xmrig | a44e04f76570f64e357ca7cb8e0a2d05eafe608d8cff904ed6ec74dbda758f80

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
Size

1.6MB
MD5

8544935051a2c2632d7b679121328510
SHA1

f72e867b08f148953eef907f4c19d5d3cf7b4d65
SHA256

a44e04f76570f64e357ca7cb8e0a2d05eafe608d8cff904ed6ec74dbda758f80
SHA512

ddc7a3b73944e9db976feb5a0135f5ec10259124f6799e4d7db2f2ee084a138361fef8a3d610853a51b0e6416d2a146767368d464d91ed2fa995047f40d23b01
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AXrc71c:BemTLkNdfE0pZrk

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1496-0-0x00007FF7BA5A0000-0x00007FF7BA8F4000-memory.dmp	xmrig
behavioral2/files/0x000900000002328e-5.dat	xmrig
behavioral2/memory/2756-12-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-17.dat	xmrig
behavioral2/files/0x0007000000023427-36.dat	xmrig
behavioral2/files/0x000700000002342c-55.dat	xmrig
behavioral2/files/0x000700000002342e-65.dat	xmrig
behavioral2/files/0x000700000002342f-78.dat	xmrig
behavioral2/files/0x0007000000023433-98.dat	xmrig
behavioral2/files/0x0007000000023438-115.dat	xmrig
behavioral2/files/0x000700000002343b-130.dat	xmrig
behavioral2/files/0x0007000000023442-165.dat	xmrig
behavioral2/memory/1276-643-0x00007FF700B50000-0x00007FF700EA4000-memory.dmp	xmrig
behavioral2/memory/3652-644-0x00007FF7BF0A0000-0x00007FF7BF3F4000-memory.dmp	xmrig
behavioral2/memory/2636-645-0x00007FF788280000-0x00007FF7885D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-163.dat	xmrig
behavioral2/files/0x0007000000023441-160.dat	xmrig
behavioral2/files/0x000700000002343f-158.dat	xmrig
behavioral2/files/0x000700000002343e-153.dat	xmrig
behavioral2/files/0x000700000002343d-148.dat	xmrig
behavioral2/files/0x000700000002343c-143.dat	xmrig
behavioral2/files/0x000700000002343a-133.dat	xmrig
behavioral2/files/0x0007000000023439-128.dat	xmrig
behavioral2/files/0x0007000000023437-118.dat	xmrig
behavioral2/files/0x0007000000023436-113.dat	xmrig
behavioral2/files/0x0007000000023435-108.dat	xmrig
behavioral2/files/0x0007000000023434-103.dat	xmrig
behavioral2/files/0x0007000000023432-93.dat	xmrig
behavioral2/files/0x0007000000023431-88.dat	xmrig
behavioral2/files/0x0007000000023430-83.dat	xmrig
behavioral2/files/0x000700000002342d-68.dat	xmrig
behavioral2/files/0x000700000002342b-56.dat	xmrig
behavioral2/files/0x000700000002342a-50.dat	xmrig
behavioral2/files/0x0007000000023429-46.dat	xmrig
behavioral2/files/0x0007000000023428-40.dat	xmrig
behavioral2/files/0x0007000000023426-30.dat	xmrig
behavioral2/files/0x0007000000023425-25.dat	xmrig
behavioral2/memory/3936-10-0x00007FF759C60000-0x00007FF759FB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-9.dat	xmrig
behavioral2/memory/440-646-0x00007FF73A340000-0x00007FF73A694000-memory.dmp	xmrig
behavioral2/memory/948-647-0x00007FF677160000-0x00007FF6774B4000-memory.dmp	xmrig
behavioral2/memory/2340-648-0x00007FF6F48D0000-0x00007FF6F4C24000-memory.dmp	xmrig
behavioral2/memory/1652-649-0x00007FF74B3F0000-0x00007FF74B744000-memory.dmp	xmrig
behavioral2/memory/1756-666-0x00007FF6042F0000-0x00007FF604644000-memory.dmp	xmrig
behavioral2/memory/2108-663-0x00007FF6D24B0000-0x00007FF6D2804000-memory.dmp	xmrig
behavioral2/memory/2016-671-0x00007FF7A7B00000-0x00007FF7A7E54000-memory.dmp	xmrig
behavioral2/memory/5052-655-0x00007FF7A1A00000-0x00007FF7A1D54000-memory.dmp	xmrig
behavioral2/memory/5116-693-0x00007FF6B3950000-0x00007FF6B3CA4000-memory.dmp	xmrig
behavioral2/memory/3508-702-0x00007FF631A00000-0x00007FF631D54000-memory.dmp	xmrig
behavioral2/memory/2120-705-0x00007FF74DAE0000-0x00007FF74DE34000-memory.dmp	xmrig
behavioral2/memory/2480-690-0x00007FF79A330000-0x00007FF79A684000-memory.dmp	xmrig
behavioral2/memory/3552-686-0x00007FF700C10000-0x00007FF700F64000-memory.dmp	xmrig
behavioral2/memory/2956-756-0x00007FF6D4560000-0x00007FF6D48B4000-memory.dmp	xmrig
behavioral2/memory/4536-764-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp	xmrig
behavioral2/memory/3168-767-0x00007FF663C30000-0x00007FF663F84000-memory.dmp	xmrig
behavioral2/memory/1948-768-0x00007FF692A80000-0x00007FF692DD4000-memory.dmp	xmrig
behavioral2/memory/1720-774-0x00007FF7E1F90000-0x00007FF7E22E4000-memory.dmp	xmrig
behavioral2/memory/3328-763-0x00007FF6B14D0000-0x00007FF6B1824000-memory.dmp	xmrig
behavioral2/memory/532-760-0x00007FF7212F0000-0x00007FF721644000-memory.dmp	xmrig
behavioral2/memory/4088-752-0x00007FF66B4E0000-0x00007FF66B834000-memory.dmp	xmrig
behavioral2/memory/5028-679-0x00007FF73FFA0000-0x00007FF7402F4000-memory.dmp	xmrig
behavioral2/memory/3480-674-0x00007FF6A2CA0000-0x00007FF6A2FF4000-memory.dmp	xmrig
behavioral2/memory/3212-650-0x00007FF6A39E0000-0x00007FF6A3D34000-memory.dmp	xmrig
behavioral2/memory/1496-2143-0x00007FF7BA5A0000-0x00007FF7BA8F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3936	FMTkXPZ.exe
2756	dXGqTNh.exe
1276	JFWlRKF.exe
3652	BevWjoC.exe
2636	roeaWyH.exe
440	ODqPDqx.exe
948	KDCbEwS.exe
2340	FzCjxzj.exe
1652	hCtiWpS.exe
3212	nmpGKmX.exe
5052	iyrKmRU.exe
2108	sdlaFWj.exe
1756	hSbyKvs.exe
2016	MrYyqnc.exe
3480	kgiWDnn.exe
5028	PxWwXGF.exe
3552	jjouKkP.exe
2480	wRDTAFf.exe
5116	snkKfeI.exe
3508	IFCwfMn.exe
2120	kmbaXmM.exe
4088	ikQTvlM.exe
2956	sYdnliP.exe
532	RGMOhBp.exe
3328	jLsjuVm.exe
4536	IIYfcUV.exe
3168	zspsbSQ.exe
1948	htMPDqv.exe
1720	PVqUQJc.exe
3892	yMpJaLQ.exe
1088	GUmQFBE.exe
2548	KPnwOGs.exe
4956	YTbotfX.exe
680	oiBMumf.exe
3288	ndPyknE.exe
4652	DRzmTRF.exe
1896	xXisQtk.exe
3912	gOfMnaH.exe
4580	UGnHEJr.exe
5088	qIeONjG.exe
1884	TjcKvjl.exe
4452	yUGxmLJ.exe
1972	DlfSFXO.exe
456	dPMxXas.exe
4432	KbezxND.exe
3940	ToKvUtg.exe
3948	XhdYxgQ.exe
4616	cRWrogS.exe
1804	CECgPIH.exe
3692	baDZXlM.exe
3068	jUYfTxs.exe
688	yrPHLTs.exe
624	jWdoSFl.exe
4276	PRUQPCj.exe
4796	NiUWbcB.exe
2004	ezRYIyw.exe
4752	BIrEAWL.exe
3104	HeGsBTb.exe
2304	lurDbcS.exe
1604	WjGjmyr.exe
920	gjqJcHb.exe
4676	TzcSOmh.exe
3460	krElWTq.exe
1668	MkSGpMv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1496-0-0x00007FF7BA5A0000-0x00007FF7BA8F4000-memory.dmp	upx
behavioral2/files/0x000900000002328e-5.dat	upx
behavioral2/memory/2756-12-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp	upx
behavioral2/files/0x0007000000023424-17.dat	upx
behavioral2/files/0x0007000000023427-36.dat	upx
behavioral2/files/0x000700000002342c-55.dat	upx
behavioral2/files/0x000700000002342e-65.dat	upx
behavioral2/files/0x000700000002342f-78.dat	upx
behavioral2/files/0x0007000000023433-98.dat	upx
behavioral2/files/0x0007000000023438-115.dat	upx
behavioral2/files/0x000700000002343b-130.dat	upx
behavioral2/files/0x0007000000023442-165.dat	upx
behavioral2/memory/1276-643-0x00007FF700B50000-0x00007FF700EA4000-memory.dmp	upx
behavioral2/memory/3652-644-0x00007FF7BF0A0000-0x00007FF7BF3F4000-memory.dmp	upx
behavioral2/memory/2636-645-0x00007FF788280000-0x00007FF7885D4000-memory.dmp	upx
behavioral2/files/0x0007000000023440-163.dat	upx
behavioral2/files/0x0007000000023441-160.dat	upx
behavioral2/files/0x000700000002343f-158.dat	upx
behavioral2/files/0x000700000002343e-153.dat	upx
behavioral2/files/0x000700000002343d-148.dat	upx
behavioral2/files/0x000700000002343c-143.dat	upx
behavioral2/files/0x000700000002343a-133.dat	upx
behavioral2/files/0x0007000000023439-128.dat	upx
behavioral2/files/0x0007000000023437-118.dat	upx
behavioral2/files/0x0007000000023436-113.dat	upx
behavioral2/files/0x0007000000023435-108.dat	upx
behavioral2/files/0x0007000000023434-103.dat	upx
behavioral2/files/0x0007000000023432-93.dat	upx
behavioral2/files/0x0007000000023431-88.dat	upx
behavioral2/files/0x0007000000023430-83.dat	upx
behavioral2/files/0x000700000002342d-68.dat	upx
behavioral2/files/0x000700000002342b-56.dat	upx
behavioral2/files/0x000700000002342a-50.dat	upx
behavioral2/files/0x0007000000023429-46.dat	upx
behavioral2/files/0x0007000000023428-40.dat	upx
behavioral2/files/0x0007000000023426-30.dat	upx
behavioral2/files/0x0007000000023425-25.dat	upx
behavioral2/memory/3936-10-0x00007FF759C60000-0x00007FF759FB4000-memory.dmp	upx
behavioral2/files/0x0007000000023423-9.dat	upx
behavioral2/memory/440-646-0x00007FF73A340000-0x00007FF73A694000-memory.dmp	upx
behavioral2/memory/948-647-0x00007FF677160000-0x00007FF6774B4000-memory.dmp	upx
behavioral2/memory/2340-648-0x00007FF6F48D0000-0x00007FF6F4C24000-memory.dmp	upx
behavioral2/memory/1652-649-0x00007FF74B3F0000-0x00007FF74B744000-memory.dmp	upx
behavioral2/memory/1756-666-0x00007FF6042F0000-0x00007FF604644000-memory.dmp	upx
behavioral2/memory/2108-663-0x00007FF6D24B0000-0x00007FF6D2804000-memory.dmp	upx
behavioral2/memory/2016-671-0x00007FF7A7B00000-0x00007FF7A7E54000-memory.dmp	upx
behavioral2/memory/5052-655-0x00007FF7A1A00000-0x00007FF7A1D54000-memory.dmp	upx
behavioral2/memory/5116-693-0x00007FF6B3950000-0x00007FF6B3CA4000-memory.dmp	upx
behavioral2/memory/3508-702-0x00007FF631A00000-0x00007FF631D54000-memory.dmp	upx
behavioral2/memory/2120-705-0x00007FF74DAE0000-0x00007FF74DE34000-memory.dmp	upx
behavioral2/memory/2480-690-0x00007FF79A330000-0x00007FF79A684000-memory.dmp	upx
behavioral2/memory/3552-686-0x00007FF700C10000-0x00007FF700F64000-memory.dmp	upx
behavioral2/memory/2956-756-0x00007FF6D4560000-0x00007FF6D48B4000-memory.dmp	upx
behavioral2/memory/4536-764-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp	upx
behavioral2/memory/3168-767-0x00007FF663C30000-0x00007FF663F84000-memory.dmp	upx
behavioral2/memory/1948-768-0x00007FF692A80000-0x00007FF692DD4000-memory.dmp	upx
behavioral2/memory/1720-774-0x00007FF7E1F90000-0x00007FF7E22E4000-memory.dmp	upx
behavioral2/memory/3328-763-0x00007FF6B14D0000-0x00007FF6B1824000-memory.dmp	upx
behavioral2/memory/532-760-0x00007FF7212F0000-0x00007FF721644000-memory.dmp	upx
behavioral2/memory/4088-752-0x00007FF66B4E0000-0x00007FF66B834000-memory.dmp	upx
behavioral2/memory/5028-679-0x00007FF73FFA0000-0x00007FF7402F4000-memory.dmp	upx
behavioral2/memory/3480-674-0x00007FF6A2CA0000-0x00007FF6A2FF4000-memory.dmp	upx
behavioral2/memory/3212-650-0x00007FF6A39E0000-0x00007FF6A3D34000-memory.dmp	upx
behavioral2/memory/1496-2143-0x00007FF7BA5A0000-0x00007FF7BA8F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\phRAYXj.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\hQVJnBT.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\lRxbMiz.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\njXMpmZ.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\IxtZQMM.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\raQUcoX.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\tlHgHsM.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\IEPSrhj.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\VvsclAH.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\DBuwbLQ.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\MoHFcuM.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\dKdyWjD.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\mPtYkhC.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\ubPudhL.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\AXVElBa.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\VUKEwjB.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\DGZgQXO.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\LBreQCb.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\VcaqsbE.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\jLsjuVm.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\jMEqkvr.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\DqDdSYG.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\kxJDKif.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\PJNnKaA.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\CxJJlsh.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\rWvlJKY.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\UlwLqnl.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\XTWORIv.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\HOTWFjw.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\mJTUGoG.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\rZRZmtG.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\oJmyeqr.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\vjeyjnO.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\roeaWyH.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\UGnHEJr.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\TzcSOmh.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\RNXYgzW.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\YlbVCHO.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\IVLLpqy.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\oVEwbPK.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\NvFnmmM.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\SzpVESM.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\OfnoTNP.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\SSKiswl.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\GHSGYNn.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\RcSjSiY.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\wdsaBSc.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\lYxIEpx.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\EYqCZHz.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\gXpEUtB.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\jEKGLZB.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\pTpOWZE.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\NopWZlg.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\TrjkuAU.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\QVIaUQo.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\XVCWnKe.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\ZWQOLhL.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\yWNSCkx.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\nokhNCI.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\FkihsPz.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\eXytaWl.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\FnbeOGD.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\iyrKmRU.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
File created	C:\Windows\System\uwmpaJr.exe	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12184	dwm.exe
Token: SeChangeNotifyPrivilege	12184	dwm.exe
Token: 33	12184	dwm.exe
Token: SeIncBasePriorityPrivilege	12184	dwm.exe
Token: SeShutdownPrivilege	12184	dwm.exe
Token: SeCreatePagefilePrivilege	12184	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 3936	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	84
PID 1496 wrote to memory of 3936	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	84
PID 1496 wrote to memory of 2756	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	85
PID 1496 wrote to memory of 2756	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	85
PID 1496 wrote to memory of 1276	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	86
PID 1496 wrote to memory of 1276	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	86
PID 1496 wrote to memory of 3652	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	87
PID 1496 wrote to memory of 3652	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	87
PID 1496 wrote to memory of 2636	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	88
PID 1496 wrote to memory of 2636	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	88
PID 1496 wrote to memory of 440	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	89
PID 1496 wrote to memory of 440	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	89
PID 1496 wrote to memory of 948	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	90
PID 1496 wrote to memory of 948	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	90
PID 1496 wrote to memory of 2340	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	91
PID 1496 wrote to memory of 2340	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	91
PID 1496 wrote to memory of 1652	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	92
PID 1496 wrote to memory of 1652	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	92
PID 1496 wrote to memory of 3212	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	93
PID 1496 wrote to memory of 3212	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	93
PID 1496 wrote to memory of 5052	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	94
PID 1496 wrote to memory of 5052	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	94
PID 1496 wrote to memory of 2108	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	95
PID 1496 wrote to memory of 2108	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	95
PID 1496 wrote to memory of 1756	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	96
PID 1496 wrote to memory of 1756	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	96
PID 1496 wrote to memory of 2016	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	97
PID 1496 wrote to memory of 2016	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	97
PID 1496 wrote to memory of 3480	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	98
PID 1496 wrote to memory of 3480	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	98
PID 1496 wrote to memory of 5028	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	99
PID 1496 wrote to memory of 5028	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	99
PID 1496 wrote to memory of 3552	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	100
PID 1496 wrote to memory of 3552	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	100
PID 1496 wrote to memory of 2480	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	101
PID 1496 wrote to memory of 2480	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	101
PID 1496 wrote to memory of 5116	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	102
PID 1496 wrote to memory of 5116	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	102
PID 1496 wrote to memory of 3508	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	103
PID 1496 wrote to memory of 3508	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	103
PID 1496 wrote to memory of 2120	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	104
PID 1496 wrote to memory of 2120	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	104
PID 1496 wrote to memory of 4088	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	105
PID 1496 wrote to memory of 4088	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	105
PID 1496 wrote to memory of 2956	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	106
PID 1496 wrote to memory of 2956	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	106
PID 1496 wrote to memory of 532	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	107
PID 1496 wrote to memory of 532	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	107
PID 1496 wrote to memory of 3328	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	108
PID 1496 wrote to memory of 3328	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	108
PID 1496 wrote to memory of 4536	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	109
PID 1496 wrote to memory of 4536	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	109
PID 1496 wrote to memory of 3168	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	110
PID 1496 wrote to memory of 3168	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	110
PID 1496 wrote to memory of 1948	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	111
PID 1496 wrote to memory of 1948	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	111
PID 1496 wrote to memory of 1720	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	112
PID 1496 wrote to memory of 1720	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	112
PID 1496 wrote to memory of 3892	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	113
PID 1496 wrote to memory of 3892	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	113
PID 1496 wrote to memory of 1088	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	114
PID 1496 wrote to memory of 1088	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	114
PID 1496 wrote to memory of 2548	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	115
PID 1496 wrote to memory of 2548	1496	8544935051a2c2632d7b679121328510_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\8544935051a2c2632d7b679121328510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8544935051a2c2632d7b679121328510_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\System\FMTkXPZ.exe
  C:\Windows\System\FMTkXPZ.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\dXGqTNh.exe
  C:\Windows\System\dXGqTNh.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\JFWlRKF.exe
  C:\Windows\System\JFWlRKF.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\BevWjoC.exe
  C:\Windows\System\BevWjoC.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\roeaWyH.exe
  C:\Windows\System\roeaWyH.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ODqPDqx.exe
  C:\Windows\System\ODqPDqx.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\KDCbEwS.exe
  C:\Windows\System\KDCbEwS.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\FzCjxzj.exe
  C:\Windows\System\FzCjxzj.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\hCtiWpS.exe
  C:\Windows\System\hCtiWpS.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\nmpGKmX.exe
  C:\Windows\System\nmpGKmX.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\iyrKmRU.exe
  C:\Windows\System\iyrKmRU.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\sdlaFWj.exe
  C:\Windows\System\sdlaFWj.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\hSbyKvs.exe
  C:\Windows\System\hSbyKvs.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\MrYyqnc.exe
  C:\Windows\System\MrYyqnc.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\kgiWDnn.exe
  C:\Windows\System\kgiWDnn.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\PxWwXGF.exe
  C:\Windows\System\PxWwXGF.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\jjouKkP.exe
  C:\Windows\System\jjouKkP.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\wRDTAFf.exe
  C:\Windows\System\wRDTAFf.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\snkKfeI.exe
  C:\Windows\System\snkKfeI.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\IFCwfMn.exe
  C:\Windows\System\IFCwfMn.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\kmbaXmM.exe
  C:\Windows\System\kmbaXmM.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ikQTvlM.exe
  C:\Windows\System\ikQTvlM.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\sYdnliP.exe
  C:\Windows\System\sYdnliP.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\RGMOhBp.exe
  C:\Windows\System\RGMOhBp.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\jLsjuVm.exe
  C:\Windows\System\jLsjuVm.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\IIYfcUV.exe
  C:\Windows\System\IIYfcUV.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\zspsbSQ.exe
  C:\Windows\System\zspsbSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\htMPDqv.exe
  C:\Windows\System\htMPDqv.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\PVqUQJc.exe
  C:\Windows\System\PVqUQJc.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\yMpJaLQ.exe
  C:\Windows\System\yMpJaLQ.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\GUmQFBE.exe
  C:\Windows\System\GUmQFBE.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\KPnwOGs.exe
  C:\Windows\System\KPnwOGs.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\YTbotfX.exe
  C:\Windows\System\YTbotfX.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\oiBMumf.exe
  C:\Windows\System\oiBMumf.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\ndPyknE.exe
  C:\Windows\System\ndPyknE.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\DRzmTRF.exe
  C:\Windows\System\DRzmTRF.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\xXisQtk.exe
  C:\Windows\System\xXisQtk.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\gOfMnaH.exe
  C:\Windows\System\gOfMnaH.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\UGnHEJr.exe
  C:\Windows\System\UGnHEJr.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\qIeONjG.exe
  C:\Windows\System\qIeONjG.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\TjcKvjl.exe
  C:\Windows\System\TjcKvjl.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\yUGxmLJ.exe
  C:\Windows\System\yUGxmLJ.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\DlfSFXO.exe
  C:\Windows\System\DlfSFXO.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\dPMxXas.exe
  C:\Windows\System\dPMxXas.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\KbezxND.exe
  C:\Windows\System\KbezxND.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\ToKvUtg.exe
  C:\Windows\System\ToKvUtg.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\XhdYxgQ.exe
  C:\Windows\System\XhdYxgQ.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\cRWrogS.exe
  C:\Windows\System\cRWrogS.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\CECgPIH.exe
  C:\Windows\System\CECgPIH.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\baDZXlM.exe
  C:\Windows\System\baDZXlM.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\jUYfTxs.exe
  C:\Windows\System\jUYfTxs.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\yrPHLTs.exe
  C:\Windows\System\yrPHLTs.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\jWdoSFl.exe
  C:\Windows\System\jWdoSFl.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\PRUQPCj.exe
  C:\Windows\System\PRUQPCj.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\NiUWbcB.exe
  C:\Windows\System\NiUWbcB.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\ezRYIyw.exe
  C:\Windows\System\ezRYIyw.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\BIrEAWL.exe
  C:\Windows\System\BIrEAWL.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\HeGsBTb.exe
  C:\Windows\System\HeGsBTb.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\lurDbcS.exe
  C:\Windows\System\lurDbcS.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\WjGjmyr.exe
  C:\Windows\System\WjGjmyr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\gjqJcHb.exe
  C:\Windows\System\gjqJcHb.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\TzcSOmh.exe
  C:\Windows\System\TzcSOmh.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\krElWTq.exe
  C:\Windows\System\krElWTq.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\MkSGpMv.exe
  C:\Windows\System\MkSGpMv.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\vSdXrUh.exe
  C:\Windows\System\vSdXrUh.exe
  2⤵
  PID:2188
- C:\Windows\System\UlwLqnl.exe
  C:\Windows\System\UlwLqnl.exe
  2⤵
  PID:4904
- C:\Windows\System\yIUHMnQ.exe
  C:\Windows\System\yIUHMnQ.exe
  2⤵
  PID:4060
- C:\Windows\System\xIXAvNP.exe
  C:\Windows\System\xIXAvNP.exe
  2⤵
  PID:2512
- C:\Windows\System\CVdLhFk.exe
  C:\Windows\System\CVdLhFk.exe
  2⤵
  PID:4544
- C:\Windows\System\OKbgEBV.exe
  C:\Windows\System\OKbgEBV.exe
  2⤵
  PID:1092
- C:\Windows\System\pubwQkU.exe
  C:\Windows\System\pubwQkU.exe
  2⤵
  PID:1924
- C:\Windows\System\pRAvjLi.exe
  C:\Windows\System\pRAvjLi.exe
  2⤵
  PID:4304
- C:\Windows\System\qKkeWkl.exe
  C:\Windows\System\qKkeWkl.exe
  2⤵
  PID:5016
- C:\Windows\System\aWTuNZk.exe
  C:\Windows\System\aWTuNZk.exe
  2⤵
  PID:3976
- C:\Windows\System\TeOutuu.exe
  C:\Windows\System\TeOutuu.exe
  2⤵
  PID:4980
- C:\Windows\System\QZwBZoA.exe
  C:\Windows\System\QZwBZoA.exe
  2⤵
  PID:768
- C:\Windows\System\AXVElBa.exe
  C:\Windows\System\AXVElBa.exe
  2⤵
  PID:2864
- C:\Windows\System\XHAQaqm.exe
  C:\Windows\System\XHAQaqm.exe
  2⤵
  PID:5140
- C:\Windows\System\EYqCZHz.exe
  C:\Windows\System\EYqCZHz.exe
  2⤵
  PID:5168
- C:\Windows\System\nOGAsRV.exe
  C:\Windows\System\nOGAsRV.exe
  2⤵
  PID:5196
- C:\Windows\System\GiGIfNM.exe
  C:\Windows\System\GiGIfNM.exe
  2⤵
  PID:5220
- C:\Windows\System\ccRGRdw.exe
  C:\Windows\System\ccRGRdw.exe
  2⤵
  PID:5252
- C:\Windows\System\kTBUJoO.exe
  C:\Windows\System\kTBUJoO.exe
  2⤵
  PID:5280
- C:\Windows\System\qyxjymT.exe
  C:\Windows\System\qyxjymT.exe
  2⤵
  PID:5312
- C:\Windows\System\LatYfro.exe
  C:\Windows\System\LatYfro.exe
  2⤵
  PID:5340
- C:\Windows\System\HdtUWgs.exe
  C:\Windows\System\HdtUWgs.exe
  2⤵
  PID:5364
- C:\Windows\System\eabRXzv.exe
  C:\Windows\System\eabRXzv.exe
  2⤵
  PID:5388
- C:\Windows\System\TrmcBYG.exe
  C:\Windows\System\TrmcBYG.exe
  2⤵
  PID:5416
- C:\Windows\System\yBYrohq.exe
  C:\Windows\System\yBYrohq.exe
  2⤵
  PID:5444
- C:\Windows\System\NRHyqyk.exe
  C:\Windows\System\NRHyqyk.exe
  2⤵
  PID:5476
- C:\Windows\System\XdpHtbY.exe
  C:\Windows\System\XdpHtbY.exe
  2⤵
  PID:5504
- C:\Windows\System\DbAKeFa.exe
  C:\Windows\System\DbAKeFa.exe
  2⤵
  PID:5528
- C:\Windows\System\nKMUuar.exe
  C:\Windows\System\nKMUuar.exe
  2⤵
  PID:5556
- C:\Windows\System\TyiXZjU.exe
  C:\Windows\System\TyiXZjU.exe
  2⤵
  PID:5588
- C:\Windows\System\zJqcYYE.exe
  C:\Windows\System\zJqcYYE.exe
  2⤵
  PID:5616
- C:\Windows\System\mzThwuh.exe
  C:\Windows\System\mzThwuh.exe
  2⤵
  PID:5644
- C:\Windows\System\OljUqZq.exe
  C:\Windows\System\OljUqZq.exe
  2⤵
  PID:5668
- C:\Windows\System\ceqLveD.exe
  C:\Windows\System\ceqLveD.exe
  2⤵
  PID:5696
- C:\Windows\System\ZhJllvQ.exe
  C:\Windows\System\ZhJllvQ.exe
  2⤵
  PID:5724
- C:\Windows\System\STiNHfx.exe
  C:\Windows\System\STiNHfx.exe
  2⤵
  PID:5752
- C:\Windows\System\uwmpaJr.exe
  C:\Windows\System\uwmpaJr.exe
  2⤵
  PID:5780
- C:\Windows\System\opeHGCa.exe
  C:\Windows\System\opeHGCa.exe
  2⤵
  PID:5808
- C:\Windows\System\dIBmHxT.exe
  C:\Windows\System\dIBmHxT.exe
  2⤵
  PID:5836
- C:\Windows\System\njXMpmZ.exe
  C:\Windows\System\njXMpmZ.exe
  2⤵
  PID:5864
- C:\Windows\System\TdTtthh.exe
  C:\Windows\System\TdTtthh.exe
  2⤵
  PID:5892
- C:\Windows\System\nokhNCI.exe
  C:\Windows\System\nokhNCI.exe
  2⤵
  PID:5920
- C:\Windows\System\nxfSBuG.exe
  C:\Windows\System\nxfSBuG.exe
  2⤵
  PID:5952
- C:\Windows\System\vdTfXfH.exe
  C:\Windows\System\vdTfXfH.exe
  2⤵
  PID:5976
- C:\Windows\System\JeIrGju.exe
  C:\Windows\System\JeIrGju.exe
  2⤵
  PID:6008
- C:\Windows\System\TrjkuAU.exe
  C:\Windows\System\TrjkuAU.exe
  2⤵
  PID:6036
- C:\Windows\System\fJglDuz.exe
  C:\Windows\System\fJglDuz.exe
  2⤵
  PID:6064
- C:\Windows\System\TVXLaMx.exe
  C:\Windows\System\TVXLaMx.exe
  2⤵
  PID:6092
- C:\Windows\System\pfvblqG.exe
  C:\Windows\System\pfvblqG.exe
  2⤵
  PID:6120
- C:\Windows\System\EuRySUR.exe
  C:\Windows\System\EuRySUR.exe
  2⤵
  PID:5064
- C:\Windows\System\UmAzHJK.exe
  C:\Windows\System\UmAzHJK.exe
  2⤵
  PID:3216
- C:\Windows\System\IMscPeD.exe
  C:\Windows\System\IMscPeD.exe
  2⤵
  PID:1368
- C:\Windows\System\smFqJXs.exe
  C:\Windows\System\smFqJXs.exe
  2⤵
  PID:3220
- C:\Windows\System\AKLiHzH.exe
  C:\Windows\System\AKLiHzH.exe
  2⤵
  PID:4444
- C:\Windows\System\ruPzNNe.exe
  C:\Windows\System\ruPzNNe.exe
  2⤵
  PID:748
- C:\Windows\System\ByacOUJ.exe
  C:\Windows\System\ByacOUJ.exe
  2⤵
  PID:1416
- C:\Windows\System\elkIUhl.exe
  C:\Windows\System\elkIUhl.exe
  2⤵
  PID:5160
- C:\Windows\System\LKyHyKJ.exe
  C:\Windows\System\LKyHyKJ.exe
  2⤵
  PID:5240
- C:\Windows\System\orZORpA.exe
  C:\Windows\System\orZORpA.exe
  2⤵
  PID:5300
- C:\Windows\System\FkihsPz.exe
  C:\Windows\System\FkihsPz.exe
  2⤵
  PID:5376
- C:\Windows\System\UqwHvfm.exe
  C:\Windows\System\UqwHvfm.exe
  2⤵
  PID:5432
- C:\Windows\System\pFeHXSm.exe
  C:\Windows\System\pFeHXSm.exe
  2⤵
  PID:5492
- C:\Windows\System\JIzuOAG.exe
  C:\Windows\System\JIzuOAG.exe
  2⤵
  PID:5572
- C:\Windows\System\bbXnnhW.exe
  C:\Windows\System\bbXnnhW.exe
  2⤵
  PID:5632
- C:\Windows\System\NUIDdEv.exe
  C:\Windows\System\NUIDdEv.exe
  2⤵
  PID:5692
- C:\Windows\System\IHNslex.exe
  C:\Windows\System\IHNslex.exe
  2⤵
  PID:5768
- C:\Windows\System\QaNoClc.exe
  C:\Windows\System\QaNoClc.exe
  2⤵
  PID:5828
- C:\Windows\System\EmQUEoq.exe
  C:\Windows\System\EmQUEoq.exe
  2⤵
  PID:5888
- C:\Windows\System\SVKUwdh.exe
  C:\Windows\System\SVKUwdh.exe
  2⤵
  PID:5944
- C:\Windows\System\mOMojPw.exe
  C:\Windows\System\mOMojPw.exe
  2⤵
  PID:6024
- C:\Windows\System\QyZfynE.exe
  C:\Windows\System\QyZfynE.exe
  2⤵
  PID:6084
- C:\Windows\System\gZUDZJH.exe
  C:\Windows\System\gZUDZJH.exe
  2⤵
  PID:1984
- C:\Windows\System\gbforBb.exe
  C:\Windows\System\gbforBb.exe
  2⤵
  PID:3488
- C:\Windows\System\qJraPFZ.exe
  C:\Windows\System\qJraPFZ.exe
  2⤵
  PID:4360
- C:\Windows\System\eFDycJl.exe
  C:\Windows\System\eFDycJl.exe
  2⤵
  PID:5152
- C:\Windows\System\QVIaUQo.exe
  C:\Windows\System\QVIaUQo.exe
  2⤵
  PID:5272
- C:\Windows\System\kwevUxR.exe
  C:\Windows\System\kwevUxR.exe
  2⤵
  PID:5412
- C:\Windows\System\BlegMdr.exe
  C:\Windows\System\BlegMdr.exe
  2⤵
  PID:5600
- C:\Windows\System\MoHFcuM.exe
  C:\Windows\System\MoHFcuM.exe
  2⤵
  PID:5740
- C:\Windows\System\EpdwhFO.exe
  C:\Windows\System\EpdwhFO.exe
  2⤵
  PID:6152
- C:\Windows\System\VuRHWEv.exe
  C:\Windows\System\VuRHWEv.exe
  2⤵
  PID:6180
- C:\Windows\System\bNbJqyN.exe
  C:\Windows\System\bNbJqyN.exe
  2⤵
  PID:6208
- C:\Windows\System\ufFBLGp.exe
  C:\Windows\System\ufFBLGp.exe
  2⤵
  PID:6236
- C:\Windows\System\swoJTfg.exe
  C:\Windows\System\swoJTfg.exe
  2⤵
  PID:6264
- C:\Windows\System\fVtWGFF.exe
  C:\Windows\System\fVtWGFF.exe
  2⤵
  PID:6292
- C:\Windows\System\IayfvuE.exe
  C:\Windows\System\IayfvuE.exe
  2⤵
  PID:6320
- C:\Windows\System\CsSwDHZ.exe
  C:\Windows\System\CsSwDHZ.exe
  2⤵
  PID:6348
- C:\Windows\System\vjeedcz.exe
  C:\Windows\System\vjeedcz.exe
  2⤵
  PID:6376
- C:\Windows\System\JARuITK.exe
  C:\Windows\System\JARuITK.exe
  2⤵
  PID:6404
- C:\Windows\System\MBcQfFk.exe
  C:\Windows\System\MBcQfFk.exe
  2⤵
  PID:6428
- C:\Windows\System\Zcsufxt.exe
  C:\Windows\System\Zcsufxt.exe
  2⤵
  PID:6456
- C:\Windows\System\gSxkLCE.exe
  C:\Windows\System\gSxkLCE.exe
  2⤵
  PID:6484
- C:\Windows\System\sauhqQT.exe
  C:\Windows\System\sauhqQT.exe
  2⤵
  PID:6516
- C:\Windows\System\OCdEBTz.exe
  C:\Windows\System\OCdEBTz.exe
  2⤵
  PID:6544
- C:\Windows\System\IXjiVLn.exe
  C:\Windows\System\IXjiVLn.exe
  2⤵
  PID:6572
- C:\Windows\System\IhZuuzG.exe
  C:\Windows\System\IhZuuzG.exe
  2⤵
  PID:6600
- C:\Windows\System\YgIlseU.exe
  C:\Windows\System\YgIlseU.exe
  2⤵
  PID:6628
- C:\Windows\System\ZtDSccw.exe
  C:\Windows\System\ZtDSccw.exe
  2⤵
  PID:6656
- C:\Windows\System\IxtZQMM.exe
  C:\Windows\System\IxtZQMM.exe
  2⤵
  PID:6684
- C:\Windows\System\JaCKxkH.exe
  C:\Windows\System\JaCKxkH.exe
  2⤵
  PID:6712
- C:\Windows\System\lcUbRqi.exe
  C:\Windows\System\lcUbRqi.exe
  2⤵
  PID:6740
- C:\Windows\System\vqefVSN.exe
  C:\Windows\System\vqefVSN.exe
  2⤵
  PID:6768
- C:\Windows\System\KvXcgwN.exe
  C:\Windows\System\KvXcgwN.exe
  2⤵
  PID:6796
- C:\Windows\System\qhChFra.exe
  C:\Windows\System\qhChFra.exe
  2⤵
  PID:6824
- C:\Windows\System\OhrWBCY.exe
  C:\Windows\System\OhrWBCY.exe
  2⤵
  PID:6852
- C:\Windows\System\WStQLfA.exe
  C:\Windows\System\WStQLfA.exe
  2⤵
  PID:6880
- C:\Windows\System\trCCUxn.exe
  C:\Windows\System\trCCUxn.exe
  2⤵
  PID:6908
- C:\Windows\System\IZDTELA.exe
  C:\Windows\System\IZDTELA.exe
  2⤵
  PID:6936
- C:\Windows\System\CokoTVh.exe
  C:\Windows\System\CokoTVh.exe
  2⤵
  PID:6964
- C:\Windows\System\jXknLuW.exe
  C:\Windows\System\jXknLuW.exe
  2⤵
  PID:6992
- C:\Windows\System\TurBPWA.exe
  C:\Windows\System\TurBPWA.exe
  2⤵
  PID:7020
- C:\Windows\System\fJnnXpA.exe
  C:\Windows\System\fJnnXpA.exe
  2⤵
  PID:7048
- C:\Windows\System\rncoZvR.exe
  C:\Windows\System\rncoZvR.exe
  2⤵
  PID:7076
- C:\Windows\System\PxGrVEP.exe
  C:\Windows\System\PxGrVEP.exe
  2⤵
  PID:7104
- C:\Windows\System\SkTareB.exe
  C:\Windows\System\SkTareB.exe
  2⤵
  PID:7132
- C:\Windows\System\RPGOhJE.exe
  C:\Windows\System\RPGOhJE.exe
  2⤵
  PID:7160
- C:\Windows\System\ExncBBw.exe
  C:\Windows\System\ExncBBw.exe
  2⤵
  PID:5992
- C:\Windows\System\RsjWsyK.exe
  C:\Windows\System\RsjWsyK.exe
  2⤵
  PID:6132
- C:\Windows\System\OfyZzwG.exe
  C:\Windows\System\OfyZzwG.exe
  2⤵
  PID:1836
- C:\Windows\System\tnmgIWK.exe
  C:\Windows\System\tnmgIWK.exe
  2⤵
  PID:5216
- C:\Windows\System\ratNKrJ.exe
  C:\Windows\System\ratNKrJ.exe
  2⤵
  PID:5544
- C:\Windows\System\sqVivGv.exe
  C:\Windows\System\sqVivGv.exe
  2⤵
  PID:5856
- C:\Windows\System\UqdQXoP.exe
  C:\Windows\System\UqdQXoP.exe
  2⤵
  PID:4192
- C:\Windows\System\hlPmMwK.exe
  C:\Windows\System\hlPmMwK.exe
  2⤵
  PID:6256
- C:\Windows\System\WABOZYD.exe
  C:\Windows\System\WABOZYD.exe
  2⤵
  PID:6336
- C:\Windows\System\LjdPyhm.exe
  C:\Windows\System\LjdPyhm.exe
  2⤵
  PID:6392
- C:\Windows\System\CzmRgdv.exe
  C:\Windows\System\CzmRgdv.exe
  2⤵
  PID:6452
- C:\Windows\System\QpWZFjx.exe
  C:\Windows\System\QpWZFjx.exe
  2⤵
  PID:6500
- C:\Windows\System\XcDBsDE.exe
  C:\Windows\System\XcDBsDE.exe
  2⤵
  PID:6556
- C:\Windows\System\HPMRTra.exe
  C:\Windows\System\HPMRTra.exe
  2⤵
  PID:6844
- C:\Windows\System\wbBygYY.exe
  C:\Windows\System\wbBygYY.exe
  2⤵
  PID:6896
- C:\Windows\System\iWiWbTU.exe
  C:\Windows\System\iWiWbTU.exe
  2⤵
  PID:2300
- C:\Windows\System\QBFZunT.exe
  C:\Windows\System\QBFZunT.exe
  2⤵
  PID:6976
- C:\Windows\System\xnCpogd.exe
  C:\Windows\System\xnCpogd.exe
  2⤵
  PID:7068
- C:\Windows\System\OrHEBGs.exe
  C:\Windows\System\OrHEBGs.exe
  2⤵
  PID:7116
- C:\Windows\System\IJKbnIz.exe
  C:\Windows\System\IJKbnIz.exe
  2⤵
  PID:968
- C:\Windows\System\YJAwdGj.exe
  C:\Windows\System\YJAwdGj.exe
  2⤵
  PID:5916
- C:\Windows\System\kvhZJyf.exe
  C:\Windows\System\kvhZJyf.exe
  2⤵
  PID:4260
- C:\Windows\System\PPDCPxI.exe
  C:\Windows\System\PPDCPxI.exe
  2⤵
  PID:1748
- C:\Windows\System\brIpcgD.exe
  C:\Windows\System\brIpcgD.exe
  2⤵
  PID:5488
- C:\Windows\System\RLNyWSd.exe
  C:\Windows\System\RLNyWSd.exe
  2⤵
  PID:6172
- C:\Windows\System\KHfSXTK.exe
  C:\Windows\System\KHfSXTK.exe
  2⤵
  PID:6220
- C:\Windows\System\cyQBlcF.exe
  C:\Windows\System\cyQBlcF.exe
  2⤵
  PID:6312
- C:\Windows\System\fUiwyao.exe
  C:\Windows\System\fUiwyao.exe
  2⤵
  PID:3128
- C:\Windows\System\kzwxfnx.exe
  C:\Windows\System\kzwxfnx.exe
  2⤵
  PID:940
- C:\Windows\System\OVjUaxL.exe
  C:\Windows\System\OVjUaxL.exe
  2⤵
  PID:6784
- C:\Windows\System\VJnLtGE.exe
  C:\Windows\System\VJnLtGE.exe
  2⤵
  PID:4940
- C:\Windows\System\lwEgtwN.exe
  C:\Windows\System\lwEgtwN.exe
  2⤵
  PID:1392
- C:\Windows\System\NgZEBrX.exe
  C:\Windows\System\NgZEBrX.exe
  2⤵
  PID:6836
- C:\Windows\System\cUYktHO.exe
  C:\Windows\System\cUYktHO.exe
  2⤵
  PID:4820
- C:\Windows\System\iMimxaq.exe
  C:\Windows\System\iMimxaq.exe
  2⤵
  PID:7124
- C:\Windows\System\gXpEUtB.exe
  C:\Windows\System\gXpEUtB.exe
  2⤵
  PID:6052
- C:\Windows\System\gsOSRpI.exe
  C:\Windows\System\gsOSRpI.exe
  2⤵
  PID:5404
- C:\Windows\System\oUcncak.exe
  C:\Windows\System\oUcncak.exe
  2⤵
  PID:4028
- C:\Windows\System\YjaxRUC.exe
  C:\Windows\System\YjaxRUC.exe
  2⤵
  PID:3136
- C:\Windows\System\eqiIhmo.exe
  C:\Windows\System\eqiIhmo.exe
  2⤵
  PID:6760
- C:\Windows\System\PmayzHo.exe
  C:\Windows\System\PmayzHo.exe
  2⤵
  PID:1992
- C:\Windows\System\qLgXiSc.exe
  C:\Windows\System\qLgXiSc.exe
  2⤵
  PID:7120
- C:\Windows\System\cOMODdM.exe
  C:\Windows\System\cOMODdM.exe
  2⤵
  PID:4808
- C:\Windows\System\HDizAGc.exe
  C:\Windows\System\HDizAGc.exe
  2⤵
  PID:4376
- C:\Windows\System\VUKEwjB.exe
  C:\Windows\System\VUKEwjB.exe
  2⤵
  PID:7204
- C:\Windows\System\UIRZUHt.exe
  C:\Windows\System\UIRZUHt.exe
  2⤵
  PID:7232
- C:\Windows\System\ALAEgCk.exe
  C:\Windows\System\ALAEgCk.exe
  2⤵
  PID:7292
- C:\Windows\System\zrehVUc.exe
  C:\Windows\System\zrehVUc.exe
  2⤵
  PID:7348
- C:\Windows\System\Fvpkfwq.exe
  C:\Windows\System\Fvpkfwq.exe
  2⤵
  PID:7372
- C:\Windows\System\jEKGLZB.exe
  C:\Windows\System\jEKGLZB.exe
  2⤵
  PID:7456
- C:\Windows\System\eXytaWl.exe
  C:\Windows\System\eXytaWl.exe
  2⤵
  PID:7480
- C:\Windows\System\raQUcoX.exe
  C:\Windows\System\raQUcoX.exe
  2⤵
  PID:7500
- C:\Windows\System\UqctTay.exe
  C:\Windows\System\UqctTay.exe
  2⤵
  PID:7516
- C:\Windows\System\HIxktQU.exe
  C:\Windows\System\HIxktQU.exe
  2⤵
  PID:7544
- C:\Windows\System\VhXujFc.exe
  C:\Windows\System\VhXujFc.exe
  2⤵
  PID:7580
- C:\Windows\System\lVXdvDU.exe
  C:\Windows\System\lVXdvDU.exe
  2⤵
  PID:7616
- C:\Windows\System\QtOBTNV.exe
  C:\Windows\System\QtOBTNV.exe
  2⤵
  PID:7640
- C:\Windows\System\WgDAZUL.exe
  C:\Windows\System\WgDAZUL.exe
  2⤵
  PID:7668
- C:\Windows\System\rQOiZCD.exe
  C:\Windows\System\rQOiZCD.exe
  2⤵
  PID:7704
- C:\Windows\System\czxfHjk.exe
  C:\Windows\System\czxfHjk.exe
  2⤵
  PID:7724
- C:\Windows\System\ORirSwu.exe
  C:\Windows\System\ORirSwu.exe
  2⤵
  PID:7764
- C:\Windows\System\IHeIzJV.exe
  C:\Windows\System\IHeIzJV.exe
  2⤵
  PID:7780
- C:\Windows\System\HcRKCFl.exe
  C:\Windows\System\HcRKCFl.exe
  2⤵
  PID:7808
- C:\Windows\System\ffwHsjc.exe
  C:\Windows\System\ffwHsjc.exe
  2⤵
  PID:7848
- C:\Windows\System\snzzMgg.exe
  C:\Windows\System\snzzMgg.exe
  2⤵
  PID:7864
- C:\Windows\System\NnPALlI.exe
  C:\Windows\System\NnPALlI.exe
  2⤵
  PID:7904
- C:\Windows\System\seCuIPw.exe
  C:\Windows\System\seCuIPw.exe
  2⤵
  PID:7928
- C:\Windows\System\EgpshGI.exe
  C:\Windows\System\EgpshGI.exe
  2⤵
  PID:7948
- C:\Windows\System\QpOFSAE.exe
  C:\Windows\System\QpOFSAE.exe
  2⤵
  PID:7976
- C:\Windows\System\vsGxImp.exe
  C:\Windows\System\vsGxImp.exe
  2⤵
  PID:8004
- C:\Windows\System\eAYLlvr.exe
  C:\Windows\System\eAYLlvr.exe
  2⤵
  PID:8044
- C:\Windows\System\oYJxJov.exe
  C:\Windows\System\oYJxJov.exe
  2⤵
  PID:8072
- C:\Windows\System\ixQVniE.exe
  C:\Windows\System\ixQVniE.exe
  2⤵
  PID:8096
- C:\Windows\System\geEwSAY.exe
  C:\Windows\System\geEwSAY.exe
  2⤵
  PID:8112
- C:\Windows\System\uKySDIA.exe
  C:\Windows\System\uKySDIA.exe
  2⤵
  PID:8132
- C:\Windows\System\uyMKfSh.exe
  C:\Windows\System\uyMKfSh.exe
  2⤵
  PID:8184
- C:\Windows\System\YxzShKE.exe
  C:\Windows\System\YxzShKE.exe
  2⤵
  PID:6928
- C:\Windows\System\XTWORIv.exe
  C:\Windows\System\XTWORIv.exe
  2⤵
  PID:3748
- C:\Windows\System\NzTwZhZ.exe
  C:\Windows\System\NzTwZhZ.exe
  2⤵
  PID:7212
- C:\Windows\System\ofxekcp.exe
  C:\Windows\System\ofxekcp.exe
  2⤵
  PID:7264
- C:\Windows\System\vMAjwGx.exe
  C:\Windows\System\vMAjwGx.exe
  2⤵
  PID:7304
- C:\Windows\System\kNhRyBJ.exe
  C:\Windows\System\kNhRyBJ.exe
  2⤵
  PID:7368
- C:\Windows\System\wqCrSLO.exe
  C:\Windows\System\wqCrSLO.exe
  2⤵
  PID:6956
- C:\Windows\System\RQHrIMV.exe
  C:\Windows\System\RQHrIMV.exe
  2⤵
  PID:7448
- C:\Windows\System\dQAKNGO.exe
  C:\Windows\System\dQAKNGO.exe
  2⤵
  PID:7496
- C:\Windows\System\HdidbFG.exe
  C:\Windows\System\HdidbFG.exe
  2⤵
  PID:7552
- C:\Windows\System\qQOeqCz.exe
  C:\Windows\System\qQOeqCz.exe
  2⤵
  PID:7632
- C:\Windows\System\CCIaxbE.exe
  C:\Windows\System\CCIaxbE.exe
  2⤵
  PID:7660
- C:\Windows\System\cmfYkUV.exe
  C:\Windows\System\cmfYkUV.exe
  2⤵
  PID:7712
- C:\Windows\System\MTKisUc.exe
  C:\Windows\System\MTKisUc.exe
  2⤵
  PID:7796
- C:\Windows\System\TtycDFs.exe
  C:\Windows\System\TtycDFs.exe
  2⤵
  PID:7856
- C:\Windows\System\XimxmFG.exe
  C:\Windows\System\XimxmFG.exe
  2⤵
  PID:7936
- C:\Windows\System\ylNVNFl.exe
  C:\Windows\System\ylNVNFl.exe
  2⤵
  PID:8024
- C:\Windows\System\EZWnOgy.exe
  C:\Windows\System\EZWnOgy.exe
  2⤵
  PID:8080
- C:\Windows\System\eHUkuPw.exe
  C:\Windows\System\eHUkuPw.exe
  2⤵
  PID:8120
- C:\Windows\System\OcBuFHE.exe
  C:\Windows\System\OcBuFHE.exe
  2⤵
  PID:2928
- C:\Windows\System\tZrLYPe.exe
  C:\Windows\System\tZrLYPe.exe
  2⤵
  PID:7288
- C:\Windows\System\YcnIInL.exe
  C:\Windows\System\YcnIInL.exe
  2⤵
  PID:7412
- C:\Windows\System\yxqVYMe.exe
  C:\Windows\System\yxqVYMe.exe
  2⤵
  PID:7472
- C:\Windows\System\bhXKbAY.exe
  C:\Windows\System\bhXKbAY.exe
  2⤵
  PID:7528
- C:\Windows\System\SuIFjNg.exe
  C:\Windows\System\SuIFjNg.exe
  2⤵
  PID:7748
- C:\Windows\System\mijihfV.exe
  C:\Windows\System\mijihfV.exe
  2⤵
  PID:7844
- C:\Windows\System\tlHgHsM.exe
  C:\Windows\System\tlHgHsM.exe
  2⤵
  PID:8064
- C:\Windows\System\aLcBpOb.exe
  C:\Windows\System\aLcBpOb.exe
  2⤵
  PID:8156
- C:\Windows\System\MswDHfh.exe
  C:\Windows\System\MswDHfh.exe
  2⤵
  PID:7192
- C:\Windows\System\JdnfyQY.exe
  C:\Windows\System\JdnfyQY.exe
  2⤵
  PID:7540
- C:\Windows\System\wmidreX.exe
  C:\Windows\System\wmidreX.exe
  2⤵
  PID:7912
- C:\Windows\System\AwZpxui.exe
  C:\Windows\System\AwZpxui.exe
  2⤵
  PID:7692
- C:\Windows\System\mCgeiTA.exe
  C:\Windows\System\mCgeiTA.exe
  2⤵
  PID:8108
- C:\Windows\System\RNXYgzW.exe
  C:\Windows\System\RNXYgzW.exe
  2⤵
  PID:8228
- C:\Windows\System\nFKsjtx.exe
  C:\Windows\System\nFKsjtx.exe
  2⤵
  PID:8252
- C:\Windows\System\RkDmTPA.exe
  C:\Windows\System\RkDmTPA.exe
  2⤵
  PID:8272
- C:\Windows\System\MeZOxAb.exe
  C:\Windows\System\MeZOxAb.exe
  2⤵
  PID:8300
- C:\Windows\System\ZTjHKTt.exe
  C:\Windows\System\ZTjHKTt.exe
  2⤵
  PID:8328
- C:\Windows\System\CkBviLo.exe
  C:\Windows\System\CkBviLo.exe
  2⤵
  PID:8352
- C:\Windows\System\yiMazvZ.exe
  C:\Windows\System\yiMazvZ.exe
  2⤵
  PID:8380
- C:\Windows\System\OHdOyKq.exe
  C:\Windows\System\OHdOyKq.exe
  2⤵
  PID:8424
- C:\Windows\System\hlooTbZ.exe
  C:\Windows\System\hlooTbZ.exe
  2⤵
  PID:8452
- C:\Windows\System\eOsaVfC.exe
  C:\Windows\System\eOsaVfC.exe
  2⤵
  PID:8480
- C:\Windows\System\qOkNjhi.exe
  C:\Windows\System\qOkNjhi.exe
  2⤵
  PID:8512
- C:\Windows\System\JWQxXJF.exe
  C:\Windows\System\JWQxXJF.exe
  2⤵
  PID:8564
- C:\Windows\System\aLlTUpW.exe
  C:\Windows\System\aLlTUpW.exe
  2⤵
  PID:8580
- C:\Windows\System\iQXCQpy.exe
  C:\Windows\System\iQXCQpy.exe
  2⤵
  PID:8616
- C:\Windows\System\AlCwfCd.exe
  C:\Windows\System\AlCwfCd.exe
  2⤵
  PID:8632
- C:\Windows\System\coUMtny.exe
  C:\Windows\System\coUMtny.exe
  2⤵
  PID:8672
- C:\Windows\System\GoEtcPA.exe
  C:\Windows\System\GoEtcPA.exe
  2⤵
  PID:8688
- C:\Windows\System\cPRKdQC.exe
  C:\Windows\System\cPRKdQC.exe
  2⤵
  PID:8716
- C:\Windows\System\TwXCNoi.exe
  C:\Windows\System\TwXCNoi.exe
  2⤵
  PID:8732
- C:\Windows\System\vwzduZZ.exe
  C:\Windows\System\vwzduZZ.exe
  2⤵
  PID:8760
- C:\Windows\System\RLsssjg.exe
  C:\Windows\System\RLsssjg.exe
  2⤵
  PID:8784
- C:\Windows\System\mZqRyhN.exe
  C:\Windows\System\mZqRyhN.exe
  2⤵
  PID:8820
- C:\Windows\System\HdaESTP.exe
  C:\Windows\System\HdaESTP.exe
  2⤵
  PID:8856
- C:\Windows\System\MZBOkca.exe
  C:\Windows\System\MZBOkca.exe
  2⤵
  PID:8892
- C:\Windows\System\sqjcxBZ.exe
  C:\Windows\System\sqjcxBZ.exe
  2⤵
  PID:8916
- C:\Windows\System\OGGWmwv.exe
  C:\Windows\System\OGGWmwv.exe
  2⤵
  PID:8940
- C:\Windows\System\GsnCUvT.exe
  C:\Windows\System\GsnCUvT.exe
  2⤵
  PID:8968
- C:\Windows\System\AFmMJZh.exe
  C:\Windows\System\AFmMJZh.exe
  2⤵
  PID:8996
- C:\Windows\System\trkgANt.exe
  C:\Windows\System\trkgANt.exe
  2⤵
  PID:9024
- C:\Windows\System\qbuxTre.exe
  C:\Windows\System\qbuxTre.exe
  2⤵
  PID:9052
- C:\Windows\System\OzJzIem.exe
  C:\Windows\System\OzJzIem.exe
  2⤵
  PID:9092
- C:\Windows\System\lDgZDjP.exe
  C:\Windows\System\lDgZDjP.exe
  2⤵
  PID:9120
- C:\Windows\System\cmTLXOC.exe
  C:\Windows\System\cmTLXOC.exe
  2⤵
  PID:9144
- C:\Windows\System\UCstKTO.exe
  C:\Windows\System\UCstKTO.exe
  2⤵
  PID:9164
- C:\Windows\System\mJodqJM.exe
  C:\Windows\System\mJodqJM.exe
  2⤵
  PID:9192
- C:\Windows\System\gGdFVmU.exe
  C:\Windows\System\gGdFVmU.exe
  2⤵
  PID:7988
- C:\Windows\System\rsovuoU.exe
  C:\Windows\System\rsovuoU.exe
  2⤵
  PID:8244
- C:\Windows\System\iRqIpAu.exe
  C:\Windows\System\iRqIpAu.exe
  2⤵
  PID:8320
- C:\Windows\System\smrbVlD.exe
  C:\Windows\System\smrbVlD.exe
  2⤵
  PID:8344
- C:\Windows\System\xwiODZz.exe
  C:\Windows\System\xwiODZz.exe
  2⤵
  PID:8436
- C:\Windows\System\sxCBdQi.exe
  C:\Windows\System\sxCBdQi.exe
  2⤵
  PID:8536
- C:\Windows\System\qVwaQcU.exe
  C:\Windows\System\qVwaQcU.exe
  2⤵
  PID:8600
- C:\Windows\System\xKmCQNb.exe
  C:\Windows\System\xKmCQNb.exe
  2⤵
  PID:8700
- C:\Windows\System\tQAziYC.exe
  C:\Windows\System\tQAziYC.exe
  2⤵
  PID:8712
- C:\Windows\System\kYpwWxN.exe
  C:\Windows\System\kYpwWxN.exe
  2⤵
  PID:8776
- C:\Windows\System\OZwlvtd.exe
  C:\Windows\System\OZwlvtd.exe
  2⤵
  PID:8844
- C:\Windows\System\trYJCgR.exe
  C:\Windows\System\trYJCgR.exe
  2⤵
  PID:8888
- C:\Windows\System\Ykdgpag.exe
  C:\Windows\System\Ykdgpag.exe
  2⤵
  PID:8964
- C:\Windows\System\uQTfSxZ.exe
  C:\Windows\System\uQTfSxZ.exe
  2⤵
  PID:9008
- C:\Windows\System\NAkCzcd.exe
  C:\Windows\System\NAkCzcd.exe
  2⤵
  PID:9068
- C:\Windows\System\XVCWnKe.exe
  C:\Windows\System\XVCWnKe.exe
  2⤵
  PID:9212
- C:\Windows\System\OCfSTJh.exe
  C:\Windows\System\OCfSTJh.exe
  2⤵
  PID:8212
- C:\Windows\System\YlbVCHO.exe
  C:\Windows\System\YlbVCHO.exe
  2⤵
  PID:8268
- C:\Windows\System\mWXnlic.exe
  C:\Windows\System\mWXnlic.exe
  2⤵
  PID:7444
- C:\Windows\System\UnQoeDj.exe
  C:\Windows\System\UnQoeDj.exe
  2⤵
  PID:8656
- C:\Windows\System\IEPSrhj.exe
  C:\Windows\System\IEPSrhj.exe
  2⤵
  PID:8812
- C:\Windows\System\JoJlZWb.exe
  C:\Windows\System\JoJlZWb.exe
  2⤵
  PID:8904
- C:\Windows\System\wyaTICz.exe
  C:\Windows\System\wyaTICz.exe
  2⤵
  PID:9088
- C:\Windows\System\PlGdHls.exe
  C:\Windows\System\PlGdHls.exe
  2⤵
  PID:8312
- C:\Windows\System\iatwCNL.exe
  C:\Windows\System\iatwCNL.exe
  2⤵
  PID:8576
- C:\Windows\System\IIHWyFu.exe
  C:\Windows\System\IIHWyFu.exe
  2⤵
  PID:9128
- C:\Windows\System\MkdBUiV.exe
  C:\Windows\System\MkdBUiV.exe
  2⤵
  PID:8728
- C:\Windows\System\vrjeuLR.exe
  C:\Windows\System\vrjeuLR.exe
  2⤵
  PID:9228
- C:\Windows\System\XcPatyh.exe
  C:\Windows\System\XcPatyh.exe
  2⤵
  PID:9264
- C:\Windows\System\vGzwTMh.exe
  C:\Windows\System\vGzwTMh.exe
  2⤵
  PID:9292
- C:\Windows\System\PWCMGZr.exe
  C:\Windows\System\PWCMGZr.exe
  2⤵
  PID:9320
- C:\Windows\System\HvEWmCz.exe
  C:\Windows\System\HvEWmCz.exe
  2⤵
  PID:9348
- C:\Windows\System\rrbPqss.exe
  C:\Windows\System\rrbPqss.exe
  2⤵
  PID:9372
- C:\Windows\System\UvItnsz.exe
  C:\Windows\System\UvItnsz.exe
  2⤵
  PID:9392
- C:\Windows\System\tidfXLS.exe
  C:\Windows\System\tidfXLS.exe
  2⤵
  PID:9420
- C:\Windows\System\GGbcVLz.exe
  C:\Windows\System\GGbcVLz.exe
  2⤵
  PID:9448
- C:\Windows\System\IWHJWwd.exe
  C:\Windows\System\IWHJWwd.exe
  2⤵
  PID:9472
- C:\Windows\System\phRAYXj.exe
  C:\Windows\System\phRAYXj.exe
  2⤵
  PID:9516
- C:\Windows\System\NmeWDZh.exe
  C:\Windows\System\NmeWDZh.exe
  2⤵
  PID:9548
- C:\Windows\System\eReYdKz.exe
  C:\Windows\System\eReYdKz.exe
  2⤵
  PID:9572
- C:\Windows\System\CJfymjW.exe
  C:\Windows\System\CJfymjW.exe
  2⤵
  PID:9608
- C:\Windows\System\AyJBxUM.exe
  C:\Windows\System\AyJBxUM.exe
  2⤵
  PID:9632
- C:\Windows\System\EYLwJSL.exe
  C:\Windows\System\EYLwJSL.exe
  2⤵
  PID:9648
- C:\Windows\System\tNWczqS.exe
  C:\Windows\System\tNWczqS.exe
  2⤵
  PID:9700
- C:\Windows\System\ZjbQWWI.exe
  C:\Windows\System\ZjbQWWI.exe
  2⤵
  PID:9716
- C:\Windows\System\uUAriOw.exe
  C:\Windows\System\uUAriOw.exe
  2⤵
  PID:9744
- C:\Windows\System\cmAGAgv.exe
  C:\Windows\System\cmAGAgv.exe
  2⤵
  PID:9760
- C:\Windows\System\ceOXLsz.exe
  C:\Windows\System\ceOXLsz.exe
  2⤵
  PID:9792
- C:\Windows\System\TAxIRTO.exe
  C:\Windows\System\TAxIRTO.exe
  2⤵
  PID:9820
- C:\Windows\System\UBWbKgu.exe
  C:\Windows\System\UBWbKgu.exe
  2⤵
  PID:9848
- C:\Windows\System\vloRiuE.exe
  C:\Windows\System\vloRiuE.exe
  2⤵
  PID:9884
- C:\Windows\System\hQVJnBT.exe
  C:\Windows\System\hQVJnBT.exe
  2⤵
  PID:9900
- C:\Windows\System\oLPSDQr.exe
  C:\Windows\System\oLPSDQr.exe
  2⤵
  PID:9916
- C:\Windows\System\KDNPVQs.exe
  C:\Windows\System\KDNPVQs.exe
  2⤵
  PID:9940
- C:\Windows\System\zLvuLKs.exe
  C:\Windows\System\zLvuLKs.exe
  2⤵
  PID:9972
- C:\Windows\System\wwalwOG.exe
  C:\Windows\System\wwalwOG.exe
  2⤵
  PID:9996
- C:\Windows\System\HkOfrtX.exe
  C:\Windows\System\HkOfrtX.exe
  2⤵
  PID:10024
- C:\Windows\System\yAdOIeJ.exe
  C:\Windows\System\yAdOIeJ.exe
  2⤵
  PID:10056
- C:\Windows\System\WxzLuAI.exe
  C:\Windows\System\WxzLuAI.exe
  2⤵
  PID:10104
- C:\Windows\System\DGwhYDH.exe
  C:\Windows\System\DGwhYDH.exe
  2⤵
  PID:10148
- C:\Windows\System\xWFyjLc.exe
  C:\Windows\System\xWFyjLc.exe
  2⤵
  PID:10172
- C:\Windows\System\XYetEyU.exe
  C:\Windows\System\XYetEyU.exe
  2⤵
  PID:10200
- C:\Windows\System\hMsbrZF.exe
  C:\Windows\System\hMsbrZF.exe
  2⤵
  PID:8852
- C:\Windows\System\MFjhqRO.exe
  C:\Windows\System\MFjhqRO.exe
  2⤵
  PID:9252
- C:\Windows\System\uTEubnb.exe
  C:\Windows\System\uTEubnb.exe
  2⤵
  PID:9332
- C:\Windows\System\pFIvkjl.exe
  C:\Windows\System\pFIvkjl.exe
  2⤵
  PID:9340
- C:\Windows\System\LCyYdkt.exe
  C:\Windows\System\LCyYdkt.exe
  2⤵
  PID:9408
- C:\Windows\System\dvdUxbJ.exe
  C:\Windows\System\dvdUxbJ.exe
  2⤵
  PID:9500
- C:\Windows\System\decQDDj.exe
  C:\Windows\System\decQDDj.exe
  2⤵
  PID:9560
- C:\Windows\System\rZRZmtG.exe
  C:\Windows\System\rZRZmtG.exe
  2⤵
  PID:9644
- C:\Windows\System\nYAaSDZ.exe
  C:\Windows\System\nYAaSDZ.exe
  2⤵
  PID:9696
- C:\Windows\System\nPUrdSW.exe
  C:\Windows\System\nPUrdSW.exe
  2⤵
  PID:9784
- C:\Windows\System\sRbOwkP.exe
  C:\Windows\System\sRbOwkP.exe
  2⤵
  PID:9776
- C:\Windows\System\lGRpCgs.exe
  C:\Windows\System\lGRpCgs.exe
  2⤵
  PID:9856
- C:\Windows\System\IWkIlRN.exe
  C:\Windows\System\IWkIlRN.exe
  2⤵
  PID:9988
- C:\Windows\System\pTpOWZE.exe
  C:\Windows\System\pTpOWZE.exe
  2⤵
  PID:2948
- C:\Windows\System\ZVbEGbS.exe
  C:\Windows\System\ZVbEGbS.exe
  2⤵
  PID:10096
- C:\Windows\System\jNjiNjx.exe
  C:\Windows\System\jNjiNjx.exe
  2⤵
  PID:10160
- C:\Windows\System\VcKEgcm.exe
  C:\Windows\System\VcKEgcm.exe
  2⤵
  PID:10184
- C:\Windows\System\zkowCDT.exe
  C:\Windows\System\zkowCDT.exe
  2⤵
  PID:9284
- C:\Windows\System\hanNZbA.exe
  C:\Windows\System\hanNZbA.exe
  2⤵
  PID:9384
- C:\Windows\System\LrjtBNY.exe
  C:\Windows\System\LrjtBNY.exe
  2⤵
  PID:9528
- C:\Windows\System\JpgLoyN.exe
  C:\Windows\System\JpgLoyN.exe
  2⤵
  PID:9732
- C:\Windows\System\yAjSYYr.exe
  C:\Windows\System\yAjSYYr.exe
  2⤵
  PID:9812
- C:\Windows\System\CsOEFQt.exe
  C:\Windows\System\CsOEFQt.exe
  2⤵
  PID:9936
- C:\Windows\System\OIVFZit.exe
  C:\Windows\System\OIVFZit.exe
  2⤵
  PID:10140
- C:\Windows\System\oPAWYsS.exe
  C:\Windows\System\oPAWYsS.exe
  2⤵
  PID:9536
- C:\Windows\System\PJNnKaA.exe
  C:\Windows\System\PJNnKaA.exe
  2⤵
  PID:9872
- C:\Windows\System\qjFxiUu.exe
  C:\Windows\System\qjFxiUu.exe
  2⤵
  PID:10032
- C:\Windows\System\asMnNRf.exe
  C:\Windows\System\asMnNRf.exe
  2⤵
  PID:10192
- C:\Windows\System\vGwXzhm.exe
  C:\Windows\System\vGwXzhm.exe
  2⤵
  PID:9708
- C:\Windows\System\niEofkF.exe
  C:\Windows\System\niEofkF.exe
  2⤵
  PID:10248
- C:\Windows\System\nwbYiwK.exe
  C:\Windows\System\nwbYiwK.exe
  2⤵
  PID:10272
- C:\Windows\System\DRGnaek.exe
  C:\Windows\System\DRGnaek.exe
  2⤵
  PID:10288
- C:\Windows\System\sWlAIDG.exe
  C:\Windows\System\sWlAIDG.exe
  2⤵
  PID:10320
- C:\Windows\System\sTSTGvU.exe
  C:\Windows\System\sTSTGvU.exe
  2⤵
  PID:10376
- C:\Windows\System\dwMtnGO.exe
  C:\Windows\System\dwMtnGO.exe
  2⤵
  PID:10412
- C:\Windows\System\icnfVpb.exe
  C:\Windows\System\icnfVpb.exe
  2⤵
  PID:10460
- C:\Windows\System\oJmyeqr.exe
  C:\Windows\System\oJmyeqr.exe
  2⤵
  PID:10488
- C:\Windows\System\vwFegjW.exe
  C:\Windows\System\vwFegjW.exe
  2⤵
  PID:10504
- C:\Windows\System\SmNjxua.exe
  C:\Windows\System\SmNjxua.exe
  2⤵
  PID:10544
- C:\Windows\System\CxJJlsh.exe
  C:\Windows\System\CxJJlsh.exe
  2⤵
  PID:10560
- C:\Windows\System\ZlUCtFE.exe
  C:\Windows\System\ZlUCtFE.exe
  2⤵
  PID:10576
- C:\Windows\System\epAoVHT.exe
  C:\Windows\System\epAoVHT.exe
  2⤵
  PID:10604
- C:\Windows\System\tcCrKew.exe
  C:\Windows\System\tcCrKew.exe
  2⤵
  PID:10632
- C:\Windows\System\TTFAkPt.exe
  C:\Windows\System\TTFAkPt.exe
  2⤵
  PID:10660
- C:\Windows\System\DGZgQXO.exe
  C:\Windows\System\DGZgQXO.exe
  2⤵
  PID:10692
- C:\Windows\System\bJkJCzU.exe
  C:\Windows\System\bJkJCzU.exe
  2⤵
  PID:10720
- C:\Windows\System\SMrFQcl.exe
  C:\Windows\System\SMrFQcl.exe
  2⤵
  PID:10744
- C:\Windows\System\XwEcXjI.exe
  C:\Windows\System\XwEcXjI.exe
  2⤵
  PID:10780
- C:\Windows\System\EwiCyWE.exe
  C:\Windows\System\EwiCyWE.exe
  2⤵
  PID:10816
- C:\Windows\System\IBTGkXT.exe
  C:\Windows\System\IBTGkXT.exe
  2⤵
  PID:10852
- C:\Windows\System\lPhvbRI.exe
  C:\Windows\System\lPhvbRI.exe
  2⤵
  PID:10872
- C:\Windows\System\HjQbWgP.exe
  C:\Windows\System\HjQbWgP.exe
  2⤵
  PID:10912
- C:\Windows\System\cftQIia.exe
  C:\Windows\System\cftQIia.exe
  2⤵
  PID:10940
- C:\Windows\System\suQZDcT.exe
  C:\Windows\System\suQZDcT.exe
  2⤵
  PID:10956
- C:\Windows\System\ntXovim.exe
  C:\Windows\System\ntXovim.exe
  2⤵
  PID:10984
- C:\Windows\System\ObHiZsN.exe
  C:\Windows\System\ObHiZsN.exe
  2⤵
  PID:11012
- C:\Windows\System\SeWhgRZ.exe
  C:\Windows\System\SeWhgRZ.exe
  2⤵
  PID:11036
- C:\Windows\System\ezxeGfj.exe
  C:\Windows\System\ezxeGfj.exe
  2⤵
  PID:11080
- C:\Windows\System\DnSuUKq.exe
  C:\Windows\System\DnSuUKq.exe
  2⤵
  PID:11108
- C:\Windows\System\eDKStWI.exe
  C:\Windows\System\eDKStWI.exe
  2⤵
  PID:11132
- C:\Windows\System\JYRmtxw.exe
  C:\Windows\System\JYRmtxw.exe
  2⤵
  PID:11160
- C:\Windows\System\aRmDFWt.exe
  C:\Windows\System\aRmDFWt.exe
  2⤵
  PID:11180
- C:\Windows\System\BuvFNDs.exe
  C:\Windows\System\BuvFNDs.exe
  2⤵
  PID:11208
- C:\Windows\System\odYuFTM.exe
  C:\Windows\System\odYuFTM.exe
  2⤵
  PID:11236
- C:\Windows\System\DaeCDpz.exe
  C:\Windows\System\DaeCDpz.exe
  2⤵
  PID:9588
- C:\Windows\System\ZFEErkC.exe
  C:\Windows\System\ZFEErkC.exe
  2⤵
  PID:10304
- C:\Windows\System\OfnoTNP.exe
  C:\Windows\System\OfnoTNP.exe
  2⤵
  PID:10312
- C:\Windows\System\njMxzFp.exe
  C:\Windows\System\njMxzFp.exe
  2⤵
  PID:10360
- C:\Windows\System\kIrZbzf.exe
  C:\Windows\System\kIrZbzf.exe
  2⤵
  PID:10456
- C:\Windows\System\QLKwdbx.exe
  C:\Windows\System\QLKwdbx.exe
  2⤵
  PID:10536
- C:\Windows\System\cEeFIka.exe
  C:\Windows\System\cEeFIka.exe
  2⤵
  PID:10572
- C:\Windows\System\HEamOCq.exe
  C:\Windows\System\HEamOCq.exe
  2⤵
  PID:10648
- C:\Windows\System\vjeyjnO.exe
  C:\Windows\System\vjeyjnO.exe
  2⤵
  PID:10760
- C:\Windows\System\ASmzsmL.exe
  C:\Windows\System\ASmzsmL.exe
  2⤵
  PID:10796
- C:\Windows\System\gSZmNCx.exe
  C:\Windows\System\gSZmNCx.exe
  2⤵
  PID:10860
- C:\Windows\System\lRxbMiz.exe
  C:\Windows\System\lRxbMiz.exe
  2⤵
  PID:10884
- C:\Windows\System\HYXlwjk.exe
  C:\Windows\System\HYXlwjk.exe
  2⤵
  PID:10968
- C:\Windows\System\vTQGlHQ.exe
  C:\Windows\System\vTQGlHQ.exe
  2⤵
  PID:11020
- C:\Windows\System\CqJXdKK.exe
  C:\Windows\System\CqJXdKK.exe
  2⤵
  PID:11096
- C:\Windows\System\NayCwyR.exe
  C:\Windows\System\NayCwyR.exe
  2⤵
  PID:11168
- C:\Windows\System\fMryIow.exe
  C:\Windows\System\fMryIow.exe
  2⤵
  PID:11220
- C:\Windows\System\nAWIXUa.exe
  C:\Windows\System\nAWIXUa.exe
  2⤵
  PID:10256
- C:\Windows\System\uVkzauh.exe
  C:\Windows\System\uVkzauh.exe
  2⤵
  PID:3684
- C:\Windows\System\WevORHR.exe
  C:\Windows\System\WevORHR.exe
  2⤵
  PID:10524
- C:\Windows\System\MGTRcyA.exe
  C:\Windows\System\MGTRcyA.exe
  2⤵
  PID:10568
- C:\Windows\System\akwpWJn.exe
  C:\Windows\System\akwpWJn.exe
  2⤵
  PID:10688
- C:\Windows\System\jJKFJqK.exe
  C:\Windows\System\jJKFJqK.exe
  2⤵
  PID:10924
- C:\Windows\System\hMgUEDs.exe
  C:\Windows\System\hMgUEDs.exe
  2⤵
  PID:11000
- C:\Windows\System\ROMCxgO.exe
  C:\Windows\System\ROMCxgO.exe
  2⤵
  PID:11064
- C:\Windows\System\OddkTfP.exe
  C:\Windows\System\OddkTfP.exe
  2⤵
  PID:11232
- C:\Windows\System\XrgixDp.exe
  C:\Windows\System\XrgixDp.exe
  2⤵
  PID:10400
- C:\Windows\System\AqCalQv.exe
  C:\Windows\System\AqCalQv.exe
  2⤵
  PID:364
- C:\Windows\System\mpEIQby.exe
  C:\Windows\System\mpEIQby.exe
  2⤵
  PID:10812
- C:\Windows\System\pcHKrIt.exe
  C:\Windows\System\pcHKrIt.exe
  2⤵
  PID:11288
- C:\Windows\System\ftvYodt.exe
  C:\Windows\System\ftvYodt.exe
  2⤵
  PID:11324
- C:\Windows\System\xwHDRhA.exe
  C:\Windows\System\xwHDRhA.exe
  2⤵
  PID:11352
- C:\Windows\System\LlacqVR.exe
  C:\Windows\System\LlacqVR.exe
  2⤵
  PID:11380
- C:\Windows\System\RAkbdMQ.exe
  C:\Windows\System\RAkbdMQ.exe
  2⤵
  PID:11408
- C:\Windows\System\vzYnAIQ.exe
  C:\Windows\System\vzYnAIQ.exe
  2⤵
  PID:11424
- C:\Windows\System\QGNGFoH.exe
  C:\Windows\System\QGNGFoH.exe
  2⤵
  PID:11452
- C:\Windows\System\vmzaPtO.exe
  C:\Windows\System\vmzaPtO.exe
  2⤵
  PID:11480
- C:\Windows\System\CGFdJBO.exe
  C:\Windows\System\CGFdJBO.exe
  2⤵
  PID:11520
- C:\Windows\System\jMEqkvr.exe
  C:\Windows\System\jMEqkvr.exe
  2⤵
  PID:11548
- C:\Windows\System\FzHJBCw.exe
  C:\Windows\System\FzHJBCw.exe
  2⤵
  PID:11564
- C:\Windows\System\jrYTyyg.exe
  C:\Windows\System\jrYTyyg.exe
  2⤵
  PID:11604
- C:\Windows\System\CGjDqjV.exe
  C:\Windows\System\CGjDqjV.exe
  2⤵
  PID:11632
- C:\Windows\System\uqjhACK.exe
  C:\Windows\System\uqjhACK.exe
  2⤵
  PID:11648
- C:\Windows\System\NopWZlg.exe
  C:\Windows\System\NopWZlg.exe
  2⤵
  PID:11676
- C:\Windows\System\YZHiUMc.exe
  C:\Windows\System\YZHiUMc.exe
  2⤵
  PID:11708
- C:\Windows\System\rUJauZa.exe
  C:\Windows\System\rUJauZa.exe
  2⤵
  PID:11728
- C:\Windows\System\fujhsNB.exe
  C:\Windows\System\fujhsNB.exe
  2⤵
  PID:11760
- C:\Windows\System\SSKiswl.exe
  C:\Windows\System\SSKiswl.exe
  2⤵
  PID:11780
- C:\Windows\System\jUWSYtL.exe
  C:\Windows\System\jUWSYtL.exe
  2⤵
  PID:11800
- C:\Windows\System\IVLLpqy.exe
  C:\Windows\System\IVLLpqy.exe
  2⤵
  PID:11856
- C:\Windows\System\ASESwdr.exe
  C:\Windows\System\ASESwdr.exe
  2⤵
  PID:11884
- C:\Windows\System\qevarDr.exe
  C:\Windows\System\qevarDr.exe
  2⤵
  PID:11912
- C:\Windows\System\ZWQOLhL.exe
  C:\Windows\System\ZWQOLhL.exe
  2⤵
  PID:11928
- C:\Windows\System\wgRuzYk.exe
  C:\Windows\System\wgRuzYk.exe
  2⤵
  PID:11984
- C:\Windows\System\OwXgukM.exe
  C:\Windows\System\OwXgukM.exe
  2⤵
  PID:12004
- C:\Windows\System\XibWsOO.exe
  C:\Windows\System\XibWsOO.exe
  2⤵
  PID:12024
- C:\Windows\System\mpnMIZH.exe
  C:\Windows\System\mpnMIZH.exe
  2⤵
  PID:12052
- C:\Windows\System\MWRlyUb.exe
  C:\Windows\System\MWRlyUb.exe
  2⤵
  PID:12068
- C:\Windows\System\GYrhMcC.exe
  C:\Windows\System\GYrhMcC.exe
  2⤵
  PID:12088
- C:\Windows\System\GLgMckA.exe
  C:\Windows\System\GLgMckA.exe
  2⤵
  PID:12148
- C:\Windows\System\kAvUrln.exe
  C:\Windows\System\kAvUrln.exe
  2⤵
  PID:12176
- C:\Windows\System\rWvlJKY.exe
  C:\Windows\System\rWvlJKY.exe
  2⤵
  PID:12212
- C:\Windows\System\RYGOEOy.exe
  C:\Windows\System\RYGOEOy.exe
  2⤵
  PID:12264
- C:\Windows\System\mlxwOBw.exe
  C:\Windows\System\mlxwOBw.exe
  2⤵
  PID:11192
- C:\Windows\System\byWsLeT.exe
  C:\Windows\System\byWsLeT.exe
  2⤵
  PID:11284
- C:\Windows\System\hzEBeSl.exe
  C:\Windows\System\hzEBeSl.exe
  2⤵
  PID:11348
- C:\Windows\System\sSveoMA.exe
  C:\Windows\System\sSveoMA.exe
  2⤵
  PID:11392
- C:\Windows\System\VCFtgWs.exe
  C:\Windows\System\VCFtgWs.exe
  2⤵
  PID:11440
- C:\Windows\System\Bbpdvln.exe
  C:\Windows\System\Bbpdvln.exe
  2⤵
  PID:11532
- C:\Windows\System\sGaxRXR.exe
  C:\Windows\System\sGaxRXR.exe
  2⤵
  PID:11580
- C:\Windows\System\PASDLNc.exe
  C:\Windows\System\PASDLNc.exe
  2⤵
  PID:11644
- C:\Windows\System\pmpGvtM.exe
  C:\Windows\System\pmpGvtM.exe
  2⤵
  PID:11720
- C:\Windows\System\MdEbstF.exe
  C:\Windows\System\MdEbstF.exe
  2⤵
  PID:11788
- C:\Windows\System\aJOpkhi.exe
  C:\Windows\System\aJOpkhi.exe
  2⤵
  PID:11876
- C:\Windows\System\ZVdpRIg.exe
  C:\Windows\System\ZVdpRIg.exe
  2⤵
  PID:11904
- C:\Windows\System\JdOcbgP.exe
  C:\Windows\System\JdOcbgP.exe
  2⤵
  PID:11980
- C:\Windows\System\MskglRC.exe
  C:\Windows\System\MskglRC.exe
  2⤵
  PID:12044
- C:\Windows\System\KpvDEaR.exe
  C:\Windows\System\KpvDEaR.exe
  2⤵
  PID:12132
- C:\Windows\System\TVTLigx.exe
  C:\Windows\System\TVTLigx.exe
  2⤵
  PID:12168
- C:\Windows\System\NTDNeKK.exe
  C:\Windows\System\NTDNeKK.exe
  2⤵
  PID:12224
- C:\Windows\System\yeyZvhn.exe
  C:\Windows\System\yeyZvhn.exe
  2⤵
  PID:10868
- C:\Windows\System\HQlDyIb.exe
  C:\Windows\System\HQlDyIb.exe
  2⤵
  PID:11320
- C:\Windows\System\MjJuAvq.exe
  C:\Windows\System\MjJuAvq.exe
  2⤵
  PID:11420
- C:\Windows\System\QasOwsk.exe
  C:\Windows\System\QasOwsk.exe
  2⤵
  PID:11620
- C:\Windows\System\iDlRyZC.exe
  C:\Windows\System\iDlRyZC.exe
  2⤵
  PID:11836
- C:\Windows\System\jftIQIc.exe
  C:\Windows\System\jftIQIc.exe
  2⤵
  PID:11920
- C:\Windows\System\kXeFiLp.exe
  C:\Windows\System\kXeFiLp.exe
  2⤵
  PID:12120
- C:\Windows\System\pDdbkpj.exe
  C:\Windows\System\pDdbkpj.exe
  2⤵
  PID:12280
- C:\Windows\System\RsHtZAi.exe
  C:\Windows\System\RsHtZAi.exe
  2⤵
  PID:11416
- C:\Windows\System\OfZCyPA.exe
  C:\Windows\System\OfZCyPA.exe
  2⤵
  PID:4420
- C:\Windows\System\OaFPnYx.exe
  C:\Windows\System\OaFPnYx.exe
  2⤵
  PID:11880
- C:\Windows\System\qYAAPPF.exe
  C:\Windows\System\qYAAPPF.exe
  2⤵
  PID:4292
- C:\Windows\System\tKdrGxs.exe
  C:\Windows\System\tKdrGxs.exe
  2⤵
  PID:11668
- C:\Windows\System\cuJUHci.exe
  C:\Windows\System\cuJUHci.exe
  2⤵
  PID:12304
- C:\Windows\System\HDsGMtS.exe
  C:\Windows\System\HDsGMtS.exe
  2⤵
  PID:12332
- C:\Windows\System\YGLSvto.exe
  C:\Windows\System\YGLSvto.exe
  2⤵
  PID:12356
- C:\Windows\System\gHmkIRN.exe
  C:\Windows\System\gHmkIRN.exe
  2⤵
  PID:12388
- C:\Windows\System\ZGANFPO.exe
  C:\Windows\System\ZGANFPO.exe
  2⤵
  PID:12428
- C:\Windows\System\YqGlcQv.exe
  C:\Windows\System\YqGlcQv.exe
  2⤵
  PID:12444
- C:\Windows\System\JFhXvPo.exe
  C:\Windows\System\JFhXvPo.exe
  2⤵
  PID:12484
- C:\Windows\System\pDZRNjo.exe
  C:\Windows\System\pDZRNjo.exe
  2⤵
  PID:12508
- C:\Windows\System\DPccjEm.exe
  C:\Windows\System\DPccjEm.exe
  2⤵
  PID:12528
- C:\Windows\System\UiwUqjl.exe
  C:\Windows\System\UiwUqjl.exe
  2⤵
  PID:12556
- C:\Windows\System\OtYlheo.exe
  C:\Windows\System\OtYlheo.exe
  2⤵
  PID:12572
- C:\Windows\System\ncujHIJ.exe
  C:\Windows\System\ncujHIJ.exe
  2⤵
  PID:12600
- C:\Windows\System\NUGwNeK.exe
  C:\Windows\System\NUGwNeK.exe
  2⤵
  PID:12624
- C:\Windows\System\hLrGvPd.exe
  C:\Windows\System\hLrGvPd.exe
  2⤵
  PID:12664
- C:\Windows\System\SnaWTLW.exe
  C:\Windows\System\SnaWTLW.exe
  2⤵
  PID:12684
- C:\Windows\System\eFuqJPR.exe
  C:\Windows\System\eFuqJPR.exe
  2⤵
  PID:12728
- C:\Windows\System\xWNvslZ.exe
  C:\Windows\System\xWNvslZ.exe
  2⤵
  PID:12748
- C:\Windows\System\Uioyyln.exe
  C:\Windows\System\Uioyyln.exe
  2⤵
  PID:12772
- C:\Windows\System\fkmoATG.exe
  C:\Windows\System\fkmoATG.exe
  2⤵
  PID:12796
- C:\Windows\System\HcYmGxl.exe
  C:\Windows\System\HcYmGxl.exe
  2⤵
  PID:12812
- C:\Windows\System\LmdTNrb.exe
  C:\Windows\System\LmdTNrb.exe
  2⤵
  PID:12872
- C:\Windows\System\RHiRxGC.exe
  C:\Windows\System\RHiRxGC.exe
  2⤵
  PID:12900
- C:\Windows\System\EvvHOxi.exe
  C:\Windows\System\EvvHOxi.exe
  2⤵
  PID:12940
- C:\Windows\System\NVvBnUq.exe
  C:\Windows\System\NVvBnUq.exe
  2⤵
  PID:12964
- C:\Windows\System\zAAWCON.exe
  C:\Windows\System\zAAWCON.exe
  2⤵
  PID:13004
- C:\Windows\System\FBoCSwo.exe
  C:\Windows\System\FBoCSwo.exe
  2⤵
  PID:13032
- C:\Windows\System\mBKZPUM.exe
  C:\Windows\System\mBKZPUM.exe
  2⤵
  PID:13048
- C:\Windows\System\YLckImS.exe
  C:\Windows\System\YLckImS.exe
  2⤵
  PID:13088
- C:\Windows\System\lKqnbDy.exe
  C:\Windows\System\lKqnbDy.exe
  2⤵
  PID:13104
- C:\Windows\System\utMwlIa.exe
  C:\Windows\System\utMwlIa.exe
  2⤵
  PID:13132
- C:\Windows\System\FQmBhiw.exe
  C:\Windows\System\FQmBhiw.exe
  2⤵
  PID:13160
- C:\Windows\System\GZiUeIk.exe
  C:\Windows\System\GZiUeIk.exe
  2⤵
  PID:13180
- C:\Windows\System\lLWLQij.exe
  C:\Windows\System\lLWLQij.exe
  2⤵
  PID:13212
- C:\Windows\System\wSxhtwb.exe
  C:\Windows\System\wSxhtwb.exe
  2⤵
  PID:13264
- C:\Windows\System\qtUmGAs.exe
  C:\Windows\System\qtUmGAs.exe
  2⤵
  PID:13300
- C:\Windows\System\haKuycr.exe
  C:\Windows\System\haKuycr.exe
  2⤵
  PID:11560
- C:\Windows\System\mRmcHTL.exe
  C:\Windows\System\mRmcHTL.exe
  2⤵
  PID:12348
- C:\Windows\System\fETAoIa.exe
  C:\Windows\System\fETAoIa.exe
  2⤵
  PID:12440
- C:\Windows\System\epTvuit.exe
  C:\Windows\System\epTvuit.exe
  2⤵
  PID:12516
- C:\Windows\System\hrzLoSW.exe
  C:\Windows\System\hrzLoSW.exe
  2⤵
  PID:12564
- C:\Windows\System\FkESglN.exe
  C:\Windows\System\FkESglN.exe
  2⤵
  PID:12652
- C:\Windows\System\dtSkvUU.exe
  C:\Windows\System\dtSkvUU.exe
  2⤵
  PID:12740
- C:\Windows\System\czwbqdh.exe
  C:\Windows\System\czwbqdh.exe
  2⤵
  PID:12784
- C:\Windows\System\qJkHRHQ.exe
  C:\Windows\System\qJkHRHQ.exe
  2⤵
  PID:12912
- C:\Windows\System\LKBJZIt.exe
  C:\Windows\System\LKBJZIt.exe
  2⤵
  PID:12992
- C:\Windows\System\VvsclAH.exe
  C:\Windows\System\VvsclAH.exe
  2⤵
  PID:13072
- C:\Windows\System\kezfQJO.exe
  C:\Windows\System\kezfQJO.exe
  2⤵
  PID:2336
- C:\Windows\System\GMRhEye.exe
  C:\Windows\System\GMRhEye.exe
  2⤵
  PID:13168
- C:\Windows\System\GuXkWCq.exe
  C:\Windows\System\GuXkWCq.exe
  2⤵
  PID:13188
- C:\Windows\System\LBreQCb.exe
  C:\Windows\System\LBreQCb.exe
  2⤵
  PID:13232
- C:\Windows\System\SCPJkzU.exe
  C:\Windows\System\SCPJkzU.exe
  2⤵
  PID:13292
- C:\Windows\System\PbcLHfi.exe
  C:\Windows\System\PbcLHfi.exe
  2⤵
  PID:12408
- C:\Windows\System\eaRLqjQ.exe
  C:\Windows\System\eaRLqjQ.exe
  2⤵
  PID:12568
- C:\Windows\System\oAUCVMv.exe
  C:\Windows\System\oAUCVMv.exe
  2⤵
  PID:12928
- C:\Windows\System\OvCUIIa.exe
  C:\Windows\System\OvCUIIa.exe
  2⤵
  PID:13176
- C:\Windows\System\wxlciTj.exe
  C:\Windows\System\wxlciTj.exe
  2⤵
  PID:12380
- C:\Windows\System\btwqxUi.exe
  C:\Windows\System\btwqxUi.exe
  2⤵
  PID:12836
- C:\Windows\System\MCIaBfO.exe
  C:\Windows\System\MCIaBfO.exe
  2⤵
  PID:13204
- C:\Windows\System\jwZnGUv.exe
  C:\Windows\System\jwZnGUv.exe
  2⤵
  PID:13324
- C:\Windows\System\qWJNYOX.exe
  C:\Windows\System\qWJNYOX.exe
  2⤵
  PID:13344
- C:\Windows\System\hyPnqTo.exe
  C:\Windows\System\hyPnqTo.exe
  2⤵
  PID:13372
- C:\Windows\System\ztQNViN.exe
  C:\Windows\System\ztQNViN.exe
  2⤵
  PID:13396
- C:\Windows\System\bobDCoK.exe
  C:\Windows\System\bobDCoK.exe
  2⤵
  PID:13416
- C:\Windows\System\fkqLiiZ.exe
  C:\Windows\System\fkqLiiZ.exe
  2⤵
  PID:13508
- C:\Windows\System\tiluKpH.exe
  C:\Windows\System\tiluKpH.exe
  2⤵
  PID:13544
- C:\Windows\System\eulyGtj.exe
  C:\Windows\System\eulyGtj.exe
  2⤵
  PID:13624
- C:\Windows\System\RbRidrF.exe
  C:\Windows\System\RbRidrF.exe
  2⤵
  PID:13640
- C:\Windows\System\SMFRJVp.exe
  C:\Windows\System\SMFRJVp.exe
  2⤵
  PID:13664
- C:\Windows\System\yZAJiqH.exe
  C:\Windows\System\yZAJiqH.exe
  2⤵
  PID:13684
- C:\Windows\System\ScrLkpr.exe
  C:\Windows\System\ScrLkpr.exe
  2⤵
  PID:13700
- C:\Windows\System\yWNSCkx.exe
  C:\Windows\System\yWNSCkx.exe
  2⤵
  PID:13740
- C:\Windows\System\HOTWFjw.exe
  C:\Windows\System\HOTWFjw.exe
  2⤵
  PID:13780
- C:\Windows\System\GHSGYNn.exe
  C:\Windows\System\GHSGYNn.exe
  2⤵
  PID:13796
- C:\Windows\System\oRkYxmX.exe
  C:\Windows\System\oRkYxmX.exe
  2⤵
  PID:13824
- C:\Windows\System\wdsaBSc.exe
  C:\Windows\System\wdsaBSc.exe
  2⤵
  PID:13844
- C:\Windows\System\oVEwbPK.exe
  C:\Windows\System\oVEwbPK.exe
  2⤵
  PID:13892
- C:\Windows\System\MDjfVwy.exe
  C:\Windows\System\MDjfVwy.exe
  2⤵
  PID:13908
- C:\Windows\System\FvRwdqN.exe
  C:\Windows\System\FvRwdqN.exe
  2⤵
  PID:13924
- C:\Windows\System\nPMcDLH.exe
  C:\Windows\System\nPMcDLH.exe
  2⤵
  PID:13976
- C:\Windows\System\jiJlplU.exe
  C:\Windows\System\jiJlplU.exe
  2⤵
  PID:14004
- C:\Windows\System\ZPrEyVx.exe
  C:\Windows\System\ZPrEyVx.exe
  2⤵
  PID:14024
- C:\Windows\System\EaOadgE.exe
  C:\Windows\System\EaOadgE.exe
  2⤵
  PID:14060
- C:\Windows\System\VcaqsbE.exe
  C:\Windows\System\VcaqsbE.exe
  2⤵
  PID:14080
- C:\Windows\System\hHibfux.exe
  C:\Windows\System\hHibfux.exe
  2⤵
  PID:14116
- C:\Windows\System\mJTUGoG.exe
  C:\Windows\System\mJTUGoG.exe
  2⤵
  PID:14144
- C:\Windows\System\UwPMatG.exe
  C:\Windows\System\UwPMatG.exe
  2⤵
  PID:14160
- C:\Windows\System\mpTGvPH.exe
  C:\Windows\System\mpTGvPH.exe
  2⤵
  PID:14200
- C:\Windows\System\dSjqWRI.exe
  C:\Windows\System\dSjqWRI.exe
  2⤵
  PID:14224
- C:\Windows\System\DcWbdIT.exe
  C:\Windows\System\DcWbdIT.exe
  2⤵
  PID:14248
- C:\Windows\System\nPpPLIP.exe
  C:\Windows\System\nPpPLIP.exe
  2⤵
  PID:14264
- C:\Windows\System\DqDdSYG.exe
  C:\Windows\System\DqDdSYG.exe
  2⤵
  PID:14320
- C:\Windows\System\oJSIjJF.exe
  C:\Windows\System\oJSIjJF.exe
  2⤵
  PID:2456
- C:\Windows\System\FnbeOGD.exe
  C:\Windows\System\FnbeOGD.exe
  2⤵
  PID:13320
- C:\Windows\System\fdnIVYH.exe
  C:\Windows\System\fdnIVYH.exe
  2⤵
  PID:13384
- C:\Windows\System\wSVHTsG.exe
  C:\Windows\System\wSVHTsG.exe
  2⤵
  PID:13460
- C:\Windows\System\wPWaPOZ.exe
  C:\Windows\System\wPWaPOZ.exe
  2⤵
  PID:13564
- C:\Windows\System\ZLUlXMr.exe
  C:\Windows\System\ZLUlXMr.exe
  2⤵
  PID:13692
- C:\Windows\System\zGwyrxu.exe
  C:\Windows\System\zGwyrxu.exe
  2⤵
  PID:13752
- C:\Windows\System\MXeceYp.exe
  C:\Windows\System\MXeceYp.exe
  2⤵
  PID:13812
- C:\Windows\System\UBwVhoX.exe
  C:\Windows\System\UBwVhoX.exe
  2⤵
  PID:13864
- C:\Windows\System\pZwRasX.exe
  C:\Windows\System\pZwRasX.exe
  2⤵
  PID:13904
- C:\Windows\System\ACVXwuA.exe
  C:\Windows\System\ACVXwuA.exe
  2⤵
  PID:13956
- C:\Windows\System\zeyATNN.exe
  C:\Windows\System\zeyATNN.exe
  2⤵
  PID:14032
- C:\Windows\System\RcSjSiY.exe
  C:\Windows\System\RcSjSiY.exe
  2⤵
  PID:4588
- C:\Windows\System\RGZmXMa.exe
  C:\Windows\System\RGZmXMa.exe
  2⤵
  PID:14132
- C:\Windows\System\rneztbm.exe
  C:\Windows\System\rneztbm.exe
  2⤵
  PID:14216
- C:\Windows\System\NvFnmmM.exe
  C:\Windows\System\NvFnmmM.exe
  2⤵
  PID:14332
- C:\Windows\System\qtSMRfn.exe
  C:\Windows\System\qtSMRfn.exe
  2⤵
  PID:13408
- C:\Windows\System\rLOzNlS.exe
  C:\Windows\System\rLOzNlS.exe
  2⤵
  PID:13652
- C:\Windows\System\OhyYdFf.exe
  C:\Windows\System\OhyYdFf.exe
  2⤵
  PID:13808

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BevWjoC.exe

Filesize
1.6MB

MD5
5425569d1315c06280fcd7ed5ad76384

SHA1
fbabb64c61e1c37dc38a20fdaf82c857df1c6550

SHA256
2d118fa1ce625baeb4a14a11ea1a49bc0a84c4d1b67ed1061bb0ac252f051cc0

SHA512
fe851063f2d5fe4c409abd7b76daed33c2ee8576ab849d648d111c97d82d8464c00d5b780c66922a7492adf767f57c11a11dfd00bdd7cc5061eb1651dc4bcd76

Download Submit
C:\Windows\System\FMTkXPZ.exe

Filesize
1.6MB

MD5
219d2cc96ab87dc4da4d1c28fc36aec9

SHA1
d29a535a0800f40e2f53145356498a0ca4e4bae2

SHA256
a72add21e11562a3335443bbda2b0374b7cf4b7c5c578a6bdc2e1e2fa18f6c37

SHA512
75c0ad78f9be14a8640370b62f7f7c35229aec1e8531b6a2c693699a979521e27777ea83c20b96158a204de58b418159f4b5e8f20cfeccca246945b171e3b48c

Download Submit
C:\Windows\System\FzCjxzj.exe

Filesize
1.6MB

MD5
4af37802b46c25ba78e8d894e55a6dbc

SHA1
c8e3855853dc750c6fb9380a8e940446b835aeb1

SHA256
9d0ec5e752ea6158a31561bb1ad4a666e3699914ce670aacfbf63dccc93099a1

SHA512
d121a11535fb5b8a8bf7f26c1eb51751804e03ea98206cde4481f50bd818d9510d69f9a55dff367c4ff2c27fa6e5020964885d75eccb6e4e523b665943327c65

Download Submit
C:\Windows\System\GUmQFBE.exe

Filesize
1.6MB

MD5
a633061869d37b3de5757c7fca624a2e

SHA1
fad96be9684014385812b74e3d1c97eef534aafc

SHA256
30ca655c7aae097e0dd0bd95d28a78f61bf8bd010ecc76316b70201fc0bf06e5

SHA512
31c7b7d953802ffca1ce66bdffe0d0a625ab932745e2a74e5919fdd9ec931fa6fce87302d36d3caf115752561688721a7acd2fe2fba27e5d552d8309e12bbbea

Download Submit
C:\Windows\System\IFCwfMn.exe

Filesize
1.6MB

MD5
0ba993f556082b3c3d13fbe48ed0b3a1

SHA1
a224964e3a1b5277c49a21cbef59358f6ba460cf

SHA256
219fceb46c5ea0debca358aa373fd421f1eab71a9d8961f56984118106e0eeeb

SHA512
33d36360b19131e7850559ef260c485fad16d20d5843b2cfe33fddd94482cb58fa24331c83ab9fe5b7dac9cd287018e5322b0a87c6b51e0f8d9b479e20c1b652

Download Submit
C:\Windows\System\IIYfcUV.exe

Filesize
1.6MB

MD5
5c38b0bf5a3b3310f35ecd3509a3c715

SHA1
cc8edc01cacad15648027e80e0314eab1a124a55

SHA256
1b4701cb9aa5620d9e71966e971e86874f039b0dee4af4990f8ea4dfafd007d6

SHA512
71993e33534e5a60ca4e2b3c1e843e586c2a0979c336305bdc5e910d19a2d1a82fb7bfa8965a5dea6249ca1d5328ee3b7d0f8421243c32b1166e1b532745eaed

Download Submit
C:\Windows\System\JFWlRKF.exe

Filesize
1.6MB

MD5
fc475dd3f5f13c09a6a83890d49dc403

SHA1
fe3d239d466382750e2b2b2b9982582e969395bc

SHA256
6fc52719a057fc982519b0b6b881013b73bb1801596d5f8b03968aa66246d324

SHA512
38b9764a834d5b1a4f0e656c67aeb92db0a64b02fbdae967a1103f65db58a75e67d523443ac82861c10f359dd83020b5a392bba5aeea240ac5b364b8c7d878d1

Download Submit
C:\Windows\System\KDCbEwS.exe

Filesize
1.6MB

MD5
cececc1791326dcbaedfb5c9808cd12c

SHA1
648bd4345cbaf8b6a7b63700d75f04b3924f913d

SHA256
dcef23f17ab0a3e619060d4e84f32ed7a7cbccde2446b6305bbcbb3ae0114c85

SHA512
8de676395b26fdc801cb1dfbc5ac5f7dd190ca2835a9d40c608ac7192294581495afbb58502f9e73df46bf62e33b9f4832bb963585adf6f104844f0e0a8398f7

Download Submit
C:\Windows\System\KPnwOGs.exe

Filesize
1.6MB

MD5
62f9a21b373371b5081314f76fb84ca4

SHA1
3455c7c96a3d5c84756bedf3f046453259f34a2f

SHA256
5de4664b5bc5a481f0fe7bcfdb6cecc5bbdc872bf47ea2cf93fdfb6ffc5c5186

SHA512
e9d646ad429d3d272b11f048ba16829c00a4b32dd03d43e9225669c5886d201bc37a38c77c54059369d864ce1dd74c497295b9678e19146734f9e1c8c4ab1096

Download Submit
C:\Windows\System\MrYyqnc.exe

Filesize
1.6MB

MD5
e434cddfa1d700027c8061604d39facc

SHA1
3bcfdab86db9decccbd90f45927934beead17c4b

SHA256
6f5a81debb0c77e04b8ed553c0055225b4aca6051464c729c335aee9edb73e48

SHA512
6fbd5772de4442dda7dbac8455ee2b91a89266a3ebf55b2ada547cfb4d1ff1be7cf6136cd90d5751c5d38b73d8774fdf5520a9c70846d85ddadde0ce1817d850

Download Submit
C:\Windows\System\ODqPDqx.exe

Filesize
1.6MB

MD5
ecd027f31021db35e19d8987eb14e991

SHA1
84880ca814a3012ad2785c09144098d0c8b2eb8a

SHA256
dc5d2eb799945fb1fda1ead8661827e1adf07e41639b70285b058c803c29d70e

SHA512
aa4db7eb52489f0619056647adf5fc3e5941f36711b51245144af29c389a4f6f3d847987224e6493216ad1130ff0be41e622e038466ca31c1a851a3dd7dfd432

Download Submit
C:\Windows\System\PVqUQJc.exe

Filesize
1.6MB

MD5
d9a7d25c1ea605e8f1e90c34dbc19c2c

SHA1
e809b1fad150b5d5f12a31f45d6e5a9eaaf4f739

SHA256
c308555bf489b5a11698d73b4e5771ec8d8049102ac048d39ec935eb1e97eedf

SHA512
c892f2eeed28dda712f6eed9effff7fec68fe26c2de7e9e032d86342360b77897a8735d0cf9e1ad690e9dd567916e569f0dd812701afae2ac7e0beda2853087e

Download Submit
C:\Windows\System\PxWwXGF.exe

Filesize
1.6MB

MD5
3677d850fc184543b8e78bef38ec79b2

SHA1
19610be63b4effcc08adda53f6feeafe9f967eea

SHA256
393d3dec175ff19908acd398a41024958d4fcde2a610dd904846905f7362ec8e

SHA512
7ff98c385bb2c0b90e7370bc31e5123bba2cd3fa03e0b8b6c36930d15c8f42ce3cc02629581f4d354e721f5c90ec8be15b25005cd789b8bcf7aba0e9648d6bc4

Download Submit
C:\Windows\System\RGMOhBp.exe

Filesize
1.6MB

MD5
31b9da24981da525d30b9e14cd9f9b44

SHA1
69d254296d8c924768b5ec49fd7f14004da254e2

SHA256
724bde06a8ff33c2b5e01c839392153c981e473832a7ddc99d79f893ef469483

SHA512
a5b87e7b7a4d158637a117c1e40c8fbcfbe8d1c3c22a86752d655b5b1eada4d43652a61cfae59b02d8c41789c06c4672e2eafc69fd81623b53c018f8cb744637

Download Submit
C:\Windows\System\YTbotfX.exe

Filesize
1.6MB

MD5
c10378876f204261dd27c3b343ef5f7a

SHA1
3dd90cc12524d671457997cc3aba7b2326cf1762

SHA256
e9b59ce75897addfebc6340d558303dcfdaa9c0dad302da625c45d22f6b2852c

SHA512
68398b3e27b21131964dffdec45eafff2c57d87d8b04afc35205d103225bee9629890d8e4db3f3a92e63cd28d27e3cc5b8dcc2fd526278f0b52d60ff9db91350

Download Submit
C:\Windows\System\dXGqTNh.exe

Filesize
1.6MB

MD5
cf709717b38e7fd492f6992d21ac59de

SHA1
c685b2c442c1662a29aef0d5c725824d4616aed3

SHA256
d7d906b484305933a5c654368020d8b9ed5aff9c82ec5205deb1b601c5a5070a

SHA512
cf050681402d31f9c79a8a0a15e1f44819b2905e25a863a6a8ff576d82a16479359fbad1dd62aa3c17e14591ae6e9a7c2f84cdce5e880172bce83ff07d373053

Download Submit
C:\Windows\System\hCtiWpS.exe

Filesize
1.6MB

MD5
ca48a748d3ca1ca02034a72ca6bc237d

SHA1
d800a84bf346a56238c9f4cf7caaa06eb202a811

SHA256
08632a5538b78df631f75cba979726b407439cd26cb288b0535fd9f0d162d601

SHA512
c98740bf245e6a949f52ad7341d9a0e38530b51bc2036016cdd942ad3e4e3ead8239f4ac18acb8666f7130f27b8c83b6d13bcef1c0731699ff857078b496bbb2

Download Submit
C:\Windows\System\hSbyKvs.exe

Filesize
1.6MB

MD5
3933570a86555f8a42f09dbf05c725b4

SHA1
ed2550d70fdf22a7609e03f4ad221d263788eaf7

SHA256
cf70036ce5e5853b0e55f126d569095c0936907b6a1237df1bb4b823674a6f17

SHA512
703875bc4af60494a255882338bc1201cd409d8e054fe0e2668585dd2f230a428b215c0bd72734a592f8fcface8ac837b678608262110f6118929ecafbeea784

Download Submit
C:\Windows\System\htMPDqv.exe

Filesize
1.6MB

MD5
5ab3267207556f04aa2fb2e335a3f018

SHA1
6e1056e9bc8341fec6e60bf7dcd6eaa6eacb792f

SHA256
0e25507c9fc9be7ade1c7fdff6ed962324441ded83f30543c62012ee0f768891

SHA512
0286fd7413192c606c97839cb2b88f74f37caa45da81cfaddbf5eaa7f0a885b1c2b254e12867652ed21d8631ba386d7585b5bf69d7683691a41b8598cec2def4

Download Submit
C:\Windows\System\ikQTvlM.exe

Filesize
1.6MB

MD5
847ab7fad60f01719c03f964fe27f2d4

SHA1
3113145d119df691b27ff68c5601450b0bc9329f

SHA256
5c5c040a67ff06a97907d8829ced250717b4d1cf70293d0a0ca9ff18f8fa5faf

SHA512
42b63db08cc56cb376bed2dc45476a1cd5f7a1051f0fa066d98b05bf780a95c18ded6d32f2c0d58b00e27caea2310c2eb5ef261704dd0d5ae4ad24a3884ba7fc

Download Submit
C:\Windows\System\iyrKmRU.exe

Filesize
1.6MB

MD5
b4f762f0d8355bd7f4c4d989188a6267

SHA1
58b897fe584e911fc072f00753afcaae12c2bd7c

SHA256
22465efedebf13bb6c75c2b6745f27099143adcf8a8bae2c1b0c79c81f5fd605

SHA512
a0994621f063ca0f6dd7f3ad32a46f04e1782ffb0ec2690408c3ea85f5671eee737b97db7ff9904560c0b404e2b109f42e45014ed4b43d73244373c6f4da7529

Download Submit
C:\Windows\System\jLsjuVm.exe

Filesize
1.6MB

MD5
af47399a0d4b50f8a630b7eca1a3bf4f

SHA1
97d5de4e8f2db584dd662f81255446b825ae4478

SHA256
e7ac0b3e9e902db0b11129e2324a12a9b254b6bd3fcf1f96af275a8b56acb291

SHA512
29a52fe3180e7f89d9b2e6affa0cdcf212504510c583f904b7c9657605bf4d606c15761724e4e07eace9c4b651af7e1e3703307318c2cf84a19cec44025b7746

Download Submit
C:\Windows\System\jjouKkP.exe

Filesize
1.6MB

MD5
5ad3bc407c7bfabaf91b6ef3e7f338ba

SHA1
2faa3f062db7ac88ea68fdbd47991ae32bf14d6f

SHA256
6d091e745fb5d8c1506669075b0a9a5b53ad9f71019a7e6dfd2fcdc8c008db20

SHA512
13ba37fef519c75cabf644488030a14f064123371980616082b88de37a0576f0d529fec0a1fab5cc5bdc78629a79fc88fefef027a96f154e324b771399421d4b

Download Submit
C:\Windows\System\kgiWDnn.exe

Filesize
1.6MB

MD5
f792b721fa49e635e0949b085115cab3

SHA1
eef7e04433db4b96edb0e34d96f45dcca6cb75f9

SHA256
074aba1ebab691cfd0f0ef87ae7723c58271708a6a3af902e1f9c8e2fa124b04

SHA512
56d5b5fe3a3f472c3fd42d031d6c6f79cfd5bba1c98b297b245c4efcca8a60d234b898046c2b705ab75b5964d7762c5e709b4d7a7297eb6621cc8d7a2c040b64

Download Submit
C:\Windows\System\kmbaXmM.exe

Filesize
1.6MB

MD5
c9dd8af94590b388737736aea41c9d7d

SHA1
d6c61cbab0ecfc73472e43e7383659877a4cdffc

SHA256
eb38f64866b3d7b2d1789e8bd0af41ad713dd6d73b294b31ee66de6d3206f9f3

SHA512
6bcfb8ece2845991bb68793f7cac2f88c2d0db3cd7c7fbf0f61f3149a7b5e0ac917becb7186b6a6260af10249a6312c38228525c7c64e3b824847a58305103e0

Download Submit
C:\Windows\System\nmpGKmX.exe

Filesize
1.6MB

MD5
d37c5f18a4d73738cd0fd520ad463416

SHA1
e96bdf69c4dd9b88a88b9ea7f73aae4cae5159d9

SHA256
599a14c3fbb5fe46d279f013c0229939dfb7ec1ff362f147f904f2eddbadbce7

SHA512
9bf08b81be438e91e5e61b8b810e69dcb027cc4e189f5e2496a3f3debe435262955ac1f257bbdb8814a08d7513042b256a1971f15be467f259dbd3a9bf883879

Download Submit
C:\Windows\System\roeaWyH.exe

Filesize
1.6MB

MD5
cd84d8b7d6a64cf444197eff3e92e1bf

SHA1
88345c06ab57bb6c43127c8c7329f32e1347eec9

SHA256
b3383c489cc652f5e583d5fe90065bdfcc06f17b05d2087eb58a3e5ecd41e6dd

SHA512
867be85345c30380eef196c2993d0c305cfbe0519bf363fb19af0dd47d847e0ac7a837dda472bca1c7da62e6248ee909ae75266165db499ad44091c3ad238a08

Download Submit
C:\Windows\System\sYdnliP.exe

Filesize
1.6MB

MD5
96143128ab98f8d71deaf92a0912b26f

SHA1
33c11d89e7f8c1b265a8f613b0cbaaef7c2ad36c

SHA256
c82e0f2a5b295a8701612c105ac48028df910acd8e5200fc7210a4e501037aad

SHA512
5463dd07c185beda808a9f279125c3dda29a091ffce1271f00e89559afd18e65c768d41b5ee8f7109d74597333a4fc0c59ed8c307bd7d2f8e12a6f93351b407f

Download Submit
C:\Windows\System\sdlaFWj.exe

Filesize
1.6MB

MD5
f1dff51566b5fe3dc501b74d15e71bae

SHA1
1bdbb921944b3669652d8208a5faafa61fd6521a

SHA256
840d5182169fd06c52fcd84d80bd375018e591b0492f47b09125c6f2d6179232

SHA512
41ff4cda83c0b8262a0e1c19d54d51b83e99b6a818d540d2675c37bb85a18aab34d30bef58239f89f548f9d64a55ca0897572b4d1fdc2d70bf508b14c6311086

Download Submit
C:\Windows\System\snkKfeI.exe

Filesize
1.6MB

MD5
740428fe0eddf3dfe9638e138be2b3e9

SHA1
82db7f58e409b53cae8165484e327ec0736ec2cb

SHA256
74ccd56b5cec57abdacbf7f6a1746b49db0d8264ea33203af2a912780ddfa68b

SHA512
bfafb9a3c7f379a84ca18599176d2d5eef009818dfa1b0562cc35ef46475b4ae5a260beae0741d919a622f1a996c1c900a4ea50e2ab8a19753b51f5a0927ade7

Download Submit
C:\Windows\System\wRDTAFf.exe

Filesize
1.6MB

MD5
d229037b72875556a4a57973affdc719

SHA1
c9b53b0eb4296dfff938fa04011d5cf10441b4ad

SHA256
7ebe86e76fdf687084747faab037a4a6324683fdc319564396fba21da86e4cb5

SHA512
06fdb7f2297fa5b52a0f93dfce4f2906a2b2e8b4e67e67c92767ca5a3883f534b7b4683f64682374ddcab634c2ca8dd7f7950b066a6b4b6c06ca881f1ec8ce71

Download Submit
C:\Windows\System\yMpJaLQ.exe

Filesize
1.6MB

MD5
a78caa3e8bf674070752922a3e6874cf

SHA1
99a0b27f1e3f2aa528e775c87218e6308c39de52

SHA256
a5ad3792bb0381a9c0ea558af18e8c197626d76e810289c7949fdff67c4daf6b

SHA512
86a77cda75b45824742a52f51959ede34704c21e79a54cfc636f1512e17873aa763a6668bddadb5e18c207021436a210afdb0830ffd8bdd397b02403b2b0b956

Download Submit
C:\Windows\System\zspsbSQ.exe

Filesize
1.6MB

MD5
1f5209ee9037854f649c14e4266d7310

SHA1
83072d1f9cb1413cfdb90c15b718c9b7defb9be2

SHA256
fa0dab2a9a780698f83d41299e6ce521e1e231b86561483ca3cf40307938a533

SHA512
1cc5c8828733800858fe74cec29c251d5d6f36170cb2dd430ee120265db0830c682ee3ec14a7d9a69db7f07e2627fb5cb5863b45fd20bbb828a7a8ad2cd0277a

Download Submit
memory/440-646-0x00007FF73A340000-0x00007FF73A694000-memory.dmp

Filesize
3.3MB

Download
memory/440-2153-0x00007FF73A340000-0x00007FF73A694000-memory.dmp

Filesize
3.3MB

Download
memory/532-760-0x00007FF7212F0000-0x00007FF721644000-memory.dmp

Filesize
3.3MB

Download
memory/532-2174-0x00007FF7212F0000-0x00007FF721644000-memory.dmp

Filesize
3.3MB

Download
memory/948-647-0x00007FF677160000-0x00007FF6774B4000-memory.dmp

Filesize
3.3MB

Download
memory/948-2151-0x00007FF677160000-0x00007FF6774B4000-memory.dmp

Filesize
3.3MB

Download
memory/1276-643-0x00007FF700B50000-0x00007FF700EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1276-2154-0x00007FF700B50000-0x00007FF700EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-0-0x00007FF7BA5A0000-0x00007FF7BA8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2143-0x00007FF7BA5A0000-0x00007FF7BA8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1-0x00000176E3770000-0x00000176E3780000-memory.dmp

Filesize
64KB

Download
memory/1652-2158-0x00007FF74B3F0000-0x00007FF74B744000-memory.dmp

Filesize
3.3MB

Download
memory/1652-649-0x00007FF74B3F0000-0x00007FF74B744000-memory.dmp

Filesize
3.3MB

Download
memory/1720-2164-0x00007FF7E1F90000-0x00007FF7E22E4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-774-0x00007FF7E1F90000-0x00007FF7E22E4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-666-0x00007FF6042F0000-0x00007FF604644000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2159-0x00007FF6042F0000-0x00007FF604644000-memory.dmp

Filesize
3.3MB

Download
memory/1948-768-0x00007FF692A80000-0x00007FF692DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-2161-0x00007FF692A80000-0x00007FF692DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-671-0x00007FF7A7B00000-0x00007FF7A7E54000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2165-0x00007FF7A7B00000-0x00007FF7A7E54000-memory.dmp

Filesize
3.3MB

Download
memory/2108-663-0x00007FF6D24B0000-0x00007FF6D2804000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2157-0x00007FF6D24B0000-0x00007FF6D2804000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2170-0x00007FF74DAE0000-0x00007FF74DE34000-memory.dmp

Filesize
3.3MB

Download
memory/2120-705-0x00007FF74DAE0000-0x00007FF74DE34000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2155-0x00007FF6F48D0000-0x00007FF6F4C24000-memory.dmp

Filesize
3.3MB

Download
memory/2340-648-0x00007FF6F48D0000-0x00007FF6F4C24000-memory.dmp

Filesize
3.3MB

Download
memory/2480-690-0x00007FF79A330000-0x00007FF79A684000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2169-0x00007FF79A330000-0x00007FF79A684000-memory.dmp

Filesize
3.3MB

Download
memory/2636-645-0x00007FF788280000-0x00007FF7885D4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2150-0x00007FF788280000-0x00007FF7885D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2148-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp

Filesize
3.3MB

Download
memory/2756-12-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2172-0x00007FF6D4560000-0x00007FF6D48B4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-756-0x00007FF6D4560000-0x00007FF6D48B4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-767-0x00007FF663C30000-0x00007FF663F84000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2176-0x00007FF663C30000-0x00007FF663F84000-memory.dmp

Filesize
3.3MB

Download
memory/3212-650-0x00007FF6A39E0000-0x00007FF6A3D34000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2160-0x00007FF6A39E0000-0x00007FF6A3D34000-memory.dmp

Filesize
3.3MB

Download
memory/3328-2167-0x00007FF6B14D0000-0x00007FF6B1824000-memory.dmp

Filesize
3.3MB

Download
memory/3328-763-0x00007FF6B14D0000-0x00007FF6B1824000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2163-0x00007FF6A2CA0000-0x00007FF6A2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-674-0x00007FF6A2CA0000-0x00007FF6A2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-702-0x00007FF631A00000-0x00007FF631D54000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2171-0x00007FF631A00000-0x00007FF631D54000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2166-0x00007FF700C10000-0x00007FF700F64000-memory.dmp

Filesize
3.3MB

Download
memory/3552-686-0x00007FF700C10000-0x00007FF700F64000-memory.dmp

Filesize
3.3MB

Download
memory/3652-2152-0x00007FF7BF0A0000-0x00007FF7BF3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3652-644-0x00007FF7BF0A0000-0x00007FF7BF3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-2144-0x00007FF759C60000-0x00007FF759FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-10-0x00007FF759C60000-0x00007FF759FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-2149-0x00007FF759C60000-0x00007FF759FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2173-0x00007FF66B4E0000-0x00007FF66B834000-memory.dmp

Filesize
3.3MB

Download
memory/4088-752-0x00007FF66B4E0000-0x00007FF66B834000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2175-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp

Filesize
3.3MB

Download
memory/4536-764-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2162-0x00007FF73FFA0000-0x00007FF7402F4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-679-0x00007FF73FFA0000-0x00007FF7402F4000-memory.dmp

Filesize
3.3MB

Download
memory/5052-655-0x00007FF7A1A00000-0x00007FF7A1D54000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2156-0x00007FF7A1A00000-0x00007FF7A1D54000-memory.dmp

Filesize
3.3MB

Download
memory/5116-693-0x00007FF6B3950000-0x00007FF6B3CA4000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2168-0x00007FF6B3950000-0x00007FF6B3CA4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads