xmrig | cdbeebbb4af40a2cea1aaf41db75f51d5bb511c328e8726256cb4fe7bacab2c8

Analysis

max time kernel
112s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
Size

2.4MB
MD5

2d02dc4102d42acc28e27b37c1dc4070
SHA1

457c5e98f7c285dfdce9750688d230f8f6ce516d
SHA256

cdbeebbb4af40a2cea1aaf41db75f51d5bb511c328e8726256cb4fe7bacab2c8
SHA512

740cbbabbefc88cd87dc9f24708aaaaaab97674305789d26ef1f39f5ce2d10667c370ed5c62a9e65e4991452ded5c49ac439218865910ea2b48b74ac820cb14d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQlqOdg6VLEL3e7PF:BemTLkNdfE0pZrQd

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2920-0-0x00007FF671620000-0x00007FF671974000-memory.dmp	xmrig
behavioral2/files/0x000b000000023385-6.dat	xmrig
behavioral2/files/0x0007000000023428-9.dat	xmrig
behavioral2/memory/3364-17-0x00007FF7EFC20000-0x00007FF7EFF74000-memory.dmp	xmrig
behavioral2/memory/4560-18-0x00007FF647F40000-0x00007FF648294000-memory.dmp	xmrig
behavioral2/memory/1552-15-0x00007FF703A50000-0x00007FF703DA4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023424-11.dat	xmrig
behavioral2/files/0x0007000000023429-22.dat	xmrig
behavioral2/files/0x0008000000023425-27.dat	xmrig
behavioral2/memory/2472-45-0x00007FF7331B0000-0x00007FF733504000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-47.dat	xmrig
behavioral2/files/0x000700000002342a-39.dat	xmrig
behavioral2/files/0x000700000002342b-37.dat	xmrig
behavioral2/memory/3412-25-0x00007FF79CA70000-0x00007FF79CDC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-53.dat	xmrig
behavioral2/memory/3012-64-0x00007FF7330B0000-0x00007FF733404000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-83.dat	xmrig
behavioral2/files/0x000700000002343b-113.dat	xmrig
behavioral2/files/0x0007000000023436-119.dat	xmrig
behavioral2/files/0x0007000000023440-151.dat	xmrig
behavioral2/files/0x0007000000023441-155.dat	xmrig
behavioral2/files/0x0007000000023446-166.dat	xmrig
behavioral2/memory/4988-187-0x00007FF613330000-0x00007FF613684000-memory.dmp	xmrig
behavioral2/memory/4704-194-0x00007FF7D7BF0000-0x00007FF7D7F44000-memory.dmp	xmrig
behavioral2/memory/3796-203-0x00007FF7B6000000-0x00007FF7B6354000-memory.dmp	xmrig
behavioral2/memory/3864-207-0x00007FF64C580000-0x00007FF64C8D4000-memory.dmp	xmrig
behavioral2/memory/5048-211-0x00007FF78CEF0000-0x00007FF78D244000-memory.dmp	xmrig
behavioral2/memory/1896-215-0x00007FF640FD0000-0x00007FF641324000-memory.dmp	xmrig
behavioral2/memory/1932-214-0x00007FF6CA7B0000-0x00007FF6CAB04000-memory.dmp	xmrig
behavioral2/memory/3160-213-0x00007FF719990000-0x00007FF719CE4000-memory.dmp	xmrig
behavioral2/memory/3640-212-0x00007FF641D60000-0x00007FF6420B4000-memory.dmp	xmrig
behavioral2/memory/3196-210-0x00007FF6F95A0000-0x00007FF6F98F4000-memory.dmp	xmrig
behavioral2/memory/1900-209-0x00007FF63DB40000-0x00007FF63DE94000-memory.dmp	xmrig
behavioral2/memory/2440-208-0x00007FF6F1C00000-0x00007FF6F1F54000-memory.dmp	xmrig
behavioral2/memory/2172-206-0x00007FF67D590000-0x00007FF67D8E4000-memory.dmp	xmrig
behavioral2/memory/4220-205-0x00007FF75A200000-0x00007FF75A554000-memory.dmp	xmrig
behavioral2/memory/4724-204-0x00007FF766AE0000-0x00007FF766E34000-memory.dmp	xmrig
behavioral2/memory/1852-202-0x00007FF6BA2A0000-0x00007FF6BA5F4000-memory.dmp	xmrig
behavioral2/memory/4040-201-0x00007FF77D790000-0x00007FF77DAE4000-memory.dmp	xmrig
behavioral2/memory/2392-191-0x00007FF63B3D0000-0x00007FF63B724000-memory.dmp	xmrig
behavioral2/memory/4780-190-0x00007FF7DA7D0000-0x00007FF7DAB24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023444-179.dat	xmrig
behavioral2/files/0x0007000000023448-177.dat	xmrig
behavioral2/files/0x0007000000023447-175.dat	xmrig
behavioral2/files/0x0007000000023445-163.dat	xmrig
behavioral2/files/0x000700000002343f-149.dat	xmrig
behavioral2/files/0x000700000002343c-147.dat	xmrig
behavioral2/files/0x000700000002343e-143.dat	xmrig
behavioral2/files/0x000700000002343d-141.dat	xmrig
behavioral2/files/0x000700000002343a-132.dat	xmrig
behavioral2/files/0x0007000000023439-130.dat	xmrig
behavioral2/files/0x0007000000023438-128.dat	xmrig
behavioral2/files/0x0007000000023437-126.dat	xmrig
behavioral2/files/0x0007000000023434-123.dat	xmrig
behavioral2/memory/2976-122-0x00007FF748050000-0x00007FF7483A4000-memory.dmp	xmrig
behavioral2/memory/3648-114-0x00007FF61B180000-0x00007FF61B4D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-106.dat	xmrig
behavioral2/files/0x0007000000023430-104.dat	xmrig
behavioral2/files/0x000700000002342f-101.dat	xmrig
behavioral2/files/0x0007000000023432-95.dat	xmrig
behavioral2/memory/3836-91-0x00007FF7344B0000-0x00007FF734804000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-80.dat	xmrig
behavioral2/memory/3476-76-0x00007FF6A2EC0000-0x00007FF6A3214000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-78.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1552	uqSRPie.exe
3364	kWaCqFf.exe
4560	iEZjQPv.exe
3412	BJcMsFA.exe
2472	IyspFTi.exe
1900	RyRGOyz.exe
3012	JYPHkgj.exe
3476	TyqsFqb.exe
3836	owIOyyt.exe
3196	OYWzelF.exe
3648	xpKvKYB.exe
2976	cXruatl.exe
5048	NHmagAA.exe
4988	AJQAaVy.exe
4780	XjXILmR.exe
3640	bIXGSXa.exe
2392	KTwRUwm.exe
3160	kFpTuMa.exe
4704	yBzkFuz.exe
4040	TgeLrXY.exe
1852	ZBiVelZ.exe
3796	oDCKGkw.exe
4724	aXGEwob.exe
1932	BVWwgBn.exe
4220	IXnbTfl.exe
2172	ExnJoyo.exe
1896	jwpqLIL.exe
3864	DDobbRb.exe
2440	QjPbIFL.exe
1748	oQNUbJU.exe
1744	yGCmPnu.exe
3832	PCUbdsJ.exe
3144	jWCOVEB.exe
2932	EppcUaW.exe
2176	RSWsbnD.exe
4740	YhCBUMO.exe
3248	WfqVwoV.exe
1508	CmkpZRZ.exe
2324	PGqScmk.exe
4516	HnYbqkH.exe
3744	NDbmpfJ.exe
4212	whUgxSX.exe
4576	CHOHTxa.exe
4808	kEbaZsr.exe
4756	UwyOMyf.exe
2208	sGpMAYZ.exe
60	MKGEzlN.exe
4432	vTpruUA.exe
5044	YWLnopS.exe
2432	aBBuSfs.exe
5080	hoaGZpf.exe
3488	kyVtMGI.exe
4452	zTpLMJv.exe
3088	utlGiXr.exe
4456	mQWAIJO.exe
4324	AeHhheX.exe
4288	VeTJyGg.exe
3884	YwwMsKv.exe
4012	qjWPCDR.exe
1064	aZafpcR.exe
1200	kjsvAdI.exe
4996	SpzzROp.exe
4308	UqGNnlI.exe
4232	OFxlUTZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2920-0-0x00007FF671620000-0x00007FF671974000-memory.dmp	upx
behavioral2/files/0x000b000000023385-6.dat	upx
behavioral2/files/0x0007000000023428-9.dat	upx
behavioral2/memory/3364-17-0x00007FF7EFC20000-0x00007FF7EFF74000-memory.dmp	upx
behavioral2/memory/4560-18-0x00007FF647F40000-0x00007FF648294000-memory.dmp	upx
behavioral2/memory/1552-15-0x00007FF703A50000-0x00007FF703DA4000-memory.dmp	upx
behavioral2/files/0x0008000000023424-11.dat	upx
behavioral2/files/0x0007000000023429-22.dat	upx
behavioral2/files/0x0008000000023425-27.dat	upx
behavioral2/memory/2472-45-0x00007FF7331B0000-0x00007FF733504000-memory.dmp	upx
behavioral2/files/0x000700000002342c-47.dat	upx
behavioral2/files/0x000700000002342a-39.dat	upx
behavioral2/files/0x000700000002342b-37.dat	upx
behavioral2/memory/3412-25-0x00007FF79CA70000-0x00007FF79CDC4000-memory.dmp	upx
behavioral2/files/0x000700000002342d-53.dat	upx
behavioral2/memory/3012-64-0x00007FF7330B0000-0x00007FF733404000-memory.dmp	upx
behavioral2/files/0x0007000000023435-83.dat	upx
behavioral2/files/0x000700000002343b-113.dat	upx
behavioral2/files/0x0007000000023436-119.dat	upx
behavioral2/files/0x0007000000023440-151.dat	upx
behavioral2/files/0x0007000000023441-155.dat	upx
behavioral2/files/0x0007000000023446-166.dat	upx
behavioral2/memory/4988-187-0x00007FF613330000-0x00007FF613684000-memory.dmp	upx
behavioral2/memory/4704-194-0x00007FF7D7BF0000-0x00007FF7D7F44000-memory.dmp	upx
behavioral2/memory/3796-203-0x00007FF7B6000000-0x00007FF7B6354000-memory.dmp	upx
behavioral2/memory/3864-207-0x00007FF64C580000-0x00007FF64C8D4000-memory.dmp	upx
behavioral2/memory/5048-211-0x00007FF78CEF0000-0x00007FF78D244000-memory.dmp	upx
behavioral2/memory/1896-215-0x00007FF640FD0000-0x00007FF641324000-memory.dmp	upx
behavioral2/memory/1932-214-0x00007FF6CA7B0000-0x00007FF6CAB04000-memory.dmp	upx
behavioral2/memory/3160-213-0x00007FF719990000-0x00007FF719CE4000-memory.dmp	upx
behavioral2/memory/3640-212-0x00007FF641D60000-0x00007FF6420B4000-memory.dmp	upx
behavioral2/memory/3196-210-0x00007FF6F95A0000-0x00007FF6F98F4000-memory.dmp	upx
behavioral2/memory/1900-209-0x00007FF63DB40000-0x00007FF63DE94000-memory.dmp	upx
behavioral2/memory/2440-208-0x00007FF6F1C00000-0x00007FF6F1F54000-memory.dmp	upx
behavioral2/memory/2172-206-0x00007FF67D590000-0x00007FF67D8E4000-memory.dmp	upx
behavioral2/memory/4220-205-0x00007FF75A200000-0x00007FF75A554000-memory.dmp	upx
behavioral2/memory/4724-204-0x00007FF766AE0000-0x00007FF766E34000-memory.dmp	upx
behavioral2/memory/1852-202-0x00007FF6BA2A0000-0x00007FF6BA5F4000-memory.dmp	upx
behavioral2/memory/4040-201-0x00007FF77D790000-0x00007FF77DAE4000-memory.dmp	upx
behavioral2/memory/2392-191-0x00007FF63B3D0000-0x00007FF63B724000-memory.dmp	upx
behavioral2/memory/4780-190-0x00007FF7DA7D0000-0x00007FF7DAB24000-memory.dmp	upx
behavioral2/files/0x0007000000023444-179.dat	upx
behavioral2/files/0x0007000000023448-177.dat	upx
behavioral2/files/0x0007000000023447-175.dat	upx
behavioral2/files/0x0007000000023445-163.dat	upx
behavioral2/files/0x000700000002343f-149.dat	upx
behavioral2/files/0x000700000002343c-147.dat	upx
behavioral2/files/0x000700000002343e-143.dat	upx
behavioral2/files/0x000700000002343d-141.dat	upx
behavioral2/files/0x000700000002343a-132.dat	upx
behavioral2/files/0x0007000000023439-130.dat	upx
behavioral2/files/0x0007000000023438-128.dat	upx
behavioral2/files/0x0007000000023437-126.dat	upx
behavioral2/files/0x0007000000023434-123.dat	upx
behavioral2/memory/2976-122-0x00007FF748050000-0x00007FF7483A4000-memory.dmp	upx
behavioral2/memory/3648-114-0x00007FF61B180000-0x00007FF61B4D4000-memory.dmp	upx
behavioral2/files/0x0007000000023433-106.dat	upx
behavioral2/files/0x0007000000023430-104.dat	upx
behavioral2/files/0x000700000002342f-101.dat	upx
behavioral2/files/0x0007000000023432-95.dat	upx
behavioral2/memory/3836-91-0x00007FF7344B0000-0x00007FF734804000-memory.dmp	upx
behavioral2/files/0x000700000002342e-80.dat	upx
behavioral2/memory/3476-76-0x00007FF6A2EC0000-0x00007FF6A3214000-memory.dmp	upx
behavioral2/files/0x0007000000023431-78.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TopEFqG.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\VCLzCoA.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\nDZteEp.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\FyeSXxd.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\AnmhNRh.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\SXxlhtN.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\TgeLrXY.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\PBujgRZ.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\yLSIsTD.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\mvyyWac.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\xtVgggu.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\HYWBDNv.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\tpePkik.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\nziboOG.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\oEKheNx.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\jAmebYn.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\ZALnNjF.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\xmPKguk.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\HSUFSVH.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\eDExbEt.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\ogTystM.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\TkzYJpC.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\MihRnbj.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\iLfAZVQ.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\OYWzelF.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\TkUQJef.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\DQCfGuL.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\AKnjmeb.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\hlZxEhi.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\HSOeDoi.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\QzeXmLu.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\jwzfnsP.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\eGhKJyf.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\fxhwszz.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\ZRQODkp.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\QuFRyKV.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\CMmsNRT.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\vAtlrpf.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\HOykCUO.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\WzlnPFf.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\xXBLKYI.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\vrqlLvv.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\SRQqwdg.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\oyLUAYV.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\dkAwquv.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\nDPkjMP.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\YBwnSzU.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\QqcbfCj.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\bQlpIKf.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\SMHpMWH.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\YiaQGuf.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\PCUbdsJ.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\ANzdqnq.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\HUUOlgd.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\susxZug.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\ZJJzPFl.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\XpUoFIq.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\EzFYHfZ.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\bFjKKBs.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\QXgrvla.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\dCxnyQW.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\tSWfsbK.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\uUvpaZn.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
File created	C:\Windows\System\PGqScmk.exe	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4660	dwm.exe
Token: SeChangeNotifyPrivilege	4660	dwm.exe
Token: 33	4660	dwm.exe
Token: SeIncBasePriorityPrivilege	4660	dwm.exe
Token: SeShutdownPrivilege	4660	dwm.exe
Token: SeCreatePagefilePrivilege	4660	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1552	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	83
PID 2920 wrote to memory of 1552	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	83
PID 2920 wrote to memory of 3364	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	84
PID 2920 wrote to memory of 3364	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	84
PID 2920 wrote to memory of 4560	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	85
PID 2920 wrote to memory of 4560	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	85
PID 2920 wrote to memory of 3412	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	86
PID 2920 wrote to memory of 3412	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	86
PID 2920 wrote to memory of 2472	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	87
PID 2920 wrote to memory of 2472	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	87
PID 2920 wrote to memory of 1900	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	88
PID 2920 wrote to memory of 1900	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	88
PID 2920 wrote to memory of 3012	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	89
PID 2920 wrote to memory of 3012	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	89
PID 2920 wrote to memory of 3476	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	90
PID 2920 wrote to memory of 3476	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	90
PID 2920 wrote to memory of 3836	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	91
PID 2920 wrote to memory of 3836	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	91
PID 2920 wrote to memory of 3196	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	92
PID 2920 wrote to memory of 3196	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	92
PID 2920 wrote to memory of 3648	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	93
PID 2920 wrote to memory of 3648	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	93
PID 2920 wrote to memory of 2976	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	94
PID 2920 wrote to memory of 2976	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	94
PID 2920 wrote to memory of 5048	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	95
PID 2920 wrote to memory of 5048	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	95
PID 2920 wrote to memory of 4988	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	96
PID 2920 wrote to memory of 4988	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	96
PID 2920 wrote to memory of 4780	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	97
PID 2920 wrote to memory of 4780	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	97
PID 2920 wrote to memory of 3160	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	98
PID 2920 wrote to memory of 3160	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	98
PID 2920 wrote to memory of 3640	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	99
PID 2920 wrote to memory of 3640	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	99
PID 2920 wrote to memory of 2392	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	100
PID 2920 wrote to memory of 2392	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	100
PID 2920 wrote to memory of 4704	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	101
PID 2920 wrote to memory of 4704	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	101
PID 2920 wrote to memory of 4040	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	102
PID 2920 wrote to memory of 4040	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	102
PID 2920 wrote to memory of 1852	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	103
PID 2920 wrote to memory of 1852	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	103
PID 2920 wrote to memory of 3796	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	104
PID 2920 wrote to memory of 3796	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	104
PID 2920 wrote to memory of 4724	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	105
PID 2920 wrote to memory of 4724	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	105
PID 2920 wrote to memory of 2172	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	106
PID 2920 wrote to memory of 2172	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	106
PID 2920 wrote to memory of 1932	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	107
PID 2920 wrote to memory of 1932	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	107
PID 2920 wrote to memory of 4220	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	108
PID 2920 wrote to memory of 4220	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	108
PID 2920 wrote to memory of 1896	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	109
PID 2920 wrote to memory of 1896	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	109
PID 2920 wrote to memory of 3864	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	110
PID 2920 wrote to memory of 3864	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	110
PID 2920 wrote to memory of 2440	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	111
PID 2920 wrote to memory of 2440	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	111
PID 2920 wrote to memory of 1748	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	112
PID 2920 wrote to memory of 1748	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	112
PID 2920 wrote to memory of 1744	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	113
PID 2920 wrote to memory of 1744	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	113
PID 2920 wrote to memory of 3832	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	114
PID 2920 wrote to memory of 3832	2920	2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d02dc4102d42acc28e27b37c1dc4070_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\System\uqSRPie.exe
  C:\Windows\System\uqSRPie.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\kWaCqFf.exe
  C:\Windows\System\kWaCqFf.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\iEZjQPv.exe
  C:\Windows\System\iEZjQPv.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\BJcMsFA.exe
  C:\Windows\System\BJcMsFA.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\IyspFTi.exe
  C:\Windows\System\IyspFTi.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\RyRGOyz.exe
  C:\Windows\System\RyRGOyz.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\JYPHkgj.exe
  C:\Windows\System\JYPHkgj.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\TyqsFqb.exe
  C:\Windows\System\TyqsFqb.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\owIOyyt.exe
  C:\Windows\System\owIOyyt.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\OYWzelF.exe
  C:\Windows\System\OYWzelF.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\xpKvKYB.exe
  C:\Windows\System\xpKvKYB.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\cXruatl.exe
  C:\Windows\System\cXruatl.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\NHmagAA.exe
  C:\Windows\System\NHmagAA.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\AJQAaVy.exe
  C:\Windows\System\AJQAaVy.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\XjXILmR.exe
  C:\Windows\System\XjXILmR.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\kFpTuMa.exe
  C:\Windows\System\kFpTuMa.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\bIXGSXa.exe
  C:\Windows\System\bIXGSXa.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\KTwRUwm.exe
  C:\Windows\System\KTwRUwm.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\yBzkFuz.exe
  C:\Windows\System\yBzkFuz.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\TgeLrXY.exe
  C:\Windows\System\TgeLrXY.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\ZBiVelZ.exe
  C:\Windows\System\ZBiVelZ.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\oDCKGkw.exe
  C:\Windows\System\oDCKGkw.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\aXGEwob.exe
  C:\Windows\System\aXGEwob.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\ExnJoyo.exe
  C:\Windows\System\ExnJoyo.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\BVWwgBn.exe
  C:\Windows\System\BVWwgBn.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\IXnbTfl.exe
  C:\Windows\System\IXnbTfl.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\jwpqLIL.exe
  C:\Windows\System\jwpqLIL.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\DDobbRb.exe
  C:\Windows\System\DDobbRb.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\QjPbIFL.exe
  C:\Windows\System\QjPbIFL.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\oQNUbJU.exe
  C:\Windows\System\oQNUbJU.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\yGCmPnu.exe
  C:\Windows\System\yGCmPnu.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\PCUbdsJ.exe
  C:\Windows\System\PCUbdsJ.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\jWCOVEB.exe
  C:\Windows\System\jWCOVEB.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\EppcUaW.exe
  C:\Windows\System\EppcUaW.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\RSWsbnD.exe
  C:\Windows\System\RSWsbnD.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\YhCBUMO.exe
  C:\Windows\System\YhCBUMO.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\WfqVwoV.exe
  C:\Windows\System\WfqVwoV.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\CmkpZRZ.exe
  C:\Windows\System\CmkpZRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\PGqScmk.exe
  C:\Windows\System\PGqScmk.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\HnYbqkH.exe
  C:\Windows\System\HnYbqkH.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\NDbmpfJ.exe
  C:\Windows\System\NDbmpfJ.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\whUgxSX.exe
  C:\Windows\System\whUgxSX.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\CHOHTxa.exe
  C:\Windows\System\CHOHTxa.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\kEbaZsr.exe
  C:\Windows\System\kEbaZsr.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\UwyOMyf.exe
  C:\Windows\System\UwyOMyf.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\sGpMAYZ.exe
  C:\Windows\System\sGpMAYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\MKGEzlN.exe
  C:\Windows\System\MKGEzlN.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\vTpruUA.exe
  C:\Windows\System\vTpruUA.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\YWLnopS.exe
  C:\Windows\System\YWLnopS.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\aBBuSfs.exe
  C:\Windows\System\aBBuSfs.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\hoaGZpf.exe
  C:\Windows\System\hoaGZpf.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\kyVtMGI.exe
  C:\Windows\System\kyVtMGI.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\zTpLMJv.exe
  C:\Windows\System\zTpLMJv.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\utlGiXr.exe
  C:\Windows\System\utlGiXr.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\mQWAIJO.exe
  C:\Windows\System\mQWAIJO.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\AeHhheX.exe
  C:\Windows\System\AeHhheX.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\VeTJyGg.exe
  C:\Windows\System\VeTJyGg.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\YwwMsKv.exe
  C:\Windows\System\YwwMsKv.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\qjWPCDR.exe
  C:\Windows\System\qjWPCDR.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\aZafpcR.exe
  C:\Windows\System\aZafpcR.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\kjsvAdI.exe
  C:\Windows\System\kjsvAdI.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\SpzzROp.exe
  C:\Windows\System\SpzzROp.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\UqGNnlI.exe
  C:\Windows\System\UqGNnlI.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\OFxlUTZ.exe
  C:\Windows\System\OFxlUTZ.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\DvLocLb.exe
  C:\Windows\System\DvLocLb.exe
  2⤵
  PID:4152
- C:\Windows\System\doxuykQ.exe
  C:\Windows\System\doxuykQ.exe
  2⤵
  PID:3668
- C:\Windows\System\oNSvOId.exe
  C:\Windows\System\oNSvOId.exe
  2⤵
  PID:1908
- C:\Windows\System\mxpzWrT.exe
  C:\Windows\System\mxpzWrT.exe
  2⤵
  PID:1880
- C:\Windows\System\FyeSXxd.exe
  C:\Windows\System\FyeSXxd.exe
  2⤵
  PID:448
- C:\Windows\System\SOUVPFX.exe
  C:\Windows\System\SOUVPFX.exe
  2⤵
  PID:1080
- C:\Windows\System\cOJksUv.exe
  C:\Windows\System\cOJksUv.exe
  2⤵
  PID:4612
- C:\Windows\System\qfEatFX.exe
  C:\Windows\System\qfEatFX.exe
  2⤵
  PID:4904
- C:\Windows\System\yQwQjFm.exe
  C:\Windows\System\yQwQjFm.exe
  2⤵
  PID:2668
- C:\Windows\System\JXdrRxT.exe
  C:\Windows\System\JXdrRxT.exe
  2⤵
  PID:2824
- C:\Windows\System\LZacHqU.exe
  C:\Windows\System\LZacHqU.exe
  2⤵
  PID:816
- C:\Windows\System\OvCKxWz.exe
  C:\Windows\System\OvCKxWz.exe
  2⤵
  PID:2600
- C:\Windows\System\tpePkik.exe
  C:\Windows\System\tpePkik.exe
  2⤵
  PID:2904
- C:\Windows\System\hjNmXPh.exe
  C:\Windows\System\hjNmXPh.exe
  2⤵
  PID:4848
- C:\Windows\System\eGhKJyf.exe
  C:\Windows\System\eGhKJyf.exe
  2⤵
  PID:4344
- C:\Windows\System\laRlDph.exe
  C:\Windows\System\laRlDph.exe
  2⤵
  PID:3464
- C:\Windows\System\rSyTNpc.exe
  C:\Windows\System\rSyTNpc.exe
  2⤵
  PID:1152
- C:\Windows\System\qSsbZdK.exe
  C:\Windows\System\qSsbZdK.exe
  2⤵
  PID:1092
- C:\Windows\System\QJToqyK.exe
  C:\Windows\System\QJToqyK.exe
  2⤵
  PID:1352
- C:\Windows\System\VavOJvW.exe
  C:\Windows\System\VavOJvW.exe
  2⤵
  PID:1696
- C:\Windows\System\rBEjbDz.exe
  C:\Windows\System\rBEjbDz.exe
  2⤵
  PID:2300
- C:\Windows\System\FMbkJkg.exe
  C:\Windows\System\FMbkJkg.exe
  2⤵
  PID:2612
- C:\Windows\System\OXvXPjR.exe
  C:\Windows\System\OXvXPjR.exe
  2⤵
  PID:856
- C:\Windows\System\WuSGFSf.exe
  C:\Windows\System\WuSGFSf.exe
  2⤵
  PID:3000
- C:\Windows\System\IKlVZGS.exe
  C:\Windows\System\IKlVZGS.exe
  2⤵
  PID:3468
- C:\Windows\System\BcAWIxT.exe
  C:\Windows\System\BcAWIxT.exe
  2⤵
  PID:4580
- C:\Windows\System\QPjiuYW.exe
  C:\Windows\System\QPjiuYW.exe
  2⤵
  PID:4800
- C:\Windows\System\mYyulTb.exe
  C:\Windows\System\mYyulTb.exe
  2⤵
  PID:2836
- C:\Windows\System\npXKxQd.exe
  C:\Windows\System\npXKxQd.exe
  2⤵
  PID:5168
- C:\Windows\System\OAlZAac.exe
  C:\Windows\System\OAlZAac.exe
  2⤵
  PID:5200
- C:\Windows\System\YGLWwLh.exe
  C:\Windows\System\YGLWwLh.exe
  2⤵
  PID:5236
- C:\Windows\System\KjIfmyy.exe
  C:\Windows\System\KjIfmyy.exe
  2⤵
  PID:5252
- C:\Windows\System\lfRaECt.exe
  C:\Windows\System\lfRaECt.exe
  2⤵
  PID:5284
- C:\Windows\System\sHgDbPv.exe
  C:\Windows\System\sHgDbPv.exe
  2⤵
  PID:5312
- C:\Windows\System\REqSBSN.exe
  C:\Windows\System\REqSBSN.exe
  2⤵
  PID:5340
- C:\Windows\System\yUplGqk.exe
  C:\Windows\System\yUplGqk.exe
  2⤵
  PID:5364
- C:\Windows\System\cwdDohu.exe
  C:\Windows\System\cwdDohu.exe
  2⤵
  PID:5392
- C:\Windows\System\gaxCNEh.exe
  C:\Windows\System\gaxCNEh.exe
  2⤵
  PID:5428
- C:\Windows\System\mVMygxx.exe
  C:\Windows\System\mVMygxx.exe
  2⤵
  PID:5460
- C:\Windows\System\xsuhOwr.exe
  C:\Windows\System\xsuhOwr.exe
  2⤵
  PID:5476
- C:\Windows\System\HVbEfQk.exe
  C:\Windows\System\HVbEfQk.exe
  2⤵
  PID:5508
- C:\Windows\System\HSUFSVH.exe
  C:\Windows\System\HSUFSVH.exe
  2⤵
  PID:5532
- C:\Windows\System\FGINKvK.exe
  C:\Windows\System\FGINKvK.exe
  2⤵
  PID:5568
- C:\Windows\System\VKamlrS.exe
  C:\Windows\System\VKamlrS.exe
  2⤵
  PID:5588
- C:\Windows\System\HyGacNa.exe
  C:\Windows\System\HyGacNa.exe
  2⤵
  PID:5616
- C:\Windows\System\FpnGtZC.exe
  C:\Windows\System\FpnGtZC.exe
  2⤵
  PID:5644
- C:\Windows\System\QonUcJq.exe
  C:\Windows\System\QonUcJq.exe
  2⤵
  PID:5672
- C:\Windows\System\RzGKpNt.exe
  C:\Windows\System\RzGKpNt.exe
  2⤵
  PID:5700
- C:\Windows\System\ebxlJnH.exe
  C:\Windows\System\ebxlJnH.exe
  2⤵
  PID:5732
- C:\Windows\System\dIMvRlr.exe
  C:\Windows\System\dIMvRlr.exe
  2⤵
  PID:5756
- C:\Windows\System\mBdtRjx.exe
  C:\Windows\System\mBdtRjx.exe
  2⤵
  PID:5784
- C:\Windows\System\owYumTF.exe
  C:\Windows\System\owYumTF.exe
  2⤵
  PID:5816
- C:\Windows\System\xVHunza.exe
  C:\Windows\System\xVHunza.exe
  2⤵
  PID:5852
- C:\Windows\System\sFhVkTX.exe
  C:\Windows\System\sFhVkTX.exe
  2⤵
  PID:5868
- C:\Windows\System\lKzLcdF.exe
  C:\Windows\System\lKzLcdF.exe
  2⤵
  PID:5896
- C:\Windows\System\oPJxZDJ.exe
  C:\Windows\System\oPJxZDJ.exe
  2⤵
  PID:5928
- C:\Windows\System\IleqXJA.exe
  C:\Windows\System\IleqXJA.exe
  2⤵
  PID:5956
- C:\Windows\System\vrqlLvv.exe
  C:\Windows\System\vrqlLvv.exe
  2⤵
  PID:5980
- C:\Windows\System\EzFYHfZ.exe
  C:\Windows\System\EzFYHfZ.exe
  2⤵
  PID:6020
- C:\Windows\System\RQkGbgu.exe
  C:\Windows\System\RQkGbgu.exe
  2⤵
  PID:6048
- C:\Windows\System\BCklday.exe
  C:\Windows\System\BCklday.exe
  2⤵
  PID:6068
- C:\Windows\System\QCXEaNX.exe
  C:\Windows\System\QCXEaNX.exe
  2⤵
  PID:6092
- C:\Windows\System\fxxbGyF.exe
  C:\Windows\System\fxxbGyF.exe
  2⤵
  PID:6124
- C:\Windows\System\VkdtDZz.exe
  C:\Windows\System\VkdtDZz.exe
  2⤵
  PID:5148
- C:\Windows\System\OmFKtFL.exe
  C:\Windows\System\OmFKtFL.exe
  2⤵
  PID:5220
- C:\Windows\System\YGKEYTk.exe
  C:\Windows\System\YGKEYTk.exe
  2⤵
  PID:5292
- C:\Windows\System\fCuYHEv.exe
  C:\Windows\System\fCuYHEv.exe
  2⤵
  PID:5376
- C:\Windows\System\JrCNOVk.exe
  C:\Windows\System\JrCNOVk.exe
  2⤵
  PID:5456
- C:\Windows\System\LSSYzFV.exe
  C:\Windows\System\LSSYzFV.exe
  2⤵
  PID:5544
- C:\Windows\System\mBIMJYG.exe
  C:\Windows\System\mBIMJYG.exe
  2⤵
  PID:5564
- C:\Windows\System\OTTIcEe.exe
  C:\Windows\System\OTTIcEe.exe
  2⤵
  PID:5664
- C:\Windows\System\qIhiguL.exe
  C:\Windows\System\qIhiguL.exe
  2⤵
  PID:5752
- C:\Windows\System\DvESKQy.exe
  C:\Windows\System\DvESKQy.exe
  2⤵
  PID:5776
- C:\Windows\System\gaHlYPh.exe
  C:\Windows\System\gaHlYPh.exe
  2⤵
  PID:5860
- C:\Windows\System\aZxWInC.exe
  C:\Windows\System\aZxWInC.exe
  2⤵
  PID:5884
- C:\Windows\System\PChWRbc.exe
  C:\Windows\System\PChWRbc.exe
  2⤵
  PID:6008
- C:\Windows\System\uXJeHmX.exe
  C:\Windows\System\uXJeHmX.exe
  2⤵
  PID:6084
- C:\Windows\System\pUWYRbr.exe
  C:\Windows\System\pUWYRbr.exe
  2⤵
  PID:5136
- C:\Windows\System\TkUQJef.exe
  C:\Windows\System\TkUQJef.exe
  2⤵
  PID:5388
- C:\Windows\System\gsXZwCY.exe
  C:\Windows\System\gsXZwCY.exe
  2⤵
  PID:5496
- C:\Windows\System\OmibtkU.exe
  C:\Windows\System\OmibtkU.exe
  2⤵
  PID:5748
- C:\Windows\System\PBujgRZ.exe
  C:\Windows\System\PBujgRZ.exe
  2⤵
  PID:5864
- C:\Windows\System\vqEhOmd.exe
  C:\Windows\System\vqEhOmd.exe
  2⤵
  PID:6140
- C:\Windows\System\zvsdSZx.exe
  C:\Windows\System\zvsdSZx.exe
  2⤵
  PID:5468
- C:\Windows\System\OtnLrYN.exe
  C:\Windows\System\OtnLrYN.exe
  2⤵
  PID:6064
- C:\Windows\System\snNhCkz.exe
  C:\Windows\System\snNhCkz.exe
  2⤵
  PID:6168
- C:\Windows\System\gtZGPJh.exe
  C:\Windows\System\gtZGPJh.exe
  2⤵
  PID:6212
- C:\Windows\System\clnpAFC.exe
  C:\Windows\System\clnpAFC.exe
  2⤵
  PID:6244
- C:\Windows\System\mrwyXXb.exe
  C:\Windows\System\mrwyXXb.exe
  2⤵
  PID:6272
- C:\Windows\System\YNLPZxt.exe
  C:\Windows\System\YNLPZxt.exe
  2⤵
  PID:6288
- C:\Windows\System\vxzolok.exe
  C:\Windows\System\vxzolok.exe
  2⤵
  PID:6312
- C:\Windows\System\rlpAorJ.exe
  C:\Windows\System\rlpAorJ.exe
  2⤵
  PID:6332
- C:\Windows\System\GJmciKr.exe
  C:\Windows\System\GJmciKr.exe
  2⤵
  PID:6364
- C:\Windows\System\brCeJLr.exe
  C:\Windows\System\brCeJLr.exe
  2⤵
  PID:6424
- C:\Windows\System\ZQsVCtC.exe
  C:\Windows\System\ZQsVCtC.exe
  2⤵
  PID:6464
- C:\Windows\System\pJJAefa.exe
  C:\Windows\System\pJJAefa.exe
  2⤵
  PID:6508
- C:\Windows\System\KWNyAwc.exe
  C:\Windows\System\KWNyAwc.exe
  2⤵
  PID:6536
- C:\Windows\System\JFILlvk.exe
  C:\Windows\System\JFILlvk.exe
  2⤵
  PID:6564
- C:\Windows\System\KmoWFaX.exe
  C:\Windows\System\KmoWFaX.exe
  2⤵
  PID:6592
- C:\Windows\System\ERMekIM.exe
  C:\Windows\System\ERMekIM.exe
  2⤵
  PID:6620
- C:\Windows\System\ivOyugs.exe
  C:\Windows\System\ivOyugs.exe
  2⤵
  PID:6640
- C:\Windows\System\xgnzyLe.exe
  C:\Windows\System\xgnzyLe.exe
  2⤵
  PID:6656
- C:\Windows\System\fLSeNIB.exe
  C:\Windows\System\fLSeNIB.exe
  2⤵
  PID:6672
- C:\Windows\System\fxhwszz.exe
  C:\Windows\System\fxhwszz.exe
  2⤵
  PID:6696
- C:\Windows\System\bFjKKBs.exe
  C:\Windows\System\bFjKKBs.exe
  2⤵
  PID:6720
- C:\Windows\System\DQCfGuL.exe
  C:\Windows\System\DQCfGuL.exe
  2⤵
  PID:6740
- C:\Windows\System\ABoIYvf.exe
  C:\Windows\System\ABoIYvf.exe
  2⤵
  PID:6772
- C:\Windows\System\yqJGZyw.exe
  C:\Windows\System\yqJGZyw.exe
  2⤵
  PID:6808
- C:\Windows\System\bkPcvre.exe
  C:\Windows\System\bkPcvre.exe
  2⤵
  PID:6840
- C:\Windows\System\hbAjUOE.exe
  C:\Windows\System\hbAjUOE.exe
  2⤵
  PID:6860
- C:\Windows\System\HCsnmpi.exe
  C:\Windows\System\HCsnmpi.exe
  2⤵
  PID:6888
- C:\Windows\System\QrJurAx.exe
  C:\Windows\System\QrJurAx.exe
  2⤵
  PID:6916
- C:\Windows\System\nziboOG.exe
  C:\Windows\System\nziboOG.exe
  2⤵
  PID:6952
- C:\Windows\System\IcBGwPz.exe
  C:\Windows\System\IcBGwPz.exe
  2⤵
  PID:6996
- C:\Windows\System\YytNUDg.exe
  C:\Windows\System\YytNUDg.exe
  2⤵
  PID:7024
- C:\Windows\System\XcXOYlX.exe
  C:\Windows\System\XcXOYlX.exe
  2⤵
  PID:7060
- C:\Windows\System\xLcfdvC.exe
  C:\Windows\System\xLcfdvC.exe
  2⤵
  PID:7080
- C:\Windows\System\hPMEPTh.exe
  C:\Windows\System\hPMEPTh.exe
  2⤵
  PID:7104
- C:\Windows\System\vlUugfa.exe
  C:\Windows\System\vlUugfa.exe
  2⤵
  PID:7140
- C:\Windows\System\ZKtWkPN.exe
  C:\Windows\System\ZKtWkPN.exe
  2⤵
  PID:5828
- C:\Windows\System\dLRHWAS.exe
  C:\Windows\System\dLRHWAS.exe
  2⤵
  PID:6228
- C:\Windows\System\mXiKpfL.exe
  C:\Windows\System\mXiKpfL.exe
  2⤵
  PID:6284
- C:\Windows\System\rQCvPWe.exe
  C:\Windows\System\rQCvPWe.exe
  2⤵
  PID:6416
- C:\Windows\System\GSPJrqh.exe
  C:\Windows\System\GSPJrqh.exe
  2⤵
  PID:6452
- C:\Windows\System\DVGGAtt.exe
  C:\Windows\System\DVGGAtt.exe
  2⤵
  PID:6552
- C:\Windows\System\ZeUMQtP.exe
  C:\Windows\System\ZeUMQtP.exe
  2⤵
  PID:6648
- C:\Windows\System\eboteXG.exe
  C:\Windows\System\eboteXG.exe
  2⤵
  PID:6752
- C:\Windows\System\mtYfkdW.exe
  C:\Windows\System\mtYfkdW.exe
  2⤵
  PID:6732
- C:\Windows\System\phSIgjg.exe
  C:\Windows\System\phSIgjg.exe
  2⤵
  PID:6820
- C:\Windows\System\csNLKPt.exe
  C:\Windows\System\csNLKPt.exe
  2⤵
  PID:6936
- C:\Windows\System\zhnTLix.exe
  C:\Windows\System\zhnTLix.exe
  2⤵
  PID:6976
- C:\Windows\System\cobrnsP.exe
  C:\Windows\System\cobrnsP.exe
  2⤵
  PID:7008
- C:\Windows\System\eDExbEt.exe
  C:\Windows\System\eDExbEt.exe
  2⤵
  PID:7160
- C:\Windows\System\kibvwnG.exe
  C:\Windows\System\kibvwnG.exe
  2⤵
  PID:6152
- C:\Windows\System\rCVLiyC.exe
  C:\Windows\System\rCVLiyC.exe
  2⤵
  PID:6260
- C:\Windows\System\ABPMuGr.exe
  C:\Windows\System\ABPMuGr.exe
  2⤵
  PID:6360
- C:\Windows\System\oAcARjr.exe
  C:\Windows\System\oAcARjr.exe
  2⤵
  PID:6684
- C:\Windows\System\wWuESTz.exe
  C:\Windows\System\wWuESTz.exe
  2⤵
  PID:6848
- C:\Windows\System\nndXYWl.exe
  C:\Windows\System\nndXYWl.exe
  2⤵
  PID:6972
- C:\Windows\System\foBuaQC.exe
  C:\Windows\System\foBuaQC.exe
  2⤵
  PID:5660
- C:\Windows\System\lBdviZH.exe
  C:\Windows\System\lBdviZH.exe
  2⤵
  PID:6264
- C:\Windows\System\dvAtArC.exe
  C:\Windows\System\dvAtArC.exe
  2⤵
  PID:6604
- C:\Windows\System\ANzdqnq.exe
  C:\Windows\System\ANzdqnq.exe
  2⤵
  PID:6636
- C:\Windows\System\nHzSLAe.exe
  C:\Windows\System\nHzSLAe.exe
  2⤵
  PID:6852
- C:\Windows\System\xZtDKTm.exe
  C:\Windows\System\xZtDKTm.exe
  2⤵
  PID:7204
- C:\Windows\System\oFaleXl.exe
  C:\Windows\System\oFaleXl.exe
  2⤵
  PID:7220
- C:\Windows\System\kQEENAA.exe
  C:\Windows\System\kQEENAA.exe
  2⤵
  PID:7244
- C:\Windows\System\gqxbXvT.exe
  C:\Windows\System\gqxbXvT.exe
  2⤵
  PID:7280
- C:\Windows\System\jqxVnky.exe
  C:\Windows\System\jqxVnky.exe
  2⤵
  PID:7316
- C:\Windows\System\KVziHJk.exe
  C:\Windows\System\KVziHJk.exe
  2⤵
  PID:7336
- C:\Windows\System\CGqkcZr.exe
  C:\Windows\System\CGqkcZr.exe
  2⤵
  PID:7360
- C:\Windows\System\MHGFLCR.exe
  C:\Windows\System\MHGFLCR.exe
  2⤵
  PID:7400
- C:\Windows\System\zODTVJS.exe
  C:\Windows\System\zODTVJS.exe
  2⤵
  PID:7416
- C:\Windows\System\MILaIQD.exe
  C:\Windows\System\MILaIQD.exe
  2⤵
  PID:7432
- C:\Windows\System\SxtYmiv.exe
  C:\Windows\System\SxtYmiv.exe
  2⤵
  PID:7472
- C:\Windows\System\okXjZmF.exe
  C:\Windows\System\okXjZmF.exe
  2⤵
  PID:7496
- C:\Windows\System\jUgvZfm.exe
  C:\Windows\System\jUgvZfm.exe
  2⤵
  PID:7528
- C:\Windows\System\foauPtJ.exe
  C:\Windows\System\foauPtJ.exe
  2⤵
  PID:7560
- C:\Windows\System\OSNNBah.exe
  C:\Windows\System\OSNNBah.exe
  2⤵
  PID:7576
- C:\Windows\System\GUNnRKX.exe
  C:\Windows\System\GUNnRKX.exe
  2⤵
  PID:7600
- C:\Windows\System\PHwSSGs.exe
  C:\Windows\System\PHwSSGs.exe
  2⤵
  PID:7652
- C:\Windows\System\bwWRCZE.exe
  C:\Windows\System\bwWRCZE.exe
  2⤵
  PID:7672
- C:\Windows\System\lItIxyt.exe
  C:\Windows\System\lItIxyt.exe
  2⤵
  PID:7696
- C:\Windows\System\AhfObXm.exe
  C:\Windows\System\AhfObXm.exe
  2⤵
  PID:7728
- C:\Windows\System\aKtjXHu.exe
  C:\Windows\System\aKtjXHu.exe
  2⤵
  PID:7752
- C:\Windows\System\SQRYgzS.exe
  C:\Windows\System\SQRYgzS.exe
  2⤵
  PID:7772
- C:\Windows\System\kMUpTTa.exe
  C:\Windows\System\kMUpTTa.exe
  2⤵
  PID:7808
- C:\Windows\System\ffjMlEH.exe
  C:\Windows\System\ffjMlEH.exe
  2⤵
  PID:7848
- C:\Windows\System\ngPrLnv.exe
  C:\Windows\System\ngPrLnv.exe
  2⤵
  PID:7876
- C:\Windows\System\AKnjmeb.exe
  C:\Windows\System\AKnjmeb.exe
  2⤵
  PID:7904
- C:\Windows\System\lAWdSdM.exe
  C:\Windows\System\lAWdSdM.exe
  2⤵
  PID:7920
- C:\Windows\System\ZYpFnqs.exe
  C:\Windows\System\ZYpFnqs.exe
  2⤵
  PID:7956
- C:\Windows\System\IfDXRjq.exe
  C:\Windows\System\IfDXRjq.exe
  2⤵
  PID:7976
- C:\Windows\System\IgVtYwh.exe
  C:\Windows\System\IgVtYwh.exe
  2⤵
  PID:8004
- C:\Windows\System\OpZWpiQ.exe
  C:\Windows\System\OpZWpiQ.exe
  2⤵
  PID:8024
- C:\Windows\System\UkiogGO.exe
  C:\Windows\System\UkiogGO.exe
  2⤵
  PID:8064
- C:\Windows\System\HhcNTWc.exe
  C:\Windows\System\HhcNTWc.exe
  2⤵
  PID:8092
- C:\Windows\System\UkQjmHf.exe
  C:\Windows\System\UkQjmHf.exe
  2⤵
  PID:8120
- C:\Windows\System\DIcDHXL.exe
  C:\Windows\System\DIcDHXL.exe
  2⤵
  PID:8160
- C:\Windows\System\BCKOgfE.exe
  C:\Windows\System\BCKOgfE.exe
  2⤵
  PID:8184
- C:\Windows\System\GbLBqOy.exe
  C:\Windows\System\GbLBqOy.exe
  2⤵
  PID:7196
- C:\Windows\System\ZRQODkp.exe
  C:\Windows\System\ZRQODkp.exe
  2⤵
  PID:7236
- C:\Windows\System\xAKEGsh.exe
  C:\Windows\System\xAKEGsh.exe
  2⤵
  PID:7344
- C:\Windows\System\XBrhGWs.exe
  C:\Windows\System\XBrhGWs.exe
  2⤵
  PID:7372
- C:\Windows\System\uDZnNQa.exe
  C:\Windows\System\uDZnNQa.exe
  2⤵
  PID:7460
- C:\Windows\System\mDUeCar.exe
  C:\Windows\System\mDUeCar.exe
  2⤵
  PID:7508
- C:\Windows\System\AmBUKHn.exe
  C:\Windows\System\AmBUKHn.exe
  2⤵
  PID:7572
- C:\Windows\System\uqdjVUq.exe
  C:\Windows\System\uqdjVUq.exe
  2⤵
  PID:7596
- C:\Windows\System\XNGsDXj.exe
  C:\Windows\System\XNGsDXj.exe
  2⤵
  PID:7680
- C:\Windows\System\wwwIfxZ.exe
  C:\Windows\System\wwwIfxZ.exe
  2⤵
  PID:7740
- C:\Windows\System\ogTystM.exe
  C:\Windows\System\ogTystM.exe
  2⤵
  PID:7804
- C:\Windows\System\jCErxQZ.exe
  C:\Windows\System\jCErxQZ.exe
  2⤵
  PID:7868
- C:\Windows\System\ruoNwSI.exe
  C:\Windows\System\ruoNwSI.exe
  2⤵
  PID:7932
- C:\Windows\System\QEzAKHm.exe
  C:\Windows\System\QEzAKHm.exe
  2⤵
  PID:7996
- C:\Windows\System\YIiLabP.exe
  C:\Windows\System\YIiLabP.exe
  2⤵
  PID:8040
- C:\Windows\System\GzMJFPM.exe
  C:\Windows\System\GzMJFPM.exe
  2⤵
  PID:8156
- C:\Windows\System\KUUOmxR.exe
  C:\Windows\System\KUUOmxR.exe
  2⤵
  PID:7268
- C:\Windows\System\yeTxsEJ.exe
  C:\Windows\System\yeTxsEJ.exe
  2⤵
  PID:7384
- C:\Windows\System\HUUOlgd.exe
  C:\Windows\System\HUUOlgd.exe
  2⤵
  PID:7516
- C:\Windows\System\SIYIXgA.exe
  C:\Windows\System\SIYIXgA.exe
  2⤵
  PID:7736
- C:\Windows\System\vUYdKon.exe
  C:\Windows\System\vUYdKon.exe
  2⤵
  PID:7844
- C:\Windows\System\yjQxCyN.exe
  C:\Windows\System\yjQxCyN.exe
  2⤵
  PID:7896
- C:\Windows\System\EJYszAw.exe
  C:\Windows\System\EJYszAw.exe
  2⤵
  PID:8108
- C:\Windows\System\aUEtJPH.exe
  C:\Windows\System\aUEtJPH.exe
  2⤵
  PID:7300
- C:\Windows\System\tJENjbC.exe
  C:\Windows\System\tJENjbC.exe
  2⤵
  PID:7964
- C:\Windows\System\PFROZLg.exe
  C:\Windows\System\PFROZLg.exe
  2⤵
  PID:8080
- C:\Windows\System\oczCHwf.exe
  C:\Windows\System\oczCHwf.exe
  2⤵
  PID:7544
- C:\Windows\System\QuFRyKV.exe
  C:\Windows\System\QuFRyKV.exe
  2⤵
  PID:8228
- C:\Windows\System\KbhSgnm.exe
  C:\Windows\System\KbhSgnm.exe
  2⤵
  PID:8252
- C:\Windows\System\TdYYzVV.exe
  C:\Windows\System\TdYYzVV.exe
  2⤵
  PID:8272
- C:\Windows\System\hSeNDQT.exe
  C:\Windows\System\hSeNDQT.exe
  2⤵
  PID:8304
- C:\Windows\System\TkzYJpC.exe
  C:\Windows\System\TkzYJpC.exe
  2⤵
  PID:8324
- C:\Windows\System\YsJUGuU.exe
  C:\Windows\System\YsJUGuU.exe
  2⤵
  PID:8360
- C:\Windows\System\waUueuk.exe
  C:\Windows\System\waUueuk.exe
  2⤵
  PID:8384
- C:\Windows\System\zSHKGpz.exe
  C:\Windows\System\zSHKGpz.exe
  2⤵
  PID:8416
- C:\Windows\System\gbrPtqs.exe
  C:\Windows\System\gbrPtqs.exe
  2⤵
  PID:8452
- C:\Windows\System\PsbblvA.exe
  C:\Windows\System\PsbblvA.exe
  2⤵
  PID:8488
- C:\Windows\System\ZWfazyV.exe
  C:\Windows\System\ZWfazyV.exe
  2⤵
  PID:8520
- C:\Windows\System\fNSxfma.exe
  C:\Windows\System\fNSxfma.exe
  2⤵
  PID:8540
- C:\Windows\System\MihRnbj.exe
  C:\Windows\System\MihRnbj.exe
  2⤵
  PID:8568
- C:\Windows\System\VRHYnKZ.exe
  C:\Windows\System\VRHYnKZ.exe
  2⤵
  PID:8608
- C:\Windows\System\XniCHwQ.exe
  C:\Windows\System\XniCHwQ.exe
  2⤵
  PID:8636
- C:\Windows\System\JdqfdNS.exe
  C:\Windows\System\JdqfdNS.exe
  2⤵
  PID:8664
- C:\Windows\System\MTifQRA.exe
  C:\Windows\System\MTifQRA.exe
  2⤵
  PID:8684
- C:\Windows\System\OQAKUhP.exe
  C:\Windows\System\OQAKUhP.exe
  2⤵
  PID:8708
- C:\Windows\System\jIfhWeV.exe
  C:\Windows\System\jIfhWeV.exe
  2⤵
  PID:8736
- C:\Windows\System\tcnrEML.exe
  C:\Windows\System\tcnrEML.exe
  2⤵
  PID:8776
- C:\Windows\System\sEalAHq.exe
  C:\Windows\System\sEalAHq.exe
  2⤵
  PID:8800
- C:\Windows\System\LuyWcYQ.exe
  C:\Windows\System\LuyWcYQ.exe
  2⤵
  PID:8832
- C:\Windows\System\lQeIzcI.exe
  C:\Windows\System\lQeIzcI.exe
  2⤵
  PID:8860
- C:\Windows\System\UDzovDy.exe
  C:\Windows\System\UDzovDy.exe
  2⤵
  PID:8896
- C:\Windows\System\AyOvyAQ.exe
  C:\Windows\System\AyOvyAQ.exe
  2⤵
  PID:8928
- C:\Windows\System\KtocMdk.exe
  C:\Windows\System\KtocMdk.exe
  2⤵
  PID:8944
- C:\Windows\System\SFZBkMn.exe
  C:\Windows\System\SFZBkMn.exe
  2⤵
  PID:8972
- C:\Windows\System\EwFcCXo.exe
  C:\Windows\System\EwFcCXo.exe
  2⤵
  PID:9008
- C:\Windows\System\saYMOmB.exe
  C:\Windows\System\saYMOmB.exe
  2⤵
  PID:9040
- C:\Windows\System\PyVsuCJ.exe
  C:\Windows\System\PyVsuCJ.exe
  2⤵
  PID:9056
- C:\Windows\System\CzDeQnD.exe
  C:\Windows\System\CzDeQnD.exe
  2⤵
  PID:9084
- C:\Windows\System\LozJZUP.exe
  C:\Windows\System\LozJZUP.exe
  2⤵
  PID:9116
- C:\Windows\System\SddsNvr.exe
  C:\Windows\System\SddsNvr.exe
  2⤵
  PID:9140
- C:\Windows\System\muuuUnv.exe
  C:\Windows\System\muuuUnv.exe
  2⤵
  PID:9168
- C:\Windows\System\GhlFvNz.exe
  C:\Windows\System\GhlFvNz.exe
  2⤵
  PID:9200
- C:\Windows\System\fGNTUEK.exe
  C:\Windows\System\fGNTUEK.exe
  2⤵
  PID:7712
- C:\Windows\System\aIGidGu.exe
  C:\Windows\System\aIGidGu.exe
  2⤵
  PID:8248
- C:\Windows\System\NubZKvW.exe
  C:\Windows\System\NubZKvW.exe
  2⤵
  PID:8344
- C:\Windows\System\cZgQMyc.exe
  C:\Windows\System\cZgQMyc.exe
  2⤵
  PID:8472
- C:\Windows\System\VVPKJnC.exe
  C:\Windows\System\VVPKJnC.exe
  2⤵
  PID:8508
- C:\Windows\System\LRrSjrT.exe
  C:\Windows\System\LRrSjrT.exe
  2⤵
  PID:8596
- C:\Windows\System\KmYrSxo.exe
  C:\Windows\System\KmYrSxo.exe
  2⤵
  PID:8620
- C:\Windows\System\YBwnSzU.exe
  C:\Windows\System\YBwnSzU.exe
  2⤵
  PID:8704
- C:\Windows\System\BJvWETg.exe
  C:\Windows\System\BJvWETg.exe
  2⤵
  PID:8764
- C:\Windows\System\mNMgLHF.exe
  C:\Windows\System\mNMgLHF.exe
  2⤵
  PID:8788
- C:\Windows\System\jixzRci.exe
  C:\Windows\System\jixzRci.exe
  2⤵
  PID:8876
- C:\Windows\System\nFJkrWN.exe
  C:\Windows\System\nFJkrWN.exe
  2⤵
  PID:8940
- C:\Windows\System\hDuCWUM.exe
  C:\Windows\System\hDuCWUM.exe
  2⤵
  PID:9000
- C:\Windows\System\iLfAZVQ.exe
  C:\Windows\System\iLfAZVQ.exe
  2⤵
  PID:9072
- C:\Windows\System\QVWTpNq.exe
  C:\Windows\System\QVWTpNq.exe
  2⤵
  PID:9136
- C:\Windows\System\mQHvqpX.exe
  C:\Windows\System\mQHvqpX.exe
  2⤵
  PID:9192
- C:\Windows\System\agglFGB.exe
  C:\Windows\System\agglFGB.exe
  2⤵
  PID:8264
- C:\Windows\System\oRxjcbb.exe
  C:\Windows\System\oRxjcbb.exe
  2⤵
  PID:8564
- C:\Windows\System\cSTSMlB.exe
  C:\Windows\System\cSTSMlB.exe
  2⤵
  PID:8660
- C:\Windows\System\TxLLCxK.exe
  C:\Windows\System\TxLLCxK.exe
  2⤵
  PID:8752
- C:\Windows\System\mNWdRGW.exe
  C:\Windows\System\mNWdRGW.exe
  2⤵
  PID:8828
- C:\Windows\System\RbzFrpM.exe
  C:\Windows\System\RbzFrpM.exe
  2⤵
  PID:9036
- C:\Windows\System\KHReYkJ.exe
  C:\Windows\System\KHReYkJ.exe
  2⤵
  PID:9188
- C:\Windows\System\FUnXKAo.exe
  C:\Windows\System\FUnXKAo.exe
  2⤵
  PID:8408
- C:\Windows\System\bjBENZq.exe
  C:\Windows\System\bjBENZq.exe
  2⤵
  PID:8088
- C:\Windows\System\seUfYBi.exe
  C:\Windows\System\seUfYBi.exe
  2⤵
  PID:8984
- C:\Windows\System\OUphYrC.exe
  C:\Windows\System\OUphYrC.exe
  2⤵
  PID:9080
- C:\Windows\System\ByvTSBs.exe
  C:\Windows\System\ByvTSBs.exe
  2⤵
  PID:9240
- C:\Windows\System\fNWbeyC.exe
  C:\Windows\System\fNWbeyC.exe
  2⤵
  PID:9276
- C:\Windows\System\SViuoGN.exe
  C:\Windows\System\SViuoGN.exe
  2⤵
  PID:9296
- C:\Windows\System\rXBBjcp.exe
  C:\Windows\System\rXBBjcp.exe
  2⤵
  PID:9316
- C:\Windows\System\QGclcMN.exe
  C:\Windows\System\QGclcMN.exe
  2⤵
  PID:9336
- C:\Windows\System\YReoEni.exe
  C:\Windows\System\YReoEni.exe
  2⤵
  PID:9352
- C:\Windows\System\SRQqwdg.exe
  C:\Windows\System\SRQqwdg.exe
  2⤵
  PID:9376
- C:\Windows\System\DibZsem.exe
  C:\Windows\System\DibZsem.exe
  2⤵
  PID:9396
- C:\Windows\System\FxuimkV.exe
  C:\Windows\System\FxuimkV.exe
  2⤵
  PID:9440
- C:\Windows\System\TopEFqG.exe
  C:\Windows\System\TopEFqG.exe
  2⤵
  PID:9468
- C:\Windows\System\avOvStk.exe
  C:\Windows\System\avOvStk.exe
  2⤵
  PID:9500
- C:\Windows\System\mQOzjej.exe
  C:\Windows\System\mQOzjej.exe
  2⤵
  PID:9524
- C:\Windows\System\nSocMHj.exe
  C:\Windows\System\nSocMHj.exe
  2⤵
  PID:9564
- C:\Windows\System\pdIEzRF.exe
  C:\Windows\System\pdIEzRF.exe
  2⤵
  PID:9596
- C:\Windows\System\fmQiRAL.exe
  C:\Windows\System\fmQiRAL.exe
  2⤵
  PID:9616
- C:\Windows\System\VuYSNww.exe
  C:\Windows\System\VuYSNww.exe
  2⤵
  PID:9636
- C:\Windows\System\VKfOcfx.exe
  C:\Windows\System\VKfOcfx.exe
  2⤵
  PID:9672
- C:\Windows\System\EofmiMR.exe
  C:\Windows\System\EofmiMR.exe
  2⤵
  PID:9700
- C:\Windows\System\AnmhNRh.exe
  C:\Windows\System\AnmhNRh.exe
  2⤵
  PID:9732
- C:\Windows\System\AKgNjRc.exe
  C:\Windows\System\AKgNjRc.exe
  2⤵
  PID:9768
- C:\Windows\System\jkequJm.exe
  C:\Windows\System\jkequJm.exe
  2⤵
  PID:9796
- C:\Windows\System\BkMcdNp.exe
  C:\Windows\System\BkMcdNp.exe
  2⤵
  PID:9836
- C:\Windows\System\qOCNuzA.exe
  C:\Windows\System\qOCNuzA.exe
  2⤵
  PID:9864
- C:\Windows\System\tWaaXvO.exe
  C:\Windows\System\tWaaXvO.exe
  2⤵
  PID:9896
- C:\Windows\System\AKUEzFo.exe
  C:\Windows\System\AKUEzFo.exe
  2⤵
  PID:9912
- C:\Windows\System\KpFrTEY.exe
  C:\Windows\System\KpFrTEY.exe
  2⤵
  PID:9944
- C:\Windows\System\GBErmCs.exe
  C:\Windows\System\GBErmCs.exe
  2⤵
  PID:9972
- C:\Windows\System\VFUlONr.exe
  C:\Windows\System\VFUlONr.exe
  2⤵
  PID:10000
- C:\Windows\System\CMmsNRT.exe
  C:\Windows\System\CMmsNRT.exe
  2⤵
  PID:10016
- C:\Windows\System\fZwoKil.exe
  C:\Windows\System\fZwoKil.exe
  2⤵
  PID:10052
- C:\Windows\System\SCIeioZ.exe
  C:\Windows\System\SCIeioZ.exe
  2⤵
  PID:10088
- C:\Windows\System\CLdfOsd.exe
  C:\Windows\System\CLdfOsd.exe
  2⤵
  PID:10116
- C:\Windows\System\PhxmirI.exe
  C:\Windows\System\PhxmirI.exe
  2⤵
  PID:10140
- C:\Windows\System\zpsnrmF.exe
  C:\Windows\System\zpsnrmF.exe
  2⤵
  PID:10160
- C:\Windows\System\krmtAfB.exe
  C:\Windows\System\krmtAfB.exe
  2⤵
  PID:10184
- C:\Windows\System\VCLzCoA.exe
  C:\Windows\System\VCLzCoA.exe
  2⤵
  PID:10216
- C:\Windows\System\tmoVzKb.exe
  C:\Windows\System\tmoVzKb.exe
  2⤵
  PID:9236
- C:\Windows\System\EOkolRx.exe
  C:\Windows\System\EOkolRx.exe
  2⤵
  PID:9312
- C:\Windows\System\vAtlrpf.exe
  C:\Windows\System\vAtlrpf.exe
  2⤵
  PID:9344
- C:\Windows\System\QzeXmLu.exe
  C:\Windows\System\QzeXmLu.exe
  2⤵
  PID:9408
- C:\Windows\System\yHIabUs.exe
  C:\Windows\System\yHIabUs.exe
  2⤵
  PID:9484
- C:\Windows\System\VcBgUmi.exe
  C:\Windows\System\VcBgUmi.exe
  2⤵
  PID:9532
- C:\Windows\System\vZBIwne.exe
  C:\Windows\System\vZBIwne.exe
  2⤵
  PID:9556
- C:\Windows\System\lIALwut.exe
  C:\Windows\System\lIALwut.exe
  2⤵
  PID:9660
- C:\Windows\System\OeiOqqo.exe
  C:\Windows\System\OeiOqqo.exe
  2⤵
  PID:9792
- C:\Windows\System\oEKheNx.exe
  C:\Windows\System\oEKheNx.exe
  2⤵
  PID:9784
- C:\Windows\System\IbyeqyO.exe
  C:\Windows\System\IbyeqyO.exe
  2⤵
  PID:9860
- C:\Windows\System\FjNMKjR.exe
  C:\Windows\System\FjNMKjR.exe
  2⤵
  PID:9904
- C:\Windows\System\ZRJsZQw.exe
  C:\Windows\System\ZRJsZQw.exe
  2⤵
  PID:9980
- C:\Windows\System\ewCjqkG.exe
  C:\Windows\System\ewCjqkG.exe
  2⤵
  PID:10064
- C:\Windows\System\yhgTgZQ.exe
  C:\Windows\System\yhgTgZQ.exe
  2⤵
  PID:10132
- C:\Windows\System\QXgrvla.exe
  C:\Windows\System\QXgrvla.exe
  2⤵
  PID:10156
- C:\Windows\System\FIIXlus.exe
  C:\Windows\System\FIIXlus.exe
  2⤵
  PID:10196
- C:\Windows\System\OkTRmYT.exe
  C:\Windows\System\OkTRmYT.exe
  2⤵
  PID:9264
- C:\Windows\System\oyLUAYV.exe
  C:\Windows\System\oyLUAYV.exe
  2⤵
  PID:9392
- C:\Windows\System\OtXPVEJ.exe
  C:\Windows\System\OtXPVEJ.exe
  2⤵
  PID:9548
- C:\Windows\System\LyrNVyh.exe
  C:\Windows\System\LyrNVyh.exe
  2⤵
  PID:9828
- C:\Windows\System\QMFIqhh.exe
  C:\Windows\System\QMFIqhh.exe
  2⤵
  PID:9952
- C:\Windows\System\SqvwSlM.exe
  C:\Windows\System\SqvwSlM.exe
  2⤵
  PID:10072
- C:\Windows\System\HgOqLaJ.exe
  C:\Windows\System\HgOqLaJ.exe
  2⤵
  PID:9308
- C:\Windows\System\pmhPhgy.exe
  C:\Windows\System\pmhPhgy.exe
  2⤵
  PID:9744
- C:\Windows\System\HCcNGkt.exe
  C:\Windows\System\HCcNGkt.exe
  2⤵
  PID:9880
- C:\Windows\System\aQMKhpn.exe
  C:\Windows\System\aQMKhpn.exe
  2⤵
  PID:9520
- C:\Windows\System\QFkiIyG.exe
  C:\Windows\System\QFkiIyG.exe
  2⤵
  PID:10208
- C:\Windows\System\tJAzNCG.exe
  C:\Windows\System\tJAzNCG.exe
  2⤵
  PID:10272
- C:\Windows\System\dCxnyQW.exe
  C:\Windows\System\dCxnyQW.exe
  2⤵
  PID:10288
- C:\Windows\System\lKIwZJA.exe
  C:\Windows\System\lKIwZJA.exe
  2⤵
  PID:10320
- C:\Windows\System\nqJcolJ.exe
  C:\Windows\System\nqJcolJ.exe
  2⤵
  PID:10336
- C:\Windows\System\VAWAYXd.exe
  C:\Windows\System\VAWAYXd.exe
  2⤵
  PID:10368
- C:\Windows\System\vYwYUdJ.exe
  C:\Windows\System\vYwYUdJ.exe
  2⤵
  PID:10400
- C:\Windows\System\QEePVsA.exe
  C:\Windows\System\QEePVsA.exe
  2⤵
  PID:10416
- C:\Windows\System\DJLnRCV.exe
  C:\Windows\System\DJLnRCV.exe
  2⤵
  PID:10444
- C:\Windows\System\FPwFPbV.exe
  C:\Windows\System\FPwFPbV.exe
  2⤵
  PID:10468
- C:\Windows\System\eVDSaPC.exe
  C:\Windows\System\eVDSaPC.exe
  2⤵
  PID:10512
- C:\Windows\System\dkAwquv.exe
  C:\Windows\System\dkAwquv.exe
  2⤵
  PID:10540
- C:\Windows\System\VPOGdmx.exe
  C:\Windows\System\VPOGdmx.exe
  2⤵
  PID:10560
- C:\Windows\System\GOTYhmq.exe
  C:\Windows\System\GOTYhmq.exe
  2⤵
  PID:10588
- C:\Windows\System\IfNxNvg.exe
  C:\Windows\System\IfNxNvg.exe
  2⤵
  PID:10624
- C:\Windows\System\NprDdqi.exe
  C:\Windows\System\NprDdqi.exe
  2⤵
  PID:10652
- C:\Windows\System\RjUayor.exe
  C:\Windows\System\RjUayor.exe
  2⤵
  PID:10680
- C:\Windows\System\TrwtKbZ.exe
  C:\Windows\System\TrwtKbZ.exe
  2⤵
  PID:10716
- C:\Windows\System\WthkoDX.exe
  C:\Windows\System\WthkoDX.exe
  2⤵
  PID:10736
- C:\Windows\System\sboFKVH.exe
  C:\Windows\System\sboFKVH.exe
  2⤵
  PID:10776
- C:\Windows\System\KQETcyv.exe
  C:\Windows\System\KQETcyv.exe
  2⤵
  PID:10796
- C:\Windows\System\EhHxwjI.exe
  C:\Windows\System\EhHxwjI.exe
  2⤵
  PID:10816
- C:\Windows\System\zQezWcv.exe
  C:\Windows\System\zQezWcv.exe
  2⤵
  PID:10832
- C:\Windows\System\cdZcMMh.exe
  C:\Windows\System\cdZcMMh.exe
  2⤵
  PID:10868
- C:\Windows\System\ojvMyNE.exe
  C:\Windows\System\ojvMyNE.exe
  2⤵
  PID:10888
- C:\Windows\System\tSWfsbK.exe
  C:\Windows\System\tSWfsbK.exe
  2⤵
  PID:10924
- C:\Windows\System\susxZug.exe
  C:\Windows\System\susxZug.exe
  2⤵
  PID:10948
- C:\Windows\System\dBUohfZ.exe
  C:\Windows\System\dBUohfZ.exe
  2⤵
  PID:10984
- C:\Windows\System\KANxiYA.exe
  C:\Windows\System\KANxiYA.exe
  2⤵
  PID:11020
- C:\Windows\System\aBFBCRA.exe
  C:\Windows\System\aBFBCRA.exe
  2⤵
  PID:11048
- C:\Windows\System\DTouEFq.exe
  C:\Windows\System\DTouEFq.exe
  2⤵
  PID:11076
- C:\Windows\System\TkkxjZP.exe
  C:\Windows\System\TkkxjZP.exe
  2⤵
  PID:11104
- C:\Windows\System\bTLDyEp.exe
  C:\Windows\System\bTLDyEp.exe
  2⤵
  PID:11140
- C:\Windows\System\bKKyRHD.exe
  C:\Windows\System\bKKyRHD.exe
  2⤵
  PID:11172
- C:\Windows\System\npaFhtl.exe
  C:\Windows\System\npaFhtl.exe
  2⤵
  PID:11204
- C:\Windows\System\oOuoGNi.exe
  C:\Windows\System\oOuoGNi.exe
  2⤵
  PID:11232
- C:\Windows\System\GktgBpc.exe
  C:\Windows\System\GktgBpc.exe
  2⤵
  PID:10008
- C:\Windows\System\UcuiWiX.exe
  C:\Windows\System\UcuiWiX.exe
  2⤵
  PID:10300
- C:\Windows\System\KhRDVQJ.exe
  C:\Windows\System\KhRDVQJ.exe
  2⤵
  PID:10392
- C:\Windows\System\DndAySq.exe
  C:\Windows\System\DndAySq.exe
  2⤵
  PID:10464
- C:\Windows\System\MQPqoyS.exe
  C:\Windows\System\MQPqoyS.exe
  2⤵
  PID:10488
- C:\Windows\System\EgIrmHP.exe
  C:\Windows\System\EgIrmHP.exe
  2⤵
  PID:10584
- C:\Windows\System\YHvxlBn.exe
  C:\Windows\System\YHvxlBn.exe
  2⤵
  PID:10620
- C:\Windows\System\oGmIgSe.exe
  C:\Windows\System\oGmIgSe.exe
  2⤵
  PID:10668
- C:\Windows\System\TcEiSov.exe
  C:\Windows\System\TcEiSov.exe
  2⤵
  PID:10804
- C:\Windows\System\ypXmkFM.exe
  C:\Windows\System\ypXmkFM.exe
  2⤵
  PID:10940
- C:\Windows\System\PTMPaPy.exe
  C:\Windows\System\PTMPaPy.exe
  2⤵
  PID:11016
- C:\Windows\System\WDJHnWu.exe
  C:\Windows\System\WDJHnWu.exe
  2⤵
  PID:11124
- C:\Windows\System\wZgHPho.exe
  C:\Windows\System\wZgHPho.exe
  2⤵
  PID:11184
- C:\Windows\System\WXyzvKg.exe
  C:\Windows\System\WXyzvKg.exe
  2⤵
  PID:11224
- C:\Windows\System\hZlefoz.exe
  C:\Windows\System\hZlefoz.exe
  2⤵
  PID:10352
- C:\Windows\System\jwzfnsP.exe
  C:\Windows\System\jwzfnsP.exe
  2⤵
  PID:10380
- C:\Windows\System\fsegWaE.exe
  C:\Windows\System\fsegWaE.exe
  2⤵
  PID:10992
- C:\Windows\System\FtopPBV.exe
  C:\Windows\System\FtopPBV.exe
  2⤵
  PID:10640
- C:\Windows\System\GFVOHlt.exe
  C:\Windows\System\GFVOHlt.exe
  2⤵
  PID:10912
- C:\Windows\System\zRgoOhU.exe
  C:\Windows\System\zRgoOhU.exe
  2⤵
  PID:11256
- C:\Windows\System\KUGemGt.exe
  C:\Windows\System\KUGemGt.exe
  2⤵
  PID:10440
- C:\Windows\System\OSLmYUK.exe
  C:\Windows\System\OSLmYUK.exe
  2⤵
  PID:10756
- C:\Windows\System\uSYGcpy.exe
  C:\Windows\System\uSYGcpy.exe
  2⤵
  PID:10568
- C:\Windows\System\AyjgNbV.exe
  C:\Windows\System\AyjgNbV.exe
  2⤵
  PID:11128
- C:\Windows\System\IcWmbov.exe
  C:\Windows\System\IcWmbov.exe
  2⤵
  PID:11280
- C:\Windows\System\KkxhXXY.exe
  C:\Windows\System\KkxhXXY.exe
  2⤵
  PID:11304
- C:\Windows\System\MeuYCSl.exe
  C:\Windows\System\MeuYCSl.exe
  2⤵
  PID:11332
- C:\Windows\System\yHsXLVq.exe
  C:\Windows\System\yHsXLVq.exe
  2⤵
  PID:11360
- C:\Windows\System\nuVWzbi.exe
  C:\Windows\System\nuVWzbi.exe
  2⤵
  PID:11392
- C:\Windows\System\ZnCbchS.exe
  C:\Windows\System\ZnCbchS.exe
  2⤵
  PID:11428
- C:\Windows\System\KFFTXja.exe
  C:\Windows\System\KFFTXja.exe
  2⤵
  PID:11468
- C:\Windows\System\hfhUdiH.exe
  C:\Windows\System\hfhUdiH.exe
  2⤵
  PID:11504
- C:\Windows\System\uHlWxXk.exe
  C:\Windows\System\uHlWxXk.exe
  2⤵
  PID:11536
- C:\Windows\System\LnHEugq.exe
  C:\Windows\System\LnHEugq.exe
  2⤵
  PID:11580
- C:\Windows\System\QIEpHxk.exe
  C:\Windows\System\QIEpHxk.exe
  2⤵
  PID:11624
- C:\Windows\System\SSrLrdK.exe
  C:\Windows\System\SSrLrdK.exe
  2⤵
  PID:11656
- C:\Windows\System\ckBzZEX.exe
  C:\Windows\System\ckBzZEX.exe
  2⤵
  PID:11700
- C:\Windows\System\YPqwdmC.exe
  C:\Windows\System\YPqwdmC.exe
  2⤵
  PID:11720
- C:\Windows\System\ZJJzPFl.exe
  C:\Windows\System\ZJJzPFl.exe
  2⤵
  PID:11748
- C:\Windows\System\VlDiJqP.exe
  C:\Windows\System\VlDiJqP.exe
  2⤵
  PID:11768
- C:\Windows\System\vgKlUus.exe
  C:\Windows\System\vgKlUus.exe
  2⤵
  PID:11792
- C:\Windows\System\uzQhVjQ.exe
  C:\Windows\System\uzQhVjQ.exe
  2⤵
  PID:11820
- C:\Windows\System\gtILvgn.exe
  C:\Windows\System\gtILvgn.exe
  2⤵
  PID:11848
- C:\Windows\System\HOykCUO.exe
  C:\Windows\System\HOykCUO.exe
  2⤵
  PID:11884
- C:\Windows\System\GeBkxgm.exe
  C:\Windows\System\GeBkxgm.exe
  2⤵
  PID:11908
- C:\Windows\System\fuJoVYa.exe
  C:\Windows\System\fuJoVYa.exe
  2⤵
  PID:11944
- C:\Windows\System\jAmebYn.exe
  C:\Windows\System\jAmebYn.exe
  2⤵
  PID:11984
- C:\Windows\System\ZwoqmTE.exe
  C:\Windows\System\ZwoqmTE.exe
  2⤵
  PID:12012
- C:\Windows\System\rMExKPg.exe
  C:\Windows\System\rMExKPg.exe
  2⤵
  PID:12040
- C:\Windows\System\neqeSgR.exe
  C:\Windows\System\neqeSgR.exe
  2⤵
  PID:12056
- C:\Windows\System\nGDLbCi.exe
  C:\Windows\System\nGDLbCi.exe
  2⤵
  PID:12092
- C:\Windows\System\FsZisWv.exe
  C:\Windows\System\FsZisWv.exe
  2⤵
  PID:12120
- C:\Windows\System\ctjMoen.exe
  C:\Windows\System\ctjMoen.exe
  2⤵
  PID:12140
- C:\Windows\System\CVgyOty.exe
  C:\Windows\System\CVgyOty.exe
  2⤵
  PID:12180
- C:\Windows\System\pNzHksG.exe
  C:\Windows\System\pNzHksG.exe
  2⤵
  PID:12196
- C:\Windows\System\SeKPafN.exe
  C:\Windows\System\SeKPafN.exe
  2⤵
  PID:12220
- C:\Windows\System\aVaFbFb.exe
  C:\Windows\System\aVaFbFb.exe
  2⤵
  PID:12260
- C:\Windows\System\QBiAujk.exe
  C:\Windows\System\QBiAujk.exe
  2⤵
  PID:12284
- C:\Windows\System\hxKeqGk.exe
  C:\Windows\System\hxKeqGk.exe
  2⤵
  PID:11300
- C:\Windows\System\flkyacz.exe
  C:\Windows\System\flkyacz.exe
  2⤵
  PID:11276
- C:\Windows\System\URXlgPV.exe
  C:\Windows\System\URXlgPV.exe
  2⤵
  PID:11464
- C:\Windows\System\bRweqgR.exe
  C:\Windows\System\bRweqgR.exe
  2⤵
  PID:11524
- C:\Windows\System\WnTTNcj.exe
  C:\Windows\System\WnTTNcj.exe
  2⤵
  PID:11452
- C:\Windows\System\xtcxIlH.exe
  C:\Windows\System\xtcxIlH.exe
  2⤵
  PID:11500
- C:\Windows\System\XpUoFIq.exe
  C:\Windows\System\XpUoFIq.exe
  2⤵
  PID:11556
- C:\Windows\System\JPJtlkY.exe
  C:\Windows\System\JPJtlkY.exe
  2⤵
  PID:11708
- C:\Windows\System\BapbYBc.exe
  C:\Windows\System\BapbYBc.exe
  2⤵
  PID:11776
- C:\Windows\System\pIlOCCD.exe
  C:\Windows\System\pIlOCCD.exe
  2⤵
  PID:11872
- C:\Windows\System\WyfHCsr.exe
  C:\Windows\System\WyfHCsr.exe
  2⤵
  PID:11968
- C:\Windows\System\MAUILXX.exe
  C:\Windows\System\MAUILXX.exe
  2⤵
  PID:12000
- C:\Windows\System\mHAWTqL.exe
  C:\Windows\System\mHAWTqL.exe
  2⤵
  PID:12032
- C:\Windows\System\jwNCqXO.exe
  C:\Windows\System\jwNCqXO.exe
  2⤵
  PID:4320
- C:\Windows\System\ofMhOjQ.exe
  C:\Windows\System\ofMhOjQ.exe
  2⤵
  PID:12116
- C:\Windows\System\bYdcteZ.exe
  C:\Windows\System\bYdcteZ.exe
  2⤵
  PID:12164
- C:\Windows\System\ELgiOWT.exe
  C:\Windows\System\ELgiOWT.exe
  2⤵
  PID:12252
- C:\Windows\System\fikfMbU.exe
  C:\Windows\System\fikfMbU.exe
  2⤵
  PID:10856
- C:\Windows\System\ggxPqlL.exe
  C:\Windows\System\ggxPqlL.exe
  2⤵
  PID:11416
- C:\Windows\System\uUvpaZn.exe
  C:\Windows\System\uUvpaZn.exe
  2⤵
  PID:11056
- C:\Windows\System\AoVCdsu.exe
  C:\Windows\System\AoVCdsu.exe
  2⤵
  PID:11668
- C:\Windows\System\hwsdslS.exe
  C:\Windows\System\hwsdslS.exe
  2⤵
  PID:11860
- C:\Windows\System\hYAkfcA.exe
  C:\Windows\System\hYAkfcA.exe
  2⤵
  PID:12080
- C:\Windows\System\yLSIsTD.exe
  C:\Windows\System\yLSIsTD.exe
  2⤵
  PID:12172
- C:\Windows\System\saVtqsk.exe
  C:\Windows\System\saVtqsk.exe
  2⤵
  PID:12276
- C:\Windows\System\qLedMnW.exe
  C:\Windows\System\qLedMnW.exe
  2⤵
  PID:11640
- C:\Windows\System\LEiOVyJ.exe
  C:\Windows\System\LEiOVyJ.exe
  2⤵
  PID:11832
- C:\Windows\System\ZALnNjF.exe
  C:\Windows\System\ZALnNjF.exe
  2⤵
  PID:10308
- C:\Windows\System\DvqMguR.exe
  C:\Windows\System\DvqMguR.exe
  2⤵
  PID:12068
- C:\Windows\System\LHYGqYy.exe
  C:\Windows\System\LHYGqYy.exe
  2⤵
  PID:12296
- C:\Windows\System\YSbugvz.exe
  C:\Windows\System\YSbugvz.exe
  2⤵
  PID:12324
- C:\Windows\System\cQzdVZr.exe
  C:\Windows\System\cQzdVZr.exe
  2⤵
  PID:12352
- C:\Windows\System\quFsJGs.exe
  C:\Windows\System\quFsJGs.exe
  2⤵
  PID:12380
- C:\Windows\System\GaUNdWH.exe
  C:\Windows\System\GaUNdWH.exe
  2⤵
  PID:12404
- C:\Windows\System\jYMOpjS.exe
  C:\Windows\System\jYMOpjS.exe
  2⤵
  PID:12428
- C:\Windows\System\onojpAc.exe
  C:\Windows\System\onojpAc.exe
  2⤵
  PID:12452
- C:\Windows\System\SmNqiDP.exe
  C:\Windows\System\SmNqiDP.exe
  2⤵
  PID:12484
- C:\Windows\System\SMHpMWH.exe
  C:\Windows\System\SMHpMWH.exe
  2⤵
  PID:12504
- C:\Windows\System\kwJYgaZ.exe
  C:\Windows\System\kwJYgaZ.exe
  2⤵
  PID:12540
- C:\Windows\System\zeZCIwu.exe
  C:\Windows\System\zeZCIwu.exe
  2⤵
  PID:12560
- C:\Windows\System\SRHRKkQ.exe
  C:\Windows\System\SRHRKkQ.exe
  2⤵
  PID:12584
- C:\Windows\System\CHNINyO.exe
  C:\Windows\System\CHNINyO.exe
  2⤵
  PID:12600
- C:\Windows\System\aEttctZ.exe
  C:\Windows\System\aEttctZ.exe
  2⤵
  PID:12632
- C:\Windows\System\iigPsGi.exe
  C:\Windows\System\iigPsGi.exe
  2⤵
  PID:12668
- C:\Windows\System\mnmjykW.exe
  C:\Windows\System\mnmjykW.exe
  2⤵
  PID:12704
- C:\Windows\System\WzlnPFf.exe
  C:\Windows\System\WzlnPFf.exe
  2⤵
  PID:12736
- C:\Windows\System\PBqgBTq.exe
  C:\Windows\System\PBqgBTq.exe
  2⤵
  PID:12764
- C:\Windows\System\oUAgcgD.exe
  C:\Windows\System\oUAgcgD.exe
  2⤵
  PID:12792
- C:\Windows\System\SndjFXK.exe
  C:\Windows\System\SndjFXK.exe
  2⤵
  PID:12816
- C:\Windows\System\fOplNjt.exe
  C:\Windows\System\fOplNjt.exe
  2⤵
  PID:12836
- C:\Windows\System\BxlfgRd.exe
  C:\Windows\System\BxlfgRd.exe
  2⤵
  PID:12876
- C:\Windows\System\fsmGxdK.exe
  C:\Windows\System\fsmGxdK.exe
  2⤵
  PID:12904
- C:\Windows\System\vPAfQtc.exe
  C:\Windows\System\vPAfQtc.exe
  2⤵
  PID:12924
- C:\Windows\System\UmmxVna.exe
  C:\Windows\System\UmmxVna.exe
  2⤵
  PID:12960
- C:\Windows\System\PLwDZtk.exe
  C:\Windows\System\PLwDZtk.exe
  2⤵
  PID:12976
- C:\Windows\System\zgXYWTW.exe
  C:\Windows\System\zgXYWTW.exe
  2⤵
  PID:13000
- C:\Windows\System\znChujw.exe
  C:\Windows\System\znChujw.exe
  2⤵
  PID:13028
- C:\Windows\System\xxQEZcI.exe
  C:\Windows\System\xxQEZcI.exe
  2⤵
  PID:13048
- C:\Windows\System\SXxlhtN.exe
  C:\Windows\System\SXxlhtN.exe
  2⤵
  PID:13100
- C:\Windows\System\qPrteds.exe
  C:\Windows\System\qPrteds.exe
  2⤵
  PID:13116
- C:\Windows\System\iDqEQPS.exe
  C:\Windows\System\iDqEQPS.exe
  2⤵
  PID:13144
- C:\Windows\System\vjrMkRe.exe
  C:\Windows\System\vjrMkRe.exe
  2⤵
  PID:13172
- C:\Windows\System\mpnlkGw.exe
  C:\Windows\System\mpnlkGw.exe
  2⤵
  PID:13196
- C:\Windows\System\aLxgBUt.exe
  C:\Windows\System\aLxgBUt.exe
  2⤵
  PID:13232
- C:\Windows\System\jnCzfeJ.exe
  C:\Windows\System\jnCzfeJ.exe
  2⤵
  PID:13268
- C:\Windows\System\mhswdzR.exe
  C:\Windows\System\mhswdzR.exe
  2⤵
  PID:13288
- C:\Windows\System\nDZteEp.exe
  C:\Windows\System\nDZteEp.exe
  2⤵
  PID:12292
- C:\Windows\System\RTeRzpk.exe
  C:\Windows\System\RTeRzpk.exe
  2⤵
  PID:12396
- C:\Windows\System\EIJQeog.exe
  C:\Windows\System\EIJQeog.exe
  2⤵
  PID:12476
- C:\Windows\System\TZDDRtt.exe
  C:\Windows\System\TZDDRtt.exe
  2⤵
  PID:3116
- C:\Windows\System\CcWIiCR.exe
  C:\Windows\System\CcWIiCR.exe
  2⤵
  PID:12552
- C:\Windows\System\XSzySBk.exe
  C:\Windows\System\XSzySBk.exe
  2⤵
  PID:12648
- C:\Windows\System\mvyyWac.exe
  C:\Windows\System\mvyyWac.exe
  2⤵
  PID:12720
- C:\Windows\System\rgwsYMb.exe
  C:\Windows\System\rgwsYMb.exe
  2⤵
  PID:12756
- C:\Windows\System\pEUyfUz.exe
  C:\Windows\System\pEUyfUz.exe
  2⤵
  PID:12828
- C:\Windows\System\UGsJlzi.exe
  C:\Windows\System\UGsJlzi.exe
  2⤵
  PID:12932
- C:\Windows\System\DHrqDrx.exe
  C:\Windows\System\DHrqDrx.exe
  2⤵
  PID:12968
- C:\Windows\System\rWVhIHO.exe
  C:\Windows\System\rWVhIHO.exe
  2⤵
  PID:13044
- C:\Windows\System\sBYbviv.exe
  C:\Windows\System\sBYbviv.exe
  2⤵
  PID:13136
- C:\Windows\System\RfaIWti.exe
  C:\Windows\System\RfaIWti.exe
  2⤵
  PID:13160
- C:\Windows\System\yMOyQlA.exe
  C:\Windows\System\yMOyQlA.exe
  2⤵
  PID:13208
- C:\Windows\System\nDPkjMP.exe
  C:\Windows\System\nDPkjMP.exe
  2⤵
  PID:3616
- C:\Windows\System\pHXBgoX.exe
  C:\Windows\System\pHXBgoX.exe
  2⤵
  PID:12344
- C:\Windows\System\arwcHpE.exe
  C:\Windows\System\arwcHpE.exe
  2⤵
  PID:12576
- C:\Windows\System\hlZxEhi.exe
  C:\Windows\System\hlZxEhi.exe
  2⤵
  PID:12652
- C:\Windows\System\EIDdJJu.exe
  C:\Windows\System\EIDdJJu.exe
  2⤵
  PID:12788
- C:\Windows\System\LeqgEiH.exe
  C:\Windows\System\LeqgEiH.exe
  2⤵
  PID:13024
- C:\Windows\System\timVcUA.exe
  C:\Windows\System\timVcUA.exe
  2⤵
  PID:1600
- C:\Windows\System\vRnKduG.exe
  C:\Windows\System\vRnKduG.exe
  2⤵
  PID:13284
- C:\Windows\System\vzcpUqu.exe
  C:\Windows\System\vzcpUqu.exe
  2⤵
  PID:12512
- C:\Windows\System\xtVgggu.exe
  C:\Windows\System\xtVgggu.exe
  2⤵
  PID:12896
- C:\Windows\System\SZfsvuq.exe
  C:\Windows\System\SZfsvuq.exe
  2⤵
  PID:13088
- C:\Windows\System\mWuFsLO.exe
  C:\Windows\System\mWuFsLO.exe
  2⤵
  PID:12640
- C:\Windows\System\XIDSzwz.exe
  C:\Windows\System\XIDSzwz.exe
  2⤵
  PID:13332
- C:\Windows\System\HTkZHye.exe
  C:\Windows\System\HTkZHye.exe
  2⤵
  PID:13348
- C:\Windows\System\fLTCJBe.exe
  C:\Windows\System\fLTCJBe.exe
  2⤵
  PID:13376
- C:\Windows\System\xHyuMNr.exe
  C:\Windows\System\xHyuMNr.exe
  2⤵
  PID:13408
- C:\Windows\System\RDEKFXi.exe
  C:\Windows\System\RDEKFXi.exe
  2⤵
  PID:13432
- C:\Windows\System\cKCxayn.exe
  C:\Windows\System\cKCxayn.exe
  2⤵
  PID:13452
- C:\Windows\System\ODaqrQU.exe
  C:\Windows\System\ODaqrQU.exe
  2⤵
  PID:13480
- C:\Windows\System\aLkVhsO.exe
  C:\Windows\System\aLkVhsO.exe
  2⤵
  PID:13516
- C:\Windows\System\xfMQqty.exe
  C:\Windows\System\xfMQqty.exe
  2⤵
  PID:13536
- C:\Windows\System\hWZOUFA.exe
  C:\Windows\System\hWZOUFA.exe
  2⤵
  PID:13564
- C:\Windows\System\blORJiL.exe
  C:\Windows\System\blORJiL.exe
  2⤵
  PID:13600
- C:\Windows\System\xmPKguk.exe
  C:\Windows\System\xmPKguk.exe
  2⤵
  PID:13620
- C:\Windows\System\tmvzFAx.exe
  C:\Windows\System\tmvzFAx.exe
  2⤵
  PID:13636
- C:\Windows\System\JVTUrIg.exe
  C:\Windows\System\JVTUrIg.exe
  2⤵
  PID:13664
- C:\Windows\System\HkPmwDM.exe
  C:\Windows\System\HkPmwDM.exe
  2⤵
  PID:13692
- C:\Windows\System\PoxXeXs.exe
  C:\Windows\System\PoxXeXs.exe
  2⤵
  PID:13724
- C:\Windows\System\FNtdxef.exe
  C:\Windows\System\FNtdxef.exe
  2⤵
  PID:13752
- C:\Windows\System\vPiKehe.exe
  C:\Windows\System\vPiKehe.exe
  2⤵
  PID:13784
- C:\Windows\System\yOOITGS.exe
  C:\Windows\System\yOOITGS.exe
  2⤵
  PID:13812
- C:\Windows\System\AigstUx.exe
  C:\Windows\System\AigstUx.exe
  2⤵
  PID:13848
- C:\Windows\System\PtoRIKG.exe
  C:\Windows\System\PtoRIKG.exe
  2⤵
  PID:13880
- C:\Windows\System\oUPweOM.exe
  C:\Windows\System\oUPweOM.exe
  2⤵
  PID:13896
- C:\Windows\System\OhLVufo.exe
  C:\Windows\System\OhLVufo.exe
  2⤵
  PID:13936
- C:\Windows\System\SbeMaqc.exe
  C:\Windows\System\SbeMaqc.exe
  2⤵
  PID:13964
- C:\Windows\System\opTpznr.exe
  C:\Windows\System\opTpznr.exe
  2⤵
  PID:14000
- C:\Windows\System\OEBlpDB.exe
  C:\Windows\System\OEBlpDB.exe
  2⤵
  PID:14024
- C:\Windows\System\UDCsmBo.exe
  C:\Windows\System\UDCsmBo.exe
  2⤵
  PID:14056
- C:\Windows\System\QSbAkKX.exe
  C:\Windows\System\QSbAkKX.exe
  2⤵
  PID:14088
- C:\Windows\System\cZQagDP.exe
  C:\Windows\System\cZQagDP.exe
  2⤵
  PID:14104
- C:\Windows\System\gWBExLA.exe
  C:\Windows\System\gWBExLA.exe
  2⤵
  PID:14132
- C:\Windows\System\xXBLKYI.exe
  C:\Windows\System\xXBLKYI.exe
  2⤵
  PID:14172
- C:\Windows\System\ZDVZdGx.exe
  C:\Windows\System\ZDVZdGx.exe
  2⤵
  PID:14200
- C:\Windows\System\GcxnASb.exe
  C:\Windows\System\GcxnASb.exe
  2⤵
  PID:14216
- C:\Windows\System\xvAcDQc.exe
  C:\Windows\System\xvAcDQc.exe
  2⤵
  PID:14256
- C:\Windows\System\mZyCDga.exe
  C:\Windows\System\mZyCDga.exe
  2⤵
  PID:14284
- C:\Windows\System\PvhaPkq.exe
  C:\Windows\System\PvhaPkq.exe
  2⤵
  PID:14300
- C:\Windows\System\tIgVuTm.exe
  C:\Windows\System\tIgVuTm.exe
  2⤵
  PID:12348
- C:\Windows\System\HSOeDoi.exe
  C:\Windows\System\HSOeDoi.exe
  2⤵
  PID:13328
- C:\Windows\System\brIMqHZ.exe
  C:\Windows\System\brIMqHZ.exe
  2⤵
  PID:13424
- C:\Windows\System\xrHxktq.exe
  C:\Windows\System\xrHxktq.exe
  2⤵
  PID:13460
- C:\Windows\System\GltPBXv.exe
  C:\Windows\System\GltPBXv.exe
  2⤵
  PID:13524
- C:\Windows\System\RiUzQWH.exe
  C:\Windows\System\RiUzQWH.exe
  2⤵
  PID:13560
- C:\Windows\System\fiLYPdh.exe
  C:\Windows\System\fiLYPdh.exe
  2⤵
  PID:13628
- C:\Windows\System\HYWBDNv.exe
  C:\Windows\System\HYWBDNv.exe
  2⤵
  PID:13712
- C:\Windows\System\UaoWGyk.exe
  C:\Windows\System\UaoWGyk.exe
  2⤵
  PID:13804
- C:\Windows\System\UrHWPSs.exe
  C:\Windows\System\UrHWPSs.exe
  2⤵
  PID:13800
- C:\Windows\System\bDxlQsX.exe
  C:\Windows\System\bDxlQsX.exe
  2⤵
  PID:13928
- C:\Windows\System\bpJevEN.exe
  C:\Windows\System\bpJevEN.exe
  2⤵
  PID:14012
- C:\Windows\System\gNUGluB.exe
  C:\Windows\System\gNUGluB.exe
  2⤵
  PID:14076
- C:\Windows\System\wNslueo.exe
  C:\Windows\System\wNslueo.exe
  2⤵
  PID:14144
- C:\Windows\System\AoQZqXv.exe
  C:\Windows\System\AoQZqXv.exe
  2⤵
  PID:14208
- C:\Windows\System\RWexqya.exe
  C:\Windows\System\RWexqya.exe
  2⤵
  PID:14280
- C:\Windows\System\aAjQPSZ.exe
  C:\Windows\System\aAjQPSZ.exe
  2⤵
  PID:13324
- C:\Windows\System\fLUlqua.exe
  C:\Windows\System\fLUlqua.exe
  2⤵
  PID:13472
- C:\Windows\System\YNadxRX.exe
  C:\Windows\System\YNadxRX.exe
  2⤵
  PID:13572
- C:\Windows\System\KFQwATB.exe
  C:\Windows\System\KFQwATB.exe
  2⤵
  PID:13700
- C:\Windows\System\UNRaUkO.exe
  C:\Windows\System\UNRaUkO.exe
  2⤵
  PID:13840
- C:\Windows\System\gOsHHMn.exe
  C:\Windows\System\gOsHHMn.exe
  2⤵
  PID:13984
- C:\Windows\System\oFloYDi.exe
  C:\Windows\System\oFloYDi.exe
  2⤵
  PID:14184
- C:\Windows\System\TvXELTx.exe
  C:\Windows\System\TvXELTx.exe
  2⤵
  PID:13392
- C:\Windows\System\ADWwJdM.exe
  C:\Windows\System\ADWwJdM.exe
  2⤵
  PID:13868
- C:\Windows\System\YiaQGuf.exe
  C:\Windows\System\YiaQGuf.exe
  2⤵
  PID:13796
- C:\Windows\System\flcwLCK.exe
  C:\Windows\System\flcwLCK.exe
  2⤵
  PID:912
- C:\Windows\System\tEBiWYa.exe
  C:\Windows\System\tEBiWYa.exe
  2⤵
  PID:14052
- C:\Windows\System\QqcbfCj.exe
  C:\Windows\System\QqcbfCj.exe
  2⤵
  PID:4736
- C:\Windows\System\WbSkqqy.exe
  C:\Windows\System\WbSkqqy.exe
  2⤵
  PID:13556

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AJQAaVy.exe

Filesize
2.4MB

MD5
1b67f19add5bb0817c3638c23126b410

SHA1
0e0f3d27f3fe8d5e47bce2c5c2ad04fdc786d8c8

SHA256
4debf8e39b26770a26d8a548502ca7a986d91e4c3ed7d9f0585700ce64256c40

SHA512
700ebcceca9fee1cf97e31deff62783bb94a404d7437860f148df03509e8ffeab79dd0bb0f8d968bd57e333e24dab0192a6020e0be83c7bca278bac2c3e125b7

Download Submit
C:\Windows\System\BJcMsFA.exe

Filesize
2.4MB

MD5
33f81f799e29d05f9ff5f2c1859a9c04

SHA1
e9797195a1a44fcecae1d137dfe28ecdaea1973b

SHA256
5b0f8de75aa92bc2bbcc7724d086e1f719429458711aadbda75f6bdc216e9c24

SHA512
3ec6b241d5d81a55eabfb75e6477c9f4557ff4f915c398eae7b83e7737cd1d988197f33d6862e6496d7edb241076f947e581176bff10f7022d589e4386ce9390

Download Submit
C:\Windows\System\BVWwgBn.exe

Filesize
2.4MB

MD5
f5cfdded4687bc0453396aba30708b4a

SHA1
bb863beddbf31928c821fc822c8622637bc62e66

SHA256
60fe3e6628228d4db36a20d6fa722f2b50c4f69ac05eb45bf780e028b532551a

SHA512
27df2bc1c02905fc9970f40501af7ef7230f56c16fde491ce9f36f5fa0fa60df08cc809904d27a1851a71b31af163554b5add571fa90c60fafdf050ddde0707e

Download Submit
C:\Windows\System\DDobbRb.exe

Filesize
2.4MB

MD5
be118957c9c6c8f65cc508e5ea4e820a

SHA1
7138391e904a66018ade31728cbf9ff7a806f74a

SHA256
40316874cb72eb8cd8279c9f1ea241b371e7ad3a82df826cc12680380e34ba48

SHA512
6abe63c43f202174df29599f7054a9a7337e2e742a93cff262431b886de3b7e6f2d33e4c289491aca6b3726e6ef27e037a8fdbe29cbfa3c3ca990deab5b25c19

Download Submit
C:\Windows\System\EppcUaW.exe

Filesize
2.4MB

MD5
cc242785f49a033b25835f9e4f4c4a3b

SHA1
bb9cd18bcf51feb1b387c6d9ffb0c54b1a2431f3

SHA256
7a87e9dc089c1564f68321ed2c0bf3b0015c2a97933197052846440c80f457ba

SHA512
533d5e601e73fbb513ba10424afb758bb7425a2844dc123f70e936788c309b973096756633cdb16d1a7d40398f2e71eab245c1d968e3ac370ecb4fe81b402fc2

Download Submit
C:\Windows\System\ExnJoyo.exe

Filesize
2.4MB

MD5
da517d1e789b1ebba4a507f5bee98695

SHA1
b3038b211ae0e91c5ef7bc56177e0350410929be

SHA256
5c60208e60466e2217e2c91ab4fe2b0db3565528685821300773fac312e60ba9

SHA512
2d1b30c36009b382b7a9ad6d84b7b37826cfacc5922b862f9ac89f1276ba1091af649c66ecec45cdf63c4bb9825f4b1f77ab4ad171c236e632a13e566fcbc251

Download Submit
C:\Windows\System\IXnbTfl.exe

Filesize
2.4MB

MD5
a9d1d1e7a6b1ad37565664a2ce456138

SHA1
cf3803c1cdb0e88439e9da17d6b960c251b9fe0c

SHA256
bffc5324b1dcd435666730e0f0e025c53bd9354f256af5aa4f81fb04aec68bd0

SHA512
84f2c15aa13fb3daea832ca3d34860528968b41913be14270c781d429910ebf43288e0558c3b0319bb0299e2f24dba1fe28fc0beba6a48399ed0f23fdeba2332

Download Submit
C:\Windows\System\IyspFTi.exe

Filesize
2.4MB

MD5
608236aa13ee93f53da5a8d54743f2fb

SHA1
a7b24a96186b26ad6dbc9f7a7352ab418414ddf5

SHA256
a069b7bb3b0f5972fb6dd0974548e3ea0a77db7fa129e994c50e1d3f71c27a37

SHA512
6683ef83d7ad1ebd5ccd84af526acf844ac45ee3790fb63f842082c885cb097b84a27bca0c87762c674313050bbce17661618621a035c546d5f1e345f85520b3

Download Submit
C:\Windows\System\JYPHkgj.exe

Filesize
2.4MB

MD5
45fa4667a0c8980e817c546e11966397

SHA1
48b8a45a7e4189192d35e9093caa6c242220800b

SHA256
9c511eb3007b43c41cb3f30103d8a59b21089b60b308ea2eb0be093089c30441

SHA512
5711e361a8c3bfa772b89ef0d41b4165d3626370884b61e422220faaef2f77a9718f59ea756ab4c7858ff74af64ac0f878f8abe466e248e06a2a678f1114928c

Download Submit
C:\Windows\System\KTwRUwm.exe

Filesize
2.4MB

MD5
ec20449fe0798c4c8fd86e31e70cc7b4

SHA1
c353e1097b0ce442ef94541aff62a87462077736

SHA256
798e248a28d31c4249013856348446afb551b393584cdb0bd712c81bb9c8ffb3

SHA512
adc71d88da63ee58a927c32830b991d6bcb5e9941af0a31940915e7d668c3dedf875923a76d9b474da69cd02950191f5ddeb49ec541578d6bbe10c447e7b493b

Download Submit
C:\Windows\System\NHmagAA.exe

Filesize
2.4MB

MD5
292b63ad88affcec5b617ff1867ed7ad

SHA1
d0f7e9242dc4523f7945ba736b451c15f8a95970

SHA256
66a2f8a639c625595bfd3b566e81173375aa4bb4e8b143fb19afe1554addb8de

SHA512
85ec59618b55417777ec3bb773753e5ac73b41d0e47703cdebc45ead70bbfab2a8edb243916ffe872527eac647f7db74f963583c503c1557692d7d1a4d7ad862

Download Submit
C:\Windows\System\OYWzelF.exe

Filesize
2.4MB

MD5
201e2dbd4a788adb67f602b944df8991

SHA1
d47233d89bd0e659887301640397fd410981235d

SHA256
0db766ea7425fbcb99c05e57dc0ae8a2a414c4b71fc483794a8433971b8dcb99

SHA512
7e4da9ed8e3357727f9afa7bde8ff0316b4f6f1152fc98d0a4cb28e8671053a6c012afb8f9d561db699e7ce1d21be5a5945de22029546934599f6bd933722f4c

Download Submit
C:\Windows\System\PCUbdsJ.exe

Filesize
2.4MB

MD5
b007581b34448b83f56234c2a9a0d418

SHA1
81ecf83705c9ef76a8d7874dc89747751da25bea

SHA256
d2df07138b2b78cd4381b1a5515fb20f48efd221928a5f5721de8306d51a6b2b

SHA512
13417b0a33c10cbb633553ad6b79599c770ce65ce5fd407f5b7bc6da78fa485ddb915207b67d82600e14a53a0b881abb883f8e0537046d277bb5fb70e6c2b7eb

Download Submit
C:\Windows\System\QjPbIFL.exe

Filesize
2.4MB

MD5
937b767fc172207efa0ce7b819881d7d

SHA1
5bec4f352431255771c9d78bfcee716d6362c538

SHA256
9920a2967fc6b65c74b3e0904209aeddea02f7a5e824a3fc808aaea177648775

SHA512
be9e9b12c0ad16348a254eb74683c03c99e9fdfc3d004042f87815bbc1e3c045c69de1931c2c2bcfb1e7d98584a458a951f1a25bba8536b10f3b060a23bcea17

Download Submit
C:\Windows\System\RyRGOyz.exe

Filesize
2.4MB

MD5
4d11834fcb56f77af6f435f39d3d9eef

SHA1
825520aaad579827250f8341fb4c3491ab33efd4

SHA256
f838c079858438f95c94b9a77701c51277c5035c40c6166d70bc2cb234a087a6

SHA512
56557612504d379883f3a2eddad26f55a29f882a8d134cba653a672b3591446818e4cc6f237005a78594eaef73a802fdd4893e43f70d1f08b5d5ce07b7406d0c

Download Submit
C:\Windows\System\TgeLrXY.exe

Filesize
2.4MB

MD5
6666b1a950014f348acca5c6bc73be4b

SHA1
082099f1610f90f4dd54a9954c6baaefa162e16b

SHA256
3816672ae2a1d1c996093af6dcb099f672ba9eb52eb57714017aa72eb4ca6742

SHA512
b86f400ab2c7da70f855df07ca69f685fc9b28c6cb012c21a7be299551826d6c6deeebdaba4547dfb8e3c061cf1a8193f3ef670b13da28667724b2376b5f6a22

Download Submit
C:\Windows\System\TyqsFqb.exe

Filesize
2.4MB

MD5
154c9780f153aef9df01f7d910ac36e3

SHA1
c002b9a04172b48f1975eab999cf7836ae0a15b5

SHA256
8a9f97a90be040c1e72353009c0a706dc5f4d2100d193dd64ce708b10cb4fbad

SHA512
a98f157a439bbe6e1543720bf577a0874d078d294c4a3e33756ba792941edc549fd8f53bc1a0e9da543b1345e1edaf9d0abf1134ba7e80744ae7976b1de8379e

Download Submit
C:\Windows\System\XjXILmR.exe

Filesize
2.4MB

MD5
35ff417d7d0d6b580ea42f89d96561c6

SHA1
31462fd5b983d40e62a86fa93a5ff39cb8b21476

SHA256
96d5fc31b3eef2218dec8cee6bff2138e0fbd6d19bc1920017e58963a9b935b3

SHA512
2d96e335a2a111a82ee48894e2bc94fb0038ae0f66267bf206aeb633c5e80a134d4caff3105d97bc087ffeb5e447a0fdc388dfa77493569a11150b795cda04f3

Download Submit
C:\Windows\System\ZBiVelZ.exe

Filesize
2.4MB

MD5
527b4f4d7c46c5b61ad24381f076ebca

SHA1
8c1345b282f086a08c967fcc97d0708e4ca147d4

SHA256
96eef9bfc74019373026778ac560d95e4b51e73d5bea8a31380515a4825d631a

SHA512
6c76db3e2d948c2cdceb61637db4bbfc4aa6f44af365eecb4f59437b078229ce54f91473d76ec0776ee3b74e8fd438b1bf5925eff52f1a46d6f26ff84749e7f6

Download Submit
C:\Windows\System\aXGEwob.exe

Filesize
2.4MB

MD5
6c4e2e6fc75f7fa51bc39c167c1551a7

SHA1
035dace351d719e65a547913e6a66065f89157c8

SHA256
68295c616ea49850bcb84cd78f2d762eeb4d891594904aef7d9845adab98e091

SHA512
a5029c298b8ddd8982be5c42bfca6e44ef1bbb8cd06ead78753def98a54ef473a9d69677b49bb64aed9810a85d752edf919d4fff551f786891e54b069ec07666

Download Submit
C:\Windows\System\bIXGSXa.exe

Filesize
2.4MB

MD5
226203c099b46752efda4c83a31c08af

SHA1
ce04a50c2fadb7f9b73bda8e14327463f6e18402

SHA256
130e419627304fc2cd37144c9fdc0e6558bdd64dc6f8adb5605731711c21b973

SHA512
cf77f538b50fb43c368dd9d11caeced4842f4ad06b5734140df8a387bf37eaf6c8dc10688d1eb35dd573d171089c4bc447639c4d000de036e07bba3a542f2617

Download Submit
C:\Windows\System\cXruatl.exe

Filesize
2.4MB

MD5
c971f7799d144ac98ed8dbe787df20a8

SHA1
f54f16c2b508db7762cd94b1ab76e5896805a76e

SHA256
03c1a26cc6b1d4771575201b9c669090fd15b995dc0f993c8a96a221f04c0de0

SHA512
b6be125b947991a0d61cabb7f213bf683ab61799678729de825354db2ffa4ac87c14fefa592d446ee26dd39387fce4ab4c4cd482777ad713ba6e235114ef43cd

Download Submit
C:\Windows\System\iEZjQPv.exe

Filesize
2.4MB

MD5
0ac777e3e58e83c606601b5899360756

SHA1
ff483a730b50540c88a41f7b6fef810af7a5dc8e

SHA256
ca1ce0bdbba68ec8f56bafb03a317631d00ed1b0675b8f746b381db7e24e90db

SHA512
d4e1569dc81e3e2c4cabe45bf69a9d9539d7bdefb934b2a34447af04db0c543397fd086eb9fb6988b5f0b044d053a5b52ddb8535c1707544a70f199e087ec631

Download Submit
C:\Windows\System\jWCOVEB.exe

Filesize
2.4MB

MD5
dfb1893457d46fef9463c015df97bb23

SHA1
4b1c7474c0561cd8e02d54c620365034563df50d

SHA256
bb3d6578b54cdf49fba15f74ee95716a5cc21f77feb4d769945a7719f8df1555

SHA512
f11463124d2c15c066e075f80222b009b44c842e4f8285b343ba1911a7a19137e1257ce7008ce36769906a01705d8c1504ba17fbc4c3f6616822fd27ea3f2d91

Download Submit
C:\Windows\System\jwpqLIL.exe

Filesize
2.4MB

MD5
c8870e95421bed7239f233d1718bd980

SHA1
9a3c6e7c288215c19c8863f375f8bc4a0af45508

SHA256
e3b79c8081040d3cd4c8b17c8673938c2bb246c989dd5e76281cb1eb2f082a98

SHA512
b4e28f718c696f5c53f40349cfe5829067819a9a80114d9eec39d9e948b7e1d0683ec478474930cfa818a9326a5f6bbb7cd734660be7e18385f19d6c56188b8d

Download Submit
C:\Windows\System\kFpTuMa.exe

Filesize
2.4MB

MD5
69d6bddb34881489b7e271b00d6e617d

SHA1
a63f3cdbd0c6ad8be8d1074106d3cea3b1bb2c12

SHA256
1da2ce2715588f3d2a054465ffec5c97e69b406dcb5d0a8039da1037b4ecb041

SHA512
db2f7b86283465e97e40d210884c6e4b147e55e7a677c9f37b60b7144760740e8b606e7ea752fab5770c915904810e21e1522772dd8c3c755356bafcabcf746b

Download Submit
C:\Windows\System\kWaCqFf.exe

Filesize
2.4MB

MD5
bdae8ca40b8972135d039c2ceec69f29

SHA1
3833b24d446a961182f997b120f62fe3ac9e6a3c

SHA256
cea4d16424b12d24aa193f378f92b1905aaeb79d12e29d24fa120a52fee6907b

SHA512
9edeb05d19f8604b16a9aa035de2e2c8c7a5d4f2328c968f1aeddb40e2ce14cef824f280e065ba8a2b7a0dc134adc2ed01ba3f610891914b14adbd13c6cab19e

Download Submit
C:\Windows\System\oDCKGkw.exe

Filesize
2.4MB

MD5
afb0c456b2cee46bbf428d5326b97d69

SHA1
c1134f5766da216f317c454c9d488f062e32bd85

SHA256
808228160ecec03c60de519e93249d7fff915b44c59b3e2659f2cf1345557d97

SHA512
f1c0e94cf802c1f9ece9b10397a1b69b3af8d8b6a77aec65cf79f1dc8f865579384d8df657a6faa1b6adffdce34e20d491941974b13b1304cc24379444c3e81d

Download Submit
C:\Windows\System\oQNUbJU.exe

Filesize
2.4MB

MD5
c733bc4fa3279ba38f679f3c4e12058f

SHA1
28fb305ed86fe5108b5fcd69e42d5975fcc21568

SHA256
67e6234fc703d04f2a9de7223d74dbb674f213f00926ddea28794c39a657bb13

SHA512
05a0ef43dcd732ad6b5ad41a3a0bffe5a22f1c22f4d7806a6b4a00e25893cda40958fc80b2d2bb2d9d3031a16580768ee182a3f5eb2aeb8f832516ef43db0382

Download Submit
C:\Windows\System\owIOyyt.exe

Filesize
2.4MB

MD5
76250d99456300953b15b6693845584f

SHA1
63ca088ff8ff0f094a1a763b7bca7dcc3468b8ff

SHA256
0e84f79f173a4ab2663cc8fb7387f35266b789665bbf43f98096b70b06917a4b

SHA512
1a2996dfb8e97123fcc7bb4b4cf89c96196d131ed4216df308c91265a46c397f9fef1e5ada13a7cbf50e32cd134d701bdc2b651f79f4743e070ff913d46077a6

Download Submit
C:\Windows\System\uqSRPie.exe

Filesize
2.4MB

MD5
04e6cd837f59a1b23cd9f2255ccad0f7

SHA1
d7944c844f69551b3f414dd3ed3c8aa1b89f5af1

SHA256
f7d56947050e1e44b9f27427b273021bafee3fdcfaddb955f64906cc90b3b9fc

SHA512
7312c4202bbfeaf705d63ee9748a2e3872c3c09132c816b8185cab73ac61156237bf3446f9bc2bf768d88366b916c215f26691675acc0185a62eec379c433522

Download Submit
C:\Windows\System\xpKvKYB.exe

Filesize
2.4MB

MD5
16b114071dacfd96bd0f9f48d045ff12

SHA1
00534e0bf36680c310ce9c89143937fd9ad69700

SHA256
bd33d9a23503f26f44536b23d000d44b517d1891176a47a69d661e1478439e75

SHA512
6a5ebcb0e1453b09f0e695702a2fd51d669b8039c993c6d11a2f03220eccbbeee066d7cd08080585f200684bddd6fbad79ce25660ae80fdc8f59c9858d5d08ce

Download Submit
C:\Windows\System\yBzkFuz.exe

Filesize
2.4MB

MD5
d6f0401d2ee6fbf8843e542b82b52e4a

SHA1
ea041cc4ba198feeed68047574d6688ea52d7cc5

SHA256
023ef99f2384bab22dfb56a779b99a416544a0712f67374b06f7ea1f9472abf6

SHA512
e1e9abd4d75e072791537b0c56676c4750a463d79b750ab9c0d775d663fea7c81f6ee64e3f77cdf9d8543145e8fa3ad9dfe3dad4af2f1d81e462e9719c8806ec

Download Submit
C:\Windows\System\yGCmPnu.exe

Filesize
2.4MB

MD5
d0dfa422428b806ccee213202accbbba

SHA1
b6bb15511cffde1083b25c06723f9db3716a0274

SHA256
619d31768c33429334a80b2f2d44cfffaad8715d124055f3be6bee1e5bf93fba

SHA512
231c32d24ce52eee66d3b03449973f05ca389b37dadc59f31dc2489e25338a0614d277dd6cb4378126b47032099ed0e21335c20ea0e04a053e38351a726abccc

Download Submit
memory/1552-2108-0x00007FF703A50000-0x00007FF703DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-15-0x00007FF703A50000-0x00007FF703DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-2132-0x00007FF6BA2A0000-0x00007FF6BA5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-202-0x00007FF6BA2A0000-0x00007FF6BA5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1896-215-0x00007FF640FD0000-0x00007FF641324000-memory.dmp

Filesize
3.3MB

Download
memory/1896-2126-0x00007FF640FD0000-0x00007FF641324000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2113-0x00007FF63DB40000-0x00007FF63DE94000-memory.dmp

Filesize
3.3MB

Download
memory/1900-209-0x00007FF63DB40000-0x00007FF63DE94000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2128-0x00007FF6CA7B0000-0x00007FF6CAB04000-memory.dmp

Filesize
3.3MB

Download
memory/1932-214-0x00007FF6CA7B0000-0x00007FF6CAB04000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2134-0x00007FF67D590000-0x00007FF67D8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-206-0x00007FF67D590000-0x00007FF67D8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-191-0x00007FF63B3D0000-0x00007FF63B724000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2123-0x00007FF63B3D0000-0x00007FF63B724000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2136-0x00007FF6F1C00000-0x00007FF6F1F54000-memory.dmp

Filesize
3.3MB

Download
memory/2440-208-0x00007FF6F1C00000-0x00007FF6F1F54000-memory.dmp

Filesize
3.3MB

Download
memory/2472-2112-0x00007FF7331B0000-0x00007FF733504000-memory.dmp

Filesize
3.3MB

Download
memory/2472-45-0x00007FF7331B0000-0x00007FF733504000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1-0x000001D150CF0000-0x000001D150D00000-memory.dmp

Filesize
64KB

Download
memory/2920-0-0x00007FF671620000-0x00007FF671974000-memory.dmp

Filesize
3.3MB

Download
memory/2976-122-0x00007FF748050000-0x00007FF7483A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2122-0x00007FF748050000-0x00007FF7483A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2114-0x00007FF7330B0000-0x00007FF733404000-memory.dmp

Filesize
3.3MB

Download
memory/3012-64-0x00007FF7330B0000-0x00007FF733404000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2129-0x00007FF719990000-0x00007FF719CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-213-0x00007FF719990000-0x00007FF719CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2131-0x00007FF6F95A0000-0x00007FF6F98F4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-210-0x00007FF6F95A0000-0x00007FF6F98F4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-17-0x00007FF7EFC20000-0x00007FF7EFF74000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2109-0x00007FF7EFC20000-0x00007FF7EFF74000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2111-0x00007FF79CA70000-0x00007FF79CDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2105-0x00007FF79CA70000-0x00007FF79CDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3412-25-0x00007FF79CA70000-0x00007FF79CDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3476-2116-0x00007FF6A2EC0000-0x00007FF6A3214000-memory.dmp

Filesize
3.3MB

Download
memory/3476-2106-0x00007FF6A2EC0000-0x00007FF6A3214000-memory.dmp

Filesize
3.3MB

Download
memory/3476-76-0x00007FF6A2EC0000-0x00007FF6A3214000-memory.dmp

Filesize
3.3MB

Download
memory/3640-212-0x00007FF641D60000-0x00007FF6420B4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-2121-0x00007FF641D60000-0x00007FF6420B4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2107-0x00007FF61B180000-0x00007FF61B4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-114-0x00007FF61B180000-0x00007FF61B4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2119-0x00007FF61B180000-0x00007FF61B4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3796-203-0x00007FF7B6000000-0x00007FF7B6354000-memory.dmp

Filesize
3.3MB

Download
memory/3796-2127-0x00007FF7B6000000-0x00007FF7B6354000-memory.dmp

Filesize
3.3MB

Download
memory/3836-2115-0x00007FF7344B0000-0x00007FF734804000-memory.dmp

Filesize
3.3MB

Download
memory/3836-91-0x00007FF7344B0000-0x00007FF734804000-memory.dmp

Filesize
3.3MB

Download
memory/3864-207-0x00007FF64C580000-0x00007FF64C8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2125-0x00007FF64C580000-0x00007FF64C8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2124-0x00007FF77D790000-0x00007FF77DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-201-0x00007FF77D790000-0x00007FF77DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2135-0x00007FF75A200000-0x00007FF75A554000-memory.dmp

Filesize
3.3MB

Download
memory/4220-205-0x00007FF75A200000-0x00007FF75A554000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2110-0x00007FF647F40000-0x00007FF648294000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2104-0x00007FF647F40000-0x00007FF648294000-memory.dmp

Filesize
3.3MB

Download
memory/4560-18-0x00007FF647F40000-0x00007FF648294000-memory.dmp

Filesize
3.3MB

Download
memory/4704-2133-0x00007FF7D7BF0000-0x00007FF7D7F44000-memory.dmp

Filesize
3.3MB

Download
memory/4704-194-0x00007FF7D7BF0000-0x00007FF7D7F44000-memory.dmp

Filesize
3.3MB

Download
memory/4724-204-0x00007FF766AE0000-0x00007FF766E34000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2130-0x00007FF766AE0000-0x00007FF766E34000-memory.dmp

Filesize
3.3MB

Download
memory/4780-190-0x00007FF7DA7D0000-0x00007FF7DAB24000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2120-0x00007FF7DA7D0000-0x00007FF7DAB24000-memory.dmp

Filesize
3.3MB

Download
memory/4988-187-0x00007FF613330000-0x00007FF613684000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2118-0x00007FF613330000-0x00007FF613684000-memory.dmp

Filesize
3.3MB

Download
memory/5048-211-0x00007FF78CEF0000-0x00007FF78D244000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2117-0x00007FF78CEF0000-0x00007FF78D244000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads