xmrig | 1626b28d2392ed8da43e82f4a2b9ce25cb7d169f0aaa959bb333e4fa0c5acf8d

Analysis

max time kernel
99s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
Size

2.3MB
MD5

52258a59953344ff97c8eb7c94f30b60
SHA1

9655ff4d0b215f95873fabb75a1578a47594d46a
SHA256

1626b28d2392ed8da43e82f4a2b9ce25cb7d169f0aaa959bb333e4fa0c5acf8d
SHA512

b30caba5b835ee86398a255289319d2de8d5a3c0ef4e7d90ba9b5d0b73ef0c888a51f1e7165ec034aae26c5ae48903f83fa00974ebeb4176fa3bfcd7b0091307
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQwNUMuikLCiJCF+QT1HAu:BemTLkNdfE0pZrQw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3136-0-0x00007FF7D6D00000-0x00007FF7D7054000-memory.dmp	xmrig
behavioral2/files/0x000a000000022fbf-5.dat	xmrig
behavioral2/memory/3060-12-0x00007FF6719E0000-0x00007FF671D34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-8.dat	xmrig
behavioral2/files/0x0007000000023414-16.dat	xmrig
behavioral2/files/0x0007000000023415-19.dat	xmrig
behavioral2/memory/4852-23-0x00007FF69F320000-0x00007FF69F674000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-47.dat	xmrig
behavioral2/files/0x000700000002341b-53.dat	xmrig
behavioral2/files/0x000700000002341d-67.dat	xmrig
behavioral2/files/0x0007000000023421-83.dat	xmrig
behavioral2/files/0x0007000000023426-112.dat	xmrig
behavioral2/files/0x000700000002342b-133.dat	xmrig
behavioral2/memory/2200-584-0x00007FF631DF0000-0x00007FF632144000-memory.dmp	xmrig
behavioral2/memory/3112-588-0x00007FF60F990000-0x00007FF60FCE4000-memory.dmp	xmrig
behavioral2/memory/2552-594-0x00007FF6B4E40000-0x00007FF6B5194000-memory.dmp	xmrig
behavioral2/memory/3932-608-0x00007FF6D4BC0000-0x00007FF6D4F14000-memory.dmp	xmrig
behavioral2/memory/1860-607-0x00007FF6C76A0000-0x00007FF6C79F4000-memory.dmp	xmrig
behavioral2/memory/3172-602-0x00007FF631FF0000-0x00007FF632344000-memory.dmp	xmrig
behavioral2/memory/2108-599-0x00007FF76DB50000-0x00007FF76DEA4000-memory.dmp	xmrig
behavioral2/memory/1740-620-0x00007FF714ED0000-0x00007FF715224000-memory.dmp	xmrig
behavioral2/memory/3340-629-0x00007FF73E900000-0x00007FF73EC54000-memory.dmp	xmrig
behavioral2/memory/1812-640-0x00007FF6CE1A0000-0x00007FF6CE4F4000-memory.dmp	xmrig
behavioral2/memory/3444-641-0x00007FF60FB20000-0x00007FF60FE74000-memory.dmp	xmrig
behavioral2/memory/3716-643-0x00007FF756220000-0x00007FF756574000-memory.dmp	xmrig
behavioral2/memory/1276-648-0x00007FF713FB0000-0x00007FF714304000-memory.dmp	xmrig
behavioral2/memory/2544-650-0x00007FF743CD0000-0x00007FF744024000-memory.dmp	xmrig
behavioral2/memory/4256-655-0x00007FF61D690000-0x00007FF61D9E4000-memory.dmp	xmrig
behavioral2/memory/2948-661-0x00007FF6A6970000-0x00007FF6A6CC4000-memory.dmp	xmrig
behavioral2/memory/4312-664-0x00007FF6AE780000-0x00007FF6AEAD4000-memory.dmp	xmrig
behavioral2/memory/396-662-0x00007FF76F4B0000-0x00007FF76F804000-memory.dmp	xmrig
behavioral2/memory/3424-660-0x00007FF6100F0000-0x00007FF610444000-memory.dmp	xmrig
behavioral2/memory/2640-651-0x00007FF749870000-0x00007FF749BC4000-memory.dmp	xmrig
behavioral2/memory/2212-649-0x00007FF632AF0000-0x00007FF632E44000-memory.dmp	xmrig
behavioral2/memory/3836-647-0x00007FF743DB0000-0x00007FF744104000-memory.dmp	xmrig
behavioral2/memory/1404-642-0x00007FF6EAB30000-0x00007FF6EAE84000-memory.dmp	xmrig
behavioral2/memory/1956-634-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp	xmrig
behavioral2/memory/1792-626-0x00007FF7829D0000-0x00007FF782D24000-memory.dmp	xmrig
behavioral2/memory/4372-615-0x00007FF61FEC0000-0x00007FF620214000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-166.dat	xmrig
behavioral2/files/0x0007000000023430-162.dat	xmrig
behavioral2/files/0x0007000000023431-161.dat	xmrig
behavioral2/files/0x000700000002342f-157.dat	xmrig
behavioral2/files/0x000700000002342e-152.dat	xmrig
behavioral2/files/0x000700000002342d-147.dat	xmrig
behavioral2/files/0x000700000002342c-142.dat	xmrig
behavioral2/files/0x000700000002342a-131.dat	xmrig
behavioral2/files/0x0007000000023429-127.dat	xmrig
behavioral2/files/0x0007000000023428-122.dat	xmrig
behavioral2/files/0x0007000000023427-117.dat	xmrig
behavioral2/files/0x0007000000023425-107.dat	xmrig
behavioral2/files/0x0007000000023424-102.dat	xmrig
behavioral2/files/0x0007000000023423-97.dat	xmrig
behavioral2/files/0x0007000000023422-92.dat	xmrig
behavioral2/files/0x0007000000023420-81.dat	xmrig
behavioral2/files/0x000700000002341f-77.dat	xmrig
behavioral2/files/0x000700000002341e-72.dat	xmrig
behavioral2/files/0x000700000002341c-62.dat	xmrig
behavioral2/files/0x000700000002341a-51.dat	xmrig
behavioral2/files/0x0007000000023418-42.dat	xmrig
behavioral2/files/0x0007000000023417-36.dat	xmrig
behavioral2/files/0x0007000000023416-32.dat	xmrig
behavioral2/memory/1968-27-0x00007FF704C10000-0x00007FF704F64000-memory.dmp	xmrig
behavioral2/memory/4852-2120-0x00007FF69F320000-0x00007FF69F674000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3060	MJHsKQP.exe
4852	VGZlikO.exe
2200	EBKIpfo.exe
1968	xswcwxE.exe
3112	zOxEBUp.exe
4312	dosQLoU.exe
2552	aSthqsL.exe
2108	ChmVSEL.exe
3172	YoVYtoI.exe
1860	HEimvxY.exe
3932	RfzhfvP.exe
4372	sPEeOoy.exe
1740	GenssCW.exe
1792	BzuEbEO.exe
3340	CedvyMk.exe
1956	OvFAegN.exe
1812	SVpwwcA.exe
3444	qAcIFHV.exe
1404	RxCzfMb.exe
3716	FzpORgu.exe
3836	nIUBQEV.exe
1276	ixqngUB.exe
2212	ChDSaym.exe
2544	pWuUWkk.exe
2640	IkxJKcF.exe
4256	LahRaaS.exe
3424	smSILjW.exe
2948	TORyBGc.exe
396	jTlZnlO.exe
220	uhOnlmU.exe
2760	jtjfIWR.exe
2152	qPiWYLe.exe
3140	tnmKbBi.exe
4676	FIQOTRA.exe
4936	nCZsjLl.exe
2504	aifESjr.exe
2204	EoyDuXY.exe
2832	DnbZxRL.exe
464	KRyumkD.exe
1596	APLjpAQ.exe
4860	dhnUkJF.exe
3492	JdYQqpq.exe
1496	hoptCLl.exe
2756	oUQvBmh.exe
4100	hyBhzfq.exe
4932	IrtfEEx.exe
2596	TAPUpxV.exe
2356	SygWDlo.exe
4448	wMZeNoc.exe
4388	bVQtTWN.exe
944	yWNdCDH.exe
4816	zxGyNxx.exe
4280	eQHrrAE.exe
1900	FMeqesg.exe
1696	BgkSwlB.exe
2332	HQwJJeU.exe
1160	yqJntyv.exe
3168	CJwFjLv.exe
4660	eMimPzj.exe
4020	cYfMNlH.exe
4412	WeTyeDZ.exe
3596	MtuclZZ.exe
4776	snDLsXW.exe
3984	hlWXnMS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3136-0-0x00007FF7D6D00000-0x00007FF7D7054000-memory.dmp	upx
behavioral2/files/0x000a000000022fbf-5.dat	upx
behavioral2/memory/3060-12-0x00007FF6719E0000-0x00007FF671D34000-memory.dmp	upx
behavioral2/files/0x0007000000023413-8.dat	upx
behavioral2/files/0x0007000000023414-16.dat	upx
behavioral2/files/0x0007000000023415-19.dat	upx
behavioral2/memory/4852-23-0x00007FF69F320000-0x00007FF69F674000-memory.dmp	upx
behavioral2/files/0x0007000000023419-47.dat	upx
behavioral2/files/0x000700000002341b-53.dat	upx
behavioral2/files/0x000700000002341d-67.dat	upx
behavioral2/files/0x0007000000023421-83.dat	upx
behavioral2/files/0x0007000000023426-112.dat	upx
behavioral2/files/0x000700000002342b-133.dat	upx
behavioral2/memory/2200-584-0x00007FF631DF0000-0x00007FF632144000-memory.dmp	upx
behavioral2/memory/3112-588-0x00007FF60F990000-0x00007FF60FCE4000-memory.dmp	upx
behavioral2/memory/2552-594-0x00007FF6B4E40000-0x00007FF6B5194000-memory.dmp	upx
behavioral2/memory/3932-608-0x00007FF6D4BC0000-0x00007FF6D4F14000-memory.dmp	upx
behavioral2/memory/1860-607-0x00007FF6C76A0000-0x00007FF6C79F4000-memory.dmp	upx
behavioral2/memory/3172-602-0x00007FF631FF0000-0x00007FF632344000-memory.dmp	upx
behavioral2/memory/2108-599-0x00007FF76DB50000-0x00007FF76DEA4000-memory.dmp	upx
behavioral2/memory/1740-620-0x00007FF714ED0000-0x00007FF715224000-memory.dmp	upx
behavioral2/memory/3340-629-0x00007FF73E900000-0x00007FF73EC54000-memory.dmp	upx
behavioral2/memory/1812-640-0x00007FF6CE1A0000-0x00007FF6CE4F4000-memory.dmp	upx
behavioral2/memory/3444-641-0x00007FF60FB20000-0x00007FF60FE74000-memory.dmp	upx
behavioral2/memory/3716-643-0x00007FF756220000-0x00007FF756574000-memory.dmp	upx
behavioral2/memory/1276-648-0x00007FF713FB0000-0x00007FF714304000-memory.dmp	upx
behavioral2/memory/2544-650-0x00007FF743CD0000-0x00007FF744024000-memory.dmp	upx
behavioral2/memory/4256-655-0x00007FF61D690000-0x00007FF61D9E4000-memory.dmp	upx
behavioral2/memory/2948-661-0x00007FF6A6970000-0x00007FF6A6CC4000-memory.dmp	upx
behavioral2/memory/4312-664-0x00007FF6AE780000-0x00007FF6AEAD4000-memory.dmp	upx
behavioral2/memory/396-662-0x00007FF76F4B0000-0x00007FF76F804000-memory.dmp	upx
behavioral2/memory/3424-660-0x00007FF6100F0000-0x00007FF610444000-memory.dmp	upx
behavioral2/memory/2640-651-0x00007FF749870000-0x00007FF749BC4000-memory.dmp	upx
behavioral2/memory/2212-649-0x00007FF632AF0000-0x00007FF632E44000-memory.dmp	upx
behavioral2/memory/3836-647-0x00007FF743DB0000-0x00007FF744104000-memory.dmp	upx
behavioral2/memory/1404-642-0x00007FF6EAB30000-0x00007FF6EAE84000-memory.dmp	upx
behavioral2/memory/1956-634-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp	upx
behavioral2/memory/1792-626-0x00007FF7829D0000-0x00007FF782D24000-memory.dmp	upx
behavioral2/memory/4372-615-0x00007FF61FEC0000-0x00007FF620214000-memory.dmp	upx
behavioral2/files/0x0007000000023432-166.dat	upx
behavioral2/files/0x0007000000023430-162.dat	upx
behavioral2/files/0x0007000000023431-161.dat	upx
behavioral2/files/0x000700000002342f-157.dat	upx
behavioral2/files/0x000700000002342e-152.dat	upx
behavioral2/files/0x000700000002342d-147.dat	upx
behavioral2/files/0x000700000002342c-142.dat	upx
behavioral2/files/0x000700000002342a-131.dat	upx
behavioral2/files/0x0007000000023429-127.dat	upx
behavioral2/files/0x0007000000023428-122.dat	upx
behavioral2/files/0x0007000000023427-117.dat	upx
behavioral2/files/0x0007000000023425-107.dat	upx
behavioral2/files/0x0007000000023424-102.dat	upx
behavioral2/files/0x0007000000023423-97.dat	upx
behavioral2/files/0x0007000000023422-92.dat	upx
behavioral2/files/0x0007000000023420-81.dat	upx
behavioral2/files/0x000700000002341f-77.dat	upx
behavioral2/files/0x000700000002341e-72.dat	upx
behavioral2/files/0x000700000002341c-62.dat	upx
behavioral2/files/0x000700000002341a-51.dat	upx
behavioral2/files/0x0007000000023418-42.dat	upx
behavioral2/files/0x0007000000023417-36.dat	upx
behavioral2/files/0x0007000000023416-32.dat	upx
behavioral2/memory/1968-27-0x00007FF704C10000-0x00007FF704F64000-memory.dmp	upx
behavioral2/memory/4852-2120-0x00007FF69F320000-0x00007FF69F674000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QFUYseX.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\cNrbMge.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\jeNPkFR.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\nKcEJrD.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\HEimvxY.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\IkxJKcF.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\LahRaaS.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\oXpYDiD.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\MWYvmaw.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\pqtEjmH.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\DNpidfk.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\IPBTwQh.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\UMlaFCv.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\qzNpbmv.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\NkdFBPK.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\dJNeqxT.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\iLiVBmf.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\HFCjyRv.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\ZrYTxxP.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\fKCrEHg.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\TYotohB.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\QjgSqfn.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\FYYYIqP.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\erFwEtT.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\nEIADLq.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\EoyDuXY.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\MZvVmfY.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\WgpTfSh.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\jsBiWOz.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\wYtoRSQ.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\ChDSaym.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\EmKmpmN.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\QPhJVZo.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\kdDANbj.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\rfBFaJp.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\pVOdVwe.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\wcCAAKg.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\FMeqesg.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\FiJZNLU.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\rryvkph.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\wLknFAz.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\LnDpgaz.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\pmHIXPV.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\YLkvSIf.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\OsyJhRK.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\Ijmmjtr.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\vmzxWEv.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\xFHkimH.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\YWfvGQo.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\LqcFcuU.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\sWHStMr.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\bHmOyjS.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\ELjmOXw.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\nIUBQEV.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\hcKFdPL.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\tupNbXZ.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\vOAoEDj.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\aIMSGSV.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\meIAaGt.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\hUUfHYa.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\cDnUiiG.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\nCiIsmd.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\BtpuRzg.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
File created	C:\Windows\System\JPcJvKL.exe	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14900	dwm.exe
Token: SeChangeNotifyPrivilege	14900	dwm.exe
Token: 33	14900	dwm.exe
Token: SeIncBasePriorityPrivilege	14900	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3136 wrote to memory of 3060	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	83
PID 3136 wrote to memory of 3060	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	83
PID 3136 wrote to memory of 4852	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	84
PID 3136 wrote to memory of 4852	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	84
PID 3136 wrote to memory of 2200	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	85
PID 3136 wrote to memory of 2200	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	85
PID 3136 wrote to memory of 1968	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	86
PID 3136 wrote to memory of 1968	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	86
PID 3136 wrote to memory of 3112	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	87
PID 3136 wrote to memory of 3112	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	87
PID 3136 wrote to memory of 4312	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	88
PID 3136 wrote to memory of 4312	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	88
PID 3136 wrote to memory of 2552	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	89
PID 3136 wrote to memory of 2552	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	89
PID 3136 wrote to memory of 2108	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	90
PID 3136 wrote to memory of 2108	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	90
PID 3136 wrote to memory of 3172	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	91
PID 3136 wrote to memory of 3172	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	91
PID 3136 wrote to memory of 1860	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	92
PID 3136 wrote to memory of 1860	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	92
PID 3136 wrote to memory of 3932	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	93
PID 3136 wrote to memory of 3932	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	93
PID 3136 wrote to memory of 4372	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	94
PID 3136 wrote to memory of 4372	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	94
PID 3136 wrote to memory of 1740	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	95
PID 3136 wrote to memory of 1740	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	95
PID 3136 wrote to memory of 1792	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	96
PID 3136 wrote to memory of 1792	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	96
PID 3136 wrote to memory of 3340	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	97
PID 3136 wrote to memory of 3340	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	97
PID 3136 wrote to memory of 1956	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	98
PID 3136 wrote to memory of 1956	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	98
PID 3136 wrote to memory of 1812	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	99
PID 3136 wrote to memory of 1812	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	99
PID 3136 wrote to memory of 3444	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	100
PID 3136 wrote to memory of 3444	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	100
PID 3136 wrote to memory of 1404	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	101
PID 3136 wrote to memory of 1404	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	101
PID 3136 wrote to memory of 3716	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	102
PID 3136 wrote to memory of 3716	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	102
PID 3136 wrote to memory of 3836	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	103
PID 3136 wrote to memory of 3836	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	103
PID 3136 wrote to memory of 1276	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	104
PID 3136 wrote to memory of 1276	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	104
PID 3136 wrote to memory of 2212	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	105
PID 3136 wrote to memory of 2212	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	105
PID 3136 wrote to memory of 2544	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	106
PID 3136 wrote to memory of 2544	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	106
PID 3136 wrote to memory of 2640	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	107
PID 3136 wrote to memory of 2640	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	107
PID 3136 wrote to memory of 4256	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	108
PID 3136 wrote to memory of 4256	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	108
PID 3136 wrote to memory of 3424	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	109
PID 3136 wrote to memory of 3424	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	109
PID 3136 wrote to memory of 2948	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	110
PID 3136 wrote to memory of 2948	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	110
PID 3136 wrote to memory of 396	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	111
PID 3136 wrote to memory of 396	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	111
PID 3136 wrote to memory of 220	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	112
PID 3136 wrote to memory of 220	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	112
PID 3136 wrote to memory of 2760	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	113
PID 3136 wrote to memory of 2760	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	113
PID 3136 wrote to memory of 2152	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	114
PID 3136 wrote to memory of 2152	3136	52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\52258a59953344ff97c8eb7c94f30b60_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Windows\System\MJHsKQP.exe
  C:\Windows\System\MJHsKQP.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\VGZlikO.exe
  C:\Windows\System\VGZlikO.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\EBKIpfo.exe
  C:\Windows\System\EBKIpfo.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\xswcwxE.exe
  C:\Windows\System\xswcwxE.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\zOxEBUp.exe
  C:\Windows\System\zOxEBUp.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\dosQLoU.exe
  C:\Windows\System\dosQLoU.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\aSthqsL.exe
  C:\Windows\System\aSthqsL.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\ChmVSEL.exe
  C:\Windows\System\ChmVSEL.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\YoVYtoI.exe
  C:\Windows\System\YoVYtoI.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\HEimvxY.exe
  C:\Windows\System\HEimvxY.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\RfzhfvP.exe
  C:\Windows\System\RfzhfvP.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\sPEeOoy.exe
  C:\Windows\System\sPEeOoy.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\GenssCW.exe
  C:\Windows\System\GenssCW.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\BzuEbEO.exe
  C:\Windows\System\BzuEbEO.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\CedvyMk.exe
  C:\Windows\System\CedvyMk.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\OvFAegN.exe
  C:\Windows\System\OvFAegN.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\SVpwwcA.exe
  C:\Windows\System\SVpwwcA.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\qAcIFHV.exe
  C:\Windows\System\qAcIFHV.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\RxCzfMb.exe
  C:\Windows\System\RxCzfMb.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\FzpORgu.exe
  C:\Windows\System\FzpORgu.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\nIUBQEV.exe
  C:\Windows\System\nIUBQEV.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\ixqngUB.exe
  C:\Windows\System\ixqngUB.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\ChDSaym.exe
  C:\Windows\System\ChDSaym.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\pWuUWkk.exe
  C:\Windows\System\pWuUWkk.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\IkxJKcF.exe
  C:\Windows\System\IkxJKcF.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\LahRaaS.exe
  C:\Windows\System\LahRaaS.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\smSILjW.exe
  C:\Windows\System\smSILjW.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\TORyBGc.exe
  C:\Windows\System\TORyBGc.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\jTlZnlO.exe
  C:\Windows\System\jTlZnlO.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\uhOnlmU.exe
  C:\Windows\System\uhOnlmU.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\jtjfIWR.exe
  C:\Windows\System\jtjfIWR.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\qPiWYLe.exe
  C:\Windows\System\qPiWYLe.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\tnmKbBi.exe
  C:\Windows\System\tnmKbBi.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\FIQOTRA.exe
  C:\Windows\System\FIQOTRA.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\nCZsjLl.exe
  C:\Windows\System\nCZsjLl.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\aifESjr.exe
  C:\Windows\System\aifESjr.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\EoyDuXY.exe
  C:\Windows\System\EoyDuXY.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\DnbZxRL.exe
  C:\Windows\System\DnbZxRL.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\KRyumkD.exe
  C:\Windows\System\KRyumkD.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\APLjpAQ.exe
  C:\Windows\System\APLjpAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\dhnUkJF.exe
  C:\Windows\System\dhnUkJF.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\JdYQqpq.exe
  C:\Windows\System\JdYQqpq.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\hoptCLl.exe
  C:\Windows\System\hoptCLl.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\oUQvBmh.exe
  C:\Windows\System\oUQvBmh.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\hyBhzfq.exe
  C:\Windows\System\hyBhzfq.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\IrtfEEx.exe
  C:\Windows\System\IrtfEEx.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\TAPUpxV.exe
  C:\Windows\System\TAPUpxV.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\SygWDlo.exe
  C:\Windows\System\SygWDlo.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\wMZeNoc.exe
  C:\Windows\System\wMZeNoc.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\bVQtTWN.exe
  C:\Windows\System\bVQtTWN.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\yWNdCDH.exe
  C:\Windows\System\yWNdCDH.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\zxGyNxx.exe
  C:\Windows\System\zxGyNxx.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\eQHrrAE.exe
  C:\Windows\System\eQHrrAE.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\FMeqesg.exe
  C:\Windows\System\FMeqesg.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\BgkSwlB.exe
  C:\Windows\System\BgkSwlB.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\HQwJJeU.exe
  C:\Windows\System\HQwJJeU.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\yqJntyv.exe
  C:\Windows\System\yqJntyv.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\CJwFjLv.exe
  C:\Windows\System\CJwFjLv.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\eMimPzj.exe
  C:\Windows\System\eMimPzj.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\cYfMNlH.exe
  C:\Windows\System\cYfMNlH.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\WeTyeDZ.exe
  C:\Windows\System\WeTyeDZ.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\MtuclZZ.exe
  C:\Windows\System\MtuclZZ.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\snDLsXW.exe
  C:\Windows\System\snDLsXW.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\hlWXnMS.exe
  C:\Windows\System\hlWXnMS.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\BmtTyVb.exe
  C:\Windows\System\BmtTyVb.exe
  2⤵
  PID:548
- C:\Windows\System\adlfHLo.exe
  C:\Windows\System\adlfHLo.exe
  2⤵
  PID:3720
- C:\Windows\System\ItFpboP.exe
  C:\Windows\System\ItFpboP.exe
  2⤵
  PID:4696
- C:\Windows\System\IobjyXb.exe
  C:\Windows\System\IobjyXb.exe
  2⤵
  PID:3992
- C:\Windows\System\RDjxDNX.exe
  C:\Windows\System\RDjxDNX.exe
  2⤵
  PID:2844
- C:\Windows\System\nmOcIFj.exe
  C:\Windows\System\nmOcIFj.exe
  2⤵
  PID:2320
- C:\Windows\System\WWWYOKb.exe
  C:\Windows\System\WWWYOKb.exe
  2⤵
  PID:1632
- C:\Windows\System\WmAfAHR.exe
  C:\Windows\System\WmAfAHR.exe
  2⤵
  PID:3732
- C:\Windows\System\pmmcZJN.exe
  C:\Windows\System\pmmcZJN.exe
  2⤵
  PID:1760
- C:\Windows\System\ZSkLcvm.exe
  C:\Windows\System\ZSkLcvm.exe
  2⤵
  PID:2680
- C:\Windows\System\fKwIrDn.exe
  C:\Windows\System\fKwIrDn.exe
  2⤵
  PID:4844
- C:\Windows\System\MvURhVs.exe
  C:\Windows\System\MvURhVs.exe
  2⤵
  PID:3176
- C:\Windows\System\RFMWzZd.exe
  C:\Windows\System\RFMWzZd.exe
  2⤵
  PID:3584
- C:\Windows\System\JMaxvje.exe
  C:\Windows\System\JMaxvje.exe
  2⤵
  PID:60
- C:\Windows\System\wxAqEPI.exe
  C:\Windows\System\wxAqEPI.exe
  2⤵
  PID:436
- C:\Windows\System\ZZBhILq.exe
  C:\Windows\System\ZZBhILq.exe
  2⤵
  PID:3476
- C:\Windows\System\hUUfHYa.exe
  C:\Windows\System\hUUfHYa.exe
  2⤵
  PID:1072
- C:\Windows\System\PXyJWlK.exe
  C:\Windows\System\PXyJWlK.exe
  2⤵
  PID:2088
- C:\Windows\System\mbMwyVu.exe
  C:\Windows\System\mbMwyVu.exe
  2⤵
  PID:4012
- C:\Windows\System\RlzusfE.exe
  C:\Windows\System\RlzusfE.exe
  2⤵
  PID:5128
- C:\Windows\System\HQIDRiW.exe
  C:\Windows\System\HQIDRiW.exe
  2⤵
  PID:5156
- C:\Windows\System\rYJGcpf.exe
  C:\Windows\System\rYJGcpf.exe
  2⤵
  PID:5184
- C:\Windows\System\aTPiZUp.exe
  C:\Windows\System\aTPiZUp.exe
  2⤵
  PID:5212
- C:\Windows\System\jDCjjxl.exe
  C:\Windows\System\jDCjjxl.exe
  2⤵
  PID:5240
- C:\Windows\System\lEhSalW.exe
  C:\Windows\System\lEhSalW.exe
  2⤵
  PID:5268
- C:\Windows\System\ZdulBPg.exe
  C:\Windows\System\ZdulBPg.exe
  2⤵
  PID:5296
- C:\Windows\System\uKHSrpa.exe
  C:\Windows\System\uKHSrpa.exe
  2⤵
  PID:5324
- C:\Windows\System\TLflkzp.exe
  C:\Windows\System\TLflkzp.exe
  2⤵
  PID:5352
- C:\Windows\System\FSUBats.exe
  C:\Windows\System\FSUBats.exe
  2⤵
  PID:5376
- C:\Windows\System\GDtXdRP.exe
  C:\Windows\System\GDtXdRP.exe
  2⤵
  PID:5404
- C:\Windows\System\XUkhBxj.exe
  C:\Windows\System\XUkhBxj.exe
  2⤵
  PID:5436
- C:\Windows\System\bQXQceN.exe
  C:\Windows\System\bQXQceN.exe
  2⤵
  PID:5464
- C:\Windows\System\hNZqHnJ.exe
  C:\Windows\System\hNZqHnJ.exe
  2⤵
  PID:5492
- C:\Windows\System\OAPdFGN.exe
  C:\Windows\System\OAPdFGN.exe
  2⤵
  PID:5520
- C:\Windows\System\TXSmqub.exe
  C:\Windows\System\TXSmqub.exe
  2⤵
  PID:5544
- C:\Windows\System\PJMrQOA.exe
  C:\Windows\System\PJMrQOA.exe
  2⤵
  PID:5572
- C:\Windows\System\UolDTog.exe
  C:\Windows\System\UolDTog.exe
  2⤵
  PID:5604
- C:\Windows\System\kUVRByQ.exe
  C:\Windows\System\kUVRByQ.exe
  2⤵
  PID:5632
- C:\Windows\System\HTSYzVv.exe
  C:\Windows\System\HTSYzVv.exe
  2⤵
  PID:5660
- C:\Windows\System\vBPlrgq.exe
  C:\Windows\System\vBPlrgq.exe
  2⤵
  PID:5684
- C:\Windows\System\jYnPmAE.exe
  C:\Windows\System\jYnPmAE.exe
  2⤵
  PID:5712
- C:\Windows\System\IWaMaXu.exe
  C:\Windows\System\IWaMaXu.exe
  2⤵
  PID:5740
- C:\Windows\System\tuPvtyu.exe
  C:\Windows\System\tuPvtyu.exe
  2⤵
  PID:5772
- C:\Windows\System\toXQKSb.exe
  C:\Windows\System\toXQKSb.exe
  2⤵
  PID:5796
- C:\Windows\System\IWswXXZ.exe
  C:\Windows\System\IWswXXZ.exe
  2⤵
  PID:5824
- C:\Windows\System\yGMSiqZ.exe
  C:\Windows\System\yGMSiqZ.exe
  2⤵
  PID:5852
- C:\Windows\System\gKALrqr.exe
  C:\Windows\System\gKALrqr.exe
  2⤵
  PID:5880
- C:\Windows\System\nHUOkrH.exe
  C:\Windows\System\nHUOkrH.exe
  2⤵
  PID:5912
- C:\Windows\System\mSBEgNo.exe
  C:\Windows\System\mSBEgNo.exe
  2⤵
  PID:5940
- C:\Windows\System\zIsjsGC.exe
  C:\Windows\System\zIsjsGC.exe
  2⤵
  PID:5968
- C:\Windows\System\zoSXPat.exe
  C:\Windows\System\zoSXPat.exe
  2⤵
  PID:5996
- C:\Windows\System\JHKiTGD.exe
  C:\Windows\System\JHKiTGD.exe
  2⤵
  PID:6024
- C:\Windows\System\cDnUiiG.exe
  C:\Windows\System\cDnUiiG.exe
  2⤵
  PID:6052
- C:\Windows\System\EJqVSNo.exe
  C:\Windows\System\EJqVSNo.exe
  2⤵
  PID:6080
- C:\Windows\System\hvEkyuA.exe
  C:\Windows\System\hvEkyuA.exe
  2⤵
  PID:6104
- C:\Windows\System\NxClzUY.exe
  C:\Windows\System\NxClzUY.exe
  2⤵
  PID:6136
- C:\Windows\System\DEYmTpR.exe
  C:\Windows\System\DEYmTpR.exe
  2⤵
  PID:2164
- C:\Windows\System\BuxIovO.exe
  C:\Windows\System\BuxIovO.exe
  2⤵
  PID:3008
- C:\Windows\System\xyvHbBU.exe
  C:\Windows\System\xyvHbBU.exe
  2⤵
  PID:2608
- C:\Windows\System\MSZiyJx.exe
  C:\Windows\System\MSZiyJx.exe
  2⤵
  PID:3216
- C:\Windows\System\fBQXKxi.exe
  C:\Windows\System\fBQXKxi.exe
  2⤵
  PID:2748
- C:\Windows\System\FNvzSXZ.exe
  C:\Windows\System\FNvzSXZ.exe
  2⤵
  PID:5148
- C:\Windows\System\YNaxIau.exe
  C:\Windows\System\YNaxIau.exe
  2⤵
  PID:5204
- C:\Windows\System\rYvMyPS.exe
  C:\Windows\System\rYvMyPS.exe
  2⤵
  PID:5284
- C:\Windows\System\vLhnlrD.exe
  C:\Windows\System\vLhnlrD.exe
  2⤵
  PID:5344
- C:\Windows\System\EpCUOSp.exe
  C:\Windows\System\EpCUOSp.exe
  2⤵
  PID:5420
- C:\Windows\System\saccrFs.exe
  C:\Windows\System\saccrFs.exe
  2⤵
  PID:5480
- C:\Windows\System\gGxBzei.exe
  C:\Windows\System\gGxBzei.exe
  2⤵
  PID:5540
- C:\Windows\System\nCiIsmd.exe
  C:\Windows\System\nCiIsmd.exe
  2⤵
  PID:5596
- C:\Windows\System\TWVpRPf.exe
  C:\Windows\System\TWVpRPf.exe
  2⤵
  PID:5676
- C:\Windows\System\saaAhhQ.exe
  C:\Windows\System\saaAhhQ.exe
  2⤵
  PID:5736
- C:\Windows\System\BoWaXpO.exe
  C:\Windows\System\BoWaXpO.exe
  2⤵
  PID:5812
- C:\Windows\System\wXOBRWo.exe
  C:\Windows\System\wXOBRWo.exe
  2⤵
  PID:5868
- C:\Windows\System\KeaGcpD.exe
  C:\Windows\System\KeaGcpD.exe
  2⤵
  PID:5928
- C:\Windows\System\QOjudFy.exe
  C:\Windows\System\QOjudFy.exe
  2⤵
  PID:6008
- C:\Windows\System\WlTtkUT.exe
  C:\Windows\System\WlTtkUT.exe
  2⤵
  PID:6044
- C:\Windows\System\QuhDAmX.exe
  C:\Windows\System\QuhDAmX.exe
  2⤵
  PID:6124
- C:\Windows\System\wQQhnzf.exe
  C:\Windows\System\wQQhnzf.exe
  2⤵
  PID:4800
- C:\Windows\System\vWCBZgM.exe
  C:\Windows\System\vWCBZgM.exe
  2⤵
  PID:1288
- C:\Windows\System\QAZwHFW.exe
  C:\Windows\System\QAZwHFW.exe
  2⤵
  PID:5196
- C:\Windows\System\GdiStZt.exe
  C:\Windows\System\GdiStZt.exe
  2⤵
  PID:5336
- C:\Windows\System\jeNPkFR.exe
  C:\Windows\System\jeNPkFR.exe
  2⤵
  PID:5456
- C:\Windows\System\vJTXYdw.exe
  C:\Windows\System\vJTXYdw.exe
  2⤵
  PID:5644
- C:\Windows\System\tbwmGkw.exe
  C:\Windows\System\tbwmGkw.exe
  2⤵
  PID:5784
- C:\Windows\System\PloDPrZ.exe
  C:\Windows\System\PloDPrZ.exe
  2⤵
  PID:6164
- C:\Windows\System\ZlahnuE.exe
  C:\Windows\System\ZlahnuE.exe
  2⤵
  PID:6192
- C:\Windows\System\zEiFQQt.exe
  C:\Windows\System\zEiFQQt.exe
  2⤵
  PID:6220
- C:\Windows\System\NgjIyYk.exe
  C:\Windows\System\NgjIyYk.exe
  2⤵
  PID:6244
- C:\Windows\System\OKfzRfP.exe
  C:\Windows\System\OKfzRfP.exe
  2⤵
  PID:6276
- C:\Windows\System\SVgrgvo.exe
  C:\Windows\System\SVgrgvo.exe
  2⤵
  PID:6304
- C:\Windows\System\nWxiSrE.exe
  C:\Windows\System\nWxiSrE.exe
  2⤵
  PID:6328
- C:\Windows\System\YfNxvWn.exe
  C:\Windows\System\YfNxvWn.exe
  2⤵
  PID:6356
- C:\Windows\System\SVrfakg.exe
  C:\Windows\System\SVrfakg.exe
  2⤵
  PID:6384
- C:\Windows\System\gFastab.exe
  C:\Windows\System\gFastab.exe
  2⤵
  PID:6416
- C:\Windows\System\NKgzZFV.exe
  C:\Windows\System\NKgzZFV.exe
  2⤵
  PID:6444
- C:\Windows\System\UZckGFL.exe
  C:\Windows\System\UZckGFL.exe
  2⤵
  PID:6472
- C:\Windows\System\jFayulf.exe
  C:\Windows\System\jFayulf.exe
  2⤵
  PID:6496
- C:\Windows\System\vkmLhPq.exe
  C:\Windows\System\vkmLhPq.exe
  2⤵
  PID:6528
- C:\Windows\System\jAvvzUj.exe
  C:\Windows\System\jAvvzUj.exe
  2⤵
  PID:6556
- C:\Windows\System\OzbSBWu.exe
  C:\Windows\System\OzbSBWu.exe
  2⤵
  PID:6584
- C:\Windows\System\ItkKCMC.exe
  C:\Windows\System\ItkKCMC.exe
  2⤵
  PID:6608
- C:\Windows\System\nsqauFe.exe
  C:\Windows\System\nsqauFe.exe
  2⤵
  PID:6636
- C:\Windows\System\hcaqcHo.exe
  C:\Windows\System\hcaqcHo.exe
  2⤵
  PID:6668
- C:\Windows\System\SvEdTMe.exe
  C:\Windows\System\SvEdTMe.exe
  2⤵
  PID:6696
- C:\Windows\System\eqeKjUu.exe
  C:\Windows\System\eqeKjUu.exe
  2⤵
  PID:6724
- C:\Windows\System\voJmIoc.exe
  C:\Windows\System\voJmIoc.exe
  2⤵
  PID:6752
- C:\Windows\System\QUeIWsy.exe
  C:\Windows\System\QUeIWsy.exe
  2⤵
  PID:6780
- C:\Windows\System\YcBmHHX.exe
  C:\Windows\System\YcBmHHX.exe
  2⤵
  PID:6808
- C:\Windows\System\KDXudKu.exe
  C:\Windows\System\KDXudKu.exe
  2⤵
  PID:6924
- C:\Windows\System\ZXegrJK.exe
  C:\Windows\System\ZXegrJK.exe
  2⤵
  PID:6944
- C:\Windows\System\WEXrMvl.exe
  C:\Windows\System\WEXrMvl.exe
  2⤵
  PID:6968
- C:\Windows\System\UIsUikE.exe
  C:\Windows\System\UIsUikE.exe
  2⤵
  PID:6988
- C:\Windows\System\WLdPKOF.exe
  C:\Windows\System\WLdPKOF.exe
  2⤵
  PID:7028
- C:\Windows\System\fkGOQwI.exe
  C:\Windows\System\fkGOQwI.exe
  2⤵
  PID:7064
- C:\Windows\System\bLQflwq.exe
  C:\Windows\System\bLQflwq.exe
  2⤵
  PID:7100
- C:\Windows\System\JcZexbN.exe
  C:\Windows\System\JcZexbN.exe
  2⤵
  PID:7128
- C:\Windows\System\xOHDLiq.exe
  C:\Windows\System\xOHDLiq.exe
  2⤵
  PID:7160
- C:\Windows\System\FiJZNLU.exe
  C:\Windows\System\FiJZNLU.exe
  2⤵
  PID:5900
- C:\Windows\System\vGaiiUQ.exe
  C:\Windows\System\vGaiiUQ.exe
  2⤵
  PID:5980
- C:\Windows\System\HrhTzte.exe
  C:\Windows\System\HrhTzte.exe
  2⤵
  PID:6092
- C:\Windows\System\OsyJhRK.exe
  C:\Windows\System\OsyJhRK.exe
  2⤵
  PID:804
- C:\Windows\System\MZvVmfY.exe
  C:\Windows\System\MZvVmfY.exe
  2⤵
  PID:5448
- C:\Windows\System\QpZOQqs.exe
  C:\Windows\System\QpZOQqs.exe
  2⤵
  PID:6184
- C:\Windows\System\OUOXTaf.exe
  C:\Windows\System\OUOXTaf.exe
  2⤵
  PID:6268
- C:\Windows\System\dmimjWS.exe
  C:\Windows\System\dmimjWS.exe
  2⤵
  PID:6400
- C:\Windows\System\EoIuwSd.exe
  C:\Windows\System\EoIuwSd.exe
  2⤵
  PID:6436
- C:\Windows\System\xHKoYPu.exe
  C:\Windows\System\xHKoYPu.exe
  2⤵
  PID:4436
- C:\Windows\System\WgpTfSh.exe
  C:\Windows\System\WgpTfSh.exe
  2⤵
  PID:6712
- C:\Windows\System\zTQfwKF.exe
  C:\Windows\System\zTQfwKF.exe
  2⤵
  PID:5080
- C:\Windows\System\YWfvGQo.exe
  C:\Windows\System\YWfvGQo.exe
  2⤵
  PID:2100
- C:\Windows\System\bRniVgM.exe
  C:\Windows\System\bRniVgM.exe
  2⤵
  PID:5060
- C:\Windows\System\GIdwkPe.exe
  C:\Windows\System\GIdwkPe.exe
  2⤵
  PID:2644
- C:\Windows\System\pKeWdll.exe
  C:\Windows\System\pKeWdll.exe
  2⤵
  PID:4296
- C:\Windows\System\gCENlqb.exe
  C:\Windows\System\gCENlqb.exe
  2⤵
  PID:116
- C:\Windows\System\joRkAGF.exe
  C:\Windows\System\joRkAGF.exe
  2⤵
  PID:7016
- C:\Windows\System\rryvkph.exe
  C:\Windows\System\rryvkph.exe
  2⤵
  PID:64
- C:\Windows\System\IbBegML.exe
  C:\Windows\System\IbBegML.exe
  2⤵
  PID:7076
- C:\Windows\System\PuCQQtX.exe
  C:\Windows\System\PuCQQtX.exe
  2⤵
  PID:7152
- C:\Windows\System\hcKFdPL.exe
  C:\Windows\System\hcKFdPL.exe
  2⤵
  PID:3208
- C:\Windows\System\mScYbnG.exe
  C:\Windows\System\mScYbnG.exe
  2⤵
  PID:5708
- C:\Windows\System\eXvizLL.exe
  C:\Windows\System\eXvizLL.exe
  2⤵
  PID:6488
- C:\Windows\System\cTNCelI.exe
  C:\Windows\System\cTNCelI.exe
  2⤵
  PID:3320
- C:\Windows\System\UnWQKCZ.exe
  C:\Windows\System\UnWQKCZ.exe
  2⤵
  PID:2324
- C:\Windows\System\SkxSYGt.exe
  C:\Windows\System\SkxSYGt.exe
  2⤵
  PID:5844
- C:\Windows\System\Jaqlfkc.exe
  C:\Windows\System\Jaqlfkc.exe
  2⤵
  PID:6292
- C:\Windows\System\erFwEtT.exe
  C:\Windows\System\erFwEtT.exe
  2⤵
  PID:6540
- C:\Windows\System\zJPNvRk.exe
  C:\Windows\System\zJPNvRk.exe
  2⤵
  PID:3108
- C:\Windows\System\UXApQSQ.exe
  C:\Windows\System\UXApQSQ.exe
  2⤵
  PID:6660
- C:\Windows\System\XCNdrDq.exe
  C:\Windows\System\XCNdrDq.exe
  2⤵
  PID:628
- C:\Windows\System\BROJyUH.exe
  C:\Windows\System\BROJyUH.exe
  2⤵
  PID:1944
- C:\Windows\System\tRkdDFR.exe
  C:\Windows\System\tRkdDFR.exe
  2⤵
  PID:7060
- C:\Windows\System\jnVTqOW.exe
  C:\Windows\System\jnVTqOW.exe
  2⤵
  PID:6236
- C:\Windows\System\mgsohly.exe
  C:\Windows\System\mgsohly.exe
  2⤵
  PID:1020
- C:\Windows\System\zmvTanc.exe
  C:\Windows\System\zmvTanc.exe
  2⤵
  PID:6148
- C:\Windows\System\ojfkand.exe
  C:\Windows\System\ojfkand.exe
  2⤵
  PID:6576
- C:\Windows\System\PuVFxRR.exe
  C:\Windows\System\PuVFxRR.exe
  2⤵
  PID:212
- C:\Windows\System\jaHDgDX.exe
  C:\Windows\System\jaHDgDX.exe
  2⤵
  PID:6940
- C:\Windows\System\ACNIIgf.exe
  C:\Windows\System\ACNIIgf.exe
  2⤵
  PID:6036
- C:\Windows\System\RImSNGY.exe
  C:\Windows\System\RImSNGY.exe
  2⤵
  PID:6904
- C:\Windows\System\YoSWRqM.exe
  C:\Windows\System\YoSWRqM.exe
  2⤵
  PID:7084
- C:\Windows\System\mIeltdH.exe
  C:\Windows\System\mIeltdH.exe
  2⤵
  PID:4424
- C:\Windows\System\jiGwWWg.exe
  C:\Windows\System\jiGwWWg.exe
  2⤵
  PID:7196
- C:\Windows\System\iDluNRu.exe
  C:\Windows\System\iDluNRu.exe
  2⤵
  PID:7236
- C:\Windows\System\TxMFiLA.exe
  C:\Windows\System\TxMFiLA.exe
  2⤵
  PID:7260
- C:\Windows\System\zbcGOXM.exe
  C:\Windows\System\zbcGOXM.exe
  2⤵
  PID:7288
- C:\Windows\System\THGGSJp.exe
  C:\Windows\System\THGGSJp.exe
  2⤵
  PID:7304
- C:\Windows\System\RwIUEKx.exe
  C:\Windows\System\RwIUEKx.exe
  2⤵
  PID:7332
- C:\Windows\System\xXuoxuQ.exe
  C:\Windows\System\xXuoxuQ.exe
  2⤵
  PID:7364
- C:\Windows\System\TYotohB.exe
  C:\Windows\System\TYotohB.exe
  2⤵
  PID:7400
- C:\Windows\System\aoBvcQp.exe
  C:\Windows\System\aoBvcQp.exe
  2⤵
  PID:7428
- C:\Windows\System\TAxzEWw.exe
  C:\Windows\System\TAxzEWw.exe
  2⤵
  PID:7444
- C:\Windows\System\YzWIgNa.exe
  C:\Windows\System\YzWIgNa.exe
  2⤵
  PID:7476
- C:\Windows\System\QxgSYcq.exe
  C:\Windows\System\QxgSYcq.exe
  2⤵
  PID:7500
- C:\Windows\System\mbezxpw.exe
  C:\Windows\System\mbezxpw.exe
  2⤵
  PID:7532
- C:\Windows\System\OskuApI.exe
  C:\Windows\System\OskuApI.exe
  2⤵
  PID:7564
- C:\Windows\System\EfxVeth.exe
  C:\Windows\System\EfxVeth.exe
  2⤵
  PID:7596
- C:\Windows\System\MPLCoFP.exe
  C:\Windows\System\MPLCoFP.exe
  2⤵
  PID:7620
- C:\Windows\System\WJgwUFO.exe
  C:\Windows\System\WJgwUFO.exe
  2⤵
  PID:7652
- C:\Windows\System\bnyRdBG.exe
  C:\Windows\System\bnyRdBG.exe
  2⤵
  PID:7700
- C:\Windows\System\yQednhP.exe
  C:\Windows\System\yQednhP.exe
  2⤵
  PID:7728
- C:\Windows\System\fWwMOCF.exe
  C:\Windows\System\fWwMOCF.exe
  2⤵
  PID:7756
- C:\Windows\System\HiWokmZ.exe
  C:\Windows\System\HiWokmZ.exe
  2⤵
  PID:7788
- C:\Windows\System\SovYvMQ.exe
  C:\Windows\System\SovYvMQ.exe
  2⤵
  PID:7804
- C:\Windows\System\oyBfYRH.exe
  C:\Windows\System\oyBfYRH.exe
  2⤵
  PID:7832
- C:\Windows\System\iTyQyLB.exe
  C:\Windows\System\iTyQyLB.exe
  2⤵
  PID:7880
- C:\Windows\System\TAKEaWA.exe
  C:\Windows\System\TAKEaWA.exe
  2⤵
  PID:7896
- C:\Windows\System\ThzcnOe.exe
  C:\Windows\System\ThzcnOe.exe
  2⤵
  PID:7920
- C:\Windows\System\WRxZncO.exe
  C:\Windows\System\WRxZncO.exe
  2⤵
  PID:7960
- C:\Windows\System\qzYnWqA.exe
  C:\Windows\System\qzYnWqA.exe
  2⤵
  PID:7980
- C:\Windows\System\gCLQtyW.exe
  C:\Windows\System\gCLQtyW.exe
  2⤵
  PID:8008
- C:\Windows\System\ngyaQAg.exe
  C:\Windows\System\ngyaQAg.exe
  2⤵
  PID:8048
- C:\Windows\System\kdDANbj.exe
  C:\Windows\System\kdDANbj.exe
  2⤵
  PID:8100
- C:\Windows\System\latOXOm.exe
  C:\Windows\System\latOXOm.exe
  2⤵
  PID:8132
- C:\Windows\System\dhVIcda.exe
  C:\Windows\System\dhVIcda.exe
  2⤵
  PID:8172
- C:\Windows\System\qMgGkja.exe
  C:\Windows\System\qMgGkja.exe
  2⤵
  PID:4308
- C:\Windows\System\WJMHBZr.exe
  C:\Windows\System\WJMHBZr.exe
  2⤵
  PID:7284
- C:\Windows\System\qmSGgEL.exe
  C:\Windows\System\qmSGgEL.exe
  2⤵
  PID:7392
- C:\Windows\System\nZNetqw.exe
  C:\Windows\System\nZNetqw.exe
  2⤵
  PID:7420
- C:\Windows\System\sKvEObS.exe
  C:\Windows\System\sKvEObS.exe
  2⤵
  PID:7508
- C:\Windows\System\aEyPqJn.exe
  C:\Windows\System\aEyPqJn.exe
  2⤵
  PID:7592
- C:\Windows\System\SmScPsO.exe
  C:\Windows\System\SmScPsO.exe
  2⤵
  PID:7644
- C:\Windows\System\cImwzRl.exe
  C:\Windows\System\cImwzRl.exe
  2⤵
  PID:7740
- C:\Windows\System\CaBnacD.exe
  C:\Windows\System\CaBnacD.exe
  2⤵
  PID:7852
- C:\Windows\System\XbQUdoS.exe
  C:\Windows\System\XbQUdoS.exe
  2⤵
  PID:7944
- C:\Windows\System\sWayPuf.exe
  C:\Windows\System\sWayPuf.exe
  2⤵
  PID:8020
- C:\Windows\System\eVczpbm.exe
  C:\Windows\System\eVczpbm.exe
  2⤵
  PID:8096
- C:\Windows\System\nbNbKNT.exe
  C:\Windows\System\nbNbKNT.exe
  2⤵
  PID:6652
- C:\Windows\System\IWPCvCz.exe
  C:\Windows\System\IWPCvCz.exe
  2⤵
  PID:8120
- C:\Windows\System\luqjBPg.exe
  C:\Windows\System\luqjBPg.exe
  2⤵
  PID:6716
- C:\Windows\System\mNBWZos.exe
  C:\Windows\System\mNBWZos.exe
  2⤵
  PID:7328
- C:\Windows\System\vOAoEDj.exe
  C:\Windows\System\vOAoEDj.exe
  2⤵
  PID:7628
- C:\Windows\System\czDVmtR.exe
  C:\Windows\System\czDVmtR.exe
  2⤵
  PID:7864
- C:\Windows\System\WVWJtPv.exe
  C:\Windows\System\WVWJtPv.exe
  2⤵
  PID:8092
- C:\Windows\System\SxBcNnG.exe
  C:\Windows\System\SxBcNnG.exe
  2⤵
  PID:7296
- C:\Windows\System\eMkyhiS.exe
  C:\Windows\System\eMkyhiS.exe
  2⤵
  PID:7460
- C:\Windows\System\wbjkEAu.exe
  C:\Windows\System\wbjkEAu.exe
  2⤵
  PID:8168
- C:\Windows\System\vNAZjhU.exe
  C:\Windows\System\vNAZjhU.exe
  2⤵
  PID:8212
- C:\Windows\System\PgCplBV.exe
  C:\Windows\System\PgCplBV.exe
  2⤵
  PID:8232
- C:\Windows\System\tupNbXZ.exe
  C:\Windows\System\tupNbXZ.exe
  2⤵
  PID:8260
- C:\Windows\System\TsvUkix.exe
  C:\Windows\System\TsvUkix.exe
  2⤵
  PID:8288
- C:\Windows\System\YQMWYAB.exe
  C:\Windows\System\YQMWYAB.exe
  2⤵
  PID:8324
- C:\Windows\System\VpsZjis.exe
  C:\Windows\System\VpsZjis.exe
  2⤵
  PID:8364
- C:\Windows\System\ukqQkNM.exe
  C:\Windows\System\ukqQkNM.exe
  2⤵
  PID:8392
- C:\Windows\System\QjgSqfn.exe
  C:\Windows\System\QjgSqfn.exe
  2⤵
  PID:8408
- C:\Windows\System\qzNpbmv.exe
  C:\Windows\System\qzNpbmv.exe
  2⤵
  PID:8436
- C:\Windows\System\wZGyttG.exe
  C:\Windows\System\wZGyttG.exe
  2⤵
  PID:8464
- C:\Windows\System\Nzziplr.exe
  C:\Windows\System\Nzziplr.exe
  2⤵
  PID:8492
- C:\Windows\System\dlAYCFv.exe
  C:\Windows\System\dlAYCFv.exe
  2⤵
  PID:8524
- C:\Windows\System\ifRVgZQ.exe
  C:\Windows\System\ifRVgZQ.exe
  2⤵
  PID:8572
- C:\Windows\System\VqQfFpY.exe
  C:\Windows\System\VqQfFpY.exe
  2⤵
  PID:8588
- C:\Windows\System\XntGoun.exe
  C:\Windows\System\XntGoun.exe
  2⤵
  PID:8608
- C:\Windows\System\XRwtUbp.exe
  C:\Windows\System\XRwtUbp.exe
  2⤵
  PID:8632
- C:\Windows\System\aRRJZTd.exe
  C:\Windows\System\aRRJZTd.exe
  2⤵
  PID:8684
- C:\Windows\System\EwdqZsg.exe
  C:\Windows\System\EwdqZsg.exe
  2⤵
  PID:8720
- C:\Windows\System\KxZTtai.exe
  C:\Windows\System\KxZTtai.exe
  2⤵
  PID:8748
- C:\Windows\System\iNRBoUK.exe
  C:\Windows\System\iNRBoUK.exe
  2⤵
  PID:8776
- C:\Windows\System\aMZYhGl.exe
  C:\Windows\System\aMZYhGl.exe
  2⤵
  PID:8804
- C:\Windows\System\djZyNuC.exe
  C:\Windows\System\djZyNuC.exe
  2⤵
  PID:8832
- C:\Windows\System\InZtJhs.exe
  C:\Windows\System\InZtJhs.exe
  2⤵
  PID:8860
- C:\Windows\System\gDeQHIn.exe
  C:\Windows\System\gDeQHIn.exe
  2⤵
  PID:8892
- C:\Windows\System\nSPhpiV.exe
  C:\Windows\System\nSPhpiV.exe
  2⤵
  PID:8928
- C:\Windows\System\xIunnGq.exe
  C:\Windows\System\xIunnGq.exe
  2⤵
  PID:8956
- C:\Windows\System\LoJNOZQ.exe
  C:\Windows\System\LoJNOZQ.exe
  2⤵
  PID:8976
- C:\Windows\System\xjWBkhu.exe
  C:\Windows\System\xjWBkhu.exe
  2⤵
  PID:9012
- C:\Windows\System\MgucvFX.exe
  C:\Windows\System\MgucvFX.exe
  2⤵
  PID:9036
- C:\Windows\System\MtugmOr.exe
  C:\Windows\System\MtugmOr.exe
  2⤵
  PID:9064
- C:\Windows\System\UByKbIq.exe
  C:\Windows\System\UByKbIq.exe
  2⤵
  PID:9100
- C:\Windows\System\hGSCjAv.exe
  C:\Windows\System\hGSCjAv.exe
  2⤵
  PID:9120
- C:\Windows\System\kmGHSds.exe
  C:\Windows\System\kmGHSds.exe
  2⤵
  PID:9156
- C:\Windows\System\ldamQoH.exe
  C:\Windows\System\ldamQoH.exe
  2⤵
  PID:9188
- C:\Windows\System\eyCLrdj.exe
  C:\Windows\System\eyCLrdj.exe
  2⤵
  PID:4512
- C:\Windows\System\fhrbTIV.exe
  C:\Windows\System\fhrbTIV.exe
  2⤵
  PID:8220
- C:\Windows\System\ntDHzRG.exe
  C:\Windows\System\ntDHzRG.exe
  2⤵
  PID:8336
- C:\Windows\System\CHsniEH.exe
  C:\Windows\System\CHsniEH.exe
  2⤵
  PID:8404
- C:\Windows\System\nEIADLq.exe
  C:\Windows\System\nEIADLq.exe
  2⤵
  PID:8452
- C:\Windows\System\OXFclTf.exe
  C:\Windows\System\OXFclTf.exe
  2⤵
  PID:8484
- C:\Windows\System\xUOHaTx.exe
  C:\Windows\System\xUOHaTx.exe
  2⤵
  PID:8584
- C:\Windows\System\FYYYIqP.exe
  C:\Windows\System\FYYYIqP.exe
  2⤵
  PID:8652
- C:\Windows\System\pVsMNFz.exe
  C:\Windows\System\pVsMNFz.exe
  2⤵
  PID:8732
- C:\Windows\System\DNpidfk.exe
  C:\Windows\System\DNpidfk.exe
  2⤵
  PID:8764
- C:\Windows\System\HcrwVmp.exe
  C:\Windows\System\HcrwVmp.exe
  2⤵
  PID:8816
- C:\Windows\System\bjUCgju.exe
  C:\Windows\System\bjUCgju.exe
  2⤵
  PID:8920
- C:\Windows\System\HnXMEmI.exe
  C:\Windows\System\HnXMEmI.exe
  2⤵
  PID:8948
- C:\Windows\System\MNyhXsr.exe
  C:\Windows\System\MNyhXsr.exe
  2⤵
  PID:9000
- C:\Windows\System\VstNqpq.exe
  C:\Windows\System\VstNqpq.exe
  2⤵
  PID:9112
- C:\Windows\System\YnKdHcC.exe
  C:\Windows\System\YnKdHcC.exe
  2⤵
  PID:9204
- C:\Windows\System\iFJnRsh.exe
  C:\Windows\System\iFJnRsh.exe
  2⤵
  PID:8284
- C:\Windows\System\ZaqoTln.exe
  C:\Windows\System\ZaqoTln.exe
  2⤵
  PID:7764
- C:\Windows\System\ORpxRtg.exe
  C:\Windows\System\ORpxRtg.exe
  2⤵
  PID:8616
- C:\Windows\System\KujMgXI.exe
  C:\Windows\System\KujMgXI.exe
  2⤵
  PID:8708
- C:\Windows\System\wuzDjlp.exe
  C:\Windows\System\wuzDjlp.exe
  2⤵
  PID:8800
- C:\Windows\System\WEsXHVz.exe
  C:\Windows\System\WEsXHVz.exe
  2⤵
  PID:8844
- C:\Windows\System\nxXLuoR.exe
  C:\Windows\System\nxXLuoR.exe
  2⤵
  PID:8196
- C:\Windows\System\BrGHoGP.exe
  C:\Windows\System\BrGHoGP.exe
  2⤵
  PID:8312
- C:\Windows\System\rfBFaJp.exe
  C:\Windows\System\rfBFaJp.exe
  2⤵
  PID:8940
- C:\Windows\System\VuEeXNa.exe
  C:\Windows\System\VuEeXNa.exe
  2⤵
  PID:8384
- C:\Windows\System\VSMIohC.exe
  C:\Windows\System\VSMIohC.exe
  2⤵
  PID:8580
- C:\Windows\System\doukjIS.exe
  C:\Windows\System\doukjIS.exe
  2⤵
  PID:9244
- C:\Windows\System\Ijmmjtr.exe
  C:\Windows\System\Ijmmjtr.exe
  2⤵
  PID:9272
- C:\Windows\System\pECUoRJ.exe
  C:\Windows\System\pECUoRJ.exe
  2⤵
  PID:9304
- C:\Windows\System\uRrSuWo.exe
  C:\Windows\System\uRrSuWo.exe
  2⤵
  PID:9332
- C:\Windows\System\PbZtFfa.exe
  C:\Windows\System\PbZtFfa.exe
  2⤵
  PID:9360
- C:\Windows\System\BKNTuiD.exe
  C:\Windows\System\BKNTuiD.exe
  2⤵
  PID:9376
- C:\Windows\System\FqVYCQE.exe
  C:\Windows\System\FqVYCQE.exe
  2⤵
  PID:9416
- C:\Windows\System\VfGSpxq.exe
  C:\Windows\System\VfGSpxq.exe
  2⤵
  PID:9432
- C:\Windows\System\YIsypii.exe
  C:\Windows\System\YIsypii.exe
  2⤵
  PID:9460
- C:\Windows\System\BYuLLYQ.exe
  C:\Windows\System\BYuLLYQ.exe
  2⤵
  PID:9476
- C:\Windows\System\gAbRhTJ.exe
  C:\Windows\System\gAbRhTJ.exe
  2⤵
  PID:9504
- C:\Windows\System\hpLqmcI.exe
  C:\Windows\System\hpLqmcI.exe
  2⤵
  PID:9536
- C:\Windows\System\zafyyzi.exe
  C:\Windows\System\zafyyzi.exe
  2⤵
  PID:9572
- C:\Windows\System\zAzlDFU.exe
  C:\Windows\System\zAzlDFU.exe
  2⤵
  PID:9588
- C:\Windows\System\NtDvWsu.exe
  C:\Windows\System\NtDvWsu.exe
  2⤵
  PID:9632
- C:\Windows\System\VLOOwia.exe
  C:\Windows\System\VLOOwia.exe
  2⤵
  PID:9656
- C:\Windows\System\APxkdTE.exe
  C:\Windows\System\APxkdTE.exe
  2⤵
  PID:9688
- C:\Windows\System\WRwEQrS.exe
  C:\Windows\System\WRwEQrS.exe
  2⤵
  PID:9712
- C:\Windows\System\EjPwtwJ.exe
  C:\Windows\System\EjPwtwJ.exe
  2⤵
  PID:9728
- C:\Windows\System\idckpWm.exe
  C:\Windows\System\idckpWm.exe
  2⤵
  PID:9760
- C:\Windows\System\eKKegSe.exe
  C:\Windows\System\eKKegSe.exe
  2⤵
  PID:9792
- C:\Windows\System\sbiaGeh.exe
  C:\Windows\System\sbiaGeh.exe
  2⤵
  PID:9836
- C:\Windows\System\JKDvsMP.exe
  C:\Windows\System\JKDvsMP.exe
  2⤵
  PID:9864
- C:\Windows\System\EdWnsOG.exe
  C:\Windows\System\EdWnsOG.exe
  2⤵
  PID:9892
- C:\Windows\System\ZxylOcl.exe
  C:\Windows\System\ZxylOcl.exe
  2⤵
  PID:9916
- C:\Windows\System\LqcFcuU.exe
  C:\Windows\System\LqcFcuU.exe
  2⤵
  PID:9936
- C:\Windows\System\voZNmrF.exe
  C:\Windows\System\voZNmrF.exe
  2⤵
  PID:9972
- C:\Windows\System\bluoHrs.exe
  C:\Windows\System\bluoHrs.exe
  2⤵
  PID:9992
- C:\Windows\System\wbuhfpN.exe
  C:\Windows\System\wbuhfpN.exe
  2⤵
  PID:10012
- C:\Windows\System\LvoQaMF.exe
  C:\Windows\System\LvoQaMF.exe
  2⤵
  PID:10040
- C:\Windows\System\BaMGhhe.exe
  C:\Windows\System\BaMGhhe.exe
  2⤵
  PID:10076
- C:\Windows\System\MzUBpLT.exe
  C:\Windows\System\MzUBpLT.exe
  2⤵
  PID:10092
- C:\Windows\System\REBkgPF.exe
  C:\Windows\System\REBkgPF.exe
  2⤵
  PID:10132
- C:\Windows\System\uRQkSyz.exe
  C:\Windows\System\uRQkSyz.exe
  2⤵
  PID:10192
- C:\Windows\System\akbijnm.exe
  C:\Windows\System\akbijnm.exe
  2⤵
  PID:10232
- C:\Windows\System\ozfXDtE.exe
  C:\Windows\System\ozfXDtE.exe
  2⤵
  PID:9236
- C:\Windows\System\bPCRgmN.exe
  C:\Windows\System\bPCRgmN.exe
  2⤵
  PID:9288
- C:\Windows\System\gpOgJUi.exe
  C:\Windows\System\gpOgJUi.exe
  2⤵
  PID:9352
- C:\Windows\System\SocdzAF.exe
  C:\Windows\System\SocdzAF.exe
  2⤵
  PID:9412
- C:\Windows\System\bdPoBPB.exe
  C:\Windows\System\bdPoBPB.exe
  2⤵
  PID:9520
- C:\Windows\System\aIMSGSV.exe
  C:\Windows\System\aIMSGSV.exe
  2⤵
  PID:9584
- C:\Windows\System\FcMDGLo.exe
  C:\Windows\System\FcMDGLo.exe
  2⤵
  PID:9620
- C:\Windows\System\DSBpKvq.exe
  C:\Windows\System\DSBpKvq.exe
  2⤵
  PID:9684
- C:\Windows\System\mRMTcyQ.exe
  C:\Windows\System\mRMTcyQ.exe
  2⤵
  PID:9744
- C:\Windows\System\EBIliVe.exe
  C:\Windows\System\EBIliVe.exe
  2⤵
  PID:9824
- C:\Windows\System\faCQLye.exe
  C:\Windows\System\faCQLye.exe
  2⤵
  PID:9884
- C:\Windows\System\NkdFBPK.exe
  C:\Windows\System\NkdFBPK.exe
  2⤵
  PID:9984
- C:\Windows\System\wTtEcDh.exe
  C:\Windows\System\wTtEcDh.exe
  2⤵
  PID:10000
- C:\Windows\System\CYuLjZE.exe
  C:\Windows\System\CYuLjZE.exe
  2⤵
  PID:10108
- C:\Windows\System\PXihRmr.exe
  C:\Windows\System\PXihRmr.exe
  2⤵
  PID:10144
- C:\Windows\System\VUfVMaG.exe
  C:\Windows\System\VUfVMaG.exe
  2⤵
  PID:9240
- C:\Windows\System\GKweczX.exe
  C:\Windows\System\GKweczX.exe
  2⤵
  PID:9428
- C:\Windows\System\cznJdWp.exe
  C:\Windows\System\cznJdWp.exe
  2⤵
  PID:9452
- C:\Windows\System\yamhNXS.exe
  C:\Windows\System\yamhNXS.exe
  2⤵
  PID:9668
- C:\Windows\System\xJMcBkY.exe
  C:\Windows\System\xJMcBkY.exe
  2⤵
  PID:9784
- C:\Windows\System\fSRKNzZ.exe
  C:\Windows\System\fSRKNzZ.exe
  2⤵
  PID:10032
- C:\Windows\System\vmzxWEv.exe
  C:\Windows\System\vmzxWEv.exe
  2⤵
  PID:10184
- C:\Windows\System\GETjGnL.exe
  C:\Windows\System\GETjGnL.exe
  2⤵
  PID:9228
- C:\Windows\System\HkPXsbZ.exe
  C:\Windows\System\HkPXsbZ.exe
  2⤵
  PID:9644
- C:\Windows\System\zLwGrSK.exe
  C:\Windows\System\zLwGrSK.exe
  2⤵
  PID:10112
- C:\Windows\System\bHgSBPp.exe
  C:\Windows\System\bHgSBPp.exe
  2⤵
  PID:9468
- C:\Windows\System\aeKByGR.exe
  C:\Windows\System\aeKByGR.exe
  2⤵
  PID:10252
- C:\Windows\System\gosWMas.exe
  C:\Windows\System\gosWMas.exe
  2⤵
  PID:10272
- C:\Windows\System\jPzENvX.exe
  C:\Windows\System\jPzENvX.exe
  2⤵
  PID:10308
- C:\Windows\System\NaWoZyL.exe
  C:\Windows\System\NaWoZyL.exe
  2⤵
  PID:10336
- C:\Windows\System\zkAewmh.exe
  C:\Windows\System\zkAewmh.exe
  2⤵
  PID:10364
- C:\Windows\System\BaNpZVT.exe
  C:\Windows\System\BaNpZVT.exe
  2⤵
  PID:10380
- C:\Windows\System\iwcsYQk.exe
  C:\Windows\System\iwcsYQk.exe
  2⤵
  PID:10408
- C:\Windows\System\XgecfQB.exe
  C:\Windows\System\XgecfQB.exe
  2⤵
  PID:10448
- C:\Windows\System\BzJozcU.exe
  C:\Windows\System\BzJozcU.exe
  2⤵
  PID:10476
- C:\Windows\System\FSEUffN.exe
  C:\Windows\System\FSEUffN.exe
  2⤵
  PID:10496
- C:\Windows\System\hvIdcpF.exe
  C:\Windows\System\hvIdcpF.exe
  2⤵
  PID:10532
- C:\Windows\System\IGkPfTQ.exe
  C:\Windows\System\IGkPfTQ.exe
  2⤵
  PID:10548
- C:\Windows\System\yTsdSFx.exe
  C:\Windows\System\yTsdSFx.exe
  2⤵
  PID:10576
- C:\Windows\System\TOfdZat.exe
  C:\Windows\System\TOfdZat.exe
  2⤵
  PID:10604
- C:\Windows\System\wFnmrXx.exe
  C:\Windows\System\wFnmrXx.exe
  2⤵
  PID:10632
- C:\Windows\System\LnNIoAY.exe
  C:\Windows\System\LnNIoAY.exe
  2⤵
  PID:10672
- C:\Windows\System\RGmqKTv.exe
  C:\Windows\System\RGmqKTv.exe
  2⤵
  PID:10704
- C:\Windows\System\TDNaGxX.exe
  C:\Windows\System\TDNaGxX.exe
  2⤵
  PID:10728
- C:\Windows\System\nhUFZLf.exe
  C:\Windows\System\nhUFZLf.exe
  2⤵
  PID:10752
- C:\Windows\System\lUVlbGR.exe
  C:\Windows\System\lUVlbGR.exe
  2⤵
  PID:10776
- C:\Windows\System\vbmGLWB.exe
  C:\Windows\System\vbmGLWB.exe
  2⤵
  PID:10816
- C:\Windows\System\WmPJQkH.exe
  C:\Windows\System\WmPJQkH.exe
  2⤵
  PID:10836
- C:\Windows\System\EnZQxXv.exe
  C:\Windows\System\EnZQxXv.exe
  2⤵
  PID:10856
- C:\Windows\System\QkPNZML.exe
  C:\Windows\System\QkPNZML.exe
  2⤵
  PID:10900
- C:\Windows\System\qmvPdwo.exe
  C:\Windows\System\qmvPdwo.exe
  2⤵
  PID:10928
- C:\Windows\System\GrENfht.exe
  C:\Windows\System\GrENfht.exe
  2⤵
  PID:10944
- C:\Windows\System\xuMyQSy.exe
  C:\Windows\System\xuMyQSy.exe
  2⤵
  PID:10980
- C:\Windows\System\bHqcqfU.exe
  C:\Windows\System\bHqcqfU.exe
  2⤵
  PID:10996
- C:\Windows\System\YrFgsQh.exe
  C:\Windows\System\YrFgsQh.exe
  2⤵
  PID:11016
- C:\Windows\System\uDHUadN.exe
  C:\Windows\System\uDHUadN.exe
  2⤵
  PID:11044
- C:\Windows\System\GawXbNX.exe
  C:\Windows\System\GawXbNX.exe
  2⤵
  PID:11064
- C:\Windows\System\SYxZMUe.exe
  C:\Windows\System\SYxZMUe.exe
  2⤵
  PID:11100
- C:\Windows\System\meIAaGt.exe
  C:\Windows\System\meIAaGt.exe
  2⤵
  PID:11140
- C:\Windows\System\bHmOyjS.exe
  C:\Windows\System\bHmOyjS.exe
  2⤵
  PID:11156
- C:\Windows\System\JejRhsG.exe
  C:\Windows\System\JejRhsG.exe
  2⤵
  PID:11196
- C:\Windows\System\BliEOJE.exe
  C:\Windows\System\BliEOJE.exe
  2⤵
  PID:11220
- C:\Windows\System\zQhTylK.exe
  C:\Windows\System\zQhTylK.exe
  2⤵
  PID:9856
- C:\Windows\System\WOYhRQP.exe
  C:\Windows\System\WOYhRQP.exe
  2⤵
  PID:10288
- C:\Windows\System\FEkKjxU.exe
  C:\Windows\System\FEkKjxU.exe
  2⤵
  PID:10320
- C:\Windows\System\EmKmpmN.exe
  C:\Windows\System\EmKmpmN.exe
  2⤵
  PID:10396
- C:\Windows\System\SAGUhhQ.exe
  C:\Windows\System\SAGUhhQ.exe
  2⤵
  PID:10460
- C:\Windows\System\CCXDeiW.exe
  C:\Windows\System\CCXDeiW.exe
  2⤵
  PID:10516
- C:\Windows\System\PGLIIhU.exe
  C:\Windows\System\PGLIIhU.exe
  2⤵
  PID:10568
- C:\Windows\System\HDHSmas.exe
  C:\Windows\System\HDHSmas.exe
  2⤵
  PID:10616
- C:\Windows\System\wGQqcQz.exe
  C:\Windows\System\wGQqcQz.exe
  2⤵
  PID:10696
- C:\Windows\System\QPhJVZo.exe
  C:\Windows\System\QPhJVZo.exe
  2⤵
  PID:10812
- C:\Windows\System\BZCjdCj.exe
  C:\Windows\System\BZCjdCj.exe
  2⤵
  PID:10880
- C:\Windows\System\rPQQZsc.exe
  C:\Windows\System\rPQQZsc.exe
  2⤵
  PID:10936
- C:\Windows\System\RZEWsuY.exe
  C:\Windows\System\RZEWsuY.exe
  2⤵
  PID:10992
- C:\Windows\System\aGgBhAE.exe
  C:\Windows\System\aGgBhAE.exe
  2⤵
  PID:11060
- C:\Windows\System\ELLaIrv.exe
  C:\Windows\System\ELLaIrv.exe
  2⤵
  PID:11108
- C:\Windows\System\lUTcGFf.exe
  C:\Windows\System\lUTcGFf.exe
  2⤵
  PID:11180
- C:\Windows\System\hePFajH.exe
  C:\Windows\System\hePFajH.exe
  2⤵
  PID:11244
- C:\Windows\System\mwdfEgg.exe
  C:\Windows\System\mwdfEgg.exe
  2⤵
  PID:10328
- C:\Windows\System\RClgWqN.exe
  C:\Windows\System\RClgWqN.exe
  2⤵
  PID:10504
- C:\Windows\System\HAdPNrj.exe
  C:\Windows\System\HAdPNrj.exe
  2⤵
  PID:10588
- C:\Windows\System\SEUNndu.exe
  C:\Windows\System\SEUNndu.exe
  2⤵
  PID:10852
- C:\Windows\System\bLPcOAi.exe
  C:\Windows\System\bLPcOAi.exe
  2⤵
  PID:11004
- C:\Windows\System\YkNRaBs.exe
  C:\Windows\System\YkNRaBs.exe
  2⤵
  PID:11036
- C:\Windows\System\NZTyAKD.exe
  C:\Windows\System\NZTyAKD.exe
  2⤵
  PID:11256
- C:\Windows\System\OZeiWdX.exe
  C:\Windows\System\OZeiWdX.exe
  2⤵
  PID:10540
- C:\Windows\System\oletcpr.exe
  C:\Windows\System\oletcpr.exe
  2⤵
  PID:10668
- C:\Windows\System\QwTJkZU.exe
  C:\Windows\System\QwTJkZU.exe
  2⤵
  PID:11076
- C:\Windows\System\lUmjoLu.exe
  C:\Windows\System\lUmjoLu.exe
  2⤵
  PID:11268
- C:\Windows\System\hGxSbmw.exe
  C:\Windows\System\hGxSbmw.exe
  2⤵
  PID:11284
- C:\Windows\System\tpySEoj.exe
  C:\Windows\System\tpySEoj.exe
  2⤵
  PID:11308
- C:\Windows\System\JhifQwn.exe
  C:\Windows\System\JhifQwn.exe
  2⤵
  PID:11332
- C:\Windows\System\LHZYXEU.exe
  C:\Windows\System\LHZYXEU.exe
  2⤵
  PID:11372
- C:\Windows\System\Bxcnubc.exe
  C:\Windows\System\Bxcnubc.exe
  2⤵
  PID:11396
- C:\Windows\System\RhhlAgQ.exe
  C:\Windows\System\RhhlAgQ.exe
  2⤵
  PID:11412
- C:\Windows\System\VajRWUo.exe
  C:\Windows\System\VajRWUo.exe
  2⤵
  PID:11452
- C:\Windows\System\WxfYfED.exe
  C:\Windows\System\WxfYfED.exe
  2⤵
  PID:11496
- C:\Windows\System\dJNeqxT.exe
  C:\Windows\System\dJNeqxT.exe
  2⤵
  PID:11532
- C:\Windows\System\CavAEPe.exe
  C:\Windows\System\CavAEPe.exe
  2⤵
  PID:11560
- C:\Windows\System\pVOdVwe.exe
  C:\Windows\System\pVOdVwe.exe
  2⤵
  PID:11588
- C:\Windows\System\iLiVBmf.exe
  C:\Windows\System\iLiVBmf.exe
  2⤵
  PID:11604
- C:\Windows\System\QFUYseX.exe
  C:\Windows\System\QFUYseX.exe
  2⤵
  PID:11632
- C:\Windows\System\apfYuos.exe
  C:\Windows\System\apfYuos.exe
  2⤵
  PID:11672
- C:\Windows\System\KtJeRXz.exe
  C:\Windows\System\KtJeRXz.exe
  2⤵
  PID:11688
- C:\Windows\System\SZfhIoi.exe
  C:\Windows\System\SZfhIoi.exe
  2⤵
  PID:11704
- C:\Windows\System\zSTCblg.exe
  C:\Windows\System\zSTCblg.exe
  2⤵
  PID:11736
- C:\Windows\System\CVNOFiP.exe
  C:\Windows\System\CVNOFiP.exe
  2⤵
  PID:11772
- C:\Windows\System\dzSqEqn.exe
  C:\Windows\System\dzSqEqn.exe
  2⤵
  PID:11800
- C:\Windows\System\LAvCOSS.exe
  C:\Windows\System\LAvCOSS.exe
  2⤵
  PID:11840
- C:\Windows\System\awPxuJR.exe
  C:\Windows\System\awPxuJR.exe
  2⤵
  PID:11868
- C:\Windows\System\XrXkQWY.exe
  C:\Windows\System\XrXkQWY.exe
  2⤵
  PID:11884
- C:\Windows\System\UGOPlwd.exe
  C:\Windows\System\UGOPlwd.exe
  2⤵
  PID:11924
- C:\Windows\System\lIFXbUS.exe
  C:\Windows\System\lIFXbUS.exe
  2⤵
  PID:11952
- C:\Windows\System\bqVjOyV.exe
  C:\Windows\System\bqVjOyV.exe
  2⤵
  PID:11980
- C:\Windows\System\daPPasf.exe
  C:\Windows\System\daPPasf.exe
  2⤵
  PID:12000
- C:\Windows\System\JlLOucs.exe
  C:\Windows\System\JlLOucs.exe
  2⤵
  PID:12024
- C:\Windows\System\CwVrtwU.exe
  C:\Windows\System\CwVrtwU.exe
  2⤵
  PID:12064
- C:\Windows\System\ngyUfHf.exe
  C:\Windows\System\ngyUfHf.exe
  2⤵
  PID:12092
- C:\Windows\System\dyLdxGn.exe
  C:\Windows\System\dyLdxGn.exe
  2⤵
  PID:12120
- C:\Windows\System\FDUDgVT.exe
  C:\Windows\System\FDUDgVT.exe
  2⤵
  PID:12148
- C:\Windows\System\ApKvviG.exe
  C:\Windows\System\ApKvviG.exe
  2⤵
  PID:12176
- C:\Windows\System\wLknFAz.exe
  C:\Windows\System\wLknFAz.exe
  2⤵
  PID:12204
- C:\Windows\System\jsBiWOz.exe
  C:\Windows\System\jsBiWOz.exe
  2⤵
  PID:12220
- C:\Windows\System\QHTumFz.exe
  C:\Windows\System\QHTumFz.exe
  2⤵
  PID:12256
- C:\Windows\System\GCOwXQH.exe
  C:\Windows\System\GCOwXQH.exe
  2⤵
  PID:11280
- C:\Windows\System\tbENkMp.exe
  C:\Windows\System\tbENkMp.exe
  2⤵
  PID:11292
- C:\Windows\System\GyLxpdK.exe
  C:\Windows\System\GyLxpdK.exe
  2⤵
  PID:11360
- C:\Windows\System\AgLCKrF.exe
  C:\Windows\System\AgLCKrF.exe
  2⤵
  PID:11472
- C:\Windows\System\RywCjJM.exe
  C:\Windows\System\RywCjJM.exe
  2⤵
  PID:3964
- C:\Windows\System\Hcnuqil.exe
  C:\Windows\System\Hcnuqil.exe
  2⤵
  PID:11616
- C:\Windows\System\RXFdBoT.exe
  C:\Windows\System\RXFdBoT.exe
  2⤵
  PID:11660
- C:\Windows\System\qMQluRp.exe
  C:\Windows\System\qMQluRp.exe
  2⤵
  PID:11748
- C:\Windows\System\GmkZBrr.exe
  C:\Windows\System\GmkZBrr.exe
  2⤵
  PID:11796
- C:\Windows\System\pgiwePH.exe
  C:\Windows\System\pgiwePH.exe
  2⤵
  PID:11856
- C:\Windows\System\BtpuRzg.exe
  C:\Windows\System\BtpuRzg.exe
  2⤵
  PID:11964
- C:\Windows\System\RBaPqmY.exe
  C:\Windows\System\RBaPqmY.exe
  2⤵
  PID:12016
- C:\Windows\System\KiYStNJ.exe
  C:\Windows\System\KiYStNJ.exe
  2⤵
  PID:12060
- C:\Windows\System\jpfqxlF.exe
  C:\Windows\System\jpfqxlF.exe
  2⤵
  PID:4272
- C:\Windows\System\wcCAAKg.exe
  C:\Windows\System\wcCAAKg.exe
  2⤵
  PID:12132
- C:\Windows\System\jMZeKWY.exe
  C:\Windows\System\jMZeKWY.exe
  2⤵
  PID:10304
- C:\Windows\System\LnDpgaz.exe
  C:\Windows\System\LnDpgaz.exe
  2⤵
  PID:11424
- C:\Windows\System\gEvmvJL.exe
  C:\Windows\System\gEvmvJL.exe
  2⤵
  PID:11580
- C:\Windows\System\TdcLxsI.exe
  C:\Windows\System\TdcLxsI.exe
  2⤵
  PID:11696
- C:\Windows\System\FmgaDuz.exe
  C:\Windows\System\FmgaDuz.exe
  2⤵
  PID:11860
- C:\Windows\System\evgXGfE.exe
  C:\Windows\System\evgXGfE.exe
  2⤵
  PID:12240
- C:\Windows\System\VuCvLDg.exe
  C:\Windows\System\VuCvLDg.exe
  2⤵
  PID:11436
- C:\Windows\System\DQGUrNM.exe
  C:\Windows\System\DQGUrNM.exe
  2⤵
  PID:11788
- C:\Windows\System\ccmbtpq.exe
  C:\Windows\System\ccmbtpq.exe
  2⤵
  PID:1848
- C:\Windows\System\ycBMWJv.exe
  C:\Windows\System\ycBMWJv.exe
  2⤵
  PID:12188
- C:\Windows\System\rhUGxUX.exe
  C:\Windows\System\rhUGxUX.exe
  2⤵
  PID:12296
- C:\Windows\System\FqGuhRT.exe
  C:\Windows\System\FqGuhRT.exe
  2⤵
  PID:12324
- C:\Windows\System\DAtFUpK.exe
  C:\Windows\System\DAtFUpK.exe
  2⤵
  PID:12340
- C:\Windows\System\znVSYbJ.exe
  C:\Windows\System\znVSYbJ.exe
  2⤵
  PID:12384
- C:\Windows\System\rMYyiNd.exe
  C:\Windows\System\rMYyiNd.exe
  2⤵
  PID:12400
- C:\Windows\System\cNrbMge.exe
  C:\Windows\System\cNrbMge.exe
  2⤵
  PID:12416
- C:\Windows\System\HlaQcQW.exe
  C:\Windows\System\HlaQcQW.exe
  2⤵
  PID:12432
- C:\Windows\System\DrOIQcN.exe
  C:\Windows\System\DrOIQcN.exe
  2⤵
  PID:12488
- C:\Windows\System\HFCjyRv.exe
  C:\Windows\System\HFCjyRv.exe
  2⤵
  PID:12504
- C:\Windows\System\NVJCkOb.exe
  C:\Windows\System\NVJCkOb.exe
  2⤵
  PID:12524
- C:\Windows\System\ssVjnUl.exe
  C:\Windows\System\ssVjnUl.exe
  2⤵
  PID:12560
- C:\Windows\System\dQcDBLT.exe
  C:\Windows\System\dQcDBLT.exe
  2⤵
  PID:12632
- C:\Windows\System\UMXrOxF.exe
  C:\Windows\System\UMXrOxF.exe
  2⤵
  PID:12660
- C:\Windows\System\RdsdtlH.exe
  C:\Windows\System\RdsdtlH.exe
  2⤵
  PID:12688
- C:\Windows\System\oXpYDiD.exe
  C:\Windows\System\oXpYDiD.exe
  2⤵
  PID:12704
- C:\Windows\System\iozeHFj.exe
  C:\Windows\System\iozeHFj.exe
  2⤵
  PID:12736
- C:\Windows\System\sSIDqtl.exe
  C:\Windows\System\sSIDqtl.exe
  2⤵
  PID:12760
- C:\Windows\System\YpsUSWN.exe
  C:\Windows\System\YpsUSWN.exe
  2⤵
  PID:12800
- C:\Windows\System\xQXDScF.exe
  C:\Windows\System\xQXDScF.exe
  2⤵
  PID:12828
- C:\Windows\System\ddCEBPW.exe
  C:\Windows\System\ddCEBPW.exe
  2⤵
  PID:12856
- C:\Windows\System\MWYvmaw.exe
  C:\Windows\System\MWYvmaw.exe
  2⤵
  PID:12884
- C:\Windows\System\zGjFYRt.exe
  C:\Windows\System\zGjFYRt.exe
  2⤵
  PID:12900
- C:\Windows\System\XTVhhlS.exe
  C:\Windows\System\XTVhhlS.exe
  2⤵
  PID:12932
- C:\Windows\System\MjzfAvM.exe
  C:\Windows\System\MjzfAvM.exe
  2⤵
  PID:12956
- C:\Windows\System\SvqXBid.exe
  C:\Windows\System\SvqXBid.exe
  2⤵
  PID:12988
- C:\Windows\System\XsAFWQY.exe
  C:\Windows\System\XsAFWQY.exe
  2⤵
  PID:13012
- C:\Windows\System\lnVnwDj.exe
  C:\Windows\System\lnVnwDj.exe
  2⤵
  PID:13028
- C:\Windows\System\aZUuzIM.exe
  C:\Windows\System\aZUuzIM.exe
  2⤵
  PID:13048
- C:\Windows\System\IMXIpfp.exe
  C:\Windows\System\IMXIpfp.exe
  2⤵
  PID:13076
- C:\Windows\System\hFEKpLa.exe
  C:\Windows\System\hFEKpLa.exe
  2⤵
  PID:13112
- C:\Windows\System\KVmMGCZ.exe
  C:\Windows\System\KVmMGCZ.exe
  2⤵
  PID:13140
- C:\Windows\System\PIKDhNt.exe
  C:\Windows\System\PIKDhNt.exe
  2⤵
  PID:13184
- C:\Windows\System\nwBcanx.exe
  C:\Windows\System\nwBcanx.exe
  2⤵
  PID:13212
- C:\Windows\System\narQgSA.exe
  C:\Windows\System\narQgSA.exe
  2⤵
  PID:13228
- C:\Windows\System\TLreUBU.exe
  C:\Windows\System\TLreUBU.exe
  2⤵
  PID:13268
- C:\Windows\System\eYLfYXk.exe
  C:\Windows\System\eYLfYXk.exe
  2⤵
  PID:13308
- C:\Windows\System\ulqApYT.exe
  C:\Windows\System\ulqApYT.exe
  2⤵
  PID:12332
- C:\Windows\System\kronueF.exe
  C:\Windows\System\kronueF.exe
  2⤵
  PID:12368
- C:\Windows\System\sWHStMr.exe
  C:\Windows\System\sWHStMr.exe
  2⤵
  PID:12476
- C:\Windows\System\AlMEwlv.exe
  C:\Windows\System\AlMEwlv.exe
  2⤵
  PID:12552
- C:\Windows\System\AQCczVg.exe
  C:\Windows\System\AQCczVg.exe
  2⤵
  PID:12588
- C:\Windows\System\eLyYaEp.exe
  C:\Windows\System\eLyYaEp.exe
  2⤵
  PID:12652
- C:\Windows\System\ZTQSJaa.exe
  C:\Windows\System\ZTQSJaa.exe
  2⤵
  PID:12724
- C:\Windows\System\GHNAcQy.exe
  C:\Windows\System\GHNAcQy.exe
  2⤵
  PID:12792
- C:\Windows\System\IGYaxOg.exe
  C:\Windows\System\IGYaxOg.exe
  2⤵
  PID:12872
- C:\Windows\System\IPBTwQh.exe
  C:\Windows\System\IPBTwQh.exe
  2⤵
  PID:12968
- C:\Windows\System\KjmpVBo.exe
  C:\Windows\System\KjmpVBo.exe
  2⤵
  PID:13000
- C:\Windows\System\zoFgJgr.exe
  C:\Windows\System\zoFgJgr.exe
  2⤵
  PID:13108
- C:\Windows\System\UoKbICA.exe
  C:\Windows\System\UoKbICA.exe
  2⤵
  PID:13168
- C:\Windows\System\JDPKYQv.exe
  C:\Windows\System\JDPKYQv.exe
  2⤵
  PID:4376
- C:\Windows\System\ToooDwM.exe
  C:\Windows\System\ToooDwM.exe
  2⤵
  PID:13252
- C:\Windows\System\JClGPCY.exe
  C:\Windows\System\JClGPCY.exe
  2⤵
  PID:13284
- C:\Windows\System\kyqQpjh.exe
  C:\Windows\System\kyqQpjh.exe
  2⤵
  PID:12412
- C:\Windows\System\YESYymz.exe
  C:\Windows\System\YESYymz.exe
  2⤵
  PID:12580
- C:\Windows\System\PzxEtAc.exe
  C:\Windows\System\PzxEtAc.exe
  2⤵
  PID:12684
- C:\Windows\System\GSxCyPH.exe
  C:\Windows\System\GSxCyPH.exe
  2⤵
  PID:12972
- C:\Windows\System\ltyOIgs.exe
  C:\Windows\System\ltyOIgs.exe
  2⤵
  PID:13132
- C:\Windows\System\ofzxfTb.exe
  C:\Windows\System\ofzxfTb.exe
  2⤵
  PID:13296
- C:\Windows\System\TNTjAHa.exe
  C:\Windows\System\TNTjAHa.exe
  2⤵
  PID:12464
- C:\Windows\System\pWDqsTT.exe
  C:\Windows\System\pWDqsTT.exe
  2⤵
  PID:12944
- C:\Windows\System\EOMUgfp.exe
  C:\Windows\System\EOMUgfp.exe
  2⤵
  PID:13068
- C:\Windows\System\IATovXP.exe
  C:\Windows\System\IATovXP.exe
  2⤵
  PID:12628
- C:\Windows\System\NgkSdYG.exe
  C:\Windows\System\NgkSdYG.exe
  2⤵
  PID:12752
- C:\Windows\System\wJiJXlk.exe
  C:\Windows\System\wJiJXlk.exe
  2⤵
  PID:13336
- C:\Windows\System\mlgOLFz.exe
  C:\Windows\System\mlgOLFz.exe
  2⤵
  PID:13364
- C:\Windows\System\ZJikDVl.exe
  C:\Windows\System\ZJikDVl.exe
  2⤵
  PID:13392
- C:\Windows\System\vTRQbeN.exe
  C:\Windows\System\vTRQbeN.exe
  2⤵
  PID:13420
- C:\Windows\System\ICUDpdv.exe
  C:\Windows\System\ICUDpdv.exe
  2⤵
  PID:13448
- C:\Windows\System\pmHIXPV.exe
  C:\Windows\System\pmHIXPV.exe
  2⤵
  PID:13476
- C:\Windows\System\MQHHosa.exe
  C:\Windows\System\MQHHosa.exe
  2⤵
  PID:13504
- C:\Windows\System\MurSefb.exe
  C:\Windows\System\MurSefb.exe
  2⤵
  PID:13532
- C:\Windows\System\xaSAlBU.exe
  C:\Windows\System\xaSAlBU.exe
  2⤵
  PID:13560
- C:\Windows\System\ssQUTNb.exe
  C:\Windows\System\ssQUTNb.exe
  2⤵
  PID:13592
- C:\Windows\System\ELjmOXw.exe
  C:\Windows\System\ELjmOXw.exe
  2⤵
  PID:13620
- C:\Windows\System\ikuxUOD.exe
  C:\Windows\System\ikuxUOD.exe
  2⤵
  PID:13640
- C:\Windows\System\UjXwwdu.exe
  C:\Windows\System\UjXwwdu.exe
  2⤵
  PID:13676
- C:\Windows\System\vUwWUkK.exe
  C:\Windows\System\vUwWUkK.exe
  2⤵
  PID:13704
- C:\Windows\System\eTolNHB.exe
  C:\Windows\System\eTolNHB.exe
  2⤵
  PID:13732
- C:\Windows\System\rTFxzLq.exe
  C:\Windows\System\rTFxzLq.exe
  2⤵
  PID:13760
- C:\Windows\System\HbiscRH.exe
  C:\Windows\System\HbiscRH.exe
  2⤵
  PID:13788
- C:\Windows\System\JGRCQZw.exe
  C:\Windows\System\JGRCQZw.exe
  2⤵
  PID:13816
- C:\Windows\System\yXufHuC.exe
  C:\Windows\System\yXufHuC.exe
  2⤵
  PID:13844
- C:\Windows\System\GLvHHnh.exe
  C:\Windows\System\GLvHHnh.exe
  2⤵
  PID:13872
- C:\Windows\System\fhyxwic.exe
  C:\Windows\System\fhyxwic.exe
  2⤵
  PID:13900
- C:\Windows\System\BsyWyyn.exe
  C:\Windows\System\BsyWyyn.exe
  2⤵
  PID:13932
- C:\Windows\System\GWAtHFr.exe
  C:\Windows\System\GWAtHFr.exe
  2⤵
  PID:13960
- C:\Windows\System\AYdLjHH.exe
  C:\Windows\System\AYdLjHH.exe
  2⤵
  PID:13988
- C:\Windows\System\xFHkimH.exe
  C:\Windows\System\xFHkimH.exe
  2⤵
  PID:14016
- C:\Windows\System\oWIqbYy.exe
  C:\Windows\System\oWIqbYy.exe
  2⤵
  PID:14048
- C:\Windows\System\UjFQZxG.exe
  C:\Windows\System\UjFQZxG.exe
  2⤵
  PID:14076
- C:\Windows\System\zruPHTS.exe
  C:\Windows\System\zruPHTS.exe
  2⤵
  PID:14104
- C:\Windows\System\WHMHtnx.exe
  C:\Windows\System\WHMHtnx.exe
  2⤵
  PID:14132
- C:\Windows\System\RyKXlzP.exe
  C:\Windows\System\RyKXlzP.exe
  2⤵
  PID:14160
- C:\Windows\System\fqtsbIl.exe
  C:\Windows\System\fqtsbIl.exe
  2⤵
  PID:14188
- C:\Windows\System\pVmEnnx.exe
  C:\Windows\System\pVmEnnx.exe
  2⤵
  PID:14216
- C:\Windows\System\irmSYMi.exe
  C:\Windows\System\irmSYMi.exe
  2⤵
  PID:14244
- C:\Windows\System\tPeooQk.exe
  C:\Windows\System\tPeooQk.exe
  2⤵
  PID:14272
- C:\Windows\System\pYMZyVQ.exe
  C:\Windows\System\pYMZyVQ.exe
  2⤵
  PID:14300
- C:\Windows\System\OqBGnXN.exe
  C:\Windows\System\OqBGnXN.exe
  2⤵
  PID:14316
- C:\Windows\System\bwFyrPa.exe
  C:\Windows\System\bwFyrPa.exe
  2⤵
  PID:13356
- C:\Windows\System\YLkvSIf.exe
  C:\Windows\System\YLkvSIf.exe
  2⤵
  PID:13412
- C:\Windows\System\nKcEJrD.exe
  C:\Windows\System\nKcEJrD.exe
  2⤵
  PID:13488
- C:\Windows\System\rFEAGvu.exe
  C:\Windows\System\rFEAGvu.exe
  2⤵
  PID:13544
- C:\Windows\System\wYtoRSQ.exe
  C:\Windows\System\wYtoRSQ.exe
  2⤵
  PID:13608
- C:\Windows\System\SlbnBbg.exe
  C:\Windows\System\SlbnBbg.exe
  2⤵
  PID:13688
- C:\Windows\System\xFhtFXO.exe
  C:\Windows\System\xFhtFXO.exe
  2⤵
  PID:13208
- C:\Windows\System\XhglMad.exe
  C:\Windows\System\XhglMad.exe
  2⤵
  PID:13808
- C:\Windows\System\LFIICWK.exe
  C:\Windows\System\LFIICWK.exe
  2⤵
  PID:13868
- C:\Windows\System\AFPEScq.exe
  C:\Windows\System\AFPEScq.exe
  2⤵
  PID:13948
- C:\Windows\System\qPsmepk.exe
  C:\Windows\System\qPsmepk.exe
  2⤵
  PID:14008
- C:\Windows\System\ErUbFkH.exe
  C:\Windows\System\ErUbFkH.exe
  2⤵
  PID:14072
- C:\Windows\System\lpPQjrD.exe
  C:\Windows\System\lpPQjrD.exe
  2⤵
  PID:14148
- C:\Windows\System\MQpCBeh.exe
  C:\Windows\System\MQpCBeh.exe
  2⤵
  PID:14212
- C:\Windows\System\FLVIbAd.exe
  C:\Windows\System\FLVIbAd.exe
  2⤵
  PID:14260
- C:\Windows\System\mtCtYfK.exe
  C:\Windows\System\mtCtYfK.exe
  2⤵
  PID:14312
- C:\Windows\System\PvfojiG.exe
  C:\Windows\System\PvfojiG.exe
  2⤵
  PID:13404
- C:\Windows\System\gUCxCVv.exe
  C:\Windows\System\gUCxCVv.exe
  2⤵
  PID:13588
- C:\Windows\System\BEUUxuM.exe
  C:\Windows\System\BEUUxuM.exe
  2⤵
  PID:13776
- C:\Windows\System\mCFpuxe.exe
  C:\Windows\System\mCFpuxe.exe
  2⤵
  PID:13924
- C:\Windows\System\mDGkjOI.exe
  C:\Windows\System\mDGkjOI.exe
  2⤵
  PID:14128
- C:\Windows\System\oqzfENV.exe
  C:\Windows\System\oqzfENV.exe
  2⤵
  PID:14236
- C:\Windows\System\AfKasOJ.exe
  C:\Windows\System\AfKasOJ.exe
  2⤵
  PID:12516
- C:\Windows\System\qevtZKp.exe
  C:\Windows\System\qevtZKp.exe
  2⤵
  PID:13728
- C:\Windows\System\vnnyxdh.exe
  C:\Windows\System\vnnyxdh.exe
  2⤵
  PID:14100
- C:\Windows\System\jfoODHh.exe
  C:\Windows\System\jfoODHh.exe
  2⤵
  PID:13672
- C:\Windows\System\zceJHCL.exe
  C:\Windows\System\zceJHCL.exe
  2⤵
  PID:14040

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BzuEbEO.exe

Filesize
2.3MB

MD5
28b96d7420eefb927d1e465429105cfa

SHA1
df3cff133633c218db0c5a44f368b7295ff4a958

SHA256
0606187ffa92323639418f5b5d2000eea4c60dde96ce002e2d38735456c1a018

SHA512
d2575c829566a4c5da3ee32543b4cebf3402d5c50a734193b3e2c3ac9f037c044c7909c7bc6841dea8a69f5c0ad2568c81c8a06ceaacdeac9396fc93a3ae10d7

Download Submit
C:\Windows\System\CedvyMk.exe

Filesize
2.3MB

MD5
6f286abf64e3fb699b67d6a30455a31b

SHA1
c809b78244b2bc0c87849f19869fb79662ce0fa1

SHA256
ccbfdca96ce31ee122c7a816aa98eb95dadd483f703de0450c7a8cf0b0f23901

SHA512
d730cb93d48fabcd94b799df9ddc5e55cb7577af9138000d24ac334df175bb40fb6a1cfc2826792c0dfa6c4eff356287e5ad15b9a4dcd2b94213336be9d6dcc6

Download Submit
C:\Windows\System\ChDSaym.exe

Filesize
2.3MB

MD5
ac0c10fb1ede720968937910c4b91409

SHA1
864ebf880114be747df0e5b8df9893ffbeb0cfee

SHA256
8b049dc6e0d4c95d33e8adb78f9a62b7986d0ec76d4130e13ee19e76dbe6a1ad

SHA512
81185982307c3f92b5e558586b67b5fb20d249ba6d9c5932305c6d99eafd4d951dc143513b5770ac721508b23d8157b29ff3829a68691b09b7c089e9980e6ce3

Download Submit
C:\Windows\System\ChmVSEL.exe

Filesize
2.3MB

MD5
3f7f73533d37cd6f4c1b21f4b6f632ed

SHA1
ea0f83d4bc256bc0bfaa50b4b1b0c352bf604229

SHA256
563cf3a2b9ff91e2cb3c5b1cde68774bb5710fb2644664f7e1c9d3d9d2adc1de

SHA512
2b67d51f09a80a377cc3d1a8c4e2441113fa5c5719762e174da743b3d992a4a873679882557d65d4de9bc4043a093a79a41fa4e613e62bab81e7e69782f46400

Download Submit
C:\Windows\System\EBKIpfo.exe

Filesize
2.3MB

MD5
19c594eef0ae3469b3dcc26d49ec843e

SHA1
d275c27c946c1828b5c8095a41ebfdba80d3a24f

SHA256
7960f769f38e48a4d4aab9bcce4549d819b82e6261d6ee98379e357c59b5f61f

SHA512
5d7b8c8b9338e2af6961c630f294ad33f340d83fc1ec11dacd4cb5aeda8e8510922337662188f07559e1f337188122706132ae9ad3169f66acc940f7ba562a59

Download Submit
C:\Windows\System\FzpORgu.exe

Filesize
2.3MB

MD5
745362db3f8cc3bd31dac940065a390a

SHA1
3632c5f5fc21f759cec9f65fce00e763ef7487c5

SHA256
a2c3cf57615f545cafecb5f3a71d2953fe56a03705ae67a853b75b1d01ac7638

SHA512
4019eafe6029437185804358be4220805b1ef457d4dbc1b3aabc591de9006326187fc8ac30db021ab791b553f4ceab632aac4099c1d0029fa4d0639ba7f11a61

Download Submit
C:\Windows\System\GenssCW.exe

Filesize
2.3MB

MD5
898c3c30e05aad52ae360b3cd992e89f

SHA1
490b49309cbb1ceca09e3aa64efe21773ef49db4

SHA256
7c1f2bb9ebe93d4a37eeb56c7443aa2366f49799a663036d066af72726fafd5e

SHA512
1b1d975e34a0193f02ed831b49dd6b156c721c4a80cca39ada60a8f952ad802d4240bc6e25267df9e83640d3057146e297c973cb2e1b4d2f8be98d46df191804

Download Submit
C:\Windows\System\HEimvxY.exe

Filesize
2.3MB

MD5
7d07cd7f5af7a4c9632d4851f490c743

SHA1
fd13891ec691428c24f96ca3195da2a0fc81490b

SHA256
694db08734b01a61534f9588add88cc79cb0949342ff1846becde72e8c3b4fd8

SHA512
38a5719ed874300a5bee841a3771e3ff18b98daa0fca57fa1c0dd1e0836b2227319c888c72c74f409b5b7aee67d14a028e5b9c0c67d6ee482067685367ff80de

Download Submit
C:\Windows\System\IkxJKcF.exe

Filesize
2.3MB

MD5
3a6d201e10f76c4adb9313214bda942e

SHA1
18298810d25739ef11720a1cb4479a55d1b3bcd9

SHA256
c05823ab80198c88ddc0d71d274e7ecdbea884d5fbf495400d8451c4bafdedf2

SHA512
60461956b59989867d21ab1c51d4902ee70e32128cdd5f7307e820d643322e5516475e1f186b643c74967b8399eb16bd309561abf16665c18ae1da81ebbfe898

Download Submit
C:\Windows\System\LahRaaS.exe

Filesize
2.3MB

MD5
d5bae36cd45fc004cecd8cbf1adbfe9e

SHA1
284b7dc9eea367061282942dde6b2b641eef44aa

SHA256
eb4d279620bc67c6b7727f0d5ac1d6e70cba678aa679aac749731335ee6e5f84

SHA512
635c0e1b8776f12987718ff1290b2761a563a43e87cd2847dce82749f184fe67ecf60be8698201071dba4da17d73c713fa9e072fa48b07b8bdffcc4cfd652ee4

Download Submit
C:\Windows\System\MJHsKQP.exe

Filesize
2.3MB

MD5
6133700f91e95b78410506cc44550b36

SHA1
6ffa07dbd596c4f4757b25764a476f4949a02e22

SHA256
bca87012c7161deb61d987406f02804573f55e71d8b56d7df7c163f9a9b12a27

SHA512
c816d62c6e37c792ae58430a6a0db19b98c529474ff9be52ffcaf4b1f5a0c9e3d4283f61a307ab9f226b55db9576a0e3081fda312395be85abb5b123332c3196

Download Submit
C:\Windows\System\OvFAegN.exe

Filesize
2.3MB

MD5
82d915c05cd75cb8ebdb42bc45c5c51c

SHA1
6f1914344f446ee1e7f4accf575dc38da13eb965

SHA256
e201d76782c20103e29eb42f65adc450e8f0d18f749818a919684ab06a5811ca

SHA512
b01c4b52f04ee504138120dacbd3feadbc684b00de54b6d183f85eb0bf059c21286d3b5b4d7060761e000407476fa44151040139b107fd04977bb76b753d8681

Download Submit
C:\Windows\System\RfzhfvP.exe

Filesize
2.3MB

MD5
5a927de5864f3a1a061929891e544ddc

SHA1
d6f898d287f3822cea8a70e94df6d80037ab9110

SHA256
34a903e3c1267dc9957401e13606c24ceba90cb165722f6d41678279dbbacfd3

SHA512
055714b921a41cc1009fab456b775a29edd809c0d150043ec19772fcdcf7ed985429862f7623fe677966e7fc30ada8eb4da55e6d5da9fe82f51ce87bd56408a7

Download Submit
C:\Windows\System\RxCzfMb.exe

Filesize
2.3MB

MD5
773b07d63d3531d28c852d14b9aee0ed

SHA1
ea4f69b8a38552042cf20796e406c2ba60a8362a

SHA256
b88682a685d680a758c6ec29baa896de55cd9e6bfcd6b1597970cf9e1ea3e0bc

SHA512
fcd74167e04a5326d3025e8d94e94ddc48b5329260c1f80c2caa228103e34638a7d3ca28ecccae3dd8322d08c86faaff665beb1a9f72a4b9883fb6b3c18fdd1e

Download Submit
C:\Windows\System\SVpwwcA.exe

Filesize
2.3MB

MD5
7e50deee5e1007006bf9c578a11b6520

SHA1
76731955682f71b333210c7332c10aec60167991

SHA256
404ac949fe6e4bc344428c653bc9585bdabf3087c22e73a6c5dfa098cbd984b3

SHA512
2ff17968fe90888b13f210cc189969e737e331c4a3a4597d50ef565069c5a648c1120ed98c83922b6a2f0f28abe2ccce14f3749a9e0ba462f1ec4c7082c86580

Download Submit
C:\Windows\System\TORyBGc.exe

Filesize
2.3MB

MD5
73e86bc2e2ed11778e77bc889d008f13

SHA1
eceb1faa4e155825a98549d4973aae1c9e7c9ad0

SHA256
bfb9b3d10256411a3a843a3d1e032b0514fb17b7910c2d5da146a7daded06298

SHA512
1543d7dfa55e5f20a41780023b658b8d4de323d822b83f4bdc7fe9e15f7fd57c219fab35889d07a2a8b33a570a7d07a11f4131325b9969a06e53082d3cc18679

Download Submit
C:\Windows\System\VGZlikO.exe

Filesize
2.3MB

MD5
d20e482ebe5de6aabe5bed98983e7e43

SHA1
3bd6fb312bd4b08fc45734e504b5d36dcebde9c0

SHA256
f065baa6571fa1fb452934ee0262989f431b40e6120f95a540e0787fc4dd74dc

SHA512
fba19f8119e879ecb83f41709a89535351ebb8b1058909483c356448ab1fae439589378aef6986d8d6aead186440f697d75605f82ce6e7b15785d0d2204ad0d5

Download Submit
C:\Windows\System\YoVYtoI.exe

Filesize
2.3MB

MD5
0a589e1d7130798d67e97cbb25306ae4

SHA1
48e4bd46baa08814e1ab1c9fc14b6465136af822

SHA256
4b21e5fe1b3a5d3d1a72df7a3e37201a1bad6fc0541ea142ab6a55555659b85a

SHA512
aac4df089e2651d1e24566c089793b4f42c1fd532ea56d952009174b2aaa9563b7d4f4a216ce5def04aec91253becbfde060a6a628f59d6ec9501fe55b9dea35

Download Submit
C:\Windows\System\aSthqsL.exe

Filesize
2.3MB

MD5
a6d18b838476e7ba9e5de468d07b999b

SHA1
97e6a9322948cac8dcaaddfa0bea980d1ba55e13

SHA256
8c54a50693f9be8c87c9ef25543ffe5bfe0f1312d41f73b403638e566c493472

SHA512
9615683ef092a5484310a11337d01e6c17bb88ff95e88c6376400c22958794cfd76db1d10384aa4eb1d64e6189be20251a72909a001b2ce859377b3e30f36714

Download Submit
C:\Windows\System\dosQLoU.exe

Filesize
2.3MB

MD5
603615cef15538e9ee6cbe26949c19e0

SHA1
a69de2989da006510d5a01be05ee79120faeff35

SHA256
1f6c77788b6027576ffe967690f8b7ac968fcd1d5a755dfe8c398d05867c4cab

SHA512
f1c1a3252f4b63aa4479511b14447945d56bf937432a35f1581adaacccebc52f86c4b3f9470697b2c76f6868142731830e700f5fd566cd1dd7b4ca466925ca38

Download Submit
C:\Windows\System\ixqngUB.exe

Filesize
2.3MB

MD5
54bcbde4ebe6d760595088de0e11a66b

SHA1
33c42accf58a6de7946144ce23dda12d66ae9c1c

SHA256
11d63a6e4bd14e495ee86d8d0c81610f26fb9b36436b07d00ad35d693780689f

SHA512
4a9f074149ae26b0640bd184b97e296b71011bb2ecfb08c2fab402eb078fe0b5d7c3bb287431312759f79572d846fd24702608e17d26cae44b586da7e1eba5ab

Download Submit
C:\Windows\System\jTlZnlO.exe

Filesize
2.3MB

MD5
f3c2f64de6dd90d0c340871ee47a5636

SHA1
ea4df26f3c38bde51eeccb0b1e48bec4584d9b5e

SHA256
d202d316684a8f0d73e81f270dbdec0123ace29b88bc7ff64904370a8532de71

SHA512
4becb482da44689c1e0657e7a174f957aae1b3398d2c1c52f8f47228b575d5a61c88d980892d69a0bd8292873d1e9d160502ac18d2129963a10da213571f4c0c

Download Submit
C:\Windows\System\jtjfIWR.exe

Filesize
2.3MB

MD5
8a843d0fc20b2ef151180150217aef94

SHA1
77f2d24c1a15a644348761e00b1cacd790a16c6d

SHA256
83f0b4b3f9410eb9207b777965aa428d9248182dee8db356c7a3d05525660f73

SHA512
415a7b6910d6aa3e9930d762b101aaef03592a139f1051e22b9cae748ff83e47123b7b744c3457bb29838e68bdcff468ffa997caccb458357ce8cdeebbfac002

Download Submit
C:\Windows\System\nIUBQEV.exe

Filesize
2.3MB

MD5
39049be4ff50504d5f043dc64ba925b1

SHA1
5d97876f0fa1f8b9e9856c1f7d6422ee2b4ca891

SHA256
132fe458ba96ccabc2f24f2db560c8b8133b432e7c6303e0431b5bc29a0b5263

SHA512
7e61d314634d0bf3abe8d1e7f1397a813d438adfdda6bf0d83f6504a6617ee2724e1df44333f60703b2be545f6d5a33fd8b980c92bf4345dd7d479485b2f2fc0

Download Submit
C:\Windows\System\pWuUWkk.exe

Filesize
2.3MB

MD5
e12d8832bf018cd200ff41faaf069f7c

SHA1
49344c72510485ad11a290679d5e34ffa31f25d3

SHA256
215abcb0ecc646d0a5defba4e0e8f4084e7297722e9181106d7f37e9d4ac2333

SHA512
bc7c370441615fdd55822d59b83d8a6cf47a326144a33e3d8c010bd84eb06d8af6dc3e9652d2c605b4f799fb2f5b241ce322c62030fb9edb43af5b2022e142a5

Download Submit
C:\Windows\System\qAcIFHV.exe

Filesize
2.3MB

MD5
285e213dbe94bb2a21b6ff50bd482590

SHA1
9d5760b04c54d48169610a90670c18bf833ed21c

SHA256
41b12549e916d573fd669ff71df3354c8ffcb5162ee35a6b8029eea0ef587884

SHA512
59aa16e5fc6f03d9017ade9c0369b911f191b0f3437ff871595f5754f832977107dc1c5ea611ce9711f23d2b4ba41c31e5406809b4b75b1b11d25e504afe9bec

Download Submit
C:\Windows\System\qPiWYLe.exe

Filesize
2.3MB

MD5
ed80bde81a707aa0f60f8f88a250de3c

SHA1
645f485198f7fc4679cd6a75b0a7c6276035b1c3

SHA256
d39943e6d5755c4256acd553c4d0b501f3962a3d90aa8a3245035989270376dd

SHA512
e78d47a067f7df41c5ed4ee7f6a84f7b8997371bd6d54479afef0e9e5e73c6cd51898373c4079f06e84b701c3109052048fefac42e3090f7ccb6e2e70a3af3b0

Download Submit
C:\Windows\System\sPEeOoy.exe

Filesize
2.3MB

MD5
223ef48759d90defd1a78c2e4919934c

SHA1
ed4116762fe3f8de2672ce6667ed948eceba6800

SHA256
51d8f5cee6c3f24013d56acb7197ab4da92633db16f3c57737a506320b6c1ab4

SHA512
cca095a75e3a300a9f4f4b0d96c3e9c7d9d0da6b7b53c8b20ce331bc59a20f16f53703d4ece8015a95b1cf40c041ad617b8dd4a7a6cdf4ae17a4c3fc4d5015cc

Download Submit
C:\Windows\System\smSILjW.exe

Filesize
2.3MB

MD5
6a0bf138919499654a6da0c2996d28dc

SHA1
53056c8371401a0eaf7805bf98b2ff844b9121b1

SHA256
592839aefa7104b2bb13f01698c9ea337ebc7fa8d06c0d1c200b6a828c921b9d

SHA512
967da629d68b269ff23fae8063f3e28cda1db4c4bce7ec3e897bd3a08bd11772ea3bb46d1aa4c7f2bd5878677eca9704285b4a2adebd95fff0a3ea6b1dd78bda

Download Submit
C:\Windows\System\tnmKbBi.exe

Filesize
2.3MB

MD5
46aa54c9897e3820b9d4c4a5797b7834

SHA1
c90cbd9787818e445841d848d2241c2b24139303

SHA256
b0f1feef8e619b6d34946afe27c8ed9ca48ad8dcc695feadac0b4d367c245030

SHA512
277d543c819a0be5e81352d2048a1e0e45e3720917aa59d57217b35f66403569a6075f068756b2ba50ce566d9d57df16c3d2efff141a12721cd1841a7880b3d9

Download Submit
C:\Windows\System\uhOnlmU.exe

Filesize
2.3MB

MD5
f9a785c26eda791b2b1542f1758a9bac

SHA1
238411cca727866d00fe2ac00e1fbb8a2bcb23f0

SHA256
bc8fc4393122cba7964bd4d3c17cfb077345eaabec0efe01a9a4988f543bc340

SHA512
6ee984510ac06f9bddbf74ef0faa9e8ecdbd7fc0e8eb72ed61f32e78a4572afdc7ab35282f92340d5565d113f162b8aa4154c2dcb643dc21034350dba4ea1d40

Download Submit
C:\Windows\System\xswcwxE.exe

Filesize
2.3MB

MD5
9dcc645d81ac0154c325804ed572f02e

SHA1
8322c91726683d96fa42bf3c8a5554d48905b7ae

SHA256
569387fcecae67afb0a8e7e10efbe10eb3916a7ff9a984e383d7e3f793559e45

SHA512
9ca66f577b72ba7a9b3a642fefe949a50da095ea1886cc37ec030a9f0d05b075f6476e4c94a45257b76b183cf9ac5491efebe2e98ce50dcccfa6ff9787217f4f

Download Submit
C:\Windows\System\zOxEBUp.exe

Filesize
2.3MB

MD5
808fdabfc482b8e2935376a86c76e106

SHA1
2c299836bbe04cbd3994ae0b171ba087e006ff8d

SHA256
cc31cd3d02db64ca574b3e81116e9cc2e398ac3c0e366a3639dd2838ceb2e769

SHA512
21d8310d8dd52f87f9e9e8967da087130be9abd8130d74c4b49d301c4cd3f463674e8b612412c9f90e4e0cf770f01ddf216de976b256b6cc6e239cc405377b52

Download Submit
memory/396-2142-0x00007FF76F4B0000-0x00007FF76F804000-memory.dmp

Filesize
3.3MB

Download
memory/396-662-0x00007FF76F4B0000-0x00007FF76F804000-memory.dmp

Filesize
3.3MB

Download
memory/1276-2143-0x00007FF713FB0000-0x00007FF714304000-memory.dmp

Filesize
3.3MB

Download
memory/1276-648-0x00007FF713FB0000-0x00007FF714304000-memory.dmp

Filesize
3.3MB

Download
memory/1404-642-0x00007FF6EAB30000-0x00007FF6EAE84000-memory.dmp

Filesize
3.3MB

Download
memory/1404-2138-0x00007FF6EAB30000-0x00007FF6EAE84000-memory.dmp

Filesize
3.3MB

Download
memory/1740-620-0x00007FF714ED0000-0x00007FF715224000-memory.dmp

Filesize
3.3MB

Download
memory/1740-2134-0x00007FF714ED0000-0x00007FF715224000-memory.dmp

Filesize
3.3MB

Download
memory/1792-626-0x00007FF7829D0000-0x00007FF782D24000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2139-0x00007FF7829D0000-0x00007FF782D24000-memory.dmp

Filesize
3.3MB

Download
memory/1812-640-0x00007FF6CE1A0000-0x00007FF6CE4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-2136-0x00007FF6CE1A0000-0x00007FF6CE4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-607-0x00007FF6C76A0000-0x00007FF6C79F4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2130-0x00007FF6C76A0000-0x00007FF6C79F4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2135-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp

Filesize
3.3MB

Download
memory/1956-634-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp

Filesize
3.3MB

Download
memory/1968-27-0x00007FF704C10000-0x00007FF704F64000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2122-0x00007FF704C10000-0x00007FF704F64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2127-0x00007FF76DB50000-0x00007FF76DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-599-0x00007FF76DB50000-0x00007FF76DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-584-0x00007FF631DF0000-0x00007FF632144000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2121-0x00007FF631DF0000-0x00007FF632144000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2146-0x00007FF632AF0000-0x00007FF632E44000-memory.dmp

Filesize
3.3MB

Download
memory/2212-649-0x00007FF632AF0000-0x00007FF632E44000-memory.dmp

Filesize
3.3MB

Download
memory/2544-650-0x00007FF743CD0000-0x00007FF744024000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2145-0x00007FF743CD0000-0x00007FF744024000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2128-0x00007FF6B4E40000-0x00007FF6B5194000-memory.dmp

Filesize
3.3MB

Download
memory/2552-594-0x00007FF6B4E40000-0x00007FF6B5194000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2144-0x00007FF749870000-0x00007FF749BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-651-0x00007FF749870000-0x00007FF749BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2149-0x00007FF6A6970000-0x00007FF6A6CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-661-0x00007FF6A6970000-0x00007FF6A6CC4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-12-0x00007FF6719E0000-0x00007FF671D34000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2123-0x00007FF6719E0000-0x00007FF671D34000-memory.dmp

Filesize
3.3MB

Download
memory/3112-588-0x00007FF60F990000-0x00007FF60FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2125-0x00007FF60F990000-0x00007FF60FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/3136-1-0x000002B16B8E0000-0x000002B16B8F0000-memory.dmp

Filesize
64KB

Download
memory/3136-0-0x00007FF7D6D00000-0x00007FF7D7054000-memory.dmp

Filesize
3.3MB

Download
memory/3172-602-0x00007FF631FF0000-0x00007FF632344000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2129-0x00007FF631FF0000-0x00007FF632344000-memory.dmp

Filesize
3.3MB

Download
memory/3340-629-0x00007FF73E900000-0x00007FF73EC54000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2133-0x00007FF73E900000-0x00007FF73EC54000-memory.dmp

Filesize
3.3MB

Download
memory/3424-660-0x00007FF6100F0000-0x00007FF610444000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2147-0x00007FF6100F0000-0x00007FF610444000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2137-0x00007FF60FB20000-0x00007FF60FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3444-641-0x00007FF60FB20000-0x00007FF60FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3716-643-0x00007FF756220000-0x00007FF756574000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2141-0x00007FF756220000-0x00007FF756574000-memory.dmp

Filesize
3.3MB

Download
memory/3836-2140-0x00007FF743DB0000-0x00007FF744104000-memory.dmp

Filesize
3.3MB

Download
memory/3836-647-0x00007FF743DB0000-0x00007FF744104000-memory.dmp

Filesize
3.3MB

Download
memory/3932-2131-0x00007FF6D4BC0000-0x00007FF6D4F14000-memory.dmp

Filesize
3.3MB

Download
memory/3932-608-0x00007FF6D4BC0000-0x00007FF6D4F14000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2148-0x00007FF61D690000-0x00007FF61D9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-655-0x00007FF61D690000-0x00007FF61D9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2126-0x00007FF6AE780000-0x00007FF6AEAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-664-0x00007FF6AE780000-0x00007FF6AEAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4372-2132-0x00007FF61FEC0000-0x00007FF620214000-memory.dmp

Filesize
3.3MB

Download
memory/4372-615-0x00007FF61FEC0000-0x00007FF620214000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2120-0x00007FF69F320000-0x00007FF69F674000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2124-0x00007FF69F320000-0x00007FF69F674000-memory.dmp

Filesize
3.3MB

Download
memory/4852-23-0x00007FF69F320000-0x00007FF69F674000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads