xmrig | 1a10e25908490c56355c6b74d82adfeedac0f8bb9918d61a13610beb2f3946fa

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
Size

2.2MB
MD5

90457cbcc08169420cbccd06b887b520
SHA1

9dda89c8172c4870e4080558c13fa481cdd5f1bb
SHA256

1a10e25908490c56355c6b74d82adfeedac0f8bb9918d61a13610beb2f3946fa
SHA512

67ab7671687074587a0d3cbeb3f4f23d84f1073f5acc7791749679b73e92f6a6d5ab7ad3e919830b8f14dda8c391ab0ac2a17f2b60d4a983794db444c41aaefe
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQHxH4T9eSMVZa:oemTLkNdfE0pZrQW

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3052-0-0x00007FF6230F0000-0x00007FF623444000-memory.dmp	xmrig
behavioral2/files/0x000600000002327d-4.dat	xmrig
behavioral2/files/0x00070000000233d7-9.dat	xmrig
behavioral2/memory/760-12-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp	xmrig
behavioral2/memory/4972-14-0x00007FF6C7C80000-0x00007FF6C7FD4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233db-37.dat	xmrig
behavioral2/files/0x00070000000233df-57.dat	xmrig
behavioral2/files/0x00070000000233e1-67.dat	xmrig
behavioral2/files/0x00070000000233e4-86.dat	xmrig
behavioral2/files/0x00070000000233ee-136.dat	xmrig
behavioral2/files/0x00070000000233f2-152.dat	xmrig
behavioral2/memory/4484-452-0x00007FF7E0210000-0x00007FF7E0564000-memory.dmp	xmrig
behavioral2/memory/4292-457-0x00007FF6C5D80000-0x00007FF6C60D4000-memory.dmp	xmrig
behavioral2/memory/4504-463-0x00007FF6BFF20000-0x00007FF6C0274000-memory.dmp	xmrig
behavioral2/memory/1676-472-0x00007FF626A00000-0x00007FF626D54000-memory.dmp	xmrig
behavioral2/memory/4508-488-0x00007FF79E840000-0x00007FF79EB94000-memory.dmp	xmrig
behavioral2/memory/2116-494-0x00007FF7D0C70000-0x00007FF7D0FC4000-memory.dmp	xmrig
behavioral2/memory/2860-522-0x00007FF715880000-0x00007FF715BD4000-memory.dmp	xmrig
behavioral2/memory/3056-530-0x00007FF6E95B0000-0x00007FF6E9904000-memory.dmp	xmrig
behavioral2/memory/1556-534-0x00007FF620420000-0x00007FF620774000-memory.dmp	xmrig
behavioral2/memory/3116-535-0x00007FF731980000-0x00007FF731CD4000-memory.dmp	xmrig
behavioral2/memory/1124-532-0x00007FF61DE10000-0x00007FF61E164000-memory.dmp	xmrig
behavioral2/memory/32-536-0x00007FF605080000-0x00007FF6053D4000-memory.dmp	xmrig
behavioral2/memory/5104-540-0x00007FF79B860000-0x00007FF79BBB4000-memory.dmp	xmrig
behavioral2/memory/1720-541-0x00007FF7A0450000-0x00007FF7A07A4000-memory.dmp	xmrig
behavioral2/memory/3408-539-0x00007FF795840000-0x00007FF795B94000-memory.dmp	xmrig
behavioral2/memory/3492-538-0x00007FF7FBC00000-0x00007FF7FBF54000-memory.dmp	xmrig
behavioral2/memory/2612-537-0x00007FF68F0E0000-0x00007FF68F434000-memory.dmp	xmrig
behavioral2/memory/3536-533-0x00007FF6C4870000-0x00007FF6C4BC4000-memory.dmp	xmrig
behavioral2/memory/3784-531-0x00007FF6B65A0000-0x00007FF6B68F4000-memory.dmp	xmrig
behavioral2/memory/3400-526-0x00007FF733E80000-0x00007FF7341D4000-memory.dmp	xmrig
behavioral2/memory/2084-487-0x00007FF667DC0000-0x00007FF668114000-memory.dmp	xmrig
behavioral2/memory/3732-483-0x00007FF71EC10000-0x00007FF71EF64000-memory.dmp	xmrig
behavioral2/memory/464-473-0x00007FF616CD0000-0x00007FF617024000-memory.dmp	xmrig
behavioral2/memory/4832-466-0x00007FF6E3860000-0x00007FF6E3BB4000-memory.dmp	xmrig
behavioral2/memory/2180-462-0x00007FF655CF0000-0x00007FF656044000-memory.dmp	xmrig
behavioral2/memory/3468-458-0x00007FF6B79E0000-0x00007FF6B7D34000-memory.dmp	xmrig
behavioral2/memory/4892-456-0x00007FF715670000-0x00007FF7159C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f5-165.dat	xmrig
behavioral2/files/0x00070000000233f4-162.dat	xmrig
behavioral2/files/0x00070000000233f3-160.dat	xmrig
behavioral2/files/0x00070000000233f1-150.dat	xmrig
behavioral2/files/0x00070000000233f0-146.dat	xmrig
behavioral2/files/0x00070000000233ef-141.dat	xmrig
behavioral2/files/0x00070000000233ed-131.dat	xmrig
behavioral2/files/0x00070000000233ec-126.dat	xmrig
behavioral2/files/0x00070000000233eb-120.dat	xmrig
behavioral2/files/0x00070000000233ea-116.dat	xmrig
behavioral2/files/0x00070000000233e9-111.dat	xmrig
behavioral2/files/0x00070000000233e8-105.dat	xmrig
behavioral2/files/0x00070000000233e7-101.dat	xmrig
behavioral2/files/0x00070000000233e6-95.dat	xmrig
behavioral2/files/0x00070000000233e5-91.dat	xmrig
behavioral2/files/0x00070000000233e3-81.dat	xmrig
behavioral2/files/0x00070000000233e2-75.dat	xmrig
behavioral2/files/0x00070000000233e0-65.dat	xmrig
behavioral2/files/0x00070000000233de-55.dat	xmrig
behavioral2/files/0x00070000000233dd-48.dat	xmrig
behavioral2/files/0x00070000000233dc-43.dat	xmrig
behavioral2/files/0x00070000000233da-33.dat	xmrig
behavioral2/files/0x00070000000233d9-30.dat	xmrig
behavioral2/files/0x00070000000233d8-25.dat	xmrig
behavioral2/files/0x00080000000233d3-11.dat	xmrig
behavioral2/memory/760-2076-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
760	KcXZNRT.exe
4972	UQkxHYD.exe
4484	iCWGcMO.exe
5104	SQlzPsW.exe
4892	uxEKZmV.exe
4292	lhZaiJX.exe
3468	trwdrHs.exe
1720	rLuuOFg.exe
2180	KPfAEZx.exe
4504	QqktjXS.exe
4832	WfoSTST.exe
1676	wmNENiP.exe
464	MhpjQBz.exe
3732	oyPDiZk.exe
2084	jnAmgjV.exe
4508	vpqyUCP.exe
2116	QFKeBXW.exe
2860	acFbveD.exe
3400	gLQavvX.exe
3056	upgnAGt.exe
3784	wFZlRQW.exe
1124	nzMUlnc.exe
3536	YQxszTN.exe
1556	ySQrtqu.exe
3116	BXyjeMx.exe
32	wXptvqs.exe
2612	FSOjmxI.exe
3492	hRQWLDK.exe
3408	JEowHsb.exe
624	ELPJYwX.exe
4780	WpXHUCW.exe
460	GrVNqHR.exe
4116	HeSWoHZ.exe
684	AXuqHwt.exe
3124	hhWfcIS.exe
3440	FNiAwDQ.exe
852	bemccjb.exe
3156	dFpQizc.exe
4856	UCoMLDd.exe
4984	HgXdrQL.exe
4060	bwKpOTB.exe
3528	PAbiJpd.exe
2676	egMwLXI.exe
4792	OUIVHHu.exe
2908	SGEkwKi.exe
3748	jtHUzqg.exe
4872	GOcytMZ.exe
652	FWWHxqY.exe
2420	DfRahiQ.exe
4532	QMSNeVs.exe
3240	JcUlrvE.exe
4704	BPJjLss.exe
1584	HHcAhzt.exe
4804	WEjxSfZ.exe
4412	tryNuwg.exe
1616	DRaflUV.exe
4084	CLJVFek.exe
4380	JhsbBVL.exe
4352	yMOJRjB.exe
2456	nKrkKcF.exe
3108	TPXTKni.exe
316	YDZEYPV.exe
404	zpfOiNy.exe
4476	uxhvZiH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3052-0-0x00007FF6230F0000-0x00007FF623444000-memory.dmp	upx
behavioral2/files/0x000600000002327d-4.dat	upx
behavioral2/files/0x00070000000233d7-9.dat	upx
behavioral2/memory/760-12-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp	upx
behavioral2/memory/4972-14-0x00007FF6C7C80000-0x00007FF6C7FD4000-memory.dmp	upx
behavioral2/files/0x00070000000233db-37.dat	upx
behavioral2/files/0x00070000000233df-57.dat	upx
behavioral2/files/0x00070000000233e1-67.dat	upx
behavioral2/files/0x00070000000233e4-86.dat	upx
behavioral2/files/0x00070000000233ee-136.dat	upx
behavioral2/files/0x00070000000233f2-152.dat	upx
behavioral2/memory/4484-452-0x00007FF7E0210000-0x00007FF7E0564000-memory.dmp	upx
behavioral2/memory/4292-457-0x00007FF6C5D80000-0x00007FF6C60D4000-memory.dmp	upx
behavioral2/memory/4504-463-0x00007FF6BFF20000-0x00007FF6C0274000-memory.dmp	upx
behavioral2/memory/1676-472-0x00007FF626A00000-0x00007FF626D54000-memory.dmp	upx
behavioral2/memory/4508-488-0x00007FF79E840000-0x00007FF79EB94000-memory.dmp	upx
behavioral2/memory/2116-494-0x00007FF7D0C70000-0x00007FF7D0FC4000-memory.dmp	upx
behavioral2/memory/2860-522-0x00007FF715880000-0x00007FF715BD4000-memory.dmp	upx
behavioral2/memory/3056-530-0x00007FF6E95B0000-0x00007FF6E9904000-memory.dmp	upx
behavioral2/memory/1556-534-0x00007FF620420000-0x00007FF620774000-memory.dmp	upx
behavioral2/memory/3116-535-0x00007FF731980000-0x00007FF731CD4000-memory.dmp	upx
behavioral2/memory/1124-532-0x00007FF61DE10000-0x00007FF61E164000-memory.dmp	upx
behavioral2/memory/32-536-0x00007FF605080000-0x00007FF6053D4000-memory.dmp	upx
behavioral2/memory/5104-540-0x00007FF79B860000-0x00007FF79BBB4000-memory.dmp	upx
behavioral2/memory/1720-541-0x00007FF7A0450000-0x00007FF7A07A4000-memory.dmp	upx
behavioral2/memory/3408-539-0x00007FF795840000-0x00007FF795B94000-memory.dmp	upx
behavioral2/memory/3492-538-0x00007FF7FBC00000-0x00007FF7FBF54000-memory.dmp	upx
behavioral2/memory/2612-537-0x00007FF68F0E0000-0x00007FF68F434000-memory.dmp	upx
behavioral2/memory/3536-533-0x00007FF6C4870000-0x00007FF6C4BC4000-memory.dmp	upx
behavioral2/memory/3784-531-0x00007FF6B65A0000-0x00007FF6B68F4000-memory.dmp	upx
behavioral2/memory/3400-526-0x00007FF733E80000-0x00007FF7341D4000-memory.dmp	upx
behavioral2/memory/2084-487-0x00007FF667DC0000-0x00007FF668114000-memory.dmp	upx
behavioral2/memory/3732-483-0x00007FF71EC10000-0x00007FF71EF64000-memory.dmp	upx
behavioral2/memory/464-473-0x00007FF616CD0000-0x00007FF617024000-memory.dmp	upx
behavioral2/memory/4832-466-0x00007FF6E3860000-0x00007FF6E3BB4000-memory.dmp	upx
behavioral2/memory/2180-462-0x00007FF655CF0000-0x00007FF656044000-memory.dmp	upx
behavioral2/memory/3468-458-0x00007FF6B79E0000-0x00007FF6B7D34000-memory.dmp	upx
behavioral2/memory/4892-456-0x00007FF715670000-0x00007FF7159C4000-memory.dmp	upx
behavioral2/files/0x00070000000233f5-165.dat	upx
behavioral2/files/0x00070000000233f4-162.dat	upx
behavioral2/files/0x00070000000233f3-160.dat	upx
behavioral2/files/0x00070000000233f1-150.dat	upx
behavioral2/files/0x00070000000233f0-146.dat	upx
behavioral2/files/0x00070000000233ef-141.dat	upx
behavioral2/files/0x00070000000233ed-131.dat	upx
behavioral2/files/0x00070000000233ec-126.dat	upx
behavioral2/files/0x00070000000233eb-120.dat	upx
behavioral2/files/0x00070000000233ea-116.dat	upx
behavioral2/files/0x00070000000233e9-111.dat	upx
behavioral2/files/0x00070000000233e8-105.dat	upx
behavioral2/files/0x00070000000233e7-101.dat	upx
behavioral2/files/0x00070000000233e6-95.dat	upx
behavioral2/files/0x00070000000233e5-91.dat	upx
behavioral2/files/0x00070000000233e3-81.dat	upx
behavioral2/files/0x00070000000233e2-75.dat	upx
behavioral2/files/0x00070000000233e0-65.dat	upx
behavioral2/files/0x00070000000233de-55.dat	upx
behavioral2/files/0x00070000000233dd-48.dat	upx
behavioral2/files/0x00070000000233dc-43.dat	upx
behavioral2/files/0x00070000000233da-33.dat	upx
behavioral2/files/0x00070000000233d9-30.dat	upx
behavioral2/files/0x00070000000233d8-25.dat	upx
behavioral2/files/0x00080000000233d3-11.dat	upx
behavioral2/memory/760-2076-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JveeATT.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\aAcsqxK.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\PqfFvRd.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\pIijtCq.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\gcGwyMb.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\uQmrggn.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\hmnPzmK.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\oPKzYgr.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\gqmpzVc.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\LFgsgVq.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\BJckrNb.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\fibYinx.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\zBBZwSP.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\apRYMyF.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\fTyflkw.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\oZIcQOH.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\VFZHyzk.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\NIlhXpg.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\BzOPxbI.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\UrWndiX.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\RTBvKHz.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\ZSYdowW.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\oMSqYTp.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\hKojRsW.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\YcmOLKS.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\giyXbQK.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\yYnyCqY.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\xxcsWyt.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\oIzQGOu.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\hrwMYvz.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\edQbBZO.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\hHmcNvv.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\Ebdqixk.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\PudMGSZ.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\zcBQmko.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\tQzVbIj.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\tCpHRLn.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\bNmmWyu.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\fkMznbT.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\UxIasbW.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\bemccjb.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\prZdjbs.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\HKuqZlt.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\wwmJVIa.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\qWvTqJs.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\Vhmcnqy.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\yIbdCvZ.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\bolaaaw.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\oCLRcfF.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\PyuZhcg.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\RZWYCTa.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\sCOXDIN.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\VIXujZo.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\FDCFXmL.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\kbdDkMM.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\MhpjQBz.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\DRaflUV.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\bePMUdf.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\GHpiBFc.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\pJJJolx.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\SgbbUIG.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\VZZfudl.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\cStlsHu.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
File created	C:\Windows\System\ViNRdrG.exe	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14820	dwm.exe
Token: SeChangeNotifyPrivilege	14820	dwm.exe
Token: 33	14820	dwm.exe
Token: SeIncBasePriorityPrivilege	14820	dwm.exe
Token: SeShutdownPrivilege	14820	dwm.exe
Token: SeCreatePagefilePrivilege	14820	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 760	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	82
PID 3052 wrote to memory of 760	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	82
PID 3052 wrote to memory of 4972	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	83
PID 3052 wrote to memory of 4972	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	83
PID 3052 wrote to memory of 4484	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	84
PID 3052 wrote to memory of 4484	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	84
PID 3052 wrote to memory of 5104	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	85
PID 3052 wrote to memory of 5104	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	85
PID 3052 wrote to memory of 4892	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	86
PID 3052 wrote to memory of 4892	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	86
PID 3052 wrote to memory of 4292	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	87
PID 3052 wrote to memory of 4292	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	87
PID 3052 wrote to memory of 3468	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	88
PID 3052 wrote to memory of 3468	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	88
PID 3052 wrote to memory of 1720	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	89
PID 3052 wrote to memory of 1720	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	89
PID 3052 wrote to memory of 2180	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	90
PID 3052 wrote to memory of 2180	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	90
PID 3052 wrote to memory of 4504	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	91
PID 3052 wrote to memory of 4504	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	91
PID 3052 wrote to memory of 4832	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	92
PID 3052 wrote to memory of 4832	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	92
PID 3052 wrote to memory of 1676	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	93
PID 3052 wrote to memory of 1676	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	93
PID 3052 wrote to memory of 464	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	94
PID 3052 wrote to memory of 464	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	94
PID 3052 wrote to memory of 3732	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	95
PID 3052 wrote to memory of 3732	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	95
PID 3052 wrote to memory of 2084	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	96
PID 3052 wrote to memory of 2084	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	96
PID 3052 wrote to memory of 4508	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	97
PID 3052 wrote to memory of 4508	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	97
PID 3052 wrote to memory of 2116	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	98
PID 3052 wrote to memory of 2116	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	98
PID 3052 wrote to memory of 2860	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	99
PID 3052 wrote to memory of 2860	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	99
PID 3052 wrote to memory of 3400	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	100
PID 3052 wrote to memory of 3400	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	100
PID 3052 wrote to memory of 3056	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	101
PID 3052 wrote to memory of 3056	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	101
PID 3052 wrote to memory of 3784	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	102
PID 3052 wrote to memory of 3784	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	102
PID 3052 wrote to memory of 1124	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	103
PID 3052 wrote to memory of 1124	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	103
PID 3052 wrote to memory of 3536	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	104
PID 3052 wrote to memory of 3536	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	104
PID 3052 wrote to memory of 1556	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	105
PID 3052 wrote to memory of 1556	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	105
PID 3052 wrote to memory of 3116	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	106
PID 3052 wrote to memory of 3116	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	106
PID 3052 wrote to memory of 32	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	107
PID 3052 wrote to memory of 32	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	107
PID 3052 wrote to memory of 2612	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	108
PID 3052 wrote to memory of 2612	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	108
PID 3052 wrote to memory of 3492	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	109
PID 3052 wrote to memory of 3492	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	109
PID 3052 wrote to memory of 3408	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	110
PID 3052 wrote to memory of 3408	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	110
PID 3052 wrote to memory of 624	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	111
PID 3052 wrote to memory of 624	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	111
PID 3052 wrote to memory of 4780	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	112
PID 3052 wrote to memory of 4780	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	112
PID 3052 wrote to memory of 460	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	113
PID 3052 wrote to memory of 460	3052	90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\90457cbcc08169420cbccd06b887b520_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\System\KcXZNRT.exe
  C:\Windows\System\KcXZNRT.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\UQkxHYD.exe
  C:\Windows\System\UQkxHYD.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\iCWGcMO.exe
  C:\Windows\System\iCWGcMO.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\SQlzPsW.exe
  C:\Windows\System\SQlzPsW.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\uxEKZmV.exe
  C:\Windows\System\uxEKZmV.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\lhZaiJX.exe
  C:\Windows\System\lhZaiJX.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\trwdrHs.exe
  C:\Windows\System\trwdrHs.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\rLuuOFg.exe
  C:\Windows\System\rLuuOFg.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\KPfAEZx.exe
  C:\Windows\System\KPfAEZx.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\QqktjXS.exe
  C:\Windows\System\QqktjXS.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\WfoSTST.exe
  C:\Windows\System\WfoSTST.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\wmNENiP.exe
  C:\Windows\System\wmNENiP.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\MhpjQBz.exe
  C:\Windows\System\MhpjQBz.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\oyPDiZk.exe
  C:\Windows\System\oyPDiZk.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\jnAmgjV.exe
  C:\Windows\System\jnAmgjV.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\vpqyUCP.exe
  C:\Windows\System\vpqyUCP.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\QFKeBXW.exe
  C:\Windows\System\QFKeBXW.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\acFbveD.exe
  C:\Windows\System\acFbveD.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\gLQavvX.exe
  C:\Windows\System\gLQavvX.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\upgnAGt.exe
  C:\Windows\System\upgnAGt.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\wFZlRQW.exe
  C:\Windows\System\wFZlRQW.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\nzMUlnc.exe
  C:\Windows\System\nzMUlnc.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\YQxszTN.exe
  C:\Windows\System\YQxszTN.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\ySQrtqu.exe
  C:\Windows\System\ySQrtqu.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\BXyjeMx.exe
  C:\Windows\System\BXyjeMx.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\wXptvqs.exe
  C:\Windows\System\wXptvqs.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\FSOjmxI.exe
  C:\Windows\System\FSOjmxI.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\hRQWLDK.exe
  C:\Windows\System\hRQWLDK.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\JEowHsb.exe
  C:\Windows\System\JEowHsb.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\ELPJYwX.exe
  C:\Windows\System\ELPJYwX.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\WpXHUCW.exe
  C:\Windows\System\WpXHUCW.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\GrVNqHR.exe
  C:\Windows\System\GrVNqHR.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\HeSWoHZ.exe
  C:\Windows\System\HeSWoHZ.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\AXuqHwt.exe
  C:\Windows\System\AXuqHwt.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\hhWfcIS.exe
  C:\Windows\System\hhWfcIS.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\FNiAwDQ.exe
  C:\Windows\System\FNiAwDQ.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\bemccjb.exe
  C:\Windows\System\bemccjb.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\dFpQizc.exe
  C:\Windows\System\dFpQizc.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\UCoMLDd.exe
  C:\Windows\System\UCoMLDd.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\HgXdrQL.exe
  C:\Windows\System\HgXdrQL.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\bwKpOTB.exe
  C:\Windows\System\bwKpOTB.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\PAbiJpd.exe
  C:\Windows\System\PAbiJpd.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\egMwLXI.exe
  C:\Windows\System\egMwLXI.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\OUIVHHu.exe
  C:\Windows\System\OUIVHHu.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\SGEkwKi.exe
  C:\Windows\System\SGEkwKi.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\jtHUzqg.exe
  C:\Windows\System\jtHUzqg.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\GOcytMZ.exe
  C:\Windows\System\GOcytMZ.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\FWWHxqY.exe
  C:\Windows\System\FWWHxqY.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\DfRahiQ.exe
  C:\Windows\System\DfRahiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\QMSNeVs.exe
  C:\Windows\System\QMSNeVs.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\JcUlrvE.exe
  C:\Windows\System\JcUlrvE.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\BPJjLss.exe
  C:\Windows\System\BPJjLss.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\HHcAhzt.exe
  C:\Windows\System\HHcAhzt.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\WEjxSfZ.exe
  C:\Windows\System\WEjxSfZ.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\tryNuwg.exe
  C:\Windows\System\tryNuwg.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\DRaflUV.exe
  C:\Windows\System\DRaflUV.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\CLJVFek.exe
  C:\Windows\System\CLJVFek.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\JhsbBVL.exe
  C:\Windows\System\JhsbBVL.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\yMOJRjB.exe
  C:\Windows\System\yMOJRjB.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\nKrkKcF.exe
  C:\Windows\System\nKrkKcF.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\TPXTKni.exe
  C:\Windows\System\TPXTKni.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\YDZEYPV.exe
  C:\Windows\System\YDZEYPV.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\zpfOiNy.exe
  C:\Windows\System\zpfOiNy.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\uxhvZiH.exe
  C:\Windows\System\uxhvZiH.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\hxNWxdA.exe
  C:\Windows\System\hxNWxdA.exe
  2⤵
  PID:3684
- C:\Windows\System\jNjguKH.exe
  C:\Windows\System\jNjguKH.exe
  2⤵
  PID:2784
- C:\Windows\System\vTtjUXm.exe
  C:\Windows\System\vTtjUXm.exe
  2⤵
  PID:1136
- C:\Windows\System\qrGvwdG.exe
  C:\Windows\System\qrGvwdG.exe
  2⤵
  PID:860
- C:\Windows\System\VKsMVSA.exe
  C:\Windows\System\VKsMVSA.exe
  2⤵
  PID:2212
- C:\Windows\System\fbhMZGW.exe
  C:\Windows\System\fbhMZGW.exe
  2⤵
  PID:432
- C:\Windows\System\lNCoBVV.exe
  C:\Windows\System\lNCoBVV.exe
  2⤵
  PID:1984
- C:\Windows\System\swTVZbc.exe
  C:\Windows\System\swTVZbc.exe
  2⤵
  PID:4868
- C:\Windows\System\wrpknud.exe
  C:\Windows\System\wrpknud.exe
  2⤵
  PID:2744
- C:\Windows\System\yvbRjTN.exe
  C:\Windows\System\yvbRjTN.exe
  2⤵
  PID:2992
- C:\Windows\System\fMvtdhs.exe
  C:\Windows\System\fMvtdhs.exe
  2⤵
  PID:3976
- C:\Windows\System\avKPWrg.exe
  C:\Windows\System\avKPWrg.exe
  2⤵
  PID:5084
- C:\Windows\System\KoEyelm.exe
  C:\Windows\System\KoEyelm.exe
  2⤵
  PID:2560
- C:\Windows\System\hCUXfht.exe
  C:\Windows\System\hCUXfht.exe
  2⤵
  PID:636
- C:\Windows\System\lqbqjjH.exe
  C:\Windows\System\lqbqjjH.exe
  2⤵
  PID:2160
- C:\Windows\System\upeFLbC.exe
  C:\Windows\System\upeFLbC.exe
  2⤵
  PID:5096
- C:\Windows\System\aBZOZwQ.exe
  C:\Windows\System\aBZOZwQ.exe
  2⤵
  PID:1412
- C:\Windows\System\SKlSiwo.exe
  C:\Windows\System\SKlSiwo.exe
  2⤵
  PID:4540
- C:\Windows\System\PzWWsnb.exe
  C:\Windows\System\PzWWsnb.exe
  2⤵
  PID:3364
- C:\Windows\System\oNrAzfN.exe
  C:\Windows\System\oNrAzfN.exe
  2⤵
  PID:4348
- C:\Windows\System\FCsABiG.exe
  C:\Windows\System\FCsABiG.exe
  2⤵
  PID:1920
- C:\Windows\System\kQPpcxg.exe
  C:\Windows\System\kQPpcxg.exe
  2⤵
  PID:3164
- C:\Windows\System\AlQuSjo.exe
  C:\Windows\System\AlQuSjo.exe
  2⤵
  PID:424
- C:\Windows\System\mITskMo.exe
  C:\Windows\System\mITskMo.exe
  2⤵
  PID:2868
- C:\Windows\System\MrBruHP.exe
  C:\Windows\System\MrBruHP.exe
  2⤵
  PID:3232
- C:\Windows\System\PKGMAmN.exe
  C:\Windows\System\PKGMAmN.exe
  2⤵
  PID:4392
- C:\Windows\System\bePMUdf.exe
  C:\Windows\System\bePMUdf.exe
  2⤵
  PID:4144
- C:\Windows\System\oCLRcfF.exe
  C:\Windows\System\oCLRcfF.exe
  2⤵
  PID:2720
- C:\Windows\System\WJUcVDH.exe
  C:\Windows\System\WJUcVDH.exe
  2⤵
  PID:2848
- C:\Windows\System\dPpcZmq.exe
  C:\Windows\System\dPpcZmq.exe
  2⤵
  PID:3792
- C:\Windows\System\LWKavPV.exe
  C:\Windows\System\LWKavPV.exe
  2⤵
  PID:5124
- C:\Windows\System\AKIcFeU.exe
  C:\Windows\System\AKIcFeU.exe
  2⤵
  PID:5152
- C:\Windows\System\hKojRsW.exe
  C:\Windows\System\hKojRsW.exe
  2⤵
  PID:5176
- C:\Windows\System\xHhBJbF.exe
  C:\Windows\System\xHhBJbF.exe
  2⤵
  PID:5208
- C:\Windows\System\TGQsWXb.exe
  C:\Windows\System\TGQsWXb.exe
  2⤵
  PID:5232
- C:\Windows\System\CvykmYd.exe
  C:\Windows\System\CvykmYd.exe
  2⤵
  PID:5264
- C:\Windows\System\ttkgUeE.exe
  C:\Windows\System\ttkgUeE.exe
  2⤵
  PID:5292
- C:\Windows\System\LKjiDED.exe
  C:\Windows\System\LKjiDED.exe
  2⤵
  PID:5316
- C:\Windows\System\utDBQro.exe
  C:\Windows\System\utDBQro.exe
  2⤵
  PID:5348
- C:\Windows\System\xSkRtXk.exe
  C:\Windows\System\xSkRtXk.exe
  2⤵
  PID:5376
- C:\Windows\System\YhMScWf.exe
  C:\Windows\System\YhMScWf.exe
  2⤵
  PID:5404
- C:\Windows\System\oHTOeAO.exe
  C:\Windows\System\oHTOeAO.exe
  2⤵
  PID:5428
- C:\Windows\System\GHpiBFc.exe
  C:\Windows\System\GHpiBFc.exe
  2⤵
  PID:5456
- C:\Windows\System\OebdzyR.exe
  C:\Windows\System\OebdzyR.exe
  2⤵
  PID:5488
- C:\Windows\System\xevoUva.exe
  C:\Windows\System\xevoUva.exe
  2⤵
  PID:5536
- C:\Windows\System\OCNKfhi.exe
  C:\Windows\System\OCNKfhi.exe
  2⤵
  PID:5568
- C:\Windows\System\NoyGpcr.exe
  C:\Windows\System\NoyGpcr.exe
  2⤵
  PID:5600
- C:\Windows\System\voslFiW.exe
  C:\Windows\System\voslFiW.exe
  2⤵
  PID:5628
- C:\Windows\System\tGzhlQC.exe
  C:\Windows\System\tGzhlQC.exe
  2⤵
  PID:5660
- C:\Windows\System\cStlsHu.exe
  C:\Windows\System\cStlsHu.exe
  2⤵
  PID:5684
- C:\Windows\System\JIVeTLk.exe
  C:\Windows\System\JIVeTLk.exe
  2⤵
  PID:5712
- C:\Windows\System\HafUTZv.exe
  C:\Windows\System\HafUTZv.exe
  2⤵
  PID:5740
- C:\Windows\System\PyuZhcg.exe
  C:\Windows\System\PyuZhcg.exe
  2⤵
  PID:5768
- C:\Windows\System\PABZjFQ.exe
  C:\Windows\System\PABZjFQ.exe
  2⤵
  PID:5792
- C:\Windows\System\XtemFek.exe
  C:\Windows\System\XtemFek.exe
  2⤵
  PID:5820
- C:\Windows\System\AbsFeuP.exe
  C:\Windows\System\AbsFeuP.exe
  2⤵
  PID:5848
- C:\Windows\System\rPkiIfM.exe
  C:\Windows\System\rPkiIfM.exe
  2⤵
  PID:5880
- C:\Windows\System\HOuYmAD.exe
  C:\Windows\System\HOuYmAD.exe
  2⤵
  PID:5908
- C:\Windows\System\zBBZwSP.exe
  C:\Windows\System\zBBZwSP.exe
  2⤵
  PID:5936
- C:\Windows\System\oIzQGOu.exe
  C:\Windows\System\oIzQGOu.exe
  2⤵
  PID:5960
- C:\Windows\System\ecTEicX.exe
  C:\Windows\System\ecTEicX.exe
  2⤵
  PID:5992
- C:\Windows\System\wfEWFMW.exe
  C:\Windows\System\wfEWFMW.exe
  2⤵
  PID:6016
- C:\Windows\System\VhFwiKc.exe
  C:\Windows\System\VhFwiKc.exe
  2⤵
  PID:6048
- C:\Windows\System\PyDBUoh.exe
  C:\Windows\System\PyDBUoh.exe
  2⤵
  PID:6072
- C:\Windows\System\UsmyMaI.exe
  C:\Windows\System\UsmyMaI.exe
  2⤵
  PID:6104
- C:\Windows\System\GmarKSs.exe
  C:\Windows\System\GmarKSs.exe
  2⤵
  PID:6132
- C:\Windows\System\vxnJcrE.exe
  C:\Windows\System\vxnJcrE.exe
  2⤵
  PID:532
- C:\Windows\System\voxjzvz.exe
  C:\Windows\System\voxjzvz.exe
  2⤵
  PID:324
- C:\Windows\System\mjToyow.exe
  C:\Windows\System\mjToyow.exe
  2⤵
  PID:5220
- C:\Windows\System\prZdjbs.exe
  C:\Windows\System\prZdjbs.exe
  2⤵
  PID:1056
- C:\Windows\System\hJKSaHJ.exe
  C:\Windows\System\hJKSaHJ.exe
  2⤵
  PID:5312
- C:\Windows\System\TyEmhnS.exe
  C:\Windows\System\TyEmhnS.exe
  2⤵
  PID:5420
- C:\Windows\System\gacrsbN.exe
  C:\Windows\System\gacrsbN.exe
  2⤵
  PID:5476
- C:\Windows\System\OwVfcAl.exe
  C:\Windows\System\OwVfcAl.exe
  2⤵
  PID:5556
- C:\Windows\System\rlqFjiT.exe
  C:\Windows\System\rlqFjiT.exe
  2⤵
  PID:5592
- C:\Windows\System\YyBhdxZ.exe
  C:\Windows\System\YyBhdxZ.exe
  2⤵
  PID:2364
- C:\Windows\System\Kgaagve.exe
  C:\Windows\System\Kgaagve.exe
  2⤵
  PID:5724
- C:\Windows\System\iVDXzdd.exe
  C:\Windows\System\iVDXzdd.exe
  2⤵
  PID:5816
- C:\Windows\System\wuTFAHd.exe
  C:\Windows\System\wuTFAHd.exe
  2⤵
  PID:3740
- C:\Windows\System\fUOegNX.exe
  C:\Windows\System\fUOegNX.exe
  2⤵
  PID:5980
- C:\Windows\System\QnOAzih.exe
  C:\Windows\System\QnOAzih.exe
  2⤵
  PID:6036
- C:\Windows\System\nccyury.exe
  C:\Windows\System\nccyury.exe
  2⤵
  PID:5048
- C:\Windows\System\cMbnjFE.exe
  C:\Windows\System\cMbnjFE.exe
  2⤵
  PID:6116
- C:\Windows\System\KykQoAo.exe
  C:\Windows\System\KykQoAo.exe
  2⤵
  PID:3176
- C:\Windows\System\BbXHRGL.exe
  C:\Windows\System\BbXHRGL.exe
  2⤵
  PID:2972
- C:\Windows\System\SPUxSzD.exe
  C:\Windows\System\SPUxSzD.exe
  2⤵
  PID:5228
- C:\Windows\System\tQlwnPW.exe
  C:\Windows\System\tQlwnPW.exe
  2⤵
  PID:4472
- C:\Windows\System\ZGpicTr.exe
  C:\Windows\System\ZGpicTr.exe
  2⤵
  PID:5648
- C:\Windows\System\gRiqbek.exe
  C:\Windows\System\gRiqbek.exe
  2⤵
  PID:5500
- C:\Windows\System\xJBHKgE.exe
  C:\Windows\System\xJBHKgE.exe
  2⤵
  PID:4680
- C:\Windows\System\TRDHgyp.exe
  C:\Windows\System\TRDHgyp.exe
  2⤵
  PID:6088
- C:\Windows\System\rZfHQGw.exe
  C:\Windows\System\rZfHQGw.exe
  2⤵
  PID:1036
- C:\Windows\System\ehvyHVx.exe
  C:\Windows\System\ehvyHVx.exe
  2⤵
  PID:1928
- C:\Windows\System\zcBQmko.exe
  C:\Windows\System\zcBQmko.exe
  2⤵
  PID:2088
- C:\Windows\System\NhnAMlv.exe
  C:\Windows\System\NhnAMlv.exe
  2⤵
  PID:1524
- C:\Windows\System\wKMZEsG.exe
  C:\Windows\System\wKMZEsG.exe
  2⤵
  PID:6140
- C:\Windows\System\NYreJsj.exe
  C:\Windows\System\NYreJsj.exe
  2⤵
  PID:2400
- C:\Windows\System\tQzVbIj.exe
  C:\Windows\System\tQzVbIj.exe
  2⤵
  PID:5756
- C:\Windows\System\QAGLdNa.exe
  C:\Windows\System\QAGLdNa.exe
  2⤵
  PID:3836
- C:\Windows\System\LLvXKGp.exe
  C:\Windows\System\LLvXKGp.exe
  2⤵
  PID:3296
- C:\Windows\System\NYludfY.exe
  C:\Windows\System\NYludfY.exe
  2⤵
  PID:6152
- C:\Windows\System\dBLnXRV.exe
  C:\Windows\System\dBLnXRV.exe
  2⤵
  PID:6200
- C:\Windows\System\hFrslTC.exe
  C:\Windows\System\hFrslTC.exe
  2⤵
  PID:6216
- C:\Windows\System\ivRyrsS.exe
  C:\Windows\System\ivRyrsS.exe
  2⤵
  PID:6264
- C:\Windows\System\mxQLIVQ.exe
  C:\Windows\System\mxQLIVQ.exe
  2⤵
  PID:6292
- C:\Windows\System\UafaDka.exe
  C:\Windows\System\UafaDka.exe
  2⤵
  PID:6344
- C:\Windows\System\VDmEAxy.exe
  C:\Windows\System\VDmEAxy.exe
  2⤵
  PID:6464
- C:\Windows\System\nrDtdaE.exe
  C:\Windows\System\nrDtdaE.exe
  2⤵
  PID:6492
- C:\Windows\System\WqCdwmT.exe
  C:\Windows\System\WqCdwmT.exe
  2⤵
  PID:6520
- C:\Windows\System\iJhfOnB.exe
  C:\Windows\System\iJhfOnB.exe
  2⤵
  PID:6556
- C:\Windows\System\bMtRUoA.exe
  C:\Windows\System\bMtRUoA.exe
  2⤵
  PID:6592
- C:\Windows\System\wdhASwd.exe
  C:\Windows\System\wdhASwd.exe
  2⤵
  PID:6612
- C:\Windows\System\UrWndiX.exe
  C:\Windows\System\UrWndiX.exe
  2⤵
  PID:6640
- C:\Windows\System\jUliCMJ.exe
  C:\Windows\System\jUliCMJ.exe
  2⤵
  PID:6676
- C:\Windows\System\sRaUjqy.exe
  C:\Windows\System\sRaUjqy.exe
  2⤵
  PID:6712
- C:\Windows\System\FaDoNly.exe
  C:\Windows\System\FaDoNly.exe
  2⤵
  PID:6756
- C:\Windows\System\uhWnpkY.exe
  C:\Windows\System\uhWnpkY.exe
  2⤵
  PID:6784
- C:\Windows\System\FpFdmDP.exe
  C:\Windows\System\FpFdmDP.exe
  2⤵
  PID:6804
- C:\Windows\System\KCgVFAI.exe
  C:\Windows\System\KCgVFAI.exe
  2⤵
  PID:6840
- C:\Windows\System\tCpHRLn.exe
  C:\Windows\System\tCpHRLn.exe
  2⤵
  PID:6868
- C:\Windows\System\ZamihYE.exe
  C:\Windows\System\ZamihYE.exe
  2⤵
  PID:6896
- C:\Windows\System\Yzgqguh.exe
  C:\Windows\System\Yzgqguh.exe
  2⤵
  PID:6924
- C:\Windows\System\TefWcjb.exe
  C:\Windows\System\TefWcjb.exe
  2⤵
  PID:6956
- C:\Windows\System\hAMgyLj.exe
  C:\Windows\System\hAMgyLj.exe
  2⤵
  PID:6984
- C:\Windows\System\bNmmWyu.exe
  C:\Windows\System\bNmmWyu.exe
  2⤵
  PID:7012
- C:\Windows\System\YilGBAK.exe
  C:\Windows\System\YilGBAK.exe
  2⤵
  PID:7044
- C:\Windows\System\fDRBQjv.exe
  C:\Windows\System\fDRBQjv.exe
  2⤵
  PID:7072
- C:\Windows\System\ScwEbBt.exe
  C:\Windows\System\ScwEbBt.exe
  2⤵
  PID:7108
- C:\Windows\System\QOfpdft.exe
  C:\Windows\System\QOfpdft.exe
  2⤵
  PID:7140
- C:\Windows\System\CjwPaEj.exe
  C:\Windows\System\CjwPaEj.exe
  2⤵
  PID:2156
- C:\Windows\System\huNVNFo.exe
  C:\Windows\System\huNVNFo.exe
  2⤵
  PID:6180
- C:\Windows\System\lHlNpBH.exe
  C:\Windows\System\lHlNpBH.exe
  2⤵
  PID:6236
- C:\Windows\System\iklovgf.exe
  C:\Windows\System\iklovgf.exe
  2⤵
  PID:6308
- C:\Windows\System\MpYaUMW.exe
  C:\Windows\System\MpYaUMW.exe
  2⤵
  PID:5564
- C:\Windows\System\SeTnJFR.exe
  C:\Windows\System\SeTnJFR.exe
  2⤵
  PID:6444
- C:\Windows\System\JXEYuBN.exe
  C:\Windows\System\JXEYuBN.exe
  2⤵
  PID:6512
- C:\Windows\System\sGFZgkJ.exe
  C:\Windows\System\sGFZgkJ.exe
  2⤵
  PID:6572
- C:\Windows\System\uZiGFYj.exe
  C:\Windows\System\uZiGFYj.exe
  2⤵
  PID:6364
- C:\Windows\System\dbBDSqE.exe
  C:\Windows\System\dbBDSqE.exe
  2⤵
  PID:6632
- C:\Windows\System\YcmOLKS.exe
  C:\Windows\System\YcmOLKS.exe
  2⤵
  PID:6652
- C:\Windows\System\ZstnbDN.exe
  C:\Windows\System\ZstnbDN.exe
  2⤵
  PID:6708
- C:\Windows\System\xxjRdyd.exe
  C:\Windows\System\xxjRdyd.exe
  2⤵
  PID:6812
- C:\Windows\System\DBxfkbi.exe
  C:\Windows\System\DBxfkbi.exe
  2⤵
  PID:6860
- C:\Windows\System\LLZDorx.exe
  C:\Windows\System\LLZDorx.exe
  2⤵
  PID:5640
- C:\Windows\System\HzgGcAy.exe
  C:\Windows\System\HzgGcAy.exe
  2⤵
  PID:6980
- C:\Windows\System\IawQDdC.exe
  C:\Windows\System\IawQDdC.exe
  2⤵
  PID:7032
- C:\Windows\System\YkLqtgX.exe
  C:\Windows\System\YkLqtgX.exe
  2⤵
  PID:7088
- C:\Windows\System\AGHLHtb.exe
  C:\Windows\System\AGHLHtb.exe
  2⤵
  PID:7104
- C:\Windows\System\zsqUZlS.exe
  C:\Windows\System\zsqUZlS.exe
  2⤵
  PID:6172
- C:\Windows\System\oEvIyiN.exe
  C:\Windows\System\oEvIyiN.exe
  2⤵
  PID:4488
- C:\Windows\System\upgtPLE.exe
  C:\Windows\System\upgtPLE.exe
  2⤵
  PID:6500
- C:\Windows\System\PFahRxU.exe
  C:\Windows\System\PFahRxU.exe
  2⤵
  PID:6384
- C:\Windows\System\sNgQURm.exe
  C:\Windows\System\sNgQURm.exe
  2⤵
  PID:3120
- C:\Windows\System\pJJJolx.exe
  C:\Windows\System\pJJJolx.exe
  2⤵
  PID:6832
- C:\Windows\System\CMQekec.exe
  C:\Windows\System\CMQekec.exe
  2⤵
  PID:6920
- C:\Windows\System\aSKQjKb.exe
  C:\Windows\System\aSKQjKb.exe
  2⤵
  PID:7056
- C:\Windows\System\xnbcmcJ.exe
  C:\Windows\System\xnbcmcJ.exe
  2⤵
  PID:7156
- C:\Windows\System\KEjaFLy.exe
  C:\Windows\System\KEjaFLy.exe
  2⤵
  PID:6276
- C:\Windows\System\fLaFPSK.exe
  C:\Windows\System\fLaFPSK.exe
  2⤵
  PID:6636
- C:\Windows\System\OpbHUro.exe
  C:\Windows\System\OpbHUro.exe
  2⤵
  PID:5340
- C:\Windows\System\NNrFcNH.exe
  C:\Windows\System\NNrFcNH.exe
  2⤵
  PID:5872
- C:\Windows\System\bqBexbn.exe
  C:\Windows\System\bqBexbn.exe
  2⤵
  PID:6776
- C:\Windows\System\EhPvIEi.exe
  C:\Windows\System\EhPvIEi.exe
  2⤵
  PID:6584
- C:\Windows\System\BluBaIw.exe
  C:\Windows\System\BluBaIw.exe
  2⤵
  PID:7176
- C:\Windows\System\IQFpXCR.exe
  C:\Windows\System\IQFpXCR.exe
  2⤵
  PID:7204
- C:\Windows\System\Nvcqxbe.exe
  C:\Windows\System\Nvcqxbe.exe
  2⤵
  PID:7232
- C:\Windows\System\YUFDrPA.exe
  C:\Windows\System\YUFDrPA.exe
  2⤵
  PID:7260
- C:\Windows\System\RZWYCTa.exe
  C:\Windows\System\RZWYCTa.exe
  2⤵
  PID:7288
- C:\Windows\System\giyXbQK.exe
  C:\Windows\System\giyXbQK.exe
  2⤵
  PID:7316
- C:\Windows\System\PmCbsvf.exe
  C:\Windows\System\PmCbsvf.exe
  2⤵
  PID:7344
- C:\Windows\System\DySwDYB.exe
  C:\Windows\System\DySwDYB.exe
  2⤵
  PID:7372
- C:\Windows\System\FaUgfaX.exe
  C:\Windows\System\FaUgfaX.exe
  2⤵
  PID:7404
- C:\Windows\System\yaUuJLq.exe
  C:\Windows\System\yaUuJLq.exe
  2⤵
  PID:7432
- C:\Windows\System\DrSSAmC.exe
  C:\Windows\System\DrSSAmC.exe
  2⤵
  PID:7464
- C:\Windows\System\HKuqZlt.exe
  C:\Windows\System\HKuqZlt.exe
  2⤵
  PID:7496
- C:\Windows\System\zuqkbYq.exe
  C:\Windows\System\zuqkbYq.exe
  2⤵
  PID:7524
- C:\Windows\System\PyvdvcI.exe
  C:\Windows\System\PyvdvcI.exe
  2⤵
  PID:7552
- C:\Windows\System\hawYBvy.exe
  C:\Windows\System\hawYBvy.exe
  2⤵
  PID:7580
- C:\Windows\System\JSvvtrm.exe
  C:\Windows\System\JSvvtrm.exe
  2⤵
  PID:7608
- C:\Windows\System\ERIWCmd.exe
  C:\Windows\System\ERIWCmd.exe
  2⤵
  PID:7640
- C:\Windows\System\gVryyGZ.exe
  C:\Windows\System\gVryyGZ.exe
  2⤵
  PID:7668
- C:\Windows\System\fJnjjKq.exe
  C:\Windows\System\fJnjjKq.exe
  2⤵
  PID:7696
- C:\Windows\System\lMMblDw.exe
  C:\Windows\System\lMMblDw.exe
  2⤵
  PID:7724
- C:\Windows\System\gNfHkNZ.exe
  C:\Windows\System\gNfHkNZ.exe
  2⤵
  PID:7752
- C:\Windows\System\wghiFpf.exe
  C:\Windows\System\wghiFpf.exe
  2⤵
  PID:7780
- C:\Windows\System\ntBOfRs.exe
  C:\Windows\System\ntBOfRs.exe
  2⤵
  PID:7808
- C:\Windows\System\lspwVFJ.exe
  C:\Windows\System\lspwVFJ.exe
  2⤵
  PID:7836
- C:\Windows\System\OeTKIhj.exe
  C:\Windows\System\OeTKIhj.exe
  2⤵
  PID:7864
- C:\Windows\System\XitdYry.exe
  C:\Windows\System\XitdYry.exe
  2⤵
  PID:7892
- C:\Windows\System\lnMWbdG.exe
  C:\Windows\System\lnMWbdG.exe
  2⤵
  PID:7920
- C:\Windows\System\KsOOJNM.exe
  C:\Windows\System\KsOOJNM.exe
  2⤵
  PID:7948
- C:\Windows\System\QlFxsnP.exe
  C:\Windows\System\QlFxsnP.exe
  2⤵
  PID:7976
- C:\Windows\System\cmvntcp.exe
  C:\Windows\System\cmvntcp.exe
  2⤵
  PID:8004
- C:\Windows\System\SoaFoNz.exe
  C:\Windows\System\SoaFoNz.exe
  2⤵
  PID:8032
- C:\Windows\System\yUytGqV.exe
  C:\Windows\System\yUytGqV.exe
  2⤵
  PID:8060
- C:\Windows\System\LALTljy.exe
  C:\Windows\System\LALTljy.exe
  2⤵
  PID:8088
- C:\Windows\System\sWodFuL.exe
  C:\Windows\System\sWodFuL.exe
  2⤵
  PID:8116
- C:\Windows\System\wWgRMhP.exe
  C:\Windows\System\wWgRMhP.exe
  2⤵
  PID:8144
- C:\Windows\System\sCOXDIN.exe
  C:\Windows\System\sCOXDIN.exe
  2⤵
  PID:8172
- C:\Windows\System\GdxGDxi.exe
  C:\Windows\System\GdxGDxi.exe
  2⤵
  PID:7188
- C:\Windows\System\ABXXOxA.exe
  C:\Windows\System\ABXXOxA.exe
  2⤵
  PID:7224
- C:\Windows\System\MbruzGX.exe
  C:\Windows\System\MbruzGX.exe
  2⤵
  PID:7256
- C:\Windows\System\WwbpWXK.exe
  C:\Windows\System\WwbpWXK.exe
  2⤵
  PID:7384
- C:\Windows\System\EYdKUwC.exe
  C:\Windows\System\EYdKUwC.exe
  2⤵
  PID:7460
- C:\Windows\System\yYnyCqY.exe
  C:\Windows\System\yYnyCqY.exe
  2⤵
  PID:7492
- C:\Windows\System\QrBnCLR.exe
  C:\Windows\System\QrBnCLR.exe
  2⤵
  PID:7600
- C:\Windows\System\riBNDoX.exe
  C:\Windows\System\riBNDoX.exe
  2⤵
  PID:7664
- C:\Windows\System\iXYuiCZ.exe
  C:\Windows\System\iXYuiCZ.exe
  2⤵
  PID:7720
- C:\Windows\System\qRsjjyz.exe
  C:\Windows\System\qRsjjyz.exe
  2⤵
  PID:7792
- C:\Windows\System\LoSDIxw.exe
  C:\Windows\System\LoSDIxw.exe
  2⤵
  PID:7856
- C:\Windows\System\jFwOdyb.exe
  C:\Windows\System\jFwOdyb.exe
  2⤵
  PID:7916
- C:\Windows\System\UDHWByh.exe
  C:\Windows\System\UDHWByh.exe
  2⤵
  PID:7988
- C:\Windows\System\xCwaWqe.exe
  C:\Windows\System\xCwaWqe.exe
  2⤵
  PID:8056
- C:\Windows\System\XTEmtMg.exe
  C:\Windows\System\XTEmtMg.exe
  2⤵
  PID:8112
- C:\Windows\System\PVQwezl.exe
  C:\Windows\System\PVQwezl.exe
  2⤵
  PID:8188
- C:\Windows\System\voXtmxK.exe
  C:\Windows\System\voXtmxK.exe
  2⤵
  PID:7244
- C:\Windows\System\drUdXMz.exe
  C:\Windows\System\drUdXMz.exe
  2⤵
  PID:7520
- C:\Windows\System\fkMznbT.exe
  C:\Windows\System\fkMznbT.exe
  2⤵
  PID:7764
- C:\Windows\System\QcQThwg.exe
  C:\Windows\System\QcQThwg.exe
  2⤵
  PID:7912
- C:\Windows\System\apRYMyF.exe
  C:\Windows\System\apRYMyF.exe
  2⤵
  PID:8168
- C:\Windows\System\KcioGuK.exe
  C:\Windows\System\KcioGuK.exe
  2⤵
  PID:7572
- C:\Windows\System\pmXbWms.exe
  C:\Windows\System\pmXbWms.exe
  2⤵
  PID:8028
- C:\Windows\System\ymKFOUn.exe
  C:\Windows\System\ymKFOUn.exe
  2⤵
  PID:7652
- C:\Windows\System\UZOaNxl.exe
  C:\Windows\System\UZOaNxl.exe
  2⤵
  PID:7368
- C:\Windows\System\pIijtCq.exe
  C:\Windows\System\pIijtCq.exe
  2⤵
  PID:8220
- C:\Windows\System\UjDEpVE.exe
  C:\Windows\System\UjDEpVE.exe
  2⤵
  PID:8248
- C:\Windows\System\mfpEjiY.exe
  C:\Windows\System\mfpEjiY.exe
  2⤵
  PID:8276
- C:\Windows\System\XtTCnyA.exe
  C:\Windows\System\XtTCnyA.exe
  2⤵
  PID:8312
- C:\Windows\System\OXNVavM.exe
  C:\Windows\System\OXNVavM.exe
  2⤵
  PID:8332
- C:\Windows\System\hyzVxgQ.exe
  C:\Windows\System\hyzVxgQ.exe
  2⤵
  PID:8360
- C:\Windows\System\ItdsVHl.exe
  C:\Windows\System\ItdsVHl.exe
  2⤵
  PID:8388
- C:\Windows\System\fTyflkw.exe
  C:\Windows\System\fTyflkw.exe
  2⤵
  PID:8416
- C:\Windows\System\PuVxRLP.exe
  C:\Windows\System\PuVxRLP.exe
  2⤵
  PID:8448
- C:\Windows\System\MBpCCcR.exe
  C:\Windows\System\MBpCCcR.exe
  2⤵
  PID:8476
- C:\Windows\System\TSqFXMe.exe
  C:\Windows\System\TSqFXMe.exe
  2⤵
  PID:8504
- C:\Windows\System\nWjaKRZ.exe
  C:\Windows\System\nWjaKRZ.exe
  2⤵
  PID:8520
- C:\Windows\System\FDCFXmL.exe
  C:\Windows\System\FDCFXmL.exe
  2⤵
  PID:8540
- C:\Windows\System\wKZOAIQ.exe
  C:\Windows\System\wKZOAIQ.exe
  2⤵
  PID:8588
- C:\Windows\System\XGlXlRO.exe
  C:\Windows\System\XGlXlRO.exe
  2⤵
  PID:8620
- C:\Windows\System\tsrlZzN.exe
  C:\Windows\System\tsrlZzN.exe
  2⤵
  PID:8644
- C:\Windows\System\eTGlsms.exe
  C:\Windows\System\eTGlsms.exe
  2⤵
  PID:8660
- C:\Windows\System\WgvowQc.exe
  C:\Windows\System\WgvowQc.exe
  2⤵
  PID:8700
- C:\Windows\System\JqXfOmX.exe
  C:\Windows\System\JqXfOmX.exe
  2⤵
  PID:8728
- C:\Windows\System\Tenslfn.exe
  C:\Windows\System\Tenslfn.exe
  2⤵
  PID:8756
- C:\Windows\System\VIXujZo.exe
  C:\Windows\System\VIXujZo.exe
  2⤵
  PID:8784
- C:\Windows\System\SjONoUM.exe
  C:\Windows\System\SjONoUM.exe
  2⤵
  PID:8812
- C:\Windows\System\NIlhXpg.exe
  C:\Windows\System\NIlhXpg.exe
  2⤵
  PID:8840
- C:\Windows\System\hzYDDqA.exe
  C:\Windows\System\hzYDDqA.exe
  2⤵
  PID:8868
- C:\Windows\System\bXZBHiG.exe
  C:\Windows\System\bXZBHiG.exe
  2⤵
  PID:8896
- C:\Windows\System\NmCnCzJ.exe
  C:\Windows\System\NmCnCzJ.exe
  2⤵
  PID:8920
- C:\Windows\System\ORnPOnY.exe
  C:\Windows\System\ORnPOnY.exe
  2⤵
  PID:8940
- C:\Windows\System\hrwMYvz.exe
  C:\Windows\System\hrwMYvz.exe
  2⤵
  PID:8956
- C:\Windows\System\RrkNSWg.exe
  C:\Windows\System\RrkNSWg.exe
  2⤵
  PID:8992
- C:\Windows\System\WistIJt.exe
  C:\Windows\System\WistIJt.exe
  2⤵
  PID:9028
- C:\Windows\System\ViNRdrG.exe
  C:\Windows\System\ViNRdrG.exe
  2⤵
  PID:9064
- C:\Windows\System\BnaCpES.exe
  C:\Windows\System\BnaCpES.exe
  2⤵
  PID:9092
- C:\Windows\System\tMQMUhc.exe
  C:\Windows\System\tMQMUhc.exe
  2⤵
  PID:9116
- C:\Windows\System\ElszNXN.exe
  C:\Windows\System\ElszNXN.exe
  2⤵
  PID:9136
- C:\Windows\System\lafjoor.exe
  C:\Windows\System\lafjoor.exe
  2⤵
  PID:9180
- C:\Windows\System\OceMIdN.exe
  C:\Windows\System\OceMIdN.exe
  2⤵
  PID:9208
- C:\Windows\System\ljqIoew.exe
  C:\Windows\System\ljqIoew.exe
  2⤵
  PID:8240
- C:\Windows\System\QUBrKTI.exe
  C:\Windows\System\QUBrKTI.exe
  2⤵
  PID:8320
- C:\Windows\System\KImiEqw.exe
  C:\Windows\System\KImiEqw.exe
  2⤵
  PID:8400
- C:\Windows\System\VPhuMQd.exe
  C:\Windows\System\VPhuMQd.exe
  2⤵
  PID:8496
- C:\Windows\System\hmnPzmK.exe
  C:\Windows\System\hmnPzmK.exe
  2⤵
  PID:8516
- C:\Windows\System\RMMHKah.exe
  C:\Windows\System\RMMHKah.exe
  2⤵
  PID:8600
- C:\Windows\System\eCkMCvt.exe
  C:\Windows\System\eCkMCvt.exe
  2⤵
  PID:8652
- C:\Windows\System\suVObma.exe
  C:\Windows\System\suVObma.exe
  2⤵
  PID:8748
- C:\Windows\System\illxmem.exe
  C:\Windows\System\illxmem.exe
  2⤵
  PID:8864
- C:\Windows\System\rwRLunQ.exe
  C:\Windows\System\rwRLunQ.exe
  2⤵
  PID:8952
- C:\Windows\System\rdypIxn.exe
  C:\Windows\System\rdypIxn.exe
  2⤵
  PID:8976
- C:\Windows\System\jSnWcXe.exe
  C:\Windows\System\jSnWcXe.exe
  2⤵
  PID:9080
- C:\Windows\System\jBpHCwI.exe
  C:\Windows\System\jBpHCwI.exe
  2⤵
  PID:9200
- C:\Windows\System\RTBvKHz.exe
  C:\Windows\System\RTBvKHz.exe
  2⤵
  PID:8288
- C:\Windows\System\wWEuFXa.exe
  C:\Windows\System\wWEuFXa.exe
  2⤵
  PID:8440
- C:\Windows\System\DzNfGjr.exe
  C:\Windows\System\DzNfGjr.exe
  2⤵
  PID:8636
- C:\Windows\System\ovyUIxY.exe
  C:\Windows\System\ovyUIxY.exe
  2⤵
  PID:8932
- C:\Windows\System\GEqfnOa.exe
  C:\Windows\System\GEqfnOa.exe
  2⤵
  PID:8536
- C:\Windows\System\qmqsLMv.exe
  C:\Windows\System\qmqsLMv.exe
  2⤵
  PID:9228
- C:\Windows\System\qjQeguS.exe
  C:\Windows\System\qjQeguS.exe
  2⤵
  PID:9256
- C:\Windows\System\CLhhJvv.exe
  C:\Windows\System\CLhhJvv.exe
  2⤵
  PID:9284
- C:\Windows\System\ZgjuXgO.exe
  C:\Windows\System\ZgjuXgO.exe
  2⤵
  PID:9320
- C:\Windows\System\wnXYfQC.exe
  C:\Windows\System\wnXYfQC.exe
  2⤵
  PID:9356
- C:\Windows\System\Xvjvohr.exe
  C:\Windows\System\Xvjvohr.exe
  2⤵
  PID:9384
- C:\Windows\System\xxcsWyt.exe
  C:\Windows\System\xxcsWyt.exe
  2⤵
  PID:9412
- C:\Windows\System\RCkDbwt.exe
  C:\Windows\System\RCkDbwt.exe
  2⤵
  PID:9444
- C:\Windows\System\OYEceRl.exe
  C:\Windows\System\OYEceRl.exe
  2⤵
  PID:9472
- C:\Windows\System\cUJquxG.exe
  C:\Windows\System\cUJquxG.exe
  2⤵
  PID:9488
- C:\Windows\System\qtZoJzO.exe
  C:\Windows\System\qtZoJzO.exe
  2⤵
  PID:9520
- C:\Windows\System\fclPhEi.exe
  C:\Windows\System\fclPhEi.exe
  2⤵
  PID:9556
- C:\Windows\System\fttuodz.exe
  C:\Windows\System\fttuodz.exe
  2⤵
  PID:9584
- C:\Windows\System\aMtzYsb.exe
  C:\Windows\System\aMtzYsb.exe
  2⤵
  PID:9616
- C:\Windows\System\azFmtLA.exe
  C:\Windows\System\azFmtLA.exe
  2⤵
  PID:9644
- C:\Windows\System\tYbTpCd.exe
  C:\Windows\System\tYbTpCd.exe
  2⤵
  PID:9664
- C:\Windows\System\wwmJVIa.exe
  C:\Windows\System\wwmJVIa.exe
  2⤵
  PID:9680
- C:\Windows\System\YVhEhUj.exe
  C:\Windows\System\YVhEhUj.exe
  2⤵
  PID:9724
- C:\Windows\System\TYyMmyD.exe
  C:\Windows\System\TYyMmyD.exe
  2⤵
  PID:9764
- C:\Windows\System\wpMxtDh.exe
  C:\Windows\System\wpMxtDh.exe
  2⤵
  PID:9800
- C:\Windows\System\qlWDEjo.exe
  C:\Windows\System\qlWDEjo.exe
  2⤵
  PID:9824
- C:\Windows\System\edQbBZO.exe
  C:\Windows\System\edQbBZO.exe
  2⤵
  PID:9844
- C:\Windows\System\fHbtNcd.exe
  C:\Windows\System\fHbtNcd.exe
  2⤵
  PID:9868
- C:\Windows\System\aYpkPbR.exe
  C:\Windows\System\aYpkPbR.exe
  2⤵
  PID:9900
- C:\Windows\System\QAhbYKC.exe
  C:\Windows\System\QAhbYKC.exe
  2⤵
  PID:9928
- C:\Windows\System\tqPwjzd.exe
  C:\Windows\System\tqPwjzd.exe
  2⤵
  PID:9956
- C:\Windows\System\vHuhogF.exe
  C:\Windows\System\vHuhogF.exe
  2⤵
  PID:9996
- C:\Windows\System\hrlsgnk.exe
  C:\Windows\System\hrlsgnk.exe
  2⤵
  PID:10024
- C:\Windows\System\MHuItPi.exe
  C:\Windows\System\MHuItPi.exe
  2⤵
  PID:10052
- C:\Windows\System\wEwiTtB.exe
  C:\Windows\System\wEwiTtB.exe
  2⤵
  PID:10080
- C:\Windows\System\jkTMCDB.exe
  C:\Windows\System\jkTMCDB.exe
  2⤵
  PID:10108
- C:\Windows\System\iwjWrji.exe
  C:\Windows\System\iwjWrji.exe
  2⤵
  PID:10124
- C:\Windows\System\yLDVvsj.exe
  C:\Windows\System\yLDVvsj.exe
  2⤵
  PID:10168
- C:\Windows\System\BiwtsRp.exe
  C:\Windows\System\BiwtsRp.exe
  2⤵
  PID:10200
- C:\Windows\System\OYYrEEY.exe
  C:\Windows\System\OYYrEEY.exe
  2⤵
  PID:10216
- C:\Windows\System\GgqVemL.exe
  C:\Windows\System\GgqVemL.exe
  2⤵
  PID:9268
- C:\Windows\System\inFLUit.exe
  C:\Windows\System\inFLUit.exe
  2⤵
  PID:9300
- C:\Windows\System\MFWJHpX.exe
  C:\Windows\System\MFWJHpX.exe
  2⤵
  PID:9376
- C:\Windows\System\ClGeEDw.exe
  C:\Windows\System\ClGeEDw.exe
  2⤵
  PID:9440
- C:\Windows\System\YbGXnOc.exe
  C:\Windows\System\YbGXnOc.exe
  2⤵
  PID:9528
- C:\Windows\System\VDGcjkX.exe
  C:\Windows\System\VDGcjkX.exe
  2⤵
  PID:9552
- C:\Windows\System\YlepCvf.exe
  C:\Windows\System\YlepCvf.exe
  2⤵
  PID:9656
- C:\Windows\System\KHfFZGP.exe
  C:\Windows\System\KHfFZGP.exe
  2⤵
  PID:9720
- C:\Windows\System\hrJbPoc.exe
  C:\Windows\System\hrJbPoc.exe
  2⤵
  PID:9796
- C:\Windows\System\QIgdjps.exe
  C:\Windows\System\QIgdjps.exe
  2⤵
  PID:9820
- C:\Windows\System\JRcTiPY.exe
  C:\Windows\System\JRcTiPY.exe
  2⤵
  PID:9864
- C:\Windows\System\JJPkrlv.exe
  C:\Windows\System\JJPkrlv.exe
  2⤵
  PID:9988
- C:\Windows\System\VxpNukl.exe
  C:\Windows\System\VxpNukl.exe
  2⤵
  PID:10072
- C:\Windows\System\UMQpnBv.exe
  C:\Windows\System\UMQpnBv.exe
  2⤵
  PID:10120
- C:\Windows\System\zpYzvcN.exe
  C:\Windows\System\zpYzvcN.exe
  2⤵
  PID:10164
- C:\Windows\System\XlxjvIN.exe
  C:\Windows\System\XlxjvIN.exe
  2⤵
  PID:9220
- C:\Windows\System\YKhZdwv.exe
  C:\Windows\System\YKhZdwv.exe
  2⤵
  PID:9408
- C:\Windows\System\YEONDYv.exe
  C:\Windows\System\YEONDYv.exe
  2⤵
  PID:9548
- C:\Windows\System\BJGQFoS.exe
  C:\Windows\System\BJGQFoS.exe
  2⤵
  PID:9716
- C:\Windows\System\FNWqzkd.exe
  C:\Windows\System\FNWqzkd.exe
  2⤵
  PID:9840
- C:\Windows\System\oPKzYgr.exe
  C:\Windows\System\oPKzYgr.exe
  2⤵
  PID:10016
- C:\Windows\System\ZGVpIBH.exe
  C:\Windows\System\ZGVpIBH.exe
  2⤵
  PID:10096
- C:\Windows\System\PqZjjXq.exe
  C:\Windows\System\PqZjjXq.exe
  2⤵
  PID:9484
- C:\Windows\System\PMlrumY.exe
  C:\Windows\System\PMlrumY.exe
  2⤵
  PID:9816
- C:\Windows\System\VNzIsnA.exe
  C:\Windows\System\VNzIsnA.exe
  2⤵
  PID:10228
- C:\Windows\System\sjvIWVF.exe
  C:\Windows\System\sjvIWVF.exe
  2⤵
  PID:10104
- C:\Windows\System\spVsNIJ.exe
  C:\Windows\System\spVsNIJ.exe
  2⤵
  PID:9380
- C:\Windows\System\iRccLiz.exe
  C:\Windows\System\iRccLiz.exe
  2⤵
  PID:10268
- C:\Windows\System\qbBsvlz.exe
  C:\Windows\System\qbBsvlz.exe
  2⤵
  PID:10288
- C:\Windows\System\ByNWbEz.exe
  C:\Windows\System\ByNWbEz.exe
  2⤵
  PID:10316
- C:\Windows\System\UCgMeSE.exe
  C:\Windows\System\UCgMeSE.exe
  2⤵
  PID:10348
- C:\Windows\System\MaAhZfw.exe
  C:\Windows\System\MaAhZfw.exe
  2⤵
  PID:10380
- C:\Windows\System\dLlCjOo.exe
  C:\Windows\System\dLlCjOo.exe
  2⤵
  PID:10400
- C:\Windows\System\rDDPVDO.exe
  C:\Windows\System\rDDPVDO.exe
  2⤵
  PID:10428
- C:\Windows\System\gqmpzVc.exe
  C:\Windows\System\gqmpzVc.exe
  2⤵
  PID:10468
- C:\Windows\System\AKGyLAp.exe
  C:\Windows\System\AKGyLAp.exe
  2⤵
  PID:10496
- C:\Windows\System\xFiXmTK.exe
  C:\Windows\System\xFiXmTK.exe
  2⤵
  PID:10524
- C:\Windows\System\KvDaOPW.exe
  C:\Windows\System\KvDaOPW.exe
  2⤵
  PID:10552
- C:\Windows\System\qULvgvG.exe
  C:\Windows\System\qULvgvG.exe
  2⤵
  PID:10568
- C:\Windows\System\UArIToV.exe
  C:\Windows\System\UArIToV.exe
  2⤵
  PID:10604
- C:\Windows\System\ZGyrpGH.exe
  C:\Windows\System\ZGyrpGH.exe
  2⤵
  PID:10620
- C:\Windows\System\fnSVBHc.exe
  C:\Windows\System\fnSVBHc.exe
  2⤵
  PID:10656
- C:\Windows\System\qoFyjfN.exe
  C:\Windows\System\qoFyjfN.exe
  2⤵
  PID:10680
- C:\Windows\System\ZSYdowW.exe
  C:\Windows\System\ZSYdowW.exe
  2⤵
  PID:10712
- C:\Windows\System\LIuRTTl.exe
  C:\Windows\System\LIuRTTl.exe
  2⤵
  PID:10740
- C:\Windows\System\eZBlLoH.exe
  C:\Windows\System\eZBlLoH.exe
  2⤵
  PID:10764
- C:\Windows\System\XXNhOFJ.exe
  C:\Windows\System\XXNhOFJ.exe
  2⤵
  PID:10804
- C:\Windows\System\LIglBKb.exe
  C:\Windows\System\LIglBKb.exe
  2⤵
  PID:10820
- C:\Windows\System\jkyeEJj.exe
  C:\Windows\System\jkyeEJj.exe
  2⤵
  PID:10860
- C:\Windows\System\MRdSlII.exe
  C:\Windows\System\MRdSlII.exe
  2⤵
  PID:10888
- C:\Windows\System\qWvTqJs.exe
  C:\Windows\System\qWvTqJs.exe
  2⤵
  PID:10916
- C:\Windows\System\fHkbUHJ.exe
  C:\Windows\System\fHkbUHJ.exe
  2⤵
  PID:10944
- C:\Windows\System\pYLZRKK.exe
  C:\Windows\System\pYLZRKK.exe
  2⤵
  PID:10972
- C:\Windows\System\ZULaRDm.exe
  C:\Windows\System\ZULaRDm.exe
  2⤵
  PID:11000
- C:\Windows\System\lUXnmef.exe
  C:\Windows\System\lUXnmef.exe
  2⤵
  PID:11036
- C:\Windows\System\kgssqqg.exe
  C:\Windows\System\kgssqqg.exe
  2⤵
  PID:11064
- C:\Windows\System\OhfixsW.exe
  C:\Windows\System\OhfixsW.exe
  2⤵
  PID:11092
- C:\Windows\System\BUqTkDb.exe
  C:\Windows\System\BUqTkDb.exe
  2⤵
  PID:11116
- C:\Windows\System\oJPGomn.exe
  C:\Windows\System\oJPGomn.exe
  2⤵
  PID:11136
- C:\Windows\System\JveeATT.exe
  C:\Windows\System\JveeATT.exe
  2⤵
  PID:11164
- C:\Windows\System\CuhaYBH.exe
  C:\Windows\System\CuhaYBH.exe
  2⤵
  PID:11184
- C:\Windows\System\LIPJbmt.exe
  C:\Windows\System\LIPJbmt.exe
  2⤵
  PID:11212
- C:\Windows\System\oZIcQOH.exe
  C:\Windows\System\oZIcQOH.exe
  2⤵
  PID:11240
- C:\Windows\System\TELHQxC.exe
  C:\Windows\System\TELHQxC.exe
  2⤵
  PID:10252
- C:\Windows\System\NqzDfIA.exe
  C:\Windows\System\NqzDfIA.exe
  2⤵
  PID:10368
- C:\Windows\System\QFSpabA.exe
  C:\Windows\System\QFSpabA.exe
  2⤵
  PID:10416
- C:\Windows\System\ECSJVje.exe
  C:\Windows\System\ECSJVje.exe
  2⤵
  PID:10488
- C:\Windows\System\aKcxvuF.exe
  C:\Windows\System\aKcxvuF.exe
  2⤵
  PID:10536
- C:\Windows\System\vDNYVnT.exe
  C:\Windows\System\vDNYVnT.exe
  2⤵
  PID:10616
- C:\Windows\System\WicakWY.exe
  C:\Windows\System\WicakWY.exe
  2⤵
  PID:10652
- C:\Windows\System\eSuZUAF.exe
  C:\Windows\System\eSuZUAF.exe
  2⤵
  PID:10728
- C:\Windows\System\oCnMQHe.exe
  C:\Windows\System\oCnMQHe.exe
  2⤵
  PID:10800
- C:\Windows\System\EUqMSXB.exe
  C:\Windows\System\EUqMSXB.exe
  2⤵
  PID:10880
- C:\Windows\System\UCMxWYi.exe
  C:\Windows\System\UCMxWYi.exe
  2⤵
  PID:10912
- C:\Windows\System\tNqLiWq.exe
  C:\Windows\System\tNqLiWq.exe
  2⤵
  PID:10984
- C:\Windows\System\LvAVzFg.exe
  C:\Windows\System\LvAVzFg.exe
  2⤵
  PID:11052
- C:\Windows\System\iEiylKh.exe
  C:\Windows\System\iEiylKh.exe
  2⤵
  PID:11152
- C:\Windows\System\UjMatvW.exe
  C:\Windows\System\UjMatvW.exe
  2⤵
  PID:11224
- C:\Windows\System\jfveuPb.exe
  C:\Windows\System\jfveuPb.exe
  2⤵
  PID:10304
- C:\Windows\System\mmgJahr.exe
  C:\Windows\System\mmgJahr.exe
  2⤵
  PID:10424
- C:\Windows\System\icREElo.exe
  C:\Windows\System\icREElo.exe
  2⤵
  PID:10592
- C:\Windows\System\xtXSRgx.exe
  C:\Windows\System\xtXSRgx.exe
  2⤵
  PID:10708
- C:\Windows\System\fkOCRaV.exe
  C:\Windows\System\fkOCRaV.exe
  2⤵
  PID:10908
- C:\Windows\System\LSvMUJC.exe
  C:\Windows\System\LSvMUJC.exe
  2⤵
  PID:11032
- C:\Windows\System\tEdCxlB.exe
  C:\Windows\System\tEdCxlB.exe
  2⤵
  PID:11192
- C:\Windows\System\ClOfaWH.exe
  C:\Windows\System\ClOfaWH.exe
  2⤵
  PID:10388
- C:\Windows\System\uirtyUO.exe
  C:\Windows\System\uirtyUO.exe
  2⤵
  PID:10720
- C:\Windows\System\QYJBqQP.exe
  C:\Windows\System\QYJBqQP.exe
  2⤵
  PID:10900
- C:\Windows\System\scFGrWv.exe
  C:\Windows\System\scFGrWv.exe
  2⤵
  PID:10516
- C:\Windows\System\CoWvHxL.exe
  C:\Windows\System\CoWvHxL.exe
  2⤵
  PID:10340
- C:\Windows\System\Vhmcnqy.exe
  C:\Windows\System\Vhmcnqy.exe
  2⤵
  PID:11284
- C:\Windows\System\rrdmiBA.exe
  C:\Windows\System\rrdmiBA.exe
  2⤵
  PID:11312
- C:\Windows\System\HcjPWsB.exe
  C:\Windows\System\HcjPWsB.exe
  2⤵
  PID:11352
- C:\Windows\System\QISHONc.exe
  C:\Windows\System\QISHONc.exe
  2⤵
  PID:11380
- C:\Windows\System\cVAMykL.exe
  C:\Windows\System\cVAMykL.exe
  2⤵
  PID:11408
- C:\Windows\System\rTFfgmD.exe
  C:\Windows\System\rTFfgmD.exe
  2⤵
  PID:11440
- C:\Windows\System\XHjsIzP.exe
  C:\Windows\System\XHjsIzP.exe
  2⤵
  PID:11468
- C:\Windows\System\QXBXfvr.exe
  C:\Windows\System\QXBXfvr.exe
  2⤵
  PID:11492
- C:\Windows\System\OQLHMCp.exe
  C:\Windows\System\OQLHMCp.exe
  2⤵
  PID:11520
- C:\Windows\System\twMBUwH.exe
  C:\Windows\System\twMBUwH.exe
  2⤵
  PID:11556
- C:\Windows\System\KJWyjSG.exe
  C:\Windows\System\KJWyjSG.exe
  2⤵
  PID:11596
- C:\Windows\System\LFgsgVq.exe
  C:\Windows\System\LFgsgVq.exe
  2⤵
  PID:11636
- C:\Windows\System\HYkVHfb.exe
  C:\Windows\System\HYkVHfb.exe
  2⤵
  PID:11656
- C:\Windows\System\LpircCb.exe
  C:\Windows\System\LpircCb.exe
  2⤵
  PID:11700
- C:\Windows\System\KvedXel.exe
  C:\Windows\System\KvedXel.exe
  2⤵
  PID:11716
- C:\Windows\System\BtCxefn.exe
  C:\Windows\System\BtCxefn.exe
  2⤵
  PID:11752
- C:\Windows\System\OnLZpRk.exe
  C:\Windows\System\OnLZpRk.exe
  2⤵
  PID:11788
- C:\Windows\System\najkBgx.exe
  C:\Windows\System\najkBgx.exe
  2⤵
  PID:11816
- C:\Windows\System\YCBdrNZ.exe
  C:\Windows\System\YCBdrNZ.exe
  2⤵
  PID:11832
- C:\Windows\System\ztxYlBn.exe
  C:\Windows\System\ztxYlBn.exe
  2⤵
  PID:11876
- C:\Windows\System\BJckrNb.exe
  C:\Windows\System\BJckrNb.exe
  2⤵
  PID:11896
- C:\Windows\System\EaYByOD.exe
  C:\Windows\System\EaYByOD.exe
  2⤵
  PID:11932
- C:\Windows\System\YMUoYEj.exe
  C:\Windows\System\YMUoYEj.exe
  2⤵
  PID:11960
- C:\Windows\System\wJjCzju.exe
  C:\Windows\System\wJjCzju.exe
  2⤵
  PID:11988
- C:\Windows\System\KxfWGet.exe
  C:\Windows\System\KxfWGet.exe
  2⤵
  PID:12008
- C:\Windows\System\hQtNQRz.exe
  C:\Windows\System\hQtNQRz.exe
  2⤵
  PID:12044
- C:\Windows\System\sWLiNVq.exe
  C:\Windows\System\sWLiNVq.exe
  2⤵
  PID:12072
- C:\Windows\System\zuOIdEu.exe
  C:\Windows\System\zuOIdEu.exe
  2⤵
  PID:12100
- C:\Windows\System\XqrwuOb.exe
  C:\Windows\System\XqrwuOb.exe
  2⤵
  PID:12124
- C:\Windows\System\JgYeyUQ.exe
  C:\Windows\System\JgYeyUQ.exe
  2⤵
  PID:12152
- C:\Windows\System\boBUXsS.exe
  C:\Windows\System\boBUXsS.exe
  2⤵
  PID:12172
- C:\Windows\System\plpqUMN.exe
  C:\Windows\System\plpqUMN.exe
  2⤵
  PID:12212
- C:\Windows\System\aFjNffQ.exe
  C:\Windows\System\aFjNffQ.exe
  2⤵
  PID:12240
- C:\Windows\System\FXFaIaz.exe
  C:\Windows\System\FXFaIaz.exe
  2⤵
  PID:12268
- C:\Windows\System\cGSVdMo.exe
  C:\Windows\System\cGSVdMo.exe
  2⤵
  PID:10520
- C:\Windows\System\lrFcVBb.exe
  C:\Windows\System\lrFcVBb.exe
  2⤵
  PID:11300
- C:\Windows\System\edYciNH.exe
  C:\Windows\System\edYciNH.exe
  2⤵
  PID:11344
- C:\Windows\System\Melguzg.exe
  C:\Windows\System\Melguzg.exe
  2⤵
  PID:11420
- C:\Windows\System\zMKAUwN.exe
  C:\Windows\System\zMKAUwN.exe
  2⤵
  PID:11504
- C:\Windows\System\BzOPxbI.exe
  C:\Windows\System\BzOPxbI.exe
  2⤵
  PID:11580
- C:\Windows\System\IskUOJh.exe
  C:\Windows\System\IskUOJh.exe
  2⤵
  PID:11680
- C:\Windows\System\QwGwXDQ.exe
  C:\Windows\System\QwGwXDQ.exe
  2⤵
  PID:11736
- C:\Windows\System\OQKcGEd.exe
  C:\Windows\System\OQKcGEd.exe
  2⤵
  PID:11796
- C:\Windows\System\XmMHbwM.exe
  C:\Windows\System\XmMHbwM.exe
  2⤵
  PID:11872
- C:\Windows\System\roqafHB.exe
  C:\Windows\System\roqafHB.exe
  2⤵
  PID:11944
- C:\Windows\System\XyhLDoY.exe
  C:\Windows\System\XyhLDoY.exe
  2⤵
  PID:12016
- C:\Windows\System\iqzWOIo.exe
  C:\Windows\System\iqzWOIo.exe
  2⤵
  PID:11236
- C:\Windows\System\UIwaKJB.exe
  C:\Windows\System\UIwaKJB.exe
  2⤵
  PID:12092
- C:\Windows\System\WmfhhMU.exe
  C:\Windows\System\WmfhhMU.exe
  2⤵
  PID:12196
- C:\Windows\System\MVRnEQG.exe
  C:\Windows\System\MVRnEQG.exe
  2⤵
  PID:12260
- C:\Windows\System\ZxMqHYR.exe
  C:\Windows\System\ZxMqHYR.exe
  2⤵
  PID:10964
- C:\Windows\System\cblHquA.exe
  C:\Windows\System\cblHquA.exe
  2⤵
  PID:11424
- C:\Windows\System\KVCVVjO.exe
  C:\Windows\System\KVCVVjO.exe
  2⤵
  PID:11644
- C:\Windows\System\VFZHyzk.exe
  C:\Windows\System\VFZHyzk.exe
  2⤵
  PID:11840
- C:\Windows\System\eWwQZnC.exe
  C:\Windows\System\eWwQZnC.exe
  2⤵
  PID:11976
- C:\Windows\System\AffJLmq.exe
  C:\Windows\System\AffJLmq.exe
  2⤵
  PID:12056
- C:\Windows\System\uQmrggn.exe
  C:\Windows\System\uQmrggn.exe
  2⤵
  PID:12184
- C:\Windows\System\WCnGyQY.exe
  C:\Windows\System\WCnGyQY.exe
  2⤵
  PID:11464
- C:\Windows\System\SXlkUGo.exe
  C:\Windows\System\SXlkUGo.exe
  2⤵
  PID:11744
- C:\Windows\System\hbIlMDO.exe
  C:\Windows\System\hbIlMDO.exe
  2⤵
  PID:12040
- C:\Windows\System\LucsuUh.exe
  C:\Windows\System\LucsuUh.exe
  2⤵
  PID:10336
- C:\Windows\System\WXwKkTe.exe
  C:\Windows\System\WXwKkTe.exe
  2⤵
  PID:12316
- C:\Windows\System\myWRziH.exe
  C:\Windows\System\myWRziH.exe
  2⤵
  PID:12356
- C:\Windows\System\cZlwJEW.exe
  C:\Windows\System\cZlwJEW.exe
  2⤵
  PID:12388
- C:\Windows\System\HIpvEnD.exe
  C:\Windows\System\HIpvEnD.exe
  2⤵
  PID:12416
- C:\Windows\System\LFeEiWP.exe
  C:\Windows\System\LFeEiWP.exe
  2⤵
  PID:12444
- C:\Windows\System\oMSqYTp.exe
  C:\Windows\System\oMSqYTp.exe
  2⤵
  PID:12472
- C:\Windows\System\YUxvzaw.exe
  C:\Windows\System\YUxvzaw.exe
  2⤵
  PID:12500
- C:\Windows\System\WcwUFRo.exe
  C:\Windows\System\WcwUFRo.exe
  2⤵
  PID:12520
- C:\Windows\System\alfJymb.exe
  C:\Windows\System\alfJymb.exe
  2⤵
  PID:12556
- C:\Windows\System\gHhDmyE.exe
  C:\Windows\System\gHhDmyE.exe
  2⤵
  PID:12572
- C:\Windows\System\BrUMvOu.exe
  C:\Windows\System\BrUMvOu.exe
  2⤵
  PID:12592
- C:\Windows\System\pTdLbSm.exe
  C:\Windows\System\pTdLbSm.exe
  2⤵
  PID:12628
- C:\Windows\System\omuCfyP.exe
  C:\Windows\System\omuCfyP.exe
  2⤵
  PID:12668
- C:\Windows\System\EsEjfJa.exe
  C:\Windows\System\EsEjfJa.exe
  2⤵
  PID:12684
- C:\Windows\System\dBjAJTr.exe
  C:\Windows\System\dBjAJTr.exe
  2⤵
  PID:12724
- C:\Windows\System\TImBihS.exe
  C:\Windows\System\TImBihS.exe
  2⤵
  PID:12752
- C:\Windows\System\GUDFUPB.exe
  C:\Windows\System\GUDFUPB.exe
  2⤵
  PID:12780
- C:\Windows\System\dNzjUgI.exe
  C:\Windows\System\dNzjUgI.exe
  2⤵
  PID:12808
- C:\Windows\System\BfmroJo.exe
  C:\Windows\System\BfmroJo.exe
  2⤵
  PID:12824
- C:\Windows\System\XQSahsR.exe
  C:\Windows\System\XQSahsR.exe
  2⤵
  PID:12864
- C:\Windows\System\bmugmyH.exe
  C:\Windows\System\bmugmyH.exe
  2⤵
  PID:12880
- C:\Windows\System\fibYinx.exe
  C:\Windows\System\fibYinx.exe
  2⤵
  PID:12908
- C:\Windows\System\aeomwqj.exe
  C:\Windows\System\aeomwqj.exe
  2⤵
  PID:12948
- C:\Windows\System\hHmcNvv.exe
  C:\Windows\System\hHmcNvv.exe
  2⤵
  PID:12976
- C:\Windows\System\pzGQyxG.exe
  C:\Windows\System\pzGQyxG.exe
  2⤵
  PID:13004
- C:\Windows\System\AkyfpOQ.exe
  C:\Windows\System\AkyfpOQ.exe
  2⤵
  PID:13032
- C:\Windows\System\nVuwhct.exe
  C:\Windows\System\nVuwhct.exe
  2⤵
  PID:13060
- C:\Windows\System\XTFUQuF.exe
  C:\Windows\System\XTFUQuF.exe
  2⤵
  PID:13080
- C:\Windows\System\yliMkRm.exe
  C:\Windows\System\yliMkRm.exe
  2⤵
  PID:13116
- C:\Windows\System\MiUpLIe.exe
  C:\Windows\System\MiUpLIe.exe
  2⤵
  PID:13132
- C:\Windows\System\GrLuHhl.exe
  C:\Windows\System\GrLuHhl.exe
  2⤵
  PID:13160
- C:\Windows\System\bUOeKBE.exe
  C:\Windows\System\bUOeKBE.exe
  2⤵
  PID:13188
- C:\Windows\System\EiFvurr.exe
  C:\Windows\System\EiFvurr.exe
  2⤵
  PID:13216
- C:\Windows\System\SjSEhFP.exe
  C:\Windows\System\SjSEhFP.exe
  2⤵
  PID:13244
- C:\Windows\System\nzTLkIB.exe
  C:\Windows\System\nzTLkIB.exe
  2⤵
  PID:13280
- C:\Windows\System\EOYMlxB.exe
  C:\Windows\System\EOYMlxB.exe
  2⤵
  PID:11852
- C:\Windows\System\ofjHkix.exe
  C:\Windows\System\ofjHkix.exe
  2⤵
  PID:12308
- C:\Windows\System\RNrLknR.exe
  C:\Windows\System\RNrLknR.exe
  2⤵
  PID:12376
- C:\Windows\System\TwJOpIZ.exe
  C:\Windows\System\TwJOpIZ.exe
  2⤵
  PID:12436
- C:\Windows\System\SMwdoHR.exe
  C:\Windows\System\SMwdoHR.exe
  2⤵
  PID:12488
- C:\Windows\System\pRkPrFt.exe
  C:\Windows\System\pRkPrFt.exe
  2⤵
  PID:12508
- C:\Windows\System\XGGRmCl.exe
  C:\Windows\System\XGGRmCl.exe
  2⤵
  PID:12652
- C:\Windows\System\ERHvhwy.exe
  C:\Windows\System\ERHvhwy.exe
  2⤵
  PID:12700
- C:\Windows\System\NtraBUX.exe
  C:\Windows\System\NtraBUX.exe
  2⤵
  PID:12764
- C:\Windows\System\JijxjOV.exe
  C:\Windows\System\JijxjOV.exe
  2⤵
  PID:12820
- C:\Windows\System\KQJwiqn.exe
  C:\Windows\System\KQJwiqn.exe
  2⤵
  PID:12892
- C:\Windows\System\NdtzJyN.exe
  C:\Windows\System\NdtzJyN.exe
  2⤵
  PID:12932
- C:\Windows\System\mfZkKxj.exe
  C:\Windows\System\mfZkKxj.exe
  2⤵
  PID:13020
- C:\Windows\System\TYIxgCO.exe
  C:\Windows\System\TYIxgCO.exe
  2⤵
  PID:13076
- C:\Windows\System\yIbdCvZ.exe
  C:\Windows\System\yIbdCvZ.exe
  2⤵
  PID:13152
- C:\Windows\System\SbnkGQK.exe
  C:\Windows\System\SbnkGQK.exe
  2⤵
  PID:13204
- C:\Windows\System\TKlubza.exe
  C:\Windows\System\TKlubza.exe
  2⤵
  PID:13272
- C:\Windows\System\PvyilBy.exe
  C:\Windows\System\PvyilBy.exe
  2⤵
  PID:12340
- C:\Windows\System\zQINUqt.exe
  C:\Windows\System\zQINUqt.exe
  2⤵
  PID:12456
- C:\Windows\System\pyIHBBd.exe
  C:\Windows\System\pyIHBBd.exe
  2⤵
  PID:12588
- C:\Windows\System\AoMRGCv.exe
  C:\Windows\System\AoMRGCv.exe
  2⤵
  PID:12740
- C:\Windows\System\NmEcmBR.exe
  C:\Windows\System\NmEcmBR.exe
  2⤵
  PID:12904
- C:\Windows\System\NwQGGQe.exe
  C:\Windows\System\NwQGGQe.exe
  2⤵
  PID:13000
- C:\Windows\System\jebJOSs.exe
  C:\Windows\System\jebJOSs.exe
  2⤵
  PID:13200
- C:\Windows\System\pCdvGnK.exe
  C:\Windows\System\pCdvGnK.exe
  2⤵
  PID:12400
- C:\Windows\System\BXYmFhs.exe
  C:\Windows\System\BXYmFhs.exe
  2⤵
  PID:12516
- C:\Windows\System\kQPlyjR.exe
  C:\Windows\System\kQPlyjR.exe
  2⤵
  PID:12876
- C:\Windows\System\cacWnNp.exe
  C:\Windows\System\cacWnNp.exe
  2⤵
  PID:12404
- C:\Windows\System\PudMGSZ.exe
  C:\Windows\System\PudMGSZ.exe
  2⤵
  PID:12748
- C:\Windows\System\JMgLcZR.exe
  C:\Windows\System\JMgLcZR.exe
  2⤵
  PID:13324
- C:\Windows\System\aFbeTJh.exe
  C:\Windows\System\aFbeTJh.exe
  2⤵
  PID:13364
- C:\Windows\System\fSXpIwO.exe
  C:\Windows\System\fSXpIwO.exe
  2⤵
  PID:13392
- C:\Windows\System\ZAplXhk.exe
  C:\Windows\System\ZAplXhk.exe
  2⤵
  PID:13420
- C:\Windows\System\xbGTuho.exe
  C:\Windows\System\xbGTuho.exe
  2⤵
  PID:13436
- C:\Windows\System\SCacwai.exe
  C:\Windows\System\SCacwai.exe
  2⤵
  PID:13468
- C:\Windows\System\dilrPHD.exe
  C:\Windows\System\dilrPHD.exe
  2⤵
  PID:13492
- C:\Windows\System\EcXGOPa.exe
  C:\Windows\System\EcXGOPa.exe
  2⤵
  PID:13524
- C:\Windows\System\OyfGqWO.exe
  C:\Windows\System\OyfGqWO.exe
  2⤵
  PID:13560
- C:\Windows\System\MnOqoPy.exe
  C:\Windows\System\MnOqoPy.exe
  2⤵
  PID:13580
- C:\Windows\System\DHCCjiH.exe
  C:\Windows\System\DHCCjiH.exe
  2⤵
  PID:13616
- C:\Windows\System\sRpfiGi.exe
  C:\Windows\System\sRpfiGi.exe
  2⤵
  PID:13632
- C:\Windows\System\LETnBvY.exe
  C:\Windows\System\LETnBvY.exe
  2⤵
  PID:13672
- C:\Windows\System\aAcsqxK.exe
  C:\Windows\System\aAcsqxK.exe
  2⤵
  PID:13700
- C:\Windows\System\rvTIMVC.exe
  C:\Windows\System\rvTIMVC.exe
  2⤵
  PID:13728
- C:\Windows\System\CQTKZiC.exe
  C:\Windows\System\CQTKZiC.exe
  2⤵
  PID:13756
- C:\Windows\System\VKxqetH.exe
  C:\Windows\System\VKxqetH.exe
  2⤵
  PID:13784
- C:\Windows\System\XnfHzUd.exe
  C:\Windows\System\XnfHzUd.exe
  2⤵
  PID:13800
- C:\Windows\System\xKxFfdK.exe
  C:\Windows\System\xKxFfdK.exe
  2⤵
  PID:13844
- C:\Windows\System\tKDDEiH.exe
  C:\Windows\System\tKDDEiH.exe
  2⤵
  PID:13868
- C:\Windows\System\WiACfaJ.exe
  C:\Windows\System\WiACfaJ.exe
  2⤵
  PID:13900
- C:\Windows\System\GwuHAFg.exe
  C:\Windows\System\GwuHAFg.exe
  2⤵
  PID:13952
- C:\Windows\System\BWLYfDD.exe
  C:\Windows\System\BWLYfDD.exe
  2⤵
  PID:13988
- C:\Windows\System\kCMdzGh.exe
  C:\Windows\System\kCMdzGh.exe
  2⤵
  PID:14004
- C:\Windows\System\rxdfdZB.exe
  C:\Windows\System\rxdfdZB.exe
  2⤵
  PID:14056
- C:\Windows\System\qAnbata.exe
  C:\Windows\System\qAnbata.exe
  2⤵
  PID:14088
- C:\Windows\System\UxIasbW.exe
  C:\Windows\System\UxIasbW.exe
  2⤵
  PID:14124
- C:\Windows\System\UOASliB.exe
  C:\Windows\System\UOASliB.exe
  2⤵
  PID:14152
- C:\Windows\System\eNyVZnP.exe
  C:\Windows\System\eNyVZnP.exe
  2⤵
  PID:14176
- C:\Windows\System\AILkpYy.exe
  C:\Windows\System\AILkpYy.exe
  2⤵
  PID:14252
- C:\Windows\System\dVmSIyY.exe
  C:\Windows\System\dVmSIyY.exe
  2⤵
  PID:14268
- C:\Windows\System\iCFwHuT.exe
  C:\Windows\System\iCFwHuT.exe
  2⤵
  PID:14312
- C:\Windows\System\uuAvgty.exe
  C:\Windows\System\uuAvgty.exe
  2⤵
  PID:13260
- C:\Windows\System\PqfFvRd.exe
  C:\Windows\System\PqfFvRd.exe
  2⤵
  PID:13376
- C:\Windows\System\QElpNxm.exe
  C:\Windows\System\QElpNxm.exe
  2⤵
  PID:13432
- C:\Windows\System\rpYtyHt.exe
  C:\Windows\System\rpYtyHt.exe
  2⤵
  PID:13484
- C:\Windows\System\KrGBpYI.exe
  C:\Windows\System\KrGBpYI.exe
  2⤵
  PID:13568
- C:\Windows\System\PWHYxOd.exe
  C:\Windows\System\PWHYxOd.exe
  2⤵
  PID:13668
- C:\Windows\System\CDCnkzL.exe
  C:\Windows\System\CDCnkzL.exe
  2⤵
  PID:13744
- C:\Windows\System\cPfDfKM.exe
  C:\Windows\System\cPfDfKM.exe
  2⤵
  PID:13768
- C:\Windows\System\XLdZPaS.exe
  C:\Windows\System\XLdZPaS.exe
  2⤵
  PID:13856
- C:\Windows\System\rkpLMOi.exe
  C:\Windows\System\rkpLMOi.exe
  2⤵
  PID:13932
- C:\Windows\System\aLCTlcF.exe
  C:\Windows\System\aLCTlcF.exe
  2⤵
  PID:13996
- C:\Windows\System\GITTOWt.exe
  C:\Windows\System\GITTOWt.exe
  2⤵
  PID:14112
- C:\Windows\System\JbIzIkH.exe
  C:\Windows\System\JbIzIkH.exe
  2⤵
  PID:14144
- C:\Windows\System\vKhqkHI.exe
  C:\Windows\System\vKhqkHI.exe
  2⤵
  PID:14232
- C:\Windows\System\TLkmOxc.exe
  C:\Windows\System\TLkmOxc.exe
  2⤵
  PID:13336
- C:\Windows\System\jFEzesa.exe
  C:\Windows\System\jFEzesa.exe
  2⤵
  PID:13428
- C:\Windows\System\zJaanUc.exe
  C:\Windows\System\zJaanUc.exe
  2⤵
  PID:13540
- C:\Windows\System\yGSdrIv.exe
  C:\Windows\System\yGSdrIv.exe
  2⤵
  PID:13712
- C:\Windows\System\aBmTDtB.exe
  C:\Windows\System\aBmTDtB.exe
  2⤵
  PID:13892
- C:\Windows\System\dENuTiz.exe
  C:\Windows\System\dENuTiz.exe
  2⤵
  PID:14028
- C:\Windows\System\NpmyLgc.exe
  C:\Windows\System\NpmyLgc.exe
  2⤵
  PID:13412
- C:\Windows\System\fxCfXwg.exe
  C:\Windows\System\fxCfXwg.exe
  2⤵
  PID:13504
- C:\Windows\System\SqRWfgb.exe
  C:\Windows\System\SqRWfgb.exe
  2⤵
  PID:14264
- C:\Windows\System\kKaHyTW.exe
  C:\Windows\System\kKaHyTW.exe
  2⤵
  PID:14304
- C:\Windows\System\hSskQjW.exe
  C:\Windows\System\hSskQjW.exe
  2⤵
  PID:13588
- C:\Windows\System\DyLZjuw.exe
  C:\Windows\System\DyLZjuw.exe
  2⤵
  PID:14360
- C:\Windows\System\XcfeBJc.exe
  C:\Windows\System\XcfeBJc.exe
  2⤵
  PID:14400
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14400 -s 248
    3⤵
    PID:14772
- C:\Windows\System\Ebdqixk.exe
  C:\Windows\System\Ebdqixk.exe
  2⤵
  PID:14416

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BXyjeMx.exe

Filesize
2.2MB

MD5
c7eddf3662f5b72cf5c3725d700e0e2c

SHA1
52f8c9caeafedfe9e32fd78d27119c8f70dca455

SHA256
60f0cf3aa4e350d544108dfdb1e49d9f56b2a6d6aab9d57d73ad3ad3ee3ef048

SHA512
675facf7d33828f08c63ded25aa19f76dd382bfb85022df475e2416a36728010edddf83673f04591dad5439441deca479b32a394088bb6a8ff5674939904cb72

Download Submit
C:\Windows\System\ELPJYwX.exe

Filesize
2.2MB

MD5
06c2536b3fdb0c3a9439f40adfd65e35

SHA1
e5587db784c289850a8f5ee8d0af3e827539b7a4

SHA256
c1f12363cd9d5a986de04210fbefd16abfbafa61215977eadb8a2dc925b1fd8f

SHA512
04fadbf546b564d717eb9e483a3b769467bdcf40874ad111243113a463e1866dd0cbab51f3e0115139ee679bd1b9439f336d82dfab6bed7b9c9b302f1c2a3698

Download Submit
C:\Windows\System\FSOjmxI.exe

Filesize
2.2MB

MD5
2315aaf26dad05fe532603bb8eae6d12

SHA1
75d027b59ffff90fcd095f48a1b62bcc420915ef

SHA256
daf028b466745121db00b7e7b8f43dde94dc4a60a135db6f542c7618279372fb

SHA512
337a4f1ebd79af20d19e9f5f21d5d653253c75c56c5de4ba87b9463a6c03192f4f799272babe7903b59fe5f8f148ff55b52c315b573e34ff77b74cb7635fbfda

Download Submit
C:\Windows\System\GrVNqHR.exe

Filesize
2.3MB

MD5
b63c018c7937ba81c0ead1df3b11d4b5

SHA1
9e92c7cc654e249ce3d62e41ff7a0a9184220fd3

SHA256
34105e85a0dbd5f490ffb74740a8f7bbc80802a2d5111b4db144007b374a76d6

SHA512
db40c22de39c60c8582c5789f603b5a17b6d195f4be7cbe9bcdd78186c99987783adda892d699e1dc11bd8b2e232a790ca8b0376c1336d4974a8d0f755c031e5

Download Submit
C:\Windows\System\HeSWoHZ.exe

Filesize
2.3MB

MD5
1e2adc718d47484edc92c4da1f159ac0

SHA1
d66b1d915fc1407f2e876265213a5581d1953fb2

SHA256
f4dcc32afac94e646ad266c1fe817f399ff83e8997b1f094dceb1b445b188769

SHA512
4c0de98b69a94e61c1beb9462ec4908eaf19b5b341f3a4c50989d0434ebbc263b96ec4db2d08252556d4b8d8ed5c7604b8e68bca27f0264543f9149c0fe61bb5

Download Submit
C:\Windows\System\JEowHsb.exe

Filesize
2.2MB

MD5
52a9070678d2b673e58fb47bc2a1642d

SHA1
d2abde578d1c79bd0c4572aaae636b5000db8d2c

SHA256
24ecee0457858416f59629321d611c672ef9ef865918b8ef2476eb77904f6565

SHA512
7ae949855c8e4926b1b2c5e5fb00d43f38fb56cd3538393635a21ccb9a0ad962d6eec5c7f731649786b94768098d899b0aa6ffbc42dc783a2c44f7566b5f6c73

Download Submit
C:\Windows\System\KPfAEZx.exe

Filesize
2.2MB

MD5
5e920be5bd62d38a2c23c843c1b37e0e

SHA1
9d7eb2adf10a361fe6c0e34db0322b3462d5ac8b

SHA256
b0fe284547324a6c9279a66ef0755a6c4d178d9cfcddd68ac03d2335e2039432

SHA512
16a18a2bd31e4f161fea50f35fd4445e71d2856f0da7a7bdf839e12749ff61517b301933e3f850b841608e3c69b8d7c1b6bf8923c20ff8e9dbef6aa45c66fbc6

Download Submit
C:\Windows\System\KcXZNRT.exe

Filesize
2.2MB

MD5
ab32f612659b398d58d4db4dad70a6eb

SHA1
8b5f1eca71283526fce6828d92a97986f5b4924e

SHA256
fcf8937edfa0db3febd1bf4c3c00cea6c7d642aa423f1333c8e441ee5aca5d14

SHA512
73bca513e65d55ce81b19d00a6023f44c5bf5caac40635ca9e1d765797c019557a96390a040c994198b20db4a2a2d29a0653e70189055a6023da41a639d2ff28

Download Submit
C:\Windows\System\MhpjQBz.exe

Filesize
2.2MB

MD5
8abbda57dc745c5298af71d49a286df5

SHA1
5e8783ac34ac18ba3c8671685382d5d915ab5862

SHA256
b30e63c7261aa3bd9c3fae0abe9c2d3cb4861ac046df43b91c5eeebb04316f1e

SHA512
6a5228d5c0d93521c513c8153b0e4924b8a6a57b8e703c6543720533ecf06d80938b457de73299c9c56dff94ef5631c58776f2d3de13f9f71065ac3916ab9e0b

Download Submit
C:\Windows\System\QFKeBXW.exe

Filesize
2.2MB

MD5
64c5100224476e465e83b44ff783f166

SHA1
ca7713908cef32cc25cf8460fd6e0537e55dda26

SHA256
da1624c441f7004faf4f4d1f9464482074695face6e9da1d17c9dae422384881

SHA512
9434c9ab9c6c4c272209c9c2bdbb108eb3a03e8a55eec99d0bc57782571f21dd694f306b9352eb047fd4c4bedb60c17d5dd6859b7ab8dc3858dc1aa912b3f52f

Download Submit
C:\Windows\System\QqktjXS.exe

Filesize
2.2MB

MD5
8f0783796f797d3d1fa7e6661d2324e1

SHA1
a1c4fddcb974a1749ffb083478c3be067a68d3be

SHA256
93b94f5b246c3686562b7aca0d5a7a4d71abfe1d637071a4c57ca526e9185827

SHA512
dba5e3e3fc5afad7132d517ea137a08f77981020909296c1a1c07b0be6a679d9e5bf852b5c7f2f05f6c0d77d6da90bde1eb3240b8eab288d71dc4dfc759122a5

Download Submit
C:\Windows\System\SQlzPsW.exe

Filesize
2.2MB

MD5
2c0b34db5217de7c8b1bac6ef551f46b

SHA1
f8b3144533f60f0140eaf2a458bfa922d8f317e2

SHA256
9d5eecd759c3bb9aa35dfbfa4960caa28ced023fc30e585c47cad0158a16b3ed

SHA512
c30f21fc340bb191c49172b00363a5c347700f2a4ecd66029138e7cdef1d398fb50ad3569da0b3c8b0d58584e2f68ef3dbc40ed467f1b9f6314f540f9403299a

Download Submit
C:\Windows\System\UQkxHYD.exe

Filesize
2.2MB

MD5
2b817d47193d5d73d93fc73b8cd778e5

SHA1
a1073d6375cf15c83b251aaffe5342e09eeacbc7

SHA256
77a8abf3e457b492143c0c74afbff5aabd5276f99bc5ddc4bc3ba941445b0246

SHA512
6e533ba6cd4295a18260a23b120fca5616efe897de86a2af5f4e2bfbc328cc0795e2f91d7602a70820b2fbc79a71cfd467c98befbe04f3c54d5848e2e14096cd

Download Submit
C:\Windows\System\WfoSTST.exe

Filesize
2.2MB

MD5
0ba7c7b460ae021e3f7698a8e302f194

SHA1
44302f2cb70516a1c9451a720cda953336a6e8a3

SHA256
60ed9d74c884c960317dda6c4b1a942ed25eb180d259df8afd89613c1b1592fa

SHA512
33e9f6b3abb5a57eac26fcc7c4b4e33c15ce1d3972045552bc02c7502063e8967edb8886eef268000f3d368796e07c2ceccbd8a9ab9c8c66636cd6c67830f360

Download Submit
C:\Windows\System\WpXHUCW.exe

Filesize
2.2MB

MD5
1a75ad0bbcba567929612cff270e7aa9

SHA1
678c1c90bde956f7c29d7a7c96732ae302357be5

SHA256
c70f19186455d564e8d91cb8c8d44e6e0faf0bbe4325bcfb944d9572dd0b2de0

SHA512
5889b64cb96d3ca6e006b59554f65e8571356de84ddd0aa87e325c7788b4a98e7d94841d1c217f9f0c542a6a5effd248711ba1c6c1fc0f1bfe4029b3dd50136f

Download Submit
C:\Windows\System\YQxszTN.exe

Filesize
2.2MB

MD5
4ab3e43ee3f48a2f9a08b6e487adcb87

SHA1
67198d17e2a80dac1d02a93d680e296d6a7a64f0

SHA256
aa41161a2db2f803d6355c817e32ffbaba3ee30ab85aef616600451459c1c933

SHA512
e1a84a5d3a00ddaa268767faa59760747348f945d309a11c45dd60e07b1a636738d2b5a264bf11bee9d9b338b2d2f25cc56420068c82eeb31be61f14d023b328

Download Submit
C:\Windows\System\acFbveD.exe

Filesize
2.2MB

MD5
d3427afa897be7369f73e23d7569afb9

SHA1
8f2e4d7f319bf1430ed1a7feb848d40f948e5d96

SHA256
7ca7793fa5434d099aef760737ec39dbd0c3a599213d9439745c88316a18982c

SHA512
950e45709ad525385f90c74e9ff2e444273a7cc3867526f2710337af62f7c7a0375a59d685160f465270091776e5fe97ad88bc42bfc7f9296e43c8dcb33e6c04

Download Submit
C:\Windows\System\gLQavvX.exe

Filesize
2.2MB

MD5
ba9973fe9cf8c918b07bb3538963d2a2

SHA1
9ae9f762e94ad9980fd8e6e9b76207b834cc4ca4

SHA256
4405a42102d8126a7c18c3f129381f9ba30d604adb859196ea99c345041b2e4b

SHA512
2a07ac202d8fd45be6df603ded7bbebd71596e9a0ec928a1770bcbf442d685d92c2d239eb4bc9e441abd18d09fa9af7779404356407581bad4c2842c9ffe7dc6

Download Submit
C:\Windows\System\hRQWLDK.exe

Filesize
2.2MB

MD5
0db4225d801c46e92cd44589d4021feb

SHA1
aaaf433783ea9af1ced7974fefc76f85428e91d9

SHA256
8bbca3daf88bcd3924b1e43cd4e00c8dd7f5f5cd29f0f2818b2bf6c538fdf5c0

SHA512
010ec37fa9fc798588e6cbb19787e1df569a52c2ecc3fcd6ca707f90b72704ab215335a6411c5b2ea2e4cbf34f4f9d2217305c6cfa30862c7be7b554761a1060

Download Submit
C:\Windows\System\iCWGcMO.exe

Filesize
2.2MB

MD5
515a5ccb739f5c1e5a0c8267f31203ae

SHA1
8a2988355fc61343802c302b7806960ad2b7ecf4

SHA256
0b0597cf8a16b98bf03c5ccec18cbcd73dc8adeec93455d17f4bfba357f3d93a

SHA512
e433978361e98f4be18f0f4dc3313ef1ea870f8facf3ab1d04b12bb82e8f9743b1c51d0022ae32c1c96d53a550385281d9d77491976ada167c25813cbf0b1269

Download Submit
C:\Windows\System\jnAmgjV.exe

Filesize
2.2MB

MD5
34f09ccd67f006f5da0d6a54d6a5f8cf

SHA1
4cb76ece8cd1571701bd32578cc8af2a179eae91

SHA256
802ab3b639ac7066a0b89174b82b1ef7b33da7f4475d4181a8bf03d524f25515

SHA512
41ca3bbe3500296d0eeaf610522c9b86c898fdbada630f1c4a432f90bbc9e68a922d7e8a9208f2496deb5674898069211a3ecd38613f80120dd051538141aa8e

Download Submit
C:\Windows\System\lhZaiJX.exe

Filesize
2.2MB

MD5
9af266f313c893793d1f9b17e0cce938

SHA1
ec7eb61842f537842a1b5b5ea74afa1864b4a6a2

SHA256
5b3f2fd13714fef6c498cd4d40411dd8dbec2fd0880c6da6def066c079247125

SHA512
5d95a0684675deed8f0a49112a931f04b450e2297958e22a235535a0f21a36d2678abcb6aec695e10bca678201e7873b9935ea904716c52dc470ec9707c948e7

Download Submit
C:\Windows\System\nzMUlnc.exe

Filesize
2.2MB

MD5
b8913e068a8f8542684b3d2a7a98f22b

SHA1
0c13c0223dbb1de8a86e06b54c6b61f82e65c50f

SHA256
3d503659551d50aff21b514087793701fc09899941d213293bb7c501a66ebc03

SHA512
136c54cfb4e1df36445fd57d0a18d6e2545b82313f599faf6ab2a82183c17a34243684711d91c8cbb6afa912f0c31692baabd2ed387f182a5465ba81a9a2b11c

Download Submit
C:\Windows\System\oyPDiZk.exe

Filesize
2.2MB

MD5
ce71b81153107cb13a29f6927c0f20e8

SHA1
87d946d473826c91717e6bc3e03dad300df3904d

SHA256
51ba2bfaa399a77bcfecf655d2d98d6d5713dcb3eed8b595c9d248178dc1f9bf

SHA512
50610a36361e6f64c0c57541b55501195840c26e1eed883cb84051ce944a20d7651fb3c48d1f695f57da5d69cc6e686a8d2dd12ba97d7b3a51d6b90148894828

Download Submit
C:\Windows\System\rLuuOFg.exe

Filesize
2.2MB

MD5
161876e5c069c370d38b1b5f6edf54c6

SHA1
5d1c1c8ffdeab60977c121c2ce0f5ed7f8d0dc62

SHA256
b23daf84a4a280dbaa8cf69c235c65deb586177eac32714d2a9a4f87a986dd29

SHA512
8cd97a455ecaac87ae84316e6cb1ae3893607f6f08698e05abf8f41b0f3405be27b5a33e98f495a000d669904298c9148f4c7859f3ab74f15932975e846cecf6

Download Submit
C:\Windows\System\trwdrHs.exe

Filesize
2.2MB

MD5
069262db2165f0f59c516cb1dad782ae

SHA1
3d373d506497ed6551ad9e1257f536540aa52233

SHA256
637e1752b132929a53611ba3be87cf32d640d0daf28bf790a88598b87873def8

SHA512
712b535f9b34bfe35654325576d5c54ad7a0358ee85c1192929cb79700366bf8170428e5276a6fb63a206ef159e0579a654bf09584e35354287716ed6ceeb1fa

Download Submit
C:\Windows\System\upgnAGt.exe

Filesize
2.2MB

MD5
e4c08a34abf3c225d4ddbc5890d027cd

SHA1
f1568cc14c4ae5503d0b817506079ae2147e276d

SHA256
85a44c9eb165a8bf8b0b9268b65cbbbe02236d944fbeb524de144e6fde692757

SHA512
2e07720ea35f6f71fbafe5bd9ba545c2383aa6b0a66fc66261abeabb23d1c35ba9efef5ed693b45973d351f832e145676965e9c430ee7287c14c6d54e3db99fa

Download Submit
C:\Windows\System\uxEKZmV.exe

Filesize
2.2MB

MD5
b52bb535e3f71ae2f22b6ef5f3a954ef

SHA1
03980d7e2ae2bc7ef34a39e6fa9eb1fc20c79d3c

SHA256
bd09cdcf2cea91e9b383cea6612011956801be6d17f02111f84a5db369a23114

SHA512
b99658aa82f847269d1279a31403d3ca1b9111b7ca6d1f330f164379ad5b6bc35d4f80ff75767657783341f9fe58125feaefb26c945ffad92bf85a7b257dbe41

Download Submit
C:\Windows\System\vpqyUCP.exe

Filesize
2.2MB

MD5
2ac3989d58f7c3376cbead31854ad950

SHA1
fa7dd61ffe457d9d18b4053a9345646e37716cb6

SHA256
511ae23a2b963f2b6ef1a9529e85348945a1894ebe750bea0c525b4eb0b44069

SHA512
b3349e9379ad5027b6fb143d99d1b3069f63d07c9aac6e25574a4dc922a292a1911fae50a484f7f46e06059e6aa30c3427a6e501c3c3cea758a9e0a212f21599

Download Submit
C:\Windows\System\wFZlRQW.exe

Filesize
2.2MB

MD5
4fb747c57743b84f1b5eba99cfa116b0

SHA1
033587db274beeb3fc1619df9d86e9be207b542e

SHA256
bb18c4c3375ab1b40ff175e8c9c5326a40b5a16437f4d79b1d3f0f6fc3c48f9a

SHA512
d8caac832508a91d738afa4419bf1cb7c8359c7454b3dd48a995d7c8b4cca2c3a56be0cb328685ac0d8a234261e76a49d7d10446e68dfa93773a1bbc6bb85037

Download Submit
C:\Windows\System\wXptvqs.exe

Filesize
2.2MB

MD5
a2d3e720299ca38501e7cf4f7cf3797c

SHA1
c69d75e9080473f2df2ca056549089742df455de

SHA256
2d4ae77b02aa6b97e1107e776b04d0a6b4940d0e8eef1f17f2ab89d45aba3c7b

SHA512
b9ae48f8a78289b9600fc3edbde3566e922485292f554a183ec12f3fabc69e53dfd9a37c2b1cd96fe5a63aea1c8b1e9de1e5aa9f7b89a0696ca4ea06f1a54c9f

Download Submit
C:\Windows\System\wmNENiP.exe

Filesize
2.2MB

MD5
93e037fba49cb6d97c2717d184cf4785

SHA1
9ef91f2cf77b2d50e6cf279e11b72987cc8ceeba

SHA256
0a6f9ab22c4f5c91afd8977d9f2bcf87b51a019cef0613cdf88f23e184040207

SHA512
6d83e87df3fa5598bcbd4b063ab06a2b51523be595dde674131fb62f2fb24f905fce578ff4575211ddde30684e098d6d306cee149c6ef45061338e5b7b94d1c4

Download Submit
C:\Windows\System\ySQrtqu.exe

Filesize
2.2MB

MD5
030ff20ac2fb9e32e925f6f37190dbdf

SHA1
2e25f8b05f863f93ce19bb13a64aa64c2ef441f3

SHA256
45e215e64c90033aa7073777eea1ba9fc5d34e98c4164f5fb53a758dfd73e3b1

SHA512
f8c8a3e7704ac2738740d1489ab170da9eec2fdfbc68a13c49138da0ab27b1b1ad5e322a110f102332993b631eda1bb08ac28c96f349398e1f412329eeb2579f

Download Submit
memory/32-536-0x00007FF605080000-0x00007FF6053D4000-memory.dmp

Filesize
3.3MB

Download
memory/32-2099-0x00007FF605080000-0x00007FF6053D4000-memory.dmp

Filesize
3.3MB

Download
memory/464-473-0x00007FF616CD0000-0x00007FF617024000-memory.dmp

Filesize
3.3MB

Download
memory/464-2093-0x00007FF616CD0000-0x00007FF617024000-memory.dmp

Filesize
3.3MB

Download
memory/760-2076-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp

Filesize
3.3MB

Download
memory/760-12-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp

Filesize
3.3MB

Download
memory/1124-532-0x00007FF61DE10000-0x00007FF61E164000-memory.dmp

Filesize
3.3MB

Download
memory/1124-2095-0x00007FF61DE10000-0x00007FF61E164000-memory.dmp

Filesize
3.3MB

Download
memory/1556-2101-0x00007FF620420000-0x00007FF620774000-memory.dmp

Filesize
3.3MB

Download
memory/1556-534-0x00007FF620420000-0x00007FF620774000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2094-0x00007FF626A00000-0x00007FF626D54000-memory.dmp

Filesize
3.3MB

Download
memory/1676-472-0x00007FF626A00000-0x00007FF626D54000-memory.dmp

Filesize
3.3MB

Download
memory/1720-2082-0x00007FF7A0450000-0x00007FF7A07A4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-541-0x00007FF7A0450000-0x00007FF7A07A4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-487-0x00007FF667DC0000-0x00007FF668114000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2087-0x00007FF667DC0000-0x00007FF668114000-memory.dmp

Filesize
3.3MB

Download
memory/2116-494-0x00007FF7D0C70000-0x00007FF7D0FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2088-0x00007FF7D0C70000-0x00007FF7D0FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-462-0x00007FF655CF0000-0x00007FF656044000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2084-0x00007FF655CF0000-0x00007FF656044000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2104-0x00007FF68F0E0000-0x00007FF68F434000-memory.dmp

Filesize
3.3MB

Download
memory/2612-537-0x00007FF68F0E0000-0x00007FF68F434000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2090-0x00007FF715880000-0x00007FF715BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-522-0x00007FF715880000-0x00007FF715BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1-0x000002651C220000-0x000002651C230000-memory.dmp

Filesize
64KB

Download
memory/3052-0-0x00007FF6230F0000-0x00007FF623444000-memory.dmp

Filesize
3.3MB

Download
memory/3056-530-0x00007FF6E95B0000-0x00007FF6E9904000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2091-0x00007FF6E95B0000-0x00007FF6E9904000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2100-0x00007FF731980000-0x00007FF731CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-535-0x00007FF731980000-0x00007FF731CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3400-2098-0x00007FF733E80000-0x00007FF7341D4000-memory.dmp

Filesize
3.3MB

Download
memory/3400-526-0x00007FF733E80000-0x00007FF7341D4000-memory.dmp

Filesize
3.3MB

Download
memory/3408-539-0x00007FF795840000-0x00007FF795B94000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2102-0x00007FF795840000-0x00007FF795B94000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2083-0x00007FF6B79E0000-0x00007FF6B7D34000-memory.dmp

Filesize
3.3MB

Download
memory/3468-458-0x00007FF6B79E0000-0x00007FF6B7D34000-memory.dmp

Filesize
3.3MB

Download
memory/3492-538-0x00007FF7FBC00000-0x00007FF7FBF54000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2103-0x00007FF7FBC00000-0x00007FF7FBF54000-memory.dmp

Filesize
3.3MB

Download
memory/3536-2096-0x00007FF6C4870000-0x00007FF6C4BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3536-533-0x00007FF6C4870000-0x00007FF6C4BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3732-483-0x00007FF71EC10000-0x00007FF71EF64000-memory.dmp

Filesize
3.3MB

Download
memory/3732-2097-0x00007FF71EC10000-0x00007FF71EF64000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2092-0x00007FF6B65A0000-0x00007FF6B68F4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-531-0x00007FF6B65A0000-0x00007FF6B68F4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2080-0x00007FF6C5D80000-0x00007FF6C60D4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-457-0x00007FF6C5D80000-0x00007FF6C60D4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-452-0x00007FF7E0210000-0x00007FF7E0564000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2078-0x00007FF7E0210000-0x00007FF7E0564000-memory.dmp

Filesize
3.3MB

Download
memory/4504-463-0x00007FF6BFF20000-0x00007FF6C0274000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2085-0x00007FF6BFF20000-0x00007FF6C0274000-memory.dmp

Filesize
3.3MB

Download
memory/4508-488-0x00007FF79E840000-0x00007FF79EB94000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2089-0x00007FF79E840000-0x00007FF79EB94000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2086-0x00007FF6E3860000-0x00007FF6E3BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-466-0x00007FF6E3860000-0x00007FF6E3BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-456-0x00007FF715670000-0x00007FF7159C4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2081-0x00007FF715670000-0x00007FF7159C4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-2077-0x00007FF6C7C80000-0x00007FF6C7FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-14-0x00007FF6C7C80000-0x00007FF6C7FD4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-540-0x00007FF79B860000-0x00007FF79BBB4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2079-0x00007FF79B860000-0x00007FF79BBB4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads