xmrig | 4b557479c5e3b4a070f47f30135f95f9c0b8696b21b7ce282f8d4533507fea72

Analysis

max time kernel
119s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
Size

2.0MB
MD5

eff6695ef7ebf62f1e0726b04bc76fe0
SHA1

f2cee98a8cfbbb91445e46287e08cfe9ad6f9f5c
SHA256

4b557479c5e3b4a070f47f30135f95f9c0b8696b21b7ce282f8d4533507fea72
SHA512

34d7a3b988850d3216b1b0d0e74a8f59a59efd370f80c43a38710fdb5ddfd47695efed841c03e5500d5f3ce0c4f30fe46471504686ebcffe0bcbd6a7390d237e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQwNGx5c5Lmg9pR:BemTLkNdfE0pZrQW

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1484-0-0x00007FF674E70000-0x00007FF6751C4000-memory.dmp	xmrig
behavioral2/files/0x0006000000023298-5.dat	xmrig
behavioral2/files/0x0007000000023422-8.dat	xmrig
behavioral2/memory/448-9-0x00007FF6E6390000-0x00007FF6E66E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-22.dat	xmrig
behavioral2/files/0x0007000000023425-23.dat	xmrig
behavioral2/files/0x0007000000023426-34.dat	xmrig
behavioral2/files/0x0007000000023427-39.dat	xmrig
behavioral2/files/0x000700000002342b-54.dat	xmrig
behavioral2/files/0x000700000002342a-53.dat	xmrig
behavioral2/files/0x000700000002342c-61.dat	xmrig
behavioral2/files/0x0007000000023430-84.dat	xmrig
behavioral2/files/0x0007000000023432-98.dat	xmrig
behavioral2/files/0x000700000002343a-135.dat	xmrig
behavioral2/files/0x0007000000023443-164.dat	xmrig
behavioral2/memory/2840-177-0x00007FF65A710000-0x00007FF65AA64000-memory.dmp	xmrig
behavioral2/memory/2864-184-0x00007FF71C470000-0x00007FF71C7C4000-memory.dmp	xmrig
behavioral2/memory/3592-190-0x00007FF6B0F60000-0x00007FF6B12B4000-memory.dmp	xmrig
behavioral2/memory/4604-197-0x00007FF6B2C00000-0x00007FF6B2F54000-memory.dmp	xmrig
behavioral2/memory/1540-200-0x00007FF73DB30000-0x00007FF73DE84000-memory.dmp	xmrig
behavioral2/memory/3832-199-0x00007FF651160000-0x00007FF6514B4000-memory.dmp	xmrig
behavioral2/memory/4740-198-0x00007FF76DC30000-0x00007FF76DF84000-memory.dmp	xmrig
behavioral2/memory/3600-196-0x00007FF658C10000-0x00007FF658F64000-memory.dmp	xmrig
behavioral2/memory/5276-195-0x00007FF716930000-0x00007FF716C84000-memory.dmp	xmrig
behavioral2/memory/4172-194-0x00007FF658DA0000-0x00007FF6590F4000-memory.dmp	xmrig
behavioral2/memory/3208-193-0x00007FF66C270000-0x00007FF66C5C4000-memory.dmp	xmrig
behavioral2/memory/3884-192-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp	xmrig
behavioral2/memory/5440-191-0x00007FF692C10000-0x00007FF692F64000-memory.dmp	xmrig
behavioral2/memory/5332-189-0x00007FF7DC9A0000-0x00007FF7DCCF4000-memory.dmp	xmrig
behavioral2/memory/3224-188-0x00007FF75BEA0000-0x00007FF75C1F4000-memory.dmp	xmrig
behavioral2/memory/1168-187-0x00007FF79C320000-0x00007FF79C674000-memory.dmp	xmrig
behavioral2/memory/5112-186-0x00007FF6C6FC0000-0x00007FF6C7314000-memory.dmp	xmrig
behavioral2/memory/4592-185-0x00007FF69AC80000-0x00007FF69AFD4000-memory.dmp	xmrig
behavioral2/memory/5684-183-0x00007FF725460000-0x00007FF7257B4000-memory.dmp	xmrig
behavioral2/memory/1236-182-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp	xmrig
behavioral2/memory/2092-181-0x00007FF770770000-0x00007FF770AC4000-memory.dmp	xmrig
behavioral2/memory/5240-180-0x00007FF754330000-0x00007FF754684000-memory.dmp	xmrig
behavioral2/memory/3124-178-0x00007FF73CEE0000-0x00007FF73D234000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-170.dat	xmrig
behavioral2/files/0x000700000002343b-168.dat	xmrig
behavioral2/memory/5200-167-0x00007FF6AAD20000-0x00007FF6AB074000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-165.dat	xmrig
behavioral2/files/0x0007000000023442-163.dat	xmrig
behavioral2/files/0x0007000000023441-162.dat	xmrig
behavioral2/files/0x0007000000023440-161.dat	xmrig
behavioral2/files/0x000700000002343f-160.dat	xmrig
behavioral2/memory/4256-159-0x00007FF728890000-0x00007FF728BE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343d-153.dat	xmrig
behavioral2/files/0x0007000000023439-130.dat	xmrig
behavioral2/files/0x0007000000023438-125.dat	xmrig
behavioral2/files/0x0007000000023437-120.dat	xmrig
behavioral2/files/0x0007000000023436-115.dat	xmrig
behavioral2/files/0x0007000000023435-110.dat	xmrig
behavioral2/files/0x0007000000023434-105.dat	xmrig
behavioral2/files/0x0007000000023433-100.dat	xmrig
behavioral2/files/0x0007000000023431-96.dat	xmrig
behavioral2/files/0x000700000002342f-80.dat	xmrig
behavioral2/files/0x000700000002342e-75.dat	xmrig
behavioral2/files/0x000700000002342d-70.dat	xmrig
behavioral2/files/0x0007000000023429-60.dat	xmrig
behavioral2/memory/372-59-0x00007FF6ADDC0000-0x00007FF6AE114000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-44.dat	xmrig
behavioral2/memory/5048-26-0x00007FF720B00000-0x00007FF720E54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-24.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
448	PPlVSle.exe
1092	QrkgGtx.exe
5048	TrXZhuo.exe
4740	DDWGrsf.exe
372	ktZxEsL.exe
3832	AtctJFE.exe
4256	eSZirRW.exe
5200	wNKcyHf.exe
2840	rgPGpRT.exe
3124	XDUlHvU.exe
5240	rWOkJSw.exe
1540	CDgleJu.exe
2092	oenKsSb.exe
1236	PbGVYnO.exe
5684	aewywnn.exe
2864	JfoREIW.exe
4592	gTUyJgO.exe
5112	xTqcuLR.exe
1168	VPsbhAe.exe
3224	dxIhrBa.exe
5332	hjjWYAv.exe
3592	hJhQVcw.exe
5440	RNWRhRV.exe
3884	OhBPhvo.exe
3208	zcZcAyU.exe
4172	bQnVRvu.exe
5276	zrMbzNd.exe
3600	gTblkCe.exe
4604	JLLGyXn.exe
1892	IDsmZPD.exe
716	gGtWOOy.exe
5824	CppBdti.exe
2104	mFpZhar.exe
5904	LitNsVF.exe
3296	aZFleir.exe
1704	LMaytHF.exe
4004	sllKSQa.exe
1372	NVJPFFN.exe
688	opUljwK.exe
5724	usfmQbq.exe
2860	rnRNLrs.exe
1832	UShZkQU.exe
5044	JaHnxRy.exe
4380	gQZwDFb.exe
5524	SndzwZM.exe
2060	tBMXGgr.exe
1724	HQPpVEK.exe
2552	cFZDGbd.exe
3236	iuOaWVC.exe
8	KBattsA.exe
3696	OtScMqS.exe
3520	wdjiDAk.exe
5504	KDBLWLh.exe
976	odTtyTQ.exe
1728	tDfZvRA.exe
2748	OXiVkcW.exe
5156	MYnsKTf.exe
3252	hOitFqI.exe
2044	xHPuHaC.exe
5536	ChUwJGk.exe
5396	YbTJDfT.exe
1404	ssEXJmP.exe
1184	gRlskxw.exe
916	ZvcIPPV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1484-0-0x00007FF674E70000-0x00007FF6751C4000-memory.dmp	upx
behavioral2/files/0x0006000000023298-5.dat	upx
behavioral2/files/0x0007000000023422-8.dat	upx
behavioral2/memory/448-9-0x00007FF6E6390000-0x00007FF6E66E4000-memory.dmp	upx
behavioral2/files/0x0007000000023424-22.dat	upx
behavioral2/files/0x0007000000023425-23.dat	upx
behavioral2/files/0x0007000000023426-34.dat	upx
behavioral2/files/0x0007000000023427-39.dat	upx
behavioral2/files/0x000700000002342b-54.dat	upx
behavioral2/files/0x000700000002342a-53.dat	upx
behavioral2/files/0x000700000002342c-61.dat	upx
behavioral2/files/0x0007000000023430-84.dat	upx
behavioral2/files/0x0007000000023432-98.dat	upx
behavioral2/files/0x000700000002343a-135.dat	upx
behavioral2/files/0x0007000000023443-164.dat	upx
behavioral2/memory/2840-177-0x00007FF65A710000-0x00007FF65AA64000-memory.dmp	upx
behavioral2/memory/2864-184-0x00007FF71C470000-0x00007FF71C7C4000-memory.dmp	upx
behavioral2/memory/3592-190-0x00007FF6B0F60000-0x00007FF6B12B4000-memory.dmp	upx
behavioral2/memory/4604-197-0x00007FF6B2C00000-0x00007FF6B2F54000-memory.dmp	upx
behavioral2/memory/1540-200-0x00007FF73DB30000-0x00007FF73DE84000-memory.dmp	upx
behavioral2/memory/3832-199-0x00007FF651160000-0x00007FF6514B4000-memory.dmp	upx
behavioral2/memory/4740-198-0x00007FF76DC30000-0x00007FF76DF84000-memory.dmp	upx
behavioral2/memory/3600-196-0x00007FF658C10000-0x00007FF658F64000-memory.dmp	upx
behavioral2/memory/5276-195-0x00007FF716930000-0x00007FF716C84000-memory.dmp	upx
behavioral2/memory/4172-194-0x00007FF658DA0000-0x00007FF6590F4000-memory.dmp	upx
behavioral2/memory/3208-193-0x00007FF66C270000-0x00007FF66C5C4000-memory.dmp	upx
behavioral2/memory/3884-192-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp	upx
behavioral2/memory/5440-191-0x00007FF692C10000-0x00007FF692F64000-memory.dmp	upx
behavioral2/memory/5332-189-0x00007FF7DC9A0000-0x00007FF7DCCF4000-memory.dmp	upx
behavioral2/memory/3224-188-0x00007FF75BEA0000-0x00007FF75C1F4000-memory.dmp	upx
behavioral2/memory/1168-187-0x00007FF79C320000-0x00007FF79C674000-memory.dmp	upx
behavioral2/memory/5112-186-0x00007FF6C6FC0000-0x00007FF6C7314000-memory.dmp	upx
behavioral2/memory/4592-185-0x00007FF69AC80000-0x00007FF69AFD4000-memory.dmp	upx
behavioral2/memory/5684-183-0x00007FF725460000-0x00007FF7257B4000-memory.dmp	upx
behavioral2/memory/1236-182-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp	upx
behavioral2/memory/2092-181-0x00007FF770770000-0x00007FF770AC4000-memory.dmp	upx
behavioral2/memory/5240-180-0x00007FF754330000-0x00007FF754684000-memory.dmp	upx
behavioral2/memory/3124-178-0x00007FF73CEE0000-0x00007FF73D234000-memory.dmp	upx
behavioral2/files/0x000700000002343c-170.dat	upx
behavioral2/files/0x000700000002343b-168.dat	upx
behavioral2/memory/5200-167-0x00007FF6AAD20000-0x00007FF6AB074000-memory.dmp	upx
behavioral2/files/0x000700000002343e-165.dat	upx
behavioral2/files/0x0007000000023442-163.dat	upx
behavioral2/files/0x0007000000023441-162.dat	upx
behavioral2/files/0x0007000000023440-161.dat	upx
behavioral2/files/0x000700000002343f-160.dat	upx
behavioral2/memory/4256-159-0x00007FF728890000-0x00007FF728BE4000-memory.dmp	upx
behavioral2/files/0x000700000002343d-153.dat	upx
behavioral2/files/0x0007000000023439-130.dat	upx
behavioral2/files/0x0007000000023438-125.dat	upx
behavioral2/files/0x0007000000023437-120.dat	upx
behavioral2/files/0x0007000000023436-115.dat	upx
behavioral2/files/0x0007000000023435-110.dat	upx
behavioral2/files/0x0007000000023434-105.dat	upx
behavioral2/files/0x0007000000023433-100.dat	upx
behavioral2/files/0x0007000000023431-96.dat	upx
behavioral2/files/0x000700000002342f-80.dat	upx
behavioral2/files/0x000700000002342e-75.dat	upx
behavioral2/files/0x000700000002342d-70.dat	upx
behavioral2/files/0x0007000000023429-60.dat	upx
behavioral2/memory/372-59-0x00007FF6ADDC0000-0x00007FF6AE114000-memory.dmp	upx
behavioral2/files/0x0007000000023428-44.dat	upx
behavioral2/memory/5048-26-0x00007FF720B00000-0x00007FF720E54000-memory.dmp	upx
behavioral2/files/0x0007000000023423-24.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eolSSZQ.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\xMUzlDd.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\AkrHyXV.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\ZZSsTZZ.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\YLKdFqa.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\vPHcJZm.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\yFxLsvx.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\ZCgfOpz.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\EIsGWXg.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\NYkdvse.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\QrkgGtx.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\cQQDlxZ.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\ePIwMqs.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\YwiRMom.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\ssEXJmP.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\PtHryaI.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\vSWmuYj.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\DRpDBpY.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\zDFoSVt.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\cbHvnGF.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\xVvpyaL.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\KsCZDey.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\tHxksND.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\RQmftXY.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\ilpMTQQ.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\bQnVRvu.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\XGebpvv.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\nQEIcnv.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\cMKteMa.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\PpWhElF.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\pktqJgA.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\mBvVioE.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\FZCLbJK.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\aYQuUBl.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\CVXueqq.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\aBfzUmb.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\BICLjGr.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\QXCidsd.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\LqNDWbL.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\kwhPCKr.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\sSSguqZ.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\wXgtEKf.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\DHaAdms.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\nipTDhA.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\DDWGrsf.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\RHLpYOu.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\KffQvKO.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\oCFfJtZ.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\HMebPhA.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\wvSMUWK.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\clCXmnm.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\sllKSQa.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\RrJizHo.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\AimkUZv.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\TxxSxqK.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\HuUtRZl.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\wdjiDAk.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\jvjItwr.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\eXioejf.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\nAXjHTi.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\xHPuHaC.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\NUIbzPQ.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\yupYTLS.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
File created	C:\Windows\System\pztxkmf.exe	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14836	dwm.exe
Token: SeChangeNotifyPrivilege	14836	dwm.exe
Token: 33	14836	dwm.exe
Token: SeIncBasePriorityPrivilege	14836	dwm.exe
Token: SeShutdownPrivilege	14836	dwm.exe
Token: SeCreatePagefilePrivilege	14836	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 448	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	85
PID 1484 wrote to memory of 448	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	85
PID 1484 wrote to memory of 1092	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	86
PID 1484 wrote to memory of 1092	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	86
PID 1484 wrote to memory of 5048	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	87
PID 1484 wrote to memory of 5048	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	87
PID 1484 wrote to memory of 4740	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	88
PID 1484 wrote to memory of 4740	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	88
PID 1484 wrote to memory of 372	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	89
PID 1484 wrote to memory of 372	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	89
PID 1484 wrote to memory of 3832	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	90
PID 1484 wrote to memory of 3832	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	90
PID 1484 wrote to memory of 4256	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	91
PID 1484 wrote to memory of 4256	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	91
PID 1484 wrote to memory of 5200	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	92
PID 1484 wrote to memory of 5200	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	92
PID 1484 wrote to memory of 2840	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	93
PID 1484 wrote to memory of 2840	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	93
PID 1484 wrote to memory of 3124	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	94
PID 1484 wrote to memory of 3124	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	94
PID 1484 wrote to memory of 5240	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	95
PID 1484 wrote to memory of 5240	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	95
PID 1484 wrote to memory of 1540	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	96
PID 1484 wrote to memory of 1540	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	96
PID 1484 wrote to memory of 2092	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	97
PID 1484 wrote to memory of 2092	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	97
PID 1484 wrote to memory of 1236	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	98
PID 1484 wrote to memory of 1236	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	98
PID 1484 wrote to memory of 5684	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	99
PID 1484 wrote to memory of 5684	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	99
PID 1484 wrote to memory of 2864	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	100
PID 1484 wrote to memory of 2864	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	100
PID 1484 wrote to memory of 4592	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	101
PID 1484 wrote to memory of 4592	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	101
PID 1484 wrote to memory of 5112	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	102
PID 1484 wrote to memory of 5112	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	102
PID 1484 wrote to memory of 1168	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	103
PID 1484 wrote to memory of 1168	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	103
PID 1484 wrote to memory of 3224	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	104
PID 1484 wrote to memory of 3224	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	104
PID 1484 wrote to memory of 5332	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	105
PID 1484 wrote to memory of 5332	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	105
PID 1484 wrote to memory of 3592	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	106
PID 1484 wrote to memory of 3592	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	106
PID 1484 wrote to memory of 5440	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	107
PID 1484 wrote to memory of 5440	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	107
PID 1484 wrote to memory of 3884	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	108
PID 1484 wrote to memory of 3884	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	108
PID 1484 wrote to memory of 3208	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	109
PID 1484 wrote to memory of 3208	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	109
PID 1484 wrote to memory of 4172	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	110
PID 1484 wrote to memory of 4172	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	110
PID 1484 wrote to memory of 5276	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	111
PID 1484 wrote to memory of 5276	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	111
PID 1484 wrote to memory of 3600	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	112
PID 1484 wrote to memory of 3600	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	112
PID 1484 wrote to memory of 4604	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	113
PID 1484 wrote to memory of 4604	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	113
PID 1484 wrote to memory of 1892	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	114
PID 1484 wrote to memory of 1892	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	114
PID 1484 wrote to memory of 716	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	115
PID 1484 wrote to memory of 716	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	115
PID 1484 wrote to memory of 5824	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	116
PID 1484 wrote to memory of 5824	1484	eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\eff6695ef7ebf62f1e0726b04bc76fe0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\System\PPlVSle.exe
  C:\Windows\System\PPlVSle.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\QrkgGtx.exe
  C:\Windows\System\QrkgGtx.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\TrXZhuo.exe
  C:\Windows\System\TrXZhuo.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\DDWGrsf.exe
  C:\Windows\System\DDWGrsf.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\ktZxEsL.exe
  C:\Windows\System\ktZxEsL.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\AtctJFE.exe
  C:\Windows\System\AtctJFE.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\eSZirRW.exe
  C:\Windows\System\eSZirRW.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\wNKcyHf.exe
  C:\Windows\System\wNKcyHf.exe
  2⤵
  - Executes dropped EXE
  PID:5200
- C:\Windows\System\rgPGpRT.exe
  C:\Windows\System\rgPGpRT.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\XDUlHvU.exe
  C:\Windows\System\XDUlHvU.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\rWOkJSw.exe
  C:\Windows\System\rWOkJSw.exe
  2⤵
  - Executes dropped EXE
  PID:5240
- C:\Windows\System\CDgleJu.exe
  C:\Windows\System\CDgleJu.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\oenKsSb.exe
  C:\Windows\System\oenKsSb.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\PbGVYnO.exe
  C:\Windows\System\PbGVYnO.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\aewywnn.exe
  C:\Windows\System\aewywnn.exe
  2⤵
  - Executes dropped EXE
  PID:5684
- C:\Windows\System\JfoREIW.exe
  C:\Windows\System\JfoREIW.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\gTUyJgO.exe
  C:\Windows\System\gTUyJgO.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\xTqcuLR.exe
  C:\Windows\System\xTqcuLR.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\VPsbhAe.exe
  C:\Windows\System\VPsbhAe.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\dxIhrBa.exe
  C:\Windows\System\dxIhrBa.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\hjjWYAv.exe
  C:\Windows\System\hjjWYAv.exe
  2⤵
  - Executes dropped EXE
  PID:5332
- C:\Windows\System\hJhQVcw.exe
  C:\Windows\System\hJhQVcw.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\RNWRhRV.exe
  C:\Windows\System\RNWRhRV.exe
  2⤵
  - Executes dropped EXE
  PID:5440
- C:\Windows\System\OhBPhvo.exe
  C:\Windows\System\OhBPhvo.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\zcZcAyU.exe
  C:\Windows\System\zcZcAyU.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\bQnVRvu.exe
  C:\Windows\System\bQnVRvu.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\zrMbzNd.exe
  C:\Windows\System\zrMbzNd.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\gTblkCe.exe
  C:\Windows\System\gTblkCe.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\JLLGyXn.exe
  C:\Windows\System\JLLGyXn.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\IDsmZPD.exe
  C:\Windows\System\IDsmZPD.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\gGtWOOy.exe
  C:\Windows\System\gGtWOOy.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\CppBdti.exe
  C:\Windows\System\CppBdti.exe
  2⤵
  - Executes dropped EXE
  PID:5824
- C:\Windows\System\mFpZhar.exe
  C:\Windows\System\mFpZhar.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\LitNsVF.exe
  C:\Windows\System\LitNsVF.exe
  2⤵
  - Executes dropped EXE
  PID:5904
- C:\Windows\System\aZFleir.exe
  C:\Windows\System\aZFleir.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\LMaytHF.exe
  C:\Windows\System\LMaytHF.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\sllKSQa.exe
  C:\Windows\System\sllKSQa.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\NVJPFFN.exe
  C:\Windows\System\NVJPFFN.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\opUljwK.exe
  C:\Windows\System\opUljwK.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\usfmQbq.exe
  C:\Windows\System\usfmQbq.exe
  2⤵
  - Executes dropped EXE
  PID:5724
- C:\Windows\System\rnRNLrs.exe
  C:\Windows\System\rnRNLrs.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\UShZkQU.exe
  C:\Windows\System\UShZkQU.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\JaHnxRy.exe
  C:\Windows\System\JaHnxRy.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\gQZwDFb.exe
  C:\Windows\System\gQZwDFb.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\SndzwZM.exe
  C:\Windows\System\SndzwZM.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System\tBMXGgr.exe
  C:\Windows\System\tBMXGgr.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\HQPpVEK.exe
  C:\Windows\System\HQPpVEK.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\cFZDGbd.exe
  C:\Windows\System\cFZDGbd.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\iuOaWVC.exe
  C:\Windows\System\iuOaWVC.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\KBattsA.exe
  C:\Windows\System\KBattsA.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\OtScMqS.exe
  C:\Windows\System\OtScMqS.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\wdjiDAk.exe
  C:\Windows\System\wdjiDAk.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\KDBLWLh.exe
  C:\Windows\System\KDBLWLh.exe
  2⤵
  - Executes dropped EXE
  PID:5504
- C:\Windows\System\odTtyTQ.exe
  C:\Windows\System\odTtyTQ.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\tDfZvRA.exe
  C:\Windows\System\tDfZvRA.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\OXiVkcW.exe
  C:\Windows\System\OXiVkcW.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\MYnsKTf.exe
  C:\Windows\System\MYnsKTf.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\hOitFqI.exe
  C:\Windows\System\hOitFqI.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\xHPuHaC.exe
  C:\Windows\System\xHPuHaC.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\ChUwJGk.exe
  C:\Windows\System\ChUwJGk.exe
  2⤵
  - Executes dropped EXE
  PID:5536
- C:\Windows\System\YbTJDfT.exe
  C:\Windows\System\YbTJDfT.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System\ssEXJmP.exe
  C:\Windows\System\ssEXJmP.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\gRlskxw.exe
  C:\Windows\System\gRlskxw.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\ZvcIPPV.exe
  C:\Windows\System\ZvcIPPV.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\TONRJbj.exe
  C:\Windows\System\TONRJbj.exe
  2⤵
  PID:2696
- C:\Windows\System\STRHZtl.exe
  C:\Windows\System\STRHZtl.exe
  2⤵
  PID:5600
- C:\Windows\System\ouWePmr.exe
  C:\Windows\System\ouWePmr.exe
  2⤵
  PID:5688
- C:\Windows\System\ApjrwVi.exe
  C:\Windows\System\ApjrwVi.exe
  2⤵
  PID:5236
- C:\Windows\System\PyLuWKs.exe
  C:\Windows\System\PyLuWKs.exe
  2⤵
  PID:1864
- C:\Windows\System\YPWlVYE.exe
  C:\Windows\System\YPWlVYE.exe
  2⤵
  PID:2220
- C:\Windows\System\XqjGSdM.exe
  C:\Windows\System\XqjGSdM.exe
  2⤵
  PID:3464
- C:\Windows\System\OclrCkn.exe
  C:\Windows\System\OclrCkn.exe
  2⤵
  PID:212
- C:\Windows\System\utAuqVS.exe
  C:\Windows\System\utAuqVS.exe
  2⤵
  PID:5412
- C:\Windows\System\HQCbgWm.exe
  C:\Windows\System\HQCbgWm.exe
  2⤵
  PID:4472
- C:\Windows\System\CgqaYHc.exe
  C:\Windows\System\CgqaYHc.exe
  2⤵
  PID:6064
- C:\Windows\System\yFxLsvx.exe
  C:\Windows\System\yFxLsvx.exe
  2⤵
  PID:4296
- C:\Windows\System\EkxXXkt.exe
  C:\Windows\System\EkxXXkt.exe
  2⤵
  PID:3100
- C:\Windows\System\xnvfZxf.exe
  C:\Windows\System\xnvfZxf.exe
  2⤵
  PID:4972
- C:\Windows\System\cbHvnGF.exe
  C:\Windows\System\cbHvnGF.exe
  2⤵
  PID:4912
- C:\Windows\System\fGzfPTX.exe
  C:\Windows\System\fGzfPTX.exe
  2⤵
  PID:2248
- C:\Windows\System\XGebpvv.exe
  C:\Windows\System\XGebpvv.exe
  2⤵
  PID:1292
- C:\Windows\System\lrSZNvb.exe
  C:\Windows\System\lrSZNvb.exe
  2⤵
  PID:5388
- C:\Windows\System\xMUzlDd.exe
  C:\Windows\System\xMUzlDd.exe
  2⤵
  PID:5420
- C:\Windows\System\bRpBSfn.exe
  C:\Windows\System\bRpBSfn.exe
  2⤵
  PID:4376
- C:\Windows\System\JznHJWx.exe
  C:\Windows\System\JznHJWx.exe
  2⤵
  PID:3648
- C:\Windows\System\zWYNyzY.exe
  C:\Windows\System\zWYNyzY.exe
  2⤵
  PID:1824
- C:\Windows\System\dhFmeyj.exe
  C:\Windows\System\dhFmeyj.exe
  2⤵
  PID:5172
- C:\Windows\System\aEILdsK.exe
  C:\Windows\System\aEILdsK.exe
  2⤵
  PID:4544
- C:\Windows\System\yOEGLmo.exe
  C:\Windows\System\yOEGLmo.exe
  2⤵
  PID:432
- C:\Windows\System\mCCxvYX.exe
  C:\Windows\System\mCCxvYX.exe
  2⤵
  PID:4084
- C:\Windows\System\UyNrrsJ.exe
  C:\Windows\System\UyNrrsJ.exe
  2⤵
  PID:3980
- C:\Windows\System\XWuVwmG.exe
  C:\Windows\System\XWuVwmG.exe
  2⤵
  PID:4228
- C:\Windows\System\qZZkJSD.exe
  C:\Windows\System\qZZkJSD.exe
  2⤵
  PID:4112
- C:\Windows\System\inkDwnJ.exe
  C:\Windows\System\inkDwnJ.exe
  2⤵
  PID:5316
- C:\Windows\System\JiefGUz.exe
  C:\Windows\System\JiefGUz.exe
  2⤵
  PID:4816
- C:\Windows\System\YLGrrgs.exe
  C:\Windows\System\YLGrrgs.exe
  2⤵
  PID:1844
- C:\Windows\System\iByuIvy.exe
  C:\Windows\System\iByuIvy.exe
  2⤵
  PID:5288
- C:\Windows\System\CrzZtFy.exe
  C:\Windows\System\CrzZtFy.exe
  2⤵
  PID:5928
- C:\Windows\System\LyxzGuY.exe
  C:\Windows\System\LyxzGuY.exe
  2⤵
  PID:4460
- C:\Windows\System\koMPeJF.exe
  C:\Windows\System\koMPeJF.exe
  2⤵
  PID:5788
- C:\Windows\System\deWNMcu.exe
  C:\Windows\System\deWNMcu.exe
  2⤵
  PID:3752
- C:\Windows\System\NczrReO.exe
  C:\Windows\System\NczrReO.exe
  2⤵
  PID:1240
- C:\Windows\System\WcciAgP.exe
  C:\Windows\System\WcciAgP.exe
  2⤵
  PID:2164
- C:\Windows\System\VdYySbo.exe
  C:\Windows\System\VdYySbo.exe
  2⤵
  PID:2652
- C:\Windows\System\ALgTDWe.exe
  C:\Windows\System\ALgTDWe.exe
  2⤵
  PID:2276
- C:\Windows\System\fCrKIAT.exe
  C:\Windows\System\fCrKIAT.exe
  2⤵
  PID:5948
- C:\Windows\System\jAzMonz.exe
  C:\Windows\System\jAzMonz.exe
  2⤵
  PID:3872
- C:\Windows\System\xlBAEwF.exe
  C:\Windows\System\xlBAEwF.exe
  2⤵
  PID:3244
- C:\Windows\System\nQEIcnv.exe
  C:\Windows\System\nQEIcnv.exe
  2⤵
  PID:2988
- C:\Windows\System\MYrHhrn.exe
  C:\Windows\System\MYrHhrn.exe
  2⤵
  PID:876
- C:\Windows\System\VeaqYdR.exe
  C:\Windows\System\VeaqYdR.exe
  2⤵
  PID:1624
- C:\Windows\System\kMLUlUO.exe
  C:\Windows\System\kMLUlUO.exe
  2⤵
  PID:5408
- C:\Windows\System\EWMrbuk.exe
  C:\Windows\System\EWMrbuk.exe
  2⤵
  PID:5796
- C:\Windows\System\irXSCss.exe
  C:\Windows\System\irXSCss.exe
  2⤵
  PID:3212
- C:\Windows\System\XlkNeRb.exe
  C:\Windows\System\XlkNeRb.exe
  2⤵
  PID:5748
- C:\Windows\System\OekyIsJ.exe
  C:\Windows\System\OekyIsJ.exe
  2⤵
  PID:4480
- C:\Windows\System\gTRbTnS.exe
  C:\Windows\System\gTRbTnS.exe
  2⤵
  PID:1472
- C:\Windows\System\qIeWAMV.exe
  C:\Windows\System\qIeWAMV.exe
  2⤵
  PID:3756
- C:\Windows\System\YXMcCSS.exe
  C:\Windows\System\YXMcCSS.exe
  2⤵
  PID:5360
- C:\Windows\System\eQiylRD.exe
  C:\Windows\System\eQiylRD.exe
  2⤵
  PID:5744
- C:\Windows\System\JZcXQoS.exe
  C:\Windows\System\JZcXQoS.exe
  2⤵
  PID:5428
- C:\Windows\System\KkwJGUS.exe
  C:\Windows\System\KkwJGUS.exe
  2⤵
  PID:5244
- C:\Windows\System\xCLevyC.exe
  C:\Windows\System\xCLevyC.exe
  2⤵
  PID:1080
- C:\Windows\System\fTZigmL.exe
  C:\Windows\System\fTZigmL.exe
  2⤵
  PID:464
- C:\Windows\System\SIKAXyp.exe
  C:\Windows\System\SIKAXyp.exe
  2⤵
  PID:5664
- C:\Windows\System\EDuxjyv.exe
  C:\Windows\System\EDuxjyv.exe
  2⤵
  PID:376
- C:\Windows\System\AiiWhqO.exe
  C:\Windows\System\AiiWhqO.exe
  2⤵
  PID:1172
- C:\Windows\System\OFdBRMX.exe
  C:\Windows\System\OFdBRMX.exe
  2⤵
  PID:3176
- C:\Windows\System\mDqegif.exe
  C:\Windows\System\mDqegif.exe
  2⤵
  PID:5648
- C:\Windows\System\JnQrvQd.exe
  C:\Windows\System\JnQrvQd.exe
  2⤵
  PID:5592
- C:\Windows\System\XpXIQVy.exe
  C:\Windows\System\XpXIQVy.exe
  2⤵
  PID:6068
- C:\Windows\System\dxFbdRn.exe
  C:\Windows\System\dxFbdRn.exe
  2⤵
  PID:2460
- C:\Windows\System\zIbYUcs.exe
  C:\Windows\System\zIbYUcs.exe
  2⤵
  PID:5800
- C:\Windows\System\rHkBpXi.exe
  C:\Windows\System\rHkBpXi.exe
  2⤵
  PID:5372
- C:\Windows\System\fgotptg.exe
  C:\Windows\System\fgotptg.exe
  2⤵
  PID:2172
- C:\Windows\System\ePrzqAY.exe
  C:\Windows\System\ePrzqAY.exe
  2⤵
  PID:4580
- C:\Windows\System\INBRosb.exe
  C:\Windows\System\INBRosb.exe
  2⤵
  PID:5612
- C:\Windows\System\wtrXszx.exe
  C:\Windows\System\wtrXszx.exe
  2⤵
  PID:5792
- C:\Windows\System\OStZunx.exe
  C:\Windows\System\OStZunx.exe
  2⤵
  PID:4676
- C:\Windows\System\xKbgAPP.exe
  C:\Windows\System\xKbgAPP.exe
  2⤵
  PID:5488
- C:\Windows\System\SWVdEdb.exe
  C:\Windows\System\SWVdEdb.exe
  2⤵
  PID:5456
- C:\Windows\System\KZxQPUm.exe
  C:\Windows\System\KZxQPUm.exe
  2⤵
  PID:660
- C:\Windows\System\hmzHXJh.exe
  C:\Windows\System\hmzHXJh.exe
  2⤵
  PID:5560
- C:\Windows\System\jmjiWCb.exe
  C:\Windows\System\jmjiWCb.exe
  2⤵
  PID:3128
- C:\Windows\System\dnUUyyy.exe
  C:\Windows\System\dnUUyyy.exe
  2⤵
  PID:4180
- C:\Windows\System\RrJizHo.exe
  C:\Windows\System\RrJizHo.exe
  2⤵
  PID:864
- C:\Windows\System\bWLJjhU.exe
  C:\Windows\System\bWLJjhU.exe
  2⤵
  PID:1780
- C:\Windows\System\ITplLSJ.exe
  C:\Windows\System\ITplLSJ.exe
  2⤵
  PID:5576
- C:\Windows\System\VwCJxXC.exe
  C:\Windows\System\VwCJxXC.exe
  2⤵
  PID:4644
- C:\Windows\System\pebpcCi.exe
  C:\Windows\System\pebpcCi.exe
  2⤵
  PID:428
- C:\Windows\System\NUIbzPQ.exe
  C:\Windows\System\NUIbzPQ.exe
  2⤵
  PID:5232
- C:\Windows\System\KYOhglR.exe
  C:\Windows\System\KYOhglR.exe
  2⤵
  PID:2032
- C:\Windows\System\YePrsDl.exe
  C:\Windows\System\YePrsDl.exe
  2⤵
  PID:3480
- C:\Windows\System\mIronfZ.exe
  C:\Windows\System\mIronfZ.exe
  2⤵
  PID:2436
- C:\Windows\System\rtsdeFl.exe
  C:\Windows\System\rtsdeFl.exe
  2⤵
  PID:5760
- C:\Windows\System\KodwWSY.exe
  C:\Windows\System\KodwWSY.exe
  2⤵
  PID:6188
- C:\Windows\System\EkQTeXn.exe
  C:\Windows\System\EkQTeXn.exe
  2⤵
  PID:6220
- C:\Windows\System\PZryxTI.exe
  C:\Windows\System\PZryxTI.exe
  2⤵
  PID:6248
- C:\Windows\System\ZBGsATr.exe
  C:\Windows\System\ZBGsATr.exe
  2⤵
  PID:6272
- C:\Windows\System\IKBiYiW.exe
  C:\Windows\System\IKBiYiW.exe
  2⤵
  PID:6288
- C:\Windows\System\YwmyREX.exe
  C:\Windows\System\YwmyREX.exe
  2⤵
  PID:6308
- C:\Windows\System\xmXSBLc.exe
  C:\Windows\System\xmXSBLc.exe
  2⤵
  PID:6340
- C:\Windows\System\aYQuUBl.exe
  C:\Windows\System\aYQuUBl.exe
  2⤵
  PID:6376
- C:\Windows\System\AimkUZv.exe
  C:\Windows\System\AimkUZv.exe
  2⤵
  PID:6416
- C:\Windows\System\kwhPCKr.exe
  C:\Windows\System\kwhPCKr.exe
  2⤵
  PID:6448
- C:\Windows\System\LGFTqLt.exe
  C:\Windows\System\LGFTqLt.exe
  2⤵
  PID:6484
- C:\Windows\System\IyzDaUL.exe
  C:\Windows\System\IyzDaUL.exe
  2⤵
  PID:6512
- C:\Windows\System\JaXiPCX.exe
  C:\Windows\System\JaXiPCX.exe
  2⤵
  PID:6536
- C:\Windows\System\MTvIDSb.exe
  C:\Windows\System\MTvIDSb.exe
  2⤵
  PID:6568
- C:\Windows\System\PcelUzd.exe
  C:\Windows\System\PcelUzd.exe
  2⤵
  PID:6596
- C:\Windows\System\hCwGyVM.exe
  C:\Windows\System\hCwGyVM.exe
  2⤵
  PID:6624
- C:\Windows\System\aRsjubW.exe
  C:\Windows\System\aRsjubW.exe
  2⤵
  PID:6652
- C:\Windows\System\BBVHUXT.exe
  C:\Windows\System\BBVHUXT.exe
  2⤵
  PID:6680
- C:\Windows\System\PtHryaI.exe
  C:\Windows\System\PtHryaI.exe
  2⤵
  PID:6708
- C:\Windows\System\pqtGkSt.exe
  C:\Windows\System\pqtGkSt.exe
  2⤵
  PID:6728
- C:\Windows\System\qIHZGcz.exe
  C:\Windows\System\qIHZGcz.exe
  2⤵
  PID:6760
- C:\Windows\System\lAGYwPF.exe
  C:\Windows\System\lAGYwPF.exe
  2⤵
  PID:6800
- C:\Windows\System\TxzpFjc.exe
  C:\Windows\System\TxzpFjc.exe
  2⤵
  PID:6832
- C:\Windows\System\JhTMOCk.exe
  C:\Windows\System\JhTMOCk.exe
  2⤵
  PID:6860
- C:\Windows\System\CeFpNyx.exe
  C:\Windows\System\CeFpNyx.exe
  2⤵
  PID:6892
- C:\Windows\System\fkntbBE.exe
  C:\Windows\System\fkntbBE.exe
  2⤵
  PID:6916
- C:\Windows\System\INdufav.exe
  C:\Windows\System\INdufav.exe
  2⤵
  PID:6952
- C:\Windows\System\FNpbGIW.exe
  C:\Windows\System\FNpbGIW.exe
  2⤵
  PID:6980
- C:\Windows\System\bOEUKQE.exe
  C:\Windows\System\bOEUKQE.exe
  2⤵
  PID:7008
- C:\Windows\System\MhxCnBT.exe
  C:\Windows\System\MhxCnBT.exe
  2⤵
  PID:7036
- C:\Windows\System\FCciGFD.exe
  C:\Windows\System\FCciGFD.exe
  2⤵
  PID:7068
- C:\Windows\System\WNlOhxq.exe
  C:\Windows\System\WNlOhxq.exe
  2⤵
  PID:7096
- C:\Windows\System\zMeLpzt.exe
  C:\Windows\System\zMeLpzt.exe
  2⤵
  PID:7124
- C:\Windows\System\xVvpyaL.exe
  C:\Windows\System\xVvpyaL.exe
  2⤵
  PID:7152
- C:\Windows\System\CVXueqq.exe
  C:\Windows\System\CVXueqq.exe
  2⤵
  PID:2296
- C:\Windows\System\cOuXLEO.exe
  C:\Windows\System\cOuXLEO.exe
  2⤵
  PID:6204
- C:\Windows\System\AkrHyXV.exe
  C:\Windows\System\AkrHyXV.exe
  2⤵
  PID:6280
- C:\Windows\System\YjjRpWB.exe
  C:\Windows\System\YjjRpWB.exe
  2⤵
  PID:6328
- C:\Windows\System\uQBlVxI.exe
  C:\Windows\System\uQBlVxI.exe
  2⤵
  PID:6400
- C:\Windows\System\WGbAAjl.exe
  C:\Windows\System\WGbAAjl.exe
  2⤵
  PID:6480
- C:\Windows\System\spOcwfS.exe
  C:\Windows\System\spOcwfS.exe
  2⤵
  PID:6556
- C:\Windows\System\tmFQFcx.exe
  C:\Windows\System\tmFQFcx.exe
  2⤵
  PID:6644
- C:\Windows\System\hqKgfub.exe
  C:\Windows\System\hqKgfub.exe
  2⤵
  PID:6692
- C:\Windows\System\yKdbyWm.exe
  C:\Windows\System\yKdbyWm.exe
  2⤵
  PID:6788
- C:\Windows\System\CfDcAGJ.exe
  C:\Windows\System\CfDcAGJ.exe
  2⤵
  PID:6844
- C:\Windows\System\OMKAgZS.exe
  C:\Windows\System\OMKAgZS.exe
  2⤵
  PID:6912
- C:\Windows\System\zuZEHsH.exe
  C:\Windows\System\zuZEHsH.exe
  2⤵
  PID:6900
- C:\Windows\System\QUFWHpK.exe
  C:\Windows\System\QUFWHpK.exe
  2⤵
  PID:6736
- C:\Windows\System\fhAdUyT.exe
  C:\Windows\System\fhAdUyT.exe
  2⤵
  PID:7108
- C:\Windows\System\EOnxJFh.exe
  C:\Windows\System\EOnxJFh.exe
  2⤵
  PID:2312
- C:\Windows\System\LCuueYL.exe
  C:\Windows\System\LCuueYL.exe
  2⤵
  PID:6256
- C:\Windows\System\lvmzYAm.exe
  C:\Windows\System\lvmzYAm.exe
  2⤵
  PID:6444
- C:\Windows\System\LOuWvyA.exe
  C:\Windows\System\LOuWvyA.exe
  2⤵
  PID:6616
- C:\Windows\System\GKWxdGn.exe
  C:\Windows\System\GKWxdGn.exe
  2⤵
  PID:6716
- C:\Windows\System\HwCSEsu.exe
  C:\Windows\System\HwCSEsu.exe
  2⤵
  PID:6908
- C:\Windows\System\dVolNpn.exe
  C:\Windows\System\dVolNpn.exe
  2⤵
  PID:7004
- C:\Windows\System\oAiUpup.exe
  C:\Windows\System\oAiUpup.exe
  2⤵
  PID:6152
- C:\Windows\System\PlnuBLU.exe
  C:\Windows\System\PlnuBLU.exe
  2⤵
  PID:6664
- C:\Windows\System\utWtvyi.exe
  C:\Windows\System\utWtvyi.exe
  2⤵
  PID:6964
- C:\Windows\System\wSnQaBj.exe
  C:\Windows\System\wSnQaBj.exe
  2⤵
  PID:6552
- C:\Windows\System\cAhArcw.exe
  C:\Windows\System\cAhArcw.exe
  2⤵
  PID:6368
- C:\Windows\System\ldOQiVd.exe
  C:\Windows\System\ldOQiVd.exe
  2⤵
  PID:7172
- C:\Windows\System\fTnrjFG.exe
  C:\Windows\System\fTnrjFG.exe
  2⤵
  PID:7208
- C:\Windows\System\GJtJsip.exe
  C:\Windows\System\GJtJsip.exe
  2⤵
  PID:7240
- C:\Windows\System\wIlXdnV.exe
  C:\Windows\System\wIlXdnV.exe
  2⤵
  PID:7256
- C:\Windows\System\wvqZDPn.exe
  C:\Windows\System\wvqZDPn.exe
  2⤵
  PID:7292
- C:\Windows\System\bDCSaDp.exe
  C:\Windows\System\bDCSaDp.exe
  2⤵
  PID:7324
- C:\Windows\System\ICvtCDQ.exe
  C:\Windows\System\ICvtCDQ.exe
  2⤵
  PID:7340
- C:\Windows\System\oRDHpeI.exe
  C:\Windows\System\oRDHpeI.exe
  2⤵
  PID:7380
- C:\Windows\System\iBfBiaR.exe
  C:\Windows\System\iBfBiaR.exe
  2⤵
  PID:7408
- C:\Windows\System\yJFlknW.exe
  C:\Windows\System\yJFlknW.exe
  2⤵
  PID:7436
- C:\Windows\System\CbQPWmK.exe
  C:\Windows\System\CbQPWmK.exe
  2⤵
  PID:7452
- C:\Windows\System\bCvEoUz.exe
  C:\Windows\System\bCvEoUz.exe
  2⤵
  PID:7492
- C:\Windows\System\MiCtWUX.exe
  C:\Windows\System\MiCtWUX.exe
  2⤵
  PID:7520
- C:\Windows\System\hGTGFVn.exe
  C:\Windows\System\hGTGFVn.exe
  2⤵
  PID:7548
- C:\Windows\System\JPiPtdI.exe
  C:\Windows\System\JPiPtdI.exe
  2⤵
  PID:7596
- C:\Windows\System\aAAZbMe.exe
  C:\Windows\System\aAAZbMe.exe
  2⤵
  PID:7628
- C:\Windows\System\zMWtNXt.exe
  C:\Windows\System\zMWtNXt.exe
  2⤵
  PID:7660
- C:\Windows\System\gNwFeRw.exe
  C:\Windows\System\gNwFeRw.exe
  2⤵
  PID:7684
- C:\Windows\System\VZoirsF.exe
  C:\Windows\System\VZoirsF.exe
  2⤵
  PID:7912
- C:\Windows\System\BYEmxst.exe
  C:\Windows\System\BYEmxst.exe
  2⤵
  PID:7928
- C:\Windows\System\UaokGKL.exe
  C:\Windows\System\UaokGKL.exe
  2⤵
  PID:7944
- C:\Windows\System\BpCmkaU.exe
  C:\Windows\System\BpCmkaU.exe
  2⤵
  PID:7968
- C:\Windows\System\ZRRZWow.exe
  C:\Windows\System\ZRRZWow.exe
  2⤵
  PID:8012
- C:\Windows\System\RYNpUiw.exe
  C:\Windows\System\RYNpUiw.exe
  2⤵
  PID:8040
- C:\Windows\System\ixIUrVf.exe
  C:\Windows\System\ixIUrVf.exe
  2⤵
  PID:8080
- C:\Windows\System\NFJFwog.exe
  C:\Windows\System\NFJFwog.exe
  2⤵
  PID:8108
- C:\Windows\System\sSSguqZ.exe
  C:\Windows\System\sSSguqZ.exe
  2⤵
  PID:8136
- C:\Windows\System\qsiIDUK.exe
  C:\Windows\System\qsiIDUK.exe
  2⤵
  PID:8164
- C:\Windows\System\cuqUjmu.exe
  C:\Windows\System\cuqUjmu.exe
  2⤵
  PID:7184
- C:\Windows\System\MWdaaok.exe
  C:\Windows\System\MWdaaok.exe
  2⤵
  PID:7252
- C:\Windows\System\SmnpACL.exe
  C:\Windows\System\SmnpACL.exe
  2⤵
  PID:7320
- C:\Windows\System\hURsWKk.exe
  C:\Windows\System\hURsWKk.exe
  2⤵
  PID:7400
- C:\Windows\System\TzGVLzF.exe
  C:\Windows\System\TzGVLzF.exe
  2⤵
  PID:7476
- C:\Windows\System\cFbEyUZ.exe
  C:\Windows\System\cFbEyUZ.exe
  2⤵
  PID:7540
- C:\Windows\System\wZtwfnO.exe
  C:\Windows\System\wZtwfnO.exe
  2⤵
  PID:7620
- C:\Windows\System\XzEnyoc.exe
  C:\Windows\System\XzEnyoc.exe
  2⤵
  PID:7676
- C:\Windows\System\lnqLxmF.exe
  C:\Windows\System\lnqLxmF.exe
  2⤵
  PID:7716
- C:\Windows\System\ceEMSra.exe
  C:\Windows\System\ceEMSra.exe
  2⤵
  PID:7732
- C:\Windows\System\atXvdOg.exe
  C:\Windows\System\atXvdOg.exe
  2⤵
  PID:7764
- C:\Windows\System\AwUXmgf.exe
  C:\Windows\System\AwUXmgf.exe
  2⤵
  PID:7788
- C:\Windows\System\qVgtDyl.exe
  C:\Windows\System\qVgtDyl.exe
  2⤵
  PID:7828
- C:\Windows\System\LtAdldU.exe
  C:\Windows\System\LtAdldU.exe
  2⤵
  PID:7876
- C:\Windows\System\vvoaTIE.exe
  C:\Windows\System\vvoaTIE.exe
  2⤵
  PID:7896
- C:\Windows\System\LqQsYlH.exe
  C:\Windows\System\LqQsYlH.exe
  2⤵
  PID:7704
- C:\Windows\System\TxxSxqK.exe
  C:\Windows\System\TxxSxqK.exe
  2⤵
  PID:8004
- C:\Windows\System\mgUvifR.exe
  C:\Windows\System\mgUvifR.exe
  2⤵
  PID:8076
- C:\Windows\System\gVyOvrX.exe
  C:\Windows\System\gVyOvrX.exe
  2⤵
  PID:8132
- C:\Windows\System\UXpcira.exe
  C:\Windows\System\UXpcira.exe
  2⤵
  PID:7224
- C:\Windows\System\aBfzUmb.exe
  C:\Windows\System\aBfzUmb.exe
  2⤵
  PID:7352
- C:\Windows\System\bxisJDW.exe
  C:\Windows\System\bxisJDW.exe
  2⤵
  PID:7516
- C:\Windows\System\qUclQKA.exe
  C:\Windows\System\qUclQKA.exe
  2⤵
  PID:7612
- C:\Windows\System\cnKZOXB.exe
  C:\Windows\System\cnKZOXB.exe
  2⤵
  PID:6888
- C:\Windows\System\UCcXCLz.exe
  C:\Windows\System\UCcXCLz.exe
  2⤵
  PID:7756
- C:\Windows\System\OhLXDoO.exe
  C:\Windows\System\OhLXDoO.exe
  2⤵
  PID:7868
- C:\Windows\System\lseCeAK.exe
  C:\Windows\System\lseCeAK.exe
  2⤵
  PID:7984
- C:\Windows\System\RHLpYOu.exe
  C:\Windows\System\RHLpYOu.exe
  2⤵
  PID:7316
- C:\Windows\System\eskxMmv.exe
  C:\Windows\System\eskxMmv.exe
  2⤵
  PID:3888
- C:\Windows\System\ZiJrFZw.exe
  C:\Windows\System\ZiJrFZw.exe
  2⤵
  PID:7780
- C:\Windows\System\NszOiti.exe
  C:\Windows\System\NszOiti.exe
  2⤵
  PID:7964
- C:\Windows\System\cMHjEGM.exe
  C:\Windows\System\cMHjEGM.exe
  2⤵
  PID:7696
- C:\Windows\System\qjOrkhO.exe
  C:\Windows\System\qjOrkhO.exe
  2⤵
  PID:7588
- C:\Windows\System\GPtNgfY.exe
  C:\Windows\System\GPtNgfY.exe
  2⤵
  PID:8204
- C:\Windows\System\OGDEKXE.exe
  C:\Windows\System\OGDEKXE.exe
  2⤵
  PID:8224
- C:\Windows\System\fYnkghC.exe
  C:\Windows\System\fYnkghC.exe
  2⤵
  PID:8264
- C:\Windows\System\JfVJAzb.exe
  C:\Windows\System\JfVJAzb.exe
  2⤵
  PID:8300
- C:\Windows\System\VKUlWWs.exe
  C:\Windows\System\VKUlWWs.exe
  2⤵
  PID:8320
- C:\Windows\System\LaQChYp.exe
  C:\Windows\System\LaQChYp.exe
  2⤵
  PID:8348
- C:\Windows\System\dawhlFH.exe
  C:\Windows\System\dawhlFH.exe
  2⤵
  PID:8380
- C:\Windows\System\BICLjGr.exe
  C:\Windows\System\BICLjGr.exe
  2⤵
  PID:8396
- C:\Windows\System\GTKYJJZ.exe
  C:\Windows\System\GTKYJJZ.exe
  2⤵
  PID:8412
- C:\Windows\System\mmTxdbT.exe
  C:\Windows\System\mmTxdbT.exe
  2⤵
  PID:8428
- C:\Windows\System\GFCSMpW.exe
  C:\Windows\System\GFCSMpW.exe
  2⤵
  PID:8448
- C:\Windows\System\LtEpxpy.exe
  C:\Windows\System\LtEpxpy.exe
  2⤵
  PID:8480
- C:\Windows\System\QRSdiOk.exe
  C:\Windows\System\QRSdiOk.exe
  2⤵
  PID:8524
- C:\Windows\System\fKPFfuP.exe
  C:\Windows\System\fKPFfuP.exe
  2⤵
  PID:8556
- C:\Windows\System\ZtpTkhx.exe
  C:\Windows\System\ZtpTkhx.exe
  2⤵
  PID:8592
- C:\Windows\System\qpSWmjM.exe
  C:\Windows\System\qpSWmjM.exe
  2⤵
  PID:8628
- C:\Windows\System\mRaoQYy.exe
  C:\Windows\System\mRaoQYy.exe
  2⤵
  PID:8648
- C:\Windows\System\cSuXdTf.exe
  C:\Windows\System\cSuXdTf.exe
  2⤵
  PID:8664
- C:\Windows\System\oDPhSIR.exe
  C:\Windows\System\oDPhSIR.exe
  2⤵
  PID:8692
- C:\Windows\System\VxxxgdZ.exe
  C:\Windows\System\VxxxgdZ.exe
  2⤵
  PID:8728
- C:\Windows\System\TIkDgxK.exe
  C:\Windows\System\TIkDgxK.exe
  2⤵
  PID:8760
- C:\Windows\System\KAlsLDe.exe
  C:\Windows\System\KAlsLDe.exe
  2⤵
  PID:8796
- C:\Windows\System\IdjAWEe.exe
  C:\Windows\System\IdjAWEe.exe
  2⤵
  PID:8828
- C:\Windows\System\ARymcsf.exe
  C:\Windows\System\ARymcsf.exe
  2⤵
  PID:8856
- C:\Windows\System\KsCZDey.exe
  C:\Windows\System\KsCZDey.exe
  2⤵
  PID:8884
- C:\Windows\System\YLpFtux.exe
  C:\Windows\System\YLpFtux.exe
  2⤵
  PID:8916
- C:\Windows\System\pSlicjJ.exe
  C:\Windows\System\pSlicjJ.exe
  2⤵
  PID:8944
- C:\Windows\System\WkaJXYj.exe
  C:\Windows\System\WkaJXYj.exe
  2⤵
  PID:8964
- C:\Windows\System\ggVjWwc.exe
  C:\Windows\System\ggVjWwc.exe
  2⤵
  PID:9000
- C:\Windows\System\EbSSAJW.exe
  C:\Windows\System\EbSSAJW.exe
  2⤵
  PID:9036
- C:\Windows\System\RJufPKe.exe
  C:\Windows\System\RJufPKe.exe
  2⤵
  PID:9056
- C:\Windows\System\tcYBpZI.exe
  C:\Windows\System\tcYBpZI.exe
  2⤵
  PID:9072
- C:\Windows\System\QEsufXf.exe
  C:\Windows\System\QEsufXf.exe
  2⤵
  PID:9092
- C:\Windows\System\ZCgfOpz.exe
  C:\Windows\System\ZCgfOpz.exe
  2⤵
  PID:9128
- C:\Windows\System\ljfZJLt.exe
  C:\Windows\System\ljfZJLt.exe
  2⤵
  PID:9168
- C:\Windows\System\RcbTtxW.exe
  C:\Windows\System\RcbTtxW.exe
  2⤵
  PID:9204
- C:\Windows\System\BZjBseT.exe
  C:\Windows\System\BZjBseT.exe
  2⤵
  PID:8244
- C:\Windows\System\LOLMcbz.exe
  C:\Windows\System\LOLMcbz.exe
  2⤵
  PID:8308
- C:\Windows\System\lBOcZaG.exe
  C:\Windows\System\lBOcZaG.exe
  2⤵
  PID:8372
- C:\Windows\System\vSWmuYj.exe
  C:\Windows\System\vSWmuYj.exe
  2⤵
  PID:8424
- C:\Windows\System\ZZSsTZZ.exe
  C:\Windows\System\ZZSsTZZ.exe
  2⤵
  PID:8536
- C:\Windows\System\MakjBkx.exe
  C:\Windows\System\MakjBkx.exe
  2⤵
  PID:8616
- C:\Windows\System\IkWQhRt.exe
  C:\Windows\System\IkWQhRt.exe
  2⤵
  PID:8644
- C:\Windows\System\yupYTLS.exe
  C:\Windows\System\yupYTLS.exe
  2⤵
  PID:8752
- C:\Windows\System\JneahXU.exe
  C:\Windows\System\JneahXU.exe
  2⤵
  PID:8840
- C:\Windows\System\ccspaXT.exe
  C:\Windows\System\ccspaXT.exe
  2⤵
  PID:8912
- C:\Windows\System\gvirBkm.exe
  C:\Windows\System\gvirBkm.exe
  2⤵
  PID:8984
- C:\Windows\System\XkQFYzj.exe
  C:\Windows\System\XkQFYzj.exe
  2⤵
  PID:9064
- C:\Windows\System\fxvxHcu.exe
  C:\Windows\System\fxvxHcu.exe
  2⤵
  PID:9120
- C:\Windows\System\GUsUCph.exe
  C:\Windows\System\GUsUCph.exe
  2⤵
  PID:9212
- C:\Windows\System\bkxdKjn.exe
  C:\Windows\System\bkxdKjn.exe
  2⤵
  PID:8344
- C:\Windows\System\ukMdKID.exe
  C:\Windows\System\ukMdKID.exe
  2⤵
  PID:8472
- C:\Windows\System\YclALkt.exe
  C:\Windows\System\YclALkt.exe
  2⤵
  PID:8640
- C:\Windows\System\uwwNzeR.exe
  C:\Windows\System\uwwNzeR.exe
  2⤵
  PID:8784
- C:\Windows\System\wYQqBsd.exe
  C:\Windows\System\wYQqBsd.exe
  2⤵
  PID:8936
- C:\Windows\System\QXCidsd.exe
  C:\Windows\System\QXCidsd.exe
  2⤵
  PID:9116
- C:\Windows\System\tHxksND.exe
  C:\Windows\System\tHxksND.exe
  2⤵
  PID:8636
- C:\Windows\System\HvWZtFA.exe
  C:\Windows\System\HvWZtFA.exe
  2⤵
  PID:8880
- C:\Windows\System\rwTFUsP.exe
  C:\Windows\System\rwTFUsP.exe
  2⤵
  PID:8436
- C:\Windows\System\xlalUvc.exe
  C:\Windows\System\xlalUvc.exe
  2⤵
  PID:8260
- C:\Windows\System\RcNugcy.exe
  C:\Windows\System\RcNugcy.exe
  2⤵
  PID:9232
- C:\Windows\System\ynxRTel.exe
  C:\Windows\System\ynxRTel.exe
  2⤵
  PID:9272
- C:\Windows\System\OuMlQnZ.exe
  C:\Windows\System\OuMlQnZ.exe
  2⤵
  PID:9300
- C:\Windows\System\eJLrCis.exe
  C:\Windows\System\eJLrCis.exe
  2⤵
  PID:9336
- C:\Windows\System\pvpAJQQ.exe
  C:\Windows\System\pvpAJQQ.exe
  2⤵
  PID:9356
- C:\Windows\System\XVWQvOj.exe
  C:\Windows\System\XVWQvOj.exe
  2⤵
  PID:9384
- C:\Windows\System\TVfPMlh.exe
  C:\Windows\System\TVfPMlh.exe
  2⤵
  PID:9412
- C:\Windows\System\pztxkmf.exe
  C:\Windows\System\pztxkmf.exe
  2⤵
  PID:9428
- C:\Windows\System\QSXMsBO.exe
  C:\Windows\System\QSXMsBO.exe
  2⤵
  PID:9460
- C:\Windows\System\lPxQCuO.exe
  C:\Windows\System\lPxQCuO.exe
  2⤵
  PID:9484
- C:\Windows\System\tLEPqrk.exe
  C:\Windows\System\tLEPqrk.exe
  2⤵
  PID:9512
- C:\Windows\System\XdwsWUf.exe
  C:\Windows\System\XdwsWUf.exe
  2⤵
  PID:9552
- C:\Windows\System\gtpLlfm.exe
  C:\Windows\System\gtpLlfm.exe
  2⤵
  PID:9580
- C:\Windows\System\gpkZCYh.exe
  C:\Windows\System\gpkZCYh.exe
  2⤵
  PID:9608
- C:\Windows\System\VmUyjTA.exe
  C:\Windows\System\VmUyjTA.exe
  2⤵
  PID:9636
- C:\Windows\System\XHSPVkN.exe
  C:\Windows\System\XHSPVkN.exe
  2⤵
  PID:9664
- C:\Windows\System\vBoYDIu.exe
  C:\Windows\System\vBoYDIu.exe
  2⤵
  PID:9692
- C:\Windows\System\hmABrcM.exe
  C:\Windows\System\hmABrcM.exe
  2⤵
  PID:9720
- C:\Windows\System\aDjXKCF.exe
  C:\Windows\System\aDjXKCF.exe
  2⤵
  PID:9752
- C:\Windows\System\gtvYYOJ.exe
  C:\Windows\System\gtvYYOJ.exe
  2⤵
  PID:9776
- C:\Windows\System\CXUORXA.exe
  C:\Windows\System\CXUORXA.exe
  2⤵
  PID:9792
- C:\Windows\System\XvRnDxF.exe
  C:\Windows\System\XvRnDxF.exe
  2⤵
  PID:9808
- C:\Windows\System\QvYzsHQ.exe
  C:\Windows\System\QvYzsHQ.exe
  2⤵
  PID:9828
- C:\Windows\System\iAlmIPI.exe
  C:\Windows\System\iAlmIPI.exe
  2⤵
  PID:9876
- C:\Windows\System\OjKbhwx.exe
  C:\Windows\System\OjKbhwx.exe
  2⤵
  PID:9904
- C:\Windows\System\otpnKgk.exe
  C:\Windows\System\otpnKgk.exe
  2⤵
  PID:9944
- C:\Windows\System\uBfCXGK.exe
  C:\Windows\System\uBfCXGK.exe
  2⤵
  PID:9972
- C:\Windows\System\pktqJgA.exe
  C:\Windows\System\pktqJgA.exe
  2⤵
  PID:10004
- C:\Windows\System\OVhPXPH.exe
  C:\Windows\System\OVhPXPH.exe
  2⤵
  PID:10024
- C:\Windows\System\ifxMEBo.exe
  C:\Windows\System\ifxMEBo.exe
  2⤵
  PID:10060
- C:\Windows\System\DrkVXCT.exe
  C:\Windows\System\DrkVXCT.exe
  2⤵
  PID:10088
- C:\Windows\System\gSEsYze.exe
  C:\Windows\System\gSEsYze.exe
  2⤵
  PID:10104
- C:\Windows\System\sxjzLmg.exe
  C:\Windows\System\sxjzLmg.exe
  2⤵
  PID:10132
- C:\Windows\System\SdoVqiD.exe
  C:\Windows\System\SdoVqiD.exe
  2⤵
  PID:10172
- C:\Windows\System\bwABQGI.exe
  C:\Windows\System\bwABQGI.exe
  2⤵
  PID:10204
- C:\Windows\System\sXozSvq.exe
  C:\Windows\System\sXozSvq.exe
  2⤵
  PID:10224
- C:\Windows\System\CqPhVGN.exe
  C:\Windows\System\CqPhVGN.exe
  2⤵
  PID:8744
- C:\Windows\System\cMKteMa.exe
  C:\Windows\System\cMKteMa.exe
  2⤵
  PID:9264
- C:\Windows\System\OzAEfbK.exe
  C:\Windows\System\OzAEfbK.exe
  2⤵
  PID:9344
- C:\Windows\System\egtZTMh.exe
  C:\Windows\System\egtZTMh.exe
  2⤵
  PID:9404
- C:\Windows\System\SZhDOXZ.exe
  C:\Windows\System\SZhDOXZ.exe
  2⤵
  PID:9468
- C:\Windows\System\QzPGQNf.exe
  C:\Windows\System\QzPGQNf.exe
  2⤵
  PID:9500
- C:\Windows\System\nuMAYBC.exe
  C:\Windows\System\nuMAYBC.exe
  2⤵
  PID:9572
- C:\Windows\System\hdqsPpN.exe
  C:\Windows\System\hdqsPpN.exe
  2⤵
  PID:9628
- C:\Windows\System\djYlKHW.exe
  C:\Windows\System\djYlKHW.exe
  2⤵
  PID:9688
- C:\Windows\System\ZmVPioU.exe
  C:\Windows\System\ZmVPioU.exe
  2⤵
  PID:9740
- C:\Windows\System\aJjHvQD.exe
  C:\Windows\System\aJjHvQD.exe
  2⤵
  PID:9800
- C:\Windows\System\CSybvUP.exe
  C:\Windows\System\CSybvUP.exe
  2⤵
  PID:9888
- C:\Windows\System\JitJsVw.exe
  C:\Windows\System\JitJsVw.exe
  2⤵
  PID:9956
- C:\Windows\System\PriOjtS.exe
  C:\Windows\System\PriOjtS.exe
  2⤵
  PID:10012
- C:\Windows\System\paMGfjT.exe
  C:\Windows\System\paMGfjT.exe
  2⤵
  PID:10116
- C:\Windows\System\EIsGWXg.exe
  C:\Windows\System\EIsGWXg.exe
  2⤵
  PID:10192
- C:\Windows\System\SwFHQBJ.exe
  C:\Windows\System\SwFHQBJ.exe
  2⤵
  PID:9396
- C:\Windows\System\WNOtSnG.exe
  C:\Windows\System\WNOtSnG.exe
  2⤵
  PID:9456
- C:\Windows\System\zOwTSJE.exe
  C:\Windows\System\zOwTSJE.exe
  2⤵
  PID:9564
- C:\Windows\System\lPmXYOY.exe
  C:\Windows\System\lPmXYOY.exe
  2⤵
  PID:9932
- C:\Windows\System\yLSrLMI.exe
  C:\Windows\System\yLSrLMI.exe
  2⤵
  PID:10100
- C:\Windows\System\yQvPmcj.exe
  C:\Windows\System\yQvPmcj.exe
  2⤵
  PID:10032
- C:\Windows\System\UzpmdOc.exe
  C:\Windows\System\UzpmdOc.exe
  2⤵
  PID:9328
- C:\Windows\System\iwruLjb.exe
  C:\Windows\System\iwruLjb.exe
  2⤵
  PID:9856
- C:\Windows\System\KffQvKO.exe
  C:\Windows\System\KffQvKO.exe
  2⤵
  PID:10232
- C:\Windows\System\tsCgmrt.exe
  C:\Windows\System\tsCgmrt.exe
  2⤵
  PID:9604
- C:\Windows\System\DqQyLlw.exe
  C:\Windows\System\DqQyLlw.exe
  2⤵
  PID:10264
- C:\Windows\System\ExkZmhI.exe
  C:\Windows\System\ExkZmhI.exe
  2⤵
  PID:10296
- C:\Windows\System\qzZizmA.exe
  C:\Windows\System\qzZizmA.exe
  2⤵
  PID:10328
- C:\Windows\System\oMAVCPk.exe
  C:\Windows\System\oMAVCPk.exe
  2⤵
  PID:10364
- C:\Windows\System\AXtDKRz.exe
  C:\Windows\System\AXtDKRz.exe
  2⤵
  PID:10380
- C:\Windows\System\XRiMLGG.exe
  C:\Windows\System\XRiMLGG.exe
  2⤵
  PID:10408
- C:\Windows\System\jdoXgZa.exe
  C:\Windows\System\jdoXgZa.exe
  2⤵
  PID:10432
- C:\Windows\System\vjKrSSk.exe
  C:\Windows\System\vjKrSSk.exe
  2⤵
  PID:10468
- C:\Windows\System\obQXIsJ.exe
  C:\Windows\System\obQXIsJ.exe
  2⤵
  PID:10504
- C:\Windows\System\HuUtRZl.exe
  C:\Windows\System\HuUtRZl.exe
  2⤵
  PID:10528
- C:\Windows\System\cLZRJLg.exe
  C:\Windows\System\cLZRJLg.exe
  2⤵
  PID:10564
- C:\Windows\System\gAtNpmK.exe
  C:\Windows\System\gAtNpmK.exe
  2⤵
  PID:10608
- C:\Windows\System\wXgtEKf.exe
  C:\Windows\System\wXgtEKf.exe
  2⤵
  PID:10628
- C:\Windows\System\muESogz.exe
  C:\Windows\System\muESogz.exe
  2⤵
  PID:10656
- C:\Windows\System\WjRFetC.exe
  C:\Windows\System\WjRFetC.exe
  2⤵
  PID:10688
- C:\Windows\System\gKdZrqx.exe
  C:\Windows\System\gKdZrqx.exe
  2⤵
  PID:10716
- C:\Windows\System\NHgUcvj.exe
  C:\Windows\System\NHgUcvj.exe
  2⤵
  PID:10752
- C:\Windows\System\KQveqgS.exe
  C:\Windows\System\KQveqgS.exe
  2⤵
  PID:10784
- C:\Windows\System\nGBTXxs.exe
  C:\Windows\System\nGBTXxs.exe
  2⤵
  PID:10812
- C:\Windows\System\luSjWdR.exe
  C:\Windows\System\luSjWdR.exe
  2⤵
  PID:10828
- C:\Windows\System\iQNqEMM.exe
  C:\Windows\System\iQNqEMM.exe
  2⤵
  PID:10852
- C:\Windows\System\XpPriLG.exe
  C:\Windows\System\XpPriLG.exe
  2⤵
  PID:10884
- C:\Windows\System\FLTADjs.exe
  C:\Windows\System\FLTADjs.exe
  2⤵
  PID:10920
- C:\Windows\System\drxGVwB.exe
  C:\Windows\System\drxGVwB.exe
  2⤵
  PID:10948
- C:\Windows\System\IPcKBYT.exe
  C:\Windows\System\IPcKBYT.exe
  2⤵
  PID:10984
- C:\Windows\System\mNkNWVc.exe
  C:\Windows\System\mNkNWVc.exe
  2⤵
  PID:11020
- C:\Windows\System\DHaAdms.exe
  C:\Windows\System\DHaAdms.exe
  2⤵
  PID:11044
- C:\Windows\System\nWrLUrJ.exe
  C:\Windows\System\nWrLUrJ.exe
  2⤵
  PID:11076
- C:\Windows\System\jvjItwr.exe
  C:\Windows\System\jvjItwr.exe
  2⤵
  PID:11112
- C:\Windows\System\ffHnZOU.exe
  C:\Windows\System\ffHnZOU.exe
  2⤵
  PID:11140
- C:\Windows\System\xhFhkVJ.exe
  C:\Windows\System\xhFhkVJ.exe
  2⤵
  PID:11168
- C:\Windows\System\rORCxxi.exe
  C:\Windows\System\rORCxxi.exe
  2⤵
  PID:11204
- C:\Windows\System\ZusRuYc.exe
  C:\Windows\System\ZusRuYc.exe
  2⤵
  PID:11240
- C:\Windows\System\SPCQGHf.exe
  C:\Windows\System\SPCQGHf.exe
  2⤵
  PID:10184
- C:\Windows\System\mWHkPLw.exe
  C:\Windows\System\mWHkPLw.exe
  2⤵
  PID:10304
- C:\Windows\System\sIYfHRM.exe
  C:\Windows\System\sIYfHRM.exe
  2⤵
  PID:10352
- C:\Windows\System\YiRXaNo.exe
  C:\Windows\System\YiRXaNo.exe
  2⤵
  PID:10488
- C:\Windows\System\XyTjfco.exe
  C:\Windows\System\XyTjfco.exe
  2⤵
  PID:10596
- C:\Windows\System\IuzjUuo.exe
  C:\Windows\System\IuzjUuo.exe
  2⤵
  PID:10648
- C:\Windows\System\WBEqzIW.exe
  C:\Windows\System\WBEqzIW.exe
  2⤵
  PID:10740
- C:\Windows\System\XTPlIxY.exe
  C:\Windows\System\XTPlIxY.exe
  2⤵
  PID:10804
- C:\Windows\System\eSObfoX.exe
  C:\Windows\System\eSObfoX.exe
  2⤵
  PID:10876
- C:\Windows\System\hmaWTqL.exe
  C:\Windows\System\hmaWTqL.exe
  2⤵
  PID:11016
- C:\Windows\System\BBWpXzQ.exe
  C:\Windows\System\BBWpXzQ.exe
  2⤵
  PID:11108
- C:\Windows\System\IdyPZQs.exe
  C:\Windows\System\IdyPZQs.exe
  2⤵
  PID:11060
- C:\Windows\System\JAnPDAg.exe
  C:\Windows\System\JAnPDAg.exe
  2⤵
  PID:11200
- C:\Windows\System\YouVhGs.exe
  C:\Windows\System\YouVhGs.exe
  2⤵
  PID:9716
- C:\Windows\System\RQmftXY.exe
  C:\Windows\System\RQmftXY.exe
  2⤵
  PID:9996
- C:\Windows\System\wvSMUWK.exe
  C:\Windows\System\wvSMUWK.exe
  2⤵
  PID:10592
- C:\Windows\System\ZBcVJut.exe
  C:\Windows\System\ZBcVJut.exe
  2⤵
  PID:10544
- C:\Windows\System\yNryekx.exe
  C:\Windows\System\yNryekx.exe
  2⤵
  PID:10820
- C:\Windows\System\PpWhElF.exe
  C:\Windows\System\PpWhElF.exe
  2⤵
  PID:10824
- C:\Windows\System\lELtCzT.exe
  C:\Windows\System\lELtCzT.exe
  2⤵
  PID:11032
- C:\Windows\System\CtbcsWp.exe
  C:\Windows\System\CtbcsWp.exe
  2⤵
  PID:11100
- C:\Windows\System\dREVGnB.exe
  C:\Windows\System\dREVGnB.exe
  2⤵
  PID:10256
- C:\Windows\System\uUPezHV.exe
  C:\Windows\System\uUPezHV.exe
  2⤵
  PID:10372
- C:\Windows\System\cQQDlxZ.exe
  C:\Windows\System\cQQDlxZ.exe
  2⤵
  PID:10524
- C:\Windows\System\qowtQpo.exe
  C:\Windows\System\qowtQpo.exe
  2⤵
  PID:11280
- C:\Windows\System\dTNPLnz.exe
  C:\Windows\System\dTNPLnz.exe
  2⤵
  PID:11312
- C:\Windows\System\MlkzwVo.exe
  C:\Windows\System\MlkzwVo.exe
  2⤵
  PID:11340
- C:\Windows\System\mBvVioE.exe
  C:\Windows\System\mBvVioE.exe
  2⤵
  PID:11368
- C:\Windows\System\ZieNZNu.exe
  C:\Windows\System\ZieNZNu.exe
  2⤵
  PID:11404
- C:\Windows\System\jXpQHUP.exe
  C:\Windows\System\jXpQHUP.exe
  2⤵
  PID:11420
- C:\Windows\System\KwOWPJj.exe
  C:\Windows\System\KwOWPJj.exe
  2⤵
  PID:11456
- C:\Windows\System\AtvBxMa.exe
  C:\Windows\System\AtvBxMa.exe
  2⤵
  PID:11480
- C:\Windows\System\prXQRvW.exe
  C:\Windows\System\prXQRvW.exe
  2⤵
  PID:11520
- C:\Windows\System\gCyEkyD.exe
  C:\Windows\System\gCyEkyD.exe
  2⤵
  PID:11564
- C:\Windows\System\bpZbNOk.exe
  C:\Windows\System\bpZbNOk.exe
  2⤵
  PID:11592
- C:\Windows\System\UampoHQ.exe
  C:\Windows\System\UampoHQ.exe
  2⤵
  PID:11624
- C:\Windows\System\lsTvrUw.exe
  C:\Windows\System\lsTvrUw.exe
  2⤵
  PID:11644
- C:\Windows\System\tvcSbEK.exe
  C:\Windows\System\tvcSbEK.exe
  2⤵
  PID:11660
- C:\Windows\System\fziapDn.exe
  C:\Windows\System\fziapDn.exe
  2⤵
  PID:11692
- C:\Windows\System\jWwgfhM.exe
  C:\Windows\System\jWwgfhM.exe
  2⤵
  PID:11716
- C:\Windows\System\VEsMrVl.exe
  C:\Windows\System\VEsMrVl.exe
  2⤵
  PID:11748
- C:\Windows\System\SIZjuAe.exe
  C:\Windows\System\SIZjuAe.exe
  2⤵
  PID:11780
- C:\Windows\System\IjGjwAL.exe
  C:\Windows\System\IjGjwAL.exe
  2⤵
  PID:11808
- C:\Windows\System\CCwCPeU.exe
  C:\Windows\System\CCwCPeU.exe
  2⤵
  PID:11840
- C:\Windows\System\SoGWmKI.exe
  C:\Windows\System\SoGWmKI.exe
  2⤵
  PID:11864
- C:\Windows\System\imNzsxc.exe
  C:\Windows\System\imNzsxc.exe
  2⤵
  PID:11892
- C:\Windows\System\UKWAaET.exe
  C:\Windows\System\UKWAaET.exe
  2⤵
  PID:11920
- C:\Windows\System\uhqMNqJ.exe
  C:\Windows\System\uhqMNqJ.exe
  2⤵
  PID:11952
- C:\Windows\System\BsYowUu.exe
  C:\Windows\System\BsYowUu.exe
  2⤵
  PID:11976
- C:\Windows\System\NYkdvse.exe
  C:\Windows\System\NYkdvse.exe
  2⤵
  PID:12004
- C:\Windows\System\BgLXotf.exe
  C:\Windows\System\BgLXotf.exe
  2⤵
  PID:12036
- C:\Windows\System\ePIwMqs.exe
  C:\Windows\System\ePIwMqs.exe
  2⤵
  PID:12064
- C:\Windows\System\Mmdkbfv.exe
  C:\Windows\System\Mmdkbfv.exe
  2⤵
  PID:12088
- C:\Windows\System\LmFuWnm.exe
  C:\Windows\System\LmFuWnm.exe
  2⤵
  PID:12104
- C:\Windows\System\jWBhBYr.exe
  C:\Windows\System\jWBhBYr.exe
  2⤵
  PID:12132
- C:\Windows\System\aLRvyMa.exe
  C:\Windows\System\aLRvyMa.exe
  2⤵
  PID:12168
- C:\Windows\System\ZSIpEAP.exe
  C:\Windows\System\ZSIpEAP.exe
  2⤵
  PID:12208
- C:\Windows\System\ErUzkGD.exe
  C:\Windows\System\ErUzkGD.exe
  2⤵
  PID:12236
- C:\Windows\System\UvHmaKz.exe
  C:\Windows\System\UvHmaKz.exe
  2⤵
  PID:12268
- C:\Windows\System\TEbhlyy.exe
  C:\Windows\System\TEbhlyy.exe
  2⤵
  PID:10712
- C:\Windows\System\LUbmscY.exe
  C:\Windows\System\LUbmscY.exe
  2⤵
  PID:11272
- C:\Windows\System\YEtPzzF.exe
  C:\Windows\System\YEtPzzF.exe
  2⤵
  PID:11308
- C:\Windows\System\cvNUPZJ.exe
  C:\Windows\System\cvNUPZJ.exe
  2⤵
  PID:11360
- C:\Windows\System\FZCLbJK.exe
  C:\Windows\System\FZCLbJK.exe
  2⤵
  PID:11500
- C:\Windows\System\LTJTqwZ.exe
  C:\Windows\System\LTJTqwZ.exe
  2⤵
  PID:11452
- C:\Windows\System\sINqmzk.exe
  C:\Windows\System\sINqmzk.exe
  2⤵
  PID:11512
- C:\Windows\System\kTPmfoe.exe
  C:\Windows\System\kTPmfoe.exe
  2⤵
  PID:11684
- C:\Windows\System\YLKdFqa.exe
  C:\Windows\System\YLKdFqa.exe
  2⤵
  PID:11856
- C:\Windows\System\oSHwzYy.exe
  C:\Windows\System\oSHwzYy.exe
  2⤵
  PID:11820
- C:\Windows\System\FMTSJvB.exe
  C:\Windows\System\FMTSJvB.exe
  2⤵
  PID:11880
- C:\Windows\System\DRpDBpY.exe
  C:\Windows\System\DRpDBpY.exe
  2⤵
  PID:11968
- C:\Windows\System\aAcokex.exe
  C:\Windows\System\aAcokex.exe
  2⤵
  PID:12000
- C:\Windows\System\xrYYDxi.exe
  C:\Windows\System\xrYYDxi.exe
  2⤵
  PID:12156
- C:\Windows\System\ZcJQDsV.exe
  C:\Windows\System\ZcJQDsV.exe
  2⤵
  PID:12200
- C:\Windows\System\IQCCVTs.exe
  C:\Windows\System\IQCCVTs.exe
  2⤵
  PID:12284
- C:\Windows\System\UbMrrII.exe
  C:\Windows\System\UbMrrII.exe
  2⤵
  PID:11400
- C:\Windows\System\ZtafJOC.exe
  C:\Windows\System\ZtafJOC.exe
  2⤵
  PID:11576
- C:\Windows\System\SHQcCZV.exe
  C:\Windows\System\SHQcCZV.exe
  2⤵
  PID:11760
- C:\Windows\System\QpDiAAP.exe
  C:\Windows\System\QpDiAAP.exe
  2⤵
  PID:11928
- C:\Windows\System\ApjnISY.exe
  C:\Windows\System\ApjnISY.exe
  2⤵
  PID:12048
- C:\Windows\System\SCFPDld.exe
  C:\Windows\System\SCFPDld.exe
  2⤵
  PID:11268
- C:\Windows\System\cNbgXTx.exe
  C:\Windows\System\cNbgXTx.exe
  2⤵
  PID:11416
- C:\Windows\System\kFAFwYR.exe
  C:\Windows\System\kFAFwYR.exe
  2⤵
  PID:12128
- C:\Windows\System\EsZPCsE.exe
  C:\Windows\System\EsZPCsE.exe
  2⤵
  PID:11768
- C:\Windows\System\BmsAALy.exe
  C:\Windows\System\BmsAALy.exe
  2⤵
  PID:12096
- C:\Windows\System\HSHiiuU.exe
  C:\Windows\System\HSHiiuU.exe
  2⤵
  PID:12308
- C:\Windows\System\EihbWLu.exe
  C:\Windows\System\EihbWLu.exe
  2⤵
  PID:12348
- C:\Windows\System\WjLRTlO.exe
  C:\Windows\System\WjLRTlO.exe
  2⤵
  PID:12368
- C:\Windows\System\DnxGJYu.exe
  C:\Windows\System\DnxGJYu.exe
  2⤵
  PID:12392
- C:\Windows\System\JEvYVdy.exe
  C:\Windows\System\JEvYVdy.exe
  2⤵
  PID:12416
- C:\Windows\System\vPHcJZm.exe
  C:\Windows\System\vPHcJZm.exe
  2⤵
  PID:12448
- C:\Windows\System\AVikULW.exe
  C:\Windows\System\AVikULW.exe
  2⤵
  PID:12464
- C:\Windows\System\FQyVJCY.exe
  C:\Windows\System\FQyVJCY.exe
  2⤵
  PID:12492
- C:\Windows\System\zcrvwrf.exe
  C:\Windows\System\zcrvwrf.exe
  2⤵
  PID:12520
- C:\Windows\System\eXioejf.exe
  C:\Windows\System\eXioejf.exe
  2⤵
  PID:12560
- C:\Windows\System\iAluqSj.exe
  C:\Windows\System\iAluqSj.exe
  2⤵
  PID:12592
- C:\Windows\System\qfFbVKq.exe
  C:\Windows\System\qfFbVKq.exe
  2⤵
  PID:12628
- C:\Windows\System\rqhblpl.exe
  C:\Windows\System\rqhblpl.exe
  2⤵
  PID:12644
- C:\Windows\System\LqNDWbL.exe
  C:\Windows\System\LqNDWbL.exe
  2⤵
  PID:12672
- C:\Windows\System\IYYuQqn.exe
  C:\Windows\System\IYYuQqn.exe
  2⤵
  PID:12708
- C:\Windows\System\FJyruMq.exe
  C:\Windows\System\FJyruMq.exe
  2⤵
  PID:12744
- C:\Windows\System\teQAkfZ.exe
  C:\Windows\System\teQAkfZ.exe
  2⤵
  PID:12772
- C:\Windows\System\lyKJJEB.exe
  C:\Windows\System\lyKJJEB.exe
  2⤵
  PID:12800
- C:\Windows\System\ixqYUpX.exe
  C:\Windows\System\ixqYUpX.exe
  2⤵
  PID:12816
- C:\Windows\System\CgIvbqU.exe
  C:\Windows\System\CgIvbqU.exe
  2⤵
  PID:12852
- C:\Windows\System\kWvLFjs.exe
  C:\Windows\System\kWvLFjs.exe
  2⤵
  PID:12884
- C:\Windows\System\peeiyOg.exe
  C:\Windows\System\peeiyOg.exe
  2⤵
  PID:12904
- C:\Windows\System\knQnUSH.exe
  C:\Windows\System\knQnUSH.exe
  2⤵
  PID:12920
- C:\Windows\System\jvjzOgc.exe
  C:\Windows\System\jvjzOgc.exe
  2⤵
  PID:12944
- C:\Windows\System\ilpMTQQ.exe
  C:\Windows\System\ilpMTQQ.exe
  2⤵
  PID:12960
- C:\Windows\System\KYvvefr.exe
  C:\Windows\System\KYvvefr.exe
  2⤵
  PID:12988
- C:\Windows\System\RnKxFgA.exe
  C:\Windows\System\RnKxFgA.exe
  2⤵
  PID:13016
- C:\Windows\System\mqOqTJj.exe
  C:\Windows\System\mqOqTJj.exe
  2⤵
  PID:13060
- C:\Windows\System\HOgkexB.exe
  C:\Windows\System\HOgkexB.exe
  2⤵
  PID:13096
- C:\Windows\System\DZPoybo.exe
  C:\Windows\System\DZPoybo.exe
  2⤵
  PID:13128
- C:\Windows\System\sQOGJBf.exe
  C:\Windows\System\sQOGJBf.exe
  2⤵
  PID:13164
- C:\Windows\System\NcpHvFN.exe
  C:\Windows\System\NcpHvFN.exe
  2⤵
  PID:13192
- C:\Windows\System\AgkjycO.exe
  C:\Windows\System\AgkjycO.exe
  2⤵
  PID:13220
- C:\Windows\System\bEVomAb.exe
  C:\Windows\System\bEVomAb.exe
  2⤵
  PID:13248
- C:\Windows\System\oNluJTB.exe
  C:\Windows\System\oNluJTB.exe
  2⤵
  PID:13276
- C:\Windows\System\wdEIsYg.exe
  C:\Windows\System\wdEIsYg.exe
  2⤵
  PID:13304
- C:\Windows\System\jElzKkD.exe
  C:\Windows\System\jElzKkD.exe
  2⤵
  PID:12320
- C:\Windows\System\tVpGCrR.exe
  C:\Windows\System\tVpGCrR.exe
  2⤵
  PID:12384
- C:\Windows\System\GsjuiCI.exe
  C:\Windows\System\GsjuiCI.exe
  2⤵
  PID:12444
- C:\Windows\System\PwZbeMN.exe
  C:\Windows\System\PwZbeMN.exe
  2⤵
  PID:12516
- C:\Windows\System\xdpcuas.exe
  C:\Windows\System\xdpcuas.exe
  2⤵
  PID:12588
- C:\Windows\System\fXBOuOK.exe
  C:\Windows\System\fXBOuOK.exe
  2⤵
  PID:12656
- C:\Windows\System\ZIrPsYv.exe
  C:\Windows\System\ZIrPsYv.exe
  2⤵
  PID:12704
- C:\Windows\System\AUAyONW.exe
  C:\Windows\System\AUAyONW.exe
  2⤵
  PID:12784
- C:\Windows\System\oCFfJtZ.exe
  C:\Windows\System\oCFfJtZ.exe
  2⤵
  PID:12840
- C:\Windows\System\BfAOitr.exe
  C:\Windows\System\BfAOitr.exe
  2⤵
  PID:12880
- C:\Windows\System\QCMWBTK.exe
  C:\Windows\System\QCMWBTK.exe
  2⤵
  PID:12984
- C:\Windows\System\aDdMdGs.exe
  C:\Windows\System\aDdMdGs.exe
  2⤵
  PID:13068
- C:\Windows\System\RBWoiMx.exe
  C:\Windows\System\RBWoiMx.exe
  2⤵
  PID:13116
- C:\Windows\System\rjXTcuN.exe
  C:\Windows\System\rjXTcuN.exe
  2⤵
  PID:13176
- C:\Windows\System\elbMTJG.exe
  C:\Windows\System\elbMTJG.exe
  2⤵
  PID:13212
- C:\Windows\System\jXGtRGr.exe
  C:\Windows\System\jXGtRGr.exe
  2⤵
  PID:13296
- C:\Windows\System\CmSCWcD.exe
  C:\Windows\System\CmSCWcD.exe
  2⤵
  PID:12364
- C:\Windows\System\zDFoSVt.exe
  C:\Windows\System\zDFoSVt.exe
  2⤵
  PID:12544
- C:\Windows\System\vbuRuQu.exe
  C:\Windows\System\vbuRuQu.exe
  2⤵
  PID:12696
- C:\Windows\System\LqoRvjl.exe
  C:\Windows\System\LqoRvjl.exe
  2⤵
  PID:12828
- C:\Windows\System\rxyXIGw.exe
  C:\Windows\System\rxyXIGw.exe
  2⤵
  PID:13012
- C:\Windows\System\GRgIMNA.exe
  C:\Windows\System\GRgIMNA.exe
  2⤵
  PID:13152
- C:\Windows\System\ZHmXgtn.exe
  C:\Windows\System\ZHmXgtn.exe
  2⤵
  PID:13268
- C:\Windows\System\HNTRDIQ.exe
  C:\Windows\System\HNTRDIQ.exe
  2⤵
  PID:12476
- C:\Windows\System\fCpUPci.exe
  C:\Windows\System\fCpUPci.exe
  2⤵
  PID:12932
- C:\Windows\System\WZMTrqc.exe
  C:\Windows\System\WZMTrqc.exe
  2⤵
  PID:13244
- C:\Windows\System\GDXZIZE.exe
  C:\Windows\System\GDXZIZE.exe
  2⤵
  PID:13148
- C:\Windows\System\ZMnOIin.exe
  C:\Windows\System\ZMnOIin.exe
  2⤵
  PID:13320
- C:\Windows\System\EcFrnyV.exe
  C:\Windows\System\EcFrnyV.exe
  2⤵
  PID:13348
- C:\Windows\System\yrzTdDJ.exe
  C:\Windows\System\yrzTdDJ.exe
  2⤵
  PID:13376
- C:\Windows\System\FfLtgPA.exe
  C:\Windows\System\FfLtgPA.exe
  2⤵
  PID:13404
- C:\Windows\System\HtbKLgi.exe
  C:\Windows\System\HtbKLgi.exe
  2⤵
  PID:13428
- C:\Windows\System\OdCLHFd.exe
  C:\Windows\System\OdCLHFd.exe
  2⤵
  PID:13468
- C:\Windows\System\XJFHJDM.exe
  C:\Windows\System\XJFHJDM.exe
  2⤵
  PID:13496
- C:\Windows\System\RZEjLXX.exe
  C:\Windows\System\RZEjLXX.exe
  2⤵
  PID:13532
- C:\Windows\System\WcNuNRH.exe
  C:\Windows\System\WcNuNRH.exe
  2⤵
  PID:13572
- C:\Windows\System\WRNqyGs.exe
  C:\Windows\System\WRNqyGs.exe
  2⤵
  PID:13604
- C:\Windows\System\FJySRTS.exe
  C:\Windows\System\FJySRTS.exe
  2⤵
  PID:13628
- C:\Windows\System\dcdMiCl.exe
  C:\Windows\System\dcdMiCl.exe
  2⤵
  PID:13644
- C:\Windows\System\hSkqCdk.exe
  C:\Windows\System\hSkqCdk.exe
  2⤵
  PID:13664
- C:\Windows\System\XTmpRHo.exe
  C:\Windows\System\XTmpRHo.exe
  2⤵
  PID:13700
- C:\Windows\System\ZFLkfMX.exe
  C:\Windows\System\ZFLkfMX.exe
  2⤵
  PID:13724
- C:\Windows\System\bdNTkFV.exe
  C:\Windows\System\bdNTkFV.exe
  2⤵
  PID:13752
- C:\Windows\System\laERAsh.exe
  C:\Windows\System\laERAsh.exe
  2⤵
  PID:13776
- C:\Windows\System\VFjeKSO.exe
  C:\Windows\System\VFjeKSO.exe
  2⤵
  PID:13820
- C:\Windows\System\HMebPhA.exe
  C:\Windows\System\HMebPhA.exe
  2⤵
  PID:13844
- C:\Windows\System\PpHspcz.exe
  C:\Windows\System\PpHspcz.exe
  2⤵
  PID:13872
- C:\Windows\System\JvsGrfM.exe
  C:\Windows\System\JvsGrfM.exe
  2⤵
  PID:13908
- C:\Windows\System\YwiRMom.exe
  C:\Windows\System\YwiRMom.exe
  2⤵
  PID:13932
- C:\Windows\System\blMfiZx.exe
  C:\Windows\System\blMfiZx.exe
  2⤵
  PID:13968
- C:\Windows\System\QTJohzU.exe
  C:\Windows\System\QTJohzU.exe
  2⤵
  PID:14008
- C:\Windows\System\uiJqNsR.exe
  C:\Windows\System\uiJqNsR.exe
  2⤵
  PID:14036
- C:\Windows\System\RWBNcRG.exe
  C:\Windows\System\RWBNcRG.exe
  2⤵
  PID:14064
- C:\Windows\System\YpNyTuJ.exe
  C:\Windows\System\YpNyTuJ.exe
  2⤵
  PID:14092
- C:\Windows\System\oWsQIgf.exe
  C:\Windows\System\oWsQIgf.exe
  2⤵
  PID:14120
- C:\Windows\System\CnAHnHL.exe
  C:\Windows\System\CnAHnHL.exe
  2⤵
  PID:14148
- C:\Windows\System\nFLkzav.exe
  C:\Windows\System\nFLkzav.exe
  2⤵
  PID:14176
- C:\Windows\System\RIsmOoq.exe
  C:\Windows\System\RIsmOoq.exe
  2⤵
  PID:14204
- C:\Windows\System\yBFwXVA.exe
  C:\Windows\System\yBFwXVA.exe
  2⤵
  PID:14232
- C:\Windows\System\QyLouWq.exe
  C:\Windows\System\QyLouWq.exe
  2⤵
  PID:14260
- C:\Windows\System\VwXITqY.exe
  C:\Windows\System\VwXITqY.exe
  2⤵
  PID:14288
- C:\Windows\System\KUJOkVJ.exe
  C:\Windows\System\KUJOkVJ.exe
  2⤵
  PID:14316
- C:\Windows\System\IyLCYkR.exe
  C:\Windows\System\IyLCYkR.exe
  2⤵
  PID:13316
- C:\Windows\System\WOECoxr.exe
  C:\Windows\System\WOECoxr.exe
  2⤵
  PID:13396
- C:\Windows\System\PuPRAim.exe
  C:\Windows\System\PuPRAim.exe
  2⤵
  PID:13416
- C:\Windows\System\UstjSuD.exe
  C:\Windows\System\UstjSuD.exe
  2⤵
  PID:13552
- C:\Windows\System\YjgbMKs.exe
  C:\Windows\System\YjgbMKs.exe
  2⤵
  PID:13600
- C:\Windows\System\RmJCXqW.exe
  C:\Windows\System\RmJCXqW.exe
  2⤵
  PID:13660
- C:\Windows\System\mtFBTKA.exe
  C:\Windows\System\mtFBTKA.exe
  2⤵
  PID:13748
- C:\Windows\System\COBTTsG.exe
  C:\Windows\System\COBTTsG.exe
  2⤵
  PID:13804
- C:\Windows\System\jcmEEKB.exe
  C:\Windows\System\jcmEEKB.exe
  2⤵
  PID:632
- C:\Windows\System\HtOUwLB.exe
  C:\Windows\System\HtOUwLB.exe
  2⤵
  PID:13904
- C:\Windows\System\VJwtmCl.exe
  C:\Windows\System\VJwtmCl.exe
  2⤵
  PID:13916
- C:\Windows\System\bgLoIUx.exe
  C:\Windows\System\bgLoIUx.exe
  2⤵
  PID:13960
- C:\Windows\System\eolSSZQ.exe
  C:\Windows\System\eolSSZQ.exe
  2⤵
  PID:13992
- C:\Windows\System\VEGJjKL.exe
  C:\Windows\System\VEGJjKL.exe
  2⤵
  PID:14076
- C:\Windows\System\FRWWVej.exe
  C:\Windows\System\FRWWVej.exe
  2⤵
  PID:14144
- C:\Windows\System\ukiMscn.exe
  C:\Windows\System\ukiMscn.exe
  2⤵
  PID:14224
- C:\Windows\System\XfdNufQ.exe
  C:\Windows\System\XfdNufQ.exe
  2⤵
  PID:14308
- C:\Windows\System\xlgqgfj.exe
  C:\Windows\System\xlgqgfj.exe
  2⤵
  PID:13356
- C:\Windows\System\dZJTIvh.exe
  C:\Windows\System\dZJTIvh.exe
  2⤵
  PID:13580
- C:\Windows\System\UDqYzSu.exe
  C:\Windows\System\UDqYzSu.exe
  2⤵
  PID:13764
- C:\Windows\System\BacASJi.exe
  C:\Windows\System\BacASJi.exe
  2⤵
  PID:4516
- C:\Windows\System\Cofhoqw.exe
  C:\Windows\System\Cofhoqw.exe
  2⤵
  PID:13940
- C:\Windows\System\zVYevCy.exe
  C:\Windows\System\zVYevCy.exe
  2⤵
  PID:14056
- C:\Windows\System\UQNDKzY.exe
  C:\Windows\System\UQNDKzY.exe
  2⤵
  PID:14196
- C:\Windows\System\XjYkjGG.exe
  C:\Windows\System\XjYkjGG.exe
  2⤵
  PID:12732
- C:\Windows\System\XXIOgsE.exe
  C:\Windows\System\XXIOgsE.exe
  2⤵
  PID:13744
- C:\Windows\System\vHJNqLK.exe
  C:\Windows\System\vHJNqLK.exe
  2⤵
  PID:14032
- C:\Windows\System\pWuCpmE.exe
  C:\Windows\System\pWuCpmE.exe
  2⤵
  PID:13560
- C:\Windows\System\clCXmnm.exe
  C:\Windows\System\clCXmnm.exe
  2⤵
  PID:14132
- C:\Windows\System\zuAduBh.exe
  C:\Windows\System\zuAduBh.exe
  2⤵
  PID:14352
- C:\Windows\System\UiwcMix.exe
  C:\Windows\System\UiwcMix.exe
  2⤵
  PID:14384
- C:\Windows\System\LfFTFkG.exe
  C:\Windows\System\LfFTFkG.exe
  2⤵
  PID:14420

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AtctJFE.exe

Filesize
2.0MB

MD5
b2c9d50c0e7c8d0a7d1939f646ca7c6f

SHA1
61ab28355572b74a02164dfe52c702fc7113981b

SHA256
25051cf4e59f28cabfa1a4fef4f29cd61e9d1f3c3cee6094174a15111ac30598

SHA512
f6481d1b5bf1a1d6a6f80984e265f5b1157ab6d8a4175784e428b82fe3236d4bd62468fb25e5e5875c8703cc71c843a18bbae9257b7c47cede63a8502e6abd77

Download Submit
C:\Windows\System\CDgleJu.exe

Filesize
2.0MB

MD5
19cbf6e66036e75745ca22f3b6318a7e

SHA1
84136eb1efaa0bfbdb5906605bda1ad7e51c4010

SHA256
c947aa51e2caa9c8287222697cb21c06e2abc1bc3b59abef5573dbd56cb58552

SHA512
0c79d9ddefc49ef75633795d3f874821c136fcda6625dda8d10fca1b3e95b901706b95a1a5504d4fd51e4e8d0378231321cb28a832fefc3951887e9a40c54931

Download Submit
C:\Windows\System\CppBdti.exe

Filesize
2.0MB

MD5
a3933163aa9d268303ca0fb22b4536a6

SHA1
eccb63a9df86b9c374fd74a8ec36555a522687cb

SHA256
48edb5fcae4af76925d01895fbbac650ecb98b735ee2156159b60a6115652660

SHA512
f49d0b3aeb81f98fc6abd5374b007138c78bf7b684adb1c932b9f61cf193e9c467b91a623f9834092a433a464b1896b3b4576da5be018e85964401f391cc9d90

Download Submit
C:\Windows\System\DDWGrsf.exe

Filesize
2.0MB

MD5
705ae163ab5a6103db93ff988bf17c76

SHA1
8af8ade20aa60fbd91837ab065d7756fdad91c03

SHA256
740165c805cec3a1c9f0ce8a90adfea4816a857c328cbd84656a952bd56c8257

SHA512
b32638040e891617188e7f664e556874e9792fc6b58e0ecdd933bcb38bb8d6e0e3907a4dac6515078614bc8930fdea4d98aaf7462e861fe540f89db4c41ac2e7

Download Submit
C:\Windows\System\IDsmZPD.exe

Filesize
2.0MB

MD5
811c20da1c1223b1b1ca70fa0dc0c40e

SHA1
c200b2bb022996a56a7a3490a97e42054804fcd2

SHA256
a55bfa94a0c2c2720b0ef218bf9f9959b552b6dd21dfc250f93f0094558a8773

SHA512
e28ae51a6c13559ddf4a6c70f69b12c3aefa5674578bf470ad74608c5ca2f9c9f49f93758425ce5f968093eb594093ded344dfcfe728b7d8c0169441f18e869b

Download Submit
C:\Windows\System\JLLGyXn.exe

Filesize
2.0MB

MD5
e88eb06b20aaff378e7c5193d6f53cac

SHA1
a9d168debe971d18388e13f260be833b3051760b

SHA256
c1cdeda7494cf7359dcc8f5c9f54fea0bda68e5bb208d181a4cd83be1abd9f87

SHA512
89f50b0936f4d26ccb166558cd0ff5620fc41c6110ea0574f36c1ecbfe580b3ecb799df7731e407fadbbc8d674528c44276ed06c2ffa1f4f8080642dd8347416

Download Submit
C:\Windows\System\JfoREIW.exe

Filesize
2.0MB

MD5
cb5de6303339b8f23db3abf1d3009ef5

SHA1
054328e231b44b1fb7d5e96d39e8c08d6dfe65f7

SHA256
4ad5294c32b2f5c8a7fb3adf918f94275236f0312fcb19af944d88f7ebe8ac84

SHA512
d0a2feb3c77ed90b7ec28a64cbfb336cccafcae0bbc9f7a6038682abc589dd1b37a17028ed90515f1da0f684964000f82fd4f0516285ea7c2d0a2ea5e0cf7873

Download Submit
C:\Windows\System\LitNsVF.exe

Filesize
2.0MB

MD5
d725bfb84abdba74e4a97e7df007b350

SHA1
6ea746333382c95f1740ed675c4111200b3290b0

SHA256
2d93528ce691a688d7524bcc32e495b7572bd876f23023a0652d131b0a5a16c3

SHA512
0d3f95d44dc14afb168f70fd3f5f3702b0ac356bf0f59437423d533c693ff25383042f593038c022a78b62d09e307f56562502c47c582a8fd00f82c77da54ada

Download Submit
C:\Windows\System\OhBPhvo.exe

Filesize
2.0MB

MD5
18d45a9d802569095ea5da7e90133a69

SHA1
e23ddd2a08f10551923a72f31b14d63341272832

SHA256
4d4f7beb262da43d608860fa2b0d9f94336825705c56dcc41daaf2fd773076f5

SHA512
0697e1a65bfa3925941a1f8a379b48a3399c9a97d14e8dbaa2d19df99feefd58960b169a4cbf305cbcfc42a8b23e419cb69f8a6d51c2ed36d09856c5fdbed79d

Download Submit
C:\Windows\System\PPlVSle.exe

Filesize
2.0MB

MD5
2114f8dfd2125da6870b57027f4eb11d

SHA1
cd26f86c4597379e94662a680f35ea593ad67900

SHA256
1c8a54a9ada4d20991ac295dcd25611f4b960fca0dee81caff40611252e13edc

SHA512
8e333123ccc7241640701d79b22b947871629ffb4be97e2a7bc10ad5907f46c0f111db5d3e645bfebde16840fda5c95821573a5cdd69a37b11de83f40b427595

Download Submit
C:\Windows\System\PbGVYnO.exe

Filesize
2.0MB

MD5
b5760533169a3a6e65f502c163f5c300

SHA1
da385d92f80f634963d8ecb570b9b8e9295f518b

SHA256
a7c252bbd60d8b054acd3881a6ccfa7ec799fee7efe307dfd02c62a3112ef269

SHA512
6b32773b64bd62c9b30d52020f1391cfe399f1744b9ec38da338f4ff33f65159cd8bd73f5fae5756148954e558e8c690e67814d535ac7131a8aa0232c85c5dc1

Download Submit
C:\Windows\System\QrkgGtx.exe

Filesize
2.0MB

MD5
37738a575f336bc7f6fabb69548762c6

SHA1
34a52790889786675e0066ca2417abd6e52c84e3

SHA256
188b93d3bc85164d8b78b6bb1c836c8898a7f9ce4c10bcce879cb41c5ddd82fe

SHA512
44147576355e3f888419d488e2dab94d7f488d2d1368c74609f744ac222b4d40a7d72bc456b0ac4bc61b157209e925b7ef177b4e0c1f1e52536946e675f6ddeb

Download Submit
C:\Windows\System\RNWRhRV.exe

Filesize
2.0MB

MD5
38f63e8b0db6a750efcc5948aac6fb9e

SHA1
ebfaba583b7502056a1be8f12df2f5af88de1af2

SHA256
16171c8b2f6ee5c49a4f3ea3021640c07c441e89f286f6f91ce322041e1cdfe5

SHA512
ae35d559f4a0fb0bc343204d4c6a500007b2d7a370708d06309bc46f4072cd30e91d6d6b8be87fa193fa050c26a3be9f35358a98eeae944a8a1465542d160349

Download Submit
C:\Windows\System\TrXZhuo.exe

Filesize
2.0MB

MD5
e1164325956a1e621e9ea2f758813b3a

SHA1
3308d6d607feceb9bc83df3e828c333cdb4cd5eb

SHA256
798db7c1af38bd3a7b52d3323bcb80a086a4692bea125d6ef38a90c4d867f077

SHA512
ac48e8377eb7fd0f3cf61329df81cb7f8c5f65974c69769407db180f117eb21f2501c2e2d1ae84cfee73e04822cfc878f3aa5980d923f8a93ec51d0bda52989b

Download Submit
C:\Windows\System\VPsbhAe.exe

Filesize
2.0MB

MD5
23f70046167af60e5a916473b4d65dc8

SHA1
87b384de8fceea2950b0b526a79d313e5e4227f4

SHA256
7c53ded7e3d771d478c8d75fe3efac1ebe018623a63ad51ba2f1346c7a5c79ce

SHA512
28a2304cddbd6fab3125ca1ecaac951fee894b1cf3fb5fef4fca1e28d8a83895e94f1ef53d20bcef65d0477a86f0061003658c93f303d292cd2714a231c15bcc

Download Submit
C:\Windows\System\XDUlHvU.exe

Filesize
2.0MB

MD5
6a4ad2f9c876f5ae47b804c46ac94fb6

SHA1
3064ffc36cd9dfb9eff952e35844e08835a8eabb

SHA256
895db0bd5e5ee186fb24e13ffe3a745a9a410927a5b114deec4772844a0e7568

SHA512
3e1a8bb997ccf5dd5636763b4e44b5bdf53713c1507bf62d60356dcbdf26f04f9c4b6a4e0f91f7dff91795d0fcfc69c25722757272aa8ff864a00c154585fbfe

Download Submit
C:\Windows\System\aZFleir.exe

Filesize
2.0MB

MD5
00d7fb58f0b84004a677a8c7c302e4e2

SHA1
4949c82167e7b997994e235f1fd4119d03c6983c

SHA256
99571a5c2ac32f8a6a68379dfd30c6f49d998f5c2eb1e678b641aaa0da9e41c3

SHA512
574c17ee8f3b4343841fc314e3f49a92ff82af5951b40273757e9ee017f43d144294a02c1d524bb3365d107a295a248a2cc50b95b66a05000764934558499a22

Download Submit
C:\Windows\System\aewywnn.exe

Filesize
2.0MB

MD5
e821eadc3f2f66ffb53fda249deffd97

SHA1
003c32fdf2572e31a4e7b8300879f9d0b9fbbfc9

SHA256
692f97eeda53da9c7e517b17af07298b558814bbbbb65def37adca3e757d2adb

SHA512
1ee99e5c80dd9ab1e5baaffe808a3273752eb585b5e920fdb1431161f72fa449bb576dcb0d0405aa67e774bf4be322ec814c59a2be65411ac4ebbb86666b8a84

Download Submit
C:\Windows\System\bQnVRvu.exe

Filesize
2.0MB

MD5
9373235ad420613246bc0a0f3713f762

SHA1
ab1a3ead3b169fb4a827c49a68a62e472b577b8f

SHA256
8f056411ed6a8d74e55af81f2ad57e9f1ec2c74abe0598f35a8dccc80277e3f8

SHA512
4974a98ac4f11df1f3834122a19c9c69f651db29d5fda94e14628e7f8d5fd864f76e0d26d732c621ded42f097bc2598c93313ac5facc01269107158882c7d4dc

Download Submit
C:\Windows\System\dxIhrBa.exe

Filesize
2.0MB

MD5
b66a15407d90d83262f59d0eb1a85c3e

SHA1
b30245ebc82336b231225f278b9ce176574246f6

SHA256
eda6737963784fc798d6a52a6dfa41c1106231cef3f59a5d3234b9d0af6aa570

SHA512
1f7c2a18b0ade153e03737fa057e6eb41508c0a138ef0b74cf2004c9341bdd5fc54130c5be59fca4411fa0b5623a7035eb2541c23be03ba2b325b087b3305b74

Download Submit
C:\Windows\System\eSZirRW.exe

Filesize
2.0MB

MD5
67267841b436d7b67dfed4938b85aaab

SHA1
f0ba22bf6e8c2790232855ab7f5b4bc04cbd849e

SHA256
61585bb7b44804d887f8e3a3fcc71a396a15b899eb4972bf98ef707e01f96ad3

SHA512
edb48aece9f8ef383e3ea9eab1b26ed431b3c35483baa88c5d39bf98fc2c767e21a45dffe31a1a39eb9f4c330c9e29650671a56f3e9561eab19dbc5595594a62

Download Submit
C:\Windows\System\gGtWOOy.exe

Filesize
2.0MB

MD5
1250fd520987e440e141f91a83680aef

SHA1
b0a70f04da3e5b327f007791e7cba2a932808fc9

SHA256
8742e1be400e2a23e9c37766c62186974d35579c7f551b8b6408115acab406af

SHA512
f9bb4a75048de84731025041b45b2b69f1b06d9c54d59dd26f68206a7ca47368d11616da7f48054cdee27ea576bd8ec9b12935ff29d315cf1485b664653c4b3c

Download Submit
C:\Windows\System\gTUyJgO.exe

Filesize
2.0MB

MD5
ea431929e634ace488a54246d547f8d5

SHA1
bc1a147a14bb3c291657897e0ef519ce03cac78e

SHA256
0d0a725cba4618325392d6d2faf4d38d910a46e11620b8a62818499ae4a4585f

SHA512
940506c348865e9257426a6a8e12ffed5da2e449f628f7927e56acce7456707cdba6495000a6acaee31b48b1920a3cf20bedd65ef6ba3cf3c590109eaf50319b

Download Submit
C:\Windows\System\gTblkCe.exe

Filesize
2.0MB

MD5
09fa09b4a2898720c56c40f18276100b

SHA1
bbf937f52227c01f75095b5268ca62399874c2d8

SHA256
cb8c4e10222dd39b34a1213aa5349a1b02a4563503968c5907b4110d60d7144e

SHA512
6279624ed2843e1316dd7d0a9b1d00e5b7c45e8755499b1460786ac26c948ccc40f661b98c496b40a2fe4d5972ec2015acf71445053f4b2faa19518e51cbf841

Download Submit
C:\Windows\System\hJhQVcw.exe

Filesize
2.0MB

MD5
348740665637c50834863c4b5f04dd3b

SHA1
13516a457319ed30f1988e91d935d55f571e975c

SHA256
9480978add9b6ba375e0546aa6fbd44375b0154086335aab1b739506928578d1

SHA512
e85951900445181339a1f864e8caa13713d7b01ba93350d0c47c9d94dab6d38bc0cd52cad0250ed1a396f9967f2c588ebff1a39f48b156de194b9686e6bafb92

Download Submit
C:\Windows\System\hjjWYAv.exe

Filesize
2.0MB

MD5
2ea3f22dd04d1ebf78dda28965ffd03c

SHA1
b9dcac2ed4de9dc72f0821ed3443106a5632eb7c

SHA256
66057652d5ca965b746aeedb7da4b9c82898d583ee4fef4be0ccd60b85fc23a5

SHA512
251f3a1f9d29f3a7102bdcc0584bb56c0391076e1c9d3baf3d5ce9ff80a8688178388522f424549a5d849b626dc62ca0629c7bf22d26901c79a6c202c6f5062d

Download Submit
C:\Windows\System\ktZxEsL.exe

Filesize
2.0MB

MD5
46ee452658262fa45dad434dc28395e5

SHA1
c242db761b3cc559a2e61d35c9dec48728c1663b

SHA256
3159602cc6924e6dbb218c5df6038152bafe91f53d3c9c981c040bbc53888b7f

SHA512
403c8bf7ff5b43a40c30f39f7625ca338743f5fa39ddfc4ed0a18e45e3eeda07f90d28c954090149ecdb110f4f6e02970b1be77947b18ee5a8cf20b0367a9c10

Download Submit
C:\Windows\System\mFpZhar.exe

Filesize
2.0MB

MD5
2636c226128fc43a2968652cb5d4ee6f

SHA1
84ebcbe69dda2938c26d60eb19c66b76541e46cd

SHA256
961f2cc0049c137960325275d699f2e84fa389e46a96a6b64158c74b4750f9c4

SHA512
16129d2b7917007c819d2003ddfbf09f38e131b2fd6d36bf70905a3bf5b392375c6948490a7c36ce45a14bb2a9d0f629bc343430984d6ca60ad10101d7e15c73

Download Submit
C:\Windows\System\oenKsSb.exe

Filesize
2.0MB

MD5
9d223e54cf80e871942000ffaf0126fb

SHA1
40b9678d7ac6b9f9d0e0c138d1680016cec0dd97

SHA256
8f23a0640fca21f9878f51108a3c0fda7f41c05aa43843a60d50802ea5421251

SHA512
a1b13f5dbd0425677074f8c6310fc4a8b99f991403950220fe44aca26a690f46f76f625f43c81dca6366dc9f5e853f31c5826efe8a9f86e9ee4a13789b086499

Download Submit
C:\Windows\System\rWOkJSw.exe

Filesize
2.0MB

MD5
cf74048fe48ad3bd28a7aceee1a6ab6b

SHA1
0dec6ee591582c916c3b081db9c7e112e21686dd

SHA256
9f04314bd448271075dd1fb88fb37bab80f69d77258accaa12ef922e1443bfb6

SHA512
abe7c5fd9afbbf592e24c2de3ce23d73cd363083a1cff2f8137d8b6c0c3139f3d9c6e87e508ced05e395b8177e57a0d950b1678b74be01071b3f654dbf0ae951

Download Submit
C:\Windows\System\rgPGpRT.exe

Filesize
2.0MB

MD5
33833a2af53cfd5f0bce1b54ef403eee

SHA1
71f7325615e86a63f173d4b5d5ffef43b4dfd631

SHA256
1a481ffe3e2a8e1dbc359a6a5094ff21eec6865438fc586d3844c9bc2617c342

SHA512
cb53e3753b831e581881b65df0a47e84cc836ee63ee2c1f8dfa1ee4dbe19abe0e9f2f336a5fcd1d417fad76b8c423e6f8f353c6e2129133eb221fa7cf190efb1

Download Submit
C:\Windows\System\wNKcyHf.exe

Filesize
2.0MB

MD5
6d39e36117068036e78dfac54172f164

SHA1
edabf274a619adbe5049c5db1d73a24a822cc80b

SHA256
82fe93d86a730aded90ae85944d74cfb5ed6bd678b008422430ec636ff6e206d

SHA512
5323356c19aba1ce54cb849d429a3da9f92f886e5c46ebd3b706eadc49cc2e37d1d14e73494131f5179b282cb40298f9ef1d11e5033fd7cc2b4bf69bb1483e4f

Download Submit
C:\Windows\System\xTqcuLR.exe

Filesize
2.0MB

MD5
5211caa7005edbb886b33b9cd9b76d01

SHA1
3e7a50d20c5666adf13f1f1200c731ec266323d8

SHA256
b388b5163941462b38ec45b8135c245ed541389a44c5c6dd6d9ec674db9511c2

SHA512
d7f6ed991ca9e8fe6b72c19420db84d57ced16e9f3f5707a675d6dd4896bd08594400571171849a1bd9c097558d3e76efb7f2c0199c5497ee4fc25e98a28a30e

Download Submit
C:\Windows\System\zcZcAyU.exe

Filesize
2.0MB

MD5
94441e5f598dc5ae26ec0315f7cf92f3

SHA1
a0c99313aa11b98b77b3bc2723a7d7796a7f1762

SHA256
91d15970f08adad2040bfb9c39afb0f5aac46a753c24ab3acaf70e614bb7af1a

SHA512
2fd321ee84e12452be3d64c425bb493f48cfbde0351f68ab60fd5e379c496ebf0280c3f976250f51959d5f9205c0870d486bb833781d31218ef44533db078d1d

Download Submit
C:\Windows\System\zrMbzNd.exe

Filesize
2.0MB

MD5
a52d7e374cf2ebd61fe37566fb196015

SHA1
2cf0b96ced49ce4d9f0f99c336cbab65c85a1283

SHA256
76704f30f98e1f46630e3eb9a613f05f2ae939ab85c22f3607b47f545c1ab8f8

SHA512
b82e15c9dfa80d1f8065c1c73bc8b29bb013b0672fc764b0eef39dfe975988730d9e4d049bece00c809f601485d4ae25a038860ee40f3b6a757c85265195e396

Download Submit
memory/372-2074-0x00007FF6ADDC0000-0x00007FF6AE114000-memory.dmp

Filesize
3.3MB

Download
memory/372-2078-0x00007FF6ADDC0000-0x00007FF6AE114000-memory.dmp

Filesize
3.3MB

Download
memory/372-59-0x00007FF6ADDC0000-0x00007FF6AE114000-memory.dmp

Filesize
3.3MB

Download
memory/448-9-0x00007FF6E6390000-0x00007FF6E66E4000-memory.dmp

Filesize
3.3MB

Download
memory/448-2071-0x00007FF6E6390000-0x00007FF6E66E4000-memory.dmp

Filesize
3.3MB

Download
memory/448-2075-0x00007FF6E6390000-0x00007FF6E66E4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2072-0x00007FF610E00000-0x00007FF611154000-memory.dmp

Filesize
3.3MB

Download
memory/1092-19-0x00007FF610E00000-0x00007FF611154000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2076-0x00007FF610E00000-0x00007FF611154000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2098-0x00007FF79C320000-0x00007FF79C674000-memory.dmp

Filesize
3.3MB

Download
memory/1168-187-0x00007FF79C320000-0x00007FF79C674000-memory.dmp

Filesize
3.3MB

Download
memory/1236-182-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp

Filesize
3.3MB

Download
memory/1236-2086-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2070-0x00007FF674E70000-0x00007FF6751C4000-memory.dmp

Filesize
3.3MB

Download
memory/1484-1-0x000001F1F2E00000-0x000001F1F2E10000-memory.dmp

Filesize
64KB

Download
memory/1484-0-0x00007FF674E70000-0x00007FF6751C4000-memory.dmp

Filesize
3.3MB

Download
memory/1540-200-0x00007FF73DB30000-0x00007FF73DE84000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2080-0x00007FF73DB30000-0x00007FF73DE84000-memory.dmp

Filesize
3.3MB

Download
memory/2092-181-0x00007FF770770000-0x00007FF770AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2079-0x00007FF770770000-0x00007FF770AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-177-0x00007FF65A710000-0x00007FF65AA64000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2087-0x00007FF65A710000-0x00007FF65AA64000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2090-0x00007FF71C470000-0x00007FF71C7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-184-0x00007FF71C470000-0x00007FF71C7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3124-178-0x00007FF73CEE0000-0x00007FF73D234000-memory.dmp

Filesize
3.3MB

Download
memory/3124-2088-0x00007FF73CEE0000-0x00007FF73D234000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2091-0x00007FF66C270000-0x00007FF66C5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-193-0x00007FF66C270000-0x00007FF66C5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3224-188-0x00007FF75BEA0000-0x00007FF75C1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3224-2097-0x00007FF75BEA0000-0x00007FF75C1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2095-0x00007FF6B0F60000-0x00007FF6B12B4000-memory.dmp

Filesize
3.3MB

Download
memory/3592-190-0x00007FF6B0F60000-0x00007FF6B12B4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-196-0x00007FF658C10000-0x00007FF658F64000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2099-0x00007FF658C10000-0x00007FF658F64000-memory.dmp

Filesize
3.3MB

Download
memory/3832-199-0x00007FF651160000-0x00007FF6514B4000-memory.dmp

Filesize
3.3MB

Download
memory/3832-2085-0x00007FF651160000-0x00007FF6514B4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2093-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp

Filesize
3.3MB

Download
memory/3884-192-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp

Filesize
3.3MB

Download
memory/4172-194-0x00007FF658DA0000-0x00007FF6590F4000-memory.dmp

Filesize
3.3MB

Download
memory/4172-2101-0x00007FF658DA0000-0x00007FF6590F4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-159-0x00007FF728890000-0x00007FF728BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2083-0x00007FF728890000-0x00007FF728BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2103-0x00007FF69AC80000-0x00007FF69AFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-185-0x00007FF69AC80000-0x00007FF69AFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2100-0x00007FF6B2C00000-0x00007FF6B2F54000-memory.dmp

Filesize
3.3MB

Download
memory/4604-197-0x00007FF6B2C00000-0x00007FF6B2F54000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2082-0x00007FF76DC30000-0x00007FF76DF84000-memory.dmp

Filesize
3.3MB

Download
memory/4740-198-0x00007FF76DC30000-0x00007FF76DF84000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2077-0x00007FF720B00000-0x00007FF720E54000-memory.dmp

Filesize
3.3MB

Download
memory/5048-26-0x00007FF720B00000-0x00007FF720E54000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2073-0x00007FF720B00000-0x00007FF720E54000-memory.dmp

Filesize
3.3MB

Download
memory/5112-186-0x00007FF6C6FC0000-0x00007FF6C7314000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2096-0x00007FF6C6FC0000-0x00007FF6C7314000-memory.dmp

Filesize
3.3MB

Download
memory/5200-167-0x00007FF6AAD20000-0x00007FF6AB074000-memory.dmp

Filesize
3.3MB

Download
memory/5200-2084-0x00007FF6AAD20000-0x00007FF6AB074000-memory.dmp

Filesize
3.3MB

Download
memory/5240-180-0x00007FF754330000-0x00007FF754684000-memory.dmp

Filesize
3.3MB

Download
memory/5240-2081-0x00007FF754330000-0x00007FF754684000-memory.dmp

Filesize
3.3MB

Download
memory/5276-195-0x00007FF716930000-0x00007FF716C84000-memory.dmp

Filesize
3.3MB

Download
memory/5276-2102-0x00007FF716930000-0x00007FF716C84000-memory.dmp

Filesize
3.3MB

Download
memory/5332-2094-0x00007FF7DC9A0000-0x00007FF7DCCF4000-memory.dmp

Filesize
3.3MB

Download
memory/5332-189-0x00007FF7DC9A0000-0x00007FF7DCCF4000-memory.dmp

Filesize
3.3MB

Download
memory/5440-191-0x00007FF692C10000-0x00007FF692F64000-memory.dmp

Filesize
3.3MB

Download
memory/5440-2092-0x00007FF692C10000-0x00007FF692F64000-memory.dmp

Filesize
3.3MB

Download
memory/5684-2089-0x00007FF725460000-0x00007FF7257B4000-memory.dmp

Filesize
3.3MB

Download
memory/5684-183-0x00007FF725460000-0x00007FF7257B4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads