xmrig | 65cf1d9ab0bc812669c42588a0a000dc57327ee986d3de26689f3e4fe3580e61

Analysis

max time kernel
141s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
Size

1.9MB
MD5

2d5ca1447313ea65be5a0485b30df4d0
SHA1

7dd473f8af6336432b20e74e89644c130f96ee5e
SHA256

65cf1d9ab0bc812669c42588a0a000dc57327ee986d3de26689f3e4fe3580e61
SHA512

56429c45861e54444868a23204eb2dfd6e47309c1608ce77a47ba02b23b097c493cf788405f4b1c2c4a7f95331415b9c6e30a933ac4eabefe5925c9609b881e4
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wISK9NcHFjG:BemTLkNdfE0pZrl

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2836-0-0x00007FF768930000-0x00007FF768C84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023288-5.dat	xmrig
behavioral2/files/0x0008000000023404-12.dat	xmrig
behavioral2/memory/4208-10-0x00007FF6DAD80000-0x00007FF6DB0D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-9.dat	xmrig
behavioral2/memory/944-17-0x00007FF684EF0000-0x00007FF685244000-memory.dmp	xmrig
behavioral2/memory/3840-22-0x00007FF62FB90000-0x00007FF62FEE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-25.dat	xmrig
behavioral2/files/0x000700000002340a-29.dat	xmrig
behavioral2/memory/4776-33-0x00007FF6E3DC0000-0x00007FF6E4114000-memory.dmp	xmrig
behavioral2/memory/2880-41-0x00007FF7D7D10000-0x00007FF7D8064000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-42.dat	xmrig
behavioral2/files/0x000700000002340d-48.dat	xmrig
behavioral2/files/0x000700000002340f-56.dat	xmrig
behavioral2/files/0x0007000000023411-63.dat	xmrig
behavioral2/files/0x0007000000023415-85.dat	xmrig
behavioral2/files/0x0007000000023416-94.dat	xmrig
behavioral2/files/0x0007000000023419-111.dat	xmrig
behavioral2/files/0x000700000002341b-121.dat	xmrig
behavioral2/files/0x0007000000023421-143.dat	xmrig
behavioral2/files/0x0007000000023423-153.dat	xmrig
behavioral2/memory/4844-450-0x00007FF6D3CC0000-0x00007FF6D4014000-memory.dmp	xmrig
behavioral2/memory/3192-456-0x00007FF7CCA00000-0x00007FF7CCD54000-memory.dmp	xmrig
behavioral2/memory/3560-463-0x00007FF73F080000-0x00007FF73F3D4000-memory.dmp	xmrig
behavioral2/memory/2908-473-0x00007FF6033B0000-0x00007FF603704000-memory.dmp	xmrig
behavioral2/memory/3864-476-0x00007FF731730000-0x00007FF731A84000-memory.dmp	xmrig
behavioral2/memory/1224-479-0x00007FF66F570000-0x00007FF66F8C4000-memory.dmp	xmrig
behavioral2/memory/1140-471-0x00007FF7B38A0000-0x00007FF7B3BF4000-memory.dmp	xmrig
behavioral2/memory/3044-459-0x00007FF75D550000-0x00007FF75D8A4000-memory.dmp	xmrig
behavioral2/memory/4360-489-0x00007FF6D6600000-0x00007FF6D6954000-memory.dmp	xmrig
behavioral2/memory/776-497-0x00007FF6BC430000-0x00007FF6BC784000-memory.dmp	xmrig
behavioral2/memory/3920-513-0x00007FF65E1D0000-0x00007FF65E524000-memory.dmp	xmrig
behavioral2/memory/1544-514-0x00007FF751CB0000-0x00007FF752004000-memory.dmp	xmrig
behavioral2/memory/2816-515-0x00007FF7BCCD0000-0x00007FF7BD024000-memory.dmp	xmrig
behavioral2/memory/1584-516-0x00007FF609A10000-0x00007FF609D64000-memory.dmp	xmrig
behavioral2/memory/2016-510-0x00007FF7CE260000-0x00007FF7CE5B4000-memory.dmp	xmrig
behavioral2/memory/2352-517-0x00007FF651FD0000-0x00007FF652324000-memory.dmp	xmrig
behavioral2/memory/2580-505-0x00007FF7FFC00000-0x00007FF7FFF54000-memory.dmp	xmrig
behavioral2/memory/2540-518-0x00007FF778DD0000-0x00007FF779124000-memory.dmp	xmrig
behavioral2/memory/4284-502-0x00007FF665110000-0x00007FF665464000-memory.dmp	xmrig
behavioral2/memory/3688-519-0x00007FF6E2560000-0x00007FF6E28B4000-memory.dmp	xmrig
behavioral2/memory/844-520-0x00007FF74A430000-0x00007FF74A784000-memory.dmp	xmrig
behavioral2/memory/4624-522-0x00007FF6CBC40000-0x00007FF6CBF94000-memory.dmp	xmrig
behavioral2/memory/2204-521-0x00007FF6D9480000-0x00007FF6D97D4000-memory.dmp	xmrig
behavioral2/memory/1364-487-0x00007FF797B20000-0x00007FF797E74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-168.dat	xmrig
behavioral2/files/0x0007000000023424-166.dat	xmrig
behavioral2/files/0x0007000000023425-163.dat	xmrig
behavioral2/files/0x0007000000023422-156.dat	xmrig
behavioral2/files/0x0007000000023420-146.dat	xmrig
behavioral2/files/0x000700000002341f-141.dat	xmrig
behavioral2/files/0x000700000002341e-136.dat	xmrig
behavioral2/files/0x000700000002341d-131.dat	xmrig
behavioral2/files/0x000700000002341c-126.dat	xmrig
behavioral2/files/0x000700000002341a-116.dat	xmrig
behavioral2/files/0x0007000000023418-103.dat	xmrig
behavioral2/files/0x0007000000023417-99.dat	xmrig
behavioral2/files/0x0007000000023414-83.dat	xmrig
behavioral2/files/0x0007000000023413-79.dat	xmrig
behavioral2/files/0x0007000000023412-74.dat	xmrig
behavioral2/files/0x0007000000023410-64.dat	xmrig
behavioral2/files/0x000700000002340e-59.dat	xmrig
behavioral2/files/0x000700000002340b-44.dat	xmrig
behavioral2/memory/2836-2080-0x00007FF768930000-0x00007FF768C84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4208	wOGFkKU.exe
944	VdEflKJ.exe
3840	wLPUhaq.exe
4776	EZbzdZU.exe
2880	JSfaMmf.exe
2204	xhrqzTE.exe
4844	YfvYKjZ.exe
3192	ZoPDfML.exe
4624	RHSZXsy.exe
3044	FSPHpAB.exe
3560	TcAxmsZ.exe
1140	oVlQvDL.exe
2908	LrUjTiX.exe
3864	HcDYRAA.exe
1224	GRHZgVw.exe
1364	HnYDUxS.exe
4360	CkAQtLV.exe
776	VLIOrZb.exe
4284	shwRunB.exe
2580	egkBgHh.exe
2016	jKiJajZ.exe
3920	WuMGcPw.exe
1544	VKhqitq.exe
2816	tfoGPkM.exe
1584	ioKKoDP.exe
2352	gyNyToJ.exe
2540	QaAaHMg.exe
3688	muaVwdG.exe
844	AMuFWux.exe
3836	XOGwnhO.exe
2696	JADolpE.exe
2152	SyBuXSe.exe
2588	SCgXcmR.exe
4552	vKEAKuk.exe
4640	tMvQbke.exe
3552	AdCVxCT.exe
3468	qqVxwab.exe
1528	YNFddsl.exe
1452	xIxgaEa.exe
1848	KESIdSN.exe
2680	WTputIo.exe
4100	tzGQNCm.exe
4884	zFcAUsb.exe
2876	FcVwIdW.exe
2804	bXsXWkn.exe
2256	hZNhAbP.exe
4308	xtPEzUL.exe
2796	tQxRDqO.exe
3308	nLRoFRU.exe
1164	AtsPZjs.exe
1752	CZjhvEY.exe
4536	uvcNnfc.exe
4256	JcedkDC.exe
3584	Fviefmw.exe
2864	HEbuvSj.exe
2080	XNDbrYY.exe
3880	AjFKzuR.exe
4724	vBeVuBZ.exe
3696	QZkdSPO.exe
4296	NkwvMBb.exe
3636	xmYkTKv.exe
1960	AsAtgMt.exe
4332	XJegcZW.exe
2828	wuAdoPQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2836-0-0x00007FF768930000-0x00007FF768C84000-memory.dmp	upx
behavioral2/files/0x0007000000023288-5.dat	upx
behavioral2/files/0x0008000000023404-12.dat	upx
behavioral2/memory/4208-10-0x00007FF6DAD80000-0x00007FF6DB0D4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-9.dat	upx
behavioral2/memory/944-17-0x00007FF684EF0000-0x00007FF685244000-memory.dmp	upx
behavioral2/memory/3840-22-0x00007FF62FB90000-0x00007FF62FEE4000-memory.dmp	upx
behavioral2/files/0x0007000000023409-25.dat	upx
behavioral2/files/0x000700000002340a-29.dat	upx
behavioral2/memory/4776-33-0x00007FF6E3DC0000-0x00007FF6E4114000-memory.dmp	upx
behavioral2/memory/2880-41-0x00007FF7D7D10000-0x00007FF7D8064000-memory.dmp	upx
behavioral2/files/0x000700000002340c-42.dat	upx
behavioral2/files/0x000700000002340d-48.dat	upx
behavioral2/files/0x000700000002340f-56.dat	upx
behavioral2/files/0x0007000000023411-63.dat	upx
behavioral2/files/0x0007000000023415-85.dat	upx
behavioral2/files/0x0007000000023416-94.dat	upx
behavioral2/files/0x0007000000023419-111.dat	upx
behavioral2/files/0x000700000002341b-121.dat	upx
behavioral2/files/0x0007000000023421-143.dat	upx
behavioral2/files/0x0007000000023423-153.dat	upx
behavioral2/memory/4844-450-0x00007FF6D3CC0000-0x00007FF6D4014000-memory.dmp	upx
behavioral2/memory/3192-456-0x00007FF7CCA00000-0x00007FF7CCD54000-memory.dmp	upx
behavioral2/memory/3560-463-0x00007FF73F080000-0x00007FF73F3D4000-memory.dmp	upx
behavioral2/memory/2908-473-0x00007FF6033B0000-0x00007FF603704000-memory.dmp	upx
behavioral2/memory/3864-476-0x00007FF731730000-0x00007FF731A84000-memory.dmp	upx
behavioral2/memory/1224-479-0x00007FF66F570000-0x00007FF66F8C4000-memory.dmp	upx
behavioral2/memory/1140-471-0x00007FF7B38A0000-0x00007FF7B3BF4000-memory.dmp	upx
behavioral2/memory/3044-459-0x00007FF75D550000-0x00007FF75D8A4000-memory.dmp	upx
behavioral2/memory/4360-489-0x00007FF6D6600000-0x00007FF6D6954000-memory.dmp	upx
behavioral2/memory/776-497-0x00007FF6BC430000-0x00007FF6BC784000-memory.dmp	upx
behavioral2/memory/3920-513-0x00007FF65E1D0000-0x00007FF65E524000-memory.dmp	upx
behavioral2/memory/1544-514-0x00007FF751CB0000-0x00007FF752004000-memory.dmp	upx
behavioral2/memory/2816-515-0x00007FF7BCCD0000-0x00007FF7BD024000-memory.dmp	upx
behavioral2/memory/1584-516-0x00007FF609A10000-0x00007FF609D64000-memory.dmp	upx
behavioral2/memory/2016-510-0x00007FF7CE260000-0x00007FF7CE5B4000-memory.dmp	upx
behavioral2/memory/2352-517-0x00007FF651FD0000-0x00007FF652324000-memory.dmp	upx
behavioral2/memory/2580-505-0x00007FF7FFC00000-0x00007FF7FFF54000-memory.dmp	upx
behavioral2/memory/2540-518-0x00007FF778DD0000-0x00007FF779124000-memory.dmp	upx
behavioral2/memory/4284-502-0x00007FF665110000-0x00007FF665464000-memory.dmp	upx
behavioral2/memory/3688-519-0x00007FF6E2560000-0x00007FF6E28B4000-memory.dmp	upx
behavioral2/memory/844-520-0x00007FF74A430000-0x00007FF74A784000-memory.dmp	upx
behavioral2/memory/4624-522-0x00007FF6CBC40000-0x00007FF6CBF94000-memory.dmp	upx
behavioral2/memory/2204-521-0x00007FF6D9480000-0x00007FF6D97D4000-memory.dmp	upx
behavioral2/memory/1364-487-0x00007FF797B20000-0x00007FF797E74000-memory.dmp	upx
behavioral2/files/0x0007000000023426-168.dat	upx
behavioral2/files/0x0007000000023424-166.dat	upx
behavioral2/files/0x0007000000023425-163.dat	upx
behavioral2/files/0x0007000000023422-156.dat	upx
behavioral2/files/0x0007000000023420-146.dat	upx
behavioral2/files/0x000700000002341f-141.dat	upx
behavioral2/files/0x000700000002341e-136.dat	upx
behavioral2/files/0x000700000002341d-131.dat	upx
behavioral2/files/0x000700000002341c-126.dat	upx
behavioral2/files/0x000700000002341a-116.dat	upx
behavioral2/files/0x0007000000023418-103.dat	upx
behavioral2/files/0x0007000000023417-99.dat	upx
behavioral2/files/0x0007000000023414-83.dat	upx
behavioral2/files/0x0007000000023413-79.dat	upx
behavioral2/files/0x0007000000023412-74.dat	upx
behavioral2/files/0x0007000000023410-64.dat	upx
behavioral2/files/0x000700000002340e-59.dat	upx
behavioral2/files/0x000700000002340b-44.dat	upx
behavioral2/memory/2836-2080-0x00007FF768930000-0x00007FF768C84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FIgiaUD.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\fxlwWBO.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\XsqlHRD.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\ytzrUQi.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\XvJpNOt.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\WoaeJkh.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\dkFMrWJ.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\PIgeOnb.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\wrJRyDe.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\eURAGDe.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\vvApFkM.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\VuyXEan.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\FzLPfql.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\Fbyasvi.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\hzvhfuP.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\hmyGOVF.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\kgpoRth.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\LdGtOtz.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\YRZwcig.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\AWKCnFy.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\EvOiUaO.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\NQlCMmx.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\wFsQkNc.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\WKalIrc.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\SwrMaRM.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\luSyPXf.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\utAhYoG.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\lzwYlGu.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\eaeJlae.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\jKiJajZ.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\cvUZIJr.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\tmseEwC.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\ReHaQRi.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\GuEfPmR.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\SoFziWU.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\sQrJfyh.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\evWzJdg.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\qpuSKpC.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\dHLifUu.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\MzQOiYs.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\RrIcYrX.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\SYfuQjm.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\FcRkdKO.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\SJXAjHF.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\iOGWJdy.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\yLpljhs.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\EmStSqI.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\Vprfpzu.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\drMzXuk.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\UTJdWcu.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\HaDElpP.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\cuoihhr.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\qLeONXU.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\fgVwkBb.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\fxrxrxS.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\oHttgZi.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\LZKCSia.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\SSXGBOf.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\EDGBTFX.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\nfcwPVl.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\buthkSB.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\EOoEMDH.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\AtsPZjs.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
File created	C:\Windows\System\IVgPUZM.exe	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4952	dwm.exe
Token: SeChangeNotifyPrivilege	4952	dwm.exe
Token: 33	4952	dwm.exe
Token: SeIncBasePriorityPrivilege	4952	dwm.exe
Token: SeShutdownPrivilege	4952	dwm.exe
Token: SeCreatePagefilePrivilege	4952	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 4208	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	84
PID 2836 wrote to memory of 4208	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	84
PID 2836 wrote to memory of 944	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	85
PID 2836 wrote to memory of 944	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	85
PID 2836 wrote to memory of 3840	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	86
PID 2836 wrote to memory of 3840	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	86
PID 2836 wrote to memory of 4776	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	87
PID 2836 wrote to memory of 4776	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	87
PID 2836 wrote to memory of 2880	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	88
PID 2836 wrote to memory of 2880	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	88
PID 2836 wrote to memory of 2204	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	89
PID 2836 wrote to memory of 2204	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	89
PID 2836 wrote to memory of 4844	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	90
PID 2836 wrote to memory of 4844	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	90
PID 2836 wrote to memory of 3192	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	91
PID 2836 wrote to memory of 3192	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	91
PID 2836 wrote to memory of 3044	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	92
PID 2836 wrote to memory of 3044	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	92
PID 2836 wrote to memory of 4624	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	93
PID 2836 wrote to memory of 4624	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	93
PID 2836 wrote to memory of 3560	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	94
PID 2836 wrote to memory of 3560	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	94
PID 2836 wrote to memory of 1140	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	95
PID 2836 wrote to memory of 1140	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	95
PID 2836 wrote to memory of 2908	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	96
PID 2836 wrote to memory of 2908	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	96
PID 2836 wrote to memory of 3864	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	97
PID 2836 wrote to memory of 3864	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	97
PID 2836 wrote to memory of 1224	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	98
PID 2836 wrote to memory of 1224	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	98
PID 2836 wrote to memory of 1364	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	99
PID 2836 wrote to memory of 1364	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	99
PID 2836 wrote to memory of 4360	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	100
PID 2836 wrote to memory of 4360	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	100
PID 2836 wrote to memory of 776	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	101
PID 2836 wrote to memory of 776	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	101
PID 2836 wrote to memory of 4284	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	102
PID 2836 wrote to memory of 4284	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	102
PID 2836 wrote to memory of 2580	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	103
PID 2836 wrote to memory of 2580	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	103
PID 2836 wrote to memory of 2016	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	104
PID 2836 wrote to memory of 2016	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	104
PID 2836 wrote to memory of 3920	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	105
PID 2836 wrote to memory of 3920	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	105
PID 2836 wrote to memory of 1544	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	106
PID 2836 wrote to memory of 1544	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	106
PID 2836 wrote to memory of 2816	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	107
PID 2836 wrote to memory of 2816	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	107
PID 2836 wrote to memory of 1584	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	108
PID 2836 wrote to memory of 1584	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	108
PID 2836 wrote to memory of 2352	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	109
PID 2836 wrote to memory of 2352	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	109
PID 2836 wrote to memory of 2540	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	110
PID 2836 wrote to memory of 2540	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	110
PID 2836 wrote to memory of 3688	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	111
PID 2836 wrote to memory of 3688	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	111
PID 2836 wrote to memory of 844	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	112
PID 2836 wrote to memory of 844	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	112
PID 2836 wrote to memory of 3836	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	113
PID 2836 wrote to memory of 3836	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	113
PID 2836 wrote to memory of 2696	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	114
PID 2836 wrote to memory of 2696	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	114
PID 2836 wrote to memory of 2152	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	115
PID 2836 wrote to memory of 2152	2836	2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d5ca1447313ea65be5a0485b30df4d0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\System\wOGFkKU.exe
  C:\Windows\System\wOGFkKU.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\VdEflKJ.exe
  C:\Windows\System\VdEflKJ.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\wLPUhaq.exe
  C:\Windows\System\wLPUhaq.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\EZbzdZU.exe
  C:\Windows\System\EZbzdZU.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\JSfaMmf.exe
  C:\Windows\System\JSfaMmf.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\xhrqzTE.exe
  C:\Windows\System\xhrqzTE.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\YfvYKjZ.exe
  C:\Windows\System\YfvYKjZ.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\ZoPDfML.exe
  C:\Windows\System\ZoPDfML.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\FSPHpAB.exe
  C:\Windows\System\FSPHpAB.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\RHSZXsy.exe
  C:\Windows\System\RHSZXsy.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\TcAxmsZ.exe
  C:\Windows\System\TcAxmsZ.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\oVlQvDL.exe
  C:\Windows\System\oVlQvDL.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\LrUjTiX.exe
  C:\Windows\System\LrUjTiX.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\HcDYRAA.exe
  C:\Windows\System\HcDYRAA.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\GRHZgVw.exe
  C:\Windows\System\GRHZgVw.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\HnYDUxS.exe
  C:\Windows\System\HnYDUxS.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\CkAQtLV.exe
  C:\Windows\System\CkAQtLV.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\VLIOrZb.exe
  C:\Windows\System\VLIOrZb.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\shwRunB.exe
  C:\Windows\System\shwRunB.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\egkBgHh.exe
  C:\Windows\System\egkBgHh.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\jKiJajZ.exe
  C:\Windows\System\jKiJajZ.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\WuMGcPw.exe
  C:\Windows\System\WuMGcPw.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\VKhqitq.exe
  C:\Windows\System\VKhqitq.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\tfoGPkM.exe
  C:\Windows\System\tfoGPkM.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ioKKoDP.exe
  C:\Windows\System\ioKKoDP.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\gyNyToJ.exe
  C:\Windows\System\gyNyToJ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\QaAaHMg.exe
  C:\Windows\System\QaAaHMg.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\muaVwdG.exe
  C:\Windows\System\muaVwdG.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\AMuFWux.exe
  C:\Windows\System\AMuFWux.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\XOGwnhO.exe
  C:\Windows\System\XOGwnhO.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\JADolpE.exe
  C:\Windows\System\JADolpE.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\SyBuXSe.exe
  C:\Windows\System\SyBuXSe.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\SCgXcmR.exe
  C:\Windows\System\SCgXcmR.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\vKEAKuk.exe
  C:\Windows\System\vKEAKuk.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\tMvQbke.exe
  C:\Windows\System\tMvQbke.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\AdCVxCT.exe
  C:\Windows\System\AdCVxCT.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\qqVxwab.exe
  C:\Windows\System\qqVxwab.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\YNFddsl.exe
  C:\Windows\System\YNFddsl.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\xIxgaEa.exe
  C:\Windows\System\xIxgaEa.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\KESIdSN.exe
  C:\Windows\System\KESIdSN.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\WTputIo.exe
  C:\Windows\System\WTputIo.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\tzGQNCm.exe
  C:\Windows\System\tzGQNCm.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\zFcAUsb.exe
  C:\Windows\System\zFcAUsb.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\FcVwIdW.exe
  C:\Windows\System\FcVwIdW.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\bXsXWkn.exe
  C:\Windows\System\bXsXWkn.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\hZNhAbP.exe
  C:\Windows\System\hZNhAbP.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\xtPEzUL.exe
  C:\Windows\System\xtPEzUL.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\tQxRDqO.exe
  C:\Windows\System\tQxRDqO.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\nLRoFRU.exe
  C:\Windows\System\nLRoFRU.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\AtsPZjs.exe
  C:\Windows\System\AtsPZjs.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\CZjhvEY.exe
  C:\Windows\System\CZjhvEY.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\uvcNnfc.exe
  C:\Windows\System\uvcNnfc.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\JcedkDC.exe
  C:\Windows\System\JcedkDC.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\Fviefmw.exe
  C:\Windows\System\Fviefmw.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\HEbuvSj.exe
  C:\Windows\System\HEbuvSj.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\XNDbrYY.exe
  C:\Windows\System\XNDbrYY.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\AjFKzuR.exe
  C:\Windows\System\AjFKzuR.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\vBeVuBZ.exe
  C:\Windows\System\vBeVuBZ.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\QZkdSPO.exe
  C:\Windows\System\QZkdSPO.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\NkwvMBb.exe
  C:\Windows\System\NkwvMBb.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\xmYkTKv.exe
  C:\Windows\System\xmYkTKv.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\AsAtgMt.exe
  C:\Windows\System\AsAtgMt.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\XJegcZW.exe
  C:\Windows\System\XJegcZW.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\wuAdoPQ.exe
  C:\Windows\System\wuAdoPQ.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\vnGhVmw.exe
  C:\Windows\System\vnGhVmw.exe
  2⤵
  PID:4808
- C:\Windows\System\xSMNfvY.exe
  C:\Windows\System\xSMNfvY.exe
  2⤵
  PID:2764
- C:\Windows\System\YNFHuPb.exe
  C:\Windows\System\YNFHuPb.exe
  2⤵
  PID:2892
- C:\Windows\System\AxCuQgl.exe
  C:\Windows\System\AxCuQgl.exe
  2⤵
  PID:3632
- C:\Windows\System\SVgPBeH.exe
  C:\Windows\System\SVgPBeH.exe
  2⤵
  PID:3428
- C:\Windows\System\nMQTaaZ.exe
  C:\Windows\System\nMQTaaZ.exe
  2⤵
  PID:2484
- C:\Windows\System\GJqXfbC.exe
  C:\Windows\System\GJqXfbC.exe
  2⤵
  PID:2760
- C:\Windows\System\TSjjWze.exe
  C:\Windows\System\TSjjWze.exe
  2⤵
  PID:5040
- C:\Windows\System\LRbVRaU.exe
  C:\Windows\System\LRbVRaU.exe
  2⤵
  PID:1536
- C:\Windows\System\VpuICuT.exe
  C:\Windows\System\VpuICuT.exe
  2⤵
  PID:816
- C:\Windows\System\uCNqTQk.exe
  C:\Windows\System\uCNqTQk.exe
  2⤵
  PID:4516
- C:\Windows\System\RHZfmeL.exe
  C:\Windows\System\RHZfmeL.exe
  2⤵
  PID:2212
- C:\Windows\System\CAKqHcA.exe
  C:\Windows\System\CAKqHcA.exe
  2⤵
  PID:5148
- C:\Windows\System\rzATrcX.exe
  C:\Windows\System\rzATrcX.exe
  2⤵
  PID:5172
- C:\Windows\System\lGZsyZi.exe
  C:\Windows\System\lGZsyZi.exe
  2⤵
  PID:5200
- C:\Windows\System\vfWokSZ.exe
  C:\Windows\System\vfWokSZ.exe
  2⤵
  PID:5232
- C:\Windows\System\iHdoVpJ.exe
  C:\Windows\System\iHdoVpJ.exe
  2⤵
  PID:5260
- C:\Windows\System\wNwRnMw.exe
  C:\Windows\System\wNwRnMw.exe
  2⤵
  PID:5292
- C:\Windows\System\dHLifUu.exe
  C:\Windows\System\dHLifUu.exe
  2⤵
  PID:5312
- C:\Windows\System\sLjSVeU.exe
  C:\Windows\System\sLjSVeU.exe
  2⤵
  PID:5340
- C:\Windows\System\vZpqwMq.exe
  C:\Windows\System\vZpqwMq.exe
  2⤵
  PID:5368
- C:\Windows\System\OOPkuAA.exe
  C:\Windows\System\OOPkuAA.exe
  2⤵
  PID:5392
- C:\Windows\System\yiCaXMI.exe
  C:\Windows\System\yiCaXMI.exe
  2⤵
  PID:5420
- C:\Windows\System\PHIjPJR.exe
  C:\Windows\System\PHIjPJR.exe
  2⤵
  PID:5448
- C:\Windows\System\RxAxMvc.exe
  C:\Windows\System\RxAxMvc.exe
  2⤵
  PID:5476
- C:\Windows\System\MbFCtpl.exe
  C:\Windows\System\MbFCtpl.exe
  2⤵
  PID:5504
- C:\Windows\System\IupFCsC.exe
  C:\Windows\System\IupFCsC.exe
  2⤵
  PID:5532
- C:\Windows\System\hzvhfuP.exe
  C:\Windows\System\hzvhfuP.exe
  2⤵
  PID:5564
- C:\Windows\System\PKYxIWg.exe
  C:\Windows\System\PKYxIWg.exe
  2⤵
  PID:5592
- C:\Windows\System\MABoNDK.exe
  C:\Windows\System\MABoNDK.exe
  2⤵
  PID:5620
- C:\Windows\System\xeBzLOG.exe
  C:\Windows\System\xeBzLOG.exe
  2⤵
  PID:5648
- C:\Windows\System\MqJnRPS.exe
  C:\Windows\System\MqJnRPS.exe
  2⤵
  PID:5676
- C:\Windows\System\tYsJhHe.exe
  C:\Windows\System\tYsJhHe.exe
  2⤵
  PID:5704
- C:\Windows\System\kYyhJwN.exe
  C:\Windows\System\kYyhJwN.exe
  2⤵
  PID:5732
- C:\Windows\System\SjJeWLp.exe
  C:\Windows\System\SjJeWLp.exe
  2⤵
  PID:5756
- C:\Windows\System\LZKCSia.exe
  C:\Windows\System\LZKCSia.exe
  2⤵
  PID:5788
- C:\Windows\System\jIBMZir.exe
  C:\Windows\System\jIBMZir.exe
  2⤵
  PID:5812
- C:\Windows\System\ugToKFj.exe
  C:\Windows\System\ugToKFj.exe
  2⤵
  PID:5844
- C:\Windows\System\WgCnqeT.exe
  C:\Windows\System\WgCnqeT.exe
  2⤵
  PID:5872
- C:\Windows\System\lzwYlGu.exe
  C:\Windows\System\lzwYlGu.exe
  2⤵
  PID:5896
- C:\Windows\System\FETJdVQ.exe
  C:\Windows\System\FETJdVQ.exe
  2⤵
  PID:5924
- C:\Windows\System\YFlwAof.exe
  C:\Windows\System\YFlwAof.exe
  2⤵
  PID:5952
- C:\Windows\System\WGgzNIC.exe
  C:\Windows\System\WGgzNIC.exe
  2⤵
  PID:5980
- C:\Windows\System\ApbfNSu.exe
  C:\Windows\System\ApbfNSu.exe
  2⤵
  PID:6012
- C:\Windows\System\QdklsdW.exe
  C:\Windows\System\QdklsdW.exe
  2⤵
  PID:6040
- C:\Windows\System\qSgBBKW.exe
  C:\Windows\System\qSgBBKW.exe
  2⤵
  PID:6068
- C:\Windows\System\gOAZWcv.exe
  C:\Windows\System\gOAZWcv.exe
  2⤵
  PID:6092
- C:\Windows\System\kOujXeW.exe
  C:\Windows\System\kOujXeW.exe
  2⤵
  PID:6120
- C:\Windows\System\PhnSyDm.exe
  C:\Windows\System\PhnSyDm.exe
  2⤵
  PID:1844
- C:\Windows\System\RUdNLXX.exe
  C:\Windows\System\RUdNLXX.exe
  2⤵
  PID:2168
- C:\Windows\System\RXEKSnk.exe
  C:\Windows\System\RXEKSnk.exe
  2⤵
  PID:3620
- C:\Windows\System\wFkwJPE.exe
  C:\Windows\System\wFkwJPE.exe
  2⤵
  PID:5052
- C:\Windows\System\cyEMuEs.exe
  C:\Windows\System\cyEMuEs.exe
  2⤵
  PID:1884
- C:\Windows\System\MTJWjst.exe
  C:\Windows\System\MTJWjst.exe
  2⤵
  PID:5128
- C:\Windows\System\KJTSzzM.exe
  C:\Windows\System\KJTSzzM.exe
  2⤵
  PID:5196
- C:\Windows\System\iZBDpfn.exe
  C:\Windows\System\iZBDpfn.exe
  2⤵
  PID:5268
- C:\Windows\System\aiCXrsE.exe
  C:\Windows\System\aiCXrsE.exe
  2⤵
  PID:5324
- C:\Windows\System\mlyrneW.exe
  C:\Windows\System\mlyrneW.exe
  2⤵
  PID:5384
- C:\Windows\System\PwdxlyB.exe
  C:\Windows\System\PwdxlyB.exe
  2⤵
  PID:5444
- C:\Windows\System\GTQHiEz.exe
  C:\Windows\System\GTQHiEz.exe
  2⤵
  PID:5520
- C:\Windows\System\hFYzfRp.exe
  C:\Windows\System\hFYzfRp.exe
  2⤵
  PID:5580
- C:\Windows\System\XvJpNOt.exe
  C:\Windows\System\XvJpNOt.exe
  2⤵
  PID:1628
- C:\Windows\System\PPlKvbF.exe
  C:\Windows\System\PPlKvbF.exe
  2⤵
  PID:5716
- C:\Windows\System\ZZIPiHl.exe
  C:\Windows\System\ZZIPiHl.exe
  2⤵
  PID:5800
- C:\Windows\System\WdKJgoj.exe
  C:\Windows\System\WdKJgoj.exe
  2⤵
  PID:5828
- C:\Windows\System\PtvpFTD.exe
  C:\Windows\System\PtvpFTD.exe
  2⤵
  PID:5916
- C:\Windows\System\OFBoSoh.exe
  C:\Windows\System\OFBoSoh.exe
  2⤵
  PID:5968
- C:\Windows\System\LBDJeBS.exe
  C:\Windows\System\LBDJeBS.exe
  2⤵
  PID:6024
- C:\Windows\System\NBTPlOH.exe
  C:\Windows\System\NBTPlOH.exe
  2⤵
  PID:6056
- C:\Windows\System\hLLhIMJ.exe
  C:\Windows\System\hLLhIMJ.exe
  2⤵
  PID:6116
- C:\Windows\System\hmyGOVF.exe
  C:\Windows\System\hmyGOVF.exe
  2⤵
  PID:4428
- C:\Windows\System\MKDmAJJ.exe
  C:\Windows\System\MKDmAJJ.exe
  2⤵
  PID:5416
- C:\Windows\System\cvUZIJr.exe
  C:\Windows\System\cvUZIJr.exe
  2⤵
  PID:5492
- C:\Windows\System\vuABEIa.exe
  C:\Windows\System\vuABEIa.exe
  2⤵
  PID:5576
- C:\Windows\System\vpgeHUx.exe
  C:\Windows\System\vpgeHUx.exe
  2⤵
  PID:3024
- C:\Windows\System\GWRueyX.exe
  C:\Windows\System\GWRueyX.exe
  2⤵
  PID:5668
- C:\Windows\System\UmgPLaS.exe
  C:\Windows\System\UmgPLaS.exe
  2⤵
  PID:5888
- C:\Windows\System\yyWjDmx.exe
  C:\Windows\System\yyWjDmx.exe
  2⤵
  PID:4872
- C:\Windows\System\BvLsrWU.exe
  C:\Windows\System\BvLsrWU.exe
  2⤵
  PID:6004
- C:\Windows\System\ccPjNVd.exe
  C:\Windows\System\ccPjNVd.exe
  2⤵
  PID:1924
- C:\Windows\System\iRnVkAH.exe
  C:\Windows\System\iRnVkAH.exe
  2⤵
  PID:6112
- C:\Windows\System\KZnObma.exe
  C:\Windows\System\KZnObma.exe
  2⤵
  PID:1688
- C:\Windows\System\dudmHZo.exe
  C:\Windows\System\dudmHZo.exe
  2⤵
  PID:3960
- C:\Windows\System\javvgia.exe
  C:\Windows\System\javvgia.exe
  2⤵
  PID:4904
- C:\Windows\System\BJTGmNg.exe
  C:\Windows\System\BJTGmNg.exe
  2⤵
  PID:5440
- C:\Windows\System\BCGqbTk.exe
  C:\Windows\System\BCGqbTk.exe
  2⤵
  PID:4532
- C:\Windows\System\HaAyPck.exe
  C:\Windows\System\HaAyPck.exe
  2⤵
  PID:4512
- C:\Windows\System\TAMvohD.exe
  C:\Windows\System\TAMvohD.exe
  2⤵
  PID:1872
- C:\Windows\System\ZCvCLpD.exe
  C:\Windows\System\ZCvCLpD.exe
  2⤵
  PID:5552
- C:\Windows\System\SeBKaGf.exe
  C:\Windows\System\SeBKaGf.exe
  2⤵
  PID:3312
- C:\Windows\System\lrFPiDq.exe
  C:\Windows\System\lrFPiDq.exe
  2⤵
  PID:6052
- C:\Windows\System\MTaqYMP.exe
  C:\Windows\System\MTaqYMP.exe
  2⤵
  PID:6160
- C:\Windows\System\nitnmiJ.exe
  C:\Windows\System\nitnmiJ.exe
  2⤵
  PID:6176
- C:\Windows\System\pdVtCDV.exe
  C:\Windows\System\pdVtCDV.exe
  2⤵
  PID:6204
- C:\Windows\System\iwAALsf.exe
  C:\Windows\System\iwAALsf.exe
  2⤵
  PID:6264
- C:\Windows\System\MzQOiYs.exe
  C:\Windows\System\MzQOiYs.exe
  2⤵
  PID:6300
- C:\Windows\System\wlpQZtj.exe
  C:\Windows\System\wlpQZtj.exe
  2⤵
  PID:6324
- C:\Windows\System\sveVpWf.exe
  C:\Windows\System\sveVpWf.exe
  2⤵
  PID:6356
- C:\Windows\System\twTCUKa.exe
  C:\Windows\System\twTCUKa.exe
  2⤵
  PID:6380
- C:\Windows\System\zxMIgkA.exe
  C:\Windows\System\zxMIgkA.exe
  2⤵
  PID:6408
- C:\Windows\System\FncJCyI.exe
  C:\Windows\System\FncJCyI.exe
  2⤵
  PID:6424
- C:\Windows\System\hrGVADB.exe
  C:\Windows\System\hrGVADB.exe
  2⤵
  PID:6440
- C:\Windows\System\fnlvUHK.exe
  C:\Windows\System\fnlvUHK.exe
  2⤵
  PID:6472
- C:\Windows\System\XQxuGng.exe
  C:\Windows\System\XQxuGng.exe
  2⤵
  PID:6496
- C:\Windows\System\QITRGLy.exe
  C:\Windows\System\QITRGLy.exe
  2⤵
  PID:6540
- C:\Windows\System\VEHjSqS.exe
  C:\Windows\System\VEHjSqS.exe
  2⤵
  PID:6576
- C:\Windows\System\ajjUWcf.exe
  C:\Windows\System\ajjUWcf.exe
  2⤵
  PID:6596
- C:\Windows\System\vZGPBJN.exe
  C:\Windows\System\vZGPBJN.exe
  2⤵
  PID:6620
- C:\Windows\System\yQbaTdn.exe
  C:\Windows\System\yQbaTdn.exe
  2⤵
  PID:6656
- C:\Windows\System\fTdFYHA.exe
  C:\Windows\System\fTdFYHA.exe
  2⤵
  PID:6704
- C:\Windows\System\nmXsseG.exe
  C:\Windows\System\nmXsseG.exe
  2⤵
  PID:6724
- C:\Windows\System\IyjoEGb.exe
  C:\Windows\System\IyjoEGb.exe
  2⤵
  PID:6752
- C:\Windows\System\wrJRyDe.exe
  C:\Windows\System\wrJRyDe.exe
  2⤵
  PID:6784
- C:\Windows\System\MpZBpLP.exe
  C:\Windows\System\MpZBpLP.exe
  2⤵
  PID:6816
- C:\Windows\System\eTLNwpw.exe
  C:\Windows\System\eTLNwpw.exe
  2⤵
  PID:6848
- C:\Windows\System\zMgYlQs.exe
  C:\Windows\System\zMgYlQs.exe
  2⤵
  PID:6880
- C:\Windows\System\FCKsQEm.exe
  C:\Windows\System\FCKsQEm.exe
  2⤵
  PID:6936
- C:\Windows\System\fDevtoS.exe
  C:\Windows\System\fDevtoS.exe
  2⤵
  PID:6968
- C:\Windows\System\JvXWiCk.exe
  C:\Windows\System\JvXWiCk.exe
  2⤵
  PID:6996
- C:\Windows\System\HQJLTJM.exe
  C:\Windows\System\HQJLTJM.exe
  2⤵
  PID:7020
- C:\Windows\System\TYUItFb.exe
  C:\Windows\System\TYUItFb.exe
  2⤵
  PID:7064
- C:\Windows\System\UCZjtSc.exe
  C:\Windows\System\UCZjtSc.exe
  2⤵
  PID:7088
- C:\Windows\System\kgpoRth.exe
  C:\Windows\System\kgpoRth.exe
  2⤵
  PID:7116
- C:\Windows\System\LdGtOtz.exe
  C:\Windows\System\LdGtOtz.exe
  2⤵
  PID:7148
- C:\Windows\System\rFzgQHw.exe
  C:\Windows\System\rFzgQHw.exe
  2⤵
  PID:4148
- C:\Windows\System\HGIrkhE.exe
  C:\Windows\System\HGIrkhE.exe
  2⤵
  PID:2384
- C:\Windows\System\YRZwcig.exe
  C:\Windows\System\YRZwcig.exe
  2⤵
  PID:6224
- C:\Windows\System\ExjMvMn.exe
  C:\Windows\System\ExjMvMn.exe
  2⤵
  PID:6316
- C:\Windows\System\WBEexHR.exe
  C:\Windows\System\WBEexHR.exe
  2⤵
  PID:812
- C:\Windows\System\XqNkrqI.exe
  C:\Windows\System\XqNkrqI.exe
  2⤵
  PID:6460
- C:\Windows\System\GbgErZA.exe
  C:\Windows\System\GbgErZA.exe
  2⤵
  PID:6488
- C:\Windows\System\WINVBkd.exe
  C:\Windows\System\WINVBkd.exe
  2⤵
  PID:6588
- C:\Windows\System\HnehueZ.exe
  C:\Windows\System\HnehueZ.exe
  2⤵
  PID:6616
- C:\Windows\System\semEnGn.exe
  C:\Windows\System\semEnGn.exe
  2⤵
  PID:3860
- C:\Windows\System\drPVHgw.exe
  C:\Windows\System\drPVHgw.exe
  2⤵
  PID:6716
- C:\Windows\System\eURAGDe.exe
  C:\Windows\System\eURAGDe.exe
  2⤵
  PID:6768
- C:\Windows\System\ZZuhouR.exe
  C:\Windows\System\ZZuhouR.exe
  2⤵
  PID:6844
- C:\Windows\System\DsaBrFx.exe
  C:\Windows\System\DsaBrFx.exe
  2⤵
  PID:6960
- C:\Windows\System\KlDJsky.exe
  C:\Windows\System\KlDJsky.exe
  2⤵
  PID:7048
- C:\Windows\System\czvLZbJ.exe
  C:\Windows\System\czvLZbJ.exe
  2⤵
  PID:7100
- C:\Windows\System\LSJovoh.exe
  C:\Windows\System\LSJovoh.exe
  2⤵
  PID:7132
- C:\Windows\System\qNdbVdb.exe
  C:\Windows\System\qNdbVdb.exe
  2⤵
  PID:6256
- C:\Windows\System\YbqZuYs.exe
  C:\Windows\System\YbqZuYs.exe
  2⤵
  PID:6376
- C:\Windows\System\kuyCZFC.exe
  C:\Windows\System\kuyCZFC.exe
  2⤵
  PID:6520
- C:\Windows\System\frSiQlJ.exe
  C:\Windows\System\frSiQlJ.exe
  2⤵
  PID:6692
- C:\Windows\System\uzlqrrV.exe
  C:\Windows\System\uzlqrrV.exe
  2⤵
  PID:6748
- C:\Windows\System\TzmZQFI.exe
  C:\Windows\System\TzmZQFI.exe
  2⤵
  PID:7008
- C:\Windows\System\FIgiaUD.exe
  C:\Windows\System\FIgiaUD.exe
  2⤵
  PID:3544
- C:\Windows\System\VcZUUGz.exe
  C:\Windows\System\VcZUUGz.exe
  2⤵
  PID:6560
- C:\Windows\System\clTJmDa.exe
  C:\Windows\System\clTJmDa.exe
  2⤵
  PID:4324
- C:\Windows\System\IVgPUZM.exe
  C:\Windows\System\IVgPUZM.exe
  2⤵
  PID:6896
- C:\Windows\System\lDGGwGO.exe
  C:\Windows\System\lDGGwGO.exe
  2⤵
  PID:5944
- C:\Windows\System\QyMfggW.exe
  C:\Windows\System\QyMfggW.exe
  2⤵
  PID:7204
- C:\Windows\System\vOjAoWm.exe
  C:\Windows\System\vOjAoWm.exe
  2⤵
  PID:7240
- C:\Windows\System\NqFbGlq.exe
  C:\Windows\System\NqFbGlq.exe
  2⤵
  PID:7272
- C:\Windows\System\vrCvccb.exe
  C:\Windows\System\vrCvccb.exe
  2⤵
  PID:7300
- C:\Windows\System\LrysEmK.exe
  C:\Windows\System\LrysEmK.exe
  2⤵
  PID:7328
- C:\Windows\System\nKSLUlo.exe
  C:\Windows\System\nKSLUlo.exe
  2⤵
  PID:7356
- C:\Windows\System\qFRQNAU.exe
  C:\Windows\System\qFRQNAU.exe
  2⤵
  PID:7388
- C:\Windows\System\SKnAsUq.exe
  C:\Windows\System\SKnAsUq.exe
  2⤵
  PID:7416
- C:\Windows\System\nqHAnyD.exe
  C:\Windows\System\nqHAnyD.exe
  2⤵
  PID:7444
- C:\Windows\System\ZxyUVoq.exe
  C:\Windows\System\ZxyUVoq.exe
  2⤵
  PID:7472
- C:\Windows\System\qGsOnYX.exe
  C:\Windows\System\qGsOnYX.exe
  2⤵
  PID:7500
- C:\Windows\System\WoaeJkh.exe
  C:\Windows\System\WoaeJkh.exe
  2⤵
  PID:7528
- C:\Windows\System\KHCFfdq.exe
  C:\Windows\System\KHCFfdq.exe
  2⤵
  PID:7560
- C:\Windows\System\zJfudPN.exe
  C:\Windows\System\zJfudPN.exe
  2⤵
  PID:7592
- C:\Windows\System\dKwfQJl.exe
  C:\Windows\System\dKwfQJl.exe
  2⤵
  PID:7620
- C:\Windows\System\WKybSDk.exe
  C:\Windows\System\WKybSDk.exe
  2⤵
  PID:7656
- C:\Windows\System\UkbNWvn.exe
  C:\Windows\System\UkbNWvn.exe
  2⤵
  PID:7676
- C:\Windows\System\AJFRdrn.exe
  C:\Windows\System\AJFRdrn.exe
  2⤵
  PID:7704
- C:\Windows\System\MLVQzkR.exe
  C:\Windows\System\MLVQzkR.exe
  2⤵
  PID:7732
- C:\Windows\System\PVDcmZT.exe
  C:\Windows\System\PVDcmZT.exe
  2⤵
  PID:7760
- C:\Windows\System\HVdtFEF.exe
  C:\Windows\System\HVdtFEF.exe
  2⤵
  PID:7796
- C:\Windows\System\pUCiJBp.exe
  C:\Windows\System\pUCiJBp.exe
  2⤵
  PID:7824
- C:\Windows\System\XqLTgJk.exe
  C:\Windows\System\XqLTgJk.exe
  2⤵
  PID:7872
- C:\Windows\System\vAukZNQ.exe
  C:\Windows\System\vAukZNQ.exe
  2⤵
  PID:7908
- C:\Windows\System\YpNRbVV.exe
  C:\Windows\System\YpNRbVV.exe
  2⤵
  PID:7936
- C:\Windows\System\dkFMrWJ.exe
  C:\Windows\System\dkFMrWJ.exe
  2⤵
  PID:7960
- C:\Windows\System\htKjPoe.exe
  C:\Windows\System\htKjPoe.exe
  2⤵
  PID:7996
- C:\Windows\System\tWeozbr.exe
  C:\Windows\System\tWeozbr.exe
  2⤵
  PID:8020
- C:\Windows\System\ojTgKlq.exe
  C:\Windows\System\ojTgKlq.exe
  2⤵
  PID:8048
- C:\Windows\System\HaDElpP.exe
  C:\Windows\System\HaDElpP.exe
  2⤵
  PID:8076
- C:\Windows\System\ckNcvKY.exe
  C:\Windows\System\ckNcvKY.exe
  2⤵
  PID:8104
- C:\Windows\System\OflsibF.exe
  C:\Windows\System\OflsibF.exe
  2⤵
  PID:8132
- C:\Windows\System\weLtxPu.exe
  C:\Windows\System\weLtxPu.exe
  2⤵
  PID:8160
- C:\Windows\System\PJvPXWw.exe
  C:\Windows\System\PJvPXWw.exe
  2⤵
  PID:8176
- C:\Windows\System\yqASZMC.exe
  C:\Windows\System\yqASZMC.exe
  2⤵
  PID:2508
- C:\Windows\System\tmseEwC.exe
  C:\Windows\System\tmseEwC.exe
  2⤵
  PID:7200
- C:\Windows\System\DbZsogI.exe
  C:\Windows\System\DbZsogI.exe
  2⤵
  PID:7220
- C:\Windows\System\uQUVmVZ.exe
  C:\Windows\System\uQUVmVZ.exe
  2⤵
  PID:7284
- C:\Windows\System\cSKnQrS.exe
  C:\Windows\System\cSKnQrS.exe
  2⤵
  PID:7432
- C:\Windows\System\tnFXBQS.exe
  C:\Windows\System\tnFXBQS.exe
  2⤵
  PID:7512
- C:\Windows\System\tyDIMcP.exe
  C:\Windows\System\tyDIMcP.exe
  2⤵
  PID:7552
- C:\Windows\System\CEOeFeu.exe
  C:\Windows\System\CEOeFeu.exe
  2⤵
  PID:6916
- C:\Windows\System\lCzPUdc.exe
  C:\Windows\System\lCzPUdc.exe
  2⤵
  PID:7636
- C:\Windows\System\GzkGnIM.exe
  C:\Windows\System\GzkGnIM.exe
  2⤵
  PID:6908
- C:\Windows\System\qHQCHNk.exe
  C:\Windows\System\qHQCHNk.exe
  2⤵
  PID:7720
- C:\Windows\System\qgPbdbt.exe
  C:\Windows\System\qgPbdbt.exe
  2⤵
  PID:7788
- C:\Windows\System\YQJSCJK.exe
  C:\Windows\System\YQJSCJK.exe
  2⤵
  PID:7868
- C:\Windows\System\rzzAdhU.exe
  C:\Windows\System\rzzAdhU.exe
  2⤵
  PID:5220
- C:\Windows\System\PzmRDsK.exe
  C:\Windows\System\PzmRDsK.exe
  2⤵
  PID:8012
- C:\Windows\System\dvzEqGu.exe
  C:\Windows\System\dvzEqGu.exe
  2⤵
  PID:8068
- C:\Windows\System\YsBiFPo.exe
  C:\Windows\System\YsBiFPo.exe
  2⤵
  PID:8128
- C:\Windows\System\xhqAZbz.exe
  C:\Windows\System\xhqAZbz.exe
  2⤵
  PID:8184
- C:\Windows\System\NQlCMmx.exe
  C:\Windows\System\NQlCMmx.exe
  2⤵
  PID:5556
- C:\Windows\System\hgxAZmT.exe
  C:\Windows\System\hgxAZmT.exe
  2⤵
  PID:7316
- C:\Windows\System\UjSyKkA.exe
  C:\Windows\System\UjSyKkA.exe
  2⤵
  PID:6952
- C:\Windows\System\qWJWCAl.exe
  C:\Windows\System\qWJWCAl.exe
  2⤵
  PID:6664
- C:\Windows\System\voiYPba.exe
  C:\Windows\System\voiYPba.exe
  2⤵
  PID:5184
- C:\Windows\System\AniIDIh.exe
  C:\Windows\System\AniIDIh.exe
  2⤵
  PID:7988
- C:\Windows\System\zOLqZNA.exe
  C:\Windows\System\zOLqZNA.exe
  2⤵
  PID:6452
- C:\Windows\System\oFmEBgH.exe
  C:\Windows\System\oFmEBgH.exe
  2⤵
  PID:7488
- C:\Windows\System\rgxpWGn.exe
  C:\Windows\System\rgxpWGn.exe
  2⤵
  PID:7756
- C:\Windows\System\cAxkERY.exe
  C:\Windows\System\cAxkERY.exe
  2⤵
  PID:2112
- C:\Windows\System\BvUBsoP.exe
  C:\Windows\System\BvUBsoP.exe
  2⤵
  PID:8156
- C:\Windows\System\yoYitJe.exe
  C:\Windows\System\yoYitJe.exe
  2⤵
  PID:8208
- C:\Windows\System\kdhVgdz.exe
  C:\Windows\System\kdhVgdz.exe
  2⤵
  PID:8236
- C:\Windows\System\tchgKKe.exe
  C:\Windows\System\tchgKKe.exe
  2⤵
  PID:8264
- C:\Windows\System\PjjOuQk.exe
  C:\Windows\System\PjjOuQk.exe
  2⤵
  PID:8292
- C:\Windows\System\rCHNFGZ.exe
  C:\Windows\System\rCHNFGZ.exe
  2⤵
  PID:8320
- C:\Windows\System\UeaDrZo.exe
  C:\Windows\System\UeaDrZo.exe
  2⤵
  PID:8352
- C:\Windows\System\hKtdBdl.exe
  C:\Windows\System\hKtdBdl.exe
  2⤵
  PID:8380
- C:\Windows\System\SSXGBOf.exe
  C:\Windows\System\SSXGBOf.exe
  2⤵
  PID:8408
- C:\Windows\System\WvctGUG.exe
  C:\Windows\System\WvctGUG.exe
  2⤵
  PID:8436
- C:\Windows\System\jGvUkoJ.exe
  C:\Windows\System\jGvUkoJ.exe
  2⤵
  PID:8468
- C:\Windows\System\VbpNtdS.exe
  C:\Windows\System\VbpNtdS.exe
  2⤵
  PID:8496
- C:\Windows\System\mSVbqiC.exe
  C:\Windows\System\mSVbqiC.exe
  2⤵
  PID:8524
- C:\Windows\System\ieWBglZ.exe
  C:\Windows\System\ieWBglZ.exe
  2⤵
  PID:8552
- C:\Windows\System\hSzDQYh.exe
  C:\Windows\System\hSzDQYh.exe
  2⤵
  PID:8580
- C:\Windows\System\BjYHfsV.exe
  C:\Windows\System\BjYHfsV.exe
  2⤵
  PID:8608
- C:\Windows\System\mNJPKce.exe
  C:\Windows\System\mNJPKce.exe
  2⤵
  PID:8640
- C:\Windows\System\sOdzTLo.exe
  C:\Windows\System\sOdzTLo.exe
  2⤵
  PID:8660
- C:\Windows\System\jPpGwgk.exe
  C:\Windows\System\jPpGwgk.exe
  2⤵
  PID:8684
- C:\Windows\System\JfpxggQ.exe
  C:\Windows\System\JfpxggQ.exe
  2⤵
  PID:8724
- C:\Windows\System\dAeacbU.exe
  C:\Windows\System\dAeacbU.exe
  2⤵
  PID:8752
- C:\Windows\System\SAslifF.exe
  C:\Windows\System\SAslifF.exe
  2⤵
  PID:8784
- C:\Windows\System\mrffDAL.exe
  C:\Windows\System\mrffDAL.exe
  2⤵
  PID:8812
- C:\Windows\System\TERLdld.exe
  C:\Windows\System\TERLdld.exe
  2⤵
  PID:8836
- C:\Windows\System\mKkqRiF.exe
  C:\Windows\System\mKkqRiF.exe
  2⤵
  PID:8868
- C:\Windows\System\MHYeuID.exe
  C:\Windows\System\MHYeuID.exe
  2⤵
  PID:8896
- C:\Windows\System\AWyVncU.exe
  C:\Windows\System\AWyVncU.exe
  2⤵
  PID:8924
- C:\Windows\System\YQLSFJk.exe
  C:\Windows\System\YQLSFJk.exe
  2⤵
  PID:8956
- C:\Windows\System\iBsPeON.exe
  C:\Windows\System\iBsPeON.exe
  2⤵
  PID:8988
- C:\Windows\System\UjJVrYt.exe
  C:\Windows\System\UjJVrYt.exe
  2⤵
  PID:9016
- C:\Windows\System\ReHaQRi.exe
  C:\Windows\System\ReHaQRi.exe
  2⤵
  PID:9044
- C:\Windows\System\iVeenMe.exe
  C:\Windows\System\iVeenMe.exe
  2⤵
  PID:9080
- C:\Windows\System\zsMyVkm.exe
  C:\Windows\System\zsMyVkm.exe
  2⤵
  PID:9108
- C:\Windows\System\wFsQkNc.exe
  C:\Windows\System\wFsQkNc.exe
  2⤵
  PID:9140
- C:\Windows\System\mjHnMDr.exe
  C:\Windows\System\mjHnMDr.exe
  2⤵
  PID:9168
- C:\Windows\System\FaEolqc.exe
  C:\Windows\System\FaEolqc.exe
  2⤵
  PID:9196
- C:\Windows\System\nRuOxeE.exe
  C:\Windows\System\nRuOxeE.exe
  2⤵
  PID:8204
- C:\Windows\System\mYElBZM.exe
  C:\Windows\System\mYElBZM.exe
  2⤵
  PID:8276
- C:\Windows\System\BPLPoFV.exe
  C:\Windows\System\BPLPoFV.exe
  2⤵
  PID:8344
- C:\Windows\System\WLpnijm.exe
  C:\Windows\System\WLpnijm.exe
  2⤵
  PID:8400
- C:\Windows\System\xPoDFxb.exe
  C:\Windows\System\xPoDFxb.exe
  2⤵
  PID:8480
- C:\Windows\System\dKCVHwy.exe
  C:\Windows\System\dKCVHwy.exe
  2⤵
  PID:8544
- C:\Windows\System\MCzTZvv.exe
  C:\Windows\System\MCzTZvv.exe
  2⤵
  PID:8604
- C:\Windows\System\qDKfzEJ.exe
  C:\Windows\System\qDKfzEJ.exe
  2⤵
  PID:8680
- C:\Windows\System\tXdstdl.exe
  C:\Windows\System\tXdstdl.exe
  2⤵
  PID:8744
- C:\Windows\System\GuEfPmR.exe
  C:\Windows\System\GuEfPmR.exe
  2⤵
  PID:8804
- C:\Windows\System\EYxmtkg.exe
  C:\Windows\System\EYxmtkg.exe
  2⤵
  PID:8880
- C:\Windows\System\lSlPJtu.exe
  C:\Windows\System\lSlPJtu.exe
  2⤵
  PID:8948
- C:\Windows\System\jVQzMDE.exe
  C:\Windows\System\jVQzMDE.exe
  2⤵
  PID:9008
- C:\Windows\System\iAoHvDr.exe
  C:\Windows\System\iAoHvDr.exe
  2⤵
  PID:9092
- C:\Windows\System\BMmbcty.exe
  C:\Windows\System\BMmbcty.exe
  2⤵
  PID:9160
- C:\Windows\System\VMHiBLk.exe
  C:\Windows\System\VMHiBLk.exe
  2⤵
  PID:8200
- C:\Windows\System\DfuGOSE.exe
  C:\Windows\System\DfuGOSE.exe
  2⤵
  PID:8404
- C:\Windows\System\WKalIrc.exe
  C:\Windows\System\WKalIrc.exe
  2⤵
  PID:8520
- C:\Windows\System\RrIcYrX.exe
  C:\Windows\System\RrIcYrX.exe
  2⤵
  PID:8740
- C:\Windows\System\JquynxH.exe
  C:\Windows\System\JquynxH.exe
  2⤵
  PID:8920
- C:\Windows\System\PvEAFeb.exe
  C:\Windows\System\PvEAFeb.exe
  2⤵
  PID:9152
- C:\Windows\System\KUbevqU.exe
  C:\Windows\System\KUbevqU.exe
  2⤵
  PID:8316
- C:\Windows\System\AJrnwnT.exe
  C:\Windows\System\AJrnwnT.exe
  2⤵
  PID:8708
- C:\Windows\System\IcWlbdy.exe
  C:\Windows\System\IcWlbdy.exe
  2⤵
  PID:9136
- C:\Windows\System\laiaaBe.exe
  C:\Windows\System\laiaaBe.exe
  2⤵
  PID:9224
- C:\Windows\System\mzuoOWT.exe
  C:\Windows\System\mzuoOWT.exe
  2⤵
  PID:9252
- C:\Windows\System\DVtsAec.exe
  C:\Windows\System\DVtsAec.exe
  2⤵
  PID:9296
- C:\Windows\System\nfcwPVl.exe
  C:\Windows\System\nfcwPVl.exe
  2⤵
  PID:9324
- C:\Windows\System\POBvqhN.exe
  C:\Windows\System\POBvqhN.exe
  2⤵
  PID:9376
- C:\Windows\System\cuoihhr.exe
  C:\Windows\System\cuoihhr.exe
  2⤵
  PID:9416
- C:\Windows\System\kNcbhAQ.exe
  C:\Windows\System\kNcbhAQ.exe
  2⤵
  PID:9436
- C:\Windows\System\OEKTAhz.exe
  C:\Windows\System\OEKTAhz.exe
  2⤵
  PID:9460
- C:\Windows\System\TthHnCH.exe
  C:\Windows\System\TthHnCH.exe
  2⤵
  PID:9492
- C:\Windows\System\eGGwkRz.exe
  C:\Windows\System\eGGwkRz.exe
  2⤵
  PID:9520
- C:\Windows\System\vvApFkM.exe
  C:\Windows\System\vvApFkM.exe
  2⤵
  PID:9548
- C:\Windows\System\biogkat.exe
  C:\Windows\System\biogkat.exe
  2⤵
  PID:9580
- C:\Windows\System\nnVQPpu.exe
  C:\Windows\System\nnVQPpu.exe
  2⤵
  PID:9604
- C:\Windows\System\RldQsgD.exe
  C:\Windows\System\RldQsgD.exe
  2⤵
  PID:9632
- C:\Windows\System\eWvNqfL.exe
  C:\Windows\System\eWvNqfL.exe
  2⤵
  PID:9660
- C:\Windows\System\SwrMaRM.exe
  C:\Windows\System\SwrMaRM.exe
  2⤵
  PID:9700
- C:\Windows\System\nwAURYa.exe
  C:\Windows\System\nwAURYa.exe
  2⤵
  PID:9760
- C:\Windows\System\ZtKotUQ.exe
  C:\Windows\System\ZtKotUQ.exe
  2⤵
  PID:9788
- C:\Windows\System\hiQAlHG.exe
  C:\Windows\System\hiQAlHG.exe
  2⤵
  PID:9836
- C:\Windows\System\URmCgHv.exe
  C:\Windows\System\URmCgHv.exe
  2⤵
  PID:9872
- C:\Windows\System\HbSVLOP.exe
  C:\Windows\System\HbSVLOP.exe
  2⤵
  PID:9908
- C:\Windows\System\IQHxfKy.exe
  C:\Windows\System\IQHxfKy.exe
  2⤵
  PID:9940
- C:\Windows\System\vagwXff.exe
  C:\Windows\System\vagwXff.exe
  2⤵
  PID:9960
- C:\Windows\System\AzVsbkO.exe
  C:\Windows\System\AzVsbkO.exe
  2⤵
  PID:9988
- C:\Windows\System\DXjDxds.exe
  C:\Windows\System\DXjDxds.exe
  2⤵
  PID:10012
- C:\Windows\System\ObfrEvp.exe
  C:\Windows\System\ObfrEvp.exe
  2⤵
  PID:10052
- C:\Windows\System\SXjkGXb.exe
  C:\Windows\System\SXjkGXb.exe
  2⤵
  PID:10080
- C:\Windows\System\BAJFiec.exe
  C:\Windows\System\BAJFiec.exe
  2⤵
  PID:10096
- C:\Windows\System\iOGWJdy.exe
  C:\Windows\System\iOGWJdy.exe
  2⤵
  PID:10136
- C:\Windows\System\XvuPTfD.exe
  C:\Windows\System\XvuPTfD.exe
  2⤵
  PID:10168
- C:\Windows\System\VjvaZZi.exe
  C:\Windows\System\VjvaZZi.exe
  2⤵
  PID:10196
- C:\Windows\System\lyFaIgL.exe
  C:\Windows\System\lyFaIgL.exe
  2⤵
  PID:10228
- C:\Windows\System\NylzlTh.exe
  C:\Windows\System\NylzlTh.exe
  2⤵
  PID:9248
- C:\Windows\System\DoRTOei.exe
  C:\Windows\System\DoRTOei.exe
  2⤵
  PID:9364
- C:\Windows\System\dWzHegE.exe
  C:\Windows\System\dWzHegE.exe
  2⤵
  PID:9424
- C:\Windows\System\uHxIXUo.exe
  C:\Windows\System\uHxIXUo.exe
  2⤵
  PID:9476
- C:\Windows\System\vAQYqEk.exe
  C:\Windows\System\vAQYqEk.exe
  2⤵
  PID:9560
- C:\Windows\System\HovPnOo.exe
  C:\Windows\System\HovPnOo.exe
  2⤵
  PID:9628
- C:\Windows\System\wBoqwsX.exe
  C:\Windows\System\wBoqwsX.exe
  2⤵
  PID:9716
- C:\Windows\System\QZNRTNq.exe
  C:\Windows\System\QZNRTNq.exe
  2⤵
  PID:9784
- C:\Windows\System\HOrlaHY.exe
  C:\Windows\System\HOrlaHY.exe
  2⤵
  PID:9888
- C:\Windows\System\QYBUDbp.exe
  C:\Windows\System\QYBUDbp.exe
  2⤵
  PID:9956
- C:\Windows\System\dYzghaL.exe
  C:\Windows\System\dYzghaL.exe
  2⤵
  PID:10028
- C:\Windows\System\SYfuQjm.exe
  C:\Windows\System\SYfuQjm.exe
  2⤵
  PID:10088
- C:\Windows\System\tTPXUxz.exe
  C:\Windows\System\tTPXUxz.exe
  2⤵
  PID:10160
- C:\Windows\System\qLeONXU.exe
  C:\Windows\System\qLeONXU.exe
  2⤵
  PID:9220
- C:\Windows\System\MGMGFbG.exe
  C:\Windows\System\MGMGFbG.exe
  2⤵
  PID:2748
- C:\Windows\System\lVquJjh.exe
  C:\Windows\System\lVquJjh.exe
  2⤵
  PID:9536
- C:\Windows\System\gxucyIU.exe
  C:\Windows\System\gxucyIU.exe
  2⤵
  PID:9728
- C:\Windows\System\VgZJduO.exe
  C:\Windows\System\VgZJduO.exe
  2⤵
  PID:9936
- C:\Windows\System\gLFlSeJ.exe
  C:\Windows\System\gLFlSeJ.exe
  2⤵
  PID:10064
- C:\Windows\System\vgQnfJT.exe
  C:\Windows\System\vgQnfJT.exe
  2⤵
  PID:9284
- C:\Windows\System\vZkBfHI.exe
  C:\Windows\System\vZkBfHI.exe
  2⤵
  PID:9676
- C:\Windows\System\PGUdioU.exe
  C:\Windows\System\PGUdioU.exe
  2⤵
  PID:10076
- C:\Windows\System\vxQlvuh.exe
  C:\Windows\System\vxQlvuh.exe
  2⤵
  PID:9868
- C:\Windows\System\nfCSwfH.exe
  C:\Windows\System\nfCSwfH.exe
  2⤵
  PID:9544
- C:\Windows\System\ZtCQEFZ.exe
  C:\Windows\System\ZtCQEFZ.exe
  2⤵
  PID:10260
- C:\Windows\System\MnHvNac.exe
  C:\Windows\System\MnHvNac.exe
  2⤵
  PID:10292
- C:\Windows\System\jISsJDt.exe
  C:\Windows\System\jISsJDt.exe
  2⤵
  PID:10316
- C:\Windows\System\hPdQQdi.exe
  C:\Windows\System\hPdQQdi.exe
  2⤵
  PID:10336
- C:\Windows\System\zezSWCV.exe
  C:\Windows\System\zezSWCV.exe
  2⤵
  PID:10364
- C:\Windows\System\AAsAMNt.exe
  C:\Windows\System\AAsAMNt.exe
  2⤵
  PID:10412
- C:\Windows\System\AWKCnFy.exe
  C:\Windows\System\AWKCnFy.exe
  2⤵
  PID:10428
- C:\Windows\System\yLpljhs.exe
  C:\Windows\System\yLpljhs.exe
  2⤵
  PID:10456
- C:\Windows\System\hUJJDEY.exe
  C:\Windows\System\hUJJDEY.exe
  2⤵
  PID:10496
- C:\Windows\System\JYqkGUR.exe
  C:\Windows\System\JYqkGUR.exe
  2⤵
  PID:10524
- C:\Windows\System\mpwKrNC.exe
  C:\Windows\System\mpwKrNC.exe
  2⤵
  PID:10552
- C:\Windows\System\buthkSB.exe
  C:\Windows\System\buthkSB.exe
  2⤵
  PID:10580
- C:\Windows\System\sskSigW.exe
  C:\Windows\System\sskSigW.exe
  2⤵
  PID:10608
- C:\Windows\System\ZiAcScK.exe
  C:\Windows\System\ZiAcScK.exe
  2⤵
  PID:10636
- C:\Windows\System\jDgSsIY.exe
  C:\Windows\System\jDgSsIY.exe
  2⤵
  PID:10660
- C:\Windows\System\UZSFSNJ.exe
  C:\Windows\System\UZSFSNJ.exe
  2⤵
  PID:10692
- C:\Windows\System\xpazLbT.exe
  C:\Windows\System\xpazLbT.exe
  2⤵
  PID:10720
- C:\Windows\System\SoFziWU.exe
  C:\Windows\System\SoFziWU.exe
  2⤵
  PID:10748
- C:\Windows\System\UNySUXh.exe
  C:\Windows\System\UNySUXh.exe
  2⤵
  PID:10776
- C:\Windows\System\ImlrlYR.exe
  C:\Windows\System\ImlrlYR.exe
  2⤵
  PID:10792
- C:\Windows\System\cvhKwyQ.exe
  C:\Windows\System\cvhKwyQ.exe
  2⤵
  PID:10812
- C:\Windows\System\ddleqPJ.exe
  C:\Windows\System\ddleqPJ.exe
  2⤵
  PID:10844
- C:\Windows\System\qmlqKYQ.exe
  C:\Windows\System\qmlqKYQ.exe
  2⤵
  PID:10876
- C:\Windows\System\CqUXmyj.exe
  C:\Windows\System\CqUXmyj.exe
  2⤵
  PID:10920
- C:\Windows\System\LPKTURP.exe
  C:\Windows\System\LPKTURP.exe
  2⤵
  PID:10948
- C:\Windows\System\tHEhMEn.exe
  C:\Windows\System\tHEhMEn.exe
  2⤵
  PID:10976
- C:\Windows\System\IkzEjZQ.exe
  C:\Windows\System\IkzEjZQ.exe
  2⤵
  PID:10996
- C:\Windows\System\LyuYzLd.exe
  C:\Windows\System\LyuYzLd.exe
  2⤵
  PID:11028
- C:\Windows\System\BBlLlsf.exe
  C:\Windows\System\BBlLlsf.exe
  2⤵
  PID:11068
- C:\Windows\System\ijtiMNp.exe
  C:\Windows\System\ijtiMNp.exe
  2⤵
  PID:11096
- C:\Windows\System\PdYGJnK.exe
  C:\Windows\System\PdYGJnK.exe
  2⤵
  PID:11120
- C:\Windows\System\ttDpekO.exe
  C:\Windows\System\ttDpekO.exe
  2⤵
  PID:11140
- C:\Windows\System\IbifuQK.exe
  C:\Windows\System\IbifuQK.exe
  2⤵
  PID:11180
- C:\Windows\System\xCqKwIR.exe
  C:\Windows\System\xCqKwIR.exe
  2⤵
  PID:11196
- C:\Windows\System\JJHbNtI.exe
  C:\Windows\System\JJHbNtI.exe
  2⤵
  PID:11236
- C:\Windows\System\LsekRJf.exe
  C:\Windows\System\LsekRJf.exe
  2⤵
  PID:11252
- C:\Windows\System\udhTbdZ.exe
  C:\Windows\System\udhTbdZ.exe
  2⤵
  PID:10272
- C:\Windows\System\cmuWIRc.exe
  C:\Windows\System\cmuWIRc.exe
  2⤵
  PID:10324
- C:\Windows\System\NTGnpgb.exe
  C:\Windows\System\NTGnpgb.exe
  2⤵
  PID:10424
- C:\Windows\System\EmStSqI.exe
  C:\Windows\System\EmStSqI.exe
  2⤵
  PID:10476
- C:\Windows\System\SxVEMkO.exe
  C:\Windows\System\SxVEMkO.exe
  2⤵
  PID:10540
- C:\Windows\System\iZShySu.exe
  C:\Windows\System\iZShySu.exe
  2⤵
  PID:10620
- C:\Windows\System\CshOZQb.exe
  C:\Windows\System\CshOZQb.exe
  2⤵
  PID:10676
- C:\Windows\System\eOuzyOm.exe
  C:\Windows\System\eOuzyOm.exe
  2⤵
  PID:10736
- C:\Windows\System\uIBDddY.exe
  C:\Windows\System\uIBDddY.exe
  2⤵
  PID:10828
- C:\Windows\System\RFoleHR.exe
  C:\Windows\System\RFoleHR.exe
  2⤵
  PID:10864
- C:\Windows\System\mJehSLH.exe
  C:\Windows\System\mJehSLH.exe
  2⤵
  PID:10932
- C:\Windows\System\SJIwdYp.exe
  C:\Windows\System\SJIwdYp.exe
  2⤵
  PID:11012
- C:\Windows\System\QRYyqZE.exe
  C:\Windows\System\QRYyqZE.exe
  2⤵
  PID:11064
- C:\Windows\System\hxvvAvi.exe
  C:\Windows\System\hxvvAvi.exe
  2⤵
  PID:11160
- C:\Windows\System\oDnEqDC.exe
  C:\Windows\System\oDnEqDC.exe
  2⤵
  PID:11192
- C:\Windows\System\qSiugRl.exe
  C:\Windows\System\qSiugRl.exe
  2⤵
  PID:10220
- C:\Windows\System\iTQYuzv.exe
  C:\Windows\System\iTQYuzv.exe
  2⤵
  PID:10372
- C:\Windows\System\SKSNbCe.exe
  C:\Windows\System\SKSNbCe.exe
  2⤵
  PID:10600
- C:\Windows\System\ApahKxR.exe
  C:\Windows\System\ApahKxR.exe
  2⤵
  PID:10688
- C:\Windows\System\eYgvEhO.exe
  C:\Windows\System\eYgvEhO.exe
  2⤵
  PID:10824
- C:\Windows\System\luSyPXf.exe
  C:\Windows\System\luSyPXf.exe
  2⤵
  PID:10972
- C:\Windows\System\Vprfpzu.exe
  C:\Windows\System\Vprfpzu.exe
  2⤵
  PID:11040
- C:\Windows\System\KzQObEv.exe
  C:\Windows\System\KzQObEv.exe
  2⤵
  PID:10244
- C:\Windows\System\CVUNDWG.exe
  C:\Windows\System\CVUNDWG.exe
  2⤵
  PID:10648
- C:\Windows\System\mopvJFD.exe
  C:\Windows\System\mopvJFD.exe
  2⤵
  PID:11172
- C:\Windows\System\yGnVNBx.exe
  C:\Windows\System\yGnVNBx.exe
  2⤵
  PID:10936
- C:\Windows\System\VuyXEan.exe
  C:\Windows\System\VuyXEan.exe
  2⤵
  PID:11268
- C:\Windows\System\bsQhrHr.exe
  C:\Windows\System\bsQhrHr.exe
  2⤵
  PID:11296
- C:\Windows\System\BMhlZTX.exe
  C:\Windows\System\BMhlZTX.exe
  2⤵
  PID:11324
- C:\Windows\System\GDtqICb.exe
  C:\Windows\System\GDtqICb.exe
  2⤵
  PID:11340
- C:\Windows\System\zGnORUp.exe
  C:\Windows\System\zGnORUp.exe
  2⤵
  PID:11368
- C:\Windows\System\hVsvSHg.exe
  C:\Windows\System\hVsvSHg.exe
  2⤵
  PID:11408
- C:\Windows\System\fFClNji.exe
  C:\Windows\System\fFClNji.exe
  2⤵
  PID:11424
- C:\Windows\System\MNQRtXj.exe
  C:\Windows\System\MNQRtXj.exe
  2⤵
  PID:11460
- C:\Windows\System\RGtSMYM.exe
  C:\Windows\System\RGtSMYM.exe
  2⤵
  PID:11480
- C:\Windows\System\bDLLQZI.exe
  C:\Windows\System\bDLLQZI.exe
  2⤵
  PID:11508
- C:\Windows\System\jMbWwDk.exe
  C:\Windows\System\jMbWwDk.exe
  2⤵
  PID:11544
- C:\Windows\System\AgAQPxr.exe
  C:\Windows\System\AgAQPxr.exe
  2⤵
  PID:11576
- C:\Windows\System\ORmrVUm.exe
  C:\Windows\System\ORmrVUm.exe
  2⤵
  PID:11604
- C:\Windows\System\DwCKANY.exe
  C:\Windows\System\DwCKANY.exe
  2⤵
  PID:11620
- C:\Windows\System\utAhYoG.exe
  C:\Windows\System\utAhYoG.exe
  2⤵
  PID:11656
- C:\Windows\System\TQLtnWC.exe
  C:\Windows\System\TQLtnWC.exe
  2⤵
  PID:11688
- C:\Windows\System\fCVmWKb.exe
  C:\Windows\System\fCVmWKb.exe
  2⤵
  PID:11716
- C:\Windows\System\JYhqMvo.exe
  C:\Windows\System\JYhqMvo.exe
  2⤵
  PID:11744
- C:\Windows\System\iWyWbcA.exe
  C:\Windows\System\iWyWbcA.exe
  2⤵
  PID:11760
- C:\Windows\System\evWzJdg.exe
  C:\Windows\System\evWzJdg.exe
  2⤵
  PID:11800
- C:\Windows\System\Alwlypz.exe
  C:\Windows\System\Alwlypz.exe
  2⤵
  PID:11828
- C:\Windows\System\PtXnEdY.exe
  C:\Windows\System\PtXnEdY.exe
  2⤵
  PID:11848
- C:\Windows\System\xvjOfZN.exe
  C:\Windows\System\xvjOfZN.exe
  2⤵
  PID:11872
- C:\Windows\System\sOUCwSw.exe
  C:\Windows\System\sOUCwSw.exe
  2⤵
  PID:11900
- C:\Windows\System\qdkYxvR.exe
  C:\Windows\System\qdkYxvR.exe
  2⤵
  PID:11916
- C:\Windows\System\sOQobxO.exe
  C:\Windows\System\sOQobxO.exe
  2⤵
  PID:11952
- C:\Windows\System\tQoJrqV.exe
  C:\Windows\System\tQoJrqV.exe
  2⤵
  PID:11984
- C:\Windows\System\RYzRRSM.exe
  C:\Windows\System\RYzRRSM.exe
  2⤵
  PID:12024
- C:\Windows\System\Fbyasvi.exe
  C:\Windows\System\Fbyasvi.exe
  2⤵
  PID:12052
- C:\Windows\System\ufjAoCO.exe
  C:\Windows\System\ufjAoCO.exe
  2⤵
  PID:12068
- C:\Windows\System\rDFZSJO.exe
  C:\Windows\System\rDFZSJO.exe
  2⤵
  PID:12100
- C:\Windows\System\aoGltPt.exe
  C:\Windows\System\aoGltPt.exe
  2⤵
  PID:12140
- C:\Windows\System\bMyoSOA.exe
  C:\Windows\System\bMyoSOA.exe
  2⤵
  PID:12168
- C:\Windows\System\xclxCsG.exe
  C:\Windows\System\xclxCsG.exe
  2⤵
  PID:12196
- C:\Windows\System\bRRmkyM.exe
  C:\Windows\System\bRRmkyM.exe
  2⤵
  PID:12220
- C:\Windows\System\dsXVKbn.exe
  C:\Windows\System\dsXVKbn.exe
  2⤵
  PID:12248
- C:\Windows\System\zwKBzbS.exe
  C:\Windows\System\zwKBzbS.exe
  2⤵
  PID:12276
- C:\Windows\System\drMzXuk.exe
  C:\Windows\System\drMzXuk.exe
  2⤵
  PID:10420
- C:\Windows\System\KQmdIDM.exe
  C:\Windows\System\KQmdIDM.exe
  2⤵
  PID:11352
- C:\Windows\System\blSgtmb.exe
  C:\Windows\System\blSgtmb.exe
  2⤵
  PID:11396
- C:\Windows\System\GnPCTcj.exe
  C:\Windows\System\GnPCTcj.exe
  2⤵
  PID:11468
- C:\Windows\System\ynGPBQq.exe
  C:\Windows\System\ynGPBQq.exe
  2⤵
  PID:11528
- C:\Windows\System\ZpNRTBx.exe
  C:\Windows\System\ZpNRTBx.exe
  2⤵
  PID:11616
- C:\Windows\System\VaAApzx.exe
  C:\Windows\System\VaAApzx.exe
  2⤵
  PID:11676
- C:\Windows\System\GAfonyf.exe
  C:\Windows\System\GAfonyf.exe
  2⤵
  PID:11740
- C:\Windows\System\CsIHTme.exe
  C:\Windows\System\CsIHTme.exe
  2⤵
  PID:11792
- C:\Windows\System\qYvjLUk.exe
  C:\Windows\System\qYvjLUk.exe
  2⤵
  PID:11836
- C:\Windows\System\cbQBxbP.exe
  C:\Windows\System\cbQBxbP.exe
  2⤵
  PID:11912
- C:\Windows\System\QmmRPEp.exe
  C:\Windows\System\QmmRPEp.exe
  2⤵
  PID:12000
- C:\Windows\System\aWrWoCp.exe
  C:\Windows\System\aWrWoCp.exe
  2⤵
  PID:12036
- C:\Windows\System\PNfCfCG.exe
  C:\Windows\System\PNfCfCG.exe
  2⤵
  PID:12084
- C:\Windows\System\vtyMjcd.exe
  C:\Windows\System\vtyMjcd.exe
  2⤵
  PID:12204
- C:\Windows\System\JwZXOHO.exe
  C:\Windows\System\JwZXOHO.exe
  2⤵
  PID:11016
- C:\Windows\System\aLqfuEU.exe
  C:\Windows\System\aLqfuEU.exe
  2⤵
  PID:11496
- C:\Windows\System\znhOGyB.exe
  C:\Windows\System\znhOGyB.exe
  2⤵
  PID:11568
- C:\Windows\System\TiEypJS.exe
  C:\Windows\System\TiEypJS.exe
  2⤵
  PID:11776
- C:\Windows\System\vUaieNz.exe
  C:\Windows\System\vUaieNz.exe
  2⤵
  PID:11868
- C:\Windows\System\NMaMyjg.exe
  C:\Windows\System\NMaMyjg.exe
  2⤵
  PID:12152
- C:\Windows\System\wPVfYOI.exe
  C:\Windows\System\wPVfYOI.exe
  2⤵
  PID:10764
- C:\Windows\System\FzLPfql.exe
  C:\Windows\System\FzLPfql.exe
  2⤵
  PID:11672
- C:\Windows\System\eaeJlae.exe
  C:\Windows\System\eaeJlae.exe
  2⤵
  PID:11736
- C:\Windows\System\NVRqJhY.exe
  C:\Windows\System\NVRqJhY.exe
  2⤵
  PID:11540
- C:\Windows\System\qMcSQYS.exe
  C:\Windows\System\qMcSQYS.exe
  2⤵
  PID:11968
- C:\Windows\System\fgVwkBb.exe
  C:\Windows\System\fgVwkBb.exe
  2⤵
  PID:12308
- C:\Windows\System\nKqCnfA.exe
  C:\Windows\System\nKqCnfA.exe
  2⤵
  PID:12352
- C:\Windows\System\imyyGmI.exe
  C:\Windows\System\imyyGmI.exe
  2⤵
  PID:12380
- C:\Windows\System\fxrxrxS.exe
  C:\Windows\System\fxrxrxS.exe
  2⤵
  PID:12396
- C:\Windows\System\PztVScd.exe
  C:\Windows\System\PztVScd.exe
  2⤵
  PID:12436
- C:\Windows\System\RCwDSkF.exe
  C:\Windows\System\RCwDSkF.exe
  2⤵
  PID:12456
- C:\Windows\System\tmlDvuJ.exe
  C:\Windows\System\tmlDvuJ.exe
  2⤵
  PID:12480
- C:\Windows\System\rcvdCqK.exe
  C:\Windows\System\rcvdCqK.exe
  2⤵
  PID:12520
- C:\Windows\System\mQQcjkN.exe
  C:\Windows\System\mQQcjkN.exe
  2⤵
  PID:12536
- C:\Windows\System\iOWqPJG.exe
  C:\Windows\System\iOWqPJG.exe
  2⤵
  PID:12564
- C:\Windows\System\RZNsplw.exe
  C:\Windows\System\RZNsplw.exe
  2⤵
  PID:12592
- C:\Windows\System\cdMdtix.exe
  C:\Windows\System\cdMdtix.exe
  2⤵
  PID:12620
- C:\Windows\System\vFneTfQ.exe
  C:\Windows\System\vFneTfQ.exe
  2⤵
  PID:12660
- C:\Windows\System\JsjeQbq.exe
  C:\Windows\System\JsjeQbq.exe
  2⤵
  PID:12688
- C:\Windows\System\fxlwWBO.exe
  C:\Windows\System\fxlwWBO.exe
  2⤵
  PID:12704
- C:\Windows\System\LPsJVCW.exe
  C:\Windows\System\LPsJVCW.exe
  2⤵
  PID:12744
- C:\Windows\System\oHttgZi.exe
  C:\Windows\System\oHttgZi.exe
  2⤵
  PID:12760
- C:\Windows\System\kszyKpl.exe
  C:\Windows\System\kszyKpl.exe
  2⤵
  PID:12800
- C:\Windows\System\sQrJfyh.exe
  C:\Windows\System\sQrJfyh.exe
  2⤵
  PID:12820
- C:\Windows\System\MJZzAVC.exe
  C:\Windows\System\MJZzAVC.exe
  2⤵
  PID:12840
- C:\Windows\System\psvEflH.exe
  C:\Windows\System\psvEflH.exe
  2⤵
  PID:12860
- C:\Windows\System\KSsXBnC.exe
  C:\Windows\System\KSsXBnC.exe
  2⤵
  PID:12888
- C:\Windows\System\FcRkdKO.exe
  C:\Windows\System\FcRkdKO.exe
  2⤵
  PID:12916
- C:\Windows\System\OKpSvdV.exe
  C:\Windows\System\OKpSvdV.exe
  2⤵
  PID:12944
- C:\Windows\System\VNSBPYM.exe
  C:\Windows\System\VNSBPYM.exe
  2⤵
  PID:12968
- C:\Windows\System\dscKqbM.exe
  C:\Windows\System\dscKqbM.exe
  2⤵
  PID:13000
- C:\Windows\System\EbTPTBD.exe
  C:\Windows\System\EbTPTBD.exe
  2⤵
  PID:13028
- C:\Windows\System\pfBBKCw.exe
  C:\Windows\System\pfBBKCw.exe
  2⤵
  PID:13060
- C:\Windows\System\RBjfQaN.exe
  C:\Windows\System\RBjfQaN.exe
  2⤵
  PID:13084
- C:\Windows\System\dcoLaxy.exe
  C:\Windows\System\dcoLaxy.exe
  2⤵
  PID:13108
- C:\Windows\System\RYIMgRm.exe
  C:\Windows\System\RYIMgRm.exe
  2⤵
  PID:13136
- C:\Windows\System\kYSVdnA.exe
  C:\Windows\System\kYSVdnA.exe
  2⤵
  PID:13156
- C:\Windows\System\dfdAatW.exe
  C:\Windows\System\dfdAatW.exe
  2⤵
  PID:13180
- C:\Windows\System\LCEAUhd.exe
  C:\Windows\System\LCEAUhd.exe
  2⤵
  PID:13208
- C:\Windows\System\SpGgpXM.exe
  C:\Windows\System\SpGgpXM.exe
  2⤵
  PID:13244
- C:\Windows\System\QUXCiAU.exe
  C:\Windows\System\QUXCiAU.exe
  2⤵
  PID:13304
- C:\Windows\System\dadcrsZ.exe
  C:\Windows\System\dadcrsZ.exe
  2⤵
  PID:12296
- C:\Windows\System\excBCZO.exe
  C:\Windows\System\excBCZO.exe
  2⤵
  PID:12392
- C:\Windows\System\XCfDngR.exe
  C:\Windows\System\XCfDngR.exe
  2⤵
  PID:12452
- C:\Windows\System\uWjzafm.exe
  C:\Windows\System\uWjzafm.exe
  2⤵
  PID:12512
- C:\Windows\System\UTJdWcu.exe
  C:\Windows\System\UTJdWcu.exe
  2⤵
  PID:12576
- C:\Windows\System\XnkorVG.exe
  C:\Windows\System\XnkorVG.exe
  2⤵
  PID:12656
- C:\Windows\System\BqhnXJJ.exe
  C:\Windows\System\BqhnXJJ.exe
  2⤵
  PID:12732
- C:\Windows\System\TXvofZY.exe
  C:\Windows\System\TXvofZY.exe
  2⤵
  PID:12796
- C:\Windows\System\YKXcyWU.exe
  C:\Windows\System\YKXcyWU.exe
  2⤵
  PID:12852
- C:\Windows\System\MVfdmVI.exe
  C:\Windows\System\MVfdmVI.exe
  2⤵
  PID:12932
- C:\Windows\System\GpLzVnG.exe
  C:\Windows\System\GpLzVnG.exe
  2⤵
  PID:12904
- C:\Windows\System\CvPrqIX.exe
  C:\Windows\System\CvPrqIX.exe
  2⤵
  PID:13012
- C:\Windows\System\ePIMgXL.exe
  C:\Windows\System\ePIMgXL.exe
  2⤵
  PID:13124
- C:\Windows\System\WKjOuub.exe
  C:\Windows\System\WKjOuub.exe
  2⤵
  PID:13148
- C:\Windows\System\oChSuVK.exe
  C:\Windows\System\oChSuVK.exe
  2⤵
  PID:13200
- C:\Windows\System\FfqxzaF.exe
  C:\Windows\System\FfqxzaF.exe
  2⤵
  PID:13296
- C:\Windows\System\BtqULDQ.exe
  C:\Windows\System\BtqULDQ.exe
  2⤵
  PID:12432
- C:\Windows\System\rajkDmU.exe
  C:\Windows\System\rajkDmU.exe
  2⤵
  PID:12580
- C:\Windows\System\SQcoyAd.exe
  C:\Windows\System\SQcoyAd.exe
  2⤵
  PID:12684
- C:\Windows\System\EOoEMDH.exe
  C:\Windows\System\EOoEMDH.exe
  2⤵
  PID:12872
- C:\Windows\System\XoqngfK.exe
  C:\Windows\System\XoqngfK.exe
  2⤵
  PID:13056
- C:\Windows\System\PPGOcuQ.exe
  C:\Windows\System\PPGOcuQ.exe
  2⤵
  PID:13144
- C:\Windows\System\CHnrRUz.exe
  C:\Windows\System\CHnrRUz.exe
  2⤵
  PID:13272
- C:\Windows\System\pbvneUl.exe
  C:\Windows\System\pbvneUl.exe
  2⤵
  PID:12476
- C:\Windows\System\eMLeMar.exe
  C:\Windows\System\eMLeMar.exe
  2⤵
  PID:12992
- C:\Windows\System\BpYETvm.exe
  C:\Windows\System\BpYETvm.exe
  2⤵
  PID:13220
- C:\Windows\System\wuMRNiK.exe
  C:\Windows\System\wuMRNiK.exe
  2⤵
  PID:12988
- C:\Windows\System\inIpGpM.exe
  C:\Windows\System\inIpGpM.exe
  2⤵
  PID:13332
- C:\Windows\System\XsqlHRD.exe
  C:\Windows\System\XsqlHRD.exe
  2⤵
  PID:13364
- C:\Windows\System\FmTicBh.exe
  C:\Windows\System\FmTicBh.exe
  2⤵
  PID:13396
- C:\Windows\System\qpuSKpC.exe
  C:\Windows\System\qpuSKpC.exe
  2⤵
  PID:13420
- C:\Windows\System\XPdXAaO.exe
  C:\Windows\System\XPdXAaO.exe
  2⤵
  PID:13448
- C:\Windows\System\xDxutzL.exe
  C:\Windows\System\xDxutzL.exe
  2⤵
  PID:13476
- C:\Windows\System\FUXHDrD.exe
  C:\Windows\System\FUXHDrD.exe
  2⤵
  PID:13500
- C:\Windows\System\uGzXqwN.exe
  C:\Windows\System\uGzXqwN.exe
  2⤵
  PID:13524
- C:\Windows\System\nqJGymG.exe
  C:\Windows\System\nqJGymG.exe
  2⤵
  PID:13568
- C:\Windows\System\awGKYFJ.exe
  C:\Windows\System\awGKYFJ.exe
  2⤵
  PID:13596
- C:\Windows\System\DOALUMT.exe
  C:\Windows\System\DOALUMT.exe
  2⤵
  PID:13624
- C:\Windows\System\eFGshMy.exe
  C:\Windows\System\eFGshMy.exe
  2⤵
  PID:13652
- C:\Windows\System\CkcwzAb.exe
  C:\Windows\System\CkcwzAb.exe
  2⤵
  PID:13672
- C:\Windows\System\qlaTpro.exe
  C:\Windows\System\qlaTpro.exe
  2⤵
  PID:13708
- C:\Windows\System\mcTEmho.exe
  C:\Windows\System\mcTEmho.exe
  2⤵
  PID:13724
- C:\Windows\System\XvovFPX.exe
  C:\Windows\System\XvovFPX.exe
  2⤵
  PID:13756
- C:\Windows\System\priqXZM.exe
  C:\Windows\System\priqXZM.exe
  2⤵
  PID:13780
- C:\Windows\System\zAKHNiI.exe
  C:\Windows\System\zAKHNiI.exe
  2⤵
  PID:13812
- C:\Windows\System\cWWTzur.exe
  C:\Windows\System\cWWTzur.exe
  2⤵
  PID:13848
- C:\Windows\System\xeouRAP.exe
  C:\Windows\System\xeouRAP.exe
  2⤵
  PID:13876
- C:\Windows\System\NCLrxtm.exe
  C:\Windows\System\NCLrxtm.exe
  2⤵
  PID:13904
- C:\Windows\System\hWeVbiB.exe
  C:\Windows\System\hWeVbiB.exe
  2⤵
  PID:13932
- C:\Windows\System\ytzrUQi.exe
  C:\Windows\System\ytzrUQi.exe
  2⤵
  PID:13960
- C:\Windows\System\LmxupKn.exe
  C:\Windows\System\LmxupKn.exe
  2⤵
  PID:13988
- C:\Windows\System\bVQCauw.exe
  C:\Windows\System\bVQCauw.exe
  2⤵
  PID:14016
- C:\Windows\System\fGATZiV.exe
  C:\Windows\System\fGATZiV.exe
  2⤵
  PID:14044
- C:\Windows\System\VuJCBRm.exe
  C:\Windows\System\VuJCBRm.exe
  2⤵
  PID:14072
- C:\Windows\System\KaKiAMN.exe
  C:\Windows\System\KaKiAMN.exe
  2⤵
  PID:14100
- C:\Windows\System\jbYIGGg.exe
  C:\Windows\System\jbYIGGg.exe
  2⤵
  PID:14128
- C:\Windows\System\eqEpqjF.exe
  C:\Windows\System\eqEpqjF.exe
  2⤵
  PID:14156
- C:\Windows\System\GeJbIeT.exe
  C:\Windows\System\GeJbIeT.exe
  2⤵
  PID:14184
- C:\Windows\System\UMDdBDh.exe
  C:\Windows\System\UMDdBDh.exe
  2⤵
  PID:14212
- C:\Windows\System\CFosdzZ.exe
  C:\Windows\System\CFosdzZ.exe
  2⤵
  PID:14228
- C:\Windows\System\pnQAIrE.exe
  C:\Windows\System\pnQAIrE.exe
  2⤵
  PID:14260
- C:\Windows\System\MbzgEbN.exe
  C:\Windows\System\MbzgEbN.exe
  2⤵
  PID:14296
- C:\Windows\System\uvOxlWL.exe
  C:\Windows\System\uvOxlWL.exe
  2⤵
  PID:14312
- C:\Windows\System\rhsezZU.exe
  C:\Windows\System\rhsezZU.exe
  2⤵
  PID:12372
- C:\Windows\System\xLwRJmm.exe
  C:\Windows\System\xLwRJmm.exe
  2⤵
  PID:13324
- C:\Windows\System\PvFVpWq.exe
  C:\Windows\System\PvFVpWq.exe
  2⤵
  PID:13416
- C:\Windows\System\psPvloF.exe
  C:\Windows\System\psPvloF.exe
  2⤵
  PID:13444
- C:\Windows\System\qAudyUW.exe
  C:\Windows\System\qAudyUW.exe
  2⤵
  PID:13516
- C:\Windows\System\kODYglb.exe
  C:\Windows\System\kODYglb.exe
  2⤵
  PID:13612
- C:\Windows\System\YLeouhc.exe
  C:\Windows\System\YLeouhc.exe
  2⤵
  PID:4572
- C:\Windows\System\Xejyeqa.exe
  C:\Windows\System\Xejyeqa.exe
  2⤵
  PID:13700
- C:\Windows\System\qfBputd.exe
  C:\Windows\System\qfBputd.exe
  2⤵
  PID:13744
- C:\Windows\System\LtsQRHN.exe
  C:\Windows\System\LtsQRHN.exe
  2⤵
  PID:13804
- C:\Windows\System\TAbUtbq.exe
  C:\Windows\System\TAbUtbq.exe
  2⤵
  PID:13872
- C:\Windows\System\WSPYWmF.exe
  C:\Windows\System\WSPYWmF.exe
  2⤵
  PID:13980
- C:\Windows\System\SJXAjHF.exe
  C:\Windows\System\SJXAjHF.exe
  2⤵
  PID:14000
- C:\Windows\System\axHFoTb.exe
  C:\Windows\System\axHFoTb.exe
  2⤵
  PID:14096
- C:\Windows\System\oJUHnKo.exe
  C:\Windows\System\oJUHnKo.exe
  2⤵
  PID:14140
- C:\Windows\System\MyZdtyM.exe
  C:\Windows\System\MyZdtyM.exe
  2⤵
  PID:14196
- C:\Windows\System\QjkaoKN.exe
  C:\Windows\System\QjkaoKN.exe
  2⤵
  PID:14248
- C:\Windows\System\HcbyKza.exe
  C:\Windows\System\HcbyKza.exe
  2⤵
  PID:13384
- C:\Windows\System\suAEAKP.exe
  C:\Windows\System\suAEAKP.exe
  2⤵
  PID:13436
- C:\Windows\System\jkmxFXm.exe
  C:\Windows\System\jkmxFXm.exe
  2⤵
  PID:13484
- C:\Windows\System\WNQnMWX.exe
  C:\Windows\System\WNQnMWX.exe
  2⤵
  PID:13736
- C:\Windows\System\pkfyqVg.exe
  C:\Windows\System\pkfyqVg.exe
  2⤵
  PID:13844
- C:\Windows\System\wVokUdg.exe
  C:\Windows\System\wVokUdg.exe
  2⤵
  PID:13952
- C:\Windows\System\VqjUMlc.exe
  C:\Windows\System\VqjUMlc.exe
  2⤵
  PID:14092
- C:\Windows\System\kINVHKk.exe
  C:\Windows\System\kINVHKk.exe
  2⤵
  PID:14220
- C:\Windows\System\qApjiwh.exe
  C:\Windows\System\qApjiwh.exe
  2⤵
  PID:13392
- C:\Windows\System\pTYwxMs.exe
  C:\Windows\System\pTYwxMs.exe
  2⤵
  PID:13808
- C:\Windows\System\HankbsL.exe
  C:\Windows\System\HankbsL.exe
  2⤵
  PID:14176
- C:\Windows\System\SVAKWYB.exe
  C:\Windows\System\SVAKWYB.exe
  2⤵
  PID:13776

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AMuFWux.exe

Filesize
1.9MB

MD5
57a6e2452ed5b5f3e1048bb4da92609f

SHA1
8d84dc1e0509005fa716aaf18006b507b27a42a5

SHA256
9a52fc4541e0eafc42a23b128545ffa93f0eceec23fd5b7f48cb2963788d5279

SHA512
5bccac40db51fcb1ff1536751230c6bd66a7082a015a02ef3eef1d9c8b4d8a0a9211858dfd888e195c0e81449680fd4d35a14bc7d7d94635824b84479ecd6fb5

Download Submit
C:\Windows\System\CkAQtLV.exe

Filesize
1.9MB

MD5
da314bf22491d65807051906ce69f9f2

SHA1
bb8488cd191df96e759f163451805324314e5940

SHA256
0aac0e7fe228c115f3e152375d07f4c1ab6bd2e29ad090da2037fe89410f81c2

SHA512
8a05181b93d95f0e7eed6db37c240d96efa2b679c6a1ad47cff487b5a227bc4b84c2ff5d0bce15c5e0e8af67ff642ad9f553aa1978d18afc36d2b79140cfa03a

Download Submit
C:\Windows\System\EZbzdZU.exe

Filesize
1.9MB

MD5
add691cc1f7a94fffb149b69f3fd0ce2

SHA1
e99d810e32acd7bda4f4d156c355031f2d68ceb1

SHA256
b32381aa7ca53da9b263ad26f8380f76d5ca39fb05f89f15adab12d317cc7f97

SHA512
614680a658e1e032332ff75c9f62096e22f6edcc286d7eb64f55894fd0125596abf1f432a6ec80ae0266d80835cf8ad169bdac6cbdba87e2c43391d18ada5907

Download Submit
C:\Windows\System\FSPHpAB.exe

Filesize
1.9MB

MD5
19af479f82691ef3d9007c8f233f3e68

SHA1
cda70898b081dfb6f0c3a67b7fd9ad7ffdb2b213

SHA256
42fe821ea4d37ca73139032184f54b61bf9ca044cf54b9cbb8bedfa1e1c41c25

SHA512
3c00497f55f2b27e412f8b6bfd07348792e1e5307e7bfc34e2b2a614406b536bd57d5ed157234b884e36a257b34520614bb34a100e4861d0de513c584d41c47f

Download Submit
C:\Windows\System\GRHZgVw.exe

Filesize
1.9MB

MD5
2087be1db559a40961e8aefd568870da

SHA1
0b080aaf913e29a4d28526e90e9b118036e98511

SHA256
db226757d5016b334f3e86573c2d070e9aeb0c1d87a7df7c0aa963e85ce3b51b

SHA512
10a340523a1eb81060cb580a55ec57a0bf3f2bb689103c80bfc4640d56613e01a8b5de41d93ca8ec4398b367399e5666ec71acaf82171cf8b11ca760d57e2437

Download Submit
C:\Windows\System\HcDYRAA.exe

Filesize
1.9MB

MD5
7c71449848103c4671af71e533f16500

SHA1
44852bc4b6062c2beff64c8dc631cbd00e6d752c

SHA256
e0b5a794cff3e0cdbf35c13e055e5c8ae4dc4a9d4e0a79dfb8da876156db9d8f

SHA512
8849ce553d08637ded5fb59ab271b5a6cd2a85b819c20b48ba25713da29c5c131a70024eb573b4375195f4b0a72245547729c168cb4b548899b727d713de6a97

Download Submit
C:\Windows\System\HnYDUxS.exe

Filesize
1.9MB

MD5
4bfcb202b9f0c43fd9c46d8cd13d2f92

SHA1
7fc75992e6b507d0a64e447c1a3c06c0ff354f2b

SHA256
cad094152b04fcf9a495504cb23468a83bf202a97f87128023d758a41360bc1d

SHA512
0f55a0b3790df8314ce0c08a6d7a24252719205bbaf4a4e4f8380f413f4c6942aa6074ec8036b3cf3f200146b52a4f06edb99978e8c2645679c9f751026c3ad4

Download Submit
C:\Windows\System\JADolpE.exe

Filesize
1.9MB

MD5
d282072f426f741e5f8ac2e349eb3e87

SHA1
57f58651f3b6f08b4ff6396ad388046e46bb9d15

SHA256
49a68bb5f2cefc0993cac67d0c4946bd3d8b1dfe389deb8965f3dc06af28213a

SHA512
a4c9a7aaed354fda343715099d337cde78af71d5e84b6c1c98f1e36b434ba69b29f8a651c81b681c15d24413f17a7ae079d743fc294b29ed6d03b9bdddde7d30

Download Submit
C:\Windows\System\JSfaMmf.exe

Filesize
1.9MB

MD5
1dfb3511e80768d78a0c6e71dcf7a2b0

SHA1
e167346577481a3ce5379ac063b416afa1689062

SHA256
bc2ff18e1c48c6155955365f6810c16690441a32a67106b85c41e10ebadce618

SHA512
66d458ee2c94a8633a628056f8d3faf23a9c42062553d5ee34f883d9b6a5872ae3ec49468b469b4119eedc23543b3f0f82c9d28fab8a1eb193dcfc30d8804139

Download Submit
C:\Windows\System\LrUjTiX.exe

Filesize
1.9MB

MD5
2abbb5b0128099b737340225eac7f566

SHA1
d09a5d858a0420d342d10c045a8fa4c461286408

SHA256
6462ae46a892782b355642a7c91b3cca1b1505755c8616b3391ba75aa5639714

SHA512
22ea38e153bb0cdb7fa9507f7da6cc86721ed621d8759389cc2d823da42f8dfe45b05f56b3baa94cd5ddf231e98e3efb41e0fc166130f6ad14631c94af8d7a9c

Download Submit
C:\Windows\System\QaAaHMg.exe

Filesize
1.9MB

MD5
79f83e69230f44ba040fcea712132748

SHA1
fd2623d0c4e1608133fc10ed1f1a19a2aa895674

SHA256
094907bc910323597052b565c4d587c4b0cc7a8969960fd6cb13ccfa5459024c

SHA512
3723f4ab1ae9081cd731868c7386a860249ccb32e6e0fd3f7be52f8551c9846853c124d344b48a43e6bb9c0efa4e61b2a2a2014dcf1ef890c79980dc692c9a03

Download Submit
C:\Windows\System\RHSZXsy.exe

Filesize
1.9MB

MD5
2eb9a3a7cc62cab53e40f0bd6e747b77

SHA1
2b20fcde1115fbfbea6ddb30688c683807b37d84

SHA256
75ae972c316e2fd680bfdbf9377e2631c6a619d018401693d1386c0f5b13c6e7

SHA512
ffdb27523a8ce72c8d43d2cfc81f244880821354db87e448d2b8a83ecab474cd292f8b2eca90dfb05151de96231126fd22ff8f1d3c77917c539b7c37f528def6

Download Submit
C:\Windows\System\SCgXcmR.exe

Filesize
1.9MB

MD5
5fc79e5ced702388cf3ad08b52f01cd1

SHA1
3dc689ad17b6f0f0016e38efde7de3d9b6f76549

SHA256
3409d799399aee09c7ccbbf4b11a00da9cd3821ee578e6a347789a8b31557b6b

SHA512
6622e86ed46a3cf1e508f5a36589daeac47862f4bbd4f9590813745fd4b915f35d258f7ccd64b25228f9051252911ecf0a7a9d5e5bbbcf86c075d85d5a3c4ab9

Download Submit
C:\Windows\System\SyBuXSe.exe

Filesize
1.9MB

MD5
b93c17ffc100bc8649c2fd325f0e23b1

SHA1
f0f22917bbe29648f8c09844b4c3a95666f4b7e7

SHA256
f269d0cdeb8667e18aaa56570769d97b4f54d0e8b4bf4ef37406eaa28b120054

SHA512
a122e50e27cb3f321a44e33fd540d81d084cb4d13004c02c6fedeb0eef2dce78be9e1db5779b919562eebd689bdb96415436b7ad647abaede415fb667deb0c14

Download Submit
C:\Windows\System\TcAxmsZ.exe

Filesize
1.9MB

MD5
a318acd291cddb4d68946c6b4977c67b

SHA1
02f2f9c692a51c524476874fbc0e2d26c1ded201

SHA256
4017500260ec5244174073bb28157bc6f35a502c8404b8699327af3b23f6f87e

SHA512
6a05113f50fb5b7d2da3a7a3b96b12a3c5e12972ab49dbbdbded32e11c562dc8a270a119d1e50faecb9a9c00c7f69f74b881804998a3930e41656d2e338793ce

Download Submit
C:\Windows\System\VKhqitq.exe

Filesize
1.9MB

MD5
d844a2341e9e1f2fb542ab9df7b2bba5

SHA1
1111e0e0594434d8cb8fcda1999f5ae17a423772

SHA256
e2c817ccbcc12f2a1d630f7cfa7c84013d1325e68ddbaa62a62ef15d4d72e174

SHA512
68c707760a2c597d0acfb4b38be5f34af907f572361e39fa947ace2498b0e3208da91c1b0f95250e0877f92a116611be38464643e530dda693f573859274541b

Download Submit
C:\Windows\System\VLIOrZb.exe

Filesize
1.9MB

MD5
6ee9906f97d8f4edf27b3f362adf7ca8

SHA1
bd775001fd86958e7f6657f67b4287b1d16b9555

SHA256
b388fc79e2464a7edb949d0a2ceb9ab9df164dde9810b6375db1f82748a4f57a

SHA512
68f032dfa312bbc4fe7e893831ee5878f7e990c2044b76917c99b39da849d338b1da26b0df08bfe90bba8388f8e33ad18c7c0755e52bb99742597623a9a11f3d

Download Submit
C:\Windows\System\VdEflKJ.exe

Filesize
1.9MB

MD5
bfd365e96ce5025d41791bf119147bdb

SHA1
c45e6cc0144f8dfde9f30f832f08a515d858a3dc

SHA256
817101c92b4bba4baf93d0816a3198165604430a14cf1a625c7a19fb9fb6d1f5

SHA512
ed78151a4917e2eb6fb83e9e0119acafe76739941761fe776a0861d457e9257e2300282fb37d28f5adfa99e3d07dd5ae1bc4293bba322ebf2647479615a19362

Download Submit
C:\Windows\System\WuMGcPw.exe

Filesize
1.9MB

MD5
886783a65b85af454b1c0da9f82495a5

SHA1
3608ad45908f9ba94fb70a33f111d8c80c7f7e00

SHA256
67ea5fe511ca85b48138e2130a64f466c44a783ce1d4bb79575681011c5f3f4a

SHA512
36ea86bf39de868f038acf7e7873f740fb08630758ab6d329ad8d4d9791debeb2e2d5a9148b3d8102a09a072110222605e0cdb7478349dfb0fc1d467ac9687b8

Download Submit
C:\Windows\System\XOGwnhO.exe

Filesize
1.9MB

MD5
e6e6420621c35daa71409b2b6fe177d6

SHA1
91bdd0348a7d962eaa9574607ea5db2b8ace81e0

SHA256
3b3701cab9678e3812d68ababd24131824351d31410975082d18380204298b52

SHA512
770fdce533e91ecd1dbcd4a0f597d253dd2626d1903a8ac56daf6fe53075f394842dcd2cb6a5cc3352934d8bf31d8dd9eacd4ae7af1012724c1216300211574d

Download Submit
C:\Windows\System\YfvYKjZ.exe

Filesize
1.9MB

MD5
a4895a762b59872d7825e23c2595dde8

SHA1
c958485520b2ceb166d0f5e73b35a213c032cb00

SHA256
e2e8efd42f3bd144a94d873435c99fbab70e61cc1ea1f359e47675bfa437ef77

SHA512
6cdb1fd100cd6ec30606f70190457205a22197eff7cfea7971ebd228911616fe04f9edf8336df4e28239951ffec0bb882a53aff6f08996a598928b0b64dbcc2a

Download Submit
C:\Windows\System\ZoPDfML.exe

Filesize
1.9MB

MD5
b4348669428b6efa0499a6f6a3919d1e

SHA1
647b800a673c9030733f4ea26d4d679086d284b9

SHA256
72697ce90d63d24dc1397dd2f2299b7063200d99605147cfd4f23edb73a3b06f

SHA512
47a69ab0676840ba995d5c411b693f3b7973bbc44d359000a91e04a9ab16f4733b710c5ad276eacd0bcbdd836019f423b87d2175399d578330e383281c2e0533

Download Submit
C:\Windows\System\egkBgHh.exe

Filesize
1.9MB

MD5
1882e660c22f607719af29df1d876fc1

SHA1
96af2968527a67e45495fd6f51115c12876adcf6

SHA256
727307361f3896a707f5f1e1f1a1a7c7b3082faf4640e626dab7380232280b46

SHA512
ed68e0cfead1c7ff8994619c648260b5080b9668eed05840147f898366471c10dca48d5029e12d3aaf499f426c989ce7c5d5f6a9236265f579a606143f50b43e

Download Submit
C:\Windows\System\gyNyToJ.exe

Filesize
1.9MB

MD5
9cd8fd782c09f69347e65a2ded5b8e05

SHA1
d8593577baa77ff3f065c930e36e6166124b40d6

SHA256
490048da3baebdbff6d4a5b04dc23bf04dffc88bf25b162f1bfb1b474d176d00

SHA512
6b1f3a870e717a856bb8b2ad6e6894f6d3fb9c26aabee6c1d8bf4ba77d96919219aeadfda1f399a49320c30d36fcb40488ea63da54fdda6e276dd93555400900

Download Submit
C:\Windows\System\ioKKoDP.exe

Filesize
1.9MB

MD5
b5233576fa49ccbc936126ea85bc099b

SHA1
47b3e341cc0945794a93e64ffcb542c655c6c9ad

SHA256
a30d8d275c0153f894b556c6d724f654d624a7ef0ff8f6258d7e2bf3d162e0e0

SHA512
52d736d19d308a2b81d8d80c8f529fb63b264b7c2e63bf0430f668c789319b7025aae5dc649e048c273eead995bbeff0b5a55a2036de91ea1d8b9b793b6c33e3

Download Submit
C:\Windows\System\jKiJajZ.exe

Filesize
1.9MB

MD5
efbbb19ac23b52d94edc28cd6ef7e300

SHA1
1b20c5f14e54d69655e14c432e4230c99cee30e9

SHA256
4ff9c40ba9d17ed336d4707cad040c86dada672dd4a9fd1a6a586dea636e3898

SHA512
1bab1a1d173210d77f9e9f14fdf43fc34064b836dd95910ff468be04c9eab3fece465982169036e64b74db6a7f45a2f6153e54715425ab4db0163f1b49daa227

Download Submit
C:\Windows\System\muaVwdG.exe

Filesize
1.9MB

MD5
5e597a3e068fe1ed37f39cd2484b8ada

SHA1
09eb0feff4549e2e11a6ae1e98cb16697998bc70

SHA256
44fb8a6eb467961836f6397440335e05f3e45fa542c382d5e15d8493cee7f581

SHA512
0f18efdee9713fcd531388dbe7981b1b469180581ed99157c209cd1129b00959c6b5b46f6224e3c23575e59818a84cae15da3751867d939486c160b972330f19

Download Submit
C:\Windows\System\oVlQvDL.exe

Filesize
1.9MB

MD5
75ede646032c0d15f19c14b6bc41ada3

SHA1
90f593615bb8721aa66bd48e97c4fb9ad7afb96d

SHA256
9bb7fc4a18b42fed63eb55fda11c6db45598d8b96a63ae7267f80eabc2de70a2

SHA512
496bf76f02d367abedf0b1de40f5f55dbdc35f275fe1fb90bbb3a588a3cb60de2f77ddc7d5de3d19395e0ebbf862c893deafb00b7d0addb2a83d56370092b7ff

Download Submit
C:\Windows\System\shwRunB.exe

Filesize
1.9MB

MD5
e34881a02599d875c0880b7ea39337b7

SHA1
f1e1e2c6cd9928d2d67eb5950db4f6c0008ee252

SHA256
0593043ddcd0937f33dcd1c55dcee78132bd7935596433288ebdaeb01533e19f

SHA512
e188e1b23f572bf046cd6e35cb2d6b5eccc34a99b9f5c659e184417c8aefad4923df68ad38746ffbcca082d56bdebeb91e8e9feb7edb9873984914f7eef44e9d

Download Submit
C:\Windows\System\tfoGPkM.exe

Filesize
1.9MB

MD5
3ac2b257c721da92e49c125e1a019168

SHA1
ff3260df76a559e0c81dd5c3fe10b8eea91868f1

SHA256
35da06261848b96f8928a5e7cae39e539c8d91a343d5589cb69696eb7c0f36db

SHA512
1878c549f1bc9ee384155aea42d4f9a7f3850ca20f7e32c2dc8a9e4d597d8ba562e260c34674cdef65b673a8563cfb64eca7df570f51c424fe329b6ba29ae60d

Download Submit
C:\Windows\System\wLPUhaq.exe

Filesize
1.9MB

MD5
f9a3dc6331b7db6bb0805dbed4228982

SHA1
434f74e2b696e3e61fecda51508402d0f6b5447f

SHA256
596cd5142a55c0cb7b653c922a2cc392af4b35baf0d45fe90ac27e8b42544c8d

SHA512
d909b53d62809118420c341a1e949d7acddf82c786b1eb790bb6bda495a4a25b2519ba1bcccbae332f6126288c47ae906d92f0094e1bbfc174cf81ff57c3d86e

Download Submit
C:\Windows\System\wOGFkKU.exe

Filesize
1.9MB

MD5
e3e8f47ea46a369cac94a4f17ac4350b

SHA1
867e4722834e110f9b1faf8ac3b8b1e766b63dce

SHA256
577dee9976a4a0d9de4eb9a2a26f4909705ace498ec6964f262957eb72db736e

SHA512
e8b3ebdd21985e7b04ac343c231881ff5c2220dfedb5ea54ce9e9bbb96cd6480d92660d036eb1df11ce2311fa2207a5132ec66815ea96ff6b4feaccfb5178833

Download Submit
C:\Windows\System\xhrqzTE.exe

Filesize
1.9MB

MD5
2e40c5bfffbebd3c75135ee5d63c23dd

SHA1
d87e5356fabb616c2cc2cf9213c07bd5bac06fe5

SHA256
15574dcfc0019beae9fdec593ec2bbd08eaf719f9db5c2d2f8deb29c31e7e1b3

SHA512
5b4bc231b1fc87b3475c9653ce287120b76ef9245f6c921340e2bfa22c99946360d0057f0d8b7e634aebb5a3d9d089a346bf0eb4c07ff21100cec3ebd099fc7e

Download Submit
memory/776-497-0x00007FF6BC430000-0x00007FF6BC784000-memory.dmp

Filesize
3.3MB

Download
memory/776-2099-0x00007FF6BC430000-0x00007FF6BC784000-memory.dmp

Filesize
3.3MB

Download
memory/844-2110-0x00007FF74A430000-0x00007FF74A784000-memory.dmp

Filesize
3.3MB

Download
memory/844-520-0x00007FF74A430000-0x00007FF74A784000-memory.dmp

Filesize
3.3MB

Download
memory/944-2084-0x00007FF684EF0000-0x00007FF685244000-memory.dmp

Filesize
3.3MB

Download
memory/944-17-0x00007FF684EF0000-0x00007FF685244000-memory.dmp

Filesize
3.3MB

Download
memory/1140-471-0x00007FF7B38A0000-0x00007FF7B3BF4000-memory.dmp

Filesize
3.3MB

Download
memory/1140-2095-0x00007FF7B38A0000-0x00007FF7B3BF4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2097-0x00007FF66F570000-0x00007FF66F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-479-0x00007FF66F570000-0x00007FF66F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2101-0x00007FF797B20000-0x00007FF797E74000-memory.dmp

Filesize
3.3MB

Download
memory/1364-487-0x00007FF797B20000-0x00007FF797E74000-memory.dmp

Filesize
3.3MB

Download
memory/1544-514-0x00007FF751CB0000-0x00007FF752004000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2102-0x00007FF751CB0000-0x00007FF752004000-memory.dmp

Filesize
3.3MB

Download
memory/1584-516-0x00007FF609A10000-0x00007FF609D64000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2105-0x00007FF609A10000-0x00007FF609D64000-memory.dmp

Filesize
3.3MB

Download
memory/2016-510-0x00007FF7CE260000-0x00007FF7CE5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2103-0x00007FF7CE260000-0x00007FF7CE5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-521-0x00007FF6D9480000-0x00007FF6D97D4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2089-0x00007FF6D9480000-0x00007FF6D97D4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-517-0x00007FF651FD0000-0x00007FF652324000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2107-0x00007FF651FD0000-0x00007FF652324000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2111-0x00007FF778DD0000-0x00007FF779124000-memory.dmp

Filesize
3.3MB

Download
memory/2540-518-0x00007FF778DD0000-0x00007FF779124000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2104-0x00007FF7FFC00000-0x00007FF7FFF54000-memory.dmp

Filesize
3.3MB

Download
memory/2580-505-0x00007FF7FFC00000-0x00007FF7FFF54000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2108-0x00007FF7BCCD0000-0x00007FF7BD024000-memory.dmp

Filesize
3.3MB

Download
memory/2816-515-0x00007FF7BCCD0000-0x00007FF7BD024000-memory.dmp

Filesize
3.3MB

Download
memory/2836-0-0x00007FF768930000-0x00007FF768C84000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1-0x0000023F632F0000-0x0000023F63300000-memory.dmp

Filesize
64KB

Download
memory/2836-2080-0x00007FF768930000-0x00007FF768C84000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2087-0x00007FF7D7D10000-0x00007FF7D8064000-memory.dmp

Filesize
3.3MB

Download
memory/2880-41-0x00007FF7D7D10000-0x00007FF7D8064000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2096-0x00007FF6033B0000-0x00007FF603704000-memory.dmp

Filesize
3.3MB

Download
memory/2908-473-0x00007FF6033B0000-0x00007FF603704000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2091-0x00007FF75D550000-0x00007FF75D8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-459-0x00007FF75D550000-0x00007FF75D8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3192-456-0x00007FF7CCA00000-0x00007FF7CCD54000-memory.dmp

Filesize
3.3MB

Download
memory/3192-2090-0x00007FF7CCA00000-0x00007FF7CCD54000-memory.dmp

Filesize
3.3MB

Download
memory/3560-463-0x00007FF73F080000-0x00007FF73F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2094-0x00007FF73F080000-0x00007FF73F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-2109-0x00007FF6E2560000-0x00007FF6E28B4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-519-0x00007FF6E2560000-0x00007FF6E28B4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-2081-0x00007FF62FB90000-0x00007FF62FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-2085-0x00007FF62FB90000-0x00007FF62FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-22-0x00007FF62FB90000-0x00007FF62FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2093-0x00007FF731730000-0x00007FF731A84000-memory.dmp

Filesize
3.3MB

Download
memory/3864-476-0x00007FF731730000-0x00007FF731A84000-memory.dmp

Filesize
3.3MB

Download
memory/3920-513-0x00007FF65E1D0000-0x00007FF65E524000-memory.dmp

Filesize
3.3MB

Download
memory/3920-2106-0x00007FF65E1D0000-0x00007FF65E524000-memory.dmp

Filesize
3.3MB

Download
memory/4208-10-0x00007FF6DAD80000-0x00007FF6DB0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4208-2083-0x00007FF6DAD80000-0x00007FF6DB0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2100-0x00007FF665110000-0x00007FF665464000-memory.dmp

Filesize
3.3MB

Download
memory/4284-502-0x00007FF665110000-0x00007FF665464000-memory.dmp

Filesize
3.3MB

Download
memory/4360-489-0x00007FF6D6600000-0x00007FF6D6954000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2098-0x00007FF6D6600000-0x00007FF6D6954000-memory.dmp

Filesize
3.3MB

Download
memory/4624-522-0x00007FF6CBC40000-0x00007FF6CBF94000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2092-0x00007FF6CBC40000-0x00007FF6CBF94000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2086-0x00007FF6E3DC0000-0x00007FF6E4114000-memory.dmp

Filesize
3.3MB

Download
memory/4776-33-0x00007FF6E3DC0000-0x00007FF6E4114000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2082-0x00007FF6D3CC0000-0x00007FF6D4014000-memory.dmp

Filesize
3.3MB

Download
memory/4844-450-0x00007FF6D3CC0000-0x00007FF6D4014000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2088-0x00007FF6D3CC0000-0x00007FF6D4014000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads