xmrig | 24b433625486f9530187266eea8aa60aafcbecdac3215a062353b1c3930cd6bb

Analysis

max time kernel
90s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
Size

2.0MB
MD5

3b609b18b721a0ca1a3219a0a0c94e50
SHA1

00271d2a159186da73510f38a3619f6f0ea8dd70
SHA256

24b433625486f9530187266eea8aa60aafcbecdac3215a062353b1c3930cd6bb
SHA512

63f6a5c9749b762de666c9110d1a02c3157c65f425a58174dfae381a70da7c72594a3729c9dc1e9fdb75fe75944d9b85e93c2d6e9505334d5f54153a83ca03fd
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKwOowx8Q0:BemTLkNdfE0pZrI

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1592-0-0x00007FF6AE5A0000-0x00007FF6AE8F4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023405-4.dat	xmrig
behavioral2/files/0x000700000002340c-11.dat	xmrig
behavioral2/memory/4568-20-0x00007FF697350000-0x00007FF6976A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-55.dat	xmrig
behavioral2/files/0x0007000000023419-80.dat	xmrig
behavioral2/files/0x000700000002341a-116.dat	xmrig
behavioral2/memory/3932-137-0x00007FF6B53C0000-0x00007FF6B5714000-memory.dmp	xmrig
behavioral2/memory/4580-153-0x00007FF6AC2E0000-0x00007FF6AC634000-memory.dmp	xmrig
behavioral2/memory/4804-165-0x00007FF703970000-0x00007FF703CC4000-memory.dmp	xmrig
behavioral2/memory/2964-170-0x00007FF6889F0000-0x00007FF688D44000-memory.dmp	xmrig
behavioral2/memory/2328-175-0x00007FF6BDAE0000-0x00007FF6BDE34000-memory.dmp	xmrig
behavioral2/memory/3972-176-0x00007FF7F0CB0000-0x00007FF7F1004000-memory.dmp	xmrig
behavioral2/memory/824-174-0x00007FF69AF40000-0x00007FF69B294000-memory.dmp	xmrig
behavioral2/memory/4152-173-0x00007FF607E90000-0x00007FF6081E4000-memory.dmp	xmrig
behavioral2/memory/4548-172-0x00007FF75D440000-0x00007FF75D794000-memory.dmp	xmrig
behavioral2/memory/2956-171-0x00007FF7D7BA0000-0x00007FF7D7EF4000-memory.dmp	xmrig
behavioral2/memory/1900-169-0x00007FF739DD0000-0x00007FF73A124000-memory.dmp	xmrig
behavioral2/memory/4164-168-0x00007FF7D9940000-0x00007FF7D9C94000-memory.dmp	xmrig
behavioral2/memory/2564-167-0x00007FF74A640000-0x00007FF74A994000-memory.dmp	xmrig
behavioral2/memory/4008-166-0x00007FF7A3D90000-0x00007FF7A40E4000-memory.dmp	xmrig
behavioral2/memory/1160-164-0x00007FF781780000-0x00007FF781AD4000-memory.dmp	xmrig
behavioral2/memory/1936-163-0x00007FF6CE7C0000-0x00007FF6CEB14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-161.dat	xmrig
behavioral2/files/0x0007000000023426-159.dat	xmrig
behavioral2/files/0x0007000000023425-157.dat	xmrig
behavioral2/files/0x0007000000023424-155.dat	xmrig
behavioral2/memory/3704-154-0x00007FF6BAF20000-0x00007FF6BB274000-memory.dmp	xmrig
behavioral2/memory/3316-152-0x00007FF6E3D80000-0x00007FF6E40D4000-memory.dmp	xmrig
behavioral2/memory/2008-151-0x00007FF76FA40000-0x00007FF76FD94000-memory.dmp	xmrig
behavioral2/memory/648-150-0x00007FF7C00C0000-0x00007FF7C0414000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-145.dat	xmrig
behavioral2/files/0x0007000000023422-141.dat	xmrig
behavioral2/files/0x000700000002341c-140.dat	xmrig
behavioral2/files/0x000700000002341d-128.dat	xmrig
behavioral2/files/0x0007000000023421-127.dat	xmrig
behavioral2/files/0x0007000000023420-124.dat	xmrig
behavioral2/files/0x000700000002341f-122.dat	xmrig
behavioral2/files/0x000700000002341e-120.dat	xmrig
behavioral2/files/0x000700000002341b-118.dat	xmrig
behavioral2/memory/5008-115-0x00007FF768EF0000-0x00007FF769244000-memory.dmp	xmrig
behavioral2/memory/3576-114-0x00007FF662D10000-0x00007FF663064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-187.dat	xmrig
behavioral2/files/0x000700000002342a-191.dat	xmrig
behavioral2/files/0x0008000000023409-190.dat	xmrig
behavioral2/files/0x0007000000023428-182.dat	xmrig
behavioral2/memory/3304-104-0x00007FF6D0C40000-0x00007FF6D0F94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-90.dat	xmrig
behavioral2/files/0x0007000000023417-86.dat	xmrig
behavioral2/memory/3284-83-0x00007FF606050000-0x00007FF6063A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-70.dat	xmrig
behavioral2/files/0x0007000000023416-63.dat	xmrig
behavioral2/memory/4364-59-0x00007FF63F1D0000-0x00007FF63F524000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-57.dat	xmrig
behavioral2/files/0x0007000000023412-49.dat	xmrig
behavioral2/files/0x0007000000023410-44.dat	xmrig
behavioral2/memory/2228-39-0x00007FF78E2A0000-0x00007FF78E5F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-38.dat	xmrig
behavioral2/files/0x0007000000023411-37.dat	xmrig
behavioral2/files/0x000700000002340d-34.dat	xmrig
behavioral2/files/0x000700000002340e-26.dat	xmrig
behavioral2/memory/3720-24-0x00007FF7AC3C0000-0x00007FF7AC714000-memory.dmp	xmrig
behavioral2/memory/2664-10-0x00007FF61EF90000-0x00007FF61F2E4000-memory.dmp	xmrig
behavioral2/memory/4568-2099-0x00007FF697350000-0x00007FF6976A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2664	SjjnjPd.exe
4568	JyvGtUy.exe
3720	ETHPqMn.exe
2228	encCcKl.exe
2956	ECzRYGd.exe
4364	MzDegjj.exe
3284	dbgdFQS.exe
3304	kQDboPS.exe
3576	LgjVfkg.exe
4548	qqeZofP.exe
5008	eRbOMbt.exe
3932	xhjNiuJ.exe
4152	eZNISdW.exe
648	aKLaqHq.exe
2008	GrnBllw.exe
3316	hwlLssN.exe
4580	faJelIx.exe
3704	lcKDYhL.exe
824	EddjaHT.exe
2328	RyxseWf.exe
1936	UMhHIFd.exe
1160	wnWHkgU.exe
4804	CNLpnjT.exe
4008	hPICdEr.exe
2564	kwAyRQU.exe
3972	ukJxjPb.exe
4164	ZAOwesa.exe
1900	adBVDHX.exe
2964	CuEbotF.exe
4572	WaZhmSd.exe
1580	mrxQWgK.exe
1948	OTyZTaL.exe
2548	xINQupQ.exe
4444	frkZbTb.exe
3156	unZdKXd.exe
1832	ILLtFuu.exe
4412	NbLtmSt.exe
2444	ZOxpiBk.exe
2300	euvZhfn.exe
2532	JqhYQaD.exe
4612	wtFkjme.exe
1260	WkiWMoR.exe
3628	zlurxIg.exe
2148	VRyCLiy.exe
2060	mXkgXMT.exe
3804	ZmLopne.exe
884	jcPIQOa.exe
3008	oLrBxhp.exe
1556	RozkVfn.exe
5012	kzmpUJb.exe
940	vgMZBpr.exe
4648	TolFQoj.exe
1964	WNXAbtC.exe
4868	gzzznEN.exe
1476	mAuJViM.exe
2268	vOIybIC.exe
4544	svvVcQs.exe
3348	Geypzsa.exe
4044	MXXgEQx.exe
3644	lkimXWO.exe
2136	zKmCjyH.exe
2516	JTBuOHU.exe
216	DJZIuLT.exe
3240	xWrPWfl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1592-0-0x00007FF6AE5A0000-0x00007FF6AE8F4000-memory.dmp	upx
behavioral2/files/0x0008000000023405-4.dat	upx
behavioral2/files/0x000700000002340c-11.dat	upx
behavioral2/memory/4568-20-0x00007FF697350000-0x00007FF6976A4000-memory.dmp	upx
behavioral2/files/0x0007000000023415-55.dat	upx
behavioral2/files/0x0007000000023419-80.dat	upx
behavioral2/files/0x000700000002341a-116.dat	upx
behavioral2/memory/3932-137-0x00007FF6B53C0000-0x00007FF6B5714000-memory.dmp	upx
behavioral2/memory/4580-153-0x00007FF6AC2E0000-0x00007FF6AC634000-memory.dmp	upx
behavioral2/memory/4804-165-0x00007FF703970000-0x00007FF703CC4000-memory.dmp	upx
behavioral2/memory/2964-170-0x00007FF6889F0000-0x00007FF688D44000-memory.dmp	upx
behavioral2/memory/2328-175-0x00007FF6BDAE0000-0x00007FF6BDE34000-memory.dmp	upx
behavioral2/memory/3972-176-0x00007FF7F0CB0000-0x00007FF7F1004000-memory.dmp	upx
behavioral2/memory/824-174-0x00007FF69AF40000-0x00007FF69B294000-memory.dmp	upx
behavioral2/memory/4152-173-0x00007FF607E90000-0x00007FF6081E4000-memory.dmp	upx
behavioral2/memory/4548-172-0x00007FF75D440000-0x00007FF75D794000-memory.dmp	upx
behavioral2/memory/2956-171-0x00007FF7D7BA0000-0x00007FF7D7EF4000-memory.dmp	upx
behavioral2/memory/1900-169-0x00007FF739DD0000-0x00007FF73A124000-memory.dmp	upx
behavioral2/memory/4164-168-0x00007FF7D9940000-0x00007FF7D9C94000-memory.dmp	upx
behavioral2/memory/2564-167-0x00007FF74A640000-0x00007FF74A994000-memory.dmp	upx
behavioral2/memory/4008-166-0x00007FF7A3D90000-0x00007FF7A40E4000-memory.dmp	upx
behavioral2/memory/1160-164-0x00007FF781780000-0x00007FF781AD4000-memory.dmp	upx
behavioral2/memory/1936-163-0x00007FF6CE7C0000-0x00007FF6CEB14000-memory.dmp	upx
behavioral2/files/0x0007000000023427-161.dat	upx
behavioral2/files/0x0007000000023426-159.dat	upx
behavioral2/files/0x0007000000023425-157.dat	upx
behavioral2/files/0x0007000000023424-155.dat	upx
behavioral2/memory/3704-154-0x00007FF6BAF20000-0x00007FF6BB274000-memory.dmp	upx
behavioral2/memory/3316-152-0x00007FF6E3D80000-0x00007FF6E40D4000-memory.dmp	upx
behavioral2/memory/2008-151-0x00007FF76FA40000-0x00007FF76FD94000-memory.dmp	upx
behavioral2/memory/648-150-0x00007FF7C00C0000-0x00007FF7C0414000-memory.dmp	upx
behavioral2/files/0x0007000000023423-145.dat	upx
behavioral2/files/0x0007000000023422-141.dat	upx
behavioral2/files/0x000700000002341c-140.dat	upx
behavioral2/files/0x000700000002341d-128.dat	upx
behavioral2/files/0x0007000000023421-127.dat	upx
behavioral2/files/0x0007000000023420-124.dat	upx
behavioral2/files/0x000700000002341f-122.dat	upx
behavioral2/files/0x000700000002341e-120.dat	upx
behavioral2/files/0x000700000002341b-118.dat	upx
behavioral2/memory/5008-115-0x00007FF768EF0000-0x00007FF769244000-memory.dmp	upx
behavioral2/memory/3576-114-0x00007FF662D10000-0x00007FF663064000-memory.dmp	upx
behavioral2/files/0x0007000000023429-187.dat	upx
behavioral2/files/0x000700000002342a-191.dat	upx
behavioral2/files/0x0008000000023409-190.dat	upx
behavioral2/files/0x0007000000023428-182.dat	upx
behavioral2/memory/3304-104-0x00007FF6D0C40000-0x00007FF6D0F94000-memory.dmp	upx
behavioral2/files/0x0007000000023418-90.dat	upx
behavioral2/files/0x0007000000023417-86.dat	upx
behavioral2/memory/3284-83-0x00007FF606050000-0x00007FF6063A4000-memory.dmp	upx
behavioral2/files/0x0007000000023414-70.dat	upx
behavioral2/files/0x0007000000023416-63.dat	upx
behavioral2/memory/4364-59-0x00007FF63F1D0000-0x00007FF63F524000-memory.dmp	upx
behavioral2/files/0x0007000000023413-57.dat	upx
behavioral2/files/0x0007000000023412-49.dat	upx
behavioral2/files/0x0007000000023410-44.dat	upx
behavioral2/memory/2228-39-0x00007FF78E2A0000-0x00007FF78E5F4000-memory.dmp	upx
behavioral2/files/0x000700000002340f-38.dat	upx
behavioral2/files/0x0007000000023411-37.dat	upx
behavioral2/files/0x000700000002340d-34.dat	upx
behavioral2/files/0x000700000002340e-26.dat	upx
behavioral2/memory/3720-24-0x00007FF7AC3C0000-0x00007FF7AC714000-memory.dmp	upx
behavioral2/memory/2664-10-0x00007FF61EF90000-0x00007FF61F2E4000-memory.dmp	upx
behavioral2/memory/4568-2099-0x00007FF697350000-0x00007FF6976A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MwJwGUd.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\GrnBllw.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\euvZhfn.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\sNjpDFw.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\KDZnycm.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\LZpeZln.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\xzoYiby.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\yLxajXi.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\pHMigkG.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\SOVYIAO.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\wXyylIC.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\XLMttqz.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\bazusYJ.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\mMIaOlb.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\UoevgQZ.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\NsOcJXG.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\fDojDei.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\zMfDuEC.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\GXwZdoA.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\rlwSDlC.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\IaMltgY.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\NcfEKyy.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\xXXZBUp.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\CCXAcnw.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\kSTlWhB.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\IKUyOjk.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\YukGJMF.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\zrOVzbJ.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\dzbvqtg.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\KLcJZcX.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\pKmMnZh.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\WNXAbtC.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\JTBuOHU.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\FvhoRgb.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\jfxdrbl.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\eRbOMbt.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\RrFvblG.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\sPPykbo.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\YMsEZBQ.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\bhItTxg.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\rvTGzXH.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\zlurxIg.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\ipaZxro.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\LPMivRr.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\vKbWKhV.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\ZjuxvFq.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\oGLIVkY.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\IFzLPpn.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\xpdahpi.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\uJKHnAT.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\rsCgedN.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\wgFEFxu.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\bDrgZax.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\rvzMGhr.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\glTaMoO.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\EejyPGO.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\kecFmAj.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\OeNaLrQ.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\wqcODBx.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\qBOkHOP.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\rbbEubq.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\Ubzaomw.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\XFWgOFu.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
File created	C:\Windows\System\aXASSPL.exe	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14084	dwm.exe
Token: SeChangeNotifyPrivilege	14084	dwm.exe
Token: 33	14084	dwm.exe
Token: SeIncBasePriorityPrivilege	14084	dwm.exe
Token: SeShutdownPrivilege	14084	dwm.exe
Token: SeCreatePagefilePrivilege	14084	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 2664	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	85
PID 1592 wrote to memory of 2664	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	85
PID 1592 wrote to memory of 4568	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	86
PID 1592 wrote to memory of 4568	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	86
PID 1592 wrote to memory of 3720	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	87
PID 1592 wrote to memory of 3720	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	87
PID 1592 wrote to memory of 2228	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	88
PID 1592 wrote to memory of 2228	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	88
PID 1592 wrote to memory of 2956	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	89
PID 1592 wrote to memory of 2956	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	89
PID 1592 wrote to memory of 4364	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	90
PID 1592 wrote to memory of 4364	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	90
PID 1592 wrote to memory of 3284	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	91
PID 1592 wrote to memory of 3284	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	91
PID 1592 wrote to memory of 3304	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	92
PID 1592 wrote to memory of 3304	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	92
PID 1592 wrote to memory of 3576	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	93
PID 1592 wrote to memory of 3576	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	93
PID 1592 wrote to memory of 4548	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	94
PID 1592 wrote to memory of 4548	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	94
PID 1592 wrote to memory of 5008	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	95
PID 1592 wrote to memory of 5008	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	95
PID 1592 wrote to memory of 3932	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	96
PID 1592 wrote to memory of 3932	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	96
PID 1592 wrote to memory of 4152	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	97
PID 1592 wrote to memory of 4152	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	97
PID 1592 wrote to memory of 648	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	98
PID 1592 wrote to memory of 648	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	98
PID 1592 wrote to memory of 2008	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	100
PID 1592 wrote to memory of 2008	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	100
PID 1592 wrote to memory of 3316	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	101
PID 1592 wrote to memory of 3316	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	101
PID 1592 wrote to memory of 4580	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	102
PID 1592 wrote to memory of 4580	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	102
PID 1592 wrote to memory of 3704	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	103
PID 1592 wrote to memory of 3704	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	103
PID 1592 wrote to memory of 824	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	104
PID 1592 wrote to memory of 824	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	104
PID 1592 wrote to memory of 2328	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	105
PID 1592 wrote to memory of 2328	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	105
PID 1592 wrote to memory of 1936	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	106
PID 1592 wrote to memory of 1936	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	106
PID 1592 wrote to memory of 1160	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	107
PID 1592 wrote to memory of 1160	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	107
PID 1592 wrote to memory of 4804	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	108
PID 1592 wrote to memory of 4804	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	108
PID 1592 wrote to memory of 4008	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	109
PID 1592 wrote to memory of 4008	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	109
PID 1592 wrote to memory of 2564	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	110
PID 1592 wrote to memory of 2564	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	110
PID 1592 wrote to memory of 3972	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	111
PID 1592 wrote to memory of 3972	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	111
PID 1592 wrote to memory of 4164	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	112
PID 1592 wrote to memory of 4164	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	112
PID 1592 wrote to memory of 1900	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	113
PID 1592 wrote to memory of 1900	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	113
PID 1592 wrote to memory of 2964	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	114
PID 1592 wrote to memory of 2964	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	114
PID 1592 wrote to memory of 4572	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	115
PID 1592 wrote to memory of 4572	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	115
PID 1592 wrote to memory of 1580	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	117
PID 1592 wrote to memory of 1580	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	117
PID 1592 wrote to memory of 1948	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	118
PID 1592 wrote to memory of 1948	1592	3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b609b18b721a0ca1a3219a0a0c94e50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Windows\System\SjjnjPd.exe
  C:\Windows\System\SjjnjPd.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\JyvGtUy.exe
  C:\Windows\System\JyvGtUy.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\ETHPqMn.exe
  C:\Windows\System\ETHPqMn.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\encCcKl.exe
  C:\Windows\System\encCcKl.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ECzRYGd.exe
  C:\Windows\System\ECzRYGd.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\MzDegjj.exe
  C:\Windows\System\MzDegjj.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\dbgdFQS.exe
  C:\Windows\System\dbgdFQS.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\kQDboPS.exe
  C:\Windows\System\kQDboPS.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\LgjVfkg.exe
  C:\Windows\System\LgjVfkg.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\qqeZofP.exe
  C:\Windows\System\qqeZofP.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\eRbOMbt.exe
  C:\Windows\System\eRbOMbt.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\xhjNiuJ.exe
  C:\Windows\System\xhjNiuJ.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\eZNISdW.exe
  C:\Windows\System\eZNISdW.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\aKLaqHq.exe
  C:\Windows\System\aKLaqHq.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\GrnBllw.exe
  C:\Windows\System\GrnBllw.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\hwlLssN.exe
  C:\Windows\System\hwlLssN.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\faJelIx.exe
  C:\Windows\System\faJelIx.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\lcKDYhL.exe
  C:\Windows\System\lcKDYhL.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\EddjaHT.exe
  C:\Windows\System\EddjaHT.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\RyxseWf.exe
  C:\Windows\System\RyxseWf.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\UMhHIFd.exe
  C:\Windows\System\UMhHIFd.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\wnWHkgU.exe
  C:\Windows\System\wnWHkgU.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\CNLpnjT.exe
  C:\Windows\System\CNLpnjT.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\hPICdEr.exe
  C:\Windows\System\hPICdEr.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\kwAyRQU.exe
  C:\Windows\System\kwAyRQU.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ukJxjPb.exe
  C:\Windows\System\ukJxjPb.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\ZAOwesa.exe
  C:\Windows\System\ZAOwesa.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\adBVDHX.exe
  C:\Windows\System\adBVDHX.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\CuEbotF.exe
  C:\Windows\System\CuEbotF.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WaZhmSd.exe
  C:\Windows\System\WaZhmSd.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\mrxQWgK.exe
  C:\Windows\System\mrxQWgK.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\OTyZTaL.exe
  C:\Windows\System\OTyZTaL.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\xINQupQ.exe
  C:\Windows\System\xINQupQ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\frkZbTb.exe
  C:\Windows\System\frkZbTb.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\unZdKXd.exe
  C:\Windows\System\unZdKXd.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\ILLtFuu.exe
  C:\Windows\System\ILLtFuu.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\NbLtmSt.exe
  C:\Windows\System\NbLtmSt.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\ZOxpiBk.exe
  C:\Windows\System\ZOxpiBk.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\euvZhfn.exe
  C:\Windows\System\euvZhfn.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\JqhYQaD.exe
  C:\Windows\System\JqhYQaD.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\wtFkjme.exe
  C:\Windows\System\wtFkjme.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\WkiWMoR.exe
  C:\Windows\System\WkiWMoR.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\zlurxIg.exe
  C:\Windows\System\zlurxIg.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\VRyCLiy.exe
  C:\Windows\System\VRyCLiy.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\mXkgXMT.exe
  C:\Windows\System\mXkgXMT.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ZmLopne.exe
  C:\Windows\System\ZmLopne.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\jcPIQOa.exe
  C:\Windows\System\jcPIQOa.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\oLrBxhp.exe
  C:\Windows\System\oLrBxhp.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\RozkVfn.exe
  C:\Windows\System\RozkVfn.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\kzmpUJb.exe
  C:\Windows\System\kzmpUJb.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\vgMZBpr.exe
  C:\Windows\System\vgMZBpr.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\TolFQoj.exe
  C:\Windows\System\TolFQoj.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\WNXAbtC.exe
  C:\Windows\System\WNXAbtC.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\gzzznEN.exe
  C:\Windows\System\gzzznEN.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\mAuJViM.exe
  C:\Windows\System\mAuJViM.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\vOIybIC.exe
  C:\Windows\System\vOIybIC.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\svvVcQs.exe
  C:\Windows\System\svvVcQs.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\lkimXWO.exe
  C:\Windows\System\lkimXWO.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\Geypzsa.exe
  C:\Windows\System\Geypzsa.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\MXXgEQx.exe
  C:\Windows\System\MXXgEQx.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\zKmCjyH.exe
  C:\Windows\System\zKmCjyH.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\JTBuOHU.exe
  C:\Windows\System\JTBuOHU.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\DJZIuLT.exe
  C:\Windows\System\DJZIuLT.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\xWrPWfl.exe
  C:\Windows\System\xWrPWfl.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\slgpDPC.exe
  C:\Windows\System\slgpDPC.exe
  2⤵
  PID:4912
- C:\Windows\System\YBgomPu.exe
  C:\Windows\System\YBgomPu.exe
  2⤵
  PID:2820
- C:\Windows\System\tobSXjj.exe
  C:\Windows\System\tobSXjj.exe
  2⤵
  PID:1000
- C:\Windows\System\CrvjYiq.exe
  C:\Windows\System\CrvjYiq.exe
  2⤵
  PID:952
- C:\Windows\System\ggMUMWB.exe
  C:\Windows\System\ggMUMWB.exe
  2⤵
  PID:2604
- C:\Windows\System\ZQiQiQw.exe
  C:\Windows\System\ZQiQiQw.exe
  2⤵
  PID:2788
- C:\Windows\System\RrFvblG.exe
  C:\Windows\System\RrFvblG.exe
  2⤵
  PID:3332
- C:\Windows\System\sPPykbo.exe
  C:\Windows\System\sPPykbo.exe
  2⤵
  PID:1896
- C:\Windows\System\HrEGqlY.exe
  C:\Windows\System\HrEGqlY.exe
  2⤵
  PID:1720
- C:\Windows\System\hLKAeYy.exe
  C:\Windows\System\hLKAeYy.exe
  2⤵
  PID:1060
- C:\Windows\System\dpeDdRH.exe
  C:\Windows\System\dpeDdRH.exe
  2⤵
  PID:4236
- C:\Windows\System\XwBCxRd.exe
  C:\Windows\System\XwBCxRd.exe
  2⤵
  PID:3580
- C:\Windows\System\kdxtpwc.exe
  C:\Windows\System\kdxtpwc.exe
  2⤵
  PID:852
- C:\Windows\System\BUVeXFy.exe
  C:\Windows\System\BUVeXFy.exe
  2⤵
  PID:3032
- C:\Windows\System\uOKQwWh.exe
  C:\Windows\System\uOKQwWh.exe
  2⤵
  PID:3212
- C:\Windows\System\mnWLRQf.exe
  C:\Windows\System\mnWLRQf.exe
  2⤵
  PID:2808
- C:\Windows\System\VMnkAZC.exe
  C:\Windows\System\VMnkAZC.exe
  2⤵
  PID:2960
- C:\Windows\System\MpTBThF.exe
  C:\Windows\System\MpTBThF.exe
  2⤵
  PID:3724
- C:\Windows\System\nxPUzSD.exe
  C:\Windows\System\nxPUzSD.exe
  2⤵
  PID:2380
- C:\Windows\System\EpfHgVp.exe
  C:\Windows\System\EpfHgVp.exe
  2⤵
  PID:844
- C:\Windows\System\vLRBoyS.exe
  C:\Windows\System\vLRBoyS.exe
  2⤵
  PID:2400
- C:\Windows\System\ulqUqbC.exe
  C:\Windows\System\ulqUqbC.exe
  2⤵
  PID:4280
- C:\Windows\System\wDOEGbU.exe
  C:\Windows\System\wDOEGbU.exe
  2⤵
  PID:3696
- C:\Windows\System\YrTyfRj.exe
  C:\Windows\System\YrTyfRj.exe
  2⤵
  PID:4904
- C:\Windows\System\eFKTlQV.exe
  C:\Windows\System\eFKTlQV.exe
  2⤵
  PID:3132
- C:\Windows\System\msSqEul.exe
  C:\Windows\System\msSqEul.exe
  2⤵
  PID:3288
- C:\Windows\System\GmCXvpf.exe
  C:\Windows\System\GmCXvpf.exe
  2⤵
  PID:3188
- C:\Windows\System\uJKHnAT.exe
  C:\Windows\System\uJKHnAT.exe
  2⤵
  PID:4288
- C:\Windows\System\YMsEZBQ.exe
  C:\Windows\System\YMsEZBQ.exe
  2⤵
  PID:2092
- C:\Windows\System\zWRpIzq.exe
  C:\Windows\System\zWRpIzq.exe
  2⤵
  PID:3748
- C:\Windows\System\DHuzkii.exe
  C:\Windows\System\DHuzkii.exe
  2⤵
  PID:736
- C:\Windows\System\FvhoRgb.exe
  C:\Windows\System\FvhoRgb.exe
  2⤵
  PID:4992
- C:\Windows\System\KdSMmeP.exe
  C:\Windows\System\KdSMmeP.exe
  2⤵
  PID:5152
- C:\Windows\System\IcrnqrK.exe
  C:\Windows\System\IcrnqrK.exe
  2⤵
  PID:5168
- C:\Windows\System\foTzpUf.exe
  C:\Windows\System\foTzpUf.exe
  2⤵
  PID:5196
- C:\Windows\System\ZXWIeGA.exe
  C:\Windows\System\ZXWIeGA.exe
  2⤵
  PID:5224
- C:\Windows\System\ANrFKqN.exe
  C:\Windows\System\ANrFKqN.exe
  2⤵
  PID:5256
- C:\Windows\System\GXwZdoA.exe
  C:\Windows\System\GXwZdoA.exe
  2⤵
  PID:5284
- C:\Windows\System\rbbEubq.exe
  C:\Windows\System\rbbEubq.exe
  2⤵
  PID:5312
- C:\Windows\System\CGSGObU.exe
  C:\Windows\System\CGSGObU.exe
  2⤵
  PID:5340
- C:\Windows\System\OdkIZyK.exe
  C:\Windows\System\OdkIZyK.exe
  2⤵
  PID:5368
- C:\Windows\System\csGHCFg.exe
  C:\Windows\System\csGHCFg.exe
  2⤵
  PID:5396
- C:\Windows\System\CvJWuaG.exe
  C:\Windows\System\CvJWuaG.exe
  2⤵
  PID:5424
- C:\Windows\System\hhAkFvZ.exe
  C:\Windows\System\hhAkFvZ.exe
  2⤵
  PID:5452
- C:\Windows\System\RghMEEP.exe
  C:\Windows\System\RghMEEP.exe
  2⤵
  PID:5480
- C:\Windows\System\JysolQK.exe
  C:\Windows\System\JysolQK.exe
  2⤵
  PID:5508
- C:\Windows\System\jXwhYkx.exe
  C:\Windows\System\jXwhYkx.exe
  2⤵
  PID:5536
- C:\Windows\System\bhItTxg.exe
  C:\Windows\System\bhItTxg.exe
  2⤵
  PID:5564
- C:\Windows\System\kCphZVF.exe
  C:\Windows\System\kCphZVF.exe
  2⤵
  PID:5592
- C:\Windows\System\cFZPxkb.exe
  C:\Windows\System\cFZPxkb.exe
  2⤵
  PID:5620
- C:\Windows\System\fwXGAWu.exe
  C:\Windows\System\fwXGAWu.exe
  2⤵
  PID:5648
- C:\Windows\System\fjAicMH.exe
  C:\Windows\System\fjAicMH.exe
  2⤵
  PID:5676
- C:\Windows\System\fCSMjmk.exe
  C:\Windows\System\fCSMjmk.exe
  2⤵
  PID:5716
- C:\Windows\System\zibXawY.exe
  C:\Windows\System\zibXawY.exe
  2⤵
  PID:5732
- C:\Windows\System\CHQgeJH.exe
  C:\Windows\System\CHQgeJH.exe
  2⤵
  PID:5760
- C:\Windows\System\jfxdrbl.exe
  C:\Windows\System\jfxdrbl.exe
  2⤵
  PID:5788
- C:\Windows\System\IiprbDs.exe
  C:\Windows\System\IiprbDs.exe
  2⤵
  PID:5816
- C:\Windows\System\AWsdUCs.exe
  C:\Windows\System\AWsdUCs.exe
  2⤵
  PID:5844
- C:\Windows\System\VniVUlP.exe
  C:\Windows\System\VniVUlP.exe
  2⤵
  PID:5872
- C:\Windows\System\SRinLIJ.exe
  C:\Windows\System\SRinLIJ.exe
  2⤵
  PID:5900
- C:\Windows\System\FdyTasN.exe
  C:\Windows\System\FdyTasN.exe
  2⤵
  PID:5928
- C:\Windows\System\PsIHbeh.exe
  C:\Windows\System\PsIHbeh.exe
  2⤵
  PID:5956
- C:\Windows\System\QRHedmt.exe
  C:\Windows\System\QRHedmt.exe
  2⤵
  PID:5984
- C:\Windows\System\nBKLFUB.exe
  C:\Windows\System\nBKLFUB.exe
  2⤵
  PID:6012
- C:\Windows\System\dOVbQxi.exe
  C:\Windows\System\dOVbQxi.exe
  2⤵
  PID:6040
- C:\Windows\System\iPZdLlH.exe
  C:\Windows\System\iPZdLlH.exe
  2⤵
  PID:6068
- C:\Windows\System\sNibAlA.exe
  C:\Windows\System\sNibAlA.exe
  2⤵
  PID:6096
- C:\Windows\System\bnjUrrV.exe
  C:\Windows\System\bnjUrrV.exe
  2⤵
  PID:6124
- C:\Windows\System\ykoNnqe.exe
  C:\Windows\System\ykoNnqe.exe
  2⤵
  PID:5132
- C:\Windows\System\rOCmjYt.exe
  C:\Windows\System\rOCmjYt.exe
  2⤵
  PID:5188
- C:\Windows\System\RaUufxE.exe
  C:\Windows\System\RaUufxE.exe
  2⤵
  PID:5248
- C:\Windows\System\NPijPxj.exe
  C:\Windows\System\NPijPxj.exe
  2⤵
  PID:5332
- C:\Windows\System\LZKzXsI.exe
  C:\Windows\System\LZKzXsI.exe
  2⤵
  PID:5380
- C:\Windows\System\KyKiwvJ.exe
  C:\Windows\System\KyKiwvJ.exe
  2⤵
  PID:5448
- C:\Windows\System\zxRbnzK.exe
  C:\Windows\System\zxRbnzK.exe
  2⤵
  PID:5504
- C:\Windows\System\lqBobVz.exe
  C:\Windows\System\lqBobVz.exe
  2⤵
  PID:5560
- C:\Windows\System\MDjkoaz.exe
  C:\Windows\System\MDjkoaz.exe
  2⤵
  PID:5616
- C:\Windows\System\rlwSDlC.exe
  C:\Windows\System\rlwSDlC.exe
  2⤵
  PID:5668
- C:\Windows\System\KBHIBAV.exe
  C:\Windows\System\KBHIBAV.exe
  2⤵
  PID:5728
- C:\Windows\System\pVVFfYj.exe
  C:\Windows\System\pVVFfYj.exe
  2⤵
  PID:5772
- C:\Windows\System\MGyqSMp.exe
  C:\Windows\System\MGyqSMp.exe
  2⤵
  PID:5856
- C:\Windows\System\xHnnKRM.exe
  C:\Windows\System\xHnnKRM.exe
  2⤵
  PID:5920
- C:\Windows\System\bugEoYc.exe
  C:\Windows\System\bugEoYc.exe
  2⤵
  PID:5980
- C:\Windows\System\kwSLECu.exe
  C:\Windows\System\kwSLECu.exe
  2⤵
  PID:6024
- C:\Windows\System\kvYXpXl.exe
  C:\Windows\System\kvYXpXl.exe
  2⤵
  PID:6088
- C:\Windows\System\FkbPKUz.exe
  C:\Windows\System\FkbPKUz.exe
  2⤵
  PID:5056
- C:\Windows\System\xUXsGlr.exe
  C:\Windows\System\xUXsGlr.exe
  2⤵
  PID:564
- C:\Windows\System\FwNskOE.exe
  C:\Windows\System\FwNskOE.exe
  2⤵
  PID:4396
- C:\Windows\System\EJraHtl.exe
  C:\Windows\System\EJraHtl.exe
  2⤵
  PID:5500
- C:\Windows\System\XlnOZJY.exe
  C:\Windows\System\XlnOZJY.exe
  2⤵
  PID:5016
- C:\Windows\System\gZFsDWe.exe
  C:\Windows\System\gZFsDWe.exe
  2⤵
  PID:5780
- C:\Windows\System\PSIOiSn.exe
  C:\Windows\System\PSIOiSn.exe
  2⤵
  PID:5912
- C:\Windows\System\rsCgedN.exe
  C:\Windows\System\rsCgedN.exe
  2⤵
  PID:6052
- C:\Windows\System\PJqebVi.exe
  C:\Windows\System\PJqebVi.exe
  2⤵
  PID:5216
- C:\Windows\System\sOgzNOS.exe
  C:\Windows\System\sOgzNOS.exe
  2⤵
  PID:5492
- C:\Windows\System\ihktsVr.exe
  C:\Windows\System\ihktsVr.exe
  2⤵
  PID:1984
- C:\Windows\System\IaMltgY.exe
  C:\Windows\System\IaMltgY.exe
  2⤵
  PID:5096
- C:\Windows\System\eSFzuzF.exe
  C:\Windows\System\eSFzuzF.exe
  2⤵
  PID:5836
- C:\Windows\System\HXYTsoi.exe
  C:\Windows\System\HXYTsoi.exe
  2⤵
  PID:2176
- C:\Windows\System\VzbImgp.exe
  C:\Windows\System\VzbImgp.exe
  2⤵
  PID:6156
- C:\Windows\System\eYTUhFv.exe
  C:\Windows\System\eYTUhFv.exe
  2⤵
  PID:6172
- C:\Windows\System\zYESzYi.exe
  C:\Windows\System\zYESzYi.exe
  2⤵
  PID:6188
- C:\Windows\System\BgoHtFE.exe
  C:\Windows\System\BgoHtFE.exe
  2⤵
  PID:6208
- C:\Windows\System\VHKGvHd.exe
  C:\Windows\System\VHKGvHd.exe
  2⤵
  PID:6244
- C:\Windows\System\MFEmFsZ.exe
  C:\Windows\System\MFEmFsZ.exe
  2⤵
  PID:6284
- C:\Windows\System\gVGasUV.exe
  C:\Windows\System\gVGasUV.exe
  2⤵
  PID:6320
- C:\Windows\System\LzrfUUy.exe
  C:\Windows\System\LzrfUUy.exe
  2⤵
  PID:6356
- C:\Windows\System\ximGOaz.exe
  C:\Windows\System\ximGOaz.exe
  2⤵
  PID:6392
- C:\Windows\System\mvJnZkk.exe
  C:\Windows\System\mvJnZkk.exe
  2⤵
  PID:6428
- C:\Windows\System\ydSMfXl.exe
  C:\Windows\System\ydSMfXl.exe
  2⤵
  PID:6456
- C:\Windows\System\TFdMjDS.exe
  C:\Windows\System\TFdMjDS.exe
  2⤵
  PID:6484
- C:\Windows\System\NtbsFdU.exe
  C:\Windows\System\NtbsFdU.exe
  2⤵
  PID:6512
- C:\Windows\System\bwMVfdW.exe
  C:\Windows\System\bwMVfdW.exe
  2⤵
  PID:6540
- C:\Windows\System\CIuwCeZ.exe
  C:\Windows\System\CIuwCeZ.exe
  2⤵
  PID:6568
- C:\Windows\System\omhBPWV.exe
  C:\Windows\System\omhBPWV.exe
  2⤵
  PID:6596
- C:\Windows\System\riQsVdm.exe
  C:\Windows\System\riQsVdm.exe
  2⤵
  PID:6624
- C:\Windows\System\rqRukSA.exe
  C:\Windows\System\rqRukSA.exe
  2⤵
  PID:6652
- C:\Windows\System\ZwNMbCa.exe
  C:\Windows\System\ZwNMbCa.exe
  2⤵
  PID:6680
- C:\Windows\System\CeDFZKC.exe
  C:\Windows\System\CeDFZKC.exe
  2⤵
  PID:6712
- C:\Windows\System\OWRmCds.exe
  C:\Windows\System\OWRmCds.exe
  2⤵
  PID:6740
- C:\Windows\System\IkkmsDA.exe
  C:\Windows\System\IkkmsDA.exe
  2⤵
  PID:6768
- C:\Windows\System\EawhZsY.exe
  C:\Windows\System\EawhZsY.exe
  2⤵
  PID:6784
- C:\Windows\System\jJsYBxC.exe
  C:\Windows\System\jJsYBxC.exe
  2⤵
  PID:6812
- C:\Windows\System\Ubzaomw.exe
  C:\Windows\System\Ubzaomw.exe
  2⤵
  PID:6848
- C:\Windows\System\yVGyZWx.exe
  C:\Windows\System\yVGyZWx.exe
  2⤵
  PID:6880
- C:\Windows\System\GxkYdwt.exe
  C:\Windows\System\GxkYdwt.exe
  2⤵
  PID:6908
- C:\Windows\System\FklMPLr.exe
  C:\Windows\System\FklMPLr.exe
  2⤵
  PID:6936
- C:\Windows\System\vZsCwda.exe
  C:\Windows\System\vZsCwda.exe
  2⤵
  PID:6964
- C:\Windows\System\bazusYJ.exe
  C:\Windows\System\bazusYJ.exe
  2⤵
  PID:6992
- C:\Windows\System\xZIQVrp.exe
  C:\Windows\System\xZIQVrp.exe
  2⤵
  PID:7016
- C:\Windows\System\JlYzJcZ.exe
  C:\Windows\System\JlYzJcZ.exe
  2⤵
  PID:7048
- C:\Windows\System\gvQikiI.exe
  C:\Windows\System\gvQikiI.exe
  2⤵
  PID:7076
- C:\Windows\System\XesaThZ.exe
  C:\Windows\System\XesaThZ.exe
  2⤵
  PID:7104
- C:\Windows\System\kSTlWhB.exe
  C:\Windows\System\kSTlWhB.exe
  2⤵
  PID:7148
- C:\Windows\System\JRfalJe.exe
  C:\Windows\System\JRfalJe.exe
  2⤵
  PID:6164
- C:\Windows\System\dJPDfEb.exe
  C:\Windows\System\dJPDfEb.exe
  2⤵
  PID:6276
- C:\Windows\System\PvgxPtC.exe
  C:\Windows\System\PvgxPtC.exe
  2⤵
  PID:6336
- C:\Windows\System\xelWibq.exe
  C:\Windows\System\xelWibq.exe
  2⤵
  PID:6416
- C:\Windows\System\zIChJku.exe
  C:\Windows\System\zIChJku.exe
  2⤵
  PID:6508
- C:\Windows\System\woabPbd.exe
  C:\Windows\System\woabPbd.exe
  2⤵
  PID:6564
- C:\Windows\System\yLxajXi.exe
  C:\Windows\System\yLxajXi.exe
  2⤵
  PID:6616
- C:\Windows\System\yCMnMDU.exe
  C:\Windows\System\yCMnMDU.exe
  2⤵
  PID:6704
- C:\Windows\System\mzxYxJF.exe
  C:\Windows\System\mzxYxJF.exe
  2⤵
  PID:756
- C:\Windows\System\CoctJsb.exe
  C:\Windows\System\CoctJsb.exe
  2⤵
  PID:6760
- C:\Windows\System\zYiRdAU.exe
  C:\Windows\System\zYiRdAU.exe
  2⤵
  PID:6836
- C:\Windows\System\gPSbVZJ.exe
  C:\Windows\System\gPSbVZJ.exe
  2⤵
  PID:6904
- C:\Windows\System\CNUfmaS.exe
  C:\Windows\System\CNUfmaS.exe
  2⤵
  PID:6980
- C:\Windows\System\gWvnGcD.exe
  C:\Windows\System\gWvnGcD.exe
  2⤵
  PID:7040
- C:\Windows\System\uBCvNPh.exe
  C:\Windows\System\uBCvNPh.exe
  2⤵
  PID:7100
- C:\Windows\System\fVNmFii.exe
  C:\Windows\System\fVNmFii.exe
  2⤵
  PID:6232
- C:\Windows\System\zBlNcQt.exe
  C:\Windows\System\zBlNcQt.exe
  2⤵
  PID:6424
- C:\Windows\System\NcfEKyy.exe
  C:\Windows\System\NcfEKyy.exe
  2⤵
  PID:6552
- C:\Windows\System\KtwknUE.exe
  C:\Windows\System\KtwknUE.exe
  2⤵
  PID:6676
- C:\Windows\System\TbPcuvo.exe
  C:\Windows\System\TbPcuvo.exe
  2⤵
  PID:6800
- C:\Windows\System\lqLAgLV.exe
  C:\Windows\System\lqLAgLV.exe
  2⤵
  PID:6956
- C:\Windows\System\zmXCaLm.exe
  C:\Windows\System\zmXCaLm.exe
  2⤵
  PID:7096
- C:\Windows\System\JZXqnFz.exe
  C:\Windows\System\JZXqnFz.exe
  2⤵
  PID:6452
- C:\Windows\System\wgFEFxu.exe
  C:\Windows\System\wgFEFxu.exe
  2⤵
  PID:6764
- C:\Windows\System\tVbwYsK.exe
  C:\Windows\System\tVbwYsK.exe
  2⤵
  PID:7088
- C:\Windows\System\uoKlTZt.exe
  C:\Windows\System\uoKlTZt.exe
  2⤵
  PID:6900
- C:\Windows\System\GmzqSAU.exe
  C:\Windows\System\GmzqSAU.exe
  2⤵
  PID:6752
- C:\Windows\System\XVWSRHG.exe
  C:\Windows\System\XVWSRHG.exe
  2⤵
  PID:7192
- C:\Windows\System\pHMigkG.exe
  C:\Windows\System\pHMigkG.exe
  2⤵
  PID:7228
- C:\Windows\System\SOVYIAO.exe
  C:\Windows\System\SOVYIAO.exe
  2⤵
  PID:7248
- C:\Windows\System\loWiRRa.exe
  C:\Windows\System\loWiRRa.exe
  2⤵
  PID:7276
- C:\Windows\System\BdmfTmA.exe
  C:\Windows\System\BdmfTmA.exe
  2⤵
  PID:7304
- C:\Windows\System\rBmPmFK.exe
  C:\Windows\System\rBmPmFK.exe
  2⤵
  PID:7332
- C:\Windows\System\ipaZxro.exe
  C:\Windows\System\ipaZxro.exe
  2⤵
  PID:7360
- C:\Windows\System\bJGQITb.exe
  C:\Windows\System\bJGQITb.exe
  2⤵
  PID:7388
- C:\Windows\System\KcwUGYS.exe
  C:\Windows\System\KcwUGYS.exe
  2⤵
  PID:7416
- C:\Windows\System\mMIaOlb.exe
  C:\Windows\System\mMIaOlb.exe
  2⤵
  PID:7444
- C:\Windows\System\emGRxrd.exe
  C:\Windows\System\emGRxrd.exe
  2⤵
  PID:7472
- C:\Windows\System\FDwIubC.exe
  C:\Windows\System\FDwIubC.exe
  2⤵
  PID:7500
- C:\Windows\System\LQwtkMz.exe
  C:\Windows\System\LQwtkMz.exe
  2⤵
  PID:7528
- C:\Windows\System\LPMivRr.exe
  C:\Windows\System\LPMivRr.exe
  2⤵
  PID:7556
- C:\Windows\System\hXKaXwx.exe
  C:\Windows\System\hXKaXwx.exe
  2⤵
  PID:7584
- C:\Windows\System\mRlfPKP.exe
  C:\Windows\System\mRlfPKP.exe
  2⤵
  PID:7612
- C:\Windows\System\ytbLwLM.exe
  C:\Windows\System\ytbLwLM.exe
  2⤵
  PID:7640
- C:\Windows\System\EejyPGO.exe
  C:\Windows\System\EejyPGO.exe
  2⤵
  PID:7672
- C:\Windows\System\qMYrgtk.exe
  C:\Windows\System\qMYrgtk.exe
  2⤵
  PID:7700
- C:\Windows\System\xjvUNWE.exe
  C:\Windows\System\xjvUNWE.exe
  2⤵
  PID:7732
- C:\Windows\System\sNjpDFw.exe
  C:\Windows\System\sNjpDFw.exe
  2⤵
  PID:7760
- C:\Windows\System\GlMmbAE.exe
  C:\Windows\System\GlMmbAE.exe
  2⤵
  PID:7792
- C:\Windows\System\emUSScx.exe
  C:\Windows\System\emUSScx.exe
  2⤵
  PID:7824
- C:\Windows\System\cdvtHZv.exe
  C:\Windows\System\cdvtHZv.exe
  2⤵
  PID:7848
- C:\Windows\System\TQfNeKF.exe
  C:\Windows\System\TQfNeKF.exe
  2⤵
  PID:7876
- C:\Windows\System\GsGJFue.exe
  C:\Windows\System\GsGJFue.exe
  2⤵
  PID:7904
- C:\Windows\System\vVRaspj.exe
  C:\Windows\System\vVRaspj.exe
  2⤵
  PID:7936
- C:\Windows\System\ZPFkgfx.exe
  C:\Windows\System\ZPFkgfx.exe
  2⤵
  PID:7960
- C:\Windows\System\deJXOOI.exe
  C:\Windows\System\deJXOOI.exe
  2⤵
  PID:7988
- C:\Windows\System\qnhzjiD.exe
  C:\Windows\System\qnhzjiD.exe
  2⤵
  PID:8016
- C:\Windows\System\SvFDzpg.exe
  C:\Windows\System\SvFDzpg.exe
  2⤵
  PID:8044
- C:\Windows\System\ZHPqWRf.exe
  C:\Windows\System\ZHPqWRf.exe
  2⤵
  PID:8072
- C:\Windows\System\vKOPykw.exe
  C:\Windows\System\vKOPykw.exe
  2⤵
  PID:8100
- C:\Windows\System\YuydXhA.exe
  C:\Windows\System\YuydXhA.exe
  2⤵
  PID:8128
- C:\Windows\System\siGxDXW.exe
  C:\Windows\System\siGxDXW.exe
  2⤵
  PID:8156
- C:\Windows\System\ZtqVnws.exe
  C:\Windows\System\ZtqVnws.exe
  2⤵
  PID:8188
- C:\Windows\System\ajxcvMN.exe
  C:\Windows\System\ajxcvMN.exe
  2⤵
  PID:7260
- C:\Windows\System\lowqwcT.exe
  C:\Windows\System\lowqwcT.exe
  2⤵
  PID:7316
- C:\Windows\System\TMICPqA.exe
  C:\Windows\System\TMICPqA.exe
  2⤵
  PID:7380
- C:\Windows\System\XoZjMTE.exe
  C:\Windows\System\XoZjMTE.exe
  2⤵
  PID:7436
- C:\Windows\System\KUPKkOw.exe
  C:\Windows\System\KUPKkOw.exe
  2⤵
  PID:7548
- C:\Windows\System\uIreHyH.exe
  C:\Windows\System\uIreHyH.exe
  2⤵
  PID:3244
- C:\Windows\System\yKAiFqu.exe
  C:\Windows\System\yKAiFqu.exe
  2⤵
  PID:7664
- C:\Windows\System\bkZCecv.exe
  C:\Windows\System\bkZCecv.exe
  2⤵
  PID:7696
- C:\Windows\System\xDqwbmm.exe
  C:\Windows\System\xDqwbmm.exe
  2⤵
  PID:7784
- C:\Windows\System\WppVavb.exe
  C:\Windows\System\WppVavb.exe
  2⤵
  PID:7860
- C:\Windows\System\BAvEHXJ.exe
  C:\Windows\System\BAvEHXJ.exe
  2⤵
  PID:7924
- C:\Windows\System\ChCNOje.exe
  C:\Windows\System\ChCNOje.exe
  2⤵
  PID:7984
- C:\Windows\System\RJFqpwS.exe
  C:\Windows\System\RJFqpwS.exe
  2⤵
  PID:8028
- C:\Windows\System\KxHoHkF.exe
  C:\Windows\System\KxHoHkF.exe
  2⤵
  PID:8096
- C:\Windows\System\vAUUrsO.exe
  C:\Windows\System\vAUUrsO.exe
  2⤵
  PID:7244
- C:\Windows\System\jBzhOft.exe
  C:\Windows\System\jBzhOft.exe
  2⤵
  PID:7372
- C:\Windows\System\ujAmxbB.exe
  C:\Windows\System\ujAmxbB.exe
  2⤵
  PID:7540
- C:\Windows\System\NVcmxZj.exe
  C:\Windows\System\NVcmxZj.exe
  2⤵
  PID:7756
- C:\Windows\System\WRMHUqu.exe
  C:\Windows\System\WRMHUqu.exe
  2⤵
  PID:7972
- C:\Windows\System\BMOcQVz.exe
  C:\Windows\System\BMOcQVz.exe
  2⤵
  PID:8124
- C:\Windows\System\FzNtXhJ.exe
  C:\Windows\System\FzNtXhJ.exe
  2⤵
  PID:7524
- C:\Windows\System\zYVHpja.exe
  C:\Windows\System\zYVHpja.exe
  2⤵
  PID:8064
- C:\Windows\System\EGoydov.exe
  C:\Windows\System\EGoydov.exe
  2⤵
  PID:8224
- C:\Windows\System\JfEXsAP.exe
  C:\Windows\System\JfEXsAP.exe
  2⤵
  PID:8256
- C:\Windows\System\hnxHJns.exe
  C:\Windows\System\hnxHJns.exe
  2⤵
  PID:8280
- C:\Windows\System\rkItZIU.exe
  C:\Windows\System\rkItZIU.exe
  2⤵
  PID:8308
- C:\Windows\System\jlPsCFc.exe
  C:\Windows\System\jlPsCFc.exe
  2⤵
  PID:8324
- C:\Windows\System\JnboBmQ.exe
  C:\Windows\System\JnboBmQ.exe
  2⤵
  PID:8356
- C:\Windows\System\GGeXwyD.exe
  C:\Windows\System\GGeXwyD.exe
  2⤵
  PID:8380
- C:\Windows\System\SlTgPkv.exe
  C:\Windows\System\SlTgPkv.exe
  2⤵
  PID:8404
- C:\Windows\System\zRDBwWN.exe
  C:\Windows\System\zRDBwWN.exe
  2⤵
  PID:8456
- C:\Windows\System\mGwaRLS.exe
  C:\Windows\System\mGwaRLS.exe
  2⤵
  PID:8488
- C:\Windows\System\LxgNVuM.exe
  C:\Windows\System\LxgNVuM.exe
  2⤵
  PID:8520
- C:\Windows\System\FFxDJuC.exe
  C:\Windows\System\FFxDJuC.exe
  2⤵
  PID:8556
- C:\Windows\System\ZiEnLjo.exe
  C:\Windows\System\ZiEnLjo.exe
  2⤵
  PID:8576
- C:\Windows\System\FQgKQQE.exe
  C:\Windows\System\FQgKQQE.exe
  2⤵
  PID:8612
- C:\Windows\System\GdugQHx.exe
  C:\Windows\System\GdugQHx.exe
  2⤵
  PID:8648
- C:\Windows\System\PLQBTSc.exe
  C:\Windows\System\PLQBTSc.exe
  2⤵
  PID:8672
- C:\Windows\System\yNOxWNp.exe
  C:\Windows\System\yNOxWNp.exe
  2⤵
  PID:8700
- C:\Windows\System\rlWgTSK.exe
  C:\Windows\System\rlWgTSK.exe
  2⤵
  PID:8732
- C:\Windows\System\QzYPOOt.exe
  C:\Windows\System\QzYPOOt.exe
  2⤵
  PID:8768
- C:\Windows\System\wgEKSTn.exe
  C:\Windows\System\wgEKSTn.exe
  2⤵
  PID:8804
- C:\Windows\System\vCPTlYf.exe
  C:\Windows\System\vCPTlYf.exe
  2⤵
  PID:8840
- C:\Windows\System\ZOeBWtC.exe
  C:\Windows\System\ZOeBWtC.exe
  2⤵
  PID:8864
- C:\Windows\System\VUXdlxI.exe
  C:\Windows\System\VUXdlxI.exe
  2⤵
  PID:8884
- C:\Windows\System\CnYmLSP.exe
  C:\Windows\System\CnYmLSP.exe
  2⤵
  PID:8912
- C:\Windows\System\OCbuiNx.exe
  C:\Windows\System\OCbuiNx.exe
  2⤵
  PID:8940
- C:\Windows\System\xNcPiWR.exe
  C:\Windows\System\xNcPiWR.exe
  2⤵
  PID:8964
- C:\Windows\System\OOXLEKs.exe
  C:\Windows\System\OOXLEKs.exe
  2⤵
  PID:9000
- C:\Windows\System\KDZnycm.exe
  C:\Windows\System\KDZnycm.exe
  2⤵
  PID:9028
- C:\Windows\System\pAepmFD.exe
  C:\Windows\System\pAepmFD.exe
  2⤵
  PID:9044
- C:\Windows\System\ZuktgYJ.exe
  C:\Windows\System\ZuktgYJ.exe
  2⤵
  PID:9068
- C:\Windows\System\kzqXzsi.exe
  C:\Windows\System\kzqXzsi.exe
  2⤵
  PID:9100
- C:\Windows\System\QBDVKNz.exe
  C:\Windows\System\QBDVKNz.exe
  2⤵
  PID:9128
- C:\Windows\System\SfIDdKk.exe
  C:\Windows\System\SfIDdKk.exe
  2⤵
  PID:9148
- C:\Windows\System\OubUHoz.exe
  C:\Windows\System\OubUHoz.exe
  2⤵
  PID:9180
- C:\Windows\System\EKfBJHC.exe
  C:\Windows\System\EKfBJHC.exe
  2⤵
  PID:9200
- C:\Windows\System\LReWBCL.exe
  C:\Windows\System\LReWBCL.exe
  2⤵
  PID:7468
- C:\Windows\System\azabiVY.exe
  C:\Windows\System\azabiVY.exe
  2⤵
  PID:7344
- C:\Windows\System\IKUyOjk.exe
  C:\Windows\System\IKUyOjk.exe
  2⤵
  PID:8252
- C:\Windows\System\DIIzDRk.exe
  C:\Windows\System\DIIzDRk.exe
  2⤵
  PID:8336
- C:\Windows\System\aASyNDE.exe
  C:\Windows\System\aASyNDE.exe
  2⤵
  PID:8376
- C:\Windows\System\BYdhctr.exe
  C:\Windows\System\BYdhctr.exe
  2⤵
  PID:8472
- C:\Windows\System\dqgODHp.exe
  C:\Windows\System\dqgODHp.exe
  2⤵
  PID:8536
- C:\Windows\System\YHkxGgb.exe
  C:\Windows\System\YHkxGgb.exe
  2⤵
  PID:8696
- C:\Windows\System\BWOrnET.exe
  C:\Windows\System\BWOrnET.exe
  2⤵
  PID:8744
- C:\Windows\System\HGMfnMP.exe
  C:\Windows\System\HGMfnMP.exe
  2⤵
  PID:8828
- C:\Windows\System\wRSSgnJ.exe
  C:\Windows\System\wRSSgnJ.exe
  2⤵
  PID:8908
- C:\Windows\System\CPVfqlz.exe
  C:\Windows\System\CPVfqlz.exe
  2⤵
  PID:9012
- C:\Windows\System\OpWKYim.exe
  C:\Windows\System\OpWKYim.exe
  2⤵
  PID:9052
- C:\Windows\System\NsoutzC.exe
  C:\Windows\System\NsoutzC.exe
  2⤵
  PID:9144
- C:\Windows\System\pbRhddh.exe
  C:\Windows\System\pbRhddh.exe
  2⤵
  PID:9136
- C:\Windows\System\cnsGRTL.exe
  C:\Windows\System\cnsGRTL.exe
  2⤵
  PID:9208
- C:\Windows\System\DCxvGKZ.exe
  C:\Windows\System\DCxvGKZ.exe
  2⤵
  PID:8484
- C:\Windows\System\GysiteU.exe
  C:\Windows\System\GysiteU.exe
  2⤵
  PID:8644
- C:\Windows\System\leUdSPT.exe
  C:\Windows\System\leUdSPT.exe
  2⤵
  PID:8816
- C:\Windows\System\RxmDMXo.exe
  C:\Windows\System\RxmDMXo.exe
  2⤵
  PID:8960
- C:\Windows\System\ljZfxmV.exe
  C:\Windows\System\ljZfxmV.exe
  2⤵
  PID:9112
- C:\Windows\System\vKbWKhV.exe
  C:\Windows\System\vKbWKhV.exe
  2⤵
  PID:8320
- C:\Windows\System\WiYyfeX.exe
  C:\Windows\System\WiYyfeX.exe
  2⤵
  PID:8636
- C:\Windows\System\pEECgUX.exe
  C:\Windows\System\pEECgUX.exe
  2⤵
  PID:8276
- C:\Windows\System\vucIjAI.exe
  C:\Windows\System\vucIjAI.exe
  2⤵
  PID:8568
- C:\Windows\System\CrwJOqW.exe
  C:\Windows\System\CrwJOqW.exe
  2⤵
  PID:9240
- C:\Windows\System\TnSQlTt.exe
  C:\Windows\System\TnSQlTt.exe
  2⤵
  PID:9264
- C:\Windows\System\BJDgorY.exe
  C:\Windows\System\BJDgorY.exe
  2⤵
  PID:9304
- C:\Windows\System\UARoeOv.exe
  C:\Windows\System\UARoeOv.exe
  2⤵
  PID:9332
- C:\Windows\System\chJnlcQ.exe
  C:\Windows\System\chJnlcQ.exe
  2⤵
  PID:9372
- C:\Windows\System\jgLbFrD.exe
  C:\Windows\System\jgLbFrD.exe
  2⤵
  PID:9388
- C:\Windows\System\WxdSDqO.exe
  C:\Windows\System\WxdSDqO.exe
  2⤵
  PID:9404
- C:\Windows\System\UyRzIpZ.exe
  C:\Windows\System\UyRzIpZ.exe
  2⤵
  PID:9420
- C:\Windows\System\rAvqRpM.exe
  C:\Windows\System\rAvqRpM.exe
  2⤵
  PID:9460
- C:\Windows\System\fKZPqZf.exe
  C:\Windows\System\fKZPqZf.exe
  2⤵
  PID:9496
- C:\Windows\System\nZVfwpm.exe
  C:\Windows\System\nZVfwpm.exe
  2⤵
  PID:9516
- C:\Windows\System\UUxIfju.exe
  C:\Windows\System\UUxIfju.exe
  2⤵
  PID:9544
- C:\Windows\System\cMHvKFY.exe
  C:\Windows\System\cMHvKFY.exe
  2⤵
  PID:9572
- C:\Windows\System\iuJhFaH.exe
  C:\Windows\System\iuJhFaH.exe
  2⤵
  PID:9604
- C:\Windows\System\ddsLZDg.exe
  C:\Windows\System\ddsLZDg.exe
  2⤵
  PID:9640
- C:\Windows\System\XFWgOFu.exe
  C:\Windows\System\XFWgOFu.exe
  2⤵
  PID:9656
- C:\Windows\System\GcOkFDd.exe
  C:\Windows\System\GcOkFDd.exe
  2⤵
  PID:9672
- C:\Windows\System\EXQqLPF.exe
  C:\Windows\System\EXQqLPF.exe
  2⤵
  PID:9700
- C:\Windows\System\dzbvqtg.exe
  C:\Windows\System\dzbvqtg.exe
  2⤵
  PID:9724
- C:\Windows\System\mvbNZeD.exe
  C:\Windows\System\mvbNZeD.exe
  2⤵
  PID:9740
- C:\Windows\System\LtsBxxZ.exe
  C:\Windows\System\LtsBxxZ.exe
  2⤵
  PID:9784
- C:\Windows\System\uFzekVO.exe
  C:\Windows\System\uFzekVO.exe
  2⤵
  PID:9800
- C:\Windows\System\dJNlTBZ.exe
  C:\Windows\System\dJNlTBZ.exe
  2⤵
  PID:9836
- C:\Windows\System\kecFmAj.exe
  C:\Windows\System\kecFmAj.exe
  2⤵
  PID:9864
- C:\Windows\System\QHEmvqe.exe
  C:\Windows\System\QHEmvqe.exe
  2⤵
  PID:9892
- C:\Windows\System\MfFzKSo.exe
  C:\Windows\System\MfFzKSo.exe
  2⤵
  PID:9912
- C:\Windows\System\BMiCfpt.exe
  C:\Windows\System\BMiCfpt.exe
  2⤵
  PID:9944
- C:\Windows\System\taYFKNW.exe
  C:\Windows\System\taYFKNW.exe
  2⤵
  PID:9984
- C:\Windows\System\yDyGugy.exe
  C:\Windows\System\yDyGugy.exe
  2⤵
  PID:10008
- C:\Windows\System\LRgiXhw.exe
  C:\Windows\System\LRgiXhw.exe
  2⤵
  PID:10028
- C:\Windows\System\NnAqIlo.exe
  C:\Windows\System\NnAqIlo.exe
  2⤵
  PID:10060
- C:\Windows\System\WBASspu.exe
  C:\Windows\System\WBASspu.exe
  2⤵
  PID:10092
- C:\Windows\System\aXASSPL.exe
  C:\Windows\System\aXASSPL.exe
  2⤵
  PID:10120
- C:\Windows\System\ZjuxvFq.exe
  C:\Windows\System\ZjuxvFq.exe
  2⤵
  PID:10148
- C:\Windows\System\bDrgZax.exe
  C:\Windows\System\bDrgZax.exe
  2⤵
  PID:10176
- C:\Windows\System\ckzLXFd.exe
  C:\Windows\System\ckzLXFd.exe
  2⤵
  PID:10204
- C:\Windows\System\EgYUdIs.exe
  C:\Windows\System\EgYUdIs.exe
  2⤵
  PID:9088
- C:\Windows\System\xjAbmwq.exe
  C:\Windows\System\xjAbmwq.exe
  2⤵
  PID:9260
- C:\Windows\System\jfzRnZT.exe
  C:\Windows\System\jfzRnZT.exe
  2⤵
  PID:9344
- C:\Windows\System\JfsGWwC.exe
  C:\Windows\System\JfsGWwC.exe
  2⤵
  PID:9396
- C:\Windows\System\hMZiJJs.exe
  C:\Windows\System\hMZiJJs.exe
  2⤵
  PID:9448
- C:\Windows\System\qKeLkYQ.exe
  C:\Windows\System\qKeLkYQ.exe
  2⤵
  PID:9532
- C:\Windows\System\tnRTBSh.exe
  C:\Windows\System\tnRTBSh.exe
  2⤵
  PID:9612
- C:\Windows\System\RleBiAh.exe
  C:\Windows\System\RleBiAh.exe
  2⤵
  PID:9668
- C:\Windows\System\KTqFjRH.exe
  C:\Windows\System\KTqFjRH.exe
  2⤵
  PID:9712
- C:\Windows\System\kxpaztH.exe
  C:\Windows\System\kxpaztH.exe
  2⤵
  PID:9796
- C:\Windows\System\mrABbug.exe
  C:\Windows\System\mrABbug.exe
  2⤵
  PID:9860
- C:\Windows\System\tYdAjWO.exe
  C:\Windows\System\tYdAjWO.exe
  2⤵
  PID:9960
- C:\Windows\System\KAYPjJm.exe
  C:\Windows\System\KAYPjJm.exe
  2⤵
  PID:9964
- C:\Windows\System\YukGJMF.exe
  C:\Windows\System\YukGJMF.exe
  2⤵
  PID:10044
- C:\Windows\System\rQRMMbr.exe
  C:\Windows\System\rQRMMbr.exe
  2⤵
  PID:10128
- C:\Windows\System\cdtIGHJ.exe
  C:\Windows\System\cdtIGHJ.exe
  2⤵
  PID:10112
- C:\Windows\System\kBQSzWK.exe
  C:\Windows\System\kBQSzWK.exe
  2⤵
  PID:9236
- C:\Windows\System\GQEHNKl.exe
  C:\Windows\System\GQEHNKl.exe
  2⤵
  PID:9324
- C:\Windows\System\nLYlpdP.exe
  C:\Windows\System\nLYlpdP.exe
  2⤵
  PID:9444
- C:\Windows\System\XvKZkgt.exe
  C:\Windows\System\XvKZkgt.exe
  2⤵
  PID:9632
- C:\Windows\System\VOIKYIs.exe
  C:\Windows\System\VOIKYIs.exe
  2⤵
  PID:9716
- C:\Windows\System\NmEmEgD.exe
  C:\Windows\System\NmEmEgD.exe
  2⤵
  PID:9940
- C:\Windows\System\OCOPYWI.exe
  C:\Windows\System\OCOPYWI.exe
  2⤵
  PID:10080
- C:\Windows\System\OLXZvji.exe
  C:\Windows\System\OLXZvji.exe
  2⤵
  PID:9320
- C:\Windows\System\rvzMGhr.exe
  C:\Windows\System\rvzMGhr.exe
  2⤵
  PID:9432
- C:\Windows\System\zBvmIGi.exe
  C:\Windows\System\zBvmIGi.exe
  2⤵
  PID:9924
- C:\Windows\System\UoevgQZ.exe
  C:\Windows\System\UoevgQZ.exe
  2⤵
  PID:10160
- C:\Windows\System\OlNjMsM.exe
  C:\Windows\System\OlNjMsM.exe
  2⤵
  PID:10104
- C:\Windows\System\YLLOsxI.exe
  C:\Windows\System\YLLOsxI.exe
  2⤵
  PID:10248
- C:\Windows\System\uGmJjHl.exe
  C:\Windows\System\uGmJjHl.exe
  2⤵
  PID:10276
- C:\Windows\System\LZpeZln.exe
  C:\Windows\System\LZpeZln.exe
  2⤵
  PID:10312
- C:\Windows\System\HexQHNi.exe
  C:\Windows\System\HexQHNi.exe
  2⤵
  PID:10328
- C:\Windows\System\JsMlwhE.exe
  C:\Windows\System\JsMlwhE.exe
  2⤵
  PID:10356
- C:\Windows\System\omWluVY.exe
  C:\Windows\System\omWluVY.exe
  2⤵
  PID:10388
- C:\Windows\System\rvTGzXH.exe
  C:\Windows\System\rvTGzXH.exe
  2⤵
  PID:10412
- C:\Windows\System\tMcJWba.exe
  C:\Windows\System\tMcJWba.exe
  2⤵
  PID:10440
- C:\Windows\System\FgmCFNV.exe
  C:\Windows\System\FgmCFNV.exe
  2⤵
  PID:10468
- C:\Windows\System\RaXaVSR.exe
  C:\Windows\System\RaXaVSR.exe
  2⤵
  PID:10504
- C:\Windows\System\aOHyjsW.exe
  C:\Windows\System\aOHyjsW.exe
  2⤵
  PID:10524
- C:\Windows\System\gmWvzmm.exe
  C:\Windows\System\gmWvzmm.exe
  2⤵
  PID:10544
- C:\Windows\System\lmQyLxl.exe
  C:\Windows\System\lmQyLxl.exe
  2⤵
  PID:10580
- C:\Windows\System\wXyylIC.exe
  C:\Windows\System\wXyylIC.exe
  2⤵
  PID:10608
- C:\Windows\System\zRhLLWz.exe
  C:\Windows\System\zRhLLWz.exe
  2⤵
  PID:10640
- C:\Windows\System\KVHKZic.exe
  C:\Windows\System\KVHKZic.exe
  2⤵
  PID:10664
- C:\Windows\System\pvHfHif.exe
  C:\Windows\System\pvHfHif.exe
  2⤵
  PID:10692
- C:\Windows\System\OeNaLrQ.exe
  C:\Windows\System\OeNaLrQ.exe
  2⤵
  PID:10720
- C:\Windows\System\xXXZBUp.exe
  C:\Windows\System\xXXZBUp.exe
  2⤵
  PID:10752
- C:\Windows\System\UdtpMPv.exe
  C:\Windows\System\UdtpMPv.exe
  2⤵
  PID:10776
- C:\Windows\System\YTrpbDE.exe
  C:\Windows\System\YTrpbDE.exe
  2⤵
  PID:10792
- C:\Windows\System\cCszqLs.exe
  C:\Windows\System\cCszqLs.exe
  2⤵
  PID:10816
- C:\Windows\System\qKwYCzZ.exe
  C:\Windows\System\qKwYCzZ.exe
  2⤵
  PID:10840
- C:\Windows\System\JXmqdyB.exe
  C:\Windows\System\JXmqdyB.exe
  2⤵
  PID:10864
- C:\Windows\System\CacoSlD.exe
  C:\Windows\System\CacoSlD.exe
  2⤵
  PID:10888
- C:\Windows\System\ALRXZMe.exe
  C:\Windows\System\ALRXZMe.exe
  2⤵
  PID:10916
- C:\Windows\System\sOslQqj.exe
  C:\Windows\System\sOslQqj.exe
  2⤵
  PID:10952
- C:\Windows\System\nyjrOMq.exe
  C:\Windows\System\nyjrOMq.exe
  2⤵
  PID:10988
- C:\Windows\System\OAaffIh.exe
  C:\Windows\System\OAaffIh.exe
  2⤵
  PID:11028
- C:\Windows\System\fXPzYQv.exe
  C:\Windows\System\fXPzYQv.exe
  2⤵
  PID:11056
- C:\Windows\System\YcOZSVe.exe
  C:\Windows\System\YcOZSVe.exe
  2⤵
  PID:11084
- C:\Windows\System\aioFMEx.exe
  C:\Windows\System\aioFMEx.exe
  2⤵
  PID:11112
- C:\Windows\System\kQYZuUX.exe
  C:\Windows\System\kQYZuUX.exe
  2⤵
  PID:11128
- C:\Windows\System\moBzoAO.exe
  C:\Windows\System\moBzoAO.exe
  2⤵
  PID:11180
- C:\Windows\System\QdMbGLZ.exe
  C:\Windows\System\QdMbGLZ.exe
  2⤵
  PID:11204
- C:\Windows\System\qZWlIAZ.exe
  C:\Windows\System\qZWlIAZ.exe
  2⤵
  PID:11240
- C:\Windows\System\ftlurYQ.exe
  C:\Windows\System\ftlurYQ.exe
  2⤵
  PID:10256
- C:\Windows\System\qWsdawq.exe
  C:\Windows\System\qWsdawq.exe
  2⤵
  PID:10344
- C:\Windows\System\XKThyBQ.exe
  C:\Windows\System\XKThyBQ.exe
  2⤵
  PID:10380
- C:\Windows\System\CNwbwzo.exe
  C:\Windows\System\CNwbwzo.exe
  2⤵
  PID:10424
- C:\Windows\System\uHIoQIu.exe
  C:\Windows\System\uHIoQIu.exe
  2⤵
  PID:10540
- C:\Windows\System\IxpsodY.exe
  C:\Windows\System\IxpsodY.exe
  2⤵
  PID:10576
- C:\Windows\System\hQBofmc.exe
  C:\Windows\System\hQBofmc.exe
  2⤵
  PID:10684
- C:\Windows\System\rLhQoRr.exe
  C:\Windows\System\rLhQoRr.exe
  2⤵
  PID:10736
- C:\Windows\System\klrCNyq.exe
  C:\Windows\System\klrCNyq.exe
  2⤵
  PID:10788
- C:\Windows\System\JxZtDLh.exe
  C:\Windows\System\JxZtDLh.exe
  2⤵
  PID:10876
- C:\Windows\System\IiFTuGZ.exe
  C:\Windows\System\IiFTuGZ.exe
  2⤵
  PID:10900
- C:\Windows\System\pBRKpZw.exe
  C:\Windows\System\pBRKpZw.exe
  2⤵
  PID:10980
- C:\Windows\System\iJSBXST.exe
  C:\Windows\System\iJSBXST.exe
  2⤵
  PID:11068
- C:\Windows\System\ZOHmpQY.exe
  C:\Windows\System\ZOHmpQY.exe
  2⤵
  PID:11100
- C:\Windows\System\XLgXzyt.exe
  C:\Windows\System\XLgXzyt.exe
  2⤵
  PID:11232
- C:\Windows\System\xNrRBPu.exe
  C:\Windows\System\xNrRBPu.exe
  2⤵
  PID:10284
- C:\Windows\System\jVmjwew.exe
  C:\Windows\System\jVmjwew.exe
  2⤵
  PID:10460
- C:\Windows\System\FaeXkGt.exe
  C:\Windows\System\FaeXkGt.exe
  2⤵
  PID:10688
- C:\Windows\System\HPhouhu.exe
  C:\Windows\System\HPhouhu.exe
  2⤵
  PID:10860
- C:\Windows\System\kApwLrx.exe
  C:\Windows\System\kApwLrx.exe
  2⤵
  PID:11048
- C:\Windows\System\GjMxqXR.exe
  C:\Windows\System\GjMxqXR.exe
  2⤵
  PID:11124
- C:\Windows\System\waskrja.exe
  C:\Windows\System\waskrja.exe
  2⤵
  PID:10296
- C:\Windows\System\iAqhQIx.exe
  C:\Windows\System\iAqhQIx.exe
  2⤵
  PID:10636
- C:\Windows\System\BwjOdvx.exe
  C:\Windows\System\BwjOdvx.exe
  2⤵
  PID:11012
- C:\Windows\System\cAQDRdU.exe
  C:\Windows\System\cAQDRdU.exe
  2⤵
  PID:10488
- C:\Windows\System\nSKlOYD.exe
  C:\Windows\System\nSKlOYD.exe
  2⤵
  PID:11288
- C:\Windows\System\XFVwXVF.exe
  C:\Windows\System\XFVwXVF.exe
  2⤵
  PID:11308
- C:\Windows\System\cFoyfaX.exe
  C:\Windows\System\cFoyfaX.exe
  2⤵
  PID:11340
- C:\Windows\System\wFVZqAT.exe
  C:\Windows\System\wFVZqAT.exe
  2⤵
  PID:11376
- C:\Windows\System\FsECnwB.exe
  C:\Windows\System\FsECnwB.exe
  2⤵
  PID:11404
- C:\Windows\System\jatrHOo.exe
  C:\Windows\System\jatrHOo.exe
  2⤵
  PID:11432
- C:\Windows\System\glTaMoO.exe
  C:\Windows\System\glTaMoO.exe
  2⤵
  PID:11460
- C:\Windows\System\aiAXhQv.exe
  C:\Windows\System\aiAXhQv.exe
  2⤵
  PID:11488
- C:\Windows\System\OFIqgLf.exe
  C:\Windows\System\OFIqgLf.exe
  2⤵
  PID:11528
- C:\Windows\System\hsKKmKL.exe
  C:\Windows\System\hsKKmKL.exe
  2⤵
  PID:11552
- C:\Windows\System\fSUItAB.exe
  C:\Windows\System\fSUItAB.exe
  2⤵
  PID:11568
- C:\Windows\System\pKckIoX.exe
  C:\Windows\System\pKckIoX.exe
  2⤵
  PID:11604
- C:\Windows\System\wpDBOZW.exe
  C:\Windows\System\wpDBOZW.exe
  2⤵
  PID:11628
- C:\Windows\System\PQVTbWb.exe
  C:\Windows\System\PQVTbWb.exe
  2⤵
  PID:11644
- C:\Windows\System\voqInhK.exe
  C:\Windows\System\voqInhK.exe
  2⤵
  PID:11672
- C:\Windows\System\ysuJxHW.exe
  C:\Windows\System\ysuJxHW.exe
  2⤵
  PID:11704
- C:\Windows\System\EONGZSF.exe
  C:\Windows\System\EONGZSF.exe
  2⤵
  PID:11740
- C:\Windows\System\xAyynqR.exe
  C:\Windows\System\xAyynqR.exe
  2⤵
  PID:11772
- C:\Windows\System\IECobIu.exe
  C:\Windows\System\IECobIu.exe
  2⤵
  PID:11796
- C:\Windows\System\nMGBdpW.exe
  C:\Windows\System\nMGBdpW.exe
  2⤵
  PID:11832
- C:\Windows\System\pUPWaBT.exe
  C:\Windows\System\pUPWaBT.exe
  2⤵
  PID:11860
- C:\Windows\System\UIyBvpb.exe
  C:\Windows\System\UIyBvpb.exe
  2⤵
  PID:11880
- C:\Windows\System\rtLHqWB.exe
  C:\Windows\System\rtLHqWB.exe
  2⤵
  PID:11908
- C:\Windows\System\RCbzCau.exe
  C:\Windows\System\RCbzCau.exe
  2⤵
  PID:11940
- C:\Windows\System\IFzLPpn.exe
  C:\Windows\System\IFzLPpn.exe
  2⤵
  PID:11964
- C:\Windows\System\YkTovWE.exe
  C:\Windows\System\YkTovWE.exe
  2⤵
  PID:11984
- C:\Windows\System\BbmHqey.exe
  C:\Windows\System\BbmHqey.exe
  2⤵
  PID:12008
- C:\Windows\System\CCXAcnw.exe
  C:\Windows\System\CCXAcnw.exe
  2⤵
  PID:12044
- C:\Windows\System\DPKHCwT.exe
  C:\Windows\System\DPKHCwT.exe
  2⤵
  PID:12076
- C:\Windows\System\IdFryeq.exe
  C:\Windows\System\IdFryeq.exe
  2⤵
  PID:12116
- C:\Windows\System\AoBDKGX.exe
  C:\Windows\System\AoBDKGX.exe
  2⤵
  PID:12136
- C:\Windows\System\rhbsDRI.exe
  C:\Windows\System\rhbsDRI.exe
  2⤵
  PID:12164
- C:\Windows\System\ayZLFjI.exe
  C:\Windows\System\ayZLFjI.exe
  2⤵
  PID:12188
- C:\Windows\System\fMpFFTc.exe
  C:\Windows\System\fMpFFTc.exe
  2⤵
  PID:12212
- C:\Windows\System\LEBIClY.exe
  C:\Windows\System\LEBIClY.exe
  2⤵
  PID:12248
- C:\Windows\System\lPEYTJI.exe
  C:\Windows\System\lPEYTJI.exe
  2⤵
  PID:12272
- C:\Windows\System\zwKwTIe.exe
  C:\Windows\System\zwKwTIe.exe
  2⤵
  PID:11280
- C:\Windows\System\HVEFYMq.exe
  C:\Windows\System\HVEFYMq.exe
  2⤵
  PID:11332
- C:\Windows\System\SDgMWjx.exe
  C:\Windows\System\SDgMWjx.exe
  2⤵
  PID:11396
- C:\Windows\System\qNvMzFn.exe
  C:\Windows\System\qNvMzFn.exe
  2⤵
  PID:11452
- C:\Windows\System\KLcJZcX.exe
  C:\Windows\System\KLcJZcX.exe
  2⤵
  PID:11524
- C:\Windows\System\qJdeTef.exe
  C:\Windows\System\qJdeTef.exe
  2⤵
  PID:11596
- C:\Windows\System\ozckcox.exe
  C:\Windows\System\ozckcox.exe
  2⤵
  PID:11620
- C:\Windows\System\tQqcIfN.exe
  C:\Windows\System\tQqcIfN.exe
  2⤵
  PID:11736
- C:\Windows\System\LcJibtO.exe
  C:\Windows\System\LcJibtO.exe
  2⤵
  PID:11824
- C:\Windows\System\XLMttqz.exe
  C:\Windows\System\XLMttqz.exe
  2⤵
  PID:11852
- C:\Windows\System\aqKAmpD.exe
  C:\Windows\System\aqKAmpD.exe
  2⤵
  PID:11928
- C:\Windows\System\dGinghZ.exe
  C:\Windows\System\dGinghZ.exe
  2⤵
  PID:11972
- C:\Windows\System\cPMaAkt.exe
  C:\Windows\System\cPMaAkt.exe
  2⤵
  PID:12036
- C:\Windows\System\iFQhnDJ.exe
  C:\Windows\System\iFQhnDJ.exe
  2⤵
  PID:12088
- C:\Windows\System\aOOtmua.exe
  C:\Windows\System\aOOtmua.exe
  2⤵
  PID:12204
- C:\Windows\System\kfsGHLU.exe
  C:\Windows\System\kfsGHLU.exe
  2⤵
  PID:12232
- C:\Windows\System\GukHTou.exe
  C:\Windows\System\GukHTou.exe
  2⤵
  PID:12264
- C:\Windows\System\lrDolbb.exe
  C:\Windows\System\lrDolbb.exe
  2⤵
  PID:11448
- C:\Windows\System\YwoEbiQ.exe
  C:\Windows\System\YwoEbiQ.exe
  2⤵
  PID:11584
- C:\Windows\System\SqwZSQl.exe
  C:\Windows\System\SqwZSQl.exe
  2⤵
  PID:11752
- C:\Windows\System\uRPCMRi.exe
  C:\Windows\System\uRPCMRi.exe
  2⤵
  PID:11904
- C:\Windows\System\mCSkCnF.exe
  C:\Windows\System\mCSkCnF.exe
  2⤵
  PID:12156
- C:\Windows\System\VQFgFLM.exe
  C:\Windows\System\VQFgFLM.exe
  2⤵
  PID:12196
- C:\Windows\System\uWSPlYD.exe
  C:\Windows\System\uWSPlYD.exe
  2⤵
  PID:11420
- C:\Windows\System\cOpqpkk.exe
  C:\Windows\System\cOpqpkk.exe
  2⤵
  PID:11760
- C:\Windows\System\oQFzvKe.exe
  C:\Windows\System\oQFzvKe.exe
  2⤵
  PID:11896
- C:\Windows\System\OHHunwl.exe
  C:\Windows\System\OHHunwl.exe
  2⤵
  PID:11360
- C:\Windows\System\oQmmWgY.exe
  C:\Windows\System\oQmmWgY.exe
  2⤵
  PID:12304
- C:\Windows\System\MooqbHE.exe
  C:\Windows\System\MooqbHE.exe
  2⤵
  PID:12340
- C:\Windows\System\yRMjMUw.exe
  C:\Windows\System\yRMjMUw.exe
  2⤵
  PID:12368
- C:\Windows\System\KITKApZ.exe
  C:\Windows\System\KITKApZ.exe
  2⤵
  PID:12396
- C:\Windows\System\KUCjseP.exe
  C:\Windows\System\KUCjseP.exe
  2⤵
  PID:12416
- C:\Windows\System\oGLIVkY.exe
  C:\Windows\System\oGLIVkY.exe
  2⤵
  PID:12448
- C:\Windows\System\VoAGNeV.exe
  C:\Windows\System\VoAGNeV.exe
  2⤵
  PID:12480
- C:\Windows\System\zGZnhvr.exe
  C:\Windows\System\zGZnhvr.exe
  2⤵
  PID:12508
- C:\Windows\System\HdVuwYq.exe
  C:\Windows\System\HdVuwYq.exe
  2⤵
  PID:12524
- C:\Windows\System\GuZOBBz.exe
  C:\Windows\System\GuZOBBz.exe
  2⤵
  PID:12548
- C:\Windows\System\WJKjOuy.exe
  C:\Windows\System\WJKjOuy.exe
  2⤵
  PID:12592
- C:\Windows\System\xrFsSZc.exe
  C:\Windows\System\xrFsSZc.exe
  2⤵
  PID:12624
- C:\Windows\System\bZuCcqb.exe
  C:\Windows\System\bZuCcqb.exe
  2⤵
  PID:12664
- C:\Windows\System\WDniqdi.exe
  C:\Windows\System\WDniqdi.exe
  2⤵
  PID:12680
- C:\Windows\System\KLRjXQV.exe
  C:\Windows\System\KLRjXQV.exe
  2⤵
  PID:12708
- C:\Windows\System\EpCUzXg.exe
  C:\Windows\System\EpCUzXg.exe
  2⤵
  PID:12728
- C:\Windows\System\IpekCDy.exe
  C:\Windows\System\IpekCDy.exe
  2⤵
  PID:12764
- C:\Windows\System\WTkpCrq.exe
  C:\Windows\System\WTkpCrq.exe
  2⤵
  PID:12788
- C:\Windows\System\zDmvSNP.exe
  C:\Windows\System\zDmvSNP.exe
  2⤵
  PID:12804
- C:\Windows\System\GLufeEb.exe
  C:\Windows\System\GLufeEb.exe
  2⤵
  PID:12824
- C:\Windows\System\CXBlgvi.exe
  C:\Windows\System\CXBlgvi.exe
  2⤵
  PID:12840
- C:\Windows\System\AqSnXhd.exe
  C:\Windows\System\AqSnXhd.exe
  2⤵
  PID:12880
- C:\Windows\System\xzoYiby.exe
  C:\Windows\System\xzoYiby.exe
  2⤵
  PID:12908
- C:\Windows\System\RCLsweT.exe
  C:\Windows\System\RCLsweT.exe
  2⤵
  PID:12924
- C:\Windows\System\yYodcvL.exe
  C:\Windows\System\yYodcvL.exe
  2⤵
  PID:12948
- C:\Windows\System\qCSZxWT.exe
  C:\Windows\System\qCSZxWT.exe
  2⤵
  PID:12984
- C:\Windows\System\pprohih.exe
  C:\Windows\System\pprohih.exe
  2⤵
  PID:13016
- C:\Windows\System\qraBdPX.exe
  C:\Windows\System\qraBdPX.exe
  2⤵
  PID:13036
- C:\Windows\System\FIpvjUT.exe
  C:\Windows\System\FIpvjUT.exe
  2⤵
  PID:13064
- C:\Windows\System\zrondqD.exe
  C:\Windows\System\zrondqD.exe
  2⤵
  PID:13080
- C:\Windows\System\fytIwGS.exe
  C:\Windows\System\fytIwGS.exe
  2⤵
  PID:13108
- C:\Windows\System\aEOOCIF.exe
  C:\Windows\System\aEOOCIF.exe
  2⤵
  PID:13140
- C:\Windows\System\bFeKWBN.exe
  C:\Windows\System\bFeKWBN.exe
  2⤵
  PID:13168
- C:\Windows\System\GESRvdW.exe
  C:\Windows\System\GESRvdW.exe
  2⤵
  PID:13196
- C:\Windows\System\zrOVzbJ.exe
  C:\Windows\System\zrOVzbJ.exe
  2⤵
  PID:13220
- C:\Windows\System\HQTAybe.exe
  C:\Windows\System\HQTAybe.exe
  2⤵
  PID:13252
- C:\Windows\System\UTTBPlX.exe
  C:\Windows\System\UTTBPlX.exe
  2⤵
  PID:13268
- C:\Windows\System\UPnzhGU.exe
  C:\Windows\System\UPnzhGU.exe
  2⤵
  PID:13292
- C:\Windows\System\UXzyJAd.exe
  C:\Windows\System\UXzyJAd.exe
  2⤵
  PID:12000
- C:\Windows\System\wCefPVX.exe
  C:\Windows\System\wCefPVX.exe
  2⤵
  PID:12068
- C:\Windows\System\dZDndZI.exe
  C:\Windows\System\dZDndZI.exe
  2⤵
  PID:11640
- C:\Windows\System\bNuQxcG.exe
  C:\Windows\System\bNuQxcG.exe
  2⤵
  PID:11304
- C:\Windows\System\xsvrfBS.exe
  C:\Windows\System\xsvrfBS.exe
  2⤵
  PID:12464
- C:\Windows\System\SQOyzTW.exe
  C:\Windows\System\SQOyzTW.exe
  2⤵
  PID:12516
- C:\Windows\System\uqDCIaV.exe
  C:\Windows\System\uqDCIaV.exe
  2⤵
  PID:12612
- C:\Windows\System\KeSdjtY.exe
  C:\Windows\System\KeSdjtY.exe
  2⤵
  PID:12692
- C:\Windows\System\cQykbGc.exe
  C:\Windows\System\cQykbGc.exe
  2⤵
  PID:12812
- C:\Windows\System\APDcNNL.exe
  C:\Windows\System\APDcNNL.exe
  2⤵
  PID:12780
- C:\Windows\System\qfylque.exe
  C:\Windows\System\qfylque.exe
  2⤵
  PID:12936
- C:\Windows\System\pOCyABP.exe
  C:\Windows\System\pOCyABP.exe
  2⤵
  PID:13004
- C:\Windows\System\AgfLDaj.exe
  C:\Windows\System\AgfLDaj.exe
  2⤵
  PID:13032
- C:\Windows\System\eLlUIpe.exe
  C:\Windows\System\eLlUIpe.exe
  2⤵
  PID:13076
- C:\Windows\System\JOAyrbT.exe
  C:\Windows\System\JOAyrbT.exe
  2⤵
  PID:13096
- C:\Windows\System\XSqIXnj.exe
  C:\Windows\System\XSqIXnj.exe
  2⤵
  PID:13228
- C:\Windows\System\MhFBMJz.exe
  C:\Windows\System\MhFBMJz.exe
  2⤵
  PID:11792
- C:\Windows\System\UEIqZJm.exe
  C:\Windows\System\UEIqZJm.exe
  2⤵
  PID:12388
- C:\Windows\System\FhAPHse.exe
  C:\Windows\System\FhAPHse.exe
  2⤵
  PID:12560
- C:\Windows\System\hjgwfRl.exe
  C:\Windows\System\hjgwfRl.exe
  2⤵
  PID:12796
- C:\Windows\System\edFwkKm.exe
  C:\Windows\System\edFwkKm.exe
  2⤵
  PID:12648
- C:\Windows\System\mAxAdBu.exe
  C:\Windows\System\mAxAdBu.exe
  2⤵
  PID:12520
- C:\Windows\System\fDojDei.exe
  C:\Windows\System\fDojDei.exe
  2⤵
  PID:13124
- C:\Windows\System\EBshJeK.exe
  C:\Windows\System\EBshJeK.exe
  2⤵
  PID:12360
- C:\Windows\System\jSPHvkR.exe
  C:\Windows\System\jSPHvkR.exe
  2⤵
  PID:12544
- C:\Windows\System\OMyApUp.exe
  C:\Windows\System\OMyApUp.exe
  2⤵
  PID:12432
- C:\Windows\System\MgpXpYP.exe
  C:\Windows\System\MgpXpYP.exe
  2⤵
  PID:13340
- C:\Windows\System\kQllUBq.exe
  C:\Windows\System\kQllUBq.exe
  2⤵
  PID:13372
- C:\Windows\System\BYFxTwf.exe
  C:\Windows\System\BYFxTwf.exe
  2⤵
  PID:13408
- C:\Windows\System\VmUODuq.exe
  C:\Windows\System\VmUODuq.exe
  2⤵
  PID:13424
- C:\Windows\System\SRzTjEo.exe
  C:\Windows\System\SRzTjEo.exe
  2⤵
  PID:13456
- C:\Windows\System\zMfDuEC.exe
  C:\Windows\System\zMfDuEC.exe
  2⤵
  PID:13484
- C:\Windows\System\RZPEyaA.exe
  C:\Windows\System\RZPEyaA.exe
  2⤵
  PID:13508
- C:\Windows\System\dIKjvRh.exe
  C:\Windows\System\dIKjvRh.exe
  2⤵
  PID:13532
- C:\Windows\System\hLTVhGX.exe
  C:\Windows\System\hLTVhGX.exe
  2⤵
  PID:13560
- C:\Windows\System\VdloTuc.exe
  C:\Windows\System\VdloTuc.exe
  2⤵
  PID:13588
- C:\Windows\System\YyItBDg.exe
  C:\Windows\System\YyItBDg.exe
  2⤵
  PID:13624
- C:\Windows\System\rMvoGZW.exe
  C:\Windows\System\rMvoGZW.exe
  2⤵
  PID:13656
- C:\Windows\System\PmCxohb.exe
  C:\Windows\System\PmCxohb.exe
  2⤵
  PID:13680
- C:\Windows\System\NddXXrp.exe
  C:\Windows\System\NddXXrp.exe
  2⤵
  PID:13696
- C:\Windows\System\fcRtTRE.exe
  C:\Windows\System\fcRtTRE.exe
  2⤵
  PID:13732
- C:\Windows\System\nbsvnRb.exe
  C:\Windows\System\nbsvnRb.exe
  2⤵
  PID:13748
- C:\Windows\System\daShYpd.exe
  C:\Windows\System\daShYpd.exe
  2⤵
  PID:13768
- C:\Windows\System\axySiUg.exe
  C:\Windows\System\axySiUg.exe
  2⤵
  PID:13792
- C:\Windows\System\hFqgvMf.exe
  C:\Windows\System\hFqgvMf.exe
  2⤵
  PID:13812
- C:\Windows\System\VeTLIuD.exe
  C:\Windows\System\VeTLIuD.exe
  2⤵
  PID:13844
- C:\Windows\System\YEsQCpT.exe
  C:\Windows\System\YEsQCpT.exe
  2⤵
  PID:13868
- C:\Windows\System\rrqxCaS.exe
  C:\Windows\System\rrqxCaS.exe
  2⤵
  PID:13904
- C:\Windows\System\QQhKtkq.exe
  C:\Windows\System\QQhKtkq.exe
  2⤵
  PID:13948
- C:\Windows\System\FZjPfdi.exe
  C:\Windows\System\FZjPfdi.exe
  2⤵
  PID:13972
- C:\Windows\System\jyXHPVT.exe
  C:\Windows\System\jyXHPVT.exe
  2⤵
  PID:14000
- C:\Windows\System\uQoWvwU.exe
  C:\Windows\System\uQoWvwU.exe
  2⤵
  PID:14016
- C:\Windows\System\zRBxzcu.exe
  C:\Windows\System\zRBxzcu.exe
  2⤵
  PID:14040
- C:\Windows\System\HTvXWOj.exe
  C:\Windows\System\HTvXWOj.exe
  2⤵
  PID:14072
- C:\Windows\System\GjDgylH.exe
  C:\Windows\System\GjDgylH.exe
  2⤵
  PID:14096
- C:\Windows\System\DmbASBO.exe
  C:\Windows\System\DmbASBO.exe
  2⤵
  PID:14132
- C:\Windows\System\MNlPutY.exe
  C:\Windows\System\MNlPutY.exe
  2⤵
  PID:14160
- C:\Windows\System\KSGnLud.exe
  C:\Windows\System\KSGnLud.exe
  2⤵
  PID:14192
- C:\Windows\System\kxeoOOq.exe
  C:\Windows\System\kxeoOOq.exe
  2⤵
  PID:14220
- C:\Windows\System\tubCEHV.exe
  C:\Windows\System\tubCEHV.exe
  2⤵
  PID:14248
- C:\Windows\System\mLrOUQR.exe
  C:\Windows\System\mLrOUQR.exe
  2⤵
  PID:14276
- C:\Windows\System\sRiJcTW.exe
  C:\Windows\System\sRiJcTW.exe
  2⤵
  PID:14312
- C:\Windows\System\WJFZDdT.exe
  C:\Windows\System\WJFZDdT.exe
  2⤵
  PID:12492
- C:\Windows\System\lfquNSu.exe
  C:\Windows\System\lfquNSu.exe
  2⤵
  PID:13316
- C:\Windows\System\wWZlnMk.exe
  C:\Windows\System\wWZlnMk.exe
  2⤵
  PID:12352
- C:\Windows\System\NsOcJXG.exe
  C:\Windows\System\NsOcJXG.exe
  2⤵
  PID:13364
- C:\Windows\System\FxsvBaF.exe
  C:\Windows\System\FxsvBaF.exe
  2⤵
  PID:13556
- C:\Windows\System\bkUGhPh.exe
  C:\Windows\System\bkUGhPh.exe
  2⤵
  PID:13596
- C:\Windows\System\xLXRwlo.exe
  C:\Windows\System\xLXRwlo.exe
  2⤵
  PID:13744
- C:\Windows\System\QogVAPh.exe
  C:\Windows\System\QogVAPh.exe
  2⤵
  PID:13640
- C:\Windows\System\NuDnLsK.exe
  C:\Windows\System\NuDnLsK.exe
  2⤵
  PID:13764
- C:\Windows\System\MwJwGUd.exe
  C:\Windows\System\MwJwGUd.exe
  2⤵
  PID:13876
- C:\Windows\System\eqHuNFO.exe
  C:\Windows\System\eqHuNFO.exe
  2⤵
  PID:13916
- C:\Windows\System\wqcODBx.exe
  C:\Windows\System\wqcODBx.exe
  2⤵
  PID:14080
- C:\Windows\System\UsfzBAz.exe
  C:\Windows\System\UsfzBAz.exe
  2⤵
  PID:13984
- C:\Windows\System\oPzBZaV.exe
  C:\Windows\System\oPzBZaV.exe
  2⤵
  PID:14032
- C:\Windows\System\uyEjVLt.exe
  C:\Windows\System\uyEjVLt.exe
  2⤵
  PID:14068
- C:\Windows\System\DbMEZpG.exe
  C:\Windows\System\DbMEZpG.exe
  2⤵
  PID:13420

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CNLpnjT.exe

Filesize
2.0MB

MD5
699a5831783d5035f01d3077b4952c45

SHA1
0edf94608b108a6c4a61d66dae5942f993215a2e

SHA256
02ccb1d2fbd4923265a56c87ed426714fa93fa2d394166855a40c0dd38e43854

SHA512
b819c1fe4f946259128502f389599f31d1832dcea7b8ef20f563bb6de52169817ab01a8aeb0b32dfb1574c03aca5b0ad420e4be89d56b20196228a2f2591bf12

Download Submit
C:\Windows\System\CuEbotF.exe

Filesize
2.0MB

MD5
5959c29faacd0068faf95843dbba39d2

SHA1
11c1e82dd800e9453266f2a4c658967b0993c309

SHA256
80cf497b2a2b8dec084860297f2eb778408b502256a8e9bb148d40f32b3de76b

SHA512
2d1d0bc0e4acbb979039256eb5838489c82bc38350ec610a35e6e47cac0bb76a396eb0c76ebb055de4c4dc322e5014422842533b026ba41d6c4e7fd059ab6315

Download Submit
C:\Windows\System\ECzRYGd.exe

Filesize
2.0MB

MD5
024453b2e0305ead5d9fad61259f293e

SHA1
0907c0810486e7b94cbf876082c35f24b41c4c90

SHA256
cfac177a4046487fe2992f5202d387e9d8c864ea0be5754c1c2cbede7cf16273

SHA512
ccf0d637eef013e275eec8100a1d0cef4e94553d7fdb73cebcd5763beb5ef20268e81362f60b4abcaafecb7ed195219f19690156ea3ad5cce2389d51bbe61bd8

Download Submit
C:\Windows\System\ETHPqMn.exe

Filesize
2.0MB

MD5
7faab8ac222307ace477ace600712fe3

SHA1
2309dc26054ce01b7b804594d3a2536306df45c1

SHA256
758ac1f44bc167a037b0cccbc8d7656d95002afe073273421c8e730be45bdf4e

SHA512
7a07c0cd52d1efc4eaf211806aff89f1a61266d5851962b3c304d381d0285426270edd2d11e52d56dc4e7142171c293a64c97dd72ceb05c2e5146aab7afbe758

Download Submit
C:\Windows\System\EddjaHT.exe

Filesize
2.0MB

MD5
d6e3dd8a11678ebf4e91b82c30b8839c

SHA1
a0f5d7911f4f0bf563d2545689160ca958254a6d

SHA256
7eed4b8914cb507fe5270ab244f9bb4b9f201579a313537575750d3cf2bcab21

SHA512
1dc6458a40dcac1fd3ab5dd180425d25fb819b417948a4c917258fd8acebb34ac881c514a8c3ec3547256b97dfbd3614c5eb6df08941aebed3911fc1da59a96a

Download Submit
C:\Windows\System\GrnBllw.exe

Filesize
2.0MB

MD5
ca55f9b63d5c14d3cd270169b5c26044

SHA1
1156456f497eff4713e9038988492dce41e28373

SHA256
c08dd1f5c8ac7e9a566c79b18614082922864909442034b379e1c7ba8d0d84a4

SHA512
b0c080bef0dc18ca8dcb4c831e078ed67acca20c772d974a8ff2f7ac7317550ef65a307a48c5983c8e5215f6fb1dccf69f4fa3bd324a6bc8fa20c6577e2c63c0

Download Submit
C:\Windows\System\JyvGtUy.exe

Filesize
2.0MB

MD5
7be54d6d4a88e29df41a67f7ea30226c

SHA1
0af4d59695648d3ee813fa658eeba53da0ccfafe

SHA256
b0bd1c45a01f25a0b601219019ab015b34923aa4331b749a4c7a16bb8c7ff465

SHA512
b98ab6d97cffd6a1e03ef99fdb22ac2eff06d6765a6d55d760e0dc9086d4cc4b78afb97c0117c2144ccf43cff33908d2fc708dee364c7b6d055a0b26d55fd85a

Download Submit
C:\Windows\System\LgjVfkg.exe

Filesize
2.0MB

MD5
4faf8d16b1d8c7ec002e327761f647b6

SHA1
0227da535309987b76ddec8947ff3ca453d1ab97

SHA256
57118dcc4a03b67c340471585ee42bdd5f9605d6a1609390e0c83c3d82a7eaa8

SHA512
4949e285a4b045b2748dcabfa1fd2d64fec93909317757012b773f4c3e9241be4a89ee0909aeca139ab15602232aeca0d9c86f62dbe2108e74624bc2b2dbce8f

Download Submit
C:\Windows\System\MzDegjj.exe

Filesize
2.0MB

MD5
24cdf765fd2e44a8e66583ad7efd14e0

SHA1
509a9f784be37570804c4e4dbc80a9f4b80b3c58

SHA256
63609eacdd80881fbc023e00505ab23f5f68317328510e528f396fb48a4b7852

SHA512
1587cd7b1010d8fa28f1dd72e2f8fc4b12810266db28fa6ab47a12fdf371648b3d423f8e973aee2516fa3f0e230f347b36d35ee97d5bc664285a846805470094

Download Submit
C:\Windows\System\OTyZTaL.exe

Filesize
2.0MB

MD5
633fa2c074d7fa37aeec0457e1a95910

SHA1
51a0975b0800d4479953a792838161032073a4b9

SHA256
65825d1ce4f7690463ae4a1ad3a2ef40d3f3d31c6f8d9489e7a0db977e8494d5

SHA512
212413a26f2d2c6cce4e1df1db4d12eba90b839610a4e8cd2b0e687bcf273ed0bb3b18f8a28ad1bfe0c01b2be871fc532366c08d068f40d3d6f1a685c452677f

Download Submit
C:\Windows\System\RyxseWf.exe

Filesize
2.0MB

MD5
f67a392dbec1446295cb4a3f48ccd8fd

SHA1
c85af6a154314e4b2c3bece40c057013f7986676

SHA256
9be8f06983006df604946e63d653d2f25565063bbf5f70e047936133c919cc6b

SHA512
81dbba6cf0c8b15609b411c51e975f74119cf0f090183bfeb527f46e2de04ac030e98ffe4395cb558c83c02f091a08ef5c616e90b778e32e8eb8d5c05c2875fd

Download Submit
C:\Windows\System\SjjnjPd.exe

Filesize
2.0MB

MD5
681362cc0b0bbc5c2b4dd8a65d9e75aa

SHA1
b4331c78b75d6ebc60556e89e50c698b815b7605

SHA256
4a0a954bd6bb168208efdcf4e1f829910532c7ccd2f20e1499b7e70a3b7277e2

SHA512
f87c2dfaeae87aaef35d8daf8d2d804c753b4f73033e32d6563300082e4fc722df4588c371db6a60a2bbd880206d6f37a3b4342ac3f99980a74a3470f004623b

Download Submit
C:\Windows\System\UMhHIFd.exe

Filesize
2.0MB

MD5
bc4a44b8cb9fecffc9515b53f029dbf8

SHA1
85e6b849072027deb408a4b282df50a8f150d55f

SHA256
5404166bd868c3e1ce9196a964905bbdcec61ab55659d1acd70d2ef7ba725b21

SHA512
1b4af8464dd16fdbbe03fae74d8f20553c834a0d257958cabb113e26fff41805593b8def9200e4f3133d51a2710019c72534822ae7b3b8d7aedf1645f7236b3a

Download Submit
C:\Windows\System\WaZhmSd.exe

Filesize
2.0MB

MD5
34c6cd490c359829958bf1884545b25f

SHA1
7123e4910482c2113a6d5d10caf684ead2769822

SHA256
5897bf3b09b21b9e5da98b5945190267495fbe17529b7a280bd632e74b755dd0

SHA512
a220e4a859bd494459961b16b4e4e9abbabe56c47f2b75484c86ee4b61ceb69ae4c5cbf5684f6f7579c8bef83c211ffc8379e6f9fe755694b57476ef499f405b

Download Submit
C:\Windows\System\ZAOwesa.exe

Filesize
2.0MB

MD5
45a1508fb4087b9056536d6ae7a3acb0

SHA1
20d26b587bb2a3744a7222a94b71e4397bc480fe

SHA256
6076a542a8faf141e740cb5037e347f0ad4c7bf67d4b0a152a1a9808f64c3d19

SHA512
7e1bce9a4d128389cbdc75b6aac6092fc79a32cd9155c023b764946122ed731e4a2a7e0fba2cd9d601b7567ca09896c53370c557547bb846f0d19bda9a2e2e43

Download Submit
C:\Windows\System\aKLaqHq.exe

Filesize
2.0MB

MD5
b898dcb3c7c676276ad9d6ce432e227c

SHA1
f068524e28ac9c56655b27bf0eb2a23dadcdb7b7

SHA256
0c992eb57fcaaa5ac4bacb1dd172a5f7a0df5c9db8374e5cbf1f5aaf52670b10

SHA512
873fff5693b86442afe8a7a864dd6235a62d8584d062e6c147601c60dc8c3364b24314456627d777bbd52d94c1f63016fab0e9978ceea5719aa25a05b7e31cda

Download Submit
C:\Windows\System\adBVDHX.exe

Filesize
2.0MB

MD5
5c44a8c9434ce9ae2ce85d33f6ff68d0

SHA1
ba039a223cba2ab1b3dcc96ffb8cf480af0e0995

SHA256
0f9cb7dfdc61cee8925b83453ebb19a7626b1395c7fb07d16eaae382df3ba48e

SHA512
7e8428c75c560baa2d56e2fcf917310807b1675aa2b553dd2b2988ec92692edfb76fce4107da0ad2cbce2da0f4a841af32e5722257a080433053fa8f7b114884

Download Submit
C:\Windows\System\dbgdFQS.exe

Filesize
2.0MB

MD5
6649a1dc9d9ce312d2277a03a96b0a06

SHA1
2c83bc3b603527952181fc1c28ce1f59ce401dd9

SHA256
e1692989f44d86e039752bc74d674519555c9d8ba6645dbc342f6d4560e256ca

SHA512
dd2f46f0fec33ffe4af06dff6d115996890c9c6eca458ed3d1a0ffaa6c94dd484a6c81803751b0e9722297fd0e2d6b7b6ab19637caa0b0cd27c1a2c3c252c5f5

Download Submit
C:\Windows\System\eRbOMbt.exe

Filesize
2.0MB

MD5
2cc9902fcae7d3f28a6a08d2d7385e82

SHA1
709a06120b4200b558bb7a85ebac808f36989593

SHA256
55e8f45959c69207caffb45cd111f3f251e88fe9b47583032ba3dbdd09c120cb

SHA512
b321309d528b07a996c33c41252f43c9fda30bc072ae3449149c4894327d16a7bdf087da060ed1669eeaead4377eda06bf8b559abf119e81f531c7e9fdd6842f

Download Submit
C:\Windows\System\eZNISdW.exe

Filesize
2.0MB

MD5
68a14854f490737974db4f58ce87b5f7

SHA1
b08369ffd43f2e4c3c5921d760e9a16245b1b49b

SHA256
473131a9ad24a35439a1b8f5c528c701276f88d1c95160b072729ee9702a5010

SHA512
12df73e63b9c54477c7b71486814616c2f7feb2250efa6de2ff35f2816d131f24ff1b4fd5358c574175844cfdb62306e37916f79d42e59c94c770c8a09ef2dbd

Download Submit
C:\Windows\System\encCcKl.exe

Filesize
2.0MB

MD5
ef8f372d3cf71d9e5aaf47c63d0171bd

SHA1
cd54e19edfe4c153bb101d28fa5893e1b34cf10e

SHA256
4f67b17e8035da345c0ced292b34f08e4031c4c5cde8dafda0d07eede6e63029

SHA512
db72acdfd4bb8f2be1b8127b48db8bce94e5aae35c1c4e514ac0e6a0ca440329c1f2cd3eb6edabdf9ac51fa90b08e626be5e11b520aba9dc4a56d88d41aa8075

Download Submit
C:\Windows\System\faJelIx.exe

Filesize
2.0MB

MD5
83639651bc564ebd38f7535ba54c2f20

SHA1
6a7806aad129e7c55bcb0ebbce071704fd253ffa

SHA256
2353503c0050e64c82ff6e0e3342c8820dab9fdd5a636a656c9457e981f9327f

SHA512
f4d873c8eb8facc3721ec4f4e92b8f5c35ffa941b3810488fb2ff7cf95b7288c304ce4bc31ae3733595ff02d10208ac710c270f0ae1145a66d8d0edab3aaa895

Download Submit
C:\Windows\System\hPICdEr.exe

Filesize
2.0MB

MD5
f3ed7e44511ffa1051d0279127c1d147

SHA1
0fe030f65b0bb8c7be8a2522e1e2f487a3e347b2

SHA256
ec508d4b4603a84ecbc8419b40783294158f87660e0e93f3102a691a953aeea1

SHA512
b3bbcb74d49d4de7e92636e8c9764c22da28846ee9b19453e930cc9f617a0c3a18e05127035cf5573176fbf75bf650da54776d8151cd99437bfece71cd7b85d4

Download Submit
C:\Windows\System\hwlLssN.exe

Filesize
2.0MB

MD5
7b9b6535b5a98082262f044d09022f59

SHA1
8f41a97bc57f33a7ba68fa52f5d6bc82e24737bf

SHA256
efbb9ed8df1cb95108a56d8563768be76dd73538070cdbc2f8b52626f0713cd8

SHA512
2f37e073eef3dfcee73178d29ccece7c5841c48891d824e83088f8fad15bfaf439ac023f41367461cf75b73972737437b03ad4e639037e5501c119a5bc6a1309

Download Submit
C:\Windows\System\kQDboPS.exe

Filesize
2.0MB

MD5
ce1d2ab2034efc80ed9d89160b63d43a

SHA1
71343391e5a0285f395b4172a0bf97c4fbe85146

SHA256
7e4d0270f6b2f0a6056b9052666fb975a361ed0f8a881fc4484c00a29bbc5420

SHA512
30a511db86deedfbc37a3bebf0a04760303eafe9a517b352f9c4b7a61dd26b91a179f4503f7693cd163a324d68191cd73e56a1e1826e2d18d49dc2c4f33fad0f

Download Submit
C:\Windows\System\kwAyRQU.exe

Filesize
2.0MB

MD5
5a7a836a30d47711dd2aed7a93b02d78

SHA1
ca05137c8ae016a972a30d44290b3044898ea93c

SHA256
f5236b0a33860224e537611f9e0f7cd6020087844e246ccf62d7d387c8621113

SHA512
1b5e3458fef53d324737ca2811bd5554721f092750b2b16dbb33dce2114a87bd5ecdb16ad2eebade5b99f8de7207da77c571daaddc94ada06a175816a189d60e

Download Submit
C:\Windows\System\lcKDYhL.exe

Filesize
2.0MB

MD5
767f4731b55355e20c8d553ebfed3edc

SHA1
44d974cf151dca6134859e987d175d46092b2bee

SHA256
f996da78852dd158981204dbc529765cca0749d30aa7807752387e1ca2fa748b

SHA512
cfd1438ee52680f1825a84cdd1a16cfa21597d15635f9caa4bc40456d5272c8d3862d6d8b18b0bec893739bcdbdb3ef9d4397a680c762bc12be13a9765a8d303

Download Submit
C:\Windows\System\mrxQWgK.exe

Filesize
2.0MB

MD5
fe9af91f631d597af3b54740a70c42cf

SHA1
ab0d691a7bd6922340e7f3770caf6813c0cd461e

SHA256
5080b3bd2fd2dc1de28def92de49d07faa63ffe9ce5bd6af308da2117ded283e

SHA512
478124a7fce4c212ffe58ec8f6ba904ba4f49224aa9e8febc4192e1f1a669a5eb5f0197886cc60e67aee1392e82fc0d024baf39726dfac51b3a307d83e63fda6

Download Submit
C:\Windows\System\qqeZofP.exe

Filesize
2.0MB

MD5
c1729a057404164438d199022b8c1d96

SHA1
361ee528e99471c66890ea4531e7ee481d99e463

SHA256
572e66ccbac0c5ad1c1a293e76b4d14517b4e25884675053605a6d6b60e2ef27

SHA512
e370680610a2e95eccaf76c2df866507b026182f9d734a0e18ab2e38a946154712cc8b8df8ea78ef4f93f964e52bcfa11849d9ad6e58f9278a3ce997ebf7a269

Download Submit
C:\Windows\System\ukJxjPb.exe

Filesize
2.0MB

MD5
19da67db5f9a9b24a2cf1a291d5cb7b2

SHA1
6e0b1e8d6fce516cdf2ea1a265851a629116679f

SHA256
be1bb00935b7ad75758933b164c758cc69fe5e143ef6c5473fec83e2f73aa657

SHA512
48a9d83207b5ca2478e88c161e6d3dc2343b53700b94686fbecf1b1dc21dc12c28fb45691270db6b21af8aac5ed9ef7fc048a66cec51902cbcde940c4e124718

Download Submit
C:\Windows\System\wnWHkgU.exe

Filesize
2.0MB

MD5
121ac7a730284aafa78cf78a14ac288f

SHA1
a12ff636aef5a11bd50ca799c33940dd49c572ad

SHA256
92914e4fe89da229435970e2ddcc102c43f7f51d2ec51f6fca929dcfbbf0d27f

SHA512
88b4a0dc407102d130cc2a902176b81b1489637ebcdab2a22d357ca8a0f6b2297a1bc411cf07363d74d7fba21e1ac81910e5ac55162f80eebc90b2b34c3dfd81

Download Submit
C:\Windows\System\xINQupQ.exe

Filesize
2.0MB

MD5
b81030365e50f486a55ea5e55b9f1176

SHA1
103ace40c22007e1a9aca426123edf784cdbf298

SHA256
4bc73ce00356cd1c98b52f7f3c0f5d805bbfdf256267dfc609830e0c076836a5

SHA512
c8d66300708419770abdabc609ae01449f2d987f5ce3a83804dc0f2e9b09484ecfc592146ababdac3e72e274c09285facc441b1f832196df20052f079e16f788

Download Submit
C:\Windows\System\xhjNiuJ.exe

Filesize
2.0MB

MD5
66857140f17f81cad315db2190364b2f

SHA1
3a17792174ebad14666d97e445fa00d115cd99dd

SHA256
b589dc6ac0924f428e3d2dbb0a22132091b6f4911e8c8f848b1ab8f06810a41c

SHA512
1142a30cf4af58c953fe6123d2f8a5cc2784a0b35011895c828fe515a2418459759ec928e2cd02f588145d4a6f596ee70bf110c10eff189c5689352f5a8ac0c8

Download Submit
memory/648-150-0x00007FF7C00C0000-0x00007FF7C0414000-memory.dmp

Filesize
3.3MB

Download
memory/648-2114-0x00007FF7C00C0000-0x00007FF7C0414000-memory.dmp

Filesize
3.3MB

Download
memory/824-174-0x00007FF69AF40000-0x00007FF69B294000-memory.dmp

Filesize
3.3MB

Download
memory/824-2123-0x00007FF69AF40000-0x00007FF69B294000-memory.dmp

Filesize
3.3MB

Download
memory/1160-2116-0x00007FF781780000-0x00007FF781AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1160-164-0x00007FF781780000-0x00007FF781AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-0-0x00007FF6AE5A0000-0x00007FF6AE8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-1-0x000001AAED5B0000-0x000001AAED5C0000-memory.dmp

Filesize
64KB

Download
memory/1900-169-0x00007FF739DD0000-0x00007FF73A124000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2130-0x00007FF739DD0000-0x00007FF73A124000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2122-0x00007FF6CE7C0000-0x00007FF6CEB14000-memory.dmp

Filesize
3.3MB

Download
memory/1936-163-0x00007FF6CE7C0000-0x00007FF6CEB14000-memory.dmp

Filesize
3.3MB

Download
memory/2008-151-0x00007FF76FA40000-0x00007FF76FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2118-0x00007FF76FA40000-0x00007FF76FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2228-39-0x00007FF78E2A0000-0x00007FF78E5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2101-0x00007FF78E2A0000-0x00007FF78E5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2104-0x00007FF78E2A0000-0x00007FF78E5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-175-0x00007FF6BDAE0000-0x00007FF6BDE34000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2121-0x00007FF6BDAE0000-0x00007FF6BDE34000-memory.dmp

Filesize
3.3MB

Download
memory/2564-167-0x00007FF74A640000-0x00007FF74A994000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2128-0x00007FF74A640000-0x00007FF74A994000-memory.dmp

Filesize
3.3MB

Download
memory/2664-10-0x00007FF61EF90000-0x00007FF61F2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2102-0x00007FF61EF90000-0x00007FF61F2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2105-0x00007FF7D7BA0000-0x00007FF7D7EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-171-0x00007FF7D7BA0000-0x00007FF7D7EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2126-0x00007FF6889F0000-0x00007FF688D44000-memory.dmp

Filesize
3.3MB

Download
memory/2964-170-0x00007FF6889F0000-0x00007FF688D44000-memory.dmp

Filesize
3.3MB

Download
memory/3284-2108-0x00007FF606050000-0x00007FF6063A4000-memory.dmp

Filesize
3.3MB

Download
memory/3284-83-0x00007FF606050000-0x00007FF6063A4000-memory.dmp

Filesize
3.3MB

Download
memory/3304-2112-0x00007FF6D0C40000-0x00007FF6D0F94000-memory.dmp

Filesize
3.3MB

Download
memory/3304-104-0x00007FF6D0C40000-0x00007FF6D0F94000-memory.dmp

Filesize
3.3MB

Download
memory/3316-2119-0x00007FF6E3D80000-0x00007FF6E40D4000-memory.dmp

Filesize
3.3MB

Download
memory/3316-152-0x00007FF6E3D80000-0x00007FF6E40D4000-memory.dmp

Filesize
3.3MB

Download
memory/3576-114-0x00007FF662D10000-0x00007FF663064000-memory.dmp

Filesize
3.3MB

Download
memory/3576-2113-0x00007FF662D10000-0x00007FF663064000-memory.dmp

Filesize
3.3MB

Download
memory/3704-154-0x00007FF6BAF20000-0x00007FF6BB274000-memory.dmp

Filesize
3.3MB

Download
memory/3704-2127-0x00007FF6BAF20000-0x00007FF6BB274000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2100-0x00007FF7AC3C0000-0x00007FF7AC714000-memory.dmp

Filesize
3.3MB

Download
memory/3720-24-0x00007FF7AC3C0000-0x00007FF7AC714000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2106-0x00007FF7AC3C0000-0x00007FF7AC714000-memory.dmp

Filesize
3.3MB

Download
memory/3932-137-0x00007FF6B53C0000-0x00007FF6B5714000-memory.dmp

Filesize
3.3MB

Download
memory/3932-2111-0x00007FF6B53C0000-0x00007FF6B5714000-memory.dmp

Filesize
3.3MB

Download
memory/3972-176-0x00007FF7F0CB0000-0x00007FF7F1004000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2129-0x00007FF7F0CB0000-0x00007FF7F1004000-memory.dmp

Filesize
3.3MB

Download
memory/4008-2124-0x00007FF7A3D90000-0x00007FF7A40E4000-memory.dmp

Filesize
3.3MB

Download
memory/4008-166-0x00007FF7A3D90000-0x00007FF7A40E4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-2115-0x00007FF607E90000-0x00007FF6081E4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-173-0x00007FF607E90000-0x00007FF6081E4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-168-0x00007FF7D9940000-0x00007FF7D9C94000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2125-0x00007FF7D9940000-0x00007FF7D9C94000-memory.dmp

Filesize
3.3MB

Download
memory/4364-59-0x00007FF63F1D0000-0x00007FF63F524000-memory.dmp

Filesize
3.3MB

Download
memory/4364-2107-0x00007FF63F1D0000-0x00007FF63F524000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2110-0x00007FF75D440000-0x00007FF75D794000-memory.dmp

Filesize
3.3MB

Download
memory/4548-172-0x00007FF75D440000-0x00007FF75D794000-memory.dmp

Filesize
3.3MB

Download
memory/4568-20-0x00007FF697350000-0x00007FF6976A4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2099-0x00007FF697350000-0x00007FF6976A4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2103-0x00007FF697350000-0x00007FF6976A4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2120-0x00007FF6AC2E0000-0x00007FF6AC634000-memory.dmp

Filesize
3.3MB

Download
memory/4580-153-0x00007FF6AC2E0000-0x00007FF6AC634000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2117-0x00007FF703970000-0x00007FF703CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-165-0x00007FF703970000-0x00007FF703CC4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-115-0x00007FF768EF0000-0x00007FF769244000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2109-0x00007FF768EF0000-0x00007FF769244000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads