xmrig | f45e370a475fe8e8dcedbc9622f2cb3949bea2dc04097ce4559acb4ca9efd2b8

Analysis

max time kernel
133s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
Size

1.2MB
MD5

40d7324cf1672286abb079ca04a8f8c0
SHA1

11b078c46f49726200f4bf7c77a92627fa30212f
SHA256

f45e370a475fe8e8dcedbc9622f2cb3949bea2dc04097ce4559acb4ca9efd2b8
SHA512

3daaf6f60808ca64741b5290fe164fa385931edce0572e52e198bfbd8e8d9d81abf243548e5dbc77faffd4965ac4e5914c27d8190106e9842dacc9c99aceb9a4
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727uROGdN1W/x5qrWHptxyOZ/9hIdxohr3:ROdWCCi7/rahwNGx5/eTE

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/4552-16-0x00007FF725250000-0x00007FF7255A1000-memory.dmp	xmrig
behavioral2/memory/4804-92-0x00007FF699AE0000-0x00007FF699E31000-memory.dmp	xmrig
behavioral2/memory/2936-197-0x00007FF6C1160000-0x00007FF6C14B1000-memory.dmp	xmrig
behavioral2/memory/1908-191-0x00007FF606950000-0x00007FF606CA1000-memory.dmp	xmrig
behavioral2/memory/1060-190-0x00007FF71D7B0000-0x00007FF71DB01000-memory.dmp	xmrig
behavioral2/memory/4424-184-0x00007FF766BF0000-0x00007FF766F41000-memory.dmp	xmrig
behavioral2/memory/1784-172-0x00007FF7E14E0000-0x00007FF7E1831000-memory.dmp	xmrig
behavioral2/memory/4548-171-0x00007FF7AA950000-0x00007FF7AACA1000-memory.dmp	xmrig
behavioral2/memory/392-160-0x00007FF655900000-0x00007FF655C51000-memory.dmp	xmrig
behavioral2/memory/3304-154-0x00007FF6D51D0000-0x00007FF6D5521000-memory.dmp	xmrig
behavioral2/memory/1416-153-0x00007FF726D50000-0x00007FF7270A1000-memory.dmp	xmrig
behavioral2/memory/452-147-0x00007FF694A50000-0x00007FF694DA1000-memory.dmp	xmrig
behavioral2/memory/2716-141-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp	xmrig
behavioral2/memory/5096-135-0x00007FF695D40000-0x00007FF696091000-memory.dmp	xmrig
behavioral2/memory/3720-134-0x00007FF76F280000-0x00007FF76F5D1000-memory.dmp	xmrig
behavioral2/memory/1624-123-0x00007FF61FEA0000-0x00007FF6201F1000-memory.dmp	xmrig
behavioral2/memory/4280-122-0x00007FF76C730000-0x00007FF76CA81000-memory.dmp	xmrig
behavioral2/memory/1600-116-0x00007FF62CD00000-0x00007FF62D051000-memory.dmp	xmrig
behavioral2/memory/3972-110-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp	xmrig
behavioral2/memory/4676-104-0x00007FF73CDA0000-0x00007FF73D0F1000-memory.dmp	xmrig
behavioral2/memory/1928-98-0x00007FF6C3260000-0x00007FF6C35B1000-memory.dmp	xmrig
behavioral2/memory/2352-91-0x00007FF6DECF0000-0x00007FF6DF041000-memory.dmp	xmrig
behavioral2/memory/692-85-0x00007FF769060000-0x00007FF7693B1000-memory.dmp	xmrig
behavioral2/memory/3888-33-0x00007FF61E4A0000-0x00007FF61E7F1000-memory.dmp	xmrig
behavioral2/memory/3700-2150-0x00007FF74EF00000-0x00007FF74F251000-memory.dmp	xmrig
behavioral2/memory/1192-2149-0x00007FF7A94D0000-0x00007FF7A9821000-memory.dmp	xmrig
behavioral2/memory/2552-2304-0x00007FF791920000-0x00007FF791C71000-memory.dmp	xmrig
behavioral2/memory/3748-2303-0x00007FF6A7440000-0x00007FF6A7791000-memory.dmp	xmrig
behavioral2/memory/4552-2339-0x00007FF725250000-0x00007FF7255A1000-memory.dmp	xmrig
behavioral2/memory/3888-2341-0x00007FF61E4A0000-0x00007FF61E7F1000-memory.dmp	xmrig
behavioral2/memory/1908-2343-0x00007FF606950000-0x00007FF606CA1000-memory.dmp	xmrig
behavioral2/memory/1192-2346-0x00007FF7A94D0000-0x00007FF7A9821000-memory.dmp	xmrig
behavioral2/memory/2936-2348-0x00007FF6C1160000-0x00007FF6C14B1000-memory.dmp	xmrig
behavioral2/memory/4676-2401-0x00007FF73CDA0000-0x00007FF73D0F1000-memory.dmp	xmrig
behavioral2/memory/2552-2399-0x00007FF791920000-0x00007FF791C71000-memory.dmp	xmrig
behavioral2/memory/1764-2397-0x00007FF60ACF0000-0x00007FF60B041000-memory.dmp	xmrig
behavioral2/memory/1928-2409-0x00007FF6C3260000-0x00007FF6C35B1000-memory.dmp	xmrig
behavioral2/memory/1600-2413-0x00007FF62CD00000-0x00007FF62D051000-memory.dmp	xmrig
behavioral2/memory/3972-2411-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp	xmrig
behavioral2/memory/4280-2415-0x00007FF76C730000-0x00007FF76CA81000-memory.dmp	xmrig
behavioral2/memory/2352-2407-0x00007FF6DECF0000-0x00007FF6DF041000-memory.dmp	xmrig
behavioral2/memory/3748-2392-0x00007FF6A7440000-0x00007FF6A7791000-memory.dmp	xmrig
behavioral2/memory/3700-2390-0x00007FF74EF00000-0x00007FF74F251000-memory.dmp	xmrig
behavioral2/memory/4804-2405-0x00007FF699AE0000-0x00007FF699E31000-memory.dmp	xmrig
behavioral2/memory/692-2403-0x00007FF769060000-0x00007FF7693B1000-memory.dmp	xmrig
behavioral2/memory/4548-2427-0x00007FF7AA950000-0x00007FF7AACA1000-memory.dmp	xmrig
behavioral2/memory/1060-2440-0x00007FF71D7B0000-0x00007FF71DB01000-memory.dmp	xmrig
behavioral2/memory/1416-2435-0x00007FF726D50000-0x00007FF7270A1000-memory.dmp	xmrig
behavioral2/memory/2716-2425-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp	xmrig
behavioral2/memory/1580-2439-0x00007FF603E90000-0x00007FF6041E1000-memory.dmp	xmrig
behavioral2/memory/452-2433-0x00007FF694A50000-0x00007FF694DA1000-memory.dmp	xmrig
behavioral2/memory/3304-2431-0x00007FF6D51D0000-0x00007FF6D5521000-memory.dmp	xmrig
behavioral2/memory/392-2429-0x00007FF655900000-0x00007FF655C51000-memory.dmp	xmrig
behavioral2/memory/1624-2421-0x00007FF61FEA0000-0x00007FF6201F1000-memory.dmp	xmrig
behavioral2/memory/3720-2419-0x00007FF76F280000-0x00007FF76F5D1000-memory.dmp	xmrig
behavioral2/memory/1784-2423-0x00007FF7E14E0000-0x00007FF7E1831000-memory.dmp	xmrig
behavioral2/memory/5096-2417-0x00007FF695D40000-0x00007FF696091000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4552	VEvusQB.exe
3888	MFuDpbo.exe
1908	BOePEsQ.exe
1192	qPiFYIZ.exe
2936	LhBDQVh.exe
3700	SELoQKL.exe
3748	gYHQtnT.exe
2552	vOPNand.exe
1764	XnIhqHW.exe
4676	LZlcwcs.exe
692	DPONbmz.exe
2352	GPlcjrn.exe
4804	UCcItYn.exe
1928	gNnJLcJ.exe
3972	GolzqlP.exe
1600	wPpbwbn.exe
4280	ODPGmDW.exe
1624	VVaupzm.exe
3720	dgVZvkL.exe
5096	ilGpyaX.exe
2716	fCNmmom.exe
452	UmqtZoQ.exe
1416	ztrvdws.exe
3304	kpfCRSS.exe
392	bKhcwQa.exe
4548	oHLZZca.exe
1784	sCLZCPD.exe
1580	ogHKjbm.exe
1060	zipvmSp.exe
1276	VbUGnCm.exe
3900	umrDJbm.exe
3236	zodJEyd.exe
1868	qhRsmxR.exe
4460	aMgMUcH.exe
3336	olJacFV.exe
1724	vufDQcC.exe
2428	ruzfcPf.exe
612	teCAGsJ.exe
4104	CAAdQud.exe
2876	MsVpVNg.exe
3756	PBcEqoq.exe
4928	IcLOlFa.exe
1096	XhuLPGE.exe
1744	kRNCkng.exe
4668	YnFqDno.exe
4200	JDHAnIz.exe
4748	IQizhSq.exe
2992	EmEvUyj.exe
4220	iRNSHKm.exe
1344	eBEgels.exe
3088	QZWetDU.exe
4008	uDATaVp.exe
3924	WOJsqRi.exe
3380	exVDPDu.exe
5024	ElttQeF.exe
728	xAQiJtM.exe
5000	TXATqng.exe
2508	HgncKft.exe
2384	niVAJdO.exe
3572	iTifeId.exe
2700	yRVnVCp.exe
3608	lUdqEaI.exe
756	LzJKYxp.exe
4036	uNrXkgT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4424-0-0x00007FF766BF0000-0x00007FF766F41000-memory.dmp	upx
behavioral2/files/0x00080000000233f9-5.dat	upx
behavioral2/files/0x00070000000233fe-8.dat	upx
behavioral2/memory/4552-16-0x00007FF725250000-0x00007FF7255A1000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-31.dat	upx
behavioral2/files/0x0007000000023402-37.dat	upx
behavioral2/memory/1764-48-0x00007FF60ACF0000-0x00007FF60B041000-memory.dmp	upx
behavioral2/files/0x0007000000023406-66.dat	upx
behavioral2/memory/4804-92-0x00007FF699AE0000-0x00007FF699E31000-memory.dmp	upx
behavioral2/files/0x000700000002340e-117.dat	upx
behavioral2/files/0x0007000000023411-126.dat	upx
behavioral2/files/0x0007000000023415-150.dat	upx
behavioral2/files/0x0007000000023417-163.dat	upx
behavioral2/memory/2936-197-0x00007FF6C1160000-0x00007FF6C14B1000-memory.dmp	upx
behavioral2/files/0x000700000002341c-194.dat	upx
behavioral2/files/0x000700000002341a-192.dat	upx
behavioral2/memory/1908-191-0x00007FF606950000-0x00007FF606CA1000-memory.dmp	upx
behavioral2/memory/1060-190-0x00007FF71D7B0000-0x00007FF71DB01000-memory.dmp	upx
behavioral2/files/0x000700000002341b-187.dat	upx
behavioral2/files/0x0007000000023419-185.dat	upx
behavioral2/memory/4424-184-0x00007FF766BF0000-0x00007FF766F41000-memory.dmp	upx
behavioral2/files/0x0007000000023418-179.dat	upx
behavioral2/memory/1580-178-0x00007FF603E90000-0x00007FF6041E1000-memory.dmp	upx
behavioral2/memory/1784-172-0x00007FF7E14E0000-0x00007FF7E1831000-memory.dmp	upx
behavioral2/memory/4548-171-0x00007FF7AA950000-0x00007FF7AACA1000-memory.dmp	upx
behavioral2/files/0x0007000000023416-166.dat	upx
behavioral2/memory/392-160-0x00007FF655900000-0x00007FF655C51000-memory.dmp	upx
behavioral2/files/0x0007000000023414-155.dat	upx
behavioral2/memory/3304-154-0x00007FF6D51D0000-0x00007FF6D5521000-memory.dmp	upx
behavioral2/memory/1416-153-0x00007FF726D50000-0x00007FF7270A1000-memory.dmp	upx
behavioral2/files/0x0007000000023413-148.dat	upx
behavioral2/memory/452-147-0x00007FF694A50000-0x00007FF694DA1000-memory.dmp	upx
behavioral2/files/0x0007000000023412-142.dat	upx
behavioral2/memory/2716-141-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp	upx
behavioral2/memory/5096-135-0x00007FF695D40000-0x00007FF696091000-memory.dmp	upx
behavioral2/memory/3720-134-0x00007FF76F280000-0x00007FF76F5D1000-memory.dmp	upx
behavioral2/files/0x0007000000023410-129.dat	upx
behavioral2/files/0x000700000002340f-124.dat	upx
behavioral2/memory/1624-123-0x00007FF61FEA0000-0x00007FF6201F1000-memory.dmp	upx
behavioral2/memory/4280-122-0x00007FF76C730000-0x00007FF76CA81000-memory.dmp	upx
behavioral2/memory/1600-116-0x00007FF62CD00000-0x00007FF62D051000-memory.dmp	upx
behavioral2/files/0x000700000002340d-111.dat	upx
behavioral2/memory/3972-110-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp	upx
behavioral2/files/0x000700000002340c-105.dat	upx
behavioral2/memory/4676-104-0x00007FF73CDA0000-0x00007FF73D0F1000-memory.dmp	upx
behavioral2/files/0x000700000002340b-99.dat	upx
behavioral2/memory/1928-98-0x00007FF6C3260000-0x00007FF6C35B1000-memory.dmp	upx
behavioral2/files/0x000700000002340a-93.dat	upx
behavioral2/memory/2352-91-0x00007FF6DECF0000-0x00007FF6DF041000-memory.dmp	upx
behavioral2/files/0x0007000000023409-86.dat	upx
behavioral2/memory/692-85-0x00007FF769060000-0x00007FF7693B1000-memory.dmp	upx
behavioral2/files/0x0007000000023408-80.dat	upx
behavioral2/files/0x0007000000023407-78.dat	upx
behavioral2/memory/2552-68-0x00007FF791920000-0x00007FF791C71000-memory.dmp	upx
behavioral2/files/0x0007000000023405-62.dat	upx
behavioral2/files/0x0007000000023404-58.dat	upx
behavioral2/files/0x0007000000023403-57.dat	upx
behavioral2/files/0x0007000000023401-44.dat	upx
behavioral2/memory/3748-43-0x00007FF6A7440000-0x00007FF6A7791000-memory.dmp	upx
behavioral2/memory/3700-40-0x00007FF74EF00000-0x00007FF74F251000-memory.dmp	upx
behavioral2/memory/1192-34-0x00007FF7A94D0000-0x00007FF7A9821000-memory.dmp	upx
behavioral2/memory/3888-33-0x00007FF61E4A0000-0x00007FF61E7F1000-memory.dmp	upx
behavioral2/files/0x0007000000023400-35.dat	upx
behavioral2/memory/2936-28-0x00007FF6C1160000-0x00007FF6C14B1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VtFKlSC.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\XMgWReS.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\EeTYfnd.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\OCrhZZN.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\bjydRCR.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\loVpAcf.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\dpHoOvC.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\yuWdJwZ.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\Oaqrzhj.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\AryavNU.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\GIBVbCi.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\YFJgXbg.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\rZTNxIe.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\IDfKizk.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\OzCnPNB.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\OjnMRGK.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\ODPGmDW.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\AGwJrqO.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\URQNOpp.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\UCcItYn.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\KRsqBAE.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\wuvEtLq.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\AyEcaue.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\tIqjCSu.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\mILkUXd.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\FkAlGwW.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\FGgzjJx.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\nnZbYBU.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\IuCnNpH.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\IUDghQi.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\pTdaRYV.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\ObdGtUR.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\qHrPpPv.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\OwKjXct.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\OhYTBkt.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\VYsKrDC.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\wdQsJcN.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\ogHKjbm.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZwNwZBl.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\AByaGDN.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\Ikcszht.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\AUcIVNu.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\EPRZXHJ.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\NhrvEzI.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\boOmXot.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\COHHngy.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\NunCqUU.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\GIJMHUL.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\sFWeqlO.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\ipfCMnA.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\uTzDcXF.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\xfGkDST.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\FyILvID.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\MvcSItm.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\dBowYCF.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\aZtnzVn.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\kldJfFd.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\FCohCac.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\abKApMA.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\sCLZCPD.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\Yehfypo.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZyTKdVo.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\RWIYxcj.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
File created	C:\Windows\System\gcXQXFw.exe	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15220	dwm.exe
Token: SeChangeNotifyPrivilege	15220	dwm.exe
Token: 33	15220	dwm.exe
Token: SeIncBasePriorityPrivilege	15220	dwm.exe
Token: SeShutdownPrivilege	15220	dwm.exe
Token: SeCreatePagefilePrivilege	15220	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4552	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	84
PID 4424 wrote to memory of 4552	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	84
PID 4424 wrote to memory of 3888	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	85
PID 4424 wrote to memory of 3888	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	85
PID 4424 wrote to memory of 1908	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	86
PID 4424 wrote to memory of 1908	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	86
PID 4424 wrote to memory of 1192	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	87
PID 4424 wrote to memory of 1192	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	87
PID 4424 wrote to memory of 2936	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	88
PID 4424 wrote to memory of 2936	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	88
PID 4424 wrote to memory of 3700	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	89
PID 4424 wrote to memory of 3700	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	89
PID 4424 wrote to memory of 3748	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	90
PID 4424 wrote to memory of 3748	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	90
PID 4424 wrote to memory of 2552	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	91
PID 4424 wrote to memory of 2552	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	91
PID 4424 wrote to memory of 1764	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	92
PID 4424 wrote to memory of 1764	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	92
PID 4424 wrote to memory of 4676	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	93
PID 4424 wrote to memory of 4676	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	93
PID 4424 wrote to memory of 692	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	94
PID 4424 wrote to memory of 692	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	94
PID 4424 wrote to memory of 2352	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	95
PID 4424 wrote to memory of 2352	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	95
PID 4424 wrote to memory of 4804	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	96
PID 4424 wrote to memory of 4804	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	96
PID 4424 wrote to memory of 1928	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	97
PID 4424 wrote to memory of 1928	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	97
PID 4424 wrote to memory of 3972	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	98
PID 4424 wrote to memory of 3972	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	98
PID 4424 wrote to memory of 1600	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	99
PID 4424 wrote to memory of 1600	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	99
PID 4424 wrote to memory of 4280	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	100
PID 4424 wrote to memory of 4280	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	100
PID 4424 wrote to memory of 1624	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	101
PID 4424 wrote to memory of 1624	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	101
PID 4424 wrote to memory of 3720	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	102
PID 4424 wrote to memory of 3720	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	102
PID 4424 wrote to memory of 5096	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	103
PID 4424 wrote to memory of 5096	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	103
PID 4424 wrote to memory of 2716	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	104
PID 4424 wrote to memory of 2716	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	104
PID 4424 wrote to memory of 452	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	105
PID 4424 wrote to memory of 452	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	105
PID 4424 wrote to memory of 1416	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	106
PID 4424 wrote to memory of 1416	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	106
PID 4424 wrote to memory of 3304	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	107
PID 4424 wrote to memory of 3304	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	107
PID 4424 wrote to memory of 392	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	108
PID 4424 wrote to memory of 392	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	108
PID 4424 wrote to memory of 4548	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	109
PID 4424 wrote to memory of 4548	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	109
PID 4424 wrote to memory of 1784	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	110
PID 4424 wrote to memory of 1784	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	110
PID 4424 wrote to memory of 1580	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	111
PID 4424 wrote to memory of 1580	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	111
PID 4424 wrote to memory of 1060	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	112
PID 4424 wrote to memory of 1060	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	112
PID 4424 wrote to memory of 1276	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	113
PID 4424 wrote to memory of 1276	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	113
PID 4424 wrote to memory of 3900	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	114
PID 4424 wrote to memory of 3900	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	114
PID 4424 wrote to memory of 3236	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	115
PID 4424 wrote to memory of 3236	4424	40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\40d7324cf1672286abb079ca04a8f8c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\System\VEvusQB.exe
  C:\Windows\System\VEvusQB.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\MFuDpbo.exe
  C:\Windows\System\MFuDpbo.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\BOePEsQ.exe
  C:\Windows\System\BOePEsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\qPiFYIZ.exe
  C:\Windows\System\qPiFYIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\LhBDQVh.exe
  C:\Windows\System\LhBDQVh.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\SELoQKL.exe
  C:\Windows\System\SELoQKL.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\gYHQtnT.exe
  C:\Windows\System\gYHQtnT.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\vOPNand.exe
  C:\Windows\System\vOPNand.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\XnIhqHW.exe
  C:\Windows\System\XnIhqHW.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\LZlcwcs.exe
  C:\Windows\System\LZlcwcs.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\DPONbmz.exe
  C:\Windows\System\DPONbmz.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\GPlcjrn.exe
  C:\Windows\System\GPlcjrn.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\UCcItYn.exe
  C:\Windows\System\UCcItYn.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\gNnJLcJ.exe
  C:\Windows\System\gNnJLcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\GolzqlP.exe
  C:\Windows\System\GolzqlP.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\wPpbwbn.exe
  C:\Windows\System\wPpbwbn.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ODPGmDW.exe
  C:\Windows\System\ODPGmDW.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\VVaupzm.exe
  C:\Windows\System\VVaupzm.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\dgVZvkL.exe
  C:\Windows\System\dgVZvkL.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\ilGpyaX.exe
  C:\Windows\System\ilGpyaX.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\fCNmmom.exe
  C:\Windows\System\fCNmmom.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\UmqtZoQ.exe
  C:\Windows\System\UmqtZoQ.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ztrvdws.exe
  C:\Windows\System\ztrvdws.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\kpfCRSS.exe
  C:\Windows\System\kpfCRSS.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\bKhcwQa.exe
  C:\Windows\System\bKhcwQa.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\oHLZZca.exe
  C:\Windows\System\oHLZZca.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\sCLZCPD.exe
  C:\Windows\System\sCLZCPD.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ogHKjbm.exe
  C:\Windows\System\ogHKjbm.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\zipvmSp.exe
  C:\Windows\System\zipvmSp.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\VbUGnCm.exe
  C:\Windows\System\VbUGnCm.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\umrDJbm.exe
  C:\Windows\System\umrDJbm.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\zodJEyd.exe
  C:\Windows\System\zodJEyd.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\qhRsmxR.exe
  C:\Windows\System\qhRsmxR.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\aMgMUcH.exe
  C:\Windows\System\aMgMUcH.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\olJacFV.exe
  C:\Windows\System\olJacFV.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\vufDQcC.exe
  C:\Windows\System\vufDQcC.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ruzfcPf.exe
  C:\Windows\System\ruzfcPf.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\teCAGsJ.exe
  C:\Windows\System\teCAGsJ.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\CAAdQud.exe
  C:\Windows\System\CAAdQud.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\MsVpVNg.exe
  C:\Windows\System\MsVpVNg.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\PBcEqoq.exe
  C:\Windows\System\PBcEqoq.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\IcLOlFa.exe
  C:\Windows\System\IcLOlFa.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\XhuLPGE.exe
  C:\Windows\System\XhuLPGE.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\kRNCkng.exe
  C:\Windows\System\kRNCkng.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\YnFqDno.exe
  C:\Windows\System\YnFqDno.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\JDHAnIz.exe
  C:\Windows\System\JDHAnIz.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\IQizhSq.exe
  C:\Windows\System\IQizhSq.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\EmEvUyj.exe
  C:\Windows\System\EmEvUyj.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\iRNSHKm.exe
  C:\Windows\System\iRNSHKm.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\eBEgels.exe
  C:\Windows\System\eBEgels.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\QZWetDU.exe
  C:\Windows\System\QZWetDU.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\uDATaVp.exe
  C:\Windows\System\uDATaVp.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\WOJsqRi.exe
  C:\Windows\System\WOJsqRi.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\exVDPDu.exe
  C:\Windows\System\exVDPDu.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\ElttQeF.exe
  C:\Windows\System\ElttQeF.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\xAQiJtM.exe
  C:\Windows\System\xAQiJtM.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\TXATqng.exe
  C:\Windows\System\TXATqng.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\HgncKft.exe
  C:\Windows\System\HgncKft.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\niVAJdO.exe
  C:\Windows\System\niVAJdO.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\iTifeId.exe
  C:\Windows\System\iTifeId.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\yRVnVCp.exe
  C:\Windows\System\yRVnVCp.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\lUdqEaI.exe
  C:\Windows\System\lUdqEaI.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\LzJKYxp.exe
  C:\Windows\System\LzJKYxp.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\uNrXkgT.exe
  C:\Windows\System\uNrXkgT.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\tFBgLKW.exe
  C:\Windows\System\tFBgLKW.exe
  2⤵
  PID:4044
- C:\Windows\System\piiMLto.exe
  C:\Windows\System\piiMLto.exe
  2⤵
  PID:2904
- C:\Windows\System\vfVYuuF.exe
  C:\Windows\System\vfVYuuF.exe
  2⤵
  PID:3772
- C:\Windows\System\GZKXkjb.exe
  C:\Windows\System\GZKXkjb.exe
  2⤵
  PID:4264
- C:\Windows\System\GevstZP.exe
  C:\Windows\System\GevstZP.exe
  2⤵
  PID:32
- C:\Windows\System\ugqVlCk.exe
  C:\Windows\System\ugqVlCk.exe
  2⤵
  PID:4736
- C:\Windows\System\xPHfugy.exe
  C:\Windows\System\xPHfugy.exe
  2⤵
  PID:5140
- C:\Windows\System\YzZhwRg.exe
  C:\Windows\System\YzZhwRg.exe
  2⤵
  PID:5172
- C:\Windows\System\BRKbTvg.exe
  C:\Windows\System\BRKbTvg.exe
  2⤵
  PID:5200
- C:\Windows\System\msxFakg.exe
  C:\Windows\System\msxFakg.exe
  2⤵
  PID:5228
- C:\Windows\System\Xehjoqj.exe
  C:\Windows\System\Xehjoqj.exe
  2⤵
  PID:5256
- C:\Windows\System\iVmZUlU.exe
  C:\Windows\System\iVmZUlU.exe
  2⤵
  PID:5280
- C:\Windows\System\YdBUQqD.exe
  C:\Windows\System\YdBUQqD.exe
  2⤵
  PID:5312
- C:\Windows\System\dSCekkm.exe
  C:\Windows\System\dSCekkm.exe
  2⤵
  PID:5340
- C:\Windows\System\KyUsDwg.exe
  C:\Windows\System\KyUsDwg.exe
  2⤵
  PID:5364
- C:\Windows\System\pOMSsab.exe
  C:\Windows\System\pOMSsab.exe
  2⤵
  PID:5396
- C:\Windows\System\lMbjyep.exe
  C:\Windows\System\lMbjyep.exe
  2⤵
  PID:5420
- C:\Windows\System\CHzcfbi.exe
  C:\Windows\System\CHzcfbi.exe
  2⤵
  PID:5448
- C:\Windows\System\WcQwDxG.exe
  C:\Windows\System\WcQwDxG.exe
  2⤵
  PID:5476
- C:\Windows\System\SfLJYxc.exe
  C:\Windows\System\SfLJYxc.exe
  2⤵
  PID:5500
- C:\Windows\System\qHrPpPv.exe
  C:\Windows\System\qHrPpPv.exe
  2⤵
  PID:5532
- C:\Windows\System\jGYWKVz.exe
  C:\Windows\System\jGYWKVz.exe
  2⤵
  PID:5560
- C:\Windows\System\cNCOUyU.exe
  C:\Windows\System\cNCOUyU.exe
  2⤵
  PID:5588
- C:\Windows\System\OgiOvpJ.exe
  C:\Windows\System\OgiOvpJ.exe
  2⤵
  PID:5616
- C:\Windows\System\cawjzlm.exe
  C:\Windows\System\cawjzlm.exe
  2⤵
  PID:5644
- C:\Windows\System\JPyuEuC.exe
  C:\Windows\System\JPyuEuC.exe
  2⤵
  PID:5672
- C:\Windows\System\yrwbfZU.exe
  C:\Windows\System\yrwbfZU.exe
  2⤵
  PID:5700
- C:\Windows\System\HHnwKrG.exe
  C:\Windows\System\HHnwKrG.exe
  2⤵
  PID:5732
- C:\Windows\System\UuvEdll.exe
  C:\Windows\System\UuvEdll.exe
  2⤵
  PID:5760
- C:\Windows\System\REvYPwx.exe
  C:\Windows\System\REvYPwx.exe
  2⤵
  PID:5784
- C:\Windows\System\RwRgzXY.exe
  C:\Windows\System\RwRgzXY.exe
  2⤵
  PID:5808
- C:\Windows\System\Yehfypo.exe
  C:\Windows\System\Yehfypo.exe
  2⤵
  PID:5844
- C:\Windows\System\adGLsUf.exe
  C:\Windows\System\adGLsUf.exe
  2⤵
  PID:5868
- C:\Windows\System\LhQsIvF.exe
  C:\Windows\System\LhQsIvF.exe
  2⤵
  PID:5900
- C:\Windows\System\atJhPLQ.exe
  C:\Windows\System\atJhPLQ.exe
  2⤵
  PID:5924
- C:\Windows\System\CkGDQHU.exe
  C:\Windows\System\CkGDQHU.exe
  2⤵
  PID:5948
- C:\Windows\System\FBLsUGR.exe
  C:\Windows\System\FBLsUGR.exe
  2⤵
  PID:5984
- C:\Windows\System\lVwezgj.exe
  C:\Windows\System\lVwezgj.exe
  2⤵
  PID:6012
- C:\Windows\System\JgaHTdS.exe
  C:\Windows\System\JgaHTdS.exe
  2⤵
  PID:6036
- C:\Windows\System\NhrvEzI.exe
  C:\Windows\System\NhrvEzI.exe
  2⤵
  PID:6072
- C:\Windows\System\NAoiZGf.exe
  C:\Windows\System\NAoiZGf.exe
  2⤵
  PID:6100
- C:\Windows\System\AwCrCQZ.exe
  C:\Windows\System\AwCrCQZ.exe
  2⤵
  PID:6128
- C:\Windows\System\ZaEYmxo.exe
  C:\Windows\System\ZaEYmxo.exe
  2⤵
  PID:1640
- C:\Windows\System\djzqTPk.exe
  C:\Windows\System\djzqTPk.exe
  2⤵
  PID:1816
- C:\Windows\System\AOWdrpp.exe
  C:\Windows\System\AOWdrpp.exe
  2⤵
  PID:3652
- C:\Windows\System\nAnwHWT.exe
  C:\Windows\System\nAnwHWT.exe
  2⤵
  PID:544
- C:\Windows\System\MFtpWhY.exe
  C:\Windows\System\MFtpWhY.exe
  2⤵
  PID:4236
- C:\Windows\System\LiCGfjX.exe
  C:\Windows\System\LiCGfjX.exe
  2⤵
  PID:2112
- C:\Windows\System\kldJfFd.exe
  C:\Windows\System\kldJfFd.exe
  2⤵
  PID:2900
- C:\Windows\System\TnVUJmN.exe
  C:\Windows\System\TnVUJmN.exe
  2⤵
  PID:5156
- C:\Windows\System\ZwNwZBl.exe
  C:\Windows\System\ZwNwZBl.exe
  2⤵
  PID:5208
- C:\Windows\System\NjEFBXW.exe
  C:\Windows\System\NjEFBXW.exe
  2⤵
  PID:5264
- C:\Windows\System\PQKBIkP.exe
  C:\Windows\System\PQKBIkP.exe
  2⤵
  PID:5328
- C:\Windows\System\IByWsJt.exe
  C:\Windows\System\IByWsJt.exe
  2⤵
  PID:5384
- C:\Windows\System\SGGkNvU.exe
  C:\Windows\System\SGGkNvU.exe
  2⤵
  PID:5440
- C:\Windows\System\nbQtclE.exe
  C:\Windows\System\nbQtclE.exe
  2⤵
  PID:5516
- C:\Windows\System\ZbclTCX.exe
  C:\Windows\System\ZbclTCX.exe
  2⤵
  PID:5576
- C:\Windows\System\NqoyLVJ.exe
  C:\Windows\System\NqoyLVJ.exe
  2⤵
  PID:5628
- C:\Windows\System\TtVftam.exe
  C:\Windows\System\TtVftam.exe
  2⤵
  PID:3056
- C:\Windows\System\zKEAjiL.exe
  C:\Windows\System\zKEAjiL.exe
  2⤵
  PID:5720
- C:\Windows\System\XMgWReS.exe
  C:\Windows\System\XMgWReS.exe
  2⤵
  PID:5796
- C:\Windows\System\inFbVeW.exe
  C:\Windows\System\inFbVeW.exe
  2⤵
  PID:5860
- C:\Windows\System\gUSUGis.exe
  C:\Windows\System\gUSUGis.exe
  2⤵
  PID:5936
- C:\Windows\System\BampheO.exe
  C:\Windows\System\BampheO.exe
  2⤵
  PID:5992
- C:\Windows\System\YEdQmkA.exe
  C:\Windows\System\YEdQmkA.exe
  2⤵
  PID:6052
- C:\Windows\System\tjDLXOE.exe
  C:\Windows\System\tjDLXOE.exe
  2⤵
  PID:1628
- C:\Windows\System\ljFtiAx.exe
  C:\Windows\System\ljFtiAx.exe
  2⤵
  PID:3112
- C:\Windows\System\AGwJrqO.exe
  C:\Windows\System\AGwJrqO.exe
  2⤵
  PID:2164
- C:\Windows\System\uqaqQSA.exe
  C:\Windows\System\uqaqQSA.exe
  2⤵
  PID:4356
- C:\Windows\System\JqAZFvP.exe
  C:\Windows\System\JqAZFvP.exe
  2⤵
  PID:5124
- C:\Windows\System\BzSUrkN.exe
  C:\Windows\System\BzSUrkN.exe
  2⤵
  PID:5188
- C:\Windows\System\BBAGRsm.exe
  C:\Windows\System\BBAGRsm.exe
  2⤵
  PID:5296
- C:\Windows\System\McYwUCT.exe
  C:\Windows\System\McYwUCT.exe
  2⤵
  PID:5432
- C:\Windows\System\EKjOyuP.exe
  C:\Windows\System\EKjOyuP.exe
  2⤵
  PID:5552
- C:\Windows\System\GZycrTi.exe
  C:\Windows\System\GZycrTi.exe
  2⤵
  PID:5664
- C:\Windows\System\MHhsVDX.exe
  C:\Windows\System\MHhsVDX.exe
  2⤵
  PID:5780
- C:\Windows\System\knbZxlf.exe
  C:\Windows\System\knbZxlf.exe
  2⤵
  PID:5908
- C:\Windows\System\PHslyxh.exe
  C:\Windows\System\PHslyxh.exe
  2⤵
  PID:5972
- C:\Windows\System\Rdqgcoi.exe
  C:\Windows\System\Rdqgcoi.exe
  2⤵
  PID:6088
- C:\Windows\System\mAhpuaG.exe
  C:\Windows\System\mAhpuaG.exe
  2⤵
  PID:4568
- C:\Windows\System\GLTgKlQ.exe
  C:\Windows\System\GLTgKlQ.exe
  2⤵
  PID:464
- C:\Windows\System\boOmXot.exe
  C:\Windows\System\boOmXot.exe
  2⤵
  PID:1608
- C:\Windows\System\vWbksbk.exe
  C:\Windows\System\vWbksbk.exe
  2⤵
  PID:5376
- C:\Windows\System\QtiobGr.exe
  C:\Windows\System\QtiobGr.exe
  2⤵
  PID:5604
- C:\Windows\System\avWYXpv.exe
  C:\Windows\System\avWYXpv.exe
  2⤵
  PID:380
- C:\Windows\System\EoEyAab.exe
  C:\Windows\System\EoEyAab.exe
  2⤵
  PID:6160
- C:\Windows\System\HndsjIu.exe
  C:\Windows\System\HndsjIu.exe
  2⤵
  PID:6192
- C:\Windows\System\wOKnEpi.exe
  C:\Windows\System\wOKnEpi.exe
  2⤵
  PID:6216
- C:\Windows\System\nnNRCmX.exe
  C:\Windows\System\nnNRCmX.exe
  2⤵
  PID:6248
- C:\Windows\System\BjaZgWW.exe
  C:\Windows\System\BjaZgWW.exe
  2⤵
  PID:6272
- C:\Windows\System\AryavNU.exe
  C:\Windows\System\AryavNU.exe
  2⤵
  PID:6300
- C:\Windows\System\lPnYRez.exe
  C:\Windows\System\lPnYRez.exe
  2⤵
  PID:6328
- C:\Windows\System\lJyJCdA.exe
  C:\Windows\System\lJyJCdA.exe
  2⤵
  PID:6360
- C:\Windows\System\LHNUzjW.exe
  C:\Windows\System\LHNUzjW.exe
  2⤵
  PID:6384
- C:\Windows\System\eAGzJQX.exe
  C:\Windows\System\eAGzJQX.exe
  2⤵
  PID:6412
- C:\Windows\System\FUmBimx.exe
  C:\Windows\System\FUmBimx.exe
  2⤵
  PID:6444
- C:\Windows\System\PquVfVq.exe
  C:\Windows\System\PquVfVq.exe
  2⤵
  PID:6472
- C:\Windows\System\nRKJVUJ.exe
  C:\Windows\System\nRKJVUJ.exe
  2⤵
  PID:6496
- C:\Windows\System\pBepYyV.exe
  C:\Windows\System\pBepYyV.exe
  2⤵
  PID:6524
- C:\Windows\System\PDhpzNM.exe
  C:\Windows\System\PDhpzNM.exe
  2⤵
  PID:6552
- C:\Windows\System\yXweOBt.exe
  C:\Windows\System\yXweOBt.exe
  2⤵
  PID:6580
- C:\Windows\System\Oaqrzhj.exe
  C:\Windows\System\Oaqrzhj.exe
  2⤵
  PID:6608
- C:\Windows\System\lpmzWbc.exe
  C:\Windows\System\lpmzWbc.exe
  2⤵
  PID:6636
- C:\Windows\System\LHTnicg.exe
  C:\Windows\System\LHTnicg.exe
  2⤵
  PID:6664
- C:\Windows\System\ipfCMnA.exe
  C:\Windows\System\ipfCMnA.exe
  2⤵
  PID:6692
- C:\Windows\System\RgCZhhU.exe
  C:\Windows\System\RgCZhhU.exe
  2⤵
  PID:6720
- C:\Windows\System\nGbvcxX.exe
  C:\Windows\System\nGbvcxX.exe
  2⤵
  PID:6748
- C:\Windows\System\AyEcaue.exe
  C:\Windows\System\AyEcaue.exe
  2⤵
  PID:6776
- C:\Windows\System\kMEBJxm.exe
  C:\Windows\System\kMEBJxm.exe
  2⤵
  PID:6804
- C:\Windows\System\uzvmukY.exe
  C:\Windows\System\uzvmukY.exe
  2⤵
  PID:6832
- C:\Windows\System\FTXXvBa.exe
  C:\Windows\System\FTXXvBa.exe
  2⤵
  PID:6860
- C:\Windows\System\iWFtwmp.exe
  C:\Windows\System\iWFtwmp.exe
  2⤵
  PID:6888
- C:\Windows\System\wfIvLgO.exe
  C:\Windows\System\wfIvLgO.exe
  2⤵
  PID:6920
- C:\Windows\System\FkAlGwW.exe
  C:\Windows\System\FkAlGwW.exe
  2⤵
  PID:6948
- C:\Windows\System\qjZCAcM.exe
  C:\Windows\System\qjZCAcM.exe
  2⤵
  PID:6976
- C:\Windows\System\nJbxLAZ.exe
  C:\Windows\System\nJbxLAZ.exe
  2⤵
  PID:7000
- C:\Windows\System\NPkGtkj.exe
  C:\Windows\System\NPkGtkj.exe
  2⤵
  PID:7028
- C:\Windows\System\MWSGeCW.exe
  C:\Windows\System\MWSGeCW.exe
  2⤵
  PID:7056
- C:\Windows\System\qNnxRHl.exe
  C:\Windows\System\qNnxRHl.exe
  2⤵
  PID:7084
- C:\Windows\System\eZsYimb.exe
  C:\Windows\System\eZsYimb.exe
  2⤵
  PID:7112
- C:\Windows\System\dZPXJRS.exe
  C:\Windows\System\dZPXJRS.exe
  2⤵
  PID:7144
- C:\Windows\System\gPPVHjA.exe
  C:\Windows\System\gPPVHjA.exe
  2⤵
  PID:5968
- C:\Windows\System\bDKSkNO.exe
  C:\Windows\System\bDKSkNO.exe
  2⤵
  PID:4064
- C:\Windows\System\CPEfILz.exe
  C:\Windows\System\CPEfILz.exe
  2⤵
  PID:4828
- C:\Windows\System\AjLVjjf.exe
  C:\Windows\System\AjLVjjf.exe
  2⤵
  PID:6208
- C:\Windows\System\xjhmjGt.exe
  C:\Windows\System\xjhmjGt.exe
  2⤵
  PID:2476
- C:\Windows\System\knLhUyH.exe
  C:\Windows\System\knLhUyH.exe
  2⤵
  PID:6240
- C:\Windows\System\wKBwAln.exe
  C:\Windows\System\wKBwAln.exe
  2⤵
  PID:6292
- C:\Windows\System\sMZwdGc.exe
  C:\Windows\System\sMZwdGc.exe
  2⤵
  PID:6348
- C:\Windows\System\FDRuWfC.exe
  C:\Windows\System\FDRuWfC.exe
  2⤵
  PID:6400
- C:\Windows\System\ECnQcxQ.exe
  C:\Windows\System\ECnQcxQ.exe
  2⤵
  PID:6436
- C:\Windows\System\bMaVbkC.exe
  C:\Windows\System\bMaVbkC.exe
  2⤵
  PID:6492
- C:\Windows\System\hWygGhd.exe
  C:\Windows\System\hWygGhd.exe
  2⤵
  PID:6568
- C:\Windows\System\FVFUyGH.exe
  C:\Windows\System\FVFUyGH.exe
  2⤵
  PID:6708
- C:\Windows\System\SJwsAgO.exe
  C:\Windows\System\SJwsAgO.exe
  2⤵
  PID:6768
- C:\Windows\System\uSQwQJD.exe
  C:\Windows\System\uSQwQJD.exe
  2⤵
  PID:6820
- C:\Windows\System\uRxMBdP.exe
  C:\Windows\System\uRxMBdP.exe
  2⤵
  PID:6856
- C:\Windows\System\jHBkoZJ.exe
  C:\Windows\System\jHBkoZJ.exe
  2⤵
  PID:6908
- C:\Windows\System\uTzDcXF.exe
  C:\Windows\System\uTzDcXF.exe
  2⤵
  PID:6996
- C:\Windows\System\NMUKvIv.exe
  C:\Windows\System\NMUKvIv.exe
  2⤵
  PID:7044
- C:\Windows\System\MRiDMFh.exe
  C:\Windows\System\MRiDMFh.exe
  2⤵
  PID:7076
- C:\Windows\System\EzZvAps.exe
  C:\Windows\System\EzZvAps.exe
  2⤵
  PID:7156
- C:\Windows\System\tmjWNzx.exe
  C:\Windows\System\tmjWNzx.exe
  2⤵
  PID:6068
- C:\Windows\System\vKbtNEc.exe
  C:\Windows\System\vKbtNEc.exe
  2⤵
  PID:5292
- C:\Windows\System\dcheSQV.exe
  C:\Windows\System\dcheSQV.exe
  2⤵
  PID:1284
- C:\Windows\System\YyhppvD.exe
  C:\Windows\System\YyhppvD.exe
  2⤵
  PID:5068
- C:\Windows\System\kpQkEXh.exe
  C:\Windows\System\kpQkEXh.exe
  2⤵
  PID:4672
- C:\Windows\System\ZRFuukO.exe
  C:\Windows\System\ZRFuukO.exe
  2⤵
  PID:2756
- C:\Windows\System\NHuBjUC.exe
  C:\Windows\System\NHuBjUC.exe
  2⤵
  PID:6204
- C:\Windows\System\EYsTFbI.exe
  C:\Windows\System\EYsTFbI.exe
  2⤵
  PID:6376
- C:\Windows\System\QPrpdWR.exe
  C:\Windows\System\QPrpdWR.exe
  2⤵
  PID:6600
- C:\Windows\System\TIDlaQf.exe
  C:\Windows\System\TIDlaQf.exe
  2⤵
  PID:6548
- C:\Windows\System\AByaGDN.exe
  C:\Windows\System\AByaGDN.exe
  2⤵
  PID:6880
- C:\Windows\System\iDvbXUd.exe
  C:\Windows\System\iDvbXUd.exe
  2⤵
  PID:6960
- C:\Windows\System\iQSWMHr.exe
  C:\Windows\System\iQSWMHr.exe
  2⤵
  PID:7072
- C:\Windows\System\hoRyNJB.exe
  C:\Windows\System\hoRyNJB.exe
  2⤵
  PID:6032
- C:\Windows\System\SMirIUn.exe
  C:\Windows\System\SMirIUn.exe
  2⤵
  PID:4492
- C:\Windows\System\HwiaTpX.exe
  C:\Windows\System\HwiaTpX.exe
  2⤵
  PID:1360
- C:\Windows\System\dhitTMg.exe
  C:\Windows\System\dhitTMg.exe
  2⤵
  PID:4528
- C:\Windows\System\DCwlMUS.exe
  C:\Windows\System\DCwlMUS.exe
  2⤵
  PID:6740
- C:\Windows\System\HlyxOzS.exe
  C:\Windows\System\HlyxOzS.exe
  2⤵
  PID:7024
- C:\Windows\System\rlhGlHZ.exe
  C:\Windows\System\rlhGlHZ.exe
  2⤵
  PID:7104
- C:\Windows\System\XAElTgS.exe
  C:\Windows\System\XAElTgS.exe
  2⤵
  PID:7184
- C:\Windows\System\OwKjXct.exe
  C:\Windows\System\OwKjXct.exe
  2⤵
  PID:7204
- C:\Windows\System\zZvFrbF.exe
  C:\Windows\System\zZvFrbF.exe
  2⤵
  PID:7240
- C:\Windows\System\aMuHoEf.exe
  C:\Windows\System\aMuHoEf.exe
  2⤵
  PID:7260
- C:\Windows\System\IYuTpRL.exe
  C:\Windows\System\IYuTpRL.exe
  2⤵
  PID:7288
- C:\Windows\System\gYzKyhu.exe
  C:\Windows\System\gYzKyhu.exe
  2⤵
  PID:7320
- C:\Windows\System\lbaZfju.exe
  C:\Windows\System\lbaZfju.exe
  2⤵
  PID:7340
- C:\Windows\System\OEnvvnp.exe
  C:\Windows\System\OEnvvnp.exe
  2⤵
  PID:7360
- C:\Windows\System\RXrVxwN.exe
  C:\Windows\System\RXrVxwN.exe
  2⤵
  PID:7384
- C:\Windows\System\CTYGidk.exe
  C:\Windows\System\CTYGidk.exe
  2⤵
  PID:7404
- C:\Windows\System\spMRyqv.exe
  C:\Windows\System\spMRyqv.exe
  2⤵
  PID:7432
- C:\Windows\System\oHiAmuZ.exe
  C:\Windows\System\oHiAmuZ.exe
  2⤵
  PID:7484
- C:\Windows\System\tnYSUEi.exe
  C:\Windows\System\tnYSUEi.exe
  2⤵
  PID:7508
- C:\Windows\System\hqyFDbr.exe
  C:\Windows\System\hqyFDbr.exe
  2⤵
  PID:7552
- C:\Windows\System\iKyXLyT.exe
  C:\Windows\System\iKyXLyT.exe
  2⤵
  PID:7592
- C:\Windows\System\OhYTBkt.exe
  C:\Windows\System\OhYTBkt.exe
  2⤵
  PID:7612
- C:\Windows\System\cJaAYAT.exe
  C:\Windows\System\cJaAYAT.exe
  2⤵
  PID:7648
- C:\Windows\System\WkuYCRp.exe
  C:\Windows\System\WkuYCRp.exe
  2⤵
  PID:7672
- C:\Windows\System\SYacgKB.exe
  C:\Windows\System\SYacgKB.exe
  2⤵
  PID:7692
- C:\Windows\System\zkydzOw.exe
  C:\Windows\System\zkydzOw.exe
  2⤵
  PID:7736
- C:\Windows\System\otiByrW.exe
  C:\Windows\System\otiByrW.exe
  2⤵
  PID:7752
- C:\Windows\System\ofukxVx.exe
  C:\Windows\System\ofukxVx.exe
  2⤵
  PID:7772
- C:\Windows\System\gAByeID.exe
  C:\Windows\System\gAByeID.exe
  2⤵
  PID:7792
- C:\Windows\System\bdCcYQD.exe
  C:\Windows\System\bdCcYQD.exe
  2⤵
  PID:7840
- C:\Windows\System\TJgKkqF.exe
  C:\Windows\System\TJgKkqF.exe
  2⤵
  PID:7856
- C:\Windows\System\PyolWMY.exe
  C:\Windows\System\PyolWMY.exe
  2⤵
  PID:7892
- C:\Windows\System\SuYCLev.exe
  C:\Windows\System\SuYCLev.exe
  2⤵
  PID:7924
- C:\Windows\System\WMjQFmJ.exe
  C:\Windows\System\WMjQFmJ.exe
  2⤵
  PID:7944
- C:\Windows\System\CzyEaCE.exe
  C:\Windows\System\CzyEaCE.exe
  2⤵
  PID:7988
- C:\Windows\System\AVOjueX.exe
  C:\Windows\System\AVOjueX.exe
  2⤵
  PID:8004
- C:\Windows\System\jmsZIHN.exe
  C:\Windows\System\jmsZIHN.exe
  2⤵
  PID:8028
- C:\Windows\System\qroJjXf.exe
  C:\Windows\System\qroJjXf.exe
  2⤵
  PID:8052
- C:\Windows\System\SKGKAfT.exe
  C:\Windows\System\SKGKAfT.exe
  2⤵
  PID:8072
- C:\Windows\System\dfTLXXP.exe
  C:\Windows\System\dfTLXXP.exe
  2⤵
  PID:8092
- C:\Windows\System\tCDclpg.exe
  C:\Windows\System\tCDclpg.exe
  2⤵
  PID:8148
- C:\Windows\System\QeVEiic.exe
  C:\Windows\System\QeVEiic.exe
  2⤵
  PID:8164
- C:\Windows\System\SZBXNAQ.exe
  C:\Windows\System\SZBXNAQ.exe
  2⤵
  PID:8188
- C:\Windows\System\oHhShoj.exe
  C:\Windows\System\oHhShoj.exe
  2⤵
  PID:2284
- C:\Windows\System\qQpGCHQ.exe
  C:\Windows\System\qQpGCHQ.exe
  2⤵
  PID:876
- C:\Windows\System\GdNiMaS.exe
  C:\Windows\System\GdNiMaS.exe
  2⤵
  PID:7200
- C:\Windows\System\PNdmLoK.exe
  C:\Windows\System\PNdmLoK.exe
  2⤵
  PID:7328
- C:\Windows\System\HmlDQVA.exe
  C:\Windows\System\HmlDQVA.exe
  2⤵
  PID:7376
- C:\Windows\System\xeqiOsH.exe
  C:\Windows\System\xeqiOsH.exe
  2⤵
  PID:7308
- C:\Windows\System\bQRgKNQ.exe
  C:\Windows\System\bQRgKNQ.exe
  2⤵
  PID:7476
- C:\Windows\System\oRYDOSZ.exe
  C:\Windows\System\oRYDOSZ.exe
  2⤵
  PID:7532
- C:\Windows\System\IruOjnl.exe
  C:\Windows\System\IruOjnl.exe
  2⤵
  PID:7608
- C:\Windows\System\fibwaKX.exe
  C:\Windows\System\fibwaKX.exe
  2⤵
  PID:7760
- C:\Windows\System\qLuJmso.exe
  C:\Windows\System\qLuJmso.exe
  2⤵
  PID:7864
- C:\Windows\System\VjiBpoh.exe
  C:\Windows\System\VjiBpoh.exe
  2⤵
  PID:7888
- C:\Windows\System\HbymYhD.exe
  C:\Windows\System\HbymYhD.exe
  2⤵
  PID:7920
- C:\Windows\System\FfszhNM.exe
  C:\Windows\System\FfszhNM.exe
  2⤵
  PID:7980
- C:\Windows\System\hibcrTC.exe
  C:\Windows\System\hibcrTC.exe
  2⤵
  PID:8040
- C:\Windows\System\PEEAsMB.exe
  C:\Windows\System\PEEAsMB.exe
  2⤵
  PID:8088
- C:\Windows\System\xOWDfAH.exe
  C:\Windows\System\xOWDfAH.exe
  2⤵
  PID:8144
- C:\Windows\System\YxyhNow.exe
  C:\Windows\System\YxyhNow.exe
  2⤵
  PID:6680
- C:\Windows\System\repjXXX.exe
  C:\Windows\System\repjXXX.exe
  2⤵
  PID:7196
- C:\Windows\System\ocPGouK.exe
  C:\Windows\System\ocPGouK.exe
  2⤵
  PID:7544
- C:\Windows\System\rMmgsUo.exe
  C:\Windows\System\rMmgsUo.exe
  2⤵
  PID:7392
- C:\Windows\System\reoJhfY.exe
  C:\Windows\System\reoJhfY.exe
  2⤵
  PID:7788
- C:\Windows\System\dDqnTOy.exe
  C:\Windows\System\dDqnTOy.exe
  2⤵
  PID:8080
- C:\Windows\System\ysxulkx.exe
  C:\Windows\System\ysxulkx.exe
  2⤵
  PID:7368
- C:\Windows\System\IUDghQi.exe
  C:\Windows\System\IUDghQi.exe
  2⤵
  PID:7164
- C:\Windows\System\RWIYxcj.exe
  C:\Windows\System\RWIYxcj.exe
  2⤵
  PID:7516
- C:\Windows\System\YFJgXbg.exe
  C:\Windows\System\YFJgXbg.exe
  2⤵
  PID:7684
- C:\Windows\System\xvnuoOi.exe
  C:\Windows\System\xvnuoOi.exe
  2⤵
  PID:8196
- C:\Windows\System\LWaqjZm.exe
  C:\Windows\System\LWaqjZm.exe
  2⤵
  PID:8216
- C:\Windows\System\VzbUZad.exe
  C:\Windows\System\VzbUZad.exe
  2⤵
  PID:8280
- C:\Windows\System\UQCNxwx.exe
  C:\Windows\System\UQCNxwx.exe
  2⤵
  PID:8308
- C:\Windows\System\AplUsaw.exe
  C:\Windows\System\AplUsaw.exe
  2⤵
  PID:8328
- C:\Windows\System\iMJXUBM.exe
  C:\Windows\System\iMJXUBM.exe
  2⤵
  PID:8360
- C:\Windows\System\COHHngy.exe
  C:\Windows\System\COHHngy.exe
  2⤵
  PID:8400
- C:\Windows\System\qLFSiWm.exe
  C:\Windows\System\qLFSiWm.exe
  2⤵
  PID:8444
- C:\Windows\System\niUFXna.exe
  C:\Windows\System\niUFXna.exe
  2⤵
  PID:8484
- C:\Windows\System\NunCqUU.exe
  C:\Windows\System\NunCqUU.exe
  2⤵
  PID:8500
- C:\Windows\System\BPgtIRq.exe
  C:\Windows\System\BPgtIRq.exe
  2⤵
  PID:8524
- C:\Windows\System\YxEzuoI.exe
  C:\Windows\System\YxEzuoI.exe
  2⤵
  PID:8540
- C:\Windows\System\yIYxmWT.exe
  C:\Windows\System\yIYxmWT.exe
  2⤵
  PID:8564
- C:\Windows\System\EBLiUtz.exe
  C:\Windows\System\EBLiUtz.exe
  2⤵
  PID:8596
- C:\Windows\System\zjvSfQO.exe
  C:\Windows\System\zjvSfQO.exe
  2⤵
  PID:8612
- C:\Windows\System\EChRHKc.exe
  C:\Windows\System\EChRHKc.exe
  2⤵
  PID:8636
- C:\Windows\System\JPcfHvg.exe
  C:\Windows\System\JPcfHvg.exe
  2⤵
  PID:8656
- C:\Windows\System\UobxZKC.exe
  C:\Windows\System\UobxZKC.exe
  2⤵
  PID:8676
- C:\Windows\System\IuCnNpH.exe
  C:\Windows\System\IuCnNpH.exe
  2⤵
  PID:8696
- C:\Windows\System\vVoDRjH.exe
  C:\Windows\System\vVoDRjH.exe
  2⤵
  PID:8720
- C:\Windows\System\ELNbvSF.exe
  C:\Windows\System\ELNbvSF.exe
  2⤵
  PID:8736
- C:\Windows\System\ftFBDCT.exe
  C:\Windows\System\ftFBDCT.exe
  2⤵
  PID:8788
- C:\Windows\System\kZDpLON.exe
  C:\Windows\System\kZDpLON.exe
  2⤵
  PID:8804
- C:\Windows\System\uiLYEWE.exe
  C:\Windows\System\uiLYEWE.exe
  2⤵
  PID:8828
- C:\Windows\System\fXfvvUW.exe
  C:\Windows\System\fXfvvUW.exe
  2⤵
  PID:8844
- C:\Windows\System\GmbqMBG.exe
  C:\Windows\System\GmbqMBG.exe
  2⤵
  PID:8928
- C:\Windows\System\bISOtPe.exe
  C:\Windows\System\bISOtPe.exe
  2⤵
  PID:8948
- C:\Windows\System\BwpcHKC.exe
  C:\Windows\System\BwpcHKC.exe
  2⤵
  PID:8976
- C:\Windows\System\TtZqFtS.exe
  C:\Windows\System\TtZqFtS.exe
  2⤵
  PID:8996
- C:\Windows\System\HVgPmND.exe
  C:\Windows\System\HVgPmND.exe
  2⤵
  PID:9020
- C:\Windows\System\IVeOLAu.exe
  C:\Windows\System\IVeOLAu.exe
  2⤵
  PID:9048
- C:\Windows\System\afFmucw.exe
  C:\Windows\System\afFmucw.exe
  2⤵
  PID:9092
- C:\Windows\System\FhluqKY.exe
  C:\Windows\System\FhluqKY.exe
  2⤵
  PID:9108
- C:\Windows\System\mwjcvYi.exe
  C:\Windows\System\mwjcvYi.exe
  2⤵
  PID:9156
- C:\Windows\System\sSqHXDH.exe
  C:\Windows\System\sSqHXDH.exe
  2⤵
  PID:9184
- C:\Windows\System\hxQcXtW.exe
  C:\Windows\System\hxQcXtW.exe
  2⤵
  PID:9204
- C:\Windows\System\PKuAiHz.exe
  C:\Windows\System\PKuAiHz.exe
  2⤵
  PID:7356
- C:\Windows\System\aHrdQEm.exe
  C:\Windows\System\aHrdQEm.exe
  2⤵
  PID:7400
- C:\Windows\System\opIvsJK.exe
  C:\Windows\System\opIvsJK.exe
  2⤵
  PID:8268
- C:\Windows\System\UmahfQu.exe
  C:\Windows\System\UmahfQu.exe
  2⤵
  PID:8324
- C:\Windows\System\zfFmoCf.exe
  C:\Windows\System\zfFmoCf.exe
  2⤵
  PID:8432
- C:\Windows\System\sFWeqlO.exe
  C:\Windows\System\sFWeqlO.exe
  2⤵
  PID:8496
- C:\Windows\System\pHHhhEo.exe
  C:\Windows\System\pHHhhEo.exe
  2⤵
  PID:8532
- C:\Windows\System\YPZrYAq.exe
  C:\Windows\System\YPZrYAq.exe
  2⤵
  PID:8628
- C:\Windows\System\kBvbvIm.exe
  C:\Windows\System\kBvbvIm.exe
  2⤵
  PID:8652
- C:\Windows\System\iMinUsB.exe
  C:\Windows\System\iMinUsB.exe
  2⤵
  PID:8688
- C:\Windows\System\ymcwWIy.exe
  C:\Windows\System\ymcwWIy.exe
  2⤵
  PID:8800
- C:\Windows\System\YzvBoeR.exe
  C:\Windows\System\YzvBoeR.exe
  2⤵
  PID:8780
- C:\Windows\System\bNdfVLR.exe
  C:\Windows\System\bNdfVLR.exe
  2⤵
  PID:8852
- C:\Windows\System\wzfNvZk.exe
  C:\Windows\System\wzfNvZk.exe
  2⤵
  PID:9004
- C:\Windows\System\QyimlHK.exe
  C:\Windows\System\QyimlHK.exe
  2⤵
  PID:9088
- C:\Windows\System\ARRTJUp.exe
  C:\Windows\System\ARRTJUp.exe
  2⤵
  PID:9076
- C:\Windows\System\MvcSItm.exe
  C:\Windows\System\MvcSItm.exe
  2⤵
  PID:9196
- C:\Windows\System\ofhytNe.exe
  C:\Windows\System\ofhytNe.exe
  2⤵
  PID:8336
- C:\Windows\System\pTdaRYV.exe
  C:\Windows\System\pTdaRYV.exe
  2⤵
  PID:8536
- C:\Windows\System\gdsDeco.exe
  C:\Windows\System\gdsDeco.exe
  2⤵
  PID:8576
- C:\Windows\System\jXlPmvj.exe
  C:\Windows\System\jXlPmvj.exe
  2⤵
  PID:8796
- C:\Windows\System\PNTIQah.exe
  C:\Windows\System\PNTIQah.exe
  2⤵
  PID:8960
- C:\Windows\System\VcaoIox.exe
  C:\Windows\System\VcaoIox.exe
  2⤵
  PID:9104
- C:\Windows\System\KPlHjkC.exe
  C:\Windows\System\KPlHjkC.exe
  2⤵
  PID:9148
- C:\Windows\System\hRLmQTA.exe
  C:\Windows\System\hRLmQTA.exe
  2⤵
  PID:8296
- C:\Windows\System\dBowYCF.exe
  C:\Windows\System\dBowYCF.exe
  2⤵
  PID:8560
- C:\Windows\System\hYKOxpu.exe
  C:\Windows\System\hYKOxpu.exe
  2⤵
  PID:8884
- C:\Windows\System\hlqGvVW.exe
  C:\Windows\System\hlqGvVW.exe
  2⤵
  PID:9228
- C:\Windows\System\EeTYfnd.exe
  C:\Windows\System\EeTYfnd.exe
  2⤵
  PID:9276
- C:\Windows\System\OOidfrJ.exe
  C:\Windows\System\OOidfrJ.exe
  2⤵
  PID:9308
- C:\Windows\System\HkocGLD.exe
  C:\Windows\System\HkocGLD.exe
  2⤵
  PID:9324
- C:\Windows\System\ohdWBKv.exe
  C:\Windows\System\ohdWBKv.exe
  2⤵
  PID:9344
- C:\Windows\System\rLzJjfh.exe
  C:\Windows\System\rLzJjfh.exe
  2⤵
  PID:9368
- C:\Windows\System\AwYAYZM.exe
  C:\Windows\System\AwYAYZM.exe
  2⤵
  PID:9412
- C:\Windows\System\NskXmIv.exe
  C:\Windows\System\NskXmIv.exe
  2⤵
  PID:9436
- C:\Windows\System\vBMJDvu.exe
  C:\Windows\System\vBMJDvu.exe
  2⤵
  PID:9476
- C:\Windows\System\CGWVvFW.exe
  C:\Windows\System\CGWVvFW.exe
  2⤵
  PID:9492
- C:\Windows\System\TWdwJyV.exe
  C:\Windows\System\TWdwJyV.exe
  2⤵
  PID:9508
- C:\Windows\System\BYyXBWo.exe
  C:\Windows\System\BYyXBWo.exe
  2⤵
  PID:9532
- C:\Windows\System\mVtqaxE.exe
  C:\Windows\System\mVtqaxE.exe
  2⤵
  PID:9560
- C:\Windows\System\GUPizkE.exe
  C:\Windows\System\GUPizkE.exe
  2⤵
  PID:9596
- C:\Windows\System\oYWUrNT.exe
  C:\Windows\System\oYWUrNT.exe
  2⤵
  PID:9616
- C:\Windows\System\BuoHHCt.exe
  C:\Windows\System\BuoHHCt.exe
  2⤵
  PID:9648
- C:\Windows\System\paonGxm.exe
  C:\Windows\System\paonGxm.exe
  2⤵
  PID:9680
- C:\Windows\System\PRovUHB.exe
  C:\Windows\System\PRovUHB.exe
  2⤵
  PID:9740
- C:\Windows\System\LbjlsXM.exe
  C:\Windows\System\LbjlsXM.exe
  2⤵
  PID:9760
- C:\Windows\System\mfIuYeE.exe
  C:\Windows\System\mfIuYeE.exe
  2⤵
  PID:9784
- C:\Windows\System\xfGkDST.exe
  C:\Windows\System\xfGkDST.exe
  2⤵
  PID:9808
- C:\Windows\System\aCvcRVl.exe
  C:\Windows\System\aCvcRVl.exe
  2⤵
  PID:9848
- C:\Windows\System\WuVOGsz.exe
  C:\Windows\System\WuVOGsz.exe
  2⤵
  PID:9864
- C:\Windows\System\bMziJko.exe
  C:\Windows\System\bMziJko.exe
  2⤵
  PID:9888
- C:\Windows\System\NmYlONV.exe
  C:\Windows\System\NmYlONV.exe
  2⤵
  PID:9908
- C:\Windows\System\zooEAkH.exe
  C:\Windows\System\zooEAkH.exe
  2⤵
  PID:9928
- C:\Windows\System\HkVhplN.exe
  C:\Windows\System\HkVhplN.exe
  2⤵
  PID:9948
- C:\Windows\System\xqpEpNU.exe
  C:\Windows\System\xqpEpNU.exe
  2⤵
  PID:9968
- C:\Windows\System\LYWrhFo.exe
  C:\Windows\System\LYWrhFo.exe
  2⤵
  PID:10052
- C:\Windows\System\lJXzHgO.exe
  C:\Windows\System\lJXzHgO.exe
  2⤵
  PID:10072
- C:\Windows\System\zbXoXld.exe
  C:\Windows\System\zbXoXld.exe
  2⤵
  PID:10088
- C:\Windows\System\nKHNatF.exe
  C:\Windows\System\nKHNatF.exe
  2⤵
  PID:10112
- C:\Windows\System\PuSGLOk.exe
  C:\Windows\System\PuSGLOk.exe
  2⤵
  PID:10128
- C:\Windows\System\zbyiDUV.exe
  C:\Windows\System\zbyiDUV.exe
  2⤵
  PID:10220
- C:\Windows\System\cffMXqx.exe
  C:\Windows\System\cffMXqx.exe
  2⤵
  PID:9056
- C:\Windows\System\gthXeyR.exe
  C:\Windows\System\gthXeyR.exe
  2⤵
  PID:8172
- C:\Windows\System\QZvuYUB.exe
  C:\Windows\System\QZvuYUB.exe
  2⤵
  PID:9268
- C:\Windows\System\ThNszab.exe
  C:\Windows\System\ThNszab.exe
  2⤵
  PID:9316
- C:\Windows\System\wPzYFas.exe
  C:\Windows\System\wPzYFas.exe
  2⤵
  PID:9384
- C:\Windows\System\IzfDJzV.exe
  C:\Windows\System\IzfDJzV.exe
  2⤵
  PID:9404
- C:\Windows\System\nKEpvgh.exe
  C:\Windows\System\nKEpvgh.exe
  2⤵
  PID:9524
- C:\Windows\System\HkiWQLf.exe
  C:\Windows\System\HkiWQLf.exe
  2⤵
  PID:9592
- C:\Windows\System\jKqEcNG.exe
  C:\Windows\System\jKqEcNG.exe
  2⤵
  PID:9676
- C:\Windows\System\SwtIjxg.exe
  C:\Windows\System\SwtIjxg.exe
  2⤵
  PID:9640
- C:\Windows\System\PvDJiPs.exe
  C:\Windows\System\PvDJiPs.exe
  2⤵
  PID:9772
- C:\Windows\System\bjydRCR.exe
  C:\Windows\System\bjydRCR.exe
  2⤵
  PID:9800
- C:\Windows\System\vJzpObF.exe
  C:\Windows\System\vJzpObF.exe
  2⤵
  PID:9876
- C:\Windows\System\MPcrKRC.exe
  C:\Windows\System\MPcrKRC.exe
  2⤵
  PID:4792
- C:\Windows\System\xreaZec.exe
  C:\Windows\System\xreaZec.exe
  2⤵
  PID:9964
- C:\Windows\System\xfxBnMr.exe
  C:\Windows\System\xfxBnMr.exe
  2⤵
  PID:10036
- C:\Windows\System\rQrGHuv.exe
  C:\Windows\System\rQrGHuv.exe
  2⤵
  PID:10064
- C:\Windows\System\wNyCvPy.exe
  C:\Windows\System\wNyCvPy.exe
  2⤵
  PID:10096
- C:\Windows\System\qyiFLHC.exe
  C:\Windows\System\qyiFLHC.exe
  2⤵
  PID:10196
- C:\Windows\System\HbEWfit.exe
  C:\Windows\System\HbEWfit.exe
  2⤵
  PID:10232
- C:\Windows\System\DEmGWcg.exe
  C:\Windows\System\DEmGWcg.exe
  2⤵
  PID:9568
- C:\Windows\System\BTDDEjy.exe
  C:\Windows\System\BTDDEjy.exe
  2⤵
  PID:9612
- C:\Windows\System\drgITao.exe
  C:\Windows\System\drgITao.exe
  2⤵
  PID:9900
- C:\Windows\System\FCohCac.exe
  C:\Windows\System\FCohCac.exe
  2⤵
  PID:9820
- C:\Windows\System\pTqaMMq.exe
  C:\Windows\System\pTqaMMq.exe
  2⤵
  PID:9920
- C:\Windows\System\HmSMGzc.exe
  C:\Windows\System\HmSMGzc.exe
  2⤵
  PID:3228
- C:\Windows\System\NxrNHUD.exe
  C:\Windows\System\NxrNHUD.exe
  2⤵
  PID:10108
- C:\Windows\System\CnVjuOc.exe
  C:\Windows\System\CnVjuOc.exe
  2⤵
  PID:10272
- C:\Windows\System\rdtdglT.exe
  C:\Windows\System\rdtdglT.exe
  2⤵
  PID:10288
- C:\Windows\System\fYumAFd.exe
  C:\Windows\System\fYumAFd.exe
  2⤵
  PID:10304
- C:\Windows\System\NkkWNkI.exe
  C:\Windows\System\NkkWNkI.exe
  2⤵
  PID:10320
- C:\Windows\System\nopuFJT.exe
  C:\Windows\System\nopuFJT.exe
  2⤵
  PID:10340
- C:\Windows\System\TMtiDsJ.exe
  C:\Windows\System\TMtiDsJ.exe
  2⤵
  PID:10360
- C:\Windows\System\dVuZQZs.exe
  C:\Windows\System\dVuZQZs.exe
  2⤵
  PID:10376
- C:\Windows\System\OhDNGBn.exe
  C:\Windows\System\OhDNGBn.exe
  2⤵
  PID:10392
- C:\Windows\System\MuMkGcU.exe
  C:\Windows\System\MuMkGcU.exe
  2⤵
  PID:10408
- C:\Windows\System\CEIqPMI.exe
  C:\Windows\System\CEIqPMI.exe
  2⤵
  PID:10424
- C:\Windows\System\iasmWXN.exe
  C:\Windows\System\iasmWXN.exe
  2⤵
  PID:10440
- C:\Windows\System\gQlZfyB.exe
  C:\Windows\System\gQlZfyB.exe
  2⤵
  PID:10456
- C:\Windows\System\QBdGykx.exe
  C:\Windows\System\QBdGykx.exe
  2⤵
  PID:10488
- C:\Windows\System\rZTNxIe.exe
  C:\Windows\System\rZTNxIe.exe
  2⤵
  PID:10564
- C:\Windows\System\eMtJLwC.exe
  C:\Windows\System\eMtJLwC.exe
  2⤵
  PID:10584
- C:\Windows\System\Watffme.exe
  C:\Windows\System\Watffme.exe
  2⤵
  PID:10604
- C:\Windows\System\csVdxCf.exe
  C:\Windows\System\csVdxCf.exe
  2⤵
  PID:10620
- C:\Windows\System\YHuKwWy.exe
  C:\Windows\System\YHuKwWy.exe
  2⤵
  PID:10636
- C:\Windows\System\uCHHUTm.exe
  C:\Windows\System\uCHHUTm.exe
  2⤵
  PID:10652
- C:\Windows\System\DCfrAyr.exe
  C:\Windows\System\DCfrAyr.exe
  2⤵
  PID:10668
- C:\Windows\System\JyJcbId.exe
  C:\Windows\System\JyJcbId.exe
  2⤵
  PID:10712
- C:\Windows\System\JDPczvo.exe
  C:\Windows\System\JDPczvo.exe
  2⤵
  PID:10764
- C:\Windows\System\sMeiFhI.exe
  C:\Windows\System\sMeiFhI.exe
  2⤵
  PID:10792
- C:\Windows\System\eSffRqk.exe
  C:\Windows\System\eSffRqk.exe
  2⤵
  PID:10820
- C:\Windows\System\jsgMKne.exe
  C:\Windows\System\jsgMKne.exe
  2⤵
  PID:10936
- C:\Windows\System\JPSkQwr.exe
  C:\Windows\System\JPSkQwr.exe
  2⤵
  PID:10980
- C:\Windows\System\sUrxnxs.exe
  C:\Windows\System\sUrxnxs.exe
  2⤵
  PID:11000
- C:\Windows\System\IDfKizk.exe
  C:\Windows\System\IDfKizk.exe
  2⤵
  PID:11076
- C:\Windows\System\QNpafiM.exe
  C:\Windows\System\QNpafiM.exe
  2⤵
  PID:11096
- C:\Windows\System\OzCnPNB.exe
  C:\Windows\System\OzCnPNB.exe
  2⤵
  PID:11128
- C:\Windows\System\iPpCvFa.exe
  C:\Windows\System\iPpCvFa.exe
  2⤵
  PID:11164
- C:\Windows\System\rLuhknI.exe
  C:\Windows\System\rLuhknI.exe
  2⤵
  PID:11208
- C:\Windows\System\dSYSCzG.exe
  C:\Windows\System\dSYSCzG.exe
  2⤵
  PID:11228
- C:\Windows\System\GynNjXT.exe
  C:\Windows\System\GynNjXT.exe
  2⤵
  PID:11252
- C:\Windows\System\llXfOlZ.exe
  C:\Windows\System\llXfOlZ.exe
  2⤵
  PID:10068
- C:\Windows\System\IZRAWyr.exe
  C:\Windows\System\IZRAWyr.exe
  2⤵
  PID:4500
- C:\Windows\System\axYqdTR.exe
  C:\Windows\System\axYqdTR.exe
  2⤵
  PID:10152
- C:\Windows\System\gLVrLrS.exe
  C:\Windows\System\gLVrLrS.exe
  2⤵
  PID:8732
- C:\Windows\System\AvNkAUp.exe
  C:\Windows\System\AvNkAUp.exe
  2⤵
  PID:9924
- C:\Windows\System\FTIndGu.exe
  C:\Windows\System\FTIndGu.exe
  2⤵
  PID:10316
- C:\Windows\System\hyASwMI.exe
  C:\Windows\System\hyASwMI.exe
  2⤵
  PID:10372
- C:\Windows\System\OznsAFt.exe
  C:\Windows\System\OznsAFt.exe
  2⤵
  PID:10416
- C:\Windows\System\eiwJPcN.exe
  C:\Windows\System\eiwJPcN.exe
  2⤵
  PID:10468
- C:\Windows\System\XyLNKSQ.exe
  C:\Windows\System\XyLNKSQ.exe
  2⤵
  PID:10508
- C:\Windows\System\ElETBZO.exe
  C:\Windows\System\ElETBZO.exe
  2⤵
  PID:10572
- C:\Windows\System\UFRoSde.exe
  C:\Windows\System\UFRoSde.exe
  2⤵
  PID:10644
- C:\Windows\System\GIJMHUL.exe
  C:\Windows\System\GIJMHUL.exe
  2⤵
  PID:10772
- C:\Windows\System\gRFBgxI.exe
  C:\Windows\System\gRFBgxI.exe
  2⤵
  PID:10856
- C:\Windows\System\sbQeXQY.exe
  C:\Windows\System\sbQeXQY.exe
  2⤵
  PID:10704
- C:\Windows\System\pWanmrf.exe
  C:\Windows\System\pWanmrf.exe
  2⤵
  PID:10724
- C:\Windows\System\kzDkrWY.exe
  C:\Windows\System\kzDkrWY.exe
  2⤵
  PID:10920
- C:\Windows\System\XvOQPcH.exe
  C:\Windows\System\XvOQPcH.exe
  2⤵
  PID:10992
- C:\Windows\System\LMWEraU.exe
  C:\Windows\System\LMWEraU.exe
  2⤵
  PID:11104
- C:\Windows\System\XTqbyNL.exe
  C:\Windows\System\XTqbyNL.exe
  2⤵
  PID:11236
- C:\Windows\System\EYrKPFy.exe
  C:\Windows\System\EYrKPFy.exe
  2⤵
  PID:11244
- C:\Windows\System\mcTilqA.exe
  C:\Windows\System\mcTilqA.exe
  2⤵
  PID:10124
- C:\Windows\System\pdipGmw.exe
  C:\Windows\System\pdipGmw.exe
  2⤵
  PID:9556
- C:\Windows\System\mhvOpRl.exe
  C:\Windows\System\mhvOpRl.exe
  2⤵
  PID:3672
- C:\Windows\System\bkghwyF.exe
  C:\Windows\System\bkghwyF.exe
  2⤵
  PID:10348
- C:\Windows\System\atdiSiX.exe
  C:\Windows\System\atdiSiX.exe
  2⤵
  PID:10452
- C:\Windows\System\sNsTUCf.exe
  C:\Windows\System\sNsTUCf.exe
  2⤵
  PID:10700
- C:\Windows\System\CkJLQKV.exe
  C:\Windows\System\CkJLQKV.exe
  2⤵
  PID:10664
- C:\Windows\System\MnqtBUf.exe
  C:\Windows\System\MnqtBUf.exe
  2⤵
  PID:10996
- C:\Windows\System\JgpHbxt.exe
  C:\Windows\System\JgpHbxt.exe
  2⤵
  PID:4256
- C:\Windows\System\abKApMA.exe
  C:\Windows\System\abKApMA.exe
  2⤵
  PID:10448
- C:\Windows\System\ZNszPpw.exe
  C:\Windows\System\ZNszPpw.exe
  2⤵
  PID:10312
- C:\Windows\System\IlixIhC.exe
  C:\Windows\System\IlixIhC.exe
  2⤵
  PID:10904
- C:\Windows\System\OrvhFVc.exe
  C:\Windows\System\OrvhFVc.exe
  2⤵
  PID:10924
- C:\Windows\System\ZmLtMJx.exe
  C:\Windows\System\ZmLtMJx.exe
  2⤵
  PID:8292
- C:\Windows\System\TvnSjdm.exe
  C:\Windows\System\TvnSjdm.exe
  2⤵
  PID:10404
- C:\Windows\System\HhtuhJh.exe
  C:\Windows\System\HhtuhJh.exe
  2⤵
  PID:11088
- C:\Windows\System\aRQrkjQ.exe
  C:\Windows\System\aRQrkjQ.exe
  2⤵
  PID:11284
- C:\Windows\System\vIAeJkL.exe
  C:\Windows\System\vIAeJkL.exe
  2⤵
  PID:11308
- C:\Windows\System\YMZIvAH.exe
  C:\Windows\System\YMZIvAH.exe
  2⤵
  PID:11336
- C:\Windows\System\BbHUmKM.exe
  C:\Windows\System\BbHUmKM.exe
  2⤵
  PID:11368
- C:\Windows\System\SmmKQjP.exe
  C:\Windows\System\SmmKQjP.exe
  2⤵
  PID:11384
- C:\Windows\System\TUZTudw.exe
  C:\Windows\System\TUZTudw.exe
  2⤵
  PID:11404
- C:\Windows\System\tIXFBJN.exe
  C:\Windows\System\tIXFBJN.exe
  2⤵
  PID:11424
- C:\Windows\System\LYBnAsm.exe
  C:\Windows\System\LYBnAsm.exe
  2⤵
  PID:11448
- C:\Windows\System\EEkPLec.exe
  C:\Windows\System\EEkPLec.exe
  2⤵
  PID:11468
- C:\Windows\System\cDPcOwX.exe
  C:\Windows\System\cDPcOwX.exe
  2⤵
  PID:11504
- C:\Windows\System\fRjUQCc.exe
  C:\Windows\System\fRjUQCc.exe
  2⤵
  PID:11552
- C:\Windows\System\FgaiwYY.exe
  C:\Windows\System\FgaiwYY.exe
  2⤵
  PID:11632
- C:\Windows\System\FyILvID.exe
  C:\Windows\System\FyILvID.exe
  2⤵
  PID:11648
- C:\Windows\System\WLqpcfQ.exe
  C:\Windows\System\WLqpcfQ.exe
  2⤵
  PID:11680
- C:\Windows\System\FMOquKA.exe
  C:\Windows\System\FMOquKA.exe
  2⤵
  PID:11700
- C:\Windows\System\WYRiNqY.exe
  C:\Windows\System\WYRiNqY.exe
  2⤵
  PID:11732
- C:\Windows\System\JvPdDRa.exe
  C:\Windows\System\JvPdDRa.exe
  2⤵
  PID:11768
- C:\Windows\System\VSkizhQ.exe
  C:\Windows\System\VSkizhQ.exe
  2⤵
  PID:11792
- C:\Windows\System\oXVDEOq.exe
  C:\Windows\System\oXVDEOq.exe
  2⤵
  PID:11812
- C:\Windows\System\KCuLsyt.exe
  C:\Windows\System\KCuLsyt.exe
  2⤵
  PID:11844
- C:\Windows\System\XPDIQhD.exe
  C:\Windows\System\XPDIQhD.exe
  2⤵
  PID:11860
- C:\Windows\System\pSwQYxP.exe
  C:\Windows\System\pSwQYxP.exe
  2⤵
  PID:11880
- C:\Windows\System\sgbTxcX.exe
  C:\Windows\System\sgbTxcX.exe
  2⤵
  PID:11912
- C:\Windows\System\gBqBDui.exe
  C:\Windows\System\gBqBDui.exe
  2⤵
  PID:11936
- C:\Windows\System\MfVumqN.exe
  C:\Windows\System\MfVumqN.exe
  2⤵
  PID:11988
- C:\Windows\System\okQgkpH.exe
  C:\Windows\System\okQgkpH.exe
  2⤵
  PID:12008
- C:\Windows\System\SAYrtng.exe
  C:\Windows\System\SAYrtng.exe
  2⤵
  PID:12032
- C:\Windows\System\shrvhpa.exe
  C:\Windows\System\shrvhpa.exe
  2⤵
  PID:12064
- C:\Windows\System\VYdaHsh.exe
  C:\Windows\System\VYdaHsh.exe
  2⤵
  PID:12088
- C:\Windows\System\NvLEKXn.exe
  C:\Windows\System\NvLEKXn.exe
  2⤵
  PID:12112
- C:\Windows\System\DxiEXzr.exe
  C:\Windows\System\DxiEXzr.exe
  2⤵
  PID:12132
- C:\Windows\System\sGHacWp.exe
  C:\Windows\System\sGHacWp.exe
  2⤵
  PID:12172
- C:\Windows\System\tnxqisz.exe
  C:\Windows\System\tnxqisz.exe
  2⤵
  PID:12192
- C:\Windows\System\tIqjCSu.exe
  C:\Windows\System\tIqjCSu.exe
  2⤵
  PID:12216
- C:\Windows\System\MKxlCuO.exe
  C:\Windows\System\MKxlCuO.exe
  2⤵
  PID:12240
- C:\Windows\System\HstqRxT.exe
  C:\Windows\System\HstqRxT.exe
  2⤵
  PID:12276
- C:\Windows\System\qOTuXJp.exe
  C:\Windows\System\qOTuXJp.exe
  2⤵
  PID:952
- C:\Windows\System\lRCxNYs.exe
  C:\Windows\System\lRCxNYs.exe
  2⤵
  PID:11356
- C:\Windows\System\rePYMsg.exe
  C:\Windows\System\rePYMsg.exe
  2⤵
  PID:11412
- C:\Windows\System\bcpFtZB.exe
  C:\Windows\System\bcpFtZB.exe
  2⤵
  PID:11460
- C:\Windows\System\XECkHwt.exe
  C:\Windows\System\XECkHwt.exe
  2⤵
  PID:11524
- C:\Windows\System\zEhKAFd.exe
  C:\Windows\System\zEhKAFd.exe
  2⤵
  PID:11548
- C:\Windows\System\riBulBd.exe
  C:\Windows\System\riBulBd.exe
  2⤵
  PID:11716
- C:\Windows\System\mDhMUjW.exe
  C:\Windows\System\mDhMUjW.exe
  2⤵
  PID:11784
- C:\Windows\System\FHneUnV.exe
  C:\Windows\System\FHneUnV.exe
  2⤵
  PID:11840
- C:\Windows\System\AMlDNSN.exe
  C:\Windows\System\AMlDNSN.exe
  2⤵
  PID:11900
- C:\Windows\System\TbNtJtI.exe
  C:\Windows\System\TbNtJtI.exe
  2⤵
  PID:11964
- C:\Windows\System\ISlWmMh.exe
  C:\Windows\System\ISlWmMh.exe
  2⤵
  PID:12080
- C:\Windows\System\gwexLVS.exe
  C:\Windows\System\gwexLVS.exe
  2⤵
  PID:12148
- C:\Windows\System\EZEvqGg.exe
  C:\Windows\System\EZEvqGg.exe
  2⤵
  PID:12124
- C:\Windows\System\lZmDmTN.exe
  C:\Windows\System\lZmDmTN.exe
  2⤵
  PID:12204
- C:\Windows\System\HLMXghF.exe
  C:\Windows\System\HLMXghF.exe
  2⤵
  PID:12284
- C:\Windows\System\fnssIUp.exe
  C:\Windows\System\fnssIUp.exe
  2⤵
  PID:11540
- C:\Windows\System\mntKocC.exe
  C:\Windows\System\mntKocC.exe
  2⤵
  PID:11720
- C:\Windows\System\QhDHQzZ.exe
  C:\Windows\System\QhDHQzZ.exe
  2⤵
  PID:1596
- C:\Windows\System\aIoSyOZ.exe
  C:\Windows\System\aIoSyOZ.exe
  2⤵
  PID:10976
- C:\Windows\System\shyKIlo.exe
  C:\Windows\System\shyKIlo.exe
  2⤵
  PID:12028
- C:\Windows\System\ctVHEra.exe
  C:\Windows\System\ctVHEra.exe
  2⤵
  PID:12180
- C:\Windows\System\DhwJMEp.exe
  C:\Windows\System\DhwJMEp.exe
  2⤵
  PID:11192
- C:\Windows\System\aZtnzVn.exe
  C:\Windows\System\aZtnzVn.exe
  2⤵
  PID:11908
- C:\Windows\System\DFvWrsg.exe
  C:\Windows\System\DFvWrsg.exe
  2⤵
  PID:11696
- C:\Windows\System\QMPtKGZ.exe
  C:\Windows\System\QMPtKGZ.exe
  2⤵
  PID:11808
- C:\Windows\System\Ikcszht.exe
  C:\Windows\System\Ikcszht.exe
  2⤵
  PID:12296
- C:\Windows\System\xFhYMDI.exe
  C:\Windows\System\xFhYMDI.exe
  2⤵
  PID:12316
- C:\Windows\System\AUcIVNu.exe
  C:\Windows\System\AUcIVNu.exe
  2⤵
  PID:12336
- C:\Windows\System\UjoapAo.exe
  C:\Windows\System\UjoapAo.exe
  2⤵
  PID:12360
- C:\Windows\System\aLfXemF.exe
  C:\Windows\System\aLfXemF.exe
  2⤵
  PID:12416
- C:\Windows\System\DhNoRJE.exe
  C:\Windows\System\DhNoRJE.exe
  2⤵
  PID:12432
- C:\Windows\System\nnZbYBU.exe
  C:\Windows\System\nnZbYBU.exe
  2⤵
  PID:12456
- C:\Windows\System\FyfpxfJ.exe
  C:\Windows\System\FyfpxfJ.exe
  2⤵
  PID:12476
- C:\Windows\System\FlHsxyO.exe
  C:\Windows\System\FlHsxyO.exe
  2⤵
  PID:12504
- C:\Windows\System\IAWyfai.exe
  C:\Windows\System\IAWyfai.exe
  2⤵
  PID:12528
- C:\Windows\System\RJqlPqT.exe
  C:\Windows\System\RJqlPqT.exe
  2⤵
  PID:12556
- C:\Windows\System\OXrpURJ.exe
  C:\Windows\System\OXrpURJ.exe
  2⤵
  PID:12576
- C:\Windows\System\rTFsBuF.exe
  C:\Windows\System\rTFsBuF.exe
  2⤵
  PID:12600
- C:\Windows\System\mQQfRIH.exe
  C:\Windows\System\mQQfRIH.exe
  2⤵
  PID:12624
- C:\Windows\System\PNpvpcv.exe
  C:\Windows\System\PNpvpcv.exe
  2⤵
  PID:12644
- C:\Windows\System\AYJPTYD.exe
  C:\Windows\System\AYJPTYD.exe
  2⤵
  PID:12700
- C:\Windows\System\LAcCOaa.exe
  C:\Windows\System\LAcCOaa.exe
  2⤵
  PID:12720
- C:\Windows\System\UAmTWwq.exe
  C:\Windows\System\UAmTWwq.exe
  2⤵
  PID:12740
- C:\Windows\System\yuWdJwZ.exe
  C:\Windows\System\yuWdJwZ.exe
  2⤵
  PID:12796
- C:\Windows\System\qDnjZPP.exe
  C:\Windows\System\qDnjZPP.exe
  2⤵
  PID:12824
- C:\Windows\System\HnoKGlf.exe
  C:\Windows\System\HnoKGlf.exe
  2⤵
  PID:12848
- C:\Windows\System\vyrgiDE.exe
  C:\Windows\System\vyrgiDE.exe
  2⤵
  PID:12872
- C:\Windows\System\mKcKZyx.exe
  C:\Windows\System\mKcKZyx.exe
  2⤵
  PID:12888
- C:\Windows\System\FGgzjJx.exe
  C:\Windows\System\FGgzjJx.exe
  2⤵
  PID:12916
- C:\Windows\System\fbWrofh.exe
  C:\Windows\System\fbWrofh.exe
  2⤵
  PID:12932
- C:\Windows\System\mRlUmJd.exe
  C:\Windows\System\mRlUmJd.exe
  2⤵
  PID:12952
- C:\Windows\System\wxLtwDW.exe
  C:\Windows\System\wxLtwDW.exe
  2⤵
  PID:13008
- C:\Windows\System\llwdHPO.exe
  C:\Windows\System\llwdHPO.exe
  2⤵
  PID:13040
- C:\Windows\System\GWOFJAE.exe
  C:\Windows\System\GWOFJAE.exe
  2⤵
  PID:13072
- C:\Windows\System\ObdGtUR.exe
  C:\Windows\System\ObdGtUR.exe
  2⤵
  PID:13096
- C:\Windows\System\SOeFuEG.exe
  C:\Windows\System\SOeFuEG.exe
  2⤵
  PID:13116
- C:\Windows\System\YRfmNNZ.exe
  C:\Windows\System\YRfmNNZ.exe
  2⤵
  PID:13156
- C:\Windows\System\PBLHsnG.exe
  C:\Windows\System\PBLHsnG.exe
  2⤵
  PID:13184
- C:\Windows\System\AEaISvZ.exe
  C:\Windows\System\AEaISvZ.exe
  2⤵
  PID:13212
- C:\Windows\System\GIBVbCi.exe
  C:\Windows\System\GIBVbCi.exe
  2⤵
  PID:13240
- C:\Windows\System\MMHLnku.exe
  C:\Windows\System\MMHLnku.exe
  2⤵
  PID:13256
- C:\Windows\System\upEOKBd.exe
  C:\Windows\System\upEOKBd.exe
  2⤵
  PID:13304
- C:\Windows\System\xLgarqe.exe
  C:\Windows\System\xLgarqe.exe
  2⤵
  PID:12372
- C:\Windows\System\BFskFmO.exe
  C:\Windows\System\BFskFmO.exe
  2⤵
  PID:12388
- C:\Windows\System\FljTrVR.exe
  C:\Windows\System\FljTrVR.exe
  2⤵
  PID:12424
- C:\Windows\System\ogsxmPP.exe
  C:\Windows\System\ogsxmPP.exe
  2⤵
  PID:12452
- C:\Windows\System\EMfbZvO.exe
  C:\Windows\System\EMfbZvO.exe
  2⤵
  PID:12584
- C:\Windows\System\RuyeRef.exe
  C:\Windows\System\RuyeRef.exe
  2⤵
  PID:12572
- C:\Windows\System\ZXNgCOn.exe
  C:\Windows\System\ZXNgCOn.exe
  2⤵
  PID:12596
- C:\Windows\System\Fluahpa.exe
  C:\Windows\System\Fluahpa.exe
  2⤵
  PID:12668
- C:\Windows\System\ayafsTm.exe
  C:\Windows\System\ayafsTm.exe
  2⤵
  PID:12708
- C:\Windows\System\jaClzop.exe
  C:\Windows\System\jaClzop.exe
  2⤵
  PID:12832
- C:\Windows\System\TBAXGAd.exe
  C:\Windows\System\TBAXGAd.exe
  2⤵
  PID:12924
- C:\Windows\System\slOjpgq.exe
  C:\Windows\System\slOjpgq.exe
  2⤵
  PID:13052
- C:\Windows\System\RsMAOBj.exe
  C:\Windows\System\RsMAOBj.exe
  2⤵
  PID:13020
- C:\Windows\System\oGxWWMq.exe
  C:\Windows\System\oGxWWMq.exe
  2⤵
  PID:13092
- C:\Windows\System\eeFPJiW.exe
  C:\Windows\System\eeFPJiW.exe
  2⤵
  PID:13112
- C:\Windows\System\oZWsBvE.exe
  C:\Windows\System\oZWsBvE.exe
  2⤵
  PID:13204
- C:\Windows\System\pPwXMkG.exe
  C:\Windows\System\pPwXMkG.exe
  2⤵
  PID:13228
- C:\Windows\System\gwjODHv.exe
  C:\Windows\System\gwjODHv.exe
  2⤵
  PID:13296
- C:\Windows\System\JCztSEg.exe
  C:\Windows\System\JCztSEg.exe
  2⤵
  PID:12352
- C:\Windows\System\RxMeYIy.exe
  C:\Windows\System\RxMeYIy.exe
  2⤵
  PID:12788
- C:\Windows\System\kYPfKGK.exe
  C:\Windows\System\kYPfKGK.exe
  2⤵
  PID:12912
- C:\Windows\System\pzdtcZU.exe
  C:\Windows\System\pzdtcZU.exe
  2⤵
  PID:12860
- C:\Windows\System\LQcBrkd.exe
  C:\Windows\System\LQcBrkd.exe
  2⤵
  PID:12988
- C:\Windows\System\FddMQoo.exe
  C:\Windows\System\FddMQoo.exe
  2⤵
  PID:13200
- C:\Windows\System\PFvPDgC.exe
  C:\Windows\System\PFvPDgC.exe
  2⤵
  PID:12496
- C:\Windows\System\Qzlfskm.exe
  C:\Windows\System\Qzlfskm.exe
  2⤵
  PID:12816
- C:\Windows\System\URQNOpp.exe
  C:\Windows\System\URQNOpp.exe
  2⤵
  PID:13176
- C:\Windows\System\QykJYdE.exe
  C:\Windows\System\QykJYdE.exe
  2⤵
  PID:12348
- C:\Windows\System\fpuipez.exe
  C:\Windows\System\fpuipez.exe
  2⤵
  PID:13328
- C:\Windows\System\tsoIaup.exe
  C:\Windows\System\tsoIaup.exe
  2⤵
  PID:13372
- C:\Windows\System\XQiFFLe.exe
  C:\Windows\System\XQiFFLe.exe
  2⤵
  PID:13392
- C:\Windows\System\USWLCiC.exe
  C:\Windows\System\USWLCiC.exe
  2⤵
  PID:13440
- C:\Windows\System\KRWflkB.exe
  C:\Windows\System\KRWflkB.exe
  2⤵
  PID:13460
- C:\Windows\System\IopxeNE.exe
  C:\Windows\System\IopxeNE.exe
  2⤵
  PID:13488
- C:\Windows\System\wwSTija.exe
  C:\Windows\System\wwSTija.exe
  2⤵
  PID:13572
- C:\Windows\System\PgOZiTf.exe
  C:\Windows\System\PgOZiTf.exe
  2⤵
  PID:13588
- C:\Windows\System\psgGMRp.exe
  C:\Windows\System\psgGMRp.exe
  2⤵
  PID:13604
- C:\Windows\System\PHYScOo.exe
  C:\Windows\System\PHYScOo.exe
  2⤵
  PID:13628
- C:\Windows\System\zIvkuNv.exe
  C:\Windows\System\zIvkuNv.exe
  2⤵
  PID:13652
- C:\Windows\System\PgEYldy.exe
  C:\Windows\System\PgEYldy.exe
  2⤵
  PID:13676
- C:\Windows\System\JhlDmUL.exe
  C:\Windows\System\JhlDmUL.exe
  2⤵
  PID:13712
- C:\Windows\System\hwQQdml.exe
  C:\Windows\System\hwQQdml.exe
  2⤵
  PID:13732
- C:\Windows\System\HkNRNKg.exe
  C:\Windows\System\HkNRNKg.exe
  2⤵
  PID:13760
- C:\Windows\System\UosExhY.exe
  C:\Windows\System\UosExhY.exe
  2⤵
  PID:13780
- C:\Windows\System\KAPJmPH.exe
  C:\Windows\System\KAPJmPH.exe
  2⤵
  PID:13804
- C:\Windows\System\VLAMUey.exe
  C:\Windows\System\VLAMUey.exe
  2⤵
  PID:13824
- C:\Windows\System\ZxJDLJn.exe
  C:\Windows\System\ZxJDLJn.exe
  2⤵
  PID:13844
- C:\Windows\System\uLpiWmk.exe
  C:\Windows\System\uLpiWmk.exe
  2⤵
  PID:13864
- C:\Windows\System\iPsggnb.exe
  C:\Windows\System\iPsggnb.exe
  2⤵
  PID:13900
- C:\Windows\System\qhONzkC.exe
  C:\Windows\System\qhONzkC.exe
  2⤵
  PID:13920
- C:\Windows\System\GeAbpon.exe
  C:\Windows\System\GeAbpon.exe
  2⤵
  PID:13952
- C:\Windows\System\dHFUaaR.exe
  C:\Windows\System\dHFUaaR.exe
  2⤵
  PID:13972
- C:\Windows\System\YyooCZc.exe
  C:\Windows\System\YyooCZc.exe
  2⤵
  PID:13992
- C:\Windows\System\mMAKbBV.exe
  C:\Windows\System\mMAKbBV.exe
  2⤵
  PID:14012
- C:\Windows\System\sbqcuRZ.exe
  C:\Windows\System\sbqcuRZ.exe
  2⤵
  PID:14060
- C:\Windows\System\WPGwDPv.exe
  C:\Windows\System\WPGwDPv.exe
  2⤵
  PID:14088
- C:\Windows\System\pbrXFjU.exe
  C:\Windows\System\pbrXFjU.exe
  2⤵
  PID:14108
- C:\Windows\System\LAAwUdu.exe
  C:\Windows\System\LAAwUdu.exe
  2⤵
  PID:14152
- C:\Windows\System\LCVISNz.exe
  C:\Windows\System\LCVISNz.exe
  2⤵
  PID:14176
- C:\Windows\System\GSvWYLC.exe
  C:\Windows\System\GSvWYLC.exe
  2⤵
  PID:14200
- C:\Windows\System\BJinidv.exe
  C:\Windows\System\BJinidv.exe
  2⤵
  PID:14236
- C:\Windows\System\aPABtzh.exe
  C:\Windows\System\aPABtzh.exe
  2⤵
  PID:14296
- C:\Windows\System\oufhVNm.exe
  C:\Windows\System\oufhVNm.exe
  2⤵
  PID:14316
- C:\Windows\System\gcXQXFw.exe
  C:\Windows\System\gcXQXFw.exe
  2⤵
  PID:12764
- C:\Windows\System\OjnMRGK.exe
  C:\Windows\System\OjnMRGK.exe
  2⤵
  PID:13352
- C:\Windows\System\dMvKyVe.exe
  C:\Windows\System\dMvKyVe.exe
  2⤵
  PID:12304
- C:\Windows\System\GVoujQN.exe
  C:\Windows\System\GVoujQN.exe
  2⤵
  PID:13428
- C:\Windows\System\fPsOkmT.exe
  C:\Windows\System\fPsOkmT.exe
  2⤵
  PID:13500
- C:\Windows\System\tjSRbTe.exe
  C:\Windows\System\tjSRbTe.exe
  2⤵
  PID:13524
- C:\Windows\System\BBxUYns.exe
  C:\Windows\System\BBxUYns.exe
  2⤵
  PID:13776
- C:\Windows\System\XxHXEzV.exe
  C:\Windows\System\XxHXEzV.exe
  2⤵
  PID:13932
- C:\Windows\System\hRkCtDw.exe
  C:\Windows\System\hRkCtDw.exe
  2⤵
  PID:13984
- C:\Windows\System\aZSLwyz.exe
  C:\Windows\System\aZSLwyz.exe
  2⤵
  PID:13964
- C:\Windows\System\iRxqFRx.exe
  C:\Windows\System\iRxqFRx.exe
  2⤵
  PID:14040
- C:\Windows\System\cgMmmxf.exe
  C:\Windows\System\cgMmmxf.exe
  2⤵
  PID:14004
- C:\Windows\System\JlaOMiA.exe
  C:\Windows\System\JlaOMiA.exe
  2⤵
  PID:14148
- C:\Windows\System\KRsqBAE.exe
  C:\Windows\System\KRsqBAE.exe
  2⤵
  PID:14100
- C:\Windows\System\gnDxDZh.exe
  C:\Windows\System\gnDxDZh.exe
  2⤵
  PID:14168
- C:\Windows\System\QAolpYh.exe
  C:\Windows\System\QAolpYh.exe
  2⤵
  PID:14184
- C:\Windows\System\dhCaCyK.exe
  C:\Windows\System\dhCaCyK.exe
  2⤵
  PID:14304
- C:\Windows\System\jYjnFNf.exe
  C:\Windows\System\jYjnFNf.exe
  2⤵
  PID:14292
- C:\Windows\System\VYsKrDC.exe
  C:\Windows\System\VYsKrDC.exe
  2⤵
  PID:1588
- C:\Windows\System\HaiuUOb.exe
  C:\Windows\System\HaiuUOb.exe
  2⤵
  PID:13840
- C:\Windows\System\OCrhZZN.exe
  C:\Windows\System\OCrhZZN.exe
  2⤵
  PID:13884
- C:\Windows\System\dINpkzd.exe
  C:\Windows\System\dINpkzd.exe
  2⤵
  PID:13644
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13644 -s 248
    3⤵
    PID:15076
- C:\Windows\System\cCqqgEy.exe
  C:\Windows\System\cCqqgEy.exe
  2⤵
  PID:4336
- C:\Windows\System\nobBJMK.exe
  C:\Windows\System\nobBJMK.exe
  2⤵
  PID:14668
- C:\Windows\System\URKhmXv.exe
  C:\Windows\System\URKhmXv.exe
  2⤵
  PID:14840
- C:\Windows\System\oOoyghK.exe
  C:\Windows\System\oOoyghK.exe
  2⤵
  PID:14864
- C:\Windows\System\avGSyMZ.exe
  C:\Windows\System\avGSyMZ.exe
  2⤵
  PID:14884
- C:\Windows\System\yPtfqDl.exe
  C:\Windows\System\yPtfqDl.exe
  2⤵
  PID:14908
- C:\Windows\System\PhQkBUE.exe
  C:\Windows\System\PhQkBUE.exe
  2⤵
  PID:14932

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BOePEsQ.exe

Filesize
1.2MB

MD5
9af3735c6073a0345687a608678ebdf5

SHA1
33c215ed7a1095a466e88f0ef92401a30a954de9

SHA256
0bdb68088f4962d20205b760efcf459727fb5479ad6f50ee9b72ff950bf02b8b

SHA512
f092530933fd79459fc4c4399e1a366de687af9bdf0881b55c37c5e60e589ca0375140034fd8f3c92bebf875714922c3ca8858d7a459f4aa44de21434d8969e9

Download Submit
C:\Windows\System\DPONbmz.exe

Filesize
1.2MB

MD5
585369f7fb5fd075c4023686c1c34c40

SHA1
2ab97910fdf987f86cb376d31b1df924b1825609

SHA256
7cff1894f8db7414922025070ec51b83de592a9479d7105c45a1806a9c4c32a8

SHA512
523c858952451138b2545a5b85bd8c593aa1c33bca383a7319dda577f164e432447b98e40e949ffd6bc6a60e3dcb08976be7176494bb9dc7308b06c7d00a620c

Download Submit
C:\Windows\System\GPlcjrn.exe

Filesize
1.2MB

MD5
c3a0d05959d57a4289d9c959fa59793b

SHA1
02b2ffe2eeb351e55aeb4e6b75450b2cdf8153ce

SHA256
21af2804a30a4fccda5ae74f145f8e92da959ff6bd13d0a70e444c2da418fc81

SHA512
f30f05038475a5e9574bda5e34d918430360a2ea19149be10c5db937dded8376ad19d98f005f4fc71b1f5163f54c7488d0fb1419236267b8a302eca631066b50

Download Submit
C:\Windows\System\GolzqlP.exe

Filesize
1.2MB

MD5
1dbef88069c551e25285dfb9f51b2553

SHA1
2844f81d33cdf04f1776c765065312c4f3ca9680

SHA256
f8947b79063198a5a4d193048803d2584b21c19418cc243227eb70e982f6b3ec

SHA512
200f0da3ab7d06a4aaac4e63e1f80c024a8b07c1c66239dd7eee07889958350f26cf302007f8d39fd767f27a0ededc7bec66299b666ae6040bc2645b7374dd0f

Download Submit
C:\Windows\System\LZlcwcs.exe

Filesize
1.2MB

MD5
c63d2686522fff8185aeb102fb83ae5b

SHA1
65da6849a832e0b63bfccf030bbdd7366f6b30b2

SHA256
10d5e22f96af38c6111013c4b26560d504389b2414597dcc89dc0733705d9c55

SHA512
f500a38267e95a1011228378b1df0070d3d707391a649a843365c389b32d76c338c6163411563074b50a58b3f3b43f0167f0b98805a05ec42bd1cc2f6194fcf6

Download Submit
C:\Windows\System\LhBDQVh.exe

Filesize
1.2MB

MD5
e9d2337079716800d90b5736202b18b4

SHA1
5b1ff824f66154ce37a0675967b2404771b6f53f

SHA256
fa1ffb6e1462173402170c2b3724652bf0fa36f6876cf851c750b6122194524e

SHA512
357f816eee09070b9b984473488efb9e3f872dd9939c00f73b6871685792a07186fb62ea36c1723e396a71b8a5b05f9f752870ff38bb372ca163d5bf41c14bdd

Download Submit
C:\Windows\System\MFuDpbo.exe

Filesize
1.2MB

MD5
152ef34ffb3a827708454556e07cd95e

SHA1
77ca4930a90179d490bd9ddb8cdce7c22ed4ff90

SHA256
60a730a3c2e6954023c0726d0d369961d9c711598ab3626fd3ad5a96c874fd87

SHA512
7007d31817f5ff614ac9251b95c4ae560b84c57bba9aa3cc5088b0cc97074327ebce5c92a130bcd4b41e4c39c5720b5c505e18c75569c37cddb35098f0ff5689

Download Submit
C:\Windows\System\ODPGmDW.exe

Filesize
1.2MB

MD5
88c3ec2797cfedc9bd903d6177fad07d

SHA1
5e8388739a49efe3948aa65676d69caab3ca0cb5

SHA256
87635ffc2cadcade7dca5c3af131526c7fbd8c32aff7a95ce1485f8d8077ed49

SHA512
8191533145b22b2641e63afad1be12414780d513dfecde0119fa8425dcdd3b9969bdcb7f7b8e76283a5de2d5eb6e97d5650bdea1f3350be936c9769e7d65768a

Download Submit
C:\Windows\System\SELoQKL.exe

Filesize
1.2MB

MD5
93248bb8f07abab677d8ad2f41516a59

SHA1
23eac9870faac3d775dd18b5d65f4c00853ff9b3

SHA256
57674ddefffbfdcfab2c44f712b0dbd40fd9cd21fb52c6890a91e39126c16ee6

SHA512
dca836eb6bc863dbb00aec9b42155d56d29fc5dbbe61473661430662bf42501b2709aa301205ca77acb573b4e3b0a1945c5481532a0b1ecb2746a50622d20bf1

Download Submit
C:\Windows\System\UCcItYn.exe

Filesize
1.2MB

MD5
99b0fa02ad4ea047fdb699431987be74

SHA1
7f3a1930ec18639890638fcb5ecf3b44c439dd31

SHA256
ab0f7e1d41c96537c63f3d673402811c7d193764b69ebed378525b5ac95bf536

SHA512
b1db9119cfeef15232e0c20d1a5d22096ae9c6519b45ea88d355f9ebad149d7d6f58b34226c99d04d21e1369daf285b650de89a3fd87a6e97dcab5da6518d34b

Download Submit
C:\Windows\System\UmqtZoQ.exe

Filesize
1.2MB

MD5
b359793189c0d010a4fbc79697f49641

SHA1
30d7001cf656128c9556e9c4377f50b90cb970c9

SHA256
160400f9eba6e308985a7ddb49ce9d7a4032ddbdd3b04127b04b4f8b56b07b39

SHA512
fd2a25f82317d6bf559ea3611dd5ed773dab7b90696f3d89fdb95a958c030d2713c80379b26ba5a87d66bedc53f50c76b362da06735df27c2fd9c10c71b95550

Download Submit
C:\Windows\System\VEvusQB.exe

Filesize
1.2MB

MD5
0967661cf9024437aea32235da0bf768

SHA1
9112da5dcda64a2fe95aa56340becce440234603

SHA256
dce4513f831ddfce859835ecf75b9be9bfbbfdab755e26849e8665377fe5ec4b

SHA512
88ad8dc687d04c949b47bcebced713fd097da0caee65c4891ae7b97a05e01755c9d6fcf0e6ffd13ea4851a9c8486364c9fa8f98350df24f104ed89d7d440ad20

Download Submit
C:\Windows\System\VVaupzm.exe

Filesize
1.2MB

MD5
8d772352e80436a191169cda1bdb8dfd

SHA1
a887ed435412d7f3c680d46cdc9c47b8cfbd162d

SHA256
5965124c645f3a71696a823ec095ef6e0e3702d92bdf7f7ab8eabe44791d8d64

SHA512
42b551f1823fcc2993e768bdd27d42a91ccc7ca7a6b1e8face666a1a20f01e8470fbd37d619333c94f636437e5b58a9497b1f3c7e992b7453ccccf3bd0bcc2a1

Download Submit
C:\Windows\System\VbUGnCm.exe

Filesize
1.2MB

MD5
95e084ef00f1ce759e38687cb913516d

SHA1
1ef35f5a5d7f69ad0889bb77e9fb25d64cd3ac33

SHA256
e1f83dc0621b964228ba89eea1f29b0c8c7faba7fbebfe59c936b303cd612207

SHA512
69599733487b9e4226e89335b9b4e4713770f4444f499f8f5240109e2103d3d6da191233e084ad4a4ebbaf7a417e09b7acf3bb1f846c3548f83cb6ca9d26070e

Download Submit
C:\Windows\System\XnIhqHW.exe

Filesize
1.2MB

MD5
f01f9cde9466788df5b86ce26de08d12

SHA1
acef1289a7a33b76e044b21cd359496692ce13b5

SHA256
0535a4b804b7f516774cb8ce5ffb4178a0d7387fd6279cf930b2ebdd54d9f56a

SHA512
e48ed3300f28878f1726bc1e97ec4a42674b58b5450916caef0211cfac1be232666540c3c07f9ed6511a7b42aacd523b9038a0154c782660caf217ea592170dd

Download Submit
C:\Windows\System\bKhcwQa.exe

Filesize
1.2MB

MD5
a2de7518300ff50c37b35fabf9fef58f

SHA1
057671086a472c847fee9d9291792d591b96c238

SHA256
b5f3a7be73b6ada6a8224924efeb4d143d56e70045930f3354767c9d8c7fa06c

SHA512
7027525b78ece6066b198b530d7072f1ead3268bf266e6ef647b8f66f71820ef4d814216e2ff1b2e8d70e29db662aa1fb803e509f44f6d9e7bf1048e05fd665b

Download Submit
C:\Windows\System\dgVZvkL.exe

Filesize
1.2MB

MD5
a9cbe79a4e3eb4466375519c5111e09d

SHA1
f4741b1f80f781737640deb3317cb6fc75ae8703

SHA256
a3bccc7d57f47c96a5134fe10d1771fb4e0251e977635ebe208ccd0d575fc7d7

SHA512
d120c51aa7e4443c4e3eaba06f429cc4099587bc5e272185165e14fed2b123302901ea3ba39db8e5d41c975be6e531bc2295800dc6ed7b3769debd6ea92f8994

Download Submit
C:\Windows\System\fCNmmom.exe

Filesize
1.2MB

MD5
a148b1c135dda1490033746748f08874

SHA1
f5756f5f139e9fccabaa8faf8ac6a9c5a7b3e7b8

SHA256
92d3ab2ca7681f77094fe8388431e64d092c75bfff5b20abaa601d1c13014da7

SHA512
6b2b054bccc017f4e191f05b011271f99fb1546648f257b6a6d7a8f6c3cd5d85578ecbeec29c3e4838f7dda3ba728ad3e6f922e2fa2a3e3b2d3a95b86eb6add1

Download Submit
C:\Windows\System\gNnJLcJ.exe

Filesize
1.2MB

MD5
1a0d1c8d534e0382a17d2c8395095999

SHA1
59254cc8754cceac19370c723dc371dd86ae85ff

SHA256
0e105924a3ba823180ed7ae81101b03cbca5cf1d1f51467e219d773272b08525

SHA512
abb0c518538a376bc2b63171dfc27594b24cddd15a811baf02a49bd03d790a1b6c97bd950ce0627d1e12d0f1377efd168d17ba98c000b0e089e62ee1fbc9067c

Download Submit
C:\Windows\System\gYHQtnT.exe

Filesize
1.2MB

MD5
a54adbbbad97b98709f4554f10c68a1a

SHA1
0d977f393b0759e75fd976c3fda4ac4c72eed704

SHA256
13040f7547432a08f8d8c79249a54d3ab846f3a01756db63aac7b1cc61343cc9

SHA512
42846805bc410c5dd937f388e5181ab2e16f4146892ae8aceec52958154c28c289d6dd27c2edc40107fb3d5e134908cc55d615e5d577f5339293af70948706cc

Download Submit
C:\Windows\System\ilGpyaX.exe

Filesize
1.2MB

MD5
0ae712e17f43efb209e2af1d8b402a48

SHA1
fd373ca1c5370f0a8e06fb697b5242f412cb02c9

SHA256
647dc73e03c993891c41662ef494973852873ef4e594d9728293a3350b379ad6

SHA512
7262466a4ce23a96012478ec51bbbf7db6e3be97e3ab9402ff4c9788c23dd5e3d3ed6156e5e9c35cb2d003ee0b0addc905113597de7f87fdc36e0216b623cda4

Download Submit
C:\Windows\System\kpfCRSS.exe

Filesize
1.2MB

MD5
ebf943230f36904375e9afece748edbc

SHA1
62018cff91727d434dbcd2f0745831589e4a18be

SHA256
b0346780c95a8a1a301f1edc4d203dae9bea98d9a7d74e19fddc0f04ba0fd01e

SHA512
d2ce015e0b233aabfb0651607fd0ed48b06405b295f004d440838704ecb2549176e5efe53cbcecec2248f2298c2af95e474bf9e47bfc9100f5a291daaa5fc654

Download Submit
C:\Windows\System\oHLZZca.exe

Filesize
1.2MB

MD5
4cbb1d2e0a5ca8bd32c4f150c3360a73

SHA1
8e24b28eb23a976448d774fecbb69693daafbd8b

SHA256
d3c44b9249991129e728a20e78806c339ec64f924b6c9e17d42d1905960363fd

SHA512
e30d7fa82f1edbea6a6b182b40298bb99eb10d2f29827aceee9634457e27d1937fed4d5501030c9ec8b33ee1fa1f3b50c887f61dd1b7d56129b4d6fc5ae61f1f

Download Submit
C:\Windows\System\ogHKjbm.exe

Filesize
1.2MB

MD5
05791050b5e29325690bde2c80bb2c60

SHA1
d287c8254eccbd10cd4dfad7f7d11168a0db4d97

SHA256
b6f124cd1de5f7a6147499b23c003c4ab84b42f3113c2fa9e348a6f0171b6e4c

SHA512
b8e9bad23e1d86ebb8c02c4facc3eb44c7a2cd41a149cad443bf35426b79576dd854608c0faf6de8ef5999eb69024bc3847eaab55efe1f9326a8243d07453af7

Download Submit
C:\Windows\System\qPiFYIZ.exe

Filesize
1.2MB

MD5
bdafe94dfddab2f15f920f2a28496ff3

SHA1
ccf40192d42d8b2e15f10185ee8286421f80ec94

SHA256
1155754d544a2bf20bbbec0d1d8a4672db27be49600ce6bd5fa5ee026205df85

SHA512
789d65735a7a21244671bb8356cbfcd362d9a2da0a391a6f0f9a3fc4e44d91fea18bbb0b5f7f79eb003f1fcecfb65d08204536509c41838f6ab6c17326bb6669

Download Submit
C:\Windows\System\qhRsmxR.exe

Filesize
1.2MB

MD5
15e730c00e108440b78569d4b1d757df

SHA1
7ef4d2c3cfde884ebab718d524bb4e636fedc7ee

SHA256
e6b99f5e71e6b12f917e4e258ce321aab556b80400df139e632de6f6771c032c

SHA512
0235bf3de5895bf7e23b2beb1db10499b723d18fe8316bea176afe47aec464213cce80d36af599f776fc6e004b79572d29b4ccb3ba39965c5b301ee8ee82b60a

Download Submit
C:\Windows\System\sCLZCPD.exe

Filesize
1.2MB

MD5
bdbbcc9a794d8d6a259c5a526475343a

SHA1
013636da00dbc745c4bd7acc68f6066949c1ef22

SHA256
009502662aa88d08ce536d68ef92d99be5c7cda852043376ff6e161faae44b8d

SHA512
1d9478ccc3821bbbff74202d38ac93717bf20bebd8ca86ab4369b72846072caa280f7f5d6f070a6d05404452c1de8157b66fe3cfe755a9ba09b48fbea5b839a1

Download Submit
C:\Windows\System\umrDJbm.exe

Filesize
1.2MB

MD5
818bf7fe9ee14d2a4a7797d21cd48d72

SHA1
bc6719fe96f3142ba11a081e54ec4371f04c01d3

SHA256
601622dd06d38ff1148e91dbe6396ca8c610feec96d3830e6843b775a5546e6e

SHA512
e34427a200eaf83f3f9a1e17af5ad03d8e3908230e7cabc9cea09132fa87524ac38324b97d69aabde6c2b7ffd541b9cd2d97f459d491fde72a74be4974de5b99

Download Submit
C:\Windows\System\vOPNand.exe

Filesize
1.2MB

MD5
f3200ca00e89774100a2c2537d3ad6bd

SHA1
1e211b2fdac9a5846b74306b6b5c499e2430efd2

SHA256
1cd9076a5207f9870923a06d1c8407b57a2219879bb5ef32bdcd73ea6dec7a3b

SHA512
ab64265ce5b78f811df722c376470ea8dd943c431e91a88f00ad8a10a5d8a59db33cd8e00b9173b391b11236d2f6c71e85948339d26c2096716fa93128b28d11

Download Submit
C:\Windows\System\wPpbwbn.exe

Filesize
1.2MB

MD5
b1561e8ba4df2cc37c1eaba931159aad

SHA1
9f016145ae72aa2ae7de4f6f8b77c927cbf52fd0

SHA256
4a38ab0766471eb590d0115b7a22ecfb67da9b7938ee5f9376e75b3e89447e4a

SHA512
589b8a0e508894843a8620fc84849aacd8ab8ef0c18b8cd2ac064912b0025fca985358b35b5c3aa84f8baad5a870d52aa006135fddb40a44be72a0c8a29b9a97

Download Submit
C:\Windows\System\zipvmSp.exe

Filesize
1.2MB

MD5
1452e142dcd70f9c96a20b71831eea1f

SHA1
74aa544154753976d4a07ef4a0520ac224c4a9a2

SHA256
59e8faf20fd0df3dd811213eb3952b8106bcf23dc292f55977e0430316d97999

SHA512
693a69fc81c686b4cce73430de766bb261ccd8527d6063bd4e88a98e5e798ceb6d0dbd3c8c4f1850577d7b6ce3d4003d83ae112c45b1673008fdd915ed6b6764

Download Submit
C:\Windows\System\zodJEyd.exe

Filesize
1.2MB

MD5
68e8bac21d842442d58068c7e8d45127

SHA1
843135d29823edca687e4d589b5bc0e74609e0d4

SHA256
9e16b5b8861555dd8c66d5cb40c81205046fdd8853241db337332cb16d2f8b0c

SHA512
d5be67e90e01c93fba141ace1a131e27d9993e23c92c59b27cc54e023dc94ef88dfa03b60e4105a55c2830534f27ca975e03a54f26a3d3757ac69428ed19daf9

Download Submit
C:\Windows\System\ztrvdws.exe

Filesize
1.2MB

MD5
020c87ec45d1220d0b082606d4a9f421

SHA1
2d32cb0a6fd32d1b7a20004ad2c5b7d19a9aa590

SHA256
d10bc21d2bcec1449b02d4aa72b79b0cb4f90b688a66f89751d84dd5cadf8aca

SHA512
6f8d2847de3ad1fed48769c7fa538a01a724a0c91e3b0e68cb09362761e881eb3cde1fa8bb162621808f4a51fe5408ac0f0f0347c5e7998012314406e7bd0429

Download Submit
memory/392-160-0x00007FF655900000-0x00007FF655C51000-memory.dmp

Filesize
3.3MB

Download
memory/392-2429-0x00007FF655900000-0x00007FF655C51000-memory.dmp

Filesize
3.3MB

Download
memory/452-147-0x00007FF694A50000-0x00007FF694DA1000-memory.dmp

Filesize
3.3MB

Download
memory/452-2433-0x00007FF694A50000-0x00007FF694DA1000-memory.dmp

Filesize
3.3MB

Download
memory/692-85-0x00007FF769060000-0x00007FF7693B1000-memory.dmp

Filesize
3.3MB

Download
memory/692-2403-0x00007FF769060000-0x00007FF7693B1000-memory.dmp

Filesize
3.3MB

Download
memory/1060-190-0x00007FF71D7B0000-0x00007FF71DB01000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2440-0x00007FF71D7B0000-0x00007FF71DB01000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2149-0x00007FF7A94D0000-0x00007FF7A9821000-memory.dmp

Filesize
3.3MB

Download
memory/1192-34-0x00007FF7A94D0000-0x00007FF7A9821000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2346-0x00007FF7A94D0000-0x00007FF7A9821000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2435-0x00007FF726D50000-0x00007FF7270A1000-memory.dmp

Filesize
3.3MB

Download
memory/1416-153-0x00007FF726D50000-0x00007FF7270A1000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2439-0x00007FF603E90000-0x00007FF6041E1000-memory.dmp

Filesize
3.3MB

Download
memory/1580-178-0x00007FF603E90000-0x00007FF6041E1000-memory.dmp

Filesize
3.3MB

Download
memory/1600-116-0x00007FF62CD00000-0x00007FF62D051000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2413-0x00007FF62CD00000-0x00007FF62D051000-memory.dmp

Filesize
3.3MB

Download
memory/1624-123-0x00007FF61FEA0000-0x00007FF6201F1000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2421-0x00007FF61FEA0000-0x00007FF6201F1000-memory.dmp

Filesize
3.3MB

Download
memory/1764-48-0x00007FF60ACF0000-0x00007FF60B041000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2397-0x00007FF60ACF0000-0x00007FF60B041000-memory.dmp

Filesize
3.3MB

Download
memory/1784-172-0x00007FF7E14E0000-0x00007FF7E1831000-memory.dmp

Filesize
3.3MB

Download
memory/1784-2423-0x00007FF7E14E0000-0x00007FF7E1831000-memory.dmp

Filesize
3.3MB

Download
memory/1908-191-0x00007FF606950000-0x00007FF606CA1000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2343-0x00007FF606950000-0x00007FF606CA1000-memory.dmp

Filesize
3.3MB

Download
memory/1908-21-0x00007FF606950000-0x00007FF606CA1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-98-0x00007FF6C3260000-0x00007FF6C35B1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-2409-0x00007FF6C3260000-0x00007FF6C35B1000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2407-0x00007FF6DECF0000-0x00007FF6DF041000-memory.dmp

Filesize
3.3MB

Download
memory/2352-91-0x00007FF6DECF0000-0x00007FF6DF041000-memory.dmp

Filesize
3.3MB

Download
memory/2552-68-0x00007FF791920000-0x00007FF791C71000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2304-0x00007FF791920000-0x00007FF791C71000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2399-0x00007FF791920000-0x00007FF791C71000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2425-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp

Filesize
3.3MB

Download
memory/2716-141-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp

Filesize
3.3MB

Download
memory/2936-197-0x00007FF6C1160000-0x00007FF6C14B1000-memory.dmp

Filesize
3.3MB

Download
memory/2936-28-0x00007FF6C1160000-0x00007FF6C14B1000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2348-0x00007FF6C1160000-0x00007FF6C14B1000-memory.dmp

Filesize
3.3MB

Download
memory/3304-2431-0x00007FF6D51D0000-0x00007FF6D5521000-memory.dmp

Filesize
3.3MB

Download
memory/3304-154-0x00007FF6D51D0000-0x00007FF6D5521000-memory.dmp

Filesize
3.3MB

Download
memory/3700-40-0x00007FF74EF00000-0x00007FF74F251000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2390-0x00007FF74EF00000-0x00007FF74F251000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2150-0x00007FF74EF00000-0x00007FF74F251000-memory.dmp

Filesize
3.3MB

Download
memory/3720-134-0x00007FF76F280000-0x00007FF76F5D1000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2419-0x00007FF76F280000-0x00007FF76F5D1000-memory.dmp

Filesize
3.3MB

Download
memory/3748-43-0x00007FF6A7440000-0x00007FF6A7791000-memory.dmp

Filesize
3.3MB

Download
memory/3748-2303-0x00007FF6A7440000-0x00007FF6A7791000-memory.dmp

Filesize
3.3MB

Download
memory/3748-2392-0x00007FF6A7440000-0x00007FF6A7791000-memory.dmp

Filesize
3.3MB

Download
memory/3888-33-0x00007FF61E4A0000-0x00007FF61E7F1000-memory.dmp

Filesize
3.3MB

Download
memory/3888-2341-0x00007FF61E4A0000-0x00007FF61E7F1000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2411-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp

Filesize
3.3MB

Download
memory/3972-110-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp

Filesize
3.3MB

Download
memory/4280-2415-0x00007FF76C730000-0x00007FF76CA81000-memory.dmp

Filesize
3.3MB

Download
memory/4280-122-0x00007FF76C730000-0x00007FF76CA81000-memory.dmp

Filesize
3.3MB

Download
memory/4424-0-0x00007FF766BF0000-0x00007FF766F41000-memory.dmp

Filesize
3.3MB

Download
memory/4424-184-0x00007FF766BF0000-0x00007FF766F41000-memory.dmp

Filesize
3.3MB

Download
memory/4424-1-0x000001DE7CBB0000-0x000001DE7CBC0000-memory.dmp

Filesize
64KB

Download
memory/4548-171-0x00007FF7AA950000-0x00007FF7AACA1000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2427-0x00007FF7AA950000-0x00007FF7AACA1000-memory.dmp

Filesize
3.3MB

Download
memory/4552-16-0x00007FF725250000-0x00007FF7255A1000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2339-0x00007FF725250000-0x00007FF7255A1000-memory.dmp

Filesize
3.3MB

Download
memory/4676-2401-0x00007FF73CDA0000-0x00007FF73D0F1000-memory.dmp

Filesize
3.3MB

Download
memory/4676-104-0x00007FF73CDA0000-0x00007FF73D0F1000-memory.dmp

Filesize
3.3MB

Download
memory/4804-92-0x00007FF699AE0000-0x00007FF699E31000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2405-0x00007FF699AE0000-0x00007FF699E31000-memory.dmp

Filesize
3.3MB

Download
memory/5096-135-0x00007FF695D40000-0x00007FF696091000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2417-0x00007FF695D40000-0x00007FF696091000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads