xmrig | 71a3c7d0f15543b58026bad978869f70c87759bfaf4d44659d751653281b3102

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
Size

2.2MB
MD5

9d6ecb5339292f6d60f678a760657b50
SHA1

fcbd4aebab5ce2bf9a71a8a86a45a1003df217ab
SHA256

71a3c7d0f15543b58026bad978869f70c87759bfaf4d44659d751653281b3102
SHA512

e66ce0de4fc19ecbbc6475e068840623b38b22162ce62b0cc7226dd3722f69877fe8e3d19f619faf0e9954969bae097ce070d4ff561e5c4e49a8804faece6650
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQW/TQItb52CY0p0m:oemTLkNdfE0pZrQ4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/896-0-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp	xmrig
behavioral2/files/0x00090000000233e8-5.dat	xmrig
behavioral2/files/0x00080000000233f7-9.dat	xmrig
behavioral2/files/0x00070000000233ff-27.dat	xmrig
behavioral2/files/0x0007000000023404-50.dat	xmrig
behavioral2/files/0x0007000000023401-67.dat	xmrig
behavioral2/files/0x0007000000023405-88.dat	xmrig
behavioral2/files/0x0007000000023408-108.dat	xmrig
behavioral2/memory/4884-121-0x00007FF68F5D0000-0x00007FF68F924000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-140.dat	xmrig
behavioral2/files/0x0007000000023416-166.dat	xmrig
behavioral2/memory/4468-175-0x00007FF72DC30000-0x00007FF72DF84000-memory.dmp	xmrig
behavioral2/memory/1140-180-0x00007FF6AC5E0000-0x00007FF6AC934000-memory.dmp	xmrig
behavioral2/memory/1764-186-0x00007FF730830000-0x00007FF730B84000-memory.dmp	xmrig
behavioral2/memory/3132-185-0x00007FF75DE30000-0x00007FF75E184000-memory.dmp	xmrig
behavioral2/memory/4968-184-0x00007FF6860D0000-0x00007FF686424000-memory.dmp	xmrig
behavioral2/memory/3008-183-0x00007FF77F2A0000-0x00007FF77F5F4000-memory.dmp	xmrig
behavioral2/memory/4496-182-0x00007FF62DDD0000-0x00007FF62E124000-memory.dmp	xmrig
behavioral2/memory/3404-181-0x00007FF6BE000000-0x00007FF6BE354000-memory.dmp	xmrig
behavioral2/memory/4856-179-0x00007FF6D2450000-0x00007FF6D27A4000-memory.dmp	xmrig
behavioral2/memory/4624-178-0x00007FF681600000-0x00007FF681954000-memory.dmp	xmrig
behavioral2/memory/2904-177-0x00007FF6E98F0000-0x00007FF6E9C44000-memory.dmp	xmrig
behavioral2/memory/3632-176-0x00007FF68C700000-0x00007FF68CA54000-memory.dmp	xmrig
behavioral2/memory/5016-174-0x00007FF75F040000-0x00007FF75F394000-memory.dmp	xmrig
behavioral2/memory/2056-173-0x00007FF601620000-0x00007FF601974000-memory.dmp	xmrig
behavioral2/memory/4108-172-0x00007FF7F5960000-0x00007FF7F5CB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-170.dat	xmrig
behavioral2/files/0x0007000000023417-168.dat	xmrig
behavioral2/files/0x0007000000023415-164.dat	xmrig
behavioral2/files/0x0007000000023414-162.dat	xmrig
behavioral2/files/0x0007000000023413-160.dat	xmrig
behavioral2/memory/2952-159-0x00007FF77DCD0000-0x00007FF77E024000-memory.dmp	xmrig
behavioral2/memory/816-158-0x00007FF603910000-0x00007FF603C64000-memory.dmp	xmrig
behavioral2/memory/2156-157-0x00007FF701BE0000-0x00007FF701F34000-memory.dmp	xmrig
behavioral2/memory/2608-144-0x00007FF794260000-0x00007FF7945B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-135.dat	xmrig
behavioral2/files/0x0007000000023410-134.dat	xmrig
behavioral2/files/0x000700000002340f-130.dat	xmrig
behavioral2/files/0x000700000002340a-128.dat	xmrig
behavioral2/files/0x000700000002340e-126.dat	xmrig
behavioral2/files/0x000700000002340d-124.dat	xmrig
behavioral2/files/0x000700000002340b-119.dat	xmrig
behavioral2/memory/3892-116-0x00007FF6B2A80000-0x00007FF6B2DD4000-memory.dmp	xmrig
behavioral2/memory/2892-115-0x00007FF676420000-0x00007FF676774000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-111.dat	xmrig
behavioral2/files/0x000700000002340c-122.dat	xmrig
behavioral2/files/0x0007000000023406-102.dat	xmrig
behavioral2/files/0x0007000000023407-117.dat	xmrig
behavioral2/memory/1104-98-0x00007FF6C70B0000-0x00007FF6C7404000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-78.dat	xmrig
behavioral2/files/0x0007000000023400-76.dat	xmrig
behavioral2/memory/4608-71-0x00007FF647870000-0x00007FF647BC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-74.dat	xmrig
behavioral2/memory/2332-60-0x00007FF62FF40000-0x00007FF630294000-memory.dmp	xmrig
behavioral2/memory/4648-57-0x00007FF6DA760000-0x00007FF6DAAB4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fe-48.dat	xmrig
behavioral2/memory/3064-39-0x00007FF7CC650000-0x00007FF7CC9A4000-memory.dmp	xmrig
behavioral2/memory/2636-31-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fd-43.dat	xmrig
behavioral2/files/0x00070000000233fc-42.dat	xmrig
behavioral2/memory/1484-19-0x00007FF7423E0000-0x00007FF742734000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-194.dat	xmrig
behavioral2/files/0x0007000000023419-191.dat	xmrig
behavioral2/memory/896-2112-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1484	GAzIrcj.exe
4856	YjtkEfy.exe
2636	fNEFoAy.exe
1140	rNAqgrg.exe
3064	mOIOEIk.exe
4648	jYuzprJ.exe
2332	AxxUimS.exe
3404	AyptrFR.exe
4496	FjXNjWJ.exe
4608	LBpRtBm.exe
1104	rHNunpZ.exe
2892	AlDpYMh.exe
3008	sFFqNsX.exe
3892	BixeqQL.exe
4884	gWaEAkk.exe
4968	fcHNqxO.exe
2608	QrUfzuI.exe
2156	pjmzUsn.exe
3132	yzuUeWs.exe
816	xbqPBoc.exe
2952	bZdpogL.exe
4108	sJquBMz.exe
2056	DflnyTN.exe
5016	FbIcBwM.exe
4468	TjOaLgM.exe
1764	VZikoRm.exe
3632	qJobRWs.exe
2904	PhunoQh.exe
4624	EYZowQu.exe
3856	jiTwipe.exe
2992	PNKrrMA.exe
704	IjOdFfU.exe
3544	CnPxOZH.exe
3472	EegrYzU.exe
1456	pMdGqUx.exe
4020	PoDPSXM.exe
1332	VQNQPal.exe
2340	uaavJrS.exe
1392	WFqbyUj.exe
2152	uRZURee.exe
2884	mGDvRdz.exe
3764	IJXXGWw.exe
2248	ygncIiS.exe
2848	sZkRXSG.exe
1648	KUXELXD.exe
3548	MNZHCXp.exe
2968	hUtnSTN.exe
3084	kJbhBUg.exe
4568	BrzRrOv.exe
216	CNeHlAM.exe
4844	lPlynJj.exe
1124	XMsZAsS.exe
3208	xSxMGtG.exe
2412	sEpiNPt.exe
1236	tIsBaui.exe
2268	UpVfRYk.exe
1892	dVmNahA.exe
3504	MUdNPhn.exe
1368	pQeVtNs.exe
2744	vYkJsRZ.exe
1768	jfoLzGd.exe
1308	fdJBRGf.exe
4712	hYwAwST.exe
3120	zFCLaCt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/896-0-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp	upx
behavioral2/files/0x00090000000233e8-5.dat	upx
behavioral2/files/0x00080000000233f7-9.dat	upx
behavioral2/files/0x00070000000233ff-27.dat	upx
behavioral2/files/0x0007000000023404-50.dat	upx
behavioral2/files/0x0007000000023401-67.dat	upx
behavioral2/files/0x0007000000023405-88.dat	upx
behavioral2/files/0x0007000000023408-108.dat	upx
behavioral2/memory/4884-121-0x00007FF68F5D0000-0x00007FF68F924000-memory.dmp	upx
behavioral2/files/0x0007000000023412-140.dat	upx
behavioral2/files/0x0007000000023416-166.dat	upx
behavioral2/memory/4468-175-0x00007FF72DC30000-0x00007FF72DF84000-memory.dmp	upx
behavioral2/memory/1140-180-0x00007FF6AC5E0000-0x00007FF6AC934000-memory.dmp	upx
behavioral2/memory/1764-186-0x00007FF730830000-0x00007FF730B84000-memory.dmp	upx
behavioral2/memory/3132-185-0x00007FF75DE30000-0x00007FF75E184000-memory.dmp	upx
behavioral2/memory/4968-184-0x00007FF6860D0000-0x00007FF686424000-memory.dmp	upx
behavioral2/memory/3008-183-0x00007FF77F2A0000-0x00007FF77F5F4000-memory.dmp	upx
behavioral2/memory/4496-182-0x00007FF62DDD0000-0x00007FF62E124000-memory.dmp	upx
behavioral2/memory/3404-181-0x00007FF6BE000000-0x00007FF6BE354000-memory.dmp	upx
behavioral2/memory/4856-179-0x00007FF6D2450000-0x00007FF6D27A4000-memory.dmp	upx
behavioral2/memory/4624-178-0x00007FF681600000-0x00007FF681954000-memory.dmp	upx
behavioral2/memory/2904-177-0x00007FF6E98F0000-0x00007FF6E9C44000-memory.dmp	upx
behavioral2/memory/3632-176-0x00007FF68C700000-0x00007FF68CA54000-memory.dmp	upx
behavioral2/memory/5016-174-0x00007FF75F040000-0x00007FF75F394000-memory.dmp	upx
behavioral2/memory/2056-173-0x00007FF601620000-0x00007FF601974000-memory.dmp	upx
behavioral2/memory/4108-172-0x00007FF7F5960000-0x00007FF7F5CB4000-memory.dmp	upx
behavioral2/files/0x0007000000023418-170.dat	upx
behavioral2/files/0x0007000000023417-168.dat	upx
behavioral2/files/0x0007000000023415-164.dat	upx
behavioral2/files/0x0007000000023414-162.dat	upx
behavioral2/files/0x0007000000023413-160.dat	upx
behavioral2/memory/2952-159-0x00007FF77DCD0000-0x00007FF77E024000-memory.dmp	upx
behavioral2/memory/816-158-0x00007FF603910000-0x00007FF603C64000-memory.dmp	upx
behavioral2/memory/2156-157-0x00007FF701BE0000-0x00007FF701F34000-memory.dmp	upx
behavioral2/memory/2608-144-0x00007FF794260000-0x00007FF7945B4000-memory.dmp	upx
behavioral2/files/0x0007000000023411-135.dat	upx
behavioral2/files/0x0007000000023410-134.dat	upx
behavioral2/files/0x000700000002340f-130.dat	upx
behavioral2/files/0x000700000002340a-128.dat	upx
behavioral2/files/0x000700000002340e-126.dat	upx
behavioral2/files/0x000700000002340d-124.dat	upx
behavioral2/files/0x000700000002340b-119.dat	upx
behavioral2/memory/3892-116-0x00007FF6B2A80000-0x00007FF6B2DD4000-memory.dmp	upx
behavioral2/memory/2892-115-0x00007FF676420000-0x00007FF676774000-memory.dmp	upx
behavioral2/files/0x0007000000023409-111.dat	upx
behavioral2/files/0x000700000002340c-122.dat	upx
behavioral2/files/0x0007000000023406-102.dat	upx
behavioral2/files/0x0007000000023407-117.dat	upx
behavioral2/memory/1104-98-0x00007FF6C70B0000-0x00007FF6C7404000-memory.dmp	upx
behavioral2/files/0x0007000000023403-78.dat	upx
behavioral2/files/0x0007000000023400-76.dat	upx
behavioral2/memory/4608-71-0x00007FF647870000-0x00007FF647BC4000-memory.dmp	upx
behavioral2/files/0x0007000000023402-74.dat	upx
behavioral2/memory/2332-60-0x00007FF62FF40000-0x00007FF630294000-memory.dmp	upx
behavioral2/memory/4648-57-0x00007FF6DA760000-0x00007FF6DAAB4000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-48.dat	upx
behavioral2/memory/3064-39-0x00007FF7CC650000-0x00007FF7CC9A4000-memory.dmp	upx
behavioral2/memory/2636-31-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-43.dat	upx
behavioral2/files/0x00070000000233fc-42.dat	upx
behavioral2/memory/1484-19-0x00007FF7423E0000-0x00007FF742734000-memory.dmp	upx
behavioral2/files/0x000700000002341a-194.dat	upx
behavioral2/files/0x0007000000023419-191.dat	upx
behavioral2/memory/896-2112-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ptPKqgg.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\cBFSoMf.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\mCssBHh.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\bwnDSBL.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\ULjOrbI.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\EEclphs.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\HCHUDGB.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\zvbwRmU.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\EfPEEhW.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\GmubIUw.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\xEyzSKh.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\NwQdENI.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\kGoVbWP.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\VQNQPal.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\sMIjPZN.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\OAqVrqS.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\PhunoQh.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\mGDvRdz.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\XRmUJnQ.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\YNLRycT.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\hBgIKNX.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\aCCxXtt.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\sFFqNsX.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\dstsBys.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\HMKHrjW.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\OYnfFUe.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\tZWqZoU.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\xkGyfuP.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\JzVYxzM.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\iEIEtra.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\mxEcPYQ.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\PbKaOXI.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\mSXGzOI.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\bYuFyvs.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\fSjfYAQ.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\pmsAzmH.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\IPavyyD.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\UNoAOky.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\iMMcyRY.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\HJyOYVp.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\NvuGLyY.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\sJquBMz.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\FmiwjhA.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\qEcbaQZ.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\ngYAZgM.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\lNGmYSS.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\zmDfVTH.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\pvBxTca.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\SFSPXGV.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\zFCLaCt.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\iaRMnKB.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\RzBhuvf.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\bbDcAcB.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\KTsQRki.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\ywtJfyE.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\lfBMQsk.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\EKvshuW.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\VAjeieh.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\KoBpSOa.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\IifEfBY.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\nkAwJEj.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\gLEaXbJ.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\YfVxgHe.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
File created	C:\Windows\System\TvOmvQG.exe	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14548	dwm.exe
Token: SeChangeNotifyPrivilege	14548	dwm.exe
Token: 33	14548	dwm.exe
Token: SeIncBasePriorityPrivilege	14548	dwm.exe
Token: SeShutdownPrivilege	14548	dwm.exe
Token: SeCreatePagefilePrivilege	14548	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 1484	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	82
PID 896 wrote to memory of 1484	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	82
PID 896 wrote to memory of 4856	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	83
PID 896 wrote to memory of 4856	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	83
PID 896 wrote to memory of 2636	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	84
PID 896 wrote to memory of 2636	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	84
PID 896 wrote to memory of 1140	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	85
PID 896 wrote to memory of 1140	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	85
PID 896 wrote to memory of 3064	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	86
PID 896 wrote to memory of 3064	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	86
PID 896 wrote to memory of 4648	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	87
PID 896 wrote to memory of 4648	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	87
PID 896 wrote to memory of 2332	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	88
PID 896 wrote to memory of 2332	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	88
PID 896 wrote to memory of 3404	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	89
PID 896 wrote to memory of 3404	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	89
PID 896 wrote to memory of 4496	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	90
PID 896 wrote to memory of 4496	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	90
PID 896 wrote to memory of 4608	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	91
PID 896 wrote to memory of 4608	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	91
PID 896 wrote to memory of 1104	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	92
PID 896 wrote to memory of 1104	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	92
PID 896 wrote to memory of 2892	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	93
PID 896 wrote to memory of 2892	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	93
PID 896 wrote to memory of 3008	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	94
PID 896 wrote to memory of 3008	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	94
PID 896 wrote to memory of 2608	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	95
PID 896 wrote to memory of 2608	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	95
PID 896 wrote to memory of 3892	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	96
PID 896 wrote to memory of 3892	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	96
PID 896 wrote to memory of 4884	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	97
PID 896 wrote to memory of 4884	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	97
PID 896 wrote to memory of 4968	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	98
PID 896 wrote to memory of 4968	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	98
PID 896 wrote to memory of 2156	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	99
PID 896 wrote to memory of 2156	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	99
PID 896 wrote to memory of 3132	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	100
PID 896 wrote to memory of 3132	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	100
PID 896 wrote to memory of 816	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	101
PID 896 wrote to memory of 816	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	101
PID 896 wrote to memory of 2952	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	102
PID 896 wrote to memory of 2952	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	102
PID 896 wrote to memory of 4108	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	103
PID 896 wrote to memory of 4108	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	103
PID 896 wrote to memory of 2056	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	104
PID 896 wrote to memory of 2056	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	104
PID 896 wrote to memory of 5016	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	105
PID 896 wrote to memory of 5016	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	105
PID 896 wrote to memory of 4468	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	106
PID 896 wrote to memory of 4468	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	106
PID 896 wrote to memory of 1764	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	107
PID 896 wrote to memory of 1764	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	107
PID 896 wrote to memory of 3632	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	108
PID 896 wrote to memory of 3632	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	108
PID 896 wrote to memory of 2904	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	109
PID 896 wrote to memory of 2904	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	109
PID 896 wrote to memory of 4624	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	110
PID 896 wrote to memory of 4624	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	110
PID 896 wrote to memory of 3856	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	111
PID 896 wrote to memory of 3856	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	111
PID 896 wrote to memory of 2992	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	112
PID 896 wrote to memory of 2992	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	112
PID 896 wrote to memory of 704	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	113
PID 896 wrote to memory of 704	896	9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9d6ecb5339292f6d60f678a760657b50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\System\GAzIrcj.exe
  C:\Windows\System\GAzIrcj.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\YjtkEfy.exe
  C:\Windows\System\YjtkEfy.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\fNEFoAy.exe
  C:\Windows\System\fNEFoAy.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\rNAqgrg.exe
  C:\Windows\System\rNAqgrg.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\mOIOEIk.exe
  C:\Windows\System\mOIOEIk.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\jYuzprJ.exe
  C:\Windows\System\jYuzprJ.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\AxxUimS.exe
  C:\Windows\System\AxxUimS.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\AyptrFR.exe
  C:\Windows\System\AyptrFR.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\FjXNjWJ.exe
  C:\Windows\System\FjXNjWJ.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\LBpRtBm.exe
  C:\Windows\System\LBpRtBm.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\rHNunpZ.exe
  C:\Windows\System\rHNunpZ.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\AlDpYMh.exe
  C:\Windows\System\AlDpYMh.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\sFFqNsX.exe
  C:\Windows\System\sFFqNsX.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\QrUfzuI.exe
  C:\Windows\System\QrUfzuI.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\BixeqQL.exe
  C:\Windows\System\BixeqQL.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\gWaEAkk.exe
  C:\Windows\System\gWaEAkk.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\fcHNqxO.exe
  C:\Windows\System\fcHNqxO.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\pjmzUsn.exe
  C:\Windows\System\pjmzUsn.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\yzuUeWs.exe
  C:\Windows\System\yzuUeWs.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\xbqPBoc.exe
  C:\Windows\System\xbqPBoc.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\bZdpogL.exe
  C:\Windows\System\bZdpogL.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\sJquBMz.exe
  C:\Windows\System\sJquBMz.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\DflnyTN.exe
  C:\Windows\System\DflnyTN.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\FbIcBwM.exe
  C:\Windows\System\FbIcBwM.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\TjOaLgM.exe
  C:\Windows\System\TjOaLgM.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\VZikoRm.exe
  C:\Windows\System\VZikoRm.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\qJobRWs.exe
  C:\Windows\System\qJobRWs.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\PhunoQh.exe
  C:\Windows\System\PhunoQh.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\EYZowQu.exe
  C:\Windows\System\EYZowQu.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\jiTwipe.exe
  C:\Windows\System\jiTwipe.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\PNKrrMA.exe
  C:\Windows\System\PNKrrMA.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\IjOdFfU.exe
  C:\Windows\System\IjOdFfU.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\CnPxOZH.exe
  C:\Windows\System\CnPxOZH.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\EegrYzU.exe
  C:\Windows\System\EegrYzU.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\pMdGqUx.exe
  C:\Windows\System\pMdGqUx.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\PoDPSXM.exe
  C:\Windows\System\PoDPSXM.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\VQNQPal.exe
  C:\Windows\System\VQNQPal.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\uaavJrS.exe
  C:\Windows\System\uaavJrS.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\WFqbyUj.exe
  C:\Windows\System\WFqbyUj.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\uRZURee.exe
  C:\Windows\System\uRZURee.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\mGDvRdz.exe
  C:\Windows\System\mGDvRdz.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\IJXXGWw.exe
  C:\Windows\System\IJXXGWw.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\ygncIiS.exe
  C:\Windows\System\ygncIiS.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\sZkRXSG.exe
  C:\Windows\System\sZkRXSG.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\KUXELXD.exe
  C:\Windows\System\KUXELXD.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\MNZHCXp.exe
  C:\Windows\System\MNZHCXp.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\hUtnSTN.exe
  C:\Windows\System\hUtnSTN.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\kJbhBUg.exe
  C:\Windows\System\kJbhBUg.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\BrzRrOv.exe
  C:\Windows\System\BrzRrOv.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\CNeHlAM.exe
  C:\Windows\System\CNeHlAM.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\lPlynJj.exe
  C:\Windows\System\lPlynJj.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\XMsZAsS.exe
  C:\Windows\System\XMsZAsS.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\xSxMGtG.exe
  C:\Windows\System\xSxMGtG.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\sEpiNPt.exe
  C:\Windows\System\sEpiNPt.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\tIsBaui.exe
  C:\Windows\System\tIsBaui.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\UpVfRYk.exe
  C:\Windows\System\UpVfRYk.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\dVmNahA.exe
  C:\Windows\System\dVmNahA.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\MUdNPhn.exe
  C:\Windows\System\MUdNPhn.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\vYkJsRZ.exe
  C:\Windows\System\vYkJsRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\pQeVtNs.exe
  C:\Windows\System\pQeVtNs.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\jfoLzGd.exe
  C:\Windows\System\jfoLzGd.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\fdJBRGf.exe
  C:\Windows\System\fdJBRGf.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\hYwAwST.exe
  C:\Windows\System\hYwAwST.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\zFCLaCt.exe
  C:\Windows\System\zFCLaCt.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\ytjeOLy.exe
  C:\Windows\System\ytjeOLy.exe
  2⤵
  PID:4912
- C:\Windows\System\bReRTrd.exe
  C:\Windows\System\bReRTrd.exe
  2⤵
  PID:1784
- C:\Windows\System\mDBYluM.exe
  C:\Windows\System\mDBYluM.exe
  2⤵
  PID:528
- C:\Windows\System\vFQsbTM.exe
  C:\Windows\System\vFQsbTM.exe
  2⤵
  PID:2060
- C:\Windows\System\fFdjmWF.exe
  C:\Windows\System\fFdjmWF.exe
  2⤵
  PID:3964
- C:\Windows\System\vSowsDV.exe
  C:\Windows\System\vSowsDV.exe
  2⤵
  PID:1464
- C:\Windows\System\jJukJii.exe
  C:\Windows\System\jJukJii.exe
  2⤵
  PID:2480
- C:\Windows\System\ZalrCYh.exe
  C:\Windows\System\ZalrCYh.exe
  2⤵
  PID:3224
- C:\Windows\System\CBnJzFK.exe
  C:\Windows\System\CBnJzFK.exe
  2⤵
  PID:2492
- C:\Windows\System\PGpphMW.exe
  C:\Windows\System\PGpphMW.exe
  2⤵
  PID:3900
- C:\Windows\System\kVDgjVK.exe
  C:\Windows\System\kVDgjVK.exe
  2⤵
  PID:548
- C:\Windows\System\nKeYBwt.exe
  C:\Windows\System\nKeYBwt.exe
  2⤵
  PID:4312
- C:\Windows\System\nfFFBky.exe
  C:\Windows\System\nfFFBky.exe
  2⤵
  PID:4264
- C:\Windows\System\oqxBClZ.exe
  C:\Windows\System\oqxBClZ.exe
  2⤵
  PID:496
- C:\Windows\System\yGNOQYQ.exe
  C:\Windows\System\yGNOQYQ.exe
  2⤵
  PID:2052
- C:\Windows\System\VYFffpR.exe
  C:\Windows\System\VYFffpR.exe
  2⤵
  PID:3664
- C:\Windows\System\YHnfyNF.exe
  C:\Windows\System\YHnfyNF.exe
  2⤵
  PID:1848
- C:\Windows\System\NqLAIUe.exe
  C:\Windows\System\NqLAIUe.exe
  2⤵
  PID:872
- C:\Windows\System\rMOdiFR.exe
  C:\Windows\System\rMOdiFR.exe
  2⤵
  PID:5052
- C:\Windows\System\HcgcCfe.exe
  C:\Windows\System\HcgcCfe.exe
  2⤵
  PID:2772
- C:\Windows\System\sspNvlx.exe
  C:\Windows\System\sspNvlx.exe
  2⤵
  PID:3936
- C:\Windows\System\dnMQcQj.exe
  C:\Windows\System\dnMQcQj.exe
  2⤵
  PID:1616
- C:\Windows\System\XLfpuuO.exe
  C:\Windows\System\XLfpuuO.exe
  2⤵
  PID:2200
- C:\Windows\System\XAtidzE.exe
  C:\Windows\System\XAtidzE.exe
  2⤵
  PID:4148
- C:\Windows\System\FZnLJlr.exe
  C:\Windows\System\FZnLJlr.exe
  2⤵
  PID:1624
- C:\Windows\System\PZvhqen.exe
  C:\Windows\System\PZvhqen.exe
  2⤵
  PID:5128
- C:\Windows\System\dBQSwjG.exe
  C:\Windows\System\dBQSwjG.exe
  2⤵
  PID:5168
- C:\Windows\System\rJloPPD.exe
  C:\Windows\System\rJloPPD.exe
  2⤵
  PID:5188
- C:\Windows\System\YgRXdUm.exe
  C:\Windows\System\YgRXdUm.exe
  2⤵
  PID:5228
- C:\Windows\System\xhdZKWJ.exe
  C:\Windows\System\xhdZKWJ.exe
  2⤵
  PID:5256
- C:\Windows\System\FoaheRe.exe
  C:\Windows\System\FoaheRe.exe
  2⤵
  PID:5276
- C:\Windows\System\KGwruOw.exe
  C:\Windows\System\KGwruOw.exe
  2⤵
  PID:5312
- C:\Windows\System\ZsxOdRk.exe
  C:\Windows\System\ZsxOdRk.exe
  2⤵
  PID:5340
- C:\Windows\System\bsfJLlF.exe
  C:\Windows\System\bsfJLlF.exe
  2⤵
  PID:5368
- C:\Windows\System\vCBCwvv.exe
  C:\Windows\System\vCBCwvv.exe
  2⤵
  PID:5396
- C:\Windows\System\eQlQUoi.exe
  C:\Windows\System\eQlQUoi.exe
  2⤵
  PID:5432
- C:\Windows\System\paScQLs.exe
  C:\Windows\System\paScQLs.exe
  2⤵
  PID:5460
- C:\Windows\System\lAtYnzM.exe
  C:\Windows\System\lAtYnzM.exe
  2⤵
  PID:5488
- C:\Windows\System\aLrhmEn.exe
  C:\Windows\System\aLrhmEn.exe
  2⤵
  PID:5508
- C:\Windows\System\javDhfF.exe
  C:\Windows\System\javDhfF.exe
  2⤵
  PID:5540
- C:\Windows\System\HCHUDGB.exe
  C:\Windows\System\HCHUDGB.exe
  2⤵
  PID:5564
- C:\Windows\System\TlvTNtR.exe
  C:\Windows\System\TlvTNtR.exe
  2⤵
  PID:5600
- C:\Windows\System\lAOOGOM.exe
  C:\Windows\System\lAOOGOM.exe
  2⤵
  PID:5620
- C:\Windows\System\DwOeutj.exe
  C:\Windows\System\DwOeutj.exe
  2⤵
  PID:5656
- C:\Windows\System\BDygEQG.exe
  C:\Windows\System\BDygEQG.exe
  2⤵
  PID:5684
- C:\Windows\System\ttWjPgS.exe
  C:\Windows\System\ttWjPgS.exe
  2⤵
  PID:5712
- C:\Windows\System\RXyUIXA.exe
  C:\Windows\System\RXyUIXA.exe
  2⤵
  PID:5736
- C:\Windows\System\gJCwncm.exe
  C:\Windows\System\gJCwncm.exe
  2⤵
  PID:5768
- C:\Windows\System\wnfTfyQ.exe
  C:\Windows\System\wnfTfyQ.exe
  2⤵
  PID:5788
- C:\Windows\System\OtVlmdG.exe
  C:\Windows\System\OtVlmdG.exe
  2⤵
  PID:5820
- C:\Windows\System\fgowkCQ.exe
  C:\Windows\System\fgowkCQ.exe
  2⤵
  PID:5844
- C:\Windows\System\wAIldBb.exe
  C:\Windows\System\wAIldBb.exe
  2⤵
  PID:5880
- C:\Windows\System\tMpLwoV.exe
  C:\Windows\System\tMpLwoV.exe
  2⤵
  PID:5908
- C:\Windows\System\jFQoFoz.exe
  C:\Windows\System\jFQoFoz.exe
  2⤵
  PID:5936
- C:\Windows\System\GheFYwr.exe
  C:\Windows\System\GheFYwr.exe
  2⤵
  PID:5964
- C:\Windows\System\dMYGSVc.exe
  C:\Windows\System\dMYGSVc.exe
  2⤵
  PID:5988
- C:\Windows\System\wJOcLJb.exe
  C:\Windows\System\wJOcLJb.exe
  2⤵
  PID:6020
- C:\Windows\System\pXPBcol.exe
  C:\Windows\System\pXPBcol.exe
  2⤵
  PID:6048
- C:\Windows\System\kbfTtOx.exe
  C:\Windows\System\kbfTtOx.exe
  2⤵
  PID:6076
- C:\Windows\System\NeVAOaW.exe
  C:\Windows\System\NeVAOaW.exe
  2⤵
  PID:6104
- C:\Windows\System\fjTLKXp.exe
  C:\Windows\System\fjTLKXp.exe
  2⤵
  PID:6128
- C:\Windows\System\llznrxe.exe
  C:\Windows\System\llznrxe.exe
  2⤵
  PID:5144
- C:\Windows\System\JhpRfLD.exe
  C:\Windows\System\JhpRfLD.exe
  2⤵
  PID:5216
- C:\Windows\System\HmEgNIW.exe
  C:\Windows\System\HmEgNIW.exe
  2⤵
  PID:5272
- C:\Windows\System\TtxPBHx.exe
  C:\Windows\System\TtxPBHx.exe
  2⤵
  PID:5352
- C:\Windows\System\iowUrBe.exe
  C:\Windows\System\iowUrBe.exe
  2⤵
  PID:5440
- C:\Windows\System\AiIasWJ.exe
  C:\Windows\System\AiIasWJ.exe
  2⤵
  PID:5500
- C:\Windows\System\EEclphs.exe
  C:\Windows\System\EEclphs.exe
  2⤵
  PID:5548
- C:\Windows\System\VmKDyWO.exe
  C:\Windows\System\VmKDyWO.exe
  2⤵
  PID:5664
- C:\Windows\System\pspRqXW.exe
  C:\Windows\System\pspRqXW.exe
  2⤵
  PID:5724
- C:\Windows\System\jNKULMD.exe
  C:\Windows\System\jNKULMD.exe
  2⤵
  PID:5808
- C:\Windows\System\OAmEOSf.exe
  C:\Windows\System\OAmEOSf.exe
  2⤵
  PID:5916
- C:\Windows\System\FmiwjhA.exe
  C:\Windows\System\FmiwjhA.exe
  2⤵
  PID:5948
- C:\Windows\System\riVALDY.exe
  C:\Windows\System\riVALDY.exe
  2⤵
  PID:5980
- C:\Windows\System\pbONdRR.exe
  C:\Windows\System\pbONdRR.exe
  2⤵
  PID:6056
- C:\Windows\System\WaLDSGq.exe
  C:\Windows\System\WaLDSGq.exe
  2⤵
  PID:6120
- C:\Windows\System\rCirvTo.exe
  C:\Windows\System\rCirvTo.exe
  2⤵
  PID:5268
- C:\Windows\System\uDinpxg.exe
  C:\Windows\System\uDinpxg.exe
  2⤵
  PID:5528
- C:\Windows\System\qEcbaQZ.exe
  C:\Windows\System\qEcbaQZ.exe
  2⤵
  PID:5720
- C:\Windows\System\ngYAZgM.exe
  C:\Windows\System\ngYAZgM.exe
  2⤵
  PID:5976
- C:\Windows\System\KWVtWKE.exe
  C:\Windows\System\KWVtWKE.exe
  2⤵
  PID:2144
- C:\Windows\System\NeBOqnX.exe
  C:\Windows\System\NeBOqnX.exe
  2⤵
  PID:5576
- C:\Windows\System\MabfATA.exe
  C:\Windows\System\MabfATA.exe
  2⤵
  PID:6084
- C:\Windows\System\fQxwHEB.exe
  C:\Windows\System\fQxwHEB.exe
  2⤵
  PID:5208
- C:\Windows\System\yZOXTYt.exe
  C:\Windows\System\yZOXTYt.exe
  2⤵
  PID:6028
- C:\Windows\System\PPJavSA.exe
  C:\Windows\System\PPJavSA.exe
  2⤵
  PID:5972
- C:\Windows\System\liwvnDs.exe
  C:\Windows\System\liwvnDs.exe
  2⤵
  PID:6152
- C:\Windows\System\YrCSLFn.exe
  C:\Windows\System\YrCSLFn.exe
  2⤵
  PID:6184
- C:\Windows\System\ZGrdXcy.exe
  C:\Windows\System\ZGrdXcy.exe
  2⤵
  PID:6232
- C:\Windows\System\pTQwChT.exe
  C:\Windows\System\pTQwChT.exe
  2⤵
  PID:6276
- C:\Windows\System\fSjfYAQ.exe
  C:\Windows\System\fSjfYAQ.exe
  2⤵
  PID:6296
- C:\Windows\System\MxDZiLV.exe
  C:\Windows\System\MxDZiLV.exe
  2⤵
  PID:6324
- C:\Windows\System\McGQMad.exe
  C:\Windows\System\McGQMad.exe
  2⤵
  PID:6352
- C:\Windows\System\geaBvgZ.exe
  C:\Windows\System\geaBvgZ.exe
  2⤵
  PID:6368
- C:\Windows\System\RZICsaj.exe
  C:\Windows\System\RZICsaj.exe
  2⤵
  PID:6404
- C:\Windows\System\TNSfvcT.exe
  C:\Windows\System\TNSfvcT.exe
  2⤵
  PID:6436
- C:\Windows\System\JzAfQVF.exe
  C:\Windows\System\JzAfQVF.exe
  2⤵
  PID:6468
- C:\Windows\System\SjXBMhO.exe
  C:\Windows\System\SjXBMhO.exe
  2⤵
  PID:6492
- C:\Windows\System\VFykgZn.exe
  C:\Windows\System\VFykgZn.exe
  2⤵
  PID:6520
- C:\Windows\System\iTatNKV.exe
  C:\Windows\System\iTatNKV.exe
  2⤵
  PID:6552
- C:\Windows\System\QdELPYK.exe
  C:\Windows\System\QdELPYK.exe
  2⤵
  PID:6580
- C:\Windows\System\txzhlQm.exe
  C:\Windows\System\txzhlQm.exe
  2⤵
  PID:6616
- C:\Windows\System\TcfLuok.exe
  C:\Windows\System\TcfLuok.exe
  2⤵
  PID:6644
- C:\Windows\System\vMrxWzH.exe
  C:\Windows\System\vMrxWzH.exe
  2⤵
  PID:6676
- C:\Windows\System\XNxWtRL.exe
  C:\Windows\System\XNxWtRL.exe
  2⤵
  PID:6692
- C:\Windows\System\pHnRmzw.exe
  C:\Windows\System\pHnRmzw.exe
  2⤵
  PID:6728
- C:\Windows\System\catJnBZ.exe
  C:\Windows\System\catJnBZ.exe
  2⤵
  PID:6760
- C:\Windows\System\UNjbUtI.exe
  C:\Windows\System\UNjbUtI.exe
  2⤵
  PID:6788
- C:\Windows\System\AOxfPsX.exe
  C:\Windows\System\AOxfPsX.exe
  2⤵
  PID:6804
- C:\Windows\System\cMBYjml.exe
  C:\Windows\System\cMBYjml.exe
  2⤵
  PID:6840
- C:\Windows\System\XRmUJnQ.exe
  C:\Windows\System\XRmUJnQ.exe
  2⤵
  PID:6868
- C:\Windows\System\vHCEcXy.exe
  C:\Windows\System\vHCEcXy.exe
  2⤵
  PID:6900
- C:\Windows\System\ddPtGce.exe
  C:\Windows\System\ddPtGce.exe
  2⤵
  PID:6936
- C:\Windows\System\ihJFEZv.exe
  C:\Windows\System\ihJFEZv.exe
  2⤵
  PID:6984
- C:\Windows\System\rbzgjGz.exe
  C:\Windows\System\rbzgjGz.exe
  2⤵
  PID:7020
- C:\Windows\System\jQnBiao.exe
  C:\Windows\System\jQnBiao.exe
  2⤵
  PID:7052
- C:\Windows\System\ArWkzXm.exe
  C:\Windows\System\ArWkzXm.exe
  2⤵
  PID:7076
- C:\Windows\System\lNGmYSS.exe
  C:\Windows\System\lNGmYSS.exe
  2⤵
  PID:7096
- C:\Windows\System\RueRmre.exe
  C:\Windows\System\RueRmre.exe
  2⤵
  PID:7120
- C:\Windows\System\PXDLAsW.exe
  C:\Windows\System\PXDLAsW.exe
  2⤵
  PID:7160
- C:\Windows\System\AXlwnOb.exe
  C:\Windows\System\AXlwnOb.exe
  2⤵
  PID:6172
- C:\Windows\System\QWYQvrW.exe
  C:\Windows\System\QWYQvrW.exe
  2⤵
  PID:6288
- C:\Windows\System\UWYrEGL.exe
  C:\Windows\System\UWYrEGL.exe
  2⤵
  PID:6348
- C:\Windows\System\LDyTrFA.exe
  C:\Windows\System\LDyTrFA.exe
  2⤵
  PID:6412
- C:\Windows\System\PQbSefL.exe
  C:\Windows\System\PQbSefL.exe
  2⤵
  PID:6456
- C:\Windows\System\VAjeieh.exe
  C:\Windows\System\VAjeieh.exe
  2⤵
  PID:6540
- C:\Windows\System\IGJLNJj.exe
  C:\Windows\System\IGJLNJj.exe
  2⤵
  PID:6612
- C:\Windows\System\qYnrdSW.exe
  C:\Windows\System\qYnrdSW.exe
  2⤵
  PID:6684
- C:\Windows\System\KkKorss.exe
  C:\Windows\System\KkKorss.exe
  2⤵
  PID:6752
- C:\Windows\System\NkONlTR.exe
  C:\Windows\System\NkONlTR.exe
  2⤵
  PID:6816
- C:\Windows\System\pyXlUGt.exe
  C:\Windows\System\pyXlUGt.exe
  2⤵
  PID:6824
- C:\Windows\System\HDSmyga.exe
  C:\Windows\System\HDSmyga.exe
  2⤵
  PID:6972
- C:\Windows\System\CnFYkeJ.exe
  C:\Windows\System\CnFYkeJ.exe
  2⤵
  PID:7040
- C:\Windows\System\dkEycwb.exe
  C:\Windows\System\dkEycwb.exe
  2⤵
  PID:7104
- C:\Windows\System\JzVYxzM.exe
  C:\Windows\System\JzVYxzM.exe
  2⤵
  PID:4448
- C:\Windows\System\eeYewYR.exe
  C:\Windows\System\eeYewYR.exe
  2⤵
  PID:6316
- C:\Windows\System\pmsAzmH.exe
  C:\Windows\System\pmsAzmH.exe
  2⤵
  PID:6476
- C:\Windows\System\LuuleoQ.exe
  C:\Windows\System\LuuleoQ.exe
  2⤵
  PID:6668
- C:\Windows\System\dzVzMwn.exe
  C:\Windows\System\dzVzMwn.exe
  2⤵
  PID:6796
- C:\Windows\System\YpLyWAo.exe
  C:\Windows\System\YpLyWAo.exe
  2⤵
  PID:6964
- C:\Windows\System\JTcKvZt.exe
  C:\Windows\System\JTcKvZt.exe
  2⤵
  PID:7148
- C:\Windows\System\ekNWzJL.exe
  C:\Windows\System\ekNWzJL.exe
  2⤵
  PID:6432
- C:\Windows\System\CGhjzNE.exe
  C:\Windows\System\CGhjzNE.exe
  2⤵
  PID:6800
- C:\Windows\System\sQYcUPy.exe
  C:\Windows\System\sQYcUPy.exe
  2⤵
  PID:6392
- C:\Windows\System\ZQVIhEE.exe
  C:\Windows\System\ZQVIhEE.exe
  2⤵
  PID:6220
- C:\Windows\System\JXLnNEY.exe
  C:\Windows\System\JXLnNEY.exe
  2⤵
  PID:7184
- C:\Windows\System\AxEUQFG.exe
  C:\Windows\System\AxEUQFG.exe
  2⤵
  PID:7212
- C:\Windows\System\QjxYnmM.exe
  C:\Windows\System\QjxYnmM.exe
  2⤵
  PID:7240
- C:\Windows\System\nbLHprI.exe
  C:\Windows\System\nbLHprI.exe
  2⤵
  PID:7268
- C:\Windows\System\zmAAShJ.exe
  C:\Windows\System\zmAAShJ.exe
  2⤵
  PID:7292
- C:\Windows\System\YNLRycT.exe
  C:\Windows\System\YNLRycT.exe
  2⤵
  PID:7316
- C:\Windows\System\dnYAWeB.exe
  C:\Windows\System\dnYAWeB.exe
  2⤵
  PID:7348
- C:\Windows\System\CyxOBPa.exe
  C:\Windows\System\CyxOBPa.exe
  2⤵
  PID:7388
- C:\Windows\System\fxGZInd.exe
  C:\Windows\System\fxGZInd.exe
  2⤵
  PID:7420
- C:\Windows\System\tAQqJbX.exe
  C:\Windows\System\tAQqJbX.exe
  2⤵
  PID:7448
- C:\Windows\System\nIYOYIQ.exe
  C:\Windows\System\nIYOYIQ.exe
  2⤵
  PID:7468
- C:\Windows\System\EeMrdMu.exe
  C:\Windows\System\EeMrdMu.exe
  2⤵
  PID:7504
- C:\Windows\System\FDOmLHl.exe
  C:\Windows\System\FDOmLHl.exe
  2⤵
  PID:7532
- C:\Windows\System\aOVLadu.exe
  C:\Windows\System\aOVLadu.exe
  2⤵
  PID:7552
- C:\Windows\System\ouJpzuc.exe
  C:\Windows\System\ouJpzuc.exe
  2⤵
  PID:7592
- C:\Windows\System\LyHtuef.exe
  C:\Windows\System\LyHtuef.exe
  2⤵
  PID:7616
- C:\Windows\System\MEULfZo.exe
  C:\Windows\System\MEULfZo.exe
  2⤵
  PID:7648
- C:\Windows\System\qarNZqG.exe
  C:\Windows\System\qarNZqG.exe
  2⤵
  PID:7676
- C:\Windows\System\QlZXztZ.exe
  C:\Windows\System\QlZXztZ.exe
  2⤵
  PID:7700
- C:\Windows\System\PVbTPPf.exe
  C:\Windows\System\PVbTPPf.exe
  2⤵
  PID:7728
- C:\Windows\System\ctsznWW.exe
  C:\Windows\System\ctsznWW.exe
  2⤵
  PID:7756
- C:\Windows\System\KoBpSOa.exe
  C:\Windows\System\KoBpSOa.exe
  2⤵
  PID:7776
- C:\Windows\System\zvbwRmU.exe
  C:\Windows\System\zvbwRmU.exe
  2⤵
  PID:7812
- C:\Windows\System\fSqzSZi.exe
  C:\Windows\System\fSqzSZi.exe
  2⤵
  PID:7840
- C:\Windows\System\KmRgUlu.exe
  C:\Windows\System\KmRgUlu.exe
  2⤵
  PID:7868
- C:\Windows\System\WokCRUg.exe
  C:\Windows\System\WokCRUg.exe
  2⤵
  PID:7896
- C:\Windows\System\aqiMjSW.exe
  C:\Windows\System\aqiMjSW.exe
  2⤵
  PID:7924
- C:\Windows\System\fTBAnsj.exe
  C:\Windows\System\fTBAnsj.exe
  2⤵
  PID:7952
- C:\Windows\System\QnIonqQ.exe
  C:\Windows\System\QnIonqQ.exe
  2⤵
  PID:7980
- C:\Windows\System\XzZFOtB.exe
  C:\Windows\System\XzZFOtB.exe
  2⤵
  PID:8008
- C:\Windows\System\uyyLdKl.exe
  C:\Windows\System\uyyLdKl.exe
  2⤵
  PID:8036
- C:\Windows\System\XrFEyzA.exe
  C:\Windows\System\XrFEyzA.exe
  2⤵
  PID:8064
- C:\Windows\System\ljiawwe.exe
  C:\Windows\System\ljiawwe.exe
  2⤵
  PID:8092
- C:\Windows\System\fuyiDRI.exe
  C:\Windows\System\fuyiDRI.exe
  2⤵
  PID:8108
- C:\Windows\System\LDAlSBq.exe
  C:\Windows\System\LDAlSBq.exe
  2⤵
  PID:8148
- C:\Windows\System\yvcPouW.exe
  C:\Windows\System\yvcPouW.exe
  2⤵
  PID:8176
- C:\Windows\System\DkukfSB.exe
  C:\Windows\System\DkukfSB.exe
  2⤵
  PID:7204
- C:\Windows\System\VSFyULl.exe
  C:\Windows\System\VSFyULl.exe
  2⤵
  PID:7260
- C:\Windows\System\Qvsusvv.exe
  C:\Windows\System\Qvsusvv.exe
  2⤵
  PID:7332
- C:\Windows\System\HRjkGUT.exe
  C:\Windows\System\HRjkGUT.exe
  2⤵
  PID:7412
- C:\Windows\System\EfPEEhW.exe
  C:\Windows\System\EfPEEhW.exe
  2⤵
  PID:7464
- C:\Windows\System\QfURsxc.exe
  C:\Windows\System\QfURsxc.exe
  2⤵
  PID:7528
- C:\Windows\System\DsyCHAQ.exe
  C:\Windows\System\DsyCHAQ.exe
  2⤵
  PID:7568
- C:\Windows\System\mSXGzOI.exe
  C:\Windows\System\mSXGzOI.exe
  2⤵
  PID:7656
- C:\Windows\System\LWWAssq.exe
  C:\Windows\System\LWWAssq.exe
  2⤵
  PID:7724
- C:\Windows\System\IifEfBY.exe
  C:\Windows\System\IifEfBY.exe
  2⤵
  PID:7784
- C:\Windows\System\JvygDXV.exe
  C:\Windows\System\JvygDXV.exe
  2⤵
  PID:7832
- C:\Windows\System\LmyNteF.exe
  C:\Windows\System\LmyNteF.exe
  2⤵
  PID:7892
- C:\Windows\System\nkAwJEj.exe
  C:\Windows\System\nkAwJEj.exe
  2⤵
  PID:7992
- C:\Windows\System\yqCPiJH.exe
  C:\Windows\System\yqCPiJH.exe
  2⤵
  PID:8056
- C:\Windows\System\EITHbHA.exe
  C:\Windows\System\EITHbHA.exe
  2⤵
  PID:8104
- C:\Windows\System\KWEsHJv.exe
  C:\Windows\System\KWEsHJv.exe
  2⤵
  PID:8188
- C:\Windows\System\yAGzWXo.exe
  C:\Windows\System\yAGzWXo.exe
  2⤵
  PID:7312
- C:\Windows\System\JFiBSoi.exe
  C:\Windows\System\JFiBSoi.exe
  2⤵
  PID:6956
- C:\Windows\System\GmubIUw.exe
  C:\Windows\System\GmubIUw.exe
  2⤵
  PID:7640
- C:\Windows\System\SZgYuhu.exe
  C:\Windows\System\SZgYuhu.exe
  2⤵
  PID:7860
- C:\Windows\System\GbzsTVQ.exe
  C:\Windows\System\GbzsTVQ.exe
  2⤵
  PID:7944
- C:\Windows\System\dstsBys.exe
  C:\Windows\System\dstsBys.exe
  2⤵
  PID:8048
- C:\Windows\System\PUahmsi.exe
  C:\Windows\System\PUahmsi.exe
  2⤵
  PID:7224
- C:\Windows\System\gUCgsmx.exe
  C:\Windows\System\gUCgsmx.exe
  2⤵
  PID:7764
- C:\Windows\System\vMGAZru.exe
  C:\Windows\System\vMGAZru.exe
  2⤵
  PID:7964
- C:\Windows\System\xvBUnkv.exe
  C:\Windows\System\xvBUnkv.exe
  2⤵
  PID:7384
- C:\Windows\System\weJpcMW.exe
  C:\Windows\System\weJpcMW.exe
  2⤵
  PID:8212
- C:\Windows\System\WxdOwoN.exe
  C:\Windows\System\WxdOwoN.exe
  2⤵
  PID:8244
- C:\Windows\System\sFeOeNS.exe
  C:\Windows\System\sFeOeNS.exe
  2⤵
  PID:8272
- C:\Windows\System\wmurttL.exe
  C:\Windows\System\wmurttL.exe
  2⤵
  PID:8300
- C:\Windows\System\TaDxXxM.exe
  C:\Windows\System\TaDxXxM.exe
  2⤵
  PID:8316
- C:\Windows\System\nBFaoAB.exe
  C:\Windows\System\nBFaoAB.exe
  2⤵
  PID:8356
- C:\Windows\System\lRBmFhb.exe
  C:\Windows\System\lRBmFhb.exe
  2⤵
  PID:8372
- C:\Windows\System\JGxrGKG.exe
  C:\Windows\System\JGxrGKG.exe
  2⤵
  PID:8412
- C:\Windows\System\ywecPrB.exe
  C:\Windows\System\ywecPrB.exe
  2⤵
  PID:8444
- C:\Windows\System\txKwmUe.exe
  C:\Windows\System\txKwmUe.exe
  2⤵
  PID:8472
- C:\Windows\System\sJFUfBK.exe
  C:\Windows\System\sJFUfBK.exe
  2⤵
  PID:8500
- C:\Windows\System\vfVjdqa.exe
  C:\Windows\System\vfVjdqa.exe
  2⤵
  PID:8528
- C:\Windows\System\kOovCSr.exe
  C:\Windows\System\kOovCSr.exe
  2⤵
  PID:8556
- C:\Windows\System\PwHRwtO.exe
  C:\Windows\System\PwHRwtO.exe
  2⤵
  PID:8584
- C:\Windows\System\gLEaXbJ.exe
  C:\Windows\System\gLEaXbJ.exe
  2⤵
  PID:8612
- C:\Windows\System\BhVVDtx.exe
  C:\Windows\System\BhVVDtx.exe
  2⤵
  PID:8640
- C:\Windows\System\EEFVcqs.exe
  C:\Windows\System\EEFVcqs.exe
  2⤵
  PID:8672
- C:\Windows\System\vEwWcFC.exe
  C:\Windows\System\vEwWcFC.exe
  2⤵
  PID:8696
- C:\Windows\System\ydporHe.exe
  C:\Windows\System\ydporHe.exe
  2⤵
  PID:8724
- C:\Windows\System\XzRbDGP.exe
  C:\Windows\System\XzRbDGP.exe
  2⤵
  PID:8752
- C:\Windows\System\LGvsEaZ.exe
  C:\Windows\System\LGvsEaZ.exe
  2⤵
  PID:8780
- C:\Windows\System\ZKiquFi.exe
  C:\Windows\System\ZKiquFi.exe
  2⤵
  PID:8808
- C:\Windows\System\cFbMVlu.exe
  C:\Windows\System\cFbMVlu.exe
  2⤵
  PID:8824
- C:\Windows\System\yLhXZhM.exe
  C:\Windows\System\yLhXZhM.exe
  2⤵
  PID:8860
- C:\Windows\System\njjGdEf.exe
  C:\Windows\System\njjGdEf.exe
  2⤵
  PID:8892
- C:\Windows\System\qzClTee.exe
  C:\Windows\System\qzClTee.exe
  2⤵
  PID:8920
- C:\Windows\System\ruGOnpa.exe
  C:\Windows\System\ruGOnpa.exe
  2⤵
  PID:8944
- C:\Windows\System\PTVqRVT.exe
  C:\Windows\System\PTVqRVT.exe
  2⤵
  PID:8976
- C:\Windows\System\iuoVIRZ.exe
  C:\Windows\System\iuoVIRZ.exe
  2⤵
  PID:9004
- C:\Windows\System\ttKXleq.exe
  C:\Windows\System\ttKXleq.exe
  2⤵
  PID:9032
- C:\Windows\System\ywtJfyE.exe
  C:\Windows\System\ywtJfyE.exe
  2⤵
  PID:9060
- C:\Windows\System\YHyVuRK.exe
  C:\Windows\System\YHyVuRK.exe
  2⤵
  PID:9092
- C:\Windows\System\AzbMFXX.exe
  C:\Windows\System\AzbMFXX.exe
  2⤵
  PID:9120
- C:\Windows\System\bnRmlzD.exe
  C:\Windows\System\bnRmlzD.exe
  2⤵
  PID:9144
- C:\Windows\System\EWnqCXs.exe
  C:\Windows\System\EWnqCXs.exe
  2⤵
  PID:9172
- C:\Windows\System\PbKaOXI.exe
  C:\Windows\System\PbKaOXI.exe
  2⤵
  PID:9200
- C:\Windows\System\ptPKqgg.exe
  C:\Windows\System\ptPKqgg.exe
  2⤵
  PID:8204
- C:\Windows\System\dtbIKHN.exe
  C:\Windows\System\dtbIKHN.exe
  2⤵
  PID:8264
- C:\Windows\System\oeVTVSm.exe
  C:\Windows\System\oeVTVSm.exe
  2⤵
  PID:8328
- C:\Windows\System\bpiyZAA.exe
  C:\Windows\System\bpiyZAA.exe
  2⤵
  PID:8384
- C:\Windows\System\hBgIKNX.exe
  C:\Windows\System\hBgIKNX.exe
  2⤵
  PID:8456
- C:\Windows\System\zmDfVTH.exe
  C:\Windows\System\zmDfVTH.exe
  2⤵
  PID:8524
- C:\Windows\System\XmeqGus.exe
  C:\Windows\System\XmeqGus.exe
  2⤵
  PID:8596
- C:\Windows\System\bYuFyvs.exe
  C:\Windows\System\bYuFyvs.exe
  2⤵
  PID:8664
- C:\Windows\System\ITVlSNX.exe
  C:\Windows\System\ITVlSNX.exe
  2⤵
  PID:8736
- C:\Windows\System\NFHgDMv.exe
  C:\Windows\System\NFHgDMv.exe
  2⤵
  PID:8836
- C:\Windows\System\uQIHpLr.exe
  C:\Windows\System\uQIHpLr.exe
  2⤵
  PID:8936
- C:\Windows\System\KSseINd.exe
  C:\Windows\System\KSseINd.exe
  2⤵
  PID:9024
- C:\Windows\System\HMKHrjW.exe
  C:\Windows\System\HMKHrjW.exe
  2⤵
  PID:9080
- C:\Windows\System\eLMvrtG.exe
  C:\Windows\System\eLMvrtG.exe
  2⤵
  PID:9164
- C:\Windows\System\dGMuWFQ.exe
  C:\Windows\System\dGMuWFQ.exe
  2⤵
  PID:7828
- C:\Windows\System\fpjKdjE.exe
  C:\Windows\System\fpjKdjE.exe
  2⤵
  PID:8404
- C:\Windows\System\OxKpgMO.exe
  C:\Windows\System\OxKpgMO.exe
  2⤵
  PID:8632
- C:\Windows\System\vBLqAPv.exe
  C:\Windows\System\vBLqAPv.exe
  2⤵
  PID:8708
- C:\Windows\System\pPPhPLD.exe
  C:\Windows\System\pPPhPLD.exe
  2⤵
  PID:8968
- C:\Windows\System\aCCxXtt.exe
  C:\Windows\System\aCCxXtt.exe
  2⤵
  PID:8256
- C:\Windows\System\CzNCpkz.exe
  C:\Windows\System\CzNCpkz.exe
  2⤵
  PID:8568
- C:\Windows\System\OYnfFUe.exe
  C:\Windows\System\OYnfFUe.exe
  2⤵
  PID:8996
- C:\Windows\System\xZqxFJW.exe
  C:\Windows\System\xZqxFJW.exe
  2⤵
  PID:9248
- C:\Windows\System\FSCGzfI.exe
  C:\Windows\System\FSCGzfI.exe
  2⤵
  PID:9284
- C:\Windows\System\wdoQBNl.exe
  C:\Windows\System\wdoQBNl.exe
  2⤵
  PID:9320
- C:\Windows\System\KDtQaWf.exe
  C:\Windows\System\KDtQaWf.exe
  2⤵
  PID:9348
- C:\Windows\System\SjHnmHu.exe
  C:\Windows\System\SjHnmHu.exe
  2⤵
  PID:9376
- C:\Windows\System\BfnZsYG.exe
  C:\Windows\System\BfnZsYG.exe
  2⤵
  PID:9408
- C:\Windows\System\BlmlbdN.exe
  C:\Windows\System\BlmlbdN.exe
  2⤵
  PID:9436
- C:\Windows\System\pxfRTwa.exe
  C:\Windows\System\pxfRTwa.exe
  2⤵
  PID:9464
- C:\Windows\System\bglbMRM.exe
  C:\Windows\System\bglbMRM.exe
  2⤵
  PID:9492
- C:\Windows\System\cnolwJb.exe
  C:\Windows\System\cnolwJb.exe
  2⤵
  PID:9524
- C:\Windows\System\knwBrOJ.exe
  C:\Windows\System\knwBrOJ.exe
  2⤵
  PID:9540
- C:\Windows\System\PRwquZl.exe
  C:\Windows\System\PRwquZl.exe
  2⤵
  PID:9556
- C:\Windows\System\MnitDWV.exe
  C:\Windows\System\MnitDWV.exe
  2⤵
  PID:9572
- C:\Windows\System\ITaOZSC.exe
  C:\Windows\System\ITaOZSC.exe
  2⤵
  PID:9604
- C:\Windows\System\TyGuuyI.exe
  C:\Windows\System\TyGuuyI.exe
  2⤵
  PID:9628
- C:\Windows\System\OraqLmr.exe
  C:\Windows\System\OraqLmr.exe
  2⤵
  PID:9656
- C:\Windows\System\paISQFx.exe
  C:\Windows\System\paISQFx.exe
  2⤵
  PID:9704
- C:\Windows\System\hXbqJMb.exe
  C:\Windows\System\hXbqJMb.exe
  2⤵
  PID:9744
- C:\Windows\System\uDOhTNL.exe
  C:\Windows\System\uDOhTNL.exe
  2⤵
  PID:9772
- C:\Windows\System\iYywARZ.exe
  C:\Windows\System\iYywARZ.exe
  2⤵
  PID:9812
- C:\Windows\System\MpdPeBO.exe
  C:\Windows\System\MpdPeBO.exe
  2⤵
  PID:9852
- C:\Windows\System\yETbNak.exe
  C:\Windows\System\yETbNak.exe
  2⤵
  PID:9880
- C:\Windows\System\IPavyyD.exe
  C:\Windows\System\IPavyyD.exe
  2⤵
  PID:9912
- C:\Windows\System\chXEOJt.exe
  C:\Windows\System\chXEOJt.exe
  2⤵
  PID:9940
- C:\Windows\System\UMuWNNW.exe
  C:\Windows\System\UMuWNNW.exe
  2⤵
  PID:9968
- C:\Windows\System\keYIsCX.exe
  C:\Windows\System\keYIsCX.exe
  2⤵
  PID:9996
- C:\Windows\System\IaEOJDC.exe
  C:\Windows\System\IaEOJDC.exe
  2⤵
  PID:10024
- C:\Windows\System\rUiPlrb.exe
  C:\Windows\System\rUiPlrb.exe
  2⤵
  PID:10052
- C:\Windows\System\mbJVKli.exe
  C:\Windows\System\mbJVKli.exe
  2⤵
  PID:10080
- C:\Windows\System\cBFSoMf.exe
  C:\Windows\System\cBFSoMf.exe
  2⤵
  PID:10108
- C:\Windows\System\rZMWElE.exe
  C:\Windows\System\rZMWElE.exe
  2⤵
  PID:10136
- C:\Windows\System\OfUHIwi.exe
  C:\Windows\System\OfUHIwi.exe
  2⤵
  PID:10164
- C:\Windows\System\YDJCtEy.exe
  C:\Windows\System\YDJCtEy.exe
  2⤵
  PID:10192
- C:\Windows\System\BgGAeSn.exe
  C:\Windows\System\BgGAeSn.exe
  2⤵
  PID:10208
- C:\Windows\System\oRtiugo.exe
  C:\Windows\System\oRtiugo.exe
  2⤵
  PID:8776
- C:\Windows\System\vwjoAkj.exe
  C:\Windows\System\vwjoAkj.exe
  2⤵
  PID:9232
- C:\Windows\System\GNceWIs.exe
  C:\Windows\System\GNceWIs.exe
  2⤵
  PID:9332
- C:\Windows\System\zbuWvNc.exe
  C:\Windows\System\zbuWvNc.exe
  2⤵
  PID:9384
- C:\Windows\System\Soxmyjf.exe
  C:\Windows\System\Soxmyjf.exe
  2⤵
  PID:9428
- C:\Windows\System\pvBxTca.exe
  C:\Windows\System\pvBxTca.exe
  2⤵
  PID:9480
- C:\Windows\System\HexsVYV.exe
  C:\Windows\System\HexsVYV.exe
  2⤵
  PID:9616
- C:\Windows\System\nFrMRYP.exe
  C:\Windows\System\nFrMRYP.exe
  2⤵
  PID:9636
- C:\Windows\System\siiXmtT.exe
  C:\Windows\System\siiXmtT.exe
  2⤵
  PID:9668
- C:\Windows\System\rPqoyDy.exe
  C:\Windows\System\rPqoyDy.exe
  2⤵
  PID:9792
- C:\Windows\System\KzThzoC.exe
  C:\Windows\System\KzThzoC.exe
  2⤵
  PID:9872
- C:\Windows\System\OHSTpus.exe
  C:\Windows\System\OHSTpus.exe
  2⤵
  PID:9932
- C:\Windows\System\xEyzSKh.exe
  C:\Windows\System\xEyzSKh.exe
  2⤵
  PID:10016
- C:\Windows\System\glebcjl.exe
  C:\Windows\System\glebcjl.exe
  2⤵
  PID:10072
- C:\Windows\System\SxtHeKx.exe
  C:\Windows\System\SxtHeKx.exe
  2⤵
  PID:10132
- C:\Windows\System\LDEbqsu.exe
  C:\Windows\System\LDEbqsu.exe
  2⤵
  PID:10204
- C:\Windows\System\zOeRmaE.exe
  C:\Windows\System\zOeRmaE.exe
  2⤵
  PID:8424
- C:\Windows\System\wOZxUul.exe
  C:\Windows\System\wOZxUul.exe
  2⤵
  PID:9304
- C:\Windows\System\zUAGWeM.exe
  C:\Windows\System\zUAGWeM.exe
  2⤵
  PID:9564
- C:\Windows\System\dcIoZGD.exe
  C:\Windows\System\dcIoZGD.exe
  2⤵
  PID:9684
- C:\Windows\System\htfdFnG.exe
  C:\Windows\System\htfdFnG.exe
  2⤵
  PID:9836
- C:\Windows\System\qcRhZhM.exe
  C:\Windows\System\qcRhZhM.exe
  2⤵
  PID:10036
- C:\Windows\System\aqIlQUM.exe
  C:\Windows\System\aqIlQUM.exe
  2⤵
  PID:10180
- C:\Windows\System\MQQUzov.exe
  C:\Windows\System\MQQUzov.exe
  2⤵
  PID:9452
- C:\Windows\System\aNoXhWF.exe
  C:\Windows\System\aNoXhWF.exe
  2⤵
  PID:9800
- C:\Windows\System\HyHOGES.exe
  C:\Windows\System\HyHOGES.exe
  2⤵
  PID:10188
- C:\Windows\System\GVKGcEV.exe
  C:\Windows\System\GVKGcEV.exe
  2⤵
  PID:3916
- C:\Windows\System\BOdOEfs.exe
  C:\Windows\System\BOdOEfs.exe
  2⤵
  PID:9344
- C:\Windows\System\FxRbgbk.exe
  C:\Windows\System\FxRbgbk.exe
  2⤵
  PID:10272
- C:\Windows\System\byBTcFG.exe
  C:\Windows\System\byBTcFG.exe
  2⤵
  PID:10300
- C:\Windows\System\UNoAOky.exe
  C:\Windows\System\UNoAOky.exe
  2⤵
  PID:10328
- C:\Windows\System\UprXYbu.exe
  C:\Windows\System\UprXYbu.exe
  2⤵
  PID:10344
- C:\Windows\System\mCssBHh.exe
  C:\Windows\System\mCssBHh.exe
  2⤵
  PID:10360
- C:\Windows\System\PCwKjhz.exe
  C:\Windows\System\PCwKjhz.exe
  2⤵
  PID:10400
- C:\Windows\System\aBqOfDr.exe
  C:\Windows\System\aBqOfDr.exe
  2⤵
  PID:10416
- C:\Windows\System\LGRaLsG.exe
  C:\Windows\System\LGRaLsG.exe
  2⤵
  PID:10444
- C:\Windows\System\UFALWVO.exe
  C:\Windows\System\UFALWVO.exe
  2⤵
  PID:10468
- C:\Windows\System\VITzBOg.exe
  C:\Windows\System\VITzBOg.exe
  2⤵
  PID:10496
- C:\Windows\System\tZWqZoU.exe
  C:\Windows\System\tZWqZoU.exe
  2⤵
  PID:10528
- C:\Windows\System\PxTMZUF.exe
  C:\Windows\System\PxTMZUF.exe
  2⤵
  PID:10560
- C:\Windows\System\esgabXS.exe
  C:\Windows\System\esgabXS.exe
  2⤵
  PID:10588
- C:\Windows\System\bKvVZhU.exe
  C:\Windows\System\bKvVZhU.exe
  2⤵
  PID:10624
- C:\Windows\System\RkBLJMk.exe
  C:\Windows\System\RkBLJMk.exe
  2⤵
  PID:10652
- C:\Windows\System\kStBnnO.exe
  C:\Windows\System\kStBnnO.exe
  2⤵
  PID:10684
- C:\Windows\System\vWFquFK.exe
  C:\Windows\System\vWFquFK.exe
  2⤵
  PID:10720
- C:\Windows\System\ElkIDdB.exe
  C:\Windows\System\ElkIDdB.exe
  2⤵
  PID:10748
- C:\Windows\System\efEKvtL.exe
  C:\Windows\System\efEKvtL.exe
  2⤵
  PID:10764
- C:\Windows\System\GVVrEpG.exe
  C:\Windows\System\GVVrEpG.exe
  2⤵
  PID:10780
- C:\Windows\System\VzGmVFI.exe
  C:\Windows\System\VzGmVFI.exe
  2⤵
  PID:10812
- C:\Windows\System\EFpSigS.exe
  C:\Windows\System\EFpSigS.exe
  2⤵
  PID:10836
- C:\Windows\System\KPxopns.exe
  C:\Windows\System\KPxopns.exe
  2⤵
  PID:10876
- C:\Windows\System\cSAtNYR.exe
  C:\Windows\System\cSAtNYR.exe
  2⤵
  PID:10912
- C:\Windows\System\QXzfqVY.exe
  C:\Windows\System\QXzfqVY.exe
  2⤵
  PID:10944
- C:\Windows\System\DpWSnud.exe
  C:\Windows\System\DpWSnud.exe
  2⤵
  PID:10964
- C:\Windows\System\xUprcKx.exe
  C:\Windows\System\xUprcKx.exe
  2⤵
  PID:11000
- C:\Windows\System\kqfvScu.exe
  C:\Windows\System\kqfvScu.exe
  2⤵
  PID:11016
- C:\Windows\System\vSjEdGM.exe
  C:\Windows\System\vSjEdGM.exe
  2⤵
  PID:11036
- C:\Windows\System\trXWykE.exe
  C:\Windows\System\trXWykE.exe
  2⤵
  PID:11072
- C:\Windows\System\pNOTSHo.exe
  C:\Windows\System\pNOTSHo.exe
  2⤵
  PID:11112
- C:\Windows\System\gPnhPhT.exe
  C:\Windows\System\gPnhPhT.exe
  2⤵
  PID:11140
- C:\Windows\System\hHiYzWk.exe
  C:\Windows\System\hHiYzWk.exe
  2⤵
  PID:11168
- C:\Windows\System\QTFthbn.exe
  C:\Windows\System\QTFthbn.exe
  2⤵
  PID:11196
- C:\Windows\System\JdABQzL.exe
  C:\Windows\System\JdABQzL.exe
  2⤵
  PID:11224
- C:\Windows\System\KpjYlKT.exe
  C:\Windows\System\KpjYlKT.exe
  2⤵
  PID:11240
- C:\Windows\System\jPEcbxE.exe
  C:\Windows\System\jPEcbxE.exe
  2⤵
  PID:10244
- C:\Windows\System\MhFHiBD.exe
  C:\Windows\System\MhFHiBD.exe
  2⤵
  PID:10296
- C:\Windows\System\LtrXJHd.exe
  C:\Windows\System\LtrXJHd.exe
  2⤵
  PID:10356
- C:\Windows\System\sZAzyyy.exe
  C:\Windows\System\sZAzyyy.exe
  2⤵
  PID:10428
- C:\Windows\System\QiTTQnW.exe
  C:\Windows\System\QiTTQnW.exe
  2⤵
  PID:4828
- C:\Windows\System\EKvshuW.exe
  C:\Windows\System\EKvshuW.exe
  2⤵
  PID:10600
- C:\Windows\System\JTrVKZF.exe
  C:\Windows\System\JTrVKZF.exe
  2⤵
  PID:10612
- C:\Windows\System\usIkbYU.exe
  C:\Windows\System\usIkbYU.exe
  2⤵
  PID:10712
- C:\Windows\System\FmbbljH.exe
  C:\Windows\System\FmbbljH.exe
  2⤵
  PID:10740
- C:\Windows\System\YfVxgHe.exe
  C:\Windows\System\YfVxgHe.exe
  2⤵
  PID:10792
- C:\Windows\System\KATIFGc.exe
  C:\Windows\System\KATIFGc.exe
  2⤵
  PID:10832
- C:\Windows\System\bplDGlt.exe
  C:\Windows\System\bplDGlt.exe
  2⤵
  PID:10940
- C:\Windows\System\lAYwDfe.exe
  C:\Windows\System\lAYwDfe.exe
  2⤵
  PID:11012
- C:\Windows\System\bwnDSBL.exe
  C:\Windows\System\bwnDSBL.exe
  2⤵
  PID:11104
- C:\Windows\System\AhCOLmU.exe
  C:\Windows\System\AhCOLmU.exe
  2⤵
  PID:11160
- C:\Windows\System\ynrfjBX.exe
  C:\Windows\System\ynrfjBX.exe
  2⤵
  PID:11216
- C:\Windows\System\MAWcIhF.exe
  C:\Windows\System\MAWcIhF.exe
  2⤵
  PID:10292
- C:\Windows\System\qHTrSrR.exe
  C:\Windows\System\qHTrSrR.exe
  2⤵
  PID:10320
- C:\Windows\System\OgXprEb.exe
  C:\Windows\System\OgXprEb.exe
  2⤵
  PID:10508
- C:\Windows\System\OVOmqFq.exe
  C:\Windows\System\OVOmqFq.exe
  2⤵
  PID:10544
- C:\Windows\System\SUUAkNQ.exe
  C:\Windows\System\SUUAkNQ.exe
  2⤵
  PID:10620
- C:\Windows\System\zotfOOC.exe
  C:\Windows\System\zotfOOC.exe
  2⤵
  PID:10760
- C:\Windows\System\risTpLq.exe
  C:\Windows\System\risTpLq.exe
  2⤵
  PID:10908
- C:\Windows\System\gkRwpQl.exe
  C:\Windows\System\gkRwpQl.exe
  2⤵
  PID:11060
- C:\Windows\System\vggEZOB.exe
  C:\Windows\System\vggEZOB.exe
  2⤵
  PID:11232
- C:\Windows\System\iMMcyRY.exe
  C:\Windows\System\iMMcyRY.exe
  2⤵
  PID:10408
- C:\Windows\System\EiwYUuV.exe
  C:\Windows\System\EiwYUuV.exe
  2⤵
  PID:10972
- C:\Windows\System\NBGToDA.exe
  C:\Windows\System\NBGToDA.exe
  2⤵
  PID:10824
- C:\Windows\System\wkNGNNT.exe
  C:\Windows\System\wkNGNNT.exe
  2⤵
  PID:11308
- C:\Windows\System\JOpXajn.exe
  C:\Windows\System\JOpXajn.exe
  2⤵
  PID:11344
- C:\Windows\System\KikBLyh.exe
  C:\Windows\System\KikBLyh.exe
  2⤵
  PID:11376
- C:\Windows\System\nlZmZaO.exe
  C:\Windows\System\nlZmZaO.exe
  2⤵
  PID:11404
- C:\Windows\System\SFSPXGV.exe
  C:\Windows\System\SFSPXGV.exe
  2⤵
  PID:11432
- C:\Windows\System\orcClsy.exe
  C:\Windows\System\orcClsy.exe
  2⤵
  PID:11460
- C:\Windows\System\ATzcMwo.exe
  C:\Windows\System\ATzcMwo.exe
  2⤵
  PID:11488
- C:\Windows\System\WEpDnSv.exe
  C:\Windows\System\WEpDnSv.exe
  2⤵
  PID:11516
- C:\Windows\System\MKSXgke.exe
  C:\Windows\System\MKSXgke.exe
  2⤵
  PID:11544
- C:\Windows\System\TvOmvQG.exe
  C:\Windows\System\TvOmvQG.exe
  2⤵
  PID:11572
- C:\Windows\System\jayvGPf.exe
  C:\Windows\System\jayvGPf.exe
  2⤵
  PID:11600
- C:\Windows\System\etjFneC.exe
  C:\Windows\System\etjFneC.exe
  2⤵
  PID:11616
- C:\Windows\System\OYqXulA.exe
  C:\Windows\System\OYqXulA.exe
  2⤵
  PID:11656
- C:\Windows\System\LJrFVYd.exe
  C:\Windows\System\LJrFVYd.exe
  2⤵
  PID:11672
- C:\Windows\System\QnmuKfg.exe
  C:\Windows\System\QnmuKfg.exe
  2⤵
  PID:11708
- C:\Windows\System\GhXzZQg.exe
  C:\Windows\System\GhXzZQg.exe
  2⤵
  PID:11740
- C:\Windows\System\KCCxYDe.exe
  C:\Windows\System\KCCxYDe.exe
  2⤵
  PID:11768
- C:\Windows\System\UJgyAhb.exe
  C:\Windows\System\UJgyAhb.exe
  2⤵
  PID:11784
- C:\Windows\System\GmJLHwU.exe
  C:\Windows\System\GmJLHwU.exe
  2⤵
  PID:11800
- C:\Windows\System\yLQzshx.exe
  C:\Windows\System\yLQzshx.exe
  2⤵
  PID:11836
- C:\Windows\System\vTmgVKq.exe
  C:\Windows\System\vTmgVKq.exe
  2⤵
  PID:11880
- C:\Windows\System\GbVlZiW.exe
  C:\Windows\System\GbVlZiW.exe
  2⤵
  PID:11908
- C:\Windows\System\NUbhwDz.exe
  C:\Windows\System\NUbhwDz.exe
  2⤵
  PID:11936
- C:\Windows\System\kbTraDK.exe
  C:\Windows\System\kbTraDK.exe
  2⤵
  PID:11964
- C:\Windows\System\IsUKEPY.exe
  C:\Windows\System\IsUKEPY.exe
  2⤵
  PID:11992
- C:\Windows\System\LcaUEYC.exe
  C:\Windows\System\LcaUEYC.exe
  2⤵
  PID:12020
- C:\Windows\System\KdLStam.exe
  C:\Windows\System\KdLStam.exe
  2⤵
  PID:12048
- C:\Windows\System\cXnIduY.exe
  C:\Windows\System\cXnIduY.exe
  2⤵
  PID:12076
- C:\Windows\System\PMpVhCm.exe
  C:\Windows\System\PMpVhCm.exe
  2⤵
  PID:12104
- C:\Windows\System\esgkNID.exe
  C:\Windows\System\esgkNID.exe
  2⤵
  PID:12120
- C:\Windows\System\OaxtPNd.exe
  C:\Windows\System\OaxtPNd.exe
  2⤵
  PID:12136
- C:\Windows\System\lEvDZPD.exe
  C:\Windows\System\lEvDZPD.exe
  2⤵
  PID:12172
- C:\Windows\System\YXpIJtb.exe
  C:\Windows\System\YXpIJtb.exe
  2⤵
  PID:12204
- C:\Windows\System\LVszZLY.exe
  C:\Windows\System\LVszZLY.exe
  2⤵
  PID:12232
- C:\Windows\System\NwQdENI.exe
  C:\Windows\System\NwQdENI.exe
  2⤵
  PID:12260
- C:\Windows\System\aAFKNox.exe
  C:\Windows\System\aAFKNox.exe
  2⤵
  PID:10848
- C:\Windows\System\oYmabyg.exe
  C:\Windows\System\oYmabyg.exe
  2⤵
  PID:11320
- C:\Windows\System\JyfMNBF.exe
  C:\Windows\System\JyfMNBF.exe
  2⤵
  PID:11388
- C:\Windows\System\mrLXgnf.exe
  C:\Windows\System\mrLXgnf.exe
  2⤵
  PID:11428
- C:\Windows\System\CjtQGVl.exe
  C:\Windows\System\CjtQGVl.exe
  2⤵
  PID:11500
- C:\Windows\System\lyqehiz.exe
  C:\Windows\System\lyqehiz.exe
  2⤵
  PID:11536
- C:\Windows\System\ZcnjPlb.exe
  C:\Windows\System\ZcnjPlb.exe
  2⤵
  PID:11592
- C:\Windows\System\PVuvVlP.exe
  C:\Windows\System\PVuvVlP.exe
  2⤵
  PID:11668
- C:\Windows\System\dkCPeMg.exe
  C:\Windows\System\dkCPeMg.exe
  2⤵
  PID:11760
- C:\Windows\System\olSYcyj.exe
  C:\Windows\System\olSYcyj.exe
  2⤵
  PID:11780
- C:\Windows\System\SwltPJR.exe
  C:\Windows\System\SwltPJR.exe
  2⤵
  PID:11864
- C:\Windows\System\HzqWayS.exe
  C:\Windows\System\HzqWayS.exe
  2⤵
  PID:11900
- C:\Windows\System\etCkuhG.exe
  C:\Windows\System\etCkuhG.exe
  2⤵
  PID:11948
- C:\Windows\System\UpWkuma.exe
  C:\Windows\System\UpWkuma.exe
  2⤵
  PID:4652
- C:\Windows\System\cznfMUx.exe
  C:\Windows\System\cznfMUx.exe
  2⤵
  PID:12072
- C:\Windows\System\CfemWIX.exe
  C:\Windows\System\CfemWIX.exe
  2⤵
  PID:12132
- C:\Windows\System\oAOqqdz.exe
  C:\Windows\System\oAOqqdz.exe
  2⤵
  PID:12220
- C:\Windows\System\WllIjJm.exe
  C:\Windows\System\WllIjJm.exe
  2⤵
  PID:11284
- C:\Windows\System\YqFUTOp.exe
  C:\Windows\System\YqFUTOp.exe
  2⤵
  PID:3864
- C:\Windows\System\iaRMnKB.exe
  C:\Windows\System\iaRMnKB.exe
  2⤵
  PID:11644
- C:\Windows\System\RyzoSRl.exe
  C:\Windows\System\RyzoSRl.exe
  2⤵
  PID:11796
- C:\Windows\System\sUKawCF.exe
  C:\Windows\System\sUKawCF.exe
  2⤵
  PID:1472
- C:\Windows\System\WqvVulp.exe
  C:\Windows\System\WqvVulp.exe
  2⤵
  PID:11924
- C:\Windows\System\MryLboW.exe
  C:\Windows\System\MryLboW.exe
  2⤵
  PID:12060
- C:\Windows\System\PSfCeDO.exe
  C:\Windows\System\PSfCeDO.exe
  2⤵
  PID:12252
- C:\Windows\System\LOYKJOW.exe
  C:\Windows\System\LOYKJOW.exe
  2⤵
  PID:11292
- C:\Windows\System\lfBMQsk.exe
  C:\Windows\System\lfBMQsk.exe
  2⤵
  PID:11652
- C:\Windows\System\XbpSFVh.exe
  C:\Windows\System\XbpSFVh.exe
  2⤵
  PID:11816
- C:\Windows\System\njWzUfB.exe
  C:\Windows\System\njWzUfB.exe
  2⤵
  PID:12200
- C:\Windows\System\mkeDTul.exe
  C:\Windows\System\mkeDTul.exe
  2⤵
  PID:11584
- C:\Windows\System\JWEwsCB.exe
  C:\Windows\System\JWEwsCB.exe
  2⤵
  PID:12300
- C:\Windows\System\EwsgHbX.exe
  C:\Windows\System\EwsgHbX.exe
  2⤵
  PID:12324
- C:\Windows\System\pCgTpJG.exe
  C:\Windows\System\pCgTpJG.exe
  2⤵
  PID:12348
- C:\Windows\System\wIojOqS.exe
  C:\Windows\System\wIojOqS.exe
  2⤵
  PID:12372
- C:\Windows\System\xpdwRpQ.exe
  C:\Windows\System\xpdwRpQ.exe
  2⤵
  PID:12396
- C:\Windows\System\sfXIITu.exe
  C:\Windows\System\sfXIITu.exe
  2⤵
  PID:12428
- C:\Windows\System\vKrQGJc.exe
  C:\Windows\System\vKrQGJc.exe
  2⤵
  PID:12448
- C:\Windows\System\vEFBjXh.exe
  C:\Windows\System\vEFBjXh.exe
  2⤵
  PID:12488
- C:\Windows\System\nAgNdYd.exe
  C:\Windows\System\nAgNdYd.exe
  2⤵
  PID:12520
- C:\Windows\System\RFkfWMI.exe
  C:\Windows\System\RFkfWMI.exe
  2⤵
  PID:12556
- C:\Windows\System\lKbRXLN.exe
  C:\Windows\System\lKbRXLN.exe
  2⤵
  PID:12604
- C:\Windows\System\sjbgIBL.exe
  C:\Windows\System\sjbgIBL.exe
  2⤵
  PID:12632
- C:\Windows\System\eQcoPuR.exe
  C:\Windows\System\eQcoPuR.exe
  2⤵
  PID:12672
- C:\Windows\System\oXzRnrk.exe
  C:\Windows\System\oXzRnrk.exe
  2⤵
  PID:12704
- C:\Windows\System\yLwSLXl.exe
  C:\Windows\System\yLwSLXl.exe
  2⤵
  PID:12732
- C:\Windows\System\uDeuEot.exe
  C:\Windows\System\uDeuEot.exe
  2⤵
  PID:12768
- C:\Windows\System\adgQvuK.exe
  C:\Windows\System\adgQvuK.exe
  2⤵
  PID:12788
- C:\Windows\System\ObCLJms.exe
  C:\Windows\System\ObCLJms.exe
  2⤵
  PID:12804
- C:\Windows\System\HTsYSsW.exe
  C:\Windows\System\HTsYSsW.exe
  2⤵
  PID:12820
- C:\Windows\System\aRINWJf.exe
  C:\Windows\System\aRINWJf.exe
  2⤵
  PID:12844
- C:\Windows\System\YiGnyPZ.exe
  C:\Windows\System\YiGnyPZ.exe
  2⤵
  PID:12872
- C:\Windows\System\KZcSasS.exe
  C:\Windows\System\KZcSasS.exe
  2⤵
  PID:12900
- C:\Windows\System\RzBhuvf.exe
  C:\Windows\System\RzBhuvf.exe
  2⤵
  PID:12924
- C:\Windows\System\vHXjwsy.exe
  C:\Windows\System\vHXjwsy.exe
  2⤵
  PID:12964
- C:\Windows\System\BmKeUbr.exe
  C:\Windows\System\BmKeUbr.exe
  2⤵
  PID:12988
- C:\Windows\System\WzHbYhy.exe
  C:\Windows\System\WzHbYhy.exe
  2⤵
  PID:13004
- C:\Windows\System\LhHfnzI.exe
  C:\Windows\System\LhHfnzI.exe
  2⤵
  PID:13032
- C:\Windows\System\VKJTILV.exe
  C:\Windows\System\VKJTILV.exe
  2⤵
  PID:13068
- C:\Windows\System\rpBbiOw.exe
  C:\Windows\System\rpBbiOw.exe
  2⤵
  PID:13112
- C:\Windows\System\UFTDLBw.exe
  C:\Windows\System\UFTDLBw.exe
  2⤵
  PID:13140
- C:\Windows\System\ULjOrbI.exe
  C:\Windows\System\ULjOrbI.exe
  2⤵
  PID:13176
- C:\Windows\System\qwkaTcB.exe
  C:\Windows\System\qwkaTcB.exe
  2⤵
  PID:13208
- C:\Windows\System\wvTpUle.exe
  C:\Windows\System\wvTpUle.exe
  2⤵
  PID:13240
- C:\Windows\System\pwQbrtX.exe
  C:\Windows\System\pwQbrtX.exe
  2⤵
  PID:13276
- C:\Windows\System\PAUyUCl.exe
  C:\Windows\System\PAUyUCl.exe
  2⤵
  PID:11484
- C:\Windows\System\qkvfLNx.exe
  C:\Windows\System\qkvfLNx.exe
  2⤵
  PID:12296
- C:\Windows\System\usendMb.exe
  C:\Windows\System\usendMb.exe
  2⤵
  PID:12336
- C:\Windows\System\qNvdicl.exe
  C:\Windows\System\qNvdicl.exe
  2⤵
  PID:12360
- C:\Windows\System\eMphlgV.exe
  C:\Windows\System\eMphlgV.exe
  2⤵
  PID:12440
- C:\Windows\System\ebZsznP.exe
  C:\Windows\System\ebZsznP.exe
  2⤵
  PID:12416
- C:\Windows\System\HJyOYVp.exe
  C:\Windows\System\HJyOYVp.exe
  2⤵
  PID:12532
- C:\Windows\System\gUOvBEL.exe
  C:\Windows\System\gUOvBEL.exe
  2⤵
  PID:12588
- C:\Windows\System\bapXWvr.exe
  C:\Windows\System\bapXWvr.exe
  2⤵
  PID:12720
- C:\Windows\System\Rocleik.exe
  C:\Windows\System\Rocleik.exe
  2⤵
  PID:12756
- C:\Windows\System\nSSLoTy.exe
  C:\Windows\System\nSSLoTy.exe
  2⤵
  PID:12856
- C:\Windows\System\WysljnA.exe
  C:\Windows\System\WysljnA.exe
  2⤵
  PID:12864
- C:\Windows\System\OMCxePw.exe
  C:\Windows\System\OMCxePw.exe
  2⤵
  PID:12892
- C:\Windows\System\LTOiCkk.exe
  C:\Windows\System\LTOiCkk.exe
  2⤵
  PID:12952
- C:\Windows\System\eQKwyPI.exe
  C:\Windows\System\eQKwyPI.exe
  2⤵
  PID:13020
- C:\Windows\System\kGoVbWP.exe
  C:\Windows\System\kGoVbWP.exe
  2⤵
  PID:13084
- C:\Windows\System\OOyWDfp.exe
  C:\Windows\System\OOyWDfp.exe
  2⤵
  PID:13220
- C:\Windows\System\mlOkpal.exe
  C:\Windows\System\mlOkpal.exe
  2⤵
  PID:11360
- C:\Windows\System\KVlDdNm.exe
  C:\Windows\System\KVlDdNm.exe
  2⤵
  PID:12420
- C:\Windows\System\owxnAxF.exe
  C:\Windows\System\owxnAxF.exe
  2⤵
  PID:11988
- C:\Windows\System\VyueKeR.exe
  C:\Windows\System\VyueKeR.exe
  2⤵
  PID:12548
- C:\Windows\System\lNJlzXF.exe
  C:\Windows\System\lNJlzXF.exe
  2⤵
  PID:12728
- C:\Windows\System\rgAfPdI.exe
  C:\Windows\System\rgAfPdI.exe
  2⤵
  PID:12800
- C:\Windows\System\gSbVGFi.exe
  C:\Windows\System\gSbVGFi.exe
  2⤵
  PID:832
- C:\Windows\System\fQKuwhh.exe
  C:\Windows\System\fQKuwhh.exe
  2⤵
  PID:13016
- C:\Windows\System\zfVQUkf.exe
  C:\Windows\System\zfVQUkf.exe
  2⤵
  PID:12960
- C:\Windows\System\UDHbDXL.exe
  C:\Windows\System\UDHbDXL.exe
  2⤵
  PID:13260
- C:\Windows\System\VKckcNq.exe
  C:\Windows\System\VKckcNq.exe
  2⤵
  PID:12656
- C:\Windows\System\LEFgAFG.exe
  C:\Windows\System\LEFgAFG.exe
  2⤵
  PID:1116
- C:\Windows\System\ceDubSy.exe
  C:\Windows\System\ceDubSy.exe
  2⤵
  PID:13064
- C:\Windows\System\LNlQqqv.exe
  C:\Windows\System\LNlQqqv.exe
  2⤵
  PID:13156
- C:\Windows\System\SjsCMAD.exe
  C:\Windows\System\SjsCMAD.exe
  2⤵
  PID:13320
- C:\Windows\System\jdHKOCf.exe
  C:\Windows\System\jdHKOCf.exe
  2⤵
  PID:13352
- C:\Windows\System\jCPfIjL.exe
  C:\Windows\System\jCPfIjL.exe
  2⤵
  PID:13380
- C:\Windows\System\OMCRaaZ.exe
  C:\Windows\System\OMCRaaZ.exe
  2⤵
  PID:13400
- C:\Windows\System\ZzCjEOF.exe
  C:\Windows\System\ZzCjEOF.exe
  2⤵
  PID:13440
- C:\Windows\System\Gqkpldu.exe
  C:\Windows\System\Gqkpldu.exe
  2⤵
  PID:13472
- C:\Windows\System\afFNswW.exe
  C:\Windows\System\afFNswW.exe
  2⤵
  PID:13496
- C:\Windows\System\URBsuFV.exe
  C:\Windows\System\URBsuFV.exe
  2⤵
  PID:13524
- C:\Windows\System\elCcDxc.exe
  C:\Windows\System\elCcDxc.exe
  2⤵
  PID:13552
- C:\Windows\System\XcETYzb.exe
  C:\Windows\System\XcETYzb.exe
  2⤵
  PID:13572
- C:\Windows\System\PBmpiGi.exe
  C:\Windows\System\PBmpiGi.exe
  2⤵
  PID:13596
- C:\Windows\System\AsdVnwA.exe
  C:\Windows\System\AsdVnwA.exe
  2⤵
  PID:13624
- C:\Windows\System\JFZUYNl.exe
  C:\Windows\System\JFZUYNl.exe
  2⤵
  PID:13652
- C:\Windows\System\bULhRHM.exe
  C:\Windows\System\bULhRHM.exe
  2⤵
  PID:13672
- C:\Windows\System\RiIwJoz.exe
  C:\Windows\System\RiIwJoz.exe
  2⤵
  PID:13704
- C:\Windows\System\VgWCPot.exe
  C:\Windows\System\VgWCPot.exe
  2⤵
  PID:13728
- C:\Windows\System\hYANgji.exe
  C:\Windows\System\hYANgji.exe
  2⤵
  PID:13756
- C:\Windows\System\DjwIBmB.exe
  C:\Windows\System\DjwIBmB.exe
  2⤵
  PID:13792
- C:\Windows\System\GLEXhZa.exe
  C:\Windows\System\GLEXhZa.exe
  2⤵
  PID:13816
- C:\Windows\System\OnIHZsi.exe
  C:\Windows\System\OnIHZsi.exe
  2⤵
  PID:13852
- C:\Windows\System\pcjLcCe.exe
  C:\Windows\System\pcjLcCe.exe
  2⤵
  PID:13876
- C:\Windows\System\EWWPiph.exe
  C:\Windows\System\EWWPiph.exe
  2⤵
  PID:13900
- C:\Windows\System\hGVuNoH.exe
  C:\Windows\System\hGVuNoH.exe
  2⤵
  PID:13932
- C:\Windows\System\BcwolzZ.exe
  C:\Windows\System\BcwolzZ.exe
  2⤵
  PID:13968
- C:\Windows\System\eGzKJXF.exe
  C:\Windows\System\eGzKJXF.exe
  2⤵
  PID:13988
- C:\Windows\System\iEIEtra.exe
  C:\Windows\System\iEIEtra.exe
  2⤵
  PID:14028
- C:\Windows\System\trUqftU.exe
  C:\Windows\System\trUqftU.exe
  2⤵
  PID:14056
- C:\Windows\System\cIwEENN.exe
  C:\Windows\System\cIwEENN.exe
  2⤵
  PID:14084
- C:\Windows\System\dMMpuKD.exe
  C:\Windows\System\dMMpuKD.exe
  2⤵
  PID:14112
- C:\Windows\System\BeINwTu.exe
  C:\Windows\System\BeINwTu.exe
  2⤵
  PID:14148
- C:\Windows\System\MCAWEyt.exe
  C:\Windows\System\MCAWEyt.exe
  2⤵
  PID:14188
- C:\Windows\System\bbDcAcB.exe
  C:\Windows\System\bbDcAcB.exe
  2⤵
  PID:14208
- C:\Windows\System\YuVwuVx.exe
  C:\Windows\System\YuVwuVx.exe
  2⤵
  PID:14224
- C:\Windows\System\mxEcPYQ.exe
  C:\Windows\System\mxEcPYQ.exe
  2⤵
  PID:14256
- C:\Windows\System\yUyRHBv.exe
  C:\Windows\System\yUyRHBv.exe
  2⤵
  PID:14280
- C:\Windows\System\OAqVrqS.exe
  C:\Windows\System\OAqVrqS.exe
  2⤵
  PID:14320
- C:\Windows\System\orNSnqI.exe
  C:\Windows\System\orNSnqI.exe
  2⤵
  PID:3780
- C:\Windows\System\sMIjPZN.exe
  C:\Windows\System\sMIjPZN.exe
  2⤵
  PID:13344
- C:\Windows\System\bpBXeUS.exe
  C:\Windows\System\bpBXeUS.exe
  2⤵
  PID:13388
- C:\Windows\System\vVUVtDb.exe
  C:\Windows\System\vVUVtDb.exe
  2⤵
  PID:13420
- C:\Windows\System\xkGyfuP.exe
  C:\Windows\System\xkGyfuP.exe
  2⤵
  PID:13492
- C:\Windows\System\Bgoylkc.exe
  C:\Windows\System\Bgoylkc.exe
  2⤵
  PID:13580
- C:\Windows\System\vRRGMUC.exe
  C:\Windows\System\vRRGMUC.exe
  2⤵
  PID:13636
- C:\Windows\System\PtgjjMa.exe
  C:\Windows\System\PtgjjMa.exe
  2⤵
  PID:13668
- C:\Windows\System\WMkgTFk.exe
  C:\Windows\System\WMkgTFk.exe
  2⤵
  PID:13748
- C:\Windows\System\QrsKplT.exe
  C:\Windows\System\QrsKplT.exe
  2⤵
  PID:13812
- C:\Windows\System\WOuKkid.exe
  C:\Windows\System\WOuKkid.exe
  2⤵
  PID:13872
- C:\Windows\System\WMrErYo.exe
  C:\Windows\System\WMrErYo.exe
  2⤵
  PID:13920
- C:\Windows\System\FlqWtjL.exe
  C:\Windows\System\FlqWtjL.exe
  2⤵
  PID:14016
- C:\Windows\System\AindZNa.exe
  C:\Windows\System\AindZNa.exe
  2⤵
  PID:14072
- C:\Windows\System\fAyQXAA.exe
  C:\Windows\System\fAyQXAA.exe
  2⤵
  PID:14120
- C:\Windows\System\zuEgwHr.exe
  C:\Windows\System\zuEgwHr.exe
  2⤵
  PID:4196
- C:\Windows\System\MJAKrip.exe
  C:\Windows\System\MJAKrip.exe
  2⤵
  PID:14236
- C:\Windows\System\TRgwNMF.exe
  C:\Windows\System\TRgwNMF.exe
  2⤵
  PID:12508
- C:\Windows\System\NrkbDrI.exe
  C:\Windows\System\NrkbDrI.exe
  2⤵
  PID:13452
- C:\Windows\System\OpzxuVA.exe
  C:\Windows\System\OpzxuVA.exe
  2⤵
  PID:13516
- C:\Windows\System\cOmpztc.exe
  C:\Windows\System\cOmpztc.exe
  2⤵
  PID:13692
- C:\Windows\System\eghQDnH.exe
  C:\Windows\System\eghQDnH.exe
  2⤵
  PID:13772
- C:\Windows\System\ukOfLmt.exe
  C:\Windows\System\ukOfLmt.exe
  2⤵
  PID:13956
- C:\Windows\System\bMObwYd.exe
  C:\Windows\System\bMObwYd.exe
  2⤵
  PID:14156
- C:\Windows\System\MxKysqv.exe
  C:\Windows\System\MxKysqv.exe
  2⤵
  PID:14160
- C:\Windows\System\dNaZHMA.exe
  C:\Windows\System\dNaZHMA.exe
  2⤵
  PID:12748
- C:\Windows\System\KgtzkaW.exe
  C:\Windows\System\KgtzkaW.exe
  2⤵
  PID:13544
- C:\Windows\System\zwZwbXm.exe
  C:\Windows\System\zwZwbXm.exe
  2⤵
  PID:13952
- C:\Windows\System\TXeRLbu.exe
  C:\Windows\System\TXeRLbu.exe
  2⤵
  PID:14040

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AlDpYMh.exe

Filesize
2.3MB

MD5
246bb458ea576e4da09851c26661b8d7

SHA1
fcd115af6d38f031fca48f7c78bc9c6cac122bac

SHA256
3dbb84f9a94b7a6844105a383399ec044aaa0eae14aca828b47459adb89f5eca

SHA512
73b81ebfc810f08492c5011f2fd1079128df7401a189eaa4295ed43c1ed0dbbfdcfbee652f84e4b8a10238af3f59b54bb874c3f7e980faa9cd132d878dd8d27c

Download Submit
C:\Windows\System\AxxUimS.exe

Filesize
2.2MB

MD5
170d3353d01d8911dadeb509d4b833e3

SHA1
f65bf6cc8864599835c457460f43194700033b34

SHA256
1b2fd3e1ccc6e06924b55112395a71fc05ddff619cf1298993e08bca75c98357

SHA512
19b573ba03c5649f86564b6a587f58ea3eabcc16cd734e66c63e25a33647c7c8fb84c3e536db77f0786ba95fc92cec1053f0b991311a3bb9528f51ceaa999623

Download Submit
C:\Windows\System\AyptrFR.exe

Filesize
2.2MB

MD5
90397ba553c07f7ed4a0294e651cef3d

SHA1
cfa5daaf40ba279863a5856d8a95119c6ac37bbc

SHA256
4d8b0b38a3fab1c7ec771acbbbdd88cad0c90ddfdf531e955987bfebfcd83ed6

SHA512
41485b05fc70e404070d95cf74bb872b8b111f3d8e819d8983bf459255d2ce01c81c581b1f2c42d2e369ab9f37fd4f85789ec12e7bd2c28ce46deefc734ecab0

Download Submit
C:\Windows\System\BixeqQL.exe

Filesize
2.3MB

MD5
5316f3ae8cfa2d501064650308ec06a5

SHA1
db3a5a9b9fc7701d7639e533641082362309fe21

SHA256
ca67a1f14a6074bd94f9b9f04397a7cd4061028a18636d12ac49ff7dae417074

SHA512
fa904ba850887f6d105a2b8a79649bf0b84d22dcdf97d15e78ccd0dbcb78271246eb316a33345fa9e5553d16fd0610b61e7a4bcce219d52529026609585026bb

Download Submit
C:\Windows\System\CnPxOZH.exe

Filesize
2.3MB

MD5
2e5cef33db2c2192297d915bea8c28eb

SHA1
3f2abf615ab727942b9fa9f76d787b45f066dd37

SHA256
81013031e48dfd4b042d18fa2f156041eecb928bbb57260fa289bc93aa73a19e

SHA512
b633842fbbdf33561ebcf6e34851c2bfd51bf0657b4ea2b45a6a537fa0785596038dc0bb0646d6a7fdc5ce86a5c91144d9dd081dcc8b71bfd287360120a8d4ba

Download Submit
C:\Windows\System\DflnyTN.exe

Filesize
2.3MB

MD5
8cf589dadf2d5c8a6b35675c7f80e4be

SHA1
9d65c07f8e0536dd038a81a6a91ad2e742bff987

SHA256
e716e10b79068913f20cfeb669e050f7f15ed1a0ffdb31cb09d2c5e8ab80ebce

SHA512
4bb1bb9f3f3412a637ef6a8a8333c52628c2cd5d3f52e4783bca8dd1c613ad0c83a1d8b84df57e2a2217bef62d9d98248996e0c604d7dd0624e7e65d6baa59cb

Download Submit
C:\Windows\System\EYZowQu.exe

Filesize
2.3MB

MD5
41bfe65baf849a364b28e0609d48fceb

SHA1
bad04a59bf88498b5c72c0a969a0a0b94437a45a

SHA256
a931073376e1b8a868efa3eee0094b91577df1823f903e5e339360b405a2ca22

SHA512
89ffadf9e19db3f439ee00e98ad8eb1e886396a22de330a49d5c9a08c4293bc3d4fd91ef92fb5e84b8a98c9927066942bd4582594acd2cd17624ff87d64123a1

Download Submit
C:\Windows\System\FbIcBwM.exe

Filesize
2.3MB

MD5
6406a850c2cb348f1d34aef74e01359f

SHA1
443704b13881cc16de3a461f11f01e08d415bcb1

SHA256
afc87cd079a759823c0bbe64c1c6019493cf4f68ad78b58c023777e987e7290d

SHA512
dbfafaf47f7d2f87c21c2b539542e9a97fa60ec4738fb8d8b522c9dae397668edadb6a3d579f3cf969e2d3a8e05f9195756ac51835ba35a72c56ac83b0df0b6b

Download Submit
C:\Windows\System\FjXNjWJ.exe

Filesize
2.2MB

MD5
3cb9e5e6d2a907decfcc1941b329c919

SHA1
ef5c1f9cfa21072c41de29d3af59004c185353f9

SHA256
fd22da815d6b3b2048eda6ec8f51f79fdd0ba6177a9e71223fda83b128cf04aa

SHA512
1781ced54ee7bf1a27bcc64b4d2a66ee53caa84ebedaf025291b430eaf34f01156a9718bf672b057e5655f1d3cc8e9105a10fa8966dadac89e4f662ddafd8410

Download Submit
C:\Windows\System\GAzIrcj.exe

Filesize
2.2MB

MD5
6476205e4479d531535d4d73306ded39

SHA1
b34fd6892b823825b28da918f9fe52219b3fe61b

SHA256
1960a6e88ac4a0363c5979c7565472efa106fd96c98a44b8dd77cb0d9a16a5d6

SHA512
4ddc2891930d99df64e40076e45800fd524a126bb5f1f14fe920e6eab3c490d7edb2490c01ae3d84f09c4b2de03b6ab2b679f70b9363e00f412c354b667e8173

Download Submit
C:\Windows\System\IjOdFfU.exe

Filesize
2.3MB

MD5
02027b281ccaa77c4e4430f1f2f7ee9b

SHA1
7649f6dda1a6f18b050d09256cc3b6ca30cbda2d

SHA256
5e3dd1f8ef435a7d7ac6c7ca6b4ad8db44032950eb6b7e290609fd11f1ed8258

SHA512
49524349aafb11539a8631ef59362003f9e89510cafd80ac1068ef1fe7e8ca97e9d0361838b3dc4104f538fc647a1e1cc0bcb59667e9ec3c11af62e9b60cf4e3

Download Submit
C:\Windows\System\LBpRtBm.exe

Filesize
2.2MB

MD5
71c53c994785db769010cc4804601602

SHA1
45901a365c409357d6a454f9287db61d279d68d6

SHA256
cb756f01d466a14860ba4c04584d274d44889fd38c21e966cba94366efad22d9

SHA512
384cff24f6412cc9076dc9ccc4a043aeebffc80a5989a1b38fd0081b5ec38a682334c3be101e0a0055693d71b1df43281125d7ce67632aeb88c46e1f016749ae

Download Submit
C:\Windows\System\PNKrrMA.exe

Filesize
2.3MB

MD5
edea1122e6703f9e2d4bf3a16ec384fe

SHA1
3e8eab0e212a93fbce1ac9ece9e86880ec9f0c7e

SHA256
06800624f863f670677e3f28220b8d7c4f45e58b79df1f5907147234c7733c99

SHA512
f55081f0b6cb707725706158d813c5589920d3566e918190d0b4666250b59afca7b50add5deced214effa1196b6a07bd254d8754734f4e5800c2615feea244f9

Download Submit
C:\Windows\System\PhunoQh.exe

Filesize
2.3MB

MD5
fdda454f6a64311de6722754ab7283a1

SHA1
139ba3f9d0f5186d568eb8ef3cd19925f235b417

SHA256
f44d048a18186b5820a9c33df09f643c29dac6271a959f306238ae0f73d6274e

SHA512
fef04c207aab0df4a3c23d3eca66f0986b22602069bb4b77c98bc532e45b21262afeeb4f87b4bc5d8e311d1af9a3b40386ded9834da3c51d57f5e78279feceb0

Download Submit
C:\Windows\System\QrUfzuI.exe

Filesize
2.3MB

MD5
6ee0b4714a85ce2e640708ce7c3cfd4b

SHA1
9a36c681e444d523087fff3014afc90f70de279f

SHA256
516024112ff5d3533999e2f4e8255fac7d2b2ddf9055be602d710b279da9073f

SHA512
0baf05ae00d6045328efe001098815e80c6825c06cbde2e7a9fc1feb3034209e4e546922777acb0a24f54cab7b8741330ff7b0b97c2949588978da71f9dcba5d

Download Submit
C:\Windows\System\TjOaLgM.exe

Filesize
2.3MB

MD5
96aef9e81d071243bc670c4dddfc0dac

SHA1
09aedd33ad7af23739b68b21ab7f0a5bb39159d2

SHA256
3bf747435d2896355ab13b228c69a2294bf5a3ab81c1033d8a3c6f3cb2cc6b87

SHA512
7c1cd89fc521efce636cc6b7de05fed21e88e8a10c7be2a89554d5d46661dc8541d0955f8c8ecc6e6926d6dddf74da8fa59d5854a9ebb61ba00ccbbb3bcdc338

Download Submit
C:\Windows\System\VZikoRm.exe

Filesize
2.3MB

MD5
6394120376300f68bf50b3c4a9217b36

SHA1
3496ad07fd25994ed4e815bd2d945f1437ab48aa

SHA256
2ca5a40dc3339008ca8edf6612306c430c2c74c9012a9ceefb5d23c81022d393

SHA512
6d72f8db99140d6c1c99cdd02f651e53f3c7fd513fd5e65bc552059b1d9248805b1bb63056e08d098fd80143ddfb4a1193ce0c4eed1ca664dfa5ef0eb5e958a9

Download Submit
C:\Windows\System\YjtkEfy.exe

Filesize
2.2MB

MD5
fc7a425496c2a9aeb63245cd04541e0d

SHA1
a02c87e50f46fe0408af1d518cb5e2669e35d1c0

SHA256
e1343c596294ab844f13faf93353e74cfae1ac6a1333ae95a8969b959b977f19

SHA512
9c397b811da696ac322ca702c2497bce7466cfec0990ac75d7780d555bba6a3cdf28eb880622539446c7587ed83d1cb8261c4c203f97935cd2054dfa9ad4dfa3

Download Submit
C:\Windows\System\bZdpogL.exe

Filesize
2.3MB

MD5
2255f37d5cdb550d3228c7c1029ca0bc

SHA1
fccebadd05bd855226443aadaf2b105c62473e52

SHA256
3bc42909b68bcafa0350bd78e99bf653d6adcef6c663aa90face76352e130625

SHA512
9f2aed7e62e75f046078fd13479413e5b2153e19e2f8e234562078d7ac94722e3acd11244bb43a6f424326e6473d7bb6144ff280ea5aee5d80f8f8f145ad0e9a

Download Submit
C:\Windows\System\fNEFoAy.exe

Filesize
2.2MB

MD5
360cadf530f6d143460bf468fe60db79

SHA1
2e0690e397f94518d60feac47bf67f6540ad5b64

SHA256
c1e702f6dbdab8675f3105429be188240107818f26e20b3dcafdcb10561a184d

SHA512
014cd10708f6515278dab3ec8d8675658060752042f03c23a1170f90eebe38554af36a1db00233406337b4884389ef7b9a7fe679c960747d64fd8aec20a69865

Download Submit
C:\Windows\System\fcHNqxO.exe

Filesize
2.3MB

MD5
c244b2586255d7bbe526d513071da034

SHA1
98d4ac5edeb661cf97c9b21cb5134928c758f258

SHA256
8094f20f49709661cdeda33d8639b7b1fc80d7ee8c67c584518e4b20041e6177

SHA512
b3f398e2152a1c8be77fda62b9d5e74da941a5981ae005ca888d8389fad1bf59940715d61830d0af6772a6de3a21a9355132ad42dad187037492a96b1081f800

Download Submit
C:\Windows\System\gWaEAkk.exe

Filesize
2.3MB

MD5
8e8808d39b83d2ba84f23ce2eacdecbc

SHA1
542fde685be9b57ceda6e9a046c7a48abac1dcfa

SHA256
79a6523751d8e43eeca23047db3a77698520daae466f5cdf7d14e9a9600a9971

SHA512
ae348974a18d164e24e5c80a5b6516180fb3326761e9b2e4d2a0c680e75c7da0a37bd3ca56bffd8307eae152be681a2b1eeee9dc851f11cfb01b6897f3b6f650

Download Submit
C:\Windows\System\jYuzprJ.exe

Filesize
2.2MB

MD5
23e0a04791fcec5691ece44c18961a15

SHA1
dab51ebfa904d87d7dde8b8211ab6f735e4324ae

SHA256
38ddf2d313379df2e14df817b4be8afd22d99ad2bcf274ff8b20fbb640547b8a

SHA512
6717386b7c528ec9735b0e4d0c61044b9c5deb27b9ee9da4745f04224c01a2aeb81fdd53e6a333860c826d09f44bcda82e7761b4e9cd29c6ecb0c88adac8ffe8

Download Submit
C:\Windows\System\jiTwipe.exe

Filesize
2.3MB

MD5
34918d010e1f2890a32f8d5bc5bea7a6

SHA1
3b760b1eb4e3d9fa9f38d1b0fe6fa11013f73e8d

SHA256
be821573270b9577defa8b6b93c913e0e953129cd53db32c4db2c2347b449299

SHA512
0fdc935106c1bdac6f1133a4e6a411e4afef9ba7f56f3c325e8d93f042f05557b047dab908125bef35ada7b6cb3c427b131e1221d92c142a4e1c4e38f06fe753

Download Submit
C:\Windows\System\mOIOEIk.exe

Filesize
2.2MB

MD5
a087fe13e68e9e7f1fa97086bb2327a1

SHA1
f8077be5a370bab84faac9990a12c2721b56bbca

SHA256
09e5055536b464b61d5409fbf025c90e521509909da1f1167847e29b1efcac4c

SHA512
18ac820a786c88fd8babcd2ebb966a7231141f5b65cbbb5d02fe07543cada1fa6ea8d4a443e273e6ac0e3e389cf1ab1931e43737f31727b7bbb8e3d4f2d8ab51

Download Submit
C:\Windows\System\pjmzUsn.exe

Filesize
2.3MB

MD5
92b1182eadc62d734058812920fb213c

SHA1
46737382e830344757ed3071f329f6364e0fbe98

SHA256
da95463ffcf5f16eb72a7b5b8677b172eda59e86a1529afd218f81be2b893a75

SHA512
9617cd228b65ed74be26604710bdd3925aa21bf791a9dc443acbfbed5884803617ab95f21d19d39c4bb4e65cc853e9511fef18bddddd112578b039380b65b617

Download Submit
C:\Windows\System\qJobRWs.exe

Filesize
2.3MB

MD5
727956e9069f71490985e7a48691bf2c

SHA1
a68d41bd0922f2504d19c2a133124e4d83add97c

SHA256
d80a72016e3fe88b4ffc720c933cced4f2834a230a519a86fba51c320aa45b08

SHA512
79a1b7a2867764ac1b7828d292e39c4852122965f1a0506cc7e912f53a86dfbeb97afacc233ba4c1062b71f4225c4f45a021b3c0858e929082173b72fdbdd671

Download Submit
C:\Windows\System\rHNunpZ.exe

Filesize
2.2MB

MD5
8780d6008996030f506aa3c53d0030f0

SHA1
bf15716545d9922f9fae00d66e827faf0828ec2a

SHA256
c1556ae392e68d39318f516776a300dd5133ba8281950aa03e332cbc1aee013e

SHA512
15f7620281a37638c0f9095634ef2334253d4c74dc19fda2cd54f1811710967752fce821ae58b5d7f1e21dc5d0366fb3cdc99c7caace3cb0f180c37b56fa6b21

Download Submit
C:\Windows\System\rNAqgrg.exe

Filesize
2.2MB

MD5
aa1f8df1a5a8b34da435e42dd9c3ca31

SHA1
d6115c44beb738a7d3e68610a8150c17f14b945b

SHA256
34433180d68dbddc26a453dce016c08655930520ba3fc81a6fcd0e3df6e19f82

SHA512
02e27978c34705c5b83e11b9c986b3546d3dee6c563fc646cc4b62aa0dfcde8e215aaeb87e0ad240690c935044c81a68a93136d095d331ba2d13d877fcfd2447

Download Submit
C:\Windows\System\sFFqNsX.exe

Filesize
2.3MB

MD5
6cb9f5a51bb41dff6c8ca86b8a8921ee

SHA1
42b9f289edba4a5f605d7a5a63bb067de8b2a36b

SHA256
686ac59f98fa5b4d2495aa390b1125a992c037c4a9a9da7c219bbb94cab29065

SHA512
36525c6f9f3533c47e8e3fbf211d67703960b18fe244e5ea1f13fbf234ced8130bac2f82db92c29d8d48d9301ce5c1d34d5f01b222484c5642281884b9c607ca

Download Submit
C:\Windows\System\sJquBMz.exe

Filesize
2.3MB

MD5
4cf58fcd53ff1dd2c8cb94bd6cf23a5e

SHA1
0d51753b3b097dec10740850b782aca516561a25

SHA256
34dda60f86d25abbed3c5d97adda399d33e9e7c4f30d087983b3702e703960f1

SHA512
fbc0ec0ca08691aba1f91f8552b7195dff4554218622032a41f27935e331eb08af48103b4ada6453af36138aaa0325ff9d4ce9ab6274a2486e13c05e97477244

Download Submit
C:\Windows\System\xbqPBoc.exe

Filesize
2.3MB

MD5
6df65789f515377b194096900d8c4b35

SHA1
72756f99a16ade2dde82af57ea9e252bcbef0954

SHA256
62dfd2b9fa9bc9f9acd4e881742c24a97c639bb5fea62657ae14dcce1288c930

SHA512
25cee444de038e3b938f9ecea7b87b38f7348192d22bef9d51a65dac10c25d3f3ddb00c4f985060f4cb88be628b7257c39998db5f59a185de2b85fb1c9fd37e5

Download Submit
C:\Windows\System\yzuUeWs.exe

Filesize
2.3MB

MD5
2d8aa4a5fb7b0edba27d4245c78b6f3d

SHA1
33218046f2523b720d641fd1cee98bcf934586e6

SHA256
656f011fefa1761b2b4840b1b8b3192b53df0cfe3a21c6d0c5800d12f579336e

SHA512
60da8aa1c033927ad549044d619537ef58ba7c7683b4bd7b23dfaefda775c49b8d82d2c6b0b6c074afc472a12b1969eeb1780c5250d2b3f61e1414aaae714a83

Download Submit
memory/816-158-0x00007FF603910000-0x00007FF603C64000-memory.dmp

Filesize
3.3MB

Download
memory/816-2134-0x00007FF603910000-0x00007FF603C64000-memory.dmp

Filesize
3.3MB

Download
memory/896-0-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp

Filesize
3.3MB

Download
memory/896-1-0x000001A245E90000-0x000001A245EA0000-memory.dmp

Filesize
64KB

Download
memory/896-2112-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2129-0x00007FF6C70B0000-0x00007FF6C7404000-memory.dmp

Filesize
3.3MB

Download
memory/1104-98-0x00007FF6C70B0000-0x00007FF6C7404000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2115-0x00007FF6C70B0000-0x00007FF6C7404000-memory.dmp

Filesize
3.3MB

Download
memory/1140-180-0x00007FF6AC5E0000-0x00007FF6AC934000-memory.dmp

Filesize
3.3MB

Download
memory/1140-2120-0x00007FF6AC5E0000-0x00007FF6AC934000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2119-0x00007FF7423E0000-0x00007FF742734000-memory.dmp

Filesize
3.3MB

Download
memory/1484-19-0x00007FF7423E0000-0x00007FF742734000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2113-0x00007FF7423E0000-0x00007FF742734000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2143-0x00007FF730830000-0x00007FF730B84000-memory.dmp

Filesize
3.3MB

Download
memory/1764-186-0x00007FF730830000-0x00007FF730B84000-memory.dmp

Filesize
3.3MB

Download
memory/2056-173-0x00007FF601620000-0x00007FF601974000-memory.dmp

Filesize
3.3MB

Download
memory/2056-2144-0x00007FF601620000-0x00007FF601974000-memory.dmp

Filesize
3.3MB

Download
memory/2156-157-0x00007FF701BE0000-0x00007FF701F34000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2139-0x00007FF701BE0000-0x00007FF701F34000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2116-0x00007FF62FF40000-0x00007FF630294000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2124-0x00007FF62FF40000-0x00007FF630294000-memory.dmp

Filesize
3.3MB

Download
memory/2332-60-0x00007FF62FF40000-0x00007FF630294000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2135-0x00007FF794260000-0x00007FF7945B4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-144-0x00007FF794260000-0x00007FF7945B4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2123-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-31-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-115-0x00007FF676420000-0x00007FF676774000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2126-0x00007FF676420000-0x00007FF676774000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2136-0x00007FF6E98F0000-0x00007FF6E9C44000-memory.dmp

Filesize
3.3MB

Download
memory/2904-177-0x00007FF6E98F0000-0x00007FF6E9C44000-memory.dmp

Filesize
3.3MB

Download
memory/2952-2145-0x00007FF77DCD0000-0x00007FF77E024000-memory.dmp

Filesize
3.3MB

Download
memory/2952-159-0x00007FF77DCD0000-0x00007FF77E024000-memory.dmp

Filesize
3.3MB

Download
memory/3008-183-0x00007FF77F2A0000-0x00007FF77F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2132-0x00007FF77F2A0000-0x00007FF77F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2122-0x00007FF7CC650000-0x00007FF7CC9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-39-0x00007FF7CC650000-0x00007FF7CC9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3132-185-0x00007FF75DE30000-0x00007FF75E184000-memory.dmp

Filesize
3.3MB

Download
memory/3132-2137-0x00007FF75DE30000-0x00007FF75E184000-memory.dmp

Filesize
3.3MB

Download
memory/3404-181-0x00007FF6BE000000-0x00007FF6BE354000-memory.dmp

Filesize
3.3MB

Download
memory/3404-2128-0x00007FF6BE000000-0x00007FF6BE354000-memory.dmp

Filesize
3.3MB

Download
memory/3632-176-0x00007FF68C700000-0x00007FF68CA54000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2141-0x00007FF68C700000-0x00007FF68CA54000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2130-0x00007FF6B2A80000-0x00007FF6B2DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3892-116-0x00007FF6B2A80000-0x00007FF6B2DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2133-0x00007FF7F5960000-0x00007FF7F5CB4000-memory.dmp

Filesize
3.3MB

Download
memory/4108-172-0x00007FF7F5960000-0x00007FF7F5CB4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2146-0x00007FF72DC30000-0x00007FF72DF84000-memory.dmp

Filesize
3.3MB

Download
memory/4468-175-0x00007FF72DC30000-0x00007FF72DF84000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2127-0x00007FF62DDD0000-0x00007FF62E124000-memory.dmp

Filesize
3.3MB

Download
memory/4496-182-0x00007FF62DDD0000-0x00007FF62E124000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2125-0x00007FF647870000-0x00007FF647BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-71-0x00007FF647870000-0x00007FF647BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2117-0x00007FF647870000-0x00007FF647BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-178-0x00007FF681600000-0x00007FF681954000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2142-0x00007FF681600000-0x00007FF681954000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2114-0x00007FF6DA760000-0x00007FF6DAAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-57-0x00007FF6DA760000-0x00007FF6DAAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2121-0x00007FF6DA760000-0x00007FF6DAAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-179-0x00007FF6D2450000-0x00007FF6D27A4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-2118-0x00007FF6D2450000-0x00007FF6D27A4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2131-0x00007FF68F5D0000-0x00007FF68F924000-memory.dmp

Filesize
3.3MB

Download
memory/4884-121-0x00007FF68F5D0000-0x00007FF68F924000-memory.dmp

Filesize
3.3MB

Download
memory/4968-184-0x00007FF6860D0000-0x00007FF686424000-memory.dmp

Filesize
3.3MB

Download
memory/4968-2138-0x00007FF6860D0000-0x00007FF686424000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2140-0x00007FF75F040000-0x00007FF75F394000-memory.dmp

Filesize
3.3MB

Download
memory/5016-174-0x00007FF75F040000-0x00007FF75F394000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads