xmrig | 2966fa8abc068897d33a1d5fb82da7354a06d41d7d71a2d950bbd5db2d4dd338

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
Size

2.1MB
MD5

8d3258c39485bb1b2b85e96b36168190
SHA1

583af1818524c5ac6f5dff2bd9b46fe18f7f1990
SHA256

2966fa8abc068897d33a1d5fb82da7354a06d41d7d71a2d950bbd5db2d4dd338
SHA512

1b7296233cd8481ac7836a6300a319c2c08b09945b513897d8f45e2d0edf214f613c69520ef8e78243fca6467101d830a247632cf12e7cb9556708bf2bab9cba
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxJTFlDbp2hKC:BemTLkNdfE0pZrQs

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4832-0-0x00007FF76CE30000-0x00007FF76D184000-memory.dmp	xmrig
behavioral2/files/0x000800000002341d-5.dat	xmrig
behavioral2/files/0x0007000000023421-12.dat	xmrig
behavioral2/files/0x0007000000023423-30.dat	xmrig
behavioral2/files/0x0007000000023422-29.dat	xmrig
behavioral2/files/0x0007000000023426-42.dat	xmrig
behavioral2/files/0x0007000000023427-41.dat	xmrig
behavioral2/files/0x0007000000023425-39.dat	xmrig
behavioral2/files/0x0007000000023424-34.dat	xmrig
behavioral2/files/0x0007000000023428-43.dat	xmrig
behavioral2/memory/2872-51-0x00007FF6C3E00000-0x00007FF6C4154000-memory.dmp	xmrig
behavioral2/memory/4844-52-0x00007FF6BD230000-0x00007FF6BD584000-memory.dmp	xmrig
behavioral2/memory/1636-53-0x00007FF7082E0000-0x00007FF708634000-memory.dmp	xmrig
behavioral2/memory/3204-56-0x00007FF66EA50000-0x00007FF66EDA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-57.dat	xmrig
behavioral2/files/0x000700000002342b-74.dat	xmrig
behavioral2/files/0x000700000002342d-84.dat	xmrig
behavioral2/files/0x000700000002342e-89.dat	xmrig
behavioral2/files/0x0007000000023430-99.dat	xmrig
behavioral2/files/0x0007000000023432-109.dat	xmrig
behavioral2/files/0x0007000000023433-113.dat	xmrig
behavioral2/files/0x0007000000023434-118.dat	xmrig
behavioral2/files/0x0007000000023435-140.dat	xmrig
behavioral2/files/0x000700000002343b-155.dat	xmrig
behavioral2/files/0x000700000002343a-164.dat	xmrig
behavioral2/memory/856-178-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp	xmrig
behavioral2/memory/3760-182-0x00007FF702580000-0x00007FF7028D4000-memory.dmp	xmrig
behavioral2/memory/4532-185-0x00007FF661DC0000-0x00007FF662114000-memory.dmp	xmrig
behavioral2/memory/4244-191-0x00007FF601B80000-0x00007FF601ED4000-memory.dmp	xmrig
behavioral2/memory/3412-190-0x00007FF7EAF30000-0x00007FF7EB284000-memory.dmp	xmrig
behavioral2/memory/4944-189-0x00007FF6A0610000-0x00007FF6A0964000-memory.dmp	xmrig
behavioral2/memory/4348-188-0x00007FF65F280000-0x00007FF65F5D4000-memory.dmp	xmrig
behavioral2/memory/4104-187-0x00007FF780740000-0x00007FF780A94000-memory.dmp	xmrig
behavioral2/memory/5012-186-0x00007FF6D06B0000-0x00007FF6D0A04000-memory.dmp	xmrig
behavioral2/memory/4748-184-0x00007FF6A7050000-0x00007FF6A73A4000-memory.dmp	xmrig
behavioral2/memory/2472-183-0x00007FF767520000-0x00007FF767874000-memory.dmp	xmrig
behavioral2/memory/3900-181-0x00007FF617070000-0x00007FF6173C4000-memory.dmp	xmrig
behavioral2/memory/1352-180-0x00007FF685EB0000-0x00007FF686204000-memory.dmp	xmrig
behavioral2/memory/3224-179-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp	xmrig
behavioral2/memory/2924-177-0x00007FF683410000-0x00007FF683764000-memory.dmp	xmrig
behavioral2/memory/4792-176-0x00007FF681840000-0x00007FF681B94000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-174.dat	xmrig
behavioral2/files/0x000700000002343d-172.dat	xmrig
behavioral2/memory/1448-171-0x00007FF6381C0000-0x00007FF638514000-memory.dmp	xmrig
behavioral2/memory/1348-170-0x00007FF7CB970000-0x00007FF7CBCC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-168.dat	xmrig
behavioral2/memory/1220-163-0x00007FF6E80C0000-0x00007FF6E8414000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-159.dat	xmrig
behavioral2/memory/3356-158-0x00007FF707240000-0x00007FF707594000-memory.dmp	xmrig
behavioral2/files/0x0007000000023438-148.dat	xmrig
behavioral2/files/0x0007000000023437-134.dat	xmrig
behavioral2/files/0x0007000000023436-132.dat	xmrig
behavioral2/memory/3712-130-0x00007FF680510000-0x00007FF680864000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-104.dat	xmrig
behavioral2/files/0x000700000002342f-94.dat	xmrig
behavioral2/files/0x000700000002342c-82.dat	xmrig
behavioral2/files/0x000700000002342a-72.dat	xmrig
behavioral2/files/0x000800000002341e-64.dat	xmrig
behavioral2/memory/1500-58-0x00007FF6B28E0000-0x00007FF6B2C34000-memory.dmp	xmrig
behavioral2/memory/2240-48-0x00007FF78C700000-0x00007FF78CA54000-memory.dmp	xmrig
behavioral2/memory/3064-28-0x00007FF6CBAB0000-0x00007FF6CBE04000-memory.dmp	xmrig
behavioral2/memory/3984-15-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp	xmrig
behavioral2/memory/4832-2151-0x00007FF76CE30000-0x00007FF76D184000-memory.dmp	xmrig
behavioral2/memory/3984-2152-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3984	nsbZHfi.exe
3064	KboPGXh.exe
1500	xOeufay.exe
2240	DlMBdBt.exe
2872	VFHgFbF.exe
4844	ksFaTVl.exe
3712	VtotAuh.exe
1636	jZCixwd.exe
3204	BMvDmvu.exe
4348	oroQUbz.exe
4944	HwaivlW.exe
3356	GpYDaiL.exe
1220	njBdkiC.exe
1348	ztNuOEO.exe
1448	kmPjIiF.exe
4792	wFiujlU.exe
2924	DHMhfFI.exe
856	HjMikSD.exe
3224	ZdPSrEz.exe
1352	aYdDvXQ.exe
3900	nFLtXGK.exe
3760	fpvcxsO.exe
2472	TQHIVkO.exe
4748	iHwAMxH.exe
4532	OwMOlRG.exe
3412	JNhPuhg.exe
5012	lzTIhkT.exe
4244	bRyBxMK.exe
4104	bZhCuPn.exe
868	vrBcTXq.exe
5020	HJdKOvs.exe
3596	ajamBRp.exe
3308	jkpmaHa.exe
4376	UOceqNf.exe
2304	IQTTuNc.exe
1044	JIRoPyG.exe
916	bNwaljR.exe
4732	eOpVRUa.exe
4768	dEMMiAS.exe
4472	bSVAZEY.exe
2744	dJlQFFA.exe
860	OAZhIsy.exe
4224	ubRpnOq.exe
4312	QUGHDoz.exe
5000	PJuwZAT.exe
3668	lEsnIfg.exe
4276	bKPnfLK.exe
4644	KBWreiG.exe
4580	ZJPttSo.exe
2208	FQAhyaw.exe
556	JxdGImx.exe
3296	UuvmtCX.exe
1984	knbqsFx.exe
520	wkkOSsj.exe
3080	znCwiQP.exe
4756	DhYBJll.exe
3052	biRuHFZ.exe
3548	RMRmpwZ.exe
3056	yocIFrM.exe
1704	VXzZQAh.exe
4596	mcmKQvD.exe
1572	zDFVlxI.exe
4292	xSuBxxt.exe
4520	DeFhtpC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4832-0-0x00007FF76CE30000-0x00007FF76D184000-memory.dmp	upx
behavioral2/files/0x000800000002341d-5.dat	upx
behavioral2/files/0x0007000000023421-12.dat	upx
behavioral2/files/0x0007000000023423-30.dat	upx
behavioral2/files/0x0007000000023422-29.dat	upx
behavioral2/files/0x0007000000023426-42.dat	upx
behavioral2/files/0x0007000000023427-41.dat	upx
behavioral2/files/0x0007000000023425-39.dat	upx
behavioral2/files/0x0007000000023424-34.dat	upx
behavioral2/files/0x0007000000023428-43.dat	upx
behavioral2/memory/2872-51-0x00007FF6C3E00000-0x00007FF6C4154000-memory.dmp	upx
behavioral2/memory/4844-52-0x00007FF6BD230000-0x00007FF6BD584000-memory.dmp	upx
behavioral2/memory/1636-53-0x00007FF7082E0000-0x00007FF708634000-memory.dmp	upx
behavioral2/memory/3204-56-0x00007FF66EA50000-0x00007FF66EDA4000-memory.dmp	upx
behavioral2/files/0x0007000000023429-57.dat	upx
behavioral2/files/0x000700000002342b-74.dat	upx
behavioral2/files/0x000700000002342d-84.dat	upx
behavioral2/files/0x000700000002342e-89.dat	upx
behavioral2/files/0x0007000000023430-99.dat	upx
behavioral2/files/0x0007000000023432-109.dat	upx
behavioral2/files/0x0007000000023433-113.dat	upx
behavioral2/files/0x0007000000023434-118.dat	upx
behavioral2/files/0x0007000000023435-140.dat	upx
behavioral2/files/0x000700000002343b-155.dat	upx
behavioral2/files/0x000700000002343a-164.dat	upx
behavioral2/memory/856-178-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp	upx
behavioral2/memory/3760-182-0x00007FF702580000-0x00007FF7028D4000-memory.dmp	upx
behavioral2/memory/4532-185-0x00007FF661DC0000-0x00007FF662114000-memory.dmp	upx
behavioral2/memory/4244-191-0x00007FF601B80000-0x00007FF601ED4000-memory.dmp	upx
behavioral2/memory/3412-190-0x00007FF7EAF30000-0x00007FF7EB284000-memory.dmp	upx
behavioral2/memory/4944-189-0x00007FF6A0610000-0x00007FF6A0964000-memory.dmp	upx
behavioral2/memory/4348-188-0x00007FF65F280000-0x00007FF65F5D4000-memory.dmp	upx
behavioral2/memory/4104-187-0x00007FF780740000-0x00007FF780A94000-memory.dmp	upx
behavioral2/memory/5012-186-0x00007FF6D06B0000-0x00007FF6D0A04000-memory.dmp	upx
behavioral2/memory/4748-184-0x00007FF6A7050000-0x00007FF6A73A4000-memory.dmp	upx
behavioral2/memory/2472-183-0x00007FF767520000-0x00007FF767874000-memory.dmp	upx
behavioral2/memory/3900-181-0x00007FF617070000-0x00007FF6173C4000-memory.dmp	upx
behavioral2/memory/1352-180-0x00007FF685EB0000-0x00007FF686204000-memory.dmp	upx
behavioral2/memory/3224-179-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp	upx
behavioral2/memory/2924-177-0x00007FF683410000-0x00007FF683764000-memory.dmp	upx
behavioral2/memory/4792-176-0x00007FF681840000-0x00007FF681B94000-memory.dmp	upx
behavioral2/files/0x000700000002343e-174.dat	upx
behavioral2/files/0x000700000002343d-172.dat	upx
behavioral2/memory/1448-171-0x00007FF6381C0000-0x00007FF638514000-memory.dmp	upx
behavioral2/memory/1348-170-0x00007FF7CB970000-0x00007FF7CBCC4000-memory.dmp	upx
behavioral2/files/0x000700000002343c-168.dat	upx
behavioral2/memory/1220-163-0x00007FF6E80C0000-0x00007FF6E8414000-memory.dmp	upx
behavioral2/files/0x0007000000023439-159.dat	upx
behavioral2/memory/3356-158-0x00007FF707240000-0x00007FF707594000-memory.dmp	upx
behavioral2/files/0x0007000000023438-148.dat	upx
behavioral2/files/0x0007000000023437-134.dat	upx
behavioral2/files/0x0007000000023436-132.dat	upx
behavioral2/memory/3712-130-0x00007FF680510000-0x00007FF680864000-memory.dmp	upx
behavioral2/files/0x0007000000023431-104.dat	upx
behavioral2/files/0x000700000002342f-94.dat	upx
behavioral2/files/0x000700000002342c-82.dat	upx
behavioral2/files/0x000700000002342a-72.dat	upx
behavioral2/files/0x000800000002341e-64.dat	upx
behavioral2/memory/1500-58-0x00007FF6B28E0000-0x00007FF6B2C34000-memory.dmp	upx
behavioral2/memory/2240-48-0x00007FF78C700000-0x00007FF78CA54000-memory.dmp	upx
behavioral2/memory/3064-28-0x00007FF6CBAB0000-0x00007FF6CBE04000-memory.dmp	upx
behavioral2/memory/3984-15-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp	upx
behavioral2/memory/4832-2151-0x00007FF76CE30000-0x00007FF76D184000-memory.dmp	upx
behavioral2/memory/3984-2152-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EwgcEhP.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\KRqwERO.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\fIiEOtj.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\IHSnImU.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\RzidRgs.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\pEdAyWu.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\biRuHFZ.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\yOcEslW.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\TEDkLlG.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\hqCfYDn.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\JcFHdxj.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\fpUOeQU.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\EmAivIa.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\fCHsSTH.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\VvexHjn.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\CgwegDj.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\yTTNuwN.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\IQTTuNc.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\eOpVRUa.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\hvxMmJr.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\ayPSGOY.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\RVDPFOj.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\wPFzrJL.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\BsCkyfF.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\vOCTKxr.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\lBcjdpY.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\BVVxyAK.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\PyLtCiw.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\Ycnbero.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\rCgACdg.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\mUvUHRp.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\ooNAIng.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\FfqnOfD.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\aEDbKOX.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\MYEapAK.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\MqrORfn.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\bjpVeoL.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\lbASyvt.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\sSmtkcd.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\PbADYle.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\EuHjDlZ.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\CBdFmGQ.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\WucwEha.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\nbDPTQK.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\jiQkVye.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\HbacTEE.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\PeKdxrk.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\sSNwbKM.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\jdQVZCh.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\TiSlRzf.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\AHBwbFz.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\aPWMIvR.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\AAMxnps.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\pgcLmIM.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\tLgvGke.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\PhmzsBO.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\GeylJOg.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\ysccgSE.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\FkBmqPm.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\RBPYSec.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\PnQmsLC.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\KNGQOCF.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\fjqPFLh.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
File created	C:\Windows\System\LeazCwH.exe	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4608	dwm.exe
Token: SeChangeNotifyPrivilege	4608	dwm.exe
Token: 33	4608	dwm.exe
Token: SeIncBasePriorityPrivilege	4608	dwm.exe
Token: SeShutdownPrivilege	4608	dwm.exe
Token: SeCreatePagefilePrivilege	4608	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 3984	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	84
PID 4832 wrote to memory of 3984	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	84
PID 4832 wrote to memory of 3064	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	85
PID 4832 wrote to memory of 3064	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	85
PID 4832 wrote to memory of 1500	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	86
PID 4832 wrote to memory of 1500	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	86
PID 4832 wrote to memory of 2240	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	87
PID 4832 wrote to memory of 2240	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	87
PID 4832 wrote to memory of 2872	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	88
PID 4832 wrote to memory of 2872	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	88
PID 4832 wrote to memory of 4844	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	89
PID 4832 wrote to memory of 4844	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	89
PID 4832 wrote to memory of 1636	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	90
PID 4832 wrote to memory of 1636	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	90
PID 4832 wrote to memory of 3712	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	91
PID 4832 wrote to memory of 3712	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	91
PID 4832 wrote to memory of 3204	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	92
PID 4832 wrote to memory of 3204	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	92
PID 4832 wrote to memory of 4348	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	93
PID 4832 wrote to memory of 4348	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	93
PID 4832 wrote to memory of 4944	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	94
PID 4832 wrote to memory of 4944	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	94
PID 4832 wrote to memory of 3356	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	95
PID 4832 wrote to memory of 3356	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	95
PID 4832 wrote to memory of 1220	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	96
PID 4832 wrote to memory of 1220	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	96
PID 4832 wrote to memory of 1348	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	97
PID 4832 wrote to memory of 1348	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	97
PID 4832 wrote to memory of 1448	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	98
PID 4832 wrote to memory of 1448	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	98
PID 4832 wrote to memory of 4792	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	99
PID 4832 wrote to memory of 4792	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	99
PID 4832 wrote to memory of 2924	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	100
PID 4832 wrote to memory of 2924	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	100
PID 4832 wrote to memory of 856	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	101
PID 4832 wrote to memory of 856	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	101
PID 4832 wrote to memory of 3224	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	102
PID 4832 wrote to memory of 3224	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	102
PID 4832 wrote to memory of 1352	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	103
PID 4832 wrote to memory of 1352	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	103
PID 4832 wrote to memory of 3900	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	104
PID 4832 wrote to memory of 3900	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	104
PID 4832 wrote to memory of 3760	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	105
PID 4832 wrote to memory of 3760	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	105
PID 4832 wrote to memory of 2472	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	106
PID 4832 wrote to memory of 2472	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	106
PID 4832 wrote to memory of 4748	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	107
PID 4832 wrote to memory of 4748	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	107
PID 4832 wrote to memory of 4532	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	108
PID 4832 wrote to memory of 4532	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	108
PID 4832 wrote to memory of 3412	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	109
PID 4832 wrote to memory of 3412	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	109
PID 4832 wrote to memory of 5012	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	110
PID 4832 wrote to memory of 5012	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	110
PID 4832 wrote to memory of 4244	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	111
PID 4832 wrote to memory of 4244	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	111
PID 4832 wrote to memory of 4104	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	112
PID 4832 wrote to memory of 4104	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	112
PID 4832 wrote to memory of 868	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	113
PID 4832 wrote to memory of 868	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	113
PID 4832 wrote to memory of 5020	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	114
PID 4832 wrote to memory of 5020	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	114
PID 4832 wrote to memory of 3596	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	115
PID 4832 wrote to memory of 3596	4832	8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d3258c39485bb1b2b85e96b36168190_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\System\nsbZHfi.exe
  C:\Windows\System\nsbZHfi.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\KboPGXh.exe
  C:\Windows\System\KboPGXh.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\xOeufay.exe
  C:\Windows\System\xOeufay.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\DlMBdBt.exe
  C:\Windows\System\DlMBdBt.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\VFHgFbF.exe
  C:\Windows\System\VFHgFbF.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ksFaTVl.exe
  C:\Windows\System\ksFaTVl.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\jZCixwd.exe
  C:\Windows\System\jZCixwd.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\VtotAuh.exe
  C:\Windows\System\VtotAuh.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\BMvDmvu.exe
  C:\Windows\System\BMvDmvu.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\oroQUbz.exe
  C:\Windows\System\oroQUbz.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\HwaivlW.exe
  C:\Windows\System\HwaivlW.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\GpYDaiL.exe
  C:\Windows\System\GpYDaiL.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\njBdkiC.exe
  C:\Windows\System\njBdkiC.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\ztNuOEO.exe
  C:\Windows\System\ztNuOEO.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\kmPjIiF.exe
  C:\Windows\System\kmPjIiF.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\wFiujlU.exe
  C:\Windows\System\wFiujlU.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\DHMhfFI.exe
  C:\Windows\System\DHMhfFI.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\HjMikSD.exe
  C:\Windows\System\HjMikSD.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\ZdPSrEz.exe
  C:\Windows\System\ZdPSrEz.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\aYdDvXQ.exe
  C:\Windows\System\aYdDvXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\nFLtXGK.exe
  C:\Windows\System\nFLtXGK.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\fpvcxsO.exe
  C:\Windows\System\fpvcxsO.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\TQHIVkO.exe
  C:\Windows\System\TQHIVkO.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\iHwAMxH.exe
  C:\Windows\System\iHwAMxH.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\OwMOlRG.exe
  C:\Windows\System\OwMOlRG.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\JNhPuhg.exe
  C:\Windows\System\JNhPuhg.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\lzTIhkT.exe
  C:\Windows\System\lzTIhkT.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\bRyBxMK.exe
  C:\Windows\System\bRyBxMK.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\bZhCuPn.exe
  C:\Windows\System\bZhCuPn.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\vrBcTXq.exe
  C:\Windows\System\vrBcTXq.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\HJdKOvs.exe
  C:\Windows\System\HJdKOvs.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\ajamBRp.exe
  C:\Windows\System\ajamBRp.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\jkpmaHa.exe
  C:\Windows\System\jkpmaHa.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\UOceqNf.exe
  C:\Windows\System\UOceqNf.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\IQTTuNc.exe
  C:\Windows\System\IQTTuNc.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\JIRoPyG.exe
  C:\Windows\System\JIRoPyG.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\bNwaljR.exe
  C:\Windows\System\bNwaljR.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\eOpVRUa.exe
  C:\Windows\System\eOpVRUa.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\dEMMiAS.exe
  C:\Windows\System\dEMMiAS.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\bSVAZEY.exe
  C:\Windows\System\bSVAZEY.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\dJlQFFA.exe
  C:\Windows\System\dJlQFFA.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\OAZhIsy.exe
  C:\Windows\System\OAZhIsy.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\ubRpnOq.exe
  C:\Windows\System\ubRpnOq.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\QUGHDoz.exe
  C:\Windows\System\QUGHDoz.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\PJuwZAT.exe
  C:\Windows\System\PJuwZAT.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\lEsnIfg.exe
  C:\Windows\System\lEsnIfg.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\bKPnfLK.exe
  C:\Windows\System\bKPnfLK.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\KBWreiG.exe
  C:\Windows\System\KBWreiG.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\ZJPttSo.exe
  C:\Windows\System\ZJPttSo.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\FQAhyaw.exe
  C:\Windows\System\FQAhyaw.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\JxdGImx.exe
  C:\Windows\System\JxdGImx.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\UuvmtCX.exe
  C:\Windows\System\UuvmtCX.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\knbqsFx.exe
  C:\Windows\System\knbqsFx.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\wkkOSsj.exe
  C:\Windows\System\wkkOSsj.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\znCwiQP.exe
  C:\Windows\System\znCwiQP.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\DhYBJll.exe
  C:\Windows\System\DhYBJll.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\biRuHFZ.exe
  C:\Windows\System\biRuHFZ.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\RMRmpwZ.exe
  C:\Windows\System\RMRmpwZ.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\yocIFrM.exe
  C:\Windows\System\yocIFrM.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\VXzZQAh.exe
  C:\Windows\System\VXzZQAh.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\mcmKQvD.exe
  C:\Windows\System\mcmKQvD.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\zDFVlxI.exe
  C:\Windows\System\zDFVlxI.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\xSuBxxt.exe
  C:\Windows\System\xSuBxxt.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\DeFhtpC.exe
  C:\Windows\System\DeFhtpC.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\JkxqVXO.exe
  C:\Windows\System\JkxqVXO.exe
  2⤵
  PID:1688
- C:\Windows\System\uVRXWIj.exe
  C:\Windows\System\uVRXWIj.exe
  2⤵
  PID:3200
- C:\Windows\System\XNxIHgB.exe
  C:\Windows\System\XNxIHgB.exe
  2⤵
  PID:624
- C:\Windows\System\ljHllaw.exe
  C:\Windows\System\ljHllaw.exe
  2⤵
  PID:3328
- C:\Windows\System\QwgqPvQ.exe
  C:\Windows\System\QwgqPvQ.exe
  2⤵
  PID:3100
- C:\Windows\System\uviXXWL.exe
  C:\Windows\System\uviXXWL.exe
  2⤵
  PID:1940
- C:\Windows\System\vtzUyvr.exe
  C:\Windows\System\vtzUyvr.exe
  2⤵
  PID:5124
- C:\Windows\System\rdkBOgL.exe
  C:\Windows\System\rdkBOgL.exe
  2⤵
  PID:5144
- C:\Windows\System\UyOgiIe.exe
  C:\Windows\System\UyOgiIe.exe
  2⤵
  PID:5160
- C:\Windows\System\OKxOMyh.exe
  C:\Windows\System\OKxOMyh.exe
  2⤵
  PID:5176
- C:\Windows\System\QiUumCc.exe
  C:\Windows\System\QiUumCc.exe
  2⤵
  PID:5192
- C:\Windows\System\BuQBvOW.exe
  C:\Windows\System\BuQBvOW.exe
  2⤵
  PID:5208
- C:\Windows\System\PnQmsLC.exe
  C:\Windows\System\PnQmsLC.exe
  2⤵
  PID:5224
- C:\Windows\System\NQWvzSs.exe
  C:\Windows\System\NQWvzSs.exe
  2⤵
  PID:5244
- C:\Windows\System\qEDgtNF.exe
  C:\Windows\System\qEDgtNF.exe
  2⤵
  PID:5428
- C:\Windows\System\muXkdYP.exe
  C:\Windows\System\muXkdYP.exe
  2⤵
  PID:5444
- C:\Windows\System\jNZaiqx.exe
  C:\Windows\System\jNZaiqx.exe
  2⤵
  PID:5480
- C:\Windows\System\MHiqMta.exe
  C:\Windows\System\MHiqMta.exe
  2⤵
  PID:5496
- C:\Windows\System\bzxbJuv.exe
  C:\Windows\System\bzxbJuv.exe
  2⤵
  PID:5516
- C:\Windows\System\dtBNWHb.exe
  C:\Windows\System\dtBNWHb.exe
  2⤵
  PID:5532
- C:\Windows\System\ejYLAWk.exe
  C:\Windows\System\ejYLAWk.exe
  2⤵
  PID:5548
- C:\Windows\System\gQIteWO.exe
  C:\Windows\System\gQIteWO.exe
  2⤵
  PID:5572
- C:\Windows\System\WucwEha.exe
  C:\Windows\System\WucwEha.exe
  2⤵
  PID:5588
- C:\Windows\System\wAFgpox.exe
  C:\Windows\System\wAFgpox.exe
  2⤵
  PID:5692
- C:\Windows\System\onzwDoo.exe
  C:\Windows\System\onzwDoo.exe
  2⤵
  PID:5712
- C:\Windows\System\tyEDqvD.exe
  C:\Windows\System\tyEDqvD.exe
  2⤵
  PID:5732
- C:\Windows\System\zbfQtnd.exe
  C:\Windows\System\zbfQtnd.exe
  2⤵
  PID:5748
- C:\Windows\System\FMKwJCg.exe
  C:\Windows\System\FMKwJCg.exe
  2⤵
  PID:5764
- C:\Windows\System\vOCTKxr.exe
  C:\Windows\System\vOCTKxr.exe
  2⤵
  PID:5800
- C:\Windows\System\gAmleDC.exe
  C:\Windows\System\gAmleDC.exe
  2⤵
  PID:5828
- C:\Windows\System\lwFTkji.exe
  C:\Windows\System\lwFTkji.exe
  2⤵
  PID:5860
- C:\Windows\System\TUPfaEQ.exe
  C:\Windows\System\TUPfaEQ.exe
  2⤵
  PID:5880
- C:\Windows\System\oITEYry.exe
  C:\Windows\System\oITEYry.exe
  2⤵
  PID:5908
- C:\Windows\System\UkdYPoD.exe
  C:\Windows\System\UkdYPoD.exe
  2⤵
  PID:5956
- C:\Windows\System\HbacTEE.exe
  C:\Windows\System\HbacTEE.exe
  2⤵
  PID:6004
- C:\Windows\System\OqExPTm.exe
  C:\Windows\System\OqExPTm.exe
  2⤵
  PID:6024
- C:\Windows\System\sqnESGw.exe
  C:\Windows\System\sqnESGw.exe
  2⤵
  PID:6048
- C:\Windows\System\PcyIlBt.exe
  C:\Windows\System\PcyIlBt.exe
  2⤵
  PID:6076
- C:\Windows\System\acLWReO.exe
  C:\Windows\System\acLWReO.exe
  2⤵
  PID:6100
- C:\Windows\System\hqNeTqE.exe
  C:\Windows\System\hqNeTqE.exe
  2⤵
  PID:6132
- C:\Windows\System\tjNRwkO.exe
  C:\Windows\System\tjNRwkO.exe
  2⤵
  PID:1412
- C:\Windows\System\ieZIXmI.exe
  C:\Windows\System\ieZIXmI.exe
  2⤵
  PID:1444
- C:\Windows\System\EPGYOOn.exe
  C:\Windows\System\EPGYOOn.exe
  2⤵
  PID:5028
- C:\Windows\System\HyDkveF.exe
  C:\Windows\System\HyDkveF.exe
  2⤵
  PID:2540
- C:\Windows\System\KNGQOCF.exe
  C:\Windows\System\KNGQOCF.exe
  2⤵
  PID:3528
- C:\Windows\System\MAXzfjE.exe
  C:\Windows\System\MAXzfjE.exe
  2⤵
  PID:2140
- C:\Windows\System\VYLCRtP.exe
  C:\Windows\System\VYLCRtP.exe
  2⤵
  PID:1344
- C:\Windows\System\CrupUfM.exe
  C:\Windows\System\CrupUfM.exe
  2⤵
  PID:5172
- C:\Windows\System\FVPTwLR.exe
  C:\Windows\System\FVPTwLR.exe
  2⤵
  PID:5236
- C:\Windows\System\iDXIKGc.exe
  C:\Windows\System\iDXIKGc.exe
  2⤵
  PID:5328
- C:\Windows\System\LnkNOMa.exe
  C:\Windows\System\LnkNOMa.exe
  2⤵
  PID:1972
- C:\Windows\System\tinAkyK.exe
  C:\Windows\System\tinAkyK.exe
  2⤵
  PID:3048
- C:\Windows\System\VcqIMXm.exe
  C:\Windows\System\VcqIMXm.exe
  2⤵
  PID:5436
- C:\Windows\System\navcnbb.exe
  C:\Windows\System\navcnbb.exe
  2⤵
  PID:5456
- C:\Windows\System\LRxTbvm.exe
  C:\Windows\System\LRxTbvm.exe
  2⤵
  PID:5564
- C:\Windows\System\KeRbrcE.exe
  C:\Windows\System\KeRbrcE.exe
  2⤵
  PID:4204
- C:\Windows\System\CqRIDmi.exe
  C:\Windows\System\CqRIDmi.exe
  2⤵
  PID:4488
- C:\Windows\System\nDvmcRs.exe
  C:\Windows\System\nDvmcRs.exe
  2⤵
  PID:4680
- C:\Windows\System\yOcEslW.exe
  C:\Windows\System\yOcEslW.exe
  2⤵
  PID:4476
- C:\Windows\System\ImkTGQt.exe
  C:\Windows\System\ImkTGQt.exe
  2⤵
  PID:4808
- C:\Windows\System\nSTSBKp.exe
  C:\Windows\System\nSTSBKp.exe
  2⤵
  PID:4740
- C:\Windows\System\yEIeGzi.exe
  C:\Windows\System\yEIeGzi.exe
  2⤵
  PID:4216
- C:\Windows\System\VYFvXcT.exe
  C:\Windows\System\VYFvXcT.exe
  2⤵
  PID:5708
- C:\Windows\System\LoVuNSv.exe
  C:\Windows\System\LoVuNSv.exe
  2⤵
  PID:5760
- C:\Windows\System\VvexHjn.exe
  C:\Windows\System\VvexHjn.exe
  2⤵
  PID:5812
- C:\Windows\System\aPWMIvR.exe
  C:\Windows\System\aPWMIvR.exe
  2⤵
  PID:5820
- C:\Windows\System\SosgKoK.exe
  C:\Windows\System\SosgKoK.exe
  2⤵
  PID:5952
- C:\Windows\System\lEGUBPR.exe
  C:\Windows\System\lEGUBPR.exe
  2⤵
  PID:6044
- C:\Windows\System\HCFdvQB.exe
  C:\Windows\System\HCFdvQB.exe
  2⤵
  PID:6092
- C:\Windows\System\aEfDPgq.exe
  C:\Windows\System\aEfDPgq.exe
  2⤵
  PID:4604
- C:\Windows\System\NaQJHzx.exe
  C:\Windows\System\NaQJHzx.exe
  2⤵
  PID:212
- C:\Windows\System\NdUBdPl.exe
  C:\Windows\System\NdUBdPl.exe
  2⤵
  PID:728
- C:\Windows\System\ZZgcGdY.exe
  C:\Windows\System\ZZgcGdY.exe
  2⤵
  PID:5292
- C:\Windows\System\MqrORfn.exe
  C:\Windows\System\MqrORfn.exe
  2⤵
  PID:5376
- C:\Windows\System\AAMxnps.exe
  C:\Windows\System\AAMxnps.exe
  2⤵
  PID:5452
- C:\Windows\System\iBTFtZT.exe
  C:\Windows\System\iBTFtZT.exe
  2⤵
  PID:5604
- C:\Windows\System\GDAgPeS.exe
  C:\Windows\System\GDAgPeS.exe
  2⤵
  PID:1564
- C:\Windows\System\JNTzBEq.exe
  C:\Windows\System\JNTzBEq.exe
  2⤵
  PID:3508
- C:\Windows\System\nlTASrb.exe
  C:\Windows\System\nlTASrb.exe
  2⤵
  PID:3380
- C:\Windows\System\vqayuki.exe
  C:\Windows\System\vqayuki.exe
  2⤵
  PID:1496
- C:\Windows\System\aXdlBzD.exe
  C:\Windows\System\aXdlBzD.exe
  2⤵
  PID:5792
- C:\Windows\System\NNlTFKH.exe
  C:\Windows\System\NNlTFKH.exe
  2⤵
  PID:2284
- C:\Windows\System\wxIpZtO.exe
  C:\Windows\System\wxIpZtO.exe
  2⤵
  PID:5920
- C:\Windows\System\qoEFhTv.exe
  C:\Windows\System\qoEFhTv.exe
  2⤵
  PID:5596
- C:\Windows\System\MSxQHfA.exe
  C:\Windows\System\MSxQHfA.exe
  2⤵
  PID:2344
- C:\Windows\System\uOTsLBC.exe
  C:\Windows\System\uOTsLBC.exe
  2⤵
  PID:5152
- C:\Windows\System\zAFlbGj.exe
  C:\Windows\System\zAFlbGj.exe
  2⤵
  PID:1004
- C:\Windows\System\TEDkLlG.exe
  C:\Windows\System\TEDkLlG.exe
  2⤵
  PID:3828
- C:\Windows\System\JANBGLT.exe
  C:\Windows\System\JANBGLT.exe
  2⤵
  PID:4452
- C:\Windows\System\VHhfkyO.exe
  C:\Windows\System\VHhfkyO.exe
  2⤵
  PID:4416
- C:\Windows\System\GqZlvQa.exe
  C:\Windows\System\GqZlvQa.exe
  2⤵
  PID:4776
- C:\Windows\System\hsVNhzH.exe
  C:\Windows\System\hsVNhzH.exe
  2⤵
  PID:2044
- C:\Windows\System\QPvtwWj.exe
  C:\Windows\System\QPvtwWj.exe
  2⤵
  PID:4436
- C:\Windows\System\EarZliD.exe
  C:\Windows\System\EarZliD.exe
  2⤵
  PID:4132
- C:\Windows\System\sUvGvCY.exe
  C:\Windows\System\sUvGvCY.exe
  2⤵
  PID:3332
- C:\Windows\System\lwCsVdJ.exe
  C:\Windows\System\lwCsVdJ.exe
  2⤵
  PID:6168
- C:\Windows\System\vBvNeLg.exe
  C:\Windows\System\vBvNeLg.exe
  2⤵
  PID:6200
- C:\Windows\System\IWoDPkK.exe
  C:\Windows\System\IWoDPkK.exe
  2⤵
  PID:6224
- C:\Windows\System\dJbSvIz.exe
  C:\Windows\System\dJbSvIz.exe
  2⤵
  PID:6252
- C:\Windows\System\CByZrsE.exe
  C:\Windows\System\CByZrsE.exe
  2⤵
  PID:6280
- C:\Windows\System\RKinCpF.exe
  C:\Windows\System\RKinCpF.exe
  2⤵
  PID:6320
- C:\Windows\System\ugStBGB.exe
  C:\Windows\System\ugStBGB.exe
  2⤵
  PID:6344
- C:\Windows\System\EvpCMvo.exe
  C:\Windows\System\EvpCMvo.exe
  2⤵
  PID:6372
- C:\Windows\System\LlicbyG.exe
  C:\Windows\System\LlicbyG.exe
  2⤵
  PID:6408
- C:\Windows\System\LwlAGzS.exe
  C:\Windows\System\LwlAGzS.exe
  2⤵
  PID:6444
- C:\Windows\System\jqqgoRt.exe
  C:\Windows\System\jqqgoRt.exe
  2⤵
  PID:6468
- C:\Windows\System\ijUcecn.exe
  C:\Windows\System\ijUcecn.exe
  2⤵
  PID:6500
- C:\Windows\System\BeQoLPo.exe
  C:\Windows\System\BeQoLPo.exe
  2⤵
  PID:6528
- C:\Windows\System\udbAaGq.exe
  C:\Windows\System\udbAaGq.exe
  2⤵
  PID:6556
- C:\Windows\System\ZGGazqi.exe
  C:\Windows\System\ZGGazqi.exe
  2⤵
  PID:6592
- C:\Windows\System\tbyfynZ.exe
  C:\Windows\System\tbyfynZ.exe
  2⤵
  PID:6612
- C:\Windows\System\KiPwnzO.exe
  C:\Windows\System\KiPwnzO.exe
  2⤵
  PID:6640
- C:\Windows\System\SnKDcAQ.exe
  C:\Windows\System\SnKDcAQ.exe
  2⤵
  PID:6672
- C:\Windows\System\PyejJID.exe
  C:\Windows\System\PyejJID.exe
  2⤵
  PID:6700
- C:\Windows\System\EEnRTsb.exe
  C:\Windows\System\EEnRTsb.exe
  2⤵
  PID:6728
- C:\Windows\System\REpmsmy.exe
  C:\Windows\System\REpmsmy.exe
  2⤵
  PID:6756
- C:\Windows\System\lQyiqIO.exe
  C:\Windows\System\lQyiqIO.exe
  2⤵
  PID:6784
- C:\Windows\System\NvGxMdA.exe
  C:\Windows\System\NvGxMdA.exe
  2⤵
  PID:6816
- C:\Windows\System\iADsceK.exe
  C:\Windows\System\iADsceK.exe
  2⤵
  PID:6844
- C:\Windows\System\pHYVDuX.exe
  C:\Windows\System\pHYVDuX.exe
  2⤵
  PID:6872
- C:\Windows\System\ooNAIng.exe
  C:\Windows\System\ooNAIng.exe
  2⤵
  PID:6900
- C:\Windows\System\BeiqFzu.exe
  C:\Windows\System\BeiqFzu.exe
  2⤵
  PID:6928
- C:\Windows\System\CHkJNBb.exe
  C:\Windows\System\CHkJNBb.exe
  2⤵
  PID:6956
- C:\Windows\System\RLMfsTm.exe
  C:\Windows\System\RLMfsTm.exe
  2⤵
  PID:6984
- C:\Windows\System\bCNOwPm.exe
  C:\Windows\System\bCNOwPm.exe
  2⤵
  PID:7012
- C:\Windows\System\bXuaUsC.exe
  C:\Windows\System\bXuaUsC.exe
  2⤵
  PID:7044
- C:\Windows\System\AYbcqTm.exe
  C:\Windows\System\AYbcqTm.exe
  2⤵
  PID:7068
- C:\Windows\System\OKeELig.exe
  C:\Windows\System\OKeELig.exe
  2⤵
  PID:7096
- C:\Windows\System\fjqPFLh.exe
  C:\Windows\System\fjqPFLh.exe
  2⤵
  PID:7124
- C:\Windows\System\GAZtswe.exe
  C:\Windows\System\GAZtswe.exe
  2⤵
  PID:7152
- C:\Windows\System\hvxMmJr.exe
  C:\Windows\System\hvxMmJr.exe
  2⤵
  PID:6176
- C:\Windows\System\cqzJxED.exe
  C:\Windows\System\cqzJxED.exe
  2⤵
  PID:6244
- C:\Windows\System\FsvAKaq.exe
  C:\Windows\System\FsvAKaq.exe
  2⤵
  PID:6300
- C:\Windows\System\MXzBjRz.exe
  C:\Windows\System\MXzBjRz.exe
  2⤵
  PID:6368
- C:\Windows\System\NNblYNa.exe
  C:\Windows\System\NNblYNa.exe
  2⤵
  PID:6420
- C:\Windows\System\bEmhSQx.exe
  C:\Windows\System\bEmhSQx.exe
  2⤵
  PID:6484
- C:\Windows\System\kiVTnCC.exe
  C:\Windows\System\kiVTnCC.exe
  2⤵
  PID:6548
- C:\Windows\System\OkWaRNf.exe
  C:\Windows\System\OkWaRNf.exe
  2⤵
  PID:6604
- C:\Windows\System\slYWjhg.exe
  C:\Windows\System\slYWjhg.exe
  2⤵
  PID:6684
- C:\Windows\System\pNpwLlF.exe
  C:\Windows\System\pNpwLlF.exe
  2⤵
  PID:6768
- C:\Windows\System\unRrcul.exe
  C:\Windows\System\unRrcul.exe
  2⤵
  PID:6832
- C:\Windows\System\InzVqdG.exe
  C:\Windows\System\InzVqdG.exe
  2⤵
  PID:6892
- C:\Windows\System\WzeSItd.exe
  C:\Windows\System\WzeSItd.exe
  2⤵
  PID:6976
- C:\Windows\System\BGVNsSj.exe
  C:\Windows\System\BGVNsSj.exe
  2⤵
  PID:7032
- C:\Windows\System\CgwegDj.exe
  C:\Windows\System\CgwegDj.exe
  2⤵
  PID:7116
- C:\Windows\System\OINMNEQ.exe
  C:\Windows\System\OINMNEQ.exe
  2⤵
  PID:6216
- C:\Windows\System\GWUXfdJ.exe
  C:\Windows\System\GWUXfdJ.exe
  2⤵
  PID:6340
- C:\Windows\System\tRnvEzQ.exe
  C:\Windows\System\tRnvEzQ.exe
  2⤵
  PID:6464
- C:\Windows\System\zYIXBqg.exe
  C:\Windows\System\zYIXBqg.exe
  2⤵
  PID:6652
- C:\Windows\System\LdRCUrg.exe
  C:\Windows\System\LdRCUrg.exe
  2⤵
  PID:6656
- C:\Windows\System\HREWyXJ.exe
  C:\Windows\System\HREWyXJ.exe
  2⤵
  PID:6868
- C:\Windows\System\mJBBYDG.exe
  C:\Windows\System\mJBBYDG.exe
  2⤵
  PID:6724
- C:\Windows\System\wSqAQiA.exe
  C:\Windows\System\wSqAQiA.exe
  2⤵
  PID:7024
- C:\Windows\System\BAysYLf.exe
  C:\Windows\System\BAysYLf.exe
  2⤵
  PID:7144
- C:\Windows\System\sFsuXfj.exe
  C:\Windows\System\sFsuXfj.exe
  2⤵
  PID:6804
- C:\Windows\System\IOKNBIz.exe
  C:\Windows\System\IOKNBIz.exe
  2⤵
  PID:6996
- C:\Windows\System\AkegMYa.exe
  C:\Windows\System\AkegMYa.exe
  2⤵
  PID:6332
- C:\Windows\System\qWqgpVh.exe
  C:\Windows\System\qWqgpVh.exe
  2⤵
  PID:7188
- C:\Windows\System\dHUkBto.exe
  C:\Windows\System\dHUkBto.exe
  2⤵
  PID:7212
- C:\Windows\System\nUSyuLJ.exe
  C:\Windows\System\nUSyuLJ.exe
  2⤵
  PID:7244
- C:\Windows\System\gcTcpbq.exe
  C:\Windows\System\gcTcpbq.exe
  2⤵
  PID:7268
- C:\Windows\System\kPPuwhV.exe
  C:\Windows\System\kPPuwhV.exe
  2⤵
  PID:7304
- C:\Windows\System\QsgFAOx.exe
  C:\Windows\System\QsgFAOx.exe
  2⤵
  PID:7328
- C:\Windows\System\PyLPAUW.exe
  C:\Windows\System\PyLPAUW.exe
  2⤵
  PID:7368
- C:\Windows\System\FefXsHZ.exe
  C:\Windows\System\FefXsHZ.exe
  2⤵
  PID:7392
- C:\Windows\System\oZhVpTu.exe
  C:\Windows\System\oZhVpTu.exe
  2⤵
  PID:7424
- C:\Windows\System\JGqJvbG.exe
  C:\Windows\System\JGqJvbG.exe
  2⤵
  PID:7460
- C:\Windows\System\pgcLmIM.exe
  C:\Windows\System\pgcLmIM.exe
  2⤵
  PID:7488
- C:\Windows\System\PCcaleT.exe
  C:\Windows\System\PCcaleT.exe
  2⤵
  PID:7516
- C:\Windows\System\DbXIiiR.exe
  C:\Windows\System\DbXIiiR.exe
  2⤵
  PID:7540
- C:\Windows\System\NqkhRnP.exe
  C:\Windows\System\NqkhRnP.exe
  2⤵
  PID:7572
- C:\Windows\System\JvPGDJI.exe
  C:\Windows\System\JvPGDJI.exe
  2⤵
  PID:7604
- C:\Windows\System\iddxQPn.exe
  C:\Windows\System\iddxQPn.exe
  2⤵
  PID:7632
- C:\Windows\System\xJTfmxQ.exe
  C:\Windows\System\xJTfmxQ.exe
  2⤵
  PID:7660
- C:\Windows\System\DkRyUBI.exe
  C:\Windows\System\DkRyUBI.exe
  2⤵
  PID:7692
- C:\Windows\System\OftThzA.exe
  C:\Windows\System\OftThzA.exe
  2⤵
  PID:7716
- C:\Windows\System\CmVaTEs.exe
  C:\Windows\System\CmVaTEs.exe
  2⤵
  PID:7756
- C:\Windows\System\QsryOXh.exe
  C:\Windows\System\QsryOXh.exe
  2⤵
  PID:7784
- C:\Windows\System\WGQOehT.exe
  C:\Windows\System\WGQOehT.exe
  2⤵
  PID:7804
- C:\Windows\System\DjHWnxY.exe
  C:\Windows\System\DjHWnxY.exe
  2⤵
  PID:7832
- C:\Windows\System\icfIuFd.exe
  C:\Windows\System\icfIuFd.exe
  2⤵
  PID:7860
- C:\Windows\System\RBYoGae.exe
  C:\Windows\System\RBYoGae.exe
  2⤵
  PID:7892
- C:\Windows\System\WGkXZNO.exe
  C:\Windows\System\WGkXZNO.exe
  2⤵
  PID:7916
- C:\Windows\System\ETngtNl.exe
  C:\Windows\System\ETngtNl.exe
  2⤵
  PID:7940
- C:\Windows\System\AjICEIb.exe
  C:\Windows\System\AjICEIb.exe
  2⤵
  PID:7972
- C:\Windows\System\UlqswCm.exe
  C:\Windows\System\UlqswCm.exe
  2⤵
  PID:8008
- C:\Windows\System\fsODUOP.exe
  C:\Windows\System\fsODUOP.exe
  2⤵
  PID:8024
- C:\Windows\System\xmUCWyx.exe
  C:\Windows\System\xmUCWyx.exe
  2⤵
  PID:8052
- C:\Windows\System\oTMnVam.exe
  C:\Windows\System\oTMnVam.exe
  2⤵
  PID:8080
- C:\Windows\System\ikzABxX.exe
  C:\Windows\System\ikzABxX.exe
  2⤵
  PID:8108
- C:\Windows\System\choXYye.exe
  C:\Windows\System\choXYye.exe
  2⤵
  PID:8136
- C:\Windows\System\eABPLfY.exe
  C:\Windows\System\eABPLfY.exe
  2⤵
  PID:8172
- C:\Windows\System\rpBUMCQ.exe
  C:\Windows\System\rpBUMCQ.exe
  2⤵
  PID:7172
- C:\Windows\System\imVmSTa.exe
  C:\Windows\System\imVmSTa.exe
  2⤵
  PID:7256
- C:\Windows\System\TZTIRIW.exe
  C:\Windows\System\TZTIRIW.exe
  2⤵
  PID:7280
- C:\Windows\System\MlwMWYF.exe
  C:\Windows\System\MlwMWYF.exe
  2⤵
  PID:7336
- C:\Windows\System\smnIvvG.exe
  C:\Windows\System\smnIvvG.exe
  2⤵
  PID:7388
- C:\Windows\System\Bnmqnlx.exe
  C:\Windows\System\Bnmqnlx.exe
  2⤵
  PID:7432
- C:\Windows\System\LeazCwH.exe
  C:\Windows\System\LeazCwH.exe
  2⤵
  PID:7480
- C:\Windows\System\BHZDibN.exe
  C:\Windows\System\BHZDibN.exe
  2⤵
  PID:7524
- C:\Windows\System\ZddkgmV.exe
  C:\Windows\System\ZddkgmV.exe
  2⤵
  PID:7584
- C:\Windows\System\tDeuXlT.exe
  C:\Windows\System\tDeuXlT.exe
  2⤵
  PID:7644
- C:\Windows\System\hSarInn.exe
  C:\Windows\System\hSarInn.exe
  2⤵
  PID:7728
- C:\Windows\System\ODCCqHr.exe
  C:\Windows\System\ODCCqHr.exe
  2⤵
  PID:7816
- C:\Windows\System\BmIiyJT.exe
  C:\Windows\System\BmIiyJT.exe
  2⤵
  PID:7868
- C:\Windows\System\cnytMGz.exe
  C:\Windows\System\cnytMGz.exe
  2⤵
  PID:7936
- C:\Windows\System\zebztLp.exe
  C:\Windows\System\zebztLp.exe
  2⤵
  PID:8020
- C:\Windows\System\fKmhFiI.exe
  C:\Windows\System\fKmhFiI.exe
  2⤵
  PID:8076
- C:\Windows\System\hqCfYDn.exe
  C:\Windows\System\hqCfYDn.exe
  2⤵
  PID:8152
- C:\Windows\System\jOXKbok.exe
  C:\Windows\System\jOXKbok.exe
  2⤵
  PID:7260
- C:\Windows\System\wDSyXYi.exe
  C:\Windows\System\wDSyXYi.exe
  2⤵
  PID:7452
- C:\Windows\System\OfstAqy.exe
  C:\Windows\System\OfstAqy.exe
  2⤵
  PID:7348
- C:\Windows\System\OdAuMOC.exe
  C:\Windows\System\OdAuMOC.exe
  2⤵
  PID:7596
- C:\Windows\System\KOXnBEf.exe
  C:\Windows\System\KOXnBEf.exe
  2⤵
  PID:7856
- C:\Windows\System\YnyRRYJ.exe
  C:\Windows\System\YnyRRYJ.exe
  2⤵
  PID:8064
- C:\Windows\System\GglCooS.exe
  C:\Windows\System\GglCooS.exe
  2⤵
  PID:8104
- C:\Windows\System\ouCiDgC.exe
  C:\Windows\System\ouCiDgC.exe
  2⤵
  PID:7532
- C:\Windows\System\qARuCxk.exe
  C:\Windows\System\qARuCxk.exe
  2⤵
  PID:7772
- C:\Windows\System\voYMRXf.exe
  C:\Windows\System\voYMRXf.exe
  2⤵
  PID:8180
- C:\Windows\System\xGTvxtw.exe
  C:\Windows\System\xGTvxtw.exe
  2⤵
  PID:8196
- C:\Windows\System\lgFLWXY.exe
  C:\Windows\System\lgFLWXY.exe
  2⤵
  PID:8236
- C:\Windows\System\uYBhkgA.exe
  C:\Windows\System\uYBhkgA.exe
  2⤵
  PID:8272
- C:\Windows\System\lbdVgrp.exe
  C:\Windows\System\lbdVgrp.exe
  2⤵
  PID:8308
- C:\Windows\System\RXfhdzl.exe
  C:\Windows\System\RXfhdzl.exe
  2⤵
  PID:8328
- C:\Windows\System\cRmmnxG.exe
  C:\Windows\System\cRmmnxG.exe
  2⤵
  PID:8352
- C:\Windows\System\IUbCvQD.exe
  C:\Windows\System\IUbCvQD.exe
  2⤵
  PID:8392
- C:\Windows\System\vyXPAGb.exe
  C:\Windows\System\vyXPAGb.exe
  2⤵
  PID:8416
- C:\Windows\System\zYXEAMh.exe
  C:\Windows\System\zYXEAMh.exe
  2⤵
  PID:8448
- C:\Windows\System\mldXUKF.exe
  C:\Windows\System\mldXUKF.exe
  2⤵
  PID:8476
- C:\Windows\System\bQQPiYU.exe
  C:\Windows\System\bQQPiYU.exe
  2⤵
  PID:8504
- C:\Windows\System\QEWLXDW.exe
  C:\Windows\System\QEWLXDW.exe
  2⤵
  PID:8532
- C:\Windows\System\nbDPTQK.exe
  C:\Windows\System\nbDPTQK.exe
  2⤵
  PID:8564
- C:\Windows\System\uBKyIIp.exe
  C:\Windows\System\uBKyIIp.exe
  2⤵
  PID:8592
- C:\Windows\System\XTiZXxt.exe
  C:\Windows\System\XTiZXxt.exe
  2⤵
  PID:8624
- C:\Windows\System\ohUuVzd.exe
  C:\Windows\System\ohUuVzd.exe
  2⤵
  PID:8648
- C:\Windows\System\oKCXHpO.exe
  C:\Windows\System\oKCXHpO.exe
  2⤵
  PID:8676
- C:\Windows\System\xQYrIye.exe
  C:\Windows\System\xQYrIye.exe
  2⤵
  PID:8696
- C:\Windows\System\GqvfWoU.exe
  C:\Windows\System\GqvfWoU.exe
  2⤵
  PID:8736
- C:\Windows\System\PeKdxrk.exe
  C:\Windows\System\PeKdxrk.exe
  2⤵
  PID:8760
- C:\Windows\System\mRgzpmE.exe
  C:\Windows\System\mRgzpmE.exe
  2⤵
  PID:8788
- C:\Windows\System\sHWMnUo.exe
  C:\Windows\System\sHWMnUo.exe
  2⤵
  PID:8820
- C:\Windows\System\BCRiRvb.exe
  C:\Windows\System\BCRiRvb.exe
  2⤵
  PID:8848
- C:\Windows\System\ADaTrIa.exe
  C:\Windows\System\ADaTrIa.exe
  2⤵
  PID:8876
- C:\Windows\System\AkkQjEv.exe
  C:\Windows\System\AkkQjEv.exe
  2⤵
  PID:8904
- C:\Windows\System\nrWwFFb.exe
  C:\Windows\System\nrWwFFb.exe
  2⤵
  PID:8932
- C:\Windows\System\rkWaDYu.exe
  C:\Windows\System\rkWaDYu.exe
  2⤵
  PID:8960
- C:\Windows\System\hUoCrrw.exe
  C:\Windows\System\hUoCrrw.exe
  2⤵
  PID:8988
- C:\Windows\System\jiQkVye.exe
  C:\Windows\System\jiQkVye.exe
  2⤵
  PID:9016
- C:\Windows\System\OEFUFQj.exe
  C:\Windows\System\OEFUFQj.exe
  2⤵
  PID:9044
- C:\Windows\System\KHzqCHz.exe
  C:\Windows\System\KHzqCHz.exe
  2⤵
  PID:9072
- C:\Windows\System\PZkuRVS.exe
  C:\Windows\System\PZkuRVS.exe
  2⤵
  PID:9100
- C:\Windows\System\vKeklpg.exe
  C:\Windows\System\vKeklpg.exe
  2⤵
  PID:9128
- C:\Windows\System\hLhFkyW.exe
  C:\Windows\System\hLhFkyW.exe
  2⤵
  PID:9156
- C:\Windows\System\DuEQPKB.exe
  C:\Windows\System\DuEQPKB.exe
  2⤵
  PID:9184
- C:\Windows\System\fQMNvtX.exe
  C:\Windows\System\fQMNvtX.exe
  2⤵
  PID:9212
- C:\Windows\System\uqMGVGD.exe
  C:\Windows\System\uqMGVGD.exe
  2⤵
  PID:7848
- C:\Windows\System\qswLytI.exe
  C:\Windows\System\qswLytI.exe
  2⤵
  PID:8252
- C:\Windows\System\GiaVHfC.exe
  C:\Windows\System\GiaVHfC.exe
  2⤵
  PID:8344
- C:\Windows\System\KfaGlgp.exe
  C:\Windows\System\KfaGlgp.exe
  2⤵
  PID:8408
- C:\Windows\System\XLgTWQZ.exe
  C:\Windows\System\XLgTWQZ.exe
  2⤵
  PID:8460
- C:\Windows\System\Ijnwqst.exe
  C:\Windows\System\Ijnwqst.exe
  2⤵
  PID:8520
- C:\Windows\System\XFLOwCn.exe
  C:\Windows\System\XFLOwCn.exe
  2⤵
  PID:8604
- C:\Windows\System\XAsMvyJ.exe
  C:\Windows\System\XAsMvyJ.exe
  2⤵
  PID:8636
- C:\Windows\System\rdAZYLX.exe
  C:\Windows\System\rdAZYLX.exe
  2⤵
  PID:8720
- C:\Windows\System\xhNssay.exe
  C:\Windows\System\xhNssay.exe
  2⤵
  PID:8772
- C:\Windows\System\DhMbDiG.exe
  C:\Windows\System\DhMbDiG.exe
  2⤵
  PID:8868
- C:\Windows\System\VCFMkjd.exe
  C:\Windows\System\VCFMkjd.exe
  2⤵
  PID:8944
- C:\Windows\System\mnHqQyb.exe
  C:\Windows\System\mnHqQyb.exe
  2⤵
  PID:9004
- C:\Windows\System\txLibsw.exe
  C:\Windows\System\txLibsw.exe
  2⤵
  PID:9056
- C:\Windows\System\jdQVZCh.exe
  C:\Windows\System\jdQVZCh.exe
  2⤵
  PID:9124
- C:\Windows\System\GXUXLIB.exe
  C:\Windows\System\GXUXLIB.exe
  2⤵
  PID:9196
- C:\Windows\System\tlUVcHs.exe
  C:\Windows\System\tlUVcHs.exe
  2⤵
  PID:8284
- C:\Windows\System\KiTyfjA.exe
  C:\Windows\System\KiTyfjA.exe
  2⤵
  PID:8256
- C:\Windows\System\sMBIflT.exe
  C:\Windows\System\sMBIflT.exe
  2⤵
  PID:8556
- C:\Windows\System\SccxhgD.exe
  C:\Windows\System\SccxhgD.exe
  2⤵
  PID:8692
- C:\Windows\System\ZaEBfZF.exe
  C:\Windows\System\ZaEBfZF.exe
  2⤵
  PID:8844
- C:\Windows\System\BihqFFo.exe
  C:\Windows\System\BihqFFo.exe
  2⤵
  PID:8972
- C:\Windows\System\TIMKfdD.exe
  C:\Windows\System\TIMKfdD.exe
  2⤵
  PID:9112
- C:\Windows\System\sGkiRHp.exe
  C:\Windows\System\sGkiRHp.exe
  2⤵
  PID:8216
- C:\Windows\System\VIvZlRo.exe
  C:\Windows\System\VIvZlRo.exe
  2⤵
  PID:8516
- C:\Windows\System\notLyKd.exe
  C:\Windows\System\notLyKd.exe
  2⤵
  PID:8860
- C:\Windows\System\OUkgPdj.exe
  C:\Windows\System\OUkgPdj.exe
  2⤵
  PID:9208
- C:\Windows\System\xeartNR.exe
  C:\Windows\System\xeartNR.exe
  2⤵
  PID:9068
- C:\Windows\System\LDkUpiC.exe
  C:\Windows\System\LDkUpiC.exe
  2⤵
  PID:9232
- C:\Windows\System\Wkabrwp.exe
  C:\Windows\System\Wkabrwp.exe
  2⤵
  PID:9252
- C:\Windows\System\gTnBUes.exe
  C:\Windows\System\gTnBUes.exe
  2⤵
  PID:9288
- C:\Windows\System\CwlIXSD.exe
  C:\Windows\System\CwlIXSD.exe
  2⤵
  PID:9324
- C:\Windows\System\bjpVeoL.exe
  C:\Windows\System\bjpVeoL.exe
  2⤵
  PID:9356
- C:\Windows\System\tLgvGke.exe
  C:\Windows\System\tLgvGke.exe
  2⤵
  PID:9384
- C:\Windows\System\gFdDtJX.exe
  C:\Windows\System\gFdDtJX.exe
  2⤵
  PID:9412
- C:\Windows\System\qnGHZzH.exe
  C:\Windows\System\qnGHZzH.exe
  2⤵
  PID:9428
- C:\Windows\System\hYecZQG.exe
  C:\Windows\System\hYecZQG.exe
  2⤵
  PID:9464
- C:\Windows\System\EkJoeqL.exe
  C:\Windows\System\EkJoeqL.exe
  2⤵
  PID:9488
- C:\Windows\System\JZFECgL.exe
  C:\Windows\System\JZFECgL.exe
  2⤵
  PID:9512
- C:\Windows\System\FfqnOfD.exe
  C:\Windows\System\FfqnOfD.exe
  2⤵
  PID:9528
- C:\Windows\System\CdQrCpq.exe
  C:\Windows\System\CdQrCpq.exe
  2⤵
  PID:9548
- C:\Windows\System\ayPSGOY.exe
  C:\Windows\System\ayPSGOY.exe
  2⤵
  PID:9580
- C:\Windows\System\wbSeCJn.exe
  C:\Windows\System\wbSeCJn.exe
  2⤵
  PID:9616
- C:\Windows\System\erygkqb.exe
  C:\Windows\System\erygkqb.exe
  2⤵
  PID:9644
- C:\Windows\System\IDsPMaw.exe
  C:\Windows\System\IDsPMaw.exe
  2⤵
  PID:9676
- C:\Windows\System\FDsBBrV.exe
  C:\Windows\System\FDsBBrV.exe
  2⤵
  PID:9708
- C:\Windows\System\OpniyCY.exe
  C:\Windows\System\OpniyCY.exe
  2⤵
  PID:9724
- C:\Windows\System\ZCzlPAV.exe
  C:\Windows\System\ZCzlPAV.exe
  2⤵
  PID:9752
- C:\Windows\System\CuYrGSH.exe
  C:\Windows\System\CuYrGSH.exe
  2⤵
  PID:9772
- C:\Windows\System\cOTsCfi.exe
  C:\Windows\System\cOTsCfi.exe
  2⤵
  PID:9808
- C:\Windows\System\aEDbKOX.exe
  C:\Windows\System\aEDbKOX.exe
  2⤵
  PID:9836
- C:\Windows\System\KDQxLJp.exe
  C:\Windows\System\KDQxLJp.exe
  2⤵
  PID:9864
- C:\Windows\System\yWweerS.exe
  C:\Windows\System\yWweerS.exe
  2⤵
  PID:9896
- C:\Windows\System\tWBcViB.exe
  C:\Windows\System\tWBcViB.exe
  2⤵
  PID:9920
- C:\Windows\System\PhmzsBO.exe
  C:\Windows\System\PhmzsBO.exe
  2⤵
  PID:9956
- C:\Windows\System\ltLbMVA.exe
  C:\Windows\System\ltLbMVA.exe
  2⤵
  PID:10000
- C:\Windows\System\LSWQbRi.exe
  C:\Windows\System\LSWQbRi.exe
  2⤵
  PID:10028
- C:\Windows\System\uKCUujN.exe
  C:\Windows\System\uKCUujN.exe
  2⤵
  PID:10048
- C:\Windows\System\JoZUaGC.exe
  C:\Windows\System\JoZUaGC.exe
  2⤵
  PID:10068
- C:\Windows\System\ABApgaN.exe
  C:\Windows\System\ABApgaN.exe
  2⤵
  PID:10104
- C:\Windows\System\DEosvjh.exe
  C:\Windows\System\DEosvjh.exe
  2⤵
  PID:10132
- C:\Windows\System\pDGzugI.exe
  C:\Windows\System\pDGzugI.exe
  2⤵
  PID:10164
- C:\Windows\System\aGfXJqs.exe
  C:\Windows\System\aGfXJqs.exe
  2⤵
  PID:10188
- C:\Windows\System\XoHiafm.exe
  C:\Windows\System\XoHiafm.exe
  2⤵
  PID:10224
- C:\Windows\System\LqJdFed.exe
  C:\Windows\System\LqJdFed.exe
  2⤵
  PID:8404
- C:\Windows\System\mFVFFXN.exe
  C:\Windows\System\mFVFFXN.exe
  2⤵
  PID:9268
- C:\Windows\System\CzYgxIQ.exe
  C:\Windows\System\CzYgxIQ.exe
  2⤵
  PID:9320
- C:\Windows\System\xoqwMXT.exe
  C:\Windows\System\xoqwMXT.exe
  2⤵
  PID:9380
- C:\Windows\System\wJeYvPW.exe
  C:\Windows\System\wJeYvPW.exe
  2⤵
  PID:9444
- C:\Windows\System\XsBqjkD.exe
  C:\Windows\System\XsBqjkD.exe
  2⤵
  PID:9484
- C:\Windows\System\EwgcEhP.exe
  C:\Windows\System\EwgcEhP.exe
  2⤵
  PID:9600
- C:\Windows\System\JUtQpEM.exe
  C:\Windows\System\JUtQpEM.exe
  2⤵
  PID:9576
- C:\Windows\System\SIpbYtd.exe
  C:\Windows\System\SIpbYtd.exe
  2⤵
  PID:9656
- C:\Windows\System\CvwDdyf.exe
  C:\Windows\System\CvwDdyf.exe
  2⤵
  PID:9736
- C:\Windows\System\GeylJOg.exe
  C:\Windows\System\GeylJOg.exe
  2⤵
  PID:9828
- C:\Windows\System\CCtumUe.exe
  C:\Windows\System\CCtumUe.exe
  2⤵
  PID:9884
- C:\Windows\System\jMKFWAo.exe
  C:\Windows\System\jMKFWAo.exe
  2⤵
  PID:9912
- C:\Windows\System\doMvOCh.exe
  C:\Windows\System\doMvOCh.exe
  2⤵
  PID:9940
- C:\Windows\System\LNBCbKF.exe
  C:\Windows\System\LNBCbKF.exe
  2⤵
  PID:10064
- C:\Windows\System\nqptlVf.exe
  C:\Windows\System\nqptlVf.exe
  2⤵
  PID:10092
- C:\Windows\System\TAXeFyv.exe
  C:\Windows\System\TAXeFyv.exe
  2⤵
  PID:10144
- C:\Windows\System\tHvDXSP.exe
  C:\Windows\System\tHvDXSP.exe
  2⤵
  PID:10200
- C:\Windows\System\GBoXhAp.exe
  C:\Windows\System\GBoXhAp.exe
  2⤵
  PID:9368
- C:\Windows\System\sQPVdRv.exe
  C:\Windows\System\sQPVdRv.exe
  2⤵
  PID:9544
- C:\Windows\System\mUQPzfy.exe
  C:\Windows\System\mUQPzfy.exe
  2⤵
  PID:9536
- C:\Windows\System\lDHWhht.exe
  C:\Windows\System\lDHWhht.exe
  2⤵
  PID:9760
- C:\Windows\System\ysccgSE.exe
  C:\Windows\System\ysccgSE.exe
  2⤵
  PID:9908
- C:\Windows\System\ZEZfhTr.exe
  C:\Windows\System\ZEZfhTr.exe
  2⤵
  PID:10172
- C:\Windows\System\wDNLcAi.exe
  C:\Windows\System\wDNLcAi.exe
  2⤵
  PID:10116
- C:\Windows\System\grwSFko.exe
  C:\Windows\System\grwSFko.exe
  2⤵
  PID:9564
- C:\Windows\System\XINTuSO.exe
  C:\Windows\System\XINTuSO.exe
  2⤵
  PID:10252
- C:\Windows\System\IwgvrcT.exe
  C:\Windows\System\IwgvrcT.exe
  2⤵
  PID:10280
- C:\Windows\System\gSfAuuF.exe
  C:\Windows\System\gSfAuuF.exe
  2⤵
  PID:10320
- C:\Windows\System\bzsEFvZ.exe
  C:\Windows\System\bzsEFvZ.exe
  2⤵
  PID:10340
- C:\Windows\System\UcMHkAK.exe
  C:\Windows\System\UcMHkAK.exe
  2⤵
  PID:10368
- C:\Windows\System\mHgypnO.exe
  C:\Windows\System\mHgypnO.exe
  2⤵
  PID:10396
- C:\Windows\System\lhQdOYx.exe
  C:\Windows\System\lhQdOYx.exe
  2⤵
  PID:10424
- C:\Windows\System\pPtmNGY.exe
  C:\Windows\System\pPtmNGY.exe
  2⤵
  PID:10452
- C:\Windows\System\BBsklgP.exe
  C:\Windows\System\BBsklgP.exe
  2⤵
  PID:10480
- C:\Windows\System\RVDPFOj.exe
  C:\Windows\System\RVDPFOj.exe
  2⤵
  PID:10516
- C:\Windows\System\deFyinr.exe
  C:\Windows\System\deFyinr.exe
  2⤵
  PID:10544
- C:\Windows\System\RvFZCZd.exe
  C:\Windows\System\RvFZCZd.exe
  2⤵
  PID:10572
- C:\Windows\System\VzqsLTM.exe
  C:\Windows\System\VzqsLTM.exe
  2⤵
  PID:10608
- C:\Windows\System\lbASyvt.exe
  C:\Windows\System\lbASyvt.exe
  2⤵
  PID:10632
- C:\Windows\System\AjNQaXB.exe
  C:\Windows\System\AjNQaXB.exe
  2⤵
  PID:10656
- C:\Windows\System\hZrzNbk.exe
  C:\Windows\System\hZrzNbk.exe
  2⤵
  PID:10684
- C:\Windows\System\RbTsTPF.exe
  C:\Windows\System\RbTsTPF.exe
  2⤵
  PID:10704
- C:\Windows\System\lBcjdpY.exe
  C:\Windows\System\lBcjdpY.exe
  2⤵
  PID:10732
- C:\Windows\System\KhVFcSk.exe
  C:\Windows\System\KhVFcSk.exe
  2⤵
  PID:10772
- C:\Windows\System\NRZIqtn.exe
  C:\Windows\System\NRZIqtn.exe
  2⤵
  PID:10800
- C:\Windows\System\rlavisi.exe
  C:\Windows\System\rlavisi.exe
  2⤵
  PID:10828
- C:\Windows\System\NMaVVdf.exe
  C:\Windows\System\NMaVVdf.exe
  2⤵
  PID:10856
- C:\Windows\System\SreNGju.exe
  C:\Windows\System\SreNGju.exe
  2⤵
  PID:10884
- C:\Windows\System\SqPjWfK.exe
  C:\Windows\System\SqPjWfK.exe
  2⤵
  PID:10908
- C:\Windows\System\ANzJZOf.exe
  C:\Windows\System\ANzJZOf.exe
  2⤵
  PID:10936
- C:\Windows\System\knJHwce.exe
  C:\Windows\System\knJHwce.exe
  2⤵
  PID:10964
- C:\Windows\System\mmgampL.exe
  C:\Windows\System\mmgampL.exe
  2⤵
  PID:11000
- C:\Windows\System\aBasshp.exe
  C:\Windows\System\aBasshp.exe
  2⤵
  PID:11028
- C:\Windows\System\RcZaGVI.exe
  C:\Windows\System\RcZaGVI.exe
  2⤵
  PID:11048
- C:\Windows\System\kzVGyWA.exe
  C:\Windows\System\kzVGyWA.exe
  2⤵
  PID:11080
- C:\Windows\System\eUANoNh.exe
  C:\Windows\System\eUANoNh.exe
  2⤵
  PID:11108
- C:\Windows\System\ETeuDXD.exe
  C:\Windows\System\ETeuDXD.exe
  2⤵
  PID:11140
- C:\Windows\System\YmdYLeU.exe
  C:\Windows\System\YmdYLeU.exe
  2⤵
  PID:11168
- C:\Windows\System\BVVxyAK.exe
  C:\Windows\System\BVVxyAK.exe
  2⤵
  PID:11200
- C:\Windows\System\JcFHdxj.exe
  C:\Windows\System\JcFHdxj.exe
  2⤵
  PID:11232
- C:\Windows\System\jWtalse.exe
  C:\Windows\System\jWtalse.exe
  2⤵
  PID:11256
- C:\Windows\System\nYxtaus.exe
  C:\Windows\System\nYxtaus.exe
  2⤵
  PID:9556
- C:\Windows\System\OuapJUm.exe
  C:\Windows\System\OuapJUm.exe
  2⤵
  PID:10232
- C:\Windows\System\rnCmYkX.exe
  C:\Windows\System\rnCmYkX.exe
  2⤵
  PID:9852
- C:\Windows\System\tguigVr.exe
  C:\Windows\System\tguigVr.exe
  2⤵
  PID:10436
- C:\Windows\System\DnEfeQt.exe
  C:\Windows\System\DnEfeQt.exe
  2⤵
  PID:10408
- C:\Windows\System\AxoOFad.exe
  C:\Windows\System\AxoOFad.exe
  2⤵
  PID:10568
- C:\Windows\System\jqUDcLx.exe
  C:\Windows\System\jqUDcLx.exe
  2⤵
  PID:10536
- C:\Windows\System\SBsfyVp.exe
  C:\Windows\System\SBsfyVp.exe
  2⤵
  PID:10668
- C:\Windows\System\HCxtVFk.exe
  C:\Windows\System\HCxtVFk.exe
  2⤵
  PID:10716
- C:\Windows\System\RVxGSxF.exe
  C:\Windows\System\RVxGSxF.exe
  2⤵
  PID:10792
- C:\Windows\System\QpEaaMy.exe
  C:\Windows\System\QpEaaMy.exe
  2⤵
  PID:10808
- C:\Windows\System\mXtcXlW.exe
  C:\Windows\System\mXtcXlW.exe
  2⤵
  PID:10976
- C:\Windows\System\sUaUpCl.exe
  C:\Windows\System\sUaUpCl.exe
  2⤵
  PID:10952
- C:\Windows\System\TiSlRzf.exe
  C:\Windows\System\TiSlRzf.exe
  2⤵
  PID:11044
- C:\Windows\System\mXFbVSS.exe
  C:\Windows\System\mXFbVSS.exe
  2⤵
  PID:11160
- C:\Windows\System\NCqsPxY.exe
  C:\Windows\System\NCqsPxY.exe
  2⤵
  PID:11156
- C:\Windows\System\eqBHBep.exe
  C:\Windows\System\eqBHBep.exe
  2⤵
  PID:11244
- C:\Windows\System\LnoSHqy.exe
  C:\Windows\System\LnoSHqy.exe
  2⤵
  PID:9276
- C:\Windows\System\KiLDwOV.exe
  C:\Windows\System\KiLDwOV.exe
  2⤵
  PID:10096
- C:\Windows\System\mizondr.exe
  C:\Windows\System\mizondr.exe
  2⤵
  PID:10444
- C:\Windows\System\nWNjdpq.exe
  C:\Windows\System\nWNjdpq.exe
  2⤵
  PID:10596
- C:\Windows\System\aogaEUG.exe
  C:\Windows\System\aogaEUG.exe
  2⤵
  PID:10760
- C:\Windows\System\KOnNLVf.exe
  C:\Windows\System\KOnNLVf.exe
  2⤵
  PID:10924
- C:\Windows\System\gkCLqCp.exe
  C:\Windows\System\gkCLqCp.exe
  2⤵
  PID:11092
- C:\Windows\System\QxrlKLa.exe
  C:\Windows\System\QxrlKLa.exe
  2⤵
  PID:11216
- C:\Windows\System\tWtaAqS.exe
  C:\Windows\System\tWtaAqS.exe
  2⤵
  PID:10276
- C:\Windows\System\QiUDWFr.exe
  C:\Windows\System\QiUDWFr.exe
  2⤵
  PID:10700
- C:\Windows\System\wQpEYpS.exe
  C:\Windows\System\wQpEYpS.exe
  2⤵
  PID:10928
- C:\Windows\System\nTvDOGE.exe
  C:\Windows\System\nTvDOGE.exe
  2⤵
  PID:9876
- C:\Windows\System\zGwTYGc.exe
  C:\Windows\System\zGwTYGc.exe
  2⤵
  PID:10752
- C:\Windows\System\LWNGemm.exe
  C:\Windows\System\LWNGemm.exe
  2⤵
  PID:11292
- C:\Windows\System\kCjRerQ.exe
  C:\Windows\System\kCjRerQ.exe
  2⤵
  PID:11320
- C:\Windows\System\XfURICJ.exe
  C:\Windows\System\XfURICJ.exe
  2⤵
  PID:11356
- C:\Windows\System\oUSfEhm.exe
  C:\Windows\System\oUSfEhm.exe
  2⤵
  PID:11384
- C:\Windows\System\AAANftK.exe
  C:\Windows\System\AAANftK.exe
  2⤵
  PID:11400
- C:\Windows\System\aYpEfgj.exe
  C:\Windows\System\aYpEfgj.exe
  2⤵
  PID:11424
- C:\Windows\System\ttouqwi.exe
  C:\Windows\System\ttouqwi.exe
  2⤵
  PID:11460
- C:\Windows\System\sGJITPZ.exe
  C:\Windows\System\sGJITPZ.exe
  2⤵
  PID:11484
- C:\Windows\System\XhWriyC.exe
  C:\Windows\System\XhWriyC.exe
  2⤵
  PID:11516
- C:\Windows\System\KRqwERO.exe
  C:\Windows\System\KRqwERO.exe
  2⤵
  PID:11556
- C:\Windows\System\jDNGTHl.exe
  C:\Windows\System\jDNGTHl.exe
  2⤵
  PID:11576
- C:\Windows\System\iWWAuWA.exe
  C:\Windows\System\iWWAuWA.exe
  2⤵
  PID:11612
- C:\Windows\System\fpUOeQU.exe
  C:\Windows\System\fpUOeQU.exe
  2⤵
  PID:11636
- C:\Windows\System\hdPIZwC.exe
  C:\Windows\System\hdPIZwC.exe
  2⤵
  PID:11660
- C:\Windows\System\RaWHjHh.exe
  C:\Windows\System\RaWHjHh.exe
  2⤵
  PID:11696
- C:\Windows\System\ICUSQjv.exe
  C:\Windows\System\ICUSQjv.exe
  2⤵
  PID:11728
- C:\Windows\System\rRlKtVU.exe
  C:\Windows\System\rRlKtVU.exe
  2⤵
  PID:11760
- C:\Windows\System\NzTTYlM.exe
  C:\Windows\System\NzTTYlM.exe
  2⤵
  PID:11788
- C:\Windows\System\rvoDKxZ.exe
  C:\Windows\System\rvoDKxZ.exe
  2⤵
  PID:11828
- C:\Windows\System\wPFzrJL.exe
  C:\Windows\System\wPFzrJL.exe
  2⤵
  PID:11848
- C:\Windows\System\ajMKMbY.exe
  C:\Windows\System\ajMKMbY.exe
  2⤵
  PID:11872
- C:\Windows\System\mcWxyFu.exe
  C:\Windows\System\mcWxyFu.exe
  2⤵
  PID:11904
- C:\Windows\System\tZlvyPS.exe
  C:\Windows\System\tZlvyPS.exe
  2⤵
  PID:11936
- C:\Windows\System\aHiGIMa.exe
  C:\Windows\System\aHiGIMa.exe
  2⤵
  PID:11956
- C:\Windows\System\BsCkyfF.exe
  C:\Windows\System\BsCkyfF.exe
  2⤵
  PID:11984
- C:\Windows\System\nfIedtN.exe
  C:\Windows\System\nfIedtN.exe
  2⤵
  PID:12012
- C:\Windows\System\OgMwUGb.exe
  C:\Windows\System\OgMwUGb.exe
  2⤵
  PID:12028
- C:\Windows\System\xfTpIjV.exe
  C:\Windows\System\xfTpIjV.exe
  2⤵
  PID:12064
- C:\Windows\System\qXMbqyb.exe
  C:\Windows\System\qXMbqyb.exe
  2⤵
  PID:12092
- C:\Windows\System\sUZvIqz.exe
  C:\Windows\System\sUZvIqz.exe
  2⤵
  PID:12116
- C:\Windows\System\inFEnwe.exe
  C:\Windows\System\inFEnwe.exe
  2⤵
  PID:12152
- C:\Windows\System\OYrBxAj.exe
  C:\Windows\System\OYrBxAj.exe
  2⤵
  PID:12188
- C:\Windows\System\xZBxYDO.exe
  C:\Windows\System\xZBxYDO.exe
  2⤵
  PID:12208
- C:\Windows\System\olEyHtv.exe
  C:\Windows\System\olEyHtv.exe
  2⤵
  PID:12268
- C:\Windows\System\DrLeUBt.exe
  C:\Windows\System\DrLeUBt.exe
  2⤵
  PID:11272
- C:\Windows\System\XifDEhe.exe
  C:\Windows\System\XifDEhe.exe
  2⤵
  PID:11368
- C:\Windows\System\nzhbQob.exe
  C:\Windows\System\nzhbQob.exe
  2⤵
  PID:11412
- C:\Windows\System\ykyxXHr.exe
  C:\Windows\System\ykyxXHr.exe
  2⤵
  PID:11544
- C:\Windows\System\orwAdVK.exe
  C:\Windows\System\orwAdVK.exe
  2⤵
  PID:11596
- C:\Windows\System\sSmtkcd.exe
  C:\Windows\System\sSmtkcd.exe
  2⤵
  PID:11688
- C:\Windows\System\YYetxJE.exe
  C:\Windows\System\YYetxJE.exe
  2⤵
  PID:11752
- C:\Windows\System\JxIWHwl.exe
  C:\Windows\System\JxIWHwl.exe
  2⤵
  PID:11812
- C:\Windows\System\EsEdeYO.exe
  C:\Windows\System\EsEdeYO.exe
  2⤵
  PID:11860
- C:\Windows\System\woITMGP.exe
  C:\Windows\System\woITMGP.exe
  2⤵
  PID:11948
- C:\Windows\System\rfHiytq.exe
  C:\Windows\System\rfHiytq.exe
  2⤵
  PID:12048
- C:\Windows\System\AIyIcQC.exe
  C:\Windows\System\AIyIcQC.exe
  2⤵
  PID:12072
- C:\Windows\System\ftDrcJF.exe
  C:\Windows\System\ftDrcJF.exe
  2⤵
  PID:12104
- C:\Windows\System\kqZpoHK.exe
  C:\Windows\System\kqZpoHK.exe
  2⤵
  PID:4264
- C:\Windows\System\IcbjEXm.exe
  C:\Windows\System\IcbjEXm.exe
  2⤵
  PID:10864
- C:\Windows\System\qEJCTFj.exe
  C:\Windows\System\qEJCTFj.exe
  2⤵
  PID:11496
- C:\Windows\System\LkVGjuD.exe
  C:\Windows\System\LkVGjuD.exe
  2⤵
  PID:11620
- C:\Windows\System\QBmtZKS.exe
  C:\Windows\System\QBmtZKS.exe
  2⤵
  PID:11736
- C:\Windows\System\MYEapAK.exe
  C:\Windows\System\MYEapAK.exe
  2⤵
  PID:11868
- C:\Windows\System\JjNCLcH.exe
  C:\Windows\System\JjNCLcH.exe
  2⤵
  PID:12108
- C:\Windows\System\lzzHQrb.exe
  C:\Windows\System\lzzHQrb.exe
  2⤵
  PID:12276
- C:\Windows\System\cEuTsxI.exe
  C:\Windows\System\cEuTsxI.exe
  2⤵
  PID:11632
- C:\Windows\System\wXpknPy.exe
  C:\Windows\System\wXpknPy.exe
  2⤵
  PID:12144
- C:\Windows\System\LQyZihI.exe
  C:\Windows\System\LQyZihI.exe
  2⤵
  PID:12316
- C:\Windows\System\bolUwfS.exe
  C:\Windows\System\bolUwfS.exe
  2⤵
  PID:12344
- C:\Windows\System\PbADYle.exe
  C:\Windows\System\PbADYle.exe
  2⤵
  PID:12364
- C:\Windows\System\sslTNEL.exe
  C:\Windows\System\sslTNEL.exe
  2⤵
  PID:12404
- C:\Windows\System\NbOUHdQ.exe
  C:\Windows\System\NbOUHdQ.exe
  2⤵
  PID:12440
- C:\Windows\System\smOzNyV.exe
  C:\Windows\System\smOzNyV.exe
  2⤵
  PID:12460
- C:\Windows\System\iTkzGox.exe
  C:\Windows\System\iTkzGox.exe
  2⤵
  PID:12484
- C:\Windows\System\tIzrnJT.exe
  C:\Windows\System\tIzrnJT.exe
  2⤵
  PID:12520
- C:\Windows\System\ZVffZay.exe
  C:\Windows\System\ZVffZay.exe
  2⤵
  PID:12552
- C:\Windows\System\LXLQMLk.exe
  C:\Windows\System\LXLQMLk.exe
  2⤵
  PID:12580
- C:\Windows\System\wPHmUmD.exe
  C:\Windows\System\wPHmUmD.exe
  2⤵
  PID:12608
- C:\Windows\System\WixuPPu.exe
  C:\Windows\System\WixuPPu.exe
  2⤵
  PID:12636
- C:\Windows\System\KnEEOKP.exe
  C:\Windows\System\KnEEOKP.exe
  2⤵
  PID:12656
- C:\Windows\System\SglUWSY.exe
  C:\Windows\System\SglUWSY.exe
  2⤵
  PID:12688
- C:\Windows\System\XmYOjFb.exe
  C:\Windows\System\XmYOjFb.exe
  2⤵
  PID:12708
- C:\Windows\System\XuvTfkO.exe
  C:\Windows\System\XuvTfkO.exe
  2⤵
  PID:12724
- C:\Windows\System\oHlCQem.exe
  C:\Windows\System\oHlCQem.exe
  2⤵
  PID:12752
- C:\Windows\System\fNsbciQ.exe
  C:\Windows\System\fNsbciQ.exe
  2⤵
  PID:12772
- C:\Windows\System\eqXMKxw.exe
  C:\Windows\System\eqXMKxw.exe
  2⤵
  PID:12792
- C:\Windows\System\mWUMbya.exe
  C:\Windows\System\mWUMbya.exe
  2⤵
  PID:12820
- C:\Windows\System\sXZrUBQ.exe
  C:\Windows\System\sXZrUBQ.exe
  2⤵
  PID:12848
- C:\Windows\System\WUViwId.exe
  C:\Windows\System\WUViwId.exe
  2⤵
  PID:12880
- C:\Windows\System\TENClOG.exe
  C:\Windows\System\TENClOG.exe
  2⤵
  PID:12900
- C:\Windows\System\mmRSGsW.exe
  C:\Windows\System\mmRSGsW.exe
  2⤵
  PID:12932
- C:\Windows\System\GpXDkGM.exe
  C:\Windows\System\GpXDkGM.exe
  2⤵
  PID:12960
- C:\Windows\System\RaFNiPp.exe
  C:\Windows\System\RaFNiPp.exe
  2⤵
  PID:12988
- C:\Windows\System\kwvwRVX.exe
  C:\Windows\System\kwvwRVX.exe
  2⤵
  PID:13012
- C:\Windows\System\rnQxxgE.exe
  C:\Windows\System\rnQxxgE.exe
  2⤵
  PID:13048
- C:\Windows\System\oDklaIz.exe
  C:\Windows\System\oDklaIz.exe
  2⤵
  PID:13084
- C:\Windows\System\PyLtCiw.exe
  C:\Windows\System\PyLtCiw.exe
  2⤵
  PID:13108
- C:\Windows\System\NqoeBxm.exe
  C:\Windows\System\NqoeBxm.exe
  2⤵
  PID:13136
- C:\Windows\System\yTTNuwN.exe
  C:\Windows\System\yTTNuwN.exe
  2⤵
  PID:13168
- C:\Windows\System\tJLADHs.exe
  C:\Windows\System\tJLADHs.exe
  2⤵
  PID:13200
- C:\Windows\System\gepFKtL.exe
  C:\Windows\System\gepFKtL.exe
  2⤵
  PID:13224
- C:\Windows\System\wkDlyYk.exe
  C:\Windows\System\wkDlyYk.exe
  2⤵
  PID:13264
- C:\Windows\System\itthLCt.exe
  C:\Windows\System\itthLCt.exe
  2⤵
  PID:13292
- C:\Windows\System\OcwLikk.exe
  C:\Windows\System\OcwLikk.exe
  2⤵
  PID:11996
- C:\Windows\System\dnXwxoS.exe
  C:\Windows\System\dnXwxoS.exe
  2⤵
  PID:12332
- C:\Windows\System\rrOCviS.exe
  C:\Windows\System\rrOCviS.exe
  2⤵
  PID:12388
- C:\Windows\System\bkchrUq.exe
  C:\Windows\System\bkchrUq.exe
  2⤵
  PID:12428
- C:\Windows\System\hDxCvAW.exe
  C:\Windows\System\hDxCvAW.exe
  2⤵
  PID:12448
- C:\Windows\System\okctHsX.exe
  C:\Windows\System\okctHsX.exe
  2⤵
  PID:12544
- C:\Windows\System\WvEfDOU.exe
  C:\Windows\System\WvEfDOU.exe
  2⤵
  PID:12600
- C:\Windows\System\AHBwbFz.exe
  C:\Windows\System\AHBwbFz.exe
  2⤵
  PID:12664
- C:\Windows\System\cKlbqsA.exe
  C:\Windows\System\cKlbqsA.exe
  2⤵
  PID:12748
- C:\Windows\System\EqmkmTu.exe
  C:\Windows\System\EqmkmTu.exe
  2⤵
  PID:12784
- C:\Windows\System\veahtrk.exe
  C:\Windows\System\veahtrk.exe
  2⤵
  PID:12844
- C:\Windows\System\HESKaoV.exe
  C:\Windows\System\HESKaoV.exe
  2⤵
  PID:12956
- C:\Windows\System\xZhBbYY.exe
  C:\Windows\System\xZhBbYY.exe
  2⤵
  PID:13004
- C:\Windows\System\vdiTbry.exe
  C:\Windows\System\vdiTbry.exe
  2⤵
  PID:848
- C:\Windows\System\YdijuGZ.exe
  C:\Windows\System\YdijuGZ.exe
  2⤵
  PID:13100
- C:\Windows\System\qUDDMYm.exe
  C:\Windows\System\qUDDMYm.exe
  2⤵
  PID:13160
- C:\Windows\System\HnSuFGL.exe
  C:\Windows\System\HnSuFGL.exe
  2⤵
  PID:13232
- C:\Windows\System\aZFSglN.exe
  C:\Windows\System\aZFSglN.exe
  2⤵
  PID:11564
- C:\Windows\System\pRsdsxp.exe
  C:\Windows\System\pRsdsxp.exe
  2⤵
  PID:12412
- C:\Windows\System\EmAivIa.exe
  C:\Windows\System\EmAivIa.exe
  2⤵
  PID:12700
- C:\Windows\System\CSpcwsw.exe
  C:\Windows\System\CSpcwsw.exe
  2⤵
  PID:12644
- C:\Windows\System\GNTIxwF.exe
  C:\Windows\System\GNTIxwF.exe
  2⤵
  PID:12716
- C:\Windows\System\scMLXyz.exe
  C:\Windows\System\scMLXyz.exe
  2⤵
  PID:11808
- C:\Windows\System\PymskEn.exe
  C:\Windows\System\PymskEn.exe
  2⤵
  PID:13072
- C:\Windows\System\HRncrSh.exe
  C:\Windows\System\HRncrSh.exe
  2⤵
  PID:13220
- C:\Windows\System\DzNAEHi.exe
  C:\Windows\System\DzNAEHi.exe
  2⤵
  PID:12432
- C:\Windows\System\bPBlbYl.exe
  C:\Windows\System\bPBlbYl.exe
  2⤵
  PID:1360
- C:\Windows\System\vByHrci.exe
  C:\Windows\System\vByHrci.exe
  2⤵
  PID:13036
- C:\Windows\System\jnofkCH.exe
  C:\Windows\System\jnofkCH.exe
  2⤵
  PID:12592
- C:\Windows\System\dpWiaWC.exe
  C:\Windows\System\dpWiaWC.exe
  2⤵
  PID:2192
- C:\Windows\System\rtSDcoT.exe
  C:\Windows\System\rtSDcoT.exe
  2⤵
  PID:3808
- C:\Windows\System\ACSjLcK.exe
  C:\Windows\System\ACSjLcK.exe
  2⤵
  PID:2956
- C:\Windows\System\sPqbzSH.exe
  C:\Windows\System\sPqbzSH.exe
  2⤵
  PID:13320
- C:\Windows\System\psLQedx.exe
  C:\Windows\System\psLQedx.exe
  2⤵
  PID:13352
- C:\Windows\System\NsqdbtA.exe
  C:\Windows\System\NsqdbtA.exe
  2⤵
  PID:13372
- C:\Windows\System\gEDjIQS.exe
  C:\Windows\System\gEDjIQS.exe
  2⤵
  PID:13404
- C:\Windows\System\zURGqpM.exe
  C:\Windows\System\zURGqpM.exe
  2⤵
  PID:13440
- C:\Windows\System\OsOPUMt.exe
  C:\Windows\System\OsOPUMt.exe
  2⤵
  PID:13464
- C:\Windows\System\ivHzzPS.exe
  C:\Windows\System\ivHzzPS.exe
  2⤵
  PID:13484
- C:\Windows\System\hHkMJbt.exe
  C:\Windows\System\hHkMJbt.exe
  2⤵
  PID:13520
- C:\Windows\System\Ycnbero.exe
  C:\Windows\System\Ycnbero.exe
  2⤵
  PID:13536
- C:\Windows\System\XjrIstO.exe
  C:\Windows\System\XjrIstO.exe
  2⤵
  PID:13556
- C:\Windows\System\rCgACdg.exe
  C:\Windows\System\rCgACdg.exe
  2⤵
  PID:13592
- C:\Windows\System\ppzpQfn.exe
  C:\Windows\System\ppzpQfn.exe
  2⤵
  PID:13616
- C:\Windows\System\FxFOnZx.exe
  C:\Windows\System\FxFOnZx.exe
  2⤵
  PID:13640
- C:\Windows\System\VwCedQM.exe
  C:\Windows\System\VwCedQM.exe
  2⤵
  PID:13672
- C:\Windows\System\vnDvCXe.exe
  C:\Windows\System\vnDvCXe.exe
  2⤵
  PID:13692
- C:\Windows\System\sftSyBm.exe
  C:\Windows\System\sftSyBm.exe
  2⤵
  PID:13716
- C:\Windows\System\JDPhnNM.exe
  C:\Windows\System\JDPhnNM.exe
  2⤵
  PID:13752
- C:\Windows\System\LLRiQvU.exe
  C:\Windows\System\LLRiQvU.exe
  2⤵
  PID:13776
- C:\Windows\System\OYHuUPM.exe
  C:\Windows\System\OYHuUPM.exe
  2⤵
  PID:13816
- C:\Windows\System\jRDMmDJ.exe
  C:\Windows\System\jRDMmDJ.exe
  2⤵
  PID:13836
- C:\Windows\System\aKbADRL.exe
  C:\Windows\System\aKbADRL.exe
  2⤵
  PID:13860
- C:\Windows\System\FkBmqPm.exe
  C:\Windows\System\FkBmqPm.exe
  2⤵
  PID:13884
- C:\Windows\System\biIXDol.exe
  C:\Windows\System\biIXDol.exe
  2⤵
  PID:13916
- C:\Windows\System\sSNwbKM.exe
  C:\Windows\System\sSNwbKM.exe
  2⤵
  PID:13952
- C:\Windows\System\pEdAyWu.exe
  C:\Windows\System\pEdAyWu.exe
  2⤵
  PID:13980
- C:\Windows\System\lmmVvnJ.exe
  C:\Windows\System\lmmVvnJ.exe
  2⤵
  PID:14012
- C:\Windows\System\rRvaBcp.exe
  C:\Windows\System\rRvaBcp.exe
  2⤵
  PID:14044
- C:\Windows\System\NIMtKlx.exe
  C:\Windows\System\NIMtKlx.exe
  2⤵
  PID:14080
- C:\Windows\System\KaTWUSy.exe
  C:\Windows\System\KaTWUSy.exe
  2⤵
  PID:14112
- C:\Windows\System\RaiUcBQ.exe
  C:\Windows\System\RaiUcBQ.exe
  2⤵
  PID:14132
- C:\Windows\System\FHXFYMv.exe
  C:\Windows\System\FHXFYMv.exe
  2⤵
  PID:14168
- C:\Windows\System\qvgcKPZ.exe
  C:\Windows\System\qvgcKPZ.exe
  2⤵
  PID:14188
- C:\Windows\System\vFhVvGu.exe
  C:\Windows\System\vFhVvGu.exe
  2⤵
  PID:14216
- C:\Windows\System\kMGNNBK.exe
  C:\Windows\System\kMGNNBK.exe
  2⤵
  PID:14240
- C:\Windows\System\EuHjDlZ.exe
  C:\Windows\System\EuHjDlZ.exe
  2⤵
  PID:14260
- C:\Windows\System\fIiEOtj.exe
  C:\Windows\System\fIiEOtj.exe
  2⤵
  PID:14276
- C:\Windows\System\KiTzZNx.exe
  C:\Windows\System\KiTzZNx.exe
  2⤵
  PID:14300
- C:\Windows\System\UzwHdPL.exe
  C:\Windows\System\UzwHdPL.exe
  2⤵
  PID:14328
- C:\Windows\System\kKkKDLD.exe
  C:\Windows\System\kKkKDLD.exe
  2⤵
  PID:13344
- C:\Windows\System\NjaTwgZ.exe
  C:\Windows\System\NjaTwgZ.exe
  2⤵
  PID:13428
- C:\Windows\System\hBnLhtx.exe
  C:\Windows\System\hBnLhtx.exe
  2⤵
  PID:13504
- C:\Windows\System\tdcSFYR.exe
  C:\Windows\System\tdcSFYR.exe
  2⤵
  PID:13564
- C:\Windows\System\zmaNwDr.exe
  C:\Windows\System\zmaNwDr.exe
  2⤵
  PID:13608
- C:\Windows\System\JxparuG.exe
  C:\Windows\System\JxparuG.exe
  2⤵
  PID:13684
- C:\Windows\System\FAwFMWf.exe
  C:\Windows\System\FAwFMWf.exe
  2⤵
  PID:13784
- C:\Windows\System\sXMQcFq.exe
  C:\Windows\System\sXMQcFq.exe
  2⤵
  PID:13832
- C:\Windows\System\DQQdcDd.exe
  C:\Windows\System\DQQdcDd.exe
  2⤵
  PID:13876
- C:\Windows\System\lAlsAts.exe
  C:\Windows\System\lAlsAts.exe
  2⤵
  PID:13996
- C:\Windows\System\tvmbDYd.exe
  C:\Windows\System\tvmbDYd.exe
  2⤵
  PID:14024
- C:\Windows\System\hZoXHiX.exe
  C:\Windows\System\hZoXHiX.exe
  2⤵
  PID:14092
- C:\Windows\System\nzBqupe.exe
  C:\Windows\System\nzBqupe.exe
  2⤵
  PID:2976
- C:\Windows\System\WGUAltr.exe
  C:\Windows\System\WGUAltr.exe
  2⤵
  PID:14160
- C:\Windows\System\ivmHgQB.exe
  C:\Windows\System\ivmHgQB.exe
  2⤵
  PID:14272
- C:\Windows\System\TPpUQPR.exe
  C:\Windows\System\TPpUQPR.exe
  2⤵
  PID:14268
- C:\Windows\System\WqMMiZd.exe
  C:\Windows\System\WqMMiZd.exe
  2⤵
  PID:13388
- C:\Windows\System\VsVMxBu.exe
  C:\Windows\System\VsVMxBu.exe
  2⤵
  PID:13480
- C:\Windows\System\GJAQHIU.exe
  C:\Windows\System\GJAQHIU.exe
  2⤵
  PID:13660

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BMvDmvu.exe

Filesize
2.1MB

MD5
be50f1b719f4d11d442a79e33154b3bd

SHA1
e0ada88436154469fc664e1ad49a5133f14cae6e

SHA256
66f5711759888439cb605a8e57673c845dc3bb12d1a93c0b6f3d4011b4e16bdc

SHA512
ea6837419e92f3dcfabeef3b1fc338bd04473fb1daf1831551f17fee9d0b5c73d2a8c6eacb3e124c313b1d7f0ab4e2ae95a46f8c4d8390458bcf12c731d1b0af

Download Submit
C:\Windows\System\DHMhfFI.exe

Filesize
2.1MB

MD5
c3231827f2a193f2d3d849e642df6766

SHA1
e6126662b3963810efe253bef4be16313897dbe6

SHA256
ca828ae3d51ae109a1e1239b0e975c5ac30dc3f6325259d446805b42b42987dc

SHA512
a0298faacbf42bb6d07a8f1e8b05e077f87939503538b7e5d0ba3df5ef123edc52add9afa2f45c6f3168f9333d720d864269bb25266a8560f1849c4498f0c285

Download Submit
C:\Windows\System\DlMBdBt.exe

Filesize
2.1MB

MD5
1b2a258d44714d80c144d4716e695bb9

SHA1
febdf4957e7b957dd72c39c09a2b8929bf357fd9

SHA256
f13cd23bb292a16a87362a106b59612e194491d31ffec6e24f1fd98cfeef74e5

SHA512
2785a488f330ec1015fd951fd15eb375244db05a9e052b0fe612999def295010fa49f6dd04e7116116ace976f3becb4983f435bf803fb942c5d12464fe60cf3f

Download Submit
C:\Windows\System\GpYDaiL.exe

Filesize
2.1MB

MD5
d96da9e69fcb7180f4f4386634a0d4d8

SHA1
84ef4b5012b42203be5efe535a2de01d15d05f94

SHA256
24e7a79ec719849747361bbcd0a40f2a46daac61e47c909df3ea810ca2de3b80

SHA512
7b8825cd892e16546d952fcc125dbfb84e2d0df3a854c252bab4a3ba5e480704221940800b249a8345214eeb2757476aa1c04f39c33d302002794988aebf3063

Download Submit
C:\Windows\System\HJdKOvs.exe

Filesize
2.1MB

MD5
306d7553a08cd97e17c73103aeb942d1

SHA1
91893526c257ca3ed5d995ea9a9bd9fedc0a731e

SHA256
7c2132120d405c39071940d080f1b6bbbdc87cc3e6e41b718114f481ff35e015

SHA512
c21ac09a2b6144414aa2172913c1750aa26157df682098ab322de7a85a2012e1235b54ae9ee2b3252772977b3d113d69a8f3cde15a001cce6d3157e80e97970c

Download Submit
C:\Windows\System\HjMikSD.exe

Filesize
2.1MB

MD5
98839c616a0837b6bfc423a95a35f1b2

SHA1
31fd6b78390b3a215a58da1588a6209793dd5de1

SHA256
4ef9062c50196ddcdc6bc30b89aa5010198b2a0f8c2726a9983695d111f79b23

SHA512
f952b5775d4dc13e712dc98a15794a4d450f3c220a1fbeaa2ba95caf82976f93d614237199e5048f6f74583ed3d1a77dcc2bd52c88b06c2ccf4870574a3ff0c3

Download Submit
C:\Windows\System\HwaivlW.exe

Filesize
2.1MB

MD5
34af406ec19e2593a99e36f026958080

SHA1
839b842b12208d8f01ddd15dacf16933ee3e31ec

SHA256
1254be2e4dd0ca0b5fe96801c9bfe45570f213384b10023a64ec76582224652c

SHA512
561afa25021e65c99fa68810ffcc357cbc19c4d00e2910e866b093dc8ac5f3abc82d3689051f51e4701e1e05199a2fc82bf53ec23231687270fbe61c5133180d

Download Submit
C:\Windows\System\JNhPuhg.exe

Filesize
2.1MB

MD5
747333c6f60005ab98b8f9b412cad7ab

SHA1
f24cdad48a4ccc0895fea66c91fa4ab0e9cad565

SHA256
c064789f1c2aedb8974f83ca5e82d34af82008a49c3b30cb6a04faf7b5ccc0c6

SHA512
c65d4fa56c54ee7582452db199eeb0bdb44949eb4172ff2cda06337d6278fc79d430217c8bc10c15a2b32cc1d1bbf707e08b9a691f7e38fe8f042aaaa30d24b6

Download Submit
C:\Windows\System\KboPGXh.exe

Filesize
2.1MB

MD5
652a77c8cdabe0aaa4def7b3164e4d90

SHA1
eccccde2568dbebba25b0724e1d1cb9b39bc2f76

SHA256
45a93530d5a66904854e8b474d6d8f1870ddf504f1acf0d24e720ea1927929b1

SHA512
91f3274dfcd3d0e0fe27a47e80e52e7dd052b8928d8f6e3d79c757734ab757998cf41d788b5cd486506072f413471115ba36c1d8713bc07e20635a54f1800da8

Download Submit
C:\Windows\System\OwMOlRG.exe

Filesize
2.1MB

MD5
e133febea2f4522d4c49af23f0836b3d

SHA1
b23f1158089834b0220b523ae50ae5a7cbff13e3

SHA256
d2d60c2828832eedf93d08c83cc36bbc1a78638bafa0aa1b573c47cd7c4cb8de

SHA512
be901ac52106f25a3b40de9d3464bea78be1e4520d05d371787736abd06ef69bb3a72b0af6b6aae06d4bc2ab1933fb4e82b69635ec2f324bec60365312b64d19

Download Submit
C:\Windows\System\TQHIVkO.exe

Filesize
2.1MB

MD5
f442e286739982b67671d7a0e6a969bb

SHA1
dcc90eb7d7f6ea4151d463b44fe7b03c08e449e5

SHA256
3f4f154376a8df841ffeafa41d0415efa66ffae836e79d7598bc9b36c1a6bb4f

SHA512
9c2f7f4fe1dc5a9d11415fd48b57cb7d15086fe78c7ce91fb50b33d3a1a0593de3a60630c7023268be4eb0f34d5543e59364653772a0da0c984caacb7309f27c

Download Submit
C:\Windows\System\VFHgFbF.exe

Filesize
2.1MB

MD5
69520ad9b941f881404b0d3f8afdc921

SHA1
b4fee07d8f28ee7f140a7e12a2fca6526387930e

SHA256
d10d3c7201788c9e912a29a6cac3e89401660335fbd46c3b7119b4969fd0f0c6

SHA512
9ee9b34ffb400b2637c42b3ebdc2d9b64b8cf5cfeb2cc964c9ae0184ca59abbf1493865eca76ee8922fe13ff5ff4cd4c4566fdcd2e469fcd438952d7f59b364e

Download Submit
C:\Windows\System\VtotAuh.exe

Filesize
2.1MB

MD5
76924c2590adb630556a416ed7a00836

SHA1
3d7cc88e23e54dd8a6f588cac9149a2f784b8300

SHA256
52d9d6def98ce76a7a82a436e115e34e4d34bb5ab806faea3ebd42b8ac80380e

SHA512
873ef998fd17e024b24ff802607a54cceb8a24c3a3f65ce389f92bc67361ffde1acbbbb640a9514e47ae4434e961868fcd793abf2c39ea857937c88eea9d33be

Download Submit
C:\Windows\System\ZdPSrEz.exe

Filesize
2.1MB

MD5
a108fa7f2d9c39f99becb0bf1637aabb

SHA1
b153ee8d9175d05efeebdb03dc1c3a5ba657b87e

SHA256
334062255da22e5e05332d15c52fd2f3a6ca23548e51dfb989b6c67c9e267386

SHA512
6db4abfbda644ac5b397b801d3649b572f2e047b0ad86db5138d6551f6ec9b62a8f2b260bd8aa9170dd224ce1a3f6ea69b44073231e9b559d7027193328625ae

Download Submit
C:\Windows\System\aYdDvXQ.exe

Filesize
2.1MB

MD5
307c6e10cfd93cad4dbdff9322131a71

SHA1
43b7f2c95bb0ae117ca5de89444e13a6b40ce4bb

SHA256
1445908ef18062522a56906cb821b3be89e8c718b23b78ccc43f641a9a387c3d

SHA512
0be0f24691e8f54e8b29200445f2739a9597bce0f5d0d5b4ad430d76e7714d82dbb92db043cc380cf49477d1a06d0e0de4c67119ec16eecd24e14073bf24ffbf

Download Submit
C:\Windows\System\ajamBRp.exe

Filesize
2.1MB

MD5
cd3b1c32b1b4dddaab2745c0129ce27d

SHA1
e04bb1104df1e7fc7bd3c3260b311978c843c4eb

SHA256
f8b324cb1265bcb84b64a2065d3f91bf5036867a7025854e040260fc466cbbf5

SHA512
140f18617d7c2aac88025f52fa0b2548bcb484fa7571f29261304ceef1821a0bfd9c9f07310d5135e9f6b94e8072b812cd3484d46525be5cee8cbbcbf8273e2b

Download Submit
C:\Windows\System\bRyBxMK.exe

Filesize
2.1MB

MD5
c0f0d877937f4d72695af50e5268b334

SHA1
02a9033edb68906fec31177fe693ca100ed4b17d

SHA256
953b3ed9496ed2ef57c92309f1304a35adb085413528f9dabb3f9280ad078408

SHA512
d579b1b589cc53c20aee7c6230ef423df7313ad0c9f3821987019d1ca7d15ab1b7853033311009ec1184531078165a267be792a9aca813c01fddfa8f31c89b81

Download Submit
C:\Windows\System\bZhCuPn.exe

Filesize
2.1MB

MD5
6e07f8940912c2ce1c646db6efcab4fa

SHA1
5a5f97d2466139e805505ebded836e45a2cf5007

SHA256
343bc6177bf481ac21ffcfe4ff88041f1993b829ef1b7fc7cd59e6d613235b10

SHA512
ad9eabfe500766012c39b51f9ab087cbac624f86abd7076645497e3cdf2c4d89a15f909eebd3c93fdc41b664474b55120e3732a8552480bd47fb58b896d433f9

Download Submit
C:\Windows\System\fpvcxsO.exe

Filesize
2.1MB

MD5
014bf7ec6729a78d24c425f600a9d143

SHA1
f08fb4fafb58b4e21476e91b7d9a2d5fee164477

SHA256
8f8a401773c636295e8a0a1597b6944cd822a033e3858d36910b038170819a2a

SHA512
6a6a63cb25299b062b7180fb80af4174403a7a39d7003eeb51076c3bfc1e71e0173d0562de6c39f487c644f067913cd1000c62fb40a7d323162ba9b921489548

Download Submit
C:\Windows\System\iHwAMxH.exe

Filesize
2.1MB

MD5
66ebbe32ae355445913850f94e97296a

SHA1
a659a308b5bfc1ad7d0942a2f931096c0da745f8

SHA256
57103b14016895586e057703e59332f1292dcde81076efe8a9b25b5e20dfb1de

SHA512
1c3ef41af8762a5ca0b3e39356488bba0cc7afaa4bdf1490463c85a35dd6e301012ca8773cdb8bbcd76c79ace36642aabe2b70904d407735318605ad7a17fe38

Download Submit
C:\Windows\System\jZCixwd.exe

Filesize
2.1MB

MD5
511d0a75ea4b7444856ae9e43d2cdf32

SHA1
d7d8d622134f6e198402e7e995290de9e3b73e97

SHA256
23a67ed1872c0df8ad6f1e2c5fdf1fda5ccee3dc6ad6f73554e54b5545e42367

SHA512
c75c9b9def3f5e21ed11c81dce7c18e0f489bbe19381cb7d078d4dd54a6ff490d109b706335b4232d03c3bb7576b2bc50d6d6bf2b5a6524b6ab4e56321311a48

Download Submit
C:\Windows\System\kmPjIiF.exe

Filesize
2.1MB

MD5
09032ad1fa41ca2f1f2f00a44d3b80bc

SHA1
833bcd6ce4781c2695ccf7f698146b8b477936f5

SHA256
a35fb5c3fda465addd95ad1533dce0177f9ee81511a8f41d987fa594a4b79680

SHA512
93e200f901e364b902aca9912f2091940991160e814c1b2235948d2c654be5b7a24677e5aae1e617b13ba0841c42b2b05d4f336d6906975e4649e0653fa30d7c

Download Submit
C:\Windows\System\ksFaTVl.exe

Filesize
2.1MB

MD5
3aa1226cd817735f35ba1e757771739f

SHA1
23cc103b6ca174ad10b8284101026fff10eaffd9

SHA256
fe3f006bb3926f1573dd93cd69606aaf54a50f85bd6001331be4afb83edd630b

SHA512
ca530ae95f478e43e4729fae94bba52b3a884841a4957a5e88cb90714e48bd8645f0ae774e032beb7838765576b3b094099cf02d7f5e80f47fa3c9462ab62e97

Download Submit
C:\Windows\System\lzTIhkT.exe

Filesize
2.1MB

MD5
3197e6448a2b648694b1ace08d9b8539

SHA1
9401cea404b679a20b56164a5731cbd51137f49e

SHA256
91f5ad6d1e8d606d95d07b11a1d1ebc6dee590e2aae9846b7feabcd43dd797a1

SHA512
c78552f4c3c5553772bc72ffea687c81df4f86d46ec856963a35e58d92aaedc6ef8847266398aa0cb5dc21b402901d4aae7981aba22e0fa2c0f379f3d41e38ff

Download Submit
C:\Windows\System\nFLtXGK.exe

Filesize
2.1MB

MD5
8081b07cc83ff21574aa004606ebb16b

SHA1
d3a8a812b30b71e483711cb9ff6d1dd4b9cdc7b7

SHA256
3e862047003be4ad18d2abe05700edeefbd69b4540d44f6289719e80f4b92375

SHA512
18df48e859e0094794c327cb910ddc0ce0c8c2278524ad968c8238913707f52f2dbb1a8a1713d4428576eef2cf30c2d5c4be48018effaad8e96837c13c17d84d

Download Submit
C:\Windows\System\njBdkiC.exe

Filesize
2.1MB

MD5
cb4e4d408311322238901040ce08f926

SHA1
d5ac0bcc3b3026f65b425d20a486441da4010dca

SHA256
a595b73adf0ff7b27ad54eed25bbd9e852ebc18857707efd9985622d2fdb4f4a

SHA512
f1db9dec08ed1d8910f2b1b244c9eb8ae295f79dd77b8bd36aa2665439ba89ab5fce2e9ebcb48ff14a2d2edb38a30a519cc21262a63d5eaff3ff205210c55259

Download Submit
C:\Windows\System\nsbZHfi.exe

Filesize
2.1MB

MD5
d25849d4f7ea8e834fae85e8ba83c0eb

SHA1
53f3c973e5d410511d0ddeb1e81e6e88e16bfea8

SHA256
1e0d0ea0cf8e5dd55b2aa37fdd55ce9781892a52f6ca3ee525a778027229e0d3

SHA512
5ffbca7597c15302da501bfac12fc3a44115dfd3b88c6b56a316183f69f93857fcc4471e38ceffc48dd25f0307cf95767446323702d616f2c083676664f550c0

Download Submit
C:\Windows\System\oroQUbz.exe

Filesize
2.1MB

MD5
cfff12539b72e54b21f41db418e075d6

SHA1
6fbffd2b5cb76c921461683a2117925c1510a5d9

SHA256
a3a4f89d7ec1d2bedc862ec1e104fd30255a9aa60c6c1ce61b24ace895a8d879

SHA512
fa72ccf04849c324a3c78989f1c3c62fd3d56022fe6c365be373552f43322a8935b9a68c739f0922bc748d6f8df419e057bb85fbd2cb2bf9d8747b826395181c

Download Submit
C:\Windows\System\vrBcTXq.exe

Filesize
2.1MB

MD5
ce8c3401c220b493b93a0a967c972cb1

SHA1
858fe1f6f6a9b41da8e2a41e2d38e66d556955cb

SHA256
7caecfb4be43e204c2bb81ebccbdce5f9c81d56738a1e19bf8b66ee3f0c8197e

SHA512
21524521500c0f103b01c9255d4b52385453560f2dfa13ea2279d87c746d963775239c11849eb14e8a095f1c566b991ec25d4b5f6d517e8183792793e6d2a320

Download Submit
C:\Windows\System\wFiujlU.exe

Filesize
2.1MB

MD5
e9847ca8f5a9b8d49485a3b8214c3ea3

SHA1
aa13e4ef48d0e09f2f18ea2deabc0043ab7cab04

SHA256
734f42b01df3729c29b2e07339700c153a2dd78430ab59ecdf0956e85d0ae846

SHA512
4610194b15b664aa656447b8a164fa736d7b030710a09fe2b305a2ac08f9f74058291076897bc52f0d631d7b29411ef1379492d9f74f72b699fa9e25ea2e485d

Download Submit
C:\Windows\System\xOeufay.exe

Filesize
2.1MB

MD5
0a566c51a77bb8e3ff271a648f46000d

SHA1
fff6ebc7c9167bbaed9cf505296d38a524018e6c

SHA256
8925ad9979f21796bc61a738d2490d5c6f049ba81bcd128dae4c3499ff842f6f

SHA512
64fbce36e68729c4454b61fff6975c69353cd9b428abf707fa457ca80cdb06ec98f802898428ccc5d248519e455f4d7ddac44c5e10d2a0268082cf76f4beaf72

Download Submit
C:\Windows\System\ztNuOEO.exe

Filesize
2.1MB

MD5
4d1fce2e719e564bc7a67e69117c0982

SHA1
7c56d0adf4b841a0c8696f647fa1c82c04735062

SHA256
6c33b5efae4fb154d68d8bbc973dbe45e552e68b00cc80b3da6bd0daccfa43e8

SHA512
0a3d0307dc076bbe2d3dc47a928aa0ce65da1db4d1f5b6f7eea9da2f50533e531aba0f6241185680917f8ee0d5da9cf5ac4ec4559aec73538819de90f1f35420

Download Submit
memory/856-178-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp

Filesize
3.3MB

Download
memory/856-2170-0x00007FF6A75B0000-0x00007FF6A7904000-memory.dmp

Filesize
3.3MB

Download
memory/1220-163-0x00007FF6E80C0000-0x00007FF6E8414000-memory.dmp

Filesize
3.3MB

Download
memory/1220-2164-0x00007FF6E80C0000-0x00007FF6E8414000-memory.dmp

Filesize
3.3MB

Download
memory/1348-2166-0x00007FF7CB970000-0x00007FF7CBCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-170-0x00007FF7CB970000-0x00007FF7CBCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1352-180-0x00007FF685EB0000-0x00007FF686204000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2171-0x00007FF685EB0000-0x00007FF686204000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2165-0x00007FF6381C0000-0x00007FF638514000-memory.dmp

Filesize
3.3MB

Download
memory/1448-171-0x00007FF6381C0000-0x00007FF638514000-memory.dmp

Filesize
3.3MB

Download
memory/1500-58-0x00007FF6B28E0000-0x00007FF6B2C34000-memory.dmp

Filesize
3.3MB

Download
memory/1500-2157-0x00007FF6B28E0000-0x00007FF6B2C34000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2159-0x00007FF7082E0000-0x00007FF708634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-53-0x00007FF7082E0000-0x00007FF708634000-memory.dmp

Filesize
3.3MB

Download
memory/2240-48-0x00007FF78C700000-0x00007FF78CA54000-memory.dmp

Filesize
3.3MB

Download
memory/2240-2154-0x00007FF78C700000-0x00007FF78CA54000-memory.dmp

Filesize
3.3MB

Download
memory/2472-2172-0x00007FF767520000-0x00007FF767874000-memory.dmp

Filesize
3.3MB

Download
memory/2472-183-0x00007FF767520000-0x00007FF767874000-memory.dmp

Filesize
3.3MB

Download
memory/2872-51-0x00007FF6C3E00000-0x00007FF6C4154000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2155-0x00007FF6C3E00000-0x00007FF6C4154000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2167-0x00007FF683410000-0x00007FF683764000-memory.dmp

Filesize
3.3MB

Download
memory/2924-177-0x00007FF683410000-0x00007FF683764000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2153-0x00007FF6CBAB0000-0x00007FF6CBE04000-memory.dmp

Filesize
3.3MB

Download
memory/3064-28-0x00007FF6CBAB0000-0x00007FF6CBE04000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2160-0x00007FF66EA50000-0x00007FF66EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-56-0x00007FF66EA50000-0x00007FF66EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3224-179-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp

Filesize
3.3MB

Download
memory/3224-2169-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp

Filesize
3.3MB

Download
memory/3356-158-0x00007FF707240000-0x00007FF707594000-memory.dmp

Filesize
3.3MB

Download
memory/3356-2163-0x00007FF707240000-0x00007FF707594000-memory.dmp

Filesize
3.3MB

Download
memory/3412-190-0x00007FF7EAF30000-0x00007FF7EB284000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2176-0x00007FF7EAF30000-0x00007FF7EB284000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2158-0x00007FF680510000-0x00007FF680864000-memory.dmp

Filesize
3.3MB

Download
memory/3712-130-0x00007FF680510000-0x00007FF680864000-memory.dmp

Filesize
3.3MB

Download
memory/3760-182-0x00007FF702580000-0x00007FF7028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-2180-0x00007FF702580000-0x00007FF7028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-2175-0x00007FF617070000-0x00007FF6173C4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-181-0x00007FF617070000-0x00007FF6173C4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-15-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2152-0x00007FF6B33D0000-0x00007FF6B3724000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2178-0x00007FF780740000-0x00007FF780A94000-memory.dmp

Filesize
3.3MB

Download
memory/4104-187-0x00007FF780740000-0x00007FF780A94000-memory.dmp

Filesize
3.3MB

Download
memory/4244-191-0x00007FF601B80000-0x00007FF601ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-2179-0x00007FF601B80000-0x00007FF601ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-188-0x00007FF65F280000-0x00007FF65F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2161-0x00007FF65F280000-0x00007FF65F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4532-185-0x00007FF661DC0000-0x00007FF662114000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2177-0x00007FF661DC0000-0x00007FF662114000-memory.dmp

Filesize
3.3MB

Download
memory/4748-184-0x00007FF6A7050000-0x00007FF6A73A4000-memory.dmp

Filesize
3.3MB

Download
memory/4748-2173-0x00007FF6A7050000-0x00007FF6A73A4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-176-0x00007FF681840000-0x00007FF681B94000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2168-0x00007FF681840000-0x00007FF681B94000-memory.dmp

Filesize
3.3MB

Download
memory/4832-1-0x000001C04B2D0000-0x000001C04B2E0000-memory.dmp

Filesize
64KB

Download
memory/4832-2151-0x00007FF76CE30000-0x00007FF76D184000-memory.dmp

Filesize
3.3MB

Download
memory/4832-0-0x00007FF76CE30000-0x00007FF76D184000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2156-0x00007FF6BD230000-0x00007FF6BD584000-memory.dmp

Filesize
3.3MB

Download
memory/4844-52-0x00007FF6BD230000-0x00007FF6BD584000-memory.dmp

Filesize
3.3MB

Download
memory/4944-189-0x00007FF6A0610000-0x00007FF6A0964000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2162-0x00007FF6A0610000-0x00007FF6A0964000-memory.dmp

Filesize
3.3MB

Download
memory/5012-186-0x00007FF6D06B0000-0x00007FF6D0A04000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2174-0x00007FF6D06B0000-0x00007FF6D0A04000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads