xmrig | 297f36e8bcc29d7ec6e75e1acf69abd745bcab5d5085763f058c99acab66e205

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
Size

2.4MB
MD5

0e25200a80c509de4749d7ebda9e11c0
SHA1

2b6f92bc167bd6c76c15ea3deb39f6b7e802d90a
SHA256

297f36e8bcc29d7ec6e75e1acf69abd745bcab5d5085763f058c99acab66e205
SHA512

6ba7883e3f4d3a4ec79cc2b3ed8896cc9ed98b653e7a496dc5b7b991d9a1e0da58c2bcc3e6cf2992f09a981bf67b0fdb64b5e95839f5a3904f4c9be6a1676238
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+ABcYHM0NaLL1DUa:BemTLkNdfE0pZrn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3520-0-0x00007FF76C260000-0x00007FF76C5B4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023409-5.dat	xmrig
behavioral2/files/0x000700000002340b-7.dat	xmrig
behavioral2/files/0x000700000002340f-39.dat	xmrig
behavioral2/files/0x0007000000023412-55.dat	xmrig
behavioral2/files/0x0007000000023411-59.dat	xmrig
behavioral2/files/0x0007000000023414-68.dat	xmrig
behavioral2/files/0x0007000000023419-91.dat	xmrig
behavioral2/files/0x0007000000023418-105.dat	xmrig
behavioral2/files/0x000700000002341d-122.dat	xmrig
behavioral2/memory/2776-135-0x00007FF7290F0000-0x00007FF729444000-memory.dmp	xmrig
behavioral2/memory/1700-139-0x00007FF6B2160000-0x00007FF6B24B4000-memory.dmp	xmrig
behavioral2/memory/4964-143-0x00007FF786B20000-0x00007FF786E74000-memory.dmp	xmrig
behavioral2/memory/3928-146-0x00007FF671CF0000-0x00007FF672044000-memory.dmp	xmrig
behavioral2/memory/4820-145-0x00007FF7513A0000-0x00007FF7516F4000-memory.dmp	xmrig
behavioral2/memory/232-144-0x00007FF73DBB0000-0x00007FF73DF04000-memory.dmp	xmrig
behavioral2/memory/64-142-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp	xmrig
behavioral2/memory/4232-141-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp	xmrig
behavioral2/memory/4652-140-0x00007FF6EE520000-0x00007FF6EE874000-memory.dmp	xmrig
behavioral2/memory/1468-138-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp	xmrig
behavioral2/memory/1624-137-0x00007FF7D0E70000-0x00007FF7D11C4000-memory.dmp	xmrig
behavioral2/memory/4720-136-0x00007FF652260000-0x00007FF6525B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-133.dat	xmrig
behavioral2/files/0x0007000000023416-131.dat	xmrig
behavioral2/memory/2008-130-0x00007FF6A0530000-0x00007FF6A0884000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-128.dat	xmrig
behavioral2/files/0x000700000002341f-126.dat	xmrig
behavioral2/files/0x000700000002341e-124.dat	xmrig
behavioral2/files/0x000700000002341b-120.dat	xmrig
behavioral2/memory/3288-119-0x00007FF755E00000-0x00007FF756154000-memory.dmp	xmrig
behavioral2/memory/4248-118-0x00007FF601DC0000-0x00007FF602114000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-114.dat	xmrig
behavioral2/files/0x0007000000023417-96.dat	xmrig
behavioral2/memory/4572-81-0x00007FF68C810000-0x00007FF68CB64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-78.dat	xmrig
behavioral2/files/0x0007000000023413-70.dat	xmrig
behavioral2/memory/3016-56-0x00007FF6669E0000-0x00007FF666D34000-memory.dmp	xmrig
behavioral2/memory/1560-54-0x00007FF7F9D70000-0x00007FF7FA0C4000-memory.dmp	xmrig
behavioral2/memory/1236-52-0x00007FF62BE60000-0x00007FF62C1B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-46.dat	xmrig
behavioral2/memory/1332-44-0x00007FF6B8490000-0x00007FF6B87E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-41.dat	xmrig
behavioral2/files/0x000700000002340e-35.dat	xmrig
behavioral2/files/0x000700000002340d-34.dat	xmrig
behavioral2/memory/3472-31-0x00007FF79FCB0000-0x00007FF7A0004000-memory.dmp	xmrig
behavioral2/memory/4336-26-0x00007FF713160000-0x00007FF7134B4000-memory.dmp	xmrig
behavioral2/memory/2512-17-0x00007FF708E70000-0x00007FF7091C4000-memory.dmp	xmrig
behavioral2/files/0x000800000002340a-19.dat	xmrig
behavioral2/memory/1564-11-0x00007FF727BA0000-0x00007FF727EF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-149.dat	xmrig
behavioral2/files/0x0009000000023400-152.dat	xmrig
behavioral2/memory/1084-159-0x00007FF77D410000-0x00007FF77D764000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-174.dat	xmrig
behavioral2/files/0x0007000000023422-182.dat	xmrig
behavioral2/files/0x0007000000023429-193.dat	xmrig
behavioral2/memory/3712-188-0x00007FF6D5B80000-0x00007FF6D5ED4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-187.dat	xmrig
behavioral2/memory/5056-178-0x00007FF6656E0000-0x00007FF665A34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-175.dat	xmrig
behavioral2/files/0x0007000000023427-186.dat	xmrig
behavioral2/files/0x0007000000023423-181.dat	xmrig
behavioral2/memory/4888-172-0x00007FF7B7940000-0x00007FF7B7C94000-memory.dmp	xmrig
behavioral2/memory/912-166-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-173.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1564	eYcDuyw.exe
2512	UzFWzYL.exe
4336	NywNeIN.exe
1332	vVGIzSh.exe
3472	SObOmqz.exe
3016	jskZxnR.exe
1236	gvArVMD.exe
1560	atrQMaK.exe
4572	sDfynlD.exe
4248	wapIZtn.exe
4820	myCsNRt.exe
3288	movFxdP.exe
2008	wRSnfVC.exe
3928	RkAmTIB.exe
2776	NxfGxkM.exe
4720	gynIcae.exe
1624	yefkNVU.exe
1468	SvbTiAl.exe
1700	iGmKgyZ.exe
4652	isbfwSA.exe
4232	UxYMhzH.exe
64	LZVudSQ.exe
4964	cGIeLmi.exe
232	tLKPYCw.exe
1084	txdPtZC.exe
4888	TRMlqOT.exe
5056	yPlNZcg.exe
912	vDLaIss.exe
3712	jPrxSwJ.exe
1508	MzMvohv.exe
1428	kJfZJca.exe
2696	ROIvZRN.exe
3476	KNXSHoz.exe
1204	NPsdbTz.exe
1012	axgrQls.exe
3328	ozCwsSi.exe
4512	lHVDzFP.exe
4032	TXUgKIQ.exe
1740	jGxGXPe.exe
3220	hQkinHI.exe
2092	gigMzMc.exe
4312	AqWPZND.exe
2912	TosqNLl.exe
4300	YTQRmgh.exe
2736	YAjeqXS.exe
936	VSWksTz.exe
1224	xXVpdBf.exe
1608	xVesmlT.exe
2604	Sleuawm.exe
4784	QdXKsBB.exe
2980	fzlUjEH.exe
1784	mwfttmn.exe
3364	fYvJUGi.exe
1876	SHYCDET.exe
756	ivhYOta.exe
1532	VmoHRrz.exe
1840	fVHCyKr.exe
5016	DLPDdWJ.exe
3980	wjOXshy.exe
928	iDPebdT.exe
1004	LpozNqZ.exe
4580	dzuIDCA.exe
1652	yfFgPRt.exe
4068	zxZTfLO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3520-0-0x00007FF76C260000-0x00007FF76C5B4000-memory.dmp	upx
behavioral2/files/0x0009000000023409-5.dat	upx
behavioral2/files/0x000700000002340b-7.dat	upx
behavioral2/files/0x000700000002340f-39.dat	upx
behavioral2/files/0x0007000000023412-55.dat	upx
behavioral2/files/0x0007000000023411-59.dat	upx
behavioral2/files/0x0007000000023414-68.dat	upx
behavioral2/files/0x0007000000023419-91.dat	upx
behavioral2/files/0x0007000000023418-105.dat	upx
behavioral2/files/0x000700000002341d-122.dat	upx
behavioral2/memory/2776-135-0x00007FF7290F0000-0x00007FF729444000-memory.dmp	upx
behavioral2/memory/1700-139-0x00007FF6B2160000-0x00007FF6B24B4000-memory.dmp	upx
behavioral2/memory/4964-143-0x00007FF786B20000-0x00007FF786E74000-memory.dmp	upx
behavioral2/memory/3928-146-0x00007FF671CF0000-0x00007FF672044000-memory.dmp	upx
behavioral2/memory/4820-145-0x00007FF7513A0000-0x00007FF7516F4000-memory.dmp	upx
behavioral2/memory/232-144-0x00007FF73DBB0000-0x00007FF73DF04000-memory.dmp	upx
behavioral2/memory/64-142-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp	upx
behavioral2/memory/4232-141-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp	upx
behavioral2/memory/4652-140-0x00007FF6EE520000-0x00007FF6EE874000-memory.dmp	upx
behavioral2/memory/1468-138-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp	upx
behavioral2/memory/1624-137-0x00007FF7D0E70000-0x00007FF7D11C4000-memory.dmp	upx
behavioral2/memory/4720-136-0x00007FF652260000-0x00007FF6525B4000-memory.dmp	upx
behavioral2/files/0x0007000000023420-133.dat	upx
behavioral2/files/0x0007000000023416-131.dat	upx
behavioral2/memory/2008-130-0x00007FF6A0530000-0x00007FF6A0884000-memory.dmp	upx
behavioral2/files/0x000700000002341c-128.dat	upx
behavioral2/files/0x000700000002341f-126.dat	upx
behavioral2/files/0x000700000002341e-124.dat	upx
behavioral2/files/0x000700000002341b-120.dat	upx
behavioral2/memory/3288-119-0x00007FF755E00000-0x00007FF756154000-memory.dmp	upx
behavioral2/memory/4248-118-0x00007FF601DC0000-0x00007FF602114000-memory.dmp	upx
behavioral2/files/0x000700000002341a-114.dat	upx
behavioral2/files/0x0007000000023417-96.dat	upx
behavioral2/memory/4572-81-0x00007FF68C810000-0x00007FF68CB64000-memory.dmp	upx
behavioral2/files/0x0007000000023415-78.dat	upx
behavioral2/files/0x0007000000023413-70.dat	upx
behavioral2/memory/3016-56-0x00007FF6669E0000-0x00007FF666D34000-memory.dmp	upx
behavioral2/memory/1560-54-0x00007FF7F9D70000-0x00007FF7FA0C4000-memory.dmp	upx
behavioral2/memory/1236-52-0x00007FF62BE60000-0x00007FF62C1B4000-memory.dmp	upx
behavioral2/files/0x000700000002340c-46.dat	upx
behavioral2/memory/1332-44-0x00007FF6B8490000-0x00007FF6B87E4000-memory.dmp	upx
behavioral2/files/0x0007000000023410-41.dat	upx
behavioral2/files/0x000700000002340e-35.dat	upx
behavioral2/files/0x000700000002340d-34.dat	upx
behavioral2/memory/3472-31-0x00007FF79FCB0000-0x00007FF7A0004000-memory.dmp	upx
behavioral2/memory/4336-26-0x00007FF713160000-0x00007FF7134B4000-memory.dmp	upx
behavioral2/memory/2512-17-0x00007FF708E70000-0x00007FF7091C4000-memory.dmp	upx
behavioral2/files/0x000800000002340a-19.dat	upx
behavioral2/memory/1564-11-0x00007FF727BA0000-0x00007FF727EF4000-memory.dmp	upx
behavioral2/files/0x0007000000023421-149.dat	upx
behavioral2/files/0x0009000000023400-152.dat	upx
behavioral2/memory/1084-159-0x00007FF77D410000-0x00007FF77D764000-memory.dmp	upx
behavioral2/files/0x0007000000023425-174.dat	upx
behavioral2/files/0x0007000000023422-182.dat	upx
behavioral2/files/0x0007000000023429-193.dat	upx
behavioral2/memory/3712-188-0x00007FF6D5B80000-0x00007FF6D5ED4000-memory.dmp	upx
behavioral2/files/0x0007000000023428-187.dat	upx
behavioral2/memory/5056-178-0x00007FF6656E0000-0x00007FF665A34000-memory.dmp	upx
behavioral2/files/0x0007000000023426-175.dat	upx
behavioral2/files/0x0007000000023427-186.dat	upx
behavioral2/files/0x0007000000023423-181.dat	upx
behavioral2/memory/4888-172-0x00007FF7B7940000-0x00007FF7B7C94000-memory.dmp	upx
behavioral2/memory/912-166-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp	upx
behavioral2/files/0x0007000000023424-173.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\durVJxW.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\UKXceNc.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\mjXRhbU.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\koeOMVD.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\OWKfKwx.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\sVTaMAQ.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\sIkGmEQ.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\vRAJWIE.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\qnrzLMe.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\hvCiUYy.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\osAGeXh.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\YzdJeQQ.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\QnCPcfZ.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\OTqdxiF.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\fpPhDVa.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\xNHqFAx.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\KHuyzXN.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\DfDupUr.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\XOWhJTB.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\wbrrNpU.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\oENvYqK.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\CNkmEoS.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\burcIEx.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\LAeSJQt.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\CZjUwmv.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\WkdPbvy.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\wjOXshy.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\doYNrJW.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\YqjnFtx.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\dGhrhUQ.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\NIoCPec.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\AbobUgJ.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\LfEADCY.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\JDRCyHC.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\EyIuKya.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\qHaCmTC.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\qRLDIOI.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\UFhnTWu.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\itMrJjY.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\jLxXxel.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\yHArpUM.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\NxfGxkM.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\chISYld.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\LFPtnph.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\eahiTKm.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\ocVoDJm.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\gbvbMIw.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\VvWJFQd.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\RnRItBh.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\ttFWMkM.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\TXjsicR.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\MtpDcKK.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\cTxAahv.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\qEfFgEC.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\LtVkgUl.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\RfMApHH.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\ImDyoiw.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\zElTYbG.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\SAPSMRB.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\TMeWAGY.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\MmmaVsi.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\wRSnfVC.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\inwXKdc.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
File created	C:\Windows\System\KCwdcKs.exe	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14876	dwm.exe
Token: SeChangeNotifyPrivilege	14876	dwm.exe
Token: 33	14876	dwm.exe
Token: SeIncBasePriorityPrivilege	14876	dwm.exe
Token: SeShutdownPrivilege	14876	dwm.exe
Token: SeCreatePagefilePrivilege	14876	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 1564	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	83
PID 3520 wrote to memory of 1564	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	83
PID 3520 wrote to memory of 2512	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	84
PID 3520 wrote to memory of 2512	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	84
PID 3520 wrote to memory of 4336	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	85
PID 3520 wrote to memory of 4336	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	85
PID 3520 wrote to memory of 1332	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	86
PID 3520 wrote to memory of 1332	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	86
PID 3520 wrote to memory of 3472	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	87
PID 3520 wrote to memory of 3472	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	87
PID 3520 wrote to memory of 3016	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	88
PID 3520 wrote to memory of 3016	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	88
PID 3520 wrote to memory of 1236	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	89
PID 3520 wrote to memory of 1236	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	89
PID 3520 wrote to memory of 1560	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	90
PID 3520 wrote to memory of 1560	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	90
PID 3520 wrote to memory of 4572	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	91
PID 3520 wrote to memory of 4572	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	91
PID 3520 wrote to memory of 4248	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	92
PID 3520 wrote to memory of 4248	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	92
PID 3520 wrote to memory of 4820	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	93
PID 3520 wrote to memory of 4820	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	93
PID 3520 wrote to memory of 3288	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	94
PID 3520 wrote to memory of 3288	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	94
PID 3520 wrote to memory of 2008	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	95
PID 3520 wrote to memory of 2008	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	95
PID 3520 wrote to memory of 4964	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	96
PID 3520 wrote to memory of 4964	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	96
PID 3520 wrote to memory of 3928	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	97
PID 3520 wrote to memory of 3928	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	97
PID 3520 wrote to memory of 2776	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	98
PID 3520 wrote to memory of 2776	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	98
PID 3520 wrote to memory of 4720	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	99
PID 3520 wrote to memory of 4720	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	99
PID 3520 wrote to memory of 1624	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	100
PID 3520 wrote to memory of 1624	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	100
PID 3520 wrote to memory of 1468	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	101
PID 3520 wrote to memory of 1468	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	101
PID 3520 wrote to memory of 1700	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	102
PID 3520 wrote to memory of 1700	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	102
PID 3520 wrote to memory of 4652	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	103
PID 3520 wrote to memory of 4652	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	103
PID 3520 wrote to memory of 4232	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	104
PID 3520 wrote to memory of 4232	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	104
PID 3520 wrote to memory of 64	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	105
PID 3520 wrote to memory of 64	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	105
PID 3520 wrote to memory of 232	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	106
PID 3520 wrote to memory of 232	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	106
PID 3520 wrote to memory of 1084	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	107
PID 3520 wrote to memory of 1084	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	107
PID 3520 wrote to memory of 4888	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	108
PID 3520 wrote to memory of 4888	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	108
PID 3520 wrote to memory of 3712	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	109
PID 3520 wrote to memory of 3712	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	109
PID 3520 wrote to memory of 5056	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	110
PID 3520 wrote to memory of 5056	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	110
PID 3520 wrote to memory of 912	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	111
PID 3520 wrote to memory of 912	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	111
PID 3520 wrote to memory of 1508	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	112
PID 3520 wrote to memory of 1508	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	112
PID 3520 wrote to memory of 1428	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	113
PID 3520 wrote to memory of 1428	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	113
PID 3520 wrote to memory of 2696	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	114
PID 3520 wrote to memory of 2696	3520	0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\System\eYcDuyw.exe
  C:\Windows\System\eYcDuyw.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\UzFWzYL.exe
  C:\Windows\System\UzFWzYL.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\NywNeIN.exe
  C:\Windows\System\NywNeIN.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\vVGIzSh.exe
  C:\Windows\System\vVGIzSh.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\SObOmqz.exe
  C:\Windows\System\SObOmqz.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\jskZxnR.exe
  C:\Windows\System\jskZxnR.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\gvArVMD.exe
  C:\Windows\System\gvArVMD.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\atrQMaK.exe
  C:\Windows\System\atrQMaK.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\sDfynlD.exe
  C:\Windows\System\sDfynlD.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\wapIZtn.exe
  C:\Windows\System\wapIZtn.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\myCsNRt.exe
  C:\Windows\System\myCsNRt.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\movFxdP.exe
  C:\Windows\System\movFxdP.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\wRSnfVC.exe
  C:\Windows\System\wRSnfVC.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\cGIeLmi.exe
  C:\Windows\System\cGIeLmi.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\RkAmTIB.exe
  C:\Windows\System\RkAmTIB.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\NxfGxkM.exe
  C:\Windows\System\NxfGxkM.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\gynIcae.exe
  C:\Windows\System\gynIcae.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\yefkNVU.exe
  C:\Windows\System\yefkNVU.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\SvbTiAl.exe
  C:\Windows\System\SvbTiAl.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\iGmKgyZ.exe
  C:\Windows\System\iGmKgyZ.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\isbfwSA.exe
  C:\Windows\System\isbfwSA.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\UxYMhzH.exe
  C:\Windows\System\UxYMhzH.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\LZVudSQ.exe
  C:\Windows\System\LZVudSQ.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\tLKPYCw.exe
  C:\Windows\System\tLKPYCw.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\txdPtZC.exe
  C:\Windows\System\txdPtZC.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\TRMlqOT.exe
  C:\Windows\System\TRMlqOT.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\jPrxSwJ.exe
  C:\Windows\System\jPrxSwJ.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\yPlNZcg.exe
  C:\Windows\System\yPlNZcg.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\vDLaIss.exe
  C:\Windows\System\vDLaIss.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\MzMvohv.exe
  C:\Windows\System\MzMvohv.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\kJfZJca.exe
  C:\Windows\System\kJfZJca.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\ROIvZRN.exe
  C:\Windows\System\ROIvZRN.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\KNXSHoz.exe
  C:\Windows\System\KNXSHoz.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\NPsdbTz.exe
  C:\Windows\System\NPsdbTz.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\axgrQls.exe
  C:\Windows\System\axgrQls.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\ozCwsSi.exe
  C:\Windows\System\ozCwsSi.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\lHVDzFP.exe
  C:\Windows\System\lHVDzFP.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\TXUgKIQ.exe
  C:\Windows\System\TXUgKIQ.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\jGxGXPe.exe
  C:\Windows\System\jGxGXPe.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\hQkinHI.exe
  C:\Windows\System\hQkinHI.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\gigMzMc.exe
  C:\Windows\System\gigMzMc.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\AqWPZND.exe
  C:\Windows\System\AqWPZND.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\TosqNLl.exe
  C:\Windows\System\TosqNLl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\YTQRmgh.exe
  C:\Windows\System\YTQRmgh.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\YAjeqXS.exe
  C:\Windows\System\YAjeqXS.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\VSWksTz.exe
  C:\Windows\System\VSWksTz.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\xXVpdBf.exe
  C:\Windows\System\xXVpdBf.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\xVesmlT.exe
  C:\Windows\System\xVesmlT.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\Sleuawm.exe
  C:\Windows\System\Sleuawm.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\QdXKsBB.exe
  C:\Windows\System\QdXKsBB.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\fzlUjEH.exe
  C:\Windows\System\fzlUjEH.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\mwfttmn.exe
  C:\Windows\System\mwfttmn.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\fYvJUGi.exe
  C:\Windows\System\fYvJUGi.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\SHYCDET.exe
  C:\Windows\System\SHYCDET.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ivhYOta.exe
  C:\Windows\System\ivhYOta.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\VmoHRrz.exe
  C:\Windows\System\VmoHRrz.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\fVHCyKr.exe
  C:\Windows\System\fVHCyKr.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\DLPDdWJ.exe
  C:\Windows\System\DLPDdWJ.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\wjOXshy.exe
  C:\Windows\System\wjOXshy.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\iDPebdT.exe
  C:\Windows\System\iDPebdT.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\LpozNqZ.exe
  C:\Windows\System\LpozNqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\dzuIDCA.exe
  C:\Windows\System\dzuIDCA.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\yfFgPRt.exe
  C:\Windows\System\yfFgPRt.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\zxZTfLO.exe
  C:\Windows\System\zxZTfLO.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\DgzkKGU.exe
  C:\Windows\System\DgzkKGU.exe
  2⤵
  PID:4508
- C:\Windows\System\AqymRdW.exe
  C:\Windows\System\AqymRdW.exe
  2⤵
  PID:5008
- C:\Windows\System\koeOMVD.exe
  C:\Windows\System\koeOMVD.exe
  2⤵
  PID:4672
- C:\Windows\System\mLsyGap.exe
  C:\Windows\System\mLsyGap.exe
  2⤵
  PID:1072
- C:\Windows\System\szlQNuN.exe
  C:\Windows\System\szlQNuN.exe
  2⤵
  PID:4048
- C:\Windows\System\AkNKcJp.exe
  C:\Windows\System\AkNKcJp.exe
  2⤵
  PID:3564
- C:\Windows\System\durVJxW.exe
  C:\Windows\System\durVJxW.exe
  2⤵
  PID:1680
- C:\Windows\System\oytDKIz.exe
  C:\Windows\System\oytDKIz.exe
  2⤵
  PID:3936
- C:\Windows\System\dgjmNwo.exe
  C:\Windows\System\dgjmNwo.exe
  2⤵
  PID:4244
- C:\Windows\System\SfvzrWP.exe
  C:\Windows\System\SfvzrWP.exe
  2⤵
  PID:3256
- C:\Windows\System\cmfrlyq.exe
  C:\Windows\System\cmfrlyq.exe
  2⤵
  PID:5096
- C:\Windows\System\KHuyzXN.exe
  C:\Windows\System\KHuyzXN.exe
  2⤵
  PID:1100
- C:\Windows\System\VHapfMx.exe
  C:\Windows\System\VHapfMx.exe
  2⤵
  PID:1028
- C:\Windows\System\QmUuftR.exe
  C:\Windows\System\QmUuftR.exe
  2⤵
  PID:3880
- C:\Windows\System\AbChSNS.exe
  C:\Windows\System\AbChSNS.exe
  2⤵
  PID:3500
- C:\Windows\System\katQyLV.exe
  C:\Windows\System\katQyLV.exe
  2⤵
  PID:1512
- C:\Windows\System\LdlMOgl.exe
  C:\Windows\System\LdlMOgl.exe
  2⤵
  PID:4228
- C:\Windows\System\obQiauX.exe
  C:\Windows\System\obQiauX.exe
  2⤵
  PID:4196
- C:\Windows\System\IMfoBEW.exe
  C:\Windows\System\IMfoBEW.exe
  2⤵
  PID:4608
- C:\Windows\System\NixBeJK.exe
  C:\Windows\System\NixBeJK.exe
  2⤵
  PID:1076
- C:\Windows\System\xKIFAZA.exe
  C:\Windows\System\xKIFAZA.exe
  2⤵
  PID:2272
- C:\Windows\System\vUEgbnG.exe
  C:\Windows\System\vUEgbnG.exe
  2⤵
  PID:4780
- C:\Windows\System\fpMUYSj.exe
  C:\Windows\System\fpMUYSj.exe
  2⤵
  PID:448
- C:\Windows\System\KebTwfV.exe
  C:\Windows\System\KebTwfV.exe
  2⤵
  PID:4368
- C:\Windows\System\lWpzyHG.exe
  C:\Windows\System\lWpzyHG.exe
  2⤵
  PID:2672
- C:\Windows\System\cseCQUE.exe
  C:\Windows\System\cseCQUE.exe
  2⤵
  PID:2892
- C:\Windows\System\kMAvluj.exe
  C:\Windows\System\kMAvluj.exe
  2⤵
  PID:4564
- C:\Windows\System\QbYjOQy.exe
  C:\Windows\System\QbYjOQy.exe
  2⤵
  PID:536
- C:\Windows\System\WrxvaiX.exe
  C:\Windows\System\WrxvaiX.exe
  2⤵
  PID:3976
- C:\Windows\System\ePcTHTm.exe
  C:\Windows\System\ePcTHTm.exe
  2⤵
  PID:4920
- C:\Windows\System\RXYoCPn.exe
  C:\Windows\System\RXYoCPn.exe
  2⤵
  PID:3052
- C:\Windows\System\xcMqtrs.exe
  C:\Windows\System\xcMqtrs.exe
  2⤵
  PID:5156
- C:\Windows\System\FJyEqKA.exe
  C:\Windows\System\FJyEqKA.exe
  2⤵
  PID:5184
- C:\Windows\System\cenzxqw.exe
  C:\Windows\System\cenzxqw.exe
  2⤵
  PID:5208
- C:\Windows\System\rLXKuYR.exe
  C:\Windows\System\rLXKuYR.exe
  2⤵
  PID:5236
- C:\Windows\System\IqvHhKH.exe
  C:\Windows\System\IqvHhKH.exe
  2⤵
  PID:5264
- C:\Windows\System\TzvQLxx.exe
  C:\Windows\System\TzvQLxx.exe
  2⤵
  PID:5292
- C:\Windows\System\mXQxjjA.exe
  C:\Windows\System\mXQxjjA.exe
  2⤵
  PID:5308
- C:\Windows\System\EQmGnLU.exe
  C:\Windows\System\EQmGnLU.exe
  2⤵
  PID:5332
- C:\Windows\System\yamiMer.exe
  C:\Windows\System\yamiMer.exe
  2⤵
  PID:5356
- C:\Windows\System\ohOrJyb.exe
  C:\Windows\System\ohOrJyb.exe
  2⤵
  PID:5388
- C:\Windows\System\eaXVJin.exe
  C:\Windows\System\eaXVJin.exe
  2⤵
  PID:5420
- C:\Windows\System\tLbZynK.exe
  C:\Windows\System\tLbZynK.exe
  2⤵
  PID:5448
- C:\Windows\System\LtVkgUl.exe
  C:\Windows\System\LtVkgUl.exe
  2⤵
  PID:5476
- C:\Windows\System\DfDupUr.exe
  C:\Windows\System\DfDupUr.exe
  2⤵
  PID:5496
- C:\Windows\System\chISYld.exe
  C:\Windows\System\chISYld.exe
  2⤵
  PID:5536
- C:\Windows\System\NmnGXAp.exe
  C:\Windows\System\NmnGXAp.exe
  2⤵
  PID:5564
- C:\Windows\System\NJXSFMD.exe
  C:\Windows\System\NJXSFMD.exe
  2⤵
  PID:5584
- C:\Windows\System\XsFruvS.exe
  C:\Windows\System\XsFruvS.exe
  2⤵
  PID:5612
- C:\Windows\System\IaxFUcJ.exe
  C:\Windows\System\IaxFUcJ.exe
  2⤵
  PID:5648
- C:\Windows\System\EJVDmhi.exe
  C:\Windows\System\EJVDmhi.exe
  2⤵
  PID:5664
- C:\Windows\System\uDqKjit.exe
  C:\Windows\System\uDqKjit.exe
  2⤵
  PID:5700
- C:\Windows\System\mRLjmtC.exe
  C:\Windows\System\mRLjmtC.exe
  2⤵
  PID:5720
- C:\Windows\System\OKIvmUP.exe
  C:\Windows\System\OKIvmUP.exe
  2⤵
  PID:5748
- C:\Windows\System\qlqFNUc.exe
  C:\Windows\System\qlqFNUc.exe
  2⤵
  PID:5788
- C:\Windows\System\XOWhJTB.exe
  C:\Windows\System\XOWhJTB.exe
  2⤵
  PID:5812
- C:\Windows\System\aQsqHTr.exe
  C:\Windows\System\aQsqHTr.exe
  2⤵
  PID:5844
- C:\Windows\System\JWvMsYR.exe
  C:\Windows\System\JWvMsYR.exe
  2⤵
  PID:5872
- C:\Windows\System\dsuFNKo.exe
  C:\Windows\System\dsuFNKo.exe
  2⤵
  PID:5900
- C:\Windows\System\EdcGkow.exe
  C:\Windows\System\EdcGkow.exe
  2⤵
  PID:5932
- C:\Windows\System\wmHpbfZ.exe
  C:\Windows\System\wmHpbfZ.exe
  2⤵
  PID:5968
- C:\Windows\System\zhIabDC.exe
  C:\Windows\System\zhIabDC.exe
  2⤵
  PID:5996
- C:\Windows\System\UFhnTWu.exe
  C:\Windows\System\UFhnTWu.exe
  2⤵
  PID:6012
- C:\Windows\System\YOUurZV.exe
  C:\Windows\System\YOUurZV.exe
  2⤵
  PID:6036
- C:\Windows\System\TsvOyRC.exe
  C:\Windows\System\TsvOyRC.exe
  2⤵
  PID:6068
- C:\Windows\System\ljBYyOl.exe
  C:\Windows\System\ljBYyOl.exe
  2⤵
  PID:6096
- C:\Windows\System\bzSHtaW.exe
  C:\Windows\System\bzSHtaW.exe
  2⤵
  PID:6124
- C:\Windows\System\PStBpXn.exe
  C:\Windows\System\PStBpXn.exe
  2⤵
  PID:3420
- C:\Windows\System\vLJYqbe.exe
  C:\Windows\System\vLJYqbe.exe
  2⤵
  PID:5172
- C:\Windows\System\AgaToxK.exe
  C:\Windows\System\AgaToxK.exe
  2⤵
  PID:5248
- C:\Windows\System\GqudVFP.exe
  C:\Windows\System\GqudVFP.exe
  2⤵
  PID:5300
- C:\Windows\System\SNwomCI.exe
  C:\Windows\System\SNwomCI.exe
  2⤵
  PID:5352
- C:\Windows\System\dpPHHKO.exe
  C:\Windows\System\dpPHHKO.exe
  2⤵
  PID:5440
- C:\Windows\System\lPuEQea.exe
  C:\Windows\System\lPuEQea.exe
  2⤵
  PID:5524
- C:\Windows\System\GjBWsPT.exe
  C:\Windows\System\GjBWsPT.exe
  2⤵
  PID:5548
- C:\Windows\System\UTBEZmc.exe
  C:\Windows\System\UTBEZmc.exe
  2⤵
  PID:5660
- C:\Windows\System\iPDTNnb.exe
  C:\Windows\System\iPDTNnb.exe
  2⤵
  PID:5716
- C:\Windows\System\KXUqbfB.exe
  C:\Windows\System\KXUqbfB.exe
  2⤵
  PID:5768
- C:\Windows\System\aCruyRR.exe
  C:\Windows\System\aCruyRR.exe
  2⤵
  PID:5832
- C:\Windows\System\UtwaHyK.exe
  C:\Windows\System\UtwaHyK.exe
  2⤵
  PID:5924
- C:\Windows\System\VfsJlJC.exe
  C:\Windows\System\VfsJlJC.exe
  2⤵
  PID:5964
- C:\Windows\System\gtSyCrV.exe
  C:\Windows\System\gtSyCrV.exe
  2⤵
  PID:6032
- C:\Windows\System\fHQBynu.exe
  C:\Windows\System\fHQBynu.exe
  2⤵
  PID:6108
- C:\Windows\System\aZTmCeB.exe
  C:\Windows\System\aZTmCeB.exe
  2⤵
  PID:5164
- C:\Windows\System\yyOuvNE.exe
  C:\Windows\System\yyOuvNE.exe
  2⤵
  PID:5288
- C:\Windows\System\QofSRgj.exe
  C:\Windows\System\QofSRgj.exe
  2⤵
  PID:5504
- C:\Windows\System\KZTYcIk.exe
  C:\Windows\System\KZTYcIk.exe
  2⤵
  PID:5620
- C:\Windows\System\qPWfYxx.exe
  C:\Windows\System\qPWfYxx.exe
  2⤵
  PID:5820
- C:\Windows\System\nXBJgLF.exe
  C:\Windows\System\nXBJgLF.exe
  2⤵
  PID:5948
- C:\Windows\System\SOeuwac.exe
  C:\Windows\System\SOeuwac.exe
  2⤵
  PID:6088
- C:\Windows\System\tZmQTzt.exe
  C:\Windows\System\tZmQTzt.exe
  2⤵
  PID:4520
- C:\Windows\System\yGTNoWq.exe
  C:\Windows\System\yGTNoWq.exe
  2⤵
  PID:5552
- C:\Windows\System\dpKSrhd.exe
  C:\Windows\System\dpKSrhd.exe
  2⤵
  PID:5884
- C:\Windows\System\DUoHrLU.exe
  C:\Windows\System\DUoHrLU.exe
  2⤵
  PID:5408
- C:\Windows\System\gNUQRBN.exe
  C:\Windows\System\gNUQRBN.exe
  2⤵
  PID:6148
- C:\Windows\System\uYCdWpc.exe
  C:\Windows\System\uYCdWpc.exe
  2⤵
  PID:6196
- C:\Windows\System\LkGaUim.exe
  C:\Windows\System\LkGaUim.exe
  2⤵
  PID:6228
- C:\Windows\System\XUyXltw.exe
  C:\Windows\System\XUyXltw.exe
  2⤵
  PID:6256
- C:\Windows\System\swkEmbZ.exe
  C:\Windows\System\swkEmbZ.exe
  2⤵
  PID:6284
- C:\Windows\System\HhtbPZt.exe
  C:\Windows\System\HhtbPZt.exe
  2⤵
  PID:6300
- C:\Windows\System\POyUiWG.exe
  C:\Windows\System\POyUiWG.exe
  2⤵
  PID:6328
- C:\Windows\System\TzhUJgK.exe
  C:\Windows\System\TzhUJgK.exe
  2⤵
  PID:6356
- C:\Windows\System\PqHEEmf.exe
  C:\Windows\System\PqHEEmf.exe
  2⤵
  PID:6388
- C:\Windows\System\jjjJMKR.exe
  C:\Windows\System\jjjJMKR.exe
  2⤵
  PID:6420
- C:\Windows\System\TkPnUXk.exe
  C:\Windows\System\TkPnUXk.exe
  2⤵
  PID:6452
- C:\Windows\System\iphCbPq.exe
  C:\Windows\System\iphCbPq.exe
  2⤵
  PID:6484
- C:\Windows\System\sjgjaEu.exe
  C:\Windows\System\sjgjaEu.exe
  2⤵
  PID:6512
- C:\Windows\System\Zmetbvo.exe
  C:\Windows\System\Zmetbvo.exe
  2⤵
  PID:6540
- C:\Windows\System\XBRpeEL.exe
  C:\Windows\System\XBRpeEL.exe
  2⤵
  PID:6572
- C:\Windows\System\OTqdxiF.exe
  C:\Windows\System\OTqdxiF.exe
  2⤵
  PID:6600
- C:\Windows\System\dJgPxZl.exe
  C:\Windows\System\dJgPxZl.exe
  2⤵
  PID:6628
- C:\Windows\System\ybBYzvk.exe
  C:\Windows\System\ybBYzvk.exe
  2⤵
  PID:6656
- C:\Windows\System\OnHETlD.exe
  C:\Windows\System\OnHETlD.exe
  2⤵
  PID:6684
- C:\Windows\System\mOojTfC.exe
  C:\Windows\System\mOojTfC.exe
  2⤵
  PID:6700
- C:\Windows\System\WxrFLSY.exe
  C:\Windows\System\WxrFLSY.exe
  2⤵
  PID:6716
- C:\Windows\System\AbobUgJ.exe
  C:\Windows\System\AbobUgJ.exe
  2⤵
  PID:6752
- C:\Windows\System\ToYMiYq.exe
  C:\Windows\System\ToYMiYq.exe
  2⤵
  PID:6772
- C:\Windows\System\FqfpenU.exe
  C:\Windows\System\FqfpenU.exe
  2⤵
  PID:6788
- C:\Windows\System\wbrrNpU.exe
  C:\Windows\System\wbrrNpU.exe
  2⤵
  PID:6828
- C:\Windows\System\zMhiIKP.exe
  C:\Windows\System\zMhiIKP.exe
  2⤵
  PID:6848
- C:\Windows\System\cnqCpGs.exe
  C:\Windows\System\cnqCpGs.exe
  2⤵
  PID:6888
- C:\Windows\System\DHywuyJ.exe
  C:\Windows\System\DHywuyJ.exe
  2⤵
  PID:6924
- C:\Windows\System\TvXSRAZ.exe
  C:\Windows\System\TvXSRAZ.exe
  2⤵
  PID:6952
- C:\Windows\System\JTxzvpb.exe
  C:\Windows\System\JTxzvpb.exe
  2⤵
  PID:6980
- C:\Windows\System\CahuLcy.exe
  C:\Windows\System\CahuLcy.exe
  2⤵
  PID:7008
- C:\Windows\System\bspNvOu.exe
  C:\Windows\System\bspNvOu.exe
  2⤵
  PID:7048
- C:\Windows\System\BvZUskS.exe
  C:\Windows\System\BvZUskS.exe
  2⤵
  PID:7076
- C:\Windows\System\BFFwOPF.exe
  C:\Windows\System\BFFwOPF.exe
  2⤵
  PID:7096
- C:\Windows\System\inmdDKF.exe
  C:\Windows\System\inmdDKF.exe
  2⤵
  PID:7120
- C:\Windows\System\ieSeavT.exe
  C:\Windows\System\ieSeavT.exe
  2⤵
  PID:7160
- C:\Windows\System\Gloudsw.exe
  C:\Windows\System\Gloudsw.exe
  2⤵
  PID:5532
- C:\Windows\System\HFKOVLN.exe
  C:\Windows\System\HFKOVLN.exe
  2⤵
  PID:6268
- C:\Windows\System\fgzkaDH.exe
  C:\Windows\System\fgzkaDH.exe
  2⤵
  PID:6340
- C:\Windows\System\eBOaADN.exe
  C:\Windows\System\eBOaADN.exe
  2⤵
  PID:6384
- C:\Windows\System\RyNZaKh.exe
  C:\Windows\System\RyNZaKh.exe
  2⤵
  PID:6464
- C:\Windows\System\mDRdizY.exe
  C:\Windows\System\mDRdizY.exe
  2⤵
  PID:6500
- C:\Windows\System\bGymqRd.exe
  C:\Windows\System\bGymqRd.exe
  2⤵
  PID:6596
- C:\Windows\System\gUvNgLl.exe
  C:\Windows\System\gUvNgLl.exe
  2⤵
  PID:6640
- C:\Windows\System\RfMApHH.exe
  C:\Windows\System\RfMApHH.exe
  2⤵
  PID:6712
- C:\Windows\System\evUMFzt.exe
  C:\Windows\System\evUMFzt.exe
  2⤵
  PID:6816
- C:\Windows\System\gWxstRp.exe
  C:\Windows\System\gWxstRp.exe
  2⤵
  PID:6868
- C:\Windows\System\HDrftKM.exe
  C:\Windows\System\HDrftKM.exe
  2⤵
  PID:6896
- C:\Windows\System\ydMknTS.exe
  C:\Windows\System\ydMknTS.exe
  2⤵
  PID:6996
- C:\Windows\System\NbdbtNa.exe
  C:\Windows\System\NbdbtNa.exe
  2⤵
  PID:7084
- C:\Windows\System\OKOwgXt.exe
  C:\Windows\System\OKOwgXt.exe
  2⤵
  PID:7140
- C:\Windows\System\jluaUgT.exe
  C:\Windows\System\jluaUgT.exe
  2⤵
  PID:6248
- C:\Windows\System\zgbMfzO.exe
  C:\Windows\System\zgbMfzO.exe
  2⤵
  PID:6408
- C:\Windows\System\ypZgCdt.exe
  C:\Windows\System\ypZgCdt.exe
  2⤵
  PID:6560
- C:\Windows\System\iEKXBEY.exe
  C:\Windows\System\iEKXBEY.exe
  2⤵
  PID:6744
- C:\Windows\System\EjWMbMl.exe
  C:\Windows\System\EjWMbMl.exe
  2⤵
  PID:6844
- C:\Windows\System\UNmlsEn.exe
  C:\Windows\System\UNmlsEn.exe
  2⤵
  PID:7068
- C:\Windows\System\cuOhZLF.exe
  C:\Windows\System\cuOhZLF.exe
  2⤵
  PID:6316
- C:\Windows\System\IsQUuVV.exe
  C:\Windows\System\IsQUuVV.exe
  2⤵
  PID:6668
- C:\Windows\System\cODywIY.exe
  C:\Windows\System\cODywIY.exe
  2⤵
  PID:6160
- C:\Windows\System\nXKhApG.exe
  C:\Windows\System\nXKhApG.exe
  2⤵
  PID:6768
- C:\Windows\System\mCeNnyv.exe
  C:\Windows\System\mCeNnyv.exe
  2⤵
  PID:7196
- C:\Windows\System\mxMIOgT.exe
  C:\Windows\System\mxMIOgT.exe
  2⤵
  PID:7220
- C:\Windows\System\fpPhDVa.exe
  C:\Windows\System\fpPhDVa.exe
  2⤵
  PID:7252
- C:\Windows\System\DPERosh.exe
  C:\Windows\System\DPERosh.exe
  2⤵
  PID:7288
- C:\Windows\System\cCBDHff.exe
  C:\Windows\System\cCBDHff.exe
  2⤵
  PID:7320
- C:\Windows\System\PEwewsW.exe
  C:\Windows\System\PEwewsW.exe
  2⤵
  PID:7352
- C:\Windows\System\zUrncQo.exe
  C:\Windows\System\zUrncQo.exe
  2⤵
  PID:7380
- C:\Windows\System\yfeFVLV.exe
  C:\Windows\System\yfeFVLV.exe
  2⤵
  PID:7396
- C:\Windows\System\RnRItBh.exe
  C:\Windows\System\RnRItBh.exe
  2⤵
  PID:7424
- C:\Windows\System\vaGnviu.exe
  C:\Windows\System\vaGnviu.exe
  2⤵
  PID:7452
- C:\Windows\System\zElTYbG.exe
  C:\Windows\System\zElTYbG.exe
  2⤵
  PID:7480
- C:\Windows\System\pYArViE.exe
  C:\Windows\System\pYArViE.exe
  2⤵
  PID:7520
- C:\Windows\System\USIgHaf.exe
  C:\Windows\System\USIgHaf.exe
  2⤵
  PID:7560
- C:\Windows\System\NnwInFi.exe
  C:\Windows\System\NnwInFi.exe
  2⤵
  PID:7596
- C:\Windows\System\ttFWMkM.exe
  C:\Windows\System\ttFWMkM.exe
  2⤵
  PID:7632
- C:\Windows\System\DKCcktK.exe
  C:\Windows\System\DKCcktK.exe
  2⤵
  PID:7672
- C:\Windows\System\acvHfrb.exe
  C:\Windows\System\acvHfrb.exe
  2⤵
  PID:7712
- C:\Windows\System\TMwzqxz.exe
  C:\Windows\System\TMwzqxz.exe
  2⤵
  PID:7744
- C:\Windows\System\uerpeNu.exe
  C:\Windows\System\uerpeNu.exe
  2⤵
  PID:7768
- C:\Windows\System\WAYBksb.exe
  C:\Windows\System\WAYBksb.exe
  2⤵
  PID:7800
- C:\Windows\System\XoMMTHM.exe
  C:\Windows\System\XoMMTHM.exe
  2⤵
  PID:7844
- C:\Windows\System\IWpvdID.exe
  C:\Windows\System\IWpvdID.exe
  2⤵
  PID:7880
- C:\Windows\System\cUxQMKN.exe
  C:\Windows\System\cUxQMKN.exe
  2⤵
  PID:7908
- C:\Windows\System\YXLqqAt.exe
  C:\Windows\System\YXLqqAt.exe
  2⤵
  PID:7936
- C:\Windows\System\uPeJzce.exe
  C:\Windows\System\uPeJzce.exe
  2⤵
  PID:7988
- C:\Windows\System\clnjNse.exe
  C:\Windows\System\clnjNse.exe
  2⤵
  PID:8012
- C:\Windows\System\uBuznIr.exe
  C:\Windows\System\uBuznIr.exe
  2⤵
  PID:8048
- C:\Windows\System\xNHqFAx.exe
  C:\Windows\System\xNHqFAx.exe
  2⤵
  PID:8072
- C:\Windows\System\OEuShiZ.exe
  C:\Windows\System\OEuShiZ.exe
  2⤵
  PID:8092
- C:\Windows\System\AGPTLfX.exe
  C:\Windows\System\AGPTLfX.exe
  2⤵
  PID:8132
- C:\Windows\System\OWKfKwx.exe
  C:\Windows\System\OWKfKwx.exe
  2⤵
  PID:8160
- C:\Windows\System\FcJqfKC.exe
  C:\Windows\System\FcJqfKC.exe
  2⤵
  PID:8176
- C:\Windows\System\EghSxAr.exe
  C:\Windows\System\EghSxAr.exe
  2⤵
  PID:7244
- C:\Windows\System\gPvWxZh.exe
  C:\Windows\System\gPvWxZh.exe
  2⤵
  PID:6472
- C:\Windows\System\qrWaDbM.exe
  C:\Windows\System\qrWaDbM.exe
  2⤵
  PID:7372
- C:\Windows\System\ZuZdtdW.exe
  C:\Windows\System\ZuZdtdW.exe
  2⤵
  PID:7436
- C:\Windows\System\HeLpchT.exe
  C:\Windows\System\HeLpchT.exe
  2⤵
  PID:7496
- C:\Windows\System\onRJxaC.exe
  C:\Windows\System\onRJxaC.exe
  2⤵
  PID:7488
- C:\Windows\System\kLYkkYh.exe
  C:\Windows\System\kLYkkYh.exe
  2⤵
  PID:7588
- C:\Windows\System\LFPtnph.exe
  C:\Windows\System\LFPtnph.exe
  2⤵
  PID:7624
- C:\Windows\System\qUXgSQi.exe
  C:\Windows\System\qUXgSQi.exe
  2⤵
  PID:7724
- C:\Windows\System\HoaOhgT.exe
  C:\Windows\System\HoaOhgT.exe
  2⤵
  PID:7784
- C:\Windows\System\PZWvdoN.exe
  C:\Windows\System\PZWvdoN.exe
  2⤵
  PID:7896
- C:\Windows\System\SKzHwul.exe
  C:\Windows\System\SKzHwul.exe
  2⤵
  PID:8000
- C:\Windows\System\mrAdUVH.exe
  C:\Windows\System\mrAdUVH.exe
  2⤵
  PID:8040
- C:\Windows\System\JDRCyHC.exe
  C:\Windows\System\JDRCyHC.exe
  2⤵
  PID:8088
- C:\Windows\System\sEaZCYP.exe
  C:\Windows\System\sEaZCYP.exe
  2⤵
  PID:8144
- C:\Windows\System\tpqRdsL.exe
  C:\Windows\System\tpqRdsL.exe
  2⤵
  PID:7272
- C:\Windows\System\WyOgRbf.exe
  C:\Windows\System\WyOgRbf.exe
  2⤵
  PID:7544
- C:\Windows\System\nfeLAEn.exe
  C:\Windows\System\nfeLAEn.exe
  2⤵
  PID:7796
- C:\Windows\System\bQOGKkU.exe
  C:\Windows\System\bQOGKkU.exe
  2⤵
  PID:7892
- C:\Windows\System\pMcDtrw.exe
  C:\Windows\System\pMcDtrw.exe
  2⤵
  PID:7972
- C:\Windows\System\qnrzLMe.exe
  C:\Windows\System\qnrzLMe.exe
  2⤵
  PID:7308
- C:\Windows\System\BprjgAh.exe
  C:\Windows\System\BprjgAh.exe
  2⤵
  PID:7680
- C:\Windows\System\jwAlFaJ.exe
  C:\Windows\System\jwAlFaJ.exe
  2⤵
  PID:8200
- C:\Windows\System\sIsXama.exe
  C:\Windows\System\sIsXama.exe
  2⤵
  PID:8224
- C:\Windows\System\QtyzbmT.exe
  C:\Windows\System\QtyzbmT.exe
  2⤵
  PID:8248
- C:\Windows\System\EoIixAA.exe
  C:\Windows\System\EoIixAA.exe
  2⤵
  PID:8272
- C:\Windows\System\nTpXjyJ.exe
  C:\Windows\System\nTpXjyJ.exe
  2⤵
  PID:8292
- C:\Windows\System\QJUjdyX.exe
  C:\Windows\System\QJUjdyX.exe
  2⤵
  PID:8320
- C:\Windows\System\inwXKdc.exe
  C:\Windows\System\inwXKdc.exe
  2⤵
  PID:8344
- C:\Windows\System\MNjAFRj.exe
  C:\Windows\System\MNjAFRj.exe
  2⤵
  PID:8380
- C:\Windows\System\XZWkxCX.exe
  C:\Windows\System\XZWkxCX.exe
  2⤵
  PID:8424
- C:\Windows\System\CLMNAXu.exe
  C:\Windows\System\CLMNAXu.exe
  2⤵
  PID:8444
- C:\Windows\System\ESoGmoO.exe
  C:\Windows\System\ESoGmoO.exe
  2⤵
  PID:8472
- C:\Windows\System\SHMGMfp.exe
  C:\Windows\System\SHMGMfp.exe
  2⤵
  PID:8500
- C:\Windows\System\tOacgtP.exe
  C:\Windows\System\tOacgtP.exe
  2⤵
  PID:8528
- C:\Windows\System\TCnUvmv.exe
  C:\Windows\System\TCnUvmv.exe
  2⤵
  PID:8548
- C:\Windows\System\jGqXGZS.exe
  C:\Windows\System\jGqXGZS.exe
  2⤵
  PID:8584
- C:\Windows\System\CAvfsEE.exe
  C:\Windows\System\CAvfsEE.exe
  2⤵
  PID:8612
- C:\Windows\System\PDmtxrI.exe
  C:\Windows\System\PDmtxrI.exe
  2⤵
  PID:8640
- C:\Windows\System\UTzODXQ.exe
  C:\Windows\System\UTzODXQ.exe
  2⤵
  PID:8668
- C:\Windows\System\hvCiUYy.exe
  C:\Windows\System\hvCiUYy.exe
  2⤵
  PID:8708
- C:\Windows\System\XNopzbP.exe
  C:\Windows\System\XNopzbP.exe
  2⤵
  PID:8740
- C:\Windows\System\VNcsURb.exe
  C:\Windows\System\VNcsURb.exe
  2⤵
  PID:8768
- C:\Windows\System\OaYAbBv.exe
  C:\Windows\System\OaYAbBv.exe
  2⤵
  PID:8788
- C:\Windows\System\KCwdcKs.exe
  C:\Windows\System\KCwdcKs.exe
  2⤵
  PID:8812
- C:\Windows\System\eahiTKm.exe
  C:\Windows\System\eahiTKm.exe
  2⤵
  PID:8840
- C:\Windows\System\hIiZXhr.exe
  C:\Windows\System\hIiZXhr.exe
  2⤵
  PID:8868
- C:\Windows\System\HPGReuK.exe
  C:\Windows\System\HPGReuK.exe
  2⤵
  PID:8892
- C:\Windows\System\xKDCHyl.exe
  C:\Windows\System\xKDCHyl.exe
  2⤵
  PID:8916
- C:\Windows\System\sOJEoKG.exe
  C:\Windows\System\sOJEoKG.exe
  2⤵
  PID:8952
- C:\Windows\System\RRcyZFN.exe
  C:\Windows\System\RRcyZFN.exe
  2⤵
  PID:8980
- C:\Windows\System\nIBRkVi.exe
  C:\Windows\System\nIBRkVi.exe
  2⤵
  PID:9008
- C:\Windows\System\QLSIFyP.exe
  C:\Windows\System\QLSIFyP.exe
  2⤵
  PID:9036
- C:\Windows\System\dJKEjCA.exe
  C:\Windows\System\dJKEjCA.exe
  2⤵
  PID:9052
- C:\Windows\System\yrfZYyJ.exe
  C:\Windows\System\yrfZYyJ.exe
  2⤵
  PID:9076
- C:\Windows\System\DPdWVKX.exe
  C:\Windows\System\DPdWVKX.exe
  2⤵
  PID:9124
- C:\Windows\System\VnrZGWF.exe
  C:\Windows\System\VnrZGWF.exe
  2⤵
  PID:9148
- C:\Windows\System\mFAarwN.exe
  C:\Windows\System\mFAarwN.exe
  2⤵
  PID:9184
- C:\Windows\System\itMrJjY.exe
  C:\Windows\System\itMrJjY.exe
  2⤵
  PID:9204
- C:\Windows\System\cHHTOhI.exe
  C:\Windows\System\cHHTOhI.exe
  2⤵
  PID:8216
- C:\Windows\System\TOFpFmf.exe
  C:\Windows\System\TOFpFmf.exe
  2⤵
  PID:8284
- C:\Windows\System\jNHqiDb.exe
  C:\Windows\System\jNHqiDb.exe
  2⤵
  PID:8336
- C:\Windows\System\ZrAZBCo.exe
  C:\Windows\System\ZrAZBCo.exe
  2⤵
  PID:8392
- C:\Windows\System\NXqxQQf.exe
  C:\Windows\System\NXqxQQf.exe
  2⤵
  PID:8456
- C:\Windows\System\OOBtZBZ.exe
  C:\Windows\System\OOBtZBZ.exe
  2⤵
  PID:8564
- C:\Windows\System\reMxuyZ.exe
  C:\Windows\System\reMxuyZ.exe
  2⤵
  PID:8636
- C:\Windows\System\fCDzFTD.exe
  C:\Windows\System\fCDzFTD.exe
  2⤵
  PID:8716
- C:\Windows\System\fskAbDV.exe
  C:\Windows\System\fskAbDV.exe
  2⤵
  PID:8760
- C:\Windows\System\CWaBZzG.exe
  C:\Windows\System\CWaBZzG.exe
  2⤵
  PID:8804
- C:\Windows\System\gzvewTI.exe
  C:\Windows\System\gzvewTI.exe
  2⤵
  PID:8904
- C:\Windows\System\rKQgAla.exe
  C:\Windows\System\rKQgAla.exe
  2⤵
  PID:8940
- C:\Windows\System\rHgvUje.exe
  C:\Windows\System\rHgvUje.exe
  2⤵
  PID:9000
- C:\Windows\System\QDbifwg.exe
  C:\Windows\System\QDbifwg.exe
  2⤵
  PID:9048
- C:\Windows\System\UKXceNc.exe
  C:\Windows\System\UKXceNc.exe
  2⤵
  PID:9104
- C:\Windows\System\DShobqE.exe
  C:\Windows\System\DShobqE.exe
  2⤵
  PID:8208
- C:\Windows\System\GOtKCgu.exe
  C:\Windows\System\GOtKCgu.exe
  2⤵
  PID:8300
- C:\Windows\System\eAkcAAu.exe
  C:\Windows\System\eAkcAAu.exe
  2⤵
  PID:8400
- C:\Windows\System\osAGeXh.exe
  C:\Windows\System\osAGeXh.exe
  2⤵
  PID:8628
- C:\Windows\System\dGyIPxm.exe
  C:\Windows\System\dGyIPxm.exe
  2⤵
  PID:8776
- C:\Windows\System\doYNrJW.exe
  C:\Windows\System\doYNrJW.exe
  2⤵
  PID:8944
- C:\Windows\System\wmUudVT.exe
  C:\Windows\System\wmUudVT.exe
  2⤵
  PID:9084
- C:\Windows\System\meYWmLI.exe
  C:\Windows\System\meYWmLI.exe
  2⤵
  PID:7660
- C:\Windows\System\ZFhhVQi.exe
  C:\Windows\System\ZFhhVQi.exe
  2⤵
  PID:8452
- C:\Windows\System\XghPjKA.exe
  C:\Windows\System\XghPjKA.exe
  2⤵
  PID:8756
- C:\Windows\System\gkYmTMd.exe
  C:\Windows\System\gkYmTMd.exe
  2⤵
  PID:8260
- C:\Windows\System\TsRMVrP.exe
  C:\Windows\System\TsRMVrP.exe
  2⤵
  PID:8600
- C:\Windows\System\ARTDkHe.exe
  C:\Windows\System\ARTDkHe.exe
  2⤵
  PID:8368
- C:\Windows\System\JZycPCN.exe
  C:\Windows\System\JZycPCN.exe
  2⤵
  PID:9244
- C:\Windows\System\dVLrIRj.exe
  C:\Windows\System\dVLrIRj.exe
  2⤵
  PID:9280
- C:\Windows\System\Grblksj.exe
  C:\Windows\System\Grblksj.exe
  2⤵
  PID:9296
- C:\Windows\System\gDnoCuH.exe
  C:\Windows\System\gDnoCuH.exe
  2⤵
  PID:9312
- C:\Windows\System\bdyumul.exe
  C:\Windows\System\bdyumul.exe
  2⤵
  PID:9356
- C:\Windows\System\lOUUpzg.exe
  C:\Windows\System\lOUUpzg.exe
  2⤵
  PID:9392
- C:\Windows\System\CLpFwTW.exe
  C:\Windows\System\CLpFwTW.exe
  2⤵
  PID:9428
- C:\Windows\System\rRbmOQC.exe
  C:\Windows\System\rRbmOQC.exe
  2⤵
  PID:9460
- C:\Windows\System\dtHvWpX.exe
  C:\Windows\System\dtHvWpX.exe
  2⤵
  PID:9488
- C:\Windows\System\RZKEWwX.exe
  C:\Windows\System\RZKEWwX.exe
  2⤵
  PID:9516
- C:\Windows\System\oENvYqK.exe
  C:\Windows\System\oENvYqK.exe
  2⤵
  PID:9532
- C:\Windows\System\aHpQmgN.exe
  C:\Windows\System\aHpQmgN.exe
  2⤵
  PID:9560
- C:\Windows\System\nwGzMda.exe
  C:\Windows\System\nwGzMda.exe
  2⤵
  PID:9584
- C:\Windows\System\OFQTEUs.exe
  C:\Windows\System\OFQTEUs.exe
  2⤵
  PID:9600
- C:\Windows\System\rEtJxDj.exe
  C:\Windows\System\rEtJxDj.exe
  2⤵
  PID:9620
- C:\Windows\System\wzrbRPb.exe
  C:\Windows\System\wzrbRPb.exe
  2⤵
  PID:9644
- C:\Windows\System\kWwFDOr.exe
  C:\Windows\System\kWwFDOr.exe
  2⤵
  PID:9660
- C:\Windows\System\QKChjhV.exe
  C:\Windows\System\QKChjhV.exe
  2⤵
  PID:9692
- C:\Windows\System\AuojFQO.exe
  C:\Windows\System\AuojFQO.exe
  2⤵
  PID:9720
- C:\Windows\System\CNkmEoS.exe
  C:\Windows\System\CNkmEoS.exe
  2⤵
  PID:9752
- C:\Windows\System\CAMROOX.exe
  C:\Windows\System\CAMROOX.exe
  2⤵
  PID:9784
- C:\Windows\System\ZBNGwiF.exe
  C:\Windows\System\ZBNGwiF.exe
  2⤵
  PID:9808
- C:\Windows\System\ZBOWXBI.exe
  C:\Windows\System\ZBOWXBI.exe
  2⤵
  PID:9836
- C:\Windows\System\iRpUtec.exe
  C:\Windows\System\iRpUtec.exe
  2⤵
  PID:9868
- C:\Windows\System\reMwxvx.exe
  C:\Windows\System\reMwxvx.exe
  2⤵
  PID:9912
- C:\Windows\System\HwnWwrs.exe
  C:\Windows\System\HwnWwrs.exe
  2⤵
  PID:9980
- C:\Windows\System\VisZRvl.exe
  C:\Windows\System\VisZRvl.exe
  2⤵
  PID:10000
- C:\Windows\System\GUMYnUR.exe
  C:\Windows\System\GUMYnUR.exe
  2⤵
  PID:10036
- C:\Windows\System\GfNilIO.exe
  C:\Windows\System\GfNilIO.exe
  2⤵
  PID:10080
- C:\Windows\System\WAByPRj.exe
  C:\Windows\System\WAByPRj.exe
  2⤵
  PID:10124
- C:\Windows\System\McLZyuy.exe
  C:\Windows\System\McLZyuy.exe
  2⤵
  PID:10152
- C:\Windows\System\GZPAbps.exe
  C:\Windows\System\GZPAbps.exe
  2⤵
  PID:10176
- C:\Windows\System\meMtSQQ.exe
  C:\Windows\System\meMtSQQ.exe
  2⤵
  PID:10200
- C:\Windows\System\AvcVKKd.exe
  C:\Windows\System\AvcVKKd.exe
  2⤵
  PID:10224
- C:\Windows\System\YquMvww.exe
  C:\Windows\System\YquMvww.exe
  2⤵
  PID:9032
- C:\Windows\System\JJuxbUG.exe
  C:\Windows\System\JJuxbUG.exe
  2⤵
  PID:9228
- C:\Windows\System\burcIEx.exe
  C:\Windows\System\burcIEx.exe
  2⤵
  PID:9304
- C:\Windows\System\YjpzrPw.exe
  C:\Windows\System\YjpzrPw.exe
  2⤵
  PID:9384
- C:\Windows\System\hNwpaIW.exe
  C:\Windows\System\hNwpaIW.exe
  2⤵
  PID:9472
- C:\Windows\System\pKjinof.exe
  C:\Windows\System\pKjinof.exe
  2⤵
  PID:9524
- C:\Windows\System\cVUHjOX.exe
  C:\Windows\System\cVUHjOX.exe
  2⤵
  PID:9636
- C:\Windows\System\LAlWVxg.exe
  C:\Windows\System\LAlWVxg.exe
  2⤵
  PID:9608
- C:\Windows\System\bQmXmjI.exe
  C:\Windows\System\bQmXmjI.exe
  2⤵
  PID:9716
- C:\Windows\System\EhzWbUw.exe
  C:\Windows\System\EhzWbUw.exe
  2⤵
  PID:9860
- C:\Windows\System\TXjsicR.exe
  C:\Windows\System\TXjsicR.exe
  2⤵
  PID:9772
- C:\Windows\System\ZrUpYCQ.exe
  C:\Windows\System\ZrUpYCQ.exe
  2⤵
  PID:9956
- C:\Windows\System\zjxFLfk.exe
  C:\Windows\System\zjxFLfk.exe
  2⤵
  PID:9892
- C:\Windows\System\nYVXgfv.exe
  C:\Windows\System\nYVXgfv.exe
  2⤵
  PID:10048
- C:\Windows\System\FXnEohz.exe
  C:\Windows\System\FXnEohz.exe
  2⤵
  PID:10112
- C:\Windows\System\EurCZyw.exe
  C:\Windows\System\EurCZyw.exe
  2⤵
  PID:10188
- C:\Windows\System\BGyZmmr.exe
  C:\Windows\System\BGyZmmr.exe
  2⤵
  PID:9308
- C:\Windows\System\NrYSlLb.exe
  C:\Windows\System\NrYSlLb.exe
  2⤵
  PID:9456
- C:\Windows\System\ZrbhtnV.exe
  C:\Windows\System\ZrbhtnV.exe
  2⤵
  PID:9596
- C:\Windows\System\ooyCnqV.exe
  C:\Windows\System\ooyCnqV.exe
  2⤵
  PID:9732
- C:\Windows\System\ziSMPla.exe
  C:\Windows\System\ziSMPla.exe
  2⤵
  PID:9888
- C:\Windows\System\SOEKuXD.exe
  C:\Windows\System\SOEKuXD.exe
  2⤵
  PID:9996
- C:\Windows\System\iixQQuB.exe
  C:\Windows\System\iixQQuB.exe
  2⤵
  PID:10096
- C:\Windows\System\NyygyZR.exe
  C:\Windows\System\NyygyZR.exe
  2⤵
  PID:10140
- C:\Windows\System\izfgKrx.exe
  C:\Windows\System\izfgKrx.exe
  2⤵
  PID:9440
- C:\Windows\System\eeXSgiR.exe
  C:\Windows\System\eeXSgiR.exe
  2⤵
  PID:9844
- C:\Windows\System\rHIsSyp.exe
  C:\Windows\System\rHIsSyp.exe
  2⤵
  PID:10088
- C:\Windows\System\HcxoNDI.exe
  C:\Windows\System\HcxoNDI.exe
  2⤵
  PID:10256
- C:\Windows\System\PkSSKIu.exe
  C:\Windows\System\PkSSKIu.exe
  2⤵
  PID:10296
- C:\Windows\System\mUDwWkX.exe
  C:\Windows\System\mUDwWkX.exe
  2⤵
  PID:10320
- C:\Windows\System\alSJYSI.exe
  C:\Windows\System\alSJYSI.exe
  2⤵
  PID:10352
- C:\Windows\System\ZCAYyqs.exe
  C:\Windows\System\ZCAYyqs.exe
  2⤵
  PID:10376
- C:\Windows\System\EHkShox.exe
  C:\Windows\System\EHkShox.exe
  2⤵
  PID:10412
- C:\Windows\System\wuVqngS.exe
  C:\Windows\System\wuVqngS.exe
  2⤵
  PID:10436
- C:\Windows\System\sVTaMAQ.exe
  C:\Windows\System\sVTaMAQ.exe
  2⤵
  PID:10460
- C:\Windows\System\ocVoDJm.exe
  C:\Windows\System\ocVoDJm.exe
  2⤵
  PID:10492
- C:\Windows\System\csXLQAf.exe
  C:\Windows\System\csXLQAf.exe
  2⤵
  PID:10516
- C:\Windows\System\jLxXxel.exe
  C:\Windows\System\jLxXxel.exe
  2⤵
  PID:10548
- C:\Windows\System\dyANjfD.exe
  C:\Windows\System\dyANjfD.exe
  2⤵
  PID:10572
- C:\Windows\System\ddHXizR.exe
  C:\Windows\System\ddHXizR.exe
  2⤵
  PID:10600
- C:\Windows\System\SeEOHxH.exe
  C:\Windows\System\SeEOHxH.exe
  2⤵
  PID:10628
- C:\Windows\System\twLVUsE.exe
  C:\Windows\System\twLVUsE.exe
  2⤵
  PID:10652
- C:\Windows\System\xbVoNLP.exe
  C:\Windows\System\xbVoNLP.exe
  2⤵
  PID:10684
- C:\Windows\System\tpNaESC.exe
  C:\Windows\System\tpNaESC.exe
  2⤵
  PID:10716
- C:\Windows\System\HJDQevA.exe
  C:\Windows\System\HJDQevA.exe
  2⤵
  PID:10740
- C:\Windows\System\mFtgEqO.exe
  C:\Windows\System\mFtgEqO.exe
  2⤵
  PID:10760
- C:\Windows\System\frsUqOa.exe
  C:\Windows\System\frsUqOa.exe
  2⤵
  PID:10796
- C:\Windows\System\ltqmcke.exe
  C:\Windows\System\ltqmcke.exe
  2⤵
  PID:10836
- C:\Windows\System\uZdXDda.exe
  C:\Windows\System\uZdXDda.exe
  2⤵
  PID:10860
- C:\Windows\System\lOqlUOT.exe
  C:\Windows\System\lOqlUOT.exe
  2⤵
  PID:10896
- C:\Windows\System\YqjnFtx.exe
  C:\Windows\System\YqjnFtx.exe
  2⤵
  PID:10916
- C:\Windows\System\FSfdqGa.exe
  C:\Windows\System\FSfdqGa.exe
  2⤵
  PID:10932
- C:\Windows\System\CdSekaH.exe
  C:\Windows\System\CdSekaH.exe
  2⤵
  PID:10972
- C:\Windows\System\AkKJuvm.exe
  C:\Windows\System\AkKJuvm.exe
  2⤵
  PID:11004
- C:\Windows\System\gbvbMIw.exe
  C:\Windows\System\gbvbMIw.exe
  2⤵
  PID:11028
- C:\Windows\System\bSesRmk.exe
  C:\Windows\System\bSesRmk.exe
  2⤵
  PID:11048
- C:\Windows\System\jEQYVts.exe
  C:\Windows\System\jEQYVts.exe
  2⤵
  PID:11072
- C:\Windows\System\LfEADCY.exe
  C:\Windows\System\LfEADCY.exe
  2⤵
  PID:11100
- C:\Windows\System\LfsvGiN.exe
  C:\Windows\System\LfsvGiN.exe
  2⤵
  PID:11136
- C:\Windows\System\JHNcDRC.exe
  C:\Windows\System\JHNcDRC.exe
  2⤵
  PID:11204
- C:\Windows\System\VrwnVQX.exe
  C:\Windows\System\VrwnVQX.exe
  2⤵
  PID:11220
- C:\Windows\System\RNIPcxf.exe
  C:\Windows\System\RNIPcxf.exe
  2⤵
  PID:11248
- C:\Windows\System\SaFXJCc.exe
  C:\Windows\System\SaFXJCc.exe
  2⤵
  PID:10168
- C:\Windows\System\JcEzSVv.exe
  C:\Windows\System\JcEzSVv.exe
  2⤵
  PID:10120
- C:\Windows\System\raOKmQG.exe
  C:\Windows\System\raOKmQG.exe
  2⤵
  PID:10304
- C:\Windows\System\GkgbWPi.exe
  C:\Windows\System\GkgbWPi.exe
  2⤵
  PID:10396
- C:\Windows\System\DIePCuf.exe
  C:\Windows\System\DIePCuf.exe
  2⤵
  PID:10456
- C:\Windows\System\JtbtwzU.exe
  C:\Windows\System\JtbtwzU.exe
  2⤵
  PID:10500
- C:\Windows\System\xowSOkx.exe
  C:\Windows\System\xowSOkx.exe
  2⤵
  PID:10588
- C:\Windows\System\eAgXQuN.exe
  C:\Windows\System\eAgXQuN.exe
  2⤵
  PID:10644
- C:\Windows\System\ZBQZhce.exe
  C:\Windows\System\ZBQZhce.exe
  2⤵
  PID:10672
- C:\Windows\System\OOAbFCx.exe
  C:\Windows\System\OOAbFCx.exe
  2⤵
  PID:10768
- C:\Windows\System\vDmJwsC.exe
  C:\Windows\System\vDmJwsC.exe
  2⤵
  PID:10848
- C:\Windows\System\GsTJxES.exe
  C:\Windows\System\GsTJxES.exe
  2⤵
  PID:10928
- C:\Windows\System\DxhVBbH.exe
  C:\Windows\System\DxhVBbH.exe
  2⤵
  PID:10984
- C:\Windows\System\pjbINoO.exe
  C:\Windows\System\pjbINoO.exe
  2⤵
  PID:11080
- C:\Windows\System\EsPlSAW.exe
  C:\Windows\System\EsPlSAW.exe
  2⤵
  PID:11128
- C:\Windows\System\zvUyqhk.exe
  C:\Windows\System\zvUyqhk.exe
  2⤵
  PID:11148
- C:\Windows\System\LpvsiXM.exe
  C:\Windows\System\LpvsiXM.exe
  2⤵
  PID:4952
- C:\Windows\System\DemDnGK.exe
  C:\Windows\System\DemDnGK.exe
  2⤵
  PID:11256
- C:\Windows\System\zYSVMrr.exe
  C:\Windows\System\zYSVMrr.exe
  2⤵
  PID:10348
- C:\Windows\System\SAPSMRB.exe
  C:\Windows\System\SAPSMRB.exe
  2⤵
  PID:10556
- C:\Windows\System\SbUqRdS.exe
  C:\Windows\System\SbUqRdS.exe
  2⤵
  PID:10620
- C:\Windows\System\dGhrhUQ.exe
  C:\Windows\System\dGhrhUQ.exe
  2⤵
  PID:10808
- C:\Windows\System\sTQfAhQ.exe
  C:\Windows\System\sTQfAhQ.exe
  2⤵
  PID:10952
- C:\Windows\System\MEzXcYJ.exe
  C:\Windows\System\MEzXcYJ.exe
  2⤵
  PID:11188
- C:\Windows\System\rnTWckk.exe
  C:\Windows\System\rnTWckk.exe
  2⤵
  PID:11216
- C:\Windows\System\JaXYArl.exe
  C:\Windows\System\JaXYArl.exe
  2⤵
  PID:10472
- C:\Windows\System\GWYdGii.exe
  C:\Windows\System\GWYdGii.exe
  2⤵
  PID:11036
- C:\Windows\System\pfZYcmW.exe
  C:\Windows\System\pfZYcmW.exe
  2⤵
  PID:11212
- C:\Windows\System\yHArpUM.exe
  C:\Windows\System\yHArpUM.exe
  2⤵
  PID:10792
- C:\Windows\System\aGpqffH.exe
  C:\Windows\System\aGpqffH.exe
  2⤵
  PID:11040
- C:\Windows\System\WvepIrX.exe
  C:\Windows\System\WvepIrX.exe
  2⤵
  PID:11288
- C:\Windows\System\wtqNTiw.exe
  C:\Windows\System\wtqNTiw.exe
  2⤵
  PID:11316
- C:\Windows\System\VaUJeOu.exe
  C:\Windows\System\VaUJeOu.exe
  2⤵
  PID:11344
- C:\Windows\System\jyJmFGj.exe
  C:\Windows\System\jyJmFGj.exe
  2⤵
  PID:11372
- C:\Windows\System\sCzfdIf.exe
  C:\Windows\System\sCzfdIf.exe
  2⤵
  PID:11400
- C:\Windows\System\qerEEkP.exe
  C:\Windows\System\qerEEkP.exe
  2⤵
  PID:11424
- C:\Windows\System\Miorbhd.exe
  C:\Windows\System\Miorbhd.exe
  2⤵
  PID:11456
- C:\Windows\System\sfgHzAt.exe
  C:\Windows\System\sfgHzAt.exe
  2⤵
  PID:11472
- C:\Windows\System\beNyBPx.exe
  C:\Windows\System\beNyBPx.exe
  2⤵
  PID:11508
- C:\Windows\System\QMdCvhj.exe
  C:\Windows\System\QMdCvhj.exe
  2⤵
  PID:11536
- C:\Windows\System\eZHiaqS.exe
  C:\Windows\System\eZHiaqS.exe
  2⤵
  PID:11568
- C:\Windows\System\ImYrTbF.exe
  C:\Windows\System\ImYrTbF.exe
  2⤵
  PID:11596
- C:\Windows\System\AvUZxUf.exe
  C:\Windows\System\AvUZxUf.exe
  2⤵
  PID:11624
- C:\Windows\System\PltnrrK.exe
  C:\Windows\System\PltnrrK.exe
  2⤵
  PID:11644
- C:\Windows\System\hmbJqDN.exe
  C:\Windows\System\hmbJqDN.exe
  2⤵
  PID:11668
- C:\Windows\System\WQORXJo.exe
  C:\Windows\System\WQORXJo.exe
  2⤵
  PID:11700
- C:\Windows\System\WVEQYuy.exe
  C:\Windows\System\WVEQYuy.exe
  2⤵
  PID:11724
- C:\Windows\System\EiJQFCc.exe
  C:\Windows\System\EiJQFCc.exe
  2⤵
  PID:11756
- C:\Windows\System\UbYdAWQ.exe
  C:\Windows\System\UbYdAWQ.exe
  2⤵
  PID:11792
- C:\Windows\System\JoRDsBQ.exe
  C:\Windows\System\JoRDsBQ.exe
  2⤵
  PID:11820
- C:\Windows\System\ZWgHyyl.exe
  C:\Windows\System\ZWgHyyl.exe
  2⤵
  PID:11836
- C:\Windows\System\LrBhJJJ.exe
  C:\Windows\System\LrBhJJJ.exe
  2⤵
  PID:11864
- C:\Windows\System\kZazViY.exe
  C:\Windows\System\kZazViY.exe
  2⤵
  PID:11892
- C:\Windows\System\BxTszjS.exe
  C:\Windows\System\BxTszjS.exe
  2⤵
  PID:11908
- C:\Windows\System\TcJIOhk.exe
  C:\Windows\System\TcJIOhk.exe
  2⤵
  PID:11952
- C:\Windows\System\udIyRtv.exe
  C:\Windows\System\udIyRtv.exe
  2⤵
  PID:11972
- C:\Windows\System\aSEZpBa.exe
  C:\Windows\System\aSEZpBa.exe
  2⤵
  PID:12008
- C:\Windows\System\DctynDy.exe
  C:\Windows\System\DctynDy.exe
  2⤵
  PID:12032
- C:\Windows\System\yoOPQyK.exe
  C:\Windows\System\yoOPQyK.exe
  2⤵
  PID:12060
- C:\Windows\System\FTwkbxH.exe
  C:\Windows\System\FTwkbxH.exe
  2⤵
  PID:12080
- C:\Windows\System\TDTKTRd.exe
  C:\Windows\System\TDTKTRd.exe
  2⤵
  PID:12112
- C:\Windows\System\JQbhNco.exe
  C:\Windows\System\JQbhNco.exe
  2⤵
  PID:12144
- C:\Windows\System\qHojJtF.exe
  C:\Windows\System\qHojJtF.exe
  2⤵
  PID:12168
- C:\Windows\System\eDYpcMJ.exe
  C:\Windows\System\eDYpcMJ.exe
  2⤵
  PID:12208
- C:\Windows\System\zxnVPUJ.exe
  C:\Windows\System\zxnVPUJ.exe
  2⤵
  PID:12248
- C:\Windows\System\FYFCLaf.exe
  C:\Windows\System\FYFCLaf.exe
  2⤵
  PID:12276
- C:\Windows\System\fnPWfAI.exe
  C:\Windows\System\fnPWfAI.exe
  2⤵
  PID:10616
- C:\Windows\System\yFZGdoY.exe
  C:\Windows\System\yFZGdoY.exe
  2⤵
  PID:11336
- C:\Windows\System\znxfJJv.exe
  C:\Windows\System\znxfJJv.exe
  2⤵
  PID:11440
- C:\Windows\System\cWXxYTw.exe
  C:\Windows\System\cWXxYTw.exe
  2⤵
  PID:11484
- C:\Windows\System\oYXQXRL.exe
  C:\Windows\System\oYXQXRL.exe
  2⤵
  PID:11552
- C:\Windows\System\vbranZT.exe
  C:\Windows\System\vbranZT.exe
  2⤵
  PID:11640
- C:\Windows\System\BSZVWTC.exe
  C:\Windows\System\BSZVWTC.exe
  2⤵
  PID:11740
- C:\Windows\System\roXezOM.exe
  C:\Windows\System\roXezOM.exe
  2⤵
  PID:11788
- C:\Windows\System\YBjpFuh.exe
  C:\Windows\System\YBjpFuh.exe
  2⤵
  PID:11848
- C:\Windows\System\YHDuxin.exe
  C:\Windows\System\YHDuxin.exe
  2⤵
  PID:11936
- C:\Windows\System\EEbYZEu.exe
  C:\Windows\System\EEbYZEu.exe
  2⤵
  PID:12024
- C:\Windows\System\SAnFBvv.exe
  C:\Windows\System\SAnFBvv.exe
  2⤵
  PID:12076
- C:\Windows\System\oUQlDMh.exe
  C:\Windows\System\oUQlDMh.exe
  2⤵
  PID:12160
- C:\Windows\System\DVQzmag.exe
  C:\Windows\System\DVQzmag.exe
  2⤵
  PID:12120
- C:\Windows\System\ytFTDRM.exe
  C:\Windows\System\ytFTDRM.exe
  2⤵
  PID:11236
- C:\Windows\System\QVtJaYp.exe
  C:\Windows\System\QVtJaYp.exe
  2⤵
  PID:11464
- C:\Windows\System\mokkFQq.exe
  C:\Windows\System\mokkFQq.exe
  2⤵
  PID:11580
- C:\Windows\System\WtZCgOU.exe
  C:\Windows\System\WtZCgOU.exe
  2⤵
  PID:11860
- C:\Windows\System\yoNRVJo.exe
  C:\Windows\System\yoNRVJo.exe
  2⤵
  PID:12088
- C:\Windows\System\EuuYRbK.exe
  C:\Windows\System\EuuYRbK.exe
  2⤵
  PID:12188
- C:\Windows\System\ntZziTs.exe
  C:\Windows\System\ntZziTs.exe
  2⤵
  PID:12220
- C:\Windows\System\aEQfpmO.exe
  C:\Windows\System\aEQfpmO.exe
  2⤵
  PID:11556
- C:\Windows\System\BtHfmFu.exe
  C:\Windows\System\BtHfmFu.exe
  2⤵
  PID:11612
- C:\Windows\System\wOklHzO.exe
  C:\Windows\System\wOklHzO.exe
  2⤵
  PID:11828
- C:\Windows\System\zLzijZq.exe
  C:\Windows\System\zLzijZq.exe
  2⤵
  PID:11392
- C:\Windows\System\LxqDApg.exe
  C:\Windows\System\LxqDApg.exe
  2⤵
  PID:12296
- C:\Windows\System\grbWtpF.exe
  C:\Windows\System\grbWtpF.exe
  2⤵
  PID:12320
- C:\Windows\System\GHWqDaV.exe
  C:\Windows\System\GHWqDaV.exe
  2⤵
  PID:12348
- C:\Windows\System\UKOBeoS.exe
  C:\Windows\System\UKOBeoS.exe
  2⤵
  PID:12392
- C:\Windows\System\bsugmws.exe
  C:\Windows\System\bsugmws.exe
  2⤵
  PID:12416
- C:\Windows\System\wmTokKo.exe
  C:\Windows\System\wmTokKo.exe
  2⤵
  PID:12448
- C:\Windows\System\kKNKIMP.exe
  C:\Windows\System\kKNKIMP.exe
  2⤵
  PID:12480
- C:\Windows\System\gXrfgAt.exe
  C:\Windows\System\gXrfgAt.exe
  2⤵
  PID:12500
- C:\Windows\System\ETYQqaV.exe
  C:\Windows\System\ETYQqaV.exe
  2⤵
  PID:12532
- C:\Windows\System\buhieTM.exe
  C:\Windows\System\buhieTM.exe
  2⤵
  PID:12568
- C:\Windows\System\xVchOqT.exe
  C:\Windows\System\xVchOqT.exe
  2⤵
  PID:12588
- C:\Windows\System\tbeXOLt.exe
  C:\Windows\System\tbeXOLt.exe
  2⤵
  PID:12616
- C:\Windows\System\uSreTrF.exe
  C:\Windows\System\uSreTrF.exe
  2⤵
  PID:12636
- C:\Windows\System\jtPKAwh.exe
  C:\Windows\System\jtPKAwh.exe
  2⤵
  PID:12664
- C:\Windows\System\ZudcBGO.exe
  C:\Windows\System\ZudcBGO.exe
  2⤵
  PID:12688
- C:\Windows\System\oWCzhEn.exe
  C:\Windows\System\oWCzhEn.exe
  2⤵
  PID:12720
- C:\Windows\System\IySumcF.exe
  C:\Windows\System\IySumcF.exe
  2⤵
  PID:12748
- C:\Windows\System\QslAQtF.exe
  C:\Windows\System\QslAQtF.exe
  2⤵
  PID:12784
- C:\Windows\System\LAeSJQt.exe
  C:\Windows\System\LAeSJQt.exe
  2⤵
  PID:12808
- C:\Windows\System\XROJOzy.exe
  C:\Windows\System\XROJOzy.exe
  2⤵
  PID:12828
- C:\Windows\System\bZKPZmf.exe
  C:\Windows\System\bZKPZmf.exe
  2⤵
  PID:12868
- C:\Windows\System\ZITucDi.exe
  C:\Windows\System\ZITucDi.exe
  2⤵
  PID:12892
- C:\Windows\System\sIkGmEQ.exe
  C:\Windows\System\sIkGmEQ.exe
  2⤵
  PID:12932
- C:\Windows\System\sRJZNLQ.exe
  C:\Windows\System\sRJZNLQ.exe
  2⤵
  PID:12960
- C:\Windows\System\EsbizrF.exe
  C:\Windows\System\EsbizrF.exe
  2⤵
  PID:12996
- C:\Windows\System\sEFkpVh.exe
  C:\Windows\System\sEFkpVh.exe
  2⤵
  PID:13016
- C:\Windows\System\KmZqnbm.exe
  C:\Windows\System\KmZqnbm.exe
  2⤵
  PID:13040
- C:\Windows\System\ycMqRDb.exe
  C:\Windows\System\ycMqRDb.exe
  2⤵
  PID:13072
- C:\Windows\System\NIoCPec.exe
  C:\Windows\System\NIoCPec.exe
  2⤵
  PID:13108
- C:\Windows\System\FPneRrk.exe
  C:\Windows\System\FPneRrk.exe
  2⤵
  PID:13128
- C:\Windows\System\EyIuKya.exe
  C:\Windows\System\EyIuKya.exe
  2⤵
  PID:13156
- C:\Windows\System\qXWxtsg.exe
  C:\Windows\System\qXWxtsg.exe
  2⤵
  PID:13192
- C:\Windows\System\HOfugGd.exe
  C:\Windows\System\HOfugGd.exe
  2⤵
  PID:13212
- C:\Windows\System\qHaCmTC.exe
  C:\Windows\System\qHaCmTC.exe
  2⤵
  PID:13240
- C:\Windows\System\lTfFzgC.exe
  C:\Windows\System\lTfFzgC.exe
  2⤵
  PID:13268
- C:\Windows\System\NegjubQ.exe
  C:\Windows\System\NegjubQ.exe
  2⤵
  PID:13284
- C:\Windows\System\fzJajcf.exe
  C:\Windows\System\fzJajcf.exe
  2⤵
  PID:12236
- C:\Windows\System\ImDyoiw.exe
  C:\Windows\System\ImDyoiw.exe
  2⤵
  PID:12344
- C:\Windows\System\LRkOdII.exe
  C:\Windows\System\LRkOdII.exe
  2⤵
  PID:12380
- C:\Windows\System\PDuyUYK.exe
  C:\Windows\System\PDuyUYK.exe
  2⤵
  PID:12472
- C:\Windows\System\EByfFnv.exe
  C:\Windows\System\EByfFnv.exe
  2⤵
  PID:12544
- C:\Windows\System\JxQIVzI.exe
  C:\Windows\System\JxQIVzI.exe
  2⤵
  PID:12612
- C:\Windows\System\vRAJWIE.exe
  C:\Windows\System\vRAJWIE.exe
  2⤵
  PID:12708
- C:\Windows\System\GAmrJla.exe
  C:\Windows\System\GAmrJla.exe
  2⤵
  PID:12700
- C:\Windows\System\tBLxAwZ.exe
  C:\Windows\System\tBLxAwZ.exe
  2⤵
  PID:12840
- C:\Windows\System\jyAZhVZ.exe
  C:\Windows\System\jyAZhVZ.exe
  2⤵
  PID:12824
- C:\Windows\System\wzyqRYw.exe
  C:\Windows\System\wzyqRYw.exe
  2⤵
  PID:12916
- C:\Windows\System\KpyNpzS.exe
  C:\Windows\System\KpyNpzS.exe
  2⤵
  PID:13004
- C:\Windows\System\AqukwCY.exe
  C:\Windows\System\AqukwCY.exe
  2⤵
  PID:13048
- C:\Windows\System\FvVLRrL.exe
  C:\Windows\System\FvVLRrL.exe
  2⤵
  PID:13120
- C:\Windows\System\TMeWAGY.exe
  C:\Windows\System\TMeWAGY.exe
  2⤵
  PID:13200
- C:\Windows\System\LJxHXqe.exe
  C:\Windows\System\LJxHXqe.exe
  2⤵
  PID:13252
- C:\Windows\System\UZjEOME.exe
  C:\Windows\System\UZjEOME.exe
  2⤵
  PID:13304
- C:\Windows\System\FLUeObc.exe
  C:\Windows\System\FLUeObc.exe
  2⤵
  PID:12492
- C:\Windows\System\MpEVGcF.exe
  C:\Windows\System\MpEVGcF.exe
  2⤵
  PID:12600
- C:\Windows\System\qaLyVZM.exe
  C:\Windows\System\qaLyVZM.exe
  2⤵
  PID:11720
- C:\Windows\System\gOzYgBl.exe
  C:\Windows\System\gOzYgBl.exe
  2⤵
  PID:12804
- C:\Windows\System\FsFMuQQ.exe
  C:\Windows\System\FsFMuQQ.exe
  2⤵
  PID:5060
- C:\Windows\System\LNJvwVI.exe
  C:\Windows\System\LNJvwVI.exe
  2⤵
  PID:13084
- C:\Windows\System\VvWJFQd.exe
  C:\Windows\System\VvWJFQd.exe
  2⤵
  PID:13232
- C:\Windows\System\BeDfkDC.exe
  C:\Windows\System\BeDfkDC.exe
  2⤵
  PID:13280
- C:\Windows\System\YpUcXXY.exe
  C:\Windows\System\YpUcXXY.exe
  2⤵
  PID:12948
- C:\Windows\System\lroAmlI.exe
  C:\Windows\System\lroAmlI.exe
  2⤵
  PID:13152
- C:\Windows\System\RiLZMxm.exe
  C:\Windows\System\RiLZMxm.exe
  2⤵
  PID:12556
- C:\Windows\System\cKLrNlo.exe
  C:\Windows\System\cKLrNlo.exe
  2⤵
  PID:13328
- C:\Windows\System\gXFrakH.exe
  C:\Windows\System\gXFrakH.exe
  2⤵
  PID:13352
- C:\Windows\System\mdwuVSD.exe
  C:\Windows\System\mdwuVSD.exe
  2⤵
  PID:13388
- C:\Windows\System\MmmaVsi.exe
  C:\Windows\System\MmmaVsi.exe
  2⤵
  PID:13420
- C:\Windows\System\WBAXYmM.exe
  C:\Windows\System\WBAXYmM.exe
  2⤵
  PID:13444
- C:\Windows\System\fcceMjK.exe
  C:\Windows\System\fcceMjK.exe
  2⤵
  PID:13472
- C:\Windows\System\EHAiUDx.exe
  C:\Windows\System\EHAiUDx.exe
  2⤵
  PID:13508
- C:\Windows\System\sZBKKcH.exe
  C:\Windows\System\sZBKKcH.exe
  2⤵
  PID:13536
- C:\Windows\System\rbNRgbS.exe
  C:\Windows\System\rbNRgbS.exe
  2⤵
  PID:13552
- C:\Windows\System\YzdJeQQ.exe
  C:\Windows\System\YzdJeQQ.exe
  2⤵
  PID:13576
- C:\Windows\System\GlnCkJw.exe
  C:\Windows\System\GlnCkJw.exe
  2⤵
  PID:13608
- C:\Windows\System\CZjUwmv.exe
  C:\Windows\System\CZjUwmv.exe
  2⤵
  PID:13632
- C:\Windows\System\MnOAqmv.exe
  C:\Windows\System\MnOAqmv.exe
  2⤵
  PID:13672
- C:\Windows\System\xgYSxjc.exe
  C:\Windows\System\xgYSxjc.exe
  2⤵
  PID:13692
- C:\Windows\System\AulDrDF.exe
  C:\Windows\System\AulDrDF.exe
  2⤵
  PID:13716
- C:\Windows\System\XiSJcTb.exe
  C:\Windows\System\XiSJcTb.exe
  2⤵
  PID:13748
- C:\Windows\System\PMfbTbl.exe
  C:\Windows\System\PMfbTbl.exe
  2⤵
  PID:13776
- C:\Windows\System\affofij.exe
  C:\Windows\System\affofij.exe
  2⤵
  PID:13792
- C:\Windows\System\oHnmJaq.exe
  C:\Windows\System\oHnmJaq.exe
  2⤵
  PID:13844
- C:\Windows\System\XOagaGc.exe
  C:\Windows\System\XOagaGc.exe
  2⤵
  PID:13860
- C:\Windows\System\PtpiQWU.exe
  C:\Windows\System\PtpiQWU.exe
  2⤵
  PID:13884
- C:\Windows\System\zPreifU.exe
  C:\Windows\System\zPreifU.exe
  2⤵
  PID:13928
- C:\Windows\System\ZbqusZR.exe
  C:\Windows\System\ZbqusZR.exe
  2⤵
  PID:13956
- C:\Windows\System\XXnTqtq.exe
  C:\Windows\System\XXnTqtq.exe
  2⤵
  PID:13984
- C:\Windows\System\MilliLf.exe
  C:\Windows\System\MilliLf.exe
  2⤵
  PID:14024
- C:\Windows\System\eebZCWc.exe
  C:\Windows\System\eebZCWc.exe
  2⤵
  PID:14040
- C:\Windows\System\vixTFQu.exe
  C:\Windows\System\vixTFQu.exe
  2⤵
  PID:14068
- C:\Windows\System\rcfWoer.exe
  C:\Windows\System\rcfWoer.exe
  2⤵
  PID:14096
- C:\Windows\System\IVapIEs.exe
  C:\Windows\System\IVapIEs.exe
  2⤵
  PID:14112
- C:\Windows\System\ETDWnce.exe
  C:\Windows\System\ETDWnce.exe
  2⤵
  PID:14140
- C:\Windows\System\BUKHxcE.exe
  C:\Windows\System\BUKHxcE.exe
  2⤵
  PID:14168
- C:\Windows\System\GHLiINW.exe
  C:\Windows\System\GHLiINW.exe
  2⤵
  PID:14188
- C:\Windows\System\jayYtGL.exe
  C:\Windows\System\jayYtGL.exe
  2⤵
  PID:14220
- C:\Windows\System\kbRYZPF.exe
  C:\Windows\System\kbRYZPF.exe
  2⤵
  PID:14252
- C:\Windows\System\JAlMqQI.exe
  C:\Windows\System\JAlMqQI.exe
  2⤵
  PID:14276
- C:\Windows\System\SycxXbd.exe
  C:\Windows\System\SycxXbd.exe
  2⤵
  PID:14308
- C:\Windows\System\RCDqoYZ.exe
  C:\Windows\System\RCDqoYZ.exe
  2⤵
  PID:14328
- C:\Windows\System\qhhNrgk.exe
  C:\Windows\System\qhhNrgk.exe
  2⤵
  PID:13316
- C:\Windows\System\YZYLnVz.exe
  C:\Windows\System\YZYLnVz.exe
  2⤵
  PID:13344
- C:\Windows\System\QdrAOJz.exe
  C:\Windows\System\QdrAOJz.exe
  2⤵
  PID:13460
- C:\Windows\System\plrMOVU.exe
  C:\Windows\System\plrMOVU.exe
  2⤵
  PID:13548
- C:\Windows\System\xIuWpbb.exe
  C:\Windows\System\xIuWpbb.exe
  2⤵
  PID:4724
- C:\Windows\System\CNzobkk.exe
  C:\Windows\System\CNzobkk.exe
  2⤵
  PID:13600
- C:\Windows\System\WkdPbvy.exe
  C:\Windows\System\WkdPbvy.exe
  2⤵
  PID:13628
- C:\Windows\System\MtpDcKK.exe
  C:\Windows\System\MtpDcKK.exe
  2⤵
  PID:13656
- C:\Windows\System\NAQwvcw.exe
  C:\Windows\System\NAQwvcw.exe
  2⤵
  PID:13764
- C:\Windows\System\bpcnfbe.exe
  C:\Windows\System\bpcnfbe.exe
  2⤵
  PID:13828
- C:\Windows\System\ITjLnxI.exe
  C:\Windows\System\ITjLnxI.exe
  2⤵
  PID:13896
- C:\Windows\System\qOdrJkg.exe
  C:\Windows\System\qOdrJkg.exe
  2⤵
  PID:13972
- C:\Windows\System\MmCLyRe.exe
  C:\Windows\System\MmCLyRe.exe
  2⤵
  PID:14084
- C:\Windows\System\tOlyOpJ.exe
  C:\Windows\System\tOlyOpJ.exe
  2⤵
  PID:14088
- C:\Windows\System\khtaJuZ.exe
  C:\Windows\System\khtaJuZ.exe
  2⤵
  PID:14208
- C:\Windows\System\KnTkDeb.exe
  C:\Windows\System\KnTkDeb.exe
  2⤵
  PID:14260
- C:\Windows\System\NkZbQun.exe
  C:\Windows\System\NkZbQun.exe
  2⤵
  PID:14268
- C:\Windows\System\zAnBXrY.exe
  C:\Windows\System\zAnBXrY.exe
  2⤵
  PID:13520
- C:\Windows\System\OnYAfym.exe
  C:\Windows\System\OnYAfym.exe
  2⤵
  PID:13492
- C:\Windows\System\IHIzZOb.exe
  C:\Windows\System\IHIzZOb.exe
  2⤵
  PID:2904
- C:\Windows\System\GFNMPIt.exe
  C:\Windows\System\GFNMPIt.exe
  2⤵
  PID:13728
- C:\Windows\System\rVdeusd.exe
  C:\Windows\System\rVdeusd.exe
  2⤵
  PID:13952
- C:\Windows\System\qRLDIOI.exe
  C:\Windows\System\qRLDIOI.exe
  2⤵
  PID:14292
- C:\Windows\System\hujlaNO.exe
  C:\Windows\System\hujlaNO.exe
  2⤵
  PID:14240
- C:\Windows\System\LoDQfAm.exe
  C:\Windows\System\LoDQfAm.exe
  2⤵
  PID:13380
- C:\Windows\System\kPhzJWF.exe
  C:\Windows\System\kPhzJWF.exe
  2⤵
  PID:13644
- C:\Windows\System\vwdYmZt.exe
  C:\Windows\System\vwdYmZt.exe
  2⤵
  PID:13996
- C:\Windows\System\bEQpPke.exe
  C:\Windows\System\bEQpPke.exe
  2⤵
  PID:14236
- C:\Windows\System\XzIlDZz.exe
  C:\Windows\System\XzIlDZz.exe
  2⤵
  PID:13868
- C:\Windows\System\TZkJqip.exe
  C:\Windows\System\TZkJqip.exe
  2⤵
  PID:14364
- C:\Windows\System\rSOclRc.exe
  C:\Windows\System\rSOclRc.exe
  2⤵
  PID:14392
- C:\Windows\System\OFPoAgP.exe
  C:\Windows\System\OFPoAgP.exe
  2⤵
  PID:14412
- C:\Windows\System\bAefvjH.exe
  C:\Windows\System\bAefvjH.exe
  2⤵
  PID:14452
- C:\Windows\System\iggkBRl.exe
  C:\Windows\System\iggkBRl.exe
  2⤵
  PID:14480
- C:\Windows\System\dawkSBc.exe
  C:\Windows\System\dawkSBc.exe
  2⤵
  PID:14508
- C:\Windows\System\mvZofdD.exe
  C:\Windows\System\mvZofdD.exe
  2⤵
  PID:14540

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\KNXSHoz.exe

Filesize
2.4MB

MD5
1efdc53321457b986a07a6439b093368

SHA1
548c4f26d431b42ef735b11c7a469b6f5b8bc6fc

SHA256
81cf68cff38af40ec9e73c9f18300c9ef5092ed499425b7900902df87b8dab5a

SHA512
e90d75c98f4800e907938edeec1d0ae79c6843ad81bb80e9331d6500af3054b5cc4a9b997e90450779d609631a188ee912bb66bd39738ad3cb5ca10229af7bf0

Download Submit
C:\Windows\System\LZVudSQ.exe

Filesize
2.4MB

MD5
ed4604a3daf0741492cf5be76b84e06a

SHA1
6734a19b69838ab79e3988e5bc67ff8346dbc05f

SHA256
2b8b2650b540773ea142eb3591f7b41b9d1515f826b436e80bc58e6236b7ab14

SHA512
6e8d563134250c4cc859ec1776db60ad3660f1204512f18d3df471769a5f392ca3d012550f0040c7423206118ab612389795762d0ba0f3dbb9faafb0781670dc

Download Submit
C:\Windows\System\MzMvohv.exe

Filesize
2.4MB

MD5
15830132aa251c49e09b1064f7f44333

SHA1
f093407614dbf0f61c7595d1f828e9ad7701271b

SHA256
9cc681e35d50d2e2a032de0aaa74a41b6620830dc6338356d0d81a54334aa2a5

SHA512
f127899981051f732f9cfdec5656f5e0d1adc69c7d9ef62f416bb725b5c3e3f31f290da785c52e59870e67e734cc34cd8a3ef2ae2458a09dee6d3d994cdb7592

Download Submit
C:\Windows\System\NPsdbTz.exe

Filesize
2.4MB

MD5
4ebf60e53e6333b67f4562661b93eae3

SHA1
bc4e4ecee94c3ef7bd6de65284ad8a73dea8bc8e

SHA256
5f0abecdfd519b1315103df5a95821aeeb1049bd6f027ae2670377090b0295d0

SHA512
49f2005a55fa874566a4a36ad5b2f36fbb9cdbb288badf3f9fa7371a63ccd8b4ba621c450c262be9ed90a8a603a092f11b65e2d1d7c077462ca2c1a8aefde35a

Download Submit
C:\Windows\System\NxfGxkM.exe

Filesize
2.4MB

MD5
fc93efeb9f11592b168521b6fbdc6237

SHA1
752cad679f906a136155c3eaa6e29f93f35057a0

SHA256
39913879f20002c870a11165ae4563090c49e3c566299092cde578a0065eebd6

SHA512
63309268ee187d51e9a556bce70d32c657c1cbb18a27b48e3ca276ed00daee3d3de7c51d5d7dd8b4df4575796c0a9bdf0ca0217d4b3fdec9a31b8bda34d888ec

Download Submit
C:\Windows\System\NywNeIN.exe

Filesize
2.4MB

MD5
ed0904ced44cf73cf13d9f070d00d682

SHA1
c283c5b1a027b85acd6ef3908279c603086b6d6e

SHA256
c293f71e507f16ee798c34a25362d636ce5c8cc8ad68681b8a8bdc0def6bbef6

SHA512
a9505895510920bf21666c13df084a50f45e8519f6ff945b61ebeacb99e441e10dac897279c5fd29e89eb58dc29a946a1bfaeb04a474cb5938594043cec2125a

Download Submit
C:\Windows\System\ROIvZRN.exe

Filesize
2.4MB

MD5
2502f9ac29d791962a9912dc6eaee876

SHA1
6bfe87152b0af051c33dd0587115ce5b660e4c0c

SHA256
9142e45908334eb425d4a3ff686ab8ca05d4b8b87957505570666c7ef4c54525

SHA512
ecc8b65e031b780190732b71400efb60c6042a36adb94e307c354c08bd4f9e6a33adc4a44b7f8b00f13bfbbee580f1c2ff3d0c9f24c1708d135fe8c765d62e37

Download Submit
C:\Windows\System\RkAmTIB.exe

Filesize
2.4MB

MD5
92272ae5f44300c802e43417fc32ca0e

SHA1
2959ccf36a806ed296fc18c130a96ade01527688

SHA256
c22e0ee436ef2bafd1c72d11f9864a815ea63eb0bcefa0ab12d47f43504933f0

SHA512
c470089b43a1ffdcb1721033437afd5a69b980498410187e0ad69b923fe0dfa8451704ef6eb356365c22f7220008ca092c4357fca762ed88a4bd77bce6f9d978

Download Submit
C:\Windows\System\SObOmqz.exe

Filesize
2.4MB

MD5
8f52f78b20b81583b025225dd02754fc

SHA1
7d59d87f315138000686eb04b5f548a57145b232

SHA256
65b369b4236b7e16df3cdd9ef2427314cff4071d501c84f3c5f4ac70b63806b2

SHA512
58b0d933ebbeab2ce4a23ed2601b084bbac9b42b88e958e187a850792483a571ff887d19f2fd9445ec980be384c0c3117d4bdc0f7243ee773da659ac1f03b7da

Download Submit
C:\Windows\System\SvbTiAl.exe

Filesize
2.4MB

MD5
0112651cf4a9dfe30c88f0651978ef34

SHA1
b8d3422a44716ee100ceab1702070a21da016985

SHA256
4bf34751db86340ff3a3c43ec1320375c857ec2b052a0ffebbbdd1b67add5c52

SHA512
5cac29e0d76a9505fab5a1d4ee818a3d4a4877431a3f458f78880600b33545ef17357b448f22be63dde980c9e70dba2e762212908656073e16ce50df8cacb9d5

Download Submit
C:\Windows\System\TRMlqOT.exe

Filesize
2.4MB

MD5
37db639502b90a4cdc8249691f6e9ea7

SHA1
c54d054a1fe271238fe1e6d39c949fe3476d13fc

SHA256
32cd7dffecdbd24c08310f4896c755a059cf068536e2e86198f078fea22162a3

SHA512
d6a211e708caf2ddfc404614a1054470354af163d73e86b59769c3954b6b82fe2ebde4e7aead6d0fc2c1babf27610d097deade51dd36f5510c45b702c7bce02f

Download Submit
C:\Windows\System\UxYMhzH.exe

Filesize
2.4MB

MD5
b78ef7a16abee89cb0959e91263d9c73

SHA1
9ba8507caf5349c4e6f6ec504c8022bb1218b8e3

SHA256
6763bae1365c10c8d88ed4ec0f06e69d77fd8e13738e1ede8826c7e182c5ad77

SHA512
0a4aca33658358626d53c3164eaf6c960650849057e7425f4797dc2e288ea626fb79f0c7b8cce5c01fa07f8c2543546466db5c2b69797b1435d1d3241eedfc37

Download Submit
C:\Windows\System\UzFWzYL.exe

Filesize
2.4MB

MD5
ef6502addc07a20b66601971fec3af4e

SHA1
02985023a84d984c46a154db8df02e1fdfa18d5f

SHA256
b68ff84f3924598aa2c5eae5a9ce97f1bd99967c73468651d35c373703510439

SHA512
c94558c6ae701ad543f2b474a9b3c8a9e7c14c3d700b70dddb9271e5a564021b67d74f3b7951d91bf4f11e6a34be9cb2644cab7293551367584e7131e2795e91

Download Submit
C:\Windows\System\atrQMaK.exe

Filesize
2.4MB

MD5
3bc106d44203dc2cbdaaf2fd311d50c8

SHA1
eadea3a2e73ac7da55eada6b34dcf8b137e1d0cd

SHA256
eba9d4c2771aea9d6d881ef71f6315fe0f49e3a8e4195ba53000dbf2f1dc2f1d

SHA512
658014e98328b3f57d22d336b9cf070fb2605a3364ce1d50c5862953765f2e5ee1d245c2cee49bd67f3396c97c513cef43c68ca663c4c7599108c9bd7d1a1fa7

Download Submit
C:\Windows\System\cGIeLmi.exe

Filesize
2.4MB

MD5
450645412a704f85158f225f9e231d7f

SHA1
0a2e409d102a82da79f53815fe26068c35c41a9d

SHA256
c0b7ef2cc26b6a08f9b8d9a2f63830df4b0c2c98020d3c0debe673f8e488c3fd

SHA512
28dcddee740656bd8940f86afde66c7d2c81d1a07049ee96d19231c681c7a48f9bf4593868603d0b5e79d28c9c9cc2b27414d38cfea79aedf8803349d430598f

Download Submit
C:\Windows\System\eYcDuyw.exe

Filesize
2.4MB

MD5
988fc14169630548a8716a2b490449b9

SHA1
7969c5e02a7c959a3c4e7e5d140bcac09c4f5244

SHA256
1374c990395532a46af6e10779ce94a9d36f378787d6a1928c033668b6dd99f9

SHA512
7806eb277ff986333d68585e1243c6e41693326763a19a3d952452bd78b92b65ed36f354227772613b1718e3e2e58b369a7d3922a23a9149e2c5b6c27d0e3792

Download Submit
C:\Windows\System\gvArVMD.exe

Filesize
2.4MB

MD5
fa79bdaf5d007d61535fc6002f3d359b

SHA1
fdaab3b596e7c3fd8cf39d762135a0e261964f3d

SHA256
939f9ed2a186a7418bb6c3e79b7d56aea51973ce0591193f0db42bfd420afcaf

SHA512
de172b0ae555abe5b734076cd599a1f62e34be3dc6ae368a3155c9902232e7fa40a5974c427250271a98175d70bb3e566fe6a40aa11c8cd4b49d3d44428ccfd0

Download Submit
C:\Windows\System\gynIcae.exe

Filesize
2.4MB

MD5
057e17e2232da81e04d9ad48a7ffd81d

SHA1
8a6c3425587a2ba8877004a2d6e94e5f17fbe161

SHA256
d3dd337e602ed1ca3e21a17e06359bd440495a9885ffd9a492589ff2e38d6115

SHA512
49a3084ea6271a69c9c75c9996a477ea5575c23c6a790b5b16555a225366d88e27d06458ba139fa6308c8ccc4cb0f421b5bd125d4419f27bdafd59942c14ff41

Download Submit
C:\Windows\System\iGmKgyZ.exe

Filesize
2.4MB

MD5
147fd27a917e8ef7358fb2eb8a1e85f8

SHA1
6c39ea02cb1001ad868cd0e0dec41de03983b010

SHA256
01ba5e05137dd16bdb6bb0ca3d31967ecb7c0d3435132ce5ecfd57395949a10e

SHA512
0adc9569c11188fcb9591c391cb164ac6ba233f2acd4ec3a5d685cad5425cf65c796e1b0d856970b5c3aa334df9e54aab349f7391d36aaa6f3c96edeaa5a03e9

Download Submit
C:\Windows\System\isbfwSA.exe

Filesize
2.4MB

MD5
9d8ff5186bc07a43d2827729e666f98a

SHA1
17a1998c98b5cbd66bc80f7a1ec1a9336680247b

SHA256
26db19ccd1dd588680e24602a87398c31882e387289c719a6d0ed076d6401b70

SHA512
76996315a7ec6a27ef523eaa0d7098fd97a8bbb873f991c4ce97669172fef5d5172cb637eed643021d4cd1ef7f0788b7b20b98134a700bafbecee4d1d6ec795c

Download Submit
C:\Windows\System\jPrxSwJ.exe

Filesize
2.4MB

MD5
e9b8c878f7da90ac6404d13d63572edf

SHA1
d3b26c8cbc4f060259d53150ad4bd9ff7fd4c438

SHA256
a71e8959e20ce76e8875f6759f2616852dad59e632409ee5e106f453b878a427

SHA512
beea1a04988db161ce2cc256d3fcb59504972d71dc853873cc520c4520e3a95f431465b4dd8227cd31bd83916ddada55f3542350913a6f2a9db5be84dc696e34

Download Submit
C:\Windows\System\jskZxnR.exe

Filesize
2.4MB

MD5
f4d20eeef7ab4f07337fe2f15e749ad7

SHA1
ac33db8c2e43136f39ff9d4be8a63d32bd9f34d9

SHA256
20b5c8573970b1f1876d78c2354679e9c5a6d0f66bfe04eb7161da1d86bdd7e3

SHA512
4d23630d1320fbc08ec54a330cca3c31de475be9147bbe5719f0cf4399b791ed48053a96da1c7c89802792ebbf2c98cfd850787ce82d4cd4b9d1a997db3229f4

Download Submit
C:\Windows\System\kJfZJca.exe

Filesize
2.4MB

MD5
0bd6e3e36ef000bffe69a88dae024f99

SHA1
0a613402a9495a4c64adee4598c92c469b7effe0

SHA256
33e12dc20702b0b07c42c7bec16981f5608091cf87749b4cb5ac65f4b172c764

SHA512
8cafe4178cbfbb6826992ae0f70ee3ff44dfb08038079b7061d8870b1f420b92538224b5010004c84e7fdafb87b65b9a57d872d98724fac46586c75987520c4a

Download Submit
C:\Windows\System\movFxdP.exe

Filesize
2.4MB

MD5
c6f1605a74c700118d9a108325295ee4

SHA1
7d544557739370d97033b8ad7cdfd977b62077d2

SHA256
ce9ba712cc188201eaed82b0c42fc1df862ebe90c3463115634e334a9f51f8e9

SHA512
8f873023234f6f596df88270f516803622bd465504676dccb2b27e24240a9411b16163f8c3869fb545e531ad4fa68b3487a069591aa47d6522a37c3df3e97c67

Download Submit
C:\Windows\System\myCsNRt.exe

Filesize
2.4MB

MD5
17132e309a702a27fd0d498b962c7690

SHA1
bbbde29de0084dd89f7477b76372e9a5f3b791c4

SHA256
638dd8d155bc7f01efea095f9898bd3472ed52ff8374f764712aa708847d7bc0

SHA512
103eacb76011f59d9fe4646aee831896cd0c2d294b6ebd9f963036d87cf3c79ed43c582e7c977044850abf9819176796e7fcc8861bc70249484fd0e6520f3ffe

Download Submit
C:\Windows\System\sDfynlD.exe

Filesize
2.4MB

MD5
ded5d27e52db5048ba2fcbca640a43aa

SHA1
ac7fdb6ad450ec07f4e5e5cd7e1df85efd7f3bf0

SHA256
7fcf9c6c744d56182692d2c7091f185e3d9573966b0148aabf706ef24f09d519

SHA512
d4479dc313f50b078522a2c1344975f42750162eeae1fcc3f75e1ebb9e76fc418c78322342217f02cba47b47c52a40b2b8ec32f794e3ad7090597df65422952c

Download Submit
C:\Windows\System\tLKPYCw.exe

Filesize
2.4MB

MD5
0675dd99a1fb0404f29f0be07ba0531b

SHA1
30f5be5d106784723834a9d01cab9d2896ecaafa

SHA256
29e92baf41e321ea30f2a54b6557a0bc404028f856d3b6468b0bbd16a5f05230

SHA512
640fc64fa1f151304dbcbbf933f1f960ea903e97b6c9f99364ebcdd8a8e861e1e4ed1263378138256229dbc00165af70a6ef8c31f60531a2bc88077c35090db9

Download Submit
C:\Windows\System\txdPtZC.exe

Filesize
2.4MB

MD5
99bef5059cba4a07642165e5286652ae

SHA1
a219898305010bce45850c407eb7ad2733d409e4

SHA256
704b4cb6f1d727aecc07c02788be8123c8c8c57bc67f09656ae7befdbb357dc5

SHA512
c574fdeb55beea237b8e7bceb6c19b2e69f8d6d65dfb9bb77b120d0d594d217d805b1abd8d0555923d2d918f7586b3b5bac1aab383b70c2818dc17c945549d1a

Download Submit
C:\Windows\System\vDLaIss.exe

Filesize
2.4MB

MD5
3fec90ed52b6b2cc122569804bfefb13

SHA1
1497f8570f83195329ae728f995e0ba9952e59a7

SHA256
dd451dd553f6754aa3af01e00768dfa0ecf1af95d1cdb97a711f3dad5bdcac33

SHA512
028476715f51c17a2ed69d43cb63027bb2b4019be13eabb42845dbadfe73a843dc2bfb3a016526cd1f5cdbec3c01d8e5b0c746ba62d7b4ef0c6a5c350bfbbb51

Download Submit
C:\Windows\System\vVGIzSh.exe

Filesize
2.4MB

MD5
8d6faadfffa73734a56b7c3c9421e64b

SHA1
a4837b00c141a31aa8b3b38a8956f82671150885

SHA256
01fd5dc252a684d4e9a7511a23d5918d33a3bfed5b41016a1a7f81b6255232ed

SHA512
e21ed149d0ff8488cca49c15fd0181a210f54672bb21592b8b38fc265d5c568d3b5602a23b65093661a258bf67cb95b7828bf26cc8f4623afd2232852b1bc271

Download Submit
C:\Windows\System\wRSnfVC.exe

Filesize
2.4MB

MD5
29c1dd1dd3fc2878b3f51630b8a6c389

SHA1
64f26a6e6d480cb89c26987a6a0f12cc3fcd98ab

SHA256
d828c87e8960e1ba9c1dc933d71de2f3fff5ee615e9f36be13fb5c753ac309c3

SHA512
782b6dacf7694517d644ec8a61049e44ed923330a70de99053c5460e77fc28ac02167ca35e606c2a9ea10c5d3c4b6a3b237acab1c8d49407411b48e9a151a05c

Download Submit
C:\Windows\System\wapIZtn.exe

Filesize
2.4MB

MD5
50fa1fc6044dc09d321df6819b09f9ab

SHA1
ef9914ffb19346641cea55a6d463fa46daab63ea

SHA256
d872cd1c026d28dc7753c0d39ab5088cc1917e37756d12064ca514568b689faa

SHA512
933c8dad5b08629b5eaf515047b4f172e4f82b83ba0ca5011756a554135e33cda071d773d220b669eefe88f9e64bc2603e20e80e3c8cc72bef8d9eacf8d37ec6

Download Submit
C:\Windows\System\yPlNZcg.exe

Filesize
2.4MB

MD5
394bce6b8c0299273602dc0def7ad358

SHA1
2b20391beb644696dde352c6162dd52265a149ba

SHA256
fd823750762085225f81045cc2eed2f0861f6ddae466f14f307ca438637efc0a

SHA512
c94d632bd64d2bcecee268c13295c7a44287472440ff6b9e2b2d23be6c417d9af5c7929a3728a7762e2fcde5eb64d87a7505b893144cf2889481de96d13e8f99

Download Submit
C:\Windows\System\yefkNVU.exe

Filesize
2.4MB

MD5
cd6ca0288858016f07d3be1abb1cbe40

SHA1
b15d07619c34d2281fca4592d47eb70c425dd518

SHA256
3cbebe735908c35cf1a35bb6049136fddaa82046de60625f9549032dff0db519

SHA512
87f49a1dcef3f7890a03a4f3222fdc72c6392ffccd4b5a8d2405820721201f9d50f50451c081ec10879c283a551cc4506462b9a506b26a5409d4e25f9ac3bdb8

Download Submit
memory/64-2137-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp

Filesize
3.3MB

Download
memory/64-142-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp

Filesize
3.3MB

Download
memory/232-144-0x00007FF73DBB0000-0x00007FF73DF04000-memory.dmp

Filesize
3.3MB

Download
memory/232-2142-0x00007FF73DBB0000-0x00007FF73DF04000-memory.dmp

Filesize
3.3MB

Download
memory/912-2118-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp

Filesize
3.3MB

Download
memory/912-166-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp

Filesize
3.3MB

Download
memory/912-2147-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-159-0x00007FF77D410000-0x00007FF77D764000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2145-0x00007FF77D410000-0x00007FF77D764000-memory.dmp

Filesize
3.3MB

Download
memory/1236-52-0x00007FF62BE60000-0x00007FF62C1B4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-2134-0x00007FF62BE60000-0x00007FF62C1B4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-2116-0x00007FF62BE60000-0x00007FF62C1B4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-44-0x00007FF6B8490000-0x00007FF6B87E4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2128-0x00007FF6B8490000-0x00007FF6B87E4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-2138-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-138-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-54-0x00007FF7F9D70000-0x00007FF7FA0C4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2131-0x00007FF7F9D70000-0x00007FF7FA0C4000-memory.dmp

Filesize
3.3MB

Download
memory/1564-11-0x00007FF727BA0000-0x00007FF727EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1564-2119-0x00007FF727BA0000-0x00007FF727EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1564-1143-0x00007FF727BA0000-0x00007FF727EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-137-0x00007FF7D0E70000-0x00007FF7D11C4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2130-0x00007FF7D0E70000-0x00007FF7D11C4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-2141-0x00007FF6B2160000-0x00007FF6B24B4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-139-0x00007FF6B2160000-0x00007FF6B24B4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2127-0x00007FF6A0530000-0x00007FF6A0884000-memory.dmp

Filesize
3.3MB

Download
memory/2008-130-0x00007FF6A0530000-0x00007FF6A0884000-memory.dmp

Filesize
3.3MB

Download
memory/2512-17-0x00007FF708E70000-0x00007FF7091C4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2120-0x00007FF708E70000-0x00007FF7091C4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1154-0x00007FF708E70000-0x00007FF7091C4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2135-0x00007FF7290F0000-0x00007FF729444000-memory.dmp

Filesize
3.3MB

Download
memory/2776-135-0x00007FF7290F0000-0x00007FF729444000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2123-0x00007FF6669E0000-0x00007FF666D34000-memory.dmp

Filesize
3.3MB

Download
memory/3016-56-0x00007FF6669E0000-0x00007FF666D34000-memory.dmp

Filesize
3.3MB

Download
memory/3288-2124-0x00007FF755E00000-0x00007FF756154000-memory.dmp

Filesize
3.3MB

Download
memory/3288-119-0x00007FF755E00000-0x00007FF756154000-memory.dmp

Filesize
3.3MB

Download
memory/3472-31-0x00007FF79FCB0000-0x00007FF7A0004000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2115-0x00007FF79FCB0000-0x00007FF7A0004000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2122-0x00007FF79FCB0000-0x00007FF7A0004000-memory.dmp

Filesize
3.3MB

Download
memory/3520-1-0x000001AFF4BF0000-0x000001AFF4C00000-memory.dmp

Filesize
64KB

Download
memory/3520-1139-0x00007FF76C260000-0x00007FF76C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/3520-0-0x00007FF76C260000-0x00007FF76C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-188-0x00007FF6D5B80000-0x00007FF6D5ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2144-0x00007FF6D5B80000-0x00007FF6D5ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2148-0x00007FF6D5B80000-0x00007FF6D5ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2133-0x00007FF671CF0000-0x00007FF672044000-memory.dmp

Filesize
3.3MB

Download
memory/3928-146-0x00007FF671CF0000-0x00007FF672044000-memory.dmp

Filesize
3.3MB

Download
memory/4232-141-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2140-0x00007FF75A960000-0x00007FF75ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-118-0x00007FF601DC0000-0x00007FF602114000-memory.dmp

Filesize
3.3MB

Download
memory/4248-2129-0x00007FF601DC0000-0x00007FF602114000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2121-0x00007FF713160000-0x00007FF7134B4000-memory.dmp

Filesize
3.3MB

Download
memory/4336-26-0x00007FF713160000-0x00007FF7134B4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2126-0x00007FF68C810000-0x00007FF68CB64000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2117-0x00007FF68C810000-0x00007FF68CB64000-memory.dmp

Filesize
3.3MB

Download
memory/4572-81-0x00007FF68C810000-0x00007FF68CB64000-memory.dmp

Filesize
3.3MB

Download
memory/4652-2136-0x00007FF6EE520000-0x00007FF6EE874000-memory.dmp

Filesize
3.3MB

Download
memory/4652-140-0x00007FF6EE520000-0x00007FF6EE874000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2132-0x00007FF652260000-0x00007FF6525B4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-136-0x00007FF652260000-0x00007FF6525B4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-145-0x00007FF7513A0000-0x00007FF7516F4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2125-0x00007FF7513A0000-0x00007FF7516F4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2146-0x00007FF7B7940000-0x00007FF7B7C94000-memory.dmp

Filesize
3.3MB

Download
memory/4888-172-0x00007FF7B7940000-0x00007FF7B7C94000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2139-0x00007FF786B20000-0x00007FF786E74000-memory.dmp

Filesize
3.3MB

Download
memory/4964-143-0x00007FF786B20000-0x00007FF786E74000-memory.dmp

Filesize
3.3MB

Download
memory/5056-178-0x00007FF6656E0000-0x00007FF665A34000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2143-0x00007FF6656E0000-0x00007FF665A34000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2149-0x00007FF6656E0000-0x00007FF665A34000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads