xmrig | 5f6d9f7e13da729673c15d7df4be7d12fe04cbc1d6342be4c0ceffc8dfd1f092

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
Size

2.1MB
MD5

5214c6aeebc29a567ceaa7c88b2b6790
SHA1

0acc025d90027f285ac2c7625fb61ce94d85f1c5
SHA256

5f6d9f7e13da729673c15d7df4be7d12fe04cbc1d6342be4c0ceffc8dfd1f092
SHA512

1b1e33c52263b0380419709736975d30315ff631b49e7cffea4b172223a69cb81c1956afc762407d8c1c8117ff67c4593b2630d7879560c91fe4ea04ff53f57b
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AjE6p6hzuukW3:BemTLkNdfE0pZrn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3776-0-0x00007FF7457D0000-0x00007FF745B24000-memory.dmp	xmrig
behavioral2/files/0x0008000000023556-5.dat	xmrig
behavioral2/files/0x000700000002355b-7.dat	xmrig
behavioral2/memory/528-19-0x00007FF6A3390000-0x00007FF6A36E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002355c-27.dat	xmrig
behavioral2/memory/3588-32-0x00007FF65DA40000-0x00007FF65DD94000-memory.dmp	xmrig
behavioral2/files/0x000700000002355f-39.dat	xmrig
behavioral2/files/0x0007000000023561-47.dat	xmrig
behavioral2/memory/2564-51-0x00007FF6C5720000-0x00007FF6C5A74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023560-50.dat	xmrig
behavioral2/memory/3268-48-0x00007FF6E0470000-0x00007FF6E07C4000-memory.dmp	xmrig
behavioral2/memory/5096-45-0x00007FF64D200000-0x00007FF64D554000-memory.dmp	xmrig
behavioral2/files/0x000700000002355e-41.dat	xmrig
behavioral2/memory/788-37-0x00007FF717A10000-0x00007FF717D64000-memory.dmp	xmrig
behavioral2/files/0x000700000002355d-36.dat	xmrig
behavioral2/memory/1152-35-0x00007FF7C1C40000-0x00007FF7C1F94000-memory.dmp	xmrig
behavioral2/memory/2972-31-0x00007FF75A820000-0x00007FF75AB74000-memory.dmp	xmrig
behavioral2/memory/4324-23-0x00007FF7FCCE0000-0x00007FF7FD034000-memory.dmp	xmrig
behavioral2/files/0x000700000002355a-17.dat	xmrig
behavioral2/files/0x0007000000023562-58.dat	xmrig
behavioral2/files/0x0008000000023557-66.dat	xmrig
behavioral2/files/0x0007000000023563-70.dat	xmrig
behavioral2/files/0x0007000000023565-80.dat	xmrig
behavioral2/files/0x0007000000023569-95.dat	xmrig
behavioral2/files/0x0007000000023568-105.dat	xmrig
behavioral2/files/0x000700000002356e-125.dat	xmrig
behavioral2/files/0x000700000002356f-133.dat	xmrig
behavioral2/files/0x0007000000023571-152.dat	xmrig
behavioral2/files/0x0007000000023575-179.dat	xmrig
behavioral2/files/0x0007000000023576-183.dat	xmrig
behavioral2/memory/3160-189-0x00007FF6C6CA0000-0x00007FF6C6FF4000-memory.dmp	xmrig
behavioral2/memory/4596-194-0x00007FF77D620000-0x00007FF77D974000-memory.dmp	xmrig
behavioral2/memory/2480-196-0x00007FF7FD640000-0x00007FF7FD994000-memory.dmp	xmrig
behavioral2/memory/1492-195-0x00007FF603160000-0x00007FF6034B4000-memory.dmp	xmrig
behavioral2/memory/4568-193-0x00007FF633380000-0x00007FF6336D4000-memory.dmp	xmrig
behavioral2/memory/2272-191-0x00007FF71ED40000-0x00007FF71F094000-memory.dmp	xmrig
behavioral2/memory/3424-188-0x00007FF6EBA30000-0x00007FF6EBD84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023578-182.dat	xmrig
behavioral2/memory/4268-181-0x00007FF7E1630000-0x00007FF7E1984000-memory.dmp	xmrig
behavioral2/files/0x0007000000023574-177.dat	xmrig
behavioral2/files/0x0007000000023573-176.dat	xmrig
behavioral2/files/0x0007000000023572-174.dat	xmrig
behavioral2/files/0x0007000000023570-168.dat	xmrig
behavioral2/memory/736-166-0x00007FF707C90000-0x00007FF707FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023577-165.dat	xmrig
behavioral2/memory/2616-160-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp	xmrig
behavioral2/memory/4728-157-0x00007FF7BAFD0000-0x00007FF7BB324000-memory.dmp	xmrig
behavioral2/files/0x000700000002356d-148.dat	xmrig
behavioral2/memory/4924-143-0x00007FF6A3520000-0x00007FF6A3874000-memory.dmp	xmrig
behavioral2/files/0x000700000002356b-130.dat	xmrig
behavioral2/memory/844-126-0x00007FF634680000-0x00007FF6349D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002356a-122.dat	xmrig
behavioral2/files/0x000700000002356c-129.dat	xmrig
behavioral2/memory/4184-119-0x00007FF602F10000-0x00007FF603264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023564-112.dat	xmrig
behavioral2/memory/4948-109-0x00007FF7555C0000-0x00007FF755914000-memory.dmp	xmrig
behavioral2/files/0x0007000000023567-103.dat	xmrig
behavioral2/files/0x0007000000023566-99.dat	xmrig
behavioral2/memory/3944-96-0x00007FF7BCCF0000-0x00007FF7BD044000-memory.dmp	xmrig
behavioral2/memory/1612-90-0x00007FF7C6620000-0x00007FF7C6974000-memory.dmp	xmrig
behavioral2/memory/636-81-0x00007FF67CC60000-0x00007FF67CFB4000-memory.dmp	xmrig
behavioral2/memory/2072-75-0x00007FF7C27C0000-0x00007FF7C2B14000-memory.dmp	xmrig
behavioral2/memory/4004-64-0x00007FF74F0E0000-0x00007FF74F434000-memory.dmp	xmrig
behavioral2/memory/528-616-0x00007FF6A3390000-0x00007FF6A36E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
528	XiWFvtH.exe
1152	FarpAbU.exe
4324	FdkoWXw.exe
2972	IgdeeWN.exe
788	ZeYUiuB.exe
3588	RoGvuLB.exe
3268	XPmSfhs.exe
5096	ffKgYUW.exe
2564	XXiinLw.exe
4004	nIwbpaZ.exe
2072	hhiNSPp.exe
636	MqndNeP.exe
1612	UYeBBCB.exe
4728	NlwOLlx.exe
3944	gotFcUL.exe
4948	UxjvwqP.exe
4184	AxGjKUL.exe
2616	ZgMUnrz.exe
736	ArLbRDx.exe
844	zjhnewg.exe
4268	LeuXFvN.exe
3424	IzxHfFE.exe
4924	rPsrzwm.exe
3160	rnuraPB.exe
2480	IrZckFx.exe
2272	AtKlNwl.exe
4568	qcsdxkQ.exe
4596	aGicbEq.exe
1492	XlFyZCq.exe
3004	kVMgmxJ.exe
3876	QEXxUoy.exe
3184	nlSgMyP.exe
2980	LlJrydt.exe
1400	pAaCgRd.exe
3452	DTGYQzo.exe
4420	gibcdzw.exe
4204	oavtRGN.exe
1352	cRWggxK.exe
3988	RdZGmQu.exe
1736	jLHYbRO.exe
4988	XkFopVq.exe
4664	eQrRqkq.exe
3544	BnTVRck.exe
4576	vgCVWOm.exe
3548	DZfsoTl.exe
4700	zrGKvyQ.exe
2988	cwxozdP.exe
376	EpXAopa.exe
2920	kqAslAO.exe
4260	WLIwEgH.exe
3524	kSHFvJD.exe
4780	IcXEJCW.exe
4976	zrQEJOG.exe
3360	aVgjsQS.exe
2684	fkEWtAd.exe
4036	TEInATc.exe
1472	HlcUySy.exe
3500	HgqKnFe.exe
4860	PFQIJnv.exe
3712	tYBiAvi.exe
4164	FPVtySE.exe
4788	yDucWiw.exe
3816	mlHmZJR.exe
1308	YyBJGYG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3776-0-0x00007FF7457D0000-0x00007FF745B24000-memory.dmp	upx
behavioral2/files/0x0008000000023556-5.dat	upx
behavioral2/files/0x000700000002355b-7.dat	upx
behavioral2/memory/528-19-0x00007FF6A3390000-0x00007FF6A36E4000-memory.dmp	upx
behavioral2/files/0x000700000002355c-27.dat	upx
behavioral2/memory/3588-32-0x00007FF65DA40000-0x00007FF65DD94000-memory.dmp	upx
behavioral2/files/0x000700000002355f-39.dat	upx
behavioral2/files/0x0007000000023561-47.dat	upx
behavioral2/memory/2564-51-0x00007FF6C5720000-0x00007FF6C5A74000-memory.dmp	upx
behavioral2/files/0x0007000000023560-50.dat	upx
behavioral2/memory/3268-48-0x00007FF6E0470000-0x00007FF6E07C4000-memory.dmp	upx
behavioral2/memory/5096-45-0x00007FF64D200000-0x00007FF64D554000-memory.dmp	upx
behavioral2/files/0x000700000002355e-41.dat	upx
behavioral2/memory/788-37-0x00007FF717A10000-0x00007FF717D64000-memory.dmp	upx
behavioral2/files/0x000700000002355d-36.dat	upx
behavioral2/memory/1152-35-0x00007FF7C1C40000-0x00007FF7C1F94000-memory.dmp	upx
behavioral2/memory/2972-31-0x00007FF75A820000-0x00007FF75AB74000-memory.dmp	upx
behavioral2/memory/4324-23-0x00007FF7FCCE0000-0x00007FF7FD034000-memory.dmp	upx
behavioral2/files/0x000700000002355a-17.dat	upx
behavioral2/files/0x0007000000023562-58.dat	upx
behavioral2/files/0x0008000000023557-66.dat	upx
behavioral2/files/0x0007000000023563-70.dat	upx
behavioral2/files/0x0007000000023565-80.dat	upx
behavioral2/files/0x0007000000023569-95.dat	upx
behavioral2/files/0x0007000000023568-105.dat	upx
behavioral2/files/0x000700000002356e-125.dat	upx
behavioral2/files/0x000700000002356f-133.dat	upx
behavioral2/files/0x0007000000023571-152.dat	upx
behavioral2/files/0x0007000000023575-179.dat	upx
behavioral2/files/0x0007000000023576-183.dat	upx
behavioral2/memory/3160-189-0x00007FF6C6CA0000-0x00007FF6C6FF4000-memory.dmp	upx
behavioral2/memory/4596-194-0x00007FF77D620000-0x00007FF77D974000-memory.dmp	upx
behavioral2/memory/2480-196-0x00007FF7FD640000-0x00007FF7FD994000-memory.dmp	upx
behavioral2/memory/1492-195-0x00007FF603160000-0x00007FF6034B4000-memory.dmp	upx
behavioral2/memory/4568-193-0x00007FF633380000-0x00007FF6336D4000-memory.dmp	upx
behavioral2/memory/2272-191-0x00007FF71ED40000-0x00007FF71F094000-memory.dmp	upx
behavioral2/memory/3424-188-0x00007FF6EBA30000-0x00007FF6EBD84000-memory.dmp	upx
behavioral2/files/0x0007000000023578-182.dat	upx
behavioral2/memory/4268-181-0x00007FF7E1630000-0x00007FF7E1984000-memory.dmp	upx
behavioral2/files/0x0007000000023574-177.dat	upx
behavioral2/files/0x0007000000023573-176.dat	upx
behavioral2/files/0x0007000000023572-174.dat	upx
behavioral2/files/0x0007000000023570-168.dat	upx
behavioral2/memory/736-166-0x00007FF707C90000-0x00007FF707FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023577-165.dat	upx
behavioral2/memory/2616-160-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp	upx
behavioral2/memory/4728-157-0x00007FF7BAFD0000-0x00007FF7BB324000-memory.dmp	upx
behavioral2/files/0x000700000002356d-148.dat	upx
behavioral2/memory/4924-143-0x00007FF6A3520000-0x00007FF6A3874000-memory.dmp	upx
behavioral2/files/0x000700000002356b-130.dat	upx
behavioral2/memory/844-126-0x00007FF634680000-0x00007FF6349D4000-memory.dmp	upx
behavioral2/files/0x000700000002356a-122.dat	upx
behavioral2/files/0x000700000002356c-129.dat	upx
behavioral2/memory/4184-119-0x00007FF602F10000-0x00007FF603264000-memory.dmp	upx
behavioral2/files/0x0007000000023564-112.dat	upx
behavioral2/memory/4948-109-0x00007FF7555C0000-0x00007FF755914000-memory.dmp	upx
behavioral2/files/0x0007000000023567-103.dat	upx
behavioral2/files/0x0007000000023566-99.dat	upx
behavioral2/memory/3944-96-0x00007FF7BCCF0000-0x00007FF7BD044000-memory.dmp	upx
behavioral2/memory/1612-90-0x00007FF7C6620000-0x00007FF7C6974000-memory.dmp	upx
behavioral2/memory/636-81-0x00007FF67CC60000-0x00007FF67CFB4000-memory.dmp	upx
behavioral2/memory/2072-75-0x00007FF7C27C0000-0x00007FF7C2B14000-memory.dmp	upx
behavioral2/memory/4004-64-0x00007FF74F0E0000-0x00007FF74F434000-memory.dmp	upx
behavioral2/memory/528-616-0x00007FF6A3390000-0x00007FF6A36E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ByarJAJ.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\ZpGbplG.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\fxzyZHN.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\urAFpKZ.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\EbUfHwb.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\IcXEJCW.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\vYOltvu.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\tWfPBQP.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\lChGvlI.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\VnErBBA.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\lyxzwmp.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\YGiTtsV.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\gibcdzw.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\dEkIDpE.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\uXBgNFP.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\IEJiItE.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\ZbGFHBp.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\rfSxXYv.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\eftBGFi.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\UBrFgdS.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\jsvGNAr.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\EofDQBe.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\HfxaClg.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\goIYzWV.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\rnuraPB.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\NJocyVr.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\VPrQkcC.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\vCcGwdL.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\VIVtFce.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\tEyloKb.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\zImvHZU.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\YzXaVdc.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\OSlREVe.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\oYbVOIj.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\MvsfsIy.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\pfqTIdv.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\oavtRGN.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\iboOkCL.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\gnLWjzP.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\NSJDtCq.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\ZgMUnrz.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\LTNWFoU.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\ZSiEChl.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\YZXtJPM.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\FQMjsya.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\PZwunAo.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\uWqtcNQ.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\mvIsOwD.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\ZbHAGrl.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\JpTQusi.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\wqRjTdY.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\vMcMBtj.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\LfGLAkn.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\DVHQyai.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\hSNbCKm.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\QMxlxDz.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\REIlirp.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\bfeGHre.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\MzYoMGU.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\YgHyUCM.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\mWqYarg.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\XqhHVTi.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\pteiiUa.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
File created	C:\Windows\System\ZeYUiuB.exe	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14708	dwm.exe
Token: SeChangeNotifyPrivilege	14708	dwm.exe
Token: 33	14708	dwm.exe
Token: SeIncBasePriorityPrivilege	14708	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 528	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	91
PID 3776 wrote to memory of 528	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	91
PID 3776 wrote to memory of 1152	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	92
PID 3776 wrote to memory of 1152	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	92
PID 3776 wrote to memory of 4324	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	93
PID 3776 wrote to memory of 4324	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	93
PID 3776 wrote to memory of 2972	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	94
PID 3776 wrote to memory of 2972	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	94
PID 3776 wrote to memory of 788	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	95
PID 3776 wrote to memory of 788	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	95
PID 3776 wrote to memory of 3588	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	96
PID 3776 wrote to memory of 3588	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	96
PID 3776 wrote to memory of 3268	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	97
PID 3776 wrote to memory of 3268	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	97
PID 3776 wrote to memory of 5096	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	98
PID 3776 wrote to memory of 5096	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	98
PID 3776 wrote to memory of 2564	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	99
PID 3776 wrote to memory of 2564	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	99
PID 3776 wrote to memory of 4004	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	100
PID 3776 wrote to memory of 4004	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	100
PID 3776 wrote to memory of 2072	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	101
PID 3776 wrote to memory of 2072	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	101
PID 3776 wrote to memory of 636	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	102
PID 3776 wrote to memory of 636	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	102
PID 3776 wrote to memory of 3944	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	103
PID 3776 wrote to memory of 3944	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	103
PID 3776 wrote to memory of 1612	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	104
PID 3776 wrote to memory of 1612	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	104
PID 3776 wrote to memory of 4728	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	105
PID 3776 wrote to memory of 4728	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	105
PID 3776 wrote to memory of 4948	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	106
PID 3776 wrote to memory of 4948	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	106
PID 3776 wrote to memory of 4184	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	107
PID 3776 wrote to memory of 4184	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	107
PID 3776 wrote to memory of 2616	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	108
PID 3776 wrote to memory of 2616	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	108
PID 3776 wrote to memory of 736	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	109
PID 3776 wrote to memory of 736	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	109
PID 3776 wrote to memory of 844	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	110
PID 3776 wrote to memory of 844	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	110
PID 3776 wrote to memory of 4268	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	111
PID 3776 wrote to memory of 4268	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	111
PID 3776 wrote to memory of 3424	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	112
PID 3776 wrote to memory of 3424	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	112
PID 3776 wrote to memory of 4924	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	113
PID 3776 wrote to memory of 4924	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	113
PID 3776 wrote to memory of 3160	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	114
PID 3776 wrote to memory of 3160	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	114
PID 3776 wrote to memory of 2480	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	115
PID 3776 wrote to memory of 2480	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	115
PID 3776 wrote to memory of 2272	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	116
PID 3776 wrote to memory of 2272	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	116
PID 3776 wrote to memory of 4568	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	117
PID 3776 wrote to memory of 4568	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	117
PID 3776 wrote to memory of 4596	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	118
PID 3776 wrote to memory of 4596	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	118
PID 3776 wrote to memory of 1492	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	119
PID 3776 wrote to memory of 1492	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	119
PID 3776 wrote to memory of 3004	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	120
PID 3776 wrote to memory of 3004	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	120
PID 3776 wrote to memory of 3876	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	121
PID 3776 wrote to memory of 3876	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	121
PID 3776 wrote to memory of 3184	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	123
PID 3776 wrote to memory of 3184	3776	5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe	123

C:\Users\Admin\AppData\Local\Temp\5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5214c6aeebc29a567ceaa7c88b2b6790_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Windows\System\XiWFvtH.exe
  C:\Windows\System\XiWFvtH.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\FarpAbU.exe
  C:\Windows\System\FarpAbU.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\FdkoWXw.exe
  C:\Windows\System\FdkoWXw.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\IgdeeWN.exe
  C:\Windows\System\IgdeeWN.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ZeYUiuB.exe
  C:\Windows\System\ZeYUiuB.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\RoGvuLB.exe
  C:\Windows\System\RoGvuLB.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\XPmSfhs.exe
  C:\Windows\System\XPmSfhs.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\ffKgYUW.exe
  C:\Windows\System\ffKgYUW.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\XXiinLw.exe
  C:\Windows\System\XXiinLw.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\nIwbpaZ.exe
  C:\Windows\System\nIwbpaZ.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\hhiNSPp.exe
  C:\Windows\System\hhiNSPp.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\MqndNeP.exe
  C:\Windows\System\MqndNeP.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\gotFcUL.exe
  C:\Windows\System\gotFcUL.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\UYeBBCB.exe
  C:\Windows\System\UYeBBCB.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\NlwOLlx.exe
  C:\Windows\System\NlwOLlx.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\UxjvwqP.exe
  C:\Windows\System\UxjvwqP.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\AxGjKUL.exe
  C:\Windows\System\AxGjKUL.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\ZgMUnrz.exe
  C:\Windows\System\ZgMUnrz.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ArLbRDx.exe
  C:\Windows\System\ArLbRDx.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\zjhnewg.exe
  C:\Windows\System\zjhnewg.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\LeuXFvN.exe
  C:\Windows\System\LeuXFvN.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\IzxHfFE.exe
  C:\Windows\System\IzxHfFE.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\rPsrzwm.exe
  C:\Windows\System\rPsrzwm.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\rnuraPB.exe
  C:\Windows\System\rnuraPB.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\IrZckFx.exe
  C:\Windows\System\IrZckFx.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\AtKlNwl.exe
  C:\Windows\System\AtKlNwl.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\qcsdxkQ.exe
  C:\Windows\System\qcsdxkQ.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\aGicbEq.exe
  C:\Windows\System\aGicbEq.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\XlFyZCq.exe
  C:\Windows\System\XlFyZCq.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\kVMgmxJ.exe
  C:\Windows\System\kVMgmxJ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\QEXxUoy.exe
  C:\Windows\System\QEXxUoy.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\nlSgMyP.exe
  C:\Windows\System\nlSgMyP.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\LlJrydt.exe
  C:\Windows\System\LlJrydt.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\pAaCgRd.exe
  C:\Windows\System\pAaCgRd.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\DTGYQzo.exe
  C:\Windows\System\DTGYQzo.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\gibcdzw.exe
  C:\Windows\System\gibcdzw.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\oavtRGN.exe
  C:\Windows\System\oavtRGN.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\cRWggxK.exe
  C:\Windows\System\cRWggxK.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\RdZGmQu.exe
  C:\Windows\System\RdZGmQu.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\jLHYbRO.exe
  C:\Windows\System\jLHYbRO.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\XkFopVq.exe
  C:\Windows\System\XkFopVq.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\eQrRqkq.exe
  C:\Windows\System\eQrRqkq.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\BnTVRck.exe
  C:\Windows\System\BnTVRck.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\vgCVWOm.exe
  C:\Windows\System\vgCVWOm.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\DZfsoTl.exe
  C:\Windows\System\DZfsoTl.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\zrGKvyQ.exe
  C:\Windows\System\zrGKvyQ.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\cwxozdP.exe
  C:\Windows\System\cwxozdP.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\EpXAopa.exe
  C:\Windows\System\EpXAopa.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\kqAslAO.exe
  C:\Windows\System\kqAslAO.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\kSHFvJD.exe
  C:\Windows\System\kSHFvJD.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\WLIwEgH.exe
  C:\Windows\System\WLIwEgH.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\IcXEJCW.exe
  C:\Windows\System\IcXEJCW.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\zrQEJOG.exe
  C:\Windows\System\zrQEJOG.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\aVgjsQS.exe
  C:\Windows\System\aVgjsQS.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\fkEWtAd.exe
  C:\Windows\System\fkEWtAd.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\TEInATc.exe
  C:\Windows\System\TEInATc.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\HlcUySy.exe
  C:\Windows\System\HlcUySy.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\HgqKnFe.exe
  C:\Windows\System\HgqKnFe.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\PFQIJnv.exe
  C:\Windows\System\PFQIJnv.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\tYBiAvi.exe
  C:\Windows\System\tYBiAvi.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\FPVtySE.exe
  C:\Windows\System\FPVtySE.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\yDucWiw.exe
  C:\Windows\System\yDucWiw.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\mlHmZJR.exe
  C:\Windows\System\mlHmZJR.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\YyBJGYG.exe
  C:\Windows\System\YyBJGYG.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\skGLpLG.exe
  C:\Windows\System\skGLpLG.exe
  2⤵
  PID:556
- C:\Windows\System\tkjRYQh.exe
  C:\Windows\System\tkjRYQh.exe
  2⤵
  PID:3428
- C:\Windows\System\MQhmjlx.exe
  C:\Windows\System\MQhmjlx.exe
  2⤵
  PID:2776
- C:\Windows\System\QhnIwGb.exe
  C:\Windows\System\QhnIwGb.exe
  2⤵
  PID:3440
- C:\Windows\System\GsxuHyI.exe
  C:\Windows\System\GsxuHyI.exe
  2⤵
  PID:2452
- C:\Windows\System\XSwkxxb.exe
  C:\Windows\System\XSwkxxb.exe
  2⤵
  PID:2040
- C:\Windows\System\xuivlNQ.exe
  C:\Windows\System\xuivlNQ.exe
  2⤵
  PID:2296
- C:\Windows\System\tkFfUsn.exe
  C:\Windows\System\tkFfUsn.exe
  2⤵
  PID:5144
- C:\Windows\System\TjQqZCW.exe
  C:\Windows\System\TjQqZCW.exe
  2⤵
  PID:5172
- C:\Windows\System\DzDWBsw.exe
  C:\Windows\System\DzDWBsw.exe
  2⤵
  PID:5208
- C:\Windows\System\tuTpstS.exe
  C:\Windows\System\tuTpstS.exe
  2⤵
  PID:5236
- C:\Windows\System\GZHbHfa.exe
  C:\Windows\System\GZHbHfa.exe
  2⤵
  PID:5264
- C:\Windows\System\BuZECQk.exe
  C:\Windows\System\BuZECQk.exe
  2⤵
  PID:5300
- C:\Windows\System\UwkiehZ.exe
  C:\Windows\System\UwkiehZ.exe
  2⤵
  PID:5324
- C:\Windows\System\ABDjvRi.exe
  C:\Windows\System\ABDjvRi.exe
  2⤵
  PID:5360
- C:\Windows\System\dhcjrNV.exe
  C:\Windows\System\dhcjrNV.exe
  2⤵
  PID:5400
- C:\Windows\System\ZBbdqpW.exe
  C:\Windows\System\ZBbdqpW.exe
  2⤵
  PID:5436
- C:\Windows\System\rNwaiza.exe
  C:\Windows\System\rNwaiza.exe
  2⤵
  PID:5476
- C:\Windows\System\LQSRmpu.exe
  C:\Windows\System\LQSRmpu.exe
  2⤵
  PID:5504
- C:\Windows\System\XgCWylB.exe
  C:\Windows\System\XgCWylB.exe
  2⤵
  PID:5536
- C:\Windows\System\cLjmfok.exe
  C:\Windows\System\cLjmfok.exe
  2⤵
  PID:5560
- C:\Windows\System\mqkckcC.exe
  C:\Windows\System\mqkckcC.exe
  2⤵
  PID:5592
- C:\Windows\System\DdJYcFk.exe
  C:\Windows\System\DdJYcFk.exe
  2⤵
  PID:5624
- C:\Windows\System\bAKgnVr.exe
  C:\Windows\System\bAKgnVr.exe
  2⤵
  PID:5652
- C:\Windows\System\iKAtopx.exe
  C:\Windows\System\iKAtopx.exe
  2⤵
  PID:5680
- C:\Windows\System\WBSfQmi.exe
  C:\Windows\System\WBSfQmi.exe
  2⤵
  PID:5716
- C:\Windows\System\NJocyVr.exe
  C:\Windows\System\NJocyVr.exe
  2⤵
  PID:5752
- C:\Windows\System\afcnziL.exe
  C:\Windows\System\afcnziL.exe
  2⤵
  PID:5796
- C:\Windows\System\FXSvxEY.exe
  C:\Windows\System\FXSvxEY.exe
  2⤵
  PID:5824
- C:\Windows\System\mgrelpq.exe
  C:\Windows\System\mgrelpq.exe
  2⤵
  PID:5856
- C:\Windows\System\YtKdBQM.exe
  C:\Windows\System\YtKdBQM.exe
  2⤵
  PID:5880
- C:\Windows\System\QcrNUip.exe
  C:\Windows\System\QcrNUip.exe
  2⤵
  PID:5928
- C:\Windows\System\EILTZge.exe
  C:\Windows\System\EILTZge.exe
  2⤵
  PID:5968
- C:\Windows\System\eftBGFi.exe
  C:\Windows\System\eftBGFi.exe
  2⤵
  PID:5992
- C:\Windows\System\nYDAbka.exe
  C:\Windows\System\nYDAbka.exe
  2⤵
  PID:6024
- C:\Windows\System\BknOnwt.exe
  C:\Windows\System\BknOnwt.exe
  2⤵
  PID:6056
- C:\Windows\System\IHBHKfP.exe
  C:\Windows\System\IHBHKfP.exe
  2⤵
  PID:6088
- C:\Windows\System\loSOjVf.exe
  C:\Windows\System\loSOjVf.exe
  2⤵
  PID:6112
- C:\Windows\System\gjNacAo.exe
  C:\Windows\System\gjNacAo.exe
  2⤵
  PID:6132
- C:\Windows\System\SedJFTb.exe
  C:\Windows\System\SedJFTb.exe
  2⤵
  PID:5164
- C:\Windows\System\dTPkSXx.exe
  C:\Windows\System\dTPkSXx.exe
  2⤵
  PID:5252
- C:\Windows\System\pzTYuHP.exe
  C:\Windows\System\pzTYuHP.exe
  2⤵
  PID:5368
- C:\Windows\System\seqNnrb.exe
  C:\Windows\System\seqNnrb.exe
  2⤵
  PID:5448
- C:\Windows\System\rBbKbCC.exe
  C:\Windows\System\rBbKbCC.exe
  2⤵
  PID:5524
- C:\Windows\System\UBrFgdS.exe
  C:\Windows\System\UBrFgdS.exe
  2⤵
  PID:5616
- C:\Windows\System\RNVWPxt.exe
  C:\Windows\System\RNVWPxt.exe
  2⤵
  PID:5676
- C:\Windows\System\qYiegDQ.exe
  C:\Windows\System\qYiegDQ.exe
  2⤵
  PID:5740
- C:\Windows\System\YVCETgu.exe
  C:\Windows\System\YVCETgu.exe
  2⤵
  PID:5832
- C:\Windows\System\tWLfBHs.exe
  C:\Windows\System\tWLfBHs.exe
  2⤵
  PID:5912
- C:\Windows\System\rpzifsW.exe
  C:\Windows\System\rpzifsW.exe
  2⤵
  PID:5952
- C:\Windows\System\KKbYDlc.exe
  C:\Windows\System\KKbYDlc.exe
  2⤵
  PID:6052
- C:\Windows\System\bthwyZm.exe
  C:\Windows\System\bthwyZm.exe
  2⤵
  PID:6100
- C:\Windows\System\HHSmvUQ.exe
  C:\Windows\System\HHSmvUQ.exe
  2⤵
  PID:5344
- C:\Windows\System\NqRRZEk.exe
  C:\Windows\System\NqRRZEk.exe
  2⤵
  PID:5488
- C:\Windows\System\MclLMdc.exe
  C:\Windows\System\MclLMdc.exe
  2⤵
  PID:5584
- C:\Windows\System\nvDeHgG.exe
  C:\Windows\System\nvDeHgG.exe
  2⤵
  PID:5704
- C:\Windows\System\LCWXRKa.exe
  C:\Windows\System\LCWXRKa.exe
  2⤵
  PID:5876
- C:\Windows\System\REIlirp.exe
  C:\Windows\System\REIlirp.exe
  2⤵
  PID:6128
- C:\Windows\System\INMLBVw.exe
  C:\Windows\System\INMLBVw.exe
  2⤵
  PID:5548
- C:\Windows\System\jsnwwcs.exe
  C:\Windows\System\jsnwwcs.exe
  2⤵
  PID:6016
- C:\Windows\System\cfxovOL.exe
  C:\Windows\System\cfxovOL.exe
  2⤵
  PID:6036
- C:\Windows\System\VEmpQej.exe
  C:\Windows\System\VEmpQej.exe
  2⤵
  PID:6160
- C:\Windows\System\eicXPzn.exe
  C:\Windows\System\eicXPzn.exe
  2⤵
  PID:6188
- C:\Windows\System\oYbVOIj.exe
  C:\Windows\System\oYbVOIj.exe
  2⤵
  PID:6216
- C:\Windows\System\Mbkkdbj.exe
  C:\Windows\System\Mbkkdbj.exe
  2⤵
  PID:6256
- C:\Windows\System\QNaJtLL.exe
  C:\Windows\System\QNaJtLL.exe
  2⤵
  PID:6292
- C:\Windows\System\hewAIsH.exe
  C:\Windows\System\hewAIsH.exe
  2⤵
  PID:6320
- C:\Windows\System\JTmPeNk.exe
  C:\Windows\System\JTmPeNk.exe
  2⤵
  PID:6336
- C:\Windows\System\dEdYJLI.exe
  C:\Windows\System\dEdYJLI.exe
  2⤵
  PID:6376
- C:\Windows\System\kqHHKDf.exe
  C:\Windows\System\kqHHKDf.exe
  2⤵
  PID:6404
- C:\Windows\System\OrqnNhv.exe
  C:\Windows\System\OrqnNhv.exe
  2⤵
  PID:6448
- C:\Windows\System\JUHGUCF.exe
  C:\Windows\System\JUHGUCF.exe
  2⤵
  PID:6480
- C:\Windows\System\TsSpkIS.exe
  C:\Windows\System\TsSpkIS.exe
  2⤵
  PID:6512
- C:\Windows\System\YmMRdfn.exe
  C:\Windows\System\YmMRdfn.exe
  2⤵
  PID:6540
- C:\Windows\System\WZDJqQb.exe
  C:\Windows\System\WZDJqQb.exe
  2⤵
  PID:6568
- C:\Windows\System\PVIgTXo.exe
  C:\Windows\System\PVIgTXo.exe
  2⤵
  PID:6596
- C:\Windows\System\EbwDvkd.exe
  C:\Windows\System\EbwDvkd.exe
  2⤵
  PID:6624
- C:\Windows\System\LEyieoH.exe
  C:\Windows\System\LEyieoH.exe
  2⤵
  PID:6652
- C:\Windows\System\aSCiQxO.exe
  C:\Windows\System\aSCiQxO.exe
  2⤵
  PID:6680
- C:\Windows\System\wYUDRtc.exe
  C:\Windows\System\wYUDRtc.exe
  2⤵
  PID:6696
- C:\Windows\System\rdoSDFU.exe
  C:\Windows\System\rdoSDFU.exe
  2⤵
  PID:6732
- C:\Windows\System\mCjkkMk.exe
  C:\Windows\System\mCjkkMk.exe
  2⤵
  PID:6764
- C:\Windows\System\vEtXrwH.exe
  C:\Windows\System\vEtXrwH.exe
  2⤵
  PID:6784
- C:\Windows\System\iFGTVmA.exe
  C:\Windows\System\iFGTVmA.exe
  2⤵
  PID:6820
- C:\Windows\System\XrGBpKo.exe
  C:\Windows\System\XrGBpKo.exe
  2⤵
  PID:6836
- C:\Windows\System\FLnamJL.exe
  C:\Windows\System\FLnamJL.exe
  2⤵
  PID:6852
- C:\Windows\System\WcWwOmd.exe
  C:\Windows\System\WcWwOmd.exe
  2⤵
  PID:6868
- C:\Windows\System\MgAGxxS.exe
  C:\Windows\System\MgAGxxS.exe
  2⤵
  PID:6892
- C:\Windows\System\DmXQWsm.exe
  C:\Windows\System\DmXQWsm.exe
  2⤵
  PID:6912
- C:\Windows\System\qxxuXAj.exe
  C:\Windows\System\qxxuXAj.exe
  2⤵
  PID:6936
- C:\Windows\System\dRxwfkS.exe
  C:\Windows\System\dRxwfkS.exe
  2⤵
  PID:6976
- C:\Windows\System\JxaACjS.exe
  C:\Windows\System\JxaACjS.exe
  2⤵
  PID:7004
- C:\Windows\System\dcmocjz.exe
  C:\Windows\System\dcmocjz.exe
  2⤵
  PID:7052
- C:\Windows\System\IXHqvUa.exe
  C:\Windows\System\IXHqvUa.exe
  2⤵
  PID:7084
- C:\Windows\System\UABkxDZ.exe
  C:\Windows\System\UABkxDZ.exe
  2⤵
  PID:7120
- C:\Windows\System\kmTxkfM.exe
  C:\Windows\System\kmTxkfM.exe
  2⤵
  PID:7156
- C:\Windows\System\AvHQeKn.exe
  C:\Windows\System\AvHQeKn.exe
  2⤵
  PID:5768
- C:\Windows\System\JCuPoqE.exe
  C:\Windows\System\JCuPoqE.exe
  2⤵
  PID:5776
- C:\Windows\System\AvtsBVR.exe
  C:\Windows\System\AvtsBVR.exe
  2⤵
  PID:6184
- C:\Windows\System\xfMHvBV.exe
  C:\Windows\System\xfMHvBV.exe
  2⤵
  PID:6240
- C:\Windows\System\RYGlTQk.exe
  C:\Windows\System\RYGlTQk.exe
  2⤵
  PID:6288
- C:\Windows\System\jsvGNAr.exe
  C:\Windows\System\jsvGNAr.exe
  2⤵
  PID:6368
- C:\Windows\System\LilZbYd.exe
  C:\Windows\System\LilZbYd.exe
  2⤵
  PID:6468
- C:\Windows\System\PDaKKbt.exe
  C:\Windows\System\PDaKKbt.exe
  2⤵
  PID:6508
- C:\Windows\System\GfBxUJD.exe
  C:\Windows\System\GfBxUJD.exe
  2⤵
  PID:6564
- C:\Windows\System\ZpekinU.exe
  C:\Windows\System\ZpekinU.exe
  2⤵
  PID:6616
- C:\Windows\System\savBRii.exe
  C:\Windows\System\savBRii.exe
  2⤵
  PID:6720
- C:\Windows\System\aMMSKuQ.exe
  C:\Windows\System\aMMSKuQ.exe
  2⤵
  PID:6828
- C:\Windows\System\IoSSHsw.exe
  C:\Windows\System\IoSSHsw.exe
  2⤵
  PID:6860
- C:\Windows\System\SNYNhfZ.exe
  C:\Windows\System\SNYNhfZ.exe
  2⤵
  PID:6848
- C:\Windows\System\xaIqjkH.exe
  C:\Windows\System\xaIqjkH.exe
  2⤵
  PID:6932
- C:\Windows\System\irvXRof.exe
  C:\Windows\System\irvXRof.exe
  2⤵
  PID:7024
- C:\Windows\System\WzHNHVV.exe
  C:\Windows\System\WzHNHVV.exe
  2⤵
  PID:7000
- C:\Windows\System\wYVWTnN.exe
  C:\Windows\System\wYVWTnN.exe
  2⤵
  PID:7036
- C:\Windows\System\fLUwxGF.exe
  C:\Windows\System\fLUwxGF.exe
  2⤵
  PID:7100
- C:\Windows\System\LTNWFoU.exe
  C:\Windows\System\LTNWFoU.exe
  2⤵
  PID:5780
- C:\Windows\System\gWmttLS.exe
  C:\Windows\System\gWmttLS.exe
  2⤵
  PID:6268
- C:\Windows\System\vTasETQ.exe
  C:\Windows\System\vTasETQ.exe
  2⤵
  PID:6592
- C:\Windows\System\BSHSCFi.exe
  C:\Windows\System\BSHSCFi.exe
  2⤵
  PID:6772
- C:\Windows\System\RsEeXCe.exe
  C:\Windows\System\RsEeXCe.exe
  2⤵
  PID:6888
- C:\Windows\System\utOlyYZ.exe
  C:\Windows\System\utOlyYZ.exe
  2⤵
  PID:7164
- C:\Windows\System\wrtLJSc.exe
  C:\Windows\System\wrtLJSc.exe
  2⤵
  PID:6472
- C:\Windows\System\zZfGSId.exe
  C:\Windows\System\zZfGSId.exe
  2⤵
  PID:6988
- C:\Windows\System\nJtshho.exe
  C:\Windows\System\nJtshho.exe
  2⤵
  PID:7152
- C:\Windows\System\IlQgEfx.exe
  C:\Windows\System\IlQgEfx.exe
  2⤵
  PID:7204
- C:\Windows\System\hhOMFpo.exe
  C:\Windows\System\hhOMFpo.exe
  2⤵
  PID:7292
- C:\Windows\System\RBRHDHD.exe
  C:\Windows\System\RBRHDHD.exe
  2⤵
  PID:7328
- C:\Windows\System\muUudKk.exe
  C:\Windows\System\muUudKk.exe
  2⤵
  PID:7364
- C:\Windows\System\UPCXfLO.exe
  C:\Windows\System\UPCXfLO.exe
  2⤵
  PID:7380
- C:\Windows\System\fxzyZHN.exe
  C:\Windows\System\fxzyZHN.exe
  2⤵
  PID:7404
- C:\Windows\System\soOCAUK.exe
  C:\Windows\System\soOCAUK.exe
  2⤵
  PID:7424
- C:\Windows\System\NDZtTjv.exe
  C:\Windows\System\NDZtTjv.exe
  2⤵
  PID:7460
- C:\Windows\System\ZdDGhBM.exe
  C:\Windows\System\ZdDGhBM.exe
  2⤵
  PID:7496
- C:\Windows\System\VPrQkcC.exe
  C:\Windows\System\VPrQkcC.exe
  2⤵
  PID:7536
- C:\Windows\System\HpzUDwB.exe
  C:\Windows\System\HpzUDwB.exe
  2⤵
  PID:7568
- C:\Windows\System\XLXmrUb.exe
  C:\Windows\System\XLXmrUb.exe
  2⤵
  PID:7596
- C:\Windows\System\urAFpKZ.exe
  C:\Windows\System\urAFpKZ.exe
  2⤵
  PID:7624
- C:\Windows\System\cgoYNsu.exe
  C:\Windows\System\cgoYNsu.exe
  2⤵
  PID:7652
- C:\Windows\System\KMWuPxw.exe
  C:\Windows\System\KMWuPxw.exe
  2⤵
  PID:7680
- C:\Windows\System\numakaI.exe
  C:\Windows\System\numakaI.exe
  2⤵
  PID:7716
- C:\Windows\System\kXyOcFv.exe
  C:\Windows\System\kXyOcFv.exe
  2⤵
  PID:7744
- C:\Windows\System\PnmnGFo.exe
  C:\Windows\System\PnmnGFo.exe
  2⤵
  PID:7772
- C:\Windows\System\hwuzwTJ.exe
  C:\Windows\System\hwuzwTJ.exe
  2⤵
  PID:7796
- C:\Windows\System\hWqeYOj.exe
  C:\Windows\System\hWqeYOj.exe
  2⤵
  PID:7828
- C:\Windows\System\oaWUmJc.exe
  C:\Windows\System\oaWUmJc.exe
  2⤵
  PID:7856
- C:\Windows\System\jKxrqSE.exe
  C:\Windows\System\jKxrqSE.exe
  2⤵
  PID:7884
- C:\Windows\System\xvlZXgh.exe
  C:\Windows\System\xvlZXgh.exe
  2⤵
  PID:7912
- C:\Windows\System\pwgSFCy.exe
  C:\Windows\System\pwgSFCy.exe
  2⤵
  PID:7944
- C:\Windows\System\jtAsbas.exe
  C:\Windows\System\jtAsbas.exe
  2⤵
  PID:7968
- C:\Windows\System\CtOfVaO.exe
  C:\Windows\System\CtOfVaO.exe
  2⤵
  PID:7996
- C:\Windows\System\ZMUCfhM.exe
  C:\Windows\System\ZMUCfhM.exe
  2⤵
  PID:8016
- C:\Windows\System\jTQfeJB.exe
  C:\Windows\System\jTQfeJB.exe
  2⤵
  PID:8036
- C:\Windows\System\kPjxhir.exe
  C:\Windows\System\kPjxhir.exe
  2⤵
  PID:8080
- C:\Windows\System\MvjgmQF.exe
  C:\Windows\System\MvjgmQF.exe
  2⤵
  PID:8108
- C:\Windows\System\OVibPPW.exe
  C:\Windows\System\OVibPPW.exe
  2⤵
  PID:8136
- C:\Windows\System\fhYAJbk.exe
  C:\Windows\System\fhYAJbk.exe
  2⤵
  PID:8164
- C:\Windows\System\SMkOfSG.exe
  C:\Windows\System\SMkOfSG.exe
  2⤵
  PID:8184
- C:\Windows\System\ZbHAGrl.exe
  C:\Windows\System\ZbHAGrl.exe
  2⤵
  PID:2292
- C:\Windows\System\XbBMxql.exe
  C:\Windows\System\XbBMxql.exe
  2⤵
  PID:7268
- C:\Windows\System\UDZmrhH.exe
  C:\Windows\System\UDZmrhH.exe
  2⤵
  PID:6884
- C:\Windows\System\UYHIYvS.exe
  C:\Windows\System\UYHIYvS.exe
  2⤵
  PID:7436
- C:\Windows\System\SfLeKdj.exe
  C:\Windows\System\SfLeKdj.exe
  2⤵
  PID:7448
- C:\Windows\System\DqbkPzg.exe
  C:\Windows\System\DqbkPzg.exe
  2⤵
  PID:7588
- C:\Windows\System\VnORAsU.exe
  C:\Windows\System\VnORAsU.exe
  2⤵
  PID:7640
- C:\Windows\System\sLizsHb.exe
  C:\Windows\System\sLizsHb.exe
  2⤵
  PID:7672
- C:\Windows\System\ztNwsbN.exe
  C:\Windows\System\ztNwsbN.exe
  2⤵
  PID:6948
- C:\Windows\System\mOzlrqY.exe
  C:\Windows\System\mOzlrqY.exe
  2⤵
  PID:7840
- C:\Windows\System\JQtwbgE.exe
  C:\Windows\System\JQtwbgE.exe
  2⤵
  PID:7904
- C:\Windows\System\PoUlomD.exe
  C:\Windows\System\PoUlomD.exe
  2⤵
  PID:7980
- C:\Windows\System\TCfTaAG.exe
  C:\Windows\System\TCfTaAG.exe
  2⤵
  PID:8004
- C:\Windows\System\KsraaTS.exe
  C:\Windows\System\KsraaTS.exe
  2⤵
  PID:8100
- C:\Windows\System\gYCsyZi.exe
  C:\Windows\System\gYCsyZi.exe
  2⤵
  PID:8148
- C:\Windows\System\JpTQusi.exe
  C:\Windows\System\JpTQusi.exe
  2⤵
  PID:6792
- C:\Windows\System\TBDBNoD.exe
  C:\Windows\System\TBDBNoD.exe
  2⤵
  PID:7336
- C:\Windows\System\ylGgbEx.exe
  C:\Windows\System\ylGgbEx.exe
  2⤵
  PID:7560
- C:\Windows\System\xBjHTpw.exe
  C:\Windows\System\xBjHTpw.exe
  2⤵
  PID:7764
- C:\Windows\System\nFPwLWF.exe
  C:\Windows\System\nFPwLWF.exe
  2⤵
  PID:7880
- C:\Windows\System\ZNGLfIB.exe
  C:\Windows\System\ZNGLfIB.exe
  2⤵
  PID:8128
- C:\Windows\System\dEkIDpE.exe
  C:\Windows\System\dEkIDpE.exe
  2⤵
  PID:6648
- C:\Windows\System\FbUKSlS.exe
  C:\Windows\System\FbUKSlS.exe
  2⤵
  PID:7372
- C:\Windows\System\AVioHLo.exe
  C:\Windows\System\AVioHLo.exe
  2⤵
  PID:7964
- C:\Windows\System\AWsSVRj.exe
  C:\Windows\System\AWsSVRj.exe
  2⤵
  PID:8068
- C:\Windows\System\WQODZRD.exe
  C:\Windows\System\WQODZRD.exe
  2⤵
  PID:8056
- C:\Windows\System\BBIBtqJ.exe
  C:\Windows\System\BBIBtqJ.exe
  2⤵
  PID:8212
- C:\Windows\System\tEyloKb.exe
  C:\Windows\System\tEyloKb.exe
  2⤵
  PID:8240
- C:\Windows\System\gpIpfvo.exe
  C:\Windows\System\gpIpfvo.exe
  2⤵
  PID:8276
- C:\Windows\System\vwpuGQP.exe
  C:\Windows\System\vwpuGQP.exe
  2⤵
  PID:8332
- C:\Windows\System\EbUfHwb.exe
  C:\Windows\System\EbUfHwb.exe
  2⤵
  PID:8368
- C:\Windows\System\DLmDxlN.exe
  C:\Windows\System\DLmDxlN.exe
  2⤵
  PID:8400
- C:\Windows\System\ngrZnjM.exe
  C:\Windows\System\ngrZnjM.exe
  2⤵
  PID:8428
- C:\Windows\System\wlsUcbu.exe
  C:\Windows\System\wlsUcbu.exe
  2⤵
  PID:8448
- C:\Windows\System\KacrgsR.exe
  C:\Windows\System\KacrgsR.exe
  2⤵
  PID:8476
- C:\Windows\System\ARkQiNB.exe
  C:\Windows\System\ARkQiNB.exe
  2⤵
  PID:8492
- C:\Windows\System\ZgGfsoQ.exe
  C:\Windows\System\ZgGfsoQ.exe
  2⤵
  PID:8532
- C:\Windows\System\QgbEYxi.exe
  C:\Windows\System\QgbEYxi.exe
  2⤵
  PID:8564
- C:\Windows\System\oLhZFwV.exe
  C:\Windows\System\oLhZFwV.exe
  2⤵
  PID:8600
- C:\Windows\System\vEIYysZ.exe
  C:\Windows\System\vEIYysZ.exe
  2⤵
  PID:8620
- C:\Windows\System\KsjjoEk.exe
  C:\Windows\System\KsjjoEk.exe
  2⤵
  PID:8660
- C:\Windows\System\goIYzWV.exe
  C:\Windows\System\goIYzWV.exe
  2⤵
  PID:8680
- C:\Windows\System\WWdxNzC.exe
  C:\Windows\System\WWdxNzC.exe
  2⤵
  PID:8708
- C:\Windows\System\xDQUEOK.exe
  C:\Windows\System\xDQUEOK.exe
  2⤵
  PID:8748
- C:\Windows\System\sNbkUmP.exe
  C:\Windows\System\sNbkUmP.exe
  2⤵
  PID:8780
- C:\Windows\System\fNXaYmD.exe
  C:\Windows\System\fNXaYmD.exe
  2⤵
  PID:8824
- C:\Windows\System\gNwrHhm.exe
  C:\Windows\System\gNwrHhm.exe
  2⤵
  PID:8876
- C:\Windows\System\ievWFsG.exe
  C:\Windows\System\ievWFsG.exe
  2⤵
  PID:8892
- C:\Windows\System\ZiJHUik.exe
  C:\Windows\System\ZiJHUik.exe
  2⤵
  PID:8924
- C:\Windows\System\WXCCpRr.exe
  C:\Windows\System\WXCCpRr.exe
  2⤵
  PID:8980
- C:\Windows\System\PsIKVXO.exe
  C:\Windows\System\PsIKVXO.exe
  2⤵
  PID:9000
- C:\Windows\System\kZZdzbz.exe
  C:\Windows\System\kZZdzbz.exe
  2⤵
  PID:9028
- C:\Windows\System\eBZuHBo.exe
  C:\Windows\System\eBZuHBo.exe
  2⤵
  PID:9068
- C:\Windows\System\wqRjTdY.exe
  C:\Windows\System\wqRjTdY.exe
  2⤵
  PID:9120
- C:\Windows\System\skaTaxv.exe
  C:\Windows\System\skaTaxv.exe
  2⤵
  PID:9136
- C:\Windows\System\OfoPNud.exe
  C:\Windows\System\OfoPNud.exe
  2⤵
  PID:9152
- C:\Windows\System\gMTWOtt.exe
  C:\Windows\System\gMTWOtt.exe
  2⤵
  PID:9196
- C:\Windows\System\XyXbBAW.exe
  C:\Windows\System\XyXbBAW.exe
  2⤵
  PID:7844
- C:\Windows\System\zpchGrd.exe
  C:\Windows\System\zpchGrd.exe
  2⤵
  PID:8292
- C:\Windows\System\ZRTEqTq.exe
  C:\Windows\System\ZRTEqTq.exe
  2⤵
  PID:8392
- C:\Windows\System\HZvKkNn.exe
  C:\Windows\System\HZvKkNn.exe
  2⤵
  PID:8460
- C:\Windows\System\eXNqXMm.exe
  C:\Windows\System\eXNqXMm.exe
  2⤵
  PID:8560
- C:\Windows\System\dqktTOQ.exe
  C:\Windows\System\dqktTOQ.exe
  2⤵
  PID:8640
- C:\Windows\System\qbVTWvK.exe
  C:\Windows\System\qbVTWvK.exe
  2⤵
  PID:8672
- C:\Windows\System\Rhwofoq.exe
  C:\Windows\System\Rhwofoq.exe
  2⤵
  PID:8760
- C:\Windows\System\FcKTwXH.exe
  C:\Windows\System\FcKTwXH.exe
  2⤵
  PID:8812
- C:\Windows\System\nbivaoz.exe
  C:\Windows\System\nbivaoz.exe
  2⤵
  PID:8936
- C:\Windows\System\sqozYTT.exe
  C:\Windows\System\sqozYTT.exe
  2⤵
  PID:9016
- C:\Windows\System\IIdADMW.exe
  C:\Windows\System\IIdADMW.exe
  2⤵
  PID:9076
- C:\Windows\System\YZXtJPM.exe
  C:\Windows\System\YZXtJPM.exe
  2⤵
  PID:9168
- C:\Windows\System\EMQuDLq.exe
  C:\Windows\System\EMQuDLq.exe
  2⤵
  PID:8264
- C:\Windows\System\BaABwze.exe
  C:\Windows\System\BaABwze.exe
  2⤵
  PID:8440
- C:\Windows\System\AwEARAC.exe
  C:\Windows\System\AwEARAC.exe
  2⤵
  PID:8652
- C:\Windows\System\QEZoCAa.exe
  C:\Windows\System\QEZoCAa.exe
  2⤵
  PID:8768
- C:\Windows\System\ZcjCnGr.exe
  C:\Windows\System\ZcjCnGr.exe
  2⤵
  PID:8884
- C:\Windows\System\wjAuueK.exe
  C:\Windows\System\wjAuueK.exe
  2⤵
  PID:9112
- C:\Windows\System\brPqNuJ.exe
  C:\Windows\System\brPqNuJ.exe
  2⤵
  PID:8548
- C:\Windows\System\ydyOzRz.exe
  C:\Windows\System\ydyOzRz.exe
  2⤵
  PID:8908
- C:\Windows\System\GpdEYLe.exe
  C:\Windows\System\GpdEYLe.exe
  2⤵
  PID:8364
- C:\Windows\System\HaqBAVZ.exe
  C:\Windows\System\HaqBAVZ.exe
  2⤵
  PID:9224
- C:\Windows\System\MDwUyos.exe
  C:\Windows\System\MDwUyos.exe
  2⤵
  PID:9240
- C:\Windows\System\gwUcBXS.exe
  C:\Windows\System\gwUcBXS.exe
  2⤵
  PID:9268
- C:\Windows\System\qOZzJUG.exe
  C:\Windows\System\qOZzJUG.exe
  2⤵
  PID:9304
- C:\Windows\System\AkISFqD.exe
  C:\Windows\System\AkISFqD.exe
  2⤵
  PID:9336
- C:\Windows\System\ZSiEChl.exe
  C:\Windows\System\ZSiEChl.exe
  2⤵
  PID:9364
- C:\Windows\System\VQDZxJS.exe
  C:\Windows\System\VQDZxJS.exe
  2⤵
  PID:9384
- C:\Windows\System\svFZdJq.exe
  C:\Windows\System\svFZdJq.exe
  2⤵
  PID:9400
- C:\Windows\System\xaTnUwY.exe
  C:\Windows\System\xaTnUwY.exe
  2⤵
  PID:9424
- C:\Windows\System\ldqOLGU.exe
  C:\Windows\System\ldqOLGU.exe
  2⤵
  PID:9476
- C:\Windows\System\ecFSGby.exe
  C:\Windows\System\ecFSGby.exe
  2⤵
  PID:9508
- C:\Windows\System\ucPhwiC.exe
  C:\Windows\System\ucPhwiC.exe
  2⤵
  PID:9524
- C:\Windows\System\EpXEoub.exe
  C:\Windows\System\EpXEoub.exe
  2⤵
  PID:9564
- C:\Windows\System\KztIZYV.exe
  C:\Windows\System\KztIZYV.exe
  2⤵
  PID:9584
- C:\Windows\System\VWtpquW.exe
  C:\Windows\System\VWtpquW.exe
  2⤵
  PID:9612
- C:\Windows\System\oGYfQbB.exe
  C:\Windows\System\oGYfQbB.exe
  2⤵
  PID:9652
- C:\Windows\System\PjqGpRp.exe
  C:\Windows\System\PjqGpRp.exe
  2⤵
  PID:9676
- C:\Windows\System\qAMhSwj.exe
  C:\Windows\System\qAMhSwj.exe
  2⤵
  PID:9700
- C:\Windows\System\OPfobGf.exe
  C:\Windows\System\OPfobGf.exe
  2⤵
  PID:9732
- C:\Windows\System\PmWQjoj.exe
  C:\Windows\System\PmWQjoj.exe
  2⤵
  PID:9756
- C:\Windows\System\ffbvnLO.exe
  C:\Windows\System\ffbvnLO.exe
  2⤵
  PID:9788
- C:\Windows\System\IzIPzqM.exe
  C:\Windows\System\IzIPzqM.exe
  2⤵
  PID:9816
- C:\Windows\System\VQCKTrm.exe
  C:\Windows\System\VQCKTrm.exe
  2⤵
  PID:9844
- C:\Windows\System\oZqihkG.exe
  C:\Windows\System\oZqihkG.exe
  2⤵
  PID:9872
- C:\Windows\System\OmLaSxK.exe
  C:\Windows\System\OmLaSxK.exe
  2⤵
  PID:9900
- C:\Windows\System\KXfEJPQ.exe
  C:\Windows\System\KXfEJPQ.exe
  2⤵
  PID:9928
- C:\Windows\System\wczykLY.exe
  C:\Windows\System\wczykLY.exe
  2⤵
  PID:9956
- C:\Windows\System\qbOtkIi.exe
  C:\Windows\System\qbOtkIi.exe
  2⤵
  PID:9984
- C:\Windows\System\wMcksWC.exe
  C:\Windows\System\wMcksWC.exe
  2⤵
  PID:10012
- C:\Windows\System\ThgHbNs.exe
  C:\Windows\System\ThgHbNs.exe
  2⤵
  PID:10040
- C:\Windows\System\ZqbzFxC.exe
  C:\Windows\System\ZqbzFxC.exe
  2⤵
  PID:10056
- C:\Windows\System\YgHyUCM.exe
  C:\Windows\System\YgHyUCM.exe
  2⤵
  PID:10084
- C:\Windows\System\JNOVlQJ.exe
  C:\Windows\System\JNOVlQJ.exe
  2⤵
  PID:10124
- C:\Windows\System\oKytMeq.exe
  C:\Windows\System\oKytMeq.exe
  2⤵
  PID:10140
- C:\Windows\System\QEcDLOH.exe
  C:\Windows\System\QEcDLOH.exe
  2⤵
  PID:10168
- C:\Windows\System\iMLizmj.exe
  C:\Windows\System\iMLizmj.exe
  2⤵
  PID:10196
- C:\Windows\System\BFUYJlV.exe
  C:\Windows\System\BFUYJlV.exe
  2⤵
  PID:10216
- C:\Windows\System\fLEsgZF.exe
  C:\Windows\System\fLEsgZF.exe
  2⤵
  PID:9236
- C:\Windows\System\FXbNGAj.exe
  C:\Windows\System\FXbNGAj.exe
  2⤵
  PID:9300
- C:\Windows\System\uJVLRTW.exe
  C:\Windows\System\uJVLRTW.exe
  2⤵
  PID:9332
- C:\Windows\System\tBzWNED.exe
  C:\Windows\System\tBzWNED.exe
  2⤵
  PID:9380
- C:\Windows\System\hwrHBkJ.exe
  C:\Windows\System\hwrHBkJ.exe
  2⤵
  PID:9464
- C:\Windows\System\dACNQGn.exe
  C:\Windows\System\dACNQGn.exe
  2⤵
  PID:9560
- C:\Windows\System\hSNbCKm.exe
  C:\Windows\System\hSNbCKm.exe
  2⤵
  PID:9600
- C:\Windows\System\SMsplTw.exe
  C:\Windows\System\SMsplTw.exe
  2⤵
  PID:9696
- C:\Windows\System\YWKRGsK.exe
  C:\Windows\System\YWKRGsK.exe
  2⤵
  PID:9740
- C:\Windows\System\zpqyDSL.exe
  C:\Windows\System\zpqyDSL.exe
  2⤵
  PID:9828
- C:\Windows\System\ngksCkP.exe
  C:\Windows\System\ngksCkP.exe
  2⤵
  PID:9888
- C:\Windows\System\uJNowlm.exe
  C:\Windows\System\uJNowlm.exe
  2⤵
  PID:9968
- C:\Windows\System\qPiXBFq.exe
  C:\Windows\System\qPiXBFq.exe
  2⤵
  PID:10008
- C:\Windows\System\PCXQMcY.exe
  C:\Windows\System\PCXQMcY.exe
  2⤵
  PID:10104
- C:\Windows\System\DntQskv.exe
  C:\Windows\System\DntQskv.exe
  2⤵
  PID:10136
- C:\Windows\System\TxBvWKg.exe
  C:\Windows\System\TxBvWKg.exe
  2⤵
  PID:9056
- C:\Windows\System\EofDQBe.exe
  C:\Windows\System\EofDQBe.exe
  2⤵
  PID:9252
- C:\Windows\System\PuOhiEM.exe
  C:\Windows\System\PuOhiEM.exe
  2⤵
  PID:9496
- C:\Windows\System\DynBPdx.exe
  C:\Windows\System\DynBPdx.exe
  2⤵
  PID:9632
- C:\Windows\System\PEFLUTi.exe
  C:\Windows\System\PEFLUTi.exe
  2⤵
  PID:9836
- C:\Windows\System\ADLnDZV.exe
  C:\Windows\System\ADLnDZV.exe
  2⤵
  PID:9940
- C:\Windows\System\GfHdqpW.exe
  C:\Windows\System\GfHdqpW.exe
  2⤵
  PID:10100
- C:\Windows\System\ivffDlj.exe
  C:\Windows\System\ivffDlj.exe
  2⤵
  PID:10212
- C:\Windows\System\oKcSRVP.exe
  C:\Windows\System\oKcSRVP.exe
  2⤵
  PID:9520
- C:\Windows\System\YDqSjqU.exe
  C:\Windows\System\YDqSjqU.exe
  2⤵
  PID:9808
- C:\Windows\System\IhPfDgE.exe
  C:\Windows\System\IhPfDgE.exe
  2⤵
  PID:9284
- C:\Windows\System\IfMerXw.exe
  C:\Windows\System\IfMerXw.exe
  2⤵
  PID:10072
- C:\Windows\System\raBuyQF.exe
  C:\Windows\System\raBuyQF.exe
  2⤵
  PID:10252
- C:\Windows\System\oqxRgLY.exe
  C:\Windows\System\oqxRgLY.exe
  2⤵
  PID:10280
- C:\Windows\System\xaULkJt.exe
  C:\Windows\System\xaULkJt.exe
  2⤵
  PID:10308
- C:\Windows\System\gSWHKDV.exe
  C:\Windows\System\gSWHKDV.exe
  2⤵
  PID:10324
- C:\Windows\System\IEJiItE.exe
  C:\Windows\System\IEJiItE.exe
  2⤵
  PID:10352
- C:\Windows\System\GyUspMS.exe
  C:\Windows\System\GyUspMS.exe
  2⤵
  PID:10384
- C:\Windows\System\DPgROqm.exe
  C:\Windows\System\DPgROqm.exe
  2⤵
  PID:10420
- C:\Windows\System\yIGVkNJ.exe
  C:\Windows\System\yIGVkNJ.exe
  2⤵
  PID:10448
- C:\Windows\System\ffAjZyz.exe
  C:\Windows\System\ffAjZyz.exe
  2⤵
  PID:10464
- C:\Windows\System\mWqYarg.exe
  C:\Windows\System\mWqYarg.exe
  2⤵
  PID:10492
- C:\Windows\System\iBUvsZU.exe
  C:\Windows\System\iBUvsZU.exe
  2⤵
  PID:10508
- C:\Windows\System\xLANKXv.exe
  C:\Windows\System\xLANKXv.exe
  2⤵
  PID:10544
- C:\Windows\System\yucYaOu.exe
  C:\Windows\System\yucYaOu.exe
  2⤵
  PID:10584
- C:\Windows\System\CvOGiLv.exe
  C:\Windows\System\CvOGiLv.exe
  2⤵
  PID:10616
- C:\Windows\System\RnwxNwV.exe
  C:\Windows\System\RnwxNwV.exe
  2⤵
  PID:10652
- C:\Windows\System\kSItKJh.exe
  C:\Windows\System\kSItKJh.exe
  2⤵
  PID:10672
- C:\Windows\System\MLtKBZy.exe
  C:\Windows\System\MLtKBZy.exe
  2⤵
  PID:10708
- C:\Windows\System\gdaCPco.exe
  C:\Windows\System\gdaCPco.exe
  2⤵
  PID:10756
- C:\Windows\System\sluqIkU.exe
  C:\Windows\System\sluqIkU.exe
  2⤵
  PID:10776
- C:\Windows\System\iVnNpxi.exe
  C:\Windows\System\iVnNpxi.exe
  2⤵
  PID:10808
- C:\Windows\System\iPbhlIt.exe
  C:\Windows\System\iPbhlIt.exe
  2⤵
  PID:10836
- C:\Windows\System\AoxgytU.exe
  C:\Windows\System\AoxgytU.exe
  2⤵
  PID:10876
- C:\Windows\System\ATcNieG.exe
  C:\Windows\System\ATcNieG.exe
  2⤵
  PID:10904
- C:\Windows\System\DDTmecl.exe
  C:\Windows\System\DDTmecl.exe
  2⤵
  PID:10920
- C:\Windows\System\DMBMFOw.exe
  C:\Windows\System\DMBMFOw.exe
  2⤵
  PID:10960
- C:\Windows\System\uXBgNFP.exe
  C:\Windows\System\uXBgNFP.exe
  2⤵
  PID:10988
- C:\Windows\System\QdimnMa.exe
  C:\Windows\System\QdimnMa.exe
  2⤵
  PID:11016
- C:\Windows\System\RIuBOiO.exe
  C:\Windows\System\RIuBOiO.exe
  2⤵
  PID:11032
- C:\Windows\System\eCAjCwt.exe
  C:\Windows\System\eCAjCwt.exe
  2⤵
  PID:11056
- C:\Windows\System\jQoXGRt.exe
  C:\Windows\System\jQoXGRt.exe
  2⤵
  PID:11084
- C:\Windows\System\ByarJAJ.exe
  C:\Windows\System\ByarJAJ.exe
  2⤵
  PID:11128
- C:\Windows\System\XJLbSPf.exe
  C:\Windows\System\XJLbSPf.exe
  2⤵
  PID:11152
- C:\Windows\System\GSzhBRx.exe
  C:\Windows\System\GSzhBRx.exe
  2⤵
  PID:11172
- C:\Windows\System\uvjlSpz.exe
  C:\Windows\System\uvjlSpz.exe
  2⤵
  PID:11212
- C:\Windows\System\hVhjjiG.exe
  C:\Windows\System\hVhjjiG.exe
  2⤵
  PID:11240
- C:\Windows\System\sEGKsrU.exe
  C:\Windows\System\sEGKsrU.exe
  2⤵
  PID:9684
- C:\Windows\System\JawENGZ.exe
  C:\Windows\System\JawENGZ.exe
  2⤵
  PID:10292
- C:\Windows\System\hJurxjC.exe
  C:\Windows\System\hJurxjC.exe
  2⤵
  PID:10348
- C:\Windows\System\MgbUZDv.exe
  C:\Windows\System\MgbUZDv.exe
  2⤵
  PID:10412
- C:\Windows\System\UbwMyYs.exe
  C:\Windows\System\UbwMyYs.exe
  2⤵
  PID:10500
- C:\Windows\System\zJlZyzt.exe
  C:\Windows\System\zJlZyzt.exe
  2⤵
  PID:10532
- C:\Windows\System\qKhWuGd.exe
  C:\Windows\System\qKhWuGd.exe
  2⤵
  PID:10624
- C:\Windows\System\vYOltvu.exe
  C:\Windows\System\vYOltvu.exe
  2⤵
  PID:10720
- C:\Windows\System\lPiZOSH.exe
  C:\Windows\System\lPiZOSH.exe
  2⤵
  PID:10804
- C:\Windows\System\WICEiLs.exe
  C:\Windows\System\WICEiLs.exe
  2⤵
  PID:10832
- C:\Windows\System\DugYTnG.exe
  C:\Windows\System\DugYTnG.exe
  2⤵
  PID:10900
- C:\Windows\System\ZyPaCVN.exe
  C:\Windows\System\ZyPaCVN.exe
  2⤵
  PID:10956
- C:\Windows\System\lChGvlI.exe
  C:\Windows\System\lChGvlI.exe
  2⤵
  PID:11012
- C:\Windows\System\dCHKRxz.exe
  C:\Windows\System\dCHKRxz.exe
  2⤵
  PID:11080
- C:\Windows\System\iLojJEp.exe
  C:\Windows\System\iLojJEp.exe
  2⤵
  PID:11140
- C:\Windows\System\ptRHFgX.exe
  C:\Windows\System\ptRHFgX.exe
  2⤵
  PID:11168
- C:\Windows\System\FxjZiWQ.exe
  C:\Windows\System\FxjZiWQ.exe
  2⤵
  PID:10132
- C:\Windows\System\RlLltdq.exe
  C:\Windows\System\RlLltdq.exe
  2⤵
  PID:10484
- C:\Windows\System\RDXiROr.exe
  C:\Windows\System\RDXiROr.exe
  2⤵
  PID:10692
- C:\Windows\System\nGPOPSB.exe
  C:\Windows\System\nGPOPSB.exe
  2⤵
  PID:10820
- C:\Windows\System\itiGKSo.exe
  C:\Windows\System\itiGKSo.exe
  2⤵
  PID:10952
- C:\Windows\System\ntcJfFu.exe
  C:\Windows\System\ntcJfFu.exe
  2⤵
  PID:11108
- C:\Windows\System\zImvHZU.exe
  C:\Windows\System\zImvHZU.exe
  2⤵
  PID:11228
- C:\Windows\System\AqqErsx.exe
  C:\Windows\System\AqqErsx.exe
  2⤵
  PID:10296
- C:\Windows\System\qRflvuL.exe
  C:\Windows\System\qRflvuL.exe
  2⤵
  PID:10980
- C:\Windows\System\YHlkyjj.exe
  C:\Windows\System\YHlkyjj.exe
  2⤵
  PID:10404
- C:\Windows\System\zdrWiqQ.exe
  C:\Windows\System\zdrWiqQ.exe
  2⤵
  PID:11236
- C:\Windows\System\jhvIzUe.exe
  C:\Windows\System\jhvIzUe.exe
  2⤵
  PID:11280
- C:\Windows\System\eiQewgt.exe
  C:\Windows\System\eiQewgt.exe
  2⤵
  PID:11296
- C:\Windows\System\JZaAcDB.exe
  C:\Windows\System\JZaAcDB.exe
  2⤵
  PID:11324
- C:\Windows\System\suScxmy.exe
  C:\Windows\System\suScxmy.exe
  2⤵
  PID:11364
- C:\Windows\System\CAgDxPz.exe
  C:\Windows\System\CAgDxPz.exe
  2⤵
  PID:11392
- C:\Windows\System\YqWPDUo.exe
  C:\Windows\System\YqWPDUo.exe
  2⤵
  PID:11408
- C:\Windows\System\XeQwdLE.exe
  C:\Windows\System\XeQwdLE.exe
  2⤵
  PID:11436
- C:\Windows\System\tJBFIIM.exe
  C:\Windows\System\tJBFIIM.exe
  2⤵
  PID:11464
- C:\Windows\System\LZAyPEO.exe
  C:\Windows\System\LZAyPEO.exe
  2⤵
  PID:11504
- C:\Windows\System\zXLwOgO.exe
  C:\Windows\System\zXLwOgO.exe
  2⤵
  PID:11520
- C:\Windows\System\YzXaVdc.exe
  C:\Windows\System\YzXaVdc.exe
  2⤵
  PID:11548
- C:\Windows\System\XUFQELr.exe
  C:\Windows\System\XUFQELr.exe
  2⤵
  PID:11576
- C:\Windows\System\ZftrgFV.exe
  C:\Windows\System\ZftrgFV.exe
  2⤵
  PID:11604
- C:\Windows\System\CloNvqw.exe
  C:\Windows\System\CloNvqw.exe
  2⤵
  PID:11644
- C:\Windows\System\MtqCllQ.exe
  C:\Windows\System\MtqCllQ.exe
  2⤵
  PID:11668
- C:\Windows\System\XjVBEDB.exe
  C:\Windows\System\XjVBEDB.exe
  2⤵
  PID:11688
- C:\Windows\System\PMuNgTF.exe
  C:\Windows\System\PMuNgTF.exe
  2⤵
  PID:11704
- C:\Windows\System\fsdmFpM.exe
  C:\Windows\System\fsdmFpM.exe
  2⤵
  PID:11724
- C:\Windows\System\LOXplDb.exe
  C:\Windows\System\LOXplDb.exe
  2⤵
  PID:11748
- C:\Windows\System\uEJeqPs.exe
  C:\Windows\System\uEJeqPs.exe
  2⤵
  PID:11820
- C:\Windows\System\eQqqDKe.exe
  C:\Windows\System\eQqqDKe.exe
  2⤵
  PID:11852
- C:\Windows\System\bfeGHre.exe
  C:\Windows\System\bfeGHre.exe
  2⤵
  PID:11872
- C:\Windows\System\ZwPwRor.exe
  C:\Windows\System\ZwPwRor.exe
  2⤵
  PID:11900
- C:\Windows\System\rRVtoVR.exe
  C:\Windows\System\rRVtoVR.exe
  2⤵
  PID:11940
- C:\Windows\System\RlxTtOw.exe
  C:\Windows\System\RlxTtOw.exe
  2⤵
  PID:11972
- C:\Windows\System\dftxFiL.exe
  C:\Windows\System\dftxFiL.exe
  2⤵
  PID:12000
- C:\Windows\System\iIOaNxf.exe
  C:\Windows\System\iIOaNxf.exe
  2⤵
  PID:12020
- C:\Windows\System\xlbtFXM.exe
  C:\Windows\System\xlbtFXM.exe
  2⤵
  PID:12068
- C:\Windows\System\bLxMjXW.exe
  C:\Windows\System\bLxMjXW.exe
  2⤵
  PID:12096
- C:\Windows\System\NjFRvRL.exe
  C:\Windows\System\NjFRvRL.exe
  2⤵
  PID:12124
- C:\Windows\System\wZxEmay.exe
  C:\Windows\System\wZxEmay.exe
  2⤵
  PID:12156
- C:\Windows\System\lubjEWP.exe
  C:\Windows\System\lubjEWP.exe
  2⤵
  PID:12184
- C:\Windows\System\flfoJFh.exe
  C:\Windows\System\flfoJFh.exe
  2⤵
  PID:12212
- C:\Windows\System\rnnWCWa.exe
  C:\Windows\System\rnnWCWa.exe
  2⤵
  PID:12228
- C:\Windows\System\QvUAwHZ.exe
  C:\Windows\System\QvUAwHZ.exe
  2⤵
  PID:12264
- C:\Windows\System\XqhHVTi.exe
  C:\Windows\System\XqhHVTi.exe
  2⤵
  PID:12284
- C:\Windows\System\JMgsplz.exe
  C:\Windows\System\JMgsplz.exe
  2⤵
  PID:11308
- C:\Windows\System\jPHHBsh.exe
  C:\Windows\System\jPHHBsh.exe
  2⤵
  PID:11404
- C:\Windows\System\AQQvbFc.exe
  C:\Windows\System\AQQvbFc.exe
  2⤵
  PID:11448
- C:\Windows\System\cZSutVQ.exe
  C:\Windows\System\cZSutVQ.exe
  2⤵
  PID:11516
- C:\Windows\System\UgXCsgv.exe
  C:\Windows\System\UgXCsgv.exe
  2⤵
  PID:11588
- C:\Windows\System\RCYMskd.exe
  C:\Windows\System\RCYMskd.exe
  2⤵
  PID:11660
- C:\Windows\System\KoFxmXo.exe
  C:\Windows\System\KoFxmXo.exe
  2⤵
  PID:11680
- C:\Windows\System\SEXLMHL.exe
  C:\Windows\System\SEXLMHL.exe
  2⤵
  PID:11772
- C:\Windows\System\EcPQYXA.exe
  C:\Windows\System\EcPQYXA.exe
  2⤵
  PID:11928
- C:\Windows\System\WmNLCXR.exe
  C:\Windows\System\WmNLCXR.exe
  2⤵
  PID:11916
- C:\Windows\System\xitmAFH.exe
  C:\Windows\System\xitmAFH.exe
  2⤵
  PID:11960
- C:\Windows\System\rlcnEXC.exe
  C:\Windows\System\rlcnEXC.exe
  2⤵
  PID:12028
- C:\Windows\System\tBlSUtn.exe
  C:\Windows\System\tBlSUtn.exe
  2⤵
  PID:12084
- C:\Windows\System\CzimBqM.exe
  C:\Windows\System\CzimBqM.exe
  2⤵
  PID:12172
- C:\Windows\System\BfEsLFN.exe
  C:\Windows\System\BfEsLFN.exe
  2⤵
  PID:12244
- C:\Windows\System\ZUHWfbm.exe
  C:\Windows\System\ZUHWfbm.exe
  2⤵
  PID:12276
- C:\Windows\System\vhXAMyh.exe
  C:\Windows\System\vhXAMyh.exe
  2⤵
  PID:11484
- C:\Windows\System\MvsfsIy.exe
  C:\Windows\System\MvsfsIy.exe
  2⤵
  PID:11684
- C:\Windows\System\cyGWynU.exe
  C:\Windows\System\cyGWynU.exe
  2⤵
  PID:11792
- C:\Windows\System\oCmtVFc.exe
  C:\Windows\System\oCmtVFc.exe
  2⤵
  PID:11896
- C:\Windows\System\gqrqwFj.exe
  C:\Windows\System\gqrqwFj.exe
  2⤵
  PID:11712
- C:\Windows\System\ceuOluZ.exe
  C:\Windows\System\ceuOluZ.exe
  2⤵
  PID:12196
- C:\Windows\System\gJuAqVX.exe
  C:\Windows\System\gJuAqVX.exe
  2⤵
  PID:11536
- C:\Windows\System\zCrGEvs.exe
  C:\Windows\System\zCrGEvs.exe
  2⤵
  PID:11836
- C:\Windows\System\xDetSni.exe
  C:\Windows\System\xDetSni.exe
  2⤵
  PID:12140
- C:\Windows\System\OqxnSjo.exe
  C:\Windows\System\OqxnSjo.exe
  2⤵
  PID:11908
- C:\Windows\System\kEaYQoa.exe
  C:\Windows\System\kEaYQoa.exe
  2⤵
  PID:12296
- C:\Windows\System\gDnewwY.exe
  C:\Windows\System\gDnewwY.exe
  2⤵
  PID:12324
- C:\Windows\System\DQapnSc.exe
  C:\Windows\System\DQapnSc.exe
  2⤵
  PID:12348
- C:\Windows\System\XvAYjnB.exe
  C:\Windows\System\XvAYjnB.exe
  2⤵
  PID:12380
- C:\Windows\System\EgZGxIu.exe
  C:\Windows\System\EgZGxIu.exe
  2⤵
  PID:12408
- C:\Windows\System\AbghPrb.exe
  C:\Windows\System\AbghPrb.exe
  2⤵
  PID:12424
- C:\Windows\System\GjIaAoE.exe
  C:\Windows\System\GjIaAoE.exe
  2⤵
  PID:12464
- C:\Windows\System\achAAOE.exe
  C:\Windows\System\achAAOE.exe
  2⤵
  PID:12492
- C:\Windows\System\bYuQfle.exe
  C:\Windows\System\bYuQfle.exe
  2⤵
  PID:12520
- C:\Windows\System\yHgWKJu.exe
  C:\Windows\System\yHgWKJu.exe
  2⤵
  PID:12544
- C:\Windows\System\gnLWjzP.exe
  C:\Windows\System\gnLWjzP.exe
  2⤵
  PID:12560
- C:\Windows\System\VDGRdae.exe
  C:\Windows\System\VDGRdae.exe
  2⤵
  PID:12580
- C:\Windows\System\dClOFmh.exe
  C:\Windows\System\dClOFmh.exe
  2⤵
  PID:12604
- C:\Windows\System\bzqWfpt.exe
  C:\Windows\System\bzqWfpt.exe
  2⤵
  PID:12640
- C:\Windows\System\EuyVZxs.exe
  C:\Windows\System\EuyVZxs.exe
  2⤵
  PID:12664
- C:\Windows\System\wqCZZOb.exe
  C:\Windows\System\wqCZZOb.exe
  2⤵
  PID:12712
- C:\Windows\System\GZdLePw.exe
  C:\Windows\System\GZdLePw.exe
  2⤵
  PID:12768
- C:\Windows\System\idaodgv.exe
  C:\Windows\System\idaodgv.exe
  2⤵
  PID:12792
- C:\Windows\System\iriVfEa.exe
  C:\Windows\System\iriVfEa.exe
  2⤵
  PID:12828
- C:\Windows\System\GbLduBx.exe
  C:\Windows\System\GbLduBx.exe
  2⤵
  PID:12868
- C:\Windows\System\MgHhAah.exe
  C:\Windows\System\MgHhAah.exe
  2⤵
  PID:12896
- C:\Windows\System\HvMLyxW.exe
  C:\Windows\System\HvMLyxW.exe
  2⤵
  PID:12956
- C:\Windows\System\flTgTiU.exe
  C:\Windows\System\flTgTiU.exe
  2⤵
  PID:12980
- C:\Windows\System\FQMjsya.exe
  C:\Windows\System\FQMjsya.exe
  2⤵
  PID:13016
- C:\Windows\System\PZwunAo.exe
  C:\Windows\System\PZwunAo.exe
  2⤵
  PID:13040
- C:\Windows\System\rBDKDqO.exe
  C:\Windows\System\rBDKDqO.exe
  2⤵
  PID:13068
- C:\Windows\System\MioCfwC.exe
  C:\Windows\System\MioCfwC.exe
  2⤵
  PID:13120
- C:\Windows\System\vAPVCQD.exe
  C:\Windows\System\vAPVCQD.exe
  2⤵
  PID:13148
- C:\Windows\System\WEhJspq.exe
  C:\Windows\System\WEhJspq.exe
  2⤵
  PID:13168
- C:\Windows\System\kjRtEzU.exe
  C:\Windows\System\kjRtEzU.exe
  2⤵
  PID:13196
- C:\Windows\System\SDpotel.exe
  C:\Windows\System\SDpotel.exe
  2⤵
  PID:13244
- C:\Windows\System\uWqtcNQ.exe
  C:\Windows\System\uWqtcNQ.exe
  2⤵
  PID:13268
- C:\Windows\System\hxfDvzy.exe
  C:\Windows\System\hxfDvzy.exe
  2⤵
  PID:13304
- C:\Windows\System\QksvdcO.exe
  C:\Windows\System\QksvdcO.exe
  2⤵
  PID:12312
- C:\Windows\System\ToDxpXG.exe
  C:\Windows\System\ToDxpXG.exe
  2⤵
  PID:12400
- C:\Windows\System\SKvIQdb.exe
  C:\Windows\System\SKvIQdb.exe
  2⤵
  PID:12460
- C:\Windows\System\NjPYzWH.exe
  C:\Windows\System\NjPYzWH.exe
  2⤵
  PID:12504
- C:\Windows\System\FSXLykc.exe
  C:\Windows\System\FSXLykc.exe
  2⤵
  PID:12568
- C:\Windows\System\BoucVjH.exe
  C:\Windows\System\BoucVjH.exe
  2⤵
  PID:12620
- C:\Windows\System\zBzLRSY.exe
  C:\Windows\System\zBzLRSY.exe
  2⤵
  PID:12728
- C:\Windows\System\vbqRSgJ.exe
  C:\Windows\System\vbqRSgJ.exe
  2⤵
  PID:12816
- C:\Windows\System\GtYWpFv.exe
  C:\Windows\System\GtYWpFv.exe
  2⤵
  PID:12880
- C:\Windows\System\eyplSmQ.exe
  C:\Windows\System\eyplSmQ.exe
  2⤵
  PID:13052
- C:\Windows\System\yuMOAEo.exe
  C:\Windows\System\yuMOAEo.exe
  2⤵
  PID:13112
- C:\Windows\System\mvIsOwD.exe
  C:\Windows\System\mvIsOwD.exe
  2⤵
  PID:13164
- C:\Windows\System\qguiAUQ.exe
  C:\Windows\System\qguiAUQ.exe
  2⤵
  PID:13232
- C:\Windows\System\JyAVAfZ.exe
  C:\Windows\System\JyAVAfZ.exe
  2⤵
  PID:12292
- C:\Windows\System\RxrVBek.exe
  C:\Windows\System\RxrVBek.exe
  2⤵
  PID:12356
- C:\Windows\System\BMbNjfU.exe
  C:\Windows\System\BMbNjfU.exe
  2⤵
  PID:12536
- C:\Windows\System\RrnVRdT.exe
  C:\Windows\System\RrnVRdT.exe
  2⤵
  PID:12628
- C:\Windows\System\XYnSDWq.exe
  C:\Windows\System\XYnSDWq.exe
  2⤵
  PID:12976
- C:\Windows\System\vMcMBtj.exe
  C:\Windows\System\vMcMBtj.exe
  2⤵
  PID:13156
- C:\Windows\System\iboOkCL.exe
  C:\Windows\System\iboOkCL.exe
  2⤵
  PID:11560
- C:\Windows\System\gWTruRO.exe
  C:\Windows\System\gWTruRO.exe
  2⤵
  PID:12484
- C:\Windows\System\MGSfdwi.exe
  C:\Windows\System\MGSfdwi.exe
  2⤵
  PID:12920
- C:\Windows\System\trTkhgR.exe
  C:\Windows\System\trTkhgR.exe
  2⤵
  PID:12656
- C:\Windows\System\yVxgtvA.exe
  C:\Windows\System\yVxgtvA.exe
  2⤵
  PID:13252
- C:\Windows\System\RfHVphx.exe
  C:\Windows\System\RfHVphx.exe
  2⤵
  PID:13324
- C:\Windows\System\HEtzwxN.exe
  C:\Windows\System\HEtzwxN.exe
  2⤵
  PID:13348
- C:\Windows\System\yrnjzJR.exe
  C:\Windows\System\yrnjzJR.exe
  2⤵
  PID:13384
- C:\Windows\System\fpTGBlx.exe
  C:\Windows\System\fpTGBlx.exe
  2⤵
  PID:13420
- C:\Windows\System\xQvfryc.exe
  C:\Windows\System\xQvfryc.exe
  2⤵
  PID:13456
- C:\Windows\System\iNysnxP.exe
  C:\Windows\System\iNysnxP.exe
  2⤵
  PID:13484
- C:\Windows\System\hzRKZee.exe
  C:\Windows\System\hzRKZee.exe
  2⤵
  PID:13512
- C:\Windows\System\jbkyIlr.exe
  C:\Windows\System\jbkyIlr.exe
  2⤵
  PID:13536
- C:\Windows\System\qINKdjF.exe
  C:\Windows\System\qINKdjF.exe
  2⤵
  PID:13556
- C:\Windows\System\xFzyecv.exe
  C:\Windows\System\xFzyecv.exe
  2⤵
  PID:13596
- C:\Windows\System\vEJsExY.exe
  C:\Windows\System\vEJsExY.exe
  2⤵
  PID:13624
- C:\Windows\System\VFPImpz.exe
  C:\Windows\System\VFPImpz.exe
  2⤵
  PID:13640
- C:\Windows\System\XWPpaMC.exe
  C:\Windows\System\XWPpaMC.exe
  2⤵
  PID:13680
- C:\Windows\System\ivmXETP.exe
  C:\Windows\System\ivmXETP.exe
  2⤵
  PID:13712
- C:\Windows\System\dyWwUVM.exe
  C:\Windows\System\dyWwUVM.exe
  2⤵
  PID:13740
- C:\Windows\System\KoiebhP.exe
  C:\Windows\System\KoiebhP.exe
  2⤵
  PID:13768
- C:\Windows\System\UkOQwfB.exe
  C:\Windows\System\UkOQwfB.exe
  2⤵
  PID:13796
- C:\Windows\System\ifcvLsU.exe
  C:\Windows\System\ifcvLsU.exe
  2⤵
  PID:13812
- C:\Windows\System\JAIEWrc.exe
  C:\Windows\System\JAIEWrc.exe
  2⤵
  PID:13828
- C:\Windows\System\JwBRRjL.exe
  C:\Windows\System\JwBRRjL.exe
  2⤵
  PID:13852
- C:\Windows\System\LTDabXt.exe
  C:\Windows\System\LTDabXt.exe
  2⤵
  PID:13876
- C:\Windows\System\HjDQFcK.exe
  C:\Windows\System\HjDQFcK.exe
  2⤵
  PID:13912
- C:\Windows\System\MmLBlHV.exe
  C:\Windows\System\MmLBlHV.exe
  2⤵
  PID:13948
- C:\Windows\System\vCcGwdL.exe
  C:\Windows\System\vCcGwdL.exe
  2⤵
  PID:13964
- C:\Windows\System\rHaPtmK.exe
  C:\Windows\System\rHaPtmK.exe
  2⤵
  PID:14000
- C:\Windows\System\eStNBOX.exe
  C:\Windows\System\eStNBOX.exe
  2⤵
  PID:14020
- C:\Windows\System\xGxqpBe.exe
  C:\Windows\System\xGxqpBe.exe
  2⤵
  PID:14052
- C:\Windows\System\LOOhvSc.exe
  C:\Windows\System\LOOhvSc.exe
  2⤵
  PID:14068
- C:\Windows\System\oooncnj.exe
  C:\Windows\System\oooncnj.exe
  2⤵
  PID:14092
- C:\Windows\System\MzYoMGU.exe
  C:\Windows\System\MzYoMGU.exe
  2⤵
  PID:14140
- C:\Windows\System\EJtdGqj.exe
  C:\Windows\System\EJtdGqj.exe
  2⤵
  PID:14176
- C:\Windows\System\BMaqruY.exe
  C:\Windows\System\BMaqruY.exe
  2⤵
  PID:14216
- C:\Windows\System\oEkcoBZ.exe
  C:\Windows\System\oEkcoBZ.exe
  2⤵
  PID:14232
- C:\Windows\System\gmqBVTk.exe
  C:\Windows\System\gmqBVTk.exe
  2⤵
  PID:14272
- C:\Windows\System\pfqTIdv.exe
  C:\Windows\System\pfqTIdv.exe
  2⤵
  PID:14300
- C:\Windows\System\MfvoieG.exe
  C:\Windows\System\MfvoieG.exe
  2⤵
  PID:14328
- C:\Windows\System\bixzAvv.exe
  C:\Windows\System\bixzAvv.exe
  2⤵
  PID:13344
- C:\Windows\System\lDaCdDz.exe
  C:\Windows\System\lDaCdDz.exe
  2⤵
  PID:13376
- C:\Windows\System\SoSVliq.exe
  C:\Windows\System\SoSVliq.exe
  2⤵
  PID:13468
- C:\Windows\System\SiqMqvM.exe
  C:\Windows\System\SiqMqvM.exe
  2⤵
  PID:13504
- C:\Windows\System\dwkzTvG.exe
  C:\Windows\System\dwkzTvG.exe
  2⤵
  PID:13568
- C:\Windows\System\EBFyYqf.exe
  C:\Windows\System\EBFyYqf.exe
  2⤵
  PID:13632
- C:\Windows\System\ICFXLnn.exe
  C:\Windows\System\ICFXLnn.exe
  2⤵
  PID:13752
- C:\Windows\System\jKgYuGk.exe
  C:\Windows\System\jKgYuGk.exe
  2⤵
  PID:13784
- C:\Windows\System\FPyBMox.exe
  C:\Windows\System\FPyBMox.exe
  2⤵
  PID:13888
- C:\Windows\System\pteiiUa.exe
  C:\Windows\System\pteiiUa.exe
  2⤵
  PID:13920
- C:\Windows\System\NSJDtCq.exe
  C:\Windows\System\NSJDtCq.exe
  2⤵
  PID:13936
- C:\Windows\System\aHboGnS.exe
  C:\Windows\System\aHboGnS.exe
  2⤵
  PID:13984
- C:\Windows\System\lzeNRhS.exe
  C:\Windows\System\lzeNRhS.exe
  2⤵
  PID:14128
- C:\Windows\System\BgRgMJW.exe
  C:\Windows\System\BgRgMJW.exe
  2⤵
  PID:14192
- C:\Windows\System\vMWqaua.exe
  C:\Windows\System\vMWqaua.exe
  2⤵
  PID:14244
- C:\Windows\System\BEqkmyH.exe
  C:\Windows\System\BEqkmyH.exe
  2⤵
  PID:14292
- C:\Windows\System\eFJfNLf.exe
  C:\Windows\System\eFJfNLf.exe
  2⤵
  PID:13440
- C:\Windows\System\itWIGBY.exe
  C:\Windows\System\itWIGBY.exe
  2⤵
  PID:13416
- C:\Windows\System\WejzbVb.exe
  C:\Windows\System\WejzbVb.exe
  2⤵
  PID:13452
- C:\Windows\System\YQLXIgF.exe
  C:\Windows\System\YQLXIgF.exe
  2⤵
  PID:13708
- C:\Windows\System\QVYdVPZ.exe
  C:\Windows\System\QVYdVPZ.exe
  2⤵
  PID:13868
- C:\Windows\System\bHzqVAt.exe
  C:\Windows\System\bHzqVAt.exe
  2⤵
  PID:13900
- C:\Windows\System\jaScfwN.exe
  C:\Windows\System\jaScfwN.exe
  2⤵
  PID:13996
- C:\Windows\System\ZpGbplG.exe
  C:\Windows\System\ZpGbplG.exe
  2⤵
  PID:13332
- C:\Windows\System\rNruHKE.exe
  C:\Windows\System\rNruHKE.exe
  2⤵
  PID:4520
- C:\Windows\System\pcSkAdt.exe
  C:\Windows\System\pcSkAdt.exe
  2⤵
  PID:13820
- C:\Windows\System\HfxaClg.exe
  C:\Windows\System\HfxaClg.exe
  2⤵
  PID:14224
- C:\Windows\System\QMxlxDz.exe
  C:\Windows\System\QMxlxDz.exe
  2⤵
  PID:2340
- C:\Windows\System\ArAEgWA.exe
  C:\Windows\System\ArAEgWA.exe
  2⤵
  PID:14028
- C:\Windows\System\YCXwkas.exe
  C:\Windows\System\YCXwkas.exe
  2⤵
  PID:14360
- C:\Windows\System\UGcGmbg.exe
  C:\Windows\System\UGcGmbg.exe
  2⤵
  PID:14388
- C:\Windows\System\cbORjOz.exe
  C:\Windows\System\cbORjOz.exe
  2⤵
  PID:14404
- C:\Windows\System\ggteQPC.exe
  C:\Windows\System\ggteQPC.exe
  2⤵
  PID:14432
- C:\Windows\System\qRfSGny.exe
  C:\Windows\System\qRfSGny.exe
  2⤵
  PID:14460
- C:\Windows\System\JisEAac.exe
  C:\Windows\System\JisEAac.exe
  2⤵
  PID:14488
- C:\Windows\System\CvDmisv.exe
  C:\Windows\System\CvDmisv.exe
  2⤵
  PID:14516
- C:\Windows\System\iInySyX.exe
  C:\Windows\System\iInySyX.exe
  2⤵
  PID:14548
- C:\Windows\System\tWfPBQP.exe
  C:\Windows\System\tWfPBQP.exe
  2⤵
  PID:14572
- C:\Windows\System\AjPHOrN.exe
  C:\Windows\System\AjPHOrN.exe
  2⤵
  PID:14616
- C:\Windows\System\AygmvAd.exe
  C:\Windows\System\AygmvAd.exe
  2⤵
  PID:14644
- C:\Windows\System\tVCicoc.exe
  C:\Windows\System\tVCicoc.exe
  2⤵
  PID:14672
- C:\Windows\System\mVoSyCt.exe
  C:\Windows\System\mVoSyCt.exe
  2⤵
  PID:14688
- C:\Windows\System\OSlREVe.exe
  C:\Windows\System\OSlREVe.exe
  2⤵
  PID:14716
- C:\Windows\System\sZemwBa.exe
  C:\Windows\System\sZemwBa.exe
  2⤵
  PID:14744
- C:\Windows\System\cgvxNjR.exe
  C:\Windows\System\cgvxNjR.exe
  2⤵
  PID:14772
- C:\Windows\System\HbkMfdm.exe
  C:\Windows\System\HbkMfdm.exe
  2⤵
  PID:14800
- C:\Windows\System\mWstprN.exe
  C:\Windows\System\mWstprN.exe
  2⤵
  PID:14856
- C:\Windows\System\qdYNYGV.exe
  C:\Windows\System\qdYNYGV.exe
  2⤵
  PID:14872
- C:\Windows\System\esZFlQb.exe
  C:\Windows\System\esZFlQb.exe
  2⤵
  PID:14900
- C:\Windows\System\BQhiBKP.exe
  C:\Windows\System\BQhiBKP.exe
  2⤵
  PID:14928
- C:\Windows\System\BFTWGpx.exe
  C:\Windows\System\BFTWGpx.exe
  2⤵
  PID:14956
- C:\Windows\System\oAkicNx.exe
  C:\Windows\System\oAkicNx.exe
  2⤵
  PID:14984
- C:\Windows\System\BYJGdpu.exe
  C:\Windows\System\BYJGdpu.exe
  2⤵
  PID:15000
- C:\Windows\System\ZbGFHBp.exe
  C:\Windows\System\ZbGFHBp.exe
  2⤵
  PID:15024
- C:\Windows\System\HzwVGbk.exe
  C:\Windows\System\HzwVGbk.exe
  2⤵
  PID:15060
- C:\Windows\System\DycRtDP.exe
  C:\Windows\System\DycRtDP.exe
  2⤵
  PID:15084
- C:\Windows\System\JZYpYTb.exe
  C:\Windows\System\JZYpYTb.exe
  2⤵
  PID:15124
- C:\Windows\System\xRzvUUW.exe
  C:\Windows\System\xRzvUUW.exe
  2⤵
  PID:15152
- C:\Windows\System\qcUuOYE.exe
  C:\Windows\System\qcUuOYE.exe
  2⤵
  PID:15176
- C:\Windows\System\qskfYTO.exe
  C:\Windows\System\qskfYTO.exe
  2⤵
  PID:15196
- C:\Windows\System\XqTxOYz.exe
  C:\Windows\System\XqTxOYz.exe
  2⤵
  PID:15224
- C:\Windows\System\tBHkXqb.exe
  C:\Windows\System\tBHkXqb.exe
  2⤵
  PID:15252
- C:\Windows\System\WqSUoZo.exe
  C:\Windows\System\WqSUoZo.exe
  2⤵
  PID:15268
- C:\Windows\System\QNsYnIk.exe
  C:\Windows\System\QNsYnIk.exe
  2⤵
  PID:14612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4252,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
1⤵
PID:1536

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ArLbRDx.exe

Filesize
2.1MB

MD5
6d85c8aeee00fbc56db3d16550f81ecf

SHA1
aba28b81151a593e90f659dd26308d817363adae

SHA256
4a62a951da2e636a6683a286ef67fddb1023ed17c8b62b30cf091a3f5f5bab9b

SHA512
f0b8a9082714559540d1592e090195e347aa6581d68e4e9b406116e1d08109dbf7ea327dbba0343f7072023a29e578192162a330e83216691f5d72041f29a958

Download Submit
C:\Windows\System\AtKlNwl.exe

Filesize
2.1MB

MD5
f3abcd32761363d31b13b274118d555e

SHA1
7a7221e00ec1922ebf69e15ac48867bd9c370a7c

SHA256
479a4790963a3d1cac5c0431ffebe71ed0cf88dfa65799de8befc0f19cc30ae4

SHA512
5df0e11a1b5c1660d42d71c471c2aa8ed426ce25cc187825b944a1989dbcd41ecaedf498f4347d4409400cd9a6bccf4290ebcf07f2a09915ac30be58edadc74f

Download Submit
C:\Windows\System\AxGjKUL.exe

Filesize
2.1MB

MD5
b2c88b9aa9fc655b82fac9f4b0a36eba

SHA1
2dc1432e928acf8a5af341fa1f69cf7cc8fa32d8

SHA256
e7528e4e505a64a6f5cdea55e9ace3d9ae278b8e9bb5fdc7692cdca8bcbd70df

SHA512
2464faffaa138cb80a66720a281a199514c7a1fac3e273d6bc9d55a6bb1a4ae9e2aaeb3f0e183e0490491618df1e980c81f07d96225fd363eb1e73b06ebf73bc

Download Submit
C:\Windows\System\FarpAbU.exe

Filesize
2.1MB

MD5
aab62767aadca931102a027ea98fcd07

SHA1
49202fcb41401b02270453eee34cf4b2174c7cec

SHA256
087aaf9dc952b794e33c910d5f3b28ea0d01fb109c90940b3792ebb157f10ca4

SHA512
0bdc7ac9682ae5d5c30c77d01acd43f8ec7df1e1a2e75cef033f9a648fd7e1cde338fc16be83b837036ff64d29d7a7c923016ea8eb49534573f43c2bc965ffc9

Download Submit
C:\Windows\System\FdkoWXw.exe

Filesize
2.1MB

MD5
82ca1b38dcfbaddd87ddcf8ee9832035

SHA1
d0d8e7df1da0e03152a438d8a5af2161c712c49f

SHA256
bcb215662b805c824a7abf4db0d2786726c34184840b21c481fe68bde7557a94

SHA512
b5c6a904cb2cedab1125587cfaf5c2ac6193a649972e8bbe3a1cb0aaf32da30e6373e229b9377357c0afb46041cad3bf72eb271c0b2cd2c80fcdda57143fecc1

Download Submit
C:\Windows\System\IgdeeWN.exe

Filesize
2.1MB

MD5
c69f6fc711cecfb8c48eb65ec53c40ac

SHA1
0e6786c3556fa7023fa6b8186413b1797d5df8e0

SHA256
9eaf583baf87b75ddbc7535a093f94220e30ada8ccf7a15c720ccbbf8dbe94a5

SHA512
1963e2339b4e421abff186477d5e20eea30ccfb4a72fa37d37b46b65f612cc6973cb0e247fff0bde2ffb7e5519bdd42ad1b3d520aad263e2938cdf57e2c4874d

Download Submit
C:\Windows\System\IrZckFx.exe

Filesize
2.1MB

MD5
f684880ce554ee72d526ac8e8b792887

SHA1
8ca549b3dd93d506a30d85250f015baaef00b6e3

SHA256
41f25d86b857dd53433cc909539b8eb9a235cf866eefc20aae92b4c767d2e7af

SHA512
b5589a035a43f08357c26f48a0085e7259987caab239522339f17fffdb54b2d843c961684bd6ab7a8b7f362033a36afed56110674ba81e39ad614012437f592a

Download Submit
C:\Windows\System\IzxHfFE.exe

Filesize
2.1MB

MD5
5b29b186fc04fb2d96414f1844f16c93

SHA1
357a74ac8205bd30ebdc0aa155fe83e02b59e65c

SHA256
630e28aca5ae83d6222fd500753723862fff87b860ab19a5254dc91d9094ac31

SHA512
c6a96d3cc6eb3957c3e0350fb57eca9a1ef0f293f9d595f1c201f6e043be92f2e71d176ae167972fc74f253ae746e99e67ee19e248242cfabd75c250aaad53df

Download Submit
C:\Windows\System\LeuXFvN.exe

Filesize
2.1MB

MD5
60d015ef521aa39757d6447e421008c8

SHA1
e6a3578c9a4370d1acf7fc374fe9aa67c63c8751

SHA256
b99160471e4b8caa10963e06e9e4a9330151fa36547acb1124ad3a3486693913

SHA512
6aedaa03d3adfa819f264ad4b8b635368dd72c5f8ba4858128f5f3509e79a4045626c47491a0a41e06583f2f5d646f40bc410bb4584340369e17442e161151cc

Download Submit
C:\Windows\System\LlJrydt.exe

Filesize
2.1MB

MD5
f3f0ea8abf9c2b14212b079e66d64085

SHA1
3e0ea102fed466c9230de88bd874c00e1682941d

SHA256
76c8300aa2cb9dc0feecfed4c4f8c583032c95048e0985c8011f9b1b9f44fd87

SHA512
8df685e7036cd5d80f4ce4eb2d012e44988e552bebde13e14a73402b9dcbac2d368662ce0f402ae9a3e001a20c835cdf663398f8997a28e8b4fa944fc3b44166

Download Submit
C:\Windows\System\MqndNeP.exe

Filesize
2.1MB

MD5
ab1088c8ccaaa26011a07661c9e13ff5

SHA1
3c4ddb39529b37331a293c67d9a0c961943aa69e

SHA256
30fa8605dc1014c629aef217894edb36a045a7ea114c39ec4c9b206fd7cc9485

SHA512
bc30d3b695fb409e573baf78f3047ebe1f32c9a30cccf6f6a21582c06810c478271e0701e291f44343e7e07bb9c2f77f8876f1e066c97161d21269579f83f52c

Download Submit
C:\Windows\System\NlwOLlx.exe

Filesize
2.1MB

MD5
82d569f2e8b7f302139c0edd440d1b46

SHA1
43f3eab5a6b682483f6e5c18cbbe06330a5ae462

SHA256
ec33b8503e18e7b0ae65bc605aae194e9426721f667a77aa35747217158163b4

SHA512
3d7a2c9f7b5f97f9787997c1f8cd15316c465c86d6465f35d63f6db5e37e09127bf1ebd1a0badc5d23063382957fa8789c48929ae87589ca9263a3dd10895855

Download Submit
C:\Windows\System\QEXxUoy.exe

Filesize
2.1MB

MD5
5fd31148ea56f96deb242d1c1261a79c

SHA1
a6637d3d7b2b0f0ec2dd9db9e74c3a1362159e83

SHA256
0a163a2d4230f15eb50856ead3d08b159d77dcd8b0cf82ffc16e358456058aa4

SHA512
1a7f2982bac78defb8310be02ccd6ad3592773cf0af69206de4d218b04005eb96ebad6b147d3ced7921d0c65cabdb374f8dfe7ad54a6b51ea292717510d39e20

Download Submit
C:\Windows\System\RoGvuLB.exe

Filesize
2.1MB

MD5
0a379c908fe4e43e2742a82122494d1e

SHA1
0f970f5c8869f3eaf91257c2b96f007818b85e15

SHA256
ef81dfbe9c48401efea74e7e2f5399404dc12ef05bedef372c8c045e07612ee2

SHA512
3372d8d8a57449375408ee1f7cd97c3b307a857d9f73963539c8430793c71d4797bcd1d66d55e9ca5f20bb9da801b99ef1c283edc06aa63f44e29344e7291072

Download Submit
C:\Windows\System\UYeBBCB.exe

Filesize
2.1MB

MD5
0b7e1ca689624b801b32347cb3c9cc7f

SHA1
1875191c42c9e7897220ec0dbf56badf1add2a7c

SHA256
1bdbd9ed7d2a7e590a8eea53d1fe60c24bc1afd04a11b8a55be65a4d7c197727

SHA512
cb55c676fe5535881e522e4933e32c05df9ecd199bf2d1a30afb32a81cdb0b9493f79f5cc140237617c7bd73c0c682d573594513e2e367900e89691a0933a79d

Download Submit
C:\Windows\System\UxjvwqP.exe

Filesize
2.1MB

MD5
260da1a51412a43cd2b96ba335f98b23

SHA1
b503fd5e0e5ce87f7121ea017bb688ff4b9ed9b0

SHA256
a5a9a165b2b7cf99bf8ebec79865f3bea2efead09cf40a4a5e9863835ff6678f

SHA512
fccdb42844d1a3fb28add6219780ac821b1641631ff1a9d079b2976e702de4890ad943043b3879eec317bff8a10cb858974908df1d6626a2796e7918f5348fbe

Download Submit
C:\Windows\System\XPmSfhs.exe

Filesize
2.1MB

MD5
e88b78cb267b926ed70f447a12db219d

SHA1
c17e6445e63c8a7f2385a1b5bbad243afd54c98a

SHA256
e54684a880b760fd0e47bd16eb14803017ae0c3aab73c95e19536fb7a0348ba8

SHA512
87a1de88469052edd97242975318d2145e3e986b128f4bdac9abfefa76d89d2cda0eab89446772e8a43beef9931c3725d64553ffc7ac090151346c7b34740332

Download Submit
C:\Windows\System\XXiinLw.exe

Filesize
2.1MB

MD5
addf83dc34b0b6189bb41846da89c0e1

SHA1
735ced62c6423971a5d2ad661116d86c0ba4bda5

SHA256
7c10bcb5b65e4e6d0230bcc6c1ae54f5bf1e7162a818964089c03dd8831a1e5c

SHA512
e939a1b6da104e94bed0ba2dbc47054c03c0cc42dbd6925f26860827f0f7e2625f6e43e1c421fdd96c3bf6d1bdae0571084c7cb85a1afdd8d355eb2f37fd4ac3

Download Submit
C:\Windows\System\XiWFvtH.exe

Filesize
2.1MB

MD5
414ce78e443976536c8925c02997efd6

SHA1
712950d84de2faf622f309f5d79da25a8f2c4356

SHA256
ad647d6e9e813f005920c6c495fa9b7b580e8fb2a58769d261dbc8252bf72ba4

SHA512
fb64b8e39c916ac765d8a79300ba1ec536a6b697f8d2f14c9adc78ef29f7a0f3501485d11b3b4924a0851df8ed7ef2f203f81d0fb448dea42d21b56be959ed92

Download Submit
C:\Windows\System\XlFyZCq.exe

Filesize
2.1MB

MD5
446558aaeca4c5c3dcda69301e73facc

SHA1
6703031d302997e383b97ede7f88cd80f513c326

SHA256
1400f25535b2a17fa92e1bb9489ef78af57f4d48b582662e28b52c8594aa5476

SHA512
b7e71d18877e56a6317f374378efec18eb1f514b7ce002f6182e03cfdf2881d4098e4fc06b3128c846e618e78d0c8ebc27e6ec6e0a1fb50a078c547504ecfee3

Download Submit
C:\Windows\System\ZeYUiuB.exe

Filesize
2.1MB

MD5
ee5a60d21fdd761738f5f1ce6f45b228

SHA1
20526acfe32997a9dc4fd03d4d3b116afd405141

SHA256
e094a35419c71e2f322ec7e17ac8fc22fff0cdb85e09837c91d3d93e7f9a58a4

SHA512
ac3efb388fb0da0cc8570159e489fa52fe7a4d2435610d878f9a07a8a95294ca33aa96db57d50933004e512fa2bb0ec89c4e87e57f64270cf411ce77584ddd6c

Download Submit
C:\Windows\System\ZgMUnrz.exe

Filesize
2.1MB

MD5
38b06f1650ddba376f4a24fa221c6f3e

SHA1
a94e8033274bd7beda6bba29883c5b04e7ce26bb

SHA256
80ad9df4e8e8b2e31e9bf5176e5c64bbbf50aecf0e5165df0a4b339d032547e6

SHA512
bd401c5f241bf6cc808a156a64ec9aeb56be598c9e06586fbbd87b8f3dad6ce9d388fd6884e28c75eb1d17c34f2ccdabc2debbf3151e045c516f16e1bc1c264e

Download Submit
C:\Windows\System\aGicbEq.exe

Filesize
2.1MB

MD5
6014162817b3ea3f3b7cc0eaec6d6c8c

SHA1
f8e0d8f9b5b2d7e34875247337c7a0c57a42fb0a

SHA256
021b97e0a24ee457435b1cb91ccac4d311e6f0d2cd9bbd4594289e0ad89d632e

SHA512
4e50390e0eac18e465958655658956858b6adb0c346a98d934fa42c7855f0ae002897df740ce65680cc9f4ccc73133cdb65f2856856b14f42fb49fbeaa68749b

Download Submit
C:\Windows\System\ffKgYUW.exe

Filesize
2.1MB

MD5
bf52f9c13f1379403cc9c2a4b4e44b6c

SHA1
805238951ec71d0eccc57de202de1cf9688c183d

SHA256
88e7621810392ea3380771ffdbbbbd1256501a3d29d38756733f371c41330614

SHA512
05c9ef140d1ea64718e0d84c43c384b18ff152721ecf09879c728952e08f4e52f24275b9a539056adc30e0c83cc94d7ad198e788771528cc0c417181f9cc55a5

Download Submit
C:\Windows\System\gotFcUL.exe

Filesize
2.1MB

MD5
4fef22b29b407e8864e2ac2e4b2156d0

SHA1
39636e639be32b6399e6b3f27ca7c68695ec7b4e

SHA256
4c4dcf92f62756bc809169f336cb0003b2fd09f0b8cb47fe658c6ef4da93e07a

SHA512
4fd14927625c8eb9435bccd849008fb9ff2dbec9b7d11ec97603c3121fe8bfa07d652ab47c5363a7ced57b040d851c428a327a559b204356fe3a8562b511ba37

Download Submit
C:\Windows\System\hhiNSPp.exe

Filesize
2.1MB

MD5
c515b5f35db59ae8306cdb61e936ec90

SHA1
96fb379c2c724fdf8a541e6cd6b1a016c8ceefdc

SHA256
86f9f444c9b5fed9bdc66e7a8878c8aaea516d277dce7fb8abfa1fb923569436

SHA512
c24e67f4ee1dbe8039db86fa25e331f83019757d4ae3e6d5712d57b61c7343900a599d86da129323bfd5c5eda4380a71cddeacf30f66d0d8dcd3c9020ec78ee2

Download Submit
C:\Windows\System\kVMgmxJ.exe

Filesize
2.1MB

MD5
a5aeee9b60e95db84fe8d7e34fc0978f

SHA1
5aaec8c012b8ae630ed863085aa451966103f74b

SHA256
96f3c38a66fc25d9958d3f7608ad7b69efcbc04d8f9fd47bc55463aa1cdc8952

SHA512
fcc9fc62e41c55008445b300c0cef8dfbb1da7b7236e7933f860e897bc57e8fdbd7899a76b3b97cf2a6eddb23d7bba82cc87bf323691c99a141c913e900dc917

Download Submit
C:\Windows\System\nIwbpaZ.exe

Filesize
2.1MB

MD5
b71d90fb6051d3077c926cfb6f7c7853

SHA1
67639d79bdc4c853a16bebadcf9a379d93f1eb29

SHA256
5d2a3b666e3cb22c5fb90cbe39d17359dcfa74a5022357cce7062a676553aea2

SHA512
0f77935ef1d59a06e3904610dbbd9591fcc85dbb032b98df5f259a00c49489829fc206e9b17db1177de67e862222ada35e19be4600e2ddf1b5e34b8ac6e6c063

Download Submit
C:\Windows\System\nlSgMyP.exe

Filesize
2.1MB

MD5
8a4b19c8823c09e0d252e8de916d42be

SHA1
ff0ca056beb836bb57f085afc171a2d86bdcf02b

SHA256
dc4c65630d5b99069d41695006be8160c8387a812712906d91a534fd8a36e2ba

SHA512
06c00036d0b55f04f0f2af0f4689ff9310f57e74850820efbf0e839cf2f53ecb2e742c72986143d05cb68ace057587f4f529d8569bfa2f57a932cb0a4634eef3

Download Submit
C:\Windows\System\qcsdxkQ.exe

Filesize
2.1MB

MD5
00e980d0af139cfa1bd052850f403f76

SHA1
d8ffe148fdc2cd98c1406f28082fca55445138f8

SHA256
227c78a0fde703095b3ae39e7d22a5c61d8e7534770e0f3ef2ffe624ee895c69

SHA512
ae31c0db846150a32b84781989713a58d06402a4130eaa3432932dda9a56f95592a709974ba1a0ed98852deaa0f3ad4a59a0e4febc98f2d007f58649c2857023

Download Submit
C:\Windows\System\rPsrzwm.exe

Filesize
2.1MB

MD5
9897d0d65336ba50763ec378943efb62

SHA1
94615c2b0f6eec85aa79757624f3d9ab479c5435

SHA256
efce4592f5dde38671612b4165c18b0e9e33b4008a03e8ab65b08c1dd936ff7a

SHA512
3d53601d3d41c0dacd417eae3962af931a3b762248f230188a702e2527fa579d1dd6d0efbfbc6779effd1cebada9ee7b0caa912ad405806216f070562aeace19

Download Submit
C:\Windows\System\rnuraPB.exe

Filesize
2.1MB

MD5
159de4bd0e7aa580cee82aa58a855c10

SHA1
ac2ee3c62ef75c3eabdccb2b63188eba285ff47b

SHA256
85064a3c8dfc6c07899bda5d9f6d4417efd564e07cbf6f00f97c39453b632683

SHA512
05645c5e98b2101f2c5654902332e1511c515a2f6124c618e98db5ef3058a51afddef397da121249dc36b083c5dd6196153b821917da8e355398b9603961f5af

Download Submit
C:\Windows\System\zjhnewg.exe

Filesize
2.1MB

MD5
cf6d43015c5e2a22552479db391f7eaa

SHA1
1f319dd889be450ead76a371ef2fb22a9d4a5e54

SHA256
aed7d16c1c76e8903253a7ea636af69d4c394d77d3d57487071689de580efba3

SHA512
ea47bc4d3eca4ce2f0501636703a9d7badee6627e0477839b081edfa19768ab9a23e5300deaefe416be377a3e2f92c51d32cb30bdbbdbfe2b764525f13deafe2

Download Submit
memory/528-616-0x00007FF6A3390000-0x00007FF6A36E4000-memory.dmp

Filesize
3.3MB

Download
memory/528-2127-0x00007FF6A3390000-0x00007FF6A36E4000-memory.dmp

Filesize
3.3MB

Download
memory/528-19-0x00007FF6A3390000-0x00007FF6A36E4000-memory.dmp

Filesize
3.3MB

Download
memory/636-81-0x00007FF67CC60000-0x00007FF67CFB4000-memory.dmp

Filesize
3.3MB

Download
memory/636-2138-0x00007FF67CC60000-0x00007FF67CFB4000-memory.dmp

Filesize
3.3MB

Download
memory/736-2139-0x00007FF707C90000-0x00007FF707FE4000-memory.dmp

Filesize
3.3MB

Download
memory/736-166-0x00007FF707C90000-0x00007FF707FE4000-memory.dmp

Filesize
3.3MB

Download
memory/788-1423-0x00007FF717A10000-0x00007FF717D64000-memory.dmp

Filesize
3.3MB

Download
memory/788-37-0x00007FF717A10000-0x00007FF717D64000-memory.dmp

Filesize
3.3MB

Download
memory/788-2131-0x00007FF717A10000-0x00007FF717D64000-memory.dmp

Filesize
3.3MB

Download
memory/844-2125-0x00007FF634680000-0x00007FF6349D4000-memory.dmp

Filesize
3.3MB

Download
memory/844-2148-0x00007FF634680000-0x00007FF6349D4000-memory.dmp

Filesize
3.3MB

Download
memory/844-126-0x00007FF634680000-0x00007FF6349D4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-35-0x00007FF7C1C40000-0x00007FF7C1F94000-memory.dmp

Filesize
3.3MB

Download
memory/1152-2128-0x00007FF7C1C40000-0x00007FF7C1F94000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2154-0x00007FF603160000-0x00007FF6034B4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-195-0x00007FF603160000-0x00007FF6034B4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2122-0x00007FF7C6620000-0x00007FF7C6974000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2141-0x00007FF7C6620000-0x00007FF7C6974000-memory.dmp

Filesize
3.3MB

Download
memory/1612-90-0x00007FF7C6620000-0x00007FF7C6974000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2137-0x00007FF7C27C0000-0x00007FF7C2B14000-memory.dmp

Filesize
3.3MB

Download
memory/2072-75-0x00007FF7C27C0000-0x00007FF7C2B14000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2151-0x00007FF71ED40000-0x00007FF71F094000-memory.dmp

Filesize
3.3MB

Download
memory/2272-191-0x00007FF71ED40000-0x00007FF71F094000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2152-0x00007FF7FD640000-0x00007FF7FD994000-memory.dmp

Filesize
3.3MB

Download
memory/2480-196-0x00007FF7FD640000-0x00007FF7FD994000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2121-0x00007FF6C5720000-0x00007FF6C5A74000-memory.dmp

Filesize
3.3MB

Download
memory/2564-51-0x00007FF6C5720000-0x00007FF6C5A74000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2134-0x00007FF6C5720000-0x00007FF6C5A74000-memory.dmp

Filesize
3.3MB

Download
memory/2616-160-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2143-0x00007FF60F870000-0x00007FF60FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-31-0x00007FF75A820000-0x00007FF75AB74000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2130-0x00007FF75A820000-0x00007FF75AB74000-memory.dmp

Filesize
3.3MB

Download
memory/2972-618-0x00007FF75A820000-0x00007FF75AB74000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2150-0x00007FF6C6CA0000-0x00007FF6C6FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-189-0x00007FF6C6CA0000-0x00007FF6C6FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3268-1432-0x00007FF6E0470000-0x00007FF6E07C4000-memory.dmp

Filesize
3.3MB

Download
memory/3268-48-0x00007FF6E0470000-0x00007FF6E07C4000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2135-0x00007FF6E0470000-0x00007FF6E07C4000-memory.dmp

Filesize
3.3MB

Download
memory/3424-188-0x00007FF6EBA30000-0x00007FF6EBD84000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2149-0x00007FF6EBA30000-0x00007FF6EBD84000-memory.dmp

Filesize
3.3MB

Download
memory/3588-622-0x00007FF65DA40000-0x00007FF65DD94000-memory.dmp

Filesize
3.3MB

Download
memory/3588-32-0x00007FF65DA40000-0x00007FF65DD94000-memory.dmp

Filesize
3.3MB

Download
memory/3588-2132-0x00007FF65DA40000-0x00007FF65DD94000-memory.dmp

Filesize
3.3MB

Download
memory/3776-612-0x00007FF7457D0000-0x00007FF745B24000-memory.dmp

Filesize
3.3MB

Download
memory/3776-0-0x00007FF7457D0000-0x00007FF745B24000-memory.dmp

Filesize
3.3MB

Download
memory/3776-1-0x000001E53C1C0000-0x000001E53C1D0000-memory.dmp

Filesize
64KB

Download
memory/3944-2123-0x00007FF7BCCF0000-0x00007FF7BD044000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2140-0x00007FF7BCCF0000-0x00007FF7BD044000-memory.dmp

Filesize
3.3MB

Download
memory/3944-96-0x00007FF7BCCF0000-0x00007FF7BD044000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2136-0x00007FF74F0E0000-0x00007FF74F434000-memory.dmp

Filesize
3.3MB

Download
memory/4004-64-0x00007FF74F0E0000-0x00007FF74F434000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2144-0x00007FF602F10000-0x00007FF603264000-memory.dmp

Filesize
3.3MB

Download
memory/4184-119-0x00007FF602F10000-0x00007FF603264000-memory.dmp

Filesize
3.3MB

Download
memory/4268-181-0x00007FF7E1630000-0x00007FF7E1984000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2147-0x00007FF7E1630000-0x00007FF7E1984000-memory.dmp

Filesize
3.3MB

Download
memory/4324-1013-0x00007FF7FCCE0000-0x00007FF7FD034000-memory.dmp

Filesize
3.3MB

Download
memory/4324-23-0x00007FF7FCCE0000-0x00007FF7FD034000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2129-0x00007FF7FCCE0000-0x00007FF7FD034000-memory.dmp

Filesize
3.3MB

Download
memory/4568-193-0x00007FF633380000-0x00007FF6336D4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2153-0x00007FF633380000-0x00007FF6336D4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-194-0x00007FF77D620000-0x00007FF77D974000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2155-0x00007FF77D620000-0x00007FF77D974000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2142-0x00007FF7BAFD0000-0x00007FF7BB324000-memory.dmp

Filesize
3.3MB

Download
memory/4728-157-0x00007FF7BAFD0000-0x00007FF7BB324000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2146-0x00007FF6A3520000-0x00007FF6A3874000-memory.dmp

Filesize
3.3MB

Download
memory/4924-143-0x00007FF6A3520000-0x00007FF6A3874000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2126-0x00007FF6A3520000-0x00007FF6A3874000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2145-0x00007FF7555C0000-0x00007FF755914000-memory.dmp

Filesize
3.3MB

Download
memory/4948-109-0x00007FF7555C0000-0x00007FF755914000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2124-0x00007FF7555C0000-0x00007FF755914000-memory.dmp

Filesize
3.3MB

Download
memory/5096-45-0x00007FF64D200000-0x00007FF64D554000-memory.dmp

Filesize
3.3MB

Download
memory/5096-1429-0x00007FF64D200000-0x00007FF64D554000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2133-0x00007FF64D200000-0x00007FF64D554000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads