xmrig | dc9edf32d609de6c38f7fb262143de8f9cd64c426d097a7e272daf98968594d8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
Size

1.7MB
MD5

237feed48c0a3dcafe978a9283ba5d00
SHA1

f6ea1f3e94fe5ea46900ed4b910ed845ecd3d019
SHA256

dc9edf32d609de6c38f7fb262143de8f9cd64c426d097a7e272daf98968594d8
SHA512

47b62d2bbe51ea7a7076d0ad1da309998827df736a92f35a028c73f4376fd1350df28e9bc4d2e6f8ec37363c895dea8bba660c72bee62fc76a3c760cd21cf4a8
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD5Mk:BemTLkNdfE0pZrq

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4092-0-0x00007FF752140000-0x00007FF752494000-memory.dmp	xmrig
behavioral2/files/0x0009000000023471-4.dat	xmrig
behavioral2/files/0x0007000000023478-12.dat	xmrig
behavioral2/memory/1200-14-0x00007FF6F64E0000-0x00007FF6F6834000-memory.dmp	xmrig
behavioral2/files/0x000700000002347b-26.dat	xmrig
behavioral2/memory/1848-793-0x00007FF662330000-0x00007FF662684000-memory.dmp	xmrig
behavioral2/memory/1564-796-0x00007FF6F7530000-0x00007FF6F7884000-memory.dmp	xmrig
behavioral2/memory/2820-802-0x00007FF7CAC30000-0x00007FF7CAF84000-memory.dmp	xmrig
behavioral2/memory/3848-805-0x00007FF76BFF0000-0x00007FF76C344000-memory.dmp	xmrig
behavioral2/memory/1960-807-0x00007FF73CB50000-0x00007FF73CEA4000-memory.dmp	xmrig
behavioral2/memory/4928-809-0x00007FF75B810000-0x00007FF75BB64000-memory.dmp	xmrig
behavioral2/memory/2704-808-0x00007FF6AFD40000-0x00007FF6B0094000-memory.dmp	xmrig
behavioral2/memory/4692-806-0x00007FF7F55F0000-0x00007FF7F5944000-memory.dmp	xmrig
behavioral2/memory/4640-804-0x00007FF7DA390000-0x00007FF7DA6E4000-memory.dmp	xmrig
behavioral2/memory/1684-803-0x00007FF6DB3B0000-0x00007FF6DB704000-memory.dmp	xmrig
behavioral2/memory/2224-801-0x00007FF6D9880000-0x00007FF6D9BD4000-memory.dmp	xmrig
behavioral2/memory/2364-791-0x00007FF7A9420000-0x00007FF7A9774000-memory.dmp	xmrig
behavioral2/memory/3976-788-0x00007FF691690000-0x00007FF6919E4000-memory.dmp	xmrig
behavioral2/memory/3600-787-0x00007FF782400000-0x00007FF782754000-memory.dmp	xmrig
behavioral2/memory/4992-774-0x00007FF6C55E0000-0x00007FF6C5934000-memory.dmp	xmrig
behavioral2/memory/1328-770-0x00007FF6B4040000-0x00007FF6B4394000-memory.dmp	xmrig
behavioral2/memory/1132-766-0x00007FF766F90000-0x00007FF7672E4000-memory.dmp	xmrig
behavioral2/memory/884-765-0x00007FF7BB010000-0x00007FF7BB364000-memory.dmp	xmrig
behavioral2/memory/4112-762-0x00007FF77F720000-0x00007FF77FA74000-memory.dmp	xmrig
behavioral2/memory/3912-759-0x00007FF7D8DB0000-0x00007FF7D9104000-memory.dmp	xmrig
behavioral2/memory/3664-749-0x00007FF697FD0000-0x00007FF698324000-memory.dmp	xmrig
behavioral2/memory/5088-752-0x00007FF7E4200000-0x00007FF7E4554000-memory.dmp	xmrig
behavioral2/memory/4116-741-0x00007FF634940000-0x00007FF634C94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023497-169.dat	xmrig
behavioral2/files/0x0007000000023495-167.dat	xmrig
behavioral2/files/0x0007000000023496-164.dat	xmrig
behavioral2/files/0x0007000000023494-162.dat	xmrig
behavioral2/files/0x0007000000023493-157.dat	xmrig
behavioral2/files/0x0007000000023492-152.dat	xmrig
behavioral2/files/0x0007000000023491-147.dat	xmrig
behavioral2/files/0x0007000000023490-142.dat	xmrig
behavioral2/files/0x000700000002348f-137.dat	xmrig
behavioral2/files/0x000700000002348e-132.dat	xmrig
behavioral2/files/0x000700000002348d-127.dat	xmrig
behavioral2/files/0x000700000002348c-122.dat	xmrig
behavioral2/files/0x000700000002348b-117.dat	xmrig
behavioral2/files/0x000700000002348a-112.dat	xmrig
behavioral2/files/0x0007000000023489-107.dat	xmrig
behavioral2/files/0x0007000000023488-102.dat	xmrig
behavioral2/files/0x0007000000023487-97.dat	xmrig
behavioral2/files/0x0007000000023486-92.dat	xmrig
behavioral2/files/0x0007000000023485-87.dat	xmrig
behavioral2/files/0x0007000000023484-82.dat	xmrig
behavioral2/files/0x0007000000023483-77.dat	xmrig
behavioral2/files/0x0007000000023482-70.dat	xmrig
behavioral2/files/0x0007000000023481-65.dat	xmrig
behavioral2/files/0x0007000000023480-60.dat	xmrig
behavioral2/files/0x000700000002347f-55.dat	xmrig
behavioral2/files/0x000700000002347e-50.dat	xmrig
behavioral2/files/0x000700000002347d-47.dat	xmrig
behavioral2/memory/652-37-0x00007FF6A88C0000-0x00007FF6A8C14000-memory.dmp	xmrig
behavioral2/memory/3368-36-0x00007FF73E830000-0x00007FF73EB84000-memory.dmp	xmrig
behavioral2/files/0x000700000002347c-33.dat	xmrig
behavioral2/memory/4496-30-0x00007FF7A1200000-0x00007FF7A1554000-memory.dmp	xmrig
behavioral2/files/0x000700000002347a-29.dat	xmrig
behavioral2/memory/1048-28-0x00007FF76B050000-0x00007FF76B3A4000-memory.dmp	xmrig
behavioral2/memory/1164-17-0x00007FF7190F0000-0x00007FF719444000-memory.dmp	xmrig
behavioral2/files/0x0007000000023479-19.dat	xmrig
behavioral2/memory/1200-2108-0x00007FF6F64E0000-0x00007FF6F6834000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1200	fmWnVLn.exe
1048	suDiiIs.exe
1164	ikskkGC.exe
4496	yCcBctx.exe
3368	CLnFQEb.exe
652	fsXyOae.exe
4116	Savzcqp.exe
3664	FlnkPGV.exe
5088	SpVviOb.exe
3912	pmRYQdP.exe
4112	gVJrBXO.exe
884	aXoScux.exe
1132	jORXxiH.exe
1328	GLpniFS.exe
4992	hEClTYn.exe
3600	uNDqIbn.exe
3976	ruYquOM.exe
2364	gmbaAIh.exe
1848	MurObGy.exe
1564	ggislVx.exe
2224	CUHozZM.exe
2820	MmsxPyV.exe
1684	NyILCpw.exe
4640	vguRsdc.exe
3848	fyFLJqU.exe
4692	zsEluMW.exe
1960	DnzqcDu.exe
2704	KOudCuh.exe
4928	urroZDf.exe
3932	zfRAfQS.exe
2552	FNrCPdg.exe
3504	OlBQXWC.exe
2068	LTFwLIu.exe
4276	bSOfzKO.exe
3648	OLwMmOz.exe
5012	MamzNjz.exe
4024	AhQLVkK.exe
3956	kuLcLBY.exe
4736	ehtpSkt.exe
3916	ISThAbO.exe
3496	NvDdcOE.exe
2088	NgxdqVT.exe
208	QXcqHys.exe
1312	XbewADf.exe
3556	WNJeUzn.exe
4332	AOCrRqT.exe
4324	uhAHoSn.exe
4480	fnzyWIV.exe
3484	ZZTXLAm.exe
2700	xvfFoWz.exe
1264	XrihAHw.exe
2804	GSiQpgS.exe
4652	gSMItAN.exe
4244	rpVtexx.exe
4136	WWYDhUl.exe
3688	ILkAwah.exe
4772	EwjUbtk.exe
4848	WxWODev.exe
3700	SEBdqMQ.exe
388	aupaSOh.exe
4676	AnuNmpn.exe
4644	FjUJrKT.exe
3392	nHxpLkG.exe
4936	GflOBWa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4092-0-0x00007FF752140000-0x00007FF752494000-memory.dmp	upx
behavioral2/files/0x0009000000023471-4.dat	upx
behavioral2/files/0x0007000000023478-12.dat	upx
behavioral2/memory/1200-14-0x00007FF6F64E0000-0x00007FF6F6834000-memory.dmp	upx
behavioral2/files/0x000700000002347b-26.dat	upx
behavioral2/memory/1848-793-0x00007FF662330000-0x00007FF662684000-memory.dmp	upx
behavioral2/memory/1564-796-0x00007FF6F7530000-0x00007FF6F7884000-memory.dmp	upx
behavioral2/memory/2820-802-0x00007FF7CAC30000-0x00007FF7CAF84000-memory.dmp	upx
behavioral2/memory/3848-805-0x00007FF76BFF0000-0x00007FF76C344000-memory.dmp	upx
behavioral2/memory/1960-807-0x00007FF73CB50000-0x00007FF73CEA4000-memory.dmp	upx
behavioral2/memory/4928-809-0x00007FF75B810000-0x00007FF75BB64000-memory.dmp	upx
behavioral2/memory/2704-808-0x00007FF6AFD40000-0x00007FF6B0094000-memory.dmp	upx
behavioral2/memory/4692-806-0x00007FF7F55F0000-0x00007FF7F5944000-memory.dmp	upx
behavioral2/memory/4640-804-0x00007FF7DA390000-0x00007FF7DA6E4000-memory.dmp	upx
behavioral2/memory/1684-803-0x00007FF6DB3B0000-0x00007FF6DB704000-memory.dmp	upx
behavioral2/memory/2224-801-0x00007FF6D9880000-0x00007FF6D9BD4000-memory.dmp	upx
behavioral2/memory/2364-791-0x00007FF7A9420000-0x00007FF7A9774000-memory.dmp	upx
behavioral2/memory/3976-788-0x00007FF691690000-0x00007FF6919E4000-memory.dmp	upx
behavioral2/memory/3600-787-0x00007FF782400000-0x00007FF782754000-memory.dmp	upx
behavioral2/memory/4992-774-0x00007FF6C55E0000-0x00007FF6C5934000-memory.dmp	upx
behavioral2/memory/1328-770-0x00007FF6B4040000-0x00007FF6B4394000-memory.dmp	upx
behavioral2/memory/1132-766-0x00007FF766F90000-0x00007FF7672E4000-memory.dmp	upx
behavioral2/memory/884-765-0x00007FF7BB010000-0x00007FF7BB364000-memory.dmp	upx
behavioral2/memory/4112-762-0x00007FF77F720000-0x00007FF77FA74000-memory.dmp	upx
behavioral2/memory/3912-759-0x00007FF7D8DB0000-0x00007FF7D9104000-memory.dmp	upx
behavioral2/memory/3664-749-0x00007FF697FD0000-0x00007FF698324000-memory.dmp	upx
behavioral2/memory/5088-752-0x00007FF7E4200000-0x00007FF7E4554000-memory.dmp	upx
behavioral2/memory/4116-741-0x00007FF634940000-0x00007FF634C94000-memory.dmp	upx
behavioral2/files/0x0007000000023497-169.dat	upx
behavioral2/files/0x0007000000023495-167.dat	upx
behavioral2/files/0x0007000000023496-164.dat	upx
behavioral2/files/0x0007000000023494-162.dat	upx
behavioral2/files/0x0007000000023493-157.dat	upx
behavioral2/files/0x0007000000023492-152.dat	upx
behavioral2/files/0x0007000000023491-147.dat	upx
behavioral2/files/0x0007000000023490-142.dat	upx
behavioral2/files/0x000700000002348f-137.dat	upx
behavioral2/files/0x000700000002348e-132.dat	upx
behavioral2/files/0x000700000002348d-127.dat	upx
behavioral2/files/0x000700000002348c-122.dat	upx
behavioral2/files/0x000700000002348b-117.dat	upx
behavioral2/files/0x000700000002348a-112.dat	upx
behavioral2/files/0x0007000000023489-107.dat	upx
behavioral2/files/0x0007000000023488-102.dat	upx
behavioral2/files/0x0007000000023487-97.dat	upx
behavioral2/files/0x0007000000023486-92.dat	upx
behavioral2/files/0x0007000000023485-87.dat	upx
behavioral2/files/0x0007000000023484-82.dat	upx
behavioral2/files/0x0007000000023483-77.dat	upx
behavioral2/files/0x0007000000023482-70.dat	upx
behavioral2/files/0x0007000000023481-65.dat	upx
behavioral2/files/0x0007000000023480-60.dat	upx
behavioral2/files/0x000700000002347f-55.dat	upx
behavioral2/files/0x000700000002347e-50.dat	upx
behavioral2/files/0x000700000002347d-47.dat	upx
behavioral2/memory/652-37-0x00007FF6A88C0000-0x00007FF6A8C14000-memory.dmp	upx
behavioral2/memory/3368-36-0x00007FF73E830000-0x00007FF73EB84000-memory.dmp	upx
behavioral2/files/0x000700000002347c-33.dat	upx
behavioral2/memory/4496-30-0x00007FF7A1200000-0x00007FF7A1554000-memory.dmp	upx
behavioral2/files/0x000700000002347a-29.dat	upx
behavioral2/memory/1048-28-0x00007FF76B050000-0x00007FF76B3A4000-memory.dmp	upx
behavioral2/memory/1164-17-0x00007FF7190F0000-0x00007FF719444000-memory.dmp	upx
behavioral2/files/0x0007000000023479-19.dat	upx
behavioral2/memory/1200-2108-0x00007FF6F64E0000-0x00007FF6F6834000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fMzJiOO.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\jlFLACH.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\SIhbDEP.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\PftxboV.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\WuIDrRF.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\WxWODev.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\wlemXzc.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\slvvNrJ.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\lwuFKWR.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\MglrDkD.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\TCWSdeR.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\YVxaexE.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\zciqpQq.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\McQDmGz.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\KxONjMf.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\HWveYfj.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ODFgEls.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\oCkmJnN.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\JFXCMst.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\OMSnPhM.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ALgmIZY.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ruYquOM.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ZeSqCtH.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\kkWMGrR.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\UVaNpbn.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\UPltNKa.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\PtLdyYk.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\GLpniFS.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\BObweLX.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ECJFfyZ.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\hKEMXfX.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\MwYVcWO.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\gkORVpt.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\WuiIdGv.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\qijmLTl.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\RBZxZdE.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\wYWCoVE.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\apKlBoP.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\hxYIsRs.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\rhMOSOV.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ieuFfHo.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ZiNfrgJ.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\mEzfjCW.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\EiVktWg.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ILkAwah.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\VEikqvj.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\uWuPqXk.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\IXVKITo.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\jEmkTIl.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\HtOIZYg.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\wMNumna.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ikBIRnd.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\ZgxQkru.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\fUOQcpe.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\xiLcKTB.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\qpnQmMf.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\pwedHSc.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\UGrGWFr.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\xvKLFLo.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\vOfJIEz.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\lqQTmTb.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\jaaxAZe.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\IPcsLXa.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
File created	C:\Windows\System\LYSJMEh.exe	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3164	dwm.exe
Token: SeChangeNotifyPrivilege	3164	dwm.exe
Token: 33	3164	dwm.exe
Token: SeIncBasePriorityPrivilege	3164	dwm.exe
Token: SeShutdownPrivilege	3164	dwm.exe
Token: SeCreatePagefilePrivilege	3164	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 1200	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	84
PID 4092 wrote to memory of 1200	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	84
PID 4092 wrote to memory of 1048	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	85
PID 4092 wrote to memory of 1048	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	85
PID 4092 wrote to memory of 1164	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	86
PID 4092 wrote to memory of 1164	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	86
PID 4092 wrote to memory of 4496	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	87
PID 4092 wrote to memory of 4496	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	87
PID 4092 wrote to memory of 3368	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	88
PID 4092 wrote to memory of 3368	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	88
PID 4092 wrote to memory of 652	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	89
PID 4092 wrote to memory of 652	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	89
PID 4092 wrote to memory of 4116	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	90
PID 4092 wrote to memory of 4116	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	90
PID 4092 wrote to memory of 3664	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	91
PID 4092 wrote to memory of 3664	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	91
PID 4092 wrote to memory of 5088	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	92
PID 4092 wrote to memory of 5088	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	92
PID 4092 wrote to memory of 3912	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	93
PID 4092 wrote to memory of 3912	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	93
PID 4092 wrote to memory of 4112	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	94
PID 4092 wrote to memory of 4112	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	94
PID 4092 wrote to memory of 884	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	95
PID 4092 wrote to memory of 884	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	95
PID 4092 wrote to memory of 1132	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	96
PID 4092 wrote to memory of 1132	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	96
PID 4092 wrote to memory of 1328	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	97
PID 4092 wrote to memory of 1328	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	97
PID 4092 wrote to memory of 4992	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	98
PID 4092 wrote to memory of 4992	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	98
PID 4092 wrote to memory of 3600	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	99
PID 4092 wrote to memory of 3600	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	99
PID 4092 wrote to memory of 3976	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	100
PID 4092 wrote to memory of 3976	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	100
PID 4092 wrote to memory of 2364	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	101
PID 4092 wrote to memory of 2364	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	101
PID 4092 wrote to memory of 1848	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	102
PID 4092 wrote to memory of 1848	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	102
PID 4092 wrote to memory of 1564	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	103
PID 4092 wrote to memory of 1564	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	103
PID 4092 wrote to memory of 2224	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	104
PID 4092 wrote to memory of 2224	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	104
PID 4092 wrote to memory of 2820	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	105
PID 4092 wrote to memory of 2820	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	105
PID 4092 wrote to memory of 1684	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	106
PID 4092 wrote to memory of 1684	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	106
PID 4092 wrote to memory of 4640	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	107
PID 4092 wrote to memory of 4640	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	107
PID 4092 wrote to memory of 3848	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	108
PID 4092 wrote to memory of 3848	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	108
PID 4092 wrote to memory of 4692	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	109
PID 4092 wrote to memory of 4692	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	109
PID 4092 wrote to memory of 1960	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	110
PID 4092 wrote to memory of 1960	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	110
PID 4092 wrote to memory of 2704	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	111
PID 4092 wrote to memory of 2704	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	111
PID 4092 wrote to memory of 4928	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	112
PID 4092 wrote to memory of 4928	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	112
PID 4092 wrote to memory of 3932	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	113
PID 4092 wrote to memory of 3932	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	113
PID 4092 wrote to memory of 2552	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	114
PID 4092 wrote to memory of 2552	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	114
PID 4092 wrote to memory of 3504	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	115
PID 4092 wrote to memory of 3504	4092	237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\237feed48c0a3dcafe978a9283ba5d00_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Windows\System\fmWnVLn.exe
  C:\Windows\System\fmWnVLn.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\suDiiIs.exe
  C:\Windows\System\suDiiIs.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\ikskkGC.exe
  C:\Windows\System\ikskkGC.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\yCcBctx.exe
  C:\Windows\System\yCcBctx.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\CLnFQEb.exe
  C:\Windows\System\CLnFQEb.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\fsXyOae.exe
  C:\Windows\System\fsXyOae.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\Savzcqp.exe
  C:\Windows\System\Savzcqp.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\FlnkPGV.exe
  C:\Windows\System\FlnkPGV.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\SpVviOb.exe
  C:\Windows\System\SpVviOb.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\pmRYQdP.exe
  C:\Windows\System\pmRYQdP.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\gVJrBXO.exe
  C:\Windows\System\gVJrBXO.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\aXoScux.exe
  C:\Windows\System\aXoScux.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\jORXxiH.exe
  C:\Windows\System\jORXxiH.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\GLpniFS.exe
  C:\Windows\System\GLpniFS.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\hEClTYn.exe
  C:\Windows\System\hEClTYn.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\uNDqIbn.exe
  C:\Windows\System\uNDqIbn.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\ruYquOM.exe
  C:\Windows\System\ruYquOM.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\gmbaAIh.exe
  C:\Windows\System\gmbaAIh.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\MurObGy.exe
  C:\Windows\System\MurObGy.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\ggislVx.exe
  C:\Windows\System\ggislVx.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\CUHozZM.exe
  C:\Windows\System\CUHozZM.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\MmsxPyV.exe
  C:\Windows\System\MmsxPyV.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\NyILCpw.exe
  C:\Windows\System\NyILCpw.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\vguRsdc.exe
  C:\Windows\System\vguRsdc.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\fyFLJqU.exe
  C:\Windows\System\fyFLJqU.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\zsEluMW.exe
  C:\Windows\System\zsEluMW.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\DnzqcDu.exe
  C:\Windows\System\DnzqcDu.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\KOudCuh.exe
  C:\Windows\System\KOudCuh.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\urroZDf.exe
  C:\Windows\System\urroZDf.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\zfRAfQS.exe
  C:\Windows\System\zfRAfQS.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\FNrCPdg.exe
  C:\Windows\System\FNrCPdg.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\OlBQXWC.exe
  C:\Windows\System\OlBQXWC.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\LTFwLIu.exe
  C:\Windows\System\LTFwLIu.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\bSOfzKO.exe
  C:\Windows\System\bSOfzKO.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\OLwMmOz.exe
  C:\Windows\System\OLwMmOz.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\MamzNjz.exe
  C:\Windows\System\MamzNjz.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\AhQLVkK.exe
  C:\Windows\System\AhQLVkK.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\kuLcLBY.exe
  C:\Windows\System\kuLcLBY.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\ehtpSkt.exe
  C:\Windows\System\ehtpSkt.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\ISThAbO.exe
  C:\Windows\System\ISThAbO.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\NvDdcOE.exe
  C:\Windows\System\NvDdcOE.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\NgxdqVT.exe
  C:\Windows\System\NgxdqVT.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\QXcqHys.exe
  C:\Windows\System\QXcqHys.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\XbewADf.exe
  C:\Windows\System\XbewADf.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\WNJeUzn.exe
  C:\Windows\System\WNJeUzn.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\AOCrRqT.exe
  C:\Windows\System\AOCrRqT.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\uhAHoSn.exe
  C:\Windows\System\uhAHoSn.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\fnzyWIV.exe
  C:\Windows\System\fnzyWIV.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\ZZTXLAm.exe
  C:\Windows\System\ZZTXLAm.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\xvfFoWz.exe
  C:\Windows\System\xvfFoWz.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\XrihAHw.exe
  C:\Windows\System\XrihAHw.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\GSiQpgS.exe
  C:\Windows\System\GSiQpgS.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\gSMItAN.exe
  C:\Windows\System\gSMItAN.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\rpVtexx.exe
  C:\Windows\System\rpVtexx.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\WWYDhUl.exe
  C:\Windows\System\WWYDhUl.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\ILkAwah.exe
  C:\Windows\System\ILkAwah.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\EwjUbtk.exe
  C:\Windows\System\EwjUbtk.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\WxWODev.exe
  C:\Windows\System\WxWODev.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\SEBdqMQ.exe
  C:\Windows\System\SEBdqMQ.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\aupaSOh.exe
  C:\Windows\System\aupaSOh.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\AnuNmpn.exe
  C:\Windows\System\AnuNmpn.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\FjUJrKT.exe
  C:\Windows\System\FjUJrKT.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\nHxpLkG.exe
  C:\Windows\System\nHxpLkG.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\GflOBWa.exe
  C:\Windows\System\GflOBWa.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\MglrDkD.exe
  C:\Windows\System\MglrDkD.exe
  2⤵
  PID:2964
- C:\Windows\System\YQdozAx.exe
  C:\Windows\System\YQdozAx.exe
  2⤵
  PID:620
- C:\Windows\System\zZxprDO.exe
  C:\Windows\System\zZxprDO.exe
  2⤵
  PID:2324
- C:\Windows\System\BJuXvbD.exe
  C:\Windows\System\BJuXvbD.exe
  2⤵
  PID:3052
- C:\Windows\System\LYSJMEh.exe
  C:\Windows\System\LYSJMEh.exe
  2⤵
  PID:1888
- C:\Windows\System\PUwNdGu.exe
  C:\Windows\System\PUwNdGu.exe
  2⤵
  PID:5140
- C:\Windows\System\DeOdGbJ.exe
  C:\Windows\System\DeOdGbJ.exe
  2⤵
  PID:5168
- C:\Windows\System\fQbolTC.exe
  C:\Windows\System\fQbolTC.exe
  2⤵
  PID:5196
- C:\Windows\System\hpyGiJT.exe
  C:\Windows\System\hpyGiJT.exe
  2⤵
  PID:5224
- C:\Windows\System\geLrUCl.exe
  C:\Windows\System\geLrUCl.exe
  2⤵
  PID:5260
- C:\Windows\System\RaQQTou.exe
  C:\Windows\System\RaQQTou.exe
  2⤵
  PID:5288
- C:\Windows\System\wXFjqOR.exe
  C:\Windows\System\wXFjqOR.exe
  2⤵
  PID:5316
- C:\Windows\System\vXDHkBs.exe
  C:\Windows\System\vXDHkBs.exe
  2⤵
  PID:5348
- C:\Windows\System\bpPprCu.exe
  C:\Windows\System\bpPprCu.exe
  2⤵
  PID:5372
- C:\Windows\System\doVlRQB.exe
  C:\Windows\System\doVlRQB.exe
  2⤵
  PID:5404
- C:\Windows\System\TnKAYGh.exe
  C:\Windows\System\TnKAYGh.exe
  2⤵
  PID:5432
- C:\Windows\System\iRQZnSz.exe
  C:\Windows\System\iRQZnSz.exe
  2⤵
  PID:5460
- C:\Windows\System\DIqGwuR.exe
  C:\Windows\System\DIqGwuR.exe
  2⤵
  PID:5476
- C:\Windows\System\TkgvLCu.exe
  C:\Windows\System\TkgvLCu.exe
  2⤵
  PID:5492
- C:\Windows\System\vxgrhML.exe
  C:\Windows\System\vxgrhML.exe
  2⤵
  PID:5524
- C:\Windows\System\FzvqWiY.exe
  C:\Windows\System\FzvqWiY.exe
  2⤵
  PID:5560
- C:\Windows\System\ivbERFg.exe
  C:\Windows\System\ivbERFg.exe
  2⤵
  PID:5588
- C:\Windows\System\RbyCkCk.exe
  C:\Windows\System\RbyCkCk.exe
  2⤵
  PID:5616
- C:\Windows\System\gvUrqcs.exe
  C:\Windows\System\gvUrqcs.exe
  2⤵
  PID:5644
- C:\Windows\System\ZoQyqRv.exe
  C:\Windows\System\ZoQyqRv.exe
  2⤵
  PID:5672
- C:\Windows\System\eINrWMQ.exe
  C:\Windows\System\eINrWMQ.exe
  2⤵
  PID:5700
- C:\Windows\System\cVZCLjZ.exe
  C:\Windows\System\cVZCLjZ.exe
  2⤵
  PID:5724
- C:\Windows\System\wYWCoVE.exe
  C:\Windows\System\wYWCoVE.exe
  2⤵
  PID:5756
- C:\Windows\System\JcURvgW.exe
  C:\Windows\System\JcURvgW.exe
  2⤵
  PID:5784
- C:\Windows\System\bKeasFw.exe
  C:\Windows\System\bKeasFw.exe
  2⤵
  PID:5812
- C:\Windows\System\HGjFklV.exe
  C:\Windows\System\HGjFklV.exe
  2⤵
  PID:5840
- C:\Windows\System\Eelntiy.exe
  C:\Windows\System\Eelntiy.exe
  2⤵
  PID:5868
- C:\Windows\System\KFNodaU.exe
  C:\Windows\System\KFNodaU.exe
  2⤵
  PID:5896
- C:\Windows\System\jNuHZgJ.exe
  C:\Windows\System\jNuHZgJ.exe
  2⤵
  PID:5920
- C:\Windows\System\fIzuywX.exe
  C:\Windows\System\fIzuywX.exe
  2⤵
  PID:5948
- C:\Windows\System\KwSxbaM.exe
  C:\Windows\System\KwSxbaM.exe
  2⤵
  PID:5976
- C:\Windows\System\TJrzwYJ.exe
  C:\Windows\System\TJrzwYJ.exe
  2⤵
  PID:6004
- C:\Windows\System\feiEyxa.exe
  C:\Windows\System\feiEyxa.exe
  2⤵
  PID:6032
- C:\Windows\System\rafGfTF.exe
  C:\Windows\System\rafGfTF.exe
  2⤵
  PID:6060
- C:\Windows\System\TyOmiaa.exe
  C:\Windows\System\TyOmiaa.exe
  2⤵
  PID:6088
- C:\Windows\System\wlemXzc.exe
  C:\Windows\System\wlemXzc.exe
  2⤵
  PID:6116
- C:\Windows\System\mjzrRtr.exe
  C:\Windows\System\mjzrRtr.exe
  2⤵
  PID:3032
- C:\Windows\System\WnDSMnd.exe
  C:\Windows\System\WnDSMnd.exe
  2⤵
  PID:4008
- C:\Windows\System\GRKXxhD.exe
  C:\Windows\System\GRKXxhD.exe
  2⤵
  PID:1336
- C:\Windows\System\mbPTfUD.exe
  C:\Windows\System\mbPTfUD.exe
  2⤵
  PID:1168
- C:\Windows\System\NMDSgdL.exe
  C:\Windows\System\NMDSgdL.exe
  2⤵
  PID:4724
- C:\Windows\System\BFgLjnf.exe
  C:\Windows\System\BFgLjnf.exe
  2⤵
  PID:3616
- C:\Windows\System\VLfHpLg.exe
  C:\Windows\System\VLfHpLg.exe
  2⤵
  PID:3160
- C:\Windows\System\vQxGcYj.exe
  C:\Windows\System\vQxGcYj.exe
  2⤵
  PID:2596
- C:\Windows\System\QRNWFFC.exe
  C:\Windows\System\QRNWFFC.exe
  2⤵
  PID:5152
- C:\Windows\System\epJrBtU.exe
  C:\Windows\System\epJrBtU.exe
  2⤵
  PID:5216
- C:\Windows\System\MDILdQX.exe
  C:\Windows\System\MDILdQX.exe
  2⤵
  PID:5284
- C:\Windows\System\kIgtOVK.exe
  C:\Windows\System\kIgtOVK.exe
  2⤵
  PID:5360
- C:\Windows\System\NOVfpxq.exe
  C:\Windows\System\NOVfpxq.exe
  2⤵
  PID:5420
- C:\Windows\System\WtuIyzZ.exe
  C:\Windows\System\WtuIyzZ.exe
  2⤵
  PID:5472
- C:\Windows\System\eOIuOPo.exe
  C:\Windows\System\eOIuOPo.exe
  2⤵
  PID:5520
- C:\Windows\System\zwBhdWn.exe
  C:\Windows\System\zwBhdWn.exe
  2⤵
  PID:5604
- C:\Windows\System\OwfnWaT.exe
  C:\Windows\System\OwfnWaT.exe
  2⤵
  PID:5664
- C:\Windows\System\hZfQMDV.exe
  C:\Windows\System\hZfQMDV.exe
  2⤵
  PID:5720
- C:\Windows\System\QasRSgs.exe
  C:\Windows\System\QasRSgs.exe
  2⤵
  PID:5776
- C:\Windows\System\ikBIRnd.exe
  C:\Windows\System\ikBIRnd.exe
  2⤵
  PID:5852
- C:\Windows\System\OHwouRi.exe
  C:\Windows\System\OHwouRi.exe
  2⤵
  PID:5912
- C:\Windows\System\FUTEwIZ.exe
  C:\Windows\System\FUTEwIZ.exe
  2⤵
  PID:5972
- C:\Windows\System\SCufPWz.exe
  C:\Windows\System\SCufPWz.exe
  2⤵
  PID:6028
- C:\Windows\System\mSKjZqT.exe
  C:\Windows\System\mSKjZqT.exe
  2⤵
  PID:6080
- C:\Windows\System\AkDVyQg.exe
  C:\Windows\System\AkDVyQg.exe
  2⤵
  PID:1584
- C:\Windows\System\genAnbR.exe
  C:\Windows\System\genAnbR.exe
  2⤵
  PID:3952
- C:\Windows\System\ZSmdWri.exe
  C:\Windows\System\ZSmdWri.exe
  2⤵
  PID:4908
- C:\Windows\System\QPJchfK.exe
  C:\Windows\System\QPJchfK.exe
  2⤵
  PID:4460
- C:\Windows\System\QQcgtnQ.exe
  C:\Windows\System\QQcgtnQ.exe
  2⤵
  PID:5248
- C:\Windows\System\VVcwQIC.exe
  C:\Windows\System\VVcwQIC.exe
  2⤵
  PID:6164
- C:\Windows\System\uAbqgsZ.exe
  C:\Windows\System\uAbqgsZ.exe
  2⤵
  PID:6192
- C:\Windows\System\dhdBTIP.exe
  C:\Windows\System\dhdBTIP.exe
  2⤵
  PID:6220
- C:\Windows\System\iTRYRmf.exe
  C:\Windows\System\iTRYRmf.exe
  2⤵
  PID:6244
- C:\Windows\System\RhTwrwc.exe
  C:\Windows\System\RhTwrwc.exe
  2⤵
  PID:6272
- C:\Windows\System\MSkodmV.exe
  C:\Windows\System\MSkodmV.exe
  2⤵
  PID:6300
- C:\Windows\System\flrFlMH.exe
  C:\Windows\System\flrFlMH.exe
  2⤵
  PID:6328
- C:\Windows\System\qhAuUIq.exe
  C:\Windows\System\qhAuUIq.exe
  2⤵
  PID:6356
- C:\Windows\System\rzelwdQ.exe
  C:\Windows\System\rzelwdQ.exe
  2⤵
  PID:6384
- C:\Windows\System\PbCwZpi.exe
  C:\Windows\System\PbCwZpi.exe
  2⤵
  PID:6420
- C:\Windows\System\TYMIwXO.exe
  C:\Windows\System\TYMIwXO.exe
  2⤵
  PID:6444
- C:\Windows\System\enLNGzy.exe
  C:\Windows\System\enLNGzy.exe
  2⤵
  PID:6472
- C:\Windows\System\AXWqcuG.exe
  C:\Windows\System\AXWqcuG.exe
  2⤵
  PID:6496
- C:\Windows\System\ASkPsZb.exe
  C:\Windows\System\ASkPsZb.exe
  2⤵
  PID:6524
- C:\Windows\System\fMzJiOO.exe
  C:\Windows\System\fMzJiOO.exe
  2⤵
  PID:6556
- C:\Windows\System\aGtusCn.exe
  C:\Windows\System\aGtusCn.exe
  2⤵
  PID:6584
- C:\Windows\System\qcLZaMg.exe
  C:\Windows\System\qcLZaMg.exe
  2⤵
  PID:6608
- C:\Windows\System\yzuqVbW.exe
  C:\Windows\System\yzuqVbW.exe
  2⤵
  PID:6636
- C:\Windows\System\ZeSqCtH.exe
  C:\Windows\System\ZeSqCtH.exe
  2⤵
  PID:6668
- C:\Windows\System\wZODsjZ.exe
  C:\Windows\System\wZODsjZ.exe
  2⤵
  PID:6696
- C:\Windows\System\VQDoIGn.exe
  C:\Windows\System\VQDoIGn.exe
  2⤵
  PID:6724
- C:\Windows\System\nZwLbKT.exe
  C:\Windows\System\nZwLbKT.exe
  2⤵
  PID:6748
- C:\Windows\System\nptFTpA.exe
  C:\Windows\System\nptFTpA.exe
  2⤵
  PID:6776
- C:\Windows\System\NAFklHb.exe
  C:\Windows\System\NAFklHb.exe
  2⤵
  PID:6808
- C:\Windows\System\QhvkGlW.exe
  C:\Windows\System\QhvkGlW.exe
  2⤵
  PID:6836
- C:\Windows\System\aDWHlud.exe
  C:\Windows\System\aDWHlud.exe
  2⤵
  PID:6864
- C:\Windows\System\jOEsPcn.exe
  C:\Windows\System\jOEsPcn.exe
  2⤵
  PID:6888
- C:\Windows\System\LCmdFVg.exe
  C:\Windows\System\LCmdFVg.exe
  2⤵
  PID:6920
- C:\Windows\System\srTfriR.exe
  C:\Windows\System\srTfriR.exe
  2⤵
  PID:6944
- C:\Windows\System\uFfnymW.exe
  C:\Windows\System\uFfnymW.exe
  2⤵
  PID:6972
- C:\Windows\System\yGDJQDn.exe
  C:\Windows\System\yGDJQDn.exe
  2⤵
  PID:7000
- C:\Windows\System\vhIzRAC.exe
  C:\Windows\System\vhIzRAC.exe
  2⤵
  PID:7032
- C:\Windows\System\iXNzjTP.exe
  C:\Windows\System\iXNzjTP.exe
  2⤵
  PID:7056
- C:\Windows\System\pLUFjkF.exe
  C:\Windows\System\pLUFjkF.exe
  2⤵
  PID:7084
- C:\Windows\System\pKFvVVl.exe
  C:\Windows\System\pKFvVVl.exe
  2⤵
  PID:7112
- C:\Windows\System\Jndbtll.exe
  C:\Windows\System\Jndbtll.exe
  2⤵
  PID:7144
- C:\Windows\System\pwedHSc.exe
  C:\Windows\System\pwedHSc.exe
  2⤵
  PID:5336
- C:\Windows\System\bGFqtwQ.exe
  C:\Windows\System\bGFqtwQ.exe
  2⤵
  PID:5504
- C:\Windows\System\VSoqlEB.exe
  C:\Windows\System\VSoqlEB.exe
  2⤵
  PID:5632
- C:\Windows\System\UGrGWFr.exe
  C:\Windows\System\UGrGWFr.exe
  2⤵
  PID:5748
- C:\Windows\System\BrLDBgQ.exe
  C:\Windows\System\BrLDBgQ.exe
  2⤵
  PID:5888
- C:\Windows\System\bFnGNRT.exe
  C:\Windows\System\bFnGNRT.exe
  2⤵
  PID:6052
- C:\Windows\System\aidZJuE.exe
  C:\Windows\System\aidZJuE.exe
  2⤵
  PID:5104
- C:\Windows\System\fRUKoYn.exe
  C:\Windows\System\fRUKoYn.exe
  2⤵
  PID:1504
- C:\Windows\System\jlFLACH.exe
  C:\Windows\System\jlFLACH.exe
  2⤵
  PID:6156
- C:\Windows\System\AzWSMmh.exe
  C:\Windows\System\AzWSMmh.exe
  2⤵
  PID:6212
- C:\Windows\System\RXUfJph.exe
  C:\Windows\System\RXUfJph.exe
  2⤵
  PID:6288
- C:\Windows\System\rZMBLLQ.exe
  C:\Windows\System\rZMBLLQ.exe
  2⤵
  PID:6352
- C:\Windows\System\YbedGcK.exe
  C:\Windows\System\YbedGcK.exe
  2⤵
  PID:6428
- C:\Windows\System\rCdnGvB.exe
  C:\Windows\System\rCdnGvB.exe
  2⤵
  PID:6488
- C:\Windows\System\EnmPrMD.exe
  C:\Windows\System\EnmPrMD.exe
  2⤵
  PID:6544
- C:\Windows\System\CwVyWMh.exe
  C:\Windows\System\CwVyWMh.exe
  2⤵
  PID:6604
- C:\Windows\System\vSFlvSo.exe
  C:\Windows\System\vSFlvSo.exe
  2⤵
  PID:6680
- C:\Windows\System\hlqwyHg.exe
  C:\Windows\System\hlqwyHg.exe
  2⤵
  PID:6736
- C:\Windows\System\kuFompq.exe
  C:\Windows\System\kuFompq.exe
  2⤵
  PID:6800
- C:\Windows\System\QDqgYqh.exe
  C:\Windows\System\QDqgYqh.exe
  2⤵
  PID:1588
- C:\Windows\System\QnbrxpE.exe
  C:\Windows\System\QnbrxpE.exe
  2⤵
  PID:6908
- C:\Windows\System\KmzjxZH.exe
  C:\Windows\System\KmzjxZH.exe
  2⤵
  PID:6968
- C:\Windows\System\WrynbxZ.exe
  C:\Windows\System\WrynbxZ.exe
  2⤵
  PID:7048
- C:\Windows\System\opqMWWK.exe
  C:\Windows\System\opqMWWK.exe
  2⤵
  PID:7108
- C:\Windows\System\tFlWpOu.exe
  C:\Windows\System\tFlWpOu.exe
  2⤵
  PID:5400
- C:\Windows\System\DDFwsbm.exe
  C:\Windows\System\DDFwsbm.exe
  2⤵
  PID:5712
- C:\Windows\System\AaVppqN.exe
  C:\Windows\System\AaVppqN.exe
  2⤵
  PID:6020
- C:\Windows\System\DyDAgyh.exe
  C:\Windows\System\DyDAgyh.exe
  2⤵
  PID:5208
- C:\Windows\System\AjZHCzg.exe
  C:\Windows\System\AjZHCzg.exe
  2⤵
  PID:6260
- C:\Windows\System\oahuacT.exe
  C:\Windows\System\oahuacT.exe
  2⤵
  PID:6400
- C:\Windows\System\rUqJbwY.exe
  C:\Windows\System\rUqJbwY.exe
  2⤵
  PID:6540
- C:\Windows\System\susUsdP.exe
  C:\Windows\System\susUsdP.exe
  2⤵
  PID:6656
- C:\Windows\System\WZqZxIt.exe
  C:\Windows\System\WZqZxIt.exe
  2⤵
  PID:6768
- C:\Windows\System\iJWpnDf.exe
  C:\Windows\System\iJWpnDf.exe
  2⤵
  PID:6884
- C:\Windows\System\WJzZvVR.exe
  C:\Windows\System\WJzZvVR.exe
  2⤵
  PID:7020
- C:\Windows\System\OArYsLy.exe
  C:\Windows\System\OArYsLy.exe
  2⤵
  PID:2388
- C:\Windows\System\rRuxqUs.exe
  C:\Windows\System\rRuxqUs.exe
  2⤵
  PID:1404
- C:\Windows\System\nbeaVzO.exe
  C:\Windows\System\nbeaVzO.exe
  2⤵
  PID:7188
- C:\Windows\System\NNZTxFx.exe
  C:\Windows\System\NNZTxFx.exe
  2⤵
  PID:7216
- C:\Windows\System\sTYlGIb.exe
  C:\Windows\System\sTYlGIb.exe
  2⤵
  PID:7244
- C:\Windows\System\OLkrrhQ.exe
  C:\Windows\System\OLkrrhQ.exe
  2⤵
  PID:7268
- C:\Windows\System\HWveYfj.exe
  C:\Windows\System\HWveYfj.exe
  2⤵
  PID:7296
- C:\Windows\System\VSALYtT.exe
  C:\Windows\System\VSALYtT.exe
  2⤵
  PID:7324
- C:\Windows\System\QWppZcn.exe
  C:\Windows\System\QWppZcn.exe
  2⤵
  PID:7352
- C:\Windows\System\FAGkELp.exe
  C:\Windows\System\FAGkELp.exe
  2⤵
  PID:7380
- C:\Windows\System\CDuQlMW.exe
  C:\Windows\System\CDuQlMW.exe
  2⤵
  PID:7408
- C:\Windows\System\yvOlCNj.exe
  C:\Windows\System\yvOlCNj.exe
  2⤵
  PID:7436
- C:\Windows\System\xsIdbVl.exe
  C:\Windows\System\xsIdbVl.exe
  2⤵
  PID:7464
- C:\Windows\System\VkaAmMI.exe
  C:\Windows\System\VkaAmMI.exe
  2⤵
  PID:7496
- C:\Windows\System\ohBkRkU.exe
  C:\Windows\System\ohBkRkU.exe
  2⤵
  PID:7520
- C:\Windows\System\tYAOtwo.exe
  C:\Windows\System\tYAOtwo.exe
  2⤵
  PID:7548
- C:\Windows\System\otrZRSr.exe
  C:\Windows\System\otrZRSr.exe
  2⤵
  PID:7576
- C:\Windows\System\qgYQnPX.exe
  C:\Windows\System\qgYQnPX.exe
  2⤵
  PID:7632
- C:\Windows\System\smwezxe.exe
  C:\Windows\System\smwezxe.exe
  2⤵
  PID:7656
- C:\Windows\System\iDJlBcT.exe
  C:\Windows\System\iDJlBcT.exe
  2⤵
  PID:7672
- C:\Windows\System\KjDtaZR.exe
  C:\Windows\System\KjDtaZR.exe
  2⤵
  PID:7692
- C:\Windows\System\oCkmJnN.exe
  C:\Windows\System\oCkmJnN.exe
  2⤵
  PID:7716
- C:\Windows\System\rdwmwHk.exe
  C:\Windows\System\rdwmwHk.exe
  2⤵
  PID:7748
- C:\Windows\System\sIPBXBb.exe
  C:\Windows\System\sIPBXBb.exe
  2⤵
  PID:7840
- C:\Windows\System\pjDTYHW.exe
  C:\Windows\System\pjDTYHW.exe
  2⤵
  PID:7860
- C:\Windows\System\aGVsXRN.exe
  C:\Windows\System\aGVsXRN.exe
  2⤵
  PID:7896
- C:\Windows\System\XZoudOe.exe
  C:\Windows\System\XZoudOe.exe
  2⤵
  PID:7916
- C:\Windows\System\YfahvYe.exe
  C:\Windows\System\YfahvYe.exe
  2⤵
  PID:7944
- C:\Windows\System\pAgCeoe.exe
  C:\Windows\System\pAgCeoe.exe
  2⤵
  PID:7976
- C:\Windows\System\jaaxAZe.exe
  C:\Windows\System\jaaxAZe.exe
  2⤵
  PID:7996
- C:\Windows\System\pmHtJgh.exe
  C:\Windows\System\pmHtJgh.exe
  2⤵
  PID:8048
- C:\Windows\System\IaXzIze.exe
  C:\Windows\System\IaXzIze.exe
  2⤵
  PID:8068
- C:\Windows\System\lzpaUPk.exe
  C:\Windows\System\lzpaUPk.exe
  2⤵
  PID:8100
- C:\Windows\System\oBMHrPa.exe
  C:\Windows\System\oBMHrPa.exe
  2⤵
  PID:8128
- C:\Windows\System\pIUAnLY.exe
  C:\Windows\System\pIUAnLY.exe
  2⤵
  PID:8172
- C:\Windows\System\fHYVVZh.exe
  C:\Windows\System\fHYVVZh.exe
  2⤵
  PID:6852
- C:\Windows\System\FKnvcuH.exe
  C:\Windows\System\FKnvcuH.exe
  2⤵
  PID:6964
- C:\Windows\System\RVmZwaw.exe
  C:\Windows\System\RVmZwaw.exe
  2⤵
  PID:4940
- C:\Windows\System\tayWHsX.exe
  C:\Windows\System\tayWHsX.exe
  2⤵
  PID:7200
- C:\Windows\System\VEikqvj.exe
  C:\Windows\System\VEikqvj.exe
  2⤵
  PID:7228
- C:\Windows\System\fUOQcpe.exe
  C:\Windows\System\fUOQcpe.exe
  2⤵
  PID:7260
- C:\Windows\System\wJAWZGT.exe
  C:\Windows\System\wJAWZGT.exe
  2⤵
  PID:4436
- C:\Windows\System\QjDafGZ.exe
  C:\Windows\System\QjDafGZ.exe
  2⤵
  PID:7320
- C:\Windows\System\apKlBoP.exe
  C:\Windows\System\apKlBoP.exe
  2⤵
  PID:1100
- C:\Windows\System\RhfXgyS.exe
  C:\Windows\System\RhfXgyS.exe
  2⤵
  PID:7424
- C:\Windows\System\ZgxQkru.exe
  C:\Windows\System\ZgxQkru.exe
  2⤵
  PID:7488
- C:\Windows\System\PrGjycl.exe
  C:\Windows\System\PrGjycl.exe
  2⤵
  PID:1488
- C:\Windows\System\aeKzRmW.exe
  C:\Windows\System\aeKzRmW.exe
  2⤵
  PID:3540
- C:\Windows\System\BOjAKgh.exe
  C:\Windows\System\BOjAKgh.exe
  2⤵
  PID:3900
- C:\Windows\System\VVCGSfw.exe
  C:\Windows\System\VVCGSfw.exe
  2⤵
  PID:7572
- C:\Windows\System\SzVpKsO.exe
  C:\Windows\System\SzVpKsO.exe
  2⤵
  PID:7640
- C:\Windows\System\syNEFlL.exe
  C:\Windows\System\syNEFlL.exe
  2⤵
  PID:7800
- C:\Windows\System\znJugQK.exe
  C:\Windows\System\znJugQK.exe
  2⤵
  PID:7888
- C:\Windows\System\FhseYQi.exe
  C:\Windows\System\FhseYQi.exe
  2⤵
  PID:3620
- C:\Windows\System\zLXWmFf.exe
  C:\Windows\System\zLXWmFf.exe
  2⤵
  PID:8060
- C:\Windows\System\AHxtavH.exe
  C:\Windows\System\AHxtavH.exe
  2⤵
  PID:8092
- C:\Windows\System\wToDieU.exe
  C:\Windows\System\wToDieU.exe
  2⤵
  PID:8164
- C:\Windows\System\ZMMioHS.exe
  C:\Windows\System\ZMMioHS.exe
  2⤵
  PID:3520
- C:\Windows\System\lkiMQDk.exe
  C:\Windows\System\lkiMQDk.exe
  2⤵
  PID:5004
- C:\Windows\System\bqPYGaO.exe
  C:\Windows\System\bqPYGaO.exe
  2⤵
  PID:7680
- C:\Windows\System\JFXCMst.exe
  C:\Windows\System\JFXCMst.exe
  2⤵
  PID:2684
- C:\Windows\System\FNWhQmh.exe
  C:\Windows\System\FNWhQmh.exe
  2⤵
  PID:7964
- C:\Windows\System\xuniIus.exe
  C:\Windows\System\xuniIus.exe
  2⤵
  PID:4720
- C:\Windows\System\cRAfrGN.exe
  C:\Windows\System\cRAfrGN.exe
  2⤵
  PID:4680
- C:\Windows\System\vPZWMXX.exe
  C:\Windows\System\vPZWMXX.exe
  2⤵
  PID:7480
- C:\Windows\System\IXVKITo.exe
  C:\Windows\System\IXVKITo.exe
  2⤵
  PID:2280
- C:\Windows\System\iUbyNMA.exe
  C:\Windows\System\iUbyNMA.exe
  2⤵
  PID:4852
- C:\Windows\System\hWmellB.exe
  C:\Windows\System\hWmellB.exe
  2⤵
  PID:936
- C:\Windows\System\OMZELPm.exe
  C:\Windows\System\OMZELPm.exe
  2⤵
  PID:7712
- C:\Windows\System\zoLywzs.exe
  C:\Windows\System\zoLywzs.exe
  2⤵
  PID:7616
- C:\Windows\System\ngsaCeb.exe
  C:\Windows\System\ngsaCeb.exe
  2⤵
  PID:7704
- C:\Windows\System\LRqKvnS.exe
  C:\Windows\System\LRqKvnS.exe
  2⤵
  PID:1500
- C:\Windows\System\PgsjjXQ.exe
  C:\Windows\System\PgsjjXQ.exe
  2⤵
  PID:8088
- C:\Windows\System\NqsjJzu.exe
  C:\Windows\System\NqsjJzu.exe
  2⤵
  PID:2968
- C:\Windows\System\XJaoQxm.exe
  C:\Windows\System\XJaoQxm.exe
  2⤵
  PID:4972
- C:\Windows\System\BWFpBDg.exe
  C:\Windows\System\BWFpBDg.exe
  2⤵
  PID:4712
- C:\Windows\System\PYmpoaf.exe
  C:\Windows\System\PYmpoaf.exe
  2⤵
  PID:8028
- C:\Windows\System\dBVaGVj.exe
  C:\Windows\System\dBVaGVj.exe
  2⤵
  PID:7932
- C:\Windows\System\fdgVqrN.exe
  C:\Windows\System\fdgVqrN.exe
  2⤵
  PID:8212
- C:\Windows\System\DgbqIDg.exe
  C:\Windows\System\DgbqIDg.exe
  2⤵
  PID:8240
- C:\Windows\System\lZnvFaf.exe
  C:\Windows\System\lZnvFaf.exe
  2⤵
  PID:8268
- C:\Windows\System\VGRHzdW.exe
  C:\Windows\System\VGRHzdW.exe
  2⤵
  PID:8300
- C:\Windows\System\hSyLGOC.exe
  C:\Windows\System\hSyLGOC.exe
  2⤵
  PID:8324
- C:\Windows\System\aGBRWFD.exe
  C:\Windows\System\aGBRWFD.exe
  2⤵
  PID:8356
- C:\Windows\System\BqFbRQN.exe
  C:\Windows\System\BqFbRQN.exe
  2⤵
  PID:8376
- C:\Windows\System\wShypCt.exe
  C:\Windows\System\wShypCt.exe
  2⤵
  PID:8420
- C:\Windows\System\FdrwmRb.exe
  C:\Windows\System\FdrwmRb.exe
  2⤵
  PID:8460
- C:\Windows\System\yTMrqyz.exe
  C:\Windows\System\yTMrqyz.exe
  2⤵
  PID:8488
- C:\Windows\System\cECOjDb.exe
  C:\Windows\System\cECOjDb.exe
  2⤵
  PID:8516
- C:\Windows\System\IBHJOXX.exe
  C:\Windows\System\IBHJOXX.exe
  2⤵
  PID:8532
- C:\Windows\System\MwYVcWO.exe
  C:\Windows\System\MwYVcWO.exe
  2⤵
  PID:8568
- C:\Windows\System\YitfxgQ.exe
  C:\Windows\System\YitfxgQ.exe
  2⤵
  PID:8600
- C:\Windows\System\MOwvVpa.exe
  C:\Windows\System\MOwvVpa.exe
  2⤵
  PID:8628
- C:\Windows\System\BObweLX.exe
  C:\Windows\System\BObweLX.exe
  2⤵
  PID:8648
- C:\Windows\System\SBvwhdf.exe
  C:\Windows\System\SBvwhdf.exe
  2⤵
  PID:8684
- C:\Windows\System\OneHVqa.exe
  C:\Windows\System\OneHVqa.exe
  2⤵
  PID:8712
- C:\Windows\System\cjDqOWB.exe
  C:\Windows\System\cjDqOWB.exe
  2⤵
  PID:8732
- C:\Windows\System\UaUUobt.exe
  C:\Windows\System\UaUUobt.exe
  2⤵
  PID:8760
- C:\Windows\System\SIhbDEP.exe
  C:\Windows\System\SIhbDEP.exe
  2⤵
  PID:8788
- C:\Windows\System\mjaoxhI.exe
  C:\Windows\System\mjaoxhI.exe
  2⤵
  PID:8824
- C:\Windows\System\bnHnHHd.exe
  C:\Windows\System\bnHnHHd.exe
  2⤵
  PID:8844
- C:\Windows\System\hzAOliw.exe
  C:\Windows\System\hzAOliw.exe
  2⤵
  PID:8868
- C:\Windows\System\YIRaSkK.exe
  C:\Windows\System\YIRaSkK.exe
  2⤵
  PID:8908
- C:\Windows\System\sJQOUhE.exe
  C:\Windows\System\sJQOUhE.exe
  2⤵
  PID:8936
- C:\Windows\System\tJqrKVl.exe
  C:\Windows\System\tJqrKVl.exe
  2⤵
  PID:8964
- C:\Windows\System\tdlHEwQ.exe
  C:\Windows\System\tdlHEwQ.exe
  2⤵
  PID:8980
- C:\Windows\System\YCRKaEg.exe
  C:\Windows\System\YCRKaEg.exe
  2⤵
  PID:9012
- C:\Windows\System\pncCKwF.exe
  C:\Windows\System\pncCKwF.exe
  2⤵
  PID:9036
- C:\Windows\System\BHGvwix.exe
  C:\Windows\System\BHGvwix.exe
  2⤵
  PID:9080
- C:\Windows\System\fQgiTcf.exe
  C:\Windows\System\fQgiTcf.exe
  2⤵
  PID:9104
- C:\Windows\System\SHAbZha.exe
  C:\Windows\System\SHAbZha.exe
  2⤵
  PID:9144
- C:\Windows\System\wavwxCt.exe
  C:\Windows\System\wavwxCt.exe
  2⤵
  PID:9164
- C:\Windows\System\HEnwkvm.exe
  C:\Windows\System\HEnwkvm.exe
  2⤵
  PID:9192
- C:\Windows\System\bTAGamh.exe
  C:\Windows\System\bTAGamh.exe
  2⤵
  PID:8208
- C:\Windows\System\VVkUoZD.exe
  C:\Windows\System\VVkUoZD.exe
  2⤵
  PID:7256
- C:\Windows\System\LeCwqmV.exe
  C:\Windows\System\LeCwqmV.exe
  2⤵
  PID:8320
- C:\Windows\System\qWOpkxZ.exe
  C:\Windows\System\qWOpkxZ.exe
  2⤵
  PID:8400
- C:\Windows\System\BSQPhZt.exe
  C:\Windows\System\BSQPhZt.exe
  2⤵
  PID:8484
- C:\Windows\System\lqbhQAs.exe
  C:\Windows\System\lqbhQAs.exe
  2⤵
  PID:8564
- C:\Windows\System\oVGiYwH.exe
  C:\Windows\System\oVGiYwH.exe
  2⤵
  PID:8588
- C:\Windows\System\GIQTBuf.exe
  C:\Windows\System\GIQTBuf.exe
  2⤵
  PID:8636
- C:\Windows\System\gkORVpt.exe
  C:\Windows\System\gkORVpt.exe
  2⤵
  PID:8756
- C:\Windows\System\bQVFJxb.exe
  C:\Windows\System\bQVFJxb.exe
  2⤵
  PID:8784
- C:\Windows\System\wzBIuFo.exe
  C:\Windows\System\wzBIuFo.exe
  2⤵
  PID:8812
- C:\Windows\System\WezaSFW.exe
  C:\Windows\System\WezaSFW.exe
  2⤵
  PID:8864
- C:\Windows\System\tXTPRbP.exe
  C:\Windows\System\tXTPRbP.exe
  2⤵
  PID:8920
- C:\Windows\System\GDGUeqj.exe
  C:\Windows\System\GDGUeqj.exe
  2⤵
  PID:8956
- C:\Windows\System\HHtPhiQ.exe
  C:\Windows\System\HHtPhiQ.exe
  2⤵
  PID:8992
- C:\Windows\System\CJeonwF.exe
  C:\Windows\System\CJeonwF.exe
  2⤵
  PID:9128
- C:\Windows\System\DzyeRYJ.exe
  C:\Windows\System\DzyeRYJ.exe
  2⤵
  PID:8368
- C:\Windows\System\VzxNQlx.exe
  C:\Windows\System\VzxNQlx.exe
  2⤵
  PID:8524
- C:\Windows\System\nqlmVRG.exe
  C:\Windows\System\nqlmVRG.exe
  2⤵
  PID:8580
- C:\Windows\System\UjgpiCM.exe
  C:\Windows\System\UjgpiCM.exe
  2⤵
  PID:8676
- C:\Windows\System\wifrrkQ.exe
  C:\Windows\System\wifrrkQ.exe
  2⤵
  PID:8768
- C:\Windows\System\tOQFxGM.exe
  C:\Windows\System\tOQFxGM.exe
  2⤵
  PID:9052
- C:\Windows\System\hxYIsRs.exe
  C:\Windows\System\hxYIsRs.exe
  2⤵
  PID:9188
- C:\Windows\System\rJqeoHB.exe
  C:\Windows\System\rJqeoHB.exe
  2⤵
  PID:8776
- C:\Windows\System\UoAaGtl.exe
  C:\Windows\System\UoAaGtl.exe
  2⤵
  PID:8852
- C:\Windows\System\nEyCzxU.exe
  C:\Windows\System\nEyCzxU.exe
  2⤵
  PID:8500
- C:\Windows\System\iNjdxya.exe
  C:\Windows\System\iNjdxya.exe
  2⤵
  PID:9156
- C:\Windows\System\jMdkqOo.exe
  C:\Windows\System\jMdkqOo.exe
  2⤵
  PID:9228
- C:\Windows\System\YPpLjNZ.exe
  C:\Windows\System\YPpLjNZ.exe
  2⤵
  PID:9248
- C:\Windows\System\vTybjvO.exe
  C:\Windows\System\vTybjvO.exe
  2⤵
  PID:9280
- C:\Windows\System\gNuoREN.exe
  C:\Windows\System\gNuoREN.exe
  2⤵
  PID:9300
- C:\Windows\System\kRrRcQU.exe
  C:\Windows\System\kRrRcQU.exe
  2⤵
  PID:9332
- C:\Windows\System\KbIWvJx.exe
  C:\Windows\System\KbIWvJx.exe
  2⤵
  PID:9368
- C:\Windows\System\OzNiDnJ.exe
  C:\Windows\System\OzNiDnJ.exe
  2⤵
  PID:9392
- C:\Windows\System\IJcafjk.exe
  C:\Windows\System\IJcafjk.exe
  2⤵
  PID:9408
- C:\Windows\System\Ytnfxmz.exe
  C:\Windows\System\Ytnfxmz.exe
  2⤵
  PID:9436
- C:\Windows\System\gELhLpX.exe
  C:\Windows\System\gELhLpX.exe
  2⤵
  PID:9460
- C:\Windows\System\enIbTRy.exe
  C:\Windows\System\enIbTRy.exe
  2⤵
  PID:9484
- C:\Windows\System\rINkweY.exe
  C:\Windows\System\rINkweY.exe
  2⤵
  PID:9500
- C:\Windows\System\aEzWZcw.exe
  C:\Windows\System\aEzWZcw.exe
  2⤵
  PID:9524
- C:\Windows\System\EXoKtPf.exe
  C:\Windows\System\EXoKtPf.exe
  2⤵
  PID:9604
- C:\Windows\System\pgNbqCI.exe
  C:\Windows\System\pgNbqCI.exe
  2⤵
  PID:9620
- C:\Windows\System\CRLsORL.exe
  C:\Windows\System\CRLsORL.exe
  2⤵
  PID:9648
- C:\Windows\System\rhMOSOV.exe
  C:\Windows\System\rhMOSOV.exe
  2⤵
  PID:9676
- C:\Windows\System\qispmIP.exe
  C:\Windows\System\qispmIP.exe
  2⤵
  PID:9700
- C:\Windows\System\vrRMkzm.exe
  C:\Windows\System\vrRMkzm.exe
  2⤵
  PID:9728
- C:\Windows\System\dduIrfg.exe
  C:\Windows\System\dduIrfg.exe
  2⤵
  PID:9748
- C:\Windows\System\kDmuLxP.exe
  C:\Windows\System\kDmuLxP.exe
  2⤵
  PID:9788
- C:\Windows\System\VmzANkc.exe
  C:\Windows\System\VmzANkc.exe
  2⤵
  PID:9812
- C:\Windows\System\zdbwsPp.exe
  C:\Windows\System\zdbwsPp.exe
  2⤵
  PID:9860
- C:\Windows\System\WuiIdGv.exe
  C:\Windows\System\WuiIdGv.exe
  2⤵
  PID:9876
- C:\Windows\System\tOzRGbC.exe
  C:\Windows\System\tOzRGbC.exe
  2⤵
  PID:9892
- C:\Windows\System\umKQVpf.exe
  C:\Windows\System\umKQVpf.exe
  2⤵
  PID:9944
- C:\Windows\System\BKaVoEC.exe
  C:\Windows\System\BKaVoEC.exe
  2⤵
  PID:9964
- C:\Windows\System\cYKTouj.exe
  C:\Windows\System\cYKTouj.exe
  2⤵
  PID:10000
- C:\Windows\System\xehqbJs.exe
  C:\Windows\System\xehqbJs.exe
  2⤵
  PID:10028
- C:\Windows\System\EpJYHVH.exe
  C:\Windows\System\EpJYHVH.exe
  2⤵
  PID:10044
- C:\Windows\System\wNYFvON.exe
  C:\Windows\System\wNYFvON.exe
  2⤵
  PID:10068
- C:\Windows\System\vbxcHCn.exe
  C:\Windows\System\vbxcHCn.exe
  2⤵
  PID:10088
- C:\Windows\System\bDVYBOD.exe
  C:\Windows\System\bDVYBOD.exe
  2⤵
  PID:10124
- C:\Windows\System\UFNJPkC.exe
  C:\Windows\System\UFNJPkC.exe
  2⤵
  PID:10168
- C:\Windows\System\fzCyMck.exe
  C:\Windows\System\fzCyMck.exe
  2⤵
  PID:10196
- C:\Windows\System\NodXnFh.exe
  C:\Windows\System\NodXnFh.exe
  2⤵
  PID:10212
- C:\Windows\System\yFSYNXD.exe
  C:\Windows\System\yFSYNXD.exe
  2⤵
  PID:10232
- C:\Windows\System\TUUZSXu.exe
  C:\Windows\System\TUUZSXu.exe
  2⤵
  PID:9220
- C:\Windows\System\rJHyfaf.exe
  C:\Windows\System\rJHyfaf.exe
  2⤵
  PID:9308
- C:\Windows\System\rEalSpU.exe
  C:\Windows\System\rEalSpU.exe
  2⤵
  PID:9400
- C:\Windows\System\QnyCNdf.exe
  C:\Windows\System\QnyCNdf.exe
  2⤵
  PID:9512
- C:\Windows\System\cgwDcWC.exe
  C:\Windows\System\cgwDcWC.exe
  2⤵
  PID:9564
- C:\Windows\System\MYezJct.exe
  C:\Windows\System\MYezJct.exe
  2⤵
  PID:9644
- C:\Windows\System\vYoRRoK.exe
  C:\Windows\System\vYoRRoK.exe
  2⤵
  PID:9692
- C:\Windows\System\evjbSUu.exe
  C:\Windows\System\evjbSUu.exe
  2⤵
  PID:9740
- C:\Windows\System\kkWMGrR.exe
  C:\Windows\System\kkWMGrR.exe
  2⤵
  PID:9772
- C:\Windows\System\UxYLPqh.exe
  C:\Windows\System\UxYLPqh.exe
  2⤵
  PID:9844
- C:\Windows\System\ucDsVVr.exe
  C:\Windows\System\ucDsVVr.exe
  2⤵
  PID:9868
- C:\Windows\System\fnrjKWC.exe
  C:\Windows\System\fnrjKWC.exe
  2⤵
  PID:10040
- C:\Windows\System\ECFjQoQ.exe
  C:\Windows\System\ECFjQoQ.exe
  2⤵
  PID:10084
- C:\Windows\System\lboViXi.exe
  C:\Windows\System\lboViXi.exe
  2⤵
  PID:10164
- C:\Windows\System\UyHeQFy.exe
  C:\Windows\System\UyHeQFy.exe
  2⤵
  PID:10208
- C:\Windows\System\bphCyac.exe
  C:\Windows\System\bphCyac.exe
  2⤵
  PID:9288
- C:\Windows\System\ziijuRu.exe
  C:\Windows\System\ziijuRu.exe
  2⤵
  PID:9376
- C:\Windows\System\rfIFwoc.exe
  C:\Windows\System\rfIFwoc.exe
  2⤵
  PID:9592
- C:\Windows\System\apqOlvz.exe
  C:\Windows\System\apqOlvz.exe
  2⤵
  PID:9840
- C:\Windows\System\FaWYPMg.exe
  C:\Windows\System\FaWYPMg.exe
  2⤵
  PID:9952
- C:\Windows\System\gGzLLEm.exe
  C:\Windows\System\gGzLLEm.exe
  2⤵
  PID:10112
- C:\Windows\System\UridLDm.exe
  C:\Windows\System\UridLDm.exe
  2⤵
  PID:10188
- C:\Windows\System\GCDEzdF.exe
  C:\Windows\System\GCDEzdF.exe
  2⤵
  PID:9492
- C:\Windows\System\mBuJREH.exe
  C:\Windows\System\mBuJREH.exe
  2⤵
  PID:9760
- C:\Windows\System\LWnpjnv.exe
  C:\Windows\System\LWnpjnv.exe
  2⤵
  PID:10204
- C:\Windows\System\ngDyNYs.exe
  C:\Windows\System\ngDyNYs.exe
  2⤵
  PID:10116
- C:\Windows\System\cgnZvCA.exe
  C:\Windows\System\cgnZvCA.exe
  2⤵
  PID:10248
- C:\Windows\System\QSJgimj.exe
  C:\Windows\System\QSJgimj.exe
  2⤵
  PID:10268
- C:\Windows\System\jeORyoF.exe
  C:\Windows\System\jeORyoF.exe
  2⤵
  PID:10284
- C:\Windows\System\VxnwIUM.exe
  C:\Windows\System\VxnwIUM.exe
  2⤵
  PID:10316
- C:\Windows\System\dzqMgJJ.exe
  C:\Windows\System\dzqMgJJ.exe
  2⤵
  PID:10336
- C:\Windows\System\IPcsLXa.exe
  C:\Windows\System\IPcsLXa.exe
  2⤵
  PID:10384
- C:\Windows\System\hkNafKo.exe
  C:\Windows\System\hkNafKo.exe
  2⤵
  PID:10424
- C:\Windows\System\mFJDtcu.exe
  C:\Windows\System\mFJDtcu.exe
  2⤵
  PID:10452
- C:\Windows\System\geVKAuu.exe
  C:\Windows\System\geVKAuu.exe
  2⤵
  PID:10472
- C:\Windows\System\mmyKbsA.exe
  C:\Windows\System\mmyKbsA.exe
  2⤵
  PID:10496
- C:\Windows\System\TbWCnnH.exe
  C:\Windows\System\TbWCnnH.exe
  2⤵
  PID:10536
- C:\Windows\System\EFcOMlG.exe
  C:\Windows\System\EFcOMlG.exe
  2⤵
  PID:10564
- C:\Windows\System\IxjmvtF.exe
  C:\Windows\System\IxjmvtF.exe
  2⤵
  PID:10580
- C:\Windows\System\gzbaeDS.exe
  C:\Windows\System\gzbaeDS.exe
  2⤵
  PID:10620
- C:\Windows\System\VgMAXcr.exe
  C:\Windows\System\VgMAXcr.exe
  2⤵
  PID:10636
- C:\Windows\System\adGKpJi.exe
  C:\Windows\System\adGKpJi.exe
  2⤵
  PID:10676
- C:\Windows\System\RLUWqLa.exe
  C:\Windows\System\RLUWqLa.exe
  2⤵
  PID:10696
- C:\Windows\System\ZdtXJvC.exe
  C:\Windows\System\ZdtXJvC.exe
  2⤵
  PID:10720
- C:\Windows\System\jEmkTIl.exe
  C:\Windows\System\jEmkTIl.exe
  2⤵
  PID:10760
- C:\Windows\System\bdrnePt.exe
  C:\Windows\System\bdrnePt.exe
  2⤵
  PID:10776
- C:\Windows\System\mtWAjYJ.exe
  C:\Windows\System\mtWAjYJ.exe
  2⤵
  PID:10800
- C:\Windows\System\JVZqsym.exe
  C:\Windows\System\JVZqsym.exe
  2⤵
  PID:10832
- C:\Windows\System\sxUBGTD.exe
  C:\Windows\System\sxUBGTD.exe
  2⤵
  PID:10868
- C:\Windows\System\fIykjqq.exe
  C:\Windows\System\fIykjqq.exe
  2⤵
  PID:10892
- C:\Windows\System\kNVHlQH.exe
  C:\Windows\System\kNVHlQH.exe
  2⤵
  PID:10928
- C:\Windows\System\aDhFEXi.exe
  C:\Windows\System\aDhFEXi.exe
  2⤵
  PID:10956
- C:\Windows\System\CygUduU.exe
  C:\Windows\System\CygUduU.exe
  2⤵
  PID:10984
- C:\Windows\System\fyOhWuK.exe
  C:\Windows\System\fyOhWuK.exe
  2⤵
  PID:11004
- C:\Windows\System\HEdyxml.exe
  C:\Windows\System\HEdyxml.exe
  2⤵
  PID:11036
- C:\Windows\System\ieuFfHo.exe
  C:\Windows\System\ieuFfHo.exe
  2⤵
  PID:11068
- C:\Windows\System\Rbftuqy.exe
  C:\Windows\System\Rbftuqy.exe
  2⤵
  PID:11096
- C:\Windows\System\YmoyRaR.exe
  C:\Windows\System\YmoyRaR.exe
  2⤵
  PID:11112
- C:\Windows\System\OTBKcUZ.exe
  C:\Windows\System\OTBKcUZ.exe
  2⤵
  PID:11140
- C:\Windows\System\ODFgEls.exe
  C:\Windows\System\ODFgEls.exe
  2⤵
  PID:11160
- C:\Windows\System\xvKLFLo.exe
  C:\Windows\System\xvKLFLo.exe
  2⤵
  PID:11208
- C:\Windows\System\CTCKrvP.exe
  C:\Windows\System\CTCKrvP.exe
  2⤵
  PID:11236
- C:\Windows\System\xiLcKTB.exe
  C:\Windows\System\xiLcKTB.exe
  2⤵
  PID:9632
- C:\Windows\System\rFjMSIN.exe
  C:\Windows\System\rFjMSIN.exe
  2⤵
  PID:10276
- C:\Windows\System\YTXRqYI.exe
  C:\Windows\System\YTXRqYI.exe
  2⤵
  PID:10352
- C:\Windows\System\CdvaFlJ.exe
  C:\Windows\System\CdvaFlJ.exe
  2⤵
  PID:10404
- C:\Windows\System\uFNurIo.exe
  C:\Windows\System\uFNurIo.exe
  2⤵
  PID:10468
- C:\Windows\System\SAUKAUv.exe
  C:\Windows\System\SAUKAUv.exe
  2⤵
  PID:10532
- C:\Windows\System\jvVhsVG.exe
  C:\Windows\System\jvVhsVG.exe
  2⤵
  PID:10604
- C:\Windows\System\hCIuStw.exe
  C:\Windows\System\hCIuStw.exe
  2⤵
  PID:10688
- C:\Windows\System\SMObbPM.exe
  C:\Windows\System\SMObbPM.exe
  2⤵
  PID:10740
- C:\Windows\System\UmQrcAD.exe
  C:\Windows\System\UmQrcAD.exe
  2⤵
  PID:10772
- C:\Windows\System\ueBAKSZ.exe
  C:\Windows\System\ueBAKSZ.exe
  2⤵
  PID:10876
- C:\Windows\System\srTcDuu.exe
  C:\Windows\System\srTcDuu.exe
  2⤵
  PID:10912
- C:\Windows\System\TDjoHZP.exe
  C:\Windows\System\TDjoHZP.exe
  2⤵
  PID:10980
- C:\Windows\System\HOcQHNQ.exe
  C:\Windows\System\HOcQHNQ.exe
  2⤵
  PID:11032
- C:\Windows\System\vOfJIEz.exe
  C:\Windows\System\vOfJIEz.exe
  2⤵
  PID:11108
- C:\Windows\System\ZiNfrgJ.exe
  C:\Windows\System\ZiNfrgJ.exe
  2⤵
  PID:11168
- C:\Windows\System\GWWOZfK.exe
  C:\Windows\System\GWWOZfK.exe
  2⤵
  PID:11200
- C:\Windows\System\KpzJNSf.exe
  C:\Windows\System\KpzJNSf.exe
  2⤵
  PID:11256
- C:\Windows\System\tZtLaUc.exe
  C:\Windows\System\tZtLaUc.exe
  2⤵
  PID:10332
- C:\Windows\System\GwGQOOj.exe
  C:\Windows\System\GwGQOOj.exe
  2⤵
  PID:10460
- C:\Windows\System\LvnpkaJ.exe
  C:\Windows\System\LvnpkaJ.exe
  2⤵
  PID:10576
- C:\Windows\System\qzOJRoT.exe
  C:\Windows\System\qzOJRoT.exe
  2⤵
  PID:10648
- C:\Windows\System\cukppbS.exe
  C:\Windows\System\cukppbS.exe
  2⤵
  PID:10812
- C:\Windows\System\NHgFpNx.exe
  C:\Windows\System\NHgFpNx.exe
  2⤵
  PID:5096
- C:\Windows\System\KUOGnlQ.exe
  C:\Windows\System\KUOGnlQ.exe
  2⤵
  PID:11216
- C:\Windows\System\uVlUFmF.exe
  C:\Windows\System\uVlUFmF.exe
  2⤵
  PID:2956
- C:\Windows\System\VWdMrvr.exe
  C:\Windows\System\VWdMrvr.exe
  2⤵
  PID:10748
- C:\Windows\System\Sdhcciz.exe
  C:\Windows\System\Sdhcciz.exe
  2⤵
  PID:10948
- C:\Windows\System\odqVisX.exe
  C:\Windows\System\odqVisX.exe
  2⤵
  PID:11248
- C:\Windows\System\wRNXMER.exe
  C:\Windows\System\wRNXMER.exe
  2⤵
  PID:10444
- C:\Windows\System\qijmLTl.exe
  C:\Windows\System\qijmLTl.exe
  2⤵
  PID:1576
- C:\Windows\System\VlOasWj.exe
  C:\Windows\System\VlOasWj.exe
  2⤵
  PID:11284
- C:\Windows\System\FaLishU.exe
  C:\Windows\System\FaLishU.exe
  2⤵
  PID:11320
- C:\Windows\System\ORleJaY.exe
  C:\Windows\System\ORleJaY.exe
  2⤵
  PID:11344
- C:\Windows\System\hnSurAE.exe
  C:\Windows\System\hnSurAE.exe
  2⤵
  PID:11364
- C:\Windows\System\KoJmNzJ.exe
  C:\Windows\System\KoJmNzJ.exe
  2⤵
  PID:11388
- C:\Windows\System\dDBLgKU.exe
  C:\Windows\System\dDBLgKU.exe
  2⤵
  PID:11424
- C:\Windows\System\YIqzXFo.exe
  C:\Windows\System\YIqzXFo.exe
  2⤵
  PID:11464
- C:\Windows\System\KKpNwgG.exe
  C:\Windows\System\KKpNwgG.exe
  2⤵
  PID:11500
- C:\Windows\System\TifJpTj.exe
  C:\Windows\System\TifJpTj.exe
  2⤵
  PID:11528
- C:\Windows\System\NQaXAMI.exe
  C:\Windows\System\NQaXAMI.exe
  2⤵
  PID:11556
- C:\Windows\System\pxeGAqc.exe
  C:\Windows\System\pxeGAqc.exe
  2⤵
  PID:11584
- C:\Windows\System\owalVqb.exe
  C:\Windows\System\owalVqb.exe
  2⤵
  PID:11608
- C:\Windows\System\KsgIFbS.exe
  C:\Windows\System\KsgIFbS.exe
  2⤵
  PID:11640
- C:\Windows\System\TgsoXHO.exe
  C:\Windows\System\TgsoXHO.exe
  2⤵
  PID:11660
- C:\Windows\System\TCWSdeR.exe
  C:\Windows\System\TCWSdeR.exe
  2⤵
  PID:11688
- C:\Windows\System\geElvXu.exe
  C:\Windows\System\geElvXu.exe
  2⤵
  PID:11716
- C:\Windows\System\slvvNrJ.exe
  C:\Windows\System\slvvNrJ.exe
  2⤵
  PID:11740
- C:\Windows\System\MZjFxPp.exe
  C:\Windows\System\MZjFxPp.exe
  2⤵
  PID:11764
- C:\Windows\System\lieaQkK.exe
  C:\Windows\System\lieaQkK.exe
  2⤵
  PID:11784
- C:\Windows\System\FLYyXKg.exe
  C:\Windows\System\FLYyXKg.exe
  2⤵
  PID:11832
- C:\Windows\System\fnVessC.exe
  C:\Windows\System\fnVessC.exe
  2⤵
  PID:11860
- C:\Windows\System\sDjHwsT.exe
  C:\Windows\System\sDjHwsT.exe
  2⤵
  PID:11884
- C:\Windows\System\OMSnPhM.exe
  C:\Windows\System\OMSnPhM.exe
  2⤵
  PID:11900
- C:\Windows\System\ufYToTA.exe
  C:\Windows\System\ufYToTA.exe
  2⤵
  PID:11924
- C:\Windows\System\TGEljZf.exe
  C:\Windows\System\TGEljZf.exe
  2⤵
  PID:11948
- C:\Windows\System\xpREkGy.exe
  C:\Windows\System\xpREkGy.exe
  2⤵
  PID:11968
- C:\Windows\System\tZScraR.exe
  C:\Windows\System\tZScraR.exe
  2⤵
  PID:12000
- C:\Windows\System\bhIfkIm.exe
  C:\Windows\System\bhIfkIm.exe
  2⤵
  PID:12052
- C:\Windows\System\XQwVZyo.exe
  C:\Windows\System\XQwVZyo.exe
  2⤵
  PID:12080
- C:\Windows\System\GSrwgIU.exe
  C:\Windows\System\GSrwgIU.exe
  2⤵
  PID:12120
- C:\Windows\System\UVaNpbn.exe
  C:\Windows\System\UVaNpbn.exe
  2⤵
  PID:12148
- C:\Windows\System\OJLiAxo.exe
  C:\Windows\System\OJLiAxo.exe
  2⤵
  PID:12176
- C:\Windows\System\CFIdlke.exe
  C:\Windows\System\CFIdlke.exe
  2⤵
  PID:12204
- C:\Windows\System\FOyvbpX.exe
  C:\Windows\System\FOyvbpX.exe
  2⤵
  PID:12220
- C:\Windows\System\CYmFOeH.exe
  C:\Windows\System\CYmFOeH.exe
  2⤵
  PID:12260
- C:\Windows\System\cmtwpby.exe
  C:\Windows\System\cmtwpby.exe
  2⤵
  PID:10412
- C:\Windows\System\MfDRwgy.exe
  C:\Windows\System\MfDRwgy.exe
  2⤵
  PID:11092
- C:\Windows\System\OxSSHRh.exe
  C:\Windows\System\OxSSHRh.exe
  2⤵
  PID:11336
- C:\Windows\System\cDxwkWq.exe
  C:\Windows\System\cDxwkWq.exe
  2⤵
  PID:11360
- C:\Windows\System\mkWyiQQ.exe
  C:\Windows\System\mkWyiQQ.exe
  2⤵
  PID:11452
- C:\Windows\System\rqMhuHj.exe
  C:\Windows\System\rqMhuHj.exe
  2⤵
  PID:11492
- C:\Windows\System\YVxaexE.exe
  C:\Windows\System\YVxaexE.exe
  2⤵
  PID:11592
- C:\Windows\System\XIobFEL.exe
  C:\Windows\System\XIobFEL.exe
  2⤵
  PID:1572
- C:\Windows\System\SwXnyfm.exe
  C:\Windows\System\SwXnyfm.exe
  2⤵
  PID:11652
- C:\Windows\System\gWUqYSp.exe
  C:\Windows\System\gWUqYSp.exe
  2⤵
  PID:11724
- C:\Windows\System\FCaohov.exe
  C:\Windows\System\FCaohov.exe
  2⤵
  PID:11780
- C:\Windows\System\XSiaKIB.exe
  C:\Windows\System\XSiaKIB.exe
  2⤵
  PID:11856
- C:\Windows\System\lwuFKWR.exe
  C:\Windows\System\lwuFKWR.exe
  2⤵
  PID:11892
- C:\Windows\System\nsMNbsa.exe
  C:\Windows\System\nsMNbsa.exe
  2⤵
  PID:11944
- C:\Windows\System\PftxboV.exe
  C:\Windows\System\PftxboV.exe
  2⤵
  PID:12044
- C:\Windows\System\mEzfjCW.exe
  C:\Windows\System\mEzfjCW.exe
  2⤵
  PID:12104
- C:\Windows\System\InaUHwz.exe
  C:\Windows\System\InaUHwz.exe
  2⤵
  PID:12160
- C:\Windows\System\AyqJpQb.exe
  C:\Windows\System\AyqJpQb.exe
  2⤵
  PID:12232
- C:\Windows\System\NUZhruE.exe
  C:\Windows\System\NUZhruE.exe
  2⤵
  PID:10656
- C:\Windows\System\HtOIZYg.exe
  C:\Windows\System\HtOIZYg.exe
  2⤵
  PID:11332
- C:\Windows\System\MsuooON.exe
  C:\Windows\System\MsuooON.exe
  2⤵
  PID:11496
- C:\Windows\System\QSzdqxU.exe
  C:\Windows\System\QSzdqxU.exe
  2⤵
  PID:11628
- C:\Windows\System\zciqpQq.exe
  C:\Windows\System\zciqpQq.exe
  2⤵
  PID:11776
- C:\Windows\System\TASbZCA.exe
  C:\Windows\System\TASbZCA.exe
  2⤵
  PID:12028
- C:\Windows\System\sxNUvcz.exe
  C:\Windows\System\sxNUvcz.exe
  2⤵
  PID:12140
- C:\Windows\System\NQTQxHJ.exe
  C:\Windows\System\NQTQxHJ.exe
  2⤵
  PID:12212
- C:\Windows\System\ZtTREWG.exe
  C:\Windows\System\ZtTREWG.exe
  2⤵
  PID:11412
- C:\Windows\System\MyuATyK.exe
  C:\Windows\System\MyuATyK.exe
  2⤵
  PID:11872
- C:\Windows\System\EkBUFwi.exe
  C:\Windows\System\EkBUFwi.exe
  2⤵
  PID:11296
- C:\Windows\System\KFksgRz.exe
  C:\Windows\System\KFksgRz.exe
  2⤵
  PID:12292
- C:\Windows\System\BWtyKQq.exe
  C:\Windows\System\BWtyKQq.exe
  2⤵
  PID:12356
- C:\Windows\System\SOkEcjP.exe
  C:\Windows\System\SOkEcjP.exe
  2⤵
  PID:12376
- C:\Windows\System\TKlpaIh.exe
  C:\Windows\System\TKlpaIh.exe
  2⤵
  PID:12396
- C:\Windows\System\WsWbvFo.exe
  C:\Windows\System\WsWbvFo.exe
  2⤵
  PID:12416
- C:\Windows\System\ojsEbvf.exe
  C:\Windows\System\ojsEbvf.exe
  2⤵
  PID:12460
- C:\Windows\System\WnexcgW.exe
  C:\Windows\System\WnexcgW.exe
  2⤵
  PID:12492
- C:\Windows\System\IfBSDwU.exe
  C:\Windows\System\IfBSDwU.exe
  2⤵
  PID:12548
- C:\Windows\System\EiVktWg.exe
  C:\Windows\System\EiVktWg.exe
  2⤵
  PID:12568
- C:\Windows\System\lUxyWyR.exe
  C:\Windows\System\lUxyWyR.exe
  2⤵
  PID:12608
- C:\Windows\System\jfzWobg.exe
  C:\Windows\System\jfzWobg.exe
  2⤵
  PID:12636
- C:\Windows\System\svLvrVU.exe
  C:\Windows\System\svLvrVU.exe
  2⤵
  PID:12652
- C:\Windows\System\CsbwzkU.exe
  C:\Windows\System\CsbwzkU.exe
  2⤵
  PID:12684
- C:\Windows\System\RQSfLjL.exe
  C:\Windows\System\RQSfLjL.exe
  2⤵
  PID:12704
- C:\Windows\System\dRwDqEw.exe
  C:\Windows\System\dRwDqEw.exe
  2⤵
  PID:12724
- C:\Windows\System\warwnqp.exe
  C:\Windows\System\warwnqp.exe
  2⤵
  PID:12780
- C:\Windows\System\idlLHdm.exe
  C:\Windows\System\idlLHdm.exe
  2⤵
  PID:12796
- C:\Windows\System\BDRVoKX.exe
  C:\Windows\System\BDRVoKX.exe
  2⤵
  PID:12820
- C:\Windows\System\qfKjpse.exe
  C:\Windows\System\qfKjpse.exe
  2⤵
  PID:12844
- C:\Windows\System\bMfefrN.exe
  C:\Windows\System\bMfefrN.exe
  2⤵
  PID:12864
- C:\Windows\System\jHltqBM.exe
  C:\Windows\System\jHltqBM.exe
  2⤵
  PID:12892
- C:\Windows\System\pnjfeQQ.exe
  C:\Windows\System\pnjfeQQ.exe
  2⤵
  PID:12912
- C:\Windows\System\HuZUHfd.exe
  C:\Windows\System\HuZUHfd.exe
  2⤵
  PID:12936
- C:\Windows\System\VVkoQje.exe
  C:\Windows\System\VVkoQje.exe
  2⤵
  PID:12952
- C:\Windows\System\RBZxZdE.exe
  C:\Windows\System\RBZxZdE.exe
  2⤵
  PID:12988
- C:\Windows\System\vvSDhEV.exe
  C:\Windows\System\vvSDhEV.exe
  2⤵
  PID:13060
- C:\Windows\System\VUdDruG.exe
  C:\Windows\System\VUdDruG.exe
  2⤵
  PID:13088
- C:\Windows\System\zeospbG.exe
  C:\Windows\System\zeospbG.exe
  2⤵
  PID:13104
- C:\Windows\System\WuIDrRF.exe
  C:\Windows\System\WuIDrRF.exe
  2⤵
  PID:13124
- C:\Windows\System\ALgmIZY.exe
  C:\Windows\System\ALgmIZY.exe
  2⤵
  PID:13144
- C:\Windows\System\FkvZPMp.exe
  C:\Windows\System\FkvZPMp.exe
  2⤵
  PID:13176
- C:\Windows\System\qSewKeP.exe
  C:\Windows\System\qSewKeP.exe
  2⤵
  PID:13228
- C:\Windows\System\ECJFfyZ.exe
  C:\Windows\System\ECJFfyZ.exe
  2⤵
  PID:13256
- C:\Windows\System\FXiwiho.exe
  C:\Windows\System\FXiwiho.exe
  2⤵
  PID:13276
- C:\Windows\System\muZVmeT.exe
  C:\Windows\System\muZVmeT.exe
  2⤵
  PID:13300
- C:\Windows\System\wZdAwfZ.exe
  C:\Windows\System\wZdAwfZ.exe
  2⤵
  PID:4700
- C:\Windows\System\VWUVUCu.exe
  C:\Windows\System\VWUVUCu.exe
  2⤵
  PID:12352
- C:\Windows\System\gxuPqPS.exe
  C:\Windows\System\gxuPqPS.exe
  2⤵
  PID:12392
- C:\Windows\System\lqQTmTb.exe
  C:\Windows\System\lqQTmTb.exe
  2⤵
  PID:12448
- C:\Windows\System\UJccaCV.exe
  C:\Windows\System\UJccaCV.exe
  2⤵
  PID:12524
- C:\Windows\System\jSyJmKm.exe
  C:\Windows\System\jSyJmKm.exe
  2⤵
  PID:12604
- C:\Windows\System\OnxYfWP.exe
  C:\Windows\System\OnxYfWP.exe
  2⤵
  PID:12696
- C:\Windows\System\UJikWZJ.exe
  C:\Windows\System\UJikWZJ.exe
  2⤵
  PID:12692
- C:\Windows\System\LVrfdcr.exe
  C:\Windows\System\LVrfdcr.exe
  2⤵
  PID:12768
- C:\Windows\System\IyxTrUH.exe
  C:\Windows\System\IyxTrUH.exe
  2⤵
  PID:12812
- C:\Windows\System\ofXMjHY.exe
  C:\Windows\System\ofXMjHY.exe
  2⤵
  PID:12924
- C:\Windows\System\GDEWOip.exe
  C:\Windows\System\GDEWOip.exe
  2⤵
  PID:12980
- C:\Windows\System\DqpnCwa.exe
  C:\Windows\System\DqpnCwa.exe
  2⤵
  PID:13076
- C:\Windows\System\CZCmvEf.exe
  C:\Windows\System\CZCmvEf.exe
  2⤵
  PID:13140
- C:\Windows\System\YhtObhK.exe
  C:\Windows\System\YhtObhK.exe
  2⤵
  PID:13224
- C:\Windows\System\cCaeRcX.exe
  C:\Windows\System\cCaeRcX.exe
  2⤵
  PID:13268
- C:\Windows\System\CkqBOVa.exe
  C:\Windows\System\CkqBOVa.exe
  2⤵
  PID:13308
- C:\Windows\System\FxqQylX.exe
  C:\Windows\System\FxqQylX.exe
  2⤵
  PID:3364
- C:\Windows\System\dgTNqbr.exe
  C:\Windows\System\dgTNqbr.exe
  2⤵
  PID:12556
- C:\Windows\System\XsXNSPd.exe
  C:\Windows\System\XsXNSPd.exe
  2⤵
  PID:12668
- C:\Windows\System\bTUaJfL.exe
  C:\Windows\System\bTUaJfL.exe
  2⤵
  PID:12772
- C:\Windows\System\FRWtrpg.exe
  C:\Windows\System\FRWtrpg.exe
  2⤵
  PID:12880
- C:\Windows\System\XhzlQOX.exe
  C:\Windows\System\XhzlQOX.exe
  2⤵
  PID:2920
- C:\Windows\System\bZHXNTI.exe
  C:\Windows\System\bZHXNTI.exe
  2⤵
  PID:13112
- C:\Windows\System\sgAkvyb.exe
  C:\Windows\System\sgAkvyb.exe
  2⤵
  PID:4912
- C:\Windows\System\QHCqzDu.exe
  C:\Windows\System\QHCqzDu.exe
  2⤵
  PID:1472
- C:\Windows\System\khAhZtO.exe
  C:\Windows\System\khAhZtO.exe
  2⤵
  PID:12664
- C:\Windows\System\jjQmkbN.exe
  C:\Windows\System\jjQmkbN.exe
  2⤵
  PID:4316
- C:\Windows\System\inIpFZb.exe
  C:\Windows\System\inIpFZb.exe
  2⤵
  PID:13096
- C:\Windows\System\BEwisGH.exe
  C:\Windows\System\BEwisGH.exe
  2⤵
  PID:12472
- C:\Windows\System\JAPQyqK.exe
  C:\Windows\System\JAPQyqK.exe
  2⤵
  PID:12712
- C:\Windows\System\TipfZJC.exe
  C:\Windows\System\TipfZJC.exe
  2⤵
  PID:1832
- C:\Windows\System\XLOdFwP.exe
  C:\Windows\System\XLOdFwP.exe
  2⤵
  PID:13340
- C:\Windows\System\RVHOWHd.exe
  C:\Windows\System\RVHOWHd.exe
  2⤵
  PID:13384
- C:\Windows\System\caRFjtC.exe
  C:\Windows\System\caRFjtC.exe
  2⤵
  PID:13412
- C:\Windows\System\DTDWnbP.exe
  C:\Windows\System\DTDWnbP.exe
  2⤵
  PID:13428
- C:\Windows\System\PJhCDQo.exe
  C:\Windows\System\PJhCDQo.exe
  2⤵
  PID:13456
- C:\Windows\System\nlZbJmW.exe
  C:\Windows\System\nlZbJmW.exe
  2⤵
  PID:13496
- C:\Windows\System\ZMheuat.exe
  C:\Windows\System\ZMheuat.exe
  2⤵
  PID:13532
- C:\Windows\System\yHaHhtH.exe
  C:\Windows\System\yHaHhtH.exe
  2⤵
  PID:13552
- C:\Windows\System\ilTohVi.exe
  C:\Windows\System\ilTohVi.exe
  2⤵
  PID:13584
- C:\Windows\System\KYqJrMR.exe
  C:\Windows\System\KYqJrMR.exe
  2⤵
  PID:13600
- C:\Windows\System\uPPRCVQ.exe
  C:\Windows\System\uPPRCVQ.exe
  2⤵
  PID:13632
- C:\Windows\System\esrHaqF.exe
  C:\Windows\System\esrHaqF.exe
  2⤵
  PID:13656
- C:\Windows\System\AbDuSvX.exe
  C:\Windows\System\AbDuSvX.exe
  2⤵
  PID:13680
- C:\Windows\System\OYefwcP.exe
  C:\Windows\System\OYefwcP.exe
  2⤵
  PID:13764
- C:\Windows\System\FOnLpQc.exe
  C:\Windows\System\FOnLpQc.exe
  2⤵
  PID:13780
- C:\Windows\System\IDIjEce.exe
  C:\Windows\System\IDIjEce.exe
  2⤵
  PID:13796
- C:\Windows\System\jBYbakq.exe
  C:\Windows\System\jBYbakq.exe
  2⤵
  PID:13840
- C:\Windows\System\GBOLhek.exe
  C:\Windows\System\GBOLhek.exe
  2⤵
  PID:13884
- C:\Windows\System\QbyXtiF.exe
  C:\Windows\System\QbyXtiF.exe
  2⤵
  PID:13908
- C:\Windows\System\DykOijA.exe
  C:\Windows\System\DykOijA.exe
  2⤵
  PID:13956
- C:\Windows\System\McQDmGz.exe
  C:\Windows\System\McQDmGz.exe
  2⤵
  PID:13976
- C:\Windows\System\UPltNKa.exe
  C:\Windows\System\UPltNKa.exe
  2⤵
  PID:13996
- C:\Windows\System\pKPgPqf.exe
  C:\Windows\System\pKPgPqf.exe
  2⤵
  PID:14024
- C:\Windows\System\rBHObHc.exe
  C:\Windows\System\rBHObHc.exe
  2⤵
  PID:14076
- C:\Windows\System\QyOGrkv.exe
  C:\Windows\System\QyOGrkv.exe
  2⤵
  PID:14100
- C:\Windows\System\kjySink.exe
  C:\Windows\System\kjySink.exe
  2⤵
  PID:14124
- C:\Windows\System\EgbxAbk.exe
  C:\Windows\System\EgbxAbk.exe
  2⤵
  PID:14152
- C:\Windows\System\eoZPiZy.exe
  C:\Windows\System\eoZPiZy.exe
  2⤵
  PID:14184
- C:\Windows\System\efkckuB.exe
  C:\Windows\System\efkckuB.exe
  2⤵
  PID:14212
- C:\Windows\System\gnJtMpG.exe
  C:\Windows\System\gnJtMpG.exe
  2⤵
  PID:14244
- C:\Windows\System\hNyzelU.exe
  C:\Windows\System\hNyzelU.exe
  2⤵
  PID:14292
- C:\Windows\System\oceqCGW.exe
  C:\Windows\System\oceqCGW.exe
  2⤵
  PID:14316
- C:\Windows\System\vOworsx.exe
  C:\Windows\System\vOworsx.exe
  2⤵
  PID:13376
- C:\Windows\System\uWuPqXk.exe
  C:\Windows\System\uWuPqXk.exe
  2⤵
  PID:13444
- C:\Windows\System\DwchNKn.exe
  C:\Windows\System\DwchNKn.exe
  2⤵
  PID:13492
- C:\Windows\System\KLLJWIA.exe
  C:\Windows\System\KLLJWIA.exe
  2⤵
  PID:13544
- C:\Windows\System\yQzEzvR.exe
  C:\Windows\System\yQzEzvR.exe
  2⤵
  PID:13652
- C:\Windows\System\loAguvO.exe
  C:\Windows\System\loAguvO.exe
  2⤵
  PID:13744
- C:\Windows\System\gzZUeCZ.exe
  C:\Windows\System\gzZUeCZ.exe
  2⤵
  PID:13792
- C:\Windows\System\qpnQmMf.exe
  C:\Windows\System\qpnQmMf.exe
  2⤵
  PID:13864
- C:\Windows\System\SYWHdTB.exe
  C:\Windows\System\SYWHdTB.exe
  2⤵
  PID:13968
- C:\Windows\System\DPmqwuv.exe
  C:\Windows\System\DPmqwuv.exe
  2⤵
  PID:14016
- C:\Windows\System\qMvlsbK.exe
  C:\Windows\System\qMvlsbK.exe
  2⤵
  PID:14092
- C:\Windows\System\FlLtNDv.exe
  C:\Windows\System\FlLtNDv.exe
  2⤵
  PID:14180
- C:\Windows\System\RhBojRR.exe
  C:\Windows\System\RhBojRR.exe
  2⤵
  PID:14228
- C:\Windows\System\PZWMCRo.exe
  C:\Windows\System\PZWMCRo.exe
  2⤵
  PID:14284
- C:\Windows\System\MpSRZgm.exe
  C:\Windows\System\MpSRZgm.exe
  2⤵
  PID:13404
- C:\Windows\System\XMogGnw.exe
  C:\Windows\System\XMogGnw.exe
  2⤵
  PID:13720
- C:\Windows\System\wMNumna.exe
  C:\Windows\System\wMNumna.exe
  2⤵
  PID:13832
- C:\Windows\System\gINAXvl.exe
  C:\Windows\System\gINAXvl.exe
  2⤵
  PID:13944

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CLnFQEb.exe

Filesize
1.7MB

MD5
54b9a5bd34f8bed1c01699b679ff7528

SHA1
45f82878aefa8c8fdc6bc8718b5cb7bfa4ab1ca4

SHA256
d3b7b5b931f7dcff03ededae1f8fde92da2d526ba017c4a45210da59a43ac363

SHA512
77947711c4a3cefaa69c683cf7eb642e43d4cd1b84fca579e666f996368cc96ca30c86acae202e1f3ced9fabfff64f29ed2a712ce8b7388a561dc2184ff29adf

Download Submit
C:\Windows\System\CUHozZM.exe

Filesize
1.7MB

MD5
de850b1da5378edab45d4a8b57b9273a

SHA1
cf76361c5339109af68111c3aa846f8fc9569966

SHA256
d9c7d033692c1c493f1202315fdfc70c57a53f63474cd79546d582542dd64fc8

SHA512
dde9ffa3c600fd9d14497611ee082a715e28a8dde3b1dac1e5cac5de9b3239480c36f87efcbe98a6cee83910d42f1f4b6460058ba4a552e82d51b1c9f2aac30a

Download Submit
C:\Windows\System\DnzqcDu.exe

Filesize
1.7MB

MD5
6faf7550d862ab4ec09c258d47fcfd7c

SHA1
ddc6e184761f752ce166c2fda8a33934203e4d6b

SHA256
ff7c06aa03b089a6b4bb8415af2648d04568c3d597004db5f5169c925de2cd72

SHA512
16e9bdaa9b27f1e8eaf477bd2734795d6bb22e4d1eefb3254e7a2a691d1e41961221c2d9a9356ab11b20cc8e4a6f7f9b9ee19b81f21b569936311380a0cb2b1d

Download Submit
C:\Windows\System\FNrCPdg.exe

Filesize
1.7MB

MD5
d5250ff77945583ef6cb4aa92e7fc194

SHA1
608884ec3a6c4111ea9ee379874c4496e4df8815

SHA256
0f67697f3dae96d94b278e922f4a52c4ee894b5830bd9b52962daa8ace7c6359

SHA512
1a6db892c0e7ef1ab134be57845467884706f4668510641c71b623d0b74e3ad05dfa78653ac3a37aca884b8653f5aef02075da1561d72aee9d059db6288fcaed

Download Submit
C:\Windows\System\FlnkPGV.exe

Filesize
1.7MB

MD5
6bfccff173addfa58903dadd1d07dcfd

SHA1
7ab55cafb8db837b61ccfced0e717557d0eccf08

SHA256
ee27303ea85676e1800196410aaaa50de7b8c4442a6eb54a56cd039648f38d1d

SHA512
1688bc2be7103a502907142722db93790078e4f6870ae3339a7672a24ed9c0e2373ca45f03c8806c20c58c59bd8825a39e61e3b632d086b440370c0931b94ab9

Download Submit
C:\Windows\System\GLpniFS.exe

Filesize
1.7MB

MD5
81caf0aff4f26404bfea9d5a3bc17c1f

SHA1
6de23e82d29d23f3e3e8d00a3bb52680851684da

SHA256
4549d5d8e0c6ccd434931c771615f3f9ffa135ca820973cff0d34017755d502c

SHA512
76bd0489471351126aedd2d62345083984598ffa6197fb997f0f2779755fae526b0615c5228aa4673c1feaa9ec3355f36d7e234f9b9c6d473099b3b2450a6726

Download Submit
C:\Windows\System\KOudCuh.exe

Filesize
1.7MB

MD5
b3b71dff32abccb249ff47ac32e8497b

SHA1
b071ec41c6d596993c29d181361ffab733a48cbd

SHA256
8464e4e209af2dc2f8ab2601938fda921aadc235e975be2adba9ccd10550fd3e

SHA512
ebb722b944d672975f264beb39434d153daa2298732766ee0faa870b70b064e2e0a529868cf4a1b09768a9b707d1c9627f47be2d12685ee5d9debf0eedb5740d

Download Submit
C:\Windows\System\LTFwLIu.exe

Filesize
1.7MB

MD5
bf7af2cef9ec6a9b85287a1f31b134f7

SHA1
b0f9796e4a04d7d07fb67eae6fd6102049bad629

SHA256
42feb2b183a8b5f4983d350f67f799e9fae52afef44c325cdc933c817e42ce05

SHA512
b9d86391d17c1f2ff0b6518fed027289f7ebafc36f72a1d9dbe81d1161f1d83d660f03308faa59eabcff7b7d5b0b0f72e6a900174f13f27283504f064405eb79

Download Submit
C:\Windows\System\MmsxPyV.exe

Filesize
1.7MB

MD5
d61ca5ea5b9d816edf902ac6cd175877

SHA1
318b50a15f36b0c2fd4b62b5ede5e89b3a95485d

SHA256
71140d560f7b36c177992b786db51f1876da442da62d0fb7795c9a34263c205c

SHA512
46837ebc1332573ee935735ad749560deb4244fd63ce7e2fba6d51f425379633dc835586d9593d10528f6e120ec996cc7e15e9cb1e057cbb4bd199ea273ab0b6

Download Submit
C:\Windows\System\MurObGy.exe

Filesize
1.7MB

MD5
a0dab16eb7e81944e38d386cd612002b

SHA1
9262b167fc2eae869ecfa27ae8a7ea195e837781

SHA256
51c9c579105ad0762e1cc44b63000948b1e8ac0c7e5d0e9a635808c7e109f8da

SHA512
d54302bb5928a8d23887bf0ceb04e959b248826f5d4f0a4f3a11d4fd569e4d27623c9ac57699d9a503d3ccec48a012fbd31a6f7c188032951865a259f8ec8fe5

Download Submit
C:\Windows\System\NyILCpw.exe

Filesize
1.7MB

MD5
ea7e8c250a18eaf840ac2d7acff83b0e

SHA1
4e42b9f1e35b278faaf201f18eac2d5b788de9e1

SHA256
8c2e2e4acca3a90b108568ccb234529da1e734925854c48685fcfa0f87627675

SHA512
66637eb41919b92a246b728b215d7b0d730b43139a0a30a0c1c22483be9e8e6141ea9b8a8805e7710b1643c01cb9a45e2e9cd8c2629e7688dc7ece72c8353867

Download Submit
C:\Windows\System\OlBQXWC.exe

Filesize
1.7MB

MD5
07cda92f41e4adce4395efa0a4ad9ba3

SHA1
18c1612356476699f1a2d016ec30212d42c12b2b

SHA256
4d5a4053ef8c99b3a0cdff37a19110f9b0de09f8e24033dd1b303b240407cc1e

SHA512
d5389c570c389d87140b679a45de290d6c0b264116e410ce9a27494c8ffbc56d603d0f315acb5736ce6f73700131953d22521ed70bfd1955f948b696f34e9949

Download Submit
C:\Windows\System\Savzcqp.exe

Filesize
1.7MB

MD5
f22ebe1a8ddc53281be4896e4bfd7432

SHA1
e52a45477157250359157b0fdf588cb659622c43

SHA256
927a32c93f90030d7063e51964eec27b43f251a4761b3d51335c09bc673a760f

SHA512
5a37093050df112a1e2ce500b0681f231d15958d021c5f3043ce92c4db514880650faf5e4387842dc1669855bd9306f6b3efd08e027d5905822edf9c7613de61

Download Submit
C:\Windows\System\SpVviOb.exe

Filesize
1.7MB

MD5
6f322ee168c2f99ce15972aa5797954e

SHA1
1635a006b64e2f34a0bf886e44752c1f61aa1987

SHA256
13965f0ce746c880ac821f728acafda3983e304522df187bda54018d6c389dfc

SHA512
3a898f7dcfd5104e4b11105f2a015ea01d1d6e8e41ab5fdf0e9e7de2462dbb64193749f4a2088fe639ba03cc7217ff17f3bb110addac4b1dc2c8f772c073ffad

Download Submit
C:\Windows\System\aXoScux.exe

Filesize
1.7MB

MD5
8c3c526809370f82bda422daf681a04e

SHA1
3d737e6f132c9303a2094bcdf77d9a1ba1c21160

SHA256
6deb7639fb6009b4f09a2e57d1bf02bbd62bc1503f941a5b1a0b64fed41c5869

SHA512
329f37cfb55749e81869027c384748ce53094d4f19fc12426afe9f836e363a5528f5e9c07aaf273564e9246d99625d38566446d7b5c0dbc10d1dc968cc9b4653

Download Submit
C:\Windows\System\fmWnVLn.exe

Filesize
1.7MB

MD5
452667ad475ee47dc4096b0715520509

SHA1
b69e8db57907a5ca6ca75aff5c8625212f09f361

SHA256
2c3548d21591a32eb6c187da7dfef4fcca7cff443574e920e96f8a2d4a0816b8

SHA512
9054053b2c9c5f2512441645cbd324d201f7cbb0a35d92b4f8c2383b92ad19e825826dd034c04050be1df75ca244e1bb3edee0d3a7caa1c15d9848208a9e161e

Download Submit
C:\Windows\System\fsXyOae.exe

Filesize
1.7MB

MD5
a1330d7a6d75ea390aa338f17eadd190

SHA1
a1e7afce731f7893bf27665b9acadeb4f20f0218

SHA256
018a28ba669c1f9ac55ca59df0844f987f7fe97dba884e4e51df0585ec41b25e

SHA512
7d317ee6c133c632deb7a2c9838a3da48e507f6f7f45b3044518ce9337c4f0bb23baa9f54a6af614622579e197ee77533571498da8681392d0a6f3eaa320310f

Download Submit
C:\Windows\System\fyFLJqU.exe

Filesize
1.7MB

MD5
3726ccb959dd5048a657f51438631b96

SHA1
44e467fe99d3d26b6c04679b146e555d741e745d

SHA256
4bb18c25a7312e871c14974cd7c3d69a1d10ab960f48cf47f07f2c70fb33816f

SHA512
facfc40274d06f51f4d505147694ca7fd4def550c13b7c1caf904df79de563bfd17f80a0c9f0e171e31be169a7b994539b911ea48163d8c514adf02dd431d420

Download Submit
C:\Windows\System\gVJrBXO.exe

Filesize
1.7MB

MD5
74763d29a91325e0e7d3495182127fd6

SHA1
8490760655790b9fedd6ecf0eef37a5093e87e39

SHA256
bf2a7c78bcd68d82d78b369fd18b124933b1bc9330b72f921a3a696810d463c6

SHA512
977cee9bf2cc66a9255a33e993ddc5f4a7b37622e4988dc6e1c2964995f72e191d0904660217d916a1c2a7dff88defa185aae49163abb3eced0e7e58bc72d417

Download Submit
C:\Windows\System\ggislVx.exe

Filesize
1.7MB

MD5
578d42469198e8529b4ff1e261a8bc11

SHA1
153b9ed447625498cc39bf4a138ebaec104bb62a

SHA256
20a816c569498f8ab30e14e3cd2870ef8bbc1852d0f03a6497b32cd63b439d5f

SHA512
8d971512c60125938251f0d0583dd178c9c360e10c1fe7eefe289860b244517b6b557aec2135b6e7f070090bea82f7622c4d750e21f2bb00400e94a6349bb4dd

Download Submit
C:\Windows\System\gmbaAIh.exe

Filesize
1.7MB

MD5
535c3927caf55fd5baa0fcf9a31e6211

SHA1
8f37cbb7939610a267ff2bc45895d7501d4debc4

SHA256
0359440d7d0462bb17845b7917b5f21a3f73827dd47fdae8eeef2b5430ca5347

SHA512
5ce4b45625c92c1b48671cbb06916b6b1ab49d564805e7cc5a9e972cbed25d481f0986fbaefe2091961bec8025b9f0c960d2443be32c83490e537bdd45bc892b

Download Submit
C:\Windows\System\hEClTYn.exe

Filesize
1.7MB

MD5
116d1f6205ac36c54e06070341793baf

SHA1
9183061c2c5ffa20cae24373a02a7be6ada11057

SHA256
38a73645d48a25e676e2c48990a92c1e91776e170f73f1bcbd6d0660280eaa03

SHA512
19e09e1aa6ea42850ac79fc96bca78afb170e469b36ffc5295f96391272c8542a60408878e0b7f683bddfa68c5922db162f573e4efa5258699a920e5a91173ae

Download Submit
C:\Windows\System\ikskkGC.exe

Filesize
1.7MB

MD5
98492bb81932d74c336546f54ef522fa

SHA1
7ccc43badacfb20c572ea88f1dab748b5bb628c5

SHA256
96ee4092c3f544b1fea2f2fadbf5b80d75d0d68b16bc8f397e67a0123677d030

SHA512
154150e42d4ce41f1c0499d90e8bafa1aca8a8ef17e8d4fe1b34a778f032736cf4a811287217f079abfaf118ce6482caa435ba07df77ac74a01a472c57d37fa6

Download Submit
C:\Windows\System\jORXxiH.exe

Filesize
1.7MB

MD5
e8ef6d77f123303e18bc992ae9ad50cb

SHA1
40bcc0464ec9db83d0c659c9d9fa1698c374a102

SHA256
2c5bf1f5eaf69478244c2b6c9e0c9e189073e81d0ebb3346f7e7d79a8e9b38b1

SHA512
72724d3ab919a40672aa1237b57ef803779e06953d4b1b096031fe748d469c12eb0d2d3354b5453729dbb5443cb941407cfa7829c039743f757f9a2750bf45d9

Download Submit
C:\Windows\System\pmRYQdP.exe

Filesize
1.7MB

MD5
391cfc6a2ed75e47628b92ebbb551c8b

SHA1
fcfdbb43675d50cc4d9e975ae76a8566e7eb35b1

SHA256
fff6458615e4e7e21ebb2d4eeef1e1eeb8bac09b4e2d0119a1db6550e1c32ed5

SHA512
5fe9a4875bd9b06a5cf4ee55c30e1b6923f25ac8678eb1a4d0a951b7a5cd60a7a32c892059d1d9830d51a051c126cba78517b7bfec07fa86391a45a5af74a084

Download Submit
C:\Windows\System\ruYquOM.exe

Filesize
1.7MB

MD5
800cafc7be400b2c620334df00a7d5a0

SHA1
78a33b0fc9a5d929c4286d69cdf0fee9d8abd012

SHA256
aea37faafa10e97666256b4e6a1603d99e505d9eff070cd8a20295e237e3abfd

SHA512
7c25361ae7b887d0c481ea6dfe9394f75a1333c22b257136bd5b573b3e45641c676f8d203f0e7be7e382441c8da34f708f2db5a76c2654de73d7f8198a93f247

Download Submit
C:\Windows\System\suDiiIs.exe

Filesize
1.7MB

MD5
13261d923d7f518339ba47c8b64116ad

SHA1
812f2ec22fb5575dc23febb694aa8fdd33e424ae

SHA256
1e9754b1f4e209bdabbb52cfd65213151f3e39fb7d983b78564491a477b2c228

SHA512
059eb50d73c1061e5023ddcf0e08f4d522d251463489edd870bc5487dd06f3bfec90717eed9e51c6761762b8c6f4ba43f6416e151e7a5ee367e7e33b92b37167

Download Submit
C:\Windows\System\uNDqIbn.exe

Filesize
1.7MB

MD5
e311b1ff6f623ef4fbda3fb5bf6fb6b9

SHA1
17d9f81149fe4e6ce990173995d6e3465d5a0fa4

SHA256
881726733b1bd61eccc2562c678627ebb9e1d87b20bdff9e04fed7681e55600f

SHA512
43dec6d57e382fed2b2c4d2de219845ba2f5997319c9c2a918316c4a736b0f37e3ee51b8549bdc307c59af28870c35de2fbe6aa52eb1390256bcd73defe3d7ea

Download Submit
C:\Windows\System\urroZDf.exe

Filesize
1.7MB

MD5
2f41b107d41878b549d57c0cc9f8390f

SHA1
1580661f0dff40b358e8f182a8af23461b8507d9

SHA256
7912cac55e8969255243a1f389b91503359da7f8fd992bd36a3f7113952d4187

SHA512
bf81042b7b9df8c3dba86c5ba75cdc6a49a24f4d0b485b72bda7bf426a21bdc94166493c0b01f10d48a829110373278be1daf4e5b2625c43022807deb4384774

Download Submit
C:\Windows\System\vguRsdc.exe

Filesize
1.7MB

MD5
a64121e45a9568f597457c4686b73833

SHA1
9df786b47ba3886215c46bc4071f18156b690cdf

SHA256
1c4abffb4176b28a4619e04b1f7ccddbbaf9a7f98d085984d40474de75214e4c

SHA512
41dcfdb0c4f2e8874183baf921ef16a31c01e6963a4918af7f960222f6c18af2a33c757f9387304cd94456b6515f689e387a85addeb7230f7748a84afb55ada4

Download Submit
C:\Windows\System\yCcBctx.exe

Filesize
1.7MB

MD5
22bb452488ddf4dc62526e011f60cbe4

SHA1
6fd593f615ef5c30383cd314217e3835905155f2

SHA256
44c8c15b8953136174ac36944c91d52b09983268bff1edfe028ff372f0748961

SHA512
cda17c99a52216ad78809830d8c98245d100d39d057eca55014eb81263da9bd193487532261427189c37c0a514ee82e595261d5fe706d005ffc66c6e30e349b0

Download Submit
C:\Windows\System\zfRAfQS.exe

Filesize
1.7MB

MD5
1ef2c1a3251e07a61d6f191ee52c5cc4

SHA1
e8086611ce533148c94edf0a27e32642937e39c6

SHA256
4643cc2c7487f37cdbd05b9a8cfe7ff36ab91eec5911d222d9545bfaf2b4565a

SHA512
6e3212e8554472836dafdae7981b5343afa53a90e4c9283ed871e0744bcf126c57784ab83d468a363f2c12777ff0e8607411f25d9a64ee13794b06d2492c3466

Download Submit
C:\Windows\System\zsEluMW.exe

Filesize
1.7MB

MD5
e3f350abf0e1337b42cffe6abbd91cd8

SHA1
a19c61d68100cf53bbfb7611d4ab1e584b53544d

SHA256
397353e6c3a238ed00009b17c509cfc840d312386da2dfe6007b949b9f426d32

SHA512
b45d4c52a250ebb4f768dc64888c35ae9e5724f15bf3edca4bdea3a72d04efb0a4d2a44e4466e8d8e8aa13ab903948baee189d0d3cb4b124038a6174b2525f4c

Download Submit
memory/652-37-0x00007FF6A88C0000-0x00007FF6A8C14000-memory.dmp

Filesize
3.3MB

Download
memory/652-2114-0x00007FF6A88C0000-0x00007FF6A8C14000-memory.dmp

Filesize
3.3MB

Download
memory/652-2119-0x00007FF6A88C0000-0x00007FF6A8C14000-memory.dmp

Filesize
3.3MB

Download
memory/884-2141-0x00007FF7BB010000-0x00007FF7BB364000-memory.dmp

Filesize
3.3MB

Download
memory/884-765-0x00007FF7BB010000-0x00007FF7BB364000-memory.dmp

Filesize
3.3MB

Download
memory/1048-2117-0x00007FF76B050000-0x00007FF76B3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-2111-0x00007FF76B050000-0x00007FF76B3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-28-0x00007FF76B050000-0x00007FF76B3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-2126-0x00007FF766F90000-0x00007FF7672E4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-766-0x00007FF766F90000-0x00007FF7672E4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2110-0x00007FF7190F0000-0x00007FF719444000-memory.dmp

Filesize
3.3MB

Download
memory/1164-17-0x00007FF7190F0000-0x00007FF719444000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2116-0x00007FF7190F0000-0x00007FF719444000-memory.dmp

Filesize
3.3MB

Download
memory/1200-2108-0x00007FF6F64E0000-0x00007FF6F6834000-memory.dmp

Filesize
3.3MB

Download
memory/1200-2115-0x00007FF6F64E0000-0x00007FF6F6834000-memory.dmp

Filesize
3.3MB

Download
memory/1200-14-0x00007FF6F64E0000-0x00007FF6F6834000-memory.dmp

Filesize
3.3MB

Download
memory/1328-770-0x00007FF6B4040000-0x00007FF6B4394000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2139-0x00007FF6B4040000-0x00007FF6B4394000-memory.dmp

Filesize
3.3MB

Download
memory/1564-2129-0x00007FF6F7530000-0x00007FF6F7884000-memory.dmp

Filesize
3.3MB

Download
memory/1564-796-0x00007FF6F7530000-0x00007FF6F7884000-memory.dmp

Filesize
3.3MB

Download
memory/1684-803-0x00007FF6DB3B0000-0x00007FF6DB704000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2134-0x00007FF6DB3B0000-0x00007FF6DB704000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2130-0x00007FF662330000-0x00007FF662684000-memory.dmp

Filesize
3.3MB

Download
memory/1848-793-0x00007FF662330000-0x00007FF662684000-memory.dmp

Filesize
3.3MB

Download
memory/1960-807-0x00007FF73CB50000-0x00007FF73CEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2137-0x00007FF73CB50000-0x00007FF73CEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2131-0x00007FF6D9880000-0x00007FF6D9BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-801-0x00007FF6D9880000-0x00007FF6D9BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2128-0x00007FF7A9420000-0x00007FF7A9774000-memory.dmp

Filesize
3.3MB

Download
memory/2364-791-0x00007FF7A9420000-0x00007FF7A9774000-memory.dmp

Filesize
3.3MB

Download
memory/2704-808-0x00007FF6AFD40000-0x00007FF6B0094000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2138-0x00007FF6AFD40000-0x00007FF6B0094000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2132-0x00007FF7CAC30000-0x00007FF7CAF84000-memory.dmp

Filesize
3.3MB

Download
memory/2820-802-0x00007FF7CAC30000-0x00007FF7CAF84000-memory.dmp

Filesize
3.3MB

Download
memory/3368-2120-0x00007FF73E830000-0x00007FF73EB84000-memory.dmp

Filesize
3.3MB

Download
memory/3368-2113-0x00007FF73E830000-0x00007FF73EB84000-memory.dmp

Filesize
3.3MB

Download
memory/3368-36-0x00007FF73E830000-0x00007FF73EB84000-memory.dmp

Filesize
3.3MB

Download
memory/3600-787-0x00007FF782400000-0x00007FF782754000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2143-0x00007FF782400000-0x00007FF782754000-memory.dmp

Filesize
3.3MB

Download
memory/3664-749-0x00007FF697FD0000-0x00007FF698324000-memory.dmp

Filesize
3.3MB

Download
memory/3664-2124-0x00007FF697FD0000-0x00007FF698324000-memory.dmp

Filesize
3.3MB

Download
memory/3848-2136-0x00007FF76BFF0000-0x00007FF76C344000-memory.dmp

Filesize
3.3MB

Download
memory/3848-805-0x00007FF76BFF0000-0x00007FF76C344000-memory.dmp

Filesize
3.3MB

Download
memory/3912-2121-0x00007FF7D8DB0000-0x00007FF7D9104000-memory.dmp

Filesize
3.3MB

Download
memory/3912-759-0x00007FF7D8DB0000-0x00007FF7D9104000-memory.dmp

Filesize
3.3MB

Download
memory/3976-788-0x00007FF691690000-0x00007FF6919E4000-memory.dmp

Filesize
3.3MB

Download
memory/3976-2140-0x00007FF691690000-0x00007FF6919E4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-1-0x00000254C3FA0000-0x00000254C3FB0000-memory.dmp

Filesize
64KB

Download
memory/4092-0-0x00007FF752140000-0x00007FF752494000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2109-0x00007FF752140000-0x00007FF752494000-memory.dmp

Filesize
3.3MB

Download
memory/4112-762-0x00007FF77F720000-0x00007FF77FA74000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2123-0x00007FF77F720000-0x00007FF77FA74000-memory.dmp

Filesize
3.3MB

Download
memory/4116-2122-0x00007FF634940000-0x00007FF634C94000-memory.dmp

Filesize
3.3MB

Download
memory/4116-741-0x00007FF634940000-0x00007FF634C94000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2112-0x00007FF7A1200000-0x00007FF7A1554000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2118-0x00007FF7A1200000-0x00007FF7A1554000-memory.dmp

Filesize
3.3MB

Download
memory/4496-30-0x00007FF7A1200000-0x00007FF7A1554000-memory.dmp

Filesize
3.3MB

Download
memory/4640-804-0x00007FF7DA390000-0x00007FF7DA6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-2135-0x00007FF7DA390000-0x00007FF7DA6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2133-0x00007FF7F55F0000-0x00007FF7F5944000-memory.dmp

Filesize
3.3MB

Download
memory/4692-806-0x00007FF7F55F0000-0x00007FF7F5944000-memory.dmp

Filesize
3.3MB

Download
memory/4928-809-0x00007FF75B810000-0x00007FF75BB64000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2127-0x00007FF75B810000-0x00007FF75BB64000-memory.dmp

Filesize
3.3MB

Download
memory/4992-774-0x00007FF6C55E0000-0x00007FF6C5934000-memory.dmp

Filesize
3.3MB

Download
memory/4992-2142-0x00007FF6C55E0000-0x00007FF6C5934000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2125-0x00007FF7E4200000-0x00007FF7E4554000-memory.dmp

Filesize
3.3MB

Download
memory/5088-752-0x00007FF7E4200000-0x00007FF7E4554000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads