xmrig | 4fb5612725c442ec930833924b83cf1945571a893aec12162dfd15e16422f92e

Analysis

max time kernel
136s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 22:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
Size

2.2MB
MD5

9bbe538bd4e4e09dee6160bbaab4bd30
SHA1

2f34e13dd2103eabd3914be49a033db821783d05
SHA256

4fb5612725c442ec930833924b83cf1945571a893aec12162dfd15e16422f92e
SHA512

00aed5dd87c03bf35cf3006b703f516f742cfe4bbf4afaf50c2d3578a23a6ec2715f336591b57124a6a091098df7bd09239bacdfcb694aa7d58ed18d51d92019
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxJTFlt2O+2BWh:BemTLkNdfE0pZrQK

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4616-0-0x00007FF7CC420000-0x00007FF7CC774000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-6.dat	xmrig
behavioral2/files/0x0009000000023437-10.dat	xmrig
behavioral2/files/0x0007000000023448-92.dat	xmrig
behavioral2/files/0x0007000000023456-120.dat	xmrig
behavioral2/files/0x0007000000023450-137.dat	xmrig
behavioral2/memory/4580-162-0x00007FF73AAF0000-0x00007FF73AE44000-memory.dmp	xmrig
behavioral2/memory/2592-182-0x00007FF637EE0000-0x00007FF638234000-memory.dmp	xmrig
behavioral2/memory/2436-191-0x00007FF7E80E0000-0x00007FF7E8434000-memory.dmp	xmrig
behavioral2/memory/1980-200-0x00007FF72F640000-0x00007FF72F994000-memory.dmp	xmrig
behavioral2/memory/4004-199-0x00007FF7757A0000-0x00007FF775AF4000-memory.dmp	xmrig
behavioral2/memory/3476-198-0x00007FF7904D0000-0x00007FF790824000-memory.dmp	xmrig
behavioral2/memory/1096-197-0x00007FF74BB10000-0x00007FF74BE64000-memory.dmp	xmrig
behavioral2/memory/1780-196-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp	xmrig
behavioral2/memory/920-195-0x00007FF651FE0000-0x00007FF652334000-memory.dmp	xmrig
behavioral2/memory/4140-194-0x00007FF70D150000-0x00007FF70D4A4000-memory.dmp	xmrig
behavioral2/memory/5012-193-0x00007FF6B4CC0000-0x00007FF6B5014000-memory.dmp	xmrig
behavioral2/memory/2760-192-0x00007FF7BF330000-0x00007FF7BF684000-memory.dmp	xmrig
behavioral2/memory/2156-190-0x00007FF7788D0000-0x00007FF778C24000-memory.dmp	xmrig
behavioral2/memory/4372-189-0x00007FF717A50000-0x00007FF717DA4000-memory.dmp	xmrig
behavioral2/memory/2476-188-0x00007FF73E4C0000-0x00007FF73E814000-memory.dmp	xmrig
behavioral2/memory/4632-187-0x00007FF7AA7C0000-0x00007FF7AAB14000-memory.dmp	xmrig
behavioral2/memory/4248-181-0x00007FF7D75D0000-0x00007FF7D7924000-memory.dmp	xmrig
behavioral2/memory/3992-178-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp	xmrig
behavioral2/files/0x0007000000023460-177.dat	xmrig
behavioral2/files/0x000700000002345f-175.dat	xmrig
behavioral2/files/0x0007000000023454-173.dat	xmrig
behavioral2/files/0x000700000002345a-171.dat	xmrig
behavioral2/files/0x000700000002345e-170.dat	xmrig
behavioral2/files/0x0007000000023459-168.dat	xmrig
behavioral2/files/0x000700000002345d-167.dat	xmrig
behavioral2/files/0x0007000000023451-165.dat	xmrig
behavioral2/files/0x0007000000023458-163.dat	xmrig
behavioral2/files/0x000700000002345c-161.dat	xmrig
behavioral2/files/0x000700000002345b-160.dat	xmrig
behavioral2/files/0x0007000000023455-154.dat	xmrig
behavioral2/files/0x0007000000023452-149.dat	xmrig
behavioral2/memory/4928-146-0x00007FF72C8A0000-0x00007FF72CBF4000-memory.dmp	xmrig
behavioral2/memory/1448-143-0x00007FF6B19E0000-0x00007FF6B1D34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023457-141.dat	xmrig
behavioral2/files/0x000700000002344f-135.dat	xmrig
behavioral2/files/0x000700000002344c-133.dat	xmrig
behavioral2/files/0x000700000002344e-128.dat	xmrig
behavioral2/files/0x0007000000023453-126.dat	xmrig
behavioral2/files/0x0007000000023445-124.dat	xmrig
behavioral2/memory/1984-122-0x00007FF6D7C60000-0x00007FF6D7FB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002344b-109.dat	xmrig
behavioral2/memory/3216-104-0x00007FF7FBA20000-0x00007FF7FBD74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023447-91.dat	xmrig
behavioral2/files/0x000700000002344d-87.dat	xmrig
behavioral2/files/0x0007000000023446-81.dat	xmrig
behavioral2/files/0x000700000002344a-79.dat	xmrig
behavioral2/files/0x0007000000023449-74.dat	xmrig
behavioral2/memory/2404-73-0x00007FF79CDC0000-0x00007FF79D114000-memory.dmp	xmrig
behavioral2/memory/3844-70-0x00007FF74BB60000-0x00007FF74BEB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023444-66.dat	xmrig
behavioral2/files/0x0007000000023443-65.dat	xmrig
behavioral2/memory/508-54-0x00007FF759BD0000-0x00007FF759F24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-48.dat	xmrig
behavioral2/memory/2572-42-0x00007FF6228F0000-0x00007FF622C44000-memory.dmp	xmrig
behavioral2/memory/4700-39-0x00007FF75A1B0000-0x00007FF75A504000-memory.dmp	xmrig
behavioral2/files/0x00070000000232a4-26.dat	xmrig
behavioral2/memory/2860-25-0x00007FF704720000-0x00007FF704A74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023442-21.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1168	dByqBNa.exe
2860	wJiBZjw.exe
4700	vwhkREd.exe
5012	KIDrOuC.exe
4140	onhmePz.exe
920	gXCaavH.exe
2572	tCixuyW.exe
1780	aHdxkMG.exe
508	anAHhwt.exe
3844	ZLAiCvi.exe
1096	dJHCcbk.exe
2404	aeRhNWM.exe
3216	GzbXkjY.exe
1984	XxPwsNE.exe
1448	FTdueNb.exe
3476	TkvIKes.exe
4928	dieTuGC.exe
4580	XYxIxrQ.exe
3992	nlYsXGy.exe
4004	dOdhmmv.exe
4248	fTnsoFv.exe
2592	ZqnVjTB.exe
4632	UWXchAw.exe
2476	ueXEUFG.exe
4372	FPEElrF.exe
1980	keoKqXG.exe
2156	SRIYLIj.exe
2436	UiqaWRf.exe
2760	gXnibJE.exe
4852	TVuowkN.exe
4672	YXaxmVY.exe
3672	ElXYBRJ.exe
3148	SYbRIPM.exe
1688	orGemWa.exe
3580	TJUKMOw.exe
1948	IcUnFXq.exe
2168	hBMAxyq.exe
4856	phtspUd.exe
1224	icVCPOU.exe
2356	pwJOYDN.exe
2980	lXcpHGN.exe
2644	PjOHDmX.exe
3496	BxKlKbO.exe
4748	YjFOrKL.exe
1636	RJmVfNS.exe
1936	JSxWvyw.exe
3960	DRNbmdy.exe
804	rEXAHpO.exe
4532	BBySkpu.exe
4624	oXWXXzH.exe
4316	wwBMwFn.exe
4416	iEzedhG.exe
1508	LfriYjz.exe
4644	sEtfadV.exe
2316	FwpaoME.exe
1464	DoxsPUI.exe
3924	WTRatez.exe
4488	NcKDfnb.exe
384	nGXwRBR.exe
3876	asvNXQq.exe
748	TCBRJpb.exe
3076	EdXsvwf.exe
1076	EWxTRVV.exe
3928	PThMuPU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4616-0-0x00007FF7CC420000-0x00007FF7CC774000-memory.dmp	upx
behavioral2/files/0x0007000000023440-6.dat	upx
behavioral2/files/0x0009000000023437-10.dat	upx
behavioral2/files/0x0007000000023448-92.dat	upx
behavioral2/files/0x0007000000023456-120.dat	upx
behavioral2/files/0x0007000000023450-137.dat	upx
behavioral2/memory/4580-162-0x00007FF73AAF0000-0x00007FF73AE44000-memory.dmp	upx
behavioral2/memory/2592-182-0x00007FF637EE0000-0x00007FF638234000-memory.dmp	upx
behavioral2/memory/2436-191-0x00007FF7E80E0000-0x00007FF7E8434000-memory.dmp	upx
behavioral2/memory/1980-200-0x00007FF72F640000-0x00007FF72F994000-memory.dmp	upx
behavioral2/memory/4004-199-0x00007FF7757A0000-0x00007FF775AF4000-memory.dmp	upx
behavioral2/memory/3476-198-0x00007FF7904D0000-0x00007FF790824000-memory.dmp	upx
behavioral2/memory/1096-197-0x00007FF74BB10000-0x00007FF74BE64000-memory.dmp	upx
behavioral2/memory/1780-196-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp	upx
behavioral2/memory/920-195-0x00007FF651FE0000-0x00007FF652334000-memory.dmp	upx
behavioral2/memory/4140-194-0x00007FF70D150000-0x00007FF70D4A4000-memory.dmp	upx
behavioral2/memory/5012-193-0x00007FF6B4CC0000-0x00007FF6B5014000-memory.dmp	upx
behavioral2/memory/2760-192-0x00007FF7BF330000-0x00007FF7BF684000-memory.dmp	upx
behavioral2/memory/2156-190-0x00007FF7788D0000-0x00007FF778C24000-memory.dmp	upx
behavioral2/memory/4372-189-0x00007FF717A50000-0x00007FF717DA4000-memory.dmp	upx
behavioral2/memory/2476-188-0x00007FF73E4C0000-0x00007FF73E814000-memory.dmp	upx
behavioral2/memory/4632-187-0x00007FF7AA7C0000-0x00007FF7AAB14000-memory.dmp	upx
behavioral2/memory/4248-181-0x00007FF7D75D0000-0x00007FF7D7924000-memory.dmp	upx
behavioral2/memory/3992-178-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp	upx
behavioral2/files/0x0007000000023460-177.dat	upx
behavioral2/files/0x000700000002345f-175.dat	upx
behavioral2/files/0x0007000000023454-173.dat	upx
behavioral2/files/0x000700000002345a-171.dat	upx
behavioral2/files/0x000700000002345e-170.dat	upx
behavioral2/files/0x0007000000023459-168.dat	upx
behavioral2/files/0x000700000002345d-167.dat	upx
behavioral2/files/0x0007000000023451-165.dat	upx
behavioral2/files/0x0007000000023458-163.dat	upx
behavioral2/files/0x000700000002345c-161.dat	upx
behavioral2/files/0x000700000002345b-160.dat	upx
behavioral2/files/0x0007000000023455-154.dat	upx
behavioral2/files/0x0007000000023452-149.dat	upx
behavioral2/memory/4928-146-0x00007FF72C8A0000-0x00007FF72CBF4000-memory.dmp	upx
behavioral2/memory/1448-143-0x00007FF6B19E0000-0x00007FF6B1D34000-memory.dmp	upx
behavioral2/files/0x0007000000023457-141.dat	upx
behavioral2/files/0x000700000002344f-135.dat	upx
behavioral2/files/0x000700000002344c-133.dat	upx
behavioral2/files/0x000700000002344e-128.dat	upx
behavioral2/files/0x0007000000023453-126.dat	upx
behavioral2/files/0x0007000000023445-124.dat	upx
behavioral2/memory/1984-122-0x00007FF6D7C60000-0x00007FF6D7FB4000-memory.dmp	upx
behavioral2/files/0x000700000002344b-109.dat	upx
behavioral2/memory/3216-104-0x00007FF7FBA20000-0x00007FF7FBD74000-memory.dmp	upx
behavioral2/files/0x0007000000023447-91.dat	upx
behavioral2/files/0x000700000002344d-87.dat	upx
behavioral2/files/0x0007000000023446-81.dat	upx
behavioral2/files/0x000700000002344a-79.dat	upx
behavioral2/files/0x0007000000023449-74.dat	upx
behavioral2/memory/2404-73-0x00007FF79CDC0000-0x00007FF79D114000-memory.dmp	upx
behavioral2/memory/3844-70-0x00007FF74BB60000-0x00007FF74BEB4000-memory.dmp	upx
behavioral2/files/0x0007000000023444-66.dat	upx
behavioral2/files/0x0007000000023443-65.dat	upx
behavioral2/memory/508-54-0x00007FF759BD0000-0x00007FF759F24000-memory.dmp	upx
behavioral2/files/0x0007000000023441-48.dat	upx
behavioral2/memory/2572-42-0x00007FF6228F0000-0x00007FF622C44000-memory.dmp	upx
behavioral2/memory/4700-39-0x00007FF75A1B0000-0x00007FF75A504000-memory.dmp	upx
behavioral2/files/0x00070000000232a4-26.dat	upx
behavioral2/memory/2860-25-0x00007FF704720000-0x00007FF704A74000-memory.dmp	upx
behavioral2/files/0x0007000000023442-21.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ElXYBRJ.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\GDIGMAM.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\nmnVgkn.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\dbwiDxZ.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\bCBpSov.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\gZohqiH.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\qUWBJeY.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\YXaxmVY.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\BBySkpu.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\PASsklz.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\nxjPAQy.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\XpVNXNf.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\mjNafMJ.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\cLArlzO.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\nyBaMXT.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\roNEtDf.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\jdDzaFN.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\lXcpHGN.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\LfriYjz.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\unKdYZD.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\OmmXChe.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\pSBPzkp.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\FdzHcOE.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\urjWEln.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\XaLOphr.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\mWXxlTq.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\VuXqkIC.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\VxwfmsO.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\OEHUGfL.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\sNwgrRD.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\XUvxPLa.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\ZrFEVUJ.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\PdlaliN.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\zCIZXYd.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\pVxQsNw.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\eYmNoqZ.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\CwuoUYh.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\YjFOrKL.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\WTRatez.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\NSZDOMw.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\OlWQRDk.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\AZxIvcG.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\MaxZmam.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\nWbNHEM.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\EJbykBo.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\bzShXeH.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\PybluKx.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\blmHEor.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\JGVbBsz.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\rEqrylb.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\ipCaOhG.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\QFKAacR.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\sOACUMk.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\HRMaPmt.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\qwVvfSK.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\oTUgLyO.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\NcmXICs.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\wUXAyBy.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\clYcIHz.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\vFiPHQe.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\RCuFoaW.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\yyASnLp.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\hLHfdmo.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
File created	C:\Windows\System\mxTNKjh.exe	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13960	dwm.exe
Token: SeChangeNotifyPrivilege	13960	dwm.exe
Token: 33	13960	dwm.exe
Token: SeIncBasePriorityPrivilege	13960	dwm.exe
Token: SeShutdownPrivilege	13960	dwm.exe
Token: SeCreatePagefilePrivilege	13960	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 1168	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	84
PID 4616 wrote to memory of 1168	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	84
PID 4616 wrote to memory of 2860	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	85
PID 4616 wrote to memory of 2860	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	85
PID 4616 wrote to memory of 4700	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	86
PID 4616 wrote to memory of 4700	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	86
PID 4616 wrote to memory of 5012	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	87
PID 4616 wrote to memory of 5012	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	87
PID 4616 wrote to memory of 4140	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	88
PID 4616 wrote to memory of 4140	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	88
PID 4616 wrote to memory of 920	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	89
PID 4616 wrote to memory of 920	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	89
PID 4616 wrote to memory of 2572	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	90
PID 4616 wrote to memory of 2572	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	90
PID 4616 wrote to memory of 1780	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	91
PID 4616 wrote to memory of 1780	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	91
PID 4616 wrote to memory of 3216	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	92
PID 4616 wrote to memory of 3216	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	92
PID 4616 wrote to memory of 508	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	93
PID 4616 wrote to memory of 508	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	93
PID 4616 wrote to memory of 3844	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	94
PID 4616 wrote to memory of 3844	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	94
PID 4616 wrote to memory of 1096	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	95
PID 4616 wrote to memory of 1096	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	95
PID 4616 wrote to memory of 2404	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	96
PID 4616 wrote to memory of 2404	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	96
PID 4616 wrote to memory of 1984	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	97
PID 4616 wrote to memory of 1984	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	97
PID 4616 wrote to memory of 1448	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	98
PID 4616 wrote to memory of 1448	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	98
PID 4616 wrote to memory of 3476	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	99
PID 4616 wrote to memory of 3476	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	99
PID 4616 wrote to memory of 4928	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	100
PID 4616 wrote to memory of 4928	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	100
PID 4616 wrote to memory of 4580	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	101
PID 4616 wrote to memory of 4580	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	101
PID 4616 wrote to memory of 3992	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	102
PID 4616 wrote to memory of 3992	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	102
PID 4616 wrote to memory of 4004	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	103
PID 4616 wrote to memory of 4004	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	103
PID 4616 wrote to memory of 4248	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	104
PID 4616 wrote to memory of 4248	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	104
PID 4616 wrote to memory of 2592	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	105
PID 4616 wrote to memory of 2592	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	105
PID 4616 wrote to memory of 2760	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	106
PID 4616 wrote to memory of 2760	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	106
PID 4616 wrote to memory of 4632	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	107
PID 4616 wrote to memory of 4632	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	107
PID 4616 wrote to memory of 2476	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	108
PID 4616 wrote to memory of 2476	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	108
PID 4616 wrote to memory of 4372	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	109
PID 4616 wrote to memory of 4372	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	109
PID 4616 wrote to memory of 1980	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	110
PID 4616 wrote to memory of 1980	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	110
PID 4616 wrote to memory of 2156	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	111
PID 4616 wrote to memory of 2156	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	111
PID 4616 wrote to memory of 2436	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	112
PID 4616 wrote to memory of 2436	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	112
PID 4616 wrote to memory of 4852	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	113
PID 4616 wrote to memory of 4852	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	113
PID 4616 wrote to memory of 4672	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	114
PID 4616 wrote to memory of 4672	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	114
PID 4616 wrote to memory of 3672	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	115
PID 4616 wrote to memory of 3672	4616	9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9bbe538bd4e4e09dee6160bbaab4bd30_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\System\dByqBNa.exe
  C:\Windows\System\dByqBNa.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\wJiBZjw.exe
  C:\Windows\System\wJiBZjw.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\vwhkREd.exe
  C:\Windows\System\vwhkREd.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\KIDrOuC.exe
  C:\Windows\System\KIDrOuC.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\onhmePz.exe
  C:\Windows\System\onhmePz.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\gXCaavH.exe
  C:\Windows\System\gXCaavH.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\tCixuyW.exe
  C:\Windows\System\tCixuyW.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\aHdxkMG.exe
  C:\Windows\System\aHdxkMG.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\GzbXkjY.exe
  C:\Windows\System\GzbXkjY.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\anAHhwt.exe
  C:\Windows\System\anAHhwt.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\ZLAiCvi.exe
  C:\Windows\System\ZLAiCvi.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\dJHCcbk.exe
  C:\Windows\System\dJHCcbk.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\aeRhNWM.exe
  C:\Windows\System\aeRhNWM.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\XxPwsNE.exe
  C:\Windows\System\XxPwsNE.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\FTdueNb.exe
  C:\Windows\System\FTdueNb.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\TkvIKes.exe
  C:\Windows\System\TkvIKes.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\dieTuGC.exe
  C:\Windows\System\dieTuGC.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\XYxIxrQ.exe
  C:\Windows\System\XYxIxrQ.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\nlYsXGy.exe
  C:\Windows\System\nlYsXGy.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\dOdhmmv.exe
  C:\Windows\System\dOdhmmv.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\fTnsoFv.exe
  C:\Windows\System\fTnsoFv.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\ZqnVjTB.exe
  C:\Windows\System\ZqnVjTB.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\gXnibJE.exe
  C:\Windows\System\gXnibJE.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\UWXchAw.exe
  C:\Windows\System\UWXchAw.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\ueXEUFG.exe
  C:\Windows\System\ueXEUFG.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\FPEElrF.exe
  C:\Windows\System\FPEElrF.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\keoKqXG.exe
  C:\Windows\System\keoKqXG.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\SRIYLIj.exe
  C:\Windows\System\SRIYLIj.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\UiqaWRf.exe
  C:\Windows\System\UiqaWRf.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\TVuowkN.exe
  C:\Windows\System\TVuowkN.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\YXaxmVY.exe
  C:\Windows\System\YXaxmVY.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\ElXYBRJ.exe
  C:\Windows\System\ElXYBRJ.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\SYbRIPM.exe
  C:\Windows\System\SYbRIPM.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\orGemWa.exe
  C:\Windows\System\orGemWa.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\TJUKMOw.exe
  C:\Windows\System\TJUKMOw.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\IcUnFXq.exe
  C:\Windows\System\IcUnFXq.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\hBMAxyq.exe
  C:\Windows\System\hBMAxyq.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\phtspUd.exe
  C:\Windows\System\phtspUd.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\icVCPOU.exe
  C:\Windows\System\icVCPOU.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\pwJOYDN.exe
  C:\Windows\System\pwJOYDN.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\lXcpHGN.exe
  C:\Windows\System\lXcpHGN.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\PjOHDmX.exe
  C:\Windows\System\PjOHDmX.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\BxKlKbO.exe
  C:\Windows\System\BxKlKbO.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\YjFOrKL.exe
  C:\Windows\System\YjFOrKL.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\RJmVfNS.exe
  C:\Windows\System\RJmVfNS.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\JSxWvyw.exe
  C:\Windows\System\JSxWvyw.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\DRNbmdy.exe
  C:\Windows\System\DRNbmdy.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\rEXAHpO.exe
  C:\Windows\System\rEXAHpO.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\BBySkpu.exe
  C:\Windows\System\BBySkpu.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\oXWXXzH.exe
  C:\Windows\System\oXWXXzH.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\wwBMwFn.exe
  C:\Windows\System\wwBMwFn.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\iEzedhG.exe
  C:\Windows\System\iEzedhG.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\LfriYjz.exe
  C:\Windows\System\LfriYjz.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\sEtfadV.exe
  C:\Windows\System\sEtfadV.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\FwpaoME.exe
  C:\Windows\System\FwpaoME.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\DoxsPUI.exe
  C:\Windows\System\DoxsPUI.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\WTRatez.exe
  C:\Windows\System\WTRatez.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\NcKDfnb.exe
  C:\Windows\System\NcKDfnb.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\nGXwRBR.exe
  C:\Windows\System\nGXwRBR.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\asvNXQq.exe
  C:\Windows\System\asvNXQq.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\TCBRJpb.exe
  C:\Windows\System\TCBRJpb.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\EdXsvwf.exe
  C:\Windows\System\EdXsvwf.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\EWxTRVV.exe
  C:\Windows\System\EWxTRVV.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\PThMuPU.exe
  C:\Windows\System\PThMuPU.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\BYLwHDn.exe
  C:\Windows\System\BYLwHDn.exe
  2⤵
  PID:4560
- C:\Windows\System\OYaheAn.exe
  C:\Windows\System\OYaheAn.exe
  2⤵
  PID:3012
- C:\Windows\System\UZbVLyG.exe
  C:\Windows\System\UZbVLyG.exe
  2⤵
  PID:1988
- C:\Windows\System\cLArlzO.exe
  C:\Windows\System\cLArlzO.exe
  2⤵
  PID:4296
- C:\Windows\System\WQbfLXE.exe
  C:\Windows\System\WQbfLXE.exe
  2⤵
  PID:4324
- C:\Windows\System\glSLMUP.exe
  C:\Windows\System\glSLMUP.exe
  2⤵
  PID:1216
- C:\Windows\System\todzETe.exe
  C:\Windows\System\todzETe.exe
  2⤵
  PID:2352
- C:\Windows\System\rGPolHu.exe
  C:\Windows\System\rGPolHu.exe
  2⤵
  PID:764
- C:\Windows\System\zxUYjdU.exe
  C:\Windows\System\zxUYjdU.exe
  2⤵
  PID:936
- C:\Windows\System\aiOChhl.exe
  C:\Windows\System\aiOChhl.exe
  2⤵
  PID:2068
- C:\Windows\System\NJQlveA.exe
  C:\Windows\System\NJQlveA.exe
  2⤵
  PID:2152
- C:\Windows\System\QCfidaS.exe
  C:\Windows\System\QCfidaS.exe
  2⤵
  PID:852
- C:\Windows\System\NgcGdHY.exe
  C:\Windows\System\NgcGdHY.exe
  2⤵
  PID:4424
- C:\Windows\System\jeeqTiZ.exe
  C:\Windows\System\jeeqTiZ.exe
  2⤵
  PID:2308
- C:\Windows\System\hfJIUlk.exe
  C:\Windows\System\hfJIUlk.exe
  2⤵
  PID:3632
- C:\Windows\System\IbJnEhE.exe
  C:\Windows\System\IbJnEhE.exe
  2⤵
  PID:4936
- C:\Windows\System\ojKXJEx.exe
  C:\Windows\System\ojKXJEx.exe
  2⤵
  PID:3560
- C:\Windows\System\LHiamXj.exe
  C:\Windows\System\LHiamXj.exe
  2⤵
  PID:3088
- C:\Windows\System\UUiJTZx.exe
  C:\Windows\System\UUiJTZx.exe
  2⤵
  PID:3980
- C:\Windows\System\cSAFwIz.exe
  C:\Windows\System\cSAFwIz.exe
  2⤵
  PID:4548
- C:\Windows\System\hKdvgsb.exe
  C:\Windows\System\hKdvgsb.exe
  2⤵
  PID:648
- C:\Windows\System\nfDYKLb.exe
  C:\Windows\System\nfDYKLb.exe
  2⤵
  PID:2884
- C:\Windows\System\QtOULnP.exe
  C:\Windows\System\QtOULnP.exe
  2⤵
  PID:5064
- C:\Windows\System\TdHCPLR.exe
  C:\Windows\System\TdHCPLR.exe
  2⤵
  PID:2580
- C:\Windows\System\LNoUKUo.exe
  C:\Windows\System\LNoUKUo.exe
  2⤵
  PID:3676
- C:\Windows\System\wfBrKdr.exe
  C:\Windows\System\wfBrKdr.exe
  2⤵
  PID:4384
- C:\Windows\System\jtrcMbh.exe
  C:\Windows\System\jtrcMbh.exe
  2⤵
  PID:2480
- C:\Windows\System\NSZDOMw.exe
  C:\Windows\System\NSZDOMw.exe
  2⤵
  PID:2184
- C:\Windows\System\hLHfdmo.exe
  C:\Windows\System\hLHfdmo.exe
  2⤵
  PID:3792
- C:\Windows\System\zCJUeZt.exe
  C:\Windows\System\zCJUeZt.exe
  2⤵
  PID:216
- C:\Windows\System\yeKyhcC.exe
  C:\Windows\System\yeKyhcC.exe
  2⤵
  PID:4128
- C:\Windows\System\KzmxmON.exe
  C:\Windows\System\KzmxmON.exe
  2⤵
  PID:4308
- C:\Windows\System\CWJVyCr.exe
  C:\Windows\System\CWJVyCr.exe
  2⤵
  PID:1044
- C:\Windows\System\wjeRwkD.exe
  C:\Windows\System\wjeRwkD.exe
  2⤵
  PID:3412
- C:\Windows\System\urjWEln.exe
  C:\Windows\System\urjWEln.exe
  2⤵
  PID:1152
- C:\Windows\System\avnlpyj.exe
  C:\Windows\System\avnlpyj.exe
  2⤵
  PID:1676
- C:\Windows\System\SNlvCKT.exe
  C:\Windows\System\SNlvCKT.exe
  2⤵
  PID:4396
- C:\Windows\System\tLljDqS.exe
  C:\Windows\System\tLljDqS.exe
  2⤵
  PID:5112
- C:\Windows\System\hcesASA.exe
  C:\Windows\System\hcesASA.exe
  2⤵
  PID:5140
- C:\Windows\System\bkIFcfZ.exe
  C:\Windows\System\bkIFcfZ.exe
  2⤵
  PID:5180
- C:\Windows\System\sPHBCct.exe
  C:\Windows\System\sPHBCct.exe
  2⤵
  PID:5208
- C:\Windows\System\XlrMTjo.exe
  C:\Windows\System\XlrMTjo.exe
  2⤵
  PID:5228
- C:\Windows\System\kDthrvd.exe
  C:\Windows\System\kDthrvd.exe
  2⤵
  PID:5256
- C:\Windows\System\BmcCOQk.exe
  C:\Windows\System\BmcCOQk.exe
  2⤵
  PID:5280
- C:\Windows\System\VMXaRQl.exe
  C:\Windows\System\VMXaRQl.exe
  2⤵
  PID:5300
- C:\Windows\System\nySwJpl.exe
  C:\Windows\System\nySwJpl.exe
  2⤵
  PID:5336
- C:\Windows\System\mRpgFet.exe
  C:\Windows\System\mRpgFet.exe
  2⤵
  PID:5368
- C:\Windows\System\bCBpSov.exe
  C:\Windows\System\bCBpSov.exe
  2⤵
  PID:5400
- C:\Windows\System\wqfYsce.exe
  C:\Windows\System\wqfYsce.exe
  2⤵
  PID:5420
- C:\Windows\System\VCYFClg.exe
  C:\Windows\System\VCYFClg.exe
  2⤵
  PID:5448
- C:\Windows\System\WTtNqWQ.exe
  C:\Windows\System\WTtNqWQ.exe
  2⤵
  PID:5484
- C:\Windows\System\dMKMZgL.exe
  C:\Windows\System\dMKMZgL.exe
  2⤵
  PID:5520
- C:\Windows\System\YJhzMKn.exe
  C:\Windows\System\YJhzMKn.exe
  2⤵
  PID:5536
- C:\Windows\System\fmRMGuk.exe
  C:\Windows\System\fmRMGuk.exe
  2⤵
  PID:5564
- C:\Windows\System\PASsklz.exe
  C:\Windows\System\PASsklz.exe
  2⤵
  PID:5592
- C:\Windows\System\uIORKwk.exe
  C:\Windows\System\uIORKwk.exe
  2⤵
  PID:5620
- C:\Windows\System\mfJuPwJ.exe
  C:\Windows\System\mfJuPwJ.exe
  2⤵
  PID:5636
- C:\Windows\System\rzjMsxt.exe
  C:\Windows\System\rzjMsxt.exe
  2⤵
  PID:5656
- C:\Windows\System\oEJXbZt.exe
  C:\Windows\System\oEJXbZt.exe
  2⤵
  PID:5696
- C:\Windows\System\bjzwarP.exe
  C:\Windows\System\bjzwarP.exe
  2⤵
  PID:5724
- C:\Windows\System\NsvgSEz.exe
  C:\Windows\System\NsvgSEz.exe
  2⤵
  PID:5764
- C:\Windows\System\iRspIAj.exe
  C:\Windows\System\iRspIAj.exe
  2⤵
  PID:5804
- C:\Windows\System\vQliSRN.exe
  C:\Windows\System\vQliSRN.exe
  2⤵
  PID:5828
- C:\Windows\System\MAnewQo.exe
  C:\Windows\System\MAnewQo.exe
  2⤵
  PID:5852
- C:\Windows\System\BqtHOTU.exe
  C:\Windows\System\BqtHOTU.exe
  2⤵
  PID:5872
- C:\Windows\System\iUULakq.exe
  C:\Windows\System\iUULakq.exe
  2⤵
  PID:5900
- C:\Windows\System\AXspJio.exe
  C:\Windows\System\AXspJio.exe
  2⤵
  PID:5940
- C:\Windows\System\iSjAiSl.exe
  C:\Windows\System\iSjAiSl.exe
  2⤵
  PID:5956
- C:\Windows\System\qvcTAPt.exe
  C:\Windows\System\qvcTAPt.exe
  2⤵
  PID:5984
- C:\Windows\System\MvjMDnG.exe
  C:\Windows\System\MvjMDnG.exe
  2⤵
  PID:6024
- C:\Windows\System\ZpBeoKl.exe
  C:\Windows\System\ZpBeoKl.exe
  2⤵
  PID:6052
- C:\Windows\System\mHQWnFE.exe
  C:\Windows\System\mHQWnFE.exe
  2⤵
  PID:6072
- C:\Windows\System\kgyRJOT.exe
  C:\Windows\System\kgyRJOT.exe
  2⤵
  PID:6112
- C:\Windows\System\dfTJVCz.exe
  C:\Windows\System\dfTJVCz.exe
  2⤵
  PID:6128
- C:\Windows\System\XaLOphr.exe
  C:\Windows\System\XaLOphr.exe
  2⤵
  PID:5168
- C:\Windows\System\nyBaMXT.exe
  C:\Windows\System\nyBaMXT.exe
  2⤵
  PID:5160
- C:\Windows\System\yfGvcoG.exe
  C:\Windows\System\yfGvcoG.exe
  2⤵
  PID:5216
- C:\Windows\System\DYecwEy.exe
  C:\Windows\System\DYecwEy.exe
  2⤵
  PID:5264
- C:\Windows\System\kPqLtjo.exe
  C:\Windows\System\kPqLtjo.exe
  2⤵
  PID:5324
- C:\Windows\System\XUvxPLa.exe
  C:\Windows\System\XUvxPLa.exe
  2⤵
  PID:5408
- C:\Windows\System\XsUVGEP.exe
  C:\Windows\System\XsUVGEP.exe
  2⤵
  PID:5464
- C:\Windows\System\pGKTura.exe
  C:\Windows\System\pGKTura.exe
  2⤵
  PID:5548
- C:\Windows\System\EYuVfcl.exe
  C:\Windows\System\EYuVfcl.exe
  2⤵
  PID:5576
- C:\Windows\System\vWNWgZu.exe
  C:\Windows\System\vWNWgZu.exe
  2⤵
  PID:5708
- C:\Windows\System\djTJEjo.exe
  C:\Windows\System\djTJEjo.exe
  2⤵
  PID:5780
- C:\Windows\System\KMnkXVQ.exe
  C:\Windows\System\KMnkXVQ.exe
  2⤵
  PID:5864
- C:\Windows\System\tqSqWKN.exe
  C:\Windows\System\tqSqWKN.exe
  2⤵
  PID:5888
- C:\Windows\System\blmHEor.exe
  C:\Windows\System\blmHEor.exe
  2⤵
  PID:5980
- C:\Windows\System\tfKwXxy.exe
  C:\Windows\System\tfKwXxy.exe
  2⤵
  PID:6044
- C:\Windows\System\awUZMfR.exe
  C:\Windows\System\awUZMfR.exe
  2⤵
  PID:6104
- C:\Windows\System\nqxpuLW.exe
  C:\Windows\System\nqxpuLW.exe
  2⤵
  PID:6120
- C:\Windows\System\smHuLBA.exe
  C:\Windows\System\smHuLBA.exe
  2⤵
  PID:5440
- C:\Windows\System\TaKqkPK.exe
  C:\Windows\System\TaKqkPK.exe
  2⤵
  PID:5512
- C:\Windows\System\HINSRgZ.exe
  C:\Windows\System\HINSRgZ.exe
  2⤵
  PID:5736
- C:\Windows\System\hduzbVQ.exe
  C:\Windows\System\hduzbVQ.exe
  2⤵
  PID:5932
- C:\Windows\System\FqoUYzl.exe
  C:\Windows\System\FqoUYzl.exe
  2⤵
  PID:6036
- C:\Windows\System\ucMHXvl.exe
  C:\Windows\System\ucMHXvl.exe
  2⤵
  PID:5352
- C:\Windows\System\ZMyDDWd.exe
  C:\Windows\System\ZMyDDWd.exe
  2⤵
  PID:5744
- C:\Windows\System\nOSVULs.exe
  C:\Windows\System\nOSVULs.exe
  2⤵
  PID:5968
- C:\Windows\System\UuiwjFU.exe
  C:\Windows\System\UuiwjFU.exe
  2⤵
  PID:5604
- C:\Windows\System\ZCygHSl.exe
  C:\Windows\System\ZCygHSl.exe
  2⤵
  PID:6152
- C:\Windows\System\xZPHgKH.exe
  C:\Windows\System\xZPHgKH.exe
  2⤵
  PID:6168
- C:\Windows\System\TrQjXcH.exe
  C:\Windows\System\TrQjXcH.exe
  2⤵
  PID:6184
- C:\Windows\System\jOnXPXt.exe
  C:\Windows\System\jOnXPXt.exe
  2⤵
  PID:6204
- C:\Windows\System\UvDabLL.exe
  C:\Windows\System\UvDabLL.exe
  2⤵
  PID:6240
- C:\Windows\System\tQUQrMy.exe
  C:\Windows\System\tQUQrMy.exe
  2⤵
  PID:6260
- C:\Windows\System\tGIPgud.exe
  C:\Windows\System\tGIPgud.exe
  2⤵
  PID:6288
- C:\Windows\System\eskiQDN.exe
  C:\Windows\System\eskiQDN.exe
  2⤵
  PID:6308
- C:\Windows\System\Hwapuna.exe
  C:\Windows\System\Hwapuna.exe
  2⤵
  PID:6344
- C:\Windows\System\NdYqVSN.exe
  C:\Windows\System\NdYqVSN.exe
  2⤵
  PID:6380
- C:\Windows\System\aFPNHMe.exe
  C:\Windows\System\aFPNHMe.exe
  2⤵
  PID:6420
- C:\Windows\System\NlmYkaN.exe
  C:\Windows\System\NlmYkaN.exe
  2⤵
  PID:6468
- C:\Windows\System\rCaoGAy.exe
  C:\Windows\System\rCaoGAy.exe
  2⤵
  PID:6496
- C:\Windows\System\QDmJsDG.exe
  C:\Windows\System\QDmJsDG.exe
  2⤵
  PID:6516
- C:\Windows\System\vUThouj.exe
  C:\Windows\System\vUThouj.exe
  2⤵
  PID:6544
- C:\Windows\System\hAPIipf.exe
  C:\Windows\System\hAPIipf.exe
  2⤵
  PID:6584
- C:\Windows\System\kNHRgAE.exe
  C:\Windows\System\kNHRgAE.exe
  2⤵
  PID:6600
- C:\Windows\System\uGqaIVy.exe
  C:\Windows\System\uGqaIVy.exe
  2⤵
  PID:6632
- C:\Windows\System\eTFiFHh.exe
  C:\Windows\System\eTFiFHh.exe
  2⤵
  PID:6656
- C:\Windows\System\EZyetMt.exe
  C:\Windows\System\EZyetMt.exe
  2⤵
  PID:6696
- C:\Windows\System\VjRiinr.exe
  C:\Windows\System\VjRiinr.exe
  2⤵
  PID:6732
- C:\Windows\System\QfizJXw.exe
  C:\Windows\System\QfizJXw.exe
  2⤵
  PID:6772
- C:\Windows\System\IIDBOBT.exe
  C:\Windows\System\IIDBOBT.exe
  2⤵
  PID:6788
- C:\Windows\System\Exnnyja.exe
  C:\Windows\System\Exnnyja.exe
  2⤵
  PID:6816
- C:\Windows\System\QEMXXjX.exe
  C:\Windows\System\QEMXXjX.exe
  2⤵
  PID:6848
- C:\Windows\System\YEjfbZm.exe
  C:\Windows\System\YEjfbZm.exe
  2⤵
  PID:6876
- C:\Windows\System\VLKBRvo.exe
  C:\Windows\System\VLKBRvo.exe
  2⤵
  PID:6912
- C:\Windows\System\uKNHyZh.exe
  C:\Windows\System\uKNHyZh.exe
  2⤵
  PID:6940
- C:\Windows\System\SjlPwVb.exe
  C:\Windows\System\SjlPwVb.exe
  2⤵
  PID:6976
- C:\Windows\System\xmeUfvD.exe
  C:\Windows\System\xmeUfvD.exe
  2⤵
  PID:7000
- C:\Windows\System\HbAnfrn.exe
  C:\Windows\System\HbAnfrn.exe
  2⤵
  PID:7024
- C:\Windows\System\AEzuVnv.exe
  C:\Windows\System\AEzuVnv.exe
  2⤵
  PID:7052
- C:\Windows\System\YXwFJqE.exe
  C:\Windows\System\YXwFJqE.exe
  2⤵
  PID:7080
- C:\Windows\System\kRKyJfB.exe
  C:\Windows\System\kRKyJfB.exe
  2⤵
  PID:7112
- C:\Windows\System\Kmqxazw.exe
  C:\Windows\System\Kmqxazw.exe
  2⤵
  PID:7136
- C:\Windows\System\TRlbYuL.exe
  C:\Windows\System\TRlbYuL.exe
  2⤵
  PID:6080
- C:\Windows\System\yZFOSwx.exe
  C:\Windows\System\yZFOSwx.exe
  2⤵
  PID:6176
- C:\Windows\System\qlDqiON.exe
  C:\Windows\System\qlDqiON.exe
  2⤵
  PID:6256
- C:\Windows\System\bMFhiMU.exe
  C:\Windows\System\bMFhiMU.exe
  2⤵
  PID:6296
- C:\Windows\System\KvIjxBL.exe
  C:\Windows\System\KvIjxBL.exe
  2⤵
  PID:6324
- C:\Windows\System\dIXGvRh.exe
  C:\Windows\System\dIXGvRh.exe
  2⤵
  PID:6428
- C:\Windows\System\nxjPAQy.exe
  C:\Windows\System\nxjPAQy.exe
  2⤵
  PID:6528
- C:\Windows\System\wvAeLqz.exe
  C:\Windows\System\wvAeLqz.exe
  2⤵
  PID:6592
- C:\Windows\System\kuLtxUQ.exe
  C:\Windows\System\kuLtxUQ.exe
  2⤵
  PID:6648
- C:\Windows\System\jZbGRdM.exe
  C:\Windows\System\jZbGRdM.exe
  2⤵
  PID:220
- C:\Windows\System\FYFzjnD.exe
  C:\Windows\System\FYFzjnD.exe
  2⤵
  PID:6828
- C:\Windows\System\hxaIDGO.exe
  C:\Windows\System\hxaIDGO.exe
  2⤵
  PID:6896
- C:\Windows\System\iFeUTuw.exe
  C:\Windows\System\iFeUTuw.exe
  2⤵
  PID:6928
- C:\Windows\System\oGQtYxh.exe
  C:\Windows\System\oGQtYxh.exe
  2⤵
  PID:7008
- C:\Windows\System\xNVcfBI.exe
  C:\Windows\System\xNVcfBI.exe
  2⤵
  PID:7092
- C:\Windows\System\ZTDsWfu.exe
  C:\Windows\System\ZTDsWfu.exe
  2⤵
  PID:7108
- C:\Windows\System\WHEWBOG.exe
  C:\Windows\System\WHEWBOG.exe
  2⤵
  PID:6952
- C:\Windows\System\alOMxjf.exe
  C:\Windows\System\alOMxjf.exe
  2⤵
  PID:6232
- C:\Windows\System\FfveBYN.exe
  C:\Windows\System\FfveBYN.exe
  2⤵
  PID:6372
- C:\Windows\System\OlWQRDk.exe
  C:\Windows\System\OlWQRDk.exe
  2⤵
  PID:6368
- C:\Windows\System\nqKePIf.exe
  C:\Windows\System\nqKePIf.exe
  2⤵
  PID:6568
- C:\Windows\System\oKlHbYh.exe
  C:\Windows\System\oKlHbYh.exe
  2⤵
  PID:6780
- C:\Windows\System\LcisfET.exe
  C:\Windows\System\LcisfET.exe
  2⤵
  PID:7036
- C:\Windows\System\sXUwLYB.exe
  C:\Windows\System\sXUwLYB.exe
  2⤵
  PID:7132
- C:\Windows\System\jLpmdgP.exe
  C:\Windows\System\jLpmdgP.exe
  2⤵
  PID:6540
- C:\Windows\System\ztIRVxy.exe
  C:\Windows\System\ztIRVxy.exe
  2⤵
  PID:6988
- C:\Windows\System\JrufuMA.exe
  C:\Windows\System\JrufuMA.exe
  2⤵
  PID:6864
- C:\Windows\System\Snkygel.exe
  C:\Windows\System\Snkygel.exe
  2⤵
  PID:7192
- C:\Windows\System\GwTwvaM.exe
  C:\Windows\System\GwTwvaM.exe
  2⤵
  PID:7208
- C:\Windows\System\nRlEUhs.exe
  C:\Windows\System\nRlEUhs.exe
  2⤵
  PID:7248
- C:\Windows\System\JOuzHfr.exe
  C:\Windows\System\JOuzHfr.exe
  2⤵
  PID:7268
- C:\Windows\System\CegbYTJ.exe
  C:\Windows\System\CegbYTJ.exe
  2⤵
  PID:7292
- C:\Windows\System\pJpreqj.exe
  C:\Windows\System\pJpreqj.exe
  2⤵
  PID:7308
- C:\Windows\System\LLpkmwJ.exe
  C:\Windows\System\LLpkmwJ.exe
  2⤵
  PID:7344
- C:\Windows\System\hOYKIEt.exe
  C:\Windows\System\hOYKIEt.exe
  2⤵
  PID:7376
- C:\Windows\System\wLKceIC.exe
  C:\Windows\System\wLKceIC.exe
  2⤵
  PID:7416
- C:\Windows\System\zqdQEMJ.exe
  C:\Windows\System\zqdQEMJ.exe
  2⤵
  PID:7444
- C:\Windows\System\kGhMzlT.exe
  C:\Windows\System\kGhMzlT.exe
  2⤵
  PID:7464
- C:\Windows\System\LDoNIdJ.exe
  C:\Windows\System\LDoNIdJ.exe
  2⤵
  PID:7500
- C:\Windows\System\uoGiSkn.exe
  C:\Windows\System\uoGiSkn.exe
  2⤵
  PID:7544
- C:\Windows\System\pLyJfPk.exe
  C:\Windows\System\pLyJfPk.exe
  2⤵
  PID:7564
- C:\Windows\System\OzlISqF.exe
  C:\Windows\System\OzlISqF.exe
  2⤵
  PID:7580
- C:\Windows\System\tJHIDcB.exe
  C:\Windows\System\tJHIDcB.exe
  2⤵
  PID:7616
- C:\Windows\System\aKsLOrH.exe
  C:\Windows\System\aKsLOrH.exe
  2⤵
  PID:7656
- C:\Windows\System\IndMSoj.exe
  C:\Windows\System\IndMSoj.exe
  2⤵
  PID:7688
- C:\Windows\System\GOHbsuf.exe
  C:\Windows\System\GOHbsuf.exe
  2⤵
  PID:7716
- C:\Windows\System\pLgNYGw.exe
  C:\Windows\System\pLgNYGw.exe
  2⤵
  PID:7736
- C:\Windows\System\QKJpxXG.exe
  C:\Windows\System\QKJpxXG.exe
  2⤵
  PID:7760
- C:\Windows\System\wTuoQbf.exe
  C:\Windows\System\wTuoQbf.exe
  2⤵
  PID:7792
- C:\Windows\System\dDzXspz.exe
  C:\Windows\System\dDzXspz.exe
  2⤵
  PID:7820
- C:\Windows\System\OshtPYI.exe
  C:\Windows\System\OshtPYI.exe
  2⤵
  PID:7848
- C:\Windows\System\edjCEdt.exe
  C:\Windows\System\edjCEdt.exe
  2⤵
  PID:7872
- C:\Windows\System\ZrFEVUJ.exe
  C:\Windows\System\ZrFEVUJ.exe
  2⤵
  PID:7900
- C:\Windows\System\ipRcRRZ.exe
  C:\Windows\System\ipRcRRZ.exe
  2⤵
  PID:7928
- C:\Windows\System\nWbNHEM.exe
  C:\Windows\System\nWbNHEM.exe
  2⤵
  PID:7960
- C:\Windows\System\gZohqiH.exe
  C:\Windows\System\gZohqiH.exe
  2⤵
  PID:7984
- C:\Windows\System\PVuKHlH.exe
  C:\Windows\System\PVuKHlH.exe
  2⤵
  PID:8012
- C:\Windows\System\CpKzswS.exe
  C:\Windows\System\CpKzswS.exe
  2⤵
  PID:8040
- C:\Windows\System\piagrDE.exe
  C:\Windows\System\piagrDE.exe
  2⤵
  PID:8068
- C:\Windows\System\fJIoJbb.exe
  C:\Windows\System\fJIoJbb.exe
  2⤵
  PID:8100
- C:\Windows\System\TakkSRN.exe
  C:\Windows\System\TakkSRN.exe
  2⤵
  PID:8136
- C:\Windows\System\wJbzqhb.exe
  C:\Windows\System\wJbzqhb.exe
  2⤵
  PID:8152
- C:\Windows\System\oihthhq.exe
  C:\Windows\System\oihthhq.exe
  2⤵
  PID:6160
- C:\Windows\System\arAlKFC.exe
  C:\Windows\System\arAlKFC.exe
  2⤵
  PID:7184
- C:\Windows\System\ahgSdvn.exe
  C:\Windows\System\ahgSdvn.exe
  2⤵
  PID:7244
- C:\Windows\System\wjtQowy.exe
  C:\Windows\System\wjtQowy.exe
  2⤵
  PID:7324
- C:\Windows\System\NdShaKF.exe
  C:\Windows\System\NdShaKF.exe
  2⤵
  PID:7364
- C:\Windows\System\NEmczmF.exe
  C:\Windows\System\NEmczmF.exe
  2⤵
  PID:7428
- C:\Windows\System\tyMMApu.exe
  C:\Windows\System\tyMMApu.exe
  2⤵
  PID:7536
- C:\Windows\System\GrUYupF.exe
  C:\Windows\System\GrUYupF.exe
  2⤵
  PID:7572
- C:\Windows\System\PdlaliN.exe
  C:\Windows\System\PdlaliN.exe
  2⤵
  PID:7680
- C:\Windows\System\QWoekDq.exe
  C:\Windows\System\QWoekDq.exe
  2⤵
  PID:7704
- C:\Windows\System\DWXsceM.exe
  C:\Windows\System\DWXsceM.exe
  2⤵
  PID:7772
- C:\Windows\System\mxTNKjh.exe
  C:\Windows\System\mxTNKjh.exe
  2⤵
  PID:4944
- C:\Windows\System\HDAJIaR.exe
  C:\Windows\System\HDAJIaR.exe
  2⤵
  PID:7888
- C:\Windows\System\dYRSvQB.exe
  C:\Windows\System\dYRSvQB.exe
  2⤵
  PID:7976
- C:\Windows\System\OMQKfud.exe
  C:\Windows\System\OMQKfud.exe
  2⤵
  PID:8000
- C:\Windows\System\BmgvETE.exe
  C:\Windows\System\BmgvETE.exe
  2⤵
  PID:8080
- C:\Windows\System\clYcIHz.exe
  C:\Windows\System\clYcIHz.exe
  2⤵
  PID:8144
- C:\Windows\System\mYaAxuf.exe
  C:\Windows\System\mYaAxuf.exe
  2⤵
  PID:6508
- C:\Windows\System\eqpwPTi.exe
  C:\Windows\System\eqpwPTi.exe
  2⤵
  PID:7288
- C:\Windows\System\EmSSSwv.exe
  C:\Windows\System\EmSSSwv.exe
  2⤵
  PID:7388
- C:\Windows\System\njRRmFm.exe
  C:\Windows\System\njRRmFm.exe
  2⤵
  PID:7628
- C:\Windows\System\zNiSLaT.exe
  C:\Windows\System\zNiSLaT.exe
  2⤵
  PID:7752
- C:\Windows\System\SGfrRod.exe
  C:\Windows\System\SGfrRod.exe
  2⤵
  PID:7844
- C:\Windows\System\bwfIDIa.exe
  C:\Windows\System\bwfIDIa.exe
  2⤵
  PID:8036
- C:\Windows\System\HRMaPmt.exe
  C:\Windows\System\HRMaPmt.exe
  2⤵
  PID:8184
- C:\Windows\System\TNLSFAV.exe
  C:\Windows\System\TNLSFAV.exe
  2⤵
  PID:7488
- C:\Windows\System\vFiPHQe.exe
  C:\Windows\System\vFiPHQe.exe
  2⤵
  PID:7744
- C:\Windows\System\Hueniia.exe
  C:\Windows\System\Hueniia.exe
  2⤵
  PID:7972
- C:\Windows\System\OrgKwxQ.exe
  C:\Windows\System\OrgKwxQ.exe
  2⤵
  PID:7708
- C:\Windows\System\AGQycPg.exe
  C:\Windows\System\AGQycPg.exe
  2⤵
  PID:8200
- C:\Windows\System\NeQVxBa.exe
  C:\Windows\System\NeQVxBa.exe
  2⤵
  PID:8216
- C:\Windows\System\iqwGxEU.exe
  C:\Windows\System\iqwGxEU.exe
  2⤵
  PID:8244
- C:\Windows\System\xHPMkyK.exe
  C:\Windows\System\xHPMkyK.exe
  2⤵
  PID:8276
- C:\Windows\System\AZxIvcG.exe
  C:\Windows\System\AZxIvcG.exe
  2⤵
  PID:8300
- C:\Windows\System\VOelGFN.exe
  C:\Windows\System\VOelGFN.exe
  2⤵
  PID:8340
- C:\Windows\System\DygqDrW.exe
  C:\Windows\System\DygqDrW.exe
  2⤵
  PID:8368
- C:\Windows\System\HMbnoIB.exe
  C:\Windows\System\HMbnoIB.exe
  2⤵
  PID:8384
- C:\Windows\System\uqLMHaA.exe
  C:\Windows\System\uqLMHaA.exe
  2⤵
  PID:8400
- C:\Windows\System\sYkVDbY.exe
  C:\Windows\System\sYkVDbY.exe
  2⤵
  PID:8440
- C:\Windows\System\mWXxlTq.exe
  C:\Windows\System\mWXxlTq.exe
  2⤵
  PID:8476
- C:\Windows\System\KaRZkVb.exe
  C:\Windows\System\KaRZkVb.exe
  2⤵
  PID:8492
- C:\Windows\System\aLWVUWv.exe
  C:\Windows\System\aLWVUWv.exe
  2⤵
  PID:8512
- C:\Windows\System\zldaGYc.exe
  C:\Windows\System\zldaGYc.exe
  2⤵
  PID:8540
- C:\Windows\System\unKdYZD.exe
  C:\Windows\System\unKdYZD.exe
  2⤵
  PID:8564
- C:\Windows\System\ElXiGZO.exe
  C:\Windows\System\ElXiGZO.exe
  2⤵
  PID:8584
- C:\Windows\System\rydsEfs.exe
  C:\Windows\System\rydsEfs.exe
  2⤵
  PID:8612
- C:\Windows\System\UGYsMAh.exe
  C:\Windows\System\UGYsMAh.exe
  2⤵
  PID:8628
- C:\Windows\System\iZyzAgS.exe
  C:\Windows\System\iZyzAgS.exe
  2⤵
  PID:8664
- C:\Windows\System\QbwUeAl.exe
  C:\Windows\System\QbwUeAl.exe
  2⤵
  PID:8708
- C:\Windows\System\PBKlika.exe
  C:\Windows\System\PBKlika.exe
  2⤵
  PID:8740
- C:\Windows\System\BgdekGC.exe
  C:\Windows\System\BgdekGC.exe
  2⤵
  PID:8772
- C:\Windows\System\ZueBEwv.exe
  C:\Windows\System\ZueBEwv.exe
  2⤵
  PID:8808
- C:\Windows\System\fYyOIsG.exe
  C:\Windows\System\fYyOIsG.exe
  2⤵
  PID:8836
- C:\Windows\System\JAblyws.exe
  C:\Windows\System\JAblyws.exe
  2⤵
  PID:8856
- C:\Windows\System\ScARGYz.exe
  C:\Windows\System\ScARGYz.exe
  2⤵
  PID:8880
- C:\Windows\System\CctnazY.exe
  C:\Windows\System\CctnazY.exe
  2⤵
  PID:8896
- C:\Windows\System\FsPcWpi.exe
  C:\Windows\System\FsPcWpi.exe
  2⤵
  PID:8936
- C:\Windows\System\LjIltjY.exe
  C:\Windows\System\LjIltjY.exe
  2⤵
  PID:8960
- C:\Windows\System\yeuohBb.exe
  C:\Windows\System\yeuohBb.exe
  2⤵
  PID:9004
- C:\Windows\System\fRwcJpk.exe
  C:\Windows\System\fRwcJpk.exe
  2⤵
  PID:9032
- C:\Windows\System\AfCiAyn.exe
  C:\Windows\System\AfCiAyn.exe
  2⤵
  PID:9068
- C:\Windows\System\loGnfnw.exe
  C:\Windows\System\loGnfnw.exe
  2⤵
  PID:9084
- C:\Windows\System\dwnnhwp.exe
  C:\Windows\System\dwnnhwp.exe
  2⤵
  PID:9108
- C:\Windows\System\vExqzsg.exe
  C:\Windows\System\vExqzsg.exe
  2⤵
  PID:9132
- C:\Windows\System\gXykTty.exe
  C:\Windows\System\gXykTty.exe
  2⤵
  PID:9156
- C:\Windows\System\brPqkFv.exe
  C:\Windows\System\brPqkFv.exe
  2⤵
  PID:9188
- C:\Windows\System\XzrQXkh.exe
  C:\Windows\System\XzrQXkh.exe
  2⤵
  PID:8212
- C:\Windows\System\xIiPQJr.exe
  C:\Windows\System\xIiPQJr.exe
  2⤵
  PID:4496
- C:\Windows\System\jPhkXqd.exe
  C:\Windows\System\jPhkXqd.exe
  2⤵
  PID:8352
- C:\Windows\System\mpHpNAk.exe
  C:\Windows\System\mpHpNAk.exe
  2⤵
  PID:8420
- C:\Windows\System\wKluZLl.exe
  C:\Windows\System\wKluZLl.exe
  2⤵
  PID:8424
- C:\Windows\System\WPHAWEi.exe
  C:\Windows\System\WPHAWEi.exe
  2⤵
  PID:1176
- C:\Windows\System\YdkuAVL.exe
  C:\Windows\System\YdkuAVL.exe
  2⤵
  PID:8560
- C:\Windows\System\McFXPxT.exe
  C:\Windows\System\McFXPxT.exe
  2⤵
  PID:8600
- C:\Windows\System\AEVGvXA.exe
  C:\Windows\System\AEVGvXA.exe
  2⤵
  PID:8652
- C:\Windows\System\WhAAlsY.exe
  C:\Windows\System\WhAAlsY.exe
  2⤵
  PID:1080
- C:\Windows\System\vDRSJdI.exe
  C:\Windows\System\vDRSJdI.exe
  2⤵
  PID:8824
- C:\Windows\System\nlXezyU.exe
  C:\Windows\System\nlXezyU.exe
  2⤵
  PID:8920
- C:\Windows\System\NLgNmPx.exe
  C:\Windows\System\NLgNmPx.exe
  2⤵
  PID:8944
- C:\Windows\System\MoPBgwE.exe
  C:\Windows\System\MoPBgwE.exe
  2⤵
  PID:8992
- C:\Windows\System\EtcCbaJ.exe
  C:\Windows\System\EtcCbaJ.exe
  2⤵
  PID:9080
- C:\Windows\System\fkZsJqe.exe
  C:\Windows\System\fkZsJqe.exe
  2⤵
  PID:9168
- C:\Windows\System\NfdBkLs.exe
  C:\Windows\System\NfdBkLs.exe
  2⤵
  PID:9200
- C:\Windows\System\qLkEBRq.exe
  C:\Windows\System\qLkEBRq.exe
  2⤵
  PID:8292
- C:\Windows\System\TBHPMCQ.exe
  C:\Windows\System\TBHPMCQ.exe
  2⤵
  PID:8500
- C:\Windows\System\OmmXChe.exe
  C:\Windows\System\OmmXChe.exe
  2⤵
  PID:8532
- C:\Windows\System\GmEAMOG.exe
  C:\Windows\System\GmEAMOG.exe
  2⤵
  PID:8768
- C:\Windows\System\YQsXjPD.exe
  C:\Windows\System\YQsXjPD.exe
  2⤵
  PID:8888
- C:\Windows\System\MtQdNNm.exe
  C:\Windows\System\MtQdNNm.exe
  2⤵
  PID:8980
- C:\Windows\System\SCLdiBk.exe
  C:\Windows\System\SCLdiBk.exe
  2⤵
  PID:9096
- C:\Windows\System\IdxeNQq.exe
  C:\Windows\System\IdxeNQq.exe
  2⤵
  PID:8232
- C:\Windows\System\APwCNbW.exe
  C:\Windows\System\APwCNbW.exe
  2⤵
  PID:8468
- C:\Windows\System\WNdULlO.exe
  C:\Windows\System\WNdULlO.exe
  2⤵
  PID:9120
- C:\Windows\System\zOIxVBs.exe
  C:\Windows\System\zOIxVBs.exe
  2⤵
  PID:8360
- C:\Windows\System\EEHiSCM.exe
  C:\Windows\System\EEHiSCM.exe
  2⤵
  PID:9180
- C:\Windows\System\fYKHjiu.exe
  C:\Windows\System\fYKHjiu.exe
  2⤵
  PID:9240
- C:\Windows\System\BEcBPLE.exe
  C:\Windows\System\BEcBPLE.exe
  2⤵
  PID:9264
- C:\Windows\System\DbvNUzr.exe
  C:\Windows\System\DbvNUzr.exe
  2⤵
  PID:9304
- C:\Windows\System\YsKnxIl.exe
  C:\Windows\System\YsKnxIl.exe
  2⤵
  PID:9324
- C:\Windows\System\jtAhjPK.exe
  C:\Windows\System\jtAhjPK.exe
  2⤵
  PID:9356
- C:\Windows\System\MJBrhPK.exe
  C:\Windows\System\MJBrhPK.exe
  2⤵
  PID:9376
- C:\Windows\System\tqzKNIP.exe
  C:\Windows\System\tqzKNIP.exe
  2⤵
  PID:9404
- C:\Windows\System\eREwnQW.exe
  C:\Windows\System\eREwnQW.exe
  2⤵
  PID:9424
- C:\Windows\System\GfQwGhi.exe
  C:\Windows\System\GfQwGhi.exe
  2⤵
  PID:9460
- C:\Windows\System\YIKRCDd.exe
  C:\Windows\System\YIKRCDd.exe
  2⤵
  PID:9476
- C:\Windows\System\KVrMwVW.exe
  C:\Windows\System\KVrMwVW.exe
  2⤵
  PID:9516
- C:\Windows\System\HyfYIFB.exe
  C:\Windows\System\HyfYIFB.exe
  2⤵
  PID:9544
- C:\Windows\System\CKzatyY.exe
  C:\Windows\System\CKzatyY.exe
  2⤵
  PID:9560
- C:\Windows\System\FKayxyY.exe
  C:\Windows\System\FKayxyY.exe
  2⤵
  PID:9600
- C:\Windows\System\qwVvfSK.exe
  C:\Windows\System\qwVvfSK.exe
  2⤵
  PID:9636
- C:\Windows\System\PoAlTun.exe
  C:\Windows\System\PoAlTun.exe
  2⤵
  PID:9652
- C:\Windows\System\EeROtVz.exe
  C:\Windows\System\EeROtVz.exe
  2⤵
  PID:9672
- C:\Windows\System\HGZfzwE.exe
  C:\Windows\System\HGZfzwE.exe
  2⤵
  PID:9712
- C:\Windows\System\SjopGbx.exe
  C:\Windows\System\SjopGbx.exe
  2⤵
  PID:9744
- C:\Windows\System\NerFkQy.exe
  C:\Windows\System\NerFkQy.exe
  2⤵
  PID:9760
- C:\Windows\System\xFOvCgR.exe
  C:\Windows\System\xFOvCgR.exe
  2⤵
  PID:9784
- C:\Windows\System\GdfFOtA.exe
  C:\Windows\System\GdfFOtA.exe
  2⤵
  PID:9824
- C:\Windows\System\PcGfdmZ.exe
  C:\Windows\System\PcGfdmZ.exe
  2⤵
  PID:9856
- C:\Windows\System\cCAWRQH.exe
  C:\Windows\System\cCAWRQH.exe
  2⤵
  PID:9892
- C:\Windows\System\EJbykBo.exe
  C:\Windows\System\EJbykBo.exe
  2⤵
  PID:9920
- C:\Windows\System\cKdPHPC.exe
  C:\Windows\System\cKdPHPC.exe
  2⤵
  PID:9948
- C:\Windows\System\yIIqiCd.exe
  C:\Windows\System\yIIqiCd.exe
  2⤵
  PID:9964
- C:\Windows\System\XpVNXNf.exe
  C:\Windows\System\XpVNXNf.exe
  2⤵
  PID:9992
- C:\Windows\System\vyLKtcM.exe
  C:\Windows\System\vyLKtcM.exe
  2⤵
  PID:10020
- C:\Windows\System\JGVbBsz.exe
  C:\Windows\System\JGVbBsz.exe
  2⤵
  PID:10056
- C:\Windows\System\qpARZWv.exe
  C:\Windows\System\qpARZWv.exe
  2⤵
  PID:10076
- C:\Windows\System\cSWCDSg.exe
  C:\Windows\System\cSWCDSg.exe
  2⤵
  PID:10116
- C:\Windows\System\PBDVhiS.exe
  C:\Windows\System\PBDVhiS.exe
  2⤵
  PID:10132
- C:\Windows\System\oTUgLyO.exe
  C:\Windows\System\oTUgLyO.exe
  2⤵
  PID:10164
- C:\Windows\System\scjrACy.exe
  C:\Windows\System\scjrACy.exe
  2⤵
  PID:10192
- C:\Windows\System\LmsZZMH.exe
  C:\Windows\System\LmsZZMH.exe
  2⤵
  PID:10220
- C:\Windows\System\LhsyXAC.exe
  C:\Windows\System\LhsyXAC.exe
  2⤵
  PID:9248
- C:\Windows\System\qyiZjRH.exe
  C:\Windows\System\qyiZjRH.exe
  2⤵
  PID:9260
- C:\Windows\System\YojEiyU.exe
  C:\Windows\System\YojEiyU.exe
  2⤵
  PID:9332
- C:\Windows\System\IhchVWa.exe
  C:\Windows\System\IhchVWa.exe
  2⤵
  PID:9392
- C:\Windows\System\vNdnWAU.exe
  C:\Windows\System\vNdnWAU.exe
  2⤵
  PID:9440
- C:\Windows\System\kJUvaVM.exe
  C:\Windows\System\kJUvaVM.exe
  2⤵
  PID:9488
- C:\Windows\System\YOuQrVg.exe
  C:\Windows\System\YOuQrVg.exe
  2⤵
  PID:9536
- C:\Windows\System\MzXOCzS.exe
  C:\Windows\System\MzXOCzS.exe
  2⤵
  PID:9580
- C:\Windows\System\tsTMzif.exe
  C:\Windows\System\tsTMzif.exe
  2⤵
  PID:9660
- C:\Windows\System\eOimCnQ.exe
  C:\Windows\System\eOimCnQ.exe
  2⤵
  PID:9732
- C:\Windows\System\HzRQgbV.exe
  C:\Windows\System\HzRQgbV.exe
  2⤵
  PID:9804
- C:\Windows\System\VpYlDiE.exe
  C:\Windows\System\VpYlDiE.exe
  2⤵
  PID:9864
- C:\Windows\System\JvFlFGV.exe
  C:\Windows\System\JvFlFGV.exe
  2⤵
  PID:9960
- C:\Windows\System\roNEtDf.exe
  C:\Windows\System\roNEtDf.exe
  2⤵
  PID:10012
- C:\Windows\System\DAuUQQJ.exe
  C:\Windows\System\DAuUQQJ.exe
  2⤵
  PID:10104
- C:\Windows\System\aWlIOYP.exe
  C:\Windows\System\aWlIOYP.exe
  2⤵
  PID:10180
- C:\Windows\System\ADiKOBN.exe
  C:\Windows\System\ADiKOBN.exe
  2⤵
  PID:10216
- C:\Windows\System\BdbMGOf.exe
  C:\Windows\System\BdbMGOf.exe
  2⤵
  PID:2840
- C:\Windows\System\jWoSUvw.exe
  C:\Windows\System\jWoSUvw.exe
  2⤵
  PID:9340
- C:\Windows\System\FNHemey.exe
  C:\Windows\System\FNHemey.exe
  2⤵
  PID:9532
- C:\Windows\System\HmhYuve.exe
  C:\Windows\System\HmhYuve.exe
  2⤵
  PID:9704
- C:\Windows\System\AUYRBKS.exe
  C:\Windows\System\AUYRBKS.exe
  2⤵
  PID:9812
- C:\Windows\System\hMkEslv.exe
  C:\Windows\System\hMkEslv.exe
  2⤵
  PID:9988
- C:\Windows\System\IzksrkX.exe
  C:\Windows\System\IzksrkX.exe
  2⤵
  PID:10068
- C:\Windows\System\VfUeijA.exe
  C:\Windows\System\VfUeijA.exe
  2⤵
  PID:10172
- C:\Windows\System\cRhMmOU.exe
  C:\Windows\System\cRhMmOU.exe
  2⤵
  PID:9364
- C:\Windows\System\xEXXdyd.exe
  C:\Windows\System\xEXXdyd.exe
  2⤵
  PID:9612
- C:\Windows\System\iBXzkIl.exe
  C:\Windows\System\iBXzkIl.exe
  2⤵
  PID:9940
- C:\Windows\System\jQXvcAo.exe
  C:\Windows\System\jQXvcAo.exe
  2⤵
  PID:9316
- C:\Windows\System\eJKEExJ.exe
  C:\Windows\System\eJKEExJ.exe
  2⤵
  PID:10032
- C:\Windows\System\KFtWcvC.exe
  C:\Windows\System\KFtWcvC.exe
  2⤵
  PID:10280
- C:\Windows\System\IdFPhyW.exe
  C:\Windows\System\IdFPhyW.exe
  2⤵
  PID:10308
- C:\Windows\System\fXxRYVt.exe
  C:\Windows\System\fXxRYVt.exe
  2⤵
  PID:10328
- C:\Windows\System\CXCxiyd.exe
  C:\Windows\System\CXCxiyd.exe
  2⤵
  PID:10348
- C:\Windows\System\rEqrylb.exe
  C:\Windows\System\rEqrylb.exe
  2⤵
  PID:10376
- C:\Windows\System\nKFvqSn.exe
  C:\Windows\System\nKFvqSn.exe
  2⤵
  PID:10424
- C:\Windows\System\VCkrAuC.exe
  C:\Windows\System\VCkrAuC.exe
  2⤵
  PID:10444
- C:\Windows\System\LBVCnrW.exe
  C:\Windows\System\LBVCnrW.exe
  2⤵
  PID:10476
- C:\Windows\System\ivyjSpY.exe
  C:\Windows\System\ivyjSpY.exe
  2⤵
  PID:10516
- C:\Windows\System\GwNWjlz.exe
  C:\Windows\System\GwNWjlz.exe
  2⤵
  PID:10540
- C:\Windows\System\BOekQtM.exe
  C:\Windows\System\BOekQtM.exe
  2⤵
  PID:10572
- C:\Windows\System\VpUVwGO.exe
  C:\Windows\System\VpUVwGO.exe
  2⤵
  PID:10592
- C:\Windows\System\zvbFZRh.exe
  C:\Windows\System\zvbFZRh.exe
  2⤵
  PID:10620
- C:\Windows\System\bOBzRig.exe
  C:\Windows\System\bOBzRig.exe
  2⤵
  PID:10644
- C:\Windows\System\IMTnJqc.exe
  C:\Windows\System\IMTnJqc.exe
  2⤵
  PID:10676
- C:\Windows\System\TyakyVr.exe
  C:\Windows\System\TyakyVr.exe
  2⤵
  PID:10704
- C:\Windows\System\IlXSMUP.exe
  C:\Windows\System\IlXSMUP.exe
  2⤵
  PID:10720
- C:\Windows\System\vxYozmT.exe
  C:\Windows\System\vxYozmT.exe
  2⤵
  PID:10760
- C:\Windows\System\hXUqaXL.exe
  C:\Windows\System\hXUqaXL.exe
  2⤵
  PID:10804
- C:\Windows\System\rjzvEJg.exe
  C:\Windows\System\rjzvEJg.exe
  2⤵
  PID:10820
- C:\Windows\System\knUQglj.exe
  C:\Windows\System\knUQglj.exe
  2⤵
  PID:10844
- C:\Windows\System\ZWhgSbD.exe
  C:\Windows\System\ZWhgSbD.exe
  2⤵
  PID:10880
- C:\Windows\System\cPlnGOR.exe
  C:\Windows\System\cPlnGOR.exe
  2⤵
  PID:10904
- C:\Windows\System\GoBzWzy.exe
  C:\Windows\System\GoBzWzy.exe
  2⤵
  PID:10944
- C:\Windows\System\JJWAuqR.exe
  C:\Windows\System\JJWAuqR.exe
  2⤵
  PID:10968
- C:\Windows\System\WCjcNst.exe
  C:\Windows\System\WCjcNst.exe
  2⤵
  PID:11000
- C:\Windows\System\YSDQfws.exe
  C:\Windows\System\YSDQfws.exe
  2⤵
  PID:11032
- C:\Windows\System\cqLiWOk.exe
  C:\Windows\System\cqLiWOk.exe
  2⤵
  PID:11056
- C:\Windows\System\EIUqQdK.exe
  C:\Windows\System\EIUqQdK.exe
  2⤵
  PID:11084
- C:\Windows\System\jzKSutr.exe
  C:\Windows\System\jzKSutr.exe
  2⤵
  PID:11112
- C:\Windows\System\aoHSSwZ.exe
  C:\Windows\System\aoHSSwZ.exe
  2⤵
  PID:11128
- C:\Windows\System\tsfctpZ.exe
  C:\Windows\System\tsfctpZ.exe
  2⤵
  PID:11160
- C:\Windows\System\BLRVDCu.exe
  C:\Windows\System\BLRVDCu.exe
  2⤵
  PID:11196
- C:\Windows\System\wvZsnkT.exe
  C:\Windows\System\wvZsnkT.exe
  2⤵
  PID:11224
- C:\Windows\System\pJMqjpt.exe
  C:\Windows\System\pJMqjpt.exe
  2⤵
  PID:11252
- C:\Windows\System\EfnkIoy.exe
  C:\Windows\System\EfnkIoy.exe
  2⤵
  PID:10268
- C:\Windows\System\JZVrYfF.exe
  C:\Windows\System\JZVrYfF.exe
  2⤵
  PID:10300
- C:\Windows\System\joHwijz.exe
  C:\Windows\System\joHwijz.exe
  2⤵
  PID:10408
- C:\Windows\System\ThXkGDI.exe
  C:\Windows\System\ThXkGDI.exe
  2⤵
  PID:10452
- C:\Windows\System\dQVwaAZ.exe
  C:\Windows\System\dQVwaAZ.exe
  2⤵
  PID:10464
- C:\Windows\System\AQxOOSf.exe
  C:\Windows\System\AQxOOSf.exe
  2⤵
  PID:10560
- C:\Windows\System\lYwRxHd.exe
  C:\Windows\System\lYwRxHd.exe
  2⤵
  PID:10608
- C:\Windows\System\dPmoHVV.exe
  C:\Windows\System\dPmoHVV.exe
  2⤵
  PID:10656
- C:\Windows\System\CSmUvde.exe
  C:\Windows\System\CSmUvde.exe
  2⤵
  PID:10748
- C:\Windows\System\dzxuskf.exe
  C:\Windows\System\dzxuskf.exe
  2⤵
  PID:10832
- C:\Windows\System\hrmdaeq.exe
  C:\Windows\System\hrmdaeq.exe
  2⤵
  PID:10912
- C:\Windows\System\gYugKiY.exe
  C:\Windows\System\gYugKiY.exe
  2⤵
  PID:10980
- C:\Windows\System\aTAqBFT.exe
  C:\Windows\System\aTAqBFT.exe
  2⤵
  PID:11044
- C:\Windows\System\McQdRjT.exe
  C:\Windows\System\McQdRjT.exe
  2⤵
  PID:11096
- C:\Windows\System\VuXqkIC.exe
  C:\Windows\System\VuXqkIC.exe
  2⤵
  PID:11180
- C:\Windows\System\CoCpROy.exe
  C:\Windows\System\CoCpROy.exe
  2⤵
  PID:11208
- C:\Windows\System\xqujYaD.exe
  C:\Windows\System\xqujYaD.exe
  2⤵
  PID:10340
- C:\Windows\System\CXiYLyW.exe
  C:\Windows\System\CXiYLyW.exe
  2⤵
  PID:10336
- C:\Windows\System\ZbalOzK.exe
  C:\Windows\System\ZbalOzK.exe
  2⤵
  PID:10556
- C:\Windows\System\EVwZGiJ.exe
  C:\Windows\System\EVwZGiJ.exe
  2⤵
  PID:10696
- C:\Windows\System\VsimTFF.exe
  C:\Windows\System\VsimTFF.exe
  2⤵
  PID:10868
- C:\Windows\System\AAOEECQ.exe
  C:\Windows\System\AAOEECQ.exe
  2⤵
  PID:11016
- C:\Windows\System\OCJMpzl.exe
  C:\Windows\System\OCJMpzl.exe
  2⤵
  PID:11144
- C:\Windows\System\RXEvxcK.exe
  C:\Windows\System\RXEvxcK.exe
  2⤵
  PID:11260
- C:\Windows\System\QuRPGeM.exe
  C:\Windows\System\QuRPGeM.exe
  2⤵
  PID:10668
- C:\Windows\System\ErSjKfj.exe
  C:\Windows\System\ErSjKfj.exe
  2⤵
  PID:11068
- C:\Windows\System\JGcaNUi.exe
  C:\Windows\System\JGcaNUi.exe
  2⤵
  PID:10616
- C:\Windows\System\wNjNGmQ.exe
  C:\Windows\System\wNjNGmQ.exe
  2⤵
  PID:11236
- C:\Windows\System\OFOSzop.exe
  C:\Windows\System\OFOSzop.exe
  2⤵
  PID:11288
- C:\Windows\System\FmOFlVl.exe
  C:\Windows\System\FmOFlVl.exe
  2⤵
  PID:11312
- C:\Windows\System\fOEFFIk.exe
  C:\Windows\System\fOEFFIk.exe
  2⤵
  PID:11348
- C:\Windows\System\PKPdgQr.exe
  C:\Windows\System\PKPdgQr.exe
  2⤵
  PID:11372
- C:\Windows\System\DLiqblo.exe
  C:\Windows\System\DLiqblo.exe
  2⤵
  PID:11396
- C:\Windows\System\qjErsOJ.exe
  C:\Windows\System\qjErsOJ.exe
  2⤵
  PID:11412
- C:\Windows\System\ZKXmWqP.exe
  C:\Windows\System\ZKXmWqP.exe
  2⤵
  PID:11440
- C:\Windows\System\qGrMObU.exe
  C:\Windows\System\qGrMObU.exe
  2⤵
  PID:11460
- C:\Windows\System\qWxIGcy.exe
  C:\Windows\System\qWxIGcy.exe
  2⤵
  PID:11488
- C:\Windows\System\aVBLeQB.exe
  C:\Windows\System\aVBLeQB.exe
  2⤵
  PID:11532
- C:\Windows\System\CvpKfdb.exe
  C:\Windows\System\CvpKfdb.exe
  2⤵
  PID:11560
- C:\Windows\System\NcmXICs.exe
  C:\Windows\System\NcmXICs.exe
  2⤵
  PID:11588
- C:\Windows\System\CeuynKa.exe
  C:\Windows\System\CeuynKa.exe
  2⤵
  PID:11608
- C:\Windows\System\mkhigca.exe
  C:\Windows\System\mkhigca.exe
  2⤵
  PID:11656
- C:\Windows\System\LUUGeXg.exe
  C:\Windows\System\LUUGeXg.exe
  2⤵
  PID:11692
- C:\Windows\System\SoQfmGv.exe
  C:\Windows\System\SoQfmGv.exe
  2⤵
  PID:11712
- C:\Windows\System\WoNIuJZ.exe
  C:\Windows\System\WoNIuJZ.exe
  2⤵
  PID:11740
- C:\Windows\System\jqgfgCQ.exe
  C:\Windows\System\jqgfgCQ.exe
  2⤵
  PID:11772
- C:\Windows\System\zCIZXYd.exe
  C:\Windows\System\zCIZXYd.exe
  2⤵
  PID:11804
- C:\Windows\System\JFetQmI.exe
  C:\Windows\System\JFetQmI.exe
  2⤵
  PID:11824
- C:\Windows\System\ibiQyUZ.exe
  C:\Windows\System\ibiQyUZ.exe
  2⤵
  PID:11860
- C:\Windows\System\eChLLOJ.exe
  C:\Windows\System\eChLLOJ.exe
  2⤵
  PID:11888
- C:\Windows\System\DzXfNjO.exe
  C:\Windows\System\DzXfNjO.exe
  2⤵
  PID:11916
- C:\Windows\System\mTOeAvT.exe
  C:\Windows\System\mTOeAvT.exe
  2⤵
  PID:11940
- C:\Windows\System\pVxQsNw.exe
  C:\Windows\System\pVxQsNw.exe
  2⤵
  PID:11960
- C:\Windows\System\dikqfwQ.exe
  C:\Windows\System\dikqfwQ.exe
  2⤵
  PID:11976
- C:\Windows\System\HAcZLfP.exe
  C:\Windows\System\HAcZLfP.exe
  2⤵
  PID:12008
- C:\Windows\System\lKonsOE.exe
  C:\Windows\System\lKonsOE.exe
  2⤵
  PID:12028
- C:\Windows\System\hEQxwIe.exe
  C:\Windows\System\hEQxwIe.exe
  2⤵
  PID:12060
- C:\Windows\System\pAQRWgj.exe
  C:\Windows\System\pAQRWgj.exe
  2⤵
  PID:12096
- C:\Windows\System\eHcDYRB.exe
  C:\Windows\System\eHcDYRB.exe
  2⤵
  PID:12124
- C:\Windows\System\XEvZoZt.exe
  C:\Windows\System\XEvZoZt.exe
  2⤵
  PID:12140
- C:\Windows\System\ZLvBFeO.exe
  C:\Windows\System\ZLvBFeO.exe
  2⤵
  PID:12172
- C:\Windows\System\WSHcrGs.exe
  C:\Windows\System\WSHcrGs.exe
  2⤵
  PID:12188
- C:\Windows\System\gSFGZAz.exe
  C:\Windows\System\gSFGZAz.exe
  2⤵
  PID:12220
- C:\Windows\System\UxtLaXT.exe
  C:\Windows\System\UxtLaXT.exe
  2⤵
  PID:12260
- C:\Windows\System\PyHmBKy.exe
  C:\Windows\System\PyHmBKy.exe
  2⤵
  PID:11012
- C:\Windows\System\QHLjSUT.exe
  C:\Windows\System\QHLjSUT.exe
  2⤵
  PID:11324
- C:\Windows\System\zOrUqlH.exe
  C:\Windows\System\zOrUqlH.exe
  2⤵
  PID:11364
- C:\Windows\System\FmYpyyc.exe
  C:\Windows\System\FmYpyyc.exe
  2⤵
  PID:540
- C:\Windows\System\GDIGMAM.exe
  C:\Windows\System\GDIGMAM.exe
  2⤵
  PID:11508
- C:\Windows\System\UCpIveu.exe
  C:\Windows\System\UCpIveu.exe
  2⤵
  PID:11552
- C:\Windows\System\ZqsiITJ.exe
  C:\Windows\System\ZqsiITJ.exe
  2⤵
  PID:11640
- C:\Windows\System\RCuFoaW.exe
  C:\Windows\System\RCuFoaW.exe
  2⤵
  PID:11724
- C:\Windows\System\VntcsTY.exe
  C:\Windows\System\VntcsTY.exe
  2⤵
  PID:11792
- C:\Windows\System\llVmpom.exe
  C:\Windows\System\llVmpom.exe
  2⤵
  PID:11816
- C:\Windows\System\VlVmLEQ.exe
  C:\Windows\System\VlVmLEQ.exe
  2⤵
  PID:11904
- C:\Windows\System\BXPBerj.exe
  C:\Windows\System\BXPBerj.exe
  2⤵
  PID:11948
- C:\Windows\System\CWfKTVz.exe
  C:\Windows\System\CWfKTVz.exe
  2⤵
  PID:12016
- C:\Windows\System\mDTfQVE.exe
  C:\Windows\System\mDTfQVE.exe
  2⤵
  PID:12116
- C:\Windows\System\mUFKSTH.exe
  C:\Windows\System\mUFKSTH.exe
  2⤵
  PID:12160
- C:\Windows\System\wAvpKwe.exe
  C:\Windows\System\wAvpKwe.exe
  2⤵
  PID:11280
- C:\Windows\System\HVVFSdF.exe
  C:\Windows\System\HVVFSdF.exe
  2⤵
  PID:11388
- C:\Windows\System\rlGVmvN.exe
  C:\Windows\System\rlGVmvN.exe
  2⤵
  PID:11408
- C:\Windows\System\AhTYVuJ.exe
  C:\Windows\System\AhTYVuJ.exe
  2⤵
  PID:11664
- C:\Windows\System\rRnbWIi.exe
  C:\Windows\System\rRnbWIi.exe
  2⤵
  PID:11736
- C:\Windows\System\CzNnoSH.exe
  C:\Windows\System\CzNnoSH.exe
  2⤵
  PID:11952
- C:\Windows\System\vJlhHkd.exe
  C:\Windows\System\vJlhHkd.exe
  2⤵
  PID:12104
- C:\Windows\System\fLqnfJY.exe
  C:\Windows\System\fLqnfJY.exe
  2⤵
  PID:12252
- C:\Windows\System\ibuIXGO.exe
  C:\Windows\System\ibuIXGO.exe
  2⤵
  PID:11520
- C:\Windows\System\GlIIVBU.exe
  C:\Windows\System\GlIIVBU.exe
  2⤵
  PID:11684
- C:\Windows\System\yULtWrG.exe
  C:\Windows\System\yULtWrG.exe
  2⤵
  PID:12132
- C:\Windows\System\cemNHFl.exe
  C:\Windows\System\cemNHFl.exe
  2⤵
  PID:11852
- C:\Windows\System\gUiuwbo.exe
  C:\Windows\System\gUiuwbo.exe
  2⤵
  PID:12292
- C:\Windows\System\vwDWoKc.exe
  C:\Windows\System\vwDWoKc.exe
  2⤵
  PID:12320
- C:\Windows\System\UrvkBdC.exe
  C:\Windows\System\UrvkBdC.exe
  2⤵
  PID:12356
- C:\Windows\System\keFqdZD.exe
  C:\Windows\System\keFqdZD.exe
  2⤵
  PID:12380
- C:\Windows\System\HLKqmls.exe
  C:\Windows\System\HLKqmls.exe
  2⤵
  PID:12412
- C:\Windows\System\RItZwzh.exe
  C:\Windows\System\RItZwzh.exe
  2⤵
  PID:12448
- C:\Windows\System\wImVKzv.exe
  C:\Windows\System\wImVKzv.exe
  2⤵
  PID:12480
- C:\Windows\System\CvanhvX.exe
  C:\Windows\System\CvanhvX.exe
  2⤵
  PID:12500
- C:\Windows\System\Asdrcbz.exe
  C:\Windows\System\Asdrcbz.exe
  2⤵
  PID:12536
- C:\Windows\System\lvGWXDx.exe
  C:\Windows\System\lvGWXDx.exe
  2⤵
  PID:12560
- C:\Windows\System\vWmMYoK.exe
  C:\Windows\System\vWmMYoK.exe
  2⤵
  PID:12596
- C:\Windows\System\RBNtSNX.exe
  C:\Windows\System\RBNtSNX.exe
  2⤵
  PID:12620
- C:\Windows\System\VnnSfce.exe
  C:\Windows\System\VnnSfce.exe
  2⤵
  PID:12652
- C:\Windows\System\WkyiWdD.exe
  C:\Windows\System\WkyiWdD.exe
  2⤵
  PID:12672
- C:\Windows\System\bzShXeH.exe
  C:\Windows\System\bzShXeH.exe
  2⤵
  PID:12708
- C:\Windows\System\jFvtgOD.exe
  C:\Windows\System\jFvtgOD.exe
  2⤵
  PID:12744
- C:\Windows\System\OpIhHTH.exe
  C:\Windows\System\OpIhHTH.exe
  2⤵
  PID:12776
- C:\Windows\System\CLBKlVf.exe
  C:\Windows\System\CLBKlVf.exe
  2⤵
  PID:12804
- C:\Windows\System\vDNVGqp.exe
  C:\Windows\System\vDNVGqp.exe
  2⤵
  PID:12828
- C:\Windows\System\SJjFXRV.exe
  C:\Windows\System\SJjFXRV.exe
  2⤵
  PID:12856
- C:\Windows\System\VPtlosg.exe
  C:\Windows\System\VPtlosg.exe
  2⤵
  PID:12892
- C:\Windows\System\bRcLITH.exe
  C:\Windows\System\bRcLITH.exe
  2⤵
  PID:12912
- C:\Windows\System\SAlpCcJ.exe
  C:\Windows\System\SAlpCcJ.exe
  2⤵
  PID:12940
- C:\Windows\System\Nvibedd.exe
  C:\Windows\System\Nvibedd.exe
  2⤵
  PID:12968
- C:\Windows\System\zYysmbb.exe
  C:\Windows\System\zYysmbb.exe
  2⤵
  PID:13000
- C:\Windows\System\cFqVPgO.exe
  C:\Windows\System\cFqVPgO.exe
  2⤵
  PID:13028
- C:\Windows\System\AawtPrK.exe
  C:\Windows\System\AawtPrK.exe
  2⤵
  PID:13056
- C:\Windows\System\qIwaWeD.exe
  C:\Windows\System\qIwaWeD.exe
  2⤵
  PID:13080
- C:\Windows\System\ipCaOhG.exe
  C:\Windows\System\ipCaOhG.exe
  2⤵
  PID:13108
- C:\Windows\System\YEMZhlC.exe
  C:\Windows\System\YEMZhlC.exe
  2⤵
  PID:13136
- C:\Windows\System\gOrTNOl.exe
  C:\Windows\System\gOrTNOl.exe
  2⤵
  PID:13164
- C:\Windows\System\ZzXMgrO.exe
  C:\Windows\System\ZzXMgrO.exe
  2⤵
  PID:13192
- C:\Windows\System\JCRniyy.exe
  C:\Windows\System\JCRniyy.exe
  2⤵
  PID:13220
- C:\Windows\System\ufhjwAb.exe
  C:\Windows\System\ufhjwAb.exe
  2⤵
  PID:13252
- C:\Windows\System\jdDzaFN.exe
  C:\Windows\System\jdDzaFN.exe
  2⤵
  PID:13276
- C:\Windows\System\yyASnLp.exe
  C:\Windows\System\yyASnLp.exe
  2⤵
  PID:13300
- C:\Windows\System\mxisHXo.exe
  C:\Windows\System\mxisHXo.exe
  2⤵
  PID:12308
- C:\Windows\System\heCryIv.exe
  C:\Windows\System\heCryIv.exe
  2⤵
  PID:12368
- C:\Windows\System\QvwfgAu.exe
  C:\Windows\System\QvwfgAu.exe
  2⤵
  PID:12404
- C:\Windows\System\nkFFnuK.exe
  C:\Windows\System\nkFFnuK.exe
  2⤵
  PID:12496
- C:\Windows\System\VxwfmsO.exe
  C:\Windows\System\VxwfmsO.exe
  2⤵
  PID:12520
- C:\Windows\System\rCQVQFP.exe
  C:\Windows\System\rCQVQFP.exe
  2⤵
  PID:12572
- C:\Windows\System\dzyfnzY.exe
  C:\Windows\System\dzyfnzY.exe
  2⤵
  PID:12632
- C:\Windows\System\DHfSUDK.exe
  C:\Windows\System\DHfSUDK.exe
  2⤵
  PID:12684
- C:\Windows\System\hsQywlS.exe
  C:\Windows\System\hsQywlS.exe
  2⤵
  PID:12760
- C:\Windows\System\SCDAyYM.exe
  C:\Windows\System\SCDAyYM.exe
  2⤵
  PID:12844
- C:\Windows\System\wUXAyBy.exe
  C:\Windows\System\wUXAyBy.exe
  2⤵
  PID:12904
- C:\Windows\System\pSBPzkp.exe
  C:\Windows\System\pSBPzkp.exe
  2⤵
  PID:12960
- C:\Windows\System\lDiRrHg.exe
  C:\Windows\System\lDiRrHg.exe
  2⤵
  PID:12984
- C:\Windows\System\KUMBDOZ.exe
  C:\Windows\System\KUMBDOZ.exe
  2⤵
  PID:13044
- C:\Windows\System\TeXOuvU.exe
  C:\Windows\System\TeXOuvU.exe
  2⤵
  PID:13128
- C:\Windows\System\eYmNoqZ.exe
  C:\Windows\System\eYmNoqZ.exe
  2⤵
  PID:13176
- C:\Windows\System\nbtJqFW.exe
  C:\Windows\System\nbtJqFW.exe
  2⤵
  PID:13216
- C:\Windows\System\nmnVgkn.exe
  C:\Windows\System\nmnVgkn.exe
  2⤵
  PID:13236
- C:\Windows\System\rGqExdO.exe
  C:\Windows\System\rGqExdO.exe
  2⤵
  PID:13292
- C:\Windows\System\cLJvdjq.exe
  C:\Windows\System\cLJvdjq.exe
  2⤵
  PID:12332
- C:\Windows\System\RsQxumA.exe
  C:\Windows\System\RsQxumA.exe
  2⤵
  PID:12440
- C:\Windows\System\XlpAeIh.exe
  C:\Windows\System\XlpAeIh.exe
  2⤵
  PID:3568
- C:\Windows\System\vhemINd.exe
  C:\Windows\System\vhemINd.exe
  2⤵
  PID:3348
- C:\Windows\System\ZpCRCox.exe
  C:\Windows\System\ZpCRCox.exe
  2⤵
  PID:12692
- C:\Windows\System\MaxZmam.exe
  C:\Windows\System\MaxZmam.exe
  2⤵
  PID:12792
- C:\Windows\System\HSCEAQe.exe
  C:\Windows\System\HSCEAQe.exe
  2⤵
  PID:12988
- C:\Windows\System\WnHWDjf.exe
  C:\Windows\System\WnHWDjf.exe
  2⤵
  PID:12424
- C:\Windows\System\PSKEYEn.exe
  C:\Windows\System\PSKEYEn.exe
  2⤵
  PID:13096
- C:\Windows\System\SxMmioO.exe
  C:\Windows\System\SxMmioO.exe
  2⤵
  PID:13296
- C:\Windows\System\nnJyAhT.exe
  C:\Windows\System\nnJyAhT.exe
  2⤵
  PID:12556
- C:\Windows\System\boNHvqn.exe
  C:\Windows\System\boNHvqn.exe
  2⤵
  PID:13316
- C:\Windows\System\CzyGxac.exe
  C:\Windows\System\CzyGxac.exe
  2⤵
  PID:13356
- C:\Windows\System\QFKAacR.exe
  C:\Windows\System\QFKAacR.exe
  2⤵
  PID:13388
- C:\Windows\System\yHcbRtW.exe
  C:\Windows\System\yHcbRtW.exe
  2⤵
  PID:13416
- C:\Windows\System\QHuqsvj.exe
  C:\Windows\System\QHuqsvj.exe
  2⤵
  PID:13440
- C:\Windows\System\UKKDimB.exe
  C:\Windows\System\UKKDimB.exe
  2⤵
  PID:13472
- C:\Windows\System\FkzteDo.exe
  C:\Windows\System\FkzteDo.exe
  2⤵
  PID:13508
- C:\Windows\System\MQsFGvH.exe
  C:\Windows\System\MQsFGvH.exe
  2⤵
  PID:13536
- C:\Windows\System\bTntcut.exe
  C:\Windows\System\bTntcut.exe
  2⤵
  PID:13556
- C:\Windows\System\qQvudoN.exe
  C:\Windows\System\qQvudoN.exe
  2⤵
  PID:13592
- C:\Windows\System\lNNKkzE.exe
  C:\Windows\System\lNNKkzE.exe
  2⤵
  PID:13628
- C:\Windows\System\EwCZOQa.exe
  C:\Windows\System\EwCZOQa.exe
  2⤵
  PID:13656
- C:\Windows\System\jTPPlQa.exe
  C:\Windows\System\jTPPlQa.exe
  2⤵
  PID:13672
- C:\Windows\System\fqIgoCt.exe
  C:\Windows\System\fqIgoCt.exe
  2⤵
  PID:13704
- C:\Windows\System\FdzHcOE.exe
  C:\Windows\System\FdzHcOE.exe
  2⤵
  PID:13736
- C:\Windows\System\OJiImcP.exe
  C:\Windows\System\OJiImcP.exe
  2⤵
  PID:13764
- C:\Windows\System\SkksHkx.exe
  C:\Windows\System\SkksHkx.exe
  2⤵
  PID:13796
- C:\Windows\System\iFdXUmJ.exe
  C:\Windows\System\iFdXUmJ.exe
  2⤵
  PID:13816
- C:\Windows\System\ZoyyPfM.exe
  C:\Windows\System\ZoyyPfM.exe
  2⤵
  PID:13848
- C:\Windows\System\rwVUaOC.exe
  C:\Windows\System\rwVUaOC.exe
  2⤵
  PID:13876
- C:\Windows\System\tnlqpFm.exe
  C:\Windows\System\tnlqpFm.exe
  2⤵
  PID:13900
- C:\Windows\System\fbjjVUy.exe
  C:\Windows\System\fbjjVUy.exe
  2⤵
  PID:13924
- C:\Windows\System\NHRhMvr.exe
  C:\Windows\System\NHRhMvr.exe
  2⤵
  PID:13944
- C:\Windows\System\nOdjxtP.exe
  C:\Windows\System\nOdjxtP.exe
  2⤵
  PID:13968
- C:\Windows\System\AixVhQY.exe
  C:\Windows\System\AixVhQY.exe
  2⤵
  PID:13996
- C:\Windows\System\TNUhsgs.exe
  C:\Windows\System\TNUhsgs.exe
  2⤵
  PID:14016
- C:\Windows\System\vYuSLWL.exe
  C:\Windows\System\vYuSLWL.exe
  2⤵
  PID:14048
- C:\Windows\System\KtgBLmq.exe
  C:\Windows\System\KtgBLmq.exe
  2⤵
  PID:14084
- C:\Windows\System\lqdngAw.exe
  C:\Windows\System\lqdngAw.exe
  2⤵
  PID:14116
- C:\Windows\System\knDuyju.exe
  C:\Windows\System\knDuyju.exe
  2⤵
  PID:14132
- C:\Windows\System\aaroIHZ.exe
  C:\Windows\System\aaroIHZ.exe
  2⤵
  PID:14168
- C:\Windows\System\PubBIID.exe
  C:\Windows\System\PubBIID.exe
  2⤵
  PID:14192
- C:\Windows\System\YkYXrdx.exe
  C:\Windows\System\YkYXrdx.exe
  2⤵
  PID:14232
- C:\Windows\System\qUWBJeY.exe
  C:\Windows\System\qUWBJeY.exe
  2⤵
  PID:14256
- C:\Windows\System\kwFeWYc.exe
  C:\Windows\System\kwFeWYc.exe
  2⤵
  PID:13328
- C:\Windows\System\VUYLgmq.exe
  C:\Windows\System\VUYLgmq.exe
  2⤵
  PID:13368
- C:\Windows\System\PkQxuwP.exe
  C:\Windows\System\PkQxuwP.exe
  2⤵
  PID:13404
- C:\Windows\System\XSwmnbs.exe
  C:\Windows\System\XSwmnbs.exe
  2⤵
  PID:13428
- C:\Windows\System\PybluKx.exe
  C:\Windows\System\PybluKx.exe
  2⤵
  PID:13432
- C:\Windows\System\MAkECBk.exe
  C:\Windows\System\MAkECBk.exe
  2⤵
  PID:13548
- C:\Windows\System\hMpPkBR.exe
  C:\Windows\System\hMpPkBR.exe
  2⤵
  PID:13524
- C:\Windows\System\zolVzus.exe
  C:\Windows\System\zolVzus.exe
  2⤵
  PID:13588
- C:\Windows\System\dWzYuaF.exe
  C:\Windows\System\dWzYuaF.exe
  2⤵
  PID:13760
- C:\Windows\System\dbwiDxZ.exe
  C:\Windows\System\dbwiDxZ.exe
  2⤵
  PID:13780
- C:\Windows\System\wJxdakj.exe
  C:\Windows\System\wJxdakj.exe
  2⤵
  PID:13864
- C:\Windows\System\hnyZYJE.exe
  C:\Windows\System\hnyZYJE.exe
  2⤵
  PID:13856

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ElXYBRJ.exe

Filesize
2.2MB

MD5
dd1865f04f0371e1bbd729e2d6ceecee

SHA1
7587e9ad870730c62c5d902da62ca33c0aebe7a2

SHA256
437748adcfe3f965275778170719ec48d63e37244172baf7fd02ab6ebff82018

SHA512
55eab570254bb125516bc88b309463b788c5976478e4f5e103dc2fd201b751da780655764ddb60910389449edef4a3cb150bbd8a4f135670b4f7519843214886

Download Submit
C:\Windows\System\FPEElrF.exe

Filesize
2.2MB

MD5
926c03465c549711aac349c1673abdab

SHA1
47f8ba7a0a594112e6268085495157002445ae65

SHA256
466d8d8a2b715ae2cc22657dd36aa58b7cee9fe22b9dd9620b30e8de69ab8f8b

SHA512
38badca37209aaf4e754d154f90e61c281d5b57809167960de74987adac4d2063e22766c5adfa7609d3ee86438fd40c15fb39d2187a1bdc7b0f5bc45a16f7a6a

Download Submit
C:\Windows\System\FTdueNb.exe

Filesize
2.2MB

MD5
11bd4354ba88df378e38596a4c5829e1

SHA1
d83adb3934b9346d9748e59d26b3badbd00cd191

SHA256
5d420e7ad0249211057ddc84ab2aec49a4a15a5ac7c15786c944bb2b25ff2592

SHA512
04a1ff78b56b058d4fda5c279a81a1cca4c41986d1f7027134eee83a07fc86c5b954eb4b303992c729da13b493ea249c2e79aab1fc858a922d508224a04c67ea

Download Submit
C:\Windows\System\GzbXkjY.exe

Filesize
2.2MB

MD5
38d0822685f2fcf6c1283d1154f582e4

SHA1
a7ce491bf3564656e5d384fca9f7b99660bc8b37

SHA256
855099d8316be7eb130268ea81951dc257c7a85bc6e41e56d5d3089432ab9a34

SHA512
1a600c799bf82a242bc8992250431433c307b9cdaf5bb19fd9469c07cf98663fb0540f68848749b290571dfc74486549d1f1e114f9d6147623c83aa20fd65d4a

Download Submit
C:\Windows\System\KIDrOuC.exe

Filesize
2.2MB

MD5
a337ef026011b512537b156191dbfb68

SHA1
82f1b128b070b3aeb7e56d179b74c5f95a00e117

SHA256
0886611119368560d888a0b9e0c2003e6ecb11fb389bb9d83d0e8cd21c18c31e

SHA512
897dc14f78a66b2bff5c4c72f7ca321f66a3d056c35fa1892ad98bf1f43d55a0a883776032286760bcab018581f871d6ece512c06f9b1cf7e6bc61acf2da0bd9

Download Submit
C:\Windows\System\SRIYLIj.exe

Filesize
2.2MB

MD5
63299eaa7e32d5b4d360ed4c4b082317

SHA1
27495d8750e0a3123f63303424c196249e26558f

SHA256
ef6c541d6e61c1e2eda39e8b12cc0597357b527960ea6596f9960c1a6a096699

SHA512
f88f5ab7aac7176b01431a736c786da16a8707d3a008af1892b7938ef3e0cb9726befcd5a4edf8575d65f25961853f41351602ebd55cedba764e5fcb671c7017

Download Submit
C:\Windows\System\SYbRIPM.exe

Filesize
2.2MB

MD5
d23e18d9835d01d5e97f99e774f8dbef

SHA1
6c7b6580c6df859d28374e7d00e4cb32917c6a07

SHA256
24d711aae08a4f92e2c2e3bc689681cec476722e3f05f61e1f2744b993dbf020

SHA512
13cfa6d4d752b7d7e090279539ef79987328ea39b8d4f803d7beb92255eb976c6171a7756ba4e48e797d017df07fbf1b576e1e31794704a769bbc578c26b1288

Download Submit
C:\Windows\System\TJUKMOw.exe

Filesize
2.2MB

MD5
cb8394b4be8fd9091e16c59304506860

SHA1
9ede54a36680f8f291e125111afb3ac5f90d550d

SHA256
1ae4c2a4efbbe442252546bd9eab9cd0be0ea7e4bd71ccbc74bbcd950e535718

SHA512
1e6087e003787cc3292fa874c7b7aa090d543c5a917f1d97decad73a0faa8f6b6cce4c259d1565ea2fff1652b352a7b882897ea8a08c9624ea21cafc891b7742

Download Submit
C:\Windows\System\TVuowkN.exe

Filesize
2.2MB

MD5
1cf5b11877a9401c5cfeb3a719cc0d0e

SHA1
6bedf0ea1a3b40646f730a52dfb825e6f798abfd

SHA256
8ff58bb4e7a2ab53b174057e8fa12fea0b6b3696d73c486e7796abd3663b95be

SHA512
578374b0ff9baba65fb63cde893d27e90a2f57eecce8c9abb2526a1ac2f9ab16d0f2312796262af031ca62dfe91770531ccb9169b612694fb90631e279385875

Download Submit
C:\Windows\System\TkvIKes.exe

Filesize
2.2MB

MD5
9fe3878c98d9f55f675d93eba135ba47

SHA1
fe15cfd5c8e24a331a772d3e416126071ca59048

SHA256
a6c249d0f6b55ccc42cb30824551391d56516889edc2c77c846d0c1e099b6a2a

SHA512
030a8d7a5fc5f22bff3f55c5fc0667b74207bc86a642dedcc9855a732c030ff6522ade6fb65518e09b4afe6512b2e29500327e63bed4f092c622c9bc6ebc823b

Download Submit
C:\Windows\System\UWXchAw.exe

Filesize
2.2MB

MD5
a2ad2ec7eeb651417e00199fde38e232

SHA1
96252bc5bf2539d8e959113e97116410d9fb703e

SHA256
72c43a8b5612d7e0a8dff6e61cf05dca5efacdcfcabae38db9513284d963f4bc

SHA512
ff713a87c4c54974d673436671b2be3b01845a5aab0dbadbb19378435c0a922ffcd1e465140918b46fbcd4226fb05e9e6479a59fbeab350de899a5ae51eaf799

Download Submit
C:\Windows\System\UiqaWRf.exe

Filesize
2.2MB

MD5
c15b25a519f1608b493ffcfeed99491a

SHA1
1c540bf7c916e7bb6b633eabffbd5793ef670782

SHA256
f94225be630bfa0c9cefca71e19be0109dae9d3d6ac07e358834339ddd886cfd

SHA512
b3d70a0ea794e568aa4302785f1dfb07974e7c7bb014ad609029c5837db64d720261bf72eeba15d88555690e8f56a178be578d4039d62160cd70531e73256744

Download Submit
C:\Windows\System\XYxIxrQ.exe

Filesize
2.2MB

MD5
077ad7dd5c78fcfb765516937c4cdd1b

SHA1
a5093cb21c35e968cf4aec85b0a582ed3b5008af

SHA256
c0d01885e5ff0461d95a670dd7bc74cb420ab9e76c601ba00d234313e517bf84

SHA512
d340bcfdb6416a56b004e1e21c6a59ac68b8d24c12d51dead3e11d8bd560529f0ec9575858aba205e691833b2eb181201f907ae290fe470bc5c2e07456650142

Download Submit
C:\Windows\System\XxPwsNE.exe

Filesize
2.2MB

MD5
4667307a2afdd4f41c72a11126e4182e

SHA1
e824a4284f17fa0277074d62081be31bf9ae5d3d

SHA256
3820798abf9208e2eb99b1fda80678e7ba0b2acd6a590a75acba3dcc75670a66

SHA512
47d06414cb520bf85ca669f096f70a60c21c5f105a9182560d2dca1a13ecaa19bc06a2022f86c80cda90c027d67078529a25732c28dfc5fe0a0485cb0d7f7c49

Download Submit
C:\Windows\System\YXaxmVY.exe

Filesize
2.2MB

MD5
535bad0f6dc480b9e0f3a7d0b2f4f615

SHA1
a0b8e67c4294fb5006dee657b85dc42b31cb10d1

SHA256
a7a85b9b52d721edb8693636d07e39a9419dc42bbf981eb56c32baba646acb72

SHA512
ff5925ecf7441bd8dd7aaa7cb2bdb22f3df612e08c6cde30f265838f467135dc3f0d639fe05ca3d363f141e3188b512fffde284ee549f9a33196e6510d826b6b

Download Submit
C:\Windows\System\ZLAiCvi.exe

Filesize
2.2MB

MD5
afd3f912a6725e22598055b08ef242b2

SHA1
f8d611121b848392472b59f6733df13e092d3387

SHA256
df4b05e3a72a8e2b17cf664021a58290c64d2e4433ff90fac8359b8fc9b7c99a

SHA512
88ca18f83204a614856bcfa753b819547a005020d75ebe521199a7aee63fd4eae5a36290734d312bc992345ac0b5286e8be3bebc44599ab959f7974109db9c01

Download Submit
C:\Windows\System\ZqnVjTB.exe

Filesize
2.2MB

MD5
1a2298af005303142160bfabdbaa27ba

SHA1
1e8b37fdb70f188e37da305c2653efa12af1b7ca

SHA256
f856ddb3478885ebac386439e51510155c44fb57b0d687af4f7fc6ae1a6283f6

SHA512
c89af3074af77e64dde2a7639e62ee1a195993ac23efc983caa9a28b7a874231798ab2b4f1f1806afe9422614d606f996b25a12ac28c2bda846b25871e49bf44

Download Submit
C:\Windows\System\aHdxkMG.exe

Filesize
2.2MB

MD5
f6a403560ea1eeb9ea3cc70a1f4d7cae

SHA1
51e21f2056c14f44fdb6dc7c58ddbd46355b70bf

SHA256
5b1c975b43ee8044b78754421ea714a4a250172bb623ce2ac3e7734aa6703c4b

SHA512
f13724c161054eec90816180992cd81bf910f77fa42b9856859cd0a6c4e9013ca8b51bb94d2f62ed239c2848c6f29a7eda3c1b161351cc978db9d0315f4574b2

Download Submit
C:\Windows\System\aeRhNWM.exe

Filesize
2.2MB

MD5
622955942ac29fe6990d15ff7d572dbc

SHA1
3144e5c4b81b56464c0e718f9be97d029e3045d8

SHA256
62440647f62afe7e2f9ab8d06e24ab25acabc928be36c4c10ece6015ed809619

SHA512
29f38789adf7533e869114caa713a02cd940eb9f71dc597c037ee19d35eb1a7ae8e2a78def76a695380c2061a7f9f93168dee7f1827fe7766db2df9e8b5acead

Download Submit
C:\Windows\System\anAHhwt.exe

Filesize
2.2MB

MD5
5d2321f836108cfbd6aa1963baee0a0f

SHA1
d8d8b95232c98214282c17cb10d22f12ac435bf6

SHA256
0c59d993a41c793955cdfd9374a02367cf1e555fbefd35ca1846e60c5fc2c1da

SHA512
06ae255fcb60b909d1e0b35df9b5c0068d9b60fd3e20740f742ad22a12815d98eba9d3f72e8f048029eeaaa35bb08257f53f8152eae3dc9516e5b4df437a41ae

Download Submit
C:\Windows\System\dByqBNa.exe

Filesize
2.2MB

MD5
9cacbe0270a8ca8c2abd21a22d6283d6

SHA1
df9b078d75d912f768e09cee133ae8e47a305240

SHA256
87e1ad812f020537c4d18bb8973daf467ad2ad2f47630624400562e89fd62bec

SHA512
4c25bbb4b8b2460666840aa56218c8cd0b2c3b13e8e59d61d06a429be2a746a4fb37a1ff2a967d34bc9ec0ddbef4c6dbc1d73710c69d1ddca70e5dcb345b1a2b

Download Submit
C:\Windows\System\dJHCcbk.exe

Filesize
2.2MB

MD5
52d64e31150e0ffb42a7a6ac119dfcf6

SHA1
c45f92897337b4247492e22abba9ad46ac7dde8b

SHA256
400b7a909794d01fb9c3e8b0daed5c7eac7f1ad42ff42fc114ce5c61072af3ef

SHA512
559e40aefff378cb99309de6c0d956189e84fce00e9711dd240d53aa245fbd3b4db5f70f643e9bf3583cce108a4efcb06376667c2b5b6eae433261e36cfd73ef

Download Submit
C:\Windows\System\dOdhmmv.exe

Filesize
2.2MB

MD5
db53cc39663c4eedb484461ea8c02ee4

SHA1
ae30fca89f9ecd3cfc72c9acbff85ff6865fb0a4

SHA256
ff755b07127d1bf3ab582571065126589c29b5a7c1b604554d0eb64c2d6b44a8

SHA512
38e20e898b3ef9a5c633d8834de0c94f0d26c48a74ad4503f90687740b0d33d1e4566c58dccbdb7920c50968f5a1979286548c7ba6707edda41b7afb40dde679

Download Submit
C:\Windows\System\dieTuGC.exe

Filesize
2.2MB

MD5
598f4059ee1dce0206d5388d060a766e

SHA1
96ab8680398a07164dad13de27b7cc00b03d8add

SHA256
d6344a8424d58bfcd6dfd3446ab4e0663ab7c934be47afdd5334f86d4969f904

SHA512
1b70a811ffc9b17905eff20492b48232b0845a62b85d8127ff20597da6018a1e81e8be3ccb766abba9cb7a05efeab94b06583bf7125d2d79860806d1cdc31401

Download Submit
C:\Windows\System\fTnsoFv.exe

Filesize
2.2MB

MD5
97a6717ee318294075f2d44e4b2f97f4

SHA1
fc427a53e640fd49894311f270e312da3d38a465

SHA256
673bd559d69616d993aba226ec3ae57cd1ffea48929d4b71a64d1af77414b44f

SHA512
096cf4d71aaca4e750717bc741fed36d3ba6ffd62a0135541f9cd6477c247226b93cf9fc672b4a6fca4b51d2bb9c52816e67b422ef6926dcac05796a3dbd5f8b

Download Submit
C:\Windows\System\gXCaavH.exe

Filesize
2.2MB

MD5
a7e080c1131204f0d93e61638093f722

SHA1
b0f019a672e6b1a17b4e9ba4423df3c91a72d467

SHA256
39e255d702aef2901b3e4144670a2b0a193b62486451d151bb31c0793d4f8da2

SHA512
f34db3c66ca977edc491f01fbb81b4ffdff53b72b795dd2871f752562d058d8ada071246b0419968d4921e6c06edb4d58ee34965044d873ef1ee5cf6a6b8d967

Download Submit
C:\Windows\System\gXnibJE.exe

Filesize
2.2MB

MD5
eed201cd8690314c13bea5ae31609e94

SHA1
504c59d60a0e70b67b868401c5ca724fab3d392f

SHA256
92661de8ea2d54f425bca139d5155bbf3c3749762b755cd91ab4feeeba7d9688

SHA512
d09907682e2dd37dcc6e5816ebac10342dc7559741f4f6cfb473a7870b6db773dbf11b927bb834f344fe4cce095dbbef2f74354e3ed6b467e642165584038587

Download Submit
C:\Windows\System\keoKqXG.exe

Filesize
2.2MB

MD5
dc7bd103a54d0b4df41ad0bde86a490c

SHA1
fd789b10f1a98435959d36c81cd61dbacdbdc13a

SHA256
6f8555a3bcd106900f5710b92e5648d07740ed7a7f2fb00bbd789bb51842a67d

SHA512
a12cf7acb50a96c8d389138f0c07b9db9c400e4bec58569e15cda83db23efdc383855253486f53707b7213b5685537363f94a27142a0271d362e33eb15aeaab8

Download Submit
C:\Windows\System\nlYsXGy.exe

Filesize
2.2MB

MD5
a4fb531aba77ec4c5fc4423e8da7b23b

SHA1
e554ade2831f9f609bd4939823d69c3b8fe2e415

SHA256
78a057711988eda778f789e9a5a5ab070e559fb5469878f0373951e6f2031a45

SHA512
aa8e4ba434c38d182753f00ff92135eba24eab57d5d00561bda197a4cf5bd13373350c972896a54c30a2dd032211ab579834c441c5cf8d21b73d446debc2f351

Download Submit
C:\Windows\System\onhmePz.exe

Filesize
2.2MB

MD5
e1653ecc29d03a7c1207bbc83cac51da

SHA1
454a8d07f590ade0686a150a6b210674ab5b2f17

SHA256
b548e76a4e93ff43f11cf3f125534f0bbda41b8f0f0252b1d8bacc36a006a8b4

SHA512
194080547b8b6a66d967e2df3eae87a653026bdaf934cde2c5c7268b45ff80101f0a2a3c295a1d03518b3d4ca8431e20498c453771675a292331b3583229b513

Download Submit
C:\Windows\System\orGemWa.exe

Filesize
2.2MB

MD5
8f0e86531359bd705f60c53aed6abb5e

SHA1
620b8746c505541cfd9ef32e995ba2bca19733d2

SHA256
bf6364ab6d722ba0ca9db456d1342105d118fcfeea275dc816dd2d46647e1cf3

SHA512
7f32780a68708b23a7e04e00022be8ca80caf5b9705083863cfb61ec35b859ef92e1396f0745949bd9c0cdeec931db95bfd7605b011d9860c24bc474e5103ed6

Download Submit
C:\Windows\System\tCixuyW.exe

Filesize
2.2MB

MD5
df68c5eaf4a8b85e2f5949a12c53221e

SHA1
50a22a496005f79f4bae43c11137d242149e3026

SHA256
01e813c229eb4da040e8a2123d9b7240b132987b335ab192c4a2813ff2c1b8f3

SHA512
07f6da18f2c0f0d2a17044048521d1cdec041a07186591fe2e31f96562ec2a620bd681ee43dab5eca0efbf99bf1e0a2a38db6a46546cb9785fb5b848c7019336

Download Submit
C:\Windows\System\ueXEUFG.exe

Filesize
2.2MB

MD5
a3f4e093c25fcfc2db652625d28fc5fa

SHA1
2e1e0306c4a43887c2efc8894262dba1b05dd1a7

SHA256
facdd0593693a6b45debb18b6ad302429864ec6038334fff75ad9deda539890a

SHA512
54d0f4812b4057f1b94f853ebe4710b5208b8a67e416b26e99e265afe2361d74d6d6536cadd18d2ef3f11454a2395b87f476fdbf956e611098a33acd77c0139f

Download Submit
C:\Windows\System\vwhkREd.exe

Filesize
2.2MB

MD5
d5696ff6b63d58babc50c128a187c86f

SHA1
3f603ca6b78559064db13741d067ac5730603f8c

SHA256
108be177c3b7927bbee5d8568b89d3c3471169ca424d590240596890695e4b37

SHA512
02889b928cd059fa695982f2d52aa1de089364bcd29968aef11beafa9c48801135030693e7760a20595c6a7d63db79f6949689a659f62fcc2501caca79111cd7

Download Submit
C:\Windows\System\wJiBZjw.exe

Filesize
2.2MB

MD5
e4ecb430a85a58c0f94fa6b44536b4ad

SHA1
1158e3e16fa55445141c673d50b06a7c3156f65d

SHA256
4e2b6e0eb4453b9f0635abd29909f5472dac6672e90a2f17c3b2e59d8a92d2a2

SHA512
bf445053e37de3ca4cf53d0746b54a8b130ae984874c49b4c4e6df357c499118a39a2e6f5b1c8bdf548ec3d473b065235faaaf02838a332da4b59f4aa2422bcc

Download Submit
memory/508-54-0x00007FF759BD0000-0x00007FF759F24000-memory.dmp

Filesize
3.3MB

Download
memory/508-2148-0x00007FF759BD0000-0x00007FF759F24000-memory.dmp

Filesize
3.3MB

Download
memory/508-2160-0x00007FF759BD0000-0x00007FF759F24000-memory.dmp

Filesize
3.3MB

Download
memory/920-2161-0x00007FF651FE0000-0x00007FF652334000-memory.dmp

Filesize
3.3MB

Download
memory/920-195-0x00007FF651FE0000-0x00007FF652334000-memory.dmp

Filesize
3.3MB

Download
memory/1096-197-0x00007FF74BB10000-0x00007FF74BE64000-memory.dmp

Filesize
3.3MB

Download
memory/1096-2157-0x00007FF74BB10000-0x00007FF74BE64000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2142-0x00007FF722460000-0x00007FF7227B4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-15-0x00007FF722460000-0x00007FF7227B4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2151-0x00007FF722460000-0x00007FF7227B4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2146-0x00007FF6B19E0000-0x00007FF6B1D34000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2165-0x00007FF6B19E0000-0x00007FF6B1D34000-memory.dmp

Filesize
3.3MB

Download
memory/1448-143-0x00007FF6B19E0000-0x00007FF6B1D34000-memory.dmp

Filesize
3.3MB

Download
memory/1780-196-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2166-0x00007FF7A3320000-0x00007FF7A3674000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2168-0x00007FF72F640000-0x00007FF72F994000-memory.dmp

Filesize
3.3MB

Download
memory/1980-200-0x00007FF72F640000-0x00007FF72F994000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2145-0x00007FF6D7C60000-0x00007FF6D7FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2159-0x00007FF6D7C60000-0x00007FF6D7FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-122-0x00007FF6D7C60000-0x00007FF6D7FB4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2170-0x00007FF7788D0000-0x00007FF778C24000-memory.dmp

Filesize
3.3MB

Download
memory/2156-190-0x00007FF7788D0000-0x00007FF778C24000-memory.dmp

Filesize
3.3MB

Download
memory/2404-73-0x00007FF79CDC0000-0x00007FF79D114000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2144-0x00007FF79CDC0000-0x00007FF79D114000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2155-0x00007FF79CDC0000-0x00007FF79D114000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2171-0x00007FF7E80E0000-0x00007FF7E8434000-memory.dmp

Filesize
3.3MB

Download
memory/2436-191-0x00007FF7E80E0000-0x00007FF7E8434000-memory.dmp

Filesize
3.3MB

Download
memory/2476-188-0x00007FF73E4C0000-0x00007FF73E814000-memory.dmp

Filesize
3.3MB

Download
memory/2476-2176-0x00007FF73E4C0000-0x00007FF73E814000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2153-0x00007FF6228F0000-0x00007FF622C44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-42-0x00007FF6228F0000-0x00007FF622C44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2147-0x00007FF6228F0000-0x00007FF622C44000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2164-0x00007FF637EE0000-0x00007FF638234000-memory.dmp

Filesize
3.3MB

Download
memory/2592-182-0x00007FF637EE0000-0x00007FF638234000-memory.dmp

Filesize
3.3MB

Download
memory/2760-192-0x00007FF7BF330000-0x00007FF7BF684000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2169-0x00007FF7BF330000-0x00007FF7BF684000-memory.dmp

Filesize
3.3MB

Download
memory/2860-25-0x00007FF704720000-0x00007FF704A74000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2150-0x00007FF704720000-0x00007FF704A74000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2156-0x00007FF7FBA20000-0x00007FF7FBD74000-memory.dmp

Filesize
3.3MB

Download
memory/3216-104-0x00007FF7FBA20000-0x00007FF7FBD74000-memory.dmp

Filesize
3.3MB

Download
memory/3476-198-0x00007FF7904D0000-0x00007FF790824000-memory.dmp

Filesize
3.3MB

Download
memory/3476-2158-0x00007FF7904D0000-0x00007FF790824000-memory.dmp

Filesize
3.3MB

Download
memory/3844-2163-0x00007FF74BB60000-0x00007FF74BEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3844-70-0x00007FF74BB60000-0x00007FF74BEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3844-2143-0x00007FF74BB60000-0x00007FF74BEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2175-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp

Filesize
3.3MB

Download
memory/3992-178-0x00007FF7A3ED0000-0x00007FF7A4224000-memory.dmp

Filesize
3.3MB

Download
memory/4004-199-0x00007FF7757A0000-0x00007FF775AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2167-0x00007FF7757A0000-0x00007FF775AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2149-0x00007FF70D150000-0x00007FF70D4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-194-0x00007FF70D150000-0x00007FF70D4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-181-0x00007FF7D75D0000-0x00007FF7D7924000-memory.dmp

Filesize
3.3MB

Download
memory/4248-2172-0x00007FF7D75D0000-0x00007FF7D7924000-memory.dmp

Filesize
3.3MB

Download
memory/4372-2177-0x00007FF717A50000-0x00007FF717DA4000-memory.dmp

Filesize
3.3MB

Download
memory/4372-189-0x00007FF717A50000-0x00007FF717DA4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-162-0x00007FF73AAF0000-0x00007FF73AE44000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2174-0x00007FF73AAF0000-0x00007FF73AE44000-memory.dmp

Filesize
3.3MB

Download
memory/4616-0-0x00007FF7CC420000-0x00007FF7CC774000-memory.dmp

Filesize
3.3MB

Download
memory/4616-1-0x0000026A13470000-0x0000026A13480000-memory.dmp

Filesize
64KB

Download
memory/4616-2141-0x00007FF7CC420000-0x00007FF7CC774000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2173-0x00007FF7AA7C0000-0x00007FF7AAB14000-memory.dmp

Filesize
3.3MB

Download
memory/4632-187-0x00007FF7AA7C0000-0x00007FF7AAB14000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2152-0x00007FF75A1B0000-0x00007FF75A504000-memory.dmp

Filesize
3.3MB

Download
memory/4700-39-0x00007FF75A1B0000-0x00007FF75A504000-memory.dmp

Filesize
3.3MB

Download
memory/4928-146-0x00007FF72C8A0000-0x00007FF72CBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2162-0x00007FF72C8A0000-0x00007FF72CBF4000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2154-0x00007FF6B4CC0000-0x00007FF6B5014000-memory.dmp

Filesize
3.3MB

Download
memory/5012-193-0x00007FF6B4CC0000-0x00007FF6B5014000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads