xmrig | b1a09d0214d090fe1e3bc712afbee627bd62864d2e1247b866b9ce51ace4ba08

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
Size

2.6MB
MD5

22d03afd13f6d25b0fc7ba439fbf7910
SHA1

6c43ceec6779ad4fed7ef4eeb8c7bf84bae92637
SHA256

b1a09d0214d090fe1e3bc712afbee627bd62864d2e1247b866b9ce51ace4ba08
SHA512

5d587aa25c5e1def19d264b3b1be26657bad5f39d2eff2a299226afe9d21e159a4fe845332c85329077d76013dc572d62d93e02233e4086897409e888da5b916
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPIH2BdfCgz:BemTLkNdfE0pZrV56utgpPx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4920-0-0x00007FF608970000-0x00007FF608CC4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023437-5.dat	xmrig
behavioral2/memory/5080-12-0x00007FF6BDE50000-0x00007FF6BE1A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-8.dat	xmrig
behavioral2/files/0x0007000000023443-20.dat	xmrig
behavioral2/files/0x0007000000023444-38.dat	xmrig
behavioral2/files/0x0007000000023446-48.dat	xmrig
behavioral2/files/0x000700000002344c-73.dat	xmrig
behavioral2/files/0x000700000002344d-84.dat	xmrig
behavioral2/memory/4436-98-0x00007FF6CFF60000-0x00007FF6D02B4000-memory.dmp	xmrig
behavioral2/memory/2244-101-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp	xmrig
behavioral2/memory/4932-104-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp	xmrig
behavioral2/memory/4864-103-0x00007FF739CE0000-0x00007FF73A034000-memory.dmp	xmrig
behavioral2/memory/1736-102-0x00007FF69D860000-0x00007FF69DBB4000-memory.dmp	xmrig
behavioral2/memory/2880-100-0x00007FF6159C0000-0x00007FF615D14000-memory.dmp	xmrig
behavioral2/memory/4348-99-0x00007FF641BE0000-0x00007FF641F34000-memory.dmp	xmrig
behavioral2/files/0x000700000002344f-95.dat	xmrig
behavioral2/files/0x000700000002344e-94.dat	xmrig
behavioral2/memory/1516-91-0x00007FF723F60000-0x00007FF7242B4000-memory.dmp	xmrig
behavioral2/memory/1448-88-0x00007FF75A000000-0x00007FF75A354000-memory.dmp	xmrig
behavioral2/memory/1984-87-0x00007FF6710B0000-0x00007FF671404000-memory.dmp	xmrig
behavioral2/memory/4288-80-0x00007FF6D6190000-0x00007FF6D64E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002344b-78.dat	xmrig
behavioral2/files/0x000700000002344a-71.dat	xmrig
behavioral2/files/0x0007000000023449-67.dat	xmrig
behavioral2/files/0x0007000000023448-66.dat	xmrig
behavioral2/memory/4068-65-0x00007FF7BA290000-0x00007FF7BA5E4000-memory.dmp	xmrig
behavioral2/memory/3976-63-0x00007FF64A8F0000-0x00007FF64AC44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023447-60.dat	xmrig
behavioral2/files/0x0007000000023445-57.dat	xmrig
behavioral2/memory/1316-49-0x00007FF7E32B0000-0x00007FF7E3604000-memory.dmp	xmrig
behavioral2/files/0x0007000000023442-35.dat	xmrig
behavioral2/files/0x0007000000023440-31.dat	xmrig
behavioral2/memory/3492-30-0x00007FF76CE00000-0x00007FF76D154000-memory.dmp	xmrig
behavioral2/memory/3964-21-0x00007FF653E10000-0x00007FF654164000-memory.dmp	xmrig
behavioral2/files/0x0007000000023450-106.dat	xmrig
behavioral2/memory/3056-112-0x00007FF6FAF40000-0x00007FF6FB294000-memory.dmp	xmrig
behavioral2/files/0x000a000000023438-113.dat	xmrig
behavioral2/memory/544-116-0x00007FF7779E0000-0x00007FF777D34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023452-119.dat	xmrig
behavioral2/memory/3096-120-0x00007FF6188E0000-0x00007FF618C34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023453-125.dat	xmrig
behavioral2/files/0x0007000000023454-131.dat	xmrig
behavioral2/files/0x0007000000023455-136.dat	xmrig
behavioral2/memory/1416-137-0x00007FF67BB70000-0x00007FF67BEC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023456-142.dat	xmrig
behavioral2/files/0x0007000000023457-146.dat	xmrig
behavioral2/files/0x000700000002345b-160.dat	xmrig
behavioral2/files/0x000700000002345a-180.dat	xmrig
behavioral2/memory/4680-194-0x00007FF731500000-0x00007FF731854000-memory.dmp	xmrig
behavioral2/memory/1692-196-0x00007FF75D860000-0x00007FF75DBB4000-memory.dmp	xmrig
behavioral2/memory/1968-210-0x00007FF6E5A40000-0x00007FF6E5D94000-memory.dmp	xmrig
behavioral2/memory/1412-212-0x00007FF6CE6D0000-0x00007FF6CEA24000-memory.dmp	xmrig
behavioral2/memory/4844-211-0x00007FF66B2B0000-0x00007FF66B604000-memory.dmp	xmrig
behavioral2/memory/3664-207-0x00007FF7A7DC0000-0x00007FF7A8114000-memory.dmp	xmrig
behavioral2/files/0x000700000002345d-191.dat	xmrig
behavioral2/files/0x0007000000023460-190.dat	xmrig
behavioral2/files/0x000700000002345c-186.dat	xmrig
behavioral2/files/0x0007000000023459-184.dat	xmrig
behavioral2/files/0x000700000002345f-183.dat	xmrig
behavioral2/memory/1956-179-0x00007FF6A0950000-0x00007FF6A0CA4000-memory.dmp	xmrig
behavioral2/memory/4152-175-0x00007FF6AFF40000-0x00007FF6B0294000-memory.dmp	xmrig
behavioral2/files/0x000700000002345e-174.dat	xmrig
behavioral2/files/0x0007000000023458-165.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5080	MuWhTik.exe
3964	NXuOepE.exe
2880	hHuImzI.exe
3492	fFGdPNo.exe
1316	rRSXvvB.exe
2244	hqWvKqC.exe
3976	jaUJcHt.exe
4068	xWFswle.exe
4288	KicdTnD.exe
1736	UFjJXWi.exe
1984	LWUUxYw.exe
1448	qUwqmBN.exe
1516	JnqOfxa.exe
4864	LQQBEpV.exe
4932	xkjUGSL.exe
4436	CRhWNqh.exe
4348	zpvSoTk.exe
3056	uFrMjVW.exe
544	oXhhqvw.exe
3096	gCkmlxs.exe
1416	WMQnFcD.exe
4844	NTMmnVo.exe
4152	rrhytex.exe
1412	MddvhBn.exe
1956	IiRMeJU.exe
4680	lGmzaiO.exe
1692	tZRDTnM.exe
3664	LmCizIC.exe
1968	MQGkwcc.exe
3792	nLoKTLH.exe
1948	WHQTdUl.exe
2688	MhidrQy.exe
224	smiSEdR.exe
408	JlhhUfr.exe
4224	UZtasTc.exe
648	CFquEUJ.exe
4868	kcbtThg.exe
5036	uYaLlae.exe
4316	GbNaEio.exe
4604	YmKiPhV.exe
4232	LHsQYrd.exe
2712	SJAPYSt.exe
4236	ySkIrrJ.exe
4752	cMqKXaC.exe
4704	mByFCvI.exe
2600	luyPDTJ.exe
2580	AdwfIsN.exe
2876	ZxMImtB.exe
2372	LvnbZiW.exe
4632	skobQfd.exe
1340	TaKoUCk.exe
1608	MrROfmH.exe
5116	DVRVITs.exe
400	LYnAiSA.exe
1708	TZCrmRJ.exe
3692	Biwagrb.exe
3272	hCuWYZL.exe
1620	tvaTdye.exe
4216	Kugdrxa.exe
4412	HRyRWLj.exe
1392	AjyZWCB.exe
3836	LOmMmqd.exe
1052	NNeFWGS.exe
956	QFTAGwT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4920-0-0x00007FF608970000-0x00007FF608CC4000-memory.dmp	upx
behavioral2/files/0x0009000000023437-5.dat	upx
behavioral2/memory/5080-12-0x00007FF6BDE50000-0x00007FF6BE1A4000-memory.dmp	upx
behavioral2/files/0x0007000000023441-8.dat	upx
behavioral2/files/0x0007000000023443-20.dat	upx
behavioral2/files/0x0007000000023444-38.dat	upx
behavioral2/files/0x0007000000023446-48.dat	upx
behavioral2/files/0x000700000002344c-73.dat	upx
behavioral2/files/0x000700000002344d-84.dat	upx
behavioral2/memory/4436-98-0x00007FF6CFF60000-0x00007FF6D02B4000-memory.dmp	upx
behavioral2/memory/2244-101-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp	upx
behavioral2/memory/4932-104-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp	upx
behavioral2/memory/4864-103-0x00007FF739CE0000-0x00007FF73A034000-memory.dmp	upx
behavioral2/memory/1736-102-0x00007FF69D860000-0x00007FF69DBB4000-memory.dmp	upx
behavioral2/memory/2880-100-0x00007FF6159C0000-0x00007FF615D14000-memory.dmp	upx
behavioral2/memory/4348-99-0x00007FF641BE0000-0x00007FF641F34000-memory.dmp	upx
behavioral2/files/0x000700000002344f-95.dat	upx
behavioral2/files/0x000700000002344e-94.dat	upx
behavioral2/memory/1516-91-0x00007FF723F60000-0x00007FF7242B4000-memory.dmp	upx
behavioral2/memory/1448-88-0x00007FF75A000000-0x00007FF75A354000-memory.dmp	upx
behavioral2/memory/1984-87-0x00007FF6710B0000-0x00007FF671404000-memory.dmp	upx
behavioral2/memory/4288-80-0x00007FF6D6190000-0x00007FF6D64E4000-memory.dmp	upx
behavioral2/files/0x000700000002344b-78.dat	upx
behavioral2/files/0x000700000002344a-71.dat	upx
behavioral2/files/0x0007000000023449-67.dat	upx
behavioral2/files/0x0007000000023448-66.dat	upx
behavioral2/memory/4068-65-0x00007FF7BA290000-0x00007FF7BA5E4000-memory.dmp	upx
behavioral2/memory/3976-63-0x00007FF64A8F0000-0x00007FF64AC44000-memory.dmp	upx
behavioral2/files/0x0007000000023447-60.dat	upx
behavioral2/files/0x0007000000023445-57.dat	upx
behavioral2/memory/1316-49-0x00007FF7E32B0000-0x00007FF7E3604000-memory.dmp	upx
behavioral2/files/0x0007000000023442-35.dat	upx
behavioral2/files/0x0007000000023440-31.dat	upx
behavioral2/memory/3492-30-0x00007FF76CE00000-0x00007FF76D154000-memory.dmp	upx
behavioral2/memory/3964-21-0x00007FF653E10000-0x00007FF654164000-memory.dmp	upx
behavioral2/files/0x0007000000023450-106.dat	upx
behavioral2/memory/3056-112-0x00007FF6FAF40000-0x00007FF6FB294000-memory.dmp	upx
behavioral2/files/0x000a000000023438-113.dat	upx
behavioral2/memory/544-116-0x00007FF7779E0000-0x00007FF777D34000-memory.dmp	upx
behavioral2/files/0x0007000000023452-119.dat	upx
behavioral2/memory/3096-120-0x00007FF6188E0000-0x00007FF618C34000-memory.dmp	upx
behavioral2/files/0x0007000000023453-125.dat	upx
behavioral2/files/0x0007000000023454-131.dat	upx
behavioral2/files/0x0007000000023455-136.dat	upx
behavioral2/memory/1416-137-0x00007FF67BB70000-0x00007FF67BEC4000-memory.dmp	upx
behavioral2/files/0x0007000000023456-142.dat	upx
behavioral2/files/0x0007000000023457-146.dat	upx
behavioral2/files/0x000700000002345b-160.dat	upx
behavioral2/files/0x000700000002345a-180.dat	upx
behavioral2/memory/4680-194-0x00007FF731500000-0x00007FF731854000-memory.dmp	upx
behavioral2/memory/1692-196-0x00007FF75D860000-0x00007FF75DBB4000-memory.dmp	upx
behavioral2/memory/1968-210-0x00007FF6E5A40000-0x00007FF6E5D94000-memory.dmp	upx
behavioral2/memory/1412-212-0x00007FF6CE6D0000-0x00007FF6CEA24000-memory.dmp	upx
behavioral2/memory/4844-211-0x00007FF66B2B0000-0x00007FF66B604000-memory.dmp	upx
behavioral2/memory/3664-207-0x00007FF7A7DC0000-0x00007FF7A8114000-memory.dmp	upx
behavioral2/files/0x000700000002345d-191.dat	upx
behavioral2/files/0x0007000000023460-190.dat	upx
behavioral2/files/0x000700000002345c-186.dat	upx
behavioral2/files/0x0007000000023459-184.dat	upx
behavioral2/files/0x000700000002345f-183.dat	upx
behavioral2/memory/1956-179-0x00007FF6A0950000-0x00007FF6A0CA4000-memory.dmp	upx
behavioral2/memory/4152-175-0x00007FF6AFF40000-0x00007FF6B0294000-memory.dmp	upx
behavioral2/files/0x000700000002345e-174.dat	upx
behavioral2/files/0x0007000000023458-165.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JZAWeEo.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\aixRnfY.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\QQnWrmQ.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\clYkvVn.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\YSvMVHz.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\KDncORi.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\VifKlRj.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\FjYzNhY.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\qUwqmBN.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\zpvSoTk.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\HmmOGFa.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\uBWSmZY.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\xtgZhFR.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\GhgPqzw.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\ASOLvST.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\mLwboPr.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\VMBHMeP.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\vfIhUgY.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\HMrnkEe.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\QvlXPbm.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\oTeqTzk.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\hANFovU.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\JqifLiz.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\uNAtxhj.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\ZFNKMHi.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\bkGLsqd.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\oXOwiNJ.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\KcrSZEk.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\zJYHRFH.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\bdIkFvm.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\LkmvOnn.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\MGZAwQm.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\XLxLbni.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\mBmzUxq.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\qyZOEOn.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\xXpgIcL.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\oXhhqvw.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\lGmzaiO.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\luyPDTJ.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\yWbJICU.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\RMRglvT.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\xWVGuOz.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\UCYxzdd.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\AdwfIsN.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\gUEVuim.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\pUUavys.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\JbHxGpq.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\sYgPHgE.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\cMqKXaC.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\hXpprvL.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\lpfPwlM.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\jBcsPvf.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\MpylVvb.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\bbFWAwy.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\EQICMjA.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\nUvbulQ.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\enBnbrc.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\YGZqWrE.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\kgRLvaV.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\xkjUGSL.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\ZtzJOCN.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\NuuUUIK.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\aAHccSz.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
File created	C:\Windows\System\izeiDVO.exe	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15152	dwm.exe
Token: SeChangeNotifyPrivilege	15152	dwm.exe
Token: 33	15152	dwm.exe
Token: SeIncBasePriorityPrivilege	15152	dwm.exe
Token: SeShutdownPrivilege	15152	dwm.exe
Token: SeCreatePagefilePrivilege	15152	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 5080	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	84
PID 4920 wrote to memory of 5080	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	84
PID 4920 wrote to memory of 2880	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	85
PID 4920 wrote to memory of 2880	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	85
PID 4920 wrote to memory of 3964	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	86
PID 4920 wrote to memory of 3964	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	86
PID 4920 wrote to memory of 3492	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	87
PID 4920 wrote to memory of 3492	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	87
PID 4920 wrote to memory of 1316	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	88
PID 4920 wrote to memory of 1316	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	88
PID 4920 wrote to memory of 2244	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	89
PID 4920 wrote to memory of 2244	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	89
PID 4920 wrote to memory of 3976	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	90
PID 4920 wrote to memory of 3976	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	90
PID 4920 wrote to memory of 4288	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	91
PID 4920 wrote to memory of 4288	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	91
PID 4920 wrote to memory of 4068	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	92
PID 4920 wrote to memory of 4068	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	92
PID 4920 wrote to memory of 1736	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	93
PID 4920 wrote to memory of 1736	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	93
PID 4920 wrote to memory of 1984	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	94
PID 4920 wrote to memory of 1984	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	94
PID 4920 wrote to memory of 1448	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	95
PID 4920 wrote to memory of 1448	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	95
PID 4920 wrote to memory of 1516	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	96
PID 4920 wrote to memory of 1516	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	96
PID 4920 wrote to memory of 4864	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	97
PID 4920 wrote to memory of 4864	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	97
PID 4920 wrote to memory of 4932	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	98
PID 4920 wrote to memory of 4932	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	98
PID 4920 wrote to memory of 4436	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	99
PID 4920 wrote to memory of 4436	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	99
PID 4920 wrote to memory of 4348	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	100
PID 4920 wrote to memory of 4348	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	100
PID 4920 wrote to memory of 3056	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	101
PID 4920 wrote to memory of 3056	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	101
PID 4920 wrote to memory of 544	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	102
PID 4920 wrote to memory of 544	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	102
PID 4920 wrote to memory of 3096	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	103
PID 4920 wrote to memory of 3096	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	103
PID 4920 wrote to memory of 1416	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	104
PID 4920 wrote to memory of 1416	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	104
PID 4920 wrote to memory of 4844	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	105
PID 4920 wrote to memory of 4844	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	105
PID 4920 wrote to memory of 4152	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	107
PID 4920 wrote to memory of 4152	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	107
PID 4920 wrote to memory of 1412	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	108
PID 4920 wrote to memory of 1412	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	108
PID 4920 wrote to memory of 1956	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	109
PID 4920 wrote to memory of 1956	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	109
PID 4920 wrote to memory of 4680	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	111
PID 4920 wrote to memory of 4680	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	111
PID 4920 wrote to memory of 1692	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	112
PID 4920 wrote to memory of 1692	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	112
PID 4920 wrote to memory of 3664	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	113
PID 4920 wrote to memory of 3664	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	113
PID 4920 wrote to memory of 1968	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	114
PID 4920 wrote to memory of 1968	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	114
PID 4920 wrote to memory of 3792	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	115
PID 4920 wrote to memory of 3792	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	115
PID 4920 wrote to memory of 408	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	116
PID 4920 wrote to memory of 408	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	116
PID 4920 wrote to memory of 1948	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	117
PID 4920 wrote to memory of 1948	4920	22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22d03afd13f6d25b0fc7ba439fbf7910_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\System\MuWhTik.exe
  C:\Windows\System\MuWhTik.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\hHuImzI.exe
  C:\Windows\System\hHuImzI.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\NXuOepE.exe
  C:\Windows\System\NXuOepE.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\fFGdPNo.exe
  C:\Windows\System\fFGdPNo.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\rRSXvvB.exe
  C:\Windows\System\rRSXvvB.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\hqWvKqC.exe
  C:\Windows\System\hqWvKqC.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\jaUJcHt.exe
  C:\Windows\System\jaUJcHt.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\KicdTnD.exe
  C:\Windows\System\KicdTnD.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\xWFswle.exe
  C:\Windows\System\xWFswle.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\UFjJXWi.exe
  C:\Windows\System\UFjJXWi.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\LWUUxYw.exe
  C:\Windows\System\LWUUxYw.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\qUwqmBN.exe
  C:\Windows\System\qUwqmBN.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\JnqOfxa.exe
  C:\Windows\System\JnqOfxa.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\LQQBEpV.exe
  C:\Windows\System\LQQBEpV.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\xkjUGSL.exe
  C:\Windows\System\xkjUGSL.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\CRhWNqh.exe
  C:\Windows\System\CRhWNqh.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\zpvSoTk.exe
  C:\Windows\System\zpvSoTk.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\uFrMjVW.exe
  C:\Windows\System\uFrMjVW.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\oXhhqvw.exe
  C:\Windows\System\oXhhqvw.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\gCkmlxs.exe
  C:\Windows\System\gCkmlxs.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\WMQnFcD.exe
  C:\Windows\System\WMQnFcD.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\NTMmnVo.exe
  C:\Windows\System\NTMmnVo.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\rrhytex.exe
  C:\Windows\System\rrhytex.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\MddvhBn.exe
  C:\Windows\System\MddvhBn.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\IiRMeJU.exe
  C:\Windows\System\IiRMeJU.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\lGmzaiO.exe
  C:\Windows\System\lGmzaiO.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\tZRDTnM.exe
  C:\Windows\System\tZRDTnM.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\LmCizIC.exe
  C:\Windows\System\LmCizIC.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\MQGkwcc.exe
  C:\Windows\System\MQGkwcc.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\nLoKTLH.exe
  C:\Windows\System\nLoKTLH.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\JlhhUfr.exe
  C:\Windows\System\JlhhUfr.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\WHQTdUl.exe
  C:\Windows\System\WHQTdUl.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\MhidrQy.exe
  C:\Windows\System\MhidrQy.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\smiSEdR.exe
  C:\Windows\System\smiSEdR.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\UZtasTc.exe
  C:\Windows\System\UZtasTc.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\CFquEUJ.exe
  C:\Windows\System\CFquEUJ.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\kcbtThg.exe
  C:\Windows\System\kcbtThg.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\uYaLlae.exe
  C:\Windows\System\uYaLlae.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\GbNaEio.exe
  C:\Windows\System\GbNaEio.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\YmKiPhV.exe
  C:\Windows\System\YmKiPhV.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\LHsQYrd.exe
  C:\Windows\System\LHsQYrd.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\SJAPYSt.exe
  C:\Windows\System\SJAPYSt.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ySkIrrJ.exe
  C:\Windows\System\ySkIrrJ.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\cMqKXaC.exe
  C:\Windows\System\cMqKXaC.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\mByFCvI.exe
  C:\Windows\System\mByFCvI.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\luyPDTJ.exe
  C:\Windows\System\luyPDTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\AdwfIsN.exe
  C:\Windows\System\AdwfIsN.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ZxMImtB.exe
  C:\Windows\System\ZxMImtB.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\LvnbZiW.exe
  C:\Windows\System\LvnbZiW.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\skobQfd.exe
  C:\Windows\System\skobQfd.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\TaKoUCk.exe
  C:\Windows\System\TaKoUCk.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\MrROfmH.exe
  C:\Windows\System\MrROfmH.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\DVRVITs.exe
  C:\Windows\System\DVRVITs.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\LYnAiSA.exe
  C:\Windows\System\LYnAiSA.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\TZCrmRJ.exe
  C:\Windows\System\TZCrmRJ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\Biwagrb.exe
  C:\Windows\System\Biwagrb.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\hCuWYZL.exe
  C:\Windows\System\hCuWYZL.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\tvaTdye.exe
  C:\Windows\System\tvaTdye.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\Kugdrxa.exe
  C:\Windows\System\Kugdrxa.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\HRyRWLj.exe
  C:\Windows\System\HRyRWLj.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\AjyZWCB.exe
  C:\Windows\System\AjyZWCB.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\LOmMmqd.exe
  C:\Windows\System\LOmMmqd.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\NNeFWGS.exe
  C:\Windows\System\NNeFWGS.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\QFTAGwT.exe
  C:\Windows\System\QFTAGwT.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\JbjtcMO.exe
  C:\Windows\System\JbjtcMO.exe
  2⤵
  PID:1400
- C:\Windows\System\HHMYMDz.exe
  C:\Windows\System\HHMYMDz.exe
  2⤵
  PID:3896
- C:\Windows\System\TRkylpK.exe
  C:\Windows\System\TRkylpK.exe
  2⤵
  PID:2256
- C:\Windows\System\qMbzdut.exe
  C:\Windows\System\qMbzdut.exe
  2⤵
  PID:384
- C:\Windows\System\ZFhbluM.exe
  C:\Windows\System\ZFhbluM.exe
  2⤵
  PID:1776
- C:\Windows\System\VCKIBhc.exe
  C:\Windows\System\VCKIBhc.exe
  2⤵
  PID:4776
- C:\Windows\System\ttRVYHk.exe
  C:\Windows\System\ttRVYHk.exe
  2⤵
  PID:1480
- C:\Windows\System\wjxlxJH.exe
  C:\Windows\System\wjxlxJH.exe
  2⤵
  PID:4592
- C:\Windows\System\YfoRWiQ.exe
  C:\Windows\System\YfoRWiQ.exe
  2⤵
  PID:4644
- C:\Windows\System\aEtutLG.exe
  C:\Windows\System\aEtutLG.exe
  2⤵
  PID:616
- C:\Windows\System\wQRUjcL.exe
  C:\Windows\System\wQRUjcL.exe
  2⤵
  PID:4892
- C:\Windows\System\yqHCMKN.exe
  C:\Windows\System\yqHCMKN.exe
  2⤵
  PID:3036
- C:\Windows\System\yWbJICU.exe
  C:\Windows\System\yWbJICU.exe
  2⤵
  PID:1144
- C:\Windows\System\bPCmLWp.exe
  C:\Windows\System\bPCmLWp.exe
  2⤵
  PID:5132
- C:\Windows\System\WjUQxgb.exe
  C:\Windows\System\WjUQxgb.exe
  2⤵
  PID:5160
- C:\Windows\System\mEPTMxU.exe
  C:\Windows\System\mEPTMxU.exe
  2⤵
  PID:5188
- C:\Windows\System\fllundu.exe
  C:\Windows\System\fllundu.exe
  2⤵
  PID:5208
- C:\Windows\System\ZJhVhuQ.exe
  C:\Windows\System\ZJhVhuQ.exe
  2⤵
  PID:5224
- C:\Windows\System\hXpprvL.exe
  C:\Windows\System\hXpprvL.exe
  2⤵
  PID:5248
- C:\Windows\System\IjobSUj.exe
  C:\Windows\System\IjobSUj.exe
  2⤵
  PID:5288
- C:\Windows\System\hXqYmHn.exe
  C:\Windows\System\hXqYmHn.exe
  2⤵
  PID:5320
- C:\Windows\System\UipIcMs.exe
  C:\Windows\System\UipIcMs.exe
  2⤵
  PID:5352
- C:\Windows\System\VDYEgQA.exe
  C:\Windows\System\VDYEgQA.exe
  2⤵
  PID:5384
- C:\Windows\System\qSdlHYF.exe
  C:\Windows\System\qSdlHYF.exe
  2⤵
  PID:5428
- C:\Windows\System\LkmvOnn.exe
  C:\Windows\System\LkmvOnn.exe
  2⤵
  PID:5460
- C:\Windows\System\drQaRBC.exe
  C:\Windows\System\drQaRBC.exe
  2⤵
  PID:5488
- C:\Windows\System\IoLxroG.exe
  C:\Windows\System\IoLxroG.exe
  2⤵
  PID:5520
- C:\Windows\System\XQbsraj.exe
  C:\Windows\System\XQbsraj.exe
  2⤵
  PID:5536
- C:\Windows\System\zcvIdSc.exe
  C:\Windows\System\zcvIdSc.exe
  2⤵
  PID:5568
- C:\Windows\System\YHjpImY.exe
  C:\Windows\System\YHjpImY.exe
  2⤵
  PID:5592
- C:\Windows\System\WDTFRhz.exe
  C:\Windows\System\WDTFRhz.exe
  2⤵
  PID:5632
- C:\Windows\System\SeQpUTF.exe
  C:\Windows\System\SeQpUTF.exe
  2⤵
  PID:5652
- C:\Windows\System\pAfNiMa.exe
  C:\Windows\System\pAfNiMa.exe
  2⤵
  PID:5692
- C:\Windows\System\GgpynFv.exe
  C:\Windows\System\GgpynFv.exe
  2⤵
  PID:5720
- C:\Windows\System\WZAPpTp.exe
  C:\Windows\System\WZAPpTp.exe
  2⤵
  PID:5736
- C:\Windows\System\wikQSvI.exe
  C:\Windows\System\wikQSvI.exe
  2⤵
  PID:5776
- C:\Windows\System\pUdhxyv.exe
  C:\Windows\System\pUdhxyv.exe
  2⤵
  PID:5796
- C:\Windows\System\GCChdIk.exe
  C:\Windows\System\GCChdIk.exe
  2⤵
  PID:5832
- C:\Windows\System\pCkrATe.exe
  C:\Windows\System\pCkrATe.exe
  2⤵
  PID:5860
- C:\Windows\System\WqMvfHb.exe
  C:\Windows\System\WqMvfHb.exe
  2⤵
  PID:5896
- C:\Windows\System\gwtjBcP.exe
  C:\Windows\System\gwtjBcP.exe
  2⤵
  PID:5924
- C:\Windows\System\rglettl.exe
  C:\Windows\System\rglettl.exe
  2⤵
  PID:5944
- C:\Windows\System\mpYvdzs.exe
  C:\Windows\System\mpYvdzs.exe
  2⤵
  PID:5972
- C:\Windows\System\BpDlDfV.exe
  C:\Windows\System\BpDlDfV.exe
  2⤵
  PID:6008
- C:\Windows\System\vfIhUgY.exe
  C:\Windows\System\vfIhUgY.exe
  2⤵
  PID:6040
- C:\Windows\System\EJqWgxM.exe
  C:\Windows\System\EJqWgxM.exe
  2⤵
  PID:6068
- C:\Windows\System\cdFukcG.exe
  C:\Windows\System\cdFukcG.exe
  2⤵
  PID:6100
- C:\Windows\System\PkhchWE.exe
  C:\Windows\System\PkhchWE.exe
  2⤵
  PID:6124
- C:\Windows\System\nVdjoSG.exe
  C:\Windows\System\nVdjoSG.exe
  2⤵
  PID:5148
- C:\Windows\System\EfqFvLx.exe
  C:\Windows\System\EfqFvLx.exe
  2⤵
  PID:5196
- C:\Windows\System\BJDZvhw.exe
  C:\Windows\System\BJDZvhw.exe
  2⤵
  PID:5240
- C:\Windows\System\UBNHkvD.exe
  C:\Windows\System\UBNHkvD.exe
  2⤵
  PID:5400
- C:\Windows\System\MpylVvb.exe
  C:\Windows\System\MpylVvb.exe
  2⤵
  PID:5452
- C:\Windows\System\mdsyLcy.exe
  C:\Windows\System\mdsyLcy.exe
  2⤵
  PID:5516
- C:\Windows\System\XBHmwPL.exe
  C:\Windows\System\XBHmwPL.exe
  2⤵
  PID:5548
- C:\Windows\System\IdNsQlY.exe
  C:\Windows\System\IdNsQlY.exe
  2⤵
  PID:5644
- C:\Windows\System\RcprLwl.exe
  C:\Windows\System\RcprLwl.exe
  2⤵
  PID:5708
- C:\Windows\System\gUEVuim.exe
  C:\Windows\System\gUEVuim.exe
  2⤵
  PID:5784
- C:\Windows\System\YGZqWrE.exe
  C:\Windows\System\YGZqWrE.exe
  2⤵
  PID:5848
- C:\Windows\System\xWRxFKD.exe
  C:\Windows\System\xWRxFKD.exe
  2⤵
  PID:5908
- C:\Windows\System\nRYGsjL.exe
  C:\Windows\System\nRYGsjL.exe
  2⤵
  PID:5956
- C:\Windows\System\JZAWeEo.exe
  C:\Windows\System\JZAWeEo.exe
  2⤵
  PID:6060
- C:\Windows\System\UMUhnqf.exe
  C:\Windows\System\UMUhnqf.exe
  2⤵
  PID:4252
- C:\Windows\System\LAqNDov.exe
  C:\Windows\System\LAqNDov.exe
  2⤵
  PID:5236
- C:\Windows\System\ODoYPPP.exe
  C:\Windows\System\ODoYPPP.exe
  2⤵
  PID:5420
- C:\Windows\System\qgQIRir.exe
  C:\Windows\System\qgQIRir.exe
  2⤵
  PID:5620
- C:\Windows\System\tQcInRp.exe
  C:\Windows\System\tQcInRp.exe
  2⤵
  PID:5772
- C:\Windows\System\xSUFEbx.exe
  C:\Windows\System\xSUFEbx.exe
  2⤵
  PID:5884
- C:\Windows\System\wibyPwy.exe
  C:\Windows\System\wibyPwy.exe
  2⤵
  PID:5968
- C:\Windows\System\BAKltZD.exe
  C:\Windows\System\BAKltZD.exe
  2⤵
  PID:5180
- C:\Windows\System\aoapCxh.exe
  C:\Windows\System\aoapCxh.exe
  2⤵
  PID:5700
- C:\Windows\System\KVnrOGL.exe
  C:\Windows\System\KVnrOGL.exe
  2⤵
  PID:5940
- C:\Windows\System\OwLmNnJ.exe
  C:\Windows\System\OwLmNnJ.exe
  2⤵
  PID:5844
- C:\Windows\System\RMRglvT.exe
  C:\Windows\System\RMRglvT.exe
  2⤵
  PID:5344
- C:\Windows\System\bfQVdJF.exe
  C:\Windows\System\bfQVdJF.exe
  2⤵
  PID:6168
- C:\Windows\System\VayianH.exe
  C:\Windows\System\VayianH.exe
  2⤵
  PID:6196
- C:\Windows\System\wXjRbdq.exe
  C:\Windows\System\wXjRbdq.exe
  2⤵
  PID:6220
- C:\Windows\System\TdfzTkv.exe
  C:\Windows\System\TdfzTkv.exe
  2⤵
  PID:6248
- C:\Windows\System\rAFWhyO.exe
  C:\Windows\System\rAFWhyO.exe
  2⤵
  PID:6272
- C:\Windows\System\icauHHq.exe
  C:\Windows\System\icauHHq.exe
  2⤵
  PID:6300
- C:\Windows\System\LdLWHcO.exe
  C:\Windows\System\LdLWHcO.exe
  2⤵
  PID:6324
- C:\Windows\System\VOEXCBe.exe
  C:\Windows\System\VOEXCBe.exe
  2⤵
  PID:6356
- C:\Windows\System\rcqDrVV.exe
  C:\Windows\System\rcqDrVV.exe
  2⤵
  PID:6392
- C:\Windows\System\DTcwsks.exe
  C:\Windows\System\DTcwsks.exe
  2⤵
  PID:6424
- C:\Windows\System\cDKTzEO.exe
  C:\Windows\System\cDKTzEO.exe
  2⤵
  PID:6452
- C:\Windows\System\LweClor.exe
  C:\Windows\System\LweClor.exe
  2⤵
  PID:6480
- C:\Windows\System\niXeoLi.exe
  C:\Windows\System\niXeoLi.exe
  2⤵
  PID:6508
- C:\Windows\System\aAHccSz.exe
  C:\Windows\System\aAHccSz.exe
  2⤵
  PID:6536
- C:\Windows\System\whzanuY.exe
  C:\Windows\System\whzanuY.exe
  2⤵
  PID:6564
- C:\Windows\System\rswHSOF.exe
  C:\Windows\System\rswHSOF.exe
  2⤵
  PID:6596
- C:\Windows\System\RJiAxLI.exe
  C:\Windows\System\RJiAxLI.exe
  2⤵
  PID:6620
- C:\Windows\System\mFMbUBS.exe
  C:\Windows\System\mFMbUBS.exe
  2⤵
  PID:6648
- C:\Windows\System\Ocaioug.exe
  C:\Windows\System\Ocaioug.exe
  2⤵
  PID:6676
- C:\Windows\System\nSnlyBu.exe
  C:\Windows\System\nSnlyBu.exe
  2⤵
  PID:6704
- C:\Windows\System\pkJNmDN.exe
  C:\Windows\System\pkJNmDN.exe
  2⤵
  PID:6732
- C:\Windows\System\zdysRAE.exe
  C:\Windows\System\zdysRAE.exe
  2⤵
  PID:6748
- C:\Windows\System\lRUAZBT.exe
  C:\Windows\System\lRUAZBT.exe
  2⤵
  PID:6764
- C:\Windows\System\aYCXObR.exe
  C:\Windows\System\aYCXObR.exe
  2⤵
  PID:6796
- C:\Windows\System\dyGetKa.exe
  C:\Windows\System\dyGetKa.exe
  2⤵
  PID:6824
- C:\Windows\System\zBVhxio.exe
  C:\Windows\System\zBVhxio.exe
  2⤵
  PID:6860
- C:\Windows\System\HmmOGFa.exe
  C:\Windows\System\HmmOGFa.exe
  2⤵
  PID:6892
- C:\Windows\System\xpKFSip.exe
  C:\Windows\System\xpKFSip.exe
  2⤵
  PID:6928
- C:\Windows\System\EQLtsYK.exe
  C:\Windows\System\EQLtsYK.exe
  2⤵
  PID:6956
- C:\Windows\System\JabOOry.exe
  C:\Windows\System\JabOOry.exe
  2⤵
  PID:6980
- C:\Windows\System\ckiliSu.exe
  C:\Windows\System\ckiliSu.exe
  2⤵
  PID:7012
- C:\Windows\System\pNYjNSa.exe
  C:\Windows\System\pNYjNSa.exe
  2⤵
  PID:7036
- C:\Windows\System\XoWyGOP.exe
  C:\Windows\System\XoWyGOP.exe
  2⤵
  PID:7060
- C:\Windows\System\mgkzsVH.exe
  C:\Windows\System\mgkzsVH.exe
  2⤵
  PID:7096
- C:\Windows\System\yesiZeE.exe
  C:\Windows\System\yesiZeE.exe
  2⤵
  PID:7144
- C:\Windows\System\ZehtzvV.exe
  C:\Windows\System\ZehtzvV.exe
  2⤵
  PID:7164
- C:\Windows\System\UPfJcQu.exe
  C:\Windows\System\UPfJcQu.exe
  2⤵
  PID:6204
- C:\Windows\System\yVjGctj.exe
  C:\Windows\System\yVjGctj.exe
  2⤵
  PID:6268
- C:\Windows\System\aufrcnr.exe
  C:\Windows\System\aufrcnr.exe
  2⤵
  PID:6344
- C:\Windows\System\YTTEpld.exe
  C:\Windows\System\YTTEpld.exe
  2⤵
  PID:6416
- C:\Windows\System\LIqjUaB.exe
  C:\Windows\System\LIqjUaB.exe
  2⤵
  PID:6476
- C:\Windows\System\iyazLFB.exe
  C:\Windows\System\iyazLFB.exe
  2⤵
  PID:6548
- C:\Windows\System\qyZOEOn.exe
  C:\Windows\System\qyZOEOn.exe
  2⤵
  PID:6644
- C:\Windows\System\gkaUOiq.exe
  C:\Windows\System\gkaUOiq.exe
  2⤵
  PID:6716
- C:\Windows\System\FfcGuek.exe
  C:\Windows\System\FfcGuek.exe
  2⤵
  PID:6812
- C:\Windows\System\pGYQHGE.exe
  C:\Windows\System\pGYQHGE.exe
  2⤵
  PID:6832
- C:\Windows\System\kgRLvaV.exe
  C:\Windows\System\kgRLvaV.exe
  2⤵
  PID:6912
- C:\Windows\System\kmPcjZl.exe
  C:\Windows\System\kmPcjZl.exe
  2⤵
  PID:7028
- C:\Windows\System\THfwUsC.exe
  C:\Windows\System\THfwUsC.exe
  2⤵
  PID:7080
- C:\Windows\System\ZftlkBJ.exe
  C:\Windows\System\ZftlkBJ.exe
  2⤵
  PID:5992
- C:\Windows\System\DsMFtfp.exe
  C:\Windows\System\DsMFtfp.exe
  2⤵
  PID:6320
- C:\Windows\System\WHlumAi.exe
  C:\Windows\System\WHlumAi.exe
  2⤵
  PID:6500
- C:\Windows\System\biyBJzC.exe
  C:\Windows\System\biyBJzC.exe
  2⤵
  PID:6776
- C:\Windows\System\ikPHMjy.exe
  C:\Windows\System\ikPHMjy.exe
  2⤵
  PID:6852
- C:\Windows\System\aCprfiS.exe
  C:\Windows\System\aCprfiS.exe
  2⤵
  PID:6880
- C:\Windows\System\qWHzBjz.exe
  C:\Windows\System\qWHzBjz.exe
  2⤵
  PID:6228
- C:\Windows\System\pvSYlfX.exe
  C:\Windows\System\pvSYlfX.exe
  2⤵
  PID:4392
- C:\Windows\System\izeiDVO.exe
  C:\Windows\System\izeiDVO.exe
  2⤵
  PID:6744
- C:\Windows\System\MwKGYQJ.exe
  C:\Windows\System\MwKGYQJ.exe
  2⤵
  PID:6372
- C:\Windows\System\ctyurGZ.exe
  C:\Windows\System\ctyurGZ.exe
  2⤵
  PID:6780
- C:\Windows\System\zFHARCY.exe
  C:\Windows\System\zFHARCY.exe
  2⤵
  PID:7176
- C:\Windows\System\WrsrvCE.exe
  C:\Windows\System\WrsrvCE.exe
  2⤵
  PID:7208
- C:\Windows\System\frLOFRb.exe
  C:\Windows\System\frLOFRb.exe
  2⤵
  PID:7240
- C:\Windows\System\SNGAFlf.exe
  C:\Windows\System\SNGAFlf.exe
  2⤵
  PID:7268
- C:\Windows\System\qDmLZqw.exe
  C:\Windows\System\qDmLZqw.exe
  2⤵
  PID:7320
- C:\Windows\System\HFZCCmw.exe
  C:\Windows\System\HFZCCmw.exe
  2⤵
  PID:7344
- C:\Windows\System\IAwvGjM.exe
  C:\Windows\System\IAwvGjM.exe
  2⤵
  PID:7372
- C:\Windows\System\OSFsovr.exe
  C:\Windows\System\OSFsovr.exe
  2⤵
  PID:7396
- C:\Windows\System\SwOhycy.exe
  C:\Windows\System\SwOhycy.exe
  2⤵
  PID:7420
- C:\Windows\System\YpEfsnN.exe
  C:\Windows\System\YpEfsnN.exe
  2⤵
  PID:7436
- C:\Windows\System\uvqSUfF.exe
  C:\Windows\System\uvqSUfF.exe
  2⤵
  PID:7464
- C:\Windows\System\OomfKbQ.exe
  C:\Windows\System\OomfKbQ.exe
  2⤵
  PID:7504
- C:\Windows\System\uBWSmZY.exe
  C:\Windows\System\uBWSmZY.exe
  2⤵
  PID:7536
- C:\Windows\System\BqVwPYX.exe
  C:\Windows\System\BqVwPYX.exe
  2⤵
  PID:7560
- C:\Windows\System\xYcbeIq.exe
  C:\Windows\System\xYcbeIq.exe
  2⤵
  PID:7588
- C:\Windows\System\UBfEoBI.exe
  C:\Windows\System\UBfEoBI.exe
  2⤵
  PID:7620
- C:\Windows\System\bkSPxRd.exe
  C:\Windows\System\bkSPxRd.exe
  2⤵
  PID:7656
- C:\Windows\System\nqwFcGy.exe
  C:\Windows\System\nqwFcGy.exe
  2⤵
  PID:7684
- C:\Windows\System\BlJEKBP.exe
  C:\Windows\System\BlJEKBP.exe
  2⤵
  PID:7716
- C:\Windows\System\ZtzJOCN.exe
  C:\Windows\System\ZtzJOCN.exe
  2⤵
  PID:7740
- C:\Windows\System\rVotmdC.exe
  C:\Windows\System\rVotmdC.exe
  2⤵
  PID:7772
- C:\Windows\System\UkOUetv.exe
  C:\Windows\System\UkOUetv.exe
  2⤵
  PID:7800
- C:\Windows\System\uJzdvps.exe
  C:\Windows\System\uJzdvps.exe
  2⤵
  PID:7832
- C:\Windows\System\OvObuof.exe
  C:\Windows\System\OvObuof.exe
  2⤵
  PID:7860
- C:\Windows\System\bjwgFxZ.exe
  C:\Windows\System\bjwgFxZ.exe
  2⤵
  PID:7884
- C:\Windows\System\JxmtdkE.exe
  C:\Windows\System\JxmtdkE.exe
  2⤵
  PID:7912
- C:\Windows\System\FVOaZio.exe
  C:\Windows\System\FVOaZio.exe
  2⤵
  PID:7944
- C:\Windows\System\eEmDfDH.exe
  C:\Windows\System\eEmDfDH.exe
  2⤵
  PID:7976
- C:\Windows\System\tYNiArq.exe
  C:\Windows\System\tYNiArq.exe
  2⤵
  PID:8008
- C:\Windows\System\YzzOWvn.exe
  C:\Windows\System\YzzOWvn.exe
  2⤵
  PID:8028
- C:\Windows\System\FUcZfvV.exe
  C:\Windows\System\FUcZfvV.exe
  2⤵
  PID:8060
- C:\Windows\System\AUHqgRT.exe
  C:\Windows\System\AUHqgRT.exe
  2⤵
  PID:8088
- C:\Windows\System\KYeahbA.exe
  C:\Windows\System\KYeahbA.exe
  2⤵
  PID:8124
- C:\Windows\System\hilCBqo.exe
  C:\Windows\System\hilCBqo.exe
  2⤵
  PID:8152
- C:\Windows\System\mmcLBYo.exe
  C:\Windows\System\mmcLBYo.exe
  2⤵
  PID:8172
- C:\Windows\System\shlSItX.exe
  C:\Windows\System\shlSItX.exe
  2⤵
  PID:7184
- C:\Windows\System\ZYDoSEy.exe
  C:\Windows\System\ZYDoSEy.exe
  2⤵
  PID:7260
- C:\Windows\System\iitpbAb.exe
  C:\Windows\System\iitpbAb.exe
  2⤵
  PID:6440
- C:\Windows\System\yJzlCMB.exe
  C:\Windows\System\yJzlCMB.exe
  2⤵
  PID:7364
- C:\Windows\System\GeFYeec.exe
  C:\Windows\System\GeFYeec.exe
  2⤵
  PID:7460
- C:\Windows\System\kYMPKBg.exe
  C:\Windows\System\kYMPKBg.exe
  2⤵
  PID:7532
- C:\Windows\System\OKkplyR.exe
  C:\Windows\System\OKkplyR.exe
  2⤵
  PID:7644
- C:\Windows\System\ZJKjWpv.exe
  C:\Windows\System\ZJKjWpv.exe
  2⤵
  PID:7676
- C:\Windows\System\GLyNPWl.exe
  C:\Windows\System\GLyNPWl.exe
  2⤵
  PID:7708
- C:\Windows\System\XQzHZqq.exe
  C:\Windows\System\XQzHZqq.exe
  2⤵
  PID:7812
- C:\Windows\System\UGmHKja.exe
  C:\Windows\System\UGmHKja.exe
  2⤵
  PID:7848
- C:\Windows\System\RbyKznn.exe
  C:\Windows\System\RbyKznn.exe
  2⤵
  PID:7904
- C:\Windows\System\RuXplFU.exe
  C:\Windows\System\RuXplFU.exe
  2⤵
  PID:8000
- C:\Windows\System\TsVlyNe.exe
  C:\Windows\System\TsVlyNe.exe
  2⤵
  PID:8040
- C:\Windows\System\ueVyVyp.exe
  C:\Windows\System\ueVyVyp.exe
  2⤵
  PID:8108
- C:\Windows\System\XDwDYir.exe
  C:\Windows\System\XDwDYir.exe
  2⤵
  PID:7224
- C:\Windows\System\GcQNLCJ.exe
  C:\Windows\System\GcQNLCJ.exe
  2⤵
  PID:7204
- C:\Windows\System\coYIZYs.exe
  C:\Windows\System\coYIZYs.exe
  2⤵
  PID:7368
- C:\Windows\System\xtgZhFR.exe
  C:\Windows\System\xtgZhFR.exe
  2⤵
  PID:7516
- C:\Windows\System\EgqBpJr.exe
  C:\Windows\System\EgqBpJr.exe
  2⤵
  PID:1240
- C:\Windows\System\XAvbksp.exe
  C:\Windows\System\XAvbksp.exe
  2⤵
  PID:7924
- C:\Windows\System\xXpgIcL.exe
  C:\Windows\System\xXpgIcL.exe
  2⤵
  PID:8044
- C:\Windows\System\ywbrgsK.exe
  C:\Windows\System\ywbrgsK.exe
  2⤵
  PID:7264
- C:\Windows\System\tnWuQSz.exe
  C:\Windows\System\tnWuQSz.exe
  2⤵
  PID:7584
- C:\Windows\System\TdzjgfL.exe
  C:\Windows\System\TdzjgfL.exe
  2⤵
  PID:8140
- C:\Windows\System\ijjlSbm.exe
  C:\Windows\System\ijjlSbm.exe
  2⤵
  PID:7612
- C:\Windows\System\TijzwMa.exe
  C:\Windows\System\TijzwMa.exe
  2⤵
  PID:7296
- C:\Windows\System\OSMjzfw.exe
  C:\Windows\System\OSMjzfw.exe
  2⤵
  PID:8220
- C:\Windows\System\qBjyWvk.exe
  C:\Windows\System\qBjyWvk.exe
  2⤵
  PID:8248
- C:\Windows\System\SdQflJJ.exe
  C:\Windows\System\SdQflJJ.exe
  2⤵
  PID:8276
- C:\Windows\System\nanwrgg.exe
  C:\Windows\System\nanwrgg.exe
  2⤵
  PID:8304
- C:\Windows\System\UFemqsc.exe
  C:\Windows\System\UFemqsc.exe
  2⤵
  PID:8324
- C:\Windows\System\zSGGYWc.exe
  C:\Windows\System\zSGGYWc.exe
  2⤵
  PID:8360
- C:\Windows\System\vvZkxJn.exe
  C:\Windows\System\vvZkxJn.exe
  2⤵
  PID:8376
- C:\Windows\System\tCdaXcb.exe
  C:\Windows\System\tCdaXcb.exe
  2⤵
  PID:8404
- C:\Windows\System\UtYjgki.exe
  C:\Windows\System\UtYjgki.exe
  2⤵
  PID:8432
- C:\Windows\System\UZqxGOR.exe
  C:\Windows\System\UZqxGOR.exe
  2⤵
  PID:8460
- C:\Windows\System\NOMXcQl.exe
  C:\Windows\System\NOMXcQl.exe
  2⤵
  PID:8492
- C:\Windows\System\uWQFFOI.exe
  C:\Windows\System\uWQFFOI.exe
  2⤵
  PID:8520
- C:\Windows\System\cIEyqTu.exe
  C:\Windows\System\cIEyqTu.exe
  2⤵
  PID:8540
- C:\Windows\System\UvmUlva.exe
  C:\Windows\System\UvmUlva.exe
  2⤵
  PID:8564
- C:\Windows\System\aogTBEv.exe
  C:\Windows\System\aogTBEv.exe
  2⤵
  PID:8580
- C:\Windows\System\XrigoUg.exe
  C:\Windows\System\XrigoUg.exe
  2⤵
  PID:8624
- C:\Windows\System\qmgJtLK.exe
  C:\Windows\System\qmgJtLK.exe
  2⤵
  PID:8652
- C:\Windows\System\hANFovU.exe
  C:\Windows\System\hANFovU.exe
  2⤵
  PID:8680
- C:\Windows\System\mBZosNb.exe
  C:\Windows\System\mBZosNb.exe
  2⤵
  PID:8772
- C:\Windows\System\FpKAERE.exe
  C:\Windows\System\FpKAERE.exe
  2⤵
  PID:8788
- C:\Windows\System\RzGZxpc.exe
  C:\Windows\System\RzGZxpc.exe
  2⤵
  PID:8816
- C:\Windows\System\NQzNKgl.exe
  C:\Windows\System\NQzNKgl.exe
  2⤵
  PID:8832
- C:\Windows\System\WfEMHek.exe
  C:\Windows\System\WfEMHek.exe
  2⤵
  PID:8868
- C:\Windows\System\VifKlRj.exe
  C:\Windows\System\VifKlRj.exe
  2⤵
  PID:8888
- C:\Windows\System\cTqmVuV.exe
  C:\Windows\System\cTqmVuV.exe
  2⤵
  PID:8920
- C:\Windows\System\QzGCmFF.exe
  C:\Windows\System\QzGCmFF.exe
  2⤵
  PID:8952
- C:\Windows\System\BlSzkpM.exe
  C:\Windows\System\BlSzkpM.exe
  2⤵
  PID:8972
- C:\Windows\System\sFIsJbg.exe
  C:\Windows\System\sFIsJbg.exe
  2⤵
  PID:9000
- C:\Windows\System\sfbhTgW.exe
  C:\Windows\System\sfbhTgW.exe
  2⤵
  PID:9040
- C:\Windows\System\cQHEYWJ.exe
  C:\Windows\System\cQHEYWJ.exe
  2⤵
  PID:9068
- C:\Windows\System\LKPYWPL.exe
  C:\Windows\System\LKPYWPL.exe
  2⤵
  PID:9084
- C:\Windows\System\sYgPHgE.exe
  C:\Windows\System\sYgPHgE.exe
  2⤵
  PID:9112
- C:\Windows\System\JyVFavY.exe
  C:\Windows\System\JyVFavY.exe
  2⤵
  PID:9140
- C:\Windows\System\thLugNU.exe
  C:\Windows\System\thLugNU.exe
  2⤵
  PID:9168
- C:\Windows\System\jfdvIFg.exe
  C:\Windows\System\jfdvIFg.exe
  2⤵
  PID:9192
- C:\Windows\System\TbFUWMX.exe
  C:\Windows\System\TbFUWMX.exe
  2⤵
  PID:8232
- C:\Windows\System\gHuxBvk.exe
  C:\Windows\System\gHuxBvk.exe
  2⤵
  PID:8272
- C:\Windows\System\kHEGjEM.exe
  C:\Windows\System\kHEGjEM.exe
  2⤵
  PID:8348
- C:\Windows\System\YVxXKJV.exe
  C:\Windows\System\YVxXKJV.exe
  2⤵
  PID:8372
- C:\Windows\System\RbHOWvx.exe
  C:\Windows\System\RbHOWvx.exe
  2⤵
  PID:8392
- C:\Windows\System\WdQhZIl.exe
  C:\Windows\System\WdQhZIl.exe
  2⤵
  PID:8488
- C:\Windows\System\FNJubhR.exe
  C:\Windows\System\FNJubhR.exe
  2⤵
  PID:8536
- C:\Windows\System\uUixtzL.exe
  C:\Windows\System\uUixtzL.exe
  2⤵
  PID:8576
- C:\Windows\System\orzKVCQ.exe
  C:\Windows\System\orzKVCQ.exe
  2⤵
  PID:8700
- C:\Windows\System\ivomlvN.exe
  C:\Windows\System\ivomlvN.exe
  2⤵
  PID:7072
- C:\Windows\System\VMDrTyh.exe
  C:\Windows\System\VMDrTyh.exe
  2⤵
  PID:8708
- C:\Windows\System\rpCoZMD.exe
  C:\Windows\System\rpCoZMD.exe
  2⤵
  PID:8824
- C:\Windows\System\tkDWPCI.exe
  C:\Windows\System\tkDWPCI.exe
  2⤵
  PID:8884
- C:\Windows\System\pBJqaEI.exe
  C:\Windows\System\pBJqaEI.exe
  2⤵
  PID:8916
- C:\Windows\System\hrlmyBg.exe
  C:\Windows\System\hrlmyBg.exe
  2⤵
  PID:9020
- C:\Windows\System\EsmznZP.exe
  C:\Windows\System\EsmznZP.exe
  2⤵
  PID:9104
- C:\Windows\System\NEZaSUh.exe
  C:\Windows\System\NEZaSUh.exe
  2⤵
  PID:9180
- C:\Windows\System\xtsKiKH.exe
  C:\Windows\System\xtsKiKH.exe
  2⤵
  PID:8336
- C:\Windows\System\wGMwbap.exe
  C:\Windows\System\wGMwbap.exe
  2⤵
  PID:8420
- C:\Windows\System\NubZNWO.exe
  C:\Windows\System\NubZNWO.exe
  2⤵
  PID:8552
- C:\Windows\System\YrjomFg.exe
  C:\Windows\System\YrjomFg.exe
  2⤵
  PID:8800
- C:\Windows\System\CMDyBla.exe
  C:\Windows\System\CMDyBla.exe
  2⤵
  PID:8960
- C:\Windows\System\yPxzLkr.exe
  C:\Windows\System\yPxzLkr.exe
  2⤵
  PID:9152
- C:\Windows\System\OuEbZJS.exe
  C:\Windows\System\OuEbZJS.exe
  2⤵
  PID:9212
- C:\Windows\System\ccQEMge.exe
  C:\Windows\System\ccQEMge.exe
  2⤵
  PID:8472
- C:\Windows\System\UiIQWOT.exe
  C:\Windows\System\UiIQWOT.exe
  2⤵
  PID:8856
- C:\Windows\System\FrqpDdP.exe
  C:\Windows\System\FrqpDdP.exe
  2⤵
  PID:9096
- C:\Windows\System\UAJMFmB.exe
  C:\Windows\System\UAJMFmB.exe
  2⤵
  PID:8748
- C:\Windows\System\PsFXTPY.exe
  C:\Windows\System\PsFXTPY.exe
  2⤵
  PID:9228
- C:\Windows\System\wJzieBI.exe
  C:\Windows\System\wJzieBI.exe
  2⤵
  PID:9252
- C:\Windows\System\rHnqShi.exe
  C:\Windows\System\rHnqShi.exe
  2⤵
  PID:9272
- C:\Windows\System\pnuFmMB.exe
  C:\Windows\System\pnuFmMB.exe
  2⤵
  PID:9296
- C:\Windows\System\NCzHqNR.exe
  C:\Windows\System\NCzHqNR.exe
  2⤵
  PID:9320
- C:\Windows\System\jhGVNTH.exe
  C:\Windows\System\jhGVNTH.exe
  2⤵
  PID:9352
- C:\Windows\System\iEJxait.exe
  C:\Windows\System\iEJxait.exe
  2⤵
  PID:9392
- C:\Windows\System\FgnlYTj.exe
  C:\Windows\System\FgnlYTj.exe
  2⤵
  PID:9420
- C:\Windows\System\NWoBBAg.exe
  C:\Windows\System\NWoBBAg.exe
  2⤵
  PID:9452
- C:\Windows\System\tEacFrF.exe
  C:\Windows\System\tEacFrF.exe
  2⤵
  PID:9484
- C:\Windows\System\JnYtVZl.exe
  C:\Windows\System\JnYtVZl.exe
  2⤵
  PID:9512
- C:\Windows\System\TrRcEvq.exe
  C:\Windows\System\TrRcEvq.exe
  2⤵
  PID:9540
- C:\Windows\System\OIhZhbr.exe
  C:\Windows\System\OIhZhbr.exe
  2⤵
  PID:9596
- C:\Windows\System\xjWNmEE.exe
  C:\Windows\System\xjWNmEE.exe
  2⤵
  PID:9624
- C:\Windows\System\YCUEzWI.exe
  C:\Windows\System\YCUEzWI.exe
  2⤵
  PID:9648
- C:\Windows\System\HesBSyO.exe
  C:\Windows\System\HesBSyO.exe
  2⤵
  PID:9664
- C:\Windows\System\UeaHluI.exe
  C:\Windows\System\UeaHluI.exe
  2⤵
  PID:9688
- C:\Windows\System\RYSBWpP.exe
  C:\Windows\System\RYSBWpP.exe
  2⤵
  PID:9720
- C:\Windows\System\peOJOxN.exe
  C:\Windows\System\peOJOxN.exe
  2⤵
  PID:9744
- C:\Windows\System\BkFMHlb.exe
  C:\Windows\System\BkFMHlb.exe
  2⤵
  PID:9768
- C:\Windows\System\dBeArvP.exe
  C:\Windows\System\dBeArvP.exe
  2⤵
  PID:9792
- C:\Windows\System\FQwPCNj.exe
  C:\Windows\System\FQwPCNj.exe
  2⤵
  PID:9812
- C:\Windows\System\mTOLtKB.exe
  C:\Windows\System\mTOLtKB.exe
  2⤵
  PID:9840
- C:\Windows\System\qRWUvOm.exe
  C:\Windows\System\qRWUvOm.exe
  2⤵
  PID:9872
- C:\Windows\System\FjYzNhY.exe
  C:\Windows\System\FjYzNhY.exe
  2⤵
  PID:9896
- C:\Windows\System\blwBxGJ.exe
  C:\Windows\System\blwBxGJ.exe
  2⤵
  PID:9944
- C:\Windows\System\xhSIjai.exe
  C:\Windows\System\xhSIjai.exe
  2⤵
  PID:9984
- C:\Windows\System\xGpmphw.exe
  C:\Windows\System\xGpmphw.exe
  2⤵
  PID:10024
- C:\Windows\System\kqFcIgo.exe
  C:\Windows\System\kqFcIgo.exe
  2⤵
  PID:10052
- C:\Windows\System\mgFjpTK.exe
  C:\Windows\System\mgFjpTK.exe
  2⤵
  PID:10080
- C:\Windows\System\eCjOYkX.exe
  C:\Windows\System\eCjOYkX.exe
  2⤵
  PID:10096
- C:\Windows\System\ddKArVQ.exe
  C:\Windows\System\ddKArVQ.exe
  2⤵
  PID:10124
- C:\Windows\System\XjKjKFH.exe
  C:\Windows\System\XjKjKFH.exe
  2⤵
  PID:10152
- C:\Windows\System\eycXoer.exe
  C:\Windows\System\eycXoer.exe
  2⤵
  PID:10168
- C:\Windows\System\ikoKoNr.exe
  C:\Windows\System\ikoKoNr.exe
  2⤵
  PID:10196
- C:\Windows\System\kBBbIZD.exe
  C:\Windows\System\kBBbIZD.exe
  2⤵
  PID:10232
- C:\Windows\System\plPcmMe.exe
  C:\Windows\System\plPcmMe.exe
  2⤵
  PID:8208
- C:\Windows\System\pGjWyjZ.exe
  C:\Windows\System\pGjWyjZ.exe
  2⤵
  PID:9284
- C:\Windows\System\lBFgMkR.exe
  C:\Windows\System\lBFgMkR.exe
  2⤵
  PID:9316
- C:\Windows\System\VOuTwYk.exe
  C:\Windows\System\VOuTwYk.exe
  2⤵
  PID:9416
- C:\Windows\System\XnYrzPk.exe
  C:\Windows\System\XnYrzPk.exe
  2⤵
  PID:9440
- C:\Windows\System\YmOfESm.exe
  C:\Windows\System\YmOfESm.exe
  2⤵
  PID:9500
- C:\Windows\System\EKdsdVV.exe
  C:\Windows\System\EKdsdVV.exe
  2⤵
  PID:9584
- C:\Windows\System\DWzaVVd.exe
  C:\Windows\System\DWzaVVd.exe
  2⤵
  PID:9640
- C:\Windows\System\uNAtxhj.exe
  C:\Windows\System\uNAtxhj.exe
  2⤵
  PID:9680
- C:\Windows\System\ncjRlyB.exe
  C:\Windows\System\ncjRlyB.exe
  2⤵
  PID:9728
- C:\Windows\System\JpGHPgW.exe
  C:\Windows\System\JpGHPgW.exe
  2⤵
  PID:9864
- C:\Windows\System\hOXEgaU.exe
  C:\Windows\System\hOXEgaU.exe
  2⤵
  PID:9996
- C:\Windows\System\WFsydCQ.exe
  C:\Windows\System\WFsydCQ.exe
  2⤵
  PID:10036
- C:\Windows\System\HjvJvOI.exe
  C:\Windows\System\HjvJvOI.exe
  2⤵
  PID:10108
- C:\Windows\System\ESynUiW.exe
  C:\Windows\System\ESynUiW.exe
  2⤵
  PID:10160
- C:\Windows\System\ILoVRSu.exe
  C:\Windows\System\ILoVRSu.exe
  2⤵
  PID:9064
- C:\Windows\System\dyuvONu.exe
  C:\Windows\System\dyuvONu.exe
  2⤵
  PID:9364
- C:\Windows\System\VdcmNPt.exe
  C:\Windows\System\VdcmNPt.exe
  2⤵
  PID:9428
- C:\Windows\System\vhOtxsx.exe
  C:\Windows\System\vhOtxsx.exe
  2⤵
  PID:9776
- C:\Windows\System\oIstEuE.exe
  C:\Windows\System\oIstEuE.exe
  2⤵
  PID:9780
- C:\Windows\System\BHjbFCc.exe
  C:\Windows\System\BHjbFCc.exe
  2⤵
  PID:9808
- C:\Windows\System\psRCLFU.exe
  C:\Windows\System\psRCLFU.exe
  2⤵
  PID:10064
- C:\Windows\System\NpmrzBH.exe
  C:\Windows\System\NpmrzBH.exe
  2⤵
  PID:9248
- C:\Windows\System\OwKZSUo.exe
  C:\Windows\System\OwKZSUo.exe
  2⤵
  PID:9676
- C:\Windows\System\jGjbuPW.exe
  C:\Windows\System\jGjbuPW.exe
  2⤵
  PID:10016
- C:\Windows\System\dVpqhDA.exe
  C:\Windows\System\dVpqhDA.exe
  2⤵
  PID:8812
- C:\Windows\System\YbjwEmg.exe
  C:\Windows\System\YbjwEmg.exe
  2⤵
  PID:10020
- C:\Windows\System\HNKlsIY.exe
  C:\Windows\System\HNKlsIY.exe
  2⤵
  PID:10256
- C:\Windows\System\aBPzGnw.exe
  C:\Windows\System\aBPzGnw.exe
  2⤵
  PID:10288
- C:\Windows\System\wQdjsuf.exe
  C:\Windows\System\wQdjsuf.exe
  2⤵
  PID:10316
- C:\Windows\System\nQQVvUC.exe
  C:\Windows\System\nQQVvUC.exe
  2⤵
  PID:10344
- C:\Windows\System\HMrnkEe.exe
  C:\Windows\System\HMrnkEe.exe
  2⤵
  PID:10368
- C:\Windows\System\oCqIsFi.exe
  C:\Windows\System\oCqIsFi.exe
  2⤵
  PID:10392
- C:\Windows\System\OQCUoPg.exe
  C:\Windows\System\OQCUoPg.exe
  2⤵
  PID:10408
- C:\Windows\System\VadeXsu.exe
  C:\Windows\System\VadeXsu.exe
  2⤵
  PID:10448
- C:\Windows\System\EyStOHa.exe
  C:\Windows\System\EyStOHa.exe
  2⤵
  PID:10476
- C:\Windows\System\lxkkEAr.exe
  C:\Windows\System\lxkkEAr.exe
  2⤵
  PID:10492
- C:\Windows\System\gPmuFlT.exe
  C:\Windows\System\gPmuFlT.exe
  2⤵
  PID:10532
- C:\Windows\System\OkWVFaM.exe
  C:\Windows\System\OkWVFaM.exe
  2⤵
  PID:10560
- C:\Windows\System\cXbKFQN.exe
  C:\Windows\System\cXbKFQN.exe
  2⤵
  PID:10596
- C:\Windows\System\bbFWAwy.exe
  C:\Windows\System\bbFWAwy.exe
  2⤵
  PID:10620
- C:\Windows\System\tZBXWVV.exe
  C:\Windows\System\tZBXWVV.exe
  2⤵
  PID:10644
- C:\Windows\System\MGZAwQm.exe
  C:\Windows\System\MGZAwQm.exe
  2⤵
  PID:10660
- C:\Windows\System\GSutjvl.exe
  C:\Windows\System\GSutjvl.exe
  2⤵
  PID:10696
- C:\Windows\System\DsHSvEB.exe
  C:\Windows\System\DsHSvEB.exe
  2⤵
  PID:10728
- C:\Windows\System\JSLSPhn.exe
  C:\Windows\System\JSLSPhn.exe
  2⤵
  PID:10768
- C:\Windows\System\YLIKwnM.exe
  C:\Windows\System\YLIKwnM.exe
  2⤵
  PID:10796
- C:\Windows\System\qFUMIGd.exe
  C:\Windows\System\qFUMIGd.exe
  2⤵
  PID:10820
- C:\Windows\System\ZFNKMHi.exe
  C:\Windows\System\ZFNKMHi.exe
  2⤵
  PID:10844
- C:\Windows\System\bkGLsqd.exe
  C:\Windows\System\bkGLsqd.exe
  2⤵
  PID:10868
- C:\Windows\System\UOHyXdt.exe
  C:\Windows\System\UOHyXdt.exe
  2⤵
  PID:10900
- C:\Windows\System\DMyClMU.exe
  C:\Windows\System\DMyClMU.exe
  2⤵
  PID:10924
- C:\Windows\System\YmOkTfQ.exe
  C:\Windows\System\YmOkTfQ.exe
  2⤵
  PID:10964
- C:\Windows\System\awnJBNC.exe
  C:\Windows\System\awnJBNC.exe
  2⤵
  PID:10992
- C:\Windows\System\dWWBKXV.exe
  C:\Windows\System\dWWBKXV.exe
  2⤵
  PID:11020
- C:\Windows\System\pdwYfKC.exe
  C:\Windows\System\pdwYfKC.exe
  2⤵
  PID:11048
- C:\Windows\System\ZMTKGkY.exe
  C:\Windows\System\ZMTKGkY.exe
  2⤵
  PID:11064
- C:\Windows\System\TIGwpGt.exe
  C:\Windows\System\TIGwpGt.exe
  2⤵
  PID:11084
- C:\Windows\System\iYdqDMm.exe
  C:\Windows\System\iYdqDMm.exe
  2⤵
  PID:11108
- C:\Windows\System\VxQKwXR.exe
  C:\Windows\System\VxQKwXR.exe
  2⤵
  PID:11128
- C:\Windows\System\GhgPqzw.exe
  C:\Windows\System\GhgPqzw.exe
  2⤵
  PID:11156
- C:\Windows\System\ZtBHWMv.exe
  C:\Windows\System\ZtBHWMv.exe
  2⤵
  PID:11188
- C:\Windows\System\KPEtOGk.exe
  C:\Windows\System\KPEtOGk.exe
  2⤵
  PID:11220
- C:\Windows\System\TRIbApj.exe
  C:\Windows\System\TRIbApj.exe
  2⤵
  PID:11252
- C:\Windows\System\REPWWnZ.exe
  C:\Windows\System\REPWWnZ.exe
  2⤵
  PID:10284
- C:\Windows\System\JdlDgLJ.exe
  C:\Windows\System\JdlDgLJ.exe
  2⤵
  PID:10360
- C:\Windows\System\TgsEtwu.exe
  C:\Windows\System\TgsEtwu.exe
  2⤵
  PID:10432
- C:\Windows\System\yoEmeds.exe
  C:\Windows\System\yoEmeds.exe
  2⤵
  PID:10516
- C:\Windows\System\UkycUHf.exe
  C:\Windows\System\UkycUHf.exe
  2⤵
  PID:10556
- C:\Windows\System\gvbCOMu.exe
  C:\Windows\System\gvbCOMu.exe
  2⤵
  PID:10656
- C:\Windows\System\yCBmcOu.exe
  C:\Windows\System\yCBmcOu.exe
  2⤵
  PID:10712
- C:\Windows\System\QfpTSYR.exe
  C:\Windows\System\QfpTSYR.exe
  2⤵
  PID:10780
- C:\Windows\System\KYnJEra.exe
  C:\Windows\System\KYnJEra.exe
  2⤵
  PID:10832
- C:\Windows\System\PPJXOKH.exe
  C:\Windows\System\PPJXOKH.exe
  2⤵
  PID:10896
- C:\Windows\System\WzMMiFm.exe
  C:\Windows\System\WzMMiFm.exe
  2⤵
  PID:10984
- C:\Windows\System\oXOwiNJ.exe
  C:\Windows\System\oXOwiNJ.exe
  2⤵
  PID:11004
- C:\Windows\System\lIlAQqb.exe
  C:\Windows\System\lIlAQqb.exe
  2⤵
  PID:11080
- C:\Windows\System\RqWdXsw.exe
  C:\Windows\System\RqWdXsw.exe
  2⤵
  PID:11140
- C:\Windows\System\DkATGrj.exe
  C:\Windows\System\DkATGrj.exe
  2⤵
  PID:11204
- C:\Windows\System\TsFzwjb.exe
  C:\Windows\System\TsFzwjb.exe
  2⤵
  PID:10340
- C:\Windows\System\OEKaxhz.exe
  C:\Windows\System\OEKaxhz.exe
  2⤵
  PID:10420
- C:\Windows\System\VYMwOcu.exe
  C:\Windows\System\VYMwOcu.exe
  2⤵
  PID:10588
- C:\Windows\System\wVxzyFx.exe
  C:\Windows\System\wVxzyFx.exe
  2⤵
  PID:10788
- C:\Windows\System\AAAxeCr.exe
  C:\Windows\System\AAAxeCr.exe
  2⤵
  PID:10936
- C:\Windows\System\qFqJpUT.exe
  C:\Windows\System\qFqJpUT.exe
  2⤵
  PID:11056
- C:\Windows\System\OKSDhbr.exe
  C:\Windows\System\OKSDhbr.exe
  2⤵
  PID:11180
- C:\Windows\System\GeQeMXx.exe
  C:\Windows\System\GeQeMXx.exe
  2⤵
  PID:10484
- C:\Windows\System\idZXITI.exe
  C:\Windows\System\idZXITI.exe
  2⤵
  PID:10804
- C:\Windows\System\PUtUXwe.exe
  C:\Windows\System\PUtUXwe.exe
  2⤵
  PID:11200
- C:\Windows\System\GSjzRxo.exe
  C:\Windows\System\GSjzRxo.exe
  2⤵
  PID:10760
- C:\Windows\System\lXFRdWQ.exe
  C:\Windows\System\lXFRdWQ.exe
  2⤵
  PID:11272
- C:\Windows\System\fTQPiNL.exe
  C:\Windows\System\fTQPiNL.exe
  2⤵
  PID:11300
- C:\Windows\System\UERLebG.exe
  C:\Windows\System\UERLebG.exe
  2⤵
  PID:11328
- C:\Windows\System\lVtitBC.exe
  C:\Windows\System\lVtitBC.exe
  2⤵
  PID:11356
- C:\Windows\System\iUFglfM.exe
  C:\Windows\System\iUFglfM.exe
  2⤵
  PID:11384
- C:\Windows\System\QIhhEYS.exe
  C:\Windows\System\QIhhEYS.exe
  2⤵
  PID:11412
- C:\Windows\System\MvYedPD.exe
  C:\Windows\System\MvYedPD.exe
  2⤵
  PID:11440
- C:\Windows\System\vhyuxHn.exe
  C:\Windows\System\vhyuxHn.exe
  2⤵
  PID:11464
- C:\Windows\System\WlDsfgc.exe
  C:\Windows\System\WlDsfgc.exe
  2⤵
  PID:11488
- C:\Windows\System\EUwejON.exe
  C:\Windows\System\EUwejON.exe
  2⤵
  PID:11524
- C:\Windows\System\gOvOwNk.exe
  C:\Windows\System\gOvOwNk.exe
  2⤵
  PID:11540
- C:\Windows\System\sGkflaS.exe
  C:\Windows\System\sGkflaS.exe
  2⤵
  PID:11580
- C:\Windows\System\BnIkrzE.exe
  C:\Windows\System\BnIkrzE.exe
  2⤵
  PID:11608
- C:\Windows\System\clxnuJq.exe
  C:\Windows\System\clxnuJq.exe
  2⤵
  PID:11632
- C:\Windows\System\JyshjKt.exe
  C:\Windows\System\JyshjKt.exe
  2⤵
  PID:11652
- C:\Windows\System\gmEKoDA.exe
  C:\Windows\System\gmEKoDA.exe
  2⤵
  PID:11688
- C:\Windows\System\SCDzsYJ.exe
  C:\Windows\System\SCDzsYJ.exe
  2⤵
  PID:11708
- C:\Windows\System\peyanKk.exe
  C:\Windows\System\peyanKk.exe
  2⤵
  PID:11744
- C:\Windows\System\WVQZzWJ.exe
  C:\Windows\System\WVQZzWJ.exe
  2⤵
  PID:11776
- C:\Windows\System\aixRnfY.exe
  C:\Windows\System\aixRnfY.exe
  2⤵
  PID:11804
- C:\Windows\System\WWOKDnu.exe
  C:\Windows\System\WWOKDnu.exe
  2⤵
  PID:11820
- C:\Windows\System\bKcjJwF.exe
  C:\Windows\System\bKcjJwF.exe
  2⤵
  PID:11872
- C:\Windows\System\nCRGtuF.exe
  C:\Windows\System\nCRGtuF.exe
  2⤵
  PID:11888
- C:\Windows\System\AmYgfYw.exe
  C:\Windows\System\AmYgfYw.exe
  2⤵
  PID:11916
- C:\Windows\System\nGavAwt.exe
  C:\Windows\System\nGavAwt.exe
  2⤵
  PID:11944
- C:\Windows\System\inZKHQb.exe
  C:\Windows\System\inZKHQb.exe
  2⤵
  PID:11972
- C:\Windows\System\LIwsRJd.exe
  C:\Windows\System\LIwsRJd.exe
  2⤵
  PID:12000
- C:\Windows\System\bMZrsyf.exe
  C:\Windows\System\bMZrsyf.exe
  2⤵
  PID:12028
- C:\Windows\System\IOSHChC.exe
  C:\Windows\System\IOSHChC.exe
  2⤵
  PID:12056
- C:\Windows\System\sLzGijz.exe
  C:\Windows\System\sLzGijz.exe
  2⤵
  PID:12084
- C:\Windows\System\fmMJnqo.exe
  C:\Windows\System\fmMJnqo.exe
  2⤵
  PID:12112
- C:\Windows\System\TyUyWWp.exe
  C:\Windows\System\TyUyWWp.exe
  2⤵
  PID:12132
- C:\Windows\System\DOZYxro.exe
  C:\Windows\System\DOZYxro.exe
  2⤵
  PID:12152
- C:\Windows\System\SNUcPKq.exe
  C:\Windows\System\SNUcPKq.exe
  2⤵
  PID:12172
- C:\Windows\System\ASOLvST.exe
  C:\Windows\System\ASOLvST.exe
  2⤵
  PID:12208
- C:\Windows\System\oioUTMS.exe
  C:\Windows\System\oioUTMS.exe
  2⤵
  PID:12232
- C:\Windows\System\RMdQsjn.exe
  C:\Windows\System\RMdQsjn.exe
  2⤵
  PID:12248
- C:\Windows\System\qcoSGNW.exe
  C:\Windows\System\qcoSGNW.exe
  2⤵
  PID:12276
- C:\Windows\System\WzVsUlg.exe
  C:\Windows\System\WzVsUlg.exe
  2⤵
  PID:11288
- C:\Windows\System\UNzPPgH.exe
  C:\Windows\System\UNzPPgH.exe
  2⤵
  PID:11340
- C:\Windows\System\rfixhaH.exe
  C:\Windows\System\rfixhaH.exe
  2⤵
  PID:11436
- C:\Windows\System\xWVGuOz.exe
  C:\Windows\System\xWVGuOz.exe
  2⤵
  PID:11508
- C:\Windows\System\clYkvVn.exe
  C:\Windows\System\clYkvVn.exe
  2⤵
  PID:11552
- C:\Windows\System\IULUqcL.exe
  C:\Windows\System\IULUqcL.exe
  2⤵
  PID:11624
- C:\Windows\System\HwlvYTi.exe
  C:\Windows\System\HwlvYTi.exe
  2⤵
  PID:11696
- C:\Windows\System\XzHoRTQ.exe
  C:\Windows\System\XzHoRTQ.exe
  2⤵
  PID:11772
- C:\Windows\System\icEXpvm.exe
  C:\Windows\System\icEXpvm.exe
  2⤵
  PID:11860
- C:\Windows\System\pdAicCP.exe
  C:\Windows\System\pdAicCP.exe
  2⤵
  PID:11900
- C:\Windows\System\wWfHQln.exe
  C:\Windows\System\wWfHQln.exe
  2⤵
  PID:11940
- C:\Windows\System\MmnbwwG.exe
  C:\Windows\System\MmnbwwG.exe
  2⤵
  PID:11988
- C:\Windows\System\DDCfAHg.exe
  C:\Windows\System\DDCfAHg.exe
  2⤵
  PID:12044
- C:\Windows\System\tWUfHgV.exe
  C:\Windows\System\tWUfHgV.exe
  2⤵
  PID:12104
- C:\Windows\System\llGTagl.exe
  C:\Windows\System\llGTagl.exe
  2⤵
  PID:12164
- C:\Windows\System\FvnlUUC.exe
  C:\Windows\System\FvnlUUC.exe
  2⤵
  PID:12284
- C:\Windows\System\EQICMjA.exe
  C:\Windows\System\EQICMjA.exe
  2⤵
  PID:11320
- C:\Windows\System\saozXKU.exe
  C:\Windows\System\saozXKU.exe
  2⤵
  PID:11380
- C:\Windows\System\ROXWvFO.exe
  C:\Windows\System\ROXWvFO.exe
  2⤵
  PID:11600
- C:\Windows\System\FvhkosZ.exe
  C:\Windows\System\FvhkosZ.exe
  2⤵
  PID:11764
- C:\Windows\System\SbGIKmX.exe
  C:\Windows\System\SbGIKmX.exe
  2⤵
  PID:11968
- C:\Windows\System\zAIJxnq.exe
  C:\Windows\System\zAIJxnq.exe
  2⤵
  PID:12012
- C:\Windows\System\HpbZPyd.exe
  C:\Windows\System\HpbZPyd.exe
  2⤵
  PID:11576
- C:\Windows\System\wMgJwmt.exe
  C:\Windows\System\wMgJwmt.exe
  2⤵
  PID:12244
- C:\Windows\System\UidaIPu.exe
  C:\Windows\System\UidaIPu.exe
  2⤵
  PID:10604
- C:\Windows\System\dtBQLvt.exe
  C:\Windows\System\dtBQLvt.exe
  2⤵
  PID:11884
- C:\Windows\System\ukGQtQF.exe
  C:\Windows\System\ukGQtQF.exe
  2⤵
  PID:12160
- C:\Windows\System\kWRDzQL.exe
  C:\Windows\System\kWRDzQL.exe
  2⤵
  PID:11700
- C:\Windows\System\VObaUsi.exe
  C:\Windows\System\VObaUsi.exe
  2⤵
  PID:12320
- C:\Windows\System\jxAiWSq.exe
  C:\Windows\System\jxAiWSq.exe
  2⤵
  PID:12348
- C:\Windows\System\RqGHcLA.exe
  C:\Windows\System\RqGHcLA.exe
  2⤵
  PID:12384
- C:\Windows\System\ouCyQhU.exe
  C:\Windows\System\ouCyQhU.exe
  2⤵
  PID:12412
- C:\Windows\System\KcrSZEk.exe
  C:\Windows\System\KcrSZEk.exe
  2⤵
  PID:12440
- C:\Windows\System\MFyxzEE.exe
  C:\Windows\System\MFyxzEE.exe
  2⤵
  PID:12472
- C:\Windows\System\UxwMPIl.exe
  C:\Windows\System\UxwMPIl.exe
  2⤵
  PID:12512
- C:\Windows\System\tLUdbwV.exe
  C:\Windows\System\tLUdbwV.exe
  2⤵
  PID:12540
- C:\Windows\System\ZejgWej.exe
  C:\Windows\System\ZejgWej.exe
  2⤵
  PID:12556
- C:\Windows\System\UCYxzdd.exe
  C:\Windows\System\UCYxzdd.exe
  2⤵
  PID:12584
- C:\Windows\System\sZaLikH.exe
  C:\Windows\System\sZaLikH.exe
  2⤵
  PID:12620
- C:\Windows\System\zuXXxrN.exe
  C:\Windows\System\zuXXxrN.exe
  2⤵
  PID:12656
- C:\Windows\System\BicOsMM.exe
  C:\Windows\System\BicOsMM.exe
  2⤵
  PID:12700
- C:\Windows\System\zRfgmJF.exe
  C:\Windows\System\zRfgmJF.exe
  2⤵
  PID:12732
- C:\Windows\System\RvrTYrb.exe
  C:\Windows\System\RvrTYrb.exe
  2⤵
  PID:12768
- C:\Windows\System\qrZSWHr.exe
  C:\Windows\System\qrZSWHr.exe
  2⤵
  PID:12784
- C:\Windows\System\UFBHMer.exe
  C:\Windows\System\UFBHMer.exe
  2⤵
  PID:12816
- C:\Windows\System\Uieuadg.exe
  C:\Windows\System\Uieuadg.exe
  2⤵
  PID:12860
- C:\Windows\System\DkcWIbO.exe
  C:\Windows\System\DkcWIbO.exe
  2⤵
  PID:12880
- C:\Windows\System\bILjQSn.exe
  C:\Windows\System\bILjQSn.exe
  2⤵
  PID:12916
- C:\Windows\System\VEIfBDE.exe
  C:\Windows\System\VEIfBDE.exe
  2⤵
  PID:12948
- C:\Windows\System\RDSArKu.exe
  C:\Windows\System\RDSArKu.exe
  2⤵
  PID:12984
- C:\Windows\System\DrXRQpa.exe
  C:\Windows\System\DrXRQpa.exe
  2⤵
  PID:13000
- C:\Windows\System\VLdDgky.exe
  C:\Windows\System\VLdDgky.exe
  2⤵
  PID:13032
- C:\Windows\System\RByABvN.exe
  C:\Windows\System\RByABvN.exe
  2⤵
  PID:13064
- C:\Windows\System\pUUavys.exe
  C:\Windows\System\pUUavys.exe
  2⤵
  PID:13108
- C:\Windows\System\ftSnfEp.exe
  C:\Windows\System\ftSnfEp.exe
  2⤵
  PID:13124
- C:\Windows\System\CHOHWZa.exe
  C:\Windows\System\CHOHWZa.exe
  2⤵
  PID:13140
- C:\Windows\System\bVTKjPZ.exe
  C:\Windows\System\bVTKjPZ.exe
  2⤵
  PID:13160
- C:\Windows\System\KbWaUHg.exe
  C:\Windows\System\KbWaUHg.exe
  2⤵
  PID:13180
- C:\Windows\System\RlfnLVP.exe
  C:\Windows\System\RlfnLVP.exe
  2⤵
  PID:13212
- C:\Windows\System\DeatWxg.exe
  C:\Windows\System\DeatWxg.exe
  2⤵
  PID:13292
- C:\Windows\System\oNwWVVY.exe
  C:\Windows\System\oNwWVVY.exe
  2⤵
  PID:12304
- C:\Windows\System\QvlXPbm.exe
  C:\Windows\System\QvlXPbm.exe
  2⤵
  PID:12328
- C:\Windows\System\LfyaoFg.exe
  C:\Windows\System\LfyaoFg.exe
  2⤵
  PID:12432
- C:\Windows\System\fOclqeX.exe
  C:\Windows\System\fOclqeX.exe
  2⤵
  PID:12492
- C:\Windows\System\svhlqhz.exe
  C:\Windows\System\svhlqhz.exe
  2⤵
  PID:12604
- C:\Windows\System\DlxrQFk.exe
  C:\Windows\System\DlxrQFk.exe
  2⤵
  PID:12680
- C:\Windows\System\PPhQAXB.exe
  C:\Windows\System\PPhQAXB.exe
  2⤵
  PID:12756
- C:\Windows\System\hSsjqBn.exe
  C:\Windows\System\hSsjqBn.exe
  2⤵
  PID:12800
- C:\Windows\System\AwtAPGx.exe
  C:\Windows\System\AwtAPGx.exe
  2⤵
  PID:12828
- C:\Windows\System\hToamWw.exe
  C:\Windows\System\hToamWw.exe
  2⤵
  PID:12960
- C:\Windows\System\PpJghpY.exe
  C:\Windows\System\PpJghpY.exe
  2⤵
  PID:13008
- C:\Windows\System\SVJowrY.exe
  C:\Windows\System\SVJowrY.exe
  2⤵
  PID:13116
- C:\Windows\System\cMzzudx.exe
  C:\Windows\System\cMzzudx.exe
  2⤵
  PID:13156
- C:\Windows\System\rRfTbiF.exe
  C:\Windows\System\rRfTbiF.exe
  2⤵
  PID:13176
- C:\Windows\System\QBxoxPn.exe
  C:\Windows\System\QBxoxPn.exe
  2⤵
  PID:13280
- C:\Windows\System\lpfPwlM.exe
  C:\Windows\System\lpfPwlM.exe
  2⤵
  PID:12372
- C:\Windows\System\JbHxGpq.exe
  C:\Windows\System\JbHxGpq.exe
  2⤵
  PID:12424
- C:\Windows\System\VmLStiu.exe
  C:\Windows\System\VmLStiu.exe
  2⤵
  PID:11040
- C:\Windows\System\RIAGPeS.exe
  C:\Windows\System\RIAGPeS.exe
  2⤵
  PID:12836
- C:\Windows\System\DBxuuDE.exe
  C:\Windows\System\DBxuuDE.exe
  2⤵
  PID:13060
- C:\Windows\System\HjrYBcV.exe
  C:\Windows\System\HjrYBcV.exe
  2⤵
  PID:13224
- C:\Windows\System\iWMFqYN.exe
  C:\Windows\System\iWMFqYN.exe
  2⤵
  PID:12520
- C:\Windows\System\oLwzHji.exe
  C:\Windows\System\oLwzHji.exe
  2⤵
  PID:12936
- C:\Windows\System\nQxQBYE.exe
  C:\Windows\System\nQxQBYE.exe
  2⤵
  PID:12376
- C:\Windows\System\aWqZEZO.exe
  C:\Windows\System\aWqZEZO.exe
  2⤵
  PID:12668
- C:\Windows\System\eeBmpqR.exe
  C:\Windows\System\eeBmpqR.exe
  2⤵
  PID:13332
- C:\Windows\System\nSFoWZr.exe
  C:\Windows\System\nSFoWZr.exe
  2⤵
  PID:13360
- C:\Windows\System\OyrGxWV.exe
  C:\Windows\System\OyrGxWV.exe
  2⤵
  PID:13376
- C:\Windows\System\mSHuseT.exe
  C:\Windows\System\mSHuseT.exe
  2⤵
  PID:13416
- C:\Windows\System\AHrBRit.exe
  C:\Windows\System\AHrBRit.exe
  2⤵
  PID:13444
- C:\Windows\System\JiBwndm.exe
  C:\Windows\System\JiBwndm.exe
  2⤵
  PID:13472
- C:\Windows\System\vRoAAhS.exe
  C:\Windows\System\vRoAAhS.exe
  2⤵
  PID:13508
- C:\Windows\System\hOpxeWh.exe
  C:\Windows\System\hOpxeWh.exe
  2⤵
  PID:13528
- C:\Windows\System\OvsbFqS.exe
  C:\Windows\System\OvsbFqS.exe
  2⤵
  PID:13560
- C:\Windows\System\WzDaELb.exe
  C:\Windows\System\WzDaELb.exe
  2⤵
  PID:13588
- C:\Windows\System\LfYbGKn.exe
  C:\Windows\System\LfYbGKn.exe
  2⤵
  PID:13608
- C:\Windows\System\MWITMvd.exe
  C:\Windows\System\MWITMvd.exe
  2⤵
  PID:13636
- C:\Windows\System\cIKLGeT.exe
  C:\Windows\System\cIKLGeT.exe
  2⤵
  PID:13672
- C:\Windows\System\ThSeVmy.exe
  C:\Windows\System\ThSeVmy.exe
  2⤵
  PID:13696
- C:\Windows\System\zmqhDsV.exe
  C:\Windows\System\zmqhDsV.exe
  2⤵
  PID:13724
- C:\Windows\System\GoPOkIk.exe
  C:\Windows\System\GoPOkIk.exe
  2⤵
  PID:13752
- C:\Windows\System\CfWNdrc.exe
  C:\Windows\System\CfWNdrc.exe
  2⤵
  PID:13780
- C:\Windows\System\lBlFVvM.exe
  C:\Windows\System\lBlFVvM.exe
  2⤵
  PID:13808
- C:\Windows\System\NdpTJhX.exe
  C:\Windows\System\NdpTJhX.exe
  2⤵
  PID:13848
- C:\Windows\System\lqSEBco.exe
  C:\Windows\System\lqSEBco.exe
  2⤵
  PID:13868
- C:\Windows\System\MDSxKlt.exe
  C:\Windows\System\MDSxKlt.exe
  2⤵
  PID:13900
- C:\Windows\System\NJiQzJq.exe
  C:\Windows\System\NJiQzJq.exe
  2⤵
  PID:13928
- C:\Windows\System\nQdaoUj.exe
  C:\Windows\System\nQdaoUj.exe
  2⤵
  PID:13948
- C:\Windows\System\lPCBGBn.exe
  C:\Windows\System\lPCBGBn.exe
  2⤵
  PID:13976
- C:\Windows\System\AalUAMh.exe
  C:\Windows\System\AalUAMh.exe
  2⤵
  PID:14004
- C:\Windows\System\nwWpNrr.exe
  C:\Windows\System\nwWpNrr.exe
  2⤵
  PID:14036
- C:\Windows\System\qSTGoME.exe
  C:\Windows\System\qSTGoME.exe
  2⤵
  PID:14060
- C:\Windows\System\ByNGgPL.exe
  C:\Windows\System\ByNGgPL.exe
  2⤵
  PID:14100
- C:\Windows\System\lCEIghu.exe
  C:\Windows\System\lCEIghu.exe
  2⤵
  PID:14116
- C:\Windows\System\ZJahjBq.exe
  C:\Windows\System\ZJahjBq.exe
  2⤵
  PID:14144
- C:\Windows\System\uooaRKA.exe
  C:\Windows\System\uooaRKA.exe
  2⤵
  PID:14172
- C:\Windows\System\BUswVfX.exe
  C:\Windows\System\BUswVfX.exe
  2⤵
  PID:14200
- C:\Windows\System\ZFqnMch.exe
  C:\Windows\System\ZFqnMch.exe
  2⤵
  PID:14240
- C:\Windows\System\YSvMVHz.exe
  C:\Windows\System\YSvMVHz.exe
  2⤵
  PID:14256
- C:\Windows\System\vrhQMLn.exe
  C:\Windows\System\vrhQMLn.exe
  2⤵
  PID:14284
- C:\Windows\System\YEsdOzJ.exe
  C:\Windows\System\YEsdOzJ.exe
  2⤵
  PID:14308
- C:\Windows\System\AKIDncV.exe
  C:\Windows\System\AKIDncV.exe
  2⤵
  PID:14328
- C:\Windows\System\NtLQHlh.exe
  C:\Windows\System\NtLQHlh.exe
  2⤵
  PID:13352
- C:\Windows\System\SjKjsuJ.exe
  C:\Windows\System\SjKjsuJ.exe
  2⤵
  PID:13432
- C:\Windows\System\IGyFEBk.exe
  C:\Windows\System\IGyFEBk.exe
  2⤵
  PID:13500
- C:\Windows\System\CJgHiNO.exe
  C:\Windows\System\CJgHiNO.exe
  2⤵
  PID:13520
- C:\Windows\System\odXddMr.exe
  C:\Windows\System\odXddMr.exe
  2⤵
  PID:13600
- C:\Windows\System\ouAYKsG.exe
  C:\Windows\System\ouAYKsG.exe
  2⤵
  PID:13656
- C:\Windows\System\fzsfXEm.exe
  C:\Windows\System\fzsfXEm.exe
  2⤵
  PID:13708
- C:\Windows\System\YzgTZLu.exe
  C:\Windows\System\YzgTZLu.exe
  2⤵
  PID:13772
- C:\Windows\System\lEPBGuK.exe
  C:\Windows\System\lEPBGuK.exe
  2⤵
  PID:13856
- C:\Windows\System\VtBCtyK.exe
  C:\Windows\System\VtBCtyK.exe
  2⤵
  PID:1220
- C:\Windows\System\qOnTYdl.exe
  C:\Windows\System\qOnTYdl.exe
  2⤵
  PID:3568
- C:\Windows\System\MCDXyXl.exe
  C:\Windows\System\MCDXyXl.exe
  2⤵
  PID:13960
- C:\Windows\System\eBhwbMX.exe
  C:\Windows\System\eBhwbMX.exe
  2⤵
  PID:14048
- C:\Windows\System\YifQFwi.exe
  C:\Windows\System\YifQFwi.exe
  2⤵
  PID:14088
- C:\Windows\System\rsRcuDw.exe
  C:\Windows\System\rsRcuDw.exe
  2⤵
  PID:14156
- C:\Windows\System\ZpKxfAN.exe
  C:\Windows\System\ZpKxfAN.exe
  2⤵
  PID:14252
- C:\Windows\System\UNcrJcs.exe
  C:\Windows\System\UNcrJcs.exe
  2⤵
  PID:13308
- C:\Windows\System\IsFMgBp.exe
  C:\Windows\System\IsFMgBp.exe
  2⤵
  PID:12300
- C:\Windows\System\mLwboPr.exe
  C:\Windows\System\mLwboPr.exe
  2⤵
  PID:13492
- C:\Windows\System\XLxLbni.exe
  C:\Windows\System\XLxLbni.exe
  2⤵
  PID:13548
- C:\Windows\System\tmedmhd.exe
  C:\Windows\System\tmedmhd.exe
  2⤵
  PID:13692
- C:\Windows\System\TSXKkOL.exe
  C:\Windows\System\TSXKkOL.exe
  2⤵
  PID:13736
- C:\Windows\System\rUBQuzq.exe
  C:\Windows\System\rUBQuzq.exe
  2⤵
  PID:13964
- C:\Windows\System\wgQmZEE.exe
  C:\Windows\System\wgQmZEE.exe
  2⤵
  PID:14020
- C:\Windows\System\UxWSOMT.exe
  C:\Windows\System\UxWSOMT.exe
  2⤵
  PID:14084
- C:\Windows\System\uFKVogD.exe
  C:\Windows\System\uFKVogD.exe
  2⤵
  PID:14316
- C:\Windows\System\gxWjMsb.exe
  C:\Windows\System\gxWjMsb.exe
  2⤵
  PID:13576
- C:\Windows\System\ehIYkoc.exe
  C:\Windows\System\ehIYkoc.exe
  2⤵
  PID:14184
- C:\Windows\System\uXTaXUs.exe
  C:\Windows\System\uXTaXUs.exe
  2⤵
  PID:1804
- C:\Windows\System\OuWnrXn.exe
  C:\Windows\System\OuWnrXn.exe
  2⤵
  PID:3620
- C:\Windows\System\BZbkfHL.exe
  C:\Windows\System\BZbkfHL.exe
  2⤵
  PID:836
- C:\Windows\System\yQRRxyr.exe
  C:\Windows\System\yQRRxyr.exe
  2⤵
  PID:14272
- C:\Windows\System\NcfCVdG.exe
  C:\Windows\System\NcfCVdG.exe
  2⤵
  PID:3300
- C:\Windows\System\mBCTneS.exe
  C:\Windows\System\mBCTneS.exe
  2⤵
  PID:14352
- C:\Windows\System\dFzIiwR.exe
  C:\Windows\System\dFzIiwR.exe
  2⤵
  PID:14384
- C:\Windows\System\mBmzUxq.exe
  C:\Windows\System\mBmzUxq.exe
  2⤵
  PID:14420
- C:\Windows\System\rikwukz.exe
  C:\Windows\System\rikwukz.exe
  2⤵
  PID:14440
- C:\Windows\System\KKyMlMh.exe
  C:\Windows\System\KKyMlMh.exe
  2⤵
  PID:14476
- C:\Windows\System\wNwKLxq.exe
  C:\Windows\System\wNwKLxq.exe
  2⤵
  PID:14492
- C:\Windows\System\PBuoOlA.exe
  C:\Windows\System\PBuoOlA.exe
  2⤵
  PID:14532
- C:\Windows\System\ruTRfTA.exe
  C:\Windows\System\ruTRfTA.exe
  2⤵
  PID:14560
- C:\Windows\System\HHuTlLo.exe
  C:\Windows\System\HHuTlLo.exe
  2⤵
  PID:14588
- C:\Windows\System\narrQfM.exe
  C:\Windows\System\narrQfM.exe
  2⤵
  PID:14608
- C:\Windows\System\hsTWhfj.exe
  C:\Windows\System\hsTWhfj.exe
  2⤵
  PID:14632
- C:\Windows\System\qQbUiBX.exe
  C:\Windows\System\qQbUiBX.exe
  2⤵
  PID:14656
- C:\Windows\System\vjPHjEm.exe
  C:\Windows\System\vjPHjEm.exe
  2⤵
  PID:14688
- C:\Windows\System\XTrsoCH.exe
  C:\Windows\System\XTrsoCH.exe
  2⤵
  PID:14716
- C:\Windows\System\VfJOjcK.exe
  C:\Windows\System\VfJOjcK.exe
  2⤵
  PID:14752
- C:\Windows\System\mfjMkNd.exe
  C:\Windows\System\mfjMkNd.exe
  2⤵
  PID:14784
- C:\Windows\System\uOMFdvW.exe
  C:\Windows\System\uOMFdvW.exe
  2⤵
  PID:14812
- C:\Windows\System\CHgaZuB.exe
  C:\Windows\System\CHgaZuB.exe
  2⤵
  PID:14836
- C:\Windows\System\MPSLSrC.exe
  C:\Windows\System\MPSLSrC.exe
  2⤵
  PID:14856
- C:\Windows\System\jfgMYAP.exe
  C:\Windows\System\jfgMYAP.exe
  2⤵
  PID:14888
- C:\Windows\System\UyfoNsO.exe
  C:\Windows\System\UyfoNsO.exe
  2⤵
  PID:14912
- C:\Windows\System\EzeOKks.exe
  C:\Windows\System\EzeOKks.exe
  2⤵
  PID:15048
- C:\Windows\System\HCFBIbq.exe
  C:\Windows\System\HCFBIbq.exe
  2⤵
  PID:15064
- C:\Windows\System\hLGobXZ.exe
  C:\Windows\System\hLGobXZ.exe
  2⤵
  PID:15084
- C:\Windows\System\ldaYbJr.exe
  C:\Windows\System\ldaYbJr.exe
  2⤵
  PID:15100
- C:\Windows\System\HiYTWjI.exe
  C:\Windows\System\HiYTWjI.exe
  2⤵
  PID:15120
- C:\Windows\System\xaxmZOE.exe
  C:\Windows\System\xaxmZOE.exe
  2⤵
  PID:15140
- C:\Windows\System\QiKYlJC.exe
  C:\Windows\System\QiKYlJC.exe
  2⤵
  PID:15264
- C:\Windows\System\mdeTitz.exe
  C:\Windows\System\mdeTitz.exe
  2⤵
  PID:15280
- C:\Windows\System\npdcuFl.exe
  C:\Windows\System\npdcuFl.exe
  2⤵
  PID:15340

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CRhWNqh.exe

Filesize
2.6MB

MD5
9e4b552d142ea22f89ee3d4baf5edf22

SHA1
d9356ef469a0bfd7022953a4f2ce27adde1c0394

SHA256
35bfb7f284eb2084f77551714b9555424340a2f321f5e319193bbeb3878a127c

SHA512
2b033c738104474ae8c0323cfbf53f8a1100ff5bec6c0d54b7e12985aab819a9274d796b779cbd2899404b664f9fefde35e7a724fdb9c086ec19ee5b9c290fad

Download Submit
C:\Windows\System\IiRMeJU.exe

Filesize
2.6MB

MD5
a0c626fb92a9fffd8e85c384753fc69b

SHA1
f7302f9fb4906339d63e1668bddc65acc6808bd7

SHA256
474284c824fb6df4d3bc4b69c2cf6da04fc856232286ae429cd94402b8e2cdc0

SHA512
53c59de0eb5b1429765ef9f5afde4bcc2d22b80350c7ba2db9c5b98c03b213fa3c3e1f147aa82be1782b214120bdab2834ed9783d140a86ff88d219c3daf8a7f

Download Submit
C:\Windows\System\JlhhUfr.exe

Filesize
2.6MB

MD5
fa2f8a1168472d1126443b668b35e1d8

SHA1
d24d505589eec9fc8f6eb8bd3c45927680163301

SHA256
a5bfc008b55bcfcfc1c4138bba86035e543004469b3d870ff4e2f88ef0c36f53

SHA512
7c7d39a0b594bb65ea1ccfe00cf30e815d63430ccda329caf067cb749f3bbcb1ac5314f8307c1d8106d5d96ce14e4bf4c39955811c96c3624058fb339f8689f2

Download Submit
C:\Windows\System\JnqOfxa.exe

Filesize
2.6MB

MD5
754cb72b9315e626fe80e8d49e9104ce

SHA1
8538a794a81d65d6d9225cb2ab0c75cee3342674

SHA256
d210c9cf1b0382202a4d5f226ab79c395213d6825bca3e648072399949ddd877

SHA512
15950352b0e6b4a6498b8502be85cd591f6a75f537fde79ae148ec3ed306797a7d3f7f1ffc743eaaefac2338cfe8895309b96f6ef97b9144fb0ce5d837c25e37

Download Submit
C:\Windows\System\KicdTnD.exe

Filesize
2.6MB

MD5
006a16db64b5fd4aa19c109ef107540f

SHA1
cffbc336a89336f23c2a3af8db0d1fd771fac42c

SHA256
01d7199a4a0ff74167c0adb021bec0f487668d3535682fc541604389c417a4d4

SHA512
a7a455d96f47ce73484bd78ade41bff015c5ad06d31a14ea903bd63cf096434cbe73f0edaa5e6587c10f99f4325da9b5eb94be7d18ab55a881a15e48b4dd13a9

Download Submit
C:\Windows\System\LQQBEpV.exe

Filesize
2.6MB

MD5
3cf32a949da113e641b2838865ddf0b3

SHA1
df3e83f6ec6ff78599cac8e4fdf98eacca1adcca

SHA256
acbe979b0951a57bc9b10f493dfbdec2a03a673cf1cc3e1fcd1c8c75ef9df0ba

SHA512
efd610507042291b595c2c0bb902a020a911234b9642cc28b6d5babaf4258fda337f438c79ec107245f3d098906ffb60286a28ecca5e0522e789a47f8f275aac

Download Submit
C:\Windows\System\LWUUxYw.exe

Filesize
2.6MB

MD5
67c4559ea9a9b7ae46872bcaaaad1bf7

SHA1
acb684b89e187b94d3c6af30358d63c53ee10217

SHA256
4f76f66b7a7a6f23bdd64431ab90aae8970c23c79777d756ca07da3bc6d9aa77

SHA512
d92291653e87cf531e047278461c70cb97bf3493ee987e9dc8d79324b4c3d7688e228b82651eca457b3af568b65ab93a6776d802f2ec404c63b18ca23a3e04f7

Download Submit
C:\Windows\System\LmCizIC.exe

Filesize
2.6MB

MD5
939029cb3f3e8145cf20e5c8707c7805

SHA1
d97b81feb8b790efd0297875793f47c5d1d9d77d

SHA256
83ca527a2f3a89b4a11e159b8b26fa239c36387bd93cc695d25c6e3023eb3ab0

SHA512
e2a65cef23c280e3dcc0d79fcbfa01679e2272cc5a2fe41636683f3e03dc7fcb0aa3219dd388130e132ae40f2844143c24400601f33815f3c35a1643f63052f1

Download Submit
C:\Windows\System\MQGkwcc.exe

Filesize
2.6MB

MD5
8864d1e63115be13b433ddc075cc1c6e

SHA1
4ba31b5480c8207ec5df7f4c055beb0000b3c2c8

SHA256
d9dd0caa0b70de5d05d97c510bb238bf37a3d088aa5aa6d5b15c57d1bf66ec3b

SHA512
4c081f3150b6811b57185b9a59fc51c46bdfab347bdde1df3246e827a4b1a088e1bb3119fb9add8bfa47aa43005a887de3b0392314da4a31136e9f6aecfb546f

Download Submit
C:\Windows\System\MddvhBn.exe

Filesize
2.6MB

MD5
e032d473cac8a6008e924d8b3ab660e6

SHA1
9ad2a75207dd1819309f8b258f91b3bda8708b5e

SHA256
2864f6f041471b951fd2ee856641994ab7638e31fa58418767fbcc2cef2f2c53

SHA512
60fb271084333726736b0ca537f281cac2c56f544a085351443e19519d2dc576d976df86115ce0597fa90dfba5277de393d8f6b4edad9f6acd8abd3b025edd98

Download Submit
C:\Windows\System\MhidrQy.exe

Filesize
2.6MB

MD5
c79db930db8cd5eae7574c1243368ebe

SHA1
d5a33ad8894c6c2939ed8d1f693e923033ab9aee

SHA256
f6eaa0e02cda877c12ef8cfecc0d3574ae30f211b21170c014d4cbffedbdf08b

SHA512
9cb94d2cb86ebf56bdad920d82e6f0d445b3a817a17689f7018a80d5b44936535c9360f54a2e956e4ac1c49e960f49adb3d1b2ede62c4a63fa32612bc415b13b

Download Submit
C:\Windows\System\MuWhTik.exe

Filesize
2.6MB

MD5
94c5bea4a9abf7f19fd630d695947d5d

SHA1
6739a25029b1e0a224ab799d6d89c214df83364b

SHA256
2ce700d956122f3558806416a47967df87f3bf59cfd46e06ff39b49b59cb9159

SHA512
e01126d7e000dcd1dea5222135b0082511171d13d9a50e3b7a8fac438a4cc3f5897c62c3462dcd47791aa0487e68151e6587cf042ecabdbc3b015d4b1b2c143f

Download Submit
C:\Windows\System\NTMmnVo.exe

Filesize
2.6MB

MD5
87c90ddfc8d95db9ee4ecbe495f97353

SHA1
058590b1656a9c61985ebbb256d9f8a54c99ae94

SHA256
d50ddb751c2b0301324596d00aa85235356d12d0ebdc09df039ee5f681181328

SHA512
618cf94405c308193abcef07e2d05bb593e1704fced2b990b73c8a9a1db848a35a8f9e8ecd4270a216499c2f18e635376ada98832ec98f84f12a8bc00fc2969e

Download Submit
C:\Windows\System\NXuOepE.exe

Filesize
2.6MB

MD5
e9483f7cfb88a2c33a5fcad62b9307bb

SHA1
671867c58015c95c63d1ddb22becac36a629d631

SHA256
81cb9fcada62149b66cb60232eeef575a63d7b077b7d8feb89a8bf856efc4517

SHA512
1ac02196741b840656018c74782a58aff6ef89df6d96aac681ed9818afaba4a938982775b9b6b5154e0d0f77f6f687f056859dfc7c82a731555440c97092370a

Download Submit
C:\Windows\System\UFjJXWi.exe

Filesize
2.6MB

MD5
55c90aeb2c8661f9fe620180f9976441

SHA1
bb7ed0dc6fa5200a6d6afda661016f2b44d957ac

SHA256
395f1f8e071489c97df601d4826f8f5db3470314636c75fb7325d37e156f90ee

SHA512
115cf001bb79e674d5b0e3081b09f32323003880390039edeb282231ef7d80a72491eae02969f0174579382653a0296e7b1f51a47e16ea57fc21df26ce127b23

Download Submit
C:\Windows\System\WHQTdUl.exe

Filesize
2.6MB

MD5
85e4a04c1df6edde32356a3f227c4cee

SHA1
e90f9ea859cb8311333a1e484627cec0f56bb12c

SHA256
8f3cf14f8fd7be65c6e42db2349b9b75d94c68b6136a6f5476a78c25be484fdd

SHA512
08d5310504ac9dc03e4048bae274a27acae95d7d64a5ae8b0868aa4661f0033fa6365730436e2bb0b54bb3ebd0f55e9d9c87ec6b31ec6ebca202677366582604

Download Submit
C:\Windows\System\WMQnFcD.exe

Filesize
2.6MB

MD5
af9bc2f5cc4d355f9fc1681b147b03cb

SHA1
a851c14bfc36501cead65a7afc30c0844091ec7a

SHA256
98c7a494deee7f29c7551e30afd6cee731bc241351d8ea787492404f9a21ac37

SHA512
02bdd7fae9817647df6d139a63c7b64d8a41da6a73689471e8f509eda71b1f971ddbd20ed89571a1d3998ca26b7fa592e555dbcb1dba9faa2c1a6821f95536d8

Download Submit
C:\Windows\System\fFGdPNo.exe

Filesize
2.6MB

MD5
f049e79782c40683d528e956beea2f7d

SHA1
1316804df2f1f9635bde0d5cdc4470a745c13660

SHA256
fa626236bbface18c1cf4124e6899056cbf2e07073d40f9200696c0ce19789bd

SHA512
65ac94509ec615470bc5b7664523410d8486d445652ed9839fc0d3cb257a20db1f563037f48feb416bf48bdb4b9db3c10d3316243b04e264e2501fc97b904d92

Download Submit
C:\Windows\System\gCkmlxs.exe

Filesize
2.6MB

MD5
3e18a27182e36d57697d5ec52eca3361

SHA1
9e2380bcd7580063a36ba4e5c6779cadf6d2f0f8

SHA256
5c1bda3ccb274927d0868dd6f84d22ac0a04aa165151cb4f0d4496f9764e50de

SHA512
87153dfa8573b532b80855afda14f083ee67e480d2f8515709ca8da7f2409fd4e82d0baf65c818e3026138e2496feaebfe95c2b6f2e6a4b2bd6c1ae3d641c3dd

Download Submit
C:\Windows\System\hHuImzI.exe

Filesize
2.6MB

MD5
5a17dac4455e779e9414d94efada985c

SHA1
027af1cdf03bcbbcbe8468303a9e7022fb8101aa

SHA256
9c180147ae7c6ada9e6eb76b84be4ea9911cbd8b2196878caa2b169929aa6383

SHA512
2c241b49af493c3715d4a1f59c011e5a310941a3922801d1e8d055adb02a3a615963ff7b7879e7d476f9848917a495b9e717b00a3b4a31535ca983a51b4e90e0

Download Submit
C:\Windows\System\hqWvKqC.exe

Filesize
2.6MB

MD5
3103f177f27bfa8a7cfa481b06fdf504

SHA1
b0954211dc754f3f9ee69f3ffaebda1473d564e2

SHA256
4effe935e46a58965660f214c23f04005b57ae416c558d20e107468042aa932e

SHA512
021e11da8e426e5e4d04d06a2d278eebf57a3c9e57708bb4e0c047cba52f3266f191176176a17752e448abb4004be43749f26f4938e5bbf2052252aed5eabfd0

Download Submit
C:\Windows\System\jaUJcHt.exe

Filesize
2.6MB

MD5
d79f78be1b45bbf7ab3c46b38f9529dd

SHA1
2532ef2fdd49370a83246576b1b3d827d3875299

SHA256
f8c8ad3e034177db9ddfc87c861c173d9c7726071566b23830bcbd42364cd95b

SHA512
042ea9d92bfdb1a2c41ee8e186f0d1f9bfd64d78d94a1bcf9c5e18e7186813b8bb6b7a4fb59d5d7145f4915002b4a54ed72cfc0250fb2ad860286133fcb8f1f1

Download Submit
C:\Windows\System\lGmzaiO.exe

Filesize
2.6MB

MD5
4a7ce8f3ec6495b4b0470720f354dd88

SHA1
d4004e7e098db4ecd467f9d3f74ce5636fadaacd

SHA256
f799ae08fdb2cb66275a88df8335ea4bbb8af52f9ac21a87be4406f58b753d1c

SHA512
6e5046d0a5914c98b2b26fb1f23057046a54b267a96ee36d03c623f3f9d470db88023dde78f9fd5a436943a7fbdf6fc25e889afffa91ac776dc58e210ea0eb8a

Download Submit
C:\Windows\System\nLoKTLH.exe

Filesize
2.6MB

MD5
3cd8f9c3a8cb0b842c86f78a1c6e65c1

SHA1
3edf7fd0ab933c9d37ff7e853682378d0ed3dbea

SHA256
06651145d134c6bb46d0d503c0264b4038a689746004243043c710c6849c76ce

SHA512
f703410cbb751a1d3236ac8d35d745a3030553935986432cd395ef173284310bedaba9d62fb7025c2acd2b565a3185c8c952f6904dd52fc905753ddb1647f71f

Download Submit
C:\Windows\System\oXhhqvw.exe

Filesize
2.6MB

MD5
e93f581fd932bcd44724523336a81d65

SHA1
75f8bc3d1d553af843a60771543662a9cefc5ab2

SHA256
3eec9b2e5567c120900529bb86fdfd629b714b034b65bfba54faada77b41e0e8

SHA512
6950b97c21d8092d3a57d0ff2e39ca29094bd641b807f64cdb427a3c6b1182010d7ac3513df7da5c25f55a564f8f5fd3b13d887594cb32be4bcff1cdfceb3f13

Download Submit
C:\Windows\System\qUwqmBN.exe

Filesize
2.6MB

MD5
9c41632332a43848494b686ca3420548

SHA1
91b298205b508ab64a03cc411afae88ebeb14749

SHA256
6750e8d82637868fbb5481b8276aa38f9ea9fe25c9b9a49f63374c7e34ad7763

SHA512
a1b8ec3d4b1bac1d365cb232a03fbb3fd5582670efa2ca60bc7add9475ff2af08ed22d17a83f24c404a6261fef62bab984067cfae9f4bfeb602ee0e2271d5a0b

Download Submit
C:\Windows\System\rRSXvvB.exe

Filesize
2.6MB

MD5
2e6cfb1a057d1e07bff7e6b9f8453581

SHA1
ee4f738e16c26bfd578289dbb2d39b4f6b1a3a59

SHA256
1a4920e909b75a9883d72520b528d01adf0fd56f6ac53ad586e2d086500d8ef5

SHA512
ced1bc3aebf566c5b9fcf7b7d116af86e427901ba35775884ca6484c349854fd27ad08cc7508fa970f63db3504a56c9f3f46bc3a86df25f01910942650ab4339

Download Submit
C:\Windows\System\rrhytex.exe

Filesize
2.6MB

MD5
50794e3fdb92bdcfe39cd8cbef0ad5a3

SHA1
f4ca001666f226a84051e6d0d641ceee00c40f5d

SHA256
fa5cfb8930773df20ec0ee4bd758764c5343ab6daa7b472470c2ba118112be96

SHA512
27a0da80e5b99caf4af1f58846d3f1a4542b98ca8b60baaeb48ba21dcb9269b85330d017b27e25034aff93f44e0f178d80ffda349f6ce69b843b6be608821269

Download Submit
C:\Windows\System\smiSEdR.exe

Filesize
2.6MB

MD5
6bc318e5b1bcec1eb194538d96f0e89c

SHA1
9d67fe85262a331fae9e6e216816cd5f44329c22

SHA256
018d2174d4f6fcc99bbc9ef275493527054b1e0591d6a50b83dadb3f16502755

SHA512
df32cf1e21f8823339a8b018176ad849d7484b3ba650e742611b5066a5f901fdfd7c9309d155e014c7c95ddcde03fc03bb29510b1927498fddb3b1154ac8fe1f

Download Submit
C:\Windows\System\tZRDTnM.exe

Filesize
2.6MB

MD5
b7059c3e8b877aabcdf94cd4d2fb0844

SHA1
e28ff30860e011175a6ebe09dd51f04e07c63ecf

SHA256
36bd483953022de1ff7c967c77f6e1aca8db78d28deae378b7391727c033b62e

SHA512
f89d8734407f6b21b8621f022c119dde50f0d58879595ea36f00b0297fdac91135ae676645e969846a1a7773a7dc59bbb369de8b59a1d6d9f6472aa8235dc9bd

Download Submit
C:\Windows\System\uFrMjVW.exe

Filesize
2.6MB

MD5
24c4bd31158d00c47811975b7897fa3d

SHA1
e5961bdf7f679a4100d9a294aa6d766a1cdd28b4

SHA256
b4828bc406074da052ecda354448623d1052576f751b2552035e0ed49befe13b

SHA512
3b69466e1a5a750ecd6d38f5b4cfa64c6288a2e72b94c5e52e20fd6092cf065c2ad1cb5fbcf67e16dcd66aa83587f62aaee05a93ac55dc6badb5e2648ff0702f

Download Submit
C:\Windows\System\xWFswle.exe

Filesize
2.6MB

MD5
f2d0de44b5f12b5214d7b4bf55ed0234

SHA1
1fa6dfd3e14208598dff16a61d1da94357730de7

SHA256
f3f5ea912ee1d31b73f73831e892141afceaa82806adbe21f48f9783843e226c

SHA512
fc28ced256ed482bede5a066e5d330fea2653623200ae1a840dc7967f69d873bbd3b0a0a22fc78c27aed314e60aab63f3f9b331f1c15beddedb856dc91ba411c

Download Submit
C:\Windows\System\xkjUGSL.exe

Filesize
2.6MB

MD5
802032d627b758d8db154b853a7d95a8

SHA1
e6cfd1aa2c3ada635b41faa28fe78b516084e890

SHA256
1d71a8d753ffe9c44ce1e36dee6fbaffab6f1bf965f3ef217f482a328048a695

SHA512
751b94ea3ebcca5245d489ba9105133ae2fe71e2ad6b1928dc7398c542899114932534f0b059b941de2ce980a1dcc360d34ec92af482d00622af6c37cf69101b

Download Submit
C:\Windows\System\zpvSoTk.exe

Filesize
2.6MB

MD5
a50039abb4e1f3a011984fe5a0559efe

SHA1
5a824c266cd8c5fce926583d0dc19e3a2dc05d23

SHA256
adfc9a92eb1a6809d05ccba10391e170289fffabd24a061a247de654283376f1

SHA512
b623de1813c155290321c7ad528f092b1b45f633982c20d150f6f3e2a3c940461d3b3032e14c2a5e41e352403526e6680921706e92cf287447f69084b2fd179f

Download Submit
memory/544-116-0x00007FF7779E0000-0x00007FF777D34000-memory.dmp

Filesize
3.3MB

Download
memory/544-2232-0x00007FF7779E0000-0x00007FF777D34000-memory.dmp

Filesize
3.3MB

Download
memory/1316-2216-0x00007FF7E32B0000-0x00007FF7E3604000-memory.dmp

Filesize
3.3MB

Download
memory/1316-49-0x00007FF7E32B0000-0x00007FF7E3604000-memory.dmp

Filesize
3.3MB

Download
memory/1412-212-0x00007FF6CE6D0000-0x00007FF6CEA24000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2238-0x00007FF6CE6D0000-0x00007FF6CEA24000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2234-0x00007FF67BB70000-0x00007FF67BEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-137-0x00007FF67BB70000-0x00007FF67BEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2225-0x00007FF75A000000-0x00007FF75A354000-memory.dmp

Filesize
3.3MB

Download
memory/1448-88-0x00007FF75A000000-0x00007FF75A354000-memory.dmp

Filesize
3.3MB

Download
memory/1516-2223-0x00007FF723F60000-0x00007FF7242B4000-memory.dmp

Filesize
3.3MB

Download
memory/1516-91-0x00007FF723F60000-0x00007FF7242B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-196-0x00007FF75D860000-0x00007FF75DBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2242-0x00007FF75D860000-0x00007FF75DBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-2227-0x00007FF69D860000-0x00007FF69DBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-102-0x00007FF69D860000-0x00007FF69DBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2236-0x00007FF6A0950000-0x00007FF6A0CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-179-0x00007FF6A0950000-0x00007FF6A0CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2239-0x00007FF6E5A40000-0x00007FF6E5D94000-memory.dmp

Filesize
3.3MB

Download
memory/1968-210-0x00007FF6E5A40000-0x00007FF6E5D94000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2230-0x00007FF6710B0000-0x00007FF671404000-memory.dmp

Filesize
3.3MB

Download
memory/1984-87-0x00007FF6710B0000-0x00007FF671404000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2220-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp

Filesize
3.3MB

Download
memory/2244-101-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp

Filesize
3.3MB

Download
memory/2880-100-0x00007FF6159C0000-0x00007FF615D14000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2217-0x00007FF6159C0000-0x00007FF615D14000-memory.dmp

Filesize
3.3MB

Download
memory/3056-112-0x00007FF6FAF40000-0x00007FF6FB294000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2231-0x00007FF6FAF40000-0x00007FF6FB294000-memory.dmp

Filesize
3.3MB

Download
memory/3096-2233-0x00007FF6188E0000-0x00007FF618C34000-memory.dmp

Filesize
3.3MB

Download
memory/3096-120-0x00007FF6188E0000-0x00007FF618C34000-memory.dmp

Filesize
3.3MB

Download
memory/3096-2213-0x00007FF6188E0000-0x00007FF618C34000-memory.dmp

Filesize
3.3MB

Download
memory/3492-30-0x00007FF76CE00000-0x00007FF76D154000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2219-0x00007FF76CE00000-0x00007FF76D154000-memory.dmp

Filesize
3.3MB

Download
memory/3664-207-0x00007FF7A7DC0000-0x00007FF7A8114000-memory.dmp

Filesize
3.3MB

Download
memory/3664-2241-0x00007FF7A7DC0000-0x00007FF7A8114000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2215-0x00007FF653E10000-0x00007FF654164000-memory.dmp

Filesize
3.3MB

Download
memory/3964-1533-0x00007FF653E10000-0x00007FF654164000-memory.dmp

Filesize
3.3MB

Download
memory/3964-21-0x00007FF653E10000-0x00007FF654164000-memory.dmp

Filesize
3.3MB

Download
memory/3976-63-0x00007FF64A8F0000-0x00007FF64AC44000-memory.dmp

Filesize
3.3MB

Download
memory/3976-1538-0x00007FF64A8F0000-0x00007FF64AC44000-memory.dmp

Filesize
3.3MB

Download
memory/3976-2221-0x00007FF64A8F0000-0x00007FF64AC44000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2222-0x00007FF7BA290000-0x00007FF7BA5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4068-65-0x00007FF7BA290000-0x00007FF7BA5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-175-0x00007FF6AFF40000-0x00007FF6B0294000-memory.dmp

Filesize
3.3MB

Download
memory/4152-2237-0x00007FF6AFF40000-0x00007FF6B0294000-memory.dmp

Filesize
3.3MB

Download
memory/4288-2218-0x00007FF6D6190000-0x00007FF6D64E4000-memory.dmp

Filesize
3.3MB

Download
memory/4288-80-0x00007FF6D6190000-0x00007FF6D64E4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2226-0x00007FF641BE0000-0x00007FF641F34000-memory.dmp

Filesize
3.3MB

Download
memory/4348-99-0x00007FF641BE0000-0x00007FF641F34000-memory.dmp

Filesize
3.3MB

Download
memory/4436-98-0x00007FF6CFF60000-0x00007FF6D02B4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2224-0x00007FF6CFF60000-0x00007FF6D02B4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2110-0x00007FF6CFF60000-0x00007FF6D02B4000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2240-0x00007FF731500000-0x00007FF731854000-memory.dmp

Filesize
3.3MB

Download
memory/4680-194-0x00007FF731500000-0x00007FF731854000-memory.dmp

Filesize
3.3MB

Download
memory/4844-211-0x00007FF66B2B0000-0x00007FF66B604000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2235-0x00007FF66B2B0000-0x00007FF66B604000-memory.dmp

Filesize
3.3MB

Download
memory/4864-103-0x00007FF739CE0000-0x00007FF73A034000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2229-0x00007FF739CE0000-0x00007FF73A034000-memory.dmp

Filesize
3.3MB

Download
memory/4920-1060-0x00007FF608970000-0x00007FF608CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-0-0x00007FF608970000-0x00007FF608CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-1-0x000002330F060000-0x000002330F070000-memory.dmp

Filesize
64KB

Download
memory/4932-104-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2228-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp

Filesize
3.3MB

Download
memory/5080-12-0x00007FF6BDE50000-0x00007FF6BE1A4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-1062-0x00007FF6BDE50000-0x00007FF6BE1A4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2214-0x00007FF6BDE50000-0x00007FF6BE1A4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads