xmrig | eca2fd4165cc468285bd25aac781deb20683e2a9191733c423dc19d5a91b235d

Analysis

max time kernel
138s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
Size

2.3MB
MD5

6003954cf368abf99e81ab720c964b80
SHA1

c42ecf1dc5f2edcefe5cf6b3ea7b79cd4aae2e82
SHA256

eca2fd4165cc468285bd25aac781deb20683e2a9191733c423dc19d5a91b235d
SHA512

e7c1329f656b7c7f4b697e8cb5e4bce0aa0345201f09d388a97ba321b62c9805d507e331c2e2211c4476035dc77445cc0ce157926ae17eaaac2c5f1edce17291
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+A4VBqxGLI9e3:BemTLkNdfE0pZrj

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1336-0-0x00007FF7B5D40000-0x00007FF7B6094000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-7.dat	xmrig
behavioral2/memory/4644-31-0x00007FF686420000-0x00007FF686774000-memory.dmp	xmrig
behavioral2/memory/1388-35-0x00007FF635860000-0x00007FF635BB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-40.dat	xmrig
behavioral2/memory/2452-59-0x00007FF61B0B0000-0x00007FF61B404000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-56.dat	xmrig
behavioral2/files/0x0007000000023423-55.dat	xmrig
behavioral2/files/0x0007000000023422-54.dat	xmrig
behavioral2/files/0x0007000000023421-53.dat	xmrig
behavioral2/files/0x0007000000023424-60.dat	xmrig
behavioral2/files/0x0007000000023420-51.dat	xmrig
behavioral2/memory/3060-78-0x00007FF6ECA70000-0x00007FF6ECDC4000-memory.dmp	xmrig
behavioral2/memory/3496-89-0x00007FF726170000-0x00007FF7264C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-108.dat	xmrig
behavioral2/memory/2716-117-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp	xmrig
behavioral2/memory/2476-121-0x00007FF762B60000-0x00007FF762EB4000-memory.dmp	xmrig
behavioral2/memory/4148-122-0x00007FF7FDFE0000-0x00007FF7FE334000-memory.dmp	xmrig
behavioral2/memory/5024-120-0x00007FF6D28C0000-0x00007FF6D2C14000-memory.dmp	xmrig
behavioral2/memory/2804-119-0x00007FF73F4A0000-0x00007FF73F7F4000-memory.dmp	xmrig
behavioral2/memory/2280-118-0x00007FF71D190000-0x00007FF71D4E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-115.dat	xmrig
behavioral2/memory/4772-114-0x00007FF76DCA0000-0x00007FF76DFF4000-memory.dmp	xmrig
behavioral2/memory/876-113-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp	xmrig
behavioral2/memory/4764-112-0x00007FF60BBA0000-0x00007FF60BEF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-110.dat	xmrig
behavioral2/files/0x0007000000023428-106.dat	xmrig
behavioral2/files/0x0007000000023427-104.dat	xmrig
behavioral2/files/0x0007000000023426-102.dat	xmrig
behavioral2/memory/2300-98-0x00007FF6B3850000-0x00007FF6B3BA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-91.dat	xmrig
behavioral2/memory/544-77-0x00007FF7E6930000-0x00007FF7E6C84000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-50.dat	xmrig
behavioral2/memory/2004-44-0x00007FF60AD80000-0x00007FF60B0D4000-memory.dmp	xmrig
behavioral2/memory/4544-36-0x00007FF6F93A0000-0x00007FF6F96F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-38.dat	xmrig
behavioral2/memory/2396-29-0x00007FF6C7140000-0x00007FF6C7494000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-25.dat	xmrig
behavioral2/files/0x000700000002341b-23.dat	xmrig
behavioral2/memory/4468-17-0x00007FF7C6C20000-0x00007FF7C6F74000-memory.dmp	xmrig
behavioral2/files/0x000900000002328e-8.dat	xmrig
behavioral2/files/0x000700000002342c-124.dat	xmrig
behavioral2/memory/1408-145-0x00007FF73BDF0000-0x00007FF73C144000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-164.dat	xmrig
behavioral2/files/0x0007000000023438-178.dat	xmrig
behavioral2/files/0x000700000002343a-183.dat	xmrig
behavioral2/memory/1188-175-0x00007FF66AA00000-0x00007FF66AD54000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-174.dat	xmrig
behavioral2/files/0x0007000000023437-170.dat	xmrig
behavioral2/files/0x0007000000023436-169.dat	xmrig
behavioral2/files/0x0007000000023434-168.dat	xmrig
behavioral2/files/0x0007000000023430-162.dat	xmrig
behavioral2/memory/2044-160-0x00007FF7AFA20000-0x00007FF7AFD74000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-156.dat	xmrig
behavioral2/files/0x0007000000023431-155.dat	xmrig
behavioral2/files/0x0007000000023432-149.dat	xmrig
behavioral2/memory/1248-148-0x00007FF7B1F80000-0x00007FF7B22D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-151.dat	xmrig
behavioral2/files/0x000700000002342e-140.dat	xmrig
behavioral2/memory/2212-200-0x00007FF784350000-0x00007FF7846A4000-memory.dmp	xmrig
behavioral2/memory/2492-207-0x00007FF7421C0000-0x00007FF742514000-memory.dmp	xmrig
behavioral2/memory/4692-217-0x00007FF7AB480000-0x00007FF7AB7D4000-memory.dmp	xmrig
behavioral2/memory/4904-225-0x00007FF661E40000-0x00007FF662194000-memory.dmp	xmrig
behavioral2/memory/372-223-0x00007FF7455D0000-0x00007FF745924000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4468	PVRZKRl.exe
1388	hOGqYkM.exe
2396	FBcISpZ.exe
4644	uAFtQEf.exe
4544	LEYNdgS.exe
2452	BMolRdQ.exe
2004	wypespZ.exe
544	avZfumT.exe
2804	XlAZPQo.exe
3060	yRJwIgE.exe
3496	uWVwLgE.exe
2300	VgCczlZ.exe
5024	OFRTepw.exe
4764	tshUuYX.exe
2476	jKbqSDJ.exe
876	kWwxJYI.exe
4772	bEWrFwK.exe
2716	JxZNjxt.exe
2280	jGjCxdT.exe
4148	fsjJDGX.exe
1408	UgftBPC.exe
372	FkWmdav.exe
1248	NtTGgvL.exe
2044	IFkgISF.exe
4904	bshXErv.exe
1188	egZQUiM.exe
2212	mnkgYUY.exe
2492	wjhtGst.exe
4692	PIkiaqj.exe
5116	AtqBumq.exe
4084	NvOGHpB.exe
3564	ucOehLr.exe
3076	RlSRtVG.exe
5012	CYXDroH.exe
1476	kSnhwzv.exe
3236	QNIfVru.exe
4852	KUHLhFl.exe
1568	SLuiFgJ.exe
1420	WeescXc.exe
912	lLrgulY.exe
4368	bMKBVGr.exe
1364	qGJcMFM.exe
2360	MGkvZHp.exe
4628	eVQcfMw.exe
5016	kENGrWb.exe
3000	aOenqWg.exe
4676	Ckfxnxa.exe
4484	CivVzxS.exe
2460	DrpovFg.exe
3572	mpHbqPX.exe
1988	GzXJPtQ.exe
1524	FdpIRxA.exe
2676	UWUECNK.exe
4732	tVDTsfh.exe
2392	odNxmEW.exe
3696	AbXWQOX.exe
880	UVRnNNu.exe
1464	vSxKWWj.exe
1708	UhihCWM.exe
4356	HqhDgAs.exe
3828	lvSVGTM.exe
2708	Dqppfan.exe
4892	LDFJMSj.exe
3648	lGPgYBd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1336-0-0x00007FF7B5D40000-0x00007FF7B6094000-memory.dmp	upx
behavioral2/files/0x000700000002341a-7.dat	upx
behavioral2/memory/4644-31-0x00007FF686420000-0x00007FF686774000-memory.dmp	upx
behavioral2/memory/1388-35-0x00007FF635860000-0x00007FF635BB4000-memory.dmp	upx
behavioral2/files/0x000700000002341f-40.dat	upx
behavioral2/memory/2452-59-0x00007FF61B0B0000-0x00007FF61B404000-memory.dmp	upx
behavioral2/files/0x000700000002341e-56.dat	upx
behavioral2/files/0x0007000000023423-55.dat	upx
behavioral2/files/0x0007000000023422-54.dat	upx
behavioral2/files/0x0007000000023421-53.dat	upx
behavioral2/files/0x0007000000023424-60.dat	upx
behavioral2/files/0x0007000000023420-51.dat	upx
behavioral2/memory/3060-78-0x00007FF6ECA70000-0x00007FF6ECDC4000-memory.dmp	upx
behavioral2/memory/3496-89-0x00007FF726170000-0x00007FF7264C4000-memory.dmp	upx
behavioral2/files/0x0007000000023429-108.dat	upx
behavioral2/memory/2716-117-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp	upx
behavioral2/memory/2476-121-0x00007FF762B60000-0x00007FF762EB4000-memory.dmp	upx
behavioral2/memory/4148-122-0x00007FF7FDFE0000-0x00007FF7FE334000-memory.dmp	upx
behavioral2/memory/5024-120-0x00007FF6D28C0000-0x00007FF6D2C14000-memory.dmp	upx
behavioral2/memory/2804-119-0x00007FF73F4A0000-0x00007FF73F7F4000-memory.dmp	upx
behavioral2/memory/2280-118-0x00007FF71D190000-0x00007FF71D4E4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-115.dat	upx
behavioral2/memory/4772-114-0x00007FF76DCA0000-0x00007FF76DFF4000-memory.dmp	upx
behavioral2/memory/876-113-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp	upx
behavioral2/memory/4764-112-0x00007FF60BBA0000-0x00007FF60BEF4000-memory.dmp	upx
behavioral2/files/0x000700000002342a-110.dat	upx
behavioral2/files/0x0007000000023428-106.dat	upx
behavioral2/files/0x0007000000023427-104.dat	upx
behavioral2/files/0x0007000000023426-102.dat	upx
behavioral2/memory/2300-98-0x00007FF6B3850000-0x00007FF6B3BA4000-memory.dmp	upx
behavioral2/files/0x0007000000023425-91.dat	upx
behavioral2/memory/544-77-0x00007FF7E6930000-0x00007FF7E6C84000-memory.dmp	upx
behavioral2/files/0x000700000002341d-50.dat	upx
behavioral2/memory/2004-44-0x00007FF60AD80000-0x00007FF60B0D4000-memory.dmp	upx
behavioral2/memory/4544-36-0x00007FF6F93A0000-0x00007FF6F96F4000-memory.dmp	upx
behavioral2/files/0x000700000002341c-38.dat	upx
behavioral2/memory/2396-29-0x00007FF6C7140000-0x00007FF6C7494000-memory.dmp	upx
behavioral2/files/0x0007000000023419-25.dat	upx
behavioral2/files/0x000700000002341b-23.dat	upx
behavioral2/memory/4468-17-0x00007FF7C6C20000-0x00007FF7C6F74000-memory.dmp	upx
behavioral2/files/0x000900000002328e-8.dat	upx
behavioral2/files/0x000700000002342c-124.dat	upx
behavioral2/memory/1408-145-0x00007FF73BDF0000-0x00007FF73C144000-memory.dmp	upx
behavioral2/files/0x0007000000023435-164.dat	upx
behavioral2/files/0x0007000000023438-178.dat	upx
behavioral2/files/0x000700000002343a-183.dat	upx
behavioral2/memory/1188-175-0x00007FF66AA00000-0x00007FF66AD54000-memory.dmp	upx
behavioral2/files/0x000700000002342f-174.dat	upx
behavioral2/files/0x0007000000023437-170.dat	upx
behavioral2/files/0x0007000000023436-169.dat	upx
behavioral2/files/0x0007000000023434-168.dat	upx
behavioral2/files/0x0007000000023430-162.dat	upx
behavioral2/memory/2044-160-0x00007FF7AFA20000-0x00007FF7AFD74000-memory.dmp	upx
behavioral2/files/0x000700000002342d-156.dat	upx
behavioral2/files/0x0007000000023431-155.dat	upx
behavioral2/files/0x0007000000023432-149.dat	upx
behavioral2/memory/1248-148-0x00007FF7B1F80000-0x00007FF7B22D4000-memory.dmp	upx
behavioral2/files/0x0007000000023433-151.dat	upx
behavioral2/files/0x000700000002342e-140.dat	upx
behavioral2/memory/2212-200-0x00007FF784350000-0x00007FF7846A4000-memory.dmp	upx
behavioral2/memory/2492-207-0x00007FF7421C0000-0x00007FF742514000-memory.dmp	upx
behavioral2/memory/4692-217-0x00007FF7AB480000-0x00007FF7AB7D4000-memory.dmp	upx
behavioral2/memory/4904-225-0x00007FF661E40000-0x00007FF662194000-memory.dmp	upx
behavioral2/memory/372-223-0x00007FF7455D0000-0x00007FF745924000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vSxKWWj.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\rWaPTCT.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\lUqXcqr.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\xGLDuZe.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\NBGYrXN.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\wrEBszj.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\XreeFLi.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\ZblbnXI.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\CMleXMO.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\AbXWQOX.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\MgUEFKF.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\QNUmKAq.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\JkZxRxU.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\kPQUHMu.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\nfONyyp.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\yKEvBeM.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\TrMbneX.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\PVRZKRl.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\AtqBumq.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\ONWooxM.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\YlCzttF.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\QjsWMGd.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\kENGrWb.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\KvKpvJu.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\pAMonvM.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\MyQbHTv.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\pSwzCak.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\DPySung.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\TquqYaI.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\jRSKNar.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\exIQdwD.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\zPGerQY.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\DKdxIwP.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\vIYZZQI.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\uzEAloL.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\AWmJIsU.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\kYlgmhX.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\OGhqaFW.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\SXHfPAx.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\tcoagWo.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\dMQXzkk.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\DnxCQLQ.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\bzQxMqj.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\IMAVavN.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\POXdHGS.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\jtobySD.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\EdZZXIF.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\wJFzxQu.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\wxgvlIt.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\MYKQfeS.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\EGNoiEH.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\bshXErv.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\tHXyvPL.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\rLlxwnU.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\IkEHZHL.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\BRzSjjW.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\ycjJwGC.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\QxbmaHq.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\MExxTrS.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\xqoKrin.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\HAuYpgE.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\ZrsuuXu.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\QDWbCDg.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
File created	C:\Windows\System\Dqppfan.exe	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14968	dwm.exe
Token: SeChangeNotifyPrivilege	14968	dwm.exe
Token: 33	14968	dwm.exe
Token: SeIncBasePriorityPrivilege	14968	dwm.exe
Token: SeShutdownPrivilege	14968	dwm.exe
Token: SeCreatePagefilePrivilege	14968	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 4468	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	83
PID 1336 wrote to memory of 4468	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	83
PID 1336 wrote to memory of 1388	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	84
PID 1336 wrote to memory of 1388	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	84
PID 1336 wrote to memory of 2396	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	85
PID 1336 wrote to memory of 2396	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	85
PID 1336 wrote to memory of 4644	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	86
PID 1336 wrote to memory of 4644	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	86
PID 1336 wrote to memory of 4544	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	87
PID 1336 wrote to memory of 4544	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	87
PID 1336 wrote to memory of 2452	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	88
PID 1336 wrote to memory of 2452	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	88
PID 1336 wrote to memory of 2004	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	89
PID 1336 wrote to memory of 2004	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	89
PID 1336 wrote to memory of 544	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	90
PID 1336 wrote to memory of 544	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	90
PID 1336 wrote to memory of 2804	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	91
PID 1336 wrote to memory of 2804	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	91
PID 1336 wrote to memory of 3060	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	92
PID 1336 wrote to memory of 3060	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	92
PID 1336 wrote to memory of 3496	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	93
PID 1336 wrote to memory of 3496	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	93
PID 1336 wrote to memory of 2300	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	94
PID 1336 wrote to memory of 2300	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	94
PID 1336 wrote to memory of 5024	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	95
PID 1336 wrote to memory of 5024	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	95
PID 1336 wrote to memory of 4764	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	96
PID 1336 wrote to memory of 4764	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	96
PID 1336 wrote to memory of 2476	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	97
PID 1336 wrote to memory of 2476	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	97
PID 1336 wrote to memory of 876	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	98
PID 1336 wrote to memory of 876	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	98
PID 1336 wrote to memory of 4772	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	99
PID 1336 wrote to memory of 4772	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	99
PID 1336 wrote to memory of 2716	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	100
PID 1336 wrote to memory of 2716	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	100
PID 1336 wrote to memory of 2280	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	101
PID 1336 wrote to memory of 2280	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	101
PID 1336 wrote to memory of 4148	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	102
PID 1336 wrote to memory of 4148	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	102
PID 1336 wrote to memory of 1408	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	103
PID 1336 wrote to memory of 1408	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	103
PID 1336 wrote to memory of 372	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	104
PID 1336 wrote to memory of 372	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	104
PID 1336 wrote to memory of 1248	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	105
PID 1336 wrote to memory of 1248	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	105
PID 1336 wrote to memory of 1188	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	106
PID 1336 wrote to memory of 1188	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	106
PID 1336 wrote to memory of 2044	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	107
PID 1336 wrote to memory of 2044	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	107
PID 1336 wrote to memory of 4692	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	108
PID 1336 wrote to memory of 4692	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	108
PID 1336 wrote to memory of 4904	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	109
PID 1336 wrote to memory of 4904	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	109
PID 1336 wrote to memory of 2212	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	110
PID 1336 wrote to memory of 2212	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	110
PID 1336 wrote to memory of 2492	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	111
PID 1336 wrote to memory of 2492	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	111
PID 1336 wrote to memory of 5116	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	112
PID 1336 wrote to memory of 5116	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	112
PID 1336 wrote to memory of 4084	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	113
PID 1336 wrote to memory of 4084	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	113
PID 1336 wrote to memory of 3564	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	114
PID 1336 wrote to memory of 3564	1336	6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6003954cf368abf99e81ab720c964b80_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\System\PVRZKRl.exe
  C:\Windows\System\PVRZKRl.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\hOGqYkM.exe
  C:\Windows\System\hOGqYkM.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\FBcISpZ.exe
  C:\Windows\System\FBcISpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\uAFtQEf.exe
  C:\Windows\System\uAFtQEf.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\LEYNdgS.exe
  C:\Windows\System\LEYNdgS.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\BMolRdQ.exe
  C:\Windows\System\BMolRdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\wypespZ.exe
  C:\Windows\System\wypespZ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\avZfumT.exe
  C:\Windows\System\avZfumT.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\XlAZPQo.exe
  C:\Windows\System\XlAZPQo.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\yRJwIgE.exe
  C:\Windows\System\yRJwIgE.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\uWVwLgE.exe
  C:\Windows\System\uWVwLgE.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\VgCczlZ.exe
  C:\Windows\System\VgCczlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\OFRTepw.exe
  C:\Windows\System\OFRTepw.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\tshUuYX.exe
  C:\Windows\System\tshUuYX.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\jKbqSDJ.exe
  C:\Windows\System\jKbqSDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\kWwxJYI.exe
  C:\Windows\System\kWwxJYI.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\bEWrFwK.exe
  C:\Windows\System\bEWrFwK.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\JxZNjxt.exe
  C:\Windows\System\JxZNjxt.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\jGjCxdT.exe
  C:\Windows\System\jGjCxdT.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\fsjJDGX.exe
  C:\Windows\System\fsjJDGX.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\UgftBPC.exe
  C:\Windows\System\UgftBPC.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\FkWmdav.exe
  C:\Windows\System\FkWmdav.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\NtTGgvL.exe
  C:\Windows\System\NtTGgvL.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\egZQUiM.exe
  C:\Windows\System\egZQUiM.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\IFkgISF.exe
  C:\Windows\System\IFkgISF.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\PIkiaqj.exe
  C:\Windows\System\PIkiaqj.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\bshXErv.exe
  C:\Windows\System\bshXErv.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\mnkgYUY.exe
  C:\Windows\System\mnkgYUY.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\wjhtGst.exe
  C:\Windows\System\wjhtGst.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\AtqBumq.exe
  C:\Windows\System\AtqBumq.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\NvOGHpB.exe
  C:\Windows\System\NvOGHpB.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\ucOehLr.exe
  C:\Windows\System\ucOehLr.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\RlSRtVG.exe
  C:\Windows\System\RlSRtVG.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\CYXDroH.exe
  C:\Windows\System\CYXDroH.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\kSnhwzv.exe
  C:\Windows\System\kSnhwzv.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\QNIfVru.exe
  C:\Windows\System\QNIfVru.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\KUHLhFl.exe
  C:\Windows\System\KUHLhFl.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\SLuiFgJ.exe
  C:\Windows\System\SLuiFgJ.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\WeescXc.exe
  C:\Windows\System\WeescXc.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\lLrgulY.exe
  C:\Windows\System\lLrgulY.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\bMKBVGr.exe
  C:\Windows\System\bMKBVGr.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\qGJcMFM.exe
  C:\Windows\System\qGJcMFM.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\MGkvZHp.exe
  C:\Windows\System\MGkvZHp.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\eVQcfMw.exe
  C:\Windows\System\eVQcfMw.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\kENGrWb.exe
  C:\Windows\System\kENGrWb.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\aOenqWg.exe
  C:\Windows\System\aOenqWg.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\Ckfxnxa.exe
  C:\Windows\System\Ckfxnxa.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\CivVzxS.exe
  C:\Windows\System\CivVzxS.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\DrpovFg.exe
  C:\Windows\System\DrpovFg.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\mpHbqPX.exe
  C:\Windows\System\mpHbqPX.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\GzXJPtQ.exe
  C:\Windows\System\GzXJPtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\FdpIRxA.exe
  C:\Windows\System\FdpIRxA.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\UWUECNK.exe
  C:\Windows\System\UWUECNK.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\tVDTsfh.exe
  C:\Windows\System\tVDTsfh.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\odNxmEW.exe
  C:\Windows\System\odNxmEW.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\AbXWQOX.exe
  C:\Windows\System\AbXWQOX.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\UVRnNNu.exe
  C:\Windows\System\UVRnNNu.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\vSxKWWj.exe
  C:\Windows\System\vSxKWWj.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\UhihCWM.exe
  C:\Windows\System\UhihCWM.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\HqhDgAs.exe
  C:\Windows\System\HqhDgAs.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\lvSVGTM.exe
  C:\Windows\System\lvSVGTM.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\Dqppfan.exe
  C:\Windows\System\Dqppfan.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\LDFJMSj.exe
  C:\Windows\System\LDFJMSj.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\lGPgYBd.exe
  C:\Windows\System\lGPgYBd.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\lYhITuO.exe
  C:\Windows\System\lYhITuO.exe
  2⤵
  PID:4928
- C:\Windows\System\zPXTChB.exe
  C:\Windows\System\zPXTChB.exe
  2⤵
  PID:4180
- C:\Windows\System\vIYZZQI.exe
  C:\Windows\System\vIYZZQI.exe
  2⤵
  PID:4504
- C:\Windows\System\iFRGicL.exe
  C:\Windows\System\iFRGicL.exe
  2⤵
  PID:2604
- C:\Windows\System\DtkwMqq.exe
  C:\Windows\System\DtkwMqq.exe
  2⤵
  PID:4640
- C:\Windows\System\ORTAwNc.exe
  C:\Windows\System\ORTAwNc.exe
  2⤵
  PID:1712
- C:\Windows\System\OULHniu.exe
  C:\Windows\System\OULHniu.exe
  2⤵
  PID:3780
- C:\Windows\System\NitPZmi.exe
  C:\Windows\System\NitPZmi.exe
  2⤵
  PID:4920
- C:\Windows\System\QcELvPj.exe
  C:\Windows\System\QcELvPj.exe
  2⤵
  PID:4428
- C:\Windows\System\rxURhfJ.exe
  C:\Windows\System\rxURhfJ.exe
  2⤵
  PID:1504
- C:\Windows\System\AENpjtB.exe
  C:\Windows\System\AENpjtB.exe
  2⤵
  PID:3252
- C:\Windows\System\JcrsJQd.exe
  C:\Windows\System\JcrsJQd.exe
  2⤵
  PID:2500
- C:\Windows\System\lYIpcwa.exe
  C:\Windows\System\lYIpcwa.exe
  2⤵
  PID:1520
- C:\Windows\System\LATNCWd.exe
  C:\Windows\System\LATNCWd.exe
  2⤵
  PID:4936
- C:\Windows\System\uzEAloL.exe
  C:\Windows\System\uzEAloL.exe
  2⤵
  PID:4400
- C:\Windows\System\xxSruvX.exe
  C:\Windows\System\xxSruvX.exe
  2⤵
  PID:412
- C:\Windows\System\RrcBbnX.exe
  C:\Windows\System\RrcBbnX.exe
  2⤵
  PID:3548
- C:\Windows\System\AZuPyXO.exe
  C:\Windows\System\AZuPyXO.exe
  2⤵
  PID:4856
- C:\Windows\System\zXceTbr.exe
  C:\Windows\System\zXceTbr.exe
  2⤵
  PID:2368
- C:\Windows\System\QLQmQwR.exe
  C:\Windows\System\QLQmQwR.exe
  2⤵
  PID:4140
- C:\Windows\System\DHFATpy.exe
  C:\Windows\System\DHFATpy.exe
  2⤵
  PID:4888
- C:\Windows\System\CxIzsRD.exe
  C:\Windows\System\CxIzsRD.exe
  2⤵
  PID:4716
- C:\Windows\System\wxqPobU.exe
  C:\Windows\System\wxqPobU.exe
  2⤵
  PID:4896
- C:\Windows\System\NKIAcCe.exe
  C:\Windows\System\NKIAcCe.exe
  2⤵
  PID:5132
- C:\Windows\System\mIcihVN.exe
  C:\Windows\System\mIcihVN.exe
  2⤵
  PID:5172
- C:\Windows\System\uRYmJTV.exe
  C:\Windows\System\uRYmJTV.exe
  2⤵
  PID:5208
- C:\Windows\System\qOKRNSF.exe
  C:\Windows\System\qOKRNSF.exe
  2⤵
  PID:5236
- C:\Windows\System\PBNLozU.exe
  C:\Windows\System\PBNLozU.exe
  2⤵
  PID:5272
- C:\Windows\System\oIXMoEj.exe
  C:\Windows\System\oIXMoEj.exe
  2⤵
  PID:5300
- C:\Windows\System\XipxrQF.exe
  C:\Windows\System\XipxrQF.exe
  2⤵
  PID:5328
- C:\Windows\System\ArWWDhS.exe
  C:\Windows\System\ArWWDhS.exe
  2⤵
  PID:5356
- C:\Windows\System\alHoGGl.exe
  C:\Windows\System\alHoGGl.exe
  2⤵
  PID:5392
- C:\Windows\System\oKZENBU.exe
  C:\Windows\System\oKZENBU.exe
  2⤵
  PID:5412
- C:\Windows\System\DlKMpNS.exe
  C:\Windows\System\DlKMpNS.exe
  2⤵
  PID:5444
- C:\Windows\System\VVMKXWD.exe
  C:\Windows\System\VVMKXWD.exe
  2⤵
  PID:5480
- C:\Windows\System\CUoDXDb.exe
  C:\Windows\System\CUoDXDb.exe
  2⤵
  PID:5512
- C:\Windows\System\ufmAVyO.exe
  C:\Windows\System\ufmAVyO.exe
  2⤵
  PID:5540
- C:\Windows\System\pWWneQb.exe
  C:\Windows\System\pWWneQb.exe
  2⤵
  PID:5564
- C:\Windows\System\AleKnlh.exe
  C:\Windows\System\AleKnlh.exe
  2⤵
  PID:5600
- C:\Windows\System\rdMEdxB.exe
  C:\Windows\System\rdMEdxB.exe
  2⤵
  PID:5624
- C:\Windows\System\IHIsurC.exe
  C:\Windows\System\IHIsurC.exe
  2⤵
  PID:5648
- C:\Windows\System\gMLnwWC.exe
  C:\Windows\System\gMLnwWC.exe
  2⤵
  PID:5664
- C:\Windows\System\rSDOTme.exe
  C:\Windows\System\rSDOTme.exe
  2⤵
  PID:5712
- C:\Windows\System\SyshusI.exe
  C:\Windows\System\SyshusI.exe
  2⤵
  PID:5736
- C:\Windows\System\WidABqI.exe
  C:\Windows\System\WidABqI.exe
  2⤵
  PID:5764
- C:\Windows\System\gmDJzqG.exe
  C:\Windows\System\gmDJzqG.exe
  2⤵
  PID:5792
- C:\Windows\System\jjsuNvx.exe
  C:\Windows\System\jjsuNvx.exe
  2⤵
  PID:5820
- C:\Windows\System\IMAVavN.exe
  C:\Windows\System\IMAVavN.exe
  2⤵
  PID:5856
- C:\Windows\System\vcndcwq.exe
  C:\Windows\System\vcndcwq.exe
  2⤵
  PID:5884
- C:\Windows\System\vBJlRRW.exe
  C:\Windows\System\vBJlRRW.exe
  2⤵
  PID:5912
- C:\Windows\System\pzqRtwL.exe
  C:\Windows\System\pzqRtwL.exe
  2⤵
  PID:5940
- C:\Windows\System\UOqMsGP.exe
  C:\Windows\System\UOqMsGP.exe
  2⤵
  PID:5960
- C:\Windows\System\QbqZeGj.exe
  C:\Windows\System\QbqZeGj.exe
  2⤵
  PID:5988
- C:\Windows\System\vhNPmqD.exe
  C:\Windows\System\vhNPmqD.exe
  2⤵
  PID:6020
- C:\Windows\System\rWaPTCT.exe
  C:\Windows\System\rWaPTCT.exe
  2⤵
  PID:6048
- C:\Windows\System\iIMfrLY.exe
  C:\Windows\System\iIMfrLY.exe
  2⤵
  PID:6072
- C:\Windows\System\pOHSAmR.exe
  C:\Windows\System\pOHSAmR.exe
  2⤵
  PID:6100
- C:\Windows\System\TElkfGB.exe
  C:\Windows\System\TElkfGB.exe
  2⤵
  PID:6128
- C:\Windows\System\lhuiSAm.exe
  C:\Windows\System\lhuiSAm.exe
  2⤵
  PID:3592
- C:\Windows\System\bYtfNUQ.exe
  C:\Windows\System\bYtfNUQ.exe
  2⤵
  PID:5192
- C:\Windows\System\bsFYJYo.exe
  C:\Windows\System\bsFYJYo.exe
  2⤵
  PID:5260
- C:\Windows\System\useimiZ.exe
  C:\Windows\System\useimiZ.exe
  2⤵
  PID:5324
- C:\Windows\System\nfONyyp.exe
  C:\Windows\System\nfONyyp.exe
  2⤵
  PID:5400
- C:\Windows\System\uJPPfPH.exe
  C:\Windows\System\uJPPfPH.exe
  2⤵
  PID:5472
- C:\Windows\System\LfABamK.exe
  C:\Windows\System\LfABamK.exe
  2⤵
  PID:2944
- C:\Windows\System\ycjJwGC.exe
  C:\Windows\System\ycjJwGC.exe
  2⤵
  PID:5584
- C:\Windows\System\OXvnsEG.exe
  C:\Windows\System\OXvnsEG.exe
  2⤵
  PID:5656
- C:\Windows\System\ZGpamkt.exe
  C:\Windows\System\ZGpamkt.exe
  2⤵
  PID:5752
- C:\Windows\System\IpNDqxk.exe
  C:\Windows\System\IpNDqxk.exe
  2⤵
  PID:5808
- C:\Windows\System\CDLQklU.exe
  C:\Windows\System\CDLQklU.exe
  2⤵
  PID:5868
- C:\Windows\System\AEWmjJF.exe
  C:\Windows\System\AEWmjJF.exe
  2⤵
  PID:5288
- C:\Windows\System\KUoXPrp.exe
  C:\Windows\System\KUoXPrp.exe
  2⤵
  PID:5980
- C:\Windows\System\AbsvRKx.exe
  C:\Windows\System\AbsvRKx.exe
  2⤵
  PID:6036
- C:\Windows\System\lZSLvzr.exe
  C:\Windows\System\lZSLvzr.exe
  2⤵
  PID:6096
- C:\Windows\System\QxbmaHq.exe
  C:\Windows\System\QxbmaHq.exe
  2⤵
  PID:5160
- C:\Windows\System\dKVOOCI.exe
  C:\Windows\System\dKVOOCI.exe
  2⤵
  PID:5368
- C:\Windows\System\qiJPpAV.exe
  C:\Windows\System\qiJPpAV.exe
  2⤵
  PID:5520
- C:\Windows\System\VBGzwMq.exe
  C:\Windows\System\VBGzwMq.exe
  2⤵
  PID:5576
- C:\Windows\System\kYlgmhX.exe
  C:\Windows\System\kYlgmhX.exe
  2⤵
  PID:3704
- C:\Windows\System\AILQbof.exe
  C:\Windows\System\AILQbof.exe
  2⤵
  PID:1040
- C:\Windows\System\ujHQiJu.exe
  C:\Windows\System\ujHQiJu.exe
  2⤵
  PID:5920
- C:\Windows\System\YRtuRKL.exe
  C:\Windows\System\YRtuRKL.exe
  2⤵
  PID:6064
- C:\Windows\System\xacyJCo.exe
  C:\Windows\System\xacyJCo.exe
  2⤵
  PID:5548
- C:\Windows\System\RXlGOId.exe
  C:\Windows\System\RXlGOId.exe
  2⤵
  PID:5524
- C:\Windows\System\IdSzlsP.exe
  C:\Windows\System\IdSzlsP.exe
  2⤵
  PID:6000
- C:\Windows\System\uvrWwfv.exe
  C:\Windows\System\uvrWwfv.exe
  2⤵
  PID:6008
- C:\Windows\System\WipayDA.exe
  C:\Windows\System\WipayDA.exe
  2⤵
  PID:6160
- C:\Windows\System\KvKpvJu.exe
  C:\Windows\System\KvKpvJu.exe
  2⤵
  PID:6204
- C:\Windows\System\HRciRMD.exe
  C:\Windows\System\HRciRMD.exe
  2⤵
  PID:6224
- C:\Windows\System\KQbdUVQ.exe
  C:\Windows\System\KQbdUVQ.exe
  2⤵
  PID:6252
- C:\Windows\System\XDxUnaL.exe
  C:\Windows\System\XDxUnaL.exe
  2⤵
  PID:6284
- C:\Windows\System\HbDxaZU.exe
  C:\Windows\System\HbDxaZU.exe
  2⤵
  PID:6320
- C:\Windows\System\tlgWrBa.exe
  C:\Windows\System\tlgWrBa.exe
  2⤵
  PID:6340
- C:\Windows\System\nAsDzln.exe
  C:\Windows\System\nAsDzln.exe
  2⤵
  PID:6356
- C:\Windows\System\KlfRxRG.exe
  C:\Windows\System\KlfRxRG.exe
  2⤵
  PID:6388
- C:\Windows\System\RSGBvTf.exe
  C:\Windows\System\RSGBvTf.exe
  2⤵
  PID:6416
- C:\Windows\System\csGonYB.exe
  C:\Windows\System\csGonYB.exe
  2⤵
  PID:6460
- C:\Windows\System\VdOBXTR.exe
  C:\Windows\System\VdOBXTR.exe
  2⤵
  PID:6488
- C:\Windows\System\TXETBiB.exe
  C:\Windows\System\TXETBiB.exe
  2⤵
  PID:6508
- C:\Windows\System\HAwdpeP.exe
  C:\Windows\System\HAwdpeP.exe
  2⤵
  PID:6536
- C:\Windows\System\FdbhRvc.exe
  C:\Windows\System\FdbhRvc.exe
  2⤵
  PID:6564
- C:\Windows\System\PXabhjT.exe
  C:\Windows\System\PXabhjT.exe
  2⤵
  PID:6580
- C:\Windows\System\yKEvBeM.exe
  C:\Windows\System\yKEvBeM.exe
  2⤵
  PID:6616
- C:\Windows\System\WXwnrnO.exe
  C:\Windows\System\WXwnrnO.exe
  2⤵
  PID:6636
- C:\Windows\System\InzFFEz.exe
  C:\Windows\System\InzFFEz.exe
  2⤵
  PID:6660
- C:\Windows\System\fJZDPZM.exe
  C:\Windows\System\fJZDPZM.exe
  2⤵
  PID:6680
- C:\Windows\System\EpVpZKc.exe
  C:\Windows\System\EpVpZKc.exe
  2⤵
  PID:6716
- C:\Windows\System\NUojwQJ.exe
  C:\Windows\System\NUojwQJ.exe
  2⤵
  PID:6748
- C:\Windows\System\FfjaWmd.exe
  C:\Windows\System\FfjaWmd.exe
  2⤵
  PID:6780
- C:\Windows\System\WgYouhG.exe
  C:\Windows\System\WgYouhG.exe
  2⤵
  PID:6804
- C:\Windows\System\XreeFLi.exe
  C:\Windows\System\XreeFLi.exe
  2⤵
  PID:6840
- C:\Windows\System\MgUEFKF.exe
  C:\Windows\System\MgUEFKF.exe
  2⤵
  PID:6864
- C:\Windows\System\yjvQGSS.exe
  C:\Windows\System\yjvQGSS.exe
  2⤵
  PID:6900
- C:\Windows\System\GItYgwl.exe
  C:\Windows\System\GItYgwl.exe
  2⤵
  PID:6924
- C:\Windows\System\yGDNfHC.exe
  C:\Windows\System\yGDNfHC.exe
  2⤵
  PID:6964
- C:\Windows\System\vJobtuU.exe
  C:\Windows\System\vJobtuU.exe
  2⤵
  PID:6988
- C:\Windows\System\JexilEk.exe
  C:\Windows\System\JexilEk.exe
  2⤵
  PID:7004
- C:\Windows\System\OyUVVcL.exe
  C:\Windows\System\OyUVVcL.exe
  2⤵
  PID:7040
- C:\Windows\System\lzrXaju.exe
  C:\Windows\System\lzrXaju.exe
  2⤵
  PID:7068
- C:\Windows\System\tlATKai.exe
  C:\Windows\System\tlATKai.exe
  2⤵
  PID:7100
- C:\Windows\System\SvOSICj.exe
  C:\Windows\System\SvOSICj.exe
  2⤵
  PID:7128
- C:\Windows\System\blXVAXx.exe
  C:\Windows\System\blXVAXx.exe
  2⤵
  PID:7156
- C:\Windows\System\jzQnFuB.exe
  C:\Windows\System\jzQnFuB.exe
  2⤵
  PID:6192
- C:\Windows\System\TjppQsj.exe
  C:\Windows\System\TjppQsj.exe
  2⤵
  PID:6292
- C:\Windows\System\ohrDfti.exe
  C:\Windows\System\ohrDfti.exe
  2⤵
  PID:6328
- C:\Windows\System\VqLRyVG.exe
  C:\Windows\System\VqLRyVG.exe
  2⤵
  PID:6396
- C:\Windows\System\zHafHNu.exe
  C:\Windows\System\zHafHNu.exe
  2⤵
  PID:6480
- C:\Windows\System\Ngmjlvq.exe
  C:\Windows\System\Ngmjlvq.exe
  2⤵
  PID:6548
- C:\Windows\System\gQNYHhA.exe
  C:\Windows\System\gQNYHhA.exe
  2⤵
  PID:6576
- C:\Windows\System\kkNaGFz.exe
  C:\Windows\System\kkNaGFz.exe
  2⤵
  PID:6632
- C:\Windows\System\PRwITZO.exe
  C:\Windows\System\PRwITZO.exe
  2⤵
  PID:6708
- C:\Windows\System\cZybsOH.exe
  C:\Windows\System\cZybsOH.exe
  2⤵
  PID:6788
- C:\Windows\System\bluuDpa.exe
  C:\Windows\System\bluuDpa.exe
  2⤵
  PID:6824
- C:\Windows\System\XCfbFzm.exe
  C:\Windows\System\XCfbFzm.exe
  2⤵
  PID:6896
- C:\Windows\System\ZBuIlgH.exe
  C:\Windows\System\ZBuIlgH.exe
  2⤵
  PID:6956
- C:\Windows\System\oOtyRtB.exe
  C:\Windows\System\oOtyRtB.exe
  2⤵
  PID:7060
- C:\Windows\System\cQIClsd.exe
  C:\Windows\System\cQIClsd.exe
  2⤵
  PID:7116
- C:\Windows\System\NAPEYQd.exe
  C:\Windows\System\NAPEYQd.exe
  2⤵
  PID:7140
- C:\Windows\System\pSwzCak.exe
  C:\Windows\System\pSwzCak.exe
  2⤵
  PID:6268
- C:\Windows\System\YgohIPB.exe
  C:\Windows\System\YgohIPB.exe
  2⤵
  PID:6452
- C:\Windows\System\EDsYCNZ.exe
  C:\Windows\System\EDsYCNZ.exe
  2⤵
  PID:6528
- C:\Windows\System\PXuYsMR.exe
  C:\Windows\System\PXuYsMR.exe
  2⤵
  PID:5408
- C:\Windows\System\ObPPlBC.exe
  C:\Windows\System\ObPPlBC.exe
  2⤵
  PID:6760
- C:\Windows\System\gKyGEyL.exe
  C:\Windows\System\gKyGEyL.exe
  2⤵
  PID:6996
- C:\Windows\System\PQqSjTH.exe
  C:\Windows\System\PQqSjTH.exe
  2⤵
  PID:7144
- C:\Windows\System\xrnIIlN.exe
  C:\Windows\System\xrnIIlN.exe
  2⤵
  PID:6520
- C:\Windows\System\ANTKCvi.exe
  C:\Windows\System\ANTKCvi.exe
  2⤵
  PID:6656
- C:\Windows\System\iUHkagc.exe
  C:\Windows\System\iUHkagc.exe
  2⤵
  PID:6236
- C:\Windows\System\fmVKipY.exe
  C:\Windows\System\fmVKipY.exe
  2⤵
  PID:6852
- C:\Windows\System\SyCXPMA.exe
  C:\Windows\System\SyCXPMA.exe
  2⤵
  PID:6352
- C:\Windows\System\MxdrNRL.exe
  C:\Windows\System\MxdrNRL.exe
  2⤵
  PID:7200
- C:\Windows\System\QoLWKop.exe
  C:\Windows\System\QoLWKop.exe
  2⤵
  PID:7228
- C:\Windows\System\APZAlyB.exe
  C:\Windows\System\APZAlyB.exe
  2⤵
  PID:7244
- C:\Windows\System\PfABrkg.exe
  C:\Windows\System\PfABrkg.exe
  2⤵
  PID:7272
- C:\Windows\System\KLfokYi.exe
  C:\Windows\System\KLfokYi.exe
  2⤵
  PID:7304
- C:\Windows\System\bzuwGGJ.exe
  C:\Windows\System\bzuwGGJ.exe
  2⤵
  PID:7332
- C:\Windows\System\EUbhRrq.exe
  C:\Windows\System\EUbhRrq.exe
  2⤵
  PID:7356
- C:\Windows\System\pLgDEWX.exe
  C:\Windows\System\pLgDEWX.exe
  2⤵
  PID:7376
- C:\Windows\System\YtgbwLZ.exe
  C:\Windows\System\YtgbwLZ.exe
  2⤵
  PID:7408
- C:\Windows\System\UukfrVn.exe
  C:\Windows\System\UukfrVn.exe
  2⤵
  PID:7444
- C:\Windows\System\DPySung.exe
  C:\Windows\System\DPySung.exe
  2⤵
  PID:7480
- C:\Windows\System\BUObEjZ.exe
  C:\Windows\System\BUObEjZ.exe
  2⤵
  PID:7516
- C:\Windows\System\KZGZEke.exe
  C:\Windows\System\KZGZEke.exe
  2⤵
  PID:7544
- C:\Windows\System\sapmqNx.exe
  C:\Windows\System\sapmqNx.exe
  2⤵
  PID:7568
- C:\Windows\System\cBDOoSb.exe
  C:\Windows\System\cBDOoSb.exe
  2⤵
  PID:7592
- C:\Windows\System\FRiYhdH.exe
  C:\Windows\System\FRiYhdH.exe
  2⤵
  PID:7620
- C:\Windows\System\fLiZLfl.exe
  C:\Windows\System\fLiZLfl.exe
  2⤵
  PID:7648
- C:\Windows\System\TYCLBJI.exe
  C:\Windows\System\TYCLBJI.exe
  2⤵
  PID:7672
- C:\Windows\System\cheJhTH.exe
  C:\Windows\System\cheJhTH.exe
  2⤵
  PID:7700
- C:\Windows\System\kipHNYP.exe
  C:\Windows\System\kipHNYP.exe
  2⤵
  PID:7744
- C:\Windows\System\GDNsasq.exe
  C:\Windows\System\GDNsasq.exe
  2⤵
  PID:7776
- C:\Windows\System\EqBsKri.exe
  C:\Windows\System\EqBsKri.exe
  2⤵
  PID:7804
- C:\Windows\System\bocvnIX.exe
  C:\Windows\System\bocvnIX.exe
  2⤵
  PID:7832
- C:\Windows\System\sSOKGfV.exe
  C:\Windows\System\sSOKGfV.exe
  2⤵
  PID:7868
- C:\Windows\System\bJQPrjO.exe
  C:\Windows\System\bJQPrjO.exe
  2⤵
  PID:7896
- C:\Windows\System\RsbornF.exe
  C:\Windows\System\RsbornF.exe
  2⤵
  PID:7924
- C:\Windows\System\RKyJKsx.exe
  C:\Windows\System\RKyJKsx.exe
  2⤵
  PID:7940
- C:\Windows\System\OGhqaFW.exe
  C:\Windows\System\OGhqaFW.exe
  2⤵
  PID:7968
- C:\Windows\System\oAruYkq.exe
  C:\Windows\System\oAruYkq.exe
  2⤵
  PID:8024
- C:\Windows\System\ONWooxM.exe
  C:\Windows\System\ONWooxM.exe
  2⤵
  PID:8052
- C:\Windows\System\htgvJLJ.exe
  C:\Windows\System\htgvJLJ.exe
  2⤵
  PID:8068
- C:\Windows\System\YgIZOMS.exe
  C:\Windows\System\YgIZOMS.exe
  2⤵
  PID:8108
- C:\Windows\System\bOhxiPs.exe
  C:\Windows\System\bOhxiPs.exe
  2⤵
  PID:8132
- C:\Windows\System\boyMVGk.exe
  C:\Windows\System\boyMVGk.exe
  2⤵
  PID:8160
- C:\Windows\System\rxthKis.exe
  C:\Windows\System\rxthKis.exe
  2⤵
  PID:7176
- C:\Windows\System\yZrblRt.exe
  C:\Windows\System\yZrblRt.exe
  2⤵
  PID:7220
- C:\Windows\System\SphFYGc.exe
  C:\Windows\System\SphFYGc.exe
  2⤵
  PID:7288
- C:\Windows\System\vvONQvI.exe
  C:\Windows\System\vvONQvI.exe
  2⤵
  PID:7316
- C:\Windows\System\JoMapoA.exe
  C:\Windows\System\JoMapoA.exe
  2⤵
  PID:7364
- C:\Windows\System\gOyOwnC.exe
  C:\Windows\System\gOyOwnC.exe
  2⤵
  PID:7416
- C:\Windows\System\ThMXpsW.exe
  C:\Windows\System\ThMXpsW.exe
  2⤵
  PID:7456
- C:\Windows\System\KVfmwnV.exe
  C:\Windows\System\KVfmwnV.exe
  2⤵
  PID:7536
- C:\Windows\System\JeWyJSU.exe
  C:\Windows\System\JeWyJSU.exe
  2⤵
  PID:7628
- C:\Windows\System\mrpbLVe.exe
  C:\Windows\System\mrpbLVe.exe
  2⤵
  PID:7684
- C:\Windows\System\FaHFlPO.exe
  C:\Windows\System\FaHFlPO.exe
  2⤵
  PID:7792
- C:\Windows\System\iNHCjwO.exe
  C:\Windows\System\iNHCjwO.exe
  2⤵
  PID:7856
- C:\Windows\System\wfhZYKR.exe
  C:\Windows\System\wfhZYKR.exe
  2⤵
  PID:7988
- C:\Windows\System\aSQzZhm.exe
  C:\Windows\System\aSQzZhm.exe
  2⤵
  PID:8044
- C:\Windows\System\yLqAYaE.exe
  C:\Windows\System\yLqAYaE.exe
  2⤵
  PID:8100
- C:\Windows\System\vaNOCAV.exe
  C:\Windows\System\vaNOCAV.exe
  2⤵
  PID:8148
- C:\Windows\System\EiKGOFB.exe
  C:\Windows\System\EiKGOFB.exe
  2⤵
  PID:7192
- C:\Windows\System\TquqYaI.exe
  C:\Windows\System\TquqYaI.exe
  2⤵
  PID:7424
- C:\Windows\System\MhAEgOm.exe
  C:\Windows\System\MhAEgOm.exe
  2⤵
  PID:7612
- C:\Windows\System\SXHfPAx.exe
  C:\Windows\System\SXHfPAx.exe
  2⤵
  PID:7756
- C:\Windows\System\UrmOzzV.exe
  C:\Windows\System\UrmOzzV.exe
  2⤵
  PID:7820
- C:\Windows\System\JymvxYY.exe
  C:\Windows\System\JymvxYY.exe
  2⤵
  PID:8088
- C:\Windows\System\YnWsiQL.exe
  C:\Windows\System\YnWsiQL.exe
  2⤵
  PID:8156
- C:\Windows\System\mYEzkdr.exe
  C:\Windows\System\mYEzkdr.exe
  2⤵
  PID:7656
- C:\Windows\System\MmLaysQ.exe
  C:\Windows\System\MmLaysQ.exe
  2⤵
  PID:7800
- C:\Windows\System\NJPmCGH.exe
  C:\Windows\System\NJPmCGH.exe
  2⤵
  PID:7512
- C:\Windows\System\lbIDPAg.exe
  C:\Windows\System\lbIDPAg.exe
  2⤵
  PID:8208
- C:\Windows\System\yfZoEul.exe
  C:\Windows\System\yfZoEul.exe
  2⤵
  PID:8240
- C:\Windows\System\POXdHGS.exe
  C:\Windows\System\POXdHGS.exe
  2⤵
  PID:8268
- C:\Windows\System\izmqCoE.exe
  C:\Windows\System\izmqCoE.exe
  2⤵
  PID:8304
- C:\Windows\System\SspOKbV.exe
  C:\Windows\System\SspOKbV.exe
  2⤵
  PID:8324
- C:\Windows\System\sTvbUUW.exe
  C:\Windows\System\sTvbUUW.exe
  2⤵
  PID:8356
- C:\Windows\System\YmukcDQ.exe
  C:\Windows\System\YmukcDQ.exe
  2⤵
  PID:8384
- C:\Windows\System\LRgkVUs.exe
  C:\Windows\System\LRgkVUs.exe
  2⤵
  PID:8408
- C:\Windows\System\eyPXpua.exe
  C:\Windows\System\eyPXpua.exe
  2⤵
  PID:8440
- C:\Windows\System\bTRmvei.exe
  C:\Windows\System\bTRmvei.exe
  2⤵
  PID:8464
- C:\Windows\System\UnhQrDP.exe
  C:\Windows\System\UnhQrDP.exe
  2⤵
  PID:8500
- C:\Windows\System\sMwKnVW.exe
  C:\Windows\System\sMwKnVW.exe
  2⤵
  PID:8532
- C:\Windows\System\phWiJBK.exe
  C:\Windows\System\phWiJBK.exe
  2⤵
  PID:8560
- C:\Windows\System\OBMBTJu.exe
  C:\Windows\System\OBMBTJu.exe
  2⤵
  PID:8592
- C:\Windows\System\aTorXUO.exe
  C:\Windows\System\aTorXUO.exe
  2⤵
  PID:8624
- C:\Windows\System\XPcchLZ.exe
  C:\Windows\System\XPcchLZ.exe
  2⤵
  PID:8652
- C:\Windows\System\gtDOmvZ.exe
  C:\Windows\System\gtDOmvZ.exe
  2⤵
  PID:8680
- C:\Windows\System\QwXEkWm.exe
  C:\Windows\System\QwXEkWm.exe
  2⤵
  PID:8704
- C:\Windows\System\uuhvnWu.exe
  C:\Windows\System\uuhvnWu.exe
  2⤵
  PID:8736
- C:\Windows\System\rPDcruN.exe
  C:\Windows\System\rPDcruN.exe
  2⤵
  PID:8760
- C:\Windows\System\DCACAmd.exe
  C:\Windows\System\DCACAmd.exe
  2⤵
  PID:8800
- C:\Windows\System\xAQTuFH.exe
  C:\Windows\System\xAQTuFH.exe
  2⤵
  PID:8832
- C:\Windows\System\zfRmjuG.exe
  C:\Windows\System\zfRmjuG.exe
  2⤵
  PID:8860
- C:\Windows\System\PNDOcJK.exe
  C:\Windows\System\PNDOcJK.exe
  2⤵
  PID:8880
- C:\Windows\System\aokPKqk.exe
  C:\Windows\System\aokPKqk.exe
  2⤵
  PID:8912
- C:\Windows\System\yaKLjJF.exe
  C:\Windows\System\yaKLjJF.exe
  2⤵
  PID:8944
- C:\Windows\System\CggRrmK.exe
  C:\Windows\System\CggRrmK.exe
  2⤵
  PID:8980
- C:\Windows\System\xmtGMkW.exe
  C:\Windows\System\xmtGMkW.exe
  2⤵
  PID:9020
- C:\Windows\System\WfDvKlR.exe
  C:\Windows\System\WfDvKlR.exe
  2⤵
  PID:9048
- C:\Windows\System\USUgFUW.exe
  C:\Windows\System\USUgFUW.exe
  2⤵
  PID:9080
- C:\Windows\System\EjvEHQf.exe
  C:\Windows\System\EjvEHQf.exe
  2⤵
  PID:9112
- C:\Windows\System\kMqhoie.exe
  C:\Windows\System\kMqhoie.exe
  2⤵
  PID:9176
- C:\Windows\System\jRSKNar.exe
  C:\Windows\System\jRSKNar.exe
  2⤵
  PID:9204
- C:\Windows\System\oehjZzD.exe
  C:\Windows\System\oehjZzD.exe
  2⤵
  PID:8220
- C:\Windows\System\KLhwnDo.exe
  C:\Windows\System\KLhwnDo.exe
  2⤵
  PID:8256
- C:\Windows\System\lXAjMcY.exe
  C:\Windows\System\lXAjMcY.exe
  2⤵
  PID:8364
- C:\Windows\System\hKMBfCB.exe
  C:\Windows\System\hKMBfCB.exe
  2⤵
  PID:8428
- C:\Windows\System\tHXyvPL.exe
  C:\Windows\System\tHXyvPL.exe
  2⤵
  PID:8600
- C:\Windows\System\ftNqxkD.exe
  C:\Windows\System\ftNqxkD.exe
  2⤵
  PID:8644
- C:\Windows\System\yJupdgp.exe
  C:\Windows\System\yJupdgp.exe
  2⤵
  PID:8552
- C:\Windows\System\futyCnQ.exe
  C:\Windows\System\futyCnQ.exe
  2⤵
  PID:8728
- C:\Windows\System\XwQACxg.exe
  C:\Windows\System\XwQACxg.exe
  2⤵
  PID:8696
- C:\Windows\System\JWrZWoS.exe
  C:\Windows\System\JWrZWoS.exe
  2⤵
  PID:8856
- C:\Windows\System\aLoSvQc.exe
  C:\Windows\System\aLoSvQc.exe
  2⤵
  PID:8848
- C:\Windows\System\CIuCtho.exe
  C:\Windows\System\CIuCtho.exe
  2⤵
  PID:8888
- C:\Windows\System\MazymNK.exe
  C:\Windows\System\MazymNK.exe
  2⤵
  PID:9000
- C:\Windows\System\htTdVcj.exe
  C:\Windows\System\htTdVcj.exe
  2⤵
  PID:9064
- C:\Windows\System\vlZRYlJ.exe
  C:\Windows\System\vlZRYlJ.exe
  2⤵
  PID:8276
- C:\Windows\System\iCiPiaH.exe
  C:\Windows\System\iCiPiaH.exe
  2⤵
  PID:8416
- C:\Windows\System\gSlAgVZ.exe
  C:\Windows\System\gSlAgVZ.exe
  2⤵
  PID:8572
- C:\Windows\System\GtjwVZR.exe
  C:\Windows\System\GtjwVZR.exe
  2⤵
  PID:8780
- C:\Windows\System\CUBSZBu.exe
  C:\Windows\System\CUBSZBu.exe
  2⤵
  PID:8772
- C:\Windows\System\qWDplHg.exe
  C:\Windows\System\qWDplHg.exe
  2⤵
  PID:8992
- C:\Windows\System\IivPbgq.exe
  C:\Windows\System\IivPbgq.exe
  2⤵
  PID:8348
- C:\Windows\System\bsMZopS.exe
  C:\Windows\System\bsMZopS.exe
  2⤵
  PID:8692
- C:\Windows\System\aHEcYtI.exe
  C:\Windows\System\aHEcYtI.exe
  2⤵
  PID:8904
- C:\Windows\System\RgGCHzB.exe
  C:\Windows\System\RgGCHzB.exe
  2⤵
  PID:8972
- C:\Windows\System\NQHcNwP.exe
  C:\Windows\System\NQHcNwP.exe
  2⤵
  PID:9240
- C:\Windows\System\KmLAMOq.exe
  C:\Windows\System\KmLAMOq.exe
  2⤵
  PID:9260
- C:\Windows\System\KWTEEns.exe
  C:\Windows\System\KWTEEns.exe
  2⤵
  PID:9304
- C:\Windows\System\popqcaP.exe
  C:\Windows\System\popqcaP.exe
  2⤵
  PID:9332
- C:\Windows\System\WwMZAJl.exe
  C:\Windows\System\WwMZAJl.exe
  2⤵
  PID:9364
- C:\Windows\System\VRjUWIP.exe
  C:\Windows\System\VRjUWIP.exe
  2⤵
  PID:9388
- C:\Windows\System\daqlwty.exe
  C:\Windows\System\daqlwty.exe
  2⤵
  PID:9424
- C:\Windows\System\DrgIYLz.exe
  C:\Windows\System\DrgIYLz.exe
  2⤵
  PID:9456
- C:\Windows\System\nWYefgd.exe
  C:\Windows\System\nWYefgd.exe
  2⤵
  PID:9492
- C:\Windows\System\xeHJUBt.exe
  C:\Windows\System\xeHJUBt.exe
  2⤵
  PID:9520
- C:\Windows\System\ZgnMMMP.exe
  C:\Windows\System\ZgnMMMP.exe
  2⤵
  PID:9536
- C:\Windows\System\vUOjdUd.exe
  C:\Windows\System\vUOjdUd.exe
  2⤵
  PID:9552
- C:\Windows\System\CWZcyqD.exe
  C:\Windows\System\CWZcyqD.exe
  2⤵
  PID:9572
- C:\Windows\System\MuJGwjb.exe
  C:\Windows\System\MuJGwjb.exe
  2⤵
  PID:9616
- C:\Windows\System\rmLcLSp.exe
  C:\Windows\System\rmLcLSp.exe
  2⤵
  PID:9644
- C:\Windows\System\oxmCJli.exe
  C:\Windows\System\oxmCJli.exe
  2⤵
  PID:9672
- C:\Windows\System\qxpJdGZ.exe
  C:\Windows\System\qxpJdGZ.exe
  2⤵
  PID:9708
- C:\Windows\System\OlxHQzP.exe
  C:\Windows\System\OlxHQzP.exe
  2⤵
  PID:9736
- C:\Windows\System\ixNuHgE.exe
  C:\Windows\System\ixNuHgE.exe
  2⤵
  PID:9776
- C:\Windows\System\iOsDcmV.exe
  C:\Windows\System\iOsDcmV.exe
  2⤵
  PID:9796
- C:\Windows\System\pnsLzpn.exe
  C:\Windows\System\pnsLzpn.exe
  2⤵
  PID:9828
- C:\Windows\System\EVJZexL.exe
  C:\Windows\System\EVJZexL.exe
  2⤵
  PID:9852
- C:\Windows\System\OUgGGsv.exe
  C:\Windows\System\OUgGGsv.exe
  2⤵
  PID:9904
- C:\Windows\System\fVnkDKM.exe
  C:\Windows\System\fVnkDKM.exe
  2⤵
  PID:9944
- C:\Windows\System\MExxTrS.exe
  C:\Windows\System\MExxTrS.exe
  2⤵
  PID:9960
- C:\Windows\System\BtmUmDe.exe
  C:\Windows\System\BtmUmDe.exe
  2⤵
  PID:9976
- C:\Windows\System\cfFuHWp.exe
  C:\Windows\System\cfFuHWp.exe
  2⤵
  PID:10000
- C:\Windows\System\bhgJGBI.exe
  C:\Windows\System\bhgJGBI.exe
  2⤵
  PID:10020
- C:\Windows\System\ZTnIbNC.exe
  C:\Windows\System\ZTnIbNC.exe
  2⤵
  PID:10056
- C:\Windows\System\WCqeWAz.exe
  C:\Windows\System\WCqeWAz.exe
  2⤵
  PID:10088
- C:\Windows\System\PYlitXy.exe
  C:\Windows\System\PYlitXy.exe
  2⤵
  PID:10128
- C:\Windows\System\TAWHOSo.exe
  C:\Windows\System\TAWHOSo.exe
  2⤵
  PID:10152
- C:\Windows\System\JQsYFHf.exe
  C:\Windows\System\JQsYFHf.exe
  2⤵
  PID:10180
- C:\Windows\System\CSmvgyN.exe
  C:\Windows\System\CSmvgyN.exe
  2⤵
  PID:10208
- C:\Windows\System\qPMMUNy.exe
  C:\Windows\System\qPMMUNy.exe
  2⤵
  PID:9104
- C:\Windows\System\BvnJXfm.exe
  C:\Windows\System\BvnJXfm.exe
  2⤵
  PID:8616
- C:\Windows\System\pAMonvM.exe
  C:\Windows\System\pAMonvM.exe
  2⤵
  PID:9276
- C:\Windows\System\KhEtODn.exe
  C:\Windows\System\KhEtODn.exe
  2⤵
  PID:9316
- C:\Windows\System\ssqDFdI.exe
  C:\Windows\System\ssqDFdI.exe
  2⤵
  PID:9400
- C:\Windows\System\VJnLxZE.exe
  C:\Windows\System\VJnLxZE.exe
  2⤵
  PID:9444
- C:\Windows\System\qAoAzFs.exe
  C:\Windows\System\qAoAzFs.exe
  2⤵
  PID:9568
- C:\Windows\System\ccduGkP.exe
  C:\Windows\System\ccduGkP.exe
  2⤵
  PID:9580
- C:\Windows\System\WnRsULg.exe
  C:\Windows\System\WnRsULg.exe
  2⤵
  PID:9604
- C:\Windows\System\yLzsvAg.exe
  C:\Windows\System\yLzsvAg.exe
  2⤵
  PID:9760
- C:\Windows\System\eNWjJtK.exe
  C:\Windows\System\eNWjJtK.exe
  2⤵
  PID:9788
- C:\Windows\System\TyJmqKt.exe
  C:\Windows\System\TyJmqKt.exe
  2⤵
  PID:9848
- C:\Windows\System\vvIPhkn.exe
  C:\Windows\System\vvIPhkn.exe
  2⤵
  PID:9952
- C:\Windows\System\aijHBls.exe
  C:\Windows\System\aijHBls.exe
  2⤵
  PID:9956
- C:\Windows\System\qLaRpKS.exe
  C:\Windows\System\qLaRpKS.exe
  2⤵
  PID:10052
- C:\Windows\System\WkFYblS.exe
  C:\Windows\System\WkFYblS.exe
  2⤵
  PID:10096
- C:\Windows\System\wxgvlIt.exe
  C:\Windows\System\wxgvlIt.exe
  2⤵
  PID:10140
- C:\Windows\System\RcdiWlF.exe
  C:\Windows\System\RcdiWlF.exe
  2⤵
  PID:10224
- C:\Windows\System\claKjsu.exe
  C:\Windows\System\claKjsu.exe
  2⤵
  PID:9236
- C:\Windows\System\mBGXigZ.exe
  C:\Windows\System\mBGXigZ.exe
  2⤵
  PID:9436
- C:\Windows\System\hCvqgzQ.exe
  C:\Windows\System\hCvqgzQ.exe
  2⤵
  PID:9596
- C:\Windows\System\vVntYjw.exe
  C:\Windows\System\vVntYjw.exe
  2⤵
  PID:9684
- C:\Windows\System\CdnUyui.exe
  C:\Windows\System\CdnUyui.exe
  2⤵
  PID:9924
- C:\Windows\System\ShjsNQJ.exe
  C:\Windows\System\ShjsNQJ.exe
  2⤵
  PID:10144
- C:\Windows\System\pybfYhI.exe
  C:\Windows\System\pybfYhI.exe
  2⤵
  PID:9348
- C:\Windows\System\inlpwba.exe
  C:\Windows\System\inlpwba.exe
  2⤵
  PID:9472
- C:\Windows\System\DhsvAtf.exe
  C:\Windows\System\DhsvAtf.exe
  2⤵
  PID:9928
- C:\Windows\System\aUahVZr.exe
  C:\Windows\System\aUahVZr.exe
  2⤵
  PID:10252
- C:\Windows\System\YMFCYGI.exe
  C:\Windows\System\YMFCYGI.exe
  2⤵
  PID:10292
- C:\Windows\System\jmbHplR.exe
  C:\Windows\System\jmbHplR.exe
  2⤵
  PID:10316
- C:\Windows\System\DiLmEyo.exe
  C:\Windows\System\DiLmEyo.exe
  2⤵
  PID:10344
- C:\Windows\System\OonPUzH.exe
  C:\Windows\System\OonPUzH.exe
  2⤵
  PID:10372
- C:\Windows\System\vXMzxBk.exe
  C:\Windows\System\vXMzxBk.exe
  2⤵
  PID:10404
- C:\Windows\System\GrdjcLC.exe
  C:\Windows\System\GrdjcLC.exe
  2⤵
  PID:10432
- C:\Windows\System\TrMbneX.exe
  C:\Windows\System\TrMbneX.exe
  2⤵
  PID:10468
- C:\Windows\System\dppFEjE.exe
  C:\Windows\System\dppFEjE.exe
  2⤵
  PID:10500
- C:\Windows\System\MCYIxYi.exe
  C:\Windows\System\MCYIxYi.exe
  2⤵
  PID:10528
- C:\Windows\System\QzHscmW.exe
  C:\Windows\System\QzHscmW.exe
  2⤵
  PID:10544
- C:\Windows\System\ePEywxA.exe
  C:\Windows\System\ePEywxA.exe
  2⤵
  PID:10580
- C:\Windows\System\Momgoto.exe
  C:\Windows\System\Momgoto.exe
  2⤵
  PID:10612
- C:\Windows\System\oTQLrfR.exe
  C:\Windows\System\oTQLrfR.exe
  2⤵
  PID:10648
- C:\Windows\System\weAzVsY.exe
  C:\Windows\System\weAzVsY.exe
  2⤵
  PID:10668
- C:\Windows\System\lbWxsEd.exe
  C:\Windows\System\lbWxsEd.exe
  2⤵
  PID:10688
- C:\Windows\System\MXXOKyQ.exe
  C:\Windows\System\MXXOKyQ.exe
  2⤵
  PID:10720
- C:\Windows\System\uuQglZS.exe
  C:\Windows\System\uuQglZS.exe
  2⤵
  PID:10752
- C:\Windows\System\YeoaVeD.exe
  C:\Windows\System\YeoaVeD.exe
  2⤵
  PID:10768
- C:\Windows\System\VUGbmEH.exe
  C:\Windows\System\VUGbmEH.exe
  2⤵
  PID:10808
- C:\Windows\System\aaAOxtR.exe
  C:\Windows\System\aaAOxtR.exe
  2⤵
  PID:10824
- C:\Windows\System\PErJtOI.exe
  C:\Windows\System\PErJtOI.exe
  2⤵
  PID:10852
- C:\Windows\System\DhTvIyY.exe
  C:\Windows\System\DhTvIyY.exe
  2⤵
  PID:10884
- C:\Windows\System\OghNuDA.exe
  C:\Windows\System\OghNuDA.exe
  2⤵
  PID:10920
- C:\Windows\System\eUUuqpO.exe
  C:\Windows\System\eUUuqpO.exe
  2⤵
  PID:10948
- C:\Windows\System\LFYTOXp.exe
  C:\Windows\System\LFYTOXp.exe
  2⤵
  PID:10988
- C:\Windows\System\rLlxwnU.exe
  C:\Windows\System\rLlxwnU.exe
  2⤵
  PID:11004
- C:\Windows\System\rtskJig.exe
  C:\Windows\System\rtskJig.exe
  2⤵
  PID:11024
- C:\Windows\System\iTWeIVK.exe
  C:\Windows\System\iTWeIVK.exe
  2⤵
  PID:11048
- C:\Windows\System\tcoagWo.exe
  C:\Windows\System\tcoagWo.exe
  2⤵
  PID:11080
- C:\Windows\System\rKzmlLh.exe
  C:\Windows\System\rKzmlLh.exe
  2⤵
  PID:11108
- C:\Windows\System\DiegPLy.exe
  C:\Windows\System\DiegPLy.exe
  2⤵
  PID:11140
- C:\Windows\System\tDOsINH.exe
  C:\Windows\System\tDOsINH.exe
  2⤵
  PID:11172
- C:\Windows\System\xqoKrin.exe
  C:\Windows\System\xqoKrin.exe
  2⤵
  PID:11196
- C:\Windows\System\aISymTI.exe
  C:\Windows\System\aISymTI.exe
  2⤵
  PID:11224
- C:\Windows\System\uerctfX.exe
  C:\Windows\System\uerctfX.exe
  2⤵
  PID:11248
- C:\Windows\System\cYOOcvY.exe
  C:\Windows\System\cYOOcvY.exe
  2⤵
  PID:10012
- C:\Windows\System\DUoIVAt.exe
  C:\Windows\System\DUoIVAt.exe
  2⤵
  PID:9724
- C:\Windows\System\jYLVSse.exe
  C:\Windows\System\jYLVSse.exe
  2⤵
  PID:10364
- C:\Windows\System\jxjEwje.exe
  C:\Windows\System\jxjEwje.exe
  2⤵
  PID:10336
- C:\Windows\System\MYKQfeS.exe
  C:\Windows\System\MYKQfeS.exe
  2⤵
  PID:10416
- C:\Windows\System\VEtmzVm.exe
  C:\Windows\System\VEtmzVm.exe
  2⤵
  PID:10456
- C:\Windows\System\ktzUBie.exe
  C:\Windows\System\ktzUBie.exe
  2⤵
  PID:10512
- C:\Windows\System\XXQIGxY.exe
  C:\Windows\System\XXQIGxY.exe
  2⤵
  PID:10596
- C:\Windows\System\kkHPsaq.exe
  C:\Windows\System\kkHPsaq.exe
  2⤵
  PID:10660
- C:\Windows\System\rAnCiGT.exe
  C:\Windows\System\rAnCiGT.exe
  2⤵
  PID:10676
- C:\Windows\System\XtnwAGO.exe
  C:\Windows\System\XtnwAGO.exe
  2⤵
  PID:10792
- C:\Windows\System\knIAOoS.exe
  C:\Windows\System\knIAOoS.exe
  2⤵
  PID:10892
- C:\Windows\System\PrubcOd.exe
  C:\Windows\System\PrubcOd.exe
  2⤵
  PID:10940
- C:\Windows\System\zNJFgRc.exe
  C:\Windows\System\zNJFgRc.exe
  2⤵
  PID:10976
- C:\Windows\System\fJwtiAZ.exe
  C:\Windows\System\fJwtiAZ.exe
  2⤵
  PID:11072
- C:\Windows\System\UShwOub.exe
  C:\Windows\System\UShwOub.exe
  2⤵
  PID:11132
- C:\Windows\System\gdJzkDe.exe
  C:\Windows\System\gdJzkDe.exe
  2⤵
  PID:11216
- C:\Windows\System\dMQXzkk.exe
  C:\Windows\System\dMQXzkk.exe
  2⤵
  PID:10264
- C:\Windows\System\DhUBFpZ.exe
  C:\Windows\System\DhUBFpZ.exe
  2⤵
  PID:10276
- C:\Windows\System\mcXWUwk.exe
  C:\Windows\System\mcXWUwk.exe
  2⤵
  PID:10520
- C:\Windows\System\FuhTtve.exe
  C:\Windows\System\FuhTtve.exe
  2⤵
  PID:10740
- C:\Windows\System\dKvsgLw.exe
  C:\Windows\System\dKvsgLw.exe
  2⤵
  PID:10624
- C:\Windows\System\TYCWtkS.exe
  C:\Windows\System\TYCWtkS.exe
  2⤵
  PID:10840
- C:\Windows\System\YoPhmht.exe
  C:\Windows\System\YoPhmht.exe
  2⤵
  PID:11064
- C:\Windows\System\YlCzttF.exe
  C:\Windows\System\YlCzttF.exe
  2⤵
  PID:11220
- C:\Windows\System\TGSGMok.exe
  C:\Windows\System\TGSGMok.exe
  2⤵
  PID:10484
- C:\Windows\System\WUfndvX.exe
  C:\Windows\System\WUfndvX.exe
  2⤵
  PID:10788
- C:\Windows\System\wHsvssu.exe
  C:\Windows\System\wHsvssu.exe
  2⤵
  PID:11020
- C:\Windows\System\AdGojbq.exe
  C:\Windows\System\AdGojbq.exe
  2⤵
  PID:10628
- C:\Windows\System\KTIMLPN.exe
  C:\Windows\System\KTIMLPN.exe
  2⤵
  PID:11292
- C:\Windows\System\rjHJXEV.exe
  C:\Windows\System\rjHJXEV.exe
  2⤵
  PID:11324
- C:\Windows\System\UwQOUok.exe
  C:\Windows\System\UwQOUok.exe
  2⤵
  PID:11352
- C:\Windows\System\bWBVTkx.exe
  C:\Windows\System\bWBVTkx.exe
  2⤵
  PID:11384
- C:\Windows\System\HyDIbma.exe
  C:\Windows\System\HyDIbma.exe
  2⤵
  PID:11408
- C:\Windows\System\qeNmJoP.exe
  C:\Windows\System\qeNmJoP.exe
  2⤵
  PID:11436
- C:\Windows\System\uuZuaMl.exe
  C:\Windows\System\uuZuaMl.exe
  2⤵
  PID:11464
- C:\Windows\System\ALTvXxk.exe
  C:\Windows\System\ALTvXxk.exe
  2⤵
  PID:11504
- C:\Windows\System\QNUmKAq.exe
  C:\Windows\System\QNUmKAq.exe
  2⤵
  PID:11528
- C:\Windows\System\FGMtobG.exe
  C:\Windows\System\FGMtobG.exe
  2⤵
  PID:11548
- C:\Windows\System\tUpJWJN.exe
  C:\Windows\System\tUpJWJN.exe
  2⤵
  PID:11576
- C:\Windows\System\hOckgaw.exe
  C:\Windows\System\hOckgaw.exe
  2⤵
  PID:11604
- C:\Windows\System\nHyVjYR.exe
  C:\Windows\System\nHyVjYR.exe
  2⤵
  PID:11632
- C:\Windows\System\NBGYrXN.exe
  C:\Windows\System\NBGYrXN.exe
  2⤵
  PID:11664
- C:\Windows\System\SolvVsP.exe
  C:\Windows\System\SolvVsP.exe
  2⤵
  PID:11688
- C:\Windows\System\XSvodoI.exe
  C:\Windows\System\XSvodoI.exe
  2⤵
  PID:11704
- C:\Windows\System\yxQgGMY.exe
  C:\Windows\System\yxQgGMY.exe
  2⤵
  PID:11736
- C:\Windows\System\ZzotJsQ.exe
  C:\Windows\System\ZzotJsQ.exe
  2⤵
  PID:11764
- C:\Windows\System\nwznzeT.exe
  C:\Windows\System\nwznzeT.exe
  2⤵
  PID:11788
- C:\Windows\System\QvOWZUb.exe
  C:\Windows\System\QvOWZUb.exe
  2⤵
  PID:11812
- C:\Windows\System\NfxFomv.exe
  C:\Windows\System\NfxFomv.exe
  2⤵
  PID:11844
- C:\Windows\System\zsrkWKB.exe
  C:\Windows\System\zsrkWKB.exe
  2⤵
  PID:11860
- C:\Windows\System\YhivRhO.exe
  C:\Windows\System\YhivRhO.exe
  2⤵
  PID:11884
- C:\Windows\System\krrZwPY.exe
  C:\Windows\System\krrZwPY.exe
  2⤵
  PID:11920
- C:\Windows\System\WhWVynT.exe
  C:\Windows\System\WhWVynT.exe
  2⤵
  PID:11948
- C:\Windows\System\JtKnFFI.exe
  C:\Windows\System\JtKnFFI.exe
  2⤵
  PID:11976
- C:\Windows\System\PDIRfRB.exe
  C:\Windows\System\PDIRfRB.exe
  2⤵
  PID:12000
- C:\Windows\System\gsgHNoP.exe
  C:\Windows\System\gsgHNoP.exe
  2⤵
  PID:12016
- C:\Windows\System\NWHQnkW.exe
  C:\Windows\System\NWHQnkW.exe
  2⤵
  PID:12040
- C:\Windows\System\jQQhWLx.exe
  C:\Windows\System\jQQhWLx.exe
  2⤵
  PID:12076
- C:\Windows\System\CHnMMWb.exe
  C:\Windows\System\CHnMMWb.exe
  2⤵
  PID:12112
- C:\Windows\System\zAMkiJN.exe
  C:\Windows\System\zAMkiJN.exe
  2⤵
  PID:12136
- C:\Windows\System\sLLGseM.exe
  C:\Windows\System\sLLGseM.exe
  2⤵
  PID:12164
- C:\Windows\System\vKlmOlU.exe
  C:\Windows\System\vKlmOlU.exe
  2⤵
  PID:12192
- C:\Windows\System\IVzxKDi.exe
  C:\Windows\System\IVzxKDi.exe
  2⤵
  PID:12224
- C:\Windows\System\sBeUPJN.exe
  C:\Windows\System\sBeUPJN.exe
  2⤵
  PID:12256
- C:\Windows\System\XLQCkDn.exe
  C:\Windows\System\XLQCkDn.exe
  2⤵
  PID:9504
- C:\Windows\System\qFUnSQJ.exe
  C:\Windows\System\qFUnSQJ.exe
  2⤵
  PID:11300
- C:\Windows\System\DdAcxYF.exe
  C:\Windows\System\DdAcxYF.exe
  2⤵
  PID:11344
- C:\Windows\System\FccxJIn.exe
  C:\Windows\System\FccxJIn.exe
  2⤵
  PID:11360
- C:\Windows\System\IKDNomE.exe
  C:\Windows\System\IKDNomE.exe
  2⤵
  PID:11420
- C:\Windows\System\gcKZJLA.exe
  C:\Windows\System\gcKZJLA.exe
  2⤵
  PID:11544
- C:\Windows\System\sPlVsZT.exe
  C:\Windows\System\sPlVsZT.exe
  2⤵
  PID:11592
- C:\Windows\System\OPUtayG.exe
  C:\Windows\System\OPUtayG.exe
  2⤵
  PID:11684
- C:\Windows\System\rHJfhfg.exe
  C:\Windows\System\rHJfhfg.exe
  2⤵
  PID:11772
- C:\Windows\System\jtobySD.exe
  C:\Windows\System\jtobySD.exe
  2⤵
  PID:11880
- C:\Windows\System\gfFynkf.exe
  C:\Windows\System\gfFynkf.exe
  2⤵
  PID:11932
- C:\Windows\System\aKEeBqQ.exe
  C:\Windows\System\aKEeBqQ.exe
  2⤵
  PID:11988
- C:\Windows\System\MyQbHTv.exe
  C:\Windows\System\MyQbHTv.exe
  2⤵
  PID:12052
- C:\Windows\System\hIATcAX.exe
  C:\Windows\System\hIATcAX.exe
  2⤵
  PID:12100
- C:\Windows\System\bToEVxL.exe
  C:\Windows\System\bToEVxL.exe
  2⤵
  PID:12180
- C:\Windows\System\cogmlTe.exe
  C:\Windows\System\cogmlTe.exe
  2⤵
  PID:12284
- C:\Windows\System\ORQoUOO.exe
  C:\Windows\System\ORQoUOO.exe
  2⤵
  PID:11376
- C:\Windows\System\NnIJiAD.exe
  C:\Windows\System\NnIJiAD.exe
  2⤵
  PID:11488
- C:\Windows\System\NivbRhi.exe
  C:\Windows\System\NivbRhi.exe
  2⤵
  PID:11396
- C:\Windows\System\VIIJqeZ.exe
  C:\Windows\System\VIIJqeZ.exe
  2⤵
  PID:11696
- C:\Windows\System\ayiWoTd.exe
  C:\Windows\System\ayiWoTd.exe
  2⤵
  PID:11808
- C:\Windows\System\kNswhnh.exe
  C:\Windows\System\kNswhnh.exe
  2⤵
  PID:11916
- C:\Windows\System\EhPhQzA.exe
  C:\Windows\System\EhPhQzA.exe
  2⤵
  PID:12084
- C:\Windows\System\fEwzdSX.exe
  C:\Windows\System\fEwzdSX.exe
  2⤵
  PID:12268
- C:\Windows\System\WeykKSD.exe
  C:\Windows\System\WeykKSD.exe
  2⤵
  PID:11312
- C:\Windows\System\JTaTfJu.exe
  C:\Windows\System\JTaTfJu.exe
  2⤵
  PID:11804
- C:\Windows\System\KgiEcbp.exe
  C:\Windows\System\KgiEcbp.exe
  2⤵
  PID:12176
- C:\Windows\System\OUdhaRg.exe
  C:\Windows\System\OUdhaRg.exe
  2⤵
  PID:12296
- C:\Windows\System\bGuaumD.exe
  C:\Windows\System\bGuaumD.exe
  2⤵
  PID:12332
- C:\Windows\System\xLBKkpu.exe
  C:\Windows\System\xLBKkpu.exe
  2⤵
  PID:12360
- C:\Windows\System\FIiYupK.exe
  C:\Windows\System\FIiYupK.exe
  2⤵
  PID:12388
- C:\Windows\System\ZblbnXI.exe
  C:\Windows\System\ZblbnXI.exe
  2⤵
  PID:12420
- C:\Windows\System\fBNTCeH.exe
  C:\Windows\System\fBNTCeH.exe
  2⤵
  PID:12444
- C:\Windows\System\OuuMAbj.exe
  C:\Windows\System\OuuMAbj.exe
  2⤵
  PID:12540
- C:\Windows\System\HAuYpgE.exe
  C:\Windows\System\HAuYpgE.exe
  2⤵
  PID:12572
- C:\Windows\System\IymnoCX.exe
  C:\Windows\System\IymnoCX.exe
  2⤵
  PID:12588
- C:\Windows\System\qPfhbGv.exe
  C:\Windows\System\qPfhbGv.exe
  2⤵
  PID:12604
- C:\Windows\System\VpQKIVf.exe
  C:\Windows\System\VpQKIVf.exe
  2⤵
  PID:12628
- C:\Windows\System\krSlWgt.exe
  C:\Windows\System\krSlWgt.exe
  2⤵
  PID:12652
- C:\Windows\System\nDUrwsd.exe
  C:\Windows\System\nDUrwsd.exe
  2⤵
  PID:12676
- C:\Windows\System\JkZxRxU.exe
  C:\Windows\System\JkZxRxU.exe
  2⤵
  PID:12704
- C:\Windows\System\dRJAWtV.exe
  C:\Windows\System\dRJAWtV.exe
  2⤵
  PID:12736
- C:\Windows\System\NYfcCtm.exe
  C:\Windows\System\NYfcCtm.exe
  2⤵
  PID:12768
- C:\Windows\System\ehXhqpS.exe
  C:\Windows\System\ehXhqpS.exe
  2⤵
  PID:12788
- C:\Windows\System\gHecXJn.exe
  C:\Windows\System\gHecXJn.exe
  2⤵
  PID:12820
- C:\Windows\System\ETXRkCC.exe
  C:\Windows\System\ETXRkCC.exe
  2⤵
  PID:12844
- C:\Windows\System\apBRnbG.exe
  C:\Windows\System\apBRnbG.exe
  2⤵
  PID:12872
- C:\Windows\System\LyLFCoq.exe
  C:\Windows\System\LyLFCoq.exe
  2⤵
  PID:12896
- C:\Windows\System\GkkgJvw.exe
  C:\Windows\System\GkkgJvw.exe
  2⤵
  PID:12920
- C:\Windows\System\HNTMJwU.exe
  C:\Windows\System\HNTMJwU.exe
  2⤵
  PID:12948
- C:\Windows\System\IkhxIZc.exe
  C:\Windows\System\IkhxIZc.exe
  2⤵
  PID:12972
- C:\Windows\System\Nofabdc.exe
  C:\Windows\System\Nofabdc.exe
  2⤵
  PID:13008
- C:\Windows\System\GIOHaDm.exe
  C:\Windows\System\GIOHaDm.exe
  2⤵
  PID:13032
- C:\Windows\System\BOlVeBp.exe
  C:\Windows\System\BOlVeBp.exe
  2⤵
  PID:13064
- C:\Windows\System\dyQwofR.exe
  C:\Windows\System\dyQwofR.exe
  2⤵
  PID:13100
- C:\Windows\System\EdZZXIF.exe
  C:\Windows\System\EdZZXIF.exe
  2⤵
  PID:13128
- C:\Windows\System\JuvpQGX.exe
  C:\Windows\System\JuvpQGX.exe
  2⤵
  PID:13144
- C:\Windows\System\CnpyVPE.exe
  C:\Windows\System\CnpyVPE.exe
  2⤵
  PID:13176
- C:\Windows\System\zoKhPWU.exe
  C:\Windows\System\zoKhPWU.exe
  2⤵
  PID:13204
- C:\Windows\System\trOqjAq.exe
  C:\Windows\System\trOqjAq.exe
  2⤵
  PID:13224
- C:\Windows\System\pXgzJTq.exe
  C:\Windows\System\pXgzJTq.exe
  2⤵
  PID:13248
- C:\Windows\System\RAHitEC.exe
  C:\Windows\System\RAHitEC.exe
  2⤵
  PID:13280
- C:\Windows\System\hSLRtxA.exe
  C:\Windows\System\hSLRtxA.exe
  2⤵
  PID:13296
- C:\Windows\System\WuoeGkK.exe
  C:\Windows\System\WuoeGkK.exe
  2⤵
  PID:11700
- C:\Windows\System\fEhWpxP.exe
  C:\Windows\System\fEhWpxP.exe
  2⤵
  PID:12328
- C:\Windows\System\vspzUXm.exe
  C:\Windows\System\vspzUXm.exe
  2⤵
  PID:12352
- C:\Windows\System\cJXduSg.exe
  C:\Windows\System\cJXduSg.exe
  2⤵
  PID:12440
- C:\Windows\System\HxfNxoL.exe
  C:\Windows\System\HxfNxoL.exe
  2⤵
  PID:12476
- C:\Windows\System\ZozAwos.exe
  C:\Windows\System\ZozAwos.exe
  2⤵
  PID:12624
- C:\Windows\System\bVjmkFL.exe
  C:\Windows\System\bVjmkFL.exe
  2⤵
  PID:12644
- C:\Windows\System\tQmJGwY.exe
  C:\Windows\System\tQmJGwY.exe
  2⤵
  PID:12784
- C:\Windows\System\tlsHHWD.exe
  C:\Windows\System\tlsHHWD.exe
  2⤵
  PID:1448
- C:\Windows\System\LaoSyHg.exe
  C:\Windows\System\LaoSyHg.exe
  2⤵
  PID:12860
- C:\Windows\System\fJtwfOG.exe
  C:\Windows\System\fJtwfOG.exe
  2⤵
  PID:12916
- C:\Windows\System\BOUbYOx.exe
  C:\Windows\System\BOUbYOx.exe
  2⤵
  PID:12928
- C:\Windows\System\NaeEnhu.exe
  C:\Windows\System\NaeEnhu.exe
  2⤵
  PID:13080
- C:\Windows\System\aSqNuTa.exe
  C:\Windows\System\aSqNuTa.exe
  2⤵
  PID:13088
- C:\Windows\System\AdGoNiW.exe
  C:\Windows\System\AdGoNiW.exe
  2⤵
  PID:13172
- C:\Windows\System\QchvZgZ.exe
  C:\Windows\System\QchvZgZ.exe
  2⤵
  PID:13264
- C:\Windows\System\qTuWpvX.exe
  C:\Windows\System\qTuWpvX.exe
  2⤵
  PID:13220
- C:\Windows\System\PWZgeUP.exe
  C:\Windows\System\PWZgeUP.exe
  2⤵
  PID:12316
- C:\Windows\System\fiAokag.exe
  C:\Windows\System\fiAokag.exe
  2⤵
  PID:12664
- C:\Windows\System\iTxzVEA.exe
  C:\Windows\System\iTxzVEA.exe
  2⤵
  PID:12372
- C:\Windows\System\gkQhYDn.exe
  C:\Windows\System\gkQhYDn.exe
  2⤵
  PID:12832
- C:\Windows\System\NAAksMq.exe
  C:\Windows\System\NAAksMq.exe
  2⤵
  PID:12780
- C:\Windows\System\aeZeWjs.exe
  C:\Windows\System\aeZeWjs.exe
  2⤵
  PID:12988
- C:\Windows\System\deTbPpc.exe
  C:\Windows\System\deTbPpc.exe
  2⤵
  PID:13288
- C:\Windows\System\wSQOExB.exe
  C:\Windows\System\wSQOExB.exe
  2⤵
  PID:12620
- C:\Windows\System\MAWPJgV.exe
  C:\Windows\System\MAWPJgV.exe
  2⤵
  PID:13168
- C:\Windows\System\EipuiuE.exe
  C:\Windows\System\EipuiuE.exe
  2⤵
  PID:13272
- C:\Windows\System\igrkMcA.exe
  C:\Windows\System\igrkMcA.exe
  2⤵
  PID:1424
- C:\Windows\System\ErKUMGU.exe
  C:\Windows\System\ErKUMGU.exe
  2⤵
  PID:12292
- C:\Windows\System\EkCkFVR.exe
  C:\Windows\System\EkCkFVR.exe
  2⤵
  PID:3364
- C:\Windows\System\UqGgFnU.exe
  C:\Windows\System\UqGgFnU.exe
  2⤵
  PID:13332
- C:\Windows\System\mZExqST.exe
  C:\Windows\System\mZExqST.exe
  2⤵
  PID:13364
- C:\Windows\System\JSBiSaL.exe
  C:\Windows\System\JSBiSaL.exe
  2⤵
  PID:13392
- C:\Windows\System\aKxoUGi.exe
  C:\Windows\System\aKxoUGi.exe
  2⤵
  PID:13420
- C:\Windows\System\eEkLtuC.exe
  C:\Windows\System\eEkLtuC.exe
  2⤵
  PID:13440
- C:\Windows\System\tdZmvsA.exe
  C:\Windows\System\tdZmvsA.exe
  2⤵
  PID:13456
- C:\Windows\System\KFpaDCE.exe
  C:\Windows\System\KFpaDCE.exe
  2⤵
  PID:13484
- C:\Windows\System\hdwQbgV.exe
  C:\Windows\System\hdwQbgV.exe
  2⤵
  PID:13516
- C:\Windows\System\CCezXEc.exe
  C:\Windows\System\CCezXEc.exe
  2⤵
  PID:13552
- C:\Windows\System\LjjMMzA.exe
  C:\Windows\System\LjjMMzA.exe
  2⤵
  PID:13568
- C:\Windows\System\cvTbnvW.exe
  C:\Windows\System\cvTbnvW.exe
  2⤵
  PID:13588
- C:\Windows\System\HuMTRNR.exe
  C:\Windows\System\HuMTRNR.exe
  2⤵
  PID:13624
- C:\Windows\System\VChijOg.exe
  C:\Windows\System\VChijOg.exe
  2⤵
  PID:13652
- C:\Windows\System\ZrsuuXu.exe
  C:\Windows\System\ZrsuuXu.exe
  2⤵
  PID:13696
- C:\Windows\System\tWPXxmz.exe
  C:\Windows\System\tWPXxmz.exe
  2⤵
  PID:13720
- C:\Windows\System\ztbdorz.exe
  C:\Windows\System\ztbdorz.exe
  2⤵
  PID:13744
- C:\Windows\System\FelVjat.exe
  C:\Windows\System\FelVjat.exe
  2⤵
  PID:13768
- C:\Windows\System\zEzFMjo.exe
  C:\Windows\System\zEzFMjo.exe
  2⤵
  PID:13792
- C:\Windows\System\LtuBqdW.exe
  C:\Windows\System\LtuBqdW.exe
  2⤵
  PID:13816
- C:\Windows\System\aGEdoCQ.exe
  C:\Windows\System\aGEdoCQ.exe
  2⤵
  PID:13836
- C:\Windows\System\KDUiqlO.exe
  C:\Windows\System\KDUiqlO.exe
  2⤵
  PID:13856
- C:\Windows\System\mjTIaib.exe
  C:\Windows\System\mjTIaib.exe
  2⤵
  PID:13884
- C:\Windows\System\CWExsrP.exe
  C:\Windows\System\CWExsrP.exe
  2⤵
  PID:13912
- C:\Windows\System\QapNdNq.exe
  C:\Windows\System\QapNdNq.exe
  2⤵
  PID:13948
- C:\Windows\System\vmMUaFa.exe
  C:\Windows\System\vmMUaFa.exe
  2⤵
  PID:13964
- C:\Windows\System\oKxRicf.exe
  C:\Windows\System\oKxRicf.exe
  2⤵
  PID:13996
- C:\Windows\System\igdzklD.exe
  C:\Windows\System\igdzklD.exe
  2⤵
  PID:14020
- C:\Windows\System\xyzvuXO.exe
  C:\Windows\System\xyzvuXO.exe
  2⤵
  PID:14048
- C:\Windows\System\JMPOiWh.exe
  C:\Windows\System\JMPOiWh.exe
  2⤵
  PID:14080
- C:\Windows\System\CMleXMO.exe
  C:\Windows\System\CMleXMO.exe
  2⤵
  PID:14112
- C:\Windows\System\jfpiFqO.exe
  C:\Windows\System\jfpiFqO.exe
  2⤵
  PID:14128
- C:\Windows\System\MvwfxdR.exe
  C:\Windows\System\MvwfxdR.exe
  2⤵
  PID:14160
- C:\Windows\System\ZhjWgMg.exe
  C:\Windows\System\ZhjWgMg.exe
  2⤵
  PID:14192
- C:\Windows\System\NzzmWfc.exe
  C:\Windows\System\NzzmWfc.exe
  2⤵
  PID:14216
- C:\Windows\System\ZNMtJZX.exe
  C:\Windows\System\ZNMtJZX.exe
  2⤵
  PID:14236
- C:\Windows\System\ilfFDSh.exe
  C:\Windows\System\ilfFDSh.exe
  2⤵
  PID:14264
- C:\Windows\System\FRnuflG.exe
  C:\Windows\System\FRnuflG.exe
  2⤵
  PID:14296
- C:\Windows\System\LjyFqpk.exe
  C:\Windows\System\LjyFqpk.exe
  2⤵
  PID:14320
- C:\Windows\System\rvHffYK.exe
  C:\Windows\System\rvHffYK.exe
  2⤵
  PID:2576
- C:\Windows\System\jJmbUHH.exe
  C:\Windows\System\jJmbUHH.exe
  2⤵
  PID:13356
- C:\Windows\System\fqfjrZf.exe
  C:\Windows\System\fqfjrZf.exe
  2⤵
  PID:13120
- C:\Windows\System\NnwWzBA.exe
  C:\Windows\System\NnwWzBA.exe
  2⤵
  PID:13384
- C:\Windows\System\CXWJEMB.exe
  C:\Windows\System\CXWJEMB.exe
  2⤵
  PID:13540
- C:\Windows\System\DjYbNDz.exe
  C:\Windows\System\DjYbNDz.exe
  2⤵
  PID:13664
- C:\Windows\System\jOjHJZk.exe
  C:\Windows\System\jOjHJZk.exe
  2⤵
  PID:13648
- C:\Windows\System\EhOtVsS.exe
  C:\Windows\System\EhOtVsS.exe
  2⤵
  PID:13604
- C:\Windows\System\PQlMaHi.exe
  C:\Windows\System\PQlMaHi.exe
  2⤵
  PID:13824
- C:\Windows\System\exCDATu.exe
  C:\Windows\System\exCDATu.exe
  2⤵
  PID:13852
- C:\Windows\System\KCjGCEp.exe
  C:\Windows\System\KCjGCEp.exe
  2⤵
  PID:13880
- C:\Windows\System\KnRdTRS.exe
  C:\Windows\System\KnRdTRS.exe
  2⤵
  PID:13936
- C:\Windows\System\SqedYxR.exe
  C:\Windows\System\SqedYxR.exe
  2⤵
  PID:14072
- C:\Windows\System\HdHOVIK.exe
  C:\Windows\System\HdHOVIK.exe
  2⤵
  PID:14100
- C:\Windows\System\pXeZcLr.exe
  C:\Windows\System\pXeZcLr.exe
  2⤵
  PID:14012
- C:\Windows\System\QDWbCDg.exe
  C:\Windows\System\QDWbCDg.exe
  2⤵
  PID:14208
- C:\Windows\System\WsxPMwb.exe
  C:\Windows\System\WsxPMwb.exe
  2⤵
  PID:14124
- C:\Windows\System\KKhOzHg.exe
  C:\Windows\System\KKhOzHg.exe
  2⤵
  PID:12556
- C:\Windows\System\DNxFqEw.exe
  C:\Windows\System\DNxFqEw.exe
  2⤵
  PID:13476
- C:\Windows\System\dxYscCI.exe
  C:\Windows\System\dxYscCI.exe
  2⤵
  PID:13564
- C:\Windows\System\STfCLND.exe
  C:\Windows\System\STfCLND.exe
  2⤵
  PID:13756
- C:\Windows\System\pvKhmMx.exe
  C:\Windows\System\pvKhmMx.exe
  2⤵
  PID:13804
- C:\Windows\System\DnxCQLQ.exe
  C:\Windows\System\DnxCQLQ.exe
  2⤵
  PID:13776
- C:\Windows\System\bHnVbmQ.exe
  C:\Windows\System\bHnVbmQ.exe
  2⤵
  PID:13944
- C:\Windows\System\NoPiTxv.exe
  C:\Windows\System\NoPiTxv.exe
  2⤵
  PID:14312
- C:\Windows\System\MkNrTWM.exe
  C:\Windows\System\MkNrTWM.exe
  2⤵
  PID:13320
- C:\Windows\System\IQuWOtC.exe
  C:\Windows\System\IQuWOtC.exe
  2⤵
  PID:14356
- C:\Windows\System\nEXkflX.exe
  C:\Windows\System\nEXkflX.exe
  2⤵
  PID:14388
- C:\Windows\System\nRToQPr.exe
  C:\Windows\System\nRToQPr.exe
  2⤵
  PID:14416
- C:\Windows\System\oiHXWlo.exe
  C:\Windows\System\oiHXWlo.exe
  2⤵
  PID:14680
- C:\Windows\System\rnBSgju.exe
  C:\Windows\System\rnBSgju.exe
  2⤵
  PID:14700
- C:\Windows\System\uDFvRYr.exe
  C:\Windows\System\uDFvRYr.exe
  2⤵
  PID:15040
- C:\Windows\System\CSbLaJd.exe
  C:\Windows\System\CSbLaJd.exe
  2⤵
  PID:15160
- C:\Windows\System\EGNoiEH.exe
  C:\Windows\System\EGNoiEH.exe
  2⤵
  PID:14572
- C:\Windows\System\uqNHEDr.exe
  C:\Windows\System\uqNHEDr.exe
  2⤵
  PID:14584
- C:\Windows\System\GbECbAJ.exe
  C:\Windows\System\GbECbAJ.exe
  2⤵
  PID:14612
- C:\Windows\System\zPGerQY.exe
  C:\Windows\System\zPGerQY.exe
  2⤵
  PID:14676

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AtqBumq.exe

Filesize
2.3MB

MD5
922eafabc13d35981b84667f0fe26261

SHA1
9f037efb8b915e481de58928aba2176947265a72

SHA256
acfe6309e551ea699923db09d8b0bd34eb66115c2f9883861ab2181ef46f9716

SHA512
ca4d25129abc75ca6a6fe33b63311b5f9a815a0fa8d615422e65c505619349f71d28f2611e5dda4610e90d04f992282e594ab70f23a697d3749c7024267f02d7

Download Submit
C:\Windows\System\BMolRdQ.exe

Filesize
2.3MB

MD5
c8ef8102b46f4d5c054530f67d55f196

SHA1
de5db94a9ac2f107d3508fcb5027f092d1453181

SHA256
2260028de7f1677ea68bd36eb2af968ffde57191e07087c79866c05fc4f80bfa

SHA512
cd9f09cd147568aa8cc7540d40a2e8617bc1d16c5efc1a20a09cb7590edbf3a06b7b23f4967b472fe6c6ba5d412d60828e52cb1358fa378da229100584004607

Download Submit
C:\Windows\System\CYXDroH.exe

Filesize
2.3MB

MD5
aac3428dff60ced994907cf0723a369e

SHA1
680d67bdfc178fdd5fd7f46ab8a04668769c3889

SHA256
d2f14367124d1c01ace3c49407f2cc6e7950be156b6db7c85c52446f2537bc9a

SHA512
6c4c412ade7cb4f1cc522dbf529d035a83009045c2327095c63f81f1af229943e5004c76cbfb7e75d49d960cef8f9badf88fbabfa2a5b002dd23868b3a74e0ff

Download Submit
C:\Windows\System\FBcISpZ.exe

Filesize
2.3MB

MD5
d5e6031eb375d0dc91decfe5bb39b1ff

SHA1
8d30c62289cd70b7952872e57b921c170c161f8a

SHA256
760abbf8391e6cfc0993bd559dc9b25d8c1eb6aecccd37a6f27abb8217b21dce

SHA512
518fe7d936ccc4803a656411ff0bc4aa5059bb89968af619d47e0703e6edc9690c250559baf1afd70a2481176351af09ee2ef4cbd9bdf7e6508aa2dcdf698c1a

Download Submit
C:\Windows\System\FkWmdav.exe

Filesize
2.3MB

MD5
55ead4bc8344ccce40e87a2976539d3c

SHA1
407531efa95496c3a6ad22d77b201d0d0c3e1500

SHA256
14eff1dfae6a2fa73f3575c4889fe0e2f61eb2a09a1375c33625aae1e83cbf18

SHA512
895b6b1ac93fb6cddc87f18a0e7f77114e9e582208680d9fccdeb55bdc8c27c61b29dda3716fa91f794be6392c5ef801a09bb11045bd23865b87530f6c0e46cc

Download Submit
C:\Windows\System\IFkgISF.exe

Filesize
2.3MB

MD5
983a6d4a05a447f058843b2f7bd37804

SHA1
b34bcf06358b06f53e71eeb98f45e84cf6cfaef9

SHA256
e2439f356595fd7852a6dbbb64091077b584ae208d9a1c849316c0db2dfd8399

SHA512
7689e0ef098f5a6df305ff15e24112f0903fb6b04bd5d33d087f6825c2f1cee00f18e3b5e03418f7bb728787baa3b666c9751a3fb3759e7b4af5748acd09e090

Download Submit
C:\Windows\System\JxZNjxt.exe

Filesize
2.3MB

MD5
101605d4bb4a25e52f621fa00c34b340

SHA1
808b7519545998958b5914945e51103f887077b9

SHA256
0317924862e9f8a6d90379a6171592e591e01ca2c696d467048cb7465438855a

SHA512
e7140f1a5bef852c909dc536035019ee9aa6c5ed081525bc79c96aec431aea559ae4709ab9d67d50ca6f36a9c07bf25e136d7747a13cf98da5100a10f3f8e52c

Download Submit
C:\Windows\System\LEYNdgS.exe

Filesize
2.3MB

MD5
641b18b6302108c6cb837ad8d1252f43

SHA1
d3b5700e096f7c040d2b6796e9ec294c723a5550

SHA256
45b0236035f1f103dfb78951a8352d931c83cf8a4a9d931653bfd7081bfe5d39

SHA512
369239423c9ffc0aeab01a2b13c347dc85c760de4ccbb0eade9aff5c8132ab650fb476698694ea8eec14e377a6e21b12e9a0171682faffe13d6ef9b474639969

Download Submit
C:\Windows\System\NtTGgvL.exe

Filesize
2.3MB

MD5
a6e9a6f40d0527d827d7ce499ec8e7b9

SHA1
7f83164a9fd921ddab5055b5a3638e1d72faa056

SHA256
b472a289db04fd675e4ed043f1359f09e9dc30b8ee0d89b53aba0d712353dd57

SHA512
7d250fee5e129e17252b347632180bd546afe1c5ad7684681d3a9f9a48f15d40d907c5bee871455b95121c5c0ab6b7486c60e6b0a94848faa10a0b620a1b6f6d

Download Submit
C:\Windows\System\NvOGHpB.exe

Filesize
2.3MB

MD5
c840f2d8b9525cfb9685bafd1cf8ae76

SHA1
9a72f50f539ba149a74745d579fdaec053b9d6fd

SHA256
46e57f3e985018a736d4527a292b5898421ec6577bf42197b984b3abb9553f59

SHA512
b88f9679935c792fcece11bc2894e48ad5cd0daf2cc39dd8fdfc824cba48ecb698185878ee5df253545cc44f1b89ed5d0e0d9e47395b3335895017888b2da3c3

Download Submit
C:\Windows\System\OFRTepw.exe

Filesize
2.3MB

MD5
a6cee68fb52797803b6e563fe7af8d9d

SHA1
1a7c6d4fac601b5ad834be24c8b5c93ec1eae0a5

SHA256
d6e1d3a27a425d2b25769ece3eb5412e5d161b26014c4326fb0755d8c3866cff

SHA512
34a12492b45d91d8109cc6ee731fafe83473aa46ca3bfe61e0ddb7aab3d7e7a29a6c801c880c08597648fbb891139006948c2e270222274c5c887e9ec606d46a

Download Submit
C:\Windows\System\PIkiaqj.exe

Filesize
2.3MB

MD5
d5d84ce1eaf5b92abd56c059b1f5db0f

SHA1
1df73e5b69e7d44f9add7e174cff185f4ab03a9d

SHA256
8a2ce6f73015dd006c4cde79674ecf5d99ce5e682e3fd7e77c6358dd5d5eae93

SHA512
4ef2cd8a20c951b5d465de258f0b0a91c93111a5fa32662a63f222be70bbb13d1bfe410aa1ad43a36b08ae47ef0f23678aca112588905e7260dc8be95ac8fad7

Download Submit
C:\Windows\System\PVRZKRl.exe

Filesize
2.3MB

MD5
5c1ad95488d361602ed735a361d7ee79

SHA1
b2e33c66b5d65a36dc29f42811782d39ef5dca07

SHA256
575551c273e3c79eaafc376c3be44efe47292481d5059b83fcf61a0985e3ba6b

SHA512
c6aca578d57294df7c41fb2b7576f5b4ca23713e55b4db54a4835d10992d03474e668ef089a75ca672b70901a7da6fe0778a1b6ae3abe2577f9b7c4fae19aa6a

Download Submit
C:\Windows\System\QNIfVru.exe

Filesize
2.3MB

MD5
fea128bb8f80de4f474560f72592cf1a

SHA1
cf90c3df05c0c7d427adcc49f25d6780e077162a

SHA256
c6f87eeba4258c00c005b487af755fa94731fea56565071356dee23f47638092

SHA512
ee5e2d19f96f3f9e0f565463597cc0fb47c22983a9f35dd74265b7b316c078e5a4613b3553d3c300b940e746ae2554a7c4220f4ad097a71587034fca54f80289

Download Submit
C:\Windows\System\RlSRtVG.exe

Filesize
2.3MB

MD5
28588a5c438624c7aa777c2b0eeaa969

SHA1
788127da2bbde7666f74f592e7f50799977df8bf

SHA256
3727284ec5a294195ce90274cb3f331f4995195cabef1bc5005c3e6ba816f063

SHA512
b95a4e4d11df691780bd555a992f3fd623e3776821dea82be358e3504d2b37115935b9875f73256751ef5521ebfdc13c868261864d9413bf0b28f94dfad12e0a

Download Submit
C:\Windows\System\UgftBPC.exe

Filesize
2.3MB

MD5
b7cdf0d53be456233514a03d0e2432e2

SHA1
d2228198721f84373fc53bec2eb63c2f8773afad

SHA256
f35d93d2155407262909dfc3c16a00143569a27bbf8cd2339b95eee63cf80727

SHA512
ad9ba568aaa9023b9a4c034653d1c6add6dbc0aed32522b5fbd8ab9ed4136885cd71beb87123d67b7c23258c61f3b7a41abcbf07e9d29d6b491e6b1252777610

Download Submit
C:\Windows\System\VgCczlZ.exe

Filesize
2.3MB

MD5
39d676e9a72444c23911881b81a5c7e6

SHA1
abe02782173ca6d9df1dd9370a8d0eed3c590f45

SHA256
6dfb9fd01212c64ec739c692838bed689516647e19b2671f1f7a09fb296ebcc3

SHA512
2d6831fd34e465d9ecf9081868a4ee35a6b28aca01a75f23a836c80ad8e201cc63e0cd684399655cf605e520c59ab836c34fdc5af0de3a86046361a743971a9d

Download Submit
C:\Windows\System\XlAZPQo.exe

Filesize
2.3MB

MD5
b2dc539bcb9ec84a5c5a4d80ecad7023

SHA1
a3ef42330a6eedecf1c17806c5e6791ec36d03e1

SHA256
008f6a42bdae7a5e7be6a8902899e8eb37efba253acb6a315076be7b4ec0a485

SHA512
4b429331df863599b9f21c46c94d5218a182cbbdb8108932f5e426260d0bd42b8eeca710251b7ff233808708e70913f17d54fcf976958e8cf8ac388a821657e2

Download Submit
C:\Windows\System\avZfumT.exe

Filesize
2.3MB

MD5
c357743f4503eacfe2fefe15fbf54df9

SHA1
175a3f5e038a19cdf31e32dbf3e18b812ffb0bed

SHA256
172f316ec776cb3d79f562517338fab5a77fc9d4b2dfcc24fa840bedf7035d64

SHA512
ac5a43d665418bf4da62a5978e7a60522cd372ca57e18f68725c9853bb5fda00d567d1a8c51c4a0e6a175426c991494149bb6e69786a34137c909fc21f1a07f9

Download Submit
C:\Windows\System\bEWrFwK.exe

Filesize
2.3MB

MD5
7eb52c5a7477895a01dad3015f99957c

SHA1
31430c4b7e63453c5e17bc6421dd8831981b3162

SHA256
95b856682fef54dc1b49e3b7273988343740ec440f78090fe578f9c4e39288b7

SHA512
a2a95415e5f2f2fa1957a35bdd520f0ef54a44afb81ba6682977e25e6027bb5ac4021e7866cbd2bdc237d0e1cf95155772ee1e785040c4a56296c389cb97cad1

Download Submit
C:\Windows\System\bshXErv.exe

Filesize
2.3MB

MD5
08a887ba6de80db68a17364d58013a35

SHA1
e284a925d458842bd90cd6f0f7274caa821c8f18

SHA256
bfabe8b42aa5e0475d8d46314f6b830abf4cd81c111d34e5741957537fbf1656

SHA512
1e44a8265a1ac23439abf71547f151c5827c7a937d9713ebf648167fe82207975a54837213a39b017c1a19822669f4923bbff95fa7fe7fb8251484af85f22087

Download Submit
C:\Windows\System\egZQUiM.exe

Filesize
2.3MB

MD5
0bd74457f82a19e187c02233c98f445d

SHA1
2baac1f8faeecaf93f036758a3bbd1d1bbb8c802

SHA256
60c300b92d8fb43fe0b567301fc2e6a26ec4e218805d93c65b891580c34de38f

SHA512
64edc840c8db22f45b1c3215063ccd07d57b6cde241ecc7b4efefffc43d0b6925ec626b5c4fa39f4bed1ec7bc52bd2b96e917973cf3fc487d67ddc97b292d051

Download Submit
C:\Windows\System\fsjJDGX.exe

Filesize
2.3MB

MD5
7203487b648b6341f3561daa8c95a317

SHA1
1146fdb918efb06e61740d1cbbc538156a63c0aa

SHA256
e69dc8c9b129d591f6fca5dfc7741cd0cfa38d3437e3abf93b5df2299d61a263

SHA512
9023210f927490df19528fd5a5ba024460a355e715c143f7de6f36637cffff848e0309c1695f7be02e782f21ffc5b95f15754c2ccfa9d91b81640aae05cef7db

Download Submit
C:\Windows\System\hOGqYkM.exe

Filesize
2.3MB

MD5
05f741108616e97e67103fdd7e280af9

SHA1
5aa4dcf3b986e4cd5ea7155f981c67fc29e8ee39

SHA256
42509f9f415089d7aaaaff4dfb8f43b44dbc60ed0226c54597415d54168f789c

SHA512
fc85d7a0d7e838c0724440a6310d81f8e8672393021829cbba08bbafdeb119f0263e216a6acf14335a1d1b2d2d8117ecf967e5561ce3f8ec86836bf8fef785d6

Download Submit
C:\Windows\System\jGjCxdT.exe

Filesize
2.3MB

MD5
d8418f78ae376cf11802426d6d87ed5e

SHA1
08bba7b9f17bf94eadcf51d9b9387e19d30b5b55

SHA256
0bd56fa52f5aab8b6f873910d7563b1398817e8d780106b57259cd0008664ccf

SHA512
53536bce0d8899c2dc917f65e1f0808125e9f04764f4663e2c46b82dce80a3c7c44a7207939d2d2eb840e00d0fc06f2384e1e1aa66cfd0581148292e900d6bf1

Download Submit
C:\Windows\System\jKbqSDJ.exe

Filesize
2.3MB

MD5
fbeda81fbe315b5cf6610e8bcb7a9e4d

SHA1
36bdda6e3a06509bbb8bdbc19acda2a351d5bcb6

SHA256
f424b0c507712429a98646230fd727d143ad51c9a90def4c59c49e7632749052

SHA512
8d6031ae17e0507f87bf83b66395cd0fe89b859ad617ee79cc386237ea8a3dd1175bf202e16a5167a4754a643ebba1663d619855bc81556660086f51ab840001

Download Submit
C:\Windows\System\kSnhwzv.exe

Filesize
2.3MB

MD5
bf8029387d9a94bf40ec4c69b90ff3c1

SHA1
a85dee4a9cbbf48739243de83a9a4eacbb448721

SHA256
a13d8e95b1b3be4522fb992017e67b36869121bb93be06fd5a9e5dbba44e2d6c

SHA512
5dd55d292c6eef9a9475f65460f7d485549d026dc2fb4e73651b353261c575ee89457a5da23a0255b0063b361c55b1dcb78ba253a956ed6b52065d4b4801b516

Download Submit
C:\Windows\System\kWwxJYI.exe

Filesize
2.3MB

MD5
b91c4db6a3dd2b793367cd3ad8f334a1

SHA1
a39f3ba2abb315bfb1373e984660855b50beeb48

SHA256
4f468cb1a7ef5841dd9db0e42579ca92699a4f01909fe5851a9af624fcb4c3c9

SHA512
83907636a0aa7f956bc8fb6ad1bd584be223d5b45d2d5103e5fae33f08dbe52f8fa1301c841eb0394b3b4f358d085d02567f8d468d562cd55681a31468beadd1

Download Submit
C:\Windows\System\mnkgYUY.exe

Filesize
2.3MB

MD5
0c0a0829a18b342b12a48341f5943dc3

SHA1
e96c343921ee86d1d77f984874683de657e5b293

SHA256
1cbe4f9fcec0074c13ce6b6062853f4dd917fed18e069939873873ea53e748eb

SHA512
a7f2eb6afa90a5ca9d687f2f172d3c6f5b4245fe61109e4326a0f3451c49bc585259fd100597341064492fb37b7952ccdeda18d443a40e1a0dd3c9c7fa39914a

Download Submit
C:\Windows\System\tshUuYX.exe

Filesize
2.3MB

MD5
f2d958efb9b065da3a9a801daad96392

SHA1
db687bf7dd765622d7d1c15ade79b280c8a05265

SHA256
04c82a4639ac936c196b95925f9d26d26bd770341ef33373c653e724c4b67ef4

SHA512
ce6ee91a658a2ca1b3001ab276030a7897012b7069c35a21fdf233ec83bd254d7e5e9164df63b49858f8b2cac575a411d2738abd5d095f2285e574bde1abc37a

Download Submit
C:\Windows\System\uAFtQEf.exe

Filesize
2.3MB

MD5
8d728c48af29a69342abc5f3edb544f1

SHA1
c05d97189926dd9762f6ab83681305d81f6e57e2

SHA256
c46d8025da0899b6fe2dea1099a7266e8eba550b0431138b5a78318a5da50b4a

SHA512
22c0e6c1e99da32f5c4493af8d50b7a71bfd986732919c5fa5952927df7a1736b74473cafd494948583abf3e9bbf7512c56c29cbeac7277170f73f9fbdad686a

Download Submit
C:\Windows\System\uWVwLgE.exe

Filesize
2.3MB

MD5
f3f86796730059dd5ec984ffe86752f4

SHA1
9b86d12a3cb833189964a7418bc66881b77679ad

SHA256
744e9ba3465a77ca8b7e2a55cd002bab0d6bc71480c0af5ffeab4b666128a562

SHA512
03b9bae9f69f0e92bdbbb7709203b292321bb182258b8d10b41b539213c1762b6030cea70938310e6eb6906cadfd84d7750ea024f6c8609a7936aff1e9a175e8

Download Submit
C:\Windows\System\ucOehLr.exe

Filesize
2.3MB

MD5
22078d61c4597a6ac000889fae7b3dc0

SHA1
b6b307bbf6cc91ff842dbf825b49ee342ebd3f35

SHA256
05b38737fb066b2f50e44d44ddbc41335096f95ca81b4588711ca65b5ca6da84

SHA512
b25fc06d59e12f29ea93d31b084a69efa4f14f71d00e28aa27ee49ebc1042cccc0c1e031a182dfb6d5430f0a74b7d44620c79454d945c5dd2913d4c214e3ef95

Download Submit
C:\Windows\System\wjhtGst.exe

Filesize
2.3MB

MD5
1744a138a90ab28d4d454dd9d7e72a12

SHA1
b3b45f94cb96aa308dcd475ab772245bdea73c63

SHA256
0a717036a1aa79555ccb5f23bf44498fdf3d2eae8cdc000ee0f2683103db045b

SHA512
c3de754bcbee2698733a89b7d367eaa20d20df0f183e257a7131c5be108e77796ecee9477bce72d9e8cb14d88fca9eb538d2df545dac99b86d26ac7a0fe9498e

Download Submit
C:\Windows\System\wypespZ.exe

Filesize
2.3MB

MD5
170f6d49fea0e08e97314a76ec98e409

SHA1
63609a6b4ec5ce63e00aebf0f97135014c0b672b

SHA256
5a041de230a81b3a371d8fab27ffe20a99aa2912ec962debe99edc4f37ba0c42

SHA512
9e3cb5b8eb8030a7a68e1f310201f79c0d32fb668740e24636c9e11c5fdb6eccecb55677dee273ea2908bf24b05e3c0a2b0c220bcff863cbdfcd1667b017218d

Download Submit
C:\Windows\System\yRJwIgE.exe

Filesize
2.3MB

MD5
677c20890c0d3facb47f8d5b1930787f

SHA1
21d9311e5255376650b7187f15855cfbca26f4e3

SHA256
9f7afa20c7ef1485e9ae81dd11c679c4e44cd2364ed74a0e3f476b30c6ac8900

SHA512
d3dfc2c2bb9e15199917535e1a4a793c4191d055c90d22f4e74a23b0b17dcdf42fbde6157567c69a4f992410508a5ff5089a4b50c05876893341963985b1ae89

Download Submit
memory/372-223-0x00007FF7455D0000-0x00007FF745924000-memory.dmp

Filesize
3.3MB

Download
memory/372-2328-0x00007FF7455D0000-0x00007FF745924000-memory.dmp

Filesize
3.3MB

Download
memory/544-2299-0x00007FF7E6930000-0x00007FF7E6C84000-memory.dmp

Filesize
3.3MB

Download
memory/544-2307-0x00007FF7E6930000-0x00007FF7E6C84000-memory.dmp

Filesize
3.3MB

Download
memory/544-77-0x00007FF7E6930000-0x00007FF7E6C84000-memory.dmp

Filesize
3.3MB

Download
memory/876-2317-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp

Filesize
3.3MB

Download
memory/876-113-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2325-0x00007FF66AA00000-0x00007FF66AD54000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2334-0x00007FF66AA00000-0x00007FF66AD54000-memory.dmp

Filesize
3.3MB

Download
memory/1188-175-0x00007FF66AA00000-0x00007FF66AD54000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2324-0x00007FF7B1F80000-0x00007FF7B22D4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-148-0x00007FF7B1F80000-0x00007FF7B22D4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2335-0x00007FF7B1F80000-0x00007FF7B22D4000-memory.dmp

Filesize
3.3MB

Download
memory/1336-2225-0x00007FF7B5D40000-0x00007FF7B6094000-memory.dmp

Filesize
3.3MB

Download
memory/1336-1-0x0000021E3BF70000-0x0000021E3BF80000-memory.dmp

Filesize
64KB

Download
memory/1336-0-0x00007FF7B5D40000-0x00007FF7B6094000-memory.dmp

Filesize
3.3MB

Download
memory/1388-35-0x00007FF635860000-0x00007FF635BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2304-0x00007FF635860000-0x00007FF635BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2327-0x00007FF73BDF0000-0x00007FF73C144000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2322-0x00007FF73BDF0000-0x00007FF73C144000-memory.dmp

Filesize
3.3MB

Download
memory/1408-145-0x00007FF73BDF0000-0x00007FF73C144000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2296-0x00007FF60AD80000-0x00007FF60B0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2308-0x00007FF60AD80000-0x00007FF60B0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-44-0x00007FF60AD80000-0x00007FF60B0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2323-0x00007FF7AFA20000-0x00007FF7AFD74000-memory.dmp

Filesize
3.3MB

Download
memory/2044-160-0x00007FF7AFA20000-0x00007FF7AFD74000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2329-0x00007FF7AFA20000-0x00007FF7AFD74000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2333-0x00007FF784350000-0x00007FF7846A4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2326-0x00007FF784350000-0x00007FF7846A4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-200-0x00007FF784350000-0x00007FF7846A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-118-0x00007FF71D190000-0x00007FF71D4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-2314-0x00007FF71D190000-0x00007FF71D4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-98-0x00007FF6B3850000-0x00007FF6B3BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2300-0x00007FF6B3850000-0x00007FF6B3BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2318-0x00007FF6B3850000-0x00007FF6B3BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2303-0x00007FF6C7140000-0x00007FF6C7494000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2232-0x00007FF6C7140000-0x00007FF6C7494000-memory.dmp

Filesize
3.3MB

Download
memory/2396-29-0x00007FF6C7140000-0x00007FF6C7494000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2298-0x00007FF61B0B0000-0x00007FF61B404000-memory.dmp

Filesize
3.3MB

Download
memory/2452-59-0x00007FF61B0B0000-0x00007FF61B404000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2306-0x00007FF61B0B0000-0x00007FF61B404000-memory.dmp

Filesize
3.3MB

Download
memory/2476-121-0x00007FF762B60000-0x00007FF762EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-2319-0x00007FF762B60000-0x00007FF762EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2330-0x00007FF7421C0000-0x00007FF742514000-memory.dmp

Filesize
3.3MB

Download
memory/2492-207-0x00007FF7421C0000-0x00007FF742514000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2316-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp

Filesize
3.3MB

Download
memory/2716-117-0x00007FF6D85B0000-0x00007FF6D8904000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2309-0x00007FF73F4A0000-0x00007FF73F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-119-0x00007FF73F4A0000-0x00007FF73F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2312-0x00007FF6ECA70000-0x00007FF6ECDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-78-0x00007FF6ECA70000-0x00007FF6ECDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3496-2313-0x00007FF726170000-0x00007FF7264C4000-memory.dmp

Filesize
3.3MB

Download
memory/3496-89-0x00007FF726170000-0x00007FF7264C4000-memory.dmp

Filesize
3.3MB

Download
memory/4148-122-0x00007FF7FDFE0000-0x00007FF7FE334000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2315-0x00007FF7FDFE0000-0x00007FF7FE334000-memory.dmp

Filesize
3.3MB

Download
memory/4468-17-0x00007FF7C6C20000-0x00007FF7C6F74000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2302-0x00007FF7C6C20000-0x00007FF7C6F74000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2297-0x00007FF6F93A0000-0x00007FF6F96F4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2310-0x00007FF6F93A0000-0x00007FF6F96F4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-36-0x00007FF6F93A0000-0x00007FF6F96F4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2305-0x00007FF686420000-0x00007FF686774000-memory.dmp

Filesize
3.3MB

Download
memory/4644-31-0x00007FF686420000-0x00007FF686774000-memory.dmp

Filesize
3.3MB

Download
memory/4692-217-0x00007FF7AB480000-0x00007FF7AB7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2332-0x00007FF7AB480000-0x00007FF7AB7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4764-112-0x00007FF60BBA0000-0x00007FF60BEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2320-0x00007FF60BBA0000-0x00007FF60BEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2301-0x00007FF60BBA0000-0x00007FF60BEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-114-0x00007FF76DCA0000-0x00007FF76DFF4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2321-0x00007FF76DCA0000-0x00007FF76DFF4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-225-0x00007FF661E40000-0x00007FF662194000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2331-0x00007FF661E40000-0x00007FF662194000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2311-0x00007FF6D28C0000-0x00007FF6D2C14000-memory.dmp

Filesize
3.3MB

Download
memory/5024-120-0x00007FF6D28C0000-0x00007FF6D2C14000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads