb5d4e00eb865923799228e08c9b017eb

Download Submit
C:\Windows\System\vMgrKsq.exe

Filesize
2.1MB

MD5
f13a9df9a74b80400a55cb2c022d8328

SHA1
d612d856a566960e9fe4d63aa3cd179eec92179a

SHA256
f0217c54640f8ddfa9feff037711b5a174d86c0bd5b724af43cd25a82a2db674

SHA512
89f92aa063e5f1f5107838dd8bfe6869d2cc60a3e51980f4c4b91d3f8559ce47025fb9ec58ef63a9828f91189c2e8840ddddbc514125e368669e4a8d16083a00

Download Submit
C:\Windows\System\xeHKnyK.exe

Filesize
2.1MB

MD5
beb96028bdbceb2a15ab1f4a461719ae

SHA1
d1838a95d9654597dcda7a289409bcb6766d84f8

SHA256
efe1a06541c4c93fa44b1d3e8d4cf5d82cf36d1b03868bd990237dac0ead9abe

SHA512
3b08918f47f777b4dadbe90beee48ea2b8b25025d134ece8f7e0439d41986faf92ccb0f9361f89bcb8f3079b737df55e197b63a90f991b98b9eb6fdaf2be78f2

Download Submit
C:\Windows\System\yxLHapW.exe

Filesize
2.1MB

MD5
9b364184725fff053d0300eb4331813c

SHA1
8774df8be816fbc88d359d86ee98050e0d9ba957

SHA256
8e99556f5040916e55b8e4e9947608d6276ad8d86f9e7d578f1ddf5c8eca079d

SHA512
8b73c52d96311e58b5e3eef0b3feabb8e88ebd137f6d67b2e5fdf8a140ae032cf1584f1e4665ddf4b322fc5ecc8b1149d43a4cc0c17bb7ed03c982bba000a4de

Download Submit
C:\Windows\System\zfMndpW.exe

Filesize
2.1MB

MD5
bc302404015ca08e556fa4eb603567e7

SHA1
fb8e2d1b811d6a4c8e2028f1caed846e2e14b6db

SHA256
067f94d99a0154ba146192dd78d321477b217b6045ec74cf355c816549648519

SHA512
7d954847abfecb107180fb0409a97e6cf6570e811a50994beeb18f19a4eadf7ce839a6a28861d4733d298915e96b8e513320f8af68176afcf81a8517b7827a23

Download Submit
memory/392-2112-0x00007FF7985E0000-0x00007FF798934000-memory.dmp

Filesize
3.3MB

Download
memory/392-199-0x00007FF7985E0000-0x00007FF798934000-memory.dmp

Filesize
3.3MB

Download
memory/404-2089-0x00007FF7B44B0000-0x00007FF7B4804000-memory.dmp

Filesize
3.3MB

Download
memory/404-36-0x00007FF7B44B0000-0x00007FF7B4804000-memory.dmp

Filesize
3.3MB

Download
memory/412-208-0x00007FF622560000-0x00007FF6228B4000-memory.dmp

Filesize
3.3MB

Download
memory/412-2114-0x00007FF622560000-0x00007FF6228B4000-memory.dmp

Filesize
3.3MB

Download
memory/440-154-0x00007FF65CAF0000-0x00007FF65CE44000-memory.dmp

Filesize
3.3MB

Download
memory/440-2100-0x00007FF65CAF0000-0x00007FF65CE44000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2094-0x00007FF6DEA70000-0x00007FF6DEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-85-0x00007FF6DEA70000-0x00007FF6DEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2084-0x00007FF6DEA70000-0x00007FF6DEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1016-2107-0x00007FF6EC3F0000-0x00007FF6EC744000-memory.dmp

Filesize
3.3MB

Download
memory/1016-2085-0x00007FF6EC3F0000-0x00007FF6EC744000-memory.dmp

Filesize
3.3MB

Download
memory/1016-112-0x00007FF6EC3F0000-0x00007FF6EC744000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2093-0x00007FF61C6A0000-0x00007FF61C9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2080-0x00007FF61C6A0000-0x00007FF61C9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-63-0x00007FF61C6A0000-0x00007FF61C9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1188-213-0x00007FF686DA0000-0x00007FF6870F4000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2095-0x00007FF686DA0000-0x00007FF6870F4000-memory.dmp

Filesize
3.3MB

Download
memory/1296-2083-0x00007FF722D10000-0x00007FF723064000-memory.dmp

Filesize
3.3MB

Download
memory/1296-2106-0x00007FF722D10000-0x00007FF723064000-memory.dmp

Filesize
3.3MB

Download
memory/1296-137-0x00007FF722D10000-0x00007FF723064000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2108-0x00007FF64E6A0000-0x00007FF64E9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-215-0x00007FF64E6A0000-0x00007FF64E9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-2103-0x00007FF602280000-0x00007FF6025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-2082-0x00007FF602280000-0x00007FF6025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-108-0x00007FF602280000-0x00007FF6025D4000-memory.dmp

Filesize
3.3MB

Download
memory/1576-2078-0x00007FF638570000-0x00007FF6388C4000-memory.dmp

Filesize
3.3MB

Download
memory/1576-26-0x00007FF638570000-0x00007FF6388C4000-memory.dmp

Filesize
3.3MB

Download
memory/1576-2088-0x00007FF638570000-0x00007FF6388C4000-memory.dmp

Filesize
3.3MB

Download
memory/1588-212-0x00007FF7B1BE0000-0x00007FF7B1F34000-memory.dmp

Filesize
3.3MB

Download
memory/1588-2097-0x00007FF7B1BE0000-0x00007FF7B1F34000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2099-0x00007FF63FCA0000-0x00007FF63FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-152-0x00007FF63FCA0000-0x00007FF63FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-209-0x00007FF729340000-0x00007FF729694000-memory.dmp

Filesize
3.3MB

Download
memory/1892-2111-0x00007FF729340000-0x00007FF729694000-memory.dmp

Filesize
3.3MB

Download
memory/1908-183-0x00007FF71A1C0000-0x00007FF71A514000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2101-0x00007FF71A1C0000-0x00007FF71A514000-memory.dmp

Filesize
3.3MB

Download
memory/1960-211-0x00007FF7F29F0000-0x00007FF7F2D44000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2092-0x00007FF7F29F0000-0x00007FF7F2D44000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2104-0x00007FF695010000-0x00007FF695364000-memory.dmp

Filesize
3.3MB

Download
memory/2128-198-0x00007FF695010000-0x00007FF695364000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2090-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp

Filesize
3.3MB

Download
memory/3184-210-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2087-0x00007FF74EF50000-0x00007FF74F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2077-0x00007FF74EF50000-0x00007FF74F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-9-0x00007FF74EF50000-0x00007FF74F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3412-1-0x000001AAE0E90000-0x000001AAE0EA0000-memory.dmp

Filesize
64KB

Download
memory/3412-2076-0x00007FF6FF660000-0x00007FF6FF9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3412-0-0x00007FF6FF660000-0x00007FF6FF9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-216-0x00007FF6AA810000-0x00007FF6AAB64000-memory.dmp

Filesize
3.3MB

Download
memory/3528-2110-0x00007FF6AA810000-0x00007FF6AAB64000-memory.dmp

Filesize
3.3MB

Download
memory/3812-2109-0x00007FF6C69D0000-0x00007FF6C6D24000-memory.dmp

Filesize
3.3MB

Download
memory/3812-203-0x00007FF6C69D0000-0x00007FF6C6D24000-memory.dmp

Filesize
3.3MB

Download
memory/3868-2105-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3868-176-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-207-0x00007FF67AE20000-0x00007FF67B174000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2113-0x00007FF67AE20000-0x00007FF67B174000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2079-0x00007FF7022A0000-0x00007FF7025F4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2091-0x00007FF7022A0000-0x00007FF7025F4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-55-0x00007FF7022A0000-0x00007FF7025F4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-204-0x00007FF7B1FB0000-0x00007FF7B2304000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2086-0x00007FF7B1FB0000-0x00007FF7B2304000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2115-0x00007FF7B1FB0000-0x00007FF7B2304000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2098-0x00007FF680CC0000-0x00007FF681014000-memory.dmp

Filesize
3.3MB

Download
memory/4732-82-0x00007FF680CC0000-0x00007FF681014000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2081-0x00007FF680CC0000-0x00007FF681014000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2102-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-214-0x00007FF68FFA0000-0x00007FF6902F4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2096-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp

Filesize
3.3MB

Download
memory/4936-138-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads