xmrig | bc65dd8d25c68cdbb0ce489307817e6625f19443884d13c071f303f72d8ea4f1

Analysis

max time kernel
114s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 23:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
Size

2.4MB
MD5

1b0808e7a5f0ff050fe825d403b74ad0
SHA1

21f43f7504790eb6b644fca84223608e89236b8d
SHA256

bc65dd8d25c68cdbb0ce489307817e6625f19443884d13c071f303f72d8ea4f1
SHA512

0820010b2c7f6428a719319b205088473fb7c8a6d737b1892a2d1754695b7e5081ee641684d33af512754478815d41d0d804343c826203020f6877ca2b54100d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Aj4km1MsBH6E126:BemTLkNdfE0pZrn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/400-0-0x00007FF6D3370000-0x00007FF6D36C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002328e-5.dat	xmrig
behavioral2/files/0x00070000000233f2-7.dat	xmrig
behavioral2/files/0x00070000000233f1-13.dat	xmrig
behavioral2/files/0x00070000000233f4-24.dat	xmrig
behavioral2/files/0x00070000000233f5-33.dat	xmrig
behavioral2/files/0x00070000000233f7-50.dat	xmrig
behavioral2/files/0x00070000000233f9-49.dat	xmrig
behavioral2/memory/3756-63-0x00007FF6744E0000-0x00007FF674834000-memory.dmp	xmrig
behavioral2/memory/2132-75-0x00007FF6EB8F0000-0x00007FF6EBC44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023400-86.dat	xmrig
behavioral2/files/0x0007000000023408-130.dat	xmrig
behavioral2/files/0x000700000002340e-157.dat	xmrig
behavioral2/files/0x0007000000023415-181.dat	xmrig
behavioral2/memory/1036-207-0x00007FF79D290000-0x00007FF79D5E4000-memory.dmp	xmrig
behavioral2/memory/5096-226-0x00007FF6670B0000-0x00007FF667404000-memory.dmp	xmrig
behavioral2/memory/424-235-0x00007FF65C250000-0x00007FF65C5A4000-memory.dmp	xmrig
behavioral2/memory/4904-241-0x00007FF6881D0000-0x00007FF688524000-memory.dmp	xmrig
behavioral2/memory/4176-242-0x00007FF784B40000-0x00007FF784E94000-memory.dmp	xmrig
behavioral2/memory/2964-240-0x00007FF63F0F0000-0x00007FF63F444000-memory.dmp	xmrig
behavioral2/memory/4788-239-0x00007FF7214B0000-0x00007FF721804000-memory.dmp	xmrig
behavioral2/memory/2824-238-0x00007FF666730000-0x00007FF666A84000-memory.dmp	xmrig
behavioral2/memory/684-237-0x00007FF7F4BE0000-0x00007FF7F4F34000-memory.dmp	xmrig
behavioral2/memory/876-236-0x00007FF63F8D0000-0x00007FF63FC24000-memory.dmp	xmrig
behavioral2/memory/1232-234-0x00007FF6B99A0000-0x00007FF6B9CF4000-memory.dmp	xmrig
behavioral2/memory/2508-233-0x00007FF7837E0000-0x00007FF783B34000-memory.dmp	xmrig
behavioral2/memory/1692-232-0x00007FF67C390000-0x00007FF67C6E4000-memory.dmp	xmrig
behavioral2/memory/2968-231-0x00007FF693850000-0x00007FF693BA4000-memory.dmp	xmrig
behavioral2/memory/524-230-0x00007FF779810000-0x00007FF779B64000-memory.dmp	xmrig
behavioral2/memory/1744-229-0x00007FF7B8370000-0x00007FF7B86C4000-memory.dmp	xmrig
behavioral2/memory/4624-218-0x00007FF679DF0000-0x00007FF67A144000-memory.dmp	xmrig
behavioral2/memory/4084-206-0x00007FF669870000-0x00007FF669BC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-194.dat	xmrig
behavioral2/files/0x0007000000023414-180.dat	xmrig
behavioral2/files/0x0007000000023413-179.dat	xmrig
behavioral2/files/0x0007000000023407-175.dat	xmrig
behavioral2/files/0x0007000000023412-174.dat	xmrig
behavioral2/files/0x0007000000023411-173.dat	xmrig
behavioral2/files/0x00080000000233ee-170.dat	xmrig
behavioral2/files/0x0007000000023410-169.dat	xmrig
behavioral2/files/0x0007000000023405-168.dat	xmrig
behavioral2/files/0x000700000002340f-160.dat	xmrig
behavioral2/files/0x0007000000023409-156.dat	xmrig
behavioral2/files/0x0007000000023404-152.dat	xmrig
behavioral2/files/0x000700000002340d-149.dat	xmrig
behavioral2/files/0x0007000000023403-143.dat	xmrig
behavioral2/files/0x000700000002340c-142.dat	xmrig
behavioral2/files/0x000700000002340b-140.dat	xmrig
behavioral2/files/0x000700000002340a-139.dat	xmrig
behavioral2/memory/2804-166-0x00007FF696530000-0x00007FF696884000-memory.dmp	xmrig
behavioral2/memory/1460-136-0x00007FF6C6C90000-0x00007FF6C6FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-135.dat	xmrig
behavioral2/files/0x00070000000233fd-123.dat	xmrig
behavioral2/files/0x0007000000023406-119.dat	xmrig
behavioral2/files/0x00070000000233ff-110.dat	xmrig
behavioral2/memory/1652-107-0x00007FF7B5120000-0x00007FF7B5474000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fc-94.dat	xmrig
behavioral2/files/0x0007000000023401-112.dat	xmrig
behavioral2/files/0x00070000000233fe-108.dat	xmrig
behavioral2/memory/1012-91-0x00007FF6786B0000-0x00007FF678A04000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fb-83.dat	xmrig
behavioral2/files/0x00070000000233fa-78.dat	xmrig
behavioral2/files/0x00070000000233f6-60.dat	xmrig
behavioral2/files/0x00070000000233f8-58.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4844	BdwxgbM.exe
4988	MCQdCcA.exe
2348	fPaXgyn.exe
4480	CPhYqBS.exe
1724	RIkcBTN.exe
684	NOzASvU.exe
3756	liuqcdF.exe
2132	QiyfcEk.exe
1012	bVBJWWo.exe
1652	QWcdSqJ.exe
2824	pXAOQod.exe
1460	hXKyFfD.exe
4788	mxkPCBT.exe
2804	klXQVNx.exe
2964	FbQnpve.exe
4084	UYIUYaX.exe
1036	DWaBpgb.exe
4624	ceNzhJJ.exe
5096	NIrVdWI.exe
4904	GDMmihl.exe
1744	UrxAFcR.exe
524	ndNeSvB.exe
2968	xgXlNxV.exe
1692	DTsSxQB.exe
2508	wqAiTdX.exe
4176	iyUMSCv.exe
1232	EhiHkdx.exe
424	BMhJFDd.exe
876	uQYtdQs.exe
2812	XUJZqkt.exe
2492	VqnqqfM.exe
4116	lblHzlp.exe
1464	OtRmjOq.exe
3724	cyALRpg.exe
1256	fRgYjbX.exe
3636	yBPjSdF.exe
4344	YoZyxuE.exe
2276	BKWLAjd.exe
2004	ywFCybH.exe
4428	cbEjCPT.exe
2988	sQXiruX.exe
4496	mrTsfKh.exe
5068	QAdkRdR.exe
4144	elTRcCc.exe
4580	UBWmHlj.exe
4820	kJzKRsp.exe
2900	oNeOrdR.exe
3344	oeWChSW.exe
2892	KmhYlZD.exe
2380	EAXEUrU.exe
1320	ipYKNUM.exe
4408	wFrAogb.exe
1512	QPvyVqf.exe
3496	Athsphk.exe
4952	UYaKVgV.exe
2864	UqExbIQ.exe
3348	VpZSDQV.exe
4212	AwYfRUb.exe
3140	nSBNikE.exe
2336	dDbFGPT.exe
2904	WSlqqQE.exe
2116	oXlQSLX.exe
2448	GYqDhjY.exe
4704	ZIseMTL.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/400-0-0x00007FF6D3370000-0x00007FF6D36C4000-memory.dmp	upx
behavioral2/files/0x000700000002328e-5.dat	upx
behavioral2/files/0x00070000000233f2-7.dat	upx
behavioral2/files/0x00070000000233f1-13.dat	upx
behavioral2/files/0x00070000000233f4-24.dat	upx
behavioral2/files/0x00070000000233f5-33.dat	upx
behavioral2/files/0x00070000000233f7-50.dat	upx
behavioral2/files/0x00070000000233f9-49.dat	upx
behavioral2/memory/3756-63-0x00007FF6744E0000-0x00007FF674834000-memory.dmp	upx
behavioral2/memory/2132-75-0x00007FF6EB8F0000-0x00007FF6EBC44000-memory.dmp	upx
behavioral2/files/0x0007000000023400-86.dat	upx
behavioral2/files/0x0007000000023408-130.dat	upx
behavioral2/files/0x000700000002340e-157.dat	upx
behavioral2/files/0x0007000000023415-181.dat	upx
behavioral2/memory/1036-207-0x00007FF79D290000-0x00007FF79D5E4000-memory.dmp	upx
behavioral2/memory/5096-226-0x00007FF6670B0000-0x00007FF667404000-memory.dmp	upx
behavioral2/memory/424-235-0x00007FF65C250000-0x00007FF65C5A4000-memory.dmp	upx
behavioral2/memory/4904-241-0x00007FF6881D0000-0x00007FF688524000-memory.dmp	upx
behavioral2/memory/4176-242-0x00007FF784B40000-0x00007FF784E94000-memory.dmp	upx
behavioral2/memory/2964-240-0x00007FF63F0F0000-0x00007FF63F444000-memory.dmp	upx
behavioral2/memory/4788-239-0x00007FF7214B0000-0x00007FF721804000-memory.dmp	upx
behavioral2/memory/2824-238-0x00007FF666730000-0x00007FF666A84000-memory.dmp	upx
behavioral2/memory/684-237-0x00007FF7F4BE0000-0x00007FF7F4F34000-memory.dmp	upx
behavioral2/memory/876-236-0x00007FF63F8D0000-0x00007FF63FC24000-memory.dmp	upx
behavioral2/memory/1232-234-0x00007FF6B99A0000-0x00007FF6B9CF4000-memory.dmp	upx
behavioral2/memory/2508-233-0x00007FF7837E0000-0x00007FF783B34000-memory.dmp	upx
behavioral2/memory/1692-232-0x00007FF67C390000-0x00007FF67C6E4000-memory.dmp	upx
behavioral2/memory/2968-231-0x00007FF693850000-0x00007FF693BA4000-memory.dmp	upx
behavioral2/memory/524-230-0x00007FF779810000-0x00007FF779B64000-memory.dmp	upx
behavioral2/memory/1744-229-0x00007FF7B8370000-0x00007FF7B86C4000-memory.dmp	upx
behavioral2/memory/4624-218-0x00007FF679DF0000-0x00007FF67A144000-memory.dmp	upx
behavioral2/memory/4084-206-0x00007FF669870000-0x00007FF669BC4000-memory.dmp	upx
behavioral2/files/0x0007000000023416-194.dat	upx
behavioral2/files/0x0007000000023414-180.dat	upx
behavioral2/files/0x0007000000023413-179.dat	upx
behavioral2/files/0x0007000000023407-175.dat	upx
behavioral2/files/0x0007000000023412-174.dat	upx
behavioral2/files/0x0007000000023411-173.dat	upx
behavioral2/files/0x00080000000233ee-170.dat	upx
behavioral2/files/0x0007000000023410-169.dat	upx
behavioral2/files/0x0007000000023405-168.dat	upx
behavioral2/files/0x000700000002340f-160.dat	upx
behavioral2/files/0x0007000000023409-156.dat	upx
behavioral2/files/0x0007000000023404-152.dat	upx
behavioral2/files/0x000700000002340d-149.dat	upx
behavioral2/files/0x0007000000023403-143.dat	upx
behavioral2/files/0x000700000002340c-142.dat	upx
behavioral2/files/0x000700000002340b-140.dat	upx
behavioral2/files/0x000700000002340a-139.dat	upx
behavioral2/memory/2804-166-0x00007FF696530000-0x00007FF696884000-memory.dmp	upx
behavioral2/memory/1460-136-0x00007FF6C6C90000-0x00007FF6C6FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023402-135.dat	upx
behavioral2/files/0x00070000000233fd-123.dat	upx
behavioral2/files/0x0007000000023406-119.dat	upx
behavioral2/files/0x00070000000233ff-110.dat	upx
behavioral2/memory/1652-107-0x00007FF7B5120000-0x00007FF7B5474000-memory.dmp	upx
behavioral2/files/0x00070000000233fc-94.dat	upx
behavioral2/files/0x0007000000023401-112.dat	upx
behavioral2/files/0x00070000000233fe-108.dat	upx
behavioral2/memory/1012-91-0x00007FF6786B0000-0x00007FF678A04000-memory.dmp	upx
behavioral2/files/0x00070000000233fb-83.dat	upx
behavioral2/files/0x00070000000233fa-78.dat	upx
behavioral2/files/0x00070000000233f6-60.dat	upx
behavioral2/files/0x00070000000233f8-58.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AwAyRCs.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\rpoYEhc.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\afaEYZE.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\ZnTZjiV.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\nWpQott.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\GqJtpBB.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\lpQsQQR.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\PNLjwwa.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\UnTzDKB.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\wMRHOJs.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\EAXEUrU.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\IuemzOQ.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\BnJZZsR.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\bOKyDAG.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\bZVWNkD.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\BnYEvyd.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\nttOHbA.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\AgZUhmP.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\WyFtQPM.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\UYIUYaX.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\XUJZqkt.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\QPvyVqf.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\xKogSrX.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\sllKpnm.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\bgmeyCG.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\asJbAqX.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\BYEAVsS.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\cNbZzWd.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\UeLyQUE.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\kSrrftm.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\RefEwij.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\idzmyoi.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\OBYFkTx.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\ViHmaFw.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\dDbFGPT.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\NHinZFg.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\EgejYmT.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\rKvWVqK.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\kpcoGTl.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\nsqFLYU.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\cbgmxoA.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\wzINxJA.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\ndNeSvB.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\YoZyxuE.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\UBWmHlj.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\ULykSlV.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\NoVDiLd.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\tLinUam.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\kVToKBd.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\zauefGl.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\wgWgjXV.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\mbBbNLe.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\PutqhCZ.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\GAZRSBH.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\sQXiruX.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\oXlQSLX.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\hpGIAHB.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\cbUvDHn.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\xLKnjKx.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\IHTxSCL.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\IgJXVtW.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\oFkKpwC.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\hvYAjfd.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
File created	C:\Windows\System\GxCkECn.exe	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15160	dwm.exe
Token: SeChangeNotifyPrivilege	15160	dwm.exe
Token: 33	15160	dwm.exe
Token: SeIncBasePriorityPrivilege	15160	dwm.exe
Token: SeShutdownPrivilege	15160	dwm.exe
Token: SeCreatePagefilePrivilege	15160	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 4844	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	84
PID 400 wrote to memory of 4844	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	84
PID 400 wrote to memory of 4988	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	85
PID 400 wrote to memory of 4988	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	85
PID 400 wrote to memory of 2348	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	86
PID 400 wrote to memory of 2348	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	86
PID 400 wrote to memory of 4480	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	87
PID 400 wrote to memory of 4480	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	87
PID 400 wrote to memory of 1724	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	88
PID 400 wrote to memory of 1724	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	88
PID 400 wrote to memory of 684	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	89
PID 400 wrote to memory of 684	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	89
PID 400 wrote to memory of 3756	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	90
PID 400 wrote to memory of 3756	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	90
PID 400 wrote to memory of 2132	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	91
PID 400 wrote to memory of 2132	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	91
PID 400 wrote to memory of 1012	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	92
PID 400 wrote to memory of 1012	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	92
PID 400 wrote to memory of 1652	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	93
PID 400 wrote to memory of 1652	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	93
PID 400 wrote to memory of 2824	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	94
PID 400 wrote to memory of 2824	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	94
PID 400 wrote to memory of 1460	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	95
PID 400 wrote to memory of 1460	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	95
PID 400 wrote to memory of 4788	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	96
PID 400 wrote to memory of 4788	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	96
PID 400 wrote to memory of 2804	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	97
PID 400 wrote to memory of 2804	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	97
PID 400 wrote to memory of 2964	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	98
PID 400 wrote to memory of 2964	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	98
PID 400 wrote to memory of 4084	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	99
PID 400 wrote to memory of 4084	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	99
PID 400 wrote to memory of 1036	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	100
PID 400 wrote to memory of 1036	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	100
PID 400 wrote to memory of 4624	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	101
PID 400 wrote to memory of 4624	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	101
PID 400 wrote to memory of 5096	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	102
PID 400 wrote to memory of 5096	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	102
PID 400 wrote to memory of 4904	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	103
PID 400 wrote to memory of 4904	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	103
PID 400 wrote to memory of 1744	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	104
PID 400 wrote to memory of 1744	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	104
PID 400 wrote to memory of 524	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	105
PID 400 wrote to memory of 524	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	105
PID 400 wrote to memory of 2968	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	106
PID 400 wrote to memory of 2968	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	106
PID 400 wrote to memory of 1692	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	107
PID 400 wrote to memory of 1692	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	107
PID 400 wrote to memory of 2508	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	108
PID 400 wrote to memory of 2508	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	108
PID 400 wrote to memory of 2812	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	109
PID 400 wrote to memory of 2812	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	109
PID 400 wrote to memory of 4176	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	110
PID 400 wrote to memory of 4176	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	110
PID 400 wrote to memory of 1232	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	111
PID 400 wrote to memory of 1232	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	111
PID 400 wrote to memory of 424	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	112
PID 400 wrote to memory of 424	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	112
PID 400 wrote to memory of 876	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	113
PID 400 wrote to memory of 876	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	113
PID 400 wrote to memory of 2492	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	114
PID 400 wrote to memory of 2492	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	114
PID 400 wrote to memory of 4116	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	115
PID 400 wrote to memory of 4116	400	1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b0808e7a5f0ff050fe825d403b74ad0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\System\BdwxgbM.exe
  C:\Windows\System\BdwxgbM.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\MCQdCcA.exe
  C:\Windows\System\MCQdCcA.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\fPaXgyn.exe
  C:\Windows\System\fPaXgyn.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\CPhYqBS.exe
  C:\Windows\System\CPhYqBS.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\RIkcBTN.exe
  C:\Windows\System\RIkcBTN.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\NOzASvU.exe
  C:\Windows\System\NOzASvU.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\liuqcdF.exe
  C:\Windows\System\liuqcdF.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\QiyfcEk.exe
  C:\Windows\System\QiyfcEk.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\bVBJWWo.exe
  C:\Windows\System\bVBJWWo.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\QWcdSqJ.exe
  C:\Windows\System\QWcdSqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\pXAOQod.exe
  C:\Windows\System\pXAOQod.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\hXKyFfD.exe
  C:\Windows\System\hXKyFfD.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\mxkPCBT.exe
  C:\Windows\System\mxkPCBT.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\klXQVNx.exe
  C:\Windows\System\klXQVNx.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\FbQnpve.exe
  C:\Windows\System\FbQnpve.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\UYIUYaX.exe
  C:\Windows\System\UYIUYaX.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\DWaBpgb.exe
  C:\Windows\System\DWaBpgb.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\ceNzhJJ.exe
  C:\Windows\System\ceNzhJJ.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\NIrVdWI.exe
  C:\Windows\System\NIrVdWI.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\GDMmihl.exe
  C:\Windows\System\GDMmihl.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\UrxAFcR.exe
  C:\Windows\System\UrxAFcR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ndNeSvB.exe
  C:\Windows\System\ndNeSvB.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\xgXlNxV.exe
  C:\Windows\System\xgXlNxV.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\DTsSxQB.exe
  C:\Windows\System\DTsSxQB.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\wqAiTdX.exe
  C:\Windows\System\wqAiTdX.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XUJZqkt.exe
  C:\Windows\System\XUJZqkt.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\iyUMSCv.exe
  C:\Windows\System\iyUMSCv.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\EhiHkdx.exe
  C:\Windows\System\EhiHkdx.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\BMhJFDd.exe
  C:\Windows\System\BMhJFDd.exe
  2⤵
  - Executes dropped EXE
  PID:424
- C:\Windows\System\uQYtdQs.exe
  C:\Windows\System\uQYtdQs.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\VqnqqfM.exe
  C:\Windows\System\VqnqqfM.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\lblHzlp.exe
  C:\Windows\System\lblHzlp.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\OtRmjOq.exe
  C:\Windows\System\OtRmjOq.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\cyALRpg.exe
  C:\Windows\System\cyALRpg.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\fRgYjbX.exe
  C:\Windows\System\fRgYjbX.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\yBPjSdF.exe
  C:\Windows\System\yBPjSdF.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\YoZyxuE.exe
  C:\Windows\System\YoZyxuE.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\BKWLAjd.exe
  C:\Windows\System\BKWLAjd.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ywFCybH.exe
  C:\Windows\System\ywFCybH.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\cbEjCPT.exe
  C:\Windows\System\cbEjCPT.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\sQXiruX.exe
  C:\Windows\System\sQXiruX.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\mrTsfKh.exe
  C:\Windows\System\mrTsfKh.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\QAdkRdR.exe
  C:\Windows\System\QAdkRdR.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\elTRcCc.exe
  C:\Windows\System\elTRcCc.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\UBWmHlj.exe
  C:\Windows\System\UBWmHlj.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\kJzKRsp.exe
  C:\Windows\System\kJzKRsp.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\oNeOrdR.exe
  C:\Windows\System\oNeOrdR.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\oeWChSW.exe
  C:\Windows\System\oeWChSW.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\KmhYlZD.exe
  C:\Windows\System\KmhYlZD.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\EAXEUrU.exe
  C:\Windows\System\EAXEUrU.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ipYKNUM.exe
  C:\Windows\System\ipYKNUM.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\wFrAogb.exe
  C:\Windows\System\wFrAogb.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\QPvyVqf.exe
  C:\Windows\System\QPvyVqf.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\Athsphk.exe
  C:\Windows\System\Athsphk.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\UYaKVgV.exe
  C:\Windows\System\UYaKVgV.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\UqExbIQ.exe
  C:\Windows\System\UqExbIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\VpZSDQV.exe
  C:\Windows\System\VpZSDQV.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\AwYfRUb.exe
  C:\Windows\System\AwYfRUb.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\nSBNikE.exe
  C:\Windows\System\nSBNikE.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\dDbFGPT.exe
  C:\Windows\System\dDbFGPT.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\WSlqqQE.exe
  C:\Windows\System\WSlqqQE.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\oXlQSLX.exe
  C:\Windows\System\oXlQSLX.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\GYqDhjY.exe
  C:\Windows\System\GYqDhjY.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ZIseMTL.exe
  C:\Windows\System\ZIseMTL.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\nWpQott.exe
  C:\Windows\System\nWpQott.exe
  2⤵
  PID:1648
- C:\Windows\System\OPwoZsv.exe
  C:\Windows\System\OPwoZsv.exe
  2⤵
  PID:764
- C:\Windows\System\porEiOX.exe
  C:\Windows\System\porEiOX.exe
  2⤵
  PID:5080
- C:\Windows\System\NHinZFg.exe
  C:\Windows\System\NHinZFg.exe
  2⤵
  PID:5036
- C:\Windows\System\hpGIAHB.exe
  C:\Windows\System\hpGIAHB.exe
  2⤵
  PID:4192
- C:\Windows\System\kbPdpjD.exe
  C:\Windows\System\kbPdpjD.exe
  2⤵
  PID:1216
- C:\Windows\System\WOIjCRQ.exe
  C:\Windows\System\WOIjCRQ.exe
  2⤵
  PID:4012
- C:\Windows\System\gzdQmqE.exe
  C:\Windows\System\gzdQmqE.exe
  2⤵
  PID:2344
- C:\Windows\System\jAVyDNu.exe
  C:\Windows\System\jAVyDNu.exe
  2⤵
  PID:368
- C:\Windows\System\LXIWKBG.exe
  C:\Windows\System\LXIWKBG.exe
  2⤵
  PID:2324
- C:\Windows\System\sJtnWwW.exe
  C:\Windows\System\sJtnWwW.exe
  2⤵
  PID:1832
- C:\Windows\System\GqJtpBB.exe
  C:\Windows\System\GqJtpBB.exe
  2⤵
  PID:4424
- C:\Windows\System\DSlHNbf.exe
  C:\Windows\System\DSlHNbf.exe
  2⤵
  PID:116
- C:\Windows\System\QXavcYP.exe
  C:\Windows\System\QXavcYP.exe
  2⤵
  PID:2424
- C:\Windows\System\Oykoiiv.exe
  C:\Windows\System\Oykoiiv.exe
  2⤵
  PID:2108
- C:\Windows\System\vdFkUKO.exe
  C:\Windows\System\vdFkUKO.exe
  2⤵
  PID:3244
- C:\Windows\System\CQTjIxi.exe
  C:\Windows\System\CQTjIxi.exe
  2⤵
  PID:3856
- C:\Windows\System\NmDZyEz.exe
  C:\Windows\System\NmDZyEz.exe
  2⤵
  PID:3160
- C:\Windows\System\YOzvTLi.exe
  C:\Windows\System\YOzvTLi.exe
  2⤵
  PID:3020
- C:\Windows\System\IuemzOQ.exe
  C:\Windows\System\IuemzOQ.exe
  2⤵
  PID:760
- C:\Windows\System\rBzPuug.exe
  C:\Windows\System\rBzPuug.exe
  2⤵
  PID:4868
- C:\Windows\System\vUoegCN.exe
  C:\Windows\System\vUoegCN.exe
  2⤵
  PID:2432
- C:\Windows\System\IyxCvJG.exe
  C:\Windows\System\IyxCvJG.exe
  2⤵
  PID:2124
- C:\Windows\System\DuoLlOd.exe
  C:\Windows\System\DuoLlOd.exe
  2⤵
  PID:2024
- C:\Windows\System\tboWUrn.exe
  C:\Windows\System\tboWUrn.exe
  2⤵
  PID:3592
- C:\Windows\System\ikvDEiP.exe
  C:\Windows\System\ikvDEiP.exe
  2⤵
  PID:1984
- C:\Windows\System\lIDlfdV.exe
  C:\Windows\System\lIDlfdV.exe
  2⤵
  PID:2820
- C:\Windows\System\ruaREKu.exe
  C:\Windows\System\ruaREKu.exe
  2⤵
  PID:224
- C:\Windows\System\kQDIuQp.exe
  C:\Windows\System\kQDIuQp.exe
  2⤵
  PID:3212
- C:\Windows\System\URXEBeB.exe
  C:\Windows\System\URXEBeB.exe
  2⤵
  PID:3188
- C:\Windows\System\KremjIe.exe
  C:\Windows\System\KremjIe.exe
  2⤵
  PID:3720
- C:\Windows\System\XFuRkmv.exe
  C:\Windows\System\XFuRkmv.exe
  2⤵
  PID:692
- C:\Windows\System\ssLYDWN.exe
  C:\Windows\System\ssLYDWN.exe
  2⤵
  PID:5152
- C:\Windows\System\CuMvGFV.exe
  C:\Windows\System\CuMvGFV.exe
  2⤵
  PID:5180
- C:\Windows\System\xEOWuzV.exe
  C:\Windows\System\xEOWuzV.exe
  2⤵
  PID:5228
- C:\Windows\System\YNwCGPQ.exe
  C:\Windows\System\YNwCGPQ.exe
  2⤵
  PID:5256
- C:\Windows\System\QqKtYcE.exe
  C:\Windows\System\QqKtYcE.exe
  2⤵
  PID:5296
- C:\Windows\System\vJqJIBt.exe
  C:\Windows\System\vJqJIBt.exe
  2⤵
  PID:5340
- C:\Windows\System\QvxRXQg.exe
  C:\Windows\System\QvxRXQg.exe
  2⤵
  PID:5356
- C:\Windows\System\lfcWOBV.exe
  C:\Windows\System\lfcWOBV.exe
  2⤵
  PID:5392
- C:\Windows\System\uqiZTpU.exe
  C:\Windows\System\uqiZTpU.exe
  2⤵
  PID:5432
- C:\Windows\System\DxfUumC.exe
  C:\Windows\System\DxfUumC.exe
  2⤵
  PID:5472
- C:\Windows\System\BnYEvyd.exe
  C:\Windows\System\BnYEvyd.exe
  2⤵
  PID:5508
- C:\Windows\System\QqtxnQS.exe
  C:\Windows\System\QqtxnQS.exe
  2⤵
  PID:5524
- C:\Windows\System\lQdKfzq.exe
  C:\Windows\System\lQdKfzq.exe
  2⤵
  PID:5552
- C:\Windows\System\xKTLTHH.exe
  C:\Windows\System\xKTLTHH.exe
  2⤵
  PID:5592
- C:\Windows\System\tJZThKP.exe
  C:\Windows\System\tJZThKP.exe
  2⤵
  PID:5632
- C:\Windows\System\BnJZZsR.exe
  C:\Windows\System\BnJZZsR.exe
  2⤵
  PID:5668
- C:\Windows\System\wmJCFYr.exe
  C:\Windows\System\wmJCFYr.exe
  2⤵
  PID:5692
- C:\Windows\System\auZbSFo.exe
  C:\Windows\System\auZbSFo.exe
  2⤵
  PID:5732
- C:\Windows\System\iNhJopE.exe
  C:\Windows\System\iNhJopE.exe
  2⤵
  PID:5760
- C:\Windows\System\yqBMZnC.exe
  C:\Windows\System\yqBMZnC.exe
  2⤵
  PID:5776
- C:\Windows\System\xqNTMNC.exe
  C:\Windows\System\xqNTMNC.exe
  2⤵
  PID:5804
- C:\Windows\System\jtQMMiV.exe
  C:\Windows\System\jtQMMiV.exe
  2⤵
  PID:5844
- C:\Windows\System\gGCcNcV.exe
  C:\Windows\System\gGCcNcV.exe
  2⤵
  PID:5884
- C:\Windows\System\IgJXVtW.exe
  C:\Windows\System\IgJXVtW.exe
  2⤵
  PID:5904
- C:\Windows\System\MJIkjqN.exe
  C:\Windows\System\MJIkjqN.exe
  2⤵
  PID:5936
- C:\Windows\System\GwSMfIM.exe
  C:\Windows\System\GwSMfIM.exe
  2⤵
  PID:5980
- C:\Windows\System\tgrhjFW.exe
  C:\Windows\System\tgrhjFW.exe
  2⤵
  PID:6008
- C:\Windows\System\ucgpRUz.exe
  C:\Windows\System\ucgpRUz.exe
  2⤵
  PID:6036
- C:\Windows\System\HsUiEBX.exe
  C:\Windows\System\HsUiEBX.exe
  2⤵
  PID:6068
- C:\Windows\System\DqdAFVH.exe
  C:\Windows\System\DqdAFVH.exe
  2⤵
  PID:6096
- C:\Windows\System\bugOPes.exe
  C:\Windows\System\bugOPes.exe
  2⤵
  PID:6124
- C:\Windows\System\xewaVCO.exe
  C:\Windows\System\xewaVCO.exe
  2⤵
  PID:6140
- C:\Windows\System\UGqixIl.exe
  C:\Windows\System\UGqixIl.exe
  2⤵
  PID:5144
- C:\Windows\System\ARFMbDq.exe
  C:\Windows\System\ARFMbDq.exe
  2⤵
  PID:5212
- C:\Windows\System\TCJGLdm.exe
  C:\Windows\System\TCJGLdm.exe
  2⤵
  PID:5284
- C:\Windows\System\gNnGtmx.exe
  C:\Windows\System\gNnGtmx.exe
  2⤵
  PID:5388
- C:\Windows\System\zauefGl.exe
  C:\Windows\System\zauefGl.exe
  2⤵
  PID:5520
- C:\Windows\System\qvLutIE.exe
  C:\Windows\System\qvLutIE.exe
  2⤵
  PID:5628
- C:\Windows\System\uACoRPo.exe
  C:\Windows\System\uACoRPo.exe
  2⤵
  PID:5200
- C:\Windows\System\luqQwUM.exe
  C:\Windows\System\luqQwUM.exe
  2⤵
  PID:5312
- C:\Windows\System\mtGneTb.exe
  C:\Windows\System\mtGneTb.exe
  2⤵
  PID:5088
- C:\Windows\System\HNCJEOi.exe
  C:\Windows\System\HNCJEOi.exe
  2⤵
  PID:5788
- C:\Windows\System\ENDifuD.exe
  C:\Windows\System\ENDifuD.exe
  2⤵
  PID:5896
- C:\Windows\System\qjhzmba.exe
  C:\Windows\System\qjhzmba.exe
  2⤵
  PID:5992
- C:\Windows\System\JIkPXNz.exe
  C:\Windows\System\JIkPXNz.exe
  2⤵
  PID:6032
- C:\Windows\System\LbIFtUI.exe
  C:\Windows\System\LbIFtUI.exe
  2⤵
  PID:6108
- C:\Windows\System\ewXxtFC.exe
  C:\Windows\System\ewXxtFC.exe
  2⤵
  PID:6120
- C:\Windows\System\rrQFgJp.exe
  C:\Windows\System\rrQFgJp.exe
  2⤵
  PID:5348
- C:\Windows\System\MmbMden.exe
  C:\Windows\System\MmbMden.exe
  2⤵
  PID:5576
- C:\Windows\System\HeSlGqW.exe
  C:\Windows\System\HeSlGqW.exe
  2⤵
  PID:5140
- C:\Windows\System\EgejYmT.exe
  C:\Windows\System\EgejYmT.exe
  2⤵
  PID:5964
- C:\Windows\System\doQNQPU.exe
  C:\Windows\System\doQNQPU.exe
  2⤵
  PID:6092
- C:\Windows\System\vkQPJTz.exe
  C:\Windows\System\vkQPJTz.exe
  2⤵
  PID:5604
- C:\Windows\System\ehvOrRs.exe
  C:\Windows\System\ehvOrRs.exe
  2⤵
  PID:5172
- C:\Windows\System\OTvSrSx.exe
  C:\Windows\System\OTvSrSx.exe
  2⤵
  PID:6152
- C:\Windows\System\HXDOddt.exe
  C:\Windows\System\HXDOddt.exe
  2⤵
  PID:6172
- C:\Windows\System\qzBzHBW.exe
  C:\Windows\System\qzBzHBW.exe
  2⤵
  PID:6200
- C:\Windows\System\WFUSWCw.exe
  C:\Windows\System\WFUSWCw.exe
  2⤵
  PID:6228
- C:\Windows\System\dWlEIzv.exe
  C:\Windows\System\dWlEIzv.exe
  2⤵
  PID:6256
- C:\Windows\System\pqOPFci.exe
  C:\Windows\System\pqOPFci.exe
  2⤵
  PID:6288
- C:\Windows\System\BYEAVsS.exe
  C:\Windows\System\BYEAVsS.exe
  2⤵
  PID:6328
- C:\Windows\System\pcZCWFg.exe
  C:\Windows\System\pcZCWFg.exe
  2⤵
  PID:6344
- C:\Windows\System\vGodRtT.exe
  C:\Windows\System\vGodRtT.exe
  2⤵
  PID:6360
- C:\Windows\System\NcBtxrK.exe
  C:\Windows\System\NcBtxrK.exe
  2⤵
  PID:6384
- C:\Windows\System\oFkKpwC.exe
  C:\Windows\System\oFkKpwC.exe
  2⤵
  PID:6404
- C:\Windows\System\BarAifa.exe
  C:\Windows\System\BarAifa.exe
  2⤵
  PID:6428
- C:\Windows\System\cthNZZa.exe
  C:\Windows\System\cthNZZa.exe
  2⤵
  PID:6464
- C:\Windows\System\OldMqTm.exe
  C:\Windows\System\OldMqTm.exe
  2⤵
  PID:6508
- C:\Windows\System\MnNhGwA.exe
  C:\Windows\System\MnNhGwA.exe
  2⤵
  PID:6540
- C:\Windows\System\JuSmdAr.exe
  C:\Windows\System\JuSmdAr.exe
  2⤵
  PID:6576
- C:\Windows\System\ShhbcJM.exe
  C:\Windows\System\ShhbcJM.exe
  2⤵
  PID:6608
- C:\Windows\System\qzWWper.exe
  C:\Windows\System\qzWWper.exe
  2⤵
  PID:6640
- C:\Windows\System\CmBTEgT.exe
  C:\Windows\System\CmBTEgT.exe
  2⤵
  PID:6664
- C:\Windows\System\eboRFAL.exe
  C:\Windows\System\eboRFAL.exe
  2⤵
  PID:6696
- C:\Windows\System\LautrCG.exe
  C:\Windows\System\LautrCG.exe
  2⤵
  PID:6732
- C:\Windows\System\qDapXCO.exe
  C:\Windows\System\qDapXCO.exe
  2⤵
  PID:6756
- C:\Windows\System\jgNQToQ.exe
  C:\Windows\System\jgNQToQ.exe
  2⤵
  PID:6776
- C:\Windows\System\SiMbeDG.exe
  C:\Windows\System\SiMbeDG.exe
  2⤵
  PID:6808
- C:\Windows\System\hxRLIrv.exe
  C:\Windows\System\hxRLIrv.exe
  2⤵
  PID:6828
- C:\Windows\System\otfBMQF.exe
  C:\Windows\System\otfBMQF.exe
  2⤵
  PID:6864
- C:\Windows\System\NoVDiLd.exe
  C:\Windows\System\NoVDiLd.exe
  2⤵
  PID:6892
- C:\Windows\System\kdRzQWJ.exe
  C:\Windows\System\kdRzQWJ.exe
  2⤵
  PID:6920
- C:\Windows\System\bagZeMU.exe
  C:\Windows\System\bagZeMU.exe
  2⤵
  PID:6948
- C:\Windows\System\rxjLjig.exe
  C:\Windows\System\rxjLjig.exe
  2⤵
  PID:6980
- C:\Windows\System\YVFuLHd.exe
  C:\Windows\System\YVFuLHd.exe
  2⤵
  PID:7000
- C:\Windows\System\GQHgYvJ.exe
  C:\Windows\System\GQHgYvJ.exe
  2⤵
  PID:7032
- C:\Windows\System\IGaDPpX.exe
  C:\Windows\System\IGaDPpX.exe
  2⤵
  PID:7048
- C:\Windows\System\FzsXhUs.exe
  C:\Windows\System\FzsXhUs.exe
  2⤵
  PID:7088
- C:\Windows\System\zNrrZIX.exe
  C:\Windows\System\zNrrZIX.exe
  2⤵
  PID:7112
- C:\Windows\System\YKWecVq.exe
  C:\Windows\System\YKWecVq.exe
  2⤵
  PID:7148
- C:\Windows\System\IHTSCgY.exe
  C:\Windows\System\IHTSCgY.exe
  2⤵
  PID:6160
- C:\Windows\System\hvCZlZK.exe
  C:\Windows\System\hvCZlZK.exe
  2⤵
  PID:6220
- C:\Windows\System\kiWbNwF.exe
  C:\Windows\System\kiWbNwF.exe
  2⤵
  PID:6280
- C:\Windows\System\BtWoMwR.exe
  C:\Windows\System\BtWoMwR.exe
  2⤵
  PID:6352
- C:\Windows\System\wXKCZWS.exe
  C:\Windows\System\wXKCZWS.exe
  2⤵
  PID:6480
- C:\Windows\System\mVmxoMQ.exe
  C:\Windows\System\mVmxoMQ.exe
  2⤵
  PID:6500
- C:\Windows\System\woAYzUH.exe
  C:\Windows\System\woAYzUH.exe
  2⤵
  PID:6560
- C:\Windows\System\gohuRFx.exe
  C:\Windows\System\gohuRFx.exe
  2⤵
  PID:6632
- C:\Windows\System\TYuGAfy.exe
  C:\Windows\System\TYuGAfy.exe
  2⤵
  PID:6740
- C:\Windows\System\pesUisU.exe
  C:\Windows\System\pesUisU.exe
  2⤵
  PID:6772
- C:\Windows\System\aEsGsPl.exe
  C:\Windows\System\aEsGsPl.exe
  2⤵
  PID:6816
- C:\Windows\System\TlzvDyX.exe
  C:\Windows\System\TlzvDyX.exe
  2⤵
  PID:6912
- C:\Windows\System\BBcEJdf.exe
  C:\Windows\System\BBcEJdf.exe
  2⤵
  PID:6972
- C:\Windows\System\ktARsPk.exe
  C:\Windows\System\ktARsPk.exe
  2⤵
  PID:7060
- C:\Windows\System\UlfTCLB.exe
  C:\Windows\System\UlfTCLB.exe
  2⤵
  PID:5420
- C:\Windows\System\YfPdutv.exe
  C:\Windows\System\YfPdutv.exe
  2⤵
  PID:6300
- C:\Windows\System\EYUesLM.exe
  C:\Windows\System\EYUesLM.exe
  2⤵
  PID:6452
- C:\Windows\System\hPxwgmZ.exe
  C:\Windows\System\hPxwgmZ.exe
  2⤵
  PID:6708
- C:\Windows\System\nqeqPdU.exe
  C:\Windows\System\nqeqPdU.exe
  2⤵
  PID:7008
- C:\Windows\System\dyujCwy.exe
  C:\Windows\System\dyujCwy.exe
  2⤵
  PID:7164
- C:\Windows\System\tQuZIlv.exe
  C:\Windows\System\tQuZIlv.exe
  2⤵
  PID:6600
- C:\Windows\System\UpoAjiZ.exe
  C:\Windows\System\UpoAjiZ.exe
  2⤵
  PID:6324
- C:\Windows\System\BCgRGIi.exe
  C:\Windows\System\BCgRGIi.exe
  2⤵
  PID:7192
- C:\Windows\System\pGfGBKx.exe
  C:\Windows\System\pGfGBKx.exe
  2⤵
  PID:7228
- C:\Windows\System\ynacgZZ.exe
  C:\Windows\System\ynacgZZ.exe
  2⤵
  PID:7276
- C:\Windows\System\CwvQXRe.exe
  C:\Windows\System\CwvQXRe.exe
  2⤵
  PID:7312
- C:\Windows\System\YjPBHWn.exe
  C:\Windows\System\YjPBHWn.exe
  2⤵
  PID:7376
- C:\Windows\System\TizOAgM.exe
  C:\Windows\System\TizOAgM.exe
  2⤵
  PID:7408
- C:\Windows\System\TGtavXC.exe
  C:\Windows\System\TGtavXC.exe
  2⤵
  PID:7428
- C:\Windows\System\BcLqrgx.exe
  C:\Windows\System\BcLqrgx.exe
  2⤵
  PID:7460
- C:\Windows\System\uKhLLbb.exe
  C:\Windows\System\uKhLLbb.exe
  2⤵
  PID:7492
- C:\Windows\System\kSrrftm.exe
  C:\Windows\System\kSrrftm.exe
  2⤵
  PID:7516
- C:\Windows\System\KZcofct.exe
  C:\Windows\System\KZcofct.exe
  2⤵
  PID:7536
- C:\Windows\System\ipCRQaD.exe
  C:\Windows\System\ipCRQaD.exe
  2⤵
  PID:7560
- C:\Windows\System\LYjyADa.exe
  C:\Windows\System\LYjyADa.exe
  2⤵
  PID:7592
- C:\Windows\System\lpQsQQR.exe
  C:\Windows\System\lpQsQQR.exe
  2⤵
  PID:7620
- C:\Windows\System\wgWgjXV.exe
  C:\Windows\System\wgWgjXV.exe
  2⤵
  PID:7652
- C:\Windows\System\MHjagak.exe
  C:\Windows\System\MHjagak.exe
  2⤵
  PID:7692
- C:\Windows\System\kkFQkJN.exe
  C:\Windows\System\kkFQkJN.exe
  2⤵
  PID:7720
- C:\Windows\System\NzAHwIT.exe
  C:\Windows\System\NzAHwIT.exe
  2⤵
  PID:7752
- C:\Windows\System\JuvmruQ.exe
  C:\Windows\System\JuvmruQ.exe
  2⤵
  PID:7780
- C:\Windows\System\ALWWQyq.exe
  C:\Windows\System\ALWWQyq.exe
  2⤵
  PID:7812
- C:\Windows\System\JmbwrDI.exe
  C:\Windows\System\JmbwrDI.exe
  2⤵
  PID:7832
- C:\Windows\System\ZxDOrgz.exe
  C:\Windows\System\ZxDOrgz.exe
  2⤵
  PID:7852
- C:\Windows\System\zplVXwq.exe
  C:\Windows\System\zplVXwq.exe
  2⤵
  PID:7900
- C:\Windows\System\JxOIzNR.exe
  C:\Windows\System\JxOIzNR.exe
  2⤵
  PID:7940
- C:\Windows\System\aFsmisE.exe
  C:\Windows\System\aFsmisE.exe
  2⤵
  PID:7960
- C:\Windows\System\pODFiJL.exe
  C:\Windows\System\pODFiJL.exe
  2⤵
  PID:7996
- C:\Windows\System\bvyYvZX.exe
  C:\Windows\System\bvyYvZX.exe
  2⤵
  PID:8020
- C:\Windows\System\rSEJLOY.exe
  C:\Windows\System\rSEJLOY.exe
  2⤵
  PID:8044
- C:\Windows\System\qNzPFjD.exe
  C:\Windows\System\qNzPFjD.exe
  2⤵
  PID:8076
- C:\Windows\System\SokyCII.exe
  C:\Windows\System\SokyCII.exe
  2⤵
  PID:8096
- C:\Windows\System\ASIngJV.exe
  C:\Windows\System\ASIngJV.exe
  2⤵
  PID:8136
- C:\Windows\System\UfrbbjY.exe
  C:\Windows\System\UfrbbjY.exe
  2⤵
  PID:8164
- C:\Windows\System\SCyEkTa.exe
  C:\Windows\System\SCyEkTa.exe
  2⤵
  PID:8184
- C:\Windows\System\DcgacmO.exe
  C:\Windows\System\DcgacmO.exe
  2⤵
  PID:7220
- C:\Windows\System\lbiUYdj.exe
  C:\Windows\System\lbiUYdj.exe
  2⤵
  PID:7288
- C:\Windows\System\OjuCWqv.exe
  C:\Windows\System\OjuCWqv.exe
  2⤵
  PID:7416
- C:\Windows\System\ocjbRnc.exe
  C:\Windows\System\ocjbRnc.exe
  2⤵
  PID:7452
- C:\Windows\System\riKgxhW.exe
  C:\Windows\System\riKgxhW.exe
  2⤵
  PID:7580
- C:\Windows\System\aAzQCjH.exe
  C:\Windows\System\aAzQCjH.exe
  2⤵
  PID:7608
- C:\Windows\System\fyGQxuO.exe
  C:\Windows\System\fyGQxuO.exe
  2⤵
  PID:7684
- C:\Windows\System\UmFhPHK.exe
  C:\Windows\System\UmFhPHK.exe
  2⤵
  PID:7740
- C:\Windows\System\kTsdluk.exe
  C:\Windows\System\kTsdluk.exe
  2⤵
  PID:7824
- C:\Windows\System\nKySZDi.exe
  C:\Windows\System\nKySZDi.exe
  2⤵
  PID:7884
- C:\Windows\System\UtMAuQO.exe
  C:\Windows\System\UtMAuQO.exe
  2⤵
  PID:7932
- C:\Windows\System\eVCJxKU.exe
  C:\Windows\System\eVCJxKU.exe
  2⤵
  PID:7976
- C:\Windows\System\fWrYlIh.exe
  C:\Windows\System\fWrYlIh.exe
  2⤵
  PID:8072
- C:\Windows\System\vaVpQih.exe
  C:\Windows\System\vaVpQih.exe
  2⤵
  PID:8172
- C:\Windows\System\MNrVUAK.exe
  C:\Windows\System\MNrVUAK.exe
  2⤵
  PID:7188
- C:\Windows\System\LtxufAX.exe
  C:\Windows\System\LtxufAX.exe
  2⤵
  PID:7480
- C:\Windows\System\JnDClls.exe
  C:\Windows\System\JnDClls.exe
  2⤵
  PID:7640
- C:\Windows\System\YAVUDry.exe
  C:\Windows\System\YAVUDry.exe
  2⤵
  PID:7744
- C:\Windows\System\KpqBNix.exe
  C:\Windows\System\KpqBNix.exe
  2⤵
  PID:7868
- C:\Windows\System\mbBbNLe.exe
  C:\Windows\System\mbBbNLe.exe
  2⤵
  PID:8016
- C:\Windows\System\PusrFYA.exe
  C:\Windows\System\PusrFYA.exe
  2⤵
  PID:7396
- C:\Windows\System\nELzSTc.exe
  C:\Windows\System\nELzSTc.exe
  2⤵
  PID:7848
- C:\Windows\System\vcZDUSs.exe
  C:\Windows\System\vcZDUSs.exe
  2⤵
  PID:7528
- C:\Windows\System\xbjnCnN.exe
  C:\Windows\System\xbjnCnN.exe
  2⤵
  PID:7968
- C:\Windows\System\eeNzrrU.exe
  C:\Windows\System\eeNzrrU.exe
  2⤵
  PID:8220
- C:\Windows\System\KVjDbnB.exe
  C:\Windows\System\KVjDbnB.exe
  2⤵
  PID:8248
- C:\Windows\System\TdxuIlC.exe
  C:\Windows\System\TdxuIlC.exe
  2⤵
  PID:8268
- C:\Windows\System\nttOHbA.exe
  C:\Windows\System\nttOHbA.exe
  2⤵
  PID:8292
- C:\Windows\System\jMddNNv.exe
  C:\Windows\System\jMddNNv.exe
  2⤵
  PID:8336
- C:\Windows\System\sfmtdNO.exe
  C:\Windows\System\sfmtdNO.exe
  2⤵
  PID:8368
- C:\Windows\System\WEbdIOI.exe
  C:\Windows\System\WEbdIOI.exe
  2⤵
  PID:8384
- C:\Windows\System\AwAyRCs.exe
  C:\Windows\System\AwAyRCs.exe
  2⤵
  PID:8408
- C:\Windows\System\OEvFrNI.exe
  C:\Windows\System\OEvFrNI.exe
  2⤵
  PID:8448
- C:\Windows\System\gKIzXBX.exe
  C:\Windows\System\gKIzXBX.exe
  2⤵
  PID:8476
- C:\Windows\System\xntfmPz.exe
  C:\Windows\System\xntfmPz.exe
  2⤵
  PID:8504
- C:\Windows\System\unAZZDa.exe
  C:\Windows\System\unAZZDa.exe
  2⤵
  PID:8536
- C:\Windows\System\UkqJmdX.exe
  C:\Windows\System\UkqJmdX.exe
  2⤵
  PID:8564
- C:\Windows\System\HIfuNVp.exe
  C:\Windows\System\HIfuNVp.exe
  2⤵
  PID:8584
- C:\Windows\System\DGRQIBi.exe
  C:\Windows\System\DGRQIBi.exe
  2⤵
  PID:8608
- C:\Windows\System\tLinUam.exe
  C:\Windows\System\tLinUam.exe
  2⤵
  PID:8648
- C:\Windows\System\KNodfjY.exe
  C:\Windows\System\KNodfjY.exe
  2⤵
  PID:8676
- C:\Windows\System\QdpmVIn.exe
  C:\Windows\System\QdpmVIn.exe
  2⤵
  PID:8708
- C:\Windows\System\SyWqTAv.exe
  C:\Windows\System\SyWqTAv.exe
  2⤵
  PID:8740
- C:\Windows\System\yBIducH.exe
  C:\Windows\System\yBIducH.exe
  2⤵
  PID:8768
- C:\Windows\System\USGxHME.exe
  C:\Windows\System\USGxHME.exe
  2⤵
  PID:8796
- C:\Windows\System\bBJTjKS.exe
  C:\Windows\System\bBJTjKS.exe
  2⤵
  PID:8824
- C:\Windows\System\ZHSxHrL.exe
  C:\Windows\System\ZHSxHrL.exe
  2⤵
  PID:8848
- C:\Windows\System\aKLmose.exe
  C:\Windows\System\aKLmose.exe
  2⤵
  PID:8872
- C:\Windows\System\eoPraYY.exe
  C:\Windows\System\eoPraYY.exe
  2⤵
  PID:8908
- C:\Windows\System\OvzcIWK.exe
  C:\Windows\System\OvzcIWK.exe
  2⤵
  PID:8936
- C:\Windows\System\okrzrjM.exe
  C:\Windows\System\okrzrjM.exe
  2⤵
  PID:8960
- C:\Windows\System\chiQHsB.exe
  C:\Windows\System\chiQHsB.exe
  2⤵
  PID:8992
- C:\Windows\System\JYneKxt.exe
  C:\Windows\System\JYneKxt.exe
  2⤵
  PID:9016
- C:\Windows\System\XcNfHDt.exe
  C:\Windows\System\XcNfHDt.exe
  2⤵
  PID:9044
- C:\Windows\System\tXIDsmI.exe
  C:\Windows\System\tXIDsmI.exe
  2⤵
  PID:9072
- C:\Windows\System\NTCPqkA.exe
  C:\Windows\System\NTCPqkA.exe
  2⤵
  PID:9104
- C:\Windows\System\aJVifMg.exe
  C:\Windows\System\aJVifMg.exe
  2⤵
  PID:9128
- C:\Windows\System\fLgkPiM.exe
  C:\Windows\System\fLgkPiM.exe
  2⤵
  PID:9156
- C:\Windows\System\PUzolxY.exe
  C:\Windows\System\PUzolxY.exe
  2⤵
  PID:9184
- C:\Windows\System\OOosDpN.exe
  C:\Windows\System\OOosDpN.exe
  2⤵
  PID:9212
- C:\Windows\System\dBBGkds.exe
  C:\Windows\System\dBBGkds.exe
  2⤵
  PID:8244
- C:\Windows\System\CvIfKsy.exe
  C:\Windows\System\CvIfKsy.exe
  2⤵
  PID:8288
- C:\Windows\System\AitGgUc.exe
  C:\Windows\System\AitGgUc.exe
  2⤵
  PID:8356
- C:\Windows\System\lezUTgg.exe
  C:\Windows\System\lezUTgg.exe
  2⤵
  PID:8404
- C:\Windows\System\UrUqwgf.exe
  C:\Windows\System\UrUqwgf.exe
  2⤵
  PID:8468
- C:\Windows\System\UsxcdRT.exe
  C:\Windows\System\UsxcdRT.exe
  2⤵
  PID:8560
- C:\Windows\System\hvYAjfd.exe
  C:\Windows\System\hvYAjfd.exe
  2⤵
  PID:8620
- C:\Windows\System\woLmaaM.exe
  C:\Windows\System\woLmaaM.exe
  2⤵
  PID:8688
- C:\Windows\System\YqyrPIe.exe
  C:\Windows\System\YqyrPIe.exe
  2⤵
  PID:8756
- C:\Windows\System\UWnyqtp.exe
  C:\Windows\System\UWnyqtp.exe
  2⤵
  PID:8832
- C:\Windows\System\OCxvMek.exe
  C:\Windows\System\OCxvMek.exe
  2⤵
  PID:8896
- C:\Windows\System\hPMyrGl.exe
  C:\Windows\System\hPMyrGl.exe
  2⤵
  PID:8956
- C:\Windows\System\xacDkNW.exe
  C:\Windows\System\xacDkNW.exe
  2⤵
  PID:9036
- C:\Windows\System\oWaGnvo.exe
  C:\Windows\System\oWaGnvo.exe
  2⤵
  PID:9068
- C:\Windows\System\ZlCPYHZ.exe
  C:\Windows\System\ZlCPYHZ.exe
  2⤵
  PID:9140
- C:\Windows\System\ShIGlCH.exe
  C:\Windows\System\ShIGlCH.exe
  2⤵
  PID:9204
- C:\Windows\System\sZTPCxX.exe
  C:\Windows\System\sZTPCxX.exe
  2⤵
  PID:8348
- C:\Windows\System\CMXkRPL.exe
  C:\Windows\System\CMXkRPL.exe
  2⤵
  PID:8528
- C:\Windows\System\HdtXWHp.exe
  C:\Windows\System\HdtXWHp.exe
  2⤵
  PID:8668
- C:\Windows\System\xRDXnFt.exe
  C:\Windows\System\xRDXnFt.exe
  2⤵
  PID:8812
- C:\Windows\System\PXnfpsT.exe
  C:\Windows\System\PXnfpsT.exe
  2⤵
  PID:8924
- C:\Windows\System\fjirKuq.exe
  C:\Windows\System\fjirKuq.exe
  2⤵
  PID:9028
- C:\Windows\System\SfLbQBU.exe
  C:\Windows\System\SfLbQBU.exe
  2⤵
  PID:9180
- C:\Windows\System\rKvWVqK.exe
  C:\Windows\System\rKvWVqK.exe
  2⤵
  PID:8516
- C:\Windows\System\HWEXNHb.exe
  C:\Windows\System\HWEXNHb.exe
  2⤵
  PID:9120
- C:\Windows\System\ZupTNmf.exe
  C:\Windows\System\ZupTNmf.exe
  2⤵
  PID:8276
- C:\Windows\System\XgMDHzp.exe
  C:\Windows\System\XgMDHzp.exe
  2⤵
  PID:8984
- C:\Windows\System\yFsiEXY.exe
  C:\Windows\System\yFsiEXY.exe
  2⤵
  PID:9244
- C:\Windows\System\ZiqDsQp.exe
  C:\Windows\System\ZiqDsQp.exe
  2⤵
  PID:9280
- C:\Windows\System\yOgXeBi.exe
  C:\Windows\System\yOgXeBi.exe
  2⤵
  PID:9316
- C:\Windows\System\xadTAmt.exe
  C:\Windows\System\xadTAmt.exe
  2⤵
  PID:9356
- C:\Windows\System\kVToKBd.exe
  C:\Windows\System\kVToKBd.exe
  2⤵
  PID:9388
- C:\Windows\System\PQECZzi.exe
  C:\Windows\System\PQECZzi.exe
  2⤵
  PID:9428
- C:\Windows\System\GVJBvCI.exe
  C:\Windows\System\GVJBvCI.exe
  2⤵
  PID:9448
- C:\Windows\System\OjcfJJc.exe
  C:\Windows\System\OjcfJJc.exe
  2⤵
  PID:9488
- C:\Windows\System\AyBSRhr.exe
  C:\Windows\System\AyBSRhr.exe
  2⤵
  PID:9504
- C:\Windows\System\LqIqoSA.exe
  C:\Windows\System\LqIqoSA.exe
  2⤵
  PID:9544
- C:\Windows\System\HqpUptJ.exe
  C:\Windows\System\HqpUptJ.exe
  2⤵
  PID:9604
- C:\Windows\System\cNbZzWd.exe
  C:\Windows\System\cNbZzWd.exe
  2⤵
  PID:9624
- C:\Windows\System\uMrOKcO.exe
  C:\Windows\System\uMrOKcO.exe
  2⤵
  PID:9652
- C:\Windows\System\QqpQhyb.exe
  C:\Windows\System\QqpQhyb.exe
  2⤵
  PID:9680
- C:\Windows\System\ehOJDvz.exe
  C:\Windows\System\ehOJDvz.exe
  2⤵
  PID:9708
- C:\Windows\System\zgSkpxa.exe
  C:\Windows\System\zgSkpxa.exe
  2⤵
  PID:9736
- C:\Windows\System\nzbOPej.exe
  C:\Windows\System\nzbOPej.exe
  2⤵
  PID:9764
- C:\Windows\System\SjLCGAq.exe
  C:\Windows\System\SjLCGAq.exe
  2⤵
  PID:9792
- C:\Windows\System\bRxOHCh.exe
  C:\Windows\System\bRxOHCh.exe
  2⤵
  PID:9820
- C:\Windows\System\diCbsgk.exe
  C:\Windows\System\diCbsgk.exe
  2⤵
  PID:9848
- C:\Windows\System\arbrCQE.exe
  C:\Windows\System\arbrCQE.exe
  2⤵
  PID:9876
- C:\Windows\System\ulNqDBa.exe
  C:\Windows\System\ulNqDBa.exe
  2⤵
  PID:9904
- C:\Windows\System\JMAiIRp.exe
  C:\Windows\System\JMAiIRp.exe
  2⤵
  PID:9932
- C:\Windows\System\WgguUIh.exe
  C:\Windows\System\WgguUIh.exe
  2⤵
  PID:9960
- C:\Windows\System\kvRPVzx.exe
  C:\Windows\System\kvRPVzx.exe
  2⤵
  PID:9988
- C:\Windows\System\NeUVAKJ.exe
  C:\Windows\System\NeUVAKJ.exe
  2⤵
  PID:10016
- C:\Windows\System\VRFYIgA.exe
  C:\Windows\System\VRFYIgA.exe
  2⤵
  PID:10048
- C:\Windows\System\TDlsvQI.exe
  C:\Windows\System\TDlsvQI.exe
  2⤵
  PID:10076
- C:\Windows\System\LgUCjEl.exe
  C:\Windows\System\LgUCjEl.exe
  2⤵
  PID:10104
- C:\Windows\System\sJkeuiy.exe
  C:\Windows\System\sJkeuiy.exe
  2⤵
  PID:10128
- C:\Windows\System\GxCkECn.exe
  C:\Windows\System\GxCkECn.exe
  2⤵
  PID:10156
- C:\Windows\System\KJAEYjS.exe
  C:\Windows\System\KJAEYjS.exe
  2⤵
  PID:10188
- C:\Windows\System\rIqNCla.exe
  C:\Windows\System\rIqNCla.exe
  2⤵
  PID:10216
- C:\Windows\System\kpcoGTl.exe
  C:\Windows\System\kpcoGTl.exe
  2⤵
  PID:10236
- C:\Windows\System\tFgKRWe.exe
  C:\Windows\System\tFgKRWe.exe
  2⤵
  PID:9236
- C:\Windows\System\yARzcCe.exe
  C:\Windows\System\yARzcCe.exe
  2⤵
  PID:9340
- C:\Windows\System\QYeGXSY.exe
  C:\Windows\System\QYeGXSY.exe
  2⤵
  PID:9384
- C:\Windows\System\nIGRCrh.exe
  C:\Windows\System\nIGRCrh.exe
  2⤵
  PID:9476
- C:\Windows\System\PpPSkLU.exe
  C:\Windows\System\PpPSkLU.exe
  2⤵
  PID:9532
- C:\Windows\System\mSdHBAw.exe
  C:\Windows\System\mSdHBAw.exe
  2⤵
  PID:9648
- C:\Windows\System\EIvIrRl.exe
  C:\Windows\System\EIvIrRl.exe
  2⤵
  PID:9692
- C:\Windows\System\qrDXTsR.exe
  C:\Windows\System\qrDXTsR.exe
  2⤵
  PID:9784
- C:\Windows\System\UnLtVYf.exe
  C:\Windows\System\UnLtVYf.exe
  2⤵
  PID:9840
- C:\Windows\System\UeLyQUE.exe
  C:\Windows\System\UeLyQUE.exe
  2⤵
  PID:9888
- C:\Windows\System\mJpGPgr.exe
  C:\Windows\System\mJpGPgr.exe
  2⤵
  PID:9924
- C:\Windows\System\PwVNOLk.exe
  C:\Windows\System\PwVNOLk.exe
  2⤵
  PID:9980
- C:\Windows\System\NmjfULy.exe
  C:\Windows\System\NmjfULy.exe
  2⤵
  PID:10068
- C:\Windows\System\SbbDbVj.exe
  C:\Windows\System\SbbDbVj.exe
  2⤵
  PID:10176
- C:\Windows\System\BOLjQiR.exe
  C:\Windows\System\BOLjQiR.exe
  2⤵
  PID:10208
- C:\Windows\System\fxeaznc.exe
  C:\Windows\System\fxeaznc.exe
  2⤵
  PID:10232
- C:\Windows\System\iHxZgrD.exe
  C:\Windows\System\iHxZgrD.exe
  2⤵
  PID:9336
- C:\Windows\System\mgxOweh.exe
  C:\Windows\System\mgxOweh.exe
  2⤵
  PID:9616
- C:\Windows\System\PNskHOB.exe
  C:\Windows\System\PNskHOB.exe
  2⤵
  PID:9756
- C:\Windows\System\XgUGhas.exe
  C:\Windows\System\XgUGhas.exe
  2⤵
  PID:9864
- C:\Windows\System\ktGuCEL.exe
  C:\Windows\System\ktGuCEL.exe
  2⤵
  PID:10096
- C:\Windows\System\TeyCnpE.exe
  C:\Windows\System\TeyCnpE.exe
  2⤵
  PID:9232
- C:\Windows\System\jDxolud.exe
  C:\Windows\System\jDxolud.exe
  2⤵
  PID:9560
- C:\Windows\System\GjJOzxq.exe
  C:\Windows\System\GjJOzxq.exe
  2⤵
  PID:9948
- C:\Windows\System\SgBgDne.exe
  C:\Windows\System\SgBgDne.exe
  2⤵
  PID:9308
- C:\Windows\System\ZAQMxwl.exe
  C:\Windows\System\ZAQMxwl.exe
  2⤵
  PID:9620
- C:\Windows\System\lCEbgbz.exe
  C:\Windows\System\lCEbgbz.exe
  2⤵
  PID:10264
- C:\Windows\System\VoVjJKY.exe
  C:\Windows\System\VoVjJKY.exe
  2⤵
  PID:10280
- C:\Windows\System\BLYWkes.exe
  C:\Windows\System\BLYWkes.exe
  2⤵
  PID:10320
- C:\Windows\System\dhGpZml.exe
  C:\Windows\System\dhGpZml.exe
  2⤵
  PID:10348
- C:\Windows\System\VASyXFJ.exe
  C:\Windows\System\VASyXFJ.exe
  2⤵
  PID:10376
- C:\Windows\System\aWNBfQO.exe
  C:\Windows\System\aWNBfQO.exe
  2⤵
  PID:10392
- C:\Windows\System\OYTvAPH.exe
  C:\Windows\System\OYTvAPH.exe
  2⤵
  PID:10420
- C:\Windows\System\xGJHWmu.exe
  C:\Windows\System\xGJHWmu.exe
  2⤵
  PID:10460
- C:\Windows\System\SdGLhsy.exe
  C:\Windows\System\SdGLhsy.exe
  2⤵
  PID:10524
- C:\Windows\System\rTDfyxH.exe
  C:\Windows\System\rTDfyxH.exe
  2⤵
  PID:10540
- C:\Windows\System\GllUisv.exe
  C:\Windows\System\GllUisv.exe
  2⤵
  PID:10568
- C:\Windows\System\mzkvBmX.exe
  C:\Windows\System\mzkvBmX.exe
  2⤵
  PID:10596
- C:\Windows\System\WmeGGxx.exe
  C:\Windows\System\WmeGGxx.exe
  2⤵
  PID:10624
- C:\Windows\System\NAURpSj.exe
  C:\Windows\System\NAURpSj.exe
  2⤵
  PID:10640
- C:\Windows\System\cbUvDHn.exe
  C:\Windows\System\cbUvDHn.exe
  2⤵
  PID:10680
- C:\Windows\System\RdyzpeW.exe
  C:\Windows\System\RdyzpeW.exe
  2⤵
  PID:10696
- C:\Windows\System\ShkZSfJ.exe
  C:\Windows\System\ShkZSfJ.exe
  2⤵
  PID:10736
- C:\Windows\System\sGNzxzW.exe
  C:\Windows\System\sGNzxzW.exe
  2⤵
  PID:10764
- C:\Windows\System\JIMoLeu.exe
  C:\Windows\System\JIMoLeu.exe
  2⤵
  PID:10784
- C:\Windows\System\cfJBtvL.exe
  C:\Windows\System\cfJBtvL.exe
  2⤵
  PID:10812
- C:\Windows\System\tBFBCTK.exe
  C:\Windows\System\tBFBCTK.exe
  2⤵
  PID:10832
- C:\Windows\System\azQzgLQ.exe
  C:\Windows\System\azQzgLQ.exe
  2⤵
  PID:10868
- C:\Windows\System\QmzPzyw.exe
  C:\Windows\System\QmzPzyw.exe
  2⤵
  PID:10912
- C:\Windows\System\EYKoGzw.exe
  C:\Windows\System\EYKoGzw.exe
  2⤵
  PID:10940
- C:\Windows\System\cKgSGnA.exe
  C:\Windows\System\cKgSGnA.exe
  2⤵
  PID:10968
- C:\Windows\System\LqkvAap.exe
  C:\Windows\System\LqkvAap.exe
  2⤵
  PID:10984
- C:\Windows\System\jaGozlW.exe
  C:\Windows\System\jaGozlW.exe
  2⤵
  PID:11024
- C:\Windows\System\hlkYZPg.exe
  C:\Windows\System\hlkYZPg.exe
  2⤵
  PID:11064
- C:\Windows\System\JHDkPHe.exe
  C:\Windows\System\JHDkPHe.exe
  2⤵
  PID:11092
- C:\Windows\System\JdfNkuv.exe
  C:\Windows\System\JdfNkuv.exe
  2⤵
  PID:11120
- C:\Windows\System\pgamrlK.exe
  C:\Windows\System\pgamrlK.exe
  2⤵
  PID:11148
- C:\Windows\System\iduRhKq.exe
  C:\Windows\System\iduRhKq.exe
  2⤵
  PID:11176
- C:\Windows\System\gFEhZnG.exe
  C:\Windows\System\gFEhZnG.exe
  2⤵
  PID:11208
- C:\Windows\System\GAsCnLU.exe
  C:\Windows\System\GAsCnLU.exe
  2⤵
  PID:11236
- C:\Windows\System\QJmtKWw.exe
  C:\Windows\System\QJmtKWw.exe
  2⤵
  PID:10200
- C:\Windows\System\EUmnsiB.exe
  C:\Windows\System\EUmnsiB.exe
  2⤵
  PID:10292
- C:\Windows\System\MTdFgmB.exe
  C:\Windows\System\MTdFgmB.exe
  2⤵
  PID:10360
- C:\Windows\System\niKQRTi.exe
  C:\Windows\System\niKQRTi.exe
  2⤵
  PID:10440
- C:\Windows\System\wjiGyAv.exe
  C:\Windows\System\wjiGyAv.exe
  2⤵
  PID:10520
- C:\Windows\System\IbTNkHC.exe
  C:\Windows\System\IbTNkHC.exe
  2⤵
  PID:10552
- C:\Windows\System\frHfTZn.exe
  C:\Windows\System\frHfTZn.exe
  2⤵
  PID:10632
- C:\Windows\System\gTPzWqx.exe
  C:\Windows\System\gTPzWqx.exe
  2⤵
  PID:10636
- C:\Windows\System\nbrhvfh.exe
  C:\Windows\System\nbrhvfh.exe
  2⤵
  PID:10720
- C:\Windows\System\lHoSMCT.exe
  C:\Windows\System\lHoSMCT.exe
  2⤵
  PID:10792
- C:\Windows\System\yZYoFrw.exe
  C:\Windows\System\yZYoFrw.exe
  2⤵
  PID:10856
- C:\Windows\System\toYuhoK.exe
  C:\Windows\System\toYuhoK.exe
  2⤵
  PID:10952
- C:\Windows\System\RefEwij.exe
  C:\Windows\System\RefEwij.exe
  2⤵
  PID:10996
- C:\Windows\System\REhkzuG.exe
  C:\Windows\System\REhkzuG.exe
  2⤵
  PID:11088
- C:\Windows\System\xmRLOMX.exe
  C:\Windows\System\xmRLOMX.exe
  2⤵
  PID:11160
- C:\Windows\System\mxpUfrM.exe
  C:\Windows\System\mxpUfrM.exe
  2⤵
  PID:11220
- C:\Windows\System\dMQMazM.exe
  C:\Windows\System\dMQMazM.exe
  2⤵
  PID:10260
- C:\Windows\System\AYjewTl.exe
  C:\Windows\System\AYjewTl.exe
  2⤵
  PID:10408
- C:\Windows\System\kcPcOfD.exe
  C:\Windows\System\kcPcOfD.exe
  2⤵
  PID:10532
- C:\Windows\System\fdSOoou.exe
  C:\Windows\System\fdSOoou.exe
  2⤵
  PID:10664
- C:\Windows\System\dQyZQlB.exe
  C:\Windows\System\dQyZQlB.exe
  2⤵
  PID:10828
- C:\Windows\System\aqHZcvA.exe
  C:\Windows\System\aqHZcvA.exe
  2⤵
  PID:11008
- C:\Windows\System\pluYJzg.exe
  C:\Windows\System\pluYJzg.exe
  2⤵
  PID:11084
- C:\Windows\System\OoNBhjO.exe
  C:\Windows\System\OoNBhjO.exe
  2⤵
  PID:4560
- C:\Windows\System\BUNEhOB.exe
  C:\Windows\System\BUNEhOB.exe
  2⤵
  PID:10608
- C:\Windows\System\gURjXZP.exe
  C:\Windows\System\gURjXZP.exe
  2⤵
  PID:10976
- C:\Windows\System\vEjJAMX.exe
  C:\Windows\System\vEjJAMX.exe
  2⤵
  PID:11144
- C:\Windows\System\uYSHRRq.exe
  C:\Windows\System\uYSHRRq.exe
  2⤵
  PID:10748
- C:\Windows\System\PNLjwwa.exe
  C:\Windows\System\PNLjwwa.exe
  2⤵
  PID:11284
- C:\Windows\System\jnmEbkU.exe
  C:\Windows\System\jnmEbkU.exe
  2⤵
  PID:11308
- C:\Windows\System\ULvZanz.exe
  C:\Windows\System\ULvZanz.exe
  2⤵
  PID:11340
- C:\Windows\System\WpuOnic.exe
  C:\Windows\System\WpuOnic.exe
  2⤵
  PID:11368
- C:\Windows\System\dOmkdfL.exe
  C:\Windows\System\dOmkdfL.exe
  2⤵
  PID:11400
- C:\Windows\System\sKFdele.exe
  C:\Windows\System\sKFdele.exe
  2⤵
  PID:11428
- C:\Windows\System\kjncofX.exe
  C:\Windows\System\kjncofX.exe
  2⤵
  PID:11444
- C:\Windows\System\TbJAqaf.exe
  C:\Windows\System\TbJAqaf.exe
  2⤵
  PID:11460
- C:\Windows\System\PutqhCZ.exe
  C:\Windows\System\PutqhCZ.exe
  2⤵
  PID:11500
- C:\Windows\System\lsucoga.exe
  C:\Windows\System\lsucoga.exe
  2⤵
  PID:11532
- C:\Windows\System\xKogSrX.exe
  C:\Windows\System\xKogSrX.exe
  2⤵
  PID:11588
- C:\Windows\System\hwaTZgS.exe
  C:\Windows\System\hwaTZgS.exe
  2⤵
  PID:11604
- C:\Windows\System\GQBXWaZ.exe
  C:\Windows\System\GQBXWaZ.exe
  2⤵
  PID:11620
- C:\Windows\System\AgZUhmP.exe
  C:\Windows\System\AgZUhmP.exe
  2⤵
  PID:11656
- C:\Windows\System\nsrWcxV.exe
  C:\Windows\System\nsrWcxV.exe
  2⤵
  PID:11688
- C:\Windows\System\swWYAhK.exe
  C:\Windows\System\swWYAhK.exe
  2⤵
  PID:11704
- C:\Windows\System\SAVnjAl.exe
  C:\Windows\System\SAVnjAl.exe
  2⤵
  PID:11740
- C:\Windows\System\WgZwEed.exe
  C:\Windows\System\WgZwEed.exe
  2⤵
  PID:11760
- C:\Windows\System\sKbRFwV.exe
  C:\Windows\System\sKbRFwV.exe
  2⤵
  PID:11788
- C:\Windows\System\GAZRSBH.exe
  C:\Windows\System\GAZRSBH.exe
  2⤵
  PID:11820
- C:\Windows\System\iWfusyE.exe
  C:\Windows\System\iWfusyE.exe
  2⤵
  PID:11856
- C:\Windows\System\OGmQYkH.exe
  C:\Windows\System\OGmQYkH.exe
  2⤵
  PID:11880
- C:\Windows\System\RCqoOEX.exe
  C:\Windows\System\RCqoOEX.exe
  2⤵
  PID:11908
- C:\Windows\System\AnAftlO.exe
  C:\Windows\System\AnAftlO.exe
  2⤵
  PID:11936
- C:\Windows\System\SsjqPmO.exe
  C:\Windows\System\SsjqPmO.exe
  2⤵
  PID:11964
- C:\Windows\System\FZTEVgy.exe
  C:\Windows\System\FZTEVgy.exe
  2⤵
  PID:12000
- C:\Windows\System\idzmyoi.exe
  C:\Windows\System\idzmyoi.exe
  2⤵
  PID:12032
- C:\Windows\System\UKjbTkb.exe
  C:\Windows\System\UKjbTkb.exe
  2⤵
  PID:12068
- C:\Windows\System\DeRWWdR.exe
  C:\Windows\System\DeRWWdR.exe
  2⤵
  PID:12108
- C:\Windows\System\xHaYlYv.exe
  C:\Windows\System\xHaYlYv.exe
  2⤵
  PID:12148
- C:\Windows\System\xZFkjHx.exe
  C:\Windows\System\xZFkjHx.exe
  2⤵
  PID:12184
- C:\Windows\System\RVlazyQ.exe
  C:\Windows\System\RVlazyQ.exe
  2⤵
  PID:12212
- C:\Windows\System\mjQqyoV.exe
  C:\Windows\System\mjQqyoV.exe
  2⤵
  PID:12236
- C:\Windows\System\nCYxTEL.exe
  C:\Windows\System\nCYxTEL.exe
  2⤵
  PID:12268
- C:\Windows\System\KxNGvEb.exe
  C:\Windows\System\KxNGvEb.exe
  2⤵
  PID:11300
- C:\Windows\System\jHVdpiV.exe
  C:\Windows\System\jHVdpiV.exe
  2⤵
  PID:11336
- C:\Windows\System\JAndlDW.exe
  C:\Windows\System\JAndlDW.exe
  2⤵
  PID:11392
- C:\Windows\System\TMGnXTw.exe
  C:\Windows\System\TMGnXTw.exe
  2⤵
  PID:11452
- C:\Windows\System\kdQyvNj.exe
  C:\Windows\System\kdQyvNj.exe
  2⤵
  PID:11528
- C:\Windows\System\nPuuvzM.exe
  C:\Windows\System\nPuuvzM.exe
  2⤵
  PID:11612
- C:\Windows\System\giXfbZN.exe
  C:\Windows\System\giXfbZN.exe
  2⤵
  PID:11732
- C:\Windows\System\ZdGfqht.exe
  C:\Windows\System\ZdGfqht.exe
  2⤵
  PID:11776
- C:\Windows\System\SuWJunC.exe
  C:\Windows\System\SuWJunC.exe
  2⤵
  PID:11840
- C:\Windows\System\cDESrtj.exe
  C:\Windows\System\cDESrtj.exe
  2⤵
  PID:11920
- C:\Windows\System\fHDooMI.exe
  C:\Windows\System\fHDooMI.exe
  2⤵
  PID:12028
- C:\Windows\System\dMsqLcT.exe
  C:\Windows\System\dMsqLcT.exe
  2⤵
  PID:12132
- C:\Windows\System\eNpjIWV.exe
  C:\Windows\System\eNpjIWV.exe
  2⤵
  PID:12196
- C:\Windows\System\hKvreqA.exe
  C:\Windows\System\hKvreqA.exe
  2⤵
  PID:11484
- C:\Windows\System\bVdpWaU.exe
  C:\Windows\System\bVdpWaU.exe
  2⤵
  PID:11664
- C:\Windows\System\pUcFOlm.exe
  C:\Windows\System\pUcFOlm.exe
  2⤵
  PID:11616
- C:\Windows\System\BgnHtDr.exe
  C:\Windows\System\BgnHtDr.exe
  2⤵
  PID:11816
- C:\Windows\System\sllKpnm.exe
  C:\Windows\System\sllKpnm.exe
  2⤵
  PID:11892
- C:\Windows\System\EupYerF.exe
  C:\Windows\System\EupYerF.exe
  2⤵
  PID:11944
- C:\Windows\System\WyFtQPM.exe
  C:\Windows\System\WyFtQPM.exe
  2⤵
  PID:12104
- C:\Windows\System\ioGlpkb.exe
  C:\Windows\System\ioGlpkb.exe
  2⤵
  PID:11956
- C:\Windows\System\DNtBRjo.exe
  C:\Windows\System\DNtBRjo.exe
  2⤵
  PID:11952
- C:\Windows\System\dGVnLJk.exe
  C:\Windows\System\dGVnLJk.exe
  2⤵
  PID:11488
- C:\Windows\System\lSGPhPF.exe
  C:\Windows\System\lSGPhPF.exe
  2⤵
  PID:12264
- C:\Windows\System\cvDVNoo.exe
  C:\Windows\System\cvDVNoo.exe
  2⤵
  PID:12312
- C:\Windows\System\oMKDayX.exe
  C:\Windows\System\oMKDayX.exe
  2⤵
  PID:12352
- C:\Windows\System\JeUVBZW.exe
  C:\Windows\System\JeUVBZW.exe
  2⤵
  PID:12376
- C:\Windows\System\bOKyDAG.exe
  C:\Windows\System\bOKyDAG.exe
  2⤵
  PID:12404
- C:\Windows\System\LvdJArc.exe
  C:\Windows\System\LvdJArc.exe
  2⤵
  PID:12420
- C:\Windows\System\baQVmgV.exe
  C:\Windows\System\baQVmgV.exe
  2⤵
  PID:12452
- C:\Windows\System\YbSrkKm.exe
  C:\Windows\System\YbSrkKm.exe
  2⤵
  PID:12476
- C:\Windows\System\IpUcydG.exe
  C:\Windows\System\IpUcydG.exe
  2⤵
  PID:12512
- C:\Windows\System\pMwQgmA.exe
  C:\Windows\System\pMwQgmA.exe
  2⤵
  PID:12548
- C:\Windows\System\bxzlWfi.exe
  C:\Windows\System\bxzlWfi.exe
  2⤵
  PID:12580
- C:\Windows\System\kklHXUs.exe
  C:\Windows\System\kklHXUs.exe
  2⤵
  PID:12608
- C:\Windows\System\bgmeyCG.exe
  C:\Windows\System\bgmeyCG.exe
  2⤵
  PID:12644
- C:\Windows\System\SgsLBRk.exe
  C:\Windows\System\SgsLBRk.exe
  2⤵
  PID:12676
- C:\Windows\System\mNcMvnc.exe
  C:\Windows\System\mNcMvnc.exe
  2⤵
  PID:12704
- C:\Windows\System\mpkCNNO.exe
  C:\Windows\System\mpkCNNO.exe
  2⤵
  PID:12740
- C:\Windows\System\shmMQyX.exe
  C:\Windows\System\shmMQyX.exe
  2⤵
  PID:12756
- C:\Windows\System\ybEzaUM.exe
  C:\Windows\System\ybEzaUM.exe
  2⤵
  PID:12788
- C:\Windows\System\fIprkbz.exe
  C:\Windows\System\fIprkbz.exe
  2⤵
  PID:12832
- C:\Windows\System\hlZRXRt.exe
  C:\Windows\System\hlZRXRt.exe
  2⤵
  PID:12860
- C:\Windows\System\eBhfPgn.exe
  C:\Windows\System\eBhfPgn.exe
  2⤵
  PID:12880
- C:\Windows\System\YNcRfeL.exe
  C:\Windows\System\YNcRfeL.exe
  2⤵
  PID:12912
- C:\Windows\System\VfmKzOW.exe
  C:\Windows\System\VfmKzOW.exe
  2⤵
  PID:12936
- C:\Windows\System\hCPwrXL.exe
  C:\Windows\System\hCPwrXL.exe
  2⤵
  PID:12964
- C:\Windows\System\eCjlRvW.exe
  C:\Windows\System\eCjlRvW.exe
  2⤵
  PID:12996
- C:\Windows\System\qNxjTMZ.exe
  C:\Windows\System\qNxjTMZ.exe
  2⤵
  PID:13024
- C:\Windows\System\vxVTcUD.exe
  C:\Windows\System\vxVTcUD.exe
  2⤵
  PID:13060
- C:\Windows\System\zLiomSQ.exe
  C:\Windows\System\zLiomSQ.exe
  2⤵
  PID:13088
- C:\Windows\System\xjZVWfk.exe
  C:\Windows\System\xjZVWfk.exe
  2⤵
  PID:13104
- C:\Windows\System\BSvCkNz.exe
  C:\Windows\System\BSvCkNz.exe
  2⤵
  PID:13140
- C:\Windows\System\zIJgxdI.exe
  C:\Windows\System\zIJgxdI.exe
  2⤵
  PID:13172
- C:\Windows\System\UuFXmwt.exe
  C:\Windows\System\UuFXmwt.exe
  2⤵
  PID:13200
- C:\Windows\System\OFbUpxy.exe
  C:\Windows\System\OFbUpxy.exe
  2⤵
  PID:13228
- C:\Windows\System\OAhEQcT.exe
  C:\Windows\System\OAhEQcT.exe
  2⤵
  PID:13256
- C:\Windows\System\zJyrjzq.exe
  C:\Windows\System\zJyrjzq.exe
  2⤵
  PID:13276
- C:\Windows\System\DeoXXez.exe
  C:\Windows\System\DeoXXez.exe
  2⤵
  PID:13308
- C:\Windows\System\OhOhYIa.exe
  C:\Windows\System\OhOhYIa.exe
  2⤵
  PID:3052
- C:\Windows\System\hKLgvQf.exe
  C:\Windows\System\hKLgvQf.exe
  2⤵
  PID:12368
- C:\Windows\System\HpgNyge.exe
  C:\Windows\System\HpgNyge.exe
  2⤵
  PID:12440
- C:\Windows\System\Mzdvzeb.exe
  C:\Windows\System\Mzdvzeb.exe
  2⤵
  PID:12520
- C:\Windows\System\shqpvnV.exe
  C:\Windows\System\shqpvnV.exe
  2⤵
  PID:12576
- C:\Windows\System\BjtoIAg.exe
  C:\Windows\System\BjtoIAg.exe
  2⤵
  PID:12628
- C:\Windows\System\DXWfpxv.exe
  C:\Windows\System\DXWfpxv.exe
  2⤵
  PID:12688
- C:\Windows\System\aVcpSQK.exe
  C:\Windows\System\aVcpSQK.exe
  2⤵
  PID:12752
- C:\Windows\System\sshNMgy.exe
  C:\Windows\System\sshNMgy.exe
  2⤵
  PID:12852
- C:\Windows\System\gdbqrkX.exe
  C:\Windows\System\gdbqrkX.exe
  2⤵
  PID:12920
- C:\Windows\System\spwCVBh.exe
  C:\Windows\System\spwCVBh.exe
  2⤵
  PID:12956
- C:\Windows\System\RRFSaFS.exe
  C:\Windows\System\RRFSaFS.exe
  2⤵
  PID:12988
- C:\Windows\System\OBYFkTx.exe
  C:\Windows\System\OBYFkTx.exe
  2⤵
  PID:13012
- C:\Windows\System\HOjwYLd.exe
  C:\Windows\System\HOjwYLd.exe
  2⤵
  PID:13096
- C:\Windows\System\rPdXBcI.exe
  C:\Windows\System\rPdXBcI.exe
  2⤵
  PID:13196
- C:\Windows\System\ViHmaFw.exe
  C:\Windows\System\ViHmaFw.exe
  2⤵
  PID:13268
- C:\Windows\System\HVbUtfU.exe
  C:\Windows\System\HVbUtfU.exe
  2⤵
  PID:12300
- C:\Windows\System\awfKTBI.exe
  C:\Windows\System\awfKTBI.exe
  2⤵
  PID:12488
- C:\Windows\System\GssFPGF.exe
  C:\Windows\System\GssFPGF.exe
  2⤵
  PID:12540
- C:\Windows\System\jZBcfUo.exe
  C:\Windows\System\jZBcfUo.exe
  2⤵
  PID:12800
- C:\Windows\System\pjzejIE.exe
  C:\Windows\System\pjzejIE.exe
  2⤵
  PID:12924
- C:\Windows\System\nfkAaID.exe
  C:\Windows\System\nfkAaID.exe
  2⤵
  PID:13072
- C:\Windows\System\hkJbscW.exe
  C:\Windows\System\hkJbscW.exe
  2⤵
  PID:13148
- C:\Windows\System\aqWAejE.exe
  C:\Windows\System\aqWAejE.exe
  2⤵
  PID:11328
- C:\Windows\System\asJbAqX.exe
  C:\Windows\System\asJbAqX.exe
  2⤵
  PID:11904
- C:\Windows\System\nfhtFOm.exe
  C:\Windows\System\nfhtFOm.exe
  2⤵
  PID:12572
- C:\Windows\System\dmVopUP.exe
  C:\Windows\System\dmVopUP.exe
  2⤵
  PID:12892
- C:\Windows\System\fUWSqtK.exe
  C:\Windows\System\fUWSqtK.exe
  2⤵
  PID:12976
- C:\Windows\System\rpoYEhc.exe
  C:\Windows\System\rpoYEhc.exe
  2⤵
  PID:13336
- C:\Windows\System\othkRLj.exe
  C:\Windows\System\othkRLj.exe
  2⤵
  PID:13368
- C:\Windows\System\VaUhAQl.exe
  C:\Windows\System\VaUhAQl.exe
  2⤵
  PID:13388
- C:\Windows\System\NGPOipc.exe
  C:\Windows\System\NGPOipc.exe
  2⤵
  PID:13408
- C:\Windows\System\OxRGChF.exe
  C:\Windows\System\OxRGChF.exe
  2⤵
  PID:13440
- C:\Windows\System\aJblxWW.exe
  C:\Windows\System\aJblxWW.exe
  2⤵
  PID:13484
- C:\Windows\System\BQBlypB.exe
  C:\Windows\System\BQBlypB.exe
  2⤵
  PID:13512
- C:\Windows\System\jlolDoX.exe
  C:\Windows\System\jlolDoX.exe
  2⤵
  PID:13552
- C:\Windows\System\cJmIKOB.exe
  C:\Windows\System\cJmIKOB.exe
  2⤵
  PID:13592
- C:\Windows\System\WCvacnh.exe
  C:\Windows\System\WCvacnh.exe
  2⤵
  PID:13620
- C:\Windows\System\nnkPisN.exe
  C:\Windows\System\nnkPisN.exe
  2⤵
  PID:13660
- C:\Windows\System\SdcwGhz.exe
  C:\Windows\System\SdcwGhz.exe
  2⤵
  PID:13700
- C:\Windows\System\wPmpZlH.exe
  C:\Windows\System\wPmpZlH.exe
  2⤵
  PID:13716
- C:\Windows\System\nsqFLYU.exe
  C:\Windows\System\nsqFLYU.exe
  2⤵
  PID:13732
- C:\Windows\System\mfdnUWS.exe
  C:\Windows\System\mfdnUWS.exe
  2⤵
  PID:13748
- C:\Windows\System\hxegQFQ.exe
  C:\Windows\System\hxegQFQ.exe
  2⤵
  PID:13772
- C:\Windows\System\ilLHxkz.exe
  C:\Windows\System\ilLHxkz.exe
  2⤵
  PID:13800
- C:\Windows\System\XuaXeMp.exe
  C:\Windows\System\XuaXeMp.exe
  2⤵
  PID:13840
- C:\Windows\System\IPMrYIG.exe
  C:\Windows\System\IPMrYIG.exe
  2⤵
  PID:13872
- C:\Windows\System\TVlTFIX.exe
  C:\Windows\System\TVlTFIX.exe
  2⤵
  PID:13908
- C:\Windows\System\afaEYZE.exe
  C:\Windows\System\afaEYZE.exe
  2⤵
  PID:13944
- C:\Windows\System\bRdDsfX.exe
  C:\Windows\System\bRdDsfX.exe
  2⤵
  PID:13972
- C:\Windows\System\HYwJpiG.exe
  C:\Windows\System\HYwJpiG.exe
  2⤵
  PID:14012
- C:\Windows\System\lcJTeZO.exe
  C:\Windows\System\lcJTeZO.exe
  2⤵
  PID:14040
- C:\Windows\System\tamiqQt.exe
  C:\Windows\System\tamiqQt.exe
  2⤵
  PID:14068
- C:\Windows\System\ygkbsHd.exe
  C:\Windows\System\ygkbsHd.exe
  2⤵
  PID:14096
- C:\Windows\System\AlxwzIw.exe
  C:\Windows\System\AlxwzIw.exe
  2⤵
  PID:14120
- C:\Windows\System\zmpSZzC.exe
  C:\Windows\System\zmpSZzC.exe
  2⤵
  PID:14156
- C:\Windows\System\xLKnjKx.exe
  C:\Windows\System\xLKnjKx.exe
  2⤵
  PID:14184
- C:\Windows\System\gclcnwo.exe
  C:\Windows\System\gclcnwo.exe
  2⤵
  PID:14212
- C:\Windows\System\bZVWNkD.exe
  C:\Windows\System\bZVWNkD.exe
  2⤵
  PID:14240
- C:\Windows\System\EhplkAQ.exe
  C:\Windows\System\EhplkAQ.exe
  2⤵
  PID:14256
- C:\Windows\System\ZPAHaDA.exe
  C:\Windows\System\ZPAHaDA.exe
  2⤵
  PID:14284
- C:\Windows\System\rhooVmU.exe
  C:\Windows\System\rhooVmU.exe
  2⤵
  PID:14308
- C:\Windows\System\yOOjvKs.exe
  C:\Windows\System\yOOjvKs.exe
  2⤵
  PID:14328
- C:\Windows\System\afscwkK.exe
  C:\Windows\System\afscwkK.exe
  2⤵
  PID:12808
- C:\Windows\System\oAoUfLJ.exe
  C:\Windows\System\oAoUfLJ.exe
  2⤵
  PID:13324
- C:\Windows\System\DppIFGa.exe
  C:\Windows\System\DppIFGa.exe
  2⤵
  PID:13432
- C:\Windows\System\SNeKnEg.exe
  C:\Windows\System\SNeKnEg.exe
  2⤵
  PID:13536
- C:\Windows\System\MAHJYTx.exe
  C:\Windows\System\MAHJYTx.exe
  2⤵
  PID:13564
- C:\Windows\System\gjcRPnG.exe
  C:\Windows\System\gjcRPnG.exe
  2⤵
  PID:13672
- C:\Windows\System\VhQFESx.exe
  C:\Windows\System\VhQFESx.exe
  2⤵
  PID:4576
- C:\Windows\System\OrThiYE.exe
  C:\Windows\System\OrThiYE.exe
  2⤵
  PID:776
- C:\Windows\System\ZtFdDuM.exe
  C:\Windows\System\ZtFdDuM.exe
  2⤵
  PID:13820
- C:\Windows\System\BBCddGp.exe
  C:\Windows\System\BBCddGp.exe
  2⤵
  PID:13784
- C:\Windows\System\aUnigHN.exe
  C:\Windows\System\aUnigHN.exe
  2⤵
  PID:13824
- C:\Windows\System\mboDleO.exe
  C:\Windows\System\mboDleO.exe
  2⤵
  PID:13932
- C:\Windows\System\zVGbJfY.exe
  C:\Windows\System\zVGbJfY.exe
  2⤵
  PID:14028
- C:\Windows\System\hgHicKI.exe
  C:\Windows\System\hgHicKI.exe
  2⤵
  PID:14080
- C:\Windows\System\VWedJap.exe
  C:\Windows\System\VWedJap.exe
  2⤵
  PID:14172
- C:\Windows\System\GZudMxK.exe
  C:\Windows\System\GZudMxK.exe
  2⤵
  PID:14208
- C:\Windows\System\XzPAxHD.exe
  C:\Windows\System\XzPAxHD.exe
  2⤵
  PID:14268
- C:\Windows\System\BQHfiac.exe
  C:\Windows\System\BQHfiac.exe
  2⤵
  PID:14304
- C:\Windows\System\ipklglJ.exe
  C:\Windows\System\ipklglJ.exe
  2⤵
  PID:13380
- C:\Windows\System\IHTxSCL.exe
  C:\Windows\System\IHTxSCL.exe
  2⤵
  PID:13584
- C:\Windows\System\rmDQkqd.exe
  C:\Windows\System\rmDQkqd.exe
  2⤵
  PID:13708
- C:\Windows\System\scWiZIU.exe
  C:\Windows\System\scWiZIU.exe
  2⤵
  PID:3492
- C:\Windows\System\xOnGHJX.exe
  C:\Windows\System\xOnGHJX.exe
  2⤵
  PID:13920
- C:\Windows\System\Nlddbqg.exe
  C:\Windows\System\Nlddbqg.exe
  2⤵
  PID:13928
- C:\Windows\System\MoPHUMN.exe
  C:\Windows\System\MoPHUMN.exe
  2⤵
  PID:14148
- C:\Windows\System\zzftCTW.exe
  C:\Windows\System\zzftCTW.exe
  2⤵
  PID:14296
- C:\Windows\System\jhlFylP.exe
  C:\Windows\System\jhlFylP.exe
  2⤵
  PID:13384
- C:\Windows\System\HoYmkBB.exe
  C:\Windows\System\HoYmkBB.exe
  2⤵
  PID:13796
- C:\Windows\System\hrxPvLR.exe
  C:\Windows\System\hrxPvLR.exe
  2⤵
  PID:13352
- C:\Windows\System\wPHtsDB.exe
  C:\Windows\System\wPHtsDB.exe
  2⤵
  PID:3504
- C:\Windows\System\RDWMUpe.exe
  C:\Windows\System\RDWMUpe.exe
  2⤵
  PID:3596
- C:\Windows\System\ejZaMEW.exe
  C:\Windows\System\ejZaMEW.exe
  2⤵
  PID:14352
- C:\Windows\System\zpybEhE.exe
  C:\Windows\System\zpybEhE.exe
  2⤵
  PID:14384
- C:\Windows\System\TYikLpI.exe
  C:\Windows\System\TYikLpI.exe
  2⤵
  PID:14412
- C:\Windows\System\ASeEvar.exe
  C:\Windows\System\ASeEvar.exe
  2⤵
  PID:14428
- C:\Windows\System\pfPOBtR.exe
  C:\Windows\System\pfPOBtR.exe
  2⤵
  PID:14464
- C:\Windows\System\XYTslID.exe
  C:\Windows\System\XYTslID.exe
  2⤵
  PID:14484
- C:\Windows\System\opkIzkb.exe
  C:\Windows\System\opkIzkb.exe
  2⤵
  PID:14536
- C:\Windows\System\FEMFsbq.exe
  C:\Windows\System\FEMFsbq.exe
  2⤵
  PID:14552
- C:\Windows\System\SEFRzCT.exe
  C:\Windows\System\SEFRzCT.exe
  2⤵
  PID:14580
- C:\Windows\System\fsDuqcl.exe
  C:\Windows\System\fsDuqcl.exe
  2⤵
  PID:14596
- C:\Windows\System\qyQJMrM.exe
  C:\Windows\System\qyQJMrM.exe
  2⤵
  PID:14616

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BKWLAjd.exe

Filesize
2.4MB

MD5
c303c96ed2c52ef39f25cca259a83873

SHA1
97968f4a2b6538363fec6f439648b6388f0e3053

SHA256
9bb2663076ddcb03dbc8544d05e846951100050218cde091e74a079638d8791c

SHA512
70311356560531296ae16f0216b11da3783197cb18843d81f2c5e0ce8fa7d6530f066d6d09281047708889a049de97fb421de926a12ffa942bd536c3f17fd0b9

Download Submit
C:\Windows\System\BMhJFDd.exe

Filesize
2.4MB

MD5
accaba6220dfbc92ee67a4ffc983cfb8

SHA1
790ea328bd10be4c824fa54ecca1799e498fbfd4

SHA256
4a098ba29ac7daea44ff1c40d9ec834de0cff19a8549c67623aee4d4c734ecac

SHA512
6bbe48af0ba5266d9aea1c4b6c0dc27334d1fde8ca9d01517b01d9ed0b7155309c0dbfca01ad0f309639a90244f489a834b2aecbc1f796ac86b413989d6d08a6

Download Submit
C:\Windows\System\BdwxgbM.exe

Filesize
2.4MB

MD5
dac0b64fd86d3e217ff42c08c5018a8a

SHA1
cc8e95a49e71dc17ec9ad146138c3f0f5e66e189

SHA256
d8814cfc9c3640e873bdea65f22323b52739c012220d101c1ed097dc3ab21852

SHA512
33d1186dc851831a1818e367aa9e68d0490c507d2d5d552191f78c4900fe3833bc4860444cff646d8d64de88e64e757119595844a09b23a24db8fa551a180d06

Download Submit
C:\Windows\System\CPhYqBS.exe

Filesize
2.4MB

MD5
e0e3109350876b3df3689f485312cff1

SHA1
22b4f16e7848f0004c4dc01fc88ff2d9bddd784f

SHA256
35196e13033c2ff91d8b25f442f5dd144f9058612ebce326ebe4255bac331d41

SHA512
1771ef580d1450c330ec244d30408fb4b415edd19475afa225345c25ecfaca34b0a5cf022bf7690ed0d207ba60c5ec1f491e70292b0291d844320723dfc33455

Download Submit
C:\Windows\System\DTsSxQB.exe

Filesize
2.4MB

MD5
58ca9424ca365edf1df20312839eb579

SHA1
ef5a2e2f9395c6d683a49b4f953c16a53aeddc8e

SHA256
ba2014a2721a6b54c2fd522cc6ea88368eb7f3152a9b2084c3cf5d567376d291

SHA512
4b102e31a5f0b131ab074c702cbc3edb1ddee4e5540d885415c9da688f5f0d16ca641884b63a90ffb4de95908d65489ddfd2708f97e7ae31b53449995344270f

Download Submit
C:\Windows\System\DWaBpgb.exe

Filesize
2.4MB

MD5
f3b1e48c3ee04b1879c3dfb16c708de9

SHA1
d8de554d76991f23c9c69df98cc2b2d28320175e

SHA256
1492445bb84532231cc250f02f4731c4ece11f1b1c710279cc2ff6c76649b1ee

SHA512
8cf2060060bd57d594152c29bd0567ff805923739ee41aa3461ffbc0abd9cc5b63c8b23a8c1d522cbb7b5f5d3a1bd3e0e8d0926e16ec6bd5058d1a5f546037a5

Download Submit
C:\Windows\System\EhiHkdx.exe

Filesize
2.4MB

MD5
340c2b7da0bb9f3d9aac564a6266825f

SHA1
1918a22d4b0c1378153e2c5d59e66f3b5051fdd4

SHA256
a2042879b1d290ecf0ce6ee9f0c0603b2a31a326c55c55dd4f8f41db83cf9c7a

SHA512
49a74fe1581bd3a85a0dc04c0c853569be1bb69c8fe52d4f716e42d27e9fe9c910111d8f6e2b122244ea53dfc8b8f19e0f2b8c637e4479b65f5e421e986784fe

Download Submit
C:\Windows\System\FbQnpve.exe

Filesize
2.4MB

MD5
af4867019118ba7074ffa11235cd463e

SHA1
9bd13eacf9b9cc200f117fb0cac735b743666c27

SHA256
24733a33261e72343973212f5095e8848d63a8396729d6fa3b3a7cf3a2bd0dcd

SHA512
b13e122be054d0f5d4d1edd063c4282eda7ec43d5a47d4e29ec6c11562ceb0e85374e58560138e3487e76699e5392ba6bc7f54101fab54d62085b14e84611dc2

Download Submit
C:\Windows\System\GDMmihl.exe

Filesize
2.4MB

MD5
b999a41b5aee2bc1fee47385d285203b

SHA1
89db7a18595d92e61226bf7ace025bfa675de2ba

SHA256
03ebb1df8ce5eace4f9a65cea1ff579228f541a57726e0153076f93297a25945

SHA512
236dfcfdca066ae2ec927515730576cea8681613ff795d0d8ca009a505acb9041b9d4088539e519dc0ba93ddaa67202f015236ef7ef3c939b395507403082936

Download Submit
C:\Windows\System\MCQdCcA.exe

Filesize
2.4MB

MD5
7cb366071e31aee50695fa334c75e86e

SHA1
addee04f00dd896fe2b0a45409d5a97b39e0d110

SHA256
ac9a7688b7809e92af23cf915b87ea170890cd838cf990a41b119b525702544a

SHA512
159446416ef5d98d2bb4e3e03bdbd07b377a8b49e96ac40241204c95a96757cfbf1e643c71877823a06fd380f14c53ca1d0d005b07e9ee89a74d9d00ab3e34f3

Download Submit
C:\Windows\System\NIrVdWI.exe

Filesize
2.4MB

MD5
64911a383cfc3b67a6dea2a78a32ba33

SHA1
29091acb815c75c149c24ced89f7bdb570c659ac

SHA256
5d6c17be3d8ae2c898ca43285660f808b6e725c2b33c07b1135a7ec6febebbd6

SHA512
96040ab408d016cef731d66589c7b240df1cb9b9ea9599806b9ec02343dc0bb4d5dea914c769ae96d01f4ce3ef0c6f1d0fc316c8a598213e57c5569dc9eea1f6

Download Submit
C:\Windows\System\NOzASvU.exe

Filesize
2.4MB

MD5
faacd2c14fd7a2295754dbab3506c64e

SHA1
9e72df945255a367eac40ab5c49ebecd490dabf6

SHA256
eba5b1f1824d2c73532ec24c9879ad7ddc99a5ee6af40be8537aa774c5cd763f

SHA512
e6273c663b5f718a602899caa14a4188ac0e14422fbd9b584ae6a2c418a0984b3c81ee2ed325838b28270bded50b0e8569d27f20f07e5983a52bbc9e5ffc884c

Download Submit
C:\Windows\System\OtRmjOq.exe

Filesize
2.4MB

MD5
163fc4028643e8447046bfe785894258

SHA1
69ac43f91ed3ba34f754fb916f07f43808c0eb11

SHA256
9ffc3d9c1309ff5aad0bbe2aaa9ba7785781a0485daf3b4b733d3a56b168449c

SHA512
46eee8ab7fd6ab263908a100f673f1d79e776ea5d97c26fb2cb3ec6945ca31d77d0b858e82134c3b2f5f2cd3b9a597249507454fb6c93af6333171be255f7fa1

Download Submit
C:\Windows\System\QWcdSqJ.exe

Filesize
2.4MB

MD5
7de48dfa89a0c01977db635a3277d588

SHA1
69e669c068230d2bff600c183b8a4c0799d21754

SHA256
83e19c04246e0a5add04f948eb1c236fd9559aa49aa0db8089a37a7b9b3dc0bc

SHA512
27a8fc50602d21d2f84fa1cc6139f927a83092c4927681b402952aeca1732b2d1c3c3e94449fc7dcec1591cbce34e5297730fa59044f9daf18584204bbaddb23

Download Submit
C:\Windows\System\QiyfcEk.exe

Filesize
2.4MB

MD5
3b4e8dc2f09adecc21a63d4efa71d911

SHA1
c33c2fba0d55ba26beaa111a53edfa778737a821

SHA256
4bbf38c460e44355674dca4e35d2b941441bc79a6e71a724cec91cc7023c67c9

SHA512
176fe29d4da9101d43b9e30e6ebfb6468ed7af7b2eba69bc0818c656169b3c04ab65a89fbc4640e2e29ac52937b3c1f58e25d57fffebb8612b86da8c19473072

Download Submit
C:\Windows\System\RIkcBTN.exe

Filesize
2.4MB

MD5
579f165855c186702df3f5424c6b51ba

SHA1
1cc52d94d3a8c932d2e79228522bcddaa84ed144

SHA256
b52ac1b30a46e5f4ccc12e4e376e821e392fb3e366cd5c49bcc22a5a899fbcd2

SHA512
8275dcf4436ebf60a0d256c8f2ccf919e92a43fbedcef3f5496daeba7022655d0794ee198e0fa9646bf6ddb357f45c2b27a9cad451e37de06d220022db9ab345

Download Submit
C:\Windows\System\UYIUYaX.exe

Filesize
2.4MB

MD5
8c54c678b92212f9cac70462a381a283

SHA1
ccf1b180c23951862e848e22e6421fa8442b9f85

SHA256
baa236b3a93936f0e3087476aa800639b2a8a301abe055768c61599d40c89f1f

SHA512
199a953850c1c1d2f2c897737da6445d428fa80b5313d0df420c73a57e53ffa2baece86d1ee9d878e4872d6a909138096579ff81c4d1bcc58f17d253b0e2a533

Download Submit
C:\Windows\System\UrxAFcR.exe

Filesize
2.4MB

MD5
f44f4221552d57f5170f3f5fa5f71e0b

SHA1
749b7e99a3f20ca7abcf272746de23fef2d40ed4

SHA256
de9f4d545139e12f5363b18fbe14144126146e1f48afd10084dca933425e08db

SHA512
90a8f339d1d2b702b72c413d6ec87eacf1f6d86fbee4bfc9ebdbaf77c233d6c8b7f8a83f9792d45ad0946a0d5894d40393a8a25d628231e9c445dd157b4facfe

Download Submit
C:\Windows\System\VqnqqfM.exe

Filesize
2.4MB

MD5
07d7b6291cfd275e323b2423ceb29d0c

SHA1
1ce6bb513b937bdb1a589918d251f0a146fe31a6

SHA256
2994671db5e39db793606fc8440b96a510672f29223334e5903d909da47d58d1

SHA512
9bd454b1e606ef99211b48e2b3528a16a2c0a76be9c987e1fb5156fb65840d83a813df63b9c452260165b4cb69c7d7b604c367c8b38c3217a576cad9cb5e2d90

Download Submit
C:\Windows\System\XUJZqkt.exe

Filesize
2.4MB

MD5
ebfda48bf9b66061064852eadbabb34b

SHA1
0a2671d515b5d6582f4d21568a780936301eab6f

SHA256
d9a32153854ec4570f1ad837aaffd8c656e3c47ba6600038d3af8b19e3945c95

SHA512
58b33df5e6eb1183d1da3da224eb2e33eacaa5da067766d9292e0b5b53b7a5431e39a716fc034b0bb42aa33d7ddea44e5c00753475c58cea8dc958026f4035a5

Download Submit
C:\Windows\System\YoZyxuE.exe

Filesize
2.4MB

MD5
1172f0e7ddb7c93efc091a5484b536f6

SHA1
57cf17dda9c71073ac2bf7b55074febbea5ebcb2

SHA256
966b3977f316278307635ab5b51943c2f62b5eeb576bbb366b15978c0cb858e3

SHA512
46120c727ec7e60f4de5539843d0413fa7350ccb96b01d58bb1dd46a1e4d8859954e0cbd94de8f9903643c9b90db024afa8799d8c0e0abfbd9a80dbeb4d763e6

Download Submit
C:\Windows\System\bVBJWWo.exe

Filesize
2.4MB

MD5
7175ca76e259ffd5704a1463856a6a8e

SHA1
4337f5e0a5f2129524ba34edc57d6bf718bc0017

SHA256
f118c349aab6a0571f734e9ab74b0733d323443c25989369159e266ca0002431

SHA512
cc019848f4314ac521f317808d691145ad7184f99acf07f0836306872dd2ee68f5cf5f45d72ed4faf62fc18560c176ace2250e562badfcdb26995fa0036984df

Download Submit
C:\Windows\System\cbEjCPT.exe

Filesize
2.4MB

MD5
ccb376eb0226336477e3a708cb121a2b

SHA1
07ac8ad45b6e2046817529b8b70e99bbab83db1e

SHA256
5e669178e8093b12cc1de172635b7faf3d5a7eea5e6646e2e1b09eda19d549b0

SHA512
71871c29da038064a75bc30e05f59ec8473ed7636dd441d2f3c3dae893c7e64931b5e206234a470cc19bbff7b0da65534ce799b307bf7f92f7439d2471681be3

Download Submit
C:\Windows\System\ceNzhJJ.exe

Filesize
2.4MB

MD5
eb7e4429a25b50b83991605a4cb154a1

SHA1
b9eb85675558652ff9fc3ef2edbf91ca7da67fe2

SHA256
d30d0d8e6295993e4c5ea29132955c2d84e8d096c1b5539a35d70d42fdc84565

SHA512
088dc8afc77a755e1b05bc65dde022ae67d95fcf8e11fbf1f23564f8089727582aa31faba9a3e567781e3660a492f8e0dfd04201843d189bad44168acf720acb

Download Submit
C:\Windows\System\cyALRpg.exe

Filesize
2.4MB

MD5
8a8520ce4adaafe290e1e56e88c3d8cb

SHA1
585c93d959be668f6bbe953a079980016d49ae40

SHA256
c507c6e90d5add01616f3e30a27afedf5692c68a57a7f67c53bb86c3c55f451e

SHA512
164af73690102b7ba7c1d6fce4a9a6e748569d31ac432b3bbb8d59e593e39a0fc2fbdfa0802ff416ce5fe3c80bd1ba5b4ccb6c7bcab2908232b83696452830e7

Download Submit
C:\Windows\System\fPaXgyn.exe

Filesize
2.4MB

MD5
341f93e27d55fa2750147aa14154a8ec

SHA1
f3d4229ce7ea97d4010893351c972a07a2ddb979

SHA256
e44579fef023bac3f771aa4bb029223a11e14853365a0526aac09e020ef373e5

SHA512
7852e072a3aab338d485e14d9aa82d93f24518a1fc848be7d5fd9b073900ced4f4e1a2a9230b0593578ee3d8463e21f5e797f0a8e3b94d00c15f0434692a9220

Download Submit
C:\Windows\System\fRgYjbX.exe

Filesize
2.4MB

MD5
b11193b339a1e28d8203c2f7fa9be90d

SHA1
2c88c3a2ddb96802d62a2484a16d09e1db1ddc4f

SHA256
4bb9412b52173b964020ad8029ef31fcfdef8f09f41bccf8812811cbbdcf6258

SHA512
acf62c764311048e342f93d17cbb597f65138794f04b57df0fee8d1ea5c27c1015b8a169bb945de2d3628625f02e6a549dd58062ed1e726b95b720ebb4784c9f

Download Submit
C:\Windows\System\hXKyFfD.exe

Filesize
2.4MB

MD5
d396a5dfe544e262d16b4505b33176f1

SHA1
b1673e83dca54fa6912123b809d4cf6c08e7c51a

SHA256
0d438d4907eef74fef7e8545a00ebc23369aaed6664fc5f8a8fc024da3b3b8e7

SHA512
535062d87f9c701444d125e1026d38652eb71ce5052981472b5316a1c4e69b8a0d0dccece5f78378f828af048f3c275f8c42506ac8a9ffb4c57ba4b7b2bc4a28

Download Submit
C:\Windows\System\iyUMSCv.exe

Filesize
2.4MB

MD5
73f7803ba0f1015457d683ffe1945875

SHA1
b4491848d48deeb53e743d119dd590af4d5bf36c

SHA256
b2510443e323c0bece950ac5b5ee8e55e2c3fa061c227549bf4b1068dd0c75f0

SHA512
ef8f85dd87b624d8fa64bcc3b1c15411bdd5e85c6433a5ca3b8e70a67efa9162a6f275b9b1b40d7762742d3483e8a89eaad8f7b3dc95c2dc7c788adac83abee3

Download Submit
C:\Windows\System\klXQVNx.exe

Filesize
2.4MB

MD5
01a00180b56ec9c993dfed524e14cd7e

SHA1
4e4c756b78f8ea819113bf492f591ef3a6d822b9

SHA256
9898b5b68e1d16c96b9c82f3e23a09e5f162d660f84f0563b85984f588b0c02f

SHA512
d2fd25c95cb65427ca0a051eb661b987213f96d2264920bc326c8bec8c1084d40fc1a8cddf86844b3ed8aa2c7754773546c2e8ba49466586d46cf8a6c47619a8

Download Submit
C:\Windows\System\lblHzlp.exe

Filesize
2.4MB

MD5
c95b02d3dd68b83dc94cf88fade319da

SHA1
05064e945a4a7ad7fb6250a9e0b88ec5eb7ffb70

SHA256
243e83ce84182711de7ada839a730a46d15ea0b0422e56e09ea947f24929ce32

SHA512
e1a94f0d418ab93358fdf01e19c2700582e4e4cdf6d06b46e8fe5bba7647473fbcb044ed73e0ec2f57f48007d8637a3b501308d8b57e905f0eeafc590156977d

Download Submit
C:\Windows\System\liuqcdF.exe

Filesize
2.4MB

MD5
c3092d0a3a72172758c2c986be8ca0ac

SHA1
36160020a66b5f896a63bef7d4d39fa74cf5ccb0

SHA256
640cb5bddfe28a6174f39852169ac874d38c39fda2a5f10952e0b250c17f19e7

SHA512
b2bbb7d2692eaf04685815b5d456f953bf1f8af7ef2ca875ebf881d8534d4b1d7fe4c9d29b3db6268c6f06e901a39b684f5364c733edeeb916405189f1d51871

Download Submit
C:\Windows\System\mxkPCBT.exe

Filesize
2.4MB

MD5
8d4f45b590cef3a001493f688a5ffc9d

SHA1
a47663b4806c4f636eb13ecdb057e0e86dea2a61

SHA256
f43a3cf490f15e1ff1f486cc182cbe97df14c0fd4d5bc9492fcdbf2b9751fcc8

SHA512
614a0e63bcf9f07020bd16346325a59a196c874f9ed869079fa488c4a924b7d61fd2543224f85b03fdc72aa5c73d1c1811c072b5421220ff0a0555070be2ae52

Download Submit
C:\Windows\System\ndNeSvB.exe

Filesize
2.4MB

MD5
eb256891237249c228471f374ed1e630

SHA1
bbce413b5ef81a23a5bce85b6d3e8170a5fcf3d0

SHA256
05fdf049776f19d7d1e4d0dbb350dc274b151aaae57205df9f61e343391fbb86

SHA512
6ac4714ba0c0b4f4dc7c999ac3324a4c6e0b148cd8a0bcc02e6f09b04a323a54318fb4baf042f9084a99bdf3eeb1bde2cc1f2066ab77094a4461d7c3f2a3895d

Download Submit
C:\Windows\System\pXAOQod.exe

Filesize
2.4MB

MD5
b44a700349767474fbd85d04eef616d7

SHA1
7e5965996859c00fe3699ec8b55d0cb0f460401b

SHA256
20886f75b22fb95f4adf84897dc34bea6b0ace538aafafd59e6b12059fec5ac7

SHA512
34df1ebbd9f944163b51140fb13516cbb0b2e33a821c8cd0e2a932a0a2ca129905a8fbfd09a8ca11a00e564ef5878e50296230bb7620dc3c0e3dc15cfc7b1ca4

Download Submit
C:\Windows\System\uQYtdQs.exe

Filesize
2.4MB

MD5
0c56d5a43bd782c1500dec9b98c2ef37

SHA1
fb13a39a8a02c12ff66512690d5ec2775a6a9190

SHA256
d18f5bfe75d56e9a902fbfe3da345cda93315a53107b77878441a0e6bdf25f29

SHA512
15786bea389770ab7aa808cfdf483d2e73e1a66cc1049c99d1842f13c03f7dc70fc3b70713681e872004bfa1897b5ffef61861e12053df81618487897fd6c4e5

Download Submit
C:\Windows\System\wqAiTdX.exe

Filesize
2.4MB

MD5
2a59c7d4483bde1d5430f404454522fe

SHA1
60e07e9e55c4d3d1e1c82a70a0ecd72adf84ce78

SHA256
a998509be5b79980f34c86a9f7ff99cf620aa7d14e5586efa499f7801228c9ce

SHA512
a8a835532844c9b01e42cf39b052aa591e3879d9a8eb6b67b5562fb1a742c5880ab9bdcd0fa7a425a77bbd4338bea6f7a2902b10f0a9ff16dcd7394930563e7c

Download Submit
C:\Windows\System\xgXlNxV.exe

Filesize
2.4MB

MD5
46bc4c83e866c956394c6cb26ef5bbfd

SHA1
e93d433f9fdecbffc92b9a7d0cfc80c1c32640e3

SHA256
b31590d0128ae0d4c46b559a3f5d6291c8b3d9c0bcb2b44bf951e67fc770a849

SHA512
a5fb1a8ceb82c9a7e530c331797b6b937684133862f73978c064313f5ac9777a5a3e98b851c72114a65db962f828e760e54353ad6360906072da7dbf6fa3ac8c

Download Submit
C:\Windows\System\yBPjSdF.exe

Filesize
2.4MB

MD5
c0a573d878d8ca0c81bd8252ed0cb8bd

SHA1
d79af32ef0293137cbc46cf8c1d52fbc59481328

SHA256
d18406182cdc718ab5c31c22c76f2216a131ddfa35e2b2b8fb99458886d1823e

SHA512
15984e31aa6d326c86fd76dfa40659cb3de0d9098889d3f8d48959085347313343b49565844aae70eb415d07d935aeba3a6bf80d59036de4c9d41f5a4f11f27e

Download Submit
C:\Windows\System\ywFCybH.exe

Filesize
2.4MB

MD5
8ebc7c8ae7cf7699925625471a63f7d1

SHA1
894ee0700600796ee7ba001f68c826972e829891

SHA256
d607d8e20abd2309d9245d96adb9ab36bad0e8349df73432b3dcae74f6d89ecf

SHA512
b84de5afdfe5cb56c474d1246b8b4bb0a318776dcc463bee4cf1aa6fd483feb2e4a74dd4d9ef42bf10c6ee5e1daa4a69d56b8cdd32bef797bcf3924884cc85df

Download Submit
memory/400-0-0x00007FF6D3370000-0x00007FF6D36C4000-memory.dmp

Filesize
3.3MB

Download
memory/400-1-0x0000020DE5880000-0x0000020DE5890000-memory.dmp

Filesize
64KB

Download
memory/424-2128-0x00007FF65C250000-0x00007FF65C5A4000-memory.dmp

Filesize
3.3MB

Download
memory/424-235-0x00007FF65C250000-0x00007FF65C5A4000-memory.dmp

Filesize
3.3MB

Download
memory/524-2131-0x00007FF779810000-0x00007FF779B64000-memory.dmp

Filesize
3.3MB

Download
memory/524-230-0x00007FF779810000-0x00007FF779B64000-memory.dmp

Filesize
3.3MB

Download
memory/684-2107-0x00007FF7F4BE0000-0x00007FF7F4F34000-memory.dmp

Filesize
3.3MB

Download
memory/684-237-0x00007FF7F4BE0000-0x00007FF7F4F34000-memory.dmp

Filesize
3.3MB

Download
memory/876-236-0x00007FF63F8D0000-0x00007FF63FC24000-memory.dmp

Filesize
3.3MB

Download
memory/876-2129-0x00007FF63F8D0000-0x00007FF63FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2111-0x00007FF6786B0000-0x00007FF678A04000-memory.dmp

Filesize
3.3MB

Download
memory/1012-91-0x00007FF6786B0000-0x00007FF678A04000-memory.dmp

Filesize
3.3MB

Download
memory/1036-207-0x00007FF79D290000-0x00007FF79D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2118-0x00007FF79D290000-0x00007FF79D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2132-0x00007FF6B99A0000-0x00007FF6B9CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-234-0x00007FF6B99A0000-0x00007FF6B9CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-136-0x00007FF6C6C90000-0x00007FF6C6FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2117-0x00007FF6C6C90000-0x00007FF6C6FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-107-0x00007FF7B5120000-0x00007FF7B5474000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2113-0x00007FF7B5120000-0x00007FF7B5474000-memory.dmp

Filesize
3.3MB

Download
memory/1692-232-0x00007FF67C390000-0x00007FF67C6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2120-0x00007FF67C390000-0x00007FF67C6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-29-0x00007FF68C7F0000-0x00007FF68CB44000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2109-0x00007FF68C7F0000-0x00007FF68CB44000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2101-0x00007FF68C7F0000-0x00007FF68CB44000-memory.dmp

Filesize
3.3MB

Download
memory/1744-229-0x00007FF7B8370000-0x00007FF7B86C4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2122-0x00007FF7B8370000-0x00007FF7B86C4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2110-0x00007FF6EB8F0000-0x00007FF6EBC44000-memory.dmp

Filesize
3.3MB

Download
memory/2132-75-0x00007FF6EB8F0000-0x00007FF6EBC44000-memory.dmp

Filesize
3.3MB

Download
memory/2348-26-0x00007FF6E2370000-0x00007FF6E26C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2106-0x00007FF6E2370000-0x00007FF6E26C4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2119-0x00007FF7837E0000-0x00007FF783B34000-memory.dmp

Filesize
3.3MB

Download
memory/2508-233-0x00007FF7837E0000-0x00007FF783B34000-memory.dmp

Filesize
3.3MB

Download
memory/2804-166-0x00007FF696530000-0x00007FF696884000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2116-0x00007FF696530000-0x00007FF696884000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2115-0x00007FF666730000-0x00007FF666A84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-238-0x00007FF666730000-0x00007FF666A84000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2125-0x00007FF63F0F0000-0x00007FF63F444000-memory.dmp

Filesize
3.3MB

Download
memory/2964-240-0x00007FF63F0F0000-0x00007FF63F444000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2130-0x00007FF693850000-0x00007FF693BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-231-0x00007FF693850000-0x00007FF693BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2103-0x00007FF6744E0000-0x00007FF674834000-memory.dmp

Filesize
3.3MB

Download
memory/3756-63-0x00007FF6744E0000-0x00007FF674834000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2112-0x00007FF6744E0000-0x00007FF674834000-memory.dmp

Filesize
3.3MB

Download
memory/4084-206-0x00007FF669870000-0x00007FF669BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4084-2126-0x00007FF669870000-0x00007FF669BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4176-2127-0x00007FF784B40000-0x00007FF784E94000-memory.dmp

Filesize
3.3MB

Download
memory/4176-242-0x00007FF784B40000-0x00007FF784E94000-memory.dmp

Filesize
3.3MB

Download
memory/4480-2108-0x00007FF6C5F80000-0x00007FF6C62D4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-2102-0x00007FF6C5F80000-0x00007FF6C62D4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-52-0x00007FF6C5F80000-0x00007FF6C62D4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-218-0x00007FF679DF0000-0x00007FF67A144000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2124-0x00007FF679DF0000-0x00007FF67A144000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2114-0x00007FF7214B0000-0x00007FF721804000-memory.dmp

Filesize
3.3MB

Download
memory/4788-239-0x00007FF7214B0000-0x00007FF721804000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2104-0x00007FF6B35B0000-0x00007FF6B3904000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2099-0x00007FF6B35B0000-0x00007FF6B3904000-memory.dmp

Filesize
3.3MB

Download
memory/4844-11-0x00007FF6B35B0000-0x00007FF6B3904000-memory.dmp

Filesize
3.3MB

Download
memory/4904-241-0x00007FF6881D0000-0x00007FF688524000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2121-0x00007FF6881D0000-0x00007FF688524000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2105-0x00007FF7AD370000-0x00007FF7AD6C4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-20-0x00007FF7AD370000-0x00007FF7AD6C4000-memory.dmp

Filesize
3.3MB

Download
memory/5096-226-0x00007FF6670B0000-0x00007FF667404000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2123-0x00007FF6670B0000-0x00007FF667404000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads