xmrig | 2268ce08a67f4ba8f3a3090547321ffe06ec6288f79bdd88e2681458bde846e2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
Size

2.6MB
MD5

3404ef0a191d68f77d906d178bf22050
SHA1

7a899566c005bda50dbd932985c7218e4062a606
SHA256

2268ce08a67f4ba8f3a3090547321ffe06ec6288f79bdd88e2681458bde846e2
SHA512

ed70359cca8e21119924aec7063d1ff0ab085c66eafbd4947d448518259c57e2777862d0c4f9ef37a605ad0906a4ca5cc979256027e70e998d6e58bcb58cdc1f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdIc1lNpEdxAgy:BemTLkNdfE0pZrW

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3488-0-0x00007FF6F8580000-0x00007FF6F88D4000-memory.dmp	xmrig
behavioral2/files/0x000500000002328f-5.dat	xmrig
behavioral2/files/0x0007000000023422-13.dat	xmrig
behavioral2/memory/3016-16-0x00007FF6A6080000-0x00007FF6A63D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-26.dat	xmrig
behavioral2/files/0x0007000000023425-32.dat	xmrig
behavioral2/files/0x0007000000023427-47.dat	xmrig
behavioral2/files/0x0007000000023428-52.dat	xmrig
behavioral2/files/0x000700000002342a-61.dat	xmrig
behavioral2/files/0x000700000002342f-90.dat	xmrig
behavioral2/files/0x0007000000023431-100.dat	xmrig
behavioral2/files/0x0007000000023439-136.dat	xmrig
behavioral2/files/0x000700000002343c-154.dat	xmrig
behavioral2/memory/868-704-0x00007FF6EB630000-0x00007FF6EB984000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-169.dat	xmrig
behavioral2/files/0x000700000002343f-166.dat	xmrig
behavioral2/files/0x000700000002343e-164.dat	xmrig
behavioral2/files/0x000700000002343d-160.dat	xmrig
behavioral2/files/0x000700000002343b-150.dat	xmrig
behavioral2/files/0x000700000002343a-144.dat	xmrig
behavioral2/files/0x0007000000023438-134.dat	xmrig
behavioral2/files/0x0007000000023437-130.dat	xmrig
behavioral2/files/0x0007000000023436-125.dat	xmrig
behavioral2/files/0x0007000000023435-120.dat	xmrig
behavioral2/files/0x0007000000023434-114.dat	xmrig
behavioral2/files/0x0007000000023433-110.dat	xmrig
behavioral2/files/0x0007000000023432-104.dat	xmrig
behavioral2/memory/4260-705-0x00007FF7B59E0000-0x00007FF7B5D34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-94.dat	xmrig
behavioral2/files/0x000700000002342e-84.dat	xmrig
behavioral2/files/0x000700000002342d-80.dat	xmrig
behavioral2/files/0x000700000002342c-72.dat	xmrig
behavioral2/files/0x000700000002342b-69.dat	xmrig
behavioral2/files/0x0007000000023429-59.dat	xmrig
behavioral2/files/0x0007000000023426-42.dat	xmrig
behavioral2/memory/2984-37-0x00007FF781280000-0x00007FF7815D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-34.dat	xmrig
behavioral2/memory/4368-33-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp	xmrig
behavioral2/memory/768-23-0x00007FF688900000-0x00007FF688C54000-memory.dmp	xmrig
behavioral2/memory/5100-21-0x00007FF79E750000-0x00007FF79EAA4000-memory.dmp	xmrig
behavioral2/files/0x000800000002341d-15.dat	xmrig
behavioral2/memory/1180-10-0x00007FF794810000-0x00007FF794B64000-memory.dmp	xmrig
behavioral2/memory/4084-706-0x00007FF760BF0000-0x00007FF760F44000-memory.dmp	xmrig
behavioral2/memory/4880-707-0x00007FF786A00000-0x00007FF786D54000-memory.dmp	xmrig
behavioral2/memory/3196-708-0x00007FF64FC70000-0x00007FF64FFC4000-memory.dmp	xmrig
behavioral2/memory/2596-709-0x00007FF77F1D0000-0x00007FF77F524000-memory.dmp	xmrig
behavioral2/memory/2776-710-0x00007FF643D00000-0x00007FF644054000-memory.dmp	xmrig
behavioral2/memory/4620-718-0x00007FF743BF0000-0x00007FF743F44000-memory.dmp	xmrig
behavioral2/memory/2912-731-0x00007FF618220000-0x00007FF618574000-memory.dmp	xmrig
behavioral2/memory/2988-756-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp	xmrig
behavioral2/memory/1080-752-0x00007FF7EA540000-0x00007FF7EA894000-memory.dmp	xmrig
behavioral2/memory/2420-746-0x00007FF7FF230000-0x00007FF7FF584000-memory.dmp	xmrig
behavioral2/memory/4388-743-0x00007FF73F180000-0x00007FF73F4D4000-memory.dmp	xmrig
behavioral2/memory/1976-740-0x00007FF767BD0000-0x00007FF767F24000-memory.dmp	xmrig
behavioral2/memory/1600-773-0x00007FF665780000-0x00007FF665AD4000-memory.dmp	xmrig
behavioral2/memory/1656-777-0x00007FF77C940000-0x00007FF77CC94000-memory.dmp	xmrig
behavioral2/memory/3212-778-0x00007FF7609E0000-0x00007FF760D34000-memory.dmp	xmrig
behavioral2/memory/5012-774-0x00007FF6CA330000-0x00007FF6CA684000-memory.dmp	xmrig
behavioral2/memory/4864-737-0x00007FF614350000-0x00007FF6146A4000-memory.dmp	xmrig
behavioral2/memory/4476-726-0x00007FF7BE410000-0x00007FF7BE764000-memory.dmp	xmrig
behavioral2/memory/2480-723-0x00007FF72E160000-0x00007FF72E4B4000-memory.dmp	xmrig
behavioral2/memory/1212-721-0x00007FF7E8760000-0x00007FF7E8AB4000-memory.dmp	xmrig
behavioral2/memory/3088-715-0x00007FF6B85C0000-0x00007FF6B8914000-memory.dmp	xmrig
behavioral2/memory/3488-2111-0x00007FF6F8580000-0x00007FF6F88D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1180	Sftsfye.exe
3016	zyCuKii.exe
5100	xIxPgRH.exe
768	BHDCUhw.exe
4368	MaYVUyZ.exe
2984	gXGFiIt.exe
868	eIQMtBq.exe
4260	kKvJBEb.exe
4084	LLDMuJa.exe
4880	TuALGMt.exe
3196	YhaNeTK.exe
2596	WCULbpG.exe
2776	duTrgiq.exe
3088	RVAANhB.exe
4620	GcNVaCC.exe
1212	IORIwuA.exe
2480	DjUKRtX.exe
4476	fqFWMVg.exe
2912	vXqChXM.exe
4864	NNPMvQo.exe
1976	EQyRuor.exe
4388	aEKOhcL.exe
2420	ImQNDUJ.exe
1080	nKgLPzR.exe
2988	hIjAcGx.exe
1600	mXRgACM.exe
5012	zKdvISB.exe
1656	cwvSFWE.exe
3212	QgcXSoS.exe
3584	aJYAUfU.exe
2392	xehLYgm.exe
4024	FYwIatc.exe
3808	NlJIvZV.exe
3512	PmHDHwr.exe
4760	HxYGTAV.exe
4740	hJxUOSy.exe
2724	wECJCcx.exe
3520	osDEqwJ.exe
4840	tZtUZTB.exe
540	WCxxoJe.exe
4628	KUWMgSH.exe
1360	xAbGRaw.exe
4272	diNHMbh.exe
3112	wpHQoCM.exe
3228	bTISneB.exe
3280	WmPzSEP.exe
2468	jybJGMN.exe
3092	CPsESRp.exe
4040	nSNSxpr.exe
4020	blUihyY.exe
1884	WVvaJRl.exe
748	EKKLfmc.exe
1096	ATlWSqE.exe
376	gbrsYos.exe
3000	ILiTori.exe
2240	sRvUFNc.exe
2436	UPxgkYp.exe
1016	HZsUEeQ.exe
4216	XoEBbgN.exe
3924	haJzlrJ.exe
4528	yZqvUZo.exe
2388	rioNWpr.exe
4820	LSoAERu.exe
3976	GacXzbk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3488-0-0x00007FF6F8580000-0x00007FF6F88D4000-memory.dmp	upx
behavioral2/files/0x000500000002328f-5.dat	upx
behavioral2/files/0x0007000000023422-13.dat	upx
behavioral2/memory/3016-16-0x00007FF6A6080000-0x00007FF6A63D4000-memory.dmp	upx
behavioral2/files/0x0007000000023423-26.dat	upx
behavioral2/files/0x0007000000023425-32.dat	upx
behavioral2/files/0x0007000000023427-47.dat	upx
behavioral2/files/0x0007000000023428-52.dat	upx
behavioral2/files/0x000700000002342a-61.dat	upx
behavioral2/files/0x000700000002342f-90.dat	upx
behavioral2/files/0x0007000000023431-100.dat	upx
behavioral2/files/0x0007000000023439-136.dat	upx
behavioral2/files/0x000700000002343c-154.dat	upx
behavioral2/memory/868-704-0x00007FF6EB630000-0x00007FF6EB984000-memory.dmp	upx
behavioral2/files/0x0007000000023440-169.dat	upx
behavioral2/files/0x000700000002343f-166.dat	upx
behavioral2/files/0x000700000002343e-164.dat	upx
behavioral2/files/0x000700000002343d-160.dat	upx
behavioral2/files/0x000700000002343b-150.dat	upx
behavioral2/files/0x000700000002343a-144.dat	upx
behavioral2/files/0x0007000000023438-134.dat	upx
behavioral2/files/0x0007000000023437-130.dat	upx
behavioral2/files/0x0007000000023436-125.dat	upx
behavioral2/files/0x0007000000023435-120.dat	upx
behavioral2/files/0x0007000000023434-114.dat	upx
behavioral2/files/0x0007000000023433-110.dat	upx
behavioral2/files/0x0007000000023432-104.dat	upx
behavioral2/memory/4260-705-0x00007FF7B59E0000-0x00007FF7B5D34000-memory.dmp	upx
behavioral2/files/0x0007000000023430-94.dat	upx
behavioral2/files/0x000700000002342e-84.dat	upx
behavioral2/files/0x000700000002342d-80.dat	upx
behavioral2/files/0x000700000002342c-72.dat	upx
behavioral2/files/0x000700000002342b-69.dat	upx
behavioral2/files/0x0007000000023429-59.dat	upx
behavioral2/files/0x0007000000023426-42.dat	upx
behavioral2/memory/2984-37-0x00007FF781280000-0x00007FF7815D4000-memory.dmp	upx
behavioral2/files/0x0007000000023424-34.dat	upx
behavioral2/memory/4368-33-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp	upx
behavioral2/memory/768-23-0x00007FF688900000-0x00007FF688C54000-memory.dmp	upx
behavioral2/memory/5100-21-0x00007FF79E750000-0x00007FF79EAA4000-memory.dmp	upx
behavioral2/files/0x000800000002341d-15.dat	upx
behavioral2/memory/1180-10-0x00007FF794810000-0x00007FF794B64000-memory.dmp	upx
behavioral2/memory/4084-706-0x00007FF760BF0000-0x00007FF760F44000-memory.dmp	upx
behavioral2/memory/4880-707-0x00007FF786A00000-0x00007FF786D54000-memory.dmp	upx
behavioral2/memory/3196-708-0x00007FF64FC70000-0x00007FF64FFC4000-memory.dmp	upx
behavioral2/memory/2596-709-0x00007FF77F1D0000-0x00007FF77F524000-memory.dmp	upx
behavioral2/memory/2776-710-0x00007FF643D00000-0x00007FF644054000-memory.dmp	upx
behavioral2/memory/4620-718-0x00007FF743BF0000-0x00007FF743F44000-memory.dmp	upx
behavioral2/memory/2912-731-0x00007FF618220000-0x00007FF618574000-memory.dmp	upx
behavioral2/memory/2988-756-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp	upx
behavioral2/memory/1080-752-0x00007FF7EA540000-0x00007FF7EA894000-memory.dmp	upx
behavioral2/memory/2420-746-0x00007FF7FF230000-0x00007FF7FF584000-memory.dmp	upx
behavioral2/memory/4388-743-0x00007FF73F180000-0x00007FF73F4D4000-memory.dmp	upx
behavioral2/memory/1976-740-0x00007FF767BD0000-0x00007FF767F24000-memory.dmp	upx
behavioral2/memory/1600-773-0x00007FF665780000-0x00007FF665AD4000-memory.dmp	upx
behavioral2/memory/1656-777-0x00007FF77C940000-0x00007FF77CC94000-memory.dmp	upx
behavioral2/memory/3212-778-0x00007FF7609E0000-0x00007FF760D34000-memory.dmp	upx
behavioral2/memory/5012-774-0x00007FF6CA330000-0x00007FF6CA684000-memory.dmp	upx
behavioral2/memory/4864-737-0x00007FF614350000-0x00007FF6146A4000-memory.dmp	upx
behavioral2/memory/4476-726-0x00007FF7BE410000-0x00007FF7BE764000-memory.dmp	upx
behavioral2/memory/2480-723-0x00007FF72E160000-0x00007FF72E4B4000-memory.dmp	upx
behavioral2/memory/1212-721-0x00007FF7E8760000-0x00007FF7E8AB4000-memory.dmp	upx
behavioral2/memory/3088-715-0x00007FF6B85C0000-0x00007FF6B8914000-memory.dmp	upx
behavioral2/memory/3488-2111-0x00007FF6F8580000-0x00007FF6F88D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XIpAenQ.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\dBsPxDc.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\MiMSELE.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\WvQgHiy.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\smGfUqJ.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\YSOncdP.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\mnjcZvo.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\bBozCRO.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\gXGFiIt.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\UPxgkYp.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\YbUldmp.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\eJgfdgZ.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\jrUfdfW.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\xAbGRaw.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\LYZpUXl.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\RGppSUk.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\AFNapAI.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\hbtziDx.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\ViefFmr.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\YgoZwVl.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\DahXtsX.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\zyCuKii.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\hIjAcGx.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\wpHQoCM.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\fsdPgra.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\yelpQkE.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\OlHSIjf.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\MHnjrzg.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\PNxWFMw.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\HowFEsS.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\OpKhfLv.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\oZjZoAw.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\JPUlsOB.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\qhjXzVy.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\CPsESRp.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\KeXLeES.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\iwcqlRo.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\ZDBBFUK.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\MelHAdP.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\nThcHEh.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\nnVvjHB.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\huoDPqC.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\hUDDCUn.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\IxxNYwW.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\maTIugK.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\DqDabeE.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\xdVNGCb.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\mhBJakY.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\haJzlrJ.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\MyLpKhD.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\ftjsYNR.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\vFcZOhm.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\gghmHOw.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\TqAelHy.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\ImQNDUJ.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\kVAcpTm.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\cxOMuQA.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\qCssQbT.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\sJUVTQw.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\GSvreMH.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\aHUsygM.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\UtoCREz.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\diiPTel.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
File created	C:\Windows\System\dtkeuos.exe	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14860	dwm.exe
Token: SeChangeNotifyPrivilege	14860	dwm.exe
Token: 33	14860	dwm.exe
Token: SeIncBasePriorityPrivilege	14860	dwm.exe
Token: SeShutdownPrivilege	14860	dwm.exe
Token: SeCreatePagefilePrivilege	14860	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
15156	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 1180	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	84
PID 3488 wrote to memory of 1180	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	84
PID 3488 wrote to memory of 3016	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	85
PID 3488 wrote to memory of 3016	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	85
PID 3488 wrote to memory of 5100	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	86
PID 3488 wrote to memory of 5100	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	86
PID 3488 wrote to memory of 768	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	87
PID 3488 wrote to memory of 768	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	87
PID 3488 wrote to memory of 4368	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	88
PID 3488 wrote to memory of 4368	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	88
PID 3488 wrote to memory of 2984	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	89
PID 3488 wrote to memory of 2984	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	89
PID 3488 wrote to memory of 868	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	90
PID 3488 wrote to memory of 868	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	90
PID 3488 wrote to memory of 4260	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	91
PID 3488 wrote to memory of 4260	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	91
PID 3488 wrote to memory of 4084	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	92
PID 3488 wrote to memory of 4084	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	92
PID 3488 wrote to memory of 4880	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	93
PID 3488 wrote to memory of 4880	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	93
PID 3488 wrote to memory of 3196	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	94
PID 3488 wrote to memory of 3196	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	94
PID 3488 wrote to memory of 2596	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	95
PID 3488 wrote to memory of 2596	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	95
PID 3488 wrote to memory of 2776	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	96
PID 3488 wrote to memory of 2776	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	96
PID 3488 wrote to memory of 3088	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	97
PID 3488 wrote to memory of 3088	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	97
PID 3488 wrote to memory of 4620	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	98
PID 3488 wrote to memory of 4620	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	98
PID 3488 wrote to memory of 1212	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	99
PID 3488 wrote to memory of 1212	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	99
PID 3488 wrote to memory of 2480	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	100
PID 3488 wrote to memory of 2480	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	100
PID 3488 wrote to memory of 4476	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	101
PID 3488 wrote to memory of 4476	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	101
PID 3488 wrote to memory of 2912	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	102
PID 3488 wrote to memory of 2912	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	102
PID 3488 wrote to memory of 4864	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	103
PID 3488 wrote to memory of 4864	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	103
PID 3488 wrote to memory of 1976	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	104
PID 3488 wrote to memory of 1976	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	104
PID 3488 wrote to memory of 4388	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	105
PID 3488 wrote to memory of 4388	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	105
PID 3488 wrote to memory of 2420	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	106
PID 3488 wrote to memory of 2420	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	106
PID 3488 wrote to memory of 1080	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	107
PID 3488 wrote to memory of 1080	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	107
PID 3488 wrote to memory of 2988	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	108
PID 3488 wrote to memory of 2988	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	108
PID 3488 wrote to memory of 1600	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	109
PID 3488 wrote to memory of 1600	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	109
PID 3488 wrote to memory of 5012	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	110
PID 3488 wrote to memory of 5012	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	110
PID 3488 wrote to memory of 1656	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	111
PID 3488 wrote to memory of 1656	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	111
PID 3488 wrote to memory of 3212	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	112
PID 3488 wrote to memory of 3212	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	112
PID 3488 wrote to memory of 3584	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	113
PID 3488 wrote to memory of 3584	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	113
PID 3488 wrote to memory of 2392	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	114
PID 3488 wrote to memory of 2392	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	114
PID 3488 wrote to memory of 4024	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	115
PID 3488 wrote to memory of 4024	3488	3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3404ef0a191d68f77d906d178bf22050_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Windows\System\Sftsfye.exe
  C:\Windows\System\Sftsfye.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\zyCuKii.exe
  C:\Windows\System\zyCuKii.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\xIxPgRH.exe
  C:\Windows\System\xIxPgRH.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\BHDCUhw.exe
  C:\Windows\System\BHDCUhw.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\MaYVUyZ.exe
  C:\Windows\System\MaYVUyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\gXGFiIt.exe
  C:\Windows\System\gXGFiIt.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\eIQMtBq.exe
  C:\Windows\System\eIQMtBq.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\kKvJBEb.exe
  C:\Windows\System\kKvJBEb.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\LLDMuJa.exe
  C:\Windows\System\LLDMuJa.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\TuALGMt.exe
  C:\Windows\System\TuALGMt.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\YhaNeTK.exe
  C:\Windows\System\YhaNeTK.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\WCULbpG.exe
  C:\Windows\System\WCULbpG.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\duTrgiq.exe
  C:\Windows\System\duTrgiq.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\RVAANhB.exe
  C:\Windows\System\RVAANhB.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\GcNVaCC.exe
  C:\Windows\System\GcNVaCC.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\IORIwuA.exe
  C:\Windows\System\IORIwuA.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\DjUKRtX.exe
  C:\Windows\System\DjUKRtX.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\fqFWMVg.exe
  C:\Windows\System\fqFWMVg.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\vXqChXM.exe
  C:\Windows\System\vXqChXM.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\NNPMvQo.exe
  C:\Windows\System\NNPMvQo.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\EQyRuor.exe
  C:\Windows\System\EQyRuor.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\aEKOhcL.exe
  C:\Windows\System\aEKOhcL.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\ImQNDUJ.exe
  C:\Windows\System\ImQNDUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\nKgLPzR.exe
  C:\Windows\System\nKgLPzR.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\hIjAcGx.exe
  C:\Windows\System\hIjAcGx.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\mXRgACM.exe
  C:\Windows\System\mXRgACM.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\zKdvISB.exe
  C:\Windows\System\zKdvISB.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\cwvSFWE.exe
  C:\Windows\System\cwvSFWE.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\QgcXSoS.exe
  C:\Windows\System\QgcXSoS.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\aJYAUfU.exe
  C:\Windows\System\aJYAUfU.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\xehLYgm.exe
  C:\Windows\System\xehLYgm.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\FYwIatc.exe
  C:\Windows\System\FYwIatc.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\NlJIvZV.exe
  C:\Windows\System\NlJIvZV.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\PmHDHwr.exe
  C:\Windows\System\PmHDHwr.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\HxYGTAV.exe
  C:\Windows\System\HxYGTAV.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\hJxUOSy.exe
  C:\Windows\System\hJxUOSy.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\wECJCcx.exe
  C:\Windows\System\wECJCcx.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\osDEqwJ.exe
  C:\Windows\System\osDEqwJ.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\tZtUZTB.exe
  C:\Windows\System\tZtUZTB.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\WCxxoJe.exe
  C:\Windows\System\WCxxoJe.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\KUWMgSH.exe
  C:\Windows\System\KUWMgSH.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\xAbGRaw.exe
  C:\Windows\System\xAbGRaw.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\diNHMbh.exe
  C:\Windows\System\diNHMbh.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\wpHQoCM.exe
  C:\Windows\System\wpHQoCM.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\bTISneB.exe
  C:\Windows\System\bTISneB.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\WmPzSEP.exe
  C:\Windows\System\WmPzSEP.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\jybJGMN.exe
  C:\Windows\System\jybJGMN.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\CPsESRp.exe
  C:\Windows\System\CPsESRp.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\nSNSxpr.exe
  C:\Windows\System\nSNSxpr.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\blUihyY.exe
  C:\Windows\System\blUihyY.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\WVvaJRl.exe
  C:\Windows\System\WVvaJRl.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\EKKLfmc.exe
  C:\Windows\System\EKKLfmc.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\ATlWSqE.exe
  C:\Windows\System\ATlWSqE.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\gbrsYos.exe
  C:\Windows\System\gbrsYos.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\ILiTori.exe
  C:\Windows\System\ILiTori.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\sRvUFNc.exe
  C:\Windows\System\sRvUFNc.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\UPxgkYp.exe
  C:\Windows\System\UPxgkYp.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\HZsUEeQ.exe
  C:\Windows\System\HZsUEeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\XoEBbgN.exe
  C:\Windows\System\XoEBbgN.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\haJzlrJ.exe
  C:\Windows\System\haJzlrJ.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\yZqvUZo.exe
  C:\Windows\System\yZqvUZo.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\rioNWpr.exe
  C:\Windows\System\rioNWpr.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\LSoAERu.exe
  C:\Windows\System\LSoAERu.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\GacXzbk.exe
  C:\Windows\System\GacXzbk.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\TLrdsNo.exe
  C:\Windows\System\TLrdsNo.exe
  2⤵
  PID:4524
- C:\Windows\System\kVAcpTm.exe
  C:\Windows\System\kVAcpTm.exe
  2⤵
  PID:1460
- C:\Windows\System\PHjNaYR.exe
  C:\Windows\System\PHjNaYR.exe
  2⤵
  PID:1292
- C:\Windows\System\hUDDCUn.exe
  C:\Windows\System\hUDDCUn.exe
  2⤵
  PID:2280
- C:\Windows\System\NcataSx.exe
  C:\Windows\System\NcataSx.exe
  2⤵
  PID:4424
- C:\Windows\System\sJlOHwp.exe
  C:\Windows\System\sJlOHwp.exe
  2⤵
  PID:3356
- C:\Windows\System\iUubJwL.exe
  C:\Windows\System\iUubJwL.exe
  2⤵
  PID:2960
- C:\Windows\System\HowFEsS.exe
  C:\Windows\System\HowFEsS.exe
  2⤵
  PID:4324
- C:\Windows\System\JVDhMxw.exe
  C:\Windows\System\JVDhMxw.exe
  2⤵
  PID:1520
- C:\Windows\System\NOKcJdK.exe
  C:\Windows\System\NOKcJdK.exe
  2⤵
  PID:1084
- C:\Windows\System\WfrVoPd.exe
  C:\Windows\System\WfrVoPd.exe
  2⤵
  PID:1472
- C:\Windows\System\XnXFuTE.exe
  C:\Windows\System\XnXFuTE.exe
  2⤵
  PID:2396
- C:\Windows\System\KWoXZmq.exe
  C:\Windows\System\KWoXZmq.exe
  2⤵
  PID:3824
- C:\Windows\System\GFEYBhk.exe
  C:\Windows\System\GFEYBhk.exe
  2⤵
  PID:1492
- C:\Windows\System\RtABBYB.exe
  C:\Windows\System\RtABBYB.exe
  2⤵
  PID:3060
- C:\Windows\System\xFQvJFC.exe
  C:\Windows\System\xFQvJFC.exe
  2⤵
  PID:3972
- C:\Windows\System\YbUldmp.exe
  C:\Windows\System\YbUldmp.exe
  2⤵
  PID:5128
- C:\Windows\System\OmkinYz.exe
  C:\Windows\System\OmkinYz.exe
  2⤵
  PID:5156
- C:\Windows\System\dZGVqKP.exe
  C:\Windows\System\dZGVqKP.exe
  2⤵
  PID:5184
- C:\Windows\System\zskdKqt.exe
  C:\Windows\System\zskdKqt.exe
  2⤵
  PID:5212
- C:\Windows\System\uuQBktx.exe
  C:\Windows\System\uuQBktx.exe
  2⤵
  PID:5240
- C:\Windows\System\ybHJHZz.exe
  C:\Windows\System\ybHJHZz.exe
  2⤵
  PID:5268
- C:\Windows\System\cMWriQc.exe
  C:\Windows\System\cMWriQc.exe
  2⤵
  PID:5296
- C:\Windows\System\TVSyzIs.exe
  C:\Windows\System\TVSyzIs.exe
  2⤵
  PID:5324
- C:\Windows\System\YBiIFpQ.exe
  C:\Windows\System\YBiIFpQ.exe
  2⤵
  PID:5352
- C:\Windows\System\buJtcZh.exe
  C:\Windows\System\buJtcZh.exe
  2⤵
  PID:5380
- C:\Windows\System\JXfyXNk.exe
  C:\Windows\System\JXfyXNk.exe
  2⤵
  PID:5408
- C:\Windows\System\KUJWvOD.exe
  C:\Windows\System\KUJWvOD.exe
  2⤵
  PID:5436
- C:\Windows\System\rtFegFF.exe
  C:\Windows\System\rtFegFF.exe
  2⤵
  PID:5464
- C:\Windows\System\LaATEKU.exe
  C:\Windows\System\LaATEKU.exe
  2⤵
  PID:5492
- C:\Windows\System\HprhJTy.exe
  C:\Windows\System\HprhJTy.exe
  2⤵
  PID:5520
- C:\Windows\System\rznxSZI.exe
  C:\Windows\System\rznxSZI.exe
  2⤵
  PID:5548
- C:\Windows\System\bMRzHVq.exe
  C:\Windows\System\bMRzHVq.exe
  2⤵
  PID:5576
- C:\Windows\System\WNpXibn.exe
  C:\Windows\System\WNpXibn.exe
  2⤵
  PID:5604
- C:\Windows\System\YVlyxNf.exe
  C:\Windows\System\YVlyxNf.exe
  2⤵
  PID:5632
- C:\Windows\System\rivuHuT.exe
  C:\Windows\System\rivuHuT.exe
  2⤵
  PID:5660
- C:\Windows\System\SothFrb.exe
  C:\Windows\System\SothFrb.exe
  2⤵
  PID:5688
- C:\Windows\System\eJMyJIc.exe
  C:\Windows\System\eJMyJIc.exe
  2⤵
  PID:5716
- C:\Windows\System\QbnfZcn.exe
  C:\Windows\System\QbnfZcn.exe
  2⤵
  PID:5744
- C:\Windows\System\ncmgWqW.exe
  C:\Windows\System\ncmgWqW.exe
  2⤵
  PID:5772
- C:\Windows\System\cHjovmm.exe
  C:\Windows\System\cHjovmm.exe
  2⤵
  PID:5788
- C:\Windows\System\zGeBGyA.exe
  C:\Windows\System\zGeBGyA.exe
  2⤵
  PID:5824
- C:\Windows\System\sbbnMXa.exe
  C:\Windows\System\sbbnMXa.exe
  2⤵
  PID:5856
- C:\Windows\System\RMitXqz.exe
  C:\Windows\System\RMitXqz.exe
  2⤵
  PID:5884
- C:\Windows\System\iEclHTl.exe
  C:\Windows\System\iEclHTl.exe
  2⤵
  PID:5912
- C:\Windows\System\aTMeLTa.exe
  C:\Windows\System\aTMeLTa.exe
  2⤵
  PID:5940
- C:\Windows\System\XfdcHWT.exe
  C:\Windows\System\XfdcHWT.exe
  2⤵
  PID:5968
- C:\Windows\System\LYZpUXl.exe
  C:\Windows\System\LYZpUXl.exe
  2⤵
  PID:5996
- C:\Windows\System\JlnbDOE.exe
  C:\Windows\System\JlnbDOE.exe
  2⤵
  PID:6024
- C:\Windows\System\ApWlcqH.exe
  C:\Windows\System\ApWlcqH.exe
  2⤵
  PID:6052
- C:\Windows\System\MkmLFac.exe
  C:\Windows\System\MkmLFac.exe
  2⤵
  PID:6080
- C:\Windows\System\LRgNURo.exe
  C:\Windows\System\LRgNURo.exe
  2⤵
  PID:6104
- C:\Windows\System\fHsfqyp.exe
  C:\Windows\System\fHsfqyp.exe
  2⤵
  PID:6136
- C:\Windows\System\ZsKsmZL.exe
  C:\Windows\System\ZsKsmZL.exe
  2⤵
  PID:4228
- C:\Windows\System\YTcpTOe.exe
  C:\Windows\System\YTcpTOe.exe
  2⤵
  PID:888
- C:\Windows\System\IxxNYwW.exe
  C:\Windows\System\IxxNYwW.exe
  2⤵
  PID:1288
- C:\Windows\System\Tlccmla.exe
  C:\Windows\System\Tlccmla.exe
  2⤵
  PID:5040
- C:\Windows\System\IituPhL.exe
  C:\Windows\System\IituPhL.exe
  2⤵
  PID:1452
- C:\Windows\System\yzfZQLS.exe
  C:\Windows\System\yzfZQLS.exe
  2⤵
  PID:5176
- C:\Windows\System\HyfDvmO.exe
  C:\Windows\System\HyfDvmO.exe
  2⤵
  PID:5252
- C:\Windows\System\LfagJYL.exe
  C:\Windows\System\LfagJYL.exe
  2⤵
  PID:5312
- C:\Windows\System\gJngeCY.exe
  C:\Windows\System\gJngeCY.exe
  2⤵
  PID:5372
- C:\Windows\System\zHroklx.exe
  C:\Windows\System\zHroklx.exe
  2⤵
  PID:5448
- C:\Windows\System\QPIcpCe.exe
  C:\Windows\System\QPIcpCe.exe
  2⤵
  PID:5508
- C:\Windows\System\npVWzls.exe
  C:\Windows\System\npVWzls.exe
  2⤵
  PID:5568
- C:\Windows\System\ulFDqLC.exe
  C:\Windows\System\ulFDqLC.exe
  2⤵
  PID:5644
- C:\Windows\System\HoaNTmf.exe
  C:\Windows\System\HoaNTmf.exe
  2⤵
  PID:5704
- C:\Windows\System\IjIPlIT.exe
  C:\Windows\System\IjIPlIT.exe
  2⤵
  PID:5764
- C:\Windows\System\gHrWzVF.exe
  C:\Windows\System\gHrWzVF.exe
  2⤵
  PID:5840
- C:\Windows\System\zRAvItH.exe
  C:\Windows\System\zRAvItH.exe
  2⤵
  PID:5900
- C:\Windows\System\gQxuKvF.exe
  C:\Windows\System\gQxuKvF.exe
  2⤵
  PID:5960
- C:\Windows\System\zqwnWfy.exe
  C:\Windows\System\zqwnWfy.exe
  2⤵
  PID:6036
- C:\Windows\System\HmsVDTY.exe
  C:\Windows\System\HmsVDTY.exe
  2⤵
  PID:6096
- C:\Windows\System\wXDPHQc.exe
  C:\Windows\System\wXDPHQc.exe
  2⤵
  PID:920
- C:\Windows\System\GuiySuA.exe
  C:\Windows\System\GuiySuA.exe
  2⤵
  PID:3944
- C:\Windows\System\IMuuBpk.exe
  C:\Windows\System\IMuuBpk.exe
  2⤵
  PID:5148
- C:\Windows\System\MuzABNK.exe
  C:\Windows\System\MuzABNK.exe
  2⤵
  PID:5288
- C:\Windows\System\RDxXXip.exe
  C:\Windows\System\RDxXXip.exe
  2⤵
  PID:5476
- C:\Windows\System\DqQFlie.exe
  C:\Windows\System\DqQFlie.exe
  2⤵
  PID:5616
- C:\Windows\System\vgmUlrs.exe
  C:\Windows\System\vgmUlrs.exe
  2⤵
  PID:5756
- C:\Windows\System\sSskprp.exe
  C:\Windows\System\sSskprp.exe
  2⤵
  PID:5952
- C:\Windows\System\GmGEqyG.exe
  C:\Windows\System\GmGEqyG.exe
  2⤵
  PID:6068
- C:\Windows\System\lZMdWIS.exe
  C:\Windows\System\lZMdWIS.exe
  2⤵
  PID:6164
- C:\Windows\System\IjoNhJA.exe
  C:\Windows\System\IjoNhJA.exe
  2⤵
  PID:6192
- C:\Windows\System\aRsMdYH.exe
  C:\Windows\System\aRsMdYH.exe
  2⤵
  PID:6220
- C:\Windows\System\hjkjbLJ.exe
  C:\Windows\System\hjkjbLJ.exe
  2⤵
  PID:6248
- C:\Windows\System\bBwJbaE.exe
  C:\Windows\System\bBwJbaE.exe
  2⤵
  PID:6276
- C:\Windows\System\dRLGKpS.exe
  C:\Windows\System\dRLGKpS.exe
  2⤵
  PID:6304
- C:\Windows\System\LzaPjhm.exe
  C:\Windows\System\LzaPjhm.exe
  2⤵
  PID:6332
- C:\Windows\System\xBgAIne.exe
  C:\Windows\System\xBgAIne.exe
  2⤵
  PID:6360
- C:\Windows\System\RgEnibj.exe
  C:\Windows\System\RgEnibj.exe
  2⤵
  PID:6388
- C:\Windows\System\Paifuzd.exe
  C:\Windows\System\Paifuzd.exe
  2⤵
  PID:6420
- C:\Windows\System\bGNiISg.exe
  C:\Windows\System\bGNiISg.exe
  2⤵
  PID:6460
- C:\Windows\System\YWHxlVj.exe
  C:\Windows\System\YWHxlVj.exe
  2⤵
  PID:6484
- C:\Windows\System\JWMLIPr.exe
  C:\Windows\System\JWMLIPr.exe
  2⤵
  PID:6500
- C:\Windows\System\KfIAOoF.exe
  C:\Windows\System\KfIAOoF.exe
  2⤵
  PID:6528
- C:\Windows\System\ZWppPKN.exe
  C:\Windows\System\ZWppPKN.exe
  2⤵
  PID:6556
- C:\Windows\System\jZNFDwQ.exe
  C:\Windows\System\jZNFDwQ.exe
  2⤵
  PID:6584
- C:\Windows\System\aWYtWwN.exe
  C:\Windows\System\aWYtWwN.exe
  2⤵
  PID:6612
- C:\Windows\System\AZGQdGO.exe
  C:\Windows\System\AZGQdGO.exe
  2⤵
  PID:6640
- C:\Windows\System\BJHXkeN.exe
  C:\Windows\System\BJHXkeN.exe
  2⤵
  PID:6668
- C:\Windows\System\XMVFFZt.exe
  C:\Windows\System\XMVFFZt.exe
  2⤵
  PID:6696
- C:\Windows\System\ybWtzGf.exe
  C:\Windows\System\ybWtzGf.exe
  2⤵
  PID:6724
- C:\Windows\System\Jjhhoad.exe
  C:\Windows\System\Jjhhoad.exe
  2⤵
  PID:6752
- C:\Windows\System\eGblelz.exe
  C:\Windows\System\eGblelz.exe
  2⤵
  PID:6780
- C:\Windows\System\KVAVBcr.exe
  C:\Windows\System\KVAVBcr.exe
  2⤵
  PID:6808
- C:\Windows\System\Etzpudn.exe
  C:\Windows\System\Etzpudn.exe
  2⤵
  PID:6836
- C:\Windows\System\IqxbgzM.exe
  C:\Windows\System\IqxbgzM.exe
  2⤵
  PID:6864
- C:\Windows\System\DQGtqUF.exe
  C:\Windows\System\DQGtqUF.exe
  2⤵
  PID:6892
- C:\Windows\System\JvNaJCE.exe
  C:\Windows\System\JvNaJCE.exe
  2⤵
  PID:6920
- C:\Windows\System\DGOOuFD.exe
  C:\Windows\System\DGOOuFD.exe
  2⤵
  PID:6948
- C:\Windows\System\KeXLeES.exe
  C:\Windows\System\KeXLeES.exe
  2⤵
  PID:6976
- C:\Windows\System\XIpAenQ.exe
  C:\Windows\System\XIpAenQ.exe
  2⤵
  PID:7004
- C:\Windows\System\PWjymYq.exe
  C:\Windows\System\PWjymYq.exe
  2⤵
  PID:7032
- C:\Windows\System\iwcqlRo.exe
  C:\Windows\System\iwcqlRo.exe
  2⤵
  PID:7060
- C:\Windows\System\auHvmMq.exe
  C:\Windows\System\auHvmMq.exe
  2⤵
  PID:7088
- C:\Windows\System\kglzQhh.exe
  C:\Windows\System\kglzQhh.exe
  2⤵
  PID:7116
- C:\Windows\System\mwVRcTt.exe
  C:\Windows\System\mwVRcTt.exe
  2⤵
  PID:7144
- C:\Windows\System\KxqCEKr.exe
  C:\Windows\System\KxqCEKr.exe
  2⤵
  PID:6128
- C:\Windows\System\wpsoTCF.exe
  C:\Windows\System\wpsoTCF.exe
  2⤵
  PID:4012
- C:\Windows\System\dBsPxDc.exe
  C:\Windows\System\dBsPxDc.exe
  2⤵
  PID:5420
- C:\Windows\System\fbNFAmD.exe
  C:\Windows\System\fbNFAmD.exe
  2⤵
  PID:5812
- C:\Windows\System\ZuJWBkb.exe
  C:\Windows\System\ZuJWBkb.exe
  2⤵
  PID:6152
- C:\Windows\System\rdobLNY.exe
  C:\Windows\System\rdobLNY.exe
  2⤵
  PID:6212
- C:\Windows\System\SVZHZKi.exe
  C:\Windows\System\SVZHZKi.exe
  2⤵
  PID:6288
- C:\Windows\System\IKTmTvs.exe
  C:\Windows\System\IKTmTvs.exe
  2⤵
  PID:6344
- C:\Windows\System\uUXUNNN.exe
  C:\Windows\System\uUXUNNN.exe
  2⤵
  PID:6404
- C:\Windows\System\cxOMuQA.exe
  C:\Windows\System\cxOMuQA.exe
  2⤵
  PID:6468
- C:\Windows\System\mKXaGmq.exe
  C:\Windows\System\mKXaGmq.exe
  2⤵
  PID:6516
- C:\Windows\System\BNsMHyT.exe
  C:\Windows\System\BNsMHyT.exe
  2⤵
  PID:6576
- C:\Windows\System\PIcOcfF.exe
  C:\Windows\System\PIcOcfF.exe
  2⤵
  PID:6652
- C:\Windows\System\uGMahgW.exe
  C:\Windows\System\uGMahgW.exe
  2⤵
  PID:6712
- C:\Windows\System\DSSYwSa.exe
  C:\Windows\System\DSSYwSa.exe
  2⤵
  PID:6772
- C:\Windows\System\FkXznyn.exe
  C:\Windows\System\FkXznyn.exe
  2⤵
  PID:6828
- C:\Windows\System\qCssQbT.exe
  C:\Windows\System\qCssQbT.exe
  2⤵
  PID:6884
- C:\Windows\System\XmWuwwR.exe
  C:\Windows\System\XmWuwwR.exe
  2⤵
  PID:6960
- C:\Windows\System\gShafpe.exe
  C:\Windows\System\gShafpe.exe
  2⤵
  PID:7020
- C:\Windows\System\ARmEseV.exe
  C:\Windows\System\ARmEseV.exe
  2⤵
  PID:1216
- C:\Windows\System\nmvRaYD.exe
  C:\Windows\System\nmvRaYD.exe
  2⤵
  PID:7128
- C:\Windows\System\zqEvqwq.exe
  C:\Windows\System\zqEvqwq.exe
  2⤵
  PID:4988
- C:\Windows\System\fTETYHG.exe
  C:\Windows\System\fTETYHG.exe
  2⤵
  PID:5280
- C:\Windows\System\Mgeiufk.exe
  C:\Windows\System\Mgeiufk.exe
  2⤵
  PID:6012
- C:\Windows\System\YRnlKyt.exe
  C:\Windows\System\YRnlKyt.exe
  2⤵
  PID:6260
- C:\Windows\System\fsdPgra.exe
  C:\Windows\System\fsdPgra.exe
  2⤵
  PID:6380
- C:\Windows\System\PHAGnxk.exe
  C:\Windows\System\PHAGnxk.exe
  2⤵
  PID:6496
- C:\Windows\System\skpfQyO.exe
  C:\Windows\System\skpfQyO.exe
  2⤵
  PID:4736
- C:\Windows\System\GpFfysZ.exe
  C:\Windows\System\GpFfysZ.exe
  2⤵
  PID:6688
- C:\Windows\System\AcVwOlp.exe
  C:\Windows\System\AcVwOlp.exe
  2⤵
  PID:3156
- C:\Windows\System\PUqgtaq.exe
  C:\Windows\System\PUqgtaq.exe
  2⤵
  PID:4768
- C:\Windows\System\rrZdVlS.exe
  C:\Windows\System\rrZdVlS.exe
  2⤵
  PID:6204
- C:\Windows\System\lZauoUT.exe
  C:\Windows\System\lZauoUT.exe
  2⤵
  PID:4428
- C:\Windows\System\EtBgwMN.exe
  C:\Windows\System\EtBgwMN.exe
  2⤵
  PID:6492
- C:\Windows\System\UFaTLNN.exe
  C:\Windows\System\UFaTLNN.exe
  2⤵
  PID:4816
- C:\Windows\System\ZdAULME.exe
  C:\Windows\System\ZdAULME.exe
  2⤵
  PID:6744
- C:\Windows\System\FurVADq.exe
  C:\Windows\System\FurVADq.exe
  2⤵
  PID:220
- C:\Windows\System\LCYCGwI.exe
  C:\Windows\System\LCYCGwI.exe
  2⤵
  PID:4360
- C:\Windows\System\YlmvUhn.exe
  C:\Windows\System\YlmvUhn.exe
  2⤵
  PID:4352
- C:\Windows\System\zpTbuoY.exe
  C:\Windows\System\zpTbuoY.exe
  2⤵
  PID:4920
- C:\Windows\System\OpKhfLv.exe
  C:\Windows\System\OpKhfLv.exe
  2⤵
  PID:6680
- C:\Windows\System\LHvQZBV.exe
  C:\Windows\System\LHvQZBV.exe
  2⤵
  PID:644
- C:\Windows\System\eidYdLO.exe
  C:\Windows\System\eidYdLO.exe
  2⤵
  PID:7192
- C:\Windows\System\oZjZoAw.exe
  C:\Windows\System\oZjZoAw.exe
  2⤵
  PID:7224
- C:\Windows\System\lXcRimo.exe
  C:\Windows\System\lXcRimo.exe
  2⤵
  PID:7248
- C:\Windows\System\MiMSELE.exe
  C:\Windows\System\MiMSELE.exe
  2⤵
  PID:7288
- C:\Windows\System\CPXqyqn.exe
  C:\Windows\System\CPXqyqn.exe
  2⤵
  PID:7388
- C:\Windows\System\qrWnnfI.exe
  C:\Windows\System\qrWnnfI.exe
  2⤵
  PID:7416
- C:\Windows\System\XDxjugJ.exe
  C:\Windows\System\XDxjugJ.exe
  2⤵
  PID:7504
- C:\Windows\System\RiGzxpt.exe
  C:\Windows\System\RiGzxpt.exe
  2⤵
  PID:7520
- C:\Windows\System\WvQgHiy.exe
  C:\Windows\System\WvQgHiy.exe
  2⤵
  PID:7552
- C:\Windows\System\vFQicCz.exe
  C:\Windows\System\vFQicCz.exe
  2⤵
  PID:7588
- C:\Windows\System\uLiVcSw.exe
  C:\Windows\System\uLiVcSw.exe
  2⤵
  PID:7624
- C:\Windows\System\guMrJFz.exe
  C:\Windows\System\guMrJFz.exe
  2⤵
  PID:7652
- C:\Windows\System\ZmePheB.exe
  C:\Windows\System\ZmePheB.exe
  2⤵
  PID:7672
- C:\Windows\System\bpdYAaJ.exe
  C:\Windows\System\bpdYAaJ.exe
  2⤵
  PID:7704
- C:\Windows\System\eJgfdgZ.exe
  C:\Windows\System\eJgfdgZ.exe
  2⤵
  PID:7728
- C:\Windows\System\qUoCCsa.exe
  C:\Windows\System\qUoCCsa.exe
  2⤵
  PID:7776
- C:\Windows\System\jIvcKaO.exe
  C:\Windows\System\jIvcKaO.exe
  2⤵
  PID:7800
- C:\Windows\System\PYBsjqx.exe
  C:\Windows\System\PYBsjqx.exe
  2⤵
  PID:7836
- C:\Windows\System\VwTvgej.exe
  C:\Windows\System\VwTvgej.exe
  2⤵
  PID:7872
- C:\Windows\System\czmUZMq.exe
  C:\Windows\System\czmUZMq.exe
  2⤵
  PID:7900
- C:\Windows\System\FCscKWp.exe
  C:\Windows\System\FCscKWp.exe
  2⤵
  PID:7928
- C:\Windows\System\JPUlsOB.exe
  C:\Windows\System\JPUlsOB.exe
  2⤵
  PID:7948
- C:\Windows\System\cCrbmCn.exe
  C:\Windows\System\cCrbmCn.exe
  2⤵
  PID:7984
- C:\Windows\System\qROxhun.exe
  C:\Windows\System\qROxhun.exe
  2⤵
  PID:8000
- C:\Windows\System\KwcKJKh.exe
  C:\Windows\System\KwcKJKh.exe
  2⤵
  PID:8032
- C:\Windows\System\DluSVOy.exe
  C:\Windows\System\DluSVOy.exe
  2⤵
  PID:8060
- C:\Windows\System\yelpQkE.exe
  C:\Windows\System\yelpQkE.exe
  2⤵
  PID:8096
- C:\Windows\System\PTSjPAB.exe
  C:\Windows\System\PTSjPAB.exe
  2⤵
  PID:8128
- C:\Windows\System\GnVvBfx.exe
  C:\Windows\System\GnVvBfx.exe
  2⤵
  PID:8160
- C:\Windows\System\cWXnaVy.exe
  C:\Windows\System\cWXnaVy.exe
  2⤵
  PID:8188
- C:\Windows\System\FGqbzho.exe
  C:\Windows\System\FGqbzho.exe
  2⤵
  PID:4512
- C:\Windows\System\VwaFChH.exe
  C:\Windows\System\VwaFChH.exe
  2⤵
  PID:5036
- C:\Windows\System\cJFOOAu.exe
  C:\Windows\System\cJFOOAu.exe
  2⤵
  PID:7212
- C:\Windows\System\ZWdnkbL.exe
  C:\Windows\System\ZWdnkbL.exe
  2⤵
  PID:7276
- C:\Windows\System\JagpAag.exe
  C:\Windows\System\JagpAag.exe
  2⤵
  PID:7364
- C:\Windows\System\IDJSDNy.exe
  C:\Windows\System\IDJSDNy.exe
  2⤵
  PID:3116
- C:\Windows\System\gSGNrGa.exe
  C:\Windows\System\gSGNrGa.exe
  2⤵
  PID:7408
- C:\Windows\System\eRKLTsh.exe
  C:\Windows\System\eRKLTsh.exe
  2⤵
  PID:7340
- C:\Windows\System\eqaqUDu.exe
  C:\Windows\System\eqaqUDu.exe
  2⤵
  PID:7564
- C:\Windows\System\FFXfQsR.exe
  C:\Windows\System\FFXfQsR.exe
  2⤵
  PID:7604
- C:\Windows\System\oJGtVgi.exe
  C:\Windows\System\oJGtVgi.exe
  2⤵
  PID:7720
- C:\Windows\System\RDHfVHb.exe
  C:\Windows\System\RDHfVHb.exe
  2⤵
  PID:7816
- C:\Windows\System\ZCrFBBe.exe
  C:\Windows\System\ZCrFBBe.exe
  2⤵
  PID:7828
- C:\Windows\System\iczfMcu.exe
  C:\Windows\System\iczfMcu.exe
  2⤵
  PID:7892
- C:\Windows\System\zJjUeHm.exe
  C:\Windows\System\zJjUeHm.exe
  2⤵
  PID:7980
- C:\Windows\System\SfLVhJt.exe
  C:\Windows\System\SfLVhJt.exe
  2⤵
  PID:8048
- C:\Windows\System\sKDhkhW.exe
  C:\Windows\System\sKDhkhW.exe
  2⤵
  PID:8120
- C:\Windows\System\zBjwuWp.exe
  C:\Windows\System\zBjwuWp.exe
  2⤵
  PID:1028
- C:\Windows\System\BbAUFQF.exe
  C:\Windows\System\BbAUFQF.exe
  2⤵
  PID:7272
- C:\Windows\System\OeLwtUp.exe
  C:\Windows\System\OeLwtUp.exe
  2⤵
  PID:7172
- C:\Windows\System\wGTSArd.exe
  C:\Windows\System\wGTSArd.exe
  2⤵
  PID:7160
- C:\Windows\System\wvKvYJg.exe
  C:\Windows\System\wvKvYJg.exe
  2⤵
  PID:7568
- C:\Windows\System\tNfKYPg.exe
  C:\Windows\System\tNfKYPg.exe
  2⤵
  PID:7784
- C:\Windows\System\IpDrjoV.exe
  C:\Windows\System\IpDrjoV.exe
  2⤵
  PID:7944
- C:\Windows\System\XvbGrmX.exe
  C:\Windows\System\XvbGrmX.exe
  2⤵
  PID:8080
- C:\Windows\System\pKSjBVo.exe
  C:\Windows\System\pKSjBVo.exe
  2⤵
  PID:8180
- C:\Windows\System\FhmFHyv.exe
  C:\Windows\System\FhmFHyv.exe
  2⤵
  PID:6440
- C:\Windows\System\VlLSxPW.exe
  C:\Windows\System\VlLSxPW.exe
  2⤵
  PID:7924
- C:\Windows\System\yEzJpSe.exe
  C:\Windows\System\yEzJpSe.exe
  2⤵
  PID:7184
- C:\Windows\System\rlOqTSO.exe
  C:\Windows\System\rlOqTSO.exe
  2⤵
  PID:8156
- C:\Windows\System\rIKaXTu.exe
  C:\Windows\System\rIKaXTu.exe
  2⤵
  PID:8092
- C:\Windows\System\maTIugK.exe
  C:\Windows\System\maTIugK.exe
  2⤵
  PID:7464
- C:\Windows\System\qnMGTUN.exe
  C:\Windows\System\qnMGTUN.exe
  2⤵
  PID:7456
- C:\Windows\System\wkQiHwu.exe
  C:\Windows\System\wkQiHwu.exe
  2⤵
  PID:8200
- C:\Windows\System\iYmJEZq.exe
  C:\Windows\System\iYmJEZq.exe
  2⤵
  PID:8220
- C:\Windows\System\DqDabeE.exe
  C:\Windows\System\DqDabeE.exe
  2⤵
  PID:8256
- C:\Windows\System\WJjLJDi.exe
  C:\Windows\System\WJjLJDi.exe
  2⤵
  PID:8292
- C:\Windows\System\nzXvggc.exe
  C:\Windows\System\nzXvggc.exe
  2⤵
  PID:8308
- C:\Windows\System\zBAHPCa.exe
  C:\Windows\System\zBAHPCa.exe
  2⤵
  PID:8348
- C:\Windows\System\RvfQlZa.exe
  C:\Windows\System\RvfQlZa.exe
  2⤵
  PID:8392
- C:\Windows\System\zkEQOyJ.exe
  C:\Windows\System\zkEQOyJ.exe
  2⤵
  PID:8408
- C:\Windows\System\xrxrBGB.exe
  C:\Windows\System\xrxrBGB.exe
  2⤵
  PID:8428
- C:\Windows\System\aHVEBPb.exe
  C:\Windows\System\aHVEBPb.exe
  2⤵
  PID:8464
- C:\Windows\System\RmipKCO.exe
  C:\Windows\System\RmipKCO.exe
  2⤵
  PID:8504
- C:\Windows\System\NtySNau.exe
  C:\Windows\System\NtySNau.exe
  2⤵
  PID:8544
- C:\Windows\System\aRTUDbY.exe
  C:\Windows\System\aRTUDbY.exe
  2⤵
  PID:8572
- C:\Windows\System\zggDTMZ.exe
  C:\Windows\System\zggDTMZ.exe
  2⤵
  PID:8600
- C:\Windows\System\ViefFmr.exe
  C:\Windows\System\ViefFmr.exe
  2⤵
  PID:8620
- C:\Windows\System\kiBJOQl.exe
  C:\Windows\System\kiBJOQl.exe
  2⤵
  PID:8656
- C:\Windows\System\iDXgSmv.exe
  C:\Windows\System\iDXgSmv.exe
  2⤵
  PID:8672
- C:\Windows\System\vYlQXkx.exe
  C:\Windows\System\vYlQXkx.exe
  2⤵
  PID:8708
- C:\Windows\System\smGfUqJ.exe
  C:\Windows\System\smGfUqJ.exe
  2⤵
  PID:8740
- C:\Windows\System\yFgtiPD.exe
  C:\Windows\System\yFgtiPD.exe
  2⤵
  PID:8768
- C:\Windows\System\RGppSUk.exe
  C:\Windows\System\RGppSUk.exe
  2⤵
  PID:8788
- C:\Windows\System\EgSWrKC.exe
  C:\Windows\System\EgSWrKC.exe
  2⤵
  PID:8824
- C:\Windows\System\cVoYtZW.exe
  C:\Windows\System\cVoYtZW.exe
  2⤵
  PID:8856
- C:\Windows\System\dJmXSLt.exe
  C:\Windows\System\dJmXSLt.exe
  2⤵
  PID:8876
- C:\Windows\System\BfZvutq.exe
  C:\Windows\System\BfZvutq.exe
  2⤵
  PID:8900
- C:\Windows\System\aBEsShU.exe
  C:\Windows\System\aBEsShU.exe
  2⤵
  PID:8936
- C:\Windows\System\MceNYQe.exe
  C:\Windows\System\MceNYQe.exe
  2⤵
  PID:8960
- C:\Windows\System\czvOXia.exe
  C:\Windows\System\czvOXia.exe
  2⤵
  PID:9000
- C:\Windows\System\CEUqBhY.exe
  C:\Windows\System\CEUqBhY.exe
  2⤵
  PID:9016
- C:\Windows\System\naAZLiY.exe
  C:\Windows\System\naAZLiY.exe
  2⤵
  PID:9060
- C:\Windows\System\qkTdWnu.exe
  C:\Windows\System\qkTdWnu.exe
  2⤵
  PID:9084
- C:\Windows\System\icqXuLN.exe
  C:\Windows\System\icqXuLN.exe
  2⤵
  PID:9116
- C:\Windows\System\PDIoiUZ.exe
  C:\Windows\System\PDIoiUZ.exe
  2⤵
  PID:9144
- C:\Windows\System\OjvCwaN.exe
  C:\Windows\System\OjvCwaN.exe
  2⤵
  PID:9172
- C:\Windows\System\SXcDDqI.exe
  C:\Windows\System\SXcDDqI.exe
  2⤵
  PID:9200
- C:\Windows\System\MYCirou.exe
  C:\Windows\System\MYCirou.exe
  2⤵
  PID:8216
- C:\Windows\System\xSmBSbB.exe
  C:\Windows\System\xSmBSbB.exe
  2⤵
  PID:8288
- C:\Windows\System\uHhfSBj.exe
  C:\Windows\System\uHhfSBj.exe
  2⤵
  PID:4632
- C:\Windows\System\fdifgKe.exe
  C:\Windows\System\fdifgKe.exe
  2⤵
  PID:1864
- C:\Windows\System\CRGzAZP.exe
  C:\Windows\System\CRGzAZP.exe
  2⤵
  PID:4224
- C:\Windows\System\cWBWADR.exe
  C:\Windows\System\cWBWADR.exe
  2⤵
  PID:8440
- C:\Windows\System\zGLNHrB.exe
  C:\Windows\System\zGLNHrB.exe
  2⤵
  PID:8528
- C:\Windows\System\zySPwWB.exe
  C:\Windows\System\zySPwWB.exe
  2⤵
  PID:4256
- C:\Windows\System\QfwjwcO.exe
  C:\Windows\System\QfwjwcO.exe
  2⤵
  PID:8688
- C:\Windows\System\gMHErFZ.exe
  C:\Windows\System\gMHErFZ.exe
  2⤵
  PID:8732
- C:\Windows\System\RPNDXNC.exe
  C:\Windows\System\RPNDXNC.exe
  2⤵
  PID:8776
- C:\Windows\System\TJwTKIh.exe
  C:\Windows\System\TJwTKIh.exe
  2⤵
  PID:8884
- C:\Windows\System\IOzEPmJ.exe
  C:\Windows\System\IOzEPmJ.exe
  2⤵
  PID:8948
- C:\Windows\System\YCDWzgf.exe
  C:\Windows\System\YCDWzgf.exe
  2⤵
  PID:8984
- C:\Windows\System\GexmNfE.exe
  C:\Windows\System\GexmNfE.exe
  2⤵
  PID:9076
- C:\Windows\System\uoeqBCd.exe
  C:\Windows\System\uoeqBCd.exe
  2⤵
  PID:9136
- C:\Windows\System\jrXnqRd.exe
  C:\Windows\System\jrXnqRd.exe
  2⤵
  PID:9168
- C:\Windows\System\qmaWDFi.exe
  C:\Windows\System\qmaWDFi.exe
  2⤵
  PID:8228
- C:\Windows\System\xdVNGCb.exe
  C:\Windows\System\xdVNGCb.exe
  2⤵
  PID:8400
- C:\Windows\System\liEEuki.exe
  C:\Windows\System\liEEuki.exe
  2⤵
  PID:8556
- C:\Windows\System\fMiSvda.exe
  C:\Windows\System\fMiSvda.exe
  2⤵
  PID:8564
- C:\Windows\System\urdkKqP.exe
  C:\Windows\System\urdkKqP.exe
  2⤵
  PID:8724
- C:\Windows\System\VUKLZAv.exe
  C:\Windows\System\VUKLZAv.exe
  2⤵
  PID:8928
- C:\Windows\System\XubNKtT.exe
  C:\Windows\System\XubNKtT.exe
  2⤵
  PID:9100
- C:\Windows\System\MvSKCsl.exe
  C:\Windows\System\MvSKCsl.exe
  2⤵
  PID:9160
- C:\Windows\System\ZDBBFUK.exe
  C:\Windows\System\ZDBBFUK.exe
  2⤵
  PID:8500
- C:\Windows\System\jrUfdfW.exe
  C:\Windows\System\jrUfdfW.exe
  2⤵
  PID:8664
- C:\Windows\System\MyLpKhD.exe
  C:\Windows\System\MyLpKhD.exe
  2⤵
  PID:7400
- C:\Windows\System\hYxDRZI.exe
  C:\Windows\System\hYxDRZI.exe
  2⤵
  PID:8416
- C:\Windows\System\LBryImO.exe
  C:\Windows\System\LBryImO.exe
  2⤵
  PID:8300
- C:\Windows\System\tCyvsrD.exe
  C:\Windows\System\tCyvsrD.exe
  2⤵
  PID:9228
- C:\Windows\System\LUJJabl.exe
  C:\Windows\System\LUJJabl.exe
  2⤵
  PID:9268
- C:\Windows\System\rnIuEGN.exe
  C:\Windows\System\rnIuEGN.exe
  2⤵
  PID:9284
- C:\Windows\System\hRGQVOK.exe
  C:\Windows\System\hRGQVOK.exe
  2⤵
  PID:9324
- C:\Windows\System\qsImjMg.exe
  C:\Windows\System\qsImjMg.exe
  2⤵
  PID:9340
- C:\Windows\System\LrNyxLx.exe
  C:\Windows\System\LrNyxLx.exe
  2⤵
  PID:9356
- C:\Windows\System\HlbFTuj.exe
  C:\Windows\System\HlbFTuj.exe
  2⤵
  PID:9372
- C:\Windows\System\TPeoIyl.exe
  C:\Windows\System\TPeoIyl.exe
  2⤵
  PID:9392
- C:\Windows\System\YSOncdP.exe
  C:\Windows\System\YSOncdP.exe
  2⤵
  PID:9428
- C:\Windows\System\jTSmTAK.exe
  C:\Windows\System\jTSmTAK.exe
  2⤵
  PID:9468
- C:\Windows\System\sNdhpBv.exe
  C:\Windows\System\sNdhpBv.exe
  2⤵
  PID:9520
- C:\Windows\System\zmeMnOj.exe
  C:\Windows\System\zmeMnOj.exe
  2⤵
  PID:9548
- C:\Windows\System\nThcHEh.exe
  C:\Windows\System\nThcHEh.exe
  2⤵
  PID:9572
- C:\Windows\System\yhghGzH.exe
  C:\Windows\System\yhghGzH.exe
  2⤵
  PID:9604
- C:\Windows\System\VtTCkNT.exe
  C:\Windows\System\VtTCkNT.exe
  2⤵
  PID:9628
- C:\Windows\System\QjIaZHb.exe
  C:\Windows\System\QjIaZHb.exe
  2⤵
  PID:9664
- C:\Windows\System\GSvreMH.exe
  C:\Windows\System\GSvreMH.exe
  2⤵
  PID:9692
- C:\Windows\System\qZQVcsN.exe
  C:\Windows\System\qZQVcsN.exe
  2⤵
  PID:9720
- C:\Windows\System\vzYtLKP.exe
  C:\Windows\System\vzYtLKP.exe
  2⤵
  PID:9748
- C:\Windows\System\tfryrFB.exe
  C:\Windows\System\tfryrFB.exe
  2⤵
  PID:9764
- C:\Windows\System\YTdWjJa.exe
  C:\Windows\System\YTdWjJa.exe
  2⤵
  PID:9804
- C:\Windows\System\qhjXzVy.exe
  C:\Windows\System\qhjXzVy.exe
  2⤵
  PID:9832
- C:\Windows\System\JzgvaJE.exe
  C:\Windows\System\JzgvaJE.exe
  2⤵
  PID:9860
- C:\Windows\System\BZPnGDJ.exe
  C:\Windows\System\BZPnGDJ.exe
  2⤵
  PID:9888
- C:\Windows\System\WNAiIlR.exe
  C:\Windows\System\WNAiIlR.exe
  2⤵
  PID:9920
- C:\Windows\System\azARryq.exe
  C:\Windows\System\azARryq.exe
  2⤵
  PID:9936
- C:\Windows\System\TlfIBvj.exe
  C:\Windows\System\TlfIBvj.exe
  2⤵
  PID:9952
- C:\Windows\System\YbTZoBl.exe
  C:\Windows\System\YbTZoBl.exe
  2⤵
  PID:10004
- C:\Windows\System\tGhFpLg.exe
  C:\Windows\System\tGhFpLg.exe
  2⤵
  PID:10032
- C:\Windows\System\jVvqujD.exe
  C:\Windows\System\jVvqujD.exe
  2⤵
  PID:10060
- C:\Windows\System\LMGZOYk.exe
  C:\Windows\System\LMGZOYk.exe
  2⤵
  PID:10076
- C:\Windows\System\LeVoJBw.exe
  C:\Windows\System\LeVoJBw.exe
  2⤵
  PID:10092
- C:\Windows\System\ioutWUp.exe
  C:\Windows\System\ioutWUp.exe
  2⤵
  PID:10136
- C:\Windows\System\xFtchRQ.exe
  C:\Windows\System\xFtchRQ.exe
  2⤵
  PID:10172
- C:\Windows\System\nLOQhlJ.exe
  C:\Windows\System\nLOQhlJ.exe
  2⤵
  PID:10200
- C:\Windows\System\UknnNZi.exe
  C:\Windows\System\UknnNZi.exe
  2⤵
  PID:10228
- C:\Windows\System\dgqqseD.exe
  C:\Windows\System\dgqqseD.exe
  2⤵
  PID:9164
- C:\Windows\System\XQdauhA.exe
  C:\Windows\System\XQdauhA.exe
  2⤵
  PID:9276
- C:\Windows\System\BbZYSKG.exe
  C:\Windows\System\BbZYSKG.exe
  2⤵
  PID:9320
- C:\Windows\System\RDtKXIJ.exe
  C:\Windows\System\RDtKXIJ.exe
  2⤵
  PID:9364
- C:\Windows\System\xegUfnt.exe
  C:\Windows\System\xegUfnt.exe
  2⤵
  PID:9436
- C:\Windows\System\uJvcfwL.exe
  C:\Windows\System\uJvcfwL.exe
  2⤵
  PID:9540
- C:\Windows\System\BBMvVtB.exe
  C:\Windows\System\BBMvVtB.exe
  2⤵
  PID:9600
- C:\Windows\System\NjqLXyR.exe
  C:\Windows\System\NjqLXyR.exe
  2⤵
  PID:9676
- C:\Windows\System\HiUHMDf.exe
  C:\Windows\System\HiUHMDf.exe
  2⤵
  PID:9736
- C:\Windows\System\gudVQwS.exe
  C:\Windows\System\gudVQwS.exe
  2⤵
  PID:9788
- C:\Windows\System\OlHSIjf.exe
  C:\Windows\System\OlHSIjf.exe
  2⤵
  PID:9872
- C:\Windows\System\noVloQW.exe
  C:\Windows\System\noVloQW.exe
  2⤵
  PID:9912
- C:\Windows\System\LbhzWbx.exe
  C:\Windows\System\LbhzWbx.exe
  2⤵
  PID:9988
- C:\Windows\System\ysYGASk.exe
  C:\Windows\System\ysYGASk.exe
  2⤵
  PID:10044
- C:\Windows\System\XJqSPdg.exe
  C:\Windows\System\XJqSPdg.exe
  2⤵
  PID:10104
- C:\Windows\System\gCAVXvN.exe
  C:\Windows\System\gCAVXvN.exe
  2⤵
  PID:10168
- C:\Windows\System\pXSucIB.exe
  C:\Windows\System\pXSucIB.exe
  2⤵
  PID:2404
- C:\Windows\System\kFBJmwF.exe
  C:\Windows\System\kFBJmwF.exe
  2⤵
  PID:9384
- C:\Windows\System\nfcOkpL.exe
  C:\Windows\System\nfcOkpL.exe
  2⤵
  PID:9452
- C:\Windows\System\oWKzNoe.exe
  C:\Windows\System\oWKzNoe.exe
  2⤵
  PID:9708
- C:\Windows\System\cFqFkex.exe
  C:\Windows\System\cFqFkex.exe
  2⤵
  PID:9844
- C:\Windows\System\ZHeyzCt.exe
  C:\Windows\System\ZHeyzCt.exe
  2⤵
  PID:10024
- C:\Windows\System\ITANxsB.exe
  C:\Windows\System\ITANxsB.exe
  2⤵
  PID:10084
- C:\Windows\System\PTLYFUA.exe
  C:\Windows\System\PTLYFUA.exe
  2⤵
  PID:9336
- C:\Windows\System\jTgqWSl.exe
  C:\Windows\System\jTgqWSl.exe
  2⤵
  PID:9624
- C:\Windows\System\REMurrG.exe
  C:\Windows\System\REMurrG.exe
  2⤵
  PID:9932
- C:\Windows\System\MQrswgK.exe
  C:\Windows\System\MQrswgK.exe
  2⤵
  PID:10220
- C:\Windows\System\bjhfUnT.exe
  C:\Windows\System\bjhfUnT.exe
  2⤵
  PID:2964
- C:\Windows\System\vquYdKb.exe
  C:\Windows\System\vquYdKb.exe
  2⤵
  PID:10252
- C:\Windows\System\QONVEDu.exe
  C:\Windows\System\QONVEDu.exe
  2⤵
  PID:10280
- C:\Windows\System\dnvvZQs.exe
  C:\Windows\System\dnvvZQs.exe
  2⤵
  PID:10308
- C:\Windows\System\irNMTMa.exe
  C:\Windows\System\irNMTMa.exe
  2⤵
  PID:10336
- C:\Windows\System\hXavngP.exe
  C:\Windows\System\hXavngP.exe
  2⤵
  PID:10356
- C:\Windows\System\tFmnpzL.exe
  C:\Windows\System\tFmnpzL.exe
  2⤵
  PID:10396
- C:\Windows\System\lMquBqA.exe
  C:\Windows\System\lMquBqA.exe
  2⤵
  PID:10412
- C:\Windows\System\SBKLzcJ.exe
  C:\Windows\System\SBKLzcJ.exe
  2⤵
  PID:10440
- C:\Windows\System\Cnrqkzw.exe
  C:\Windows\System\Cnrqkzw.exe
  2⤵
  PID:10480
- C:\Windows\System\HFBJbdS.exe
  C:\Windows\System\HFBJbdS.exe
  2⤵
  PID:10508
- C:\Windows\System\JJhdImp.exe
  C:\Windows\System\JJhdImp.exe
  2⤵
  PID:10536
- C:\Windows\System\Ymlzsxd.exe
  C:\Windows\System\Ymlzsxd.exe
  2⤵
  PID:10564
- C:\Windows\System\suHfHGC.exe
  C:\Windows\System\suHfHGC.exe
  2⤵
  PID:10592
- C:\Windows\System\RTZKxFO.exe
  C:\Windows\System\RTZKxFO.exe
  2⤵
  PID:10620
- C:\Windows\System\JndqrXg.exe
  C:\Windows\System\JndqrXg.exe
  2⤵
  PID:10648
- C:\Windows\System\MHnjrzg.exe
  C:\Windows\System\MHnjrzg.exe
  2⤵
  PID:10676
- C:\Windows\System\IOquFEL.exe
  C:\Windows\System\IOquFEL.exe
  2⤵
  PID:10704
- C:\Windows\System\icRYmis.exe
  C:\Windows\System\icRYmis.exe
  2⤵
  PID:10724
- C:\Windows\System\iZCyozu.exe
  C:\Windows\System\iZCyozu.exe
  2⤵
  PID:10760
- C:\Windows\System\sXHeKLb.exe
  C:\Windows\System\sXHeKLb.exe
  2⤵
  PID:10784
- C:\Windows\System\JzPIiyD.exe
  C:\Windows\System\JzPIiyD.exe
  2⤵
  PID:10816
- C:\Windows\System\vPTqSBI.exe
  C:\Windows\System\vPTqSBI.exe
  2⤵
  PID:10848
- C:\Windows\System\xsSHHHe.exe
  C:\Windows\System\xsSHHHe.exe
  2⤵
  PID:10880
- C:\Windows\System\mnjcZvo.exe
  C:\Windows\System\mnjcZvo.exe
  2⤵
  PID:10916
- C:\Windows\System\AkgcbBY.exe
  C:\Windows\System\AkgcbBY.exe
  2⤵
  PID:10936
- C:\Windows\System\hTsTFGu.exe
  C:\Windows\System\hTsTFGu.exe
  2⤵
  PID:10988
- C:\Windows\System\TTpAmvl.exe
  C:\Windows\System\TTpAmvl.exe
  2⤵
  PID:11008
- C:\Windows\System\qtRQUnQ.exe
  C:\Windows\System\qtRQUnQ.exe
  2⤵
  PID:11056
- C:\Windows\System\dDsmCwf.exe
  C:\Windows\System\dDsmCwf.exe
  2⤵
  PID:11084
- C:\Windows\System\QVMKAes.exe
  C:\Windows\System\QVMKAes.exe
  2⤵
  PID:11100
- C:\Windows\System\XvqwfXR.exe
  C:\Windows\System\XvqwfXR.exe
  2⤵
  PID:11140
- C:\Windows\System\bHbayBr.exe
  C:\Windows\System\bHbayBr.exe
  2⤵
  PID:11168
- C:\Windows\System\aHUsygM.exe
  C:\Windows\System\aHUsygM.exe
  2⤵
  PID:11184
- C:\Windows\System\oghczhJ.exe
  C:\Windows\System\oghczhJ.exe
  2⤵
  PID:11224
- C:\Windows\System\BOEsOYI.exe
  C:\Windows\System\BOEsOYI.exe
  2⤵
  PID:11252
- C:\Windows\System\DBkuecl.exe
  C:\Windows\System\DBkuecl.exe
  2⤵
  PID:10248
- C:\Windows\System\GWpLwuo.exe
  C:\Windows\System\GWpLwuo.exe
  2⤵
  PID:10264
- C:\Windows\System\llFZedp.exe
  C:\Windows\System\llFZedp.exe
  2⤵
  PID:10388
- C:\Windows\System\bvcQoto.exe
  C:\Windows\System\bvcQoto.exe
  2⤵
  PID:10432
- C:\Windows\System\mwMMtPx.exe
  C:\Windows\System\mwMMtPx.exe
  2⤵
  PID:10524
- C:\Windows\System\DUxmPAE.exe
  C:\Windows\System\DUxmPAE.exe
  2⤵
  PID:10576
- C:\Windows\System\ftjsYNR.exe
  C:\Windows\System\ftjsYNR.exe
  2⤵
  PID:10640
- C:\Windows\System\KDmQOlZ.exe
  C:\Windows\System\KDmQOlZ.exe
  2⤵
  PID:10692
- C:\Windows\System\VoNTYrT.exe
  C:\Windows\System\VoNTYrT.exe
  2⤵
  PID:10756
- C:\Windows\System\nCOUPHT.exe
  C:\Windows\System\nCOUPHT.exe
  2⤵
  PID:10840
- C:\Windows\System\jubuMwq.exe
  C:\Windows\System\jubuMwq.exe
  2⤵
  PID:10912
- C:\Windows\System\wDLVWAK.exe
  C:\Windows\System\wDLVWAK.exe
  2⤵
  PID:10928
- C:\Windows\System\nnVvjHB.exe
  C:\Windows\System\nnVvjHB.exe
  2⤵
  PID:11040
- C:\Windows\System\KLCkIjg.exe
  C:\Windows\System\KLCkIjg.exe
  2⤵
  PID:11116
- C:\Windows\System\EPUIOok.exe
  C:\Windows\System\EPUIOok.exe
  2⤵
  PID:11180
- C:\Windows\System\McXuDos.exe
  C:\Windows\System\McXuDos.exe
  2⤵
  PID:11248
- C:\Windows\System\MelHAdP.exe
  C:\Windows\System\MelHAdP.exe
  2⤵
  PID:10304
- C:\Windows\System\TBQBRZE.exe
  C:\Windows\System\TBQBRZE.exe
  2⤵
  PID:10476
- C:\Windows\System\OvnyUBi.exe
  C:\Windows\System\OvnyUBi.exe
  2⤵
  PID:10604
- C:\Windows\System\WpuKSqS.exe
  C:\Windows\System\WpuKSqS.exe
  2⤵
  PID:10744
- C:\Windows\System\EcJTQmd.exe
  C:\Windows\System\EcJTQmd.exe
  2⤵
  PID:10908
- C:\Windows\System\GZfTncx.exe
  C:\Windows\System\GZfTncx.exe
  2⤵
  PID:11096
- C:\Windows\System\lWXlSdf.exe
  C:\Windows\System\lWXlSdf.exe
  2⤵
  PID:11236
- C:\Windows\System\ZkHKIbA.exe
  C:\Windows\System\ZkHKIbA.exe
  2⤵
  PID:10552
- C:\Windows\System\YyZCpnk.exe
  C:\Windows\System\YyZCpnk.exe
  2⤵
  PID:10976
- C:\Windows\System\ZQKazQt.exe
  C:\Windows\System\ZQKazQt.exe
  2⤵
  PID:11212
- C:\Windows\System\JxUKyNH.exe
  C:\Windows\System\JxUKyNH.exe
  2⤵
  PID:11068
- C:\Windows\System\tOeMwGX.exe
  C:\Windows\System\tOeMwGX.exe
  2⤵
  PID:11272
- C:\Windows\System\kSsVfrQ.exe
  C:\Windows\System\kSsVfrQ.exe
  2⤵
  PID:11288
- C:\Windows\System\YdDdwKU.exe
  C:\Windows\System\YdDdwKU.exe
  2⤵
  PID:11324
- C:\Windows\System\aWUnBtW.exe
  C:\Windows\System\aWUnBtW.exe
  2⤵
  PID:11348
- C:\Windows\System\pytSGVb.exe
  C:\Windows\System\pytSGVb.exe
  2⤵
  PID:11380
- C:\Windows\System\nPwoPDk.exe
  C:\Windows\System\nPwoPDk.exe
  2⤵
  PID:11396
- C:\Windows\System\eMaNhza.exe
  C:\Windows\System\eMaNhza.exe
  2⤵
  PID:11440
- C:\Windows\System\FRAbzby.exe
  C:\Windows\System\FRAbzby.exe
  2⤵
  PID:11476
- C:\Windows\System\LaWjkyP.exe
  C:\Windows\System\LaWjkyP.exe
  2⤵
  PID:11500
- C:\Windows\System\lvLMQxx.exe
  C:\Windows\System\lvLMQxx.exe
  2⤵
  PID:11528
- C:\Windows\System\PqFcpWw.exe
  C:\Windows\System\PqFcpWw.exe
  2⤵
  PID:11556
- C:\Windows\System\crtJity.exe
  C:\Windows\System\crtJity.exe
  2⤵
  PID:11580
- C:\Windows\System\bBozCRO.exe
  C:\Windows\System\bBozCRO.exe
  2⤵
  PID:11608
- C:\Windows\System\vVVaqBh.exe
  C:\Windows\System\vVVaqBh.exe
  2⤵
  PID:11632
- C:\Windows\System\HSUTSwT.exe
  C:\Windows\System\HSUTSwT.exe
  2⤵
  PID:11664
- C:\Windows\System\YUGoBzO.exe
  C:\Windows\System\YUGoBzO.exe
  2⤵
  PID:11684
- C:\Windows\System\YADyzgj.exe
  C:\Windows\System\YADyzgj.exe
  2⤵
  PID:11716
- C:\Windows\System\YgoZwVl.exe
  C:\Windows\System\YgoZwVl.exe
  2⤵
  PID:11756
- C:\Windows\System\dCYxytq.exe
  C:\Windows\System\dCYxytq.exe
  2⤵
  PID:11784
- C:\Windows\System\yBIYQeU.exe
  C:\Windows\System\yBIYQeU.exe
  2⤵
  PID:11828
- C:\Windows\System\GAyRPrm.exe
  C:\Windows\System\GAyRPrm.exe
  2⤵
  PID:11856
- C:\Windows\System\WuKeytg.exe
  C:\Windows\System\WuKeytg.exe
  2⤵
  PID:11888
- C:\Windows\System\fjeIoes.exe
  C:\Windows\System\fjeIoes.exe
  2⤵
  PID:11920
- C:\Windows\System\fQWVGfp.exe
  C:\Windows\System\fQWVGfp.exe
  2⤵
  PID:11952
- C:\Windows\System\rLkCiOL.exe
  C:\Windows\System\rLkCiOL.exe
  2⤵
  PID:11988
- C:\Windows\System\QOyrrGb.exe
  C:\Windows\System\QOyrrGb.exe
  2⤵
  PID:12020
- C:\Windows\System\CCJycbR.exe
  C:\Windows\System\CCJycbR.exe
  2⤵
  PID:12052
- C:\Windows\System\RcOfqUa.exe
  C:\Windows\System\RcOfqUa.exe
  2⤵
  PID:12088
- C:\Windows\System\BWFyyZX.exe
  C:\Windows\System\BWFyyZX.exe
  2⤵
  PID:12136
- C:\Windows\System\yJrmFpl.exe
  C:\Windows\System\yJrmFpl.exe
  2⤵
  PID:12164
- C:\Windows\System\FkldBDb.exe
  C:\Windows\System\FkldBDb.exe
  2⤵
  PID:12204
- C:\Windows\System\sYkOHTO.exe
  C:\Windows\System\sYkOHTO.exe
  2⤵
  PID:12264
- C:\Windows\System\KJCaySE.exe
  C:\Windows\System\KJCaySE.exe
  2⤵
  PID:11284
- C:\Windows\System\NkcpLom.exe
  C:\Windows\System\NkcpLom.exe
  2⤵
  PID:11364
- C:\Windows\System\dpHrvEQ.exe
  C:\Windows\System\dpHrvEQ.exe
  2⤵
  PID:11428
- C:\Windows\System\xfaNcFi.exe
  C:\Windows\System\xfaNcFi.exe
  2⤵
  PID:11572
- C:\Windows\System\vKllOCr.exe
  C:\Windows\System\vKllOCr.exe
  2⤵
  PID:4296
- C:\Windows\System\xxpLUbi.exe
  C:\Windows\System\xxpLUbi.exe
  2⤵
  PID:11648
- C:\Windows\System\vcKCUEl.exe
  C:\Windows\System\vcKCUEl.exe
  2⤵
  PID:11704
- C:\Windows\System\TVwviNz.exe
  C:\Windows\System\TVwviNz.exe
  2⤵
  PID:11812
- C:\Windows\System\QOfZcXk.exe
  C:\Windows\System\QOfZcXk.exe
  2⤵
  PID:11868
- C:\Windows\System\ITBAWKR.exe
  C:\Windows\System\ITBAWKR.exe
  2⤵
  PID:12012
- C:\Windows\System\blntBht.exe
  C:\Windows\System\blntBht.exe
  2⤵
  PID:12072
- C:\Windows\System\wuEFJcX.exe
  C:\Windows\System\wuEFJcX.exe
  2⤵
  PID:12128
- C:\Windows\System\tuZfygl.exe
  C:\Windows\System\tuZfygl.exe
  2⤵
  PID:12148
- C:\Windows\System\gghmHOw.exe
  C:\Windows\System\gghmHOw.exe
  2⤵
  PID:11372
- C:\Windows\System\sORcSho.exe
  C:\Windows\System\sORcSho.exe
  2⤵
  PID:11600
- C:\Windows\System\awkTYUA.exe
  C:\Windows\System\awkTYUA.exe
  2⤵
  PID:11768
- C:\Windows\System\xnXTUvE.exe
  C:\Windows\System\xnXTUvE.exe
  2⤵
  PID:12068
- C:\Windows\System\PuXayoc.exe
  C:\Windows\System\PuXayoc.exe
  2⤵
  PID:12152
- C:\Windows\System\lqqNTcF.exe
  C:\Windows\System\lqqNTcF.exe
  2⤵
  PID:11484
- C:\Windows\System\zUqPsqg.exe
  C:\Windows\System\zUqPsqg.exe
  2⤵
  PID:11552
- C:\Windows\System\nrmgaeI.exe
  C:\Windows\System\nrmgaeI.exe
  2⤵
  PID:12308
- C:\Windows\System\IQqJqTi.exe
  C:\Windows\System\IQqJqTi.exe
  2⤵
  PID:12336
- C:\Windows\System\xHNBkAX.exe
  C:\Windows\System\xHNBkAX.exe
  2⤵
  PID:12364
- C:\Windows\System\IgpePmp.exe
  C:\Windows\System\IgpePmp.exe
  2⤵
  PID:12384
- C:\Windows\System\oqRpRbb.exe
  C:\Windows\System\oqRpRbb.exe
  2⤵
  PID:12416
- C:\Windows\System\RguFCiA.exe
  C:\Windows\System\RguFCiA.exe
  2⤵
  PID:12448
- C:\Windows\System\DErAlwP.exe
  C:\Windows\System\DErAlwP.exe
  2⤵
  PID:12472
- C:\Windows\System\GgaRhLV.exe
  C:\Windows\System\GgaRhLV.exe
  2⤵
  PID:12512
- C:\Windows\System\jNogZtc.exe
  C:\Windows\System\jNogZtc.exe
  2⤵
  PID:12536
- C:\Windows\System\MowQbgK.exe
  C:\Windows\System\MowQbgK.exe
  2⤵
  PID:12568
- C:\Windows\System\oKWDucx.exe
  C:\Windows\System\oKWDucx.exe
  2⤵
  PID:12600
- C:\Windows\System\UtoCREz.exe
  C:\Windows\System\UtoCREz.exe
  2⤵
  PID:12628
- C:\Windows\System\yXwYdiR.exe
  C:\Windows\System\yXwYdiR.exe
  2⤵
  PID:12656
- C:\Windows\System\uZSeSJl.exe
  C:\Windows\System\uZSeSJl.exe
  2⤵
  PID:12700
- C:\Windows\System\VawhXSs.exe
  C:\Windows\System\VawhXSs.exe
  2⤵
  PID:12728
- C:\Windows\System\hNkzqST.exe
  C:\Windows\System\hNkzqST.exe
  2⤵
  PID:12764
- C:\Windows\System\CrUmCYK.exe
  C:\Windows\System\CrUmCYK.exe
  2⤵
  PID:12780
- C:\Windows\System\amzUnvo.exe
  C:\Windows\System\amzUnvo.exe
  2⤵
  PID:12804
- C:\Windows\System\IoZsrRN.exe
  C:\Windows\System\IoZsrRN.exe
  2⤵
  PID:12844
- C:\Windows\System\UpSLiTA.exe
  C:\Windows\System\UpSLiTA.exe
  2⤵
  PID:12864
- C:\Windows\System\DahXtsX.exe
  C:\Windows\System\DahXtsX.exe
  2⤵
  PID:12900
- C:\Windows\System\OhTqhRV.exe
  C:\Windows\System\OhTqhRV.exe
  2⤵
  PID:12928
- C:\Windows\System\XdyDbJa.exe
  C:\Windows\System\XdyDbJa.exe
  2⤵
  PID:12944
- C:\Windows\System\jiIzlMO.exe
  C:\Windows\System\jiIzlMO.exe
  2⤵
  PID:12964
- C:\Windows\System\WShDwLE.exe
  C:\Windows\System\WShDwLE.exe
  2⤵
  PID:13000
- C:\Windows\System\eGABxtq.exe
  C:\Windows\System\eGABxtq.exe
  2⤵
  PID:13028
- C:\Windows\System\iXfRpMz.exe
  C:\Windows\System\iXfRpMz.exe
  2⤵
  PID:13072
- C:\Windows\System\eYQwFaV.exe
  C:\Windows\System\eYQwFaV.exe
  2⤵
  PID:13100
- C:\Windows\System\abuqxjP.exe
  C:\Windows\System\abuqxjP.exe
  2⤵
  PID:13128
- C:\Windows\System\hpfpsyS.exe
  C:\Windows\System\hpfpsyS.exe
  2⤵
  PID:13156
- C:\Windows\System\BILjUSG.exe
  C:\Windows\System\BILjUSG.exe
  2⤵
  PID:13184
- C:\Windows\System\AFNapAI.exe
  C:\Windows\System\AFNapAI.exe
  2⤵
  PID:13212
- C:\Windows\System\nYQuKmG.exe
  C:\Windows\System\nYQuKmG.exe
  2⤵
  PID:13240
- C:\Windows\System\rjZGCce.exe
  C:\Windows\System\rjZGCce.exe
  2⤵
  PID:13264
- C:\Windows\System\aoEFxct.exe
  C:\Windows\System\aoEFxct.exe
  2⤵
  PID:13300
- C:\Windows\System\OsuDDEH.exe
  C:\Windows\System\OsuDDEH.exe
  2⤵
  PID:12328
- C:\Windows\System\AJPFeZJ.exe
  C:\Windows\System\AJPFeZJ.exe
  2⤵
  PID:12372
- C:\Windows\System\jOGQInD.exe
  C:\Windows\System\jOGQInD.exe
  2⤵
  PID:12440
- C:\Windows\System\PNxWFMw.exe
  C:\Windows\System\PNxWFMw.exe
  2⤵
  PID:12500
- C:\Windows\System\PJuYSli.exe
  C:\Windows\System\PJuYSli.exe
  2⤵
  PID:12592
- C:\Windows\System\PJoFZyk.exe
  C:\Windows\System\PJoFZyk.exe
  2⤵
  PID:12652
- C:\Windows\System\KEGIHIQ.exe
  C:\Windows\System\KEGIHIQ.exe
  2⤵
  PID:12724
- C:\Windows\System\fOZREgO.exe
  C:\Windows\System\fOZREgO.exe
  2⤵
  PID:12788
- C:\Windows\System\LMVOPQO.exe
  C:\Windows\System\LMVOPQO.exe
  2⤵
  PID:12852
- C:\Windows\System\gVaPdCp.exe
  C:\Windows\System\gVaPdCp.exe
  2⤵
  PID:12908
- C:\Windows\System\HhHzrKB.exe
  C:\Windows\System\HhHzrKB.exe
  2⤵
  PID:12976
- C:\Windows\System\XSCRpYf.exe
  C:\Windows\System\XSCRpYf.exe
  2⤵
  PID:12992
- C:\Windows\System\DrabHzr.exe
  C:\Windows\System\DrabHzr.exe
  2⤵
  PID:13060
- C:\Windows\System\ejzAVGq.exe
  C:\Windows\System\ejzAVGq.exe
  2⤵
  PID:13120
- C:\Windows\System\OrjtzXR.exe
  C:\Windows\System\OrjtzXR.exe
  2⤵
  PID:13196
- C:\Windows\System\NDCLsCq.exe
  C:\Windows\System\NDCLsCq.exe
  2⤵
  PID:13272
- C:\Windows\System\EMsBIqM.exe
  C:\Windows\System\EMsBIqM.exe
  2⤵
  PID:12408
- C:\Windows\System\Asbchfe.exe
  C:\Windows\System\Asbchfe.exe
  2⤵
  PID:12548
- C:\Windows\System\gCPdKnN.exe
  C:\Windows\System\gCPdKnN.exe
  2⤵
  PID:12716
- C:\Windows\System\XRAqcvo.exe
  C:\Windows\System\XRAqcvo.exe
  2⤵
  PID:12960
- C:\Windows\System\TvgPlpF.exe
  C:\Windows\System\TvgPlpF.exe
  2⤵
  PID:12956
- C:\Windows\System\EGPbdGd.exe
  C:\Windows\System\EGPbdGd.exe
  2⤵
  PID:13084
- C:\Windows\System\WDAcyAL.exe
  C:\Windows\System\WDAcyAL.exe
  2⤵
  PID:12296
- C:\Windows\System\WfnwPHR.exe
  C:\Windows\System\WfnwPHR.exe
  2⤵
  PID:12820
- C:\Windows\System\XQeUBhv.exe
  C:\Windows\System\XQeUBhv.exe
  2⤵
  PID:13168
- C:\Windows\System\hmXAQes.exe
  C:\Windows\System\hmXAQes.exe
  2⤵
  PID:12552
- C:\Windows\System\tZvaEhP.exe
  C:\Windows\System\tZvaEhP.exe
  2⤵
  PID:13036
- C:\Windows\System\SnfhzSI.exe
  C:\Windows\System\SnfhzSI.exe
  2⤵
  PID:13344
- C:\Windows\System\HJSkols.exe
  C:\Windows\System\HJSkols.exe
  2⤵
  PID:13364
- C:\Windows\System\KrXzsKE.exe
  C:\Windows\System\KrXzsKE.exe
  2⤵
  PID:13388
- C:\Windows\System\HVTWGPU.exe
  C:\Windows\System\HVTWGPU.exe
  2⤵
  PID:13412
- C:\Windows\System\huoDPqC.exe
  C:\Windows\System\huoDPqC.exe
  2⤵
  PID:13444
- C:\Windows\System\NTDeLYS.exe
  C:\Windows\System\NTDeLYS.exe
  2⤵
  PID:13468
- C:\Windows\System\NFrwdBX.exe
  C:\Windows\System\NFrwdBX.exe
  2⤵
  PID:13500
- C:\Windows\System\qkFwTlb.exe
  C:\Windows\System\qkFwTlb.exe
  2⤵
  PID:13528
- C:\Windows\System\sJUVTQw.exe
  C:\Windows\System\sJUVTQw.exe
  2⤵
  PID:13548
- C:\Windows\System\gUPXiXY.exe
  C:\Windows\System\gUPXiXY.exe
  2⤵
  PID:13592
- C:\Windows\System\GewESBw.exe
  C:\Windows\System\GewESBw.exe
  2⤵
  PID:13612
- C:\Windows\System\TIGpWZa.exe
  C:\Windows\System\TIGpWZa.exe
  2⤵
  PID:13640
- C:\Windows\System\BgRDhLs.exe
  C:\Windows\System\BgRDhLs.exe
  2⤵
  PID:13680
- C:\Windows\System\nDtuuDI.exe
  C:\Windows\System\nDtuuDI.exe
  2⤵
  PID:13696
- C:\Windows\System\diiPTel.exe
  C:\Windows\System\diiPTel.exe
  2⤵
  PID:13728
- C:\Windows\System\hNycveu.exe
  C:\Windows\System\hNycveu.exe
  2⤵
  PID:13756
- C:\Windows\System\ESdBsLq.exe
  C:\Windows\System\ESdBsLq.exe
  2⤵
  PID:13792
- C:\Windows\System\ylLRpds.exe
  C:\Windows\System\ylLRpds.exe
  2⤵
  PID:13820
- C:\Windows\System\UsacdWt.exe
  C:\Windows\System\UsacdWt.exe
  2⤵
  PID:13836
- C:\Windows\System\VfDvVvq.exe
  C:\Windows\System\VfDvVvq.exe
  2⤵
  PID:13884
- C:\Windows\System\PqlWrCE.exe
  C:\Windows\System\PqlWrCE.exe
  2⤵
  PID:13924
- C:\Windows\System\LOITGQY.exe
  C:\Windows\System\LOITGQY.exe
  2⤵
  PID:13956
- C:\Windows\System\btlmWaO.exe
  C:\Windows\System\btlmWaO.exe
  2⤵
  PID:13996
- C:\Windows\System\cgpyZbK.exe
  C:\Windows\System\cgpyZbK.exe
  2⤵
  PID:14024
- C:\Windows\System\euQMvmG.exe
  C:\Windows\System\euQMvmG.exe
  2⤵
  PID:14056
- C:\Windows\System\GCBCmhH.exe
  C:\Windows\System\GCBCmhH.exe
  2⤵
  PID:14072
- C:\Windows\System\qMcIMEm.exe
  C:\Windows\System\qMcIMEm.exe
  2⤵
  PID:14100
- C:\Windows\System\AuQANnS.exe
  C:\Windows\System\AuQANnS.exe
  2⤵
  PID:14140
- C:\Windows\System\qEjdqSY.exe
  C:\Windows\System\qEjdqSY.exe
  2⤵
  PID:14160
- C:\Windows\System\EhmlPqy.exe
  C:\Windows\System\EhmlPqy.exe
  2⤵
  PID:14228
- C:\Windows\System\klMxnKq.exe
  C:\Windows\System\klMxnKq.exe
  2⤵
  PID:14256
- C:\Windows\System\MPQWIdf.exe
  C:\Windows\System\MPQWIdf.exe
  2⤵
  PID:14284
- C:\Windows\System\EQqtGEY.exe
  C:\Windows\System\EQqtGEY.exe
  2⤵
  PID:14312
- C:\Windows\System\qDNGNJo.exe
  C:\Windows\System\qDNGNJo.exe
  2⤵
  PID:13316
- C:\Windows\System\NogILUr.exe
  C:\Windows\System\NogILUr.exe
  2⤵
  PID:13380
- C:\Windows\System\gbdBUHr.exe
  C:\Windows\System\gbdBUHr.exe
  2⤵
  PID:13432
- C:\Windows\System\yGUzuZi.exe
  C:\Windows\System\yGUzuZi.exe
  2⤵
  PID:13496
- C:\Windows\System\gjWYNPf.exe
  C:\Windows\System\gjWYNPf.exe
  2⤵
  PID:1724
- C:\Windows\System\FupMDhZ.exe
  C:\Windows\System\FupMDhZ.exe
  2⤵
  PID:13560
- C:\Windows\System\TqAelHy.exe
  C:\Windows\System\TqAelHy.exe
  2⤵
  PID:13624
- C:\Windows\System\DceLALu.exe
  C:\Windows\System\DceLALu.exe
  2⤵
  PID:13688
- C:\Windows\System\FGoCtVr.exe
  C:\Windows\System\FGoCtVr.exe
  2⤵
  PID:13772
- C:\Windows\System\WxsVIBq.exe
  C:\Windows\System\WxsVIBq.exe
  2⤵
  PID:13812
- C:\Windows\System\MWdZnfF.exe
  C:\Windows\System\MWdZnfF.exe
  2⤵
  PID:13880
- C:\Windows\System\moCsGUi.exe
  C:\Windows\System\moCsGUi.exe
  2⤵
  PID:13984
- C:\Windows\System\RcRehik.exe
  C:\Windows\System\RcRehik.exe
  2⤵
  PID:14044
- C:\Windows\System\BDXxGeR.exe
  C:\Windows\System\BDXxGeR.exe
  2⤵
  PID:14084
- C:\Windows\System\vwYFieg.exe
  C:\Windows\System\vwYFieg.exe
  2⤵
  PID:14148
- C:\Windows\System\QNwXAZU.exe
  C:\Windows\System\QNwXAZU.exe
  2⤵
  PID:14272
- C:\Windows\System\yoEXCgM.exe
  C:\Windows\System\yoEXCgM.exe
  2⤵
  PID:12640
- C:\Windows\System\eoodcll.exe
  C:\Windows\System\eoodcll.exe
  2⤵
  PID:13460
- C:\Windows\System\vLMGIED.exe
  C:\Windows\System\vLMGIED.exe
  2⤵
  PID:13520
- C:\Windows\System\Vnnluxj.exe
  C:\Windows\System\Vnnluxj.exe
  2⤵
  PID:13676
- C:\Windows\System\chQCGTL.exe
  C:\Windows\System\chQCGTL.exe
  2⤵
  PID:13832
- C:\Windows\System\swTAnzF.exe
  C:\Windows\System\swTAnzF.exe
  2⤵
  PID:14036
- C:\Windows\System\stIXtXi.exe
  C:\Windows\System\stIXtXi.exe
  2⤵
  PID:14168
- C:\Windows\System\uzOEwpc.exe
  C:\Windows\System\uzOEwpc.exe
  2⤵
  PID:13372
- C:\Windows\System\vhaTQCX.exe
  C:\Windows\System\vhaTQCX.exe
  2⤵
  PID:13660
- C:\Windows\System\ZmsxPmt.exe
  C:\Windows\System\ZmsxPmt.exe
  2⤵
  PID:13944
- C:\Windows\System\DwUzfUE.exe
  C:\Windows\System\DwUzfUE.exe
  2⤵
  PID:14328
- C:\Windows\System\dxDvsaO.exe
  C:\Windows\System\dxDvsaO.exe
  2⤵
  PID:14156
- C:\Windows\System\UjTAEXB.exe
  C:\Windows\System\UjTAEXB.exe
  2⤵
  PID:13604

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14860

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:15156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BHDCUhw.exe

Filesize
2.6MB

MD5
8878a8148a24ea32ea006a10a0b92665

SHA1
e098a648518cd10469f3e54a812f5d20b8c91082

SHA256
86b6b816806bee1f3791b94d7bdf890953d8d11d6f8ee9b5da2a327e21506f30

SHA512
5989db36a7c5aaf40d81f354a9f4dac53e7da71100ad209493f7b86f7eccde141a986a81cc5c8dc26f4f42811cf8270338feb71b415c7c7fef15d3d47853f09c

Download Submit
C:\Windows\System\DjUKRtX.exe

Filesize
2.6MB

MD5
ab0d225a167c8052f44376b277aab4e7

SHA1
8de12fc6376d5a6e4f958d3f5289486a7a977600

SHA256
374b93c27fe3b589e36e87182a25e9dbd82e48936895816f7be429eeb8496f49

SHA512
5e4fea8f49aa213a4ee2309334e5018b6cdb79dd96b51e7ef9e39bbce5fa84558fc95cd4724a20344736eb3f1b54f958a7af98e39bf80c76a141384a802a72bf

Download Submit
C:\Windows\System\EQyRuor.exe

Filesize
2.6MB

MD5
366f4d229cbf56b12a4152a93d416d9b

SHA1
595d9320cc3e49991cfc6a8ec90206005d6349bc

SHA256
07c62d4966ef097eeea33b9a2fc6ed79a336b0b62c8483c08ed16f66620fee06

SHA512
edd9420b1d5a11b765c1fe69ce10cde03c0df35f43894acbeab4200702411796d392982d158ec14492f24ec70906d16327c47b4935ccd89873dd34e1695f59f4

Download Submit
C:\Windows\System\FYwIatc.exe

Filesize
2.6MB

MD5
8aa26b3a12c2f79e5ddfae85577dd393

SHA1
a7cb3fb7fdba14ce6eefce3f6a176667f3e6deaa

SHA256
704d8c2ea993414c641fb0d665d2f4602c28c82add672a5d4ed675b6eb66b2a3

SHA512
37770bc1be36e2240b380b3cc66422c188029a443677d8f828c04fff5dd916e8179f884e8b1d59471a15af38605e5de46a1073f69fc968b4ba347261a466f569

Download Submit
C:\Windows\System\GcNVaCC.exe

Filesize
2.6MB

MD5
9a397aa13160c14f4a0eaaa26df79cd9

SHA1
3f14166117552fd7746cae3030a16f6ddf6cc79c

SHA256
dd49176ee601183f8143ec6f9dc1df455389dd6788cc5490ff1cb6e9d557ce4f

SHA512
2f9857bffefe499c2283b6adb87e39ac0f5e137b22ad19d96da35c1d376030657b9d7b848c52fd795a6193e2ecfcf23a34e561b5122f1bd0b9de551a4a2b13cf

Download Submit
C:\Windows\System\IORIwuA.exe

Filesize
2.6MB

MD5
0ef621928493cfd4ebc0964372e27a1b

SHA1
dad69edd26d44bebef50a1241e6f7248e20aa8f5

SHA256
1ebfffe000754c28073362ff5cfa2018dffb75d276f9a36403589d6ed510c10f

SHA512
3558fe79f9ca36f599a420bf72be2e57527881d74bf54a5e36060c405dec132cb09d4f19bb3b9c285756f75f38d93e531a16db0ef584af17d89400f2d1eb6398

Download Submit
C:\Windows\System\ImQNDUJ.exe

Filesize
2.6MB

MD5
1b55d66caf69d9315eac7e1eff0f5f21

SHA1
d36211a59ab10cca2d2216080385ebf425747593

SHA256
8a858989fa5d7d64e257d4292c03ea8713199f4b04aab231c5f5dd0eb28f841e

SHA512
30e90827ca06122f84c574c63bd2b488c377acd30b105a3217cd9faaf9b269735789c1692599d85fb2115d8f2ff4093d6ba0a5352bba3f62d54a06950f142b1e

Download Submit
C:\Windows\System\LLDMuJa.exe

Filesize
2.6MB

MD5
acb2fc5e93187bed7905e2a1a10b5310

SHA1
3742b6076ff82820e66ebfcbea105e207ac924f5

SHA256
c65d9732b32d2e0cf3efacfd734cda6d57e94b398000f48ef81e0ee1fe6a3544

SHA512
bfb527cce81a0c0643724f45062b9715ca6e5f9a1b85da8e573c70b349e41d6ca7ecdd001dff6dddc855a26335ace7dd58b9dc136d2f3fc5ed309eca02319ff3

Download Submit
C:\Windows\System\MaYVUyZ.exe

Filesize
2.6MB

MD5
989e872419f555ec6606104c5835a8cc

SHA1
ad9a9b3411a07f8afc32a746309ae8b05cfb4754

SHA256
89a562904a02231f897a75ef4797322e4601ac0e8a96c81df5f516f091d87695

SHA512
eb6d59492f4f9722eead00dc409c2f9f97ede7066962bb8773cdfac159c52ce9104c46c3e0735f04d6eb883edacafc67b9bb6aa564ee4e6b58f58763149a4817

Download Submit
C:\Windows\System\NNPMvQo.exe

Filesize
2.6MB

MD5
3d3665edb04dbd24292e4be849247814

SHA1
32201f9d9ee1bb0b22b519219c4a7949e4f917d7

SHA256
8ad2cd73ada5abf918b6a55be71411b7e459b1dfb449785a0f170d9b4bf3156a

SHA512
ef4fac8054757c6226be91582afb6073e8604b7d3437548a0ce24b05e99bab7e1f5416b68249530afe57d3b27d65a8d42eb5817b7ae9165cbbc999637dcf3397

Download Submit
C:\Windows\System\NlJIvZV.exe

Filesize
2.6MB

MD5
2500868b194ff3396d11ef5196a7c6f5

SHA1
c7fc5dc4ee7f8e19f963f36b636226af557b85cd

SHA256
bd5895cea6cf80b171274f4244f488c7dc192102db8900b226349ebaed21608b

SHA512
2e0e0eb29d607e2626aa16c5b2f5bce903ac2f9dcb38746e93bf297610c90d83b339175280b430fd214272d827ae98548ab922452d44d76a2e99938cb266941c

Download Submit
C:\Windows\System\QgcXSoS.exe

Filesize
2.6MB

MD5
d77650c1373b435b93c8b95270f7c6e7

SHA1
ada7ac7bcf49dc4572bebf4180d45bd151387641

SHA256
54f2fdae269c7d43931ae22df8fb33a04d1bd9a619d32ecef3e8598be8e1c2e4

SHA512
609000e8ab35b3a7b9a42ed435a8427d131148c895bfaf240656218d2f719d220bc3c36ad110c87652f6c0051edb1fd3a31ebc3a154629b0118e2e7af191181f

Download Submit
C:\Windows\System\RVAANhB.exe

Filesize
2.6MB

MD5
61343a0a67891b5482abeaa98c05a714

SHA1
90a4526d4f86d07cd4cb6361f7336451cb7c4f80

SHA256
f2671cb9efd7e22076ad46290656dd4cbf961f9e8e4541913f737cf762871929

SHA512
fa6e2b16a6802c1953b796e6387ce97bc2f2898ecc23601aea562433cc35e14a9ab65b18d32eae647c96601011e1148d19e69f5e0a9ee8f985a221fe88700906

Download Submit
C:\Windows\System\Sftsfye.exe

Filesize
2.6MB

MD5
bb682aa1a8995a11b2eb8b3a3d7ce38a

SHA1
b50552545dd2efb1fa334c2960cbae7bdf0d6972

SHA256
a613badc5d12edc1a9b417fe0648fee4b2bccf57b48553b0acf7ca9734697324

SHA512
61cc3b7d8617f15371151e5ebe45e086526ae1b5591696ebc0803fa7eb93a226613e56acc53a38dc5f965d18cc4a75e948f92428998ccd75af902c790c8de960

Download Submit
C:\Windows\System\TuALGMt.exe

Filesize
2.6MB

MD5
cef32c326869fe00163227c8d6f80e09

SHA1
2bb9da0c11b0cd86ff749bd969451fa7adc234f7

SHA256
fbab92867c1e295ce0b6e311fb395cee8c68db1ca478f57868fbef7bae4c8b40

SHA512
129c54de9e3b6bdc50d0951fcbe48e9245d58e35d911aecedec47395b7bf99b4a109a8092e7d7845911d36bfa6c4483e8eeab390723f3da8fa5bfeb2ff31fcc1

Download Submit
C:\Windows\System\WCULbpG.exe

Filesize
2.6MB

MD5
2b71c11db70657e533503a503a3a7c08

SHA1
c435a32fd7328af54ce9185aefb85d0e70344055

SHA256
a28d061671f98a8767690f04bc8f600a5dc58fa5c7c7ababdc18ca7144362850

SHA512
b521cb071138f72b47b0247a0fc4224b5964de8c9cd6b10ed8ab2869bf47d81a9a07551979deeb4a2d1e06a6246265fbe2b7850ee04ecfeedee236f42c8edf9b

Download Submit
C:\Windows\System\YhaNeTK.exe

Filesize
2.6MB

MD5
7bd9a4384bb345513999757cb9d72bc1

SHA1
cf4be341bedf7bc45c76469142e412d1cf623db5

SHA256
75b8628752c75a28073a62779ff1b7cc7761f7ddc385dcfbc213da4ddcd9b4fc

SHA512
734b2d95db0e74053abe35c94383ffc70bb441a37d0a0a1ba420cb4fb17f19c9b779a265dc3d1de52b4ff63976c5ce79612102db2944cc4cbd59699fc4a22577

Download Submit
C:\Windows\System\aEKOhcL.exe

Filesize
2.6MB

MD5
387d62ada61aa0791d143e8362a9048b

SHA1
aaa6a028d8ddae255bce5b486ac5493e913c32cd

SHA256
43c856095522d571539d44220adfc54811c5f41b8a0a69b05474c2c60ca683d2

SHA512
964d52edfaa4357d0b5f2cdcffa90415f23f83edcc16fce6c8d6b396b610390b430accc216f7baba9b988a3e66facfd643aa94a6b0f8436df066e419b9d016f3

Download Submit
C:\Windows\System\aJYAUfU.exe

Filesize
2.6MB

MD5
9b8273289ecbf8d33a7600ee95e85d71

SHA1
fe445aca93a579ec18bfb0e2ff9ae5e1b789de6f

SHA256
55cdcbd2880880af5456771306ab1494ab67269fa05beda0aec06a8ff4d3752a

SHA512
fe343176bf11152c44b22574de57e02d3a2510cec02dff0bd1fcafd28bccf4cebee9d3ce51429b7b8e7263f280c2f1e199711188f0aa729477f0551f3fb25b0a

Download Submit
C:\Windows\System\cwvSFWE.exe

Filesize
2.6MB

MD5
cc23bdda40909e03eaad85348f495ab0

SHA1
6a520b4e5eb58ff0a69ef28b33e52078cd35cca9

SHA256
6bbff4ac36e23a827f5482798336acaf1cf8eb5578743e2bdb9b485c8cabe6ff

SHA512
94d7829762df83ab1a2764bd194ba93154da5d8ea4439a745224b2a2568fe2b7641140d3fed269f612a87a99c4f1cc1ee1f9d274c6e441e182a75eb1773d2c07

Download Submit
C:\Windows\System\duTrgiq.exe

Filesize
2.6MB

MD5
b0dbbffad1f373f54507cc63ad2fefad

SHA1
e5c1403a3259d0cc6eb4e0f76c78451fe961df25

SHA256
a97f0694dcac285b423da15c13e960a398b650db6e3d0e6003b58ef24c858924

SHA512
00f1839bfc02a114526a660a56f1d24dd6ba01a96ffcfc645dab1abf24e78334ebef2ff83dce6fce1556781b8b9c44c590923e5158457cff3c1ec46c378b8f22

Download Submit
C:\Windows\System\eIQMtBq.exe

Filesize
2.6MB

MD5
186459093695b7c468f88b39724621a1

SHA1
940bd12c46bb19cd24a1a36d9d8ac38d9a864cb0

SHA256
01299268c1b20a94edec338c817de50b2aab2b7c1f0a7a884715d02d909b1617

SHA512
505b1349e6586372bba2a34fbcfed5ecea79b63bc4e7221ca5becd42f63addb28c4f7dba9732eed4fc7eb0f199189d97c9a04cdbed5a5c0981751cfad62b9aa1

Download Submit
C:\Windows\System\fqFWMVg.exe

Filesize
2.6MB

MD5
cb0c979d60047118b1678dfa2f216626

SHA1
3e0449baab1bb3bfaa68ae8326a5d7cb8c767b22

SHA256
fc5398c5a3be32827360c9e58742acaea0ca86eec5b60eebc69057f5f78f1039

SHA512
3618a3263a8efd00694112f150c231c934072e82fae801bca1d3f700559438dfbea73b83916128aa09bec191b36533c65549d93e3d3586157fb750ee96701b02

Download Submit
C:\Windows\System\gXGFiIt.exe

Filesize
2.6MB

MD5
e9bd58c094d4097d74d51564cd556591

SHA1
84c0705f5b9bedc6e05179cf6c24dacfdda628d8

SHA256
544577b52ba1e8156a95f38e104c66c956304dda45f4e9619842c6f499ba6874

SHA512
eecc8541498e5fb647e41790153f09b0ec98d54cddc100516e7cd5fc647ee9580760edc997ca7514b757b5e8d11d7b50f083e00c89067a1636d694e72ed6b9cc

Download Submit
C:\Windows\System\hIjAcGx.exe

Filesize
2.6MB

MD5
de82ccc220306adadd030c67f3e14c6c

SHA1
58e9cfdc7ea3192bfdd6ddac2a1a5bb87a90ef60

SHA256
43a6032913e85904b465c9df5501a429098f36413f10d326099861cb95edb0f0

SHA512
d397a243a3e9a9596b11bc001140b2d06c2eae25a6423801eb4418e79c202c2efe24fd1719f994c05cb202328bcbc3b7af3b6fee7b7e6b41e6bcf103efebd2a2

Download Submit
C:\Windows\System\kKvJBEb.exe

Filesize
2.6MB

MD5
d77734c713cb05a315e64f0dd07e5da6

SHA1
d01767ea06053f8ff1789abcfd06694f9732ee06

SHA256
dafd2305934deb37af252d53026b719378ec6f383438157ede4559bd365e6204

SHA512
f395f7d0d7962cad3ee9ec4d3d00c513d9ad2f200ada86ba04467c30242685c8a4ff8d7daf4f97862660aad2c0eaf2b4741b778c74fd744fb8c67a1a7f89a828

Download Submit
C:\Windows\System\mXRgACM.exe

Filesize
2.6MB

MD5
65893c0513ba24ab6047e74400375c11

SHA1
a583a3fe7a1d23f326e020c21ea1120c25914437

SHA256
756b5a5dbe0091332ba3374e71513d6b6963d6bdb8c9f9646ddccd434e9575e7

SHA512
975486e85d71bf74be2c24a0759c83c2d91fa04c7802542d4106e89ef04af7f80c86906b35ffe7ced9e9bcc5aeebc331d37e7aecc6dd205ad2ae1887044e8644

Download Submit
C:\Windows\System\nKgLPzR.exe

Filesize
2.6MB

MD5
462b0702e62bee4ad15d802167d38022

SHA1
c1ac8981d9e3d6f6cfb2e98815a041221ea978ef

SHA256
db9618b86ad84850cf6f1f6632a63abe31f21981d06e058f93f2090eface287f

SHA512
10fac9829b4e56e25e0ae1a4664791c4f4812675b37702f3d0035ca14f948c81ac9063295161bff0eb45266d8b923b47ec8cc806f0e981274614d0de1277bb13

Download Submit
C:\Windows\System\vXqChXM.exe

Filesize
2.6MB

MD5
d6ef06d52c26b0f626cd62d1321ec1e0

SHA1
34e57f30f190052b680cf03d852baf7dbcc180d9

SHA256
62d67bf19de83ffb67ad9efadd46a925b5cec46d7dd7c148369863ba5b95e155

SHA512
8fad00a7d1b304caa2b2321829cc1b7daad998d8f72cfc39d8d7123871746718a7c63ac37514f2ba12dec0a9bf7a7113e8f369f5f8ee7db0d586b09b7c0be3bb

Download Submit
C:\Windows\System\xIxPgRH.exe

Filesize
2.6MB

MD5
8bed2711c7462300818df96877798f89

SHA1
f12af019e98b5af7b5390462d3c85b97afde542c

SHA256
8dc8110c80e19328dc1e63a1412f8a17066fb2b2dfd4488398096aace469a6aa

SHA512
e193eb1db45feb3af57f0b02ac921d409fa552fe747744f1527d9f72803a8afa0d02a31b456d44ba1dae5ad1268c8737ef2ad1e31f626a7c9a7e9f10cf548db5

Download Submit
C:\Windows\System\xehLYgm.exe

Filesize
2.6MB

MD5
a9a374271873f666b710c812141dd6fb

SHA1
9a32db14f7fd6233f628f4b7d3e1295c6d988f09

SHA256
7e9fcd18efa142934d8c336f0ff6c8f6df64c0fe9129177f25a6da0840099802

SHA512
37bb983709252b1794e19c82702c30a9dbe206818925c935829ae74f74f9045eb5b0601e14a83b53a9cb883e5bbd87eb303dda32d02377c4efb251530356859c

Download Submit
C:\Windows\System\zKdvISB.exe

Filesize
2.6MB

MD5
51e945f3edac378d96c75db0610a78a3

SHA1
ad0352a5c79cb7578583d61ae24b711caf13b4bb

SHA256
d4fdba1540135c50eab560d0b145117005879528f18cc3439122349ce8181bf8

SHA512
059f8fb359f965ffb172f5b565b821bfc49cee6f49e4bd95cfb3c5235cf48862822c9c931eae2a2289b42cb82a9f34bb3dbedadaf6b33548fbb589b6635c3856

Download Submit
C:\Windows\System\zyCuKii.exe

Filesize
2.6MB

MD5
92dd26756ace57b0eaac36d65f9c0b7a

SHA1
2cb4f8148d193cfa5abd3f0b94977feb31a2d94c

SHA256
0604b99dc3a116a5ee84c1ba7b9a14e86087b8de77d092cf200280737f8da2e4

SHA512
229dd00876337c7ece794bb1c24c354997d65a9f0801545445cb3ea148f8988a7dd247a8b6ae424ff7756f1367f270938071f27cf8526c02c34ce9ef8d50cd49

Download Submit
memory/768-2114-0x00007FF688900000-0x00007FF688C54000-memory.dmp

Filesize
3.3MB

Download
memory/768-23-0x00007FF688900000-0x00007FF688C54000-memory.dmp

Filesize
3.3MB

Download
memory/768-2121-0x00007FF688900000-0x00007FF688C54000-memory.dmp

Filesize
3.3MB

Download
memory/868-704-0x00007FF6EB630000-0x00007FF6EB984000-memory.dmp

Filesize
3.3MB

Download
memory/868-2120-0x00007FF6EB630000-0x00007FF6EB984000-memory.dmp

Filesize
3.3MB

Download
memory/1080-752-0x00007FF7EA540000-0x00007FF7EA894000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2145-0x00007FF7EA540000-0x00007FF7EA894000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2117-0x00007FF794810000-0x00007FF794B64000-memory.dmp

Filesize
3.3MB

Download
memory/1180-10-0x00007FF794810000-0x00007FF794B64000-memory.dmp

Filesize
3.3MB

Download
memory/1212-721-0x00007FF7E8760000-0x00007FF7E8AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1212-2131-0x00007FF7E8760000-0x00007FF7E8AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2144-0x00007FF665780000-0x00007FF665AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-773-0x00007FF665780000-0x00007FF665AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2141-0x00007FF77C940000-0x00007FF77CC94000-memory.dmp

Filesize
3.3MB

Download
memory/1656-777-0x00007FF77C940000-0x00007FF77CC94000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2143-0x00007FF767BD0000-0x00007FF767F24000-memory.dmp

Filesize
3.3MB

Download
memory/1976-740-0x00007FF767BD0000-0x00007FF767F24000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2138-0x00007FF7FF230000-0x00007FF7FF584000-memory.dmp

Filesize
3.3MB

Download
memory/2420-746-0x00007FF7FF230000-0x00007FF7FF584000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2136-0x00007FF72E160000-0x00007FF72E4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-723-0x00007FF72E160000-0x00007FF72E4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-709-0x00007FF77F1D0000-0x00007FF77F524000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2130-0x00007FF77F1D0000-0x00007FF77F524000-memory.dmp

Filesize
3.3MB

Download
memory/2776-710-0x00007FF643D00000-0x00007FF644054000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2133-0x00007FF643D00000-0x00007FF644054000-memory.dmp

Filesize
3.3MB

Download
memory/2912-731-0x00007FF618220000-0x00007FF618574000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2137-0x00007FF618220000-0x00007FF618574000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2123-0x00007FF781280000-0x00007FF7815D4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2116-0x00007FF781280000-0x00007FF7815D4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-37-0x00007FF781280000-0x00007FF7815D4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2139-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp

Filesize
3.3MB

Download
memory/2988-756-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp

Filesize
3.3MB

Download
memory/3016-16-0x00007FF6A6080000-0x00007FF6A63D4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2113-0x00007FF6A6080000-0x00007FF6A63D4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2118-0x00007FF6A6080000-0x00007FF6A63D4000-memory.dmp

Filesize
3.3MB

Download
memory/3088-715-0x00007FF6B85C0000-0x00007FF6B8914000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2129-0x00007FF6B85C0000-0x00007FF6B8914000-memory.dmp

Filesize
3.3MB

Download
memory/3196-708-0x00007FF64FC70000-0x00007FF64FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2128-0x00007FF64FC70000-0x00007FF64FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2142-0x00007FF7609E0000-0x00007FF760D34000-memory.dmp

Filesize
3.3MB

Download
memory/3212-778-0x00007FF7609E0000-0x00007FF760D34000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2111-0x00007FF6F8580000-0x00007FF6F88D4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-0-0x00007FF6F8580000-0x00007FF6F88D4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-1-0x0000014EAA440000-0x0000014EAA450000-memory.dmp

Filesize
64KB

Download
memory/4084-2126-0x00007FF760BF0000-0x00007FF760F44000-memory.dmp

Filesize
3.3MB

Download
memory/4084-706-0x00007FF760BF0000-0x00007FF760F44000-memory.dmp

Filesize
3.3MB

Download
memory/4260-2122-0x00007FF7B59E0000-0x00007FF7B5D34000-memory.dmp

Filesize
3.3MB

Download
memory/4260-705-0x00007FF7B59E0000-0x00007FF7B5D34000-memory.dmp

Filesize
3.3MB

Download
memory/4368-33-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2115-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2124-0x00007FF628AB0000-0x00007FF628E04000-memory.dmp

Filesize
3.3MB

Download
memory/4388-743-0x00007FF73F180000-0x00007FF73F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2140-0x00007FF73F180000-0x00007FF73F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2135-0x00007FF7BE410000-0x00007FF7BE764000-memory.dmp

Filesize
3.3MB

Download
memory/4476-726-0x00007FF7BE410000-0x00007FF7BE764000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2132-0x00007FF743BF0000-0x00007FF743F44000-memory.dmp

Filesize
3.3MB

Download
memory/4620-718-0x00007FF743BF0000-0x00007FF743F44000-memory.dmp

Filesize
3.3MB

Download
memory/4864-737-0x00007FF614350000-0x00007FF6146A4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2134-0x00007FF614350000-0x00007FF6146A4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-707-0x00007FF786A00000-0x00007FF786D54000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2125-0x00007FF786A00000-0x00007FF786D54000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2127-0x00007FF6CA330000-0x00007FF6CA684000-memory.dmp

Filesize
3.3MB

Download
memory/5012-774-0x00007FF6CA330000-0x00007FF6CA684000-memory.dmp

Filesize
3.3MB

Download
memory/5100-21-0x00007FF79E750000-0x00007FF79EAA4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2119-0x00007FF79E750000-0x00007FF79EAA4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2112-0x00007FF79E750000-0x00007FF79EAA4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads