xmrig | 724b922ba3a7b0085fbc637f545fdd4f6692af0339234ae75502176bba4f0ae4

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
Size

2.1MB
MD5

5cced5477232429f8138cb4505a0bc40
SHA1

89b4076ebf66bc9f70fd9dcca827325cd6ee304b
SHA256

724b922ba3a7b0085fbc637f545fdd4f6692af0339234ae75502176bba4f0ae4
SHA512

dd1051312baf0556e45fb9bddd5a87554987434b1ef9f76955c120d74e482bd93e3183ac8e68a56a487f2526b3b13b7b472c7e2c47df5b083e730a5d219a958f
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQw5UP6Qsx7Utmr:oemTLkNdfE0pZrQa

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1964-0-0x00007FF702A80000-0x00007FF702DD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023419-5.dat	xmrig
behavioral2/files/0x0007000000023422-8.dat	xmrig
behavioral2/files/0x0007000000023423-25.dat	xmrig
behavioral2/files/0x0007000000023425-38.dat	xmrig
behavioral2/files/0x000700000002342c-73.dat	xmrig
behavioral2/files/0x0007000000023430-89.dat	xmrig
behavioral2/files/0x0007000000023435-117.dat	xmrig
behavioral2/files/0x0007000000023438-133.dat	xmrig
behavioral2/files/0x0007000000023440-167.dat	xmrig
behavioral2/memory/4904-730-0x00007FF65FFC0000-0x00007FF660314000-memory.dmp	xmrig
behavioral2/memory/1008-734-0x00007FF66A200000-0x00007FF66A554000-memory.dmp	xmrig
behavioral2/memory/2840-737-0x00007FF78FFB0000-0x00007FF790304000-memory.dmp	xmrig
behavioral2/memory/4276-746-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp	xmrig
behavioral2/memory/2748-752-0x00007FF62E290000-0x00007FF62E5E4000-memory.dmp	xmrig
behavioral2/memory/2000-759-0x00007FF699220000-0x00007FF699574000-memory.dmp	xmrig
behavioral2/memory/752-776-0x00007FF7DC9D0000-0x00007FF7DCD24000-memory.dmp	xmrig
behavioral2/memory/2580-771-0x00007FF7517C0000-0x00007FF751B14000-memory.dmp	xmrig
behavioral2/memory/2484-763-0x00007FF7F0950000-0x00007FF7F0CA4000-memory.dmp	xmrig
behavioral2/memory/4268-782-0x00007FF673330000-0x00007FF673684000-memory.dmp	xmrig
behavioral2/memory/4596-788-0x00007FF6E1B10000-0x00007FF6E1E64000-memory.dmp	xmrig
behavioral2/memory/4476-793-0x00007FF60CBB0000-0x00007FF60CF04000-memory.dmp	xmrig
behavioral2/memory/3620-787-0x00007FF7DDE40000-0x00007FF7DE194000-memory.dmp	xmrig
behavioral2/memory/4996-786-0x00007FF752740000-0x00007FF752A94000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-163.dat	xmrig
behavioral2/files/0x000700000002343f-162.dat	xmrig
behavioral2/files/0x000700000002343d-158.dat	xmrig
behavioral2/files/0x000700000002343c-153.dat	xmrig
behavioral2/files/0x000700000002343b-148.dat	xmrig
behavioral2/files/0x000700000002343a-143.dat	xmrig
behavioral2/files/0x0007000000023439-138.dat	xmrig
behavioral2/memory/644-803-0x00007FF7E0B50000-0x00007FF7E0EA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-127.dat	xmrig
behavioral2/files/0x0007000000023436-123.dat	xmrig
behavioral2/memory/4552-807-0x00007FF69BD30000-0x00007FF69C084000-memory.dmp	xmrig
behavioral2/memory/3352-818-0x00007FF644240000-0x00007FF644594000-memory.dmp	xmrig
behavioral2/memory/1344-825-0x00007FF719010000-0x00007FF719364000-memory.dmp	xmrig
behavioral2/memory/2816-837-0x00007FF7A6930000-0x00007FF7A6C84000-memory.dmp	xmrig
behavioral2/memory/1244-841-0x00007FF6DEC20000-0x00007FF6DEF74000-memory.dmp	xmrig
behavioral2/memory/4844-836-0x00007FF6759C0000-0x00007FF675D14000-memory.dmp	xmrig
behavioral2/memory/1772-833-0x00007FF76BDA0000-0x00007FF76C0F4000-memory.dmp	xmrig
behavioral2/memory/2892-822-0x00007FF737670000-0x00007FF7379C4000-memory.dmp	xmrig
behavioral2/memory/868-813-0x00007FF777290000-0x00007FF7775E4000-memory.dmp	xmrig
behavioral2/memory/4528-810-0x00007FF625E20000-0x00007FF626174000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-113.dat	xmrig
behavioral2/files/0x0007000000023433-108.dat	xmrig
behavioral2/files/0x0007000000023432-103.dat	xmrig
behavioral2/files/0x0007000000023431-97.dat	xmrig
behavioral2/files/0x000700000002342f-87.dat	xmrig
behavioral2/files/0x000700000002342e-83.dat	xmrig
behavioral2/files/0x000700000002342d-78.dat	xmrig
behavioral2/files/0x000700000002342b-67.dat	xmrig
behavioral2/files/0x000700000002342a-63.dat	xmrig
behavioral2/files/0x0007000000023429-58.dat	xmrig
behavioral2/files/0x0007000000023428-53.dat	xmrig
behavioral2/files/0x0007000000023427-45.dat	xmrig
behavioral2/files/0x0007000000023426-40.dat	xmrig
behavioral2/files/0x0007000000023424-36.dat	xmrig
behavioral2/memory/3220-29-0x00007FF6A4D70000-0x00007FF6A50C4000-memory.dmp	xmrig
behavioral2/memory/4816-21-0x00007FF77F400000-0x00007FF77F754000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-19.dat	xmrig
behavioral2/memory/1216-17-0x00007FF69EDE0000-0x00007FF69F134000-memory.dmp	xmrig
behavioral2/memory/1832-13-0x00007FF634C30000-0x00007FF634F84000-memory.dmp	xmrig
behavioral2/memory/1964-2105-0x00007FF702A80000-0x00007FF702DD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1832	vRagdEI.exe
1216	KHBlCBP.exe
4816	GMTOZku.exe
4904	TxWIvqR.exe
3220	IxPZqtj.exe
1244	gamTdod.exe
1008	mXRlkIA.exe
2840	WozonIM.exe
4276	OQqMxSD.exe
2748	IKicJKW.exe
2000	DMaluzT.exe
2484	YgugCXr.exe
2580	HNkECfc.exe
752	nGKxgqe.exe
4268	lOpRlpz.exe
4996	shuoWjQ.exe
3620	xRNfQsd.exe
4596	cFbRGta.exe
4476	HZTnwcf.exe
644	YKJDqBu.exe
4552	OOeiUvg.exe
4528	cNXQadm.exe
868	uvGFHLz.exe
3352	uDGObAz.exe
2892	rsYNNKy.exe
1344	HxiyCMf.exe
1772	fjzFmRo.exe
4844	IVJqhMq.exe
2816	GtvBbDv.exe
3604	ZtdKazn.exe
4592	qdFsrDn.exe
4676	HSqiTdq.exe
2444	yfdOgJW.exe
2724	vgFKByg.exe
468	EujBERm.exe
2160	rUgsqlT.exe
3548	lIlUuyP.exe
3740	AKfsHGq.exe
4828	xcyQTRk.exe
5008	aEMRFhf.exe
2040	YUvhJRO.exe
4608	xqDGYRD.exe
1780	LDWObAs.exe
4744	tkadQvd.exe
2676	GIHXLKi.exe
4504	cvASgLd.exe
4872	CafirGu.exe
5048	UcIhSdt.exe
316	qxGlHAK.exe
3312	xGGOEWS.exe
4672	CPnuLbb.exe
776	vwaEHgQ.exe
1168	ANhMDzt.exe
2708	GfHKcbG.exe
5080	jOcApUM.exe
4248	mSWeDOR.exe
1288	jElheTB.exe
1388	xmraspM.exe
1680	gojQPJx.exe
2936	QtAhoCQ.exe
1580	WMloLGY.exe
4740	vswDBbs.exe
3000	drNJKvJ.exe
4920	tTVhvzs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1964-0-0x00007FF702A80000-0x00007FF702DD4000-memory.dmp	upx
behavioral2/files/0x000a000000023419-5.dat	upx
behavioral2/files/0x0007000000023422-8.dat	upx
behavioral2/files/0x0007000000023423-25.dat	upx
behavioral2/files/0x0007000000023425-38.dat	upx
behavioral2/files/0x000700000002342c-73.dat	upx
behavioral2/files/0x0007000000023430-89.dat	upx
behavioral2/files/0x0007000000023435-117.dat	upx
behavioral2/files/0x0007000000023438-133.dat	upx
behavioral2/files/0x0007000000023440-167.dat	upx
behavioral2/memory/4904-730-0x00007FF65FFC0000-0x00007FF660314000-memory.dmp	upx
behavioral2/memory/1008-734-0x00007FF66A200000-0x00007FF66A554000-memory.dmp	upx
behavioral2/memory/2840-737-0x00007FF78FFB0000-0x00007FF790304000-memory.dmp	upx
behavioral2/memory/4276-746-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp	upx
behavioral2/memory/2748-752-0x00007FF62E290000-0x00007FF62E5E4000-memory.dmp	upx
behavioral2/memory/2000-759-0x00007FF699220000-0x00007FF699574000-memory.dmp	upx
behavioral2/memory/752-776-0x00007FF7DC9D0000-0x00007FF7DCD24000-memory.dmp	upx
behavioral2/memory/2580-771-0x00007FF7517C0000-0x00007FF751B14000-memory.dmp	upx
behavioral2/memory/2484-763-0x00007FF7F0950000-0x00007FF7F0CA4000-memory.dmp	upx
behavioral2/memory/4268-782-0x00007FF673330000-0x00007FF673684000-memory.dmp	upx
behavioral2/memory/4596-788-0x00007FF6E1B10000-0x00007FF6E1E64000-memory.dmp	upx
behavioral2/memory/4476-793-0x00007FF60CBB0000-0x00007FF60CF04000-memory.dmp	upx
behavioral2/memory/3620-787-0x00007FF7DDE40000-0x00007FF7DE194000-memory.dmp	upx
behavioral2/memory/4996-786-0x00007FF752740000-0x00007FF752A94000-memory.dmp	upx
behavioral2/files/0x000700000002343e-163.dat	upx
behavioral2/files/0x000700000002343f-162.dat	upx
behavioral2/files/0x000700000002343d-158.dat	upx
behavioral2/files/0x000700000002343c-153.dat	upx
behavioral2/files/0x000700000002343b-148.dat	upx
behavioral2/files/0x000700000002343a-143.dat	upx
behavioral2/files/0x0007000000023439-138.dat	upx
behavioral2/memory/644-803-0x00007FF7E0B50000-0x00007FF7E0EA4000-memory.dmp	upx
behavioral2/files/0x0007000000023437-127.dat	upx
behavioral2/files/0x0007000000023436-123.dat	upx
behavioral2/memory/4552-807-0x00007FF69BD30000-0x00007FF69C084000-memory.dmp	upx
behavioral2/memory/3352-818-0x00007FF644240000-0x00007FF644594000-memory.dmp	upx
behavioral2/memory/1344-825-0x00007FF719010000-0x00007FF719364000-memory.dmp	upx
behavioral2/memory/2816-837-0x00007FF7A6930000-0x00007FF7A6C84000-memory.dmp	upx
behavioral2/memory/1244-841-0x00007FF6DEC20000-0x00007FF6DEF74000-memory.dmp	upx
behavioral2/memory/4844-836-0x00007FF6759C0000-0x00007FF675D14000-memory.dmp	upx
behavioral2/memory/1772-833-0x00007FF76BDA0000-0x00007FF76C0F4000-memory.dmp	upx
behavioral2/memory/2892-822-0x00007FF737670000-0x00007FF7379C4000-memory.dmp	upx
behavioral2/memory/868-813-0x00007FF777290000-0x00007FF7775E4000-memory.dmp	upx
behavioral2/memory/4528-810-0x00007FF625E20000-0x00007FF626174000-memory.dmp	upx
behavioral2/files/0x0007000000023434-113.dat	upx
behavioral2/files/0x0007000000023433-108.dat	upx
behavioral2/files/0x0007000000023432-103.dat	upx
behavioral2/files/0x0007000000023431-97.dat	upx
behavioral2/files/0x000700000002342f-87.dat	upx
behavioral2/files/0x000700000002342e-83.dat	upx
behavioral2/files/0x000700000002342d-78.dat	upx
behavioral2/files/0x000700000002342b-67.dat	upx
behavioral2/files/0x000700000002342a-63.dat	upx
behavioral2/files/0x0007000000023429-58.dat	upx
behavioral2/files/0x0007000000023428-53.dat	upx
behavioral2/files/0x0007000000023427-45.dat	upx
behavioral2/files/0x0007000000023426-40.dat	upx
behavioral2/files/0x0007000000023424-36.dat	upx
behavioral2/memory/3220-29-0x00007FF6A4D70000-0x00007FF6A50C4000-memory.dmp	upx
behavioral2/memory/4816-21-0x00007FF77F400000-0x00007FF77F754000-memory.dmp	upx
behavioral2/files/0x0007000000023421-19.dat	upx
behavioral2/memory/1216-17-0x00007FF69EDE0000-0x00007FF69F134000-memory.dmp	upx
behavioral2/memory/1832-13-0x00007FF634C30000-0x00007FF634F84000-memory.dmp	upx
behavioral2/memory/1964-2105-0x00007FF702A80000-0x00007FF702DD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qlOSWmW.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\jxeVsRm.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\AyVEJfa.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\jAewvQJ.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\PgOBdTO.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\oAPoRWH.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\OfeyoyK.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\GbReDTL.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\svYLHGD.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\gZteRMN.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\EmsIudP.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\cKenBJj.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\nJpcrLb.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\nCHQHLz.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\XsvGkzQ.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\LqRxJYo.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\tzHpqGC.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\sgViZfU.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\yAEDGgV.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\avCExve.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\vSMIMjH.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\fLZCvSc.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\LzvhLeR.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\yqIWRPn.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\YgMeZCO.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\IawVCVI.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\qOnADMG.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\kOumftm.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\rBlIjlO.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\rGyMUdy.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\HOuvWSb.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\YbxTOxQ.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\AxagqIj.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\zONRrtd.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\FKQzdYb.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\XqBuFDg.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\AxXTqet.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\xzXevei.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\RlvclUU.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\TPbTTdU.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\FgvCwih.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\UgxVbGL.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\sHNysBa.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\pHPCaPO.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\UYNkljX.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\dWhbyiS.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\XKLdmYy.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\OayRNcK.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\MdxYhWx.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\aEMRFhf.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\tXRDwST.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\XIdDWnM.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\vbffylY.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\rgQRpWy.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\TVeUjeV.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\PVRbPgz.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\xEAgopK.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\kHUKdlE.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\WXDMZmQ.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\ZtdKazn.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\jKlMXTA.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\cOiuGIA.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\nkkJfiC.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
File created	C:\Windows\System\JAIWFPo.exe	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4416	dwm.exe
Token: SeChangeNotifyPrivilege	4416	dwm.exe
Token: 33	4416	dwm.exe
Token: SeIncBasePriorityPrivilege	4416	dwm.exe
Token: SeShutdownPrivilege	4416	dwm.exe
Token: SeCreatePagefilePrivilege	4416	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1832	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	84
PID 1964 wrote to memory of 1832	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	84
PID 1964 wrote to memory of 1216	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	85
PID 1964 wrote to memory of 1216	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	85
PID 1964 wrote to memory of 4816	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	86
PID 1964 wrote to memory of 4816	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	86
PID 1964 wrote to memory of 4904	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	87
PID 1964 wrote to memory of 4904	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	87
PID 1964 wrote to memory of 3220	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	88
PID 1964 wrote to memory of 3220	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	88
PID 1964 wrote to memory of 1244	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	89
PID 1964 wrote to memory of 1244	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	89
PID 1964 wrote to memory of 1008	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	90
PID 1964 wrote to memory of 1008	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	90
PID 1964 wrote to memory of 2840	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	91
PID 1964 wrote to memory of 2840	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	91
PID 1964 wrote to memory of 4276	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	92
PID 1964 wrote to memory of 4276	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	92
PID 1964 wrote to memory of 2748	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	93
PID 1964 wrote to memory of 2748	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	93
PID 1964 wrote to memory of 2000	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	94
PID 1964 wrote to memory of 2000	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	94
PID 1964 wrote to memory of 2484	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	95
PID 1964 wrote to memory of 2484	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	95
PID 1964 wrote to memory of 2580	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	96
PID 1964 wrote to memory of 2580	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	96
PID 1964 wrote to memory of 752	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	97
PID 1964 wrote to memory of 752	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	97
PID 1964 wrote to memory of 4268	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	98
PID 1964 wrote to memory of 4268	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	98
PID 1964 wrote to memory of 4996	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	99
PID 1964 wrote to memory of 4996	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	99
PID 1964 wrote to memory of 3620	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	100
PID 1964 wrote to memory of 3620	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	100
PID 1964 wrote to memory of 4596	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	101
PID 1964 wrote to memory of 4596	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	101
PID 1964 wrote to memory of 4476	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	102
PID 1964 wrote to memory of 4476	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	102
PID 1964 wrote to memory of 644	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	103
PID 1964 wrote to memory of 644	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	103
PID 1964 wrote to memory of 4552	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	104
PID 1964 wrote to memory of 4552	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	104
PID 1964 wrote to memory of 4528	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	105
PID 1964 wrote to memory of 4528	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	105
PID 1964 wrote to memory of 868	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	106
PID 1964 wrote to memory of 868	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	106
PID 1964 wrote to memory of 3352	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	107
PID 1964 wrote to memory of 3352	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	107
PID 1964 wrote to memory of 2892	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	108
PID 1964 wrote to memory of 2892	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	108
PID 1964 wrote to memory of 1344	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	109
PID 1964 wrote to memory of 1344	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	109
PID 1964 wrote to memory of 1772	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	110
PID 1964 wrote to memory of 1772	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	110
PID 1964 wrote to memory of 4844	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	111
PID 1964 wrote to memory of 4844	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	111
PID 1964 wrote to memory of 2816	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	112
PID 1964 wrote to memory of 2816	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	112
PID 1964 wrote to memory of 3604	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	113
PID 1964 wrote to memory of 3604	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	113
PID 1964 wrote to memory of 4592	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	114
PID 1964 wrote to memory of 4592	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	114
PID 1964 wrote to memory of 4676	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	115
PID 1964 wrote to memory of 4676	1964	5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5cced5477232429f8138cb4505a0bc40_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\System\vRagdEI.exe
  C:\Windows\System\vRagdEI.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\KHBlCBP.exe
  C:\Windows\System\KHBlCBP.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\GMTOZku.exe
  C:\Windows\System\GMTOZku.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\TxWIvqR.exe
  C:\Windows\System\TxWIvqR.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\IxPZqtj.exe
  C:\Windows\System\IxPZqtj.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\gamTdod.exe
  C:\Windows\System\gamTdod.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\mXRlkIA.exe
  C:\Windows\System\mXRlkIA.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\WozonIM.exe
  C:\Windows\System\WozonIM.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\OQqMxSD.exe
  C:\Windows\System\OQqMxSD.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\IKicJKW.exe
  C:\Windows\System\IKicJKW.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\DMaluzT.exe
  C:\Windows\System\DMaluzT.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\YgugCXr.exe
  C:\Windows\System\YgugCXr.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\HNkECfc.exe
  C:\Windows\System\HNkECfc.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\nGKxgqe.exe
  C:\Windows\System\nGKxgqe.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\lOpRlpz.exe
  C:\Windows\System\lOpRlpz.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\shuoWjQ.exe
  C:\Windows\System\shuoWjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\xRNfQsd.exe
  C:\Windows\System\xRNfQsd.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\cFbRGta.exe
  C:\Windows\System\cFbRGta.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\HZTnwcf.exe
  C:\Windows\System\HZTnwcf.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\YKJDqBu.exe
  C:\Windows\System\YKJDqBu.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\OOeiUvg.exe
  C:\Windows\System\OOeiUvg.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\cNXQadm.exe
  C:\Windows\System\cNXQadm.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\uvGFHLz.exe
  C:\Windows\System\uvGFHLz.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\uDGObAz.exe
  C:\Windows\System\uDGObAz.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\rsYNNKy.exe
  C:\Windows\System\rsYNNKy.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\HxiyCMf.exe
  C:\Windows\System\HxiyCMf.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\fjzFmRo.exe
  C:\Windows\System\fjzFmRo.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\IVJqhMq.exe
  C:\Windows\System\IVJqhMq.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\GtvBbDv.exe
  C:\Windows\System\GtvBbDv.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ZtdKazn.exe
  C:\Windows\System\ZtdKazn.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\qdFsrDn.exe
  C:\Windows\System\qdFsrDn.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\HSqiTdq.exe
  C:\Windows\System\HSqiTdq.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\yfdOgJW.exe
  C:\Windows\System\yfdOgJW.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\vgFKByg.exe
  C:\Windows\System\vgFKByg.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\EujBERm.exe
  C:\Windows\System\EujBERm.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\rUgsqlT.exe
  C:\Windows\System\rUgsqlT.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\lIlUuyP.exe
  C:\Windows\System\lIlUuyP.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\AKfsHGq.exe
  C:\Windows\System\AKfsHGq.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\xcyQTRk.exe
  C:\Windows\System\xcyQTRk.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\aEMRFhf.exe
  C:\Windows\System\aEMRFhf.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\YUvhJRO.exe
  C:\Windows\System\YUvhJRO.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\xqDGYRD.exe
  C:\Windows\System\xqDGYRD.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\LDWObAs.exe
  C:\Windows\System\LDWObAs.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\tkadQvd.exe
  C:\Windows\System\tkadQvd.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\GIHXLKi.exe
  C:\Windows\System\GIHXLKi.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\cvASgLd.exe
  C:\Windows\System\cvASgLd.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\CafirGu.exe
  C:\Windows\System\CafirGu.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\UcIhSdt.exe
  C:\Windows\System\UcIhSdt.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\qxGlHAK.exe
  C:\Windows\System\qxGlHAK.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\xGGOEWS.exe
  C:\Windows\System\xGGOEWS.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\CPnuLbb.exe
  C:\Windows\System\CPnuLbb.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\vwaEHgQ.exe
  C:\Windows\System\vwaEHgQ.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\ANhMDzt.exe
  C:\Windows\System\ANhMDzt.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\GfHKcbG.exe
  C:\Windows\System\GfHKcbG.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\jOcApUM.exe
  C:\Windows\System\jOcApUM.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\mSWeDOR.exe
  C:\Windows\System\mSWeDOR.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\jElheTB.exe
  C:\Windows\System\jElheTB.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\xmraspM.exe
  C:\Windows\System\xmraspM.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\gojQPJx.exe
  C:\Windows\System\gojQPJx.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\QtAhoCQ.exe
  C:\Windows\System\QtAhoCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\WMloLGY.exe
  C:\Windows\System\WMloLGY.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\vswDBbs.exe
  C:\Windows\System\vswDBbs.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\drNJKvJ.exe
  C:\Windows\System\drNJKvJ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\tTVhvzs.exe
  C:\Windows\System\tTVhvzs.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\duhEgdD.exe
  C:\Windows\System\duhEgdD.exe
  2⤵
  PID:1212
- C:\Windows\System\hZwuPtz.exe
  C:\Windows\System\hZwuPtz.exe
  2⤵
  PID:760
- C:\Windows\System\gEVgeEx.exe
  C:\Windows\System\gEVgeEx.exe
  2⤵
  PID:3500
- C:\Windows\System\zkXljvT.exe
  C:\Windows\System\zkXljvT.exe
  2⤵
  PID:3728
- C:\Windows\System\zaBVGza.exe
  C:\Windows\System\zaBVGza.exe
  2⤵
  PID:3480
- C:\Windows\System\dGjXmIu.exe
  C:\Windows\System\dGjXmIu.exe
  2⤵
  PID:4408
- C:\Windows\System\xEIbQUm.exe
  C:\Windows\System\xEIbQUm.exe
  2⤵
  PID:3408
- C:\Windows\System\eeyvbhU.exe
  C:\Windows\System\eeyvbhU.exe
  2⤵
  PID:4468
- C:\Windows\System\MCUwfVd.exe
  C:\Windows\System\MCUwfVd.exe
  2⤵
  PID:1756
- C:\Windows\System\ZuMxWit.exe
  C:\Windows\System\ZuMxWit.exe
  2⤵
  PID:4064
- C:\Windows\System\ERkuqmA.exe
  C:\Windows\System\ERkuqmA.exe
  2⤵
  PID:1636
- C:\Windows\System\aDvBqRq.exe
  C:\Windows\System\aDvBqRq.exe
  2⤵
  PID:5148
- C:\Windows\System\MDxeyaH.exe
  C:\Windows\System\MDxeyaH.exe
  2⤵
  PID:5176
- C:\Windows\System\bWBZKHB.exe
  C:\Windows\System\bWBZKHB.exe
  2⤵
  PID:5204
- C:\Windows\System\OllepNC.exe
  C:\Windows\System\OllepNC.exe
  2⤵
  PID:5232
- C:\Windows\System\WLSxRpa.exe
  C:\Windows\System\WLSxRpa.exe
  2⤵
  PID:5260
- C:\Windows\System\KootSBw.exe
  C:\Windows\System\KootSBw.exe
  2⤵
  PID:5288
- C:\Windows\System\OjKrGEb.exe
  C:\Windows\System\OjKrGEb.exe
  2⤵
  PID:5316
- C:\Windows\System\ZTrnHQp.exe
  C:\Windows\System\ZTrnHQp.exe
  2⤵
  PID:5344
- C:\Windows\System\NQQUsEa.exe
  C:\Windows\System\NQQUsEa.exe
  2⤵
  PID:5372
- C:\Windows\System\tzHpqGC.exe
  C:\Windows\System\tzHpqGC.exe
  2⤵
  PID:5400
- C:\Windows\System\nDsiiBL.exe
  C:\Windows\System\nDsiiBL.exe
  2⤵
  PID:5428
- C:\Windows\System\lHyVKYF.exe
  C:\Windows\System\lHyVKYF.exe
  2⤵
  PID:5456
- C:\Windows\System\NVEaeBb.exe
  C:\Windows\System\NVEaeBb.exe
  2⤵
  PID:5484
- C:\Windows\System\YomEXaJ.exe
  C:\Windows\System\YomEXaJ.exe
  2⤵
  PID:5512
- C:\Windows\System\jKlMXTA.exe
  C:\Windows\System\jKlMXTA.exe
  2⤵
  PID:5540
- C:\Windows\System\AFTTSPm.exe
  C:\Windows\System\AFTTSPm.exe
  2⤵
  PID:5564
- C:\Windows\System\xCOaBwN.exe
  C:\Windows\System\xCOaBwN.exe
  2⤵
  PID:5596
- C:\Windows\System\BzcbTEu.exe
  C:\Windows\System\BzcbTEu.exe
  2⤵
  PID:5624
- C:\Windows\System\cjUFkhv.exe
  C:\Windows\System\cjUFkhv.exe
  2⤵
  PID:5652
- C:\Windows\System\iKwKeLC.exe
  C:\Windows\System\iKwKeLC.exe
  2⤵
  PID:5680
- C:\Windows\System\zjJyEdM.exe
  C:\Windows\System\zjJyEdM.exe
  2⤵
  PID:5708
- C:\Windows\System\GiMDDEr.exe
  C:\Windows\System\GiMDDEr.exe
  2⤵
  PID:5736
- C:\Windows\System\qlOSWmW.exe
  C:\Windows\System\qlOSWmW.exe
  2⤵
  PID:5764
- C:\Windows\System\hgDCioc.exe
  C:\Windows\System\hgDCioc.exe
  2⤵
  PID:5792
- C:\Windows\System\xsBrqwD.exe
  C:\Windows\System\xsBrqwD.exe
  2⤵
  PID:5820
- C:\Windows\System\tSHsgsb.exe
  C:\Windows\System\tSHsgsb.exe
  2⤵
  PID:5848
- C:\Windows\System\zXxurZZ.exe
  C:\Windows\System\zXxurZZ.exe
  2⤵
  PID:5876
- C:\Windows\System\qEkWVRS.exe
  C:\Windows\System\qEkWVRS.exe
  2⤵
  PID:5904
- C:\Windows\System\yNJLwmC.exe
  C:\Windows\System\yNJLwmC.exe
  2⤵
  PID:5932
- C:\Windows\System\KNztIMQ.exe
  C:\Windows\System\KNztIMQ.exe
  2⤵
  PID:5960
- C:\Windows\System\nWNcDtb.exe
  C:\Windows\System\nWNcDtb.exe
  2⤵
  PID:5988
- C:\Windows\System\CdIMJnF.exe
  C:\Windows\System\CdIMJnF.exe
  2⤵
  PID:6016
- C:\Windows\System\nuZiNZg.exe
  C:\Windows\System\nuZiNZg.exe
  2⤵
  PID:6044
- C:\Windows\System\zAWIIHf.exe
  C:\Windows\System\zAWIIHf.exe
  2⤵
  PID:6072
- C:\Windows\System\AWhZrQo.exe
  C:\Windows\System\AWhZrQo.exe
  2⤵
  PID:6100
- C:\Windows\System\WPTorQq.exe
  C:\Windows\System\WPTorQq.exe
  2⤵
  PID:6128
- C:\Windows\System\zlZGLwo.exe
  C:\Windows\System\zlZGLwo.exe
  2⤵
  PID:4420
- C:\Windows\System\lhybJHL.exe
  C:\Windows\System\lhybJHL.exe
  2⤵
  PID:848
- C:\Windows\System\uqbmldF.exe
  C:\Windows\System\uqbmldF.exe
  2⤵
  PID:2888
- C:\Windows\System\QrxkyCw.exe
  C:\Windows\System\QrxkyCw.exe
  2⤵
  PID:2616
- C:\Windows\System\qLJnAhO.exe
  C:\Windows\System\qLJnAhO.exe
  2⤵
  PID:4160
- C:\Windows\System\ZuZHwvM.exe
  C:\Windows\System\ZuZHwvM.exe
  2⤵
  PID:3060
- C:\Windows\System\zONRrtd.exe
  C:\Windows\System\zONRrtd.exe
  2⤵
  PID:5132
- C:\Windows\System\GhntiNL.exe
  C:\Windows\System\GhntiNL.exe
  2⤵
  PID:5192
- C:\Windows\System\hviJiVs.exe
  C:\Windows\System\hviJiVs.exe
  2⤵
  PID:5252
- C:\Windows\System\FAdfBPb.exe
  C:\Windows\System\FAdfBPb.exe
  2⤵
  PID:5328
- C:\Windows\System\bztBohB.exe
  C:\Windows\System\bztBohB.exe
  2⤵
  PID:5388
- C:\Windows\System\aqOLEbX.exe
  C:\Windows\System\aqOLEbX.exe
  2⤵
  PID:5448
- C:\Windows\System\lGkhdlH.exe
  C:\Windows\System\lGkhdlH.exe
  2⤵
  PID:5504
- C:\Windows\System\hcPsXaC.exe
  C:\Windows\System\hcPsXaC.exe
  2⤵
  PID:5580
- C:\Windows\System\KZuxkRn.exe
  C:\Windows\System\KZuxkRn.exe
  2⤵
  PID:5640
- C:\Windows\System\jxeVsRm.exe
  C:\Windows\System\jxeVsRm.exe
  2⤵
  PID:5700
- C:\Windows\System\WosiugG.exe
  C:\Windows\System\WosiugG.exe
  2⤵
  PID:5776
- C:\Windows\System\MauPHuu.exe
  C:\Windows\System\MauPHuu.exe
  2⤵
  PID:5836
- C:\Windows\System\fzzdogB.exe
  C:\Windows\System\fzzdogB.exe
  2⤵
  PID:5896
- C:\Windows\System\wobnUhL.exe
  C:\Windows\System\wobnUhL.exe
  2⤵
  PID:5972
- C:\Windows\System\QdhSroF.exe
  C:\Windows\System\QdhSroF.exe
  2⤵
  PID:6032
- C:\Windows\System\IYCpaaW.exe
  C:\Windows\System\IYCpaaW.exe
  2⤵
  PID:6092
- C:\Windows\System\TFiOOUK.exe
  C:\Windows\System\TFiOOUK.exe
  2⤵
  PID:4052
- C:\Windows\System\OnRwCsA.exe
  C:\Windows\System\OnRwCsA.exe
  2⤵
  PID:4884
- C:\Windows\System\BoEQOiJ.exe
  C:\Windows\System\BoEQOiJ.exe
  2⤵
  PID:2172
- C:\Windows\System\TNbfkMe.exe
  C:\Windows\System\TNbfkMe.exe
  2⤵
  PID:5220
- C:\Windows\System\xSpkoDR.exe
  C:\Windows\System\xSpkoDR.exe
  2⤵
  PID:5360
- C:\Windows\System\EyCIaKF.exe
  C:\Windows\System\EyCIaKF.exe
  2⤵
  PID:5496
- C:\Windows\System\sgViZfU.exe
  C:\Windows\System\sgViZfU.exe
  2⤵
  PID:5616
- C:\Windows\System\HVFJYrL.exe
  C:\Windows\System\HVFJYrL.exe
  2⤵
  PID:5808
- C:\Windows\System\bgVcjUb.exe
  C:\Windows\System\bgVcjUb.exe
  2⤵
  PID:6148
- C:\Windows\System\RrmScVI.exe
  C:\Windows\System\RrmScVI.exe
  2⤵
  PID:6180
- C:\Windows\System\LkDnhCS.exe
  C:\Windows\System\LkDnhCS.exe
  2⤵
  PID:6204
- C:\Windows\System\nkkJfiC.exe
  C:\Windows\System\nkkJfiC.exe
  2⤵
  PID:6236
- C:\Windows\System\SdFSzNs.exe
  C:\Windows\System\SdFSzNs.exe
  2⤵
  PID:6260
- C:\Windows\System\aRzIOTl.exe
  C:\Windows\System\aRzIOTl.exe
  2⤵
  PID:6292
- C:\Windows\System\yxbEYUK.exe
  C:\Windows\System\yxbEYUK.exe
  2⤵
  PID:6320
- C:\Windows\System\cIPBkHW.exe
  C:\Windows\System\cIPBkHW.exe
  2⤵
  PID:6348
- C:\Windows\System\nzCbUmf.exe
  C:\Windows\System\nzCbUmf.exe
  2⤵
  PID:6376
- C:\Windows\System\JNHJtFo.exe
  C:\Windows\System\JNHJtFo.exe
  2⤵
  PID:6404
- C:\Windows\System\CPbHhQp.exe
  C:\Windows\System\CPbHhQp.exe
  2⤵
  PID:6436
- C:\Windows\System\mbSqTmr.exe
  C:\Windows\System\mbSqTmr.exe
  2⤵
  PID:6460
- C:\Windows\System\DPEoVIB.exe
  C:\Windows\System\DPEoVIB.exe
  2⤵
  PID:6488
- C:\Windows\System\nAurmKN.exe
  C:\Windows\System\nAurmKN.exe
  2⤵
  PID:6516
- C:\Windows\System\ayRGkzN.exe
  C:\Windows\System\ayRGkzN.exe
  2⤵
  PID:6540
- C:\Windows\System\LhIbHwv.exe
  C:\Windows\System\LhIbHwv.exe
  2⤵
  PID:6572
- C:\Windows\System\gXFOhve.exe
  C:\Windows\System\gXFOhve.exe
  2⤵
  PID:6600
- C:\Windows\System\yZhsTDU.exe
  C:\Windows\System\yZhsTDU.exe
  2⤵
  PID:6628
- C:\Windows\System\hPFAOfH.exe
  C:\Windows\System\hPFAOfH.exe
  2⤵
  PID:6656
- C:\Windows\System\kyWnFrD.exe
  C:\Windows\System\kyWnFrD.exe
  2⤵
  PID:6684
- C:\Windows\System\LBPLQYH.exe
  C:\Windows\System\LBPLQYH.exe
  2⤵
  PID:6712
- C:\Windows\System\EGqPZBd.exe
  C:\Windows\System\EGqPZBd.exe
  2⤵
  PID:6740
- C:\Windows\System\IqUGdvT.exe
  C:\Windows\System\IqUGdvT.exe
  2⤵
  PID:6768
- C:\Windows\System\rokpasY.exe
  C:\Windows\System\rokpasY.exe
  2⤵
  PID:6796
- C:\Windows\System\TDdDqrX.exe
  C:\Windows\System\TDdDqrX.exe
  2⤵
  PID:6824
- C:\Windows\System\KqEylin.exe
  C:\Windows\System\KqEylin.exe
  2⤵
  PID:6852
- C:\Windows\System\ElNWgdy.exe
  C:\Windows\System\ElNWgdy.exe
  2⤵
  PID:6880
- C:\Windows\System\NwpUWbd.exe
  C:\Windows\System\NwpUWbd.exe
  2⤵
  PID:6908
- C:\Windows\System\NWSnbUs.exe
  C:\Windows\System\NWSnbUs.exe
  2⤵
  PID:6936
- C:\Windows\System\PSOKbBQ.exe
  C:\Windows\System\PSOKbBQ.exe
  2⤵
  PID:6964
- C:\Windows\System\hCyaKIy.exe
  C:\Windows\System\hCyaKIy.exe
  2⤵
  PID:6992
- C:\Windows\System\JYIhane.exe
  C:\Windows\System\JYIhane.exe
  2⤵
  PID:7020
- C:\Windows\System\NzwAFhq.exe
  C:\Windows\System\NzwAFhq.exe
  2⤵
  PID:7048
- C:\Windows\System\zSOWxeO.exe
  C:\Windows\System\zSOWxeO.exe
  2⤵
  PID:7076
- C:\Windows\System\ljpllCA.exe
  C:\Windows\System\ljpllCA.exe
  2⤵
  PID:7104
- C:\Windows\System\NXyCJKb.exe
  C:\Windows\System\NXyCJKb.exe
  2⤵
  PID:7132
- C:\Windows\System\GywjOhW.exe
  C:\Windows\System\GywjOhW.exe
  2⤵
  PID:7160
- C:\Windows\System\soaMKjL.exe
  C:\Windows\System\soaMKjL.exe
  2⤵
  PID:6060
- C:\Windows\System\JZCtXvk.exe
  C:\Windows\System\JZCtXvk.exe
  2⤵
  PID:4448
- C:\Windows\System\Fyhzgpd.exe
  C:\Windows\System\Fyhzgpd.exe
  2⤵
  PID:5160
- C:\Windows\System\JnXQVPv.exe
  C:\Windows\System\JnXQVPv.exe
  2⤵
  PID:5472
- C:\Windows\System\GGPsuKx.exe
  C:\Windows\System\GGPsuKx.exe
  2⤵
  PID:5868
- C:\Windows\System\irCkVXh.exe
  C:\Windows\System\irCkVXh.exe
  2⤵
  PID:6196
- C:\Windows\System\nRsBirp.exe
  C:\Windows\System\nRsBirp.exe
  2⤵
  PID:6256
- C:\Windows\System\kQMSYzI.exe
  C:\Windows\System\kQMSYzI.exe
  2⤵
  PID:6332
- C:\Windows\System\PVRbPgz.exe
  C:\Windows\System\PVRbPgz.exe
  2⤵
  PID:6392
- C:\Windows\System\KYGQJlq.exe
  C:\Windows\System\KYGQJlq.exe
  2⤵
  PID:6452
- C:\Windows\System\yUdmoQN.exe
  C:\Windows\System\yUdmoQN.exe
  2⤵
  PID:6504
- C:\Windows\System\aBJHSbi.exe
  C:\Windows\System\aBJHSbi.exe
  2⤵
  PID:6564
- C:\Windows\System\GmLQoMG.exe
  C:\Windows\System\GmLQoMG.exe
  2⤵
  PID:6640
- C:\Windows\System\JBvcabW.exe
  C:\Windows\System\JBvcabW.exe
  2⤵
  PID:6700
- C:\Windows\System\oTIJITA.exe
  C:\Windows\System\oTIJITA.exe
  2⤵
  PID:6760
- C:\Windows\System\cVuUyNQ.exe
  C:\Windows\System\cVuUyNQ.exe
  2⤵
  PID:6836
- C:\Windows\System\yoZGjZi.exe
  C:\Windows\System\yoZGjZi.exe
  2⤵
  PID:6892
- C:\Windows\System\lMFqBBf.exe
  C:\Windows\System\lMFqBBf.exe
  2⤵
  PID:6956
- C:\Windows\System\bCPnXfZ.exe
  C:\Windows\System\bCPnXfZ.exe
  2⤵
  PID:7032
- C:\Windows\System\BpeEQRG.exe
  C:\Windows\System\BpeEQRG.exe
  2⤵
  PID:7088
- C:\Windows\System\nBQoopZ.exe
  C:\Windows\System\nBQoopZ.exe
  2⤵
  PID:2388
- C:\Windows\System\nLSqrIA.exe
  C:\Windows\System\nLSqrIA.exe
  2⤵
  PID:6120
- C:\Windows\System\uvDuLnH.exe
  C:\Windows\System\uvDuLnH.exe
  2⤵
  PID:1708
- C:\Windows\System\juzzqfz.exe
  C:\Windows\System\juzzqfz.exe
  2⤵
  PID:6168
- C:\Windows\System\iUszCgB.exe
  C:\Windows\System\iUszCgB.exe
  2⤵
  PID:6308
- C:\Windows\System\XwtKPWG.exe
  C:\Windows\System\XwtKPWG.exe
  2⤵
  PID:6476
- C:\Windows\System\NjRJSSI.exe
  C:\Windows\System\NjRJSSI.exe
  2⤵
  PID:6536
- C:\Windows\System\EAnmOtw.exe
  C:\Windows\System\EAnmOtw.exe
  2⤵
  PID:6668
- C:\Windows\System\YXyZxha.exe
  C:\Windows\System\YXyZxha.exe
  2⤵
  PID:6752
- C:\Windows\System\COHOZRv.exe
  C:\Windows\System\COHOZRv.exe
  2⤵
  PID:6924
- C:\Windows\System\FbZJPvp.exe
  C:\Windows\System\FbZJPvp.exe
  2⤵
  PID:4708
- C:\Windows\System\KYHOpQY.exe
  C:\Windows\System\KYHOpQY.exe
  2⤵
  PID:5948
- C:\Windows\System\pHPCaPO.exe
  C:\Windows\System\pHPCaPO.exe
  2⤵
  PID:4400
- C:\Windows\System\TsEAnPm.exe
  C:\Windows\System\TsEAnPm.exe
  2⤵
  PID:6252
- C:\Windows\System\NFDSUWE.exe
  C:\Windows\System\NFDSUWE.exe
  2⤵
  PID:3356
- C:\Windows\System\fBKLZir.exe
  C:\Windows\System\fBKLZir.exe
  2⤵
  PID:6612
- C:\Windows\System\BAGJeju.exe
  C:\Windows\System\BAGJeju.exe
  2⤵
  PID:6868
- C:\Windows\System\PCsJsUI.exe
  C:\Windows\System\PCsJsUI.exe
  2⤵
  PID:3188
- C:\Windows\System\tbDfCKV.exe
  C:\Windows\System\tbDfCKV.exe
  2⤵
  PID:7192
- C:\Windows\System\ZcONgrR.exe
  C:\Windows\System\ZcONgrR.exe
  2⤵
  PID:7220
- C:\Windows\System\dyFvnEe.exe
  C:\Windows\System\dyFvnEe.exe
  2⤵
  PID:7248
- C:\Windows\System\UYNkljX.exe
  C:\Windows\System\UYNkljX.exe
  2⤵
  PID:7276
- C:\Windows\System\wkIXwZl.exe
  C:\Windows\System\wkIXwZl.exe
  2⤵
  PID:7304
- C:\Windows\System\AOXXweU.exe
  C:\Windows\System\AOXXweU.exe
  2⤵
  PID:7416
- C:\Windows\System\vXwJHjC.exe
  C:\Windows\System\vXwJHjC.exe
  2⤵
  PID:7436
- C:\Windows\System\yQEmEEM.exe
  C:\Windows\System\yQEmEEM.exe
  2⤵
  PID:7464
- C:\Windows\System\SIBLJDQ.exe
  C:\Windows\System\SIBLJDQ.exe
  2⤵
  PID:7496
- C:\Windows\System\aVnFHgI.exe
  C:\Windows\System\aVnFHgI.exe
  2⤵
  PID:7512
- C:\Windows\System\mxmtYrG.exe
  C:\Windows\System\mxmtYrG.exe
  2⤵
  PID:7544
- C:\Windows\System\sbhDWvq.exe
  C:\Windows\System\sbhDWvq.exe
  2⤵
  PID:7560
- C:\Windows\System\IWNnyrz.exe
  C:\Windows\System\IWNnyrz.exe
  2⤵
  PID:7588
- C:\Windows\System\kEOjkqR.exe
  C:\Windows\System\kEOjkqR.exe
  2⤵
  PID:7620
- C:\Windows\System\ULmiLal.exe
  C:\Windows\System\ULmiLal.exe
  2⤵
  PID:7640
- C:\Windows\System\hSgCpmk.exe
  C:\Windows\System\hSgCpmk.exe
  2⤵
  PID:7664
- C:\Windows\System\FhFimSe.exe
  C:\Windows\System\FhFimSe.exe
  2⤵
  PID:7684
- C:\Windows\System\EeDsspb.exe
  C:\Windows\System\EeDsspb.exe
  2⤵
  PID:7704
- C:\Windows\System\ycEKOUc.exe
  C:\Windows\System\ycEKOUc.exe
  2⤵
  PID:7728
- C:\Windows\System\kFlSheA.exe
  C:\Windows\System\kFlSheA.exe
  2⤵
  PID:7784
- C:\Windows\System\XxGgole.exe
  C:\Windows\System\XxGgole.exe
  2⤵
  PID:7840
- C:\Windows\System\SaNRSuH.exe
  C:\Windows\System\SaNRSuH.exe
  2⤵
  PID:7880
- C:\Windows\System\cviqqwu.exe
  C:\Windows\System\cviqqwu.exe
  2⤵
  PID:7908
- C:\Windows\System\NxhEEii.exe
  C:\Windows\System\NxhEEii.exe
  2⤵
  PID:7972
- C:\Windows\System\tXRDwST.exe
  C:\Windows\System\tXRDwST.exe
  2⤵
  PID:7988
- C:\Windows\System\Facmsno.exe
  C:\Windows\System\Facmsno.exe
  2⤵
  PID:8016
- C:\Windows\System\jMERamr.exe
  C:\Windows\System\jMERamr.exe
  2⤵
  PID:8040
- C:\Windows\System\FBQCKEZ.exe
  C:\Windows\System\FBQCKEZ.exe
  2⤵
  PID:8064
- C:\Windows\System\UPZFWNP.exe
  C:\Windows\System\UPZFWNP.exe
  2⤵
  PID:8104
- C:\Windows\System\YVkihyM.exe
  C:\Windows\System\YVkihyM.exe
  2⤵
  PID:8132
- C:\Windows\System\GpBTooH.exe
  C:\Windows\System\GpBTooH.exe
  2⤵
  PID:8156
- C:\Windows\System\VISlJrr.exe
  C:\Windows\System\VISlJrr.exe
  2⤵
  PID:2524
- C:\Windows\System\OJDuaTz.exe
  C:\Windows\System\OJDuaTz.exe
  2⤵
  PID:2636
- C:\Windows\System\TmqLVAs.exe
  C:\Windows\System\TmqLVAs.exe
  2⤵
  PID:3568
- C:\Windows\System\SAEsqrV.exe
  C:\Windows\System\SAEsqrV.exe
  2⤵
  PID:920
- C:\Windows\System\ctpOkYJ.exe
  C:\Windows\System\ctpOkYJ.exe
  2⤵
  PID:7068
- C:\Windows\System\OIvNpVW.exe
  C:\Windows\System\OIvNpVW.exe
  2⤵
  PID:440
- C:\Windows\System\PGeXOeV.exe
  C:\Windows\System\PGeXOeV.exe
  2⤵
  PID:7236
- C:\Windows\System\FIzucWG.exe
  C:\Windows\System\FIzucWG.exe
  2⤵
  PID:7368
- C:\Windows\System\PCuvLFH.exe
  C:\Windows\System\PCuvLFH.exe
  2⤵
  PID:4908
- C:\Windows\System\ASoRMNu.exe
  C:\Windows\System\ASoRMNu.exe
  2⤵
  PID:7428
- C:\Windows\System\ncshRsl.exe
  C:\Windows\System\ncshRsl.exe
  2⤵
  PID:7484
- C:\Windows\System\AtSXrbe.exe
  C:\Windows\System\AtSXrbe.exe
  2⤵
  PID:7532
- C:\Windows\System\TKfdevk.exe
  C:\Windows\System\TKfdevk.exe
  2⤵
  PID:7648
- C:\Windows\System\JAIWFPo.exe
  C:\Windows\System\JAIWFPo.exe
  2⤵
  PID:7636
- C:\Windows\System\YgMeZCO.exe
  C:\Windows\System\YgMeZCO.exe
  2⤵
  PID:7776
- C:\Windows\System\xEAgopK.exe
  C:\Windows\System\xEAgopK.exe
  2⤵
  PID:7868
- C:\Windows\System\PlcsQUF.exe
  C:\Windows\System\PlcsQUF.exe
  2⤵
  PID:7904
- C:\Windows\System\CbGvMag.exe
  C:\Windows\System\CbGvMag.exe
  2⤵
  PID:7376
- C:\Windows\System\EmsIudP.exe
  C:\Windows\System\EmsIudP.exe
  2⤵
  PID:7572
- C:\Windows\System\rGyMUdy.exe
  C:\Windows\System\rGyMUdy.exe
  2⤵
  PID:7856
- C:\Windows\System\yRStvlE.exe
  C:\Windows\System\yRStvlE.exe
  2⤵
  PID:8052
- C:\Windows\System\mhBaczM.exe
  C:\Windows\System\mhBaczM.exe
  2⤵
  PID:8144
- C:\Windows\System\uGybJzi.exe
  C:\Windows\System\uGybJzi.exe
  2⤵
  PID:452
- C:\Windows\System\TZiPWFc.exe
  C:\Windows\System\TZiPWFc.exe
  2⤵
  PID:2964
- C:\Windows\System\IsTrele.exe
  C:\Windows\System\IsTrele.exe
  2⤵
  PID:7004
- C:\Windows\System\sMBfdNr.exe
  C:\Windows\System\sMBfdNr.exe
  2⤵
  PID:8024
- C:\Windows\System\zalzXah.exe
  C:\Windows\System\zalzXah.exe
  2⤵
  PID:2012
- C:\Windows\System\nWqtflR.exe
  C:\Windows\System\nWqtflR.exe
  2⤵
  PID:7392
- C:\Windows\System\RcvbEax.exe
  C:\Windows\System\RcvbEax.exe
  2⤵
  PID:7380
- C:\Windows\System\VSucrXf.exe
  C:\Windows\System\VSucrXf.exe
  2⤵
  PID:7656
- C:\Windows\System\gdzbhfH.exe
  C:\Windows\System\gdzbhfH.exe
  2⤵
  PID:7824
- C:\Windows\System\KODvJMw.exe
  C:\Windows\System\KODvJMw.exe
  2⤵
  PID:4812
- C:\Windows\System\uxCUgrJ.exe
  C:\Windows\System\uxCUgrJ.exe
  2⤵
  PID:8008
- C:\Windows\System\MKuIfLf.exe
  C:\Windows\System\MKuIfLf.exe
  2⤵
  PID:8148
- C:\Windows\System\CFwHgpO.exe
  C:\Windows\System\CFwHgpO.exe
  2⤵
  PID:6728
- C:\Windows\System\GVnFFst.exe
  C:\Windows\System\GVnFFst.exe
  2⤵
  PID:8048
- C:\Windows\System\HgTKROO.exe
  C:\Windows\System\HgTKROO.exe
  2⤵
  PID:7528
- C:\Windows\System\IawVCVI.exe
  C:\Windows\System\IawVCVI.exe
  2⤵
  PID:7872
- C:\Windows\System\hmDDxIz.exe
  C:\Windows\System\hmDDxIz.exe
  2⤵
  PID:7716
- C:\Windows\System\NmANmbo.exe
  C:\Windows\System\NmANmbo.exe
  2⤵
  PID:736
- C:\Windows\System\idjqDSi.exe
  C:\Windows\System\idjqDSi.exe
  2⤵
  PID:7432
- C:\Windows\System\cRJFMen.exe
  C:\Windows\System\cRJFMen.exe
  2⤵
  PID:4544
- C:\Windows\System\xKvBSGo.exe
  C:\Windows\System\xKvBSGo.exe
  2⤵
  PID:7720
- C:\Windows\System\fTxNcoO.exe
  C:\Windows\System\fTxNcoO.exe
  2⤵
  PID:8228
- C:\Windows\System\AxXTqet.exe
  C:\Windows\System\AxXTqet.exe
  2⤵
  PID:8252
- C:\Windows\System\XIdDWnM.exe
  C:\Windows\System\XIdDWnM.exe
  2⤵
  PID:8276
- C:\Windows\System\VYxqcEe.exe
  C:\Windows\System\VYxqcEe.exe
  2⤵
  PID:8300
- C:\Windows\System\SpVZpLp.exe
  C:\Windows\System\SpVZpLp.exe
  2⤵
  PID:8328
- C:\Windows\System\ZyMEPmz.exe
  C:\Windows\System\ZyMEPmz.exe
  2⤵
  PID:8356
- C:\Windows\System\ScWzBqO.exe
  C:\Windows\System\ScWzBqO.exe
  2⤵
  PID:8396
- C:\Windows\System\HOQpGoo.exe
  C:\Windows\System\HOQpGoo.exe
  2⤵
  PID:8412
- C:\Windows\System\VxJXOSK.exe
  C:\Windows\System\VxJXOSK.exe
  2⤵
  PID:8452
- C:\Windows\System\ktJdOFZ.exe
  C:\Windows\System\ktJdOFZ.exe
  2⤵
  PID:8476
- C:\Windows\System\rtbUmtU.exe
  C:\Windows\System\rtbUmtU.exe
  2⤵
  PID:8508
- C:\Windows\System\AzbGyQc.exe
  C:\Windows\System\AzbGyQc.exe
  2⤵
  PID:8524
- C:\Windows\System\StDaxfq.exe
  C:\Windows\System\StDaxfq.exe
  2⤵
  PID:8552
- C:\Windows\System\NvdlXkO.exe
  C:\Windows\System\NvdlXkO.exe
  2⤵
  PID:8584
- C:\Windows\System\KtVzSFn.exe
  C:\Windows\System\KtVzSFn.exe
  2⤵
  PID:8612
- C:\Windows\System\ybkWCIk.exe
  C:\Windows\System\ybkWCIk.exe
  2⤵
  PID:8648
- C:\Windows\System\oFRLLYt.exe
  C:\Windows\System\oFRLLYt.exe
  2⤵
  PID:8664
- C:\Windows\System\FDXuGZe.exe
  C:\Windows\System\FDXuGZe.exe
  2⤵
  PID:8692
- C:\Windows\System\loUswnj.exe
  C:\Windows\System\loUswnj.exe
  2⤵
  PID:8732
- C:\Windows\System\kjeSktK.exe
  C:\Windows\System\kjeSktK.exe
  2⤵
  PID:8760
- C:\Windows\System\YeVFVth.exe
  C:\Windows\System\YeVFVth.exe
  2⤵
  PID:8776
- C:\Windows\System\wYpaCtS.exe
  C:\Windows\System\wYpaCtS.exe
  2⤵
  PID:8832
- C:\Windows\System\WCBuZMJ.exe
  C:\Windows\System\WCBuZMJ.exe
  2⤵
  PID:8852
- C:\Windows\System\xzXevei.exe
  C:\Windows\System\xzXevei.exe
  2⤵
  PID:8880
- C:\Windows\System\cOiuGIA.exe
  C:\Windows\System\cOiuGIA.exe
  2⤵
  PID:8908
- C:\Windows\System\TAFgZsz.exe
  C:\Windows\System\TAFgZsz.exe
  2⤵
  PID:8924
- C:\Windows\System\BVBCrYY.exe
  C:\Windows\System\BVBCrYY.exe
  2⤵
  PID:8956
- C:\Windows\System\cCVLFsT.exe
  C:\Windows\System\cCVLFsT.exe
  2⤵
  PID:8992
- C:\Windows\System\xJQEWAR.exe
  C:\Windows\System\xJQEWAR.exe
  2⤵
  PID:9024
- C:\Windows\System\cztzZkv.exe
  C:\Windows\System\cztzZkv.exe
  2⤵
  PID:9052
- C:\Windows\System\VEtmiDs.exe
  C:\Windows\System\VEtmiDs.exe
  2⤵
  PID:9080
- C:\Windows\System\cKenBJj.exe
  C:\Windows\System\cKenBJj.exe
  2⤵
  PID:9096
- C:\Windows\System\oVniPXl.exe
  C:\Windows\System\oVniPXl.exe
  2⤵
  PID:9124
- C:\Windows\System\OpiDNcF.exe
  C:\Windows\System\OpiDNcF.exe
  2⤵
  PID:9168
- C:\Windows\System\WGYmjVS.exe
  C:\Windows\System\WGYmjVS.exe
  2⤵
  PID:9192
- C:\Windows\System\csUvxGF.exe
  C:\Windows\System\csUvxGF.exe
  2⤵
  PID:9208
- C:\Windows\System\HOuvWSb.exe
  C:\Windows\System\HOuvWSb.exe
  2⤵
  PID:8264
- C:\Windows\System\OIFANDf.exe
  C:\Windows\System\OIFANDf.exe
  2⤵
  PID:8320
- C:\Windows\System\reWIBpQ.exe
  C:\Windows\System\reWIBpQ.exe
  2⤵
  PID:8384
- C:\Windows\System\kHUKdlE.exe
  C:\Windows\System\kHUKdlE.exe
  2⤵
  PID:8460
- C:\Windows\System\frLpqzV.exe
  C:\Windows\System\frLpqzV.exe
  2⤵
  PID:8500
- C:\Windows\System\yYNMafN.exe
  C:\Windows\System\yYNMafN.exe
  2⤵
  PID:8592
- C:\Windows\System\FMUBbSU.exe
  C:\Windows\System\FMUBbSU.exe
  2⤵
  PID:8660
- C:\Windows\System\FKQzdYb.exe
  C:\Windows\System\FKQzdYb.exe
  2⤵
  PID:8688
- C:\Windows\System\jdRUoFd.exe
  C:\Windows\System\jdRUoFd.exe
  2⤵
  PID:8752
- C:\Windows\System\IOaIHsT.exe
  C:\Windows\System\IOaIHsT.exe
  2⤵
  PID:8844
- C:\Windows\System\vgJNGbM.exe
  C:\Windows\System\vgJNGbM.exe
  2⤵
  PID:8936
- C:\Windows\System\IJnqlZI.exe
  C:\Windows\System\IJnqlZI.exe
  2⤵
  PID:8972
- C:\Windows\System\Qkkhkea.exe
  C:\Windows\System\Qkkhkea.exe
  2⤵
  PID:9048
- C:\Windows\System\MzIBAGM.exe
  C:\Windows\System\MzIBAGM.exe
  2⤵
  PID:9108
- C:\Windows\System\gnlAIiE.exe
  C:\Windows\System\gnlAIiE.exe
  2⤵
  PID:9160
- C:\Windows\System\ubqZfsy.exe
  C:\Windows\System\ubqZfsy.exe
  2⤵
  PID:8220
- C:\Windows\System\POyMIWq.exe
  C:\Windows\System\POyMIWq.exe
  2⤵
  PID:8392
- C:\Windows\System\nHvgtsr.exe
  C:\Windows\System\nHvgtsr.exe
  2⤵
  PID:8496
- C:\Windows\System\AiCXPnQ.exe
  C:\Windows\System\AiCXPnQ.exe
  2⤵
  PID:8636
- C:\Windows\System\xLxugAZ.exe
  C:\Windows\System\xLxugAZ.exe
  2⤵
  PID:8812
- C:\Windows\System\FcFYXWB.exe
  C:\Windows\System\FcFYXWB.exe
  2⤵
  PID:8980
- C:\Windows\System\eebLDuY.exe
  C:\Windows\System\eebLDuY.exe
  2⤵
  PID:9140
- C:\Windows\System\WQfkYWO.exe
  C:\Windows\System\WQfkYWO.exe
  2⤵
  PID:8312
- C:\Windows\System\jdUemux.exe
  C:\Windows\System\jdUemux.exe
  2⤵
  PID:8724
- C:\Windows\System\jAewvQJ.exe
  C:\Windows\System\jAewvQJ.exe
  2⤵
  PID:8892
- C:\Windows\System\gGBCPqe.exe
  C:\Windows\System\gGBCPqe.exe
  2⤵
  PID:9088
- C:\Windows\System\goIHRWT.exe
  C:\Windows\System\goIHRWT.exe
  2⤵
  PID:8944
- C:\Windows\System\miDJyKx.exe
  C:\Windows\System\miDJyKx.exe
  2⤵
  PID:9256
- C:\Windows\System\SmDGYUn.exe
  C:\Windows\System\SmDGYUn.exe
  2⤵
  PID:9284
- C:\Windows\System\VerXNOA.exe
  C:\Windows\System\VerXNOA.exe
  2⤵
  PID:9316
- C:\Windows\System\midMCiq.exe
  C:\Windows\System\midMCiq.exe
  2⤵
  PID:9344
- C:\Windows\System\nJpcrLb.exe
  C:\Windows\System\nJpcrLb.exe
  2⤵
  PID:9360
- C:\Windows\System\AyVEJfa.exe
  C:\Windows\System\AyVEJfa.exe
  2⤵
  PID:9380
- C:\Windows\System\XPzeRrw.exe
  C:\Windows\System\XPzeRrw.exe
  2⤵
  PID:9404
- C:\Windows\System\DVJbrdy.exe
  C:\Windows\System\DVJbrdy.exe
  2⤵
  PID:9444
- C:\Windows\System\ofQPARe.exe
  C:\Windows\System\ofQPARe.exe
  2⤵
  PID:9464
- C:\Windows\System\NXOJKFS.exe
  C:\Windows\System\NXOJKFS.exe
  2⤵
  PID:9496
- C:\Windows\System\kPfaWEO.exe
  C:\Windows\System\kPfaWEO.exe
  2⤵
  PID:9520
- C:\Windows\System\aZwZWwM.exe
  C:\Windows\System\aZwZWwM.exe
  2⤵
  PID:9564
- C:\Windows\System\PWrmcRR.exe
  C:\Windows\System\PWrmcRR.exe
  2⤵
  PID:9588
- C:\Windows\System\MPvBzBJ.exe
  C:\Windows\System\MPvBzBJ.exe
  2⤵
  PID:9616
- C:\Windows\System\OpAzzoA.exe
  C:\Windows\System\OpAzzoA.exe
  2⤵
  PID:9644
- C:\Windows\System\fBHiiZS.exe
  C:\Windows\System\fBHiiZS.exe
  2⤵
  PID:9672
- C:\Windows\System\lkzzpGR.exe
  C:\Windows\System\lkzzpGR.exe
  2⤵
  PID:9700
- C:\Windows\System\AxdaZoZ.exe
  C:\Windows\System\AxdaZoZ.exe
  2⤵
  PID:9724
- C:\Windows\System\KXZmmTz.exe
  C:\Windows\System\KXZmmTz.exe
  2⤵
  PID:9768
- C:\Windows\System\FubwHXZ.exe
  C:\Windows\System\FubwHXZ.exe
  2⤵
  PID:9796
- C:\Windows\System\Iymuawr.exe
  C:\Windows\System\Iymuawr.exe
  2⤵
  PID:9812
- C:\Windows\System\VRGCpTi.exe
  C:\Windows\System\VRGCpTi.exe
  2⤵
  PID:9840
- C:\Windows\System\UhEBftQ.exe
  C:\Windows\System\UhEBftQ.exe
  2⤵
  PID:9880
- C:\Windows\System\GectKQG.exe
  C:\Windows\System\GectKQG.exe
  2⤵
  PID:9908
- C:\Windows\System\CQpxVji.exe
  C:\Windows\System\CQpxVji.exe
  2⤵
  PID:9936
- C:\Windows\System\NhslGfR.exe
  C:\Windows\System\NhslGfR.exe
  2⤵
  PID:9964
- C:\Windows\System\vRMwdYl.exe
  C:\Windows\System\vRMwdYl.exe
  2⤵
  PID:9992
- C:\Windows\System\qZCnFRQ.exe
  C:\Windows\System\qZCnFRQ.exe
  2⤵
  PID:10020
- C:\Windows\System\WUFRjHo.exe
  C:\Windows\System\WUFRjHo.exe
  2⤵
  PID:10048
- C:\Windows\System\ujShjfk.exe
  C:\Windows\System\ujShjfk.exe
  2⤵
  PID:10064
- C:\Windows\System\sIDorWI.exe
  C:\Windows\System\sIDorWI.exe
  2⤵
  PID:10100
- C:\Windows\System\vMMhnAV.exe
  C:\Windows\System\vMMhnAV.exe
  2⤵
  PID:10120
- C:\Windows\System\xhjuRED.exe
  C:\Windows\System\xhjuRED.exe
  2⤵
  PID:10160
- C:\Windows\System\CqnJAxR.exe
  C:\Windows\System\CqnJAxR.exe
  2⤵
  PID:10188
- C:\Windows\System\tTjorCe.exe
  C:\Windows\System\tTjorCe.exe
  2⤵
  PID:10216
- C:\Windows\System\yAEDGgV.exe
  C:\Windows\System\yAEDGgV.exe
  2⤵
  PID:10232
- C:\Windows\System\ATRSHXY.exe
  C:\Windows\System\ATRSHXY.exe
  2⤵
  PID:9240
- C:\Windows\System\uleMojH.exe
  C:\Windows\System\uleMojH.exe
  2⤵
  PID:9328
- C:\Windows\System\rvWdgDb.exe
  C:\Windows\System\rvWdgDb.exe
  2⤵
  PID:9388
- C:\Windows\System\VWjowBk.exe
  C:\Windows\System\VWjowBk.exe
  2⤵
  PID:9436
- C:\Windows\System\SnkJCPr.exe
  C:\Windows\System\SnkJCPr.exe
  2⤵
  PID:9508
- C:\Windows\System\xJHIMMN.exe
  C:\Windows\System\xJHIMMN.exe
  2⤵
  PID:9572
- C:\Windows\System\DOWZMei.exe
  C:\Windows\System\DOWZMei.exe
  2⤵
  PID:9612
- C:\Windows\System\nCHQHLz.exe
  C:\Windows\System\nCHQHLz.exe
  2⤵
  PID:9692
- C:\Windows\System\wUaSAqX.exe
  C:\Windows\System\wUaSAqX.exe
  2⤵
  PID:9788
- C:\Windows\System\gjVsyue.exe
  C:\Windows\System\gjVsyue.exe
  2⤵
  PID:9856
- C:\Windows\System\nIFOZSN.exe
  C:\Windows\System\nIFOZSN.exe
  2⤵
  PID:9928
- C:\Windows\System\ipgemQJ.exe
  C:\Windows\System\ipgemQJ.exe
  2⤵
  PID:9960
- C:\Windows\System\WLJVNfk.exe
  C:\Windows\System\WLJVNfk.exe
  2⤵
  PID:10044
- C:\Windows\System\vbffylY.exe
  C:\Windows\System\vbffylY.exe
  2⤵
  PID:10108
- C:\Windows\System\cVaCbpL.exe
  C:\Windows\System\cVaCbpL.exe
  2⤵
  PID:10156
- C:\Windows\System\BAYQFDu.exe
  C:\Windows\System\BAYQFDu.exe
  2⤵
  PID:8748
- C:\Windows\System\NvbrYdN.exe
  C:\Windows\System\NvbrYdN.exe
  2⤵
  PID:9280
- C:\Windows\System\OxpZtEj.exe
  C:\Windows\System\OxpZtEj.exe
  2⤵
  PID:9460
- C:\Windows\System\nysRDjQ.exe
  C:\Windows\System\nysRDjQ.exe
  2⤵
  PID:9640
- C:\Windows\System\QBguuQt.exe
  C:\Windows\System\QBguuQt.exe
  2⤵
  PID:9836
- C:\Windows\System\rwqLsit.exe
  C:\Windows\System\rwqLsit.exe
  2⤵
  PID:9920
- C:\Windows\System\fbuEZLe.exe
  C:\Windows\System\fbuEZLe.exe
  2⤵
  PID:10004
- C:\Windows\System\SOojFiu.exe
  C:\Windows\System\SOojFiu.exe
  2⤵
  PID:10184
- C:\Windows\System\iTaEHKA.exe
  C:\Windows\System\iTaEHKA.exe
  2⤵
  PID:9548
- C:\Windows\System\BGvEpdO.exe
  C:\Windows\System\BGvEpdO.exe
  2⤵
  PID:9784
- C:\Windows\System\qjtKTMu.exe
  C:\Windows\System\qjtKTMu.exe
  2⤵
  PID:9484
- C:\Windows\System\ADfEnNw.exe
  C:\Windows\System\ADfEnNw.exe
  2⤵
  PID:10256
- C:\Windows\System\wdAjKGW.exe
  C:\Windows\System\wdAjKGW.exe
  2⤵
  PID:10284
- C:\Windows\System\xDOLOcg.exe
  C:\Windows\System\xDOLOcg.exe
  2⤵
  PID:10304
- C:\Windows\System\khqjthW.exe
  C:\Windows\System\khqjthW.exe
  2⤵
  PID:10344
- C:\Windows\System\TcVaCpn.exe
  C:\Windows\System\TcVaCpn.exe
  2⤵
  PID:10360
- C:\Windows\System\iYQVTvi.exe
  C:\Windows\System\iYQVTvi.exe
  2⤵
  PID:10396
- C:\Windows\System\CxblhSQ.exe
  C:\Windows\System\CxblhSQ.exe
  2⤵
  PID:10420
- C:\Windows\System\MIcBvwe.exe
  C:\Windows\System\MIcBvwe.exe
  2⤵
  PID:10444
- C:\Windows\System\skFOTTn.exe
  C:\Windows\System\skFOTTn.exe
  2⤵
  PID:10484
- C:\Windows\System\YEFXjda.exe
  C:\Windows\System\YEFXjda.exe
  2⤵
  PID:10512
- C:\Windows\System\LjUPXgl.exe
  C:\Windows\System\LjUPXgl.exe
  2⤵
  PID:10540
- C:\Windows\System\lpGEfDL.exe
  C:\Windows\System\lpGEfDL.exe
  2⤵
  PID:10568
- C:\Windows\System\NELPtzn.exe
  C:\Windows\System\NELPtzn.exe
  2⤵
  PID:10596
- C:\Windows\System\XOZnaMR.exe
  C:\Windows\System\XOZnaMR.exe
  2⤵
  PID:10616
- C:\Windows\System\efpdYzh.exe
  C:\Windows\System\efpdYzh.exe
  2⤵
  PID:10644
- C:\Windows\System\zybzIUA.exe
  C:\Windows\System\zybzIUA.exe
  2⤵
  PID:10672
- C:\Windows\System\nrXSXaz.exe
  C:\Windows\System\nrXSXaz.exe
  2⤵
  PID:10712
- C:\Windows\System\ZXaZdNV.exe
  C:\Windows\System\ZXaZdNV.exe
  2⤵
  PID:10740
- C:\Windows\System\bQflUjF.exe
  C:\Windows\System\bQflUjF.exe
  2⤵
  PID:10756
- C:\Windows\System\CeZCfhe.exe
  C:\Windows\System\CeZCfhe.exe
  2⤵
  PID:10796
- C:\Windows\System\ANYsjRD.exe
  C:\Windows\System\ANYsjRD.exe
  2⤵
  PID:10816
- C:\Windows\System\jLJdySU.exe
  C:\Windows\System\jLJdySU.exe
  2⤵
  PID:10840
- C:\Windows\System\VHYmufn.exe
  C:\Windows\System\VHYmufn.exe
  2⤵
  PID:10880
- C:\Windows\System\ceRSjFv.exe
  C:\Windows\System\ceRSjFv.exe
  2⤵
  PID:10900
- C:\Windows\System\YiCVtzT.exe
  C:\Windows\System\YiCVtzT.exe
  2⤵
  PID:10924
- C:\Windows\System\vYZTSpy.exe
  C:\Windows\System\vYZTSpy.exe
  2⤵
  PID:10964
- C:\Windows\System\lOhuEqT.exe
  C:\Windows\System\lOhuEqT.exe
  2⤵
  PID:10980
- C:\Windows\System\cMhqIpU.exe
  C:\Windows\System\cMhqIpU.exe
  2⤵
  PID:11016
- C:\Windows\System\bMAsnku.exe
  C:\Windows\System\bMAsnku.exe
  2⤵
  PID:11040
- C:\Windows\System\uKeddTa.exe
  C:\Windows\System\uKeddTa.exe
  2⤵
  PID:11064
- C:\Windows\System\YzHDPmS.exe
  C:\Windows\System\YzHDPmS.exe
  2⤵
  PID:11104
- C:\Windows\System\vMXoOlj.exe
  C:\Windows\System\vMXoOlj.exe
  2⤵
  PID:11128
- C:\Windows\System\KdBaRJi.exe
  C:\Windows\System\KdBaRJi.exe
  2⤵
  PID:11168
- C:\Windows\System\dWhbyiS.exe
  C:\Windows\System\dWhbyiS.exe
  2⤵
  PID:11196
- C:\Windows\System\nYsHONs.exe
  C:\Windows\System\nYsHONs.exe
  2⤵
  PID:11224
- C:\Windows\System\oTTBVSi.exe
  C:\Windows\System\oTTBVSi.exe
  2⤵
  PID:11244
- C:\Windows\System\NyNkjMe.exe
  C:\Windows\System\NyNkjMe.exe
  2⤵
  PID:9632
- C:\Windows\System\QPfSWau.exe
  C:\Windows\System\QPfSWau.exe
  2⤵
  PID:10300
- C:\Windows\System\VMctoUr.exe
  C:\Windows\System\VMctoUr.exe
  2⤵
  PID:10316
- C:\Windows\System\aTTVjkX.exe
  C:\Windows\System\aTTVjkX.exe
  2⤵
  PID:10428
- C:\Windows\System\ciKojiY.exe
  C:\Windows\System\ciKojiY.exe
  2⤵
  PID:10504
- C:\Windows\System\TUWnxZA.exe
  C:\Windows\System\TUWnxZA.exe
  2⤵
  PID:10556
- C:\Windows\System\roQBfAo.exe
  C:\Windows\System\roQBfAo.exe
  2⤵
  PID:10608
- C:\Windows\System\eXfPAvb.exe
  C:\Windows\System\eXfPAvb.exe
  2⤵
  PID:10704
- C:\Windows\System\kKkVIhC.exe
  C:\Windows\System\kKkVIhC.exe
  2⤵
  PID:10768
- C:\Windows\System\ABeFXvX.exe
  C:\Windows\System\ABeFXvX.exe
  2⤵
  PID:10832
- C:\Windows\System\bcTRmUz.exe
  C:\Windows\System\bcTRmUz.exe
  2⤵
  PID:10892
- C:\Windows\System\avCExve.exe
  C:\Windows\System\avCExve.exe
  2⤵
  PID:10956
- C:\Windows\System\ZSsqgpt.exe
  C:\Windows\System\ZSsqgpt.exe
  2⤵
  PID:11032
- C:\Windows\System\zUIuICi.exe
  C:\Windows\System\zUIuICi.exe
  2⤵
  PID:11092
- C:\Windows\System\EKmuYzm.exe
  C:\Windows\System\EKmuYzm.exe
  2⤵
  PID:11140
- C:\Windows\System\ZKhadik.exe
  C:\Windows\System\ZKhadik.exe
  2⤵
  PID:11188
- C:\Windows\System\cUmaUJJ.exe
  C:\Windows\System\cUmaUJJ.exe
  2⤵
  PID:11232
- C:\Windows\System\QSymbzn.exe
  C:\Windows\System\QSymbzn.exe
  2⤵
  PID:10336
- C:\Windows\System\gOJTbaf.exe
  C:\Windows\System\gOJTbaf.exe
  2⤵
  PID:10536
- C:\Windows\System\EFXFYOH.exe
  C:\Windows\System\EFXFYOH.exe
  2⤵
  PID:10660
- C:\Windows\System\GxQwdcZ.exe
  C:\Windows\System\GxQwdcZ.exe
  2⤵
  PID:10788
- C:\Windows\System\qOnADMG.exe
  C:\Windows\System\qOnADMG.exe
  2⤵
  PID:10856
- C:\Windows\System\gGPklSn.exe
  C:\Windows\System\gGPklSn.exe
  2⤵
  PID:10992
- C:\Windows\System\sKLxZta.exe
  C:\Windows\System\sKLxZta.exe
  2⤵
  PID:11124
- C:\Windows\System\mkfvcKv.exe
  C:\Windows\System\mkfvcKv.exe
  2⤵
  PID:10632
- C:\Windows\System\SuMdiAZ.exe
  C:\Windows\System\SuMdiAZ.exe
  2⤵
  PID:10868
- C:\Windows\System\ktoaqsP.exe
  C:\Windows\System\ktoaqsP.exe
  2⤵
  PID:11424
- C:\Windows\System\KRGrepK.exe
  C:\Windows\System\KRGrepK.exe
  2⤵
  PID:11448
- C:\Windows\System\kpYHYmn.exe
  C:\Windows\System\kpYHYmn.exe
  2⤵
  PID:11484
- C:\Windows\System\cclPhiJ.exe
  C:\Windows\System\cclPhiJ.exe
  2⤵
  PID:11504
- C:\Windows\System\LglGHIo.exe
  C:\Windows\System\LglGHIo.exe
  2⤵
  PID:11544
- C:\Windows\System\ZYXGLIC.exe
  C:\Windows\System\ZYXGLIC.exe
  2⤵
  PID:11572
- C:\Windows\System\VJgoqJt.exe
  C:\Windows\System\VJgoqJt.exe
  2⤵
  PID:11600
- C:\Windows\System\KzccRCQ.exe
  C:\Windows\System\KzccRCQ.exe
  2⤵
  PID:11628
- C:\Windows\System\JbbCFxw.exe
  C:\Windows\System\JbbCFxw.exe
  2⤵
  PID:11644
- C:\Windows\System\gNgdYhB.exe
  C:\Windows\System\gNgdYhB.exe
  2⤵
  PID:11672
- C:\Windows\System\PtgveIX.exe
  C:\Windows\System\PtgveIX.exe
  2⤵
  PID:11692
- C:\Windows\System\XKLdmYy.exe
  C:\Windows\System\XKLdmYy.exe
  2⤵
  PID:11720
- C:\Windows\System\CswEqmT.exe
  C:\Windows\System\CswEqmT.exe
  2⤵
  PID:11760
- C:\Windows\System\PgOBdTO.exe
  C:\Windows\System\PgOBdTO.exe
  2⤵
  PID:11788
- C:\Windows\System\DbQzLej.exe
  C:\Windows\System\DbQzLej.exe
  2⤵
  PID:11820
- C:\Windows\System\fjKWfbc.exe
  C:\Windows\System\fjKWfbc.exe
  2⤵
  PID:11856
- C:\Windows\System\SPQfDRp.exe
  C:\Windows\System\SPQfDRp.exe
  2⤵
  PID:11876
- C:\Windows\System\XruknuW.exe
  C:\Windows\System\XruknuW.exe
  2⤵
  PID:11900
- C:\Windows\System\myxmgSH.exe
  C:\Windows\System\myxmgSH.exe
  2⤵
  PID:11936
- C:\Windows\System\AQLjvlM.exe
  C:\Windows\System\AQLjvlM.exe
  2⤵
  PID:11964
- C:\Windows\System\MdxYhWx.exe
  C:\Windows\System\MdxYhWx.exe
  2⤵
  PID:11984
- C:\Windows\System\YbxTOxQ.exe
  C:\Windows\System\YbxTOxQ.exe
  2⤵
  PID:12024
- C:\Windows\System\zRIOUzX.exe
  C:\Windows\System\zRIOUzX.exe
  2⤵
  PID:12052
- C:\Windows\System\cMzHamd.exe
  C:\Windows\System\cMzHamd.exe
  2⤵
  PID:12080
- C:\Windows\System\WXDMZmQ.exe
  C:\Windows\System\WXDMZmQ.exe
  2⤵
  PID:12096
- C:\Windows\System\XpdFgjQ.exe
  C:\Windows\System\XpdFgjQ.exe
  2⤵
  PID:12132
- C:\Windows\System\GbReDTL.exe
  C:\Windows\System\GbReDTL.exe
  2⤵
  PID:12164
- C:\Windows\System\oAPoRWH.exe
  C:\Windows\System\oAPoRWH.exe
  2⤵
  PID:12192
- C:\Windows\System\fTKAwjW.exe
  C:\Windows\System\fTKAwjW.exe
  2⤵
  PID:12208
- C:\Windows\System\ykiIhoM.exe
  C:\Windows\System\ykiIhoM.exe
  2⤵
  PID:12236
- C:\Windows\System\UChrAso.exe
  C:\Windows\System\UChrAso.exe
  2⤵
  PID:12272
- C:\Windows\System\huftQAJ.exe
  C:\Windows\System\huftQAJ.exe
  2⤵
  PID:10472
- C:\Windows\System\AxagqIj.exe
  C:\Windows\System\AxagqIj.exe
  2⤵
  PID:11272
- C:\Windows\System\pTlLIoV.exe
  C:\Windows\System\pTlLIoV.exe
  2⤵
  PID:11296
- C:\Windows\System\jSCuQvy.exe
  C:\Windows\System\jSCuQvy.exe
  2⤵
  PID:11328
- C:\Windows\System\omwksgG.exe
  C:\Windows\System\omwksgG.exe
  2⤵
  PID:11340
- C:\Windows\System\BzVUjtg.exe
  C:\Windows\System\BzVUjtg.exe
  2⤵
  PID:11360
- C:\Windows\System\LEjHzUl.exe
  C:\Windows\System\LEjHzUl.exe
  2⤵
  PID:11396
- C:\Windows\System\yoNIrCS.exe
  C:\Windows\System\yoNIrCS.exe
  2⤵
  PID:11416
- C:\Windows\System\gNqFGeQ.exe
  C:\Windows\System\gNqFGeQ.exe
  2⤵
  PID:11500
- C:\Windows\System\SLQTPdB.exe
  C:\Windows\System\SLQTPdB.exe
  2⤵
  PID:11536
- C:\Windows\System\CzOxata.exe
  C:\Windows\System\CzOxata.exe
  2⤵
  PID:11612
- C:\Windows\System\OhGvGvb.exe
  C:\Windows\System\OhGvGvb.exe
  2⤵
  PID:11660
- C:\Windows\System\hNPxWwz.exe
  C:\Windows\System\hNPxWwz.exe
  2⤵
  PID:11736
- C:\Windows\System\rYIWFaa.exe
  C:\Windows\System\rYIWFaa.exe
  2⤵
  PID:11808
- C:\Windows\System\RujYTwr.exe
  C:\Windows\System\RujYTwr.exe
  2⤵
  PID:11892
- C:\Windows\System\yAINDEK.exe
  C:\Windows\System\yAINDEK.exe
  2⤵
  PID:11952
- C:\Windows\System\jXAzEkl.exe
  C:\Windows\System\jXAzEkl.exe
  2⤵
  PID:12020
- C:\Windows\System\svYLHGD.exe
  C:\Windows\System\svYLHGD.exe
  2⤵
  PID:12068
- C:\Windows\System\UCOnEPe.exe
  C:\Windows\System\UCOnEPe.exe
  2⤵
  PID:12160
- C:\Windows\System\xBuPgSG.exe
  C:\Windows\System\xBuPgSG.exe
  2⤵
  PID:12200
- C:\Windows\System\AqCahAX.exe
  C:\Windows\System\AqCahAX.exe
  2⤵
  PID:12256
- C:\Windows\System\cRKztlG.exe
  C:\Windows\System\cRKztlG.exe
  2⤵
  PID:11120
- C:\Windows\System\SBGJQlW.exe
  C:\Windows\System\SBGJQlW.exe
  2⤵
  PID:11348
- C:\Windows\System\ZtHhMxb.exe
  C:\Windows\System\ZtHhMxb.exe
  2⤵
  PID:11392
- C:\Windows\System\HXodpEw.exe
  C:\Windows\System\HXodpEw.exe
  2⤵
  PID:11476
- C:\Windows\System\biJXKPR.exe
  C:\Windows\System\biJXKPR.exe
  2⤵
  PID:1124
- C:\Windows\System\kHWzKgM.exe
  C:\Windows\System\kHWzKgM.exe
  2⤵
  PID:11784
- C:\Windows\System\oUgrYMR.exe
  C:\Windows\System\oUgrYMR.exe
  2⤵
  PID:11864
- C:\Windows\System\rBlIjlO.exe
  C:\Windows\System\rBlIjlO.exe
  2⤵
  PID:12012
- C:\Windows\System\vfbzrQL.exe
  C:\Windows\System\vfbzrQL.exe
  2⤵
  PID:12188
- C:\Windows\System\LhMvhmP.exe
  C:\Windows\System\LhMvhmP.exe
  2⤵
  PID:11388
- C:\Windows\System\HYzZTSY.exe
  C:\Windows\System\HYzZTSY.exe
  2⤵
  PID:11588
- C:\Windows\System\roCfuYX.exe
  C:\Windows\System\roCfuYX.exe
  2⤵
  PID:11748
- C:\Windows\System\HiyyCHI.exe
  C:\Windows\System\HiyyCHI.exe
  2⤵
  PID:12220
- C:\Windows\System\yBNgvqm.exe
  C:\Windows\System\yBNgvqm.exe
  2⤵
  PID:12048
- C:\Windows\System\WudjSJg.exe
  C:\Windows\System\WudjSJg.exe
  2⤵
  PID:11344
- C:\Windows\System\RhAuyGr.exe
  C:\Windows\System\RhAuyGr.exe
  2⤵
  PID:12328
- C:\Windows\System\gBAOVjC.exe
  C:\Windows\System\gBAOVjC.exe
  2⤵
  PID:12348
- C:\Windows\System\EfdmxeA.exe
  C:\Windows\System\EfdmxeA.exe
  2⤵
  PID:12376
- C:\Windows\System\osBJZxq.exe
  C:\Windows\System\osBJZxq.exe
  2⤵
  PID:12420
- C:\Windows\System\IlKgonX.exe
  C:\Windows\System\IlKgonX.exe
  2⤵
  PID:12444
- C:\Windows\System\BLAFswU.exe
  C:\Windows\System\BLAFswU.exe
  2⤵
  PID:12488
- C:\Windows\System\sYONUmJ.exe
  C:\Windows\System\sYONUmJ.exe
  2⤵
  PID:12516
- C:\Windows\System\JmaBKUB.exe
  C:\Windows\System\JmaBKUB.exe
  2⤵
  PID:12544
- C:\Windows\System\GNfvgYp.exe
  C:\Windows\System\GNfvgYp.exe
  2⤵
  PID:12572
- C:\Windows\System\zdDSmVG.exe
  C:\Windows\System\zdDSmVG.exe
  2⤵
  PID:12600
- C:\Windows\System\kOumftm.exe
  C:\Windows\System\kOumftm.exe
  2⤵
  PID:12628
- C:\Windows\System\NYWaztD.exe
  C:\Windows\System\NYWaztD.exe
  2⤵
  PID:12652
- C:\Windows\System\lXqbIrB.exe
  C:\Windows\System\lXqbIrB.exe
  2⤵
  PID:12672
- C:\Windows\System\PABANPp.exe
  C:\Windows\System\PABANPp.exe
  2⤵
  PID:12712
- C:\Windows\System\vDKMlRA.exe
  C:\Windows\System\vDKMlRA.exe
  2⤵
  PID:12740
- C:\Windows\System\cMfPSZW.exe
  C:\Windows\System\cMfPSZW.exe
  2⤵
  PID:12768
- C:\Windows\System\PTJXXJa.exe
  C:\Windows\System\PTJXXJa.exe
  2⤵
  PID:12784
- C:\Windows\System\kSwgZfk.exe
  C:\Windows\System\kSwgZfk.exe
  2⤵
  PID:12812
- C:\Windows\System\nIIFiPR.exe
  C:\Windows\System\nIIFiPR.exe
  2⤵
  PID:12848
- C:\Windows\System\KIXHrZf.exe
  C:\Windows\System\KIXHrZf.exe
  2⤵
  PID:12876
- C:\Windows\System\QORmfZA.exe
  C:\Windows\System\QORmfZA.exe
  2⤵
  PID:12904
- C:\Windows\System\gQrhyVD.exe
  C:\Windows\System\gQrhyVD.exe
  2⤵
  PID:12924
- C:\Windows\System\TPbTTdU.exe
  C:\Windows\System\TPbTTdU.exe
  2⤵
  PID:12944
- C:\Windows\System\vxSUyuK.exe
  C:\Windows\System\vxSUyuK.exe
  2⤵
  PID:12980
- C:\Windows\System\vWfRWub.exe
  C:\Windows\System\vWfRWub.exe
  2⤵
  PID:13020
- C:\Windows\System\QFqHweK.exe
  C:\Windows\System\QFqHweK.exe
  2⤵
  PID:13060
- C:\Windows\System\OfeyoyK.exe
  C:\Windows\System\OfeyoyK.exe
  2⤵
  PID:13076
- C:\Windows\System\ZxgJwAg.exe
  C:\Windows\System\ZxgJwAg.exe
  2⤵
  PID:13104
- C:\Windows\System\CbPqFYK.exe
  C:\Windows\System\CbPqFYK.exe
  2⤵
  PID:13132
- C:\Windows\System\vSMIMjH.exe
  C:\Windows\System\vSMIMjH.exe
  2⤵
  PID:13160
- C:\Windows\System\ckINITT.exe
  C:\Windows\System\ckINITT.exe
  2⤵
  PID:13188
- C:\Windows\System\CMXiYbg.exe
  C:\Windows\System\CMXiYbg.exe
  2⤵
  PID:13204
- C:\Windows\System\rgQRpWy.exe
  C:\Windows\System\rgQRpWy.exe
  2⤵
  PID:13236
- C:\Windows\System\VGlbdiZ.exe
  C:\Windows\System\VGlbdiZ.exe
  2⤵
  PID:13260
- C:\Windows\System\CtaFKBW.exe
  C:\Windows\System\CtaFKBW.exe
  2⤵
  PID:13292
- C:\Windows\System\TUDyEAG.exe
  C:\Windows\System\TUDyEAG.exe
  2⤵
  PID:12344
- C:\Windows\System\wMxazVs.exe
  C:\Windows\System\wMxazVs.exe
  2⤵
  PID:12456
- C:\Windows\System\FQrsxzv.exe
  C:\Windows\System\FQrsxzv.exe
  2⤵
  PID:12500
- C:\Windows\System\TVeUjeV.exe
  C:\Windows\System\TVeUjeV.exe
  2⤵
  PID:12540
- C:\Windows\System\UNqnumM.exe
  C:\Windows\System\UNqnumM.exe
  2⤵
  PID:12624
- C:\Windows\System\gYVCEkq.exe
  C:\Windows\System\gYVCEkq.exe
  2⤵
  PID:12644
- C:\Windows\System\xhfpbHq.exe
  C:\Windows\System\xhfpbHq.exe
  2⤵
  PID:12736
- C:\Windows\System\XsvGkzQ.exe
  C:\Windows\System\XsvGkzQ.exe
  2⤵
  PID:12856
- C:\Windows\System\EkyowQa.exe
  C:\Windows\System\EkyowQa.exe
  2⤵
  PID:12884
- C:\Windows\System\BqaKCwI.exe
  C:\Windows\System\BqaKCwI.exe
  2⤵
  PID:12964
- C:\Windows\System\dgQPqYn.exe
  C:\Windows\System\dgQPqYn.exe
  2⤵
  PID:1052
- C:\Windows\System\GCDIJgG.exe
  C:\Windows\System\GCDIJgG.exe
  2⤵
  PID:13088
- C:\Windows\System\QjsQEKF.exe
  C:\Windows\System\QjsQEKF.exe
  2⤵
  PID:13124
- C:\Windows\System\JiBccOH.exe
  C:\Windows\System\JiBccOH.exe
  2⤵
  PID:13252
- C:\Windows\System\nommetH.exe
  C:\Windows\System\nommetH.exe
  2⤵
  PID:12308
- C:\Windows\System\FgvCwih.exe
  C:\Windows\System\FgvCwih.exe
  2⤵
  PID:12664
- C:\Windows\System\WJWTONA.exe
  C:\Windows\System\WJWTONA.exe
  2⤵
  PID:12700
- C:\Windows\System\wNiskUo.exe
  C:\Windows\System\wNiskUo.exe
  2⤵
  PID:4936
- C:\Windows\System\oVWaWov.exe
  C:\Windows\System\oVWaWov.exe
  2⤵
  PID:13196
- C:\Windows\System\gIXdDOM.exe
  C:\Windows\System\gIXdDOM.exe
  2⤵
  PID:13308
- C:\Windows\System\kcAQLhS.exe
  C:\Windows\System\kcAQLhS.exe
  2⤵
  PID:1228
- C:\Windows\System\aOrgCGp.exe
  C:\Windows\System\aOrgCGp.exe
  2⤵
  PID:12636
- C:\Windows\System\RBzeWgo.exe
  C:\Windows\System\RBzeWgo.exe
  2⤵
  PID:13068
- C:\Windows\System\gZteRMN.exe
  C:\Windows\System\gZteRMN.exe
  2⤵
  PID:3032
- C:\Windows\System\xHtegnV.exe
  C:\Windows\System\xHtegnV.exe
  2⤵
  PID:13320
- C:\Windows\System\UrQuLXf.exe
  C:\Windows\System\UrQuLXf.exe
  2⤵
  PID:13344
- C:\Windows\System\wBaStCk.exe
  C:\Windows\System\wBaStCk.exe
  2⤵
  PID:13376
- C:\Windows\System\bnJfbjS.exe
  C:\Windows\System\bnJfbjS.exe
  2⤵
  PID:13436
- C:\Windows\System\qQewsKS.exe
  C:\Windows\System\qQewsKS.exe
  2⤵
  PID:13472
- C:\Windows\System\PUptGSd.exe
  C:\Windows\System\PUptGSd.exe
  2⤵
  PID:13504
- C:\Windows\System\YWGfvjy.exe
  C:\Windows\System\YWGfvjy.exe
  2⤵
  PID:13536
- C:\Windows\System\mCWYUVw.exe
  C:\Windows\System\mCWYUVw.exe
  2⤵
  PID:13572
- C:\Windows\System\XJjhOxQ.exe
  C:\Windows\System\XJjhOxQ.exe
  2⤵
  PID:13608
- C:\Windows\System\UgxVbGL.exe
  C:\Windows\System\UgxVbGL.exe
  2⤵
  PID:13636
- C:\Windows\System\RlvclUU.exe
  C:\Windows\System\RlvclUU.exe
  2⤵
  PID:13656
- C:\Windows\System\VlBwjfH.exe
  C:\Windows\System\VlBwjfH.exe
  2⤵
  PID:13700
- C:\Windows\System\esTwzeM.exe
  C:\Windows\System\esTwzeM.exe
  2⤵
  PID:13744
- C:\Windows\System\FnYAEUr.exe
  C:\Windows\System\FnYAEUr.exe
  2⤵
  PID:13772
- C:\Windows\System\WumsPTS.exe
  C:\Windows\System\WumsPTS.exe
  2⤵
  PID:13796
- C:\Windows\System\HIJlqhw.exe
  C:\Windows\System\HIJlqhw.exe
  2⤵
  PID:13820
- C:\Windows\System\YvjRCoW.exe
  C:\Windows\System\YvjRCoW.exe
  2⤵
  PID:13860
- C:\Windows\System\jodgeOL.exe
  C:\Windows\System\jodgeOL.exe
  2⤵
  PID:13892
- C:\Windows\System\cADlKtg.exe
  C:\Windows\System\cADlKtg.exe
  2⤵
  PID:13908
- C:\Windows\System\EYErJsd.exe
  C:\Windows\System\EYErJsd.exe
  2⤵
  PID:13936
- C:\Windows\System\sHNysBa.exe
  C:\Windows\System\sHNysBa.exe
  2⤵
  PID:13952
- C:\Windows\System\PfmvpZY.exe
  C:\Windows\System\PfmvpZY.exe
  2⤵
  PID:13984
- C:\Windows\System\GvipXeQ.exe
  C:\Windows\System\GvipXeQ.exe
  2⤵
  PID:14020
- C:\Windows\System\KZPNWQz.exe
  C:\Windows\System\KZPNWQz.exe
  2⤵
  PID:14060
- C:\Windows\System\RUrHhfu.exe
  C:\Windows\System\RUrHhfu.exe
  2⤵
  PID:14088
- C:\Windows\System\qYefYGo.exe
  C:\Windows\System\qYefYGo.exe
  2⤵
  PID:14104
- C:\Windows\System\ywqyqUT.exe
  C:\Windows\System\ywqyqUT.exe
  2⤵
  PID:14144
- C:\Windows\System\PendRXw.exe
  C:\Windows\System\PendRXw.exe
  2⤵
  PID:14160
- C:\Windows\System\eecHmKC.exe
  C:\Windows\System\eecHmKC.exe
  2⤵
  PID:14196
- C:\Windows\System\tmhMyzO.exe
  C:\Windows\System\tmhMyzO.exe
  2⤵
  PID:14220
- C:\Windows\System\PDqsxzA.exe
  C:\Windows\System\PDqsxzA.exe
  2⤵
  PID:14248
- C:\Windows\System\lCvualt.exe
  C:\Windows\System\lCvualt.exe
  2⤵
  PID:14272
- C:\Windows\System\nrxSCRZ.exe
  C:\Windows\System\nrxSCRZ.exe
  2⤵
  PID:14304
- C:\Windows\System\GcSPqpZ.exe
  C:\Windows\System\GcSPqpZ.exe
  2⤵
  PID:14332
- C:\Windows\System\UkWrwWb.exe
  C:\Windows\System\UkWrwWb.exe
  2⤵
  PID:13348
- C:\Windows\System\fLZCvSc.exe
  C:\Windows\System\fLZCvSc.exe
  2⤵
  PID:13448
- C:\Windows\System\gCAUtZn.exe
  C:\Windows\System\gCAUtZn.exe
  2⤵
  PID:13532
- C:\Windows\System\oIddZMO.exe
  C:\Windows\System\oIddZMO.exe
  2⤵
  PID:13624
- C:\Windows\System\QxxCYeT.exe
  C:\Windows\System\QxxCYeT.exe
  2⤵
  PID:13720
- C:\Windows\System\LqRxJYo.exe
  C:\Windows\System\LqRxJYo.exe
  2⤵
  PID:13792
- C:\Windows\System\hqWAxmR.exe
  C:\Windows\System\hqWAxmR.exe
  2⤵
  PID:13856
- C:\Windows\System\eSjvgth.exe
  C:\Windows\System\eSjvgth.exe
  2⤵
  PID:13900
- C:\Windows\System\vfCtCIQ.exe
  C:\Windows\System\vfCtCIQ.exe
  2⤵
  PID:13944
- C:\Windows\System\kBJLDvU.exe
  C:\Windows\System\kBJLDvU.exe
  2⤵
  PID:13980
- C:\Windows\System\UMtRfny.exe
  C:\Windows\System\UMtRfny.exe
  2⤵
  PID:14100
- C:\Windows\System\IQKvuUJ.exe
  C:\Windows\System\IQKvuUJ.exe
  2⤵
  PID:14188
- C:\Windows\System\WixAmZz.exe
  C:\Windows\System\WixAmZz.exe
  2⤵
  PID:14268
- C:\Windows\System\YCKWpoH.exe
  C:\Windows\System\YCKWpoH.exe
  2⤵
  PID:14284
- C:\Windows\System\EuNdQfZ.exe
  C:\Windows\System\EuNdQfZ.exe
  2⤵
  PID:13368
- C:\Windows\System\aNHukmh.exe
  C:\Windows\System\aNHukmh.exe
  2⤵
  PID:13620
- C:\Windows\System\mqRbQGq.exe
  C:\Windows\System\mqRbQGq.exe
  2⤵
  PID:13768
- C:\Windows\System\xZNpVZm.exe
  C:\Windows\System\xZNpVZm.exe
  2⤵
  PID:13812
- C:\Windows\System\qSaPAnq.exe
  C:\Windows\System\qSaPAnq.exe
  2⤵
  PID:13928
- C:\Windows\System\QQqBSBm.exe
  C:\Windows\System\QQqBSBm.exe
  2⤵
  PID:14140

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DMaluzT.exe

Filesize
2.1MB

MD5
bb363711771e25adf3f26249e566545f

SHA1
06950360466a0994ef660d9446b42550da598e23

SHA256
44b3a190904885f1efa51dcbeac9d9cb67db4c6897cd20fcebcfec4bb985b9f4

SHA512
9583186977d438b422ebcf3877af6d7e71786a78e635671fb3e423943c5c4c636be4541f85738f508f798e66168926e4ba4d90e72c20a46e4e7586d4c18640bb

Download Submit
C:\Windows\System\GMTOZku.exe

Filesize
2.1MB

MD5
78451bf7e871b2235801c7124cf2d07f

SHA1
a427cc05c31f0e5d49df4c9c0fdf5cd9b03bc05f

SHA256
f8e80e6c27a2bab51057ed836fed6c9bed291e8896170a4afb8eceac23cad29f

SHA512
d6dda760f24b1f7a4100d9d7a08edee7c159c148a2036441ed056de8b9770524ef04fc4f9a9e4e024c9b89f10c6653dab5b84b35f73192391846da3bb7d82c6c

Download Submit
C:\Windows\System\GtvBbDv.exe

Filesize
2.2MB

MD5
cf0b6a5b8428a98067b2dc7c7a30e760

SHA1
153843137a4857f37e446cc37cb8e3f710f09907

SHA256
37ecbe3c9618e495941be02d12cebb93acdfc78d10d6b607faafd021c90a124e

SHA512
66ce5b101610e9268031c002af4daa063c9a157da23c3b470b9d67aac69b134c0286ee16403673fcaa689eb09f690a1fe7de2d336d6dd487ea070b0d316584ee

Download Submit
C:\Windows\System\HNkECfc.exe

Filesize
2.1MB

MD5
0d8698ee2a0f51df2bb3a15ba2d940d3

SHA1
f3b22936b28a673637688cf2e13ece45255cc4fe

SHA256
1faeace4cc9ab6965bc39fdeaa9b4db04bea118b50fa9a1d2e714ad10e359e60

SHA512
e41fc6f84de408897281fb06c3cfddfa6bd96a34511a022cb5a99f908d2f8f5c9f173fa506455a8a90dfc40d2f69eba7b51ff53104e34655ddd65abdc196e336

Download Submit
C:\Windows\System\HSqiTdq.exe

Filesize
2.2MB

MD5
a1a238029e12120925cd3b963e7d1cf8

SHA1
ea3a07307e96ef1f9ed7e2b914ae6dd8a11778e9

SHA256
bf815865f4a89783d7fbd8b8a337723e6d6a58a1128a37f14bba00ab67e678c5

SHA512
21b3ca23361137f533bca96c5aeb9f2ce24f13db41686a056efaf4186ad6fc82a4bde6d65095958ae02ad990b321c7f1449d951694e290f3713f785429d08d57

Download Submit
C:\Windows\System\HZTnwcf.exe

Filesize
2.2MB

MD5
160191697a7d93a07762cedfa6807b8a

SHA1
54a86e431e0914849720965965b681fa1b123f22

SHA256
3ef522d18d7e555ec940987bfecdba91643b7e0e869e1698320271ab952d5ea0

SHA512
71e10b985a1d0788060c0a96d05750d1121ab9cb9bf173f6583387e66960f84594a60733caf76a6a1963ccadc013b9ad636b13727cf61089d5c88a5926e07735

Download Submit
C:\Windows\System\HxiyCMf.exe

Filesize
2.2MB

MD5
d0f3e6f48b9d1409ead2b138db989b50

SHA1
25ff2b43a72d2e8fd74612bff66f3fd5ddac38c8

SHA256
48f3054221c9b454d3a877cab849414e1b2d5fd24c3288458263cb616327305b

SHA512
1c10bac43b8a7ad503194aa5cd8f500ed212300586eac76fa882cc387c770af58d80925f946cc28b041f13924103a2c0efe7d2a47c9f290c77a315bf57b128f9

Download Submit
C:\Windows\System\IKicJKW.exe

Filesize
2.1MB

MD5
79acdff76100e53326dbb71071400bca

SHA1
89e4e632cbb59b022b10e958a3a03250bf0b16a0

SHA256
06819c690983a57c515e4f3b6d0481f37de9076850832d7a28d91ebf38b428be

SHA512
4fe019b37384fb2649d39d8d2ab4c54525a1b16289a374cbb45289015f02d2edece2ec785b4bd914e2c5c1046376c437e48bbdbd1cced866a199d80ebca21ba0

Download Submit
C:\Windows\System\IVJqhMq.exe

Filesize
2.2MB

MD5
77062b83829499b179ed9befec94bb92

SHA1
689f40883424246b57bd482fa30867426fdda8bd

SHA256
4a20716fdf15dc5c451951cb536e88b346e6cd555025f5d361713cbeca3eff4e

SHA512
0ce9877b5e9ff9ce2c04bf06a69e4d7ec30cc7f9a2b0ac8016d36976c96aeb3435ce73c02745537f7b8abe2e33e08f552a88c6c26c27e14df92f952bd1894f54

Download Submit
C:\Windows\System\IxPZqtj.exe

Filesize
2.1MB

MD5
caaeb17a01bf03deb4b3f4b5ca701ee9

SHA1
46dd1f483b01cc78b5471ccee441f2d522acd608

SHA256
a4316f8700d06717ceeb7297b7ce22089c6155faad5f34ed40604042da9564a2

SHA512
0f17a8490760be6e4c810465e1d74798cd7f30e92fcd251087fed3000dd8decc23964b2a702625ce1f4c7cab11ac5f80f243515e8f4663dfe27b939b324709e1

Download Submit
C:\Windows\System\KHBlCBP.exe

Filesize
2.1MB

MD5
1cff9cc28f77585cab0282ba029c9b4a

SHA1
b600f200a24bc7a3035941cba5fc9b7bd2415232

SHA256
00164c1ef000f23d17593d018867807407e84453fd9689be2578e91ec12a9619

SHA512
6a013bad743161f86e1e12222c16f880f4a568e80e95abb2673c40b242a4f19882c03a86115b003ce5fcbe7e7198d0e935882ecf558bf2cd11cd4870c63a5565

Download Submit
C:\Windows\System\OOeiUvg.exe

Filesize
2.2MB

MD5
be197c01a874e7e31917100fe7af75bf

SHA1
8c63fa3add05640d59ec1f170154675f336df364

SHA256
5a1c4660b05612985c69c41ac4339fb6da10ff259770c98f5798090724c1ba9f

SHA512
20972ab8f512cf2476e3d6df5a06a8d7a21b267b30215b6419fd3368c088990790d40fd3a0385389f58addd74a26fa7bb59ac5877101d2e3a1335eafb4740f86

Download Submit
C:\Windows\System\OQqMxSD.exe

Filesize
2.1MB

MD5
fe7ba0d1fd1ee03fb959ea0cdfd96ad3

SHA1
4c92565cc5d0b1a56d72ba963833c53ad9de796f

SHA256
1b15baaf6d00b8a3959194543cc507ec4c51c86201605dbcfdab77ee93a9387a

SHA512
c874bc181b775da835353e88ed575f44dacff67ad8f252b407d5c1e218c1a006be576525763054474218a7d44fecc66c31ba26a95e6d0ca46d81e05df49f9989

Download Submit
C:\Windows\System\TxWIvqR.exe

Filesize
2.1MB

MD5
37ee474351166c0bda1027d976442ce0

SHA1
b1d4b55a483b5a0b1349366634db565743d6359d

SHA256
204906b0b06e9346b1c285d7f7e0aeeaee6c65427d0ae9864942f53a4a2eff49

SHA512
01949fca0bac7e4d94e2a26b18dba22f4437fbf2a628525fbea41693cf5b4c19d9159e8f74676f3a3cebd8b38154ca549cf7e2b580c5b659acbd035844b320fc

Download Submit
C:\Windows\System\WozonIM.exe

Filesize
2.1MB

MD5
8989eabb9d2c18a45c0dccb4aa95597d

SHA1
7e21765b2026372c076a6cf82cbcae0197349851

SHA256
3df24459f022a814d7d779d72a7a71c46d3f9a3c46d5b2aeb996fe210bf55b6d

SHA512
139157fd2116f395fe58b352c9f09063eb6e377e27827b0fbd7592f12270c596ba98073c0e79e9642b3bf45521807c9e8c6341fd8199f0648d098c6571573607

Download Submit
C:\Windows\System\YKJDqBu.exe

Filesize
2.2MB

MD5
b389d1394d92bc69667d1de1455906b2

SHA1
23f1bbc362435c36fcfb5583f8523d295c762433

SHA256
0ad204171d503f936e4dc360c4589b63ee141486b6b7dc2cb690ff0026404356

SHA512
6e2b8c7e6a765e371e509c73ddd06323a365112e056c02f33866d76e5f0112c359477b583b32873b493884b625379cfec1ab833137d8062be556324ec1b5c70c

Download Submit
C:\Windows\System\YgugCXr.exe

Filesize
2.1MB

MD5
0b95e1df3f60970a5748bd7ef3f975bf

SHA1
214341d1617a09e11d9f8a3a5e3dc2121da3afd4

SHA256
f0f956b834ba1ab12f700b6bda24afc154e361b64b9bda95993aa9bf1ce01f51

SHA512
1563ebae11a83ea0787e1cad519860fd159ef59b9606b73af9f311767e94af06e9e8e97793868b41c123e354c211471f3c55e456a0074b4f627987a839a71a43

Download Submit
C:\Windows\System\ZtdKazn.exe

Filesize
2.2MB

MD5
02076e10e023e1cedea2fdb1b66cad4a

SHA1
d798c4eec3453fb5f1673f8d08b5097daf68e273

SHA256
89c11f856dba54495af36369acbebfd8f13dcf9c28d5114356c89a25f581d36a

SHA512
33d24b4f97b2405c4691a9c2fb216945fc492dcba5f6249a38238f75b63adf32cf67575d5ea78eb05c542287aaa532616328e36e57f0037f3e2357d0a730e9f4

Download Submit
C:\Windows\System\cFbRGta.exe

Filesize
2.1MB

MD5
f6b787e4c63cbe68fcf514824f11dca1

SHA1
60df0af787e50f20ea58025ca4ab311b1b0869d6

SHA256
b1e867bca30fbfc1f8b60bf34cd5389c0400c325f98bc880c5ad5111db6716ed

SHA512
4c610111b7fca24396b13bb0250b6380910ec631af36d20f2b6c5ea9c8d0b8be12bfd6744539121220417b243921a6b4648edafbb0875f5c581c61dadd8ca001

Download Submit
C:\Windows\System\cNXQadm.exe

Filesize
2.2MB

MD5
3e3c5504616e98bc48e2bdcbf2f72ede

SHA1
ec002acdc0bfdb0397f5b5b44b39ec128a357c7a

SHA256
e77b0f0562ec410267fb6353b3422b213f690f81a26d5f1357d83592867e7cb4

SHA512
6dd4c86583bb9670461b4cd7bd6cc4dbecaae37c9c41d3e774d99ccc8a0513ca88ae75b47bfe12f3a788bf5f3f80c7dcb6e00384d7c71195e9feb63b2a7c33e0

Download Submit
C:\Windows\System\fjzFmRo.exe

Filesize
2.2MB

MD5
c0bb0c9549e71223fe154e3d59f09446

SHA1
1fd9979d41db81ee661d0a2869c79846ef72fdd4

SHA256
7f1944552274453ed027f24d813a57f5b5eb1aa4e0cf7d6731f849faf63dd621

SHA512
85cb2bc9d8ef3e27a225bb05f408e0f6d92947888aeecb3a03d108aacc477c70dfe99834320ab82b9e69cb453712149318c3d04a30f69b09cfdc3b4fb693c6ef

Download Submit
C:\Windows\System\gamTdod.exe

Filesize
2.1MB

MD5
a9c50c1073269341eb0c8f2a6b95a195

SHA1
858683d9f314216fa60889e022af9c9f6e4c3f4a

SHA256
788880bd98ffacf0ce8f749f4d9b2a8ef6b840e409659c2c4641d8c190857676

SHA512
e13abb8eb3919931a862c12b65a51421fb94e091f165e2ce62738f95ead86be18baeca972620fb6a78be4a34ff51ce6492d08d018677d57b228ed70a69875320

Download Submit
C:\Windows\System\lOpRlpz.exe

Filesize
2.1MB

MD5
3e5f83a6f0c886ad8dda9d61eda443f1

SHA1
12682b2db843d7498e69b9590f18ef7903602454

SHA256
db6edc29dd2706decf7056f444c3d9bfd7e849882cd527534d76f8ce3eb9d68d

SHA512
dbc67985e3182d23ca4bc534b5895fd06effbb599577184428f4d0aa6d7ff50a0a6cfcc8f850cf088f903cc1f90c05105d2a8018f6a7f3f148ae340940a73761

Download Submit
C:\Windows\System\mXRlkIA.exe

Filesize
2.1MB

MD5
a0b1d367cc9cd87b5bd31fca7ed2908b

SHA1
4eca4e32fe45098eece31273c9723be5988b8c5f

SHA256
07c0f6fba0590a2058f9a8c66fc64fa9b76bf78a4afd75f4106a2499aa11c5f4

SHA512
aea4d5d73db6087da8779793e33017f47e9000eab96c8e1ac85796098a2dea4cad5b968f1be2e7f262ad7e703a9bc9eff941a5b18e4ebac5a31c78cea7ba8a2d

Download Submit
C:\Windows\System\nGKxgqe.exe

Filesize
2.1MB

MD5
c3418bb13c0591b3944a079e1dcf3322

SHA1
30d5057a49fd728c4efbb3cdfff5a1581a9efd04

SHA256
c688a4358844e7ceabf9c9eb86c80d4f029e7f6535cedd594445fe7d0a397b44

SHA512
d4a9d6488e0d13981250a2dd461f87164607f3459e97db16e7d91c644f0bb714b9831f2a649b387cc9f216491892672c7f3c370443e0792434c4f570afd03a9b

Download Submit
C:\Windows\System\qdFsrDn.exe

Filesize
2.2MB

MD5
2dac39865996d0549d4874591e4a7e3c

SHA1
051f52a7c136266be2b3524b80a7f9f47489a43a

SHA256
5bb582596d9246e2d751556c4efaeacdfc8b7c762b82a85471203ddf0ac2f42d

SHA512
4d7d9dd8570819232507d5891f0129876f0ade6effb83208d074187a98c1630d1422ff58a4ade7229fc85d6c44eaa1c3fc6e12c64dc7cd24857ef117e6310d27

Download Submit
C:\Windows\System\rsYNNKy.exe

Filesize
2.2MB

MD5
d22d3cf8bcf19e274a971545f35f0dc6

SHA1
9443b055ec923629cf67e89f844badbb83ee907b

SHA256
839a5b0f8692c8c9b8f98ebe6c23b865e9cfb6c4e2e8dc5b563b3058ead00331

SHA512
b70b663b913907948cf2f95ceb69fc39c150e4a9c0b1b688b9e812633dc81ce8be7ae75603aeacae5290bab3042c72eddf0152eaa2d4d53e0472845d84762b76

Download Submit
C:\Windows\System\shuoWjQ.exe

Filesize
2.1MB

MD5
7b43d0d860c27a417ae7ce81f53b17f7

SHA1
d9122fad3c2c14d66e1ea857da324bcd75fee43f

SHA256
4c14f73424c2c6a4ed7a156e4488ff9240d6c9968f52447b6897f815b486ec67

SHA512
2665a1225ff4e0df2fb27872ee517fb690e14e3e837c01d185ccc1fc0f79b76d6dd5878562ba2943fc60b58e4ccee98332e7b3910dbb42320bc95a4466497432

Download Submit
C:\Windows\System\uDGObAz.exe

Filesize
2.2MB

MD5
cace1241fb9a94107ca4fa6818c1cd9f

SHA1
499ec1f3715905c5a6a404072726e8d14f643f83

SHA256
2cc08be3df0c9b0a8a64553aff4a115df1bddadac6d686777c14625d6326e683

SHA512
a7a7d05f6aba9abe0614b1c755dcbeee0d6ced4e592e8b2b8a538434927fedace35c54848312bb9f8c51228dbd0a5da4856db54076f447c2805dd5f666ec3ebd

Download Submit
C:\Windows\System\uvGFHLz.exe

Filesize
2.2MB

MD5
48c03c1b5620ddc796c1750f28566243

SHA1
d79eaddd84e989cf9bbee806a56a1af944779149

SHA256
391430d36d2714c826875773d942661e603913b9392ada4be41dbc69cfa44d99

SHA512
23ca381e7ece6db879fe9c75b59fd53ba51a5e2842f59f432fbc818fd69cc735da02ae3deb44c8ca8c7b845ae10c6804dfba1383791ad647b766c3dd1dfa3926

Download Submit
C:\Windows\System\vRagdEI.exe

Filesize
2.1MB

MD5
56f0231a752e9968680a5a30914c1f4f

SHA1
78771e62e95acb1b81cf242f24f6b000bf5ebbc6

SHA256
123d45a707f57fa366f78b3f0c4f61f6978fae19810b243950a066b916e1cc9b

SHA512
f11e84c1ce207ff4a162b89f9cb1f9c0bd3edd0d6d9f9219b40e66148a5f11f52b2d3d7edb2bb4cc9860fd2321beb6e3f80858e01679eb6a96fba7728d8ebbff

Download Submit
C:\Windows\System\xRNfQsd.exe

Filesize
2.1MB

MD5
fb2c30c74ddcae15fd88ce6394ed1d7f

SHA1
5fb764fc7aa9565a2eed19eb444239673ab5f832

SHA256
0eee7db76c3c8415126169567cd3711a5b059844e62c1299f4f734f4a9021e01

SHA512
4fe7078faf57a85e9d54fbfc0a53362ef5b4f97880953bb58069654c24c02d2f166fd2f9e934c26b66a8f6aa8f057ad9dccb36b573fe34bbd0ab8aa0e54137d2

Download Submit
C:\Windows\System\yfdOgJW.exe

Filesize
2.2MB

MD5
bfd8539076802b3767b14b3736181924

SHA1
b0643809fd4f20ded2feddc62e8e9cb846659b64

SHA256
289f756c9ae3d7f08c619bf51dcbc1d3a8fdc1c5402c7dead3e62355ea928be0

SHA512
5a29ccd1938a3121c9cc50ddde65dae7fe431edf6cd9a0086f1867acb1bfbd85bf6f0071ed1b8e48957f30e2894e2bda8c0f42061ce166bdb6d776a9fb65ab58

Download Submit
memory/644-803-0x00007FF7E0B50000-0x00007FF7E0EA4000-memory.dmp

Filesize
3.3MB

Download
memory/644-2129-0x00007FF7E0B50000-0x00007FF7E0EA4000-memory.dmp

Filesize
3.3MB

Download
memory/752-776-0x00007FF7DC9D0000-0x00007FF7DCD24000-memory.dmp

Filesize
3.3MB

Download
memory/752-2120-0x00007FF7DC9D0000-0x00007FF7DCD24000-memory.dmp

Filesize
3.3MB

Download
memory/868-813-0x00007FF777290000-0x00007FF7775E4000-memory.dmp

Filesize
3.3MB

Download
memory/868-2131-0x00007FF777290000-0x00007FF7775E4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-734-0x00007FF66A200000-0x00007FF66A554000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2113-0x00007FF66A200000-0x00007FF66A554000-memory.dmp

Filesize
3.3MB

Download
memory/1216-17-0x00007FF69EDE0000-0x00007FF69F134000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2110-0x00007FF69EDE0000-0x00007FF69F134000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2106-0x00007FF69EDE0000-0x00007FF69F134000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2115-0x00007FF6DEC20000-0x00007FF6DEF74000-memory.dmp

Filesize
3.3MB

Download
memory/1244-841-0x00007FF6DEC20000-0x00007FF6DEF74000-memory.dmp

Filesize
3.3MB

Download
memory/1344-825-0x00007FF719010000-0x00007FF719364000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2132-0x00007FF719010000-0x00007FF719364000-memory.dmp

Filesize
3.3MB

Download
memory/1772-833-0x00007FF76BDA0000-0x00007FF76C0F4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2137-0x00007FF76BDA0000-0x00007FF76C0F4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2109-0x00007FF634C30000-0x00007FF634F84000-memory.dmp

Filesize
3.3MB

Download
memory/1832-13-0x00007FF634C30000-0x00007FF634F84000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2105-0x00007FF702A80000-0x00007FF702DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-0-0x00007FF702A80000-0x00007FF702DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1-0x000001A852AC0000-0x000001A852AD0000-memory.dmp

Filesize
64KB

Download
memory/2000-759-0x00007FF699220000-0x00007FF699574000-memory.dmp

Filesize
3.3MB

Download
memory/2000-2117-0x00007FF699220000-0x00007FF699574000-memory.dmp

Filesize
3.3MB

Download
memory/2484-763-0x00007FF7F0950000-0x00007FF7F0CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-2121-0x00007FF7F0950000-0x00007FF7F0CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-771-0x00007FF7517C0000-0x00007FF751B14000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2126-0x00007FF7517C0000-0x00007FF751B14000-memory.dmp

Filesize
3.3MB

Download
memory/2748-752-0x00007FF62E290000-0x00007FF62E5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2118-0x00007FF62E290000-0x00007FF62E5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2135-0x00007FF7A6930000-0x00007FF7A6C84000-memory.dmp

Filesize
3.3MB

Download
memory/2816-837-0x00007FF7A6930000-0x00007FF7A6C84000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2119-0x00007FF78FFB0000-0x00007FF790304000-memory.dmp

Filesize
3.3MB

Download
memory/2840-737-0x00007FF78FFB0000-0x00007FF790304000-memory.dmp

Filesize
3.3MB

Download
memory/2892-822-0x00007FF737670000-0x00007FF7379C4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2134-0x00007FF737670000-0x00007FF7379C4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2108-0x00007FF6A4D70000-0x00007FF6A50C4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-29-0x00007FF6A4D70000-0x00007FF6A50C4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2114-0x00007FF6A4D70000-0x00007FF6A50C4000-memory.dmp

Filesize
3.3MB

Download
memory/3352-2136-0x00007FF644240000-0x00007FF644594000-memory.dmp

Filesize
3.3MB

Download
memory/3352-818-0x00007FF644240000-0x00007FF644594000-memory.dmp

Filesize
3.3MB

Download
memory/3620-787-0x00007FF7DDE40000-0x00007FF7DE194000-memory.dmp

Filesize
3.3MB

Download
memory/3620-2125-0x00007FF7DDE40000-0x00007FF7DE194000-memory.dmp

Filesize
3.3MB

Download
memory/4268-782-0x00007FF673330000-0x00007FF673684000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2123-0x00007FF673330000-0x00007FF673684000-memory.dmp

Filesize
3.3MB

Download
memory/4276-746-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp

Filesize
3.3MB

Download
memory/4276-2116-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp

Filesize
3.3MB

Download
memory/4476-793-0x00007FF60CBB0000-0x00007FF60CF04000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2128-0x00007FF60CBB0000-0x00007FF60CF04000-memory.dmp

Filesize
3.3MB

Download
memory/4528-810-0x00007FF625E20000-0x00007FF626174000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2127-0x00007FF625E20000-0x00007FF626174000-memory.dmp

Filesize
3.3MB

Download
memory/4552-807-0x00007FF69BD30000-0x00007FF69C084000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2133-0x00007FF69BD30000-0x00007FF69C084000-memory.dmp

Filesize
3.3MB

Download
memory/4596-788-0x00007FF6E1B10000-0x00007FF6E1E64000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2122-0x00007FF6E1B10000-0x00007FF6E1E64000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2107-0x00007FF77F400000-0x00007FF77F754000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2111-0x00007FF77F400000-0x00007FF77F754000-memory.dmp

Filesize
3.3MB

Download
memory/4816-21-0x00007FF77F400000-0x00007FF77F754000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2130-0x00007FF6759C0000-0x00007FF675D14000-memory.dmp

Filesize
3.3MB

Download
memory/4844-836-0x00007FF6759C0000-0x00007FF675D14000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2112-0x00007FF65FFC0000-0x00007FF660314000-memory.dmp

Filesize
3.3MB

Download
memory/4904-730-0x00007FF65FFC0000-0x00007FF660314000-memory.dmp

Filesize
3.3MB

Download
memory/4996-786-0x00007FF752740000-0x00007FF752A94000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2124-0x00007FF752740000-0x00007FF752A94000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads