xmrig | b563714a1f070e645d39be7281e5f7661b378b1d3e5c0eca3737bbf66f8f9d1d

Analysis

max time kernel
97s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
Size

2.0MB
MD5

3c2e84aeb15be2040a6ffa764813d570
SHA1

6f07b222b9093879f862b707eef3c7f865e4d776
SHA256

b563714a1f070e645d39be7281e5f7661b378b1d3e5c0eca3737bbf66f8f9d1d
SHA512

8a47fd8a72a897ac1427ad5154d55b63612b1130dc30f1cf5a1af038bd3a7062d11327fc73a668bccb990fc0ae5e9a54daea169605f71ad2bd0a89b9f5bf7348
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wISK9NcHa6S5ubQ:BemTLkNdfE0pZrL

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1488-0-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp	xmrig
behavioral2/files/0x00090000000233ce-4.dat	xmrig
behavioral2/files/0x0007000000023405-16.dat	xmrig
behavioral2/files/0x0008000000023404-18.dat	xmrig
behavioral2/memory/4480-20-0x00007FF692180000-0x00007FF6924D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-36.dat	xmrig
behavioral2/files/0x000700000002340c-54.dat	xmrig
behavioral2/files/0x000700000002340f-68.dat	xmrig
behavioral2/files/0x000700000002340d-78.dat	xmrig
behavioral2/files/0x0007000000023411-89.dat	xmrig
behavioral2/memory/364-93-0x00007FF673590000-0x00007FF6738E4000-memory.dmp	xmrig
behavioral2/memory/3660-98-0x00007FF7D1C70000-0x00007FF7D1FC4000-memory.dmp	xmrig
behavioral2/memory/1616-97-0x00007FF72A840000-0x00007FF72AB94000-memory.dmp	xmrig
behavioral2/memory/4056-96-0x00007FF681510000-0x00007FF681864000-memory.dmp	xmrig
behavioral2/memory/5036-95-0x00007FF610280000-0x00007FF6105D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-91.dat	xmrig
behavioral2/files/0x0007000000023410-87.dat	xmrig
behavioral2/files/0x000700000002340a-84.dat	xmrig
behavioral2/memory/2772-83-0x00007FF73B420000-0x00007FF73B774000-memory.dmp	xmrig
behavioral2/memory/864-82-0x00007FF611D10000-0x00007FF612064000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-80.dat	xmrig
behavioral2/memory/4428-75-0x00007FF603890000-0x00007FF603BE4000-memory.dmp	xmrig
behavioral2/memory/2756-74-0x00007FF7B7540000-0x00007FF7B7894000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-70.dat	xmrig
behavioral2/memory/672-67-0x00007FF6440B0000-0x00007FF644404000-memory.dmp	xmrig
behavioral2/memory/856-64-0x00007FF64CC20000-0x00007FF64CF74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-50.dat	xmrig
behavioral2/files/0x0007000000023407-47.dat	xmrig
behavioral2/memory/1612-51-0x00007FF6AEC20000-0x00007FF6AEF74000-memory.dmp	xmrig
behavioral2/memory/1000-34-0x00007FF709E40000-0x00007FF70A194000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-101.dat	xmrig
behavioral2/files/0x0009000000023400-113.dat	xmrig
behavioral2/memory/1944-145-0x00007FF728C70000-0x00007FF728FC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-149.dat	xmrig
behavioral2/memory/2004-165-0x00007FF6F86B0000-0x00007FF6F8A04000-memory.dmp	xmrig
behavioral2/memory/2692-197-0x00007FF6852E0000-0x00007FF685634000-memory.dmp	xmrig
behavioral2/memory/2888-215-0x00007FF74C2B0000-0x00007FF74C604000-memory.dmp	xmrig
behavioral2/memory/1340-236-0x00007FF7C6CA0000-0x00007FF7C6FF4000-memory.dmp	xmrig
behavioral2/memory/2540-248-0x00007FF74D180000-0x00007FF74D4D4000-memory.dmp	xmrig
behavioral2/memory/1664-244-0x00007FF6CF430000-0x00007FF6CF784000-memory.dmp	xmrig
behavioral2/memory/5116-243-0x00007FF70F440000-0x00007FF70F794000-memory.dmp	xmrig
behavioral2/memory/2124-230-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp	xmrig
behavioral2/memory/2100-214-0x00007FF60F630000-0x00007FF60F984000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-195.dat	xmrig
behavioral2/files/0x000700000002341c-182.dat	xmrig
behavioral2/files/0x0007000000023424-180.dat	xmrig
behavioral2/files/0x000700000002341f-178.dat	xmrig
behavioral2/files/0x000700000002341a-176.dat	xmrig
behavioral2/files/0x0007000000023423-175.dat	xmrig
behavioral2/files/0x000700000002341b-170.dat	xmrig
behavioral2/files/0x0007000000023418-169.dat	xmrig
behavioral2/files/0x0007000000023422-166.dat	xmrig
behavioral2/files/0x000700000002341e-188.dat	xmrig
behavioral2/files/0x0007000000023421-164.dat	xmrig
behavioral2/files/0x0007000000023420-163.dat	xmrig
behavioral2/files/0x0007000000023419-153.dat	xmrig
behavioral2/memory/3212-150-0x00007FF629620000-0x00007FF629974000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-139.dat	xmrig
behavioral2/files/0x0007000000023417-134.dat	xmrig
behavioral2/memory/2520-130-0x00007FF72E210000-0x00007FF72E564000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-120.dat	xmrig
behavioral2/memory/816-107-0x00007FF7825B0000-0x00007FF782904000-memory.dmp	xmrig
behavioral2/files/0x0007000000023406-29.dat	xmrig
behavioral2/memory/1932-24-0x00007FF720A50000-0x00007FF720DA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4568	BYPLfEY.exe
4480	cFnTaHU.exe
1000	pIZxXhu.exe
1932	SIKYyeX.exe
5036	xcrGcET.exe
1612	rEnFsgk.exe
4056	sugVmhS.exe
856	RGgyvPN.exe
1616	tpoBHNt.exe
672	JvzibKq.exe
2756	JvHCFty.exe
4428	SaYXYqh.exe
3660	StRClUF.exe
864	wXFZshL.exe
2772	RXmAxbw.exe
364	EVvOZAk.exe
816	jiZqJtS.exe
2520	KyvBBBQ.exe
1944	wpmiCZb.exe
3212	RlqLtzj.exe
2124	NQwnkla.exe
1340	VbvpyBv.exe
5116	hNkeqvF.exe
2004	PRHZunt.exe
2692	yulUAoH.exe
1664	vMEjrsQ.exe
2100	NhHYOZK.exe
2540	FdMJGVg.exe
2888	ymfczoC.exe
2476	eocmwZb.exe
3256	QPikPLn.exe
4260	lLdtilX.exe
764	RRCeVKf.exe
3728	DIgiPIZ.exe
3628	ERvdMFN.exe
2136	gPVZSTW.exe
3012	oZPsGqQ.exe
1476	ZhMoNpS.exe
4436	iTUGXmP.exe
4072	MOerXHK.exe
2204	xIJSDKC.exe
4168	qbVsRTM.exe
5052	ffRxhYp.exe
4240	OVVedvI.exe
4688	FQqKqab.exe
3292	tYiwJWI.exe
1728	HjfYuvI.exe
4456	IwCMGSv.exe
5104	MGqLGjE.exe
3052	FSvMAUv.exe
2576	HPIzHoN.exe
4152	OVhzqFG.exe
64	FwnLDQA.exe
3788	dpLHteD.exe
2872	jSFtaYL.exe
3652	mDDnEPl.exe
2572	ZVlcgyj.exe
3812	pPcwPRQ.exe
2140	AMFKlYo.exe
3724	sZggyVr.exe
992	NBeoPcT.exe
2000	fFFwzTR.exe
680	nyFZtrt.exe
3176	KaZapkK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1488-0-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp	upx
behavioral2/files/0x00090000000233ce-4.dat	upx
behavioral2/files/0x0007000000023405-16.dat	upx
behavioral2/files/0x0008000000023404-18.dat	upx
behavioral2/memory/4480-20-0x00007FF692180000-0x00007FF6924D4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-36.dat	upx
behavioral2/files/0x000700000002340c-54.dat	upx
behavioral2/files/0x000700000002340f-68.dat	upx
behavioral2/files/0x000700000002340d-78.dat	upx
behavioral2/files/0x0007000000023411-89.dat	upx
behavioral2/memory/364-93-0x00007FF673590000-0x00007FF6738E4000-memory.dmp	upx
behavioral2/memory/3660-98-0x00007FF7D1C70000-0x00007FF7D1FC4000-memory.dmp	upx
behavioral2/memory/1616-97-0x00007FF72A840000-0x00007FF72AB94000-memory.dmp	upx
behavioral2/memory/4056-96-0x00007FF681510000-0x00007FF681864000-memory.dmp	upx
behavioral2/memory/5036-95-0x00007FF610280000-0x00007FF6105D4000-memory.dmp	upx
behavioral2/files/0x0007000000023412-91.dat	upx
behavioral2/files/0x0007000000023410-87.dat	upx
behavioral2/files/0x000700000002340a-84.dat	upx
behavioral2/memory/2772-83-0x00007FF73B420000-0x00007FF73B774000-memory.dmp	upx
behavioral2/memory/864-82-0x00007FF611D10000-0x00007FF612064000-memory.dmp	upx
behavioral2/files/0x000700000002340e-80.dat	upx
behavioral2/memory/4428-75-0x00007FF603890000-0x00007FF603BE4000-memory.dmp	upx
behavioral2/memory/2756-74-0x00007FF7B7540000-0x00007FF7B7894000-memory.dmp	upx
behavioral2/files/0x000700000002340b-70.dat	upx
behavioral2/memory/672-67-0x00007FF6440B0000-0x00007FF644404000-memory.dmp	upx
behavioral2/memory/856-64-0x00007FF64CC20000-0x00007FF64CF74000-memory.dmp	upx
behavioral2/files/0x0007000000023409-50.dat	upx
behavioral2/files/0x0007000000023407-47.dat	upx
behavioral2/memory/1612-51-0x00007FF6AEC20000-0x00007FF6AEF74000-memory.dmp	upx
behavioral2/memory/1000-34-0x00007FF709E40000-0x00007FF70A194000-memory.dmp	upx
behavioral2/files/0x0007000000023413-101.dat	upx
behavioral2/files/0x0009000000023400-113.dat	upx
behavioral2/memory/1944-145-0x00007FF728C70000-0x00007FF728FC4000-memory.dmp	upx
behavioral2/files/0x000700000002341d-149.dat	upx
behavioral2/memory/2004-165-0x00007FF6F86B0000-0x00007FF6F8A04000-memory.dmp	upx
behavioral2/memory/2692-197-0x00007FF6852E0000-0x00007FF685634000-memory.dmp	upx
behavioral2/memory/2888-215-0x00007FF74C2B0000-0x00007FF74C604000-memory.dmp	upx
behavioral2/memory/1340-236-0x00007FF7C6CA0000-0x00007FF7C6FF4000-memory.dmp	upx
behavioral2/memory/2540-248-0x00007FF74D180000-0x00007FF74D4D4000-memory.dmp	upx
behavioral2/memory/1664-244-0x00007FF6CF430000-0x00007FF6CF784000-memory.dmp	upx
behavioral2/memory/5116-243-0x00007FF70F440000-0x00007FF70F794000-memory.dmp	upx
behavioral2/memory/2124-230-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp	upx
behavioral2/memory/2100-214-0x00007FF60F630000-0x00007FF60F984000-memory.dmp	upx
behavioral2/files/0x0007000000023425-195.dat	upx
behavioral2/files/0x000700000002341c-182.dat	upx
behavioral2/files/0x0007000000023424-180.dat	upx
behavioral2/files/0x000700000002341f-178.dat	upx
behavioral2/files/0x000700000002341a-176.dat	upx
behavioral2/files/0x0007000000023423-175.dat	upx
behavioral2/files/0x000700000002341b-170.dat	upx
behavioral2/files/0x0007000000023418-169.dat	upx
behavioral2/files/0x0007000000023422-166.dat	upx
behavioral2/files/0x000700000002341e-188.dat	upx
behavioral2/files/0x0007000000023421-164.dat	upx
behavioral2/files/0x0007000000023420-163.dat	upx
behavioral2/files/0x0007000000023419-153.dat	upx
behavioral2/memory/3212-150-0x00007FF629620000-0x00007FF629974000-memory.dmp	upx
behavioral2/files/0x0007000000023416-139.dat	upx
behavioral2/files/0x0007000000023417-134.dat	upx
behavioral2/memory/2520-130-0x00007FF72E210000-0x00007FF72E564000-memory.dmp	upx
behavioral2/files/0x0007000000023415-120.dat	upx
behavioral2/memory/816-107-0x00007FF7825B0000-0x00007FF782904000-memory.dmp	upx
behavioral2/files/0x0007000000023406-29.dat	upx
behavioral2/memory/1932-24-0x00007FF720A50000-0x00007FF720DA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GJwWtcu.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\Jwxedoj.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\leaRfGJ.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\prDhkAf.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\MGqLGjE.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\IzudBdS.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\NxCZvrZ.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\ViaGRxG.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\iNDfquo.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\drZagiK.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\ScHEhGp.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\YAjYsuW.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\CzKsdCd.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\DkciIUt.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\daScjIq.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\gPVZSTW.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\MQxPAGA.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\EufJkrc.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\uclOxDh.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\cuQexpZ.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\QoQAJKP.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\JvHCFty.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\PGqxkSo.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\fFWPUCV.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\rJEZQGp.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\DMaMAUn.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\bfkfDWn.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\mDDnEPl.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\LmWQQNk.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\JTrXrew.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\SqPuEVI.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\ibYEwEG.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\LbnZZFP.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\lhHQtuQ.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\iPeSoab.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\JenhKtS.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\YFbDuNN.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\UsoHqFu.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\iTUGXmP.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\yZGkJPh.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\HVObRyd.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\DXehXPl.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\ZIrAQjT.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\ZxBTGWM.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\lzcmNID.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\RRCeVKf.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\csYTgeo.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\MMjDqfN.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\RdXqmyi.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\jWbqvHi.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\MohZTLI.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\ZwmtgJn.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\Qnlltym.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\wtqwILq.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\uRTVMQt.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\lGzEhkY.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\nXthDho.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\CaCoTdo.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\jSsdimo.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\WahedHV.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\enSVoSv.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\YmrEgRk.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\rwLRGyu.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
File created	C:\Windows\System\QRqxYic.exe	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14908	dwm.exe
Token: SeChangeNotifyPrivilege	14908	dwm.exe
Token: 33	14908	dwm.exe
Token: SeIncBasePriorityPrivilege	14908	dwm.exe
Token: SeShutdownPrivilege	14908	dwm.exe
Token: SeCreatePagefilePrivilege	14908	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 4568	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	83
PID 1488 wrote to memory of 4568	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	83
PID 1488 wrote to memory of 4480	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	84
PID 1488 wrote to memory of 4480	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	84
PID 1488 wrote to memory of 1000	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	85
PID 1488 wrote to memory of 1000	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	85
PID 1488 wrote to memory of 1932	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	86
PID 1488 wrote to memory of 1932	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	86
PID 1488 wrote to memory of 5036	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	87
PID 1488 wrote to memory of 5036	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	87
PID 1488 wrote to memory of 1612	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	88
PID 1488 wrote to memory of 1612	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	88
PID 1488 wrote to memory of 4056	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	89
PID 1488 wrote to memory of 4056	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	89
PID 1488 wrote to memory of 1616	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	90
PID 1488 wrote to memory of 1616	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	90
PID 1488 wrote to memory of 856	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	91
PID 1488 wrote to memory of 856	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	91
PID 1488 wrote to memory of 672	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	92
PID 1488 wrote to memory of 672	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	92
PID 1488 wrote to memory of 2756	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	93
PID 1488 wrote to memory of 2756	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	93
PID 1488 wrote to memory of 4428	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	94
PID 1488 wrote to memory of 4428	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	94
PID 1488 wrote to memory of 3660	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	95
PID 1488 wrote to memory of 3660	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	95
PID 1488 wrote to memory of 864	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	96
PID 1488 wrote to memory of 864	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	96
PID 1488 wrote to memory of 2772	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	97
PID 1488 wrote to memory of 2772	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	97
PID 1488 wrote to memory of 364	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	98
PID 1488 wrote to memory of 364	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	98
PID 1488 wrote to memory of 816	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	99
PID 1488 wrote to memory of 816	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	99
PID 1488 wrote to memory of 2520	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	100
PID 1488 wrote to memory of 2520	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	100
PID 1488 wrote to memory of 1944	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	101
PID 1488 wrote to memory of 1944	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	101
PID 1488 wrote to memory of 3212	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	102
PID 1488 wrote to memory of 3212	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	102
PID 1488 wrote to memory of 1340	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	103
PID 1488 wrote to memory of 1340	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	103
PID 1488 wrote to memory of 2124	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	104
PID 1488 wrote to memory of 2124	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	104
PID 1488 wrote to memory of 5116	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	105
PID 1488 wrote to memory of 5116	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	105
PID 1488 wrote to memory of 2004	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	106
PID 1488 wrote to memory of 2004	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	106
PID 1488 wrote to memory of 2692	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	107
PID 1488 wrote to memory of 2692	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	107
PID 1488 wrote to memory of 1664	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	108
PID 1488 wrote to memory of 1664	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	108
PID 1488 wrote to memory of 2100	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	109
PID 1488 wrote to memory of 2100	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	109
PID 1488 wrote to memory of 2540	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	110
PID 1488 wrote to memory of 2540	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	110
PID 1488 wrote to memory of 2888	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	111
PID 1488 wrote to memory of 2888	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	111
PID 1488 wrote to memory of 2476	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	112
PID 1488 wrote to memory of 2476	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	112
PID 1488 wrote to memory of 3256	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	113
PID 1488 wrote to memory of 3256	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	113
PID 1488 wrote to memory of 4260	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	114
PID 1488 wrote to memory of 4260	1488	3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c2e84aeb15be2040a6ffa764813d570_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\System\BYPLfEY.exe
  C:\Windows\System\BYPLfEY.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\cFnTaHU.exe
  C:\Windows\System\cFnTaHU.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\pIZxXhu.exe
  C:\Windows\System\pIZxXhu.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\SIKYyeX.exe
  C:\Windows\System\SIKYyeX.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\xcrGcET.exe
  C:\Windows\System\xcrGcET.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\rEnFsgk.exe
  C:\Windows\System\rEnFsgk.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\sugVmhS.exe
  C:\Windows\System\sugVmhS.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\tpoBHNt.exe
  C:\Windows\System\tpoBHNt.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\RGgyvPN.exe
  C:\Windows\System\RGgyvPN.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\JvzibKq.exe
  C:\Windows\System\JvzibKq.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\JvHCFty.exe
  C:\Windows\System\JvHCFty.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\SaYXYqh.exe
  C:\Windows\System\SaYXYqh.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\StRClUF.exe
  C:\Windows\System\StRClUF.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\wXFZshL.exe
  C:\Windows\System\wXFZshL.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\RXmAxbw.exe
  C:\Windows\System\RXmAxbw.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\EVvOZAk.exe
  C:\Windows\System\EVvOZAk.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\jiZqJtS.exe
  C:\Windows\System\jiZqJtS.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\KyvBBBQ.exe
  C:\Windows\System\KyvBBBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\wpmiCZb.exe
  C:\Windows\System\wpmiCZb.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\RlqLtzj.exe
  C:\Windows\System\RlqLtzj.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\VbvpyBv.exe
  C:\Windows\System\VbvpyBv.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\NQwnkla.exe
  C:\Windows\System\NQwnkla.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\hNkeqvF.exe
  C:\Windows\System\hNkeqvF.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\PRHZunt.exe
  C:\Windows\System\PRHZunt.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\yulUAoH.exe
  C:\Windows\System\yulUAoH.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\vMEjrsQ.exe
  C:\Windows\System\vMEjrsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\NhHYOZK.exe
  C:\Windows\System\NhHYOZK.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\FdMJGVg.exe
  C:\Windows\System\FdMJGVg.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ymfczoC.exe
  C:\Windows\System\ymfczoC.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\eocmwZb.exe
  C:\Windows\System\eocmwZb.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\QPikPLn.exe
  C:\Windows\System\QPikPLn.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\lLdtilX.exe
  C:\Windows\System\lLdtilX.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\RRCeVKf.exe
  C:\Windows\System\RRCeVKf.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\DIgiPIZ.exe
  C:\Windows\System\DIgiPIZ.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\ERvdMFN.exe
  C:\Windows\System\ERvdMFN.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\gPVZSTW.exe
  C:\Windows\System\gPVZSTW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\oZPsGqQ.exe
  C:\Windows\System\oZPsGqQ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\ZhMoNpS.exe
  C:\Windows\System\ZhMoNpS.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\iTUGXmP.exe
  C:\Windows\System\iTUGXmP.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\MOerXHK.exe
  C:\Windows\System\MOerXHK.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\xIJSDKC.exe
  C:\Windows\System\xIJSDKC.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\qbVsRTM.exe
  C:\Windows\System\qbVsRTM.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\ffRxhYp.exe
  C:\Windows\System\ffRxhYp.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\OVVedvI.exe
  C:\Windows\System\OVVedvI.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\FQqKqab.exe
  C:\Windows\System\FQqKqab.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\tYiwJWI.exe
  C:\Windows\System\tYiwJWI.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\HjfYuvI.exe
  C:\Windows\System\HjfYuvI.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\IwCMGSv.exe
  C:\Windows\System\IwCMGSv.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\MGqLGjE.exe
  C:\Windows\System\MGqLGjE.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\FSvMAUv.exe
  C:\Windows\System\FSvMAUv.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\HPIzHoN.exe
  C:\Windows\System\HPIzHoN.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\OVhzqFG.exe
  C:\Windows\System\OVhzqFG.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\FwnLDQA.exe
  C:\Windows\System\FwnLDQA.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\dpLHteD.exe
  C:\Windows\System\dpLHteD.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\jSFtaYL.exe
  C:\Windows\System\jSFtaYL.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\mDDnEPl.exe
  C:\Windows\System\mDDnEPl.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\ZVlcgyj.exe
  C:\Windows\System\ZVlcgyj.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\pPcwPRQ.exe
  C:\Windows\System\pPcwPRQ.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\AMFKlYo.exe
  C:\Windows\System\AMFKlYo.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\sZggyVr.exe
  C:\Windows\System\sZggyVr.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\NBeoPcT.exe
  C:\Windows\System\NBeoPcT.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\fFFwzTR.exe
  C:\Windows\System\fFFwzTR.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\nyFZtrt.exe
  C:\Windows\System\nyFZtrt.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\KaZapkK.exe
  C:\Windows\System\KaZapkK.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\AijJfGh.exe
  C:\Windows\System\AijJfGh.exe
  2⤵
  PID:1752
- C:\Windows\System\ScHEhGp.exe
  C:\Windows\System\ScHEhGp.exe
  2⤵
  PID:3060
- C:\Windows\System\jjfsDOO.exe
  C:\Windows\System\jjfsDOO.exe
  2⤵
  PID:1344
- C:\Windows\System\KPqKvWr.exe
  C:\Windows\System\KPqKvWr.exe
  2⤵
  PID:4432
- C:\Windows\System\LKPzDvy.exe
  C:\Windows\System\LKPzDvy.exe
  2⤵
  PID:4192
- C:\Windows\System\oGbDHAr.exe
  C:\Windows\System\oGbDHAr.exe
  2⤵
  PID:2188
- C:\Windows\System\MTZqMAt.exe
  C:\Windows\System\MTZqMAt.exe
  2⤵
  PID:5020
- C:\Windows\System\tQIlKTg.exe
  C:\Windows\System\tQIlKTg.exe
  2⤵
  PID:4304
- C:\Windows\System\fVZTsUh.exe
  C:\Windows\System\fVZTsUh.exe
  2⤵
  PID:668
- C:\Windows\System\RNdFduR.exe
  C:\Windows\System\RNdFduR.exe
  2⤵
  PID:3116
- C:\Windows\System\ekwdWzi.exe
  C:\Windows\System\ekwdWzi.exe
  2⤵
  PID:1904
- C:\Windows\System\jqPIctJ.exe
  C:\Windows\System\jqPIctJ.exe
  2⤵
  PID:2368
- C:\Windows\System\ylMfRFb.exe
  C:\Windows\System\ylMfRFb.exe
  2⤵
  PID:1720
- C:\Windows\System\vSZQXHL.exe
  C:\Windows\System\vSZQXHL.exe
  2⤵
  PID:2764
- C:\Windows\System\zYzaiDf.exe
  C:\Windows\System\zYzaiDf.exe
  2⤵
  PID:4572
- C:\Windows\System\eRINMwl.exe
  C:\Windows\System\eRINMwl.exe
  2⤵
  PID:4212
- C:\Windows\System\rwLRGyu.exe
  C:\Windows\System\rwLRGyu.exe
  2⤵
  PID:2296
- C:\Windows\System\GFmxuGb.exe
  C:\Windows\System\GFmxuGb.exe
  2⤵
  PID:3576
- C:\Windows\System\NphZCSY.exe
  C:\Windows\System\NphZCSY.exe
  2⤵
  PID:1052
- C:\Windows\System\FPXwqAI.exe
  C:\Windows\System\FPXwqAI.exe
  2⤵
  PID:3840
- C:\Windows\System\jvxIWAI.exe
  C:\Windows\System\jvxIWAI.exe
  2⤵
  PID:3600
- C:\Windows\System\fbCOAYj.exe
  C:\Windows\System\fbCOAYj.exe
  2⤵
  PID:4764
- C:\Windows\System\nXthDho.exe
  C:\Windows\System\nXthDho.exe
  2⤵
  PID:3828
- C:\Windows\System\BnyYHLg.exe
  C:\Windows\System\BnyYHLg.exe
  2⤵
  PID:4328
- C:\Windows\System\SeFmEVL.exe
  C:\Windows\System\SeFmEVL.exe
  2⤵
  PID:2700
- C:\Windows\System\iPeSoab.exe
  C:\Windows\System\iPeSoab.exe
  2⤵
  PID:3284
- C:\Windows\System\BnlsiIu.exe
  C:\Windows\System\BnlsiIu.exe
  2⤵
  PID:4956
- C:\Windows\System\YvXooEs.exe
  C:\Windows\System\YvXooEs.exe
  2⤵
  PID:508
- C:\Windows\System\zlYUZDk.exe
  C:\Windows\System\zlYUZDk.exe
  2⤵
  PID:2360
- C:\Windows\System\DBToCTv.exe
  C:\Windows\System\DBToCTv.exe
  2⤵
  PID:3712
- C:\Windows\System\SYJSzSt.exe
  C:\Windows\System\SYJSzSt.exe
  2⤵
  PID:4464
- C:\Windows\System\nVdNJyH.exe
  C:\Windows\System\nVdNJyH.exe
  2⤵
  PID:2900
- C:\Windows\System\rdZEuMw.exe
  C:\Windows\System\rdZEuMw.exe
  2⤵
  PID:5144
- C:\Windows\System\bvnUIIu.exe
  C:\Windows\System\bvnUIIu.exe
  2⤵
  PID:5168
- C:\Windows\System\TEtkXHJ.exe
  C:\Windows\System\TEtkXHJ.exe
  2⤵
  PID:5184
- C:\Windows\System\oeMngLK.exe
  C:\Windows\System\oeMngLK.exe
  2⤵
  PID:5224
- C:\Windows\System\atogBDu.exe
  C:\Windows\System\atogBDu.exe
  2⤵
  PID:5260
- C:\Windows\System\SmCSNNx.exe
  C:\Windows\System\SmCSNNx.exe
  2⤵
  PID:5284
- C:\Windows\System\QRqxYic.exe
  C:\Windows\System\QRqxYic.exe
  2⤵
  PID:5320
- C:\Windows\System\FyWLViC.exe
  C:\Windows\System\FyWLViC.exe
  2⤵
  PID:5356
- C:\Windows\System\FgIYLJL.exe
  C:\Windows\System\FgIYLJL.exe
  2⤵
  PID:5388
- C:\Windows\System\OLkdAWp.exe
  C:\Windows\System\OLkdAWp.exe
  2⤵
  PID:5424
- C:\Windows\System\kHBqfEb.exe
  C:\Windows\System\kHBqfEb.exe
  2⤵
  PID:5456
- C:\Windows\System\WemEgUy.exe
  C:\Windows\System\WemEgUy.exe
  2⤵
  PID:5496
- C:\Windows\System\HMcrgFi.exe
  C:\Windows\System\HMcrgFi.exe
  2⤵
  PID:5512
- C:\Windows\System\uUPFUSS.exe
  C:\Windows\System\uUPFUSS.exe
  2⤵
  PID:5532
- C:\Windows\System\FDzppCz.exe
  C:\Windows\System\FDzppCz.exe
  2⤵
  PID:5568
- C:\Windows\System\BymFgtX.exe
  C:\Windows\System\BymFgtX.exe
  2⤵
  PID:5604
- C:\Windows\System\IPruZAE.exe
  C:\Windows\System\IPruZAE.exe
  2⤵
  PID:5640
- C:\Windows\System\OAVNPyU.exe
  C:\Windows\System\OAVNPyU.exe
  2⤵
  PID:5672
- C:\Windows\System\CDLHBmH.exe
  C:\Windows\System\CDLHBmH.exe
  2⤵
  PID:5712
- C:\Windows\System\qmswwTT.exe
  C:\Windows\System\qmswwTT.exe
  2⤵
  PID:5744
- C:\Windows\System\PGqxkSo.exe
  C:\Windows\System\PGqxkSo.exe
  2⤵
  PID:5772
- C:\Windows\System\XPYyCdk.exe
  C:\Windows\System\XPYyCdk.exe
  2⤵
  PID:5800
- C:\Windows\System\sdzqSZc.exe
  C:\Windows\System\sdzqSZc.exe
  2⤵
  PID:5820
- C:\Windows\System\NxWnLzQ.exe
  C:\Windows\System\NxWnLzQ.exe
  2⤵
  PID:5844
- C:\Windows\System\LmWQQNk.exe
  C:\Windows\System\LmWQQNk.exe
  2⤵
  PID:5860
- C:\Windows\System\HPkZOmu.exe
  C:\Windows\System\HPkZOmu.exe
  2⤵
  PID:5884
- C:\Windows\System\PsYguun.exe
  C:\Windows\System\PsYguun.exe
  2⤵
  PID:5928
- C:\Windows\System\NlkgImI.exe
  C:\Windows\System\NlkgImI.exe
  2⤵
  PID:5948
- C:\Windows\System\QAbYLop.exe
  C:\Windows\System\QAbYLop.exe
  2⤵
  PID:5976
- C:\Windows\System\qXJaZzr.exe
  C:\Windows\System\qXJaZzr.exe
  2⤵
  PID:6012
- C:\Windows\System\imrDpGc.exe
  C:\Windows\System\imrDpGc.exe
  2⤵
  PID:6044
- C:\Windows\System\HOqBJrR.exe
  C:\Windows\System\HOqBJrR.exe
  2⤵
  PID:6076
- C:\Windows\System\LJAjlkm.exe
  C:\Windows\System\LJAjlkm.exe
  2⤵
  PID:6092
- C:\Windows\System\cAOeFHL.exe
  C:\Windows\System\cAOeFHL.exe
  2⤵
  PID:6120
- C:\Windows\System\YmJvbVz.exe
  C:\Windows\System\YmJvbVz.exe
  2⤵
  PID:4808
- C:\Windows\System\TUMsWfb.exe
  C:\Windows\System\TUMsWfb.exe
  2⤵
  PID:4404
- C:\Windows\System\AhjBLnX.exe
  C:\Windows\System\AhjBLnX.exe
  2⤵
  PID:5220
- C:\Windows\System\JyfMEbd.exe
  C:\Windows\System\JyfMEbd.exe
  2⤵
  PID:5156
- C:\Windows\System\wFTzgOA.exe
  C:\Windows\System\wFTzgOA.exe
  2⤵
  PID:5304
- C:\Windows\System\ELbZmAx.exe
  C:\Windows\System\ELbZmAx.exe
  2⤵
  PID:5416
- C:\Windows\System\ZvguEZo.exe
  C:\Windows\System\ZvguEZo.exe
  2⤵
  PID:5452
- C:\Windows\System\cAWEIwJ.exe
  C:\Windows\System\cAWEIwJ.exe
  2⤵
  PID:5464
- C:\Windows\System\ZquNwqy.exe
  C:\Windows\System\ZquNwqy.exe
  2⤵
  PID:5548
- C:\Windows\System\QZVfnsQ.exe
  C:\Windows\System\QZVfnsQ.exe
  2⤵
  PID:5624
- C:\Windows\System\FBOhhBG.exe
  C:\Windows\System\FBOhhBG.exe
  2⤵
  PID:5696
- C:\Windows\System\GLHqdFn.exe
  C:\Windows\System\GLHqdFn.exe
  2⤵
  PID:5728
- C:\Windows\System\ZXOOfWL.exe
  C:\Windows\System\ZXOOfWL.exe
  2⤵
  PID:5768
- C:\Windows\System\BxucHHc.exe
  C:\Windows\System\BxucHHc.exe
  2⤵
  PID:4984
- C:\Windows\System\bjWUezq.exe
  C:\Windows\System\bjWUezq.exe
  2⤵
  PID:5876
- C:\Windows\System\hLcSLVx.exe
  C:\Windows\System\hLcSLVx.exe
  2⤵
  PID:5900
- C:\Windows\System\JtsGzdC.exe
  C:\Windows\System\JtsGzdC.exe
  2⤵
  PID:6020
- C:\Windows\System\NXJxtqd.exe
  C:\Windows\System\NXJxtqd.exe
  2⤵
  PID:6060
- C:\Windows\System\ZwmtgJn.exe
  C:\Windows\System\ZwmtgJn.exe
  2⤵
  PID:6104
- C:\Windows\System\lYtMrSF.exe
  C:\Windows\System\lYtMrSF.exe
  2⤵
  PID:4188
- C:\Windows\System\KrjvWgP.exe
  C:\Windows\System\KrjvWgP.exe
  2⤵
  PID:5280
- C:\Windows\System\OtoQhZg.exe
  C:\Windows\System\OtoQhZg.exe
  2⤵
  PID:5372
- C:\Windows\System\LFQcPmK.exe
  C:\Windows\System\LFQcPmK.exe
  2⤵
  PID:5552
- C:\Windows\System\wJzyzag.exe
  C:\Windows\System\wJzyzag.exe
  2⤵
  PID:5660
- C:\Windows\System\DYOYHiz.exe
  C:\Windows\System\DYOYHiz.exe
  2⤵
  PID:5828
- C:\Windows\System\AvwtCfk.exe
  C:\Windows\System\AvwtCfk.exe
  2⤵
  PID:5944
- C:\Windows\System\YoRNvsf.exe
  C:\Windows\System\YoRNvsf.exe
  2⤵
  PID:6072
- C:\Windows\System\UzwYvdj.exe
  C:\Windows\System\UzwYvdj.exe
  2⤵
  PID:4488
- C:\Windows\System\hbacFws.exe
  C:\Windows\System\hbacFws.exe
  2⤵
  PID:5632
- C:\Windows\System\DbUPBoI.exe
  C:\Windows\System\DbUPBoI.exe
  2⤵
  PID:5912
- C:\Windows\System\PscRtmF.exe
  C:\Windows\System\PscRtmF.exe
  2⤵
  PID:6084
- C:\Windows\System\BvCmuDl.exe
  C:\Windows\System\BvCmuDl.exe
  2⤵
  PID:5648
- C:\Windows\System\BvGEpAj.exe
  C:\Windows\System\BvGEpAj.exe
  2⤵
  PID:6040
- C:\Windows\System\xillREy.exe
  C:\Windows\System\xillREy.exe
  2⤵
  PID:6172
- C:\Windows\System\yZGkJPh.exe
  C:\Windows\System\yZGkJPh.exe
  2⤵
  PID:6200
- C:\Windows\System\UqefQgU.exe
  C:\Windows\System\UqefQgU.exe
  2⤵
  PID:6220
- C:\Windows\System\DFNMwbJ.exe
  C:\Windows\System\DFNMwbJ.exe
  2⤵
  PID:6260
- C:\Windows\System\BRNwTkc.exe
  C:\Windows\System\BRNwTkc.exe
  2⤵
  PID:6280
- C:\Windows\System\yOTJuNI.exe
  C:\Windows\System\yOTJuNI.exe
  2⤵
  PID:6300
- C:\Windows\System\McUTzXY.exe
  C:\Windows\System\McUTzXY.exe
  2⤵
  PID:6324
- C:\Windows\System\vbYVJrH.exe
  C:\Windows\System\vbYVJrH.exe
  2⤵
  PID:6348
- C:\Windows\System\KKsFCOQ.exe
  C:\Windows\System\KKsFCOQ.exe
  2⤵
  PID:6380
- C:\Windows\System\PAaCjtS.exe
  C:\Windows\System\PAaCjtS.exe
  2⤵
  PID:6404
- C:\Windows\System\EGFJFib.exe
  C:\Windows\System\EGFJFib.exe
  2⤵
  PID:6432
- C:\Windows\System\HkYlXSG.exe
  C:\Windows\System\HkYlXSG.exe
  2⤵
  PID:6464
- C:\Windows\System\MQxPAGA.exe
  C:\Windows\System\MQxPAGA.exe
  2⤵
  PID:6500
- C:\Windows\System\dqNTidD.exe
  C:\Windows\System\dqNTidD.exe
  2⤵
  PID:6540
- C:\Windows\System\XXjXDGe.exe
  C:\Windows\System\XXjXDGe.exe
  2⤵
  PID:6560
- C:\Windows\System\sfVZgiq.exe
  C:\Windows\System\sfVZgiq.exe
  2⤵
  PID:6596
- C:\Windows\System\aBNkQdr.exe
  C:\Windows\System\aBNkQdr.exe
  2⤵
  PID:6616
- C:\Windows\System\YIBYduR.exe
  C:\Windows\System\YIBYduR.exe
  2⤵
  PID:6648
- C:\Windows\System\daScjIq.exe
  C:\Windows\System\daScjIq.exe
  2⤵
  PID:6668
- C:\Windows\System\leZOlGp.exe
  C:\Windows\System\leZOlGp.exe
  2⤵
  PID:6696
- C:\Windows\System\nMxfoaV.exe
  C:\Windows\System\nMxfoaV.exe
  2⤵
  PID:6716
- C:\Windows\System\WqirVAt.exe
  C:\Windows\System\WqirVAt.exe
  2⤵
  PID:6748
- C:\Windows\System\YAjYsuW.exe
  C:\Windows\System\YAjYsuW.exe
  2⤵
  PID:6772
- C:\Windows\System\JUAvLPr.exe
  C:\Windows\System\JUAvLPr.exe
  2⤵
  PID:6812
- C:\Windows\System\bWqfNvW.exe
  C:\Windows\System\bWqfNvW.exe
  2⤵
  PID:6844
- C:\Windows\System\SbIaTTl.exe
  C:\Windows\System\SbIaTTl.exe
  2⤵
  PID:6860
- C:\Windows\System\uDfYUng.exe
  C:\Windows\System\uDfYUng.exe
  2⤵
  PID:6892
- C:\Windows\System\RcTsERl.exe
  C:\Windows\System\RcTsERl.exe
  2⤵
  PID:6916
- C:\Windows\System\HuTSSVR.exe
  C:\Windows\System\HuTSSVR.exe
  2⤵
  PID:6952
- C:\Windows\System\DWGjGKS.exe
  C:\Windows\System\DWGjGKS.exe
  2⤵
  PID:6976
- C:\Windows\System\Qnlltym.exe
  C:\Windows\System\Qnlltym.exe
  2⤵
  PID:6992
- C:\Windows\System\fFWPUCV.exe
  C:\Windows\System\fFWPUCV.exe
  2⤵
  PID:7032
- C:\Windows\System\MjLhhjv.exe
  C:\Windows\System\MjLhhjv.exe
  2⤵
  PID:7068
- C:\Windows\System\DbedgaN.exe
  C:\Windows\System\DbedgaN.exe
  2⤵
  PID:7100
- C:\Windows\System\OVSVcLI.exe
  C:\Windows\System\OVSVcLI.exe
  2⤵
  PID:7116
- C:\Windows\System\WqrToZX.exe
  C:\Windows\System\WqrToZX.exe
  2⤵
  PID:7148
- C:\Windows\System\JTrXrew.exe
  C:\Windows\System\JTrXrew.exe
  2⤵
  PID:6184
- C:\Windows\System\kOhVWLb.exe
  C:\Windows\System\kOhVWLb.exe
  2⤵
  PID:6232
- C:\Windows\System\CvfRMMP.exe
  C:\Windows\System\CvfRMMP.exe
  2⤵
  PID:6268
- C:\Windows\System\MMjDqfN.exe
  C:\Windows\System\MMjDqfN.exe
  2⤵
  PID:6360
- C:\Windows\System\qGwCIkc.exe
  C:\Windows\System\qGwCIkc.exe
  2⤵
  PID:6420
- C:\Windows\System\KVoRyTv.exe
  C:\Windows\System\KVoRyTv.exe
  2⤵
  PID:6484
- C:\Windows\System\nOeACrW.exe
  C:\Windows\System\nOeACrW.exe
  2⤵
  PID:6568
- C:\Windows\System\njuCFyR.exe
  C:\Windows\System\njuCFyR.exe
  2⤵
  PID:6624
- C:\Windows\System\QKXFfnc.exe
  C:\Windows\System\QKXFfnc.exe
  2⤵
  PID:6664
- C:\Windows\System\sVjtoUB.exe
  C:\Windows\System\sVjtoUB.exe
  2⤵
  PID:6744
- C:\Windows\System\rimAChA.exe
  C:\Windows\System\rimAChA.exe
  2⤵
  PID:6800
- C:\Windows\System\oBicUBG.exe
  C:\Windows\System\oBicUBG.exe
  2⤵
  PID:6876
- C:\Windows\System\NtBxrzK.exe
  C:\Windows\System\NtBxrzK.exe
  2⤵
  PID:6936
- C:\Windows\System\pcnuBNb.exe
  C:\Windows\System\pcnuBNb.exe
  2⤵
  PID:7024
- C:\Windows\System\IzudBdS.exe
  C:\Windows\System\IzudBdS.exe
  2⤵
  PID:7084
- C:\Windows\System\BSORMSK.exe
  C:\Windows\System\BSORMSK.exe
  2⤵
  PID:7160
- C:\Windows\System\JoDBvwu.exe
  C:\Windows\System\JoDBvwu.exe
  2⤵
  PID:6276
- C:\Windows\System\suEkEsR.exe
  C:\Windows\System\suEkEsR.exe
  2⤵
  PID:6344
- C:\Windows\System\UsoHqFu.exe
  C:\Windows\System\UsoHqFu.exe
  2⤵
  PID:6456
- C:\Windows\System\AOrqNaq.exe
  C:\Windows\System\AOrqNaq.exe
  2⤵
  PID:6680
- C:\Windows\System\whaBmvX.exe
  C:\Windows\System\whaBmvX.exe
  2⤵
  PID:6808
- C:\Windows\System\vvaMmIz.exe
  C:\Windows\System\vvaMmIz.exe
  2⤵
  PID:6944
- C:\Windows\System\jETfafO.exe
  C:\Windows\System\jETfafO.exe
  2⤵
  PID:7112
- C:\Windows\System\FkRhlnN.exe
  C:\Windows\System\FkRhlnN.exe
  2⤵
  PID:6316
- C:\Windows\System\KBnOSlf.exe
  C:\Windows\System\KBnOSlf.exe
  2⤵
  PID:6640
- C:\Windows\System\LUuNnIq.exe
  C:\Windows\System\LUuNnIq.exe
  2⤵
  PID:6240
- C:\Windows\System\DiBKonW.exe
  C:\Windows\System\DiBKonW.exe
  2⤵
  PID:7044
- C:\Windows\System\VykRdWq.exe
  C:\Windows\System\VykRdWq.exe
  2⤵
  PID:7180
- C:\Windows\System\rsfGhJd.exe
  C:\Windows\System\rsfGhJd.exe
  2⤵
  PID:7208
- C:\Windows\System\xOzmyJu.exe
  C:\Windows\System\xOzmyJu.exe
  2⤵
  PID:7236
- C:\Windows\System\SjTjBce.exe
  C:\Windows\System\SjTjBce.exe
  2⤵
  PID:7252
- C:\Windows\System\TyutLAp.exe
  C:\Windows\System\TyutLAp.exe
  2⤵
  PID:7268
- C:\Windows\System\sMIGefz.exe
  C:\Windows\System\sMIGefz.exe
  2⤵
  PID:7304
- C:\Windows\System\ImdREUN.exe
  C:\Windows\System\ImdREUN.exe
  2⤵
  PID:7336
- C:\Windows\System\FVGaQmh.exe
  C:\Windows\System\FVGaQmh.exe
  2⤵
  PID:7372
- C:\Windows\System\EufJkrc.exe
  C:\Windows\System\EufJkrc.exe
  2⤵
  PID:7388
- C:\Windows\System\qQcVTXR.exe
  C:\Windows\System\qQcVTXR.exe
  2⤵
  PID:7420
- C:\Windows\System\iwfaOss.exe
  C:\Windows\System\iwfaOss.exe
  2⤵
  PID:7436
- C:\Windows\System\CzKsdCd.exe
  C:\Windows\System\CzKsdCd.exe
  2⤵
  PID:7476
- C:\Windows\System\OAzRTKZ.exe
  C:\Windows\System\OAzRTKZ.exe
  2⤵
  PID:7508
- C:\Windows\System\SqPuEVI.exe
  C:\Windows\System\SqPuEVI.exe
  2⤵
  PID:7540
- C:\Windows\System\yyRUyyX.exe
  C:\Windows\System\yyRUyyX.exe
  2⤵
  PID:7564
- C:\Windows\System\mRwKAYC.exe
  C:\Windows\System\mRwKAYC.exe
  2⤵
  PID:7596
- C:\Windows\System\AzbfXQL.exe
  C:\Windows\System\AzbfXQL.exe
  2⤵
  PID:7616
- C:\Windows\System\jKsLImo.exe
  C:\Windows\System\jKsLImo.exe
  2⤵
  PID:7632
- C:\Windows\System\PrUErRl.exe
  C:\Windows\System\PrUErRl.exe
  2⤵
  PID:7672
- C:\Windows\System\kkNctPH.exe
  C:\Windows\System\kkNctPH.exe
  2⤵
  PID:7700
- C:\Windows\System\reyxGWd.exe
  C:\Windows\System\reyxGWd.exe
  2⤵
  PID:7732
- C:\Windows\System\PqbJMrM.exe
  C:\Windows\System\PqbJMrM.exe
  2⤵
  PID:7760
- C:\Windows\System\hselOcp.exe
  C:\Windows\System\hselOcp.exe
  2⤵
  PID:7784
- C:\Windows\System\HpKXEDj.exe
  C:\Windows\System\HpKXEDj.exe
  2⤵
  PID:7812
- C:\Windows\System\xguMRih.exe
  C:\Windows\System\xguMRih.exe
  2⤵
  PID:7828
- C:\Windows\System\yZlhMlP.exe
  C:\Windows\System\yZlhMlP.exe
  2⤵
  PID:7852
- C:\Windows\System\bXgRFLm.exe
  C:\Windows\System\bXgRFLm.exe
  2⤵
  PID:7876
- C:\Windows\System\KFDlHTd.exe
  C:\Windows\System\KFDlHTd.exe
  2⤵
  PID:7912
- C:\Windows\System\NQoFOAv.exe
  C:\Windows\System\NQoFOAv.exe
  2⤵
  PID:7948
- C:\Windows\System\FKUTDxO.exe
  C:\Windows\System\FKUTDxO.exe
  2⤵
  PID:7984
- C:\Windows\System\LtTvWUb.exe
  C:\Windows\System\LtTvWUb.exe
  2⤵
  PID:8008
- C:\Windows\System\uHnldsj.exe
  C:\Windows\System\uHnldsj.exe
  2⤵
  PID:8036
- C:\Windows\System\FQbteyt.exe
  C:\Windows\System\FQbteyt.exe
  2⤵
  PID:8064
- C:\Windows\System\GJwWtcu.exe
  C:\Windows\System\GJwWtcu.exe
  2⤵
  PID:8104
- C:\Windows\System\dmgpNzs.exe
  C:\Windows\System\dmgpNzs.exe
  2⤵
  PID:8124
- C:\Windows\System\NxCZvrZ.exe
  C:\Windows\System\NxCZvrZ.exe
  2⤵
  PID:8152
- C:\Windows\System\fFlSVAt.exe
  C:\Windows\System\fFlSVAt.exe
  2⤵
  PID:8176
- C:\Windows\System\xyWOMHo.exe
  C:\Windows\System\xyWOMHo.exe
  2⤵
  PID:7192
- C:\Windows\System\oHbDvMF.exe
  C:\Windows\System\oHbDvMF.exe
  2⤵
  PID:7248
- C:\Windows\System\muImtZL.exe
  C:\Windows\System\muImtZL.exe
  2⤵
  PID:7324
- C:\Windows\System\QeEFxvZ.exe
  C:\Windows\System\QeEFxvZ.exe
  2⤵
  PID:7408
- C:\Windows\System\hFcUAbH.exe
  C:\Windows\System\hFcUAbH.exe
  2⤵
  PID:7428
- C:\Windows\System\GJFNrTi.exe
  C:\Windows\System\GJFNrTi.exe
  2⤵
  PID:7532
- C:\Windows\System\jgvRZJB.exe
  C:\Windows\System\jgvRZJB.exe
  2⤵
  PID:7592
- C:\Windows\System\SOkZDSM.exe
  C:\Windows\System\SOkZDSM.exe
  2⤵
  PID:7652
- C:\Windows\System\RiHnTye.exe
  C:\Windows\System\RiHnTye.exe
  2⤵
  PID:7748
- C:\Windows\System\SxClGdE.exe
  C:\Windows\System\SxClGdE.exe
  2⤵
  PID:7796
- C:\Windows\System\nJHwlow.exe
  C:\Windows\System\nJHwlow.exe
  2⤵
  PID:7844
- C:\Windows\System\eVcHGsQ.exe
  C:\Windows\System\eVcHGsQ.exe
  2⤵
  PID:7892
- C:\Windows\System\Wdigbxm.exe
  C:\Windows\System\Wdigbxm.exe
  2⤵
  PID:7992
- C:\Windows\System\rJEZQGp.exe
  C:\Windows\System\rJEZQGp.exe
  2⤵
  PID:8056
- C:\Windows\System\DAMKRMD.exe
  C:\Windows\System\DAMKRMD.exe
  2⤵
  PID:8120
- C:\Windows\System\FustdZI.exe
  C:\Windows\System\FustdZI.exe
  2⤵
  PID:8168
- C:\Windows\System\eSsjviB.exe
  C:\Windows\System\eSsjviB.exe
  2⤵
  PID:7280
- C:\Windows\System\SRFMLNv.exe
  C:\Windows\System\SRFMLNv.exe
  2⤵
  PID:7356
- C:\Windows\System\XzAhepu.exe
  C:\Windows\System\XzAhepu.exe
  2⤵
  PID:7552
- C:\Windows\System\IUAFbEv.exe
  C:\Windows\System\IUAFbEv.exe
  2⤵
  PID:7628
- C:\Windows\System\JOChlWS.exe
  C:\Windows\System\JOChlWS.exe
  2⤵
  PID:7824
- C:\Windows\System\pqWXyFd.exe
  C:\Windows\System\pqWXyFd.exe
  2⤵
  PID:8024
- C:\Windows\System\lLDGoBZ.exe
  C:\Windows\System\lLDGoBZ.exe
  2⤵
  PID:7220
- C:\Windows\System\dYxosuH.exe
  C:\Windows\System\dYxosuH.exe
  2⤵
  PID:7468
- C:\Windows\System\QkxukYr.exe
  C:\Windows\System\QkxukYr.exe
  2⤵
  PID:7604
- C:\Windows\System\guNYwWq.exe
  C:\Windows\System\guNYwWq.exe
  2⤵
  PID:7972
- C:\Windows\System\fufnzxk.exe
  C:\Windows\System\fufnzxk.exe
  2⤵
  PID:7768
- C:\Windows\System\YlsDpuP.exe
  C:\Windows\System\YlsDpuP.exe
  2⤵
  PID:8200
- C:\Windows\System\ttXNHpc.exe
  C:\Windows\System\ttXNHpc.exe
  2⤵
  PID:8236
- C:\Windows\System\yzTdItU.exe
  C:\Windows\System\yzTdItU.exe
  2⤵
  PID:8252
- C:\Windows\System\oDaehMn.exe
  C:\Windows\System\oDaehMn.exe
  2⤵
  PID:8284
- C:\Windows\System\naFFgZt.exe
  C:\Windows\System\naFFgZt.exe
  2⤵
  PID:8308
- C:\Windows\System\NwjSBJA.exe
  C:\Windows\System\NwjSBJA.exe
  2⤵
  PID:8340
- C:\Windows\System\WpAFMjV.exe
  C:\Windows\System\WpAFMjV.exe
  2⤵
  PID:8364
- C:\Windows\System\gCFmgLQ.exe
  C:\Windows\System\gCFmgLQ.exe
  2⤵
  PID:8392
- C:\Windows\System\MClGnun.exe
  C:\Windows\System\MClGnun.exe
  2⤵
  PID:8424
- C:\Windows\System\joNFqBB.exe
  C:\Windows\System\joNFqBB.exe
  2⤵
  PID:8456
- C:\Windows\System\rRFDaJr.exe
  C:\Windows\System\rRFDaJr.exe
  2⤵
  PID:8476
- C:\Windows\System\JhvDLKF.exe
  C:\Windows\System\JhvDLKF.exe
  2⤵
  PID:8504
- C:\Windows\System\dKQjSub.exe
  C:\Windows\System\dKQjSub.exe
  2⤵
  PID:8532
- C:\Windows\System\OBKSNfA.exe
  C:\Windows\System\OBKSNfA.exe
  2⤵
  PID:8556
- C:\Windows\System\wtqwILq.exe
  C:\Windows\System\wtqwILq.exe
  2⤵
  PID:8584
- C:\Windows\System\zcyWpMr.exe
  C:\Windows\System\zcyWpMr.exe
  2⤵
  PID:8616
- C:\Windows\System\avZqUEZ.exe
  C:\Windows\System\avZqUEZ.exe
  2⤵
  PID:8632
- C:\Windows\System\wpcaKwQ.exe
  C:\Windows\System\wpcaKwQ.exe
  2⤵
  PID:8648
- C:\Windows\System\JenhKtS.exe
  C:\Windows\System\JenhKtS.exe
  2⤵
  PID:8680
- C:\Windows\System\UwOQnur.exe
  C:\Windows\System\UwOQnur.exe
  2⤵
  PID:8720
- C:\Windows\System\JnUbunZ.exe
  C:\Windows\System\JnUbunZ.exe
  2⤵
  PID:8752
- C:\Windows\System\CZMnGWh.exe
  C:\Windows\System\CZMnGWh.exe
  2⤵
  PID:8784
- C:\Windows\System\uclOxDh.exe
  C:\Windows\System\uclOxDh.exe
  2⤵
  PID:8804
- C:\Windows\System\eisfgDa.exe
  C:\Windows\System\eisfgDa.exe
  2⤵
  PID:8840
- C:\Windows\System\MohZTLI.exe
  C:\Windows\System\MohZTLI.exe
  2⤵
  PID:8872
- C:\Windows\System\tTmOyrj.exe
  C:\Windows\System\tTmOyrj.exe
  2⤵
  PID:8900
- C:\Windows\System\CeIRDeZ.exe
  C:\Windows\System\CeIRDeZ.exe
  2⤵
  PID:8936
- C:\Windows\System\nFEhIQC.exe
  C:\Windows\System\nFEhIQC.exe
  2⤵
  PID:8964
- C:\Windows\System\ibHkbjU.exe
  C:\Windows\System\ibHkbjU.exe
  2⤵
  PID:8992
- C:\Windows\System\CewyZrK.exe
  C:\Windows\System\CewyZrK.exe
  2⤵
  PID:9012
- C:\Windows\System\QvBKMyu.exe
  C:\Windows\System\QvBKMyu.exe
  2⤵
  PID:9040
- C:\Windows\System\MTRTDXy.exe
  C:\Windows\System\MTRTDXy.exe
  2⤵
  PID:9064
- C:\Windows\System\NocUQvf.exe
  C:\Windows\System\NocUQvf.exe
  2⤵
  PID:9092
- C:\Windows\System\JQDVBph.exe
  C:\Windows\System\JQDVBph.exe
  2⤵
  PID:9128
- C:\Windows\System\mgTLjuS.exe
  C:\Windows\System\mgTLjuS.exe
  2⤵
  PID:9160
- C:\Windows\System\sIHzkrr.exe
  C:\Windows\System\sIHzkrr.exe
  2⤵
  PID:9184
- C:\Windows\System\iGVIeez.exe
  C:\Windows\System\iGVIeez.exe
  2⤵
  PID:9212
- C:\Windows\System\cuQexpZ.exe
  C:\Windows\System\cuQexpZ.exe
  2⤵
  PID:8220
- C:\Windows\System\ALrkzKj.exe
  C:\Windows\System\ALrkzKj.exe
  2⤵
  PID:8272
- C:\Windows\System\dRoxieU.exe
  C:\Windows\System\dRoxieU.exe
  2⤵
  PID:8348
- C:\Windows\System\ggQxVUj.exe
  C:\Windows\System\ggQxVUj.exe
  2⤵
  PID:8412
- C:\Windows\System\NeaFzHZ.exe
  C:\Windows\System\NeaFzHZ.exe
  2⤵
  PID:8488
- C:\Windows\System\ViaGRxG.exe
  C:\Windows\System\ViaGRxG.exe
  2⤵
  PID:8564
- C:\Windows\System\wcSdfDA.exe
  C:\Windows\System\wcSdfDA.exe
  2⤵
  PID:8596
- C:\Windows\System\WrbLbyK.exe
  C:\Windows\System\WrbLbyK.exe
  2⤵
  PID:8676
- C:\Windows\System\tqPxQWy.exe
  C:\Windows\System\tqPxQWy.exe
  2⤵
  PID:8744
- C:\Windows\System\svyVlqb.exe
  C:\Windows\System\svyVlqb.exe
  2⤵
  PID:8824
- C:\Windows\System\irchMlD.exe
  C:\Windows\System\irchMlD.exe
  2⤵
  PID:8856
- C:\Windows\System\aySzUlj.exe
  C:\Windows\System\aySzUlj.exe
  2⤵
  PID:8912
- C:\Windows\System\AXtCbzF.exe
  C:\Windows\System\AXtCbzF.exe
  2⤵
  PID:9000
- C:\Windows\System\lSwJDSJ.exe
  C:\Windows\System\lSwJDSJ.exe
  2⤵
  PID:9136
- C:\Windows\System\jPMhQPT.exe
  C:\Windows\System\jPMhQPT.exe
  2⤵
  PID:9204
- C:\Windows\System\uRTVMQt.exe
  C:\Windows\System\uRTVMQt.exe
  2⤵
  PID:8300
- C:\Windows\System\XleGunq.exe
  C:\Windows\System\XleGunq.exe
  2⤵
  PID:8464
- C:\Windows\System\oeZfaDp.exe
  C:\Windows\System\oeZfaDp.exe
  2⤵
  PID:8576
- C:\Windows\System\QmkISgY.exe
  C:\Windows\System\QmkISgY.exe
  2⤵
  PID:8668
- C:\Windows\System\iKoNKUF.exe
  C:\Windows\System\iKoNKUF.exe
  2⤵
  PID:8852
- C:\Windows\System\fBQoGGY.exe
  C:\Windows\System\fBQoGGY.exe
  2⤵
  PID:8984
- C:\Windows\System\VKasqtJ.exe
  C:\Windows\System\VKasqtJ.exe
  2⤵
  PID:9144
- C:\Windows\System\Bddcczw.exe
  C:\Windows\System\Bddcczw.exe
  2⤵
  PID:8248
- C:\Windows\System\iNDfquo.exe
  C:\Windows\System\iNDfquo.exe
  2⤵
  PID:8696
- C:\Windows\System\MyQfqFt.exe
  C:\Windows\System\MyQfqFt.exe
  2⤵
  PID:8920
- C:\Windows\System\FHSvUcx.exe
  C:\Windows\System\FHSvUcx.exe
  2⤵
  PID:9236
- C:\Windows\System\heBpbaj.exe
  C:\Windows\System\heBpbaj.exe
  2⤵
  PID:9276
- C:\Windows\System\OEJrVhe.exe
  C:\Windows\System\OEJrVhe.exe
  2⤵
  PID:9316
- C:\Windows\System\cjhYomH.exe
  C:\Windows\System\cjhYomH.exe
  2⤵
  PID:9336
- C:\Windows\System\WvDxufV.exe
  C:\Windows\System\WvDxufV.exe
  2⤵
  PID:9372
- C:\Windows\System\zAKwfEd.exe
  C:\Windows\System\zAKwfEd.exe
  2⤵
  PID:9404
- C:\Windows\System\kQVhUFB.exe
  C:\Windows\System\kQVhUFB.exe
  2⤵
  PID:9432
- C:\Windows\System\Jwxedoj.exe
  C:\Windows\System\Jwxedoj.exe
  2⤵
  PID:9464
- C:\Windows\System\QlBPrHp.exe
  C:\Windows\System\QlBPrHp.exe
  2⤵
  PID:9496
- C:\Windows\System\mzrDiiE.exe
  C:\Windows\System\mzrDiiE.exe
  2⤵
  PID:9524
- C:\Windows\System\vDfQrKc.exe
  C:\Windows\System\vDfQrKc.exe
  2⤵
  PID:9552
- C:\Windows\System\ZakfcOa.exe
  C:\Windows\System\ZakfcOa.exe
  2⤵
  PID:9576
- C:\Windows\System\rRiFGAY.exe
  C:\Windows\System\rRiFGAY.exe
  2⤵
  PID:9608
- C:\Windows\System\xCvssvW.exe
  C:\Windows\System\xCvssvW.exe
  2⤵
  PID:9644
- C:\Windows\System\leaRfGJ.exe
  C:\Windows\System\leaRfGJ.exe
  2⤵
  PID:9668
- C:\Windows\System\BXIYGbv.exe
  C:\Windows\System\BXIYGbv.exe
  2⤵
  PID:9696
- C:\Windows\System\OTtUZxI.exe
  C:\Windows\System\OTtUZxI.exe
  2⤵
  PID:9732
- C:\Windows\System\LLaHyqS.exe
  C:\Windows\System\LLaHyqS.exe
  2⤵
  PID:9760
- C:\Windows\System\UEmbgiV.exe
  C:\Windows\System\UEmbgiV.exe
  2⤵
  PID:9788
- C:\Windows\System\qOyIieP.exe
  C:\Windows\System\qOyIieP.exe
  2⤵
  PID:9812
- C:\Windows\System\OAtIVgs.exe
  C:\Windows\System\OAtIVgs.exe
  2⤵
  PID:9836
- C:\Windows\System\djxgfZj.exe
  C:\Windows\System\djxgfZj.exe
  2⤵
  PID:9860
- C:\Windows\System\IvoQkMB.exe
  C:\Windows\System\IvoQkMB.exe
  2⤵
  PID:9888
- C:\Windows\System\sQhfUze.exe
  C:\Windows\System\sQhfUze.exe
  2⤵
  PID:9908
- C:\Windows\System\matqinF.exe
  C:\Windows\System\matqinF.exe
  2⤵
  PID:9932
- C:\Windows\System\yfSRAET.exe
  C:\Windows\System\yfSRAET.exe
  2⤵
  PID:9972
- C:\Windows\System\lcHYqmd.exe
  C:\Windows\System\lcHYqmd.exe
  2⤵
  PID:10000
- C:\Windows\System\JfUevsc.exe
  C:\Windows\System\JfUevsc.exe
  2⤵
  PID:10024
- C:\Windows\System\zSsHBSR.exe
  C:\Windows\System\zSsHBSR.exe
  2⤵
  PID:10056
- C:\Windows\System\prDhkAf.exe
  C:\Windows\System\prDhkAf.exe
  2⤵
  PID:10088
- C:\Windows\System\brMaCqB.exe
  C:\Windows\System\brMaCqB.exe
  2⤵
  PID:10112
- C:\Windows\System\ifABPfe.exe
  C:\Windows\System\ifABPfe.exe
  2⤵
  PID:10140
- C:\Windows\System\ibYEwEG.exe
  C:\Windows\System\ibYEwEG.exe
  2⤵
  PID:10180
- C:\Windows\System\LbnZZFP.exe
  C:\Windows\System\LbnZZFP.exe
  2⤵
  PID:10196
- C:\Windows\System\ofIQLff.exe
  C:\Windows\System\ofIQLff.exe
  2⤵
  PID:10220
- C:\Windows\System\QOUrLyb.exe
  C:\Windows\System\QOUrLyb.exe
  2⤵
  PID:8832
- C:\Windows\System\pvRdpfF.exe
  C:\Windows\System\pvRdpfF.exe
  2⤵
  PID:9264
- C:\Windows\System\DYahsvg.exe
  C:\Windows\System\DYahsvg.exe
  2⤵
  PID:9384
- C:\Windows\System\JdOZldI.exe
  C:\Windows\System\JdOZldI.exe
  2⤵
  PID:9360
- C:\Windows\System\hCSDMmN.exe
  C:\Windows\System\hCSDMmN.exe
  2⤵
  PID:9492
- C:\Windows\System\lxQslHV.exe
  C:\Windows\System\lxQslHV.exe
  2⤵
  PID:9540
- C:\Windows\System\OwUhMgL.exe
  C:\Windows\System\OwUhMgL.exe
  2⤵
  PID:9604
- C:\Windows\System\qeARdUK.exe
  C:\Windows\System\qeARdUK.exe
  2⤵
  PID:9636
- C:\Windows\System\dFONMTT.exe
  C:\Windows\System\dFONMTT.exe
  2⤵
  PID:9692
- C:\Windows\System\SazVoBk.exe
  C:\Windows\System\SazVoBk.exe
  2⤵
  PID:9796
- C:\Windows\System\OliozWq.exe
  C:\Windows\System\OliozWq.exe
  2⤵
  PID:9880
- C:\Windows\System\jiUBSzs.exe
  C:\Windows\System\jiUBSzs.exe
  2⤵
  PID:9916
- C:\Windows\System\XzrNyBP.exe
  C:\Windows\System\XzrNyBP.exe
  2⤵
  PID:9952
- C:\Windows\System\bbIsoLp.exe
  C:\Windows\System\bbIsoLp.exe
  2⤵
  PID:10016
- C:\Windows\System\IupCkZO.exe
  C:\Windows\System\IupCkZO.exe
  2⤵
  PID:10096
- C:\Windows\System\YmrEgRk.exe
  C:\Windows\System\YmrEgRk.exe
  2⤵
  PID:10164
- C:\Windows\System\LbqnUZp.exe
  C:\Windows\System\LbqnUZp.exe
  2⤵
  PID:10216
- C:\Windows\System\VmQCqbX.exe
  C:\Windows\System\VmQCqbX.exe
  2⤵
  PID:9252
- C:\Windows\System\sAugVin.exe
  C:\Windows\System\sAugVin.exe
  2⤵
  PID:9420
- C:\Windows\System\LBjMCTn.exe
  C:\Windows\System\LBjMCTn.exe
  2⤵
  PID:9516
- C:\Windows\System\BYvOnxp.exe
  C:\Windows\System\BYvOnxp.exe
  2⤵
  PID:9588
- C:\Windows\System\zBGEnoK.exe
  C:\Windows\System\zBGEnoK.exe
  2⤵
  PID:9744
- C:\Windows\System\UWEgftr.exe
  C:\Windows\System\UWEgftr.exe
  2⤵
  PID:9920
- C:\Windows\System\jlYmhuZ.exe
  C:\Windows\System\jlYmhuZ.exe
  2⤵
  PID:9116
- C:\Windows\System\RdXqmyi.exe
  C:\Windows\System\RdXqmyi.exe
  2⤵
  PID:9056
- C:\Windows\System\QeqyTyO.exe
  C:\Windows\System\QeqyTyO.exe
  2⤵
  PID:9656
- C:\Windows\System\xQNUfam.exe
  C:\Windows\System\xQNUfam.exe
  2⤵
  PID:9596
- C:\Windows\System\wBSlWVI.exe
  C:\Windows\System\wBSlWVI.exe
  2⤵
  PID:10040
- C:\Windows\System\TJtRJRl.exe
  C:\Windows\System\TJtRJRl.exe
  2⤵
  PID:10256
- C:\Windows\System\PqMsmXw.exe
  C:\Windows\System\PqMsmXw.exe
  2⤵
  PID:10284
- C:\Windows\System\CaCoTdo.exe
  C:\Windows\System\CaCoTdo.exe
  2⤵
  PID:10312
- C:\Windows\System\vIFbLCK.exe
  C:\Windows\System\vIFbLCK.exe
  2⤵
  PID:10348
- C:\Windows\System\gUoKvQJ.exe
  C:\Windows\System\gUoKvQJ.exe
  2⤵
  PID:10384
- C:\Windows\System\gkbHdve.exe
  C:\Windows\System\gkbHdve.exe
  2⤵
  PID:10424
- C:\Windows\System\DkciIUt.exe
  C:\Windows\System\DkciIUt.exe
  2⤵
  PID:10440
- C:\Windows\System\VlvIaDk.exe
  C:\Windows\System\VlvIaDk.exe
  2⤵
  PID:10504
- C:\Windows\System\oQPoFCT.exe
  C:\Windows\System\oQPoFCT.exe
  2⤵
  PID:10520
- C:\Windows\System\bIzJFjo.exe
  C:\Windows\System\bIzJFjo.exe
  2⤵
  PID:10544
- C:\Windows\System\vEYKwfx.exe
  C:\Windows\System\vEYKwfx.exe
  2⤵
  PID:10576
- C:\Windows\System\hHFUnte.exe
  C:\Windows\System\hHFUnte.exe
  2⤵
  PID:10604
- C:\Windows\System\LvNdkgK.exe
  C:\Windows\System\LvNdkgK.exe
  2⤵
  PID:10644
- C:\Windows\System\CyOYHCL.exe
  C:\Windows\System\CyOYHCL.exe
  2⤵
  PID:10672
- C:\Windows\System\VZURYXC.exe
  C:\Windows\System\VZURYXC.exe
  2⤵
  PID:10688
- C:\Windows\System\qAKGXHu.exe
  C:\Windows\System\qAKGXHu.exe
  2⤵
  PID:10724
- C:\Windows\System\PKSaAJf.exe
  C:\Windows\System\PKSaAJf.exe
  2⤵
  PID:10748
- C:\Windows\System\ZauWJie.exe
  C:\Windows\System\ZauWJie.exe
  2⤵
  PID:10764
- C:\Windows\System\WyLCpuD.exe
  C:\Windows\System\WyLCpuD.exe
  2⤵
  PID:10800
- C:\Windows\System\YEDpeKb.exe
  C:\Windows\System\YEDpeKb.exe
  2⤵
  PID:10840
- C:\Windows\System\dBGQpkq.exe
  C:\Windows\System\dBGQpkq.exe
  2⤵
  PID:10864
- C:\Windows\System\tPizFZg.exe
  C:\Windows\System\tPizFZg.exe
  2⤵
  PID:10884
- C:\Windows\System\OPuSCgb.exe
  C:\Windows\System\OPuSCgb.exe
  2⤵
  PID:10904
- C:\Windows\System\gIpplpg.exe
  C:\Windows\System\gIpplpg.exe
  2⤵
  PID:10940
- C:\Windows\System\gmeAfTe.exe
  C:\Windows\System\gmeAfTe.exe
  2⤵
  PID:10960
- C:\Windows\System\sWfZHjx.exe
  C:\Windows\System\sWfZHjx.exe
  2⤵
  PID:10996
- C:\Windows\System\mNrcpUx.exe
  C:\Windows\System\mNrcpUx.exe
  2⤵
  PID:11012
- C:\Windows\System\lwcziwk.exe
  C:\Windows\System\lwcziwk.exe
  2⤵
  PID:11044
- C:\Windows\System\yYwaOuT.exe
  C:\Windows\System\yYwaOuT.exe
  2⤵
  PID:11072
- C:\Windows\System\LVEhhJj.exe
  C:\Windows\System\LVEhhJj.exe
  2⤵
  PID:11108
- C:\Windows\System\IPjjuBf.exe
  C:\Windows\System\IPjjuBf.exe
  2⤵
  PID:11140
- C:\Windows\System\xKaccWx.exe
  C:\Windows\System\xKaccWx.exe
  2⤵
  PID:11164
- C:\Windows\System\kYgWOKN.exe
  C:\Windows\System\kYgWOKN.exe
  2⤵
  PID:11180
- C:\Windows\System\IEhFwPR.exe
  C:\Windows\System\IEhFwPR.exe
  2⤵
  PID:11212
- C:\Windows\System\ifYhbxd.exe
  C:\Windows\System\ifYhbxd.exe
  2⤵
  PID:11240
- C:\Windows\System\yHIRLNo.exe
  C:\Windows\System\yHIRLNo.exe
  2⤵
  PID:9780
- C:\Windows\System\gKCxELp.exe
  C:\Windows\System\gKCxELp.exe
  2⤵
  PID:9356
- C:\Windows\System\fqatgjp.exe
  C:\Windows\System\fqatgjp.exe
  2⤵
  PID:10408
- C:\Windows\System\ULHeCIp.exe
  C:\Windows\System\ULHeCIp.exe
  2⤵
  PID:10436
- C:\Windows\System\tKlhTZh.exe
  C:\Windows\System\tKlhTZh.exe
  2⤵
  PID:10464
- C:\Windows\System\BiIJyRa.exe
  C:\Windows\System\BiIJyRa.exe
  2⤵
  PID:10528
- C:\Windows\System\HUsTKlK.exe
  C:\Windows\System\HUsTKlK.exe
  2⤵
  PID:10600
- C:\Windows\System\SzcCuEb.exe
  C:\Windows\System\SzcCuEb.exe
  2⤵
  PID:10656
- C:\Windows\System\HALviiL.exe
  C:\Windows\System\HALviiL.exe
  2⤵
  PID:10732
- C:\Windows\System\pScAMbN.exe
  C:\Windows\System\pScAMbN.exe
  2⤵
  PID:10788
- C:\Windows\System\GDbpsbE.exe
  C:\Windows\System\GDbpsbE.exe
  2⤵
  PID:10896
- C:\Windows\System\NNgiuow.exe
  C:\Windows\System\NNgiuow.exe
  2⤵
  PID:10924
- C:\Windows\System\EIrpPTp.exe
  C:\Windows\System\EIrpPTp.exe
  2⤵
  PID:11008
- C:\Windows\System\gYzWEea.exe
  C:\Windows\System\gYzWEea.exe
  2⤵
  PID:11040
- C:\Windows\System\yGAKBhv.exe
  C:\Windows\System\yGAKBhv.exe
  2⤵
  PID:11104
- C:\Windows\System\AaZRhug.exe
  C:\Windows\System\AaZRhug.exe
  2⤵
  PID:11152
- C:\Windows\System\WPUGHOO.exe
  C:\Windows\System\WPUGHOO.exe
  2⤵
  PID:11228
- C:\Windows\System\mlRbhXY.exe
  C:\Windows\System\mlRbhXY.exe
  2⤵
  PID:10308
- C:\Windows\System\nPDgivG.exe
  C:\Windows\System\nPDgivG.exe
  2⤵
  PID:10516
- C:\Windows\System\hMBmtub.exe
  C:\Windows\System\hMBmtub.exe
  2⤵
  PID:10704
- C:\Windows\System\NohWqWs.exe
  C:\Windows\System\NohWqWs.exe
  2⤵
  PID:10832
- C:\Windows\System\bDAcMRR.exe
  C:\Windows\System\bDAcMRR.exe
  2⤵
  PID:10984
- C:\Windows\System\jSsdimo.exe
  C:\Windows\System\jSsdimo.exe
  2⤵
  PID:11096
- C:\Windows\System\nZspgHA.exe
  C:\Windows\System\nZspgHA.exe
  2⤵
  PID:11248
- C:\Windows\System\unfwxDu.exe
  C:\Windows\System\unfwxDu.exe
  2⤵
  PID:11196
- C:\Windows\System\csYTgeo.exe
  C:\Windows\System\csYTgeo.exe
  2⤵
  PID:10992
- C:\Windows\System\GRRlRep.exe
  C:\Windows\System\GRRlRep.exe
  2⤵
  PID:11024
- C:\Windows\System\FlisZoU.exe
  C:\Windows\System\FlisZoU.exe
  2⤵
  PID:11296
- C:\Windows\System\izbbBwI.exe
  C:\Windows\System\izbbBwI.exe
  2⤵
  PID:11332
- C:\Windows\System\JfndIuy.exe
  C:\Windows\System\JfndIuy.exe
  2⤵
  PID:11372
- C:\Windows\System\VTcxmhb.exe
  C:\Windows\System\VTcxmhb.exe
  2⤵
  PID:11396
- C:\Windows\System\aWvsUeP.exe
  C:\Windows\System\aWvsUeP.exe
  2⤵
  PID:11420
- C:\Windows\System\FocwoNg.exe
  C:\Windows\System\FocwoNg.exe
  2⤵
  PID:11456
- C:\Windows\System\oPtXVxT.exe
  C:\Windows\System\oPtXVxT.exe
  2⤵
  PID:11484
- C:\Windows\System\lROdMJi.exe
  C:\Windows\System\lROdMJi.exe
  2⤵
  PID:11500
- C:\Windows\System\IqQyIBS.exe
  C:\Windows\System\IqQyIBS.exe
  2⤵
  PID:11520
- C:\Windows\System\DTPVvcL.exe
  C:\Windows\System\DTPVvcL.exe
  2⤵
  PID:11548
- C:\Windows\System\lIJuHuh.exe
  C:\Windows\System\lIJuHuh.exe
  2⤵
  PID:11576
- C:\Windows\System\LxreViX.exe
  C:\Windows\System\LxreViX.exe
  2⤵
  PID:11616
- C:\Windows\System\vqylznd.exe
  C:\Windows\System\vqylznd.exe
  2⤵
  PID:11648
- C:\Windows\System\pHqQtCa.exe
  C:\Windows\System\pHqQtCa.exe
  2⤵
  PID:11676
- C:\Windows\System\jdLWEmN.exe
  C:\Windows\System\jdLWEmN.exe
  2⤵
  PID:11700
- C:\Windows\System\DDWExxr.exe
  C:\Windows\System\DDWExxr.exe
  2⤵
  PID:11740
- C:\Windows\System\uqyQyMK.exe
  C:\Windows\System\uqyQyMK.exe
  2⤵
  PID:11756
- C:\Windows\System\EdrSybr.exe
  C:\Windows\System\EdrSybr.exe
  2⤵
  PID:11784
- C:\Windows\System\rovGGoR.exe
  C:\Windows\System\rovGGoR.exe
  2⤵
  PID:11816
- C:\Windows\System\ZjpXTAI.exe
  C:\Windows\System\ZjpXTAI.exe
  2⤵
  PID:11840
- C:\Windows\System\AtrtowZ.exe
  C:\Windows\System\AtrtowZ.exe
  2⤵
  PID:11868
- C:\Windows\System\eVYgQQe.exe
  C:\Windows\System\eVYgQQe.exe
  2⤵
  PID:11896
- C:\Windows\System\ILTAXXR.exe
  C:\Windows\System\ILTAXXR.exe
  2⤵
  PID:11932
- C:\Windows\System\nvTIqMu.exe
  C:\Windows\System\nvTIqMu.exe
  2⤵
  PID:11952
- C:\Windows\System\HCADDnj.exe
  C:\Windows\System\HCADDnj.exe
  2⤵
  PID:11992
- C:\Windows\System\QoQAJKP.exe
  C:\Windows\System\QoQAJKP.exe
  2⤵
  PID:12012
- C:\Windows\System\HdjCScb.exe
  C:\Windows\System\HdjCScb.exe
  2⤵
  PID:12044
- C:\Windows\System\epSIJqY.exe
  C:\Windows\System\epSIJqY.exe
  2⤵
  PID:12064
- C:\Windows\System\galcTGc.exe
  C:\Windows\System\galcTGc.exe
  2⤵
  PID:12092
- C:\Windows\System\EFqYKnU.exe
  C:\Windows\System\EFqYKnU.exe
  2⤵
  PID:12108
- C:\Windows\System\DMaMAUn.exe
  C:\Windows\System\DMaMAUn.exe
  2⤵
  PID:12140
- C:\Windows\System\etGBcGj.exe
  C:\Windows\System\etGBcGj.exe
  2⤵
  PID:12176
- C:\Windows\System\fatFrFy.exe
  C:\Windows\System\fatFrFy.exe
  2⤵
  PID:12212
- C:\Windows\System\gbmFMBl.exe
  C:\Windows\System\gbmFMBl.exe
  2⤵
  PID:12244
- C:\Windows\System\ZULYmqh.exe
  C:\Windows\System\ZULYmqh.exe
  2⤵
  PID:10416
- C:\Windows\System\bIkZSVE.exe
  C:\Windows\System\bIkZSVE.exe
  2⤵
  PID:11200
- C:\Windows\System\HXZWCvQ.exe
  C:\Windows\System\HXZWCvQ.exe
  2⤵
  PID:11344
- C:\Windows\System\KOTjDJq.exe
  C:\Windows\System\KOTjDJq.exe
  2⤵
  PID:11416
- C:\Windows\System\gwBybwf.exe
  C:\Windows\System\gwBybwf.exe
  2⤵
  PID:11492
- C:\Windows\System\rdTCsYY.exe
  C:\Windows\System\rdTCsYY.exe
  2⤵
  PID:11572
- C:\Windows\System\QYCGfAp.exe
  C:\Windows\System\QYCGfAp.exe
  2⤵
  PID:11656
- C:\Windows\System\ZSpMjMq.exe
  C:\Windows\System\ZSpMjMq.exe
  2⤵
  PID:11696
- C:\Windows\System\AqpICeQ.exe
  C:\Windows\System\AqpICeQ.exe
  2⤵
  PID:11776
- C:\Windows\System\RuMRGjz.exe
  C:\Windows\System\RuMRGjz.exe
  2⤵
  PID:11856
- C:\Windows\System\drbgFLt.exe
  C:\Windows\System\drbgFLt.exe
  2⤵
  PID:11892
- C:\Windows\System\GvOugyi.exe
  C:\Windows\System\GvOugyi.exe
  2⤵
  PID:11940
- C:\Windows\System\jWbqvHi.exe
  C:\Windows\System\jWbqvHi.exe
  2⤵
  PID:11984
- C:\Windows\System\MAvWwEF.exe
  C:\Windows\System\MAvWwEF.exe
  2⤵
  PID:12056
- C:\Windows\System\YXHDgjK.exe
  C:\Windows\System\YXHDgjK.exe
  2⤵
  PID:12152
- C:\Windows\System\mLLxnUC.exe
  C:\Windows\System\mLLxnUC.exe
  2⤵
  PID:12204
- C:\Windows\System\zUGNrZr.exe
  C:\Windows\System\zUGNrZr.exe
  2⤵
  PID:12284
- C:\Windows\System\ympvUHd.exe
  C:\Windows\System\ympvUHd.exe
  2⤵
  PID:11508
- C:\Windows\System\yRtBGVz.exe
  C:\Windows\System\yRtBGVz.exe
  2⤵
  PID:11628
- C:\Windows\System\GXIJEBm.exe
  C:\Windows\System\GXIJEBm.exe
  2⤵
  PID:11796
- C:\Windows\System\lWJnIqS.exe
  C:\Windows\System\lWJnIqS.exe
  2⤵
  PID:12028
- C:\Windows\System\Udybvxu.exe
  C:\Windows\System\Udybvxu.exe
  2⤵
  PID:9804
- C:\Windows\System\ftiHQZS.exe
  C:\Windows\System\ftiHQZS.exe
  2⤵
  PID:11720
- C:\Windows\System\UlpnBqV.exe
  C:\Windows\System\UlpnBqV.exe
  2⤵
  PID:11980
- C:\Windows\System\jWQiGMf.exe
  C:\Windows\System\jWQiGMf.exe
  2⤵
  PID:12304
- C:\Windows\System\YiwJUQQ.exe
  C:\Windows\System\YiwJUQQ.exe
  2⤵
  PID:12332
- C:\Windows\System\QQncnce.exe
  C:\Windows\System\QQncnce.exe
  2⤵
  PID:12364
- C:\Windows\System\YFbDuNN.exe
  C:\Windows\System\YFbDuNN.exe
  2⤵
  PID:12392
- C:\Windows\System\HVObRyd.exe
  C:\Windows\System\HVObRyd.exe
  2⤵
  PID:12428
- C:\Windows\System\OlMRLEa.exe
  C:\Windows\System\OlMRLEa.exe
  2⤵
  PID:12452
- C:\Windows\System\fFljpfl.exe
  C:\Windows\System\fFljpfl.exe
  2⤵
  PID:12488
- C:\Windows\System\NHGLrgY.exe
  C:\Windows\System\NHGLrgY.exe
  2⤵
  PID:12516
- C:\Windows\System\hWwJACl.exe
  C:\Windows\System\hWwJACl.exe
  2⤵
  PID:12556
- C:\Windows\System\BJGRSoC.exe
  C:\Windows\System\BJGRSoC.exe
  2⤵
  PID:12592
- C:\Windows\System\VegdGxA.exe
  C:\Windows\System\VegdGxA.exe
  2⤵
  PID:12624
- C:\Windows\System\bfkfDWn.exe
  C:\Windows\System\bfkfDWn.exe
  2⤵
  PID:12648
- C:\Windows\System\VAHwWax.exe
  C:\Windows\System\VAHwWax.exe
  2⤵
  PID:12684
- C:\Windows\System\pHlhwqv.exe
  C:\Windows\System\pHlhwqv.exe
  2⤵
  PID:12712
- C:\Windows\System\ReNmqtO.exe
  C:\Windows\System\ReNmqtO.exe
  2⤵
  PID:12760
- C:\Windows\System\eLImPBW.exe
  C:\Windows\System\eLImPBW.exe
  2⤵
  PID:12776
- C:\Windows\System\xkyeYow.exe
  C:\Windows\System\xkyeYow.exe
  2⤵
  PID:12808
- C:\Windows\System\ccktguG.exe
  C:\Windows\System\ccktguG.exe
  2⤵
  PID:12844
- C:\Windows\System\JvHGmUO.exe
  C:\Windows\System\JvHGmUO.exe
  2⤵
  PID:12872
- C:\Windows\System\fMXiHlr.exe
  C:\Windows\System\fMXiHlr.exe
  2⤵
  PID:12900
- C:\Windows\System\Wufadsw.exe
  C:\Windows\System\Wufadsw.exe
  2⤵
  PID:12932
- C:\Windows\System\DXehXPl.exe
  C:\Windows\System\DXehXPl.exe
  2⤵
  PID:12968
- C:\Windows\System\zNGzvZx.exe
  C:\Windows\System\zNGzvZx.exe
  2⤵
  PID:12988
- C:\Windows\System\OrCpPIQ.exe
  C:\Windows\System\OrCpPIQ.exe
  2⤵
  PID:13016
- C:\Windows\System\GzwHdCg.exe
  C:\Windows\System\GzwHdCg.exe
  2⤵
  PID:13040
- C:\Windows\System\JbtcEul.exe
  C:\Windows\System\JbtcEul.exe
  2⤵
  PID:13064
- C:\Windows\System\gQaysVp.exe
  C:\Windows\System\gQaysVp.exe
  2⤵
  PID:13100
- C:\Windows\System\YWkzvhr.exe
  C:\Windows\System\YWkzvhr.exe
  2⤵
  PID:13128
- C:\Windows\System\EuSDDZc.exe
  C:\Windows\System\EuSDDZc.exe
  2⤵
  PID:13148
- C:\Windows\System\zqstnhq.exe
  C:\Windows\System\zqstnhq.exe
  2⤵
  PID:13176
- C:\Windows\System\GSLQPvy.exe
  C:\Windows\System\GSLQPvy.exe
  2⤵
  PID:13216
- C:\Windows\System\FilLvQR.exe
  C:\Windows\System\FilLvQR.exe
  2⤵
  PID:13248
- C:\Windows\System\EFLlyoi.exe
  C:\Windows\System\EFLlyoi.exe
  2⤵
  PID:13268
- C:\Windows\System\QpPqXqK.exe
  C:\Windows\System\QpPqXqK.exe
  2⤵
  PID:13300
- C:\Windows\System\kgFlyWO.exe
  C:\Windows\System\kgFlyWO.exe
  2⤵
  PID:12256
- C:\Windows\System\aFeaHVK.exe
  C:\Windows\System\aFeaHVK.exe
  2⤵
  PID:12324
- C:\Windows\System\JCpWoWy.exe
  C:\Windows\System\JCpWoWy.exe
  2⤵
  PID:12360
- C:\Windows\System\kNJRBRZ.exe
  C:\Windows\System\kNJRBRZ.exe
  2⤵
  PID:12384
- C:\Windows\System\qCthTeN.exe
  C:\Windows\System\qCthTeN.exe
  2⤵
  PID:12448
- C:\Windows\System\XKMxjVR.exe
  C:\Windows\System\XKMxjVR.exe
  2⤵
  PID:12504
- C:\Windows\System\dRmjiVH.exe
  C:\Windows\System\dRmjiVH.exe
  2⤵
  PID:12564
- C:\Windows\System\GqQYSke.exe
  C:\Windows\System\GqQYSke.exe
  2⤵
  PID:12640
- C:\Windows\System\PkdzmDu.exe
  C:\Windows\System\PkdzmDu.exe
  2⤵
  PID:12744
- C:\Windows\System\JOyqwzb.exe
  C:\Windows\System\JOyqwzb.exe
  2⤵
  PID:12736
- C:\Windows\System\JYyRpOg.exe
  C:\Windows\System\JYyRpOg.exe
  2⤵
  PID:12792
- C:\Windows\System\nNcoMwr.exe
  C:\Windows\System\nNcoMwr.exe
  2⤵
  PID:12828
- C:\Windows\System\aAeSDYF.exe
  C:\Windows\System\aAeSDYF.exe
  2⤵
  PID:12916
- C:\Windows\System\OjfDKPW.exe
  C:\Windows\System\OjfDKPW.exe
  2⤵
  PID:13004
- C:\Windows\System\VWSJGBo.exe
  C:\Windows\System\VWSJGBo.exe
  2⤵
  PID:13076
- C:\Windows\System\ASHXQRg.exe
  C:\Windows\System\ASHXQRg.exe
  2⤵
  PID:13184
- C:\Windows\System\CbCbJLx.exe
  C:\Windows\System\CbCbJLx.exe
  2⤵
  PID:13212
- C:\Windows\System\AdpiKsi.exe
  C:\Windows\System\AdpiKsi.exe
  2⤵
  PID:13260
- C:\Windows\System\ZIrAQjT.exe
  C:\Windows\System\ZIrAQjT.exe
  2⤵
  PID:12188
- C:\Windows\System\StCTIyU.exe
  C:\Windows\System\StCTIyU.exe
  2⤵
  PID:12316
- C:\Windows\System\QPcQMdn.exe
  C:\Windows\System\QPcQMdn.exe
  2⤵
  PID:12676
- C:\Windows\System\YtFXSoC.exe
  C:\Windows\System\YtFXSoC.exe
  2⤵
  PID:12612
- C:\Windows\System\WxVQmON.exe
  C:\Windows\System\WxVQmON.exe
  2⤵
  PID:12980
- C:\Windows\System\DlkzXUS.exe
  C:\Windows\System\DlkzXUS.exe
  2⤵
  PID:13108
- C:\Windows\System\UYcLUro.exe
  C:\Windows\System\UYcLUro.exe
  2⤵
  PID:13276
- C:\Windows\System\skcORbs.exe
  C:\Windows\System\skcORbs.exe
  2⤵
  PID:12484
- C:\Windows\System\qUyCaMF.exe
  C:\Windows\System\qUyCaMF.exe
  2⤵
  PID:13320
- C:\Windows\System\oWhHVdh.exe
  C:\Windows\System\oWhHVdh.exe
  2⤵
  PID:13340
- C:\Windows\System\axQDRNN.exe
  C:\Windows\System\axQDRNN.exe
  2⤵
  PID:13368
- C:\Windows\System\nMjvLRh.exe
  C:\Windows\System\nMjvLRh.exe
  2⤵
  PID:13404
- C:\Windows\System\OdouwUD.exe
  C:\Windows\System\OdouwUD.exe
  2⤵
  PID:13432
- C:\Windows\System\xfOZdyN.exe
  C:\Windows\System\xfOZdyN.exe
  2⤵
  PID:13456
- C:\Windows\System\sQJDVfP.exe
  C:\Windows\System\sQJDVfP.exe
  2⤵
  PID:13484
- C:\Windows\System\pcdPTmq.exe
  C:\Windows\System\pcdPTmq.exe
  2⤵
  PID:13524
- C:\Windows\System\LkKCdOi.exe
  C:\Windows\System\LkKCdOi.exe
  2⤵
  PID:13544
- C:\Windows\System\ZFyWGIM.exe
  C:\Windows\System\ZFyWGIM.exe
  2⤵
  PID:13568
- C:\Windows\System\drZagiK.exe
  C:\Windows\System\drZagiK.exe
  2⤵
  PID:13600
- C:\Windows\System\tJTGPsw.exe
  C:\Windows\System\tJTGPsw.exe
  2⤵
  PID:13624
- C:\Windows\System\AZMvtjC.exe
  C:\Windows\System\AZMvtjC.exe
  2⤵
  PID:13644
- C:\Windows\System\wPJIETI.exe
  C:\Windows\System\wPJIETI.exe
  2⤵
  PID:13672
- C:\Windows\System\WjVkMmC.exe
  C:\Windows\System\WjVkMmC.exe
  2⤵
  PID:13696
- C:\Windows\System\nPfvKJE.exe
  C:\Windows\System\nPfvKJE.exe
  2⤵
  PID:13728
- C:\Windows\System\iTTnFYC.exe
  C:\Windows\System\iTTnFYC.exe
  2⤵
  PID:13760
- C:\Windows\System\gEsRZlN.exe
  C:\Windows\System\gEsRZlN.exe
  2⤵
  PID:13792
- C:\Windows\System\XQIxruG.exe
  C:\Windows\System\XQIxruG.exe
  2⤵
  PID:13820
- C:\Windows\System\xenidaQ.exe
  C:\Windows\System\xenidaQ.exe
  2⤵
  PID:13872
- C:\Windows\System\DUDTLQV.exe
  C:\Windows\System\DUDTLQV.exe
  2⤵
  PID:13896
- C:\Windows\System\lhHQtuQ.exe
  C:\Windows\System\lhHQtuQ.exe
  2⤵
  PID:13920
- C:\Windows\System\lJDwmAk.exe
  C:\Windows\System\lJDwmAk.exe
  2⤵
  PID:13940
- C:\Windows\System\ZAQkFau.exe
  C:\Windows\System\ZAQkFau.exe
  2⤵
  PID:13964
- C:\Windows\System\CAgFebr.exe
  C:\Windows\System\CAgFebr.exe
  2⤵
  PID:14008
- C:\Windows\System\ddFoimN.exe
  C:\Windows\System\ddFoimN.exe
  2⤵
  PID:14032
- C:\Windows\System\tyohvRM.exe
  C:\Windows\System\tyohvRM.exe
  2⤵
  PID:14064
- C:\Windows\System\gcHLLVZ.exe
  C:\Windows\System\gcHLLVZ.exe
  2⤵
  PID:14100
- C:\Windows\System\jCQJRTZ.exe
  C:\Windows\System\jCQJRTZ.exe
  2⤵
  PID:14120
- C:\Windows\System\OkiDEny.exe
  C:\Windows\System\OkiDEny.exe
  2⤵
  PID:14148
- C:\Windows\System\rAmAMML.exe
  C:\Windows\System\rAmAMML.exe
  2⤵
  PID:14188
- C:\Windows\System\gLglOcl.exe
  C:\Windows\System\gLglOcl.exe
  2⤵
  PID:14216
- C:\Windows\System\pMCayrq.exe
  C:\Windows\System\pMCayrq.exe
  2⤵
  PID:14244
- C:\Windows\System\OtpkVIT.exe
  C:\Windows\System\OtpkVIT.exe
  2⤵
  PID:14272
- C:\Windows\System\ZxBTGWM.exe
  C:\Windows\System\ZxBTGWM.exe
  2⤵
  PID:14304
- C:\Windows\System\eybFthf.exe
  C:\Windows\System\eybFthf.exe
  2⤵
  PID:14332
- C:\Windows\System\cofqrdS.exe
  C:\Windows\System\cofqrdS.exe
  2⤵
  PID:13052
- C:\Windows\System\EgpGbSM.exe
  C:\Windows\System\EgpGbSM.exe
  2⤵
  PID:13364
- C:\Windows\System\oFyzpwV.exe
  C:\Windows\System\oFyzpwV.exe
  2⤵
  PID:13328
- C:\Windows\System\ZmbNRYx.exe
  C:\Windows\System\ZmbNRYx.exe
  2⤵
  PID:13444
- C:\Windows\System\vjCbntR.exe
  C:\Windows\System\vjCbntR.exe
  2⤵
  PID:13468
- C:\Windows\System\IZHPaek.exe
  C:\Windows\System\IZHPaek.exe
  2⤵
  PID:13508
- C:\Windows\System\eVeNVXw.exe
  C:\Windows\System\eVeNVXw.exe
  2⤵
  PID:13560
- C:\Windows\System\rnPIYdI.exe
  C:\Windows\System\rnPIYdI.exe
  2⤵
  PID:13708
- C:\Windows\System\PKMTjtG.exe
  C:\Windows\System\PKMTjtG.exe
  2⤵
  PID:13684
- C:\Windows\System\WmOXlzs.exe
  C:\Windows\System\WmOXlzs.exe
  2⤵
  PID:13812
- C:\Windows\System\NwqurFp.exe
  C:\Windows\System\NwqurFp.exe
  2⤵
  PID:13936
- C:\Windows\System\WahedHV.exe
  C:\Windows\System\WahedHV.exe
  2⤵
  PID:14076
- C:\Windows\System\fChIezx.exe
  C:\Windows\System\fChIezx.exe
  2⤵
  PID:14172
- C:\Windows\System\QgVbVNd.exe
  C:\Windows\System\QgVbVNd.exe
  2⤵
  PID:14260
- C:\Windows\System\AFnYdhB.exe
  C:\Windows\System\AFnYdhB.exe
  2⤵
  PID:14296
- C:\Windows\System\cPvYoDe.exe
  C:\Windows\System\cPvYoDe.exe
  2⤵
  PID:14324
- C:\Windows\System\IOjOzCm.exe
  C:\Windows\System\IOjOzCm.exe
  2⤵
  PID:13392
- C:\Windows\System\HoznVXY.exe
  C:\Windows\System\HoznVXY.exe
  2⤵
  PID:13516
- C:\Windows\System\GGEkxqj.exe
  C:\Windows\System\GGEkxqj.exe
  2⤵
  PID:13668
- C:\Windows\System\loEcQAk.exe
  C:\Windows\System\loEcQAk.exe
  2⤵
  PID:13844
- C:\Windows\System\THSkATA.exe
  C:\Windows\System\THSkATA.exe
  2⤵
  PID:14052
- C:\Windows\System\VSCrezc.exe
  C:\Windows\System\VSCrezc.exe
  2⤵
  PID:14200
- C:\Windows\System\EufznYg.exe
  C:\Windows\System\EufznYg.exe
  2⤵
  PID:12884
- C:\Windows\System\LodhXNb.exe
  C:\Windows\System\LodhXNb.exe
  2⤵
  PID:13424
- C:\Windows\System\OyHVeJp.exe
  C:\Windows\System\OyHVeJp.exe
  2⤵
  PID:13916
- C:\Windows\System\oZwmrCP.exe
  C:\Windows\System\oZwmrCP.exe
  2⤵
  PID:13356
- C:\Windows\System\kUXJLLu.exe
  C:\Windows\System\kUXJLLu.exe
  2⤵
  PID:12584

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BYPLfEY.exe

Filesize
2.0MB

MD5
ce162c311f29f30e20c66bc5b814d79e

SHA1
e83e81f88b3f007e1725489f64fca6b337e4b3ab

SHA256
e0ce2301ff24a7aee84830487a4c3deed728d4272ecc32606047f382138de8f0

SHA512
2a152b1a7669b39fc09fed6ec8664071cc4686a03e1aac7a72ba0dcc86c33908a32c6f0010911a07aedfa1e54ad22d94a07c81ec772e59f355107256fbcd9bc7

Download Submit
C:\Windows\System\DIgiPIZ.exe

Filesize
2.0MB

MD5
b3ff584a348555cba23b3c3e4639d215

SHA1
a01bd0d30637f2af198583e5bf32ffca131a8efd

SHA256
f7d3820ee820149fc965ad696aff1e5b0cf2208c37e65126f03dc8fc0ee2ceec

SHA512
af06b17d50a2319bbb716725c41dadaead59d8e25706e8a6f68e4a508e344c521da174e97939dbd253c84c556f50ab0b66e4050ac70c3a9e96a6ca60e5df0da4

Download Submit
C:\Windows\System\ERvdMFN.exe

Filesize
2.0MB

MD5
cbd2bae0f82fd2f68314838e7b01acd4

SHA1
f3ac9c96dc0486c4101c010b705b12ff73233187

SHA256
92d5807ad4d4755ba30fa61958cccfffb39215310c8eabd263b0ef525b9e824c

SHA512
ba8b83b558345b91790dd1edee7dab677209ae81c2d17c88a54275b58f1b22267a2ace632d0cb01827e39b4ab0302cabea18133c2587c08bc0631089d11099d0

Download Submit
C:\Windows\System\EVvOZAk.exe

Filesize
2.0MB

MD5
6ac68ba92dca61d6508532a8052393be

SHA1
d9523ea7f55245be36217488c829df6384efb05a

SHA256
7baa699fe56dd87aee99213eee8e39c0af5f4ab9ca88a0a8e16a59832ef90897

SHA512
190c9d505628b9b330e18f4119012d59a23c34e85c7ae549b021cbdca26f64769ec077e9fad0b69c32eebeb0513dbcfbe21767ef4df313e9a04a78c979fe876f

Download Submit
C:\Windows\System\FdMJGVg.exe

Filesize
2.0MB

MD5
4d2a57da5e520a93a4fe9f78b8c0d0fa

SHA1
02f7c49ea06f0f0d6e91f972c8cbdf2fed45e47f

SHA256
f00f4856effdda6b00bfa47cd9d0cbc8f5b8bbeb07270398116e0669611caf3b

SHA512
7bd7971c5fda74f90ee39de7350aa584a0f6dbcf258d8ca3cffdecbb02fed364933b529e2268a5bf4f64c5cab9444b2d0bb16aaccb3a2081744e77a225df7297

Download Submit
C:\Windows\System\JvHCFty.exe

Filesize
2.0MB

MD5
149086e8ce367a8ea768368980fd0611

SHA1
650c11871f161b6ca705325b5508891ae595e639

SHA256
26305217c27fd3d5b7797d37db4f80bcf52f86b81f274abbbd2bd8221a846999

SHA512
80f9fa76c333fde371f3e45ed8dac895f43c29e24f8b0c98742e8382c0e8d4a06d1fb80f36f5fe8779d523505f0a1c21e9cacbf26c35477b8bdd302871c9bb3b

Download Submit
C:\Windows\System\JvzibKq.exe

Filesize
2.0MB

MD5
e11ba5725f01bd25a7be80fd1450dfa4

SHA1
7b2f3acac4099bf3469628c136ff5010da26884e

SHA256
369b5e4762eebd808dfb1ac787fa9acd0efa8e23806737d839acacc7e68f722c

SHA512
ab1a954ea8ff6b7e521430d663b06c462e48a2de92d707bd83c950a1107407d893696f96870c321d02395ffec324899f2d4c4332f22dc55720ed9504eb770cfb

Download Submit
C:\Windows\System\KyvBBBQ.exe

Filesize
2.0MB

MD5
94dfa14f1772cf0d5363c8c10e1742c7

SHA1
dfa551a80a783df7c7435804255f7728c27b02dc

SHA256
24df4c5a61c9d97dc47b91177286e4d923cdcef409958bce40d4ea9c1755e3ca

SHA512
cc0834e62cf791579fa78a5940678c0f9dacbedc4580e0d122a78527696f828ee2ac970b261a2b59f0fe82206d90121ea38507fa1d845da7bfed435c5e666e3b

Download Submit
C:\Windows\System\NQwnkla.exe

Filesize
2.0MB

MD5
ed6778632c1329543a52bae855fa0f1e

SHA1
c9d2a3754bba183d01602d29ac3accb4537e43f4

SHA256
3115dc05917d0b193f4650f7a8eddb9f59ad9c14dc99d4bf5a1e7126dac13b01

SHA512
f06dcb24374f6a03b20c328ca39ac143a4218f11d268672d712e5124efc8f75c4648adb40587a475c55dba6841ae6fee4f0ba85f4146a1b5a5bbe79703e54dc3

Download Submit
C:\Windows\System\NhHYOZK.exe

Filesize
2.0MB

MD5
b84376d1c0de3195c6555d2c28140b9f

SHA1
d33af396b2b41f9da887498ee3ae307b8ad7ff6b

SHA256
241e907a26d8ebac65749c00c50ea18d8eee6efd737c0bdf247a42ee168b6945

SHA512
d7a1d9c1f2de32635c476318adf9fe3f34fdfe1bff25681d8409d8de11e8950e2502428a34017b860cb2eaea0fdd78a2f7728b30d5e59698186eabf9edc621bc

Download Submit
C:\Windows\System\PRHZunt.exe

Filesize
2.0MB

MD5
f9670109cd5039a8bfe7ca4e3d6f9078

SHA1
ec26904b157ee27e7d2f3ff8948ba90c073fe0da

SHA256
19929b3b5ef991041236607c73ffab6f7fea569fee6d5424d2439f346de9799e

SHA512
5f592557acbba2320b82b0a96aa0404e1640f540a577e904f21fc51ed8f34fd56d32fed5fb8d5f4b7bd4e531e95d31245fc31de7e80cea4fa21993a7031c8006

Download Submit
C:\Windows\System\QPikPLn.exe

Filesize
2.0MB

MD5
cd7011f227c80ac367ee617a9d87a1a9

SHA1
5e747050e27f0d80647d956325117a46daaea19f

SHA256
b0134d1ad42da74d87e8c7d19a3a493fc452c1310fbc94cd19fb05e467c7e109

SHA512
10bdeb288c9cd4ba6130956c182c4105c97c9c7fd5106cf3d52e6a1130cddf23f57d7fa6dda28e02296049947803628098db05fc3ff2c79f20ee95dde70510a2

Download Submit
C:\Windows\System\RGgyvPN.exe

Filesize
2.0MB

MD5
41417b1dd04f466df6f804be0e853f83

SHA1
b23d6a46b18517f46c0c7994ca15e8b8606e0554

SHA256
da31be05d2b666e5f47428ce401d75299fb49701ae7e2b0310cdb98216192b62

SHA512
e24bb1ce125c0c808a17ba2d823d23f5f0ef0ebb8255b60a0e3bab78ca6a3f9b25cb71af0175d5737e610c7b2ea1abed18505b43e537bc6112b980c91a1dd8b5

Download Submit
C:\Windows\System\RRCeVKf.exe

Filesize
2.0MB

MD5
0bf5ff1da83cbda08bfdf38af31574db

SHA1
950a826228334b0ce11ce5a363ffa47d9caec574

SHA256
072d888eb67090cf3e9ca390648612f68fe01a6f1844b08fd63d6bb65f7adb87

SHA512
b90ff61b15d9ad8c3c0179c7dc5c03028d8a06f499cb0e63bff1f6dab53e985ed8d59d691d3c187f43b720e19317c835abe3dbafaea8bfedbfcd7cea01c34a83

Download Submit
C:\Windows\System\RXmAxbw.exe

Filesize
2.0MB

MD5
cfef7c6c1dc4784daef16e756b0b269a

SHA1
2cd73018f2e01ea866d49fb78597dad913fdd3f5

SHA256
389274af10b362450be83155c3f8b7cf207f75357a8d8542c6d78fda083f1618

SHA512
fbca5ea53e60d083ecd4998ef695c8ef52aed9fb00bdd3e131d5f32ead1dea77ff61afcb2a9744a55cc53e6aa71cb2c18360c7127a8c56c13ceb06097dda344b

Download Submit
C:\Windows\System\RlqLtzj.exe

Filesize
2.0MB

MD5
2e02b2052991d6ef1b90c03d90f23b2b

SHA1
2b38d233b672d430cb30649abff2e3d8c1ccbd85

SHA256
f51062d6d6f659a33c50c1f9463b28ba73f707cf3a7c09cf7a659d82ad63b833

SHA512
8d350a04395870881803f3f9d0545c686574ca6f862c319810d8457f896c97d2fba2223b34f517a65b5eaffe56deb014f4563d24ebe0c0a80715ec468dfd3f66

Download Submit
C:\Windows\System\SIKYyeX.exe

Filesize
2.0MB

MD5
eb95de9ac4d58d69cbc2072e39d0b475

SHA1
5ded854f00e60b800083e056bfab4ecf751c2855

SHA256
f1be8d4be8e6cfe6d82b03eb6ce02ffa02c8093c4e8582367196dd21824fdadd

SHA512
6d73504f572bb0fec87bcccaa1caf26c5971f035e53dca504c7646f251a176a6a479dc3317a158654a71a415bbdacf33198e1d22274bd7ba2980ca51ab9ac062

Download Submit
C:\Windows\System\SaYXYqh.exe

Filesize
2.0MB

MD5
9331e26e3b4cc5757a676951490c561a

SHA1
7e738406e597b59772f9f8c10b198b582c4c3376

SHA256
90f9f3613531ce8e012cd9a3adbe21e53a97328a4b9d6720e8926fb6f64ce294

SHA512
cb2ecf16fb1858e8f690c4afb258b379d6cf444a0d6f5a3f18f3dfa48ba4c0ae72d3ec8fd04a9080415a1d4630288bf1d5378bbe05ae1bc439280959b20350ca

Download Submit
C:\Windows\System\StRClUF.exe

Filesize
2.0MB

MD5
0b8715aeba31610050a1951e2cfda28b

SHA1
d96667617d9eb93ff0548c438e93ff0223517b87

SHA256
e5a75fb5da4290869a0d70dc2c0ebf0321ef431667add595c76ba16ce2e5e71b

SHA512
219567c66d0a324350c0e9be4eefaf7a680bac882a602180df54c1862feee61712d9a9a43aac4c0f20ec9abbbf14d8e3f94e411644c54bddf51a589c56eac02d

Download Submit
C:\Windows\System\VbvpyBv.exe

Filesize
2.0MB

MD5
233b9f71f1e3c41bdfcd9b4c34ed6141

SHA1
422f7d6ddc4bf68fc9f4f392c467099f298f9702

SHA256
c690fd7a99ae593128691bbcfcddb5275a87bc619e290b6b2c926834e8979374

SHA512
2d06f9fbbfc17328f3721fb9634f96eecbfa0c4b95e800d7d09d6f65b8cf3232ad7483d7ecb309b1909634a443675a97960f7e54e8d02ec87be790ea4c112254

Download Submit
C:\Windows\System\cFnTaHU.exe

Filesize
2.0MB

MD5
6aaf994b6751c6eff39836aec7551a30

SHA1
3b6a6ff2aef11ebb6b4ddfdd3c991a19c5c2ca98

SHA256
a7262bc1ab8bd9613e86ea9235b003a0cac33258975aabc44db7236bc3d9d9c4

SHA512
f33b1dc760102c9913160912df371337d7a139b84de03f26fd3a3d7106ad319395d1b39ddd099e83bedaa2e9d4a52047683e2f631559cb7f1e7741110c9c0ec9

Download Submit
C:\Windows\System\eocmwZb.exe

Filesize
2.0MB

MD5
42e0409f1d1ab361264ebe88770098e9

SHA1
ef2c52cabe2d28983c518c42c56128c3ae866499

SHA256
04773feed6c11f00957098c6c1866bb6167e34030ce6a3ef025a5c0fd7e238fd

SHA512
6337b48e2c012793a80bd1ea29021af1e716fe667a22a89c799a70054072ed2beddcce9cb5405547243b920600c38e285c525f8a05faeb5843f25fc922257890

Download Submit
C:\Windows\System\hNkeqvF.exe

Filesize
2.0MB

MD5
2cb3e209e7dd7b40b0bf469ea1878d15

SHA1
020d848aba08893db178381cb3962321eb2fa030

SHA256
cb37cc2ed0155215dde11f81fdd83b4a982017f24a7925bc3ff9a0c38bfcd395

SHA512
d12cd425b8baa26022df0bfeda51e145ddeb7f0b4abb0740aae99d9b1863794e467913b8c2bfdc3659619c37f577746a8406d7fe33fbfbb143f508725a479054

Download Submit
C:\Windows\System\jiZqJtS.exe

Filesize
2.0MB

MD5
4f471351a9075f9911d43bedb928baa9

SHA1
4e3cca3cd7b6f4edd92d3ccfd3af22a75d9bfe82

SHA256
cde08018739d1dbfba27d1233575a16be6889d9deb7d5ddcb064d083c42c07e2

SHA512
ba29af32dded1319036efbc1fbf228da1c26d63810efc95b3efdf0d363b5715576dc5c764cf05fcb9856610cc8be666eafbe19b33d320f8772d7fc9a8b122eb4

Download Submit
C:\Windows\System\lLdtilX.exe

Filesize
2.0MB

MD5
416fe3fdfa313bd5505cdfff3737079e

SHA1
0cf568daf9a494f7ba1c2fcb8d923663e8abdc0f

SHA256
033ec93984c28e39cc5e53431a9ffb09108d378c006a4956d8b8306d25e4220e

SHA512
055eff9fc8f805cf3c48ac5db328a6b18ddb78a17b03a02bcc5e8968919e2b192f8d9793440c518cd77a910ffbed89e4a905652a3e2f3f5a90eb957a0e7cd340

Download Submit
C:\Windows\System\pIZxXhu.exe

Filesize
2.0MB

MD5
ed728953c1fb00ee1a5fab334a66a8be

SHA1
1c19c74a301d13f6aeb39437fd4129cd52cb3036

SHA256
c4d21acbc2fd4c787686adcea9f4c30b6cada99bcf19b454b7a4164d57a3aa20

SHA512
b255b7f84d3f3642c9556156d67884c8edc88e09debdbba0c418d9e8fbd9a41c3a018b7c09df1764252cd0f523e8c142e1a12bf8cca57cce8818c4996a136374

Download Submit
C:\Windows\System\rEnFsgk.exe

Filesize
2.0MB

MD5
c818466dd9ee97d205c199b5fe163c6f

SHA1
88c8417415fddb73d5ac65c786d784a8401615d5

SHA256
084807c70d1a2b24784c5642471378284e3deb099fe40ed36378e7a526991b75

SHA512
009ec7f4769ce2a918c14642c793d2acf9fbc38a4f76935cd48fc435926c93df49d862ed048e47ef123dacf6dae4325134b158fa14d09a8377f7ab3eefd6eec9

Download Submit
C:\Windows\System\sugVmhS.exe

Filesize
2.0MB

MD5
c1ea07cac23a49b0313b01fed61a2129

SHA1
2023a9c7f60b1fedefe61d4e0ee3bec72beeca0c

SHA256
377afcd6c26b3ef09e7c8d17a57a8a8545887cab729a52baf25c90bc3be497ce

SHA512
ac8a5cd8cdfafe7ad5dc4bdcbd7dbf29b221f73124a38156cf0098c5fada1242c15f6c8ff1041f903b42e13f20af644f72d593db77e0ef8f7c550809a348ce1c

Download Submit
C:\Windows\System\tpoBHNt.exe

Filesize
2.0MB

MD5
0bb10fe5ef7b68d6eaa76a8c7552a4a3

SHA1
ee4227d36bf1daa367bf8fecf41c2edcccd92125

SHA256
49a8b5dbde8cf77603dcb5d459b55f4e5b48b9993d900a46b58edbd326bcf299

SHA512
68b1b2a278031b38acd05da24b59d3f8e5412e85c729490db5ab03b8d3c86ecabe7c05cb140a1610a988c2a334b3f109a6a34b38a2605f5ecd27fb615230d5ed

Download Submit
C:\Windows\System\vMEjrsQ.exe

Filesize
2.0MB

MD5
8eb71cff7f6ecbd7f27e84a512db829a

SHA1
285bffd87ad2afadeb3db0fad759f9984aa1adcf

SHA256
ed591de5c87aecbf9059b24ecf70f1151b0cc544990ea6b1aa8002755a0489ce

SHA512
9bda3fff3866ec12c762791ca68e205c3b1819a4587701f2de50a7e251a2aa3763ba46821216c505470eaec94443c70cce945e539a75507ad4993e5ff702ee49

Download Submit
C:\Windows\System\wXFZshL.exe

Filesize
2.0MB

MD5
4fbb7c7655604dcb58a7bfaf5b04e8ea

SHA1
88fe9fb80103a952986f2d7748abee565a25e4f2

SHA256
47546715374d1a01d6edc364e89350da7896d41a66b948addb4a52cb7bf60caa

SHA512
6b9ed6f24dfa490bf9b04808d65b0554a76c8b2030c5c4191bab5d25c560ada270d2bb580d545d243288c98690d50f9d00cbfcfc97bdf00580eaffc601e3df57

Download Submit
C:\Windows\System\wpmiCZb.exe

Filesize
2.0MB

MD5
c386bc2cfa0c039106d151bf01635b71

SHA1
f279182bcf69ddd31c35426e6d71bf634d0ed122

SHA256
c1b5c49e2f4043a9c045e2ba64435594abe9fbb4fc3ab74d5af6f4bc2e87d493

SHA512
bf1b84d254202ace95d075ebaaae8614a0fe2ac3b8182389b08bb725c041264d2d5d2b24da9613c9320dc69e82d8c1e774ec22fe65d94e965b8d5506c3b7b672

Download Submit
C:\Windows\System\xcrGcET.exe

Filesize
2.0MB

MD5
9e62e936e584eb3d8578301a21cb20be

SHA1
29191d9f5843a5f4c80580b0296518c513107553

SHA256
d2d4e9f67f0172433dd3b88ab62bc2964bf2c03289173ff91483b6414958e958

SHA512
5082b722f5be777b18d3f671efdbccafe5ade5081e146df646730b23ddb692ea953d5959143117febe598f24534c58e23a44748c507a8eedc876d8f2646dd06d

Download Submit
C:\Windows\System\ymfczoC.exe

Filesize
2.0MB

MD5
99f2e368a1162461a39b3b89f94cbf89

SHA1
5d50911df8d283cb00be1ce685eb9168c3ceaaf4

SHA256
f212c4b94f494e10de36235767056c6df11376247c0da4fdd213bb00c5f9a4fa

SHA512
6b9786a290c0320a8259d22c71e17160f62cc8e4c2ab7b7231753723750a110cd1b95d280ca8768194b182ac3942c752354cea2750abc8f3daebf15302210f37

Download Submit
C:\Windows\System\yulUAoH.exe

Filesize
2.0MB

MD5
b123f25d5522a4a888ae49decc591acd

SHA1
cc81582170808ffe4df6eee4b0c79881849f26b4

SHA256
310895e11d7269e55cf12ed9de0059a1e9fd9dd1e3f606b68cc6ee9aa6523cfe

SHA512
10481cb753ee2bdb5064f28dfd7ebe9314f0d60e983b15f8403b593233ded94299ea833926115ff07145bd05cbd4a99d3fe20f90b7a2479fd876adbaff491009

Download Submit
memory/364-93-0x00007FF673590000-0x00007FF6738E4000-memory.dmp

Filesize
3.3MB

Download
memory/364-2136-0x00007FF673590000-0x00007FF6738E4000-memory.dmp

Filesize
3.3MB

Download
memory/672-2129-0x00007FF6440B0000-0x00007FF644404000-memory.dmp

Filesize
3.3MB

Download
memory/672-67-0x00007FF6440B0000-0x00007FF644404000-memory.dmp

Filesize
3.3MB

Download
memory/672-2113-0x00007FF6440B0000-0x00007FF644404000-memory.dmp

Filesize
3.3MB

Download
memory/816-2116-0x00007FF7825B0000-0x00007FF782904000-memory.dmp

Filesize
3.3MB

Download
memory/816-107-0x00007FF7825B0000-0x00007FF782904000-memory.dmp

Filesize
3.3MB

Download
memory/816-2138-0x00007FF7825B0000-0x00007FF782904000-memory.dmp

Filesize
3.3MB

Download
memory/856-2110-0x00007FF64CC20000-0x00007FF64CF74000-memory.dmp

Filesize
3.3MB

Download
memory/856-64-0x00007FF64CC20000-0x00007FF64CF74000-memory.dmp

Filesize
3.3MB

Download
memory/856-2130-0x00007FF64CC20000-0x00007FF64CF74000-memory.dmp

Filesize
3.3MB

Download
memory/864-2134-0x00007FF611D10000-0x00007FF612064000-memory.dmp

Filesize
3.3MB

Download
memory/864-82-0x00007FF611D10000-0x00007FF612064000-memory.dmp

Filesize
3.3MB

Download
memory/864-2114-0x00007FF611D10000-0x00007FF612064000-memory.dmp

Filesize
3.3MB

Download
memory/1000-2124-0x00007FF709E40000-0x00007FF70A194000-memory.dmp

Filesize
3.3MB

Download
memory/1000-34-0x00007FF709E40000-0x00007FF70A194000-memory.dmp

Filesize
3.3MB

Download
memory/1340-236-0x00007FF7C6CA0000-0x00007FF7C6FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1340-2141-0x00007FF7C6CA0000-0x00007FF7C6FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-1-0x00000178143A0000-0x00000178143B0000-memory.dmp

Filesize
64KB

Download
memory/1488-0-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2105-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-51-0x00007FF6AEC20000-0x00007FF6AEF74000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2126-0x00007FF6AEC20000-0x00007FF6AEF74000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2109-0x00007FF6AEC20000-0x00007FF6AEF74000-memory.dmp

Filesize
3.3MB

Download
memory/1616-97-0x00007FF72A840000-0x00007FF72AB94000-memory.dmp

Filesize
3.3MB

Download
memory/1616-2133-0x00007FF72A840000-0x00007FF72AB94000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2146-0x00007FF6CF430000-0x00007FF6CF784000-memory.dmp

Filesize
3.3MB

Download
memory/1664-244-0x00007FF6CF430000-0x00007FF6CF784000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2125-0x00007FF720A50000-0x00007FF720DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1932-24-0x00007FF720A50000-0x00007FF720DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2108-0x00007FF720A50000-0x00007FF720DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-145-0x00007FF728C70000-0x00007FF728FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2139-0x00007FF728C70000-0x00007FF728FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2144-0x00007FF6F86B0000-0x00007FF6F8A04000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2118-0x00007FF6F86B0000-0x00007FF6F8A04000-memory.dmp

Filesize
3.3MB

Download
memory/2004-165-0x00007FF6F86B0000-0x00007FF6F8A04000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2149-0x00007FF60F630000-0x00007FF60F984000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2120-0x00007FF60F630000-0x00007FF60F984000-memory.dmp

Filesize
3.3MB

Download
memory/2100-214-0x00007FF60F630000-0x00007FF60F984000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2143-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-230-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-130-0x00007FF72E210000-0x00007FF72E564000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2140-0x00007FF72E210000-0x00007FF72E564000-memory.dmp

Filesize
3.3MB

Download
memory/2540-248-0x00007FF74D180000-0x00007FF74D4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2147-0x00007FF74D180000-0x00007FF74D4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-197-0x00007FF6852E0000-0x00007FF685634000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2145-0x00007FF6852E0000-0x00007FF685634000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2119-0x00007FF6852E0000-0x00007FF685634000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2111-0x00007FF7B7540000-0x00007FF7B7894000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2131-0x00007FF7B7540000-0x00007FF7B7894000-memory.dmp

Filesize
3.3MB

Download
memory/2756-74-0x00007FF7B7540000-0x00007FF7B7894000-memory.dmp

Filesize
3.3MB

Download
memory/2772-83-0x00007FF73B420000-0x00007FF73B774000-memory.dmp

Filesize
3.3MB

Download
memory/2772-2137-0x00007FF73B420000-0x00007FF73B774000-memory.dmp

Filesize
3.3MB

Download
memory/2772-2115-0x00007FF73B420000-0x00007FF73B774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2150-0x00007FF74C2B0000-0x00007FF74C604000-memory.dmp

Filesize
3.3MB

Download
memory/2888-215-0x00007FF74C2B0000-0x00007FF74C604000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2121-0x00007FF74C2B0000-0x00007FF74C604000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2148-0x00007FF629620000-0x00007FF629974000-memory.dmp

Filesize
3.3MB

Download
memory/3212-150-0x00007FF629620000-0x00007FF629974000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2117-0x00007FF629620000-0x00007FF629974000-memory.dmp

Filesize
3.3MB

Download
memory/3660-98-0x00007FF7D1C70000-0x00007FF7D1FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2135-0x00007FF7D1C70000-0x00007FF7D1FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4056-96-0x00007FF681510000-0x00007FF681864000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2128-0x00007FF681510000-0x00007FF681864000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2112-0x00007FF603890000-0x00007FF603BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2132-0x00007FF603890000-0x00007FF603BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-75-0x00007FF603890000-0x00007FF603BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-20-0x00007FF692180000-0x00007FF6924D4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-2123-0x00007FF692180000-0x00007FF6924D4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-2106-0x00007FF692180000-0x00007FF6924D4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2122-0x00007FF7544D0000-0x00007FF754824000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2107-0x00007FF7544D0000-0x00007FF754824000-memory.dmp

Filesize
3.3MB

Download
memory/4568-13-0x00007FF7544D0000-0x00007FF754824000-memory.dmp

Filesize
3.3MB

Download
memory/5036-95-0x00007FF610280000-0x00007FF6105D4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2127-0x00007FF610280000-0x00007FF6105D4000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2142-0x00007FF70F440000-0x00007FF70F794000-memory.dmp

Filesize
3.3MB

Download
memory/5116-243-0x00007FF70F440000-0x00007FF70F794000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads