xmrig | 1fdc82c3eb19c1d4d52989c292af3532cb4d4ae6908a30cb5acd9e4524883351

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
Size

1.8MB
MD5

1833e762952f559b70c3efcaeac0d730
SHA1

b1d7ef3cd57ee88cab1316e474c311edc7d83046
SHA256

1fdc82c3eb19c1d4d52989c292af3532cb4d4ae6908a30cb5acd9e4524883351
SHA512

617666b6b8307b708d49c5b2449643ae1aebe39092a4abe130042853607f030b1dcb501ec7f860e2ac0903e15ef542028f1952ce6daccfd0e50f82ab71920e21
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wICbbnlD5E9V:oemTLkNdfE0pZrN

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1588-0-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp	xmrig
behavioral2/files/0x000c0000000233be-5.dat	xmrig
behavioral2/files/0x000800000002340a-7.dat	xmrig
behavioral2/files/0x00090000000233ff-10.dat	xmrig
behavioral2/files/0x0007000000023410-45.dat	xmrig
behavioral2/files/0x0007000000023412-78.dat	xmrig
behavioral2/files/0x0007000000023419-96.dat	xmrig
behavioral2/files/0x000700000002341d-127.dat	xmrig
behavioral2/files/0x0007000000023425-148.dat	xmrig
behavioral2/files/0x0007000000023422-157.dat	xmrig
behavioral2/memory/1956-172-0x00007FF745640000-0x00007FF745994000-memory.dmp	xmrig
behavioral2/memory/1996-178-0x00007FF747C70000-0x00007FF747FC4000-memory.dmp	xmrig
behavioral2/memory/208-183-0x00007FF754310000-0x00007FF754664000-memory.dmp	xmrig
behavioral2/memory/3440-190-0x00007FF7EED10000-0x00007FF7EF064000-memory.dmp	xmrig
behavioral2/memory/548-191-0x00007FF6E8290000-0x00007FF6E85E4000-memory.dmp	xmrig
behavioral2/memory/916-189-0x00007FF60D490000-0x00007FF60D7E4000-memory.dmp	xmrig
behavioral2/memory/4668-188-0x00007FF71B5E0000-0x00007FF71B934000-memory.dmp	xmrig
behavioral2/memory/1980-187-0x00007FF789390000-0x00007FF7896E4000-memory.dmp	xmrig
behavioral2/memory/2572-186-0x00007FF6B5790000-0x00007FF6B5AE4000-memory.dmp	xmrig
behavioral2/memory/2300-185-0x00007FF669900000-0x00007FF669C54000-memory.dmp	xmrig
behavioral2/memory/4504-184-0x00007FF740590000-0x00007FF7408E4000-memory.dmp	xmrig
behavioral2/memory/2004-182-0x00007FF79D020000-0x00007FF79D374000-memory.dmp	xmrig
behavioral2/memory/4348-181-0x00007FF641450000-0x00007FF6417A4000-memory.dmp	xmrig
behavioral2/memory/1400-180-0x00007FF73D740000-0x00007FF73DA94000-memory.dmp	xmrig
behavioral2/memory/1904-179-0x00007FF7E1400000-0x00007FF7E1754000-memory.dmp	xmrig
behavioral2/memory/2380-177-0x00007FF6AAB30000-0x00007FF6AAE84000-memory.dmp	xmrig
behavioral2/memory/3616-176-0x00007FF6AFBD0000-0x00007FF6AFF24000-memory.dmp	xmrig
behavioral2/memory/3024-175-0x00007FF70DB20000-0x00007FF70DE74000-memory.dmp	xmrig
behavioral2/memory/2800-174-0x00007FF7CD630000-0x00007FF7CD984000-memory.dmp	xmrig
behavioral2/memory/4684-173-0x00007FF6BD410000-0x00007FF6BD764000-memory.dmp	xmrig
behavioral2/memory/3672-171-0x00007FF704110000-0x00007FF704464000-memory.dmp	xmrig
behavioral2/memory/3472-170-0x00007FF76BF60000-0x00007FF76C2B4000-memory.dmp	xmrig
behavioral2/memory/1332-169-0x00007FF663120000-0x00007FF663474000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-167.dat	xmrig
behavioral2/files/0x0007000000023426-165.dat	xmrig
behavioral2/files/0x0007000000023424-161.dat	xmrig
behavioral2/files/0x0007000000023423-159.dat	xmrig
behavioral2/files/0x0007000000023421-155.dat	xmrig
behavioral2/files/0x0007000000023420-153.dat	xmrig
behavioral2/memory/692-152-0x00007FF721A40000-0x00007FF721D94000-memory.dmp	xmrig
behavioral2/memory/1028-151-0x00007FF72EB30000-0x00007FF72EE84000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-139.dat	xmrig
behavioral2/files/0x000700000002341e-135.dat	xmrig
behavioral2/files/0x000700000002341c-123.dat	xmrig
behavioral2/files/0x000700000002341b-117.dat	xmrig
behavioral2/files/0x000700000002341a-109.dat	xmrig
behavioral2/files/0x0007000000023418-90.dat	xmrig
behavioral2/files/0x0007000000023417-88.dat	xmrig
behavioral2/files/0x0007000000023416-86.dat	xmrig
behavioral2/files/0x0007000000023415-84.dat	xmrig
behavioral2/files/0x0007000000023414-82.dat	xmrig
behavioral2/files/0x0007000000023413-80.dat	xmrig
behavioral2/files/0x000700000002340e-76.dat	xmrig
behavioral2/files/0x000700000002340f-70.dat	xmrig
behavioral2/memory/3296-67-0x00007FF72C5C0000-0x00007FF72C914000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-55.dat	xmrig
behavioral2/files/0x0007000000023411-50.dat	xmrig
behavioral2/memory/3640-46-0x00007FF73EF50000-0x00007FF73F2A4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-35.dat	xmrig
behavioral2/memory/1876-27-0x00007FF71D500000-0x00007FF71D854000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-22.dat	xmrig
behavioral2/memory/3452-14-0x00007FF6BBB50000-0x00007FF6BBEA4000-memory.dmp	xmrig
behavioral2/memory/3296-2151-0x00007FF72C5C0000-0x00007FF72C914000-memory.dmp	xmrig
behavioral2/memory/1028-2152-0x00007FF72EB30000-0x00007FF72EE84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3452	cTJbkjo.exe
1876	PdeFHAc.exe
4668	eCiLeJI.exe
3640	Jwyacii.exe
3296	jFAOYel.exe
916	LnCOOsn.exe
1028	fkcItFr.exe
692	zqLhbDl.exe
1332	JORXEoW.exe
3472	mrpOpqW.exe
3440	WTGFQrr.exe
3672	hJyQdCy.exe
1956	thUHAjN.exe
548	gsvGmdt.exe
4684	GpJojJS.exe
2800	YXhqjIx.exe
3024	aTSqLrA.exe
3616	PZzKClD.exe
2380	BmChGCb.exe
1996	GtiILbb.exe
1904	MlfovNS.exe
1400	sGUTAXD.exe
4348	GvmdZZM.exe
2004	jMdTtAX.exe
208	lwtfKyk.exe
4504	AycXXOM.exe
2300	sdXkXDN.exe
2572	IePNwxJ.exe
1980	GSbbBao.exe
1812	XOEsYXs.exe
224	IzITTyt.exe
324	UqVgQci.exe
1692	qGgCrOB.exe
876	LtuwmxK.exe
4552	eZLvCcl.exe
5092	UVVyxvx.exe
4744	EZjodgz.exe
5008	iemPdvm.exe
4024	jcKbiDC.exe
4968	eyQKhtu.exe
3104	XibRcPH.exe
3436	vMFXzzx.exe
2112	eGMaKGE.exe
1436	oHVdLfz.exe
1584	lPVyELQ.exe
3960	sMrsAkX.exe
3840	IdoVHBm.exe
4048	HbERRfg.exe
4524	kneTbau.exe
4572	gLcGPIS.exe
3272	nUBTtId.exe
2684	PXIkDbp.exe
4720	htdgcsS.exe
2868	IAsyvGy.exe
1260	SzWKQfn.exe
1920	PdIlkPo.exe
4432	quzcxZF.exe
2960	dEsSCol.exe
2264	HxgtCcV.exe
756	lRaNhHB.exe
3952	LlZzoAs.exe
2784	nOPzMJH.exe
4784	SgIHVAj.exe
1784	YptxbGk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1588-0-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp	upx
behavioral2/files/0x000c0000000233be-5.dat	upx
behavioral2/files/0x000800000002340a-7.dat	upx
behavioral2/files/0x00090000000233ff-10.dat	upx
behavioral2/files/0x0007000000023410-45.dat	upx
behavioral2/files/0x0007000000023412-78.dat	upx
behavioral2/files/0x0007000000023419-96.dat	upx
behavioral2/files/0x000700000002341d-127.dat	upx
behavioral2/files/0x0007000000023425-148.dat	upx
behavioral2/files/0x0007000000023422-157.dat	upx
behavioral2/memory/1956-172-0x00007FF745640000-0x00007FF745994000-memory.dmp	upx
behavioral2/memory/1996-178-0x00007FF747C70000-0x00007FF747FC4000-memory.dmp	upx
behavioral2/memory/208-183-0x00007FF754310000-0x00007FF754664000-memory.dmp	upx
behavioral2/memory/3440-190-0x00007FF7EED10000-0x00007FF7EF064000-memory.dmp	upx
behavioral2/memory/548-191-0x00007FF6E8290000-0x00007FF6E85E4000-memory.dmp	upx
behavioral2/memory/916-189-0x00007FF60D490000-0x00007FF60D7E4000-memory.dmp	upx
behavioral2/memory/4668-188-0x00007FF71B5E0000-0x00007FF71B934000-memory.dmp	upx
behavioral2/memory/1980-187-0x00007FF789390000-0x00007FF7896E4000-memory.dmp	upx
behavioral2/memory/2572-186-0x00007FF6B5790000-0x00007FF6B5AE4000-memory.dmp	upx
behavioral2/memory/2300-185-0x00007FF669900000-0x00007FF669C54000-memory.dmp	upx
behavioral2/memory/4504-184-0x00007FF740590000-0x00007FF7408E4000-memory.dmp	upx
behavioral2/memory/2004-182-0x00007FF79D020000-0x00007FF79D374000-memory.dmp	upx
behavioral2/memory/4348-181-0x00007FF641450000-0x00007FF6417A4000-memory.dmp	upx
behavioral2/memory/1400-180-0x00007FF73D740000-0x00007FF73DA94000-memory.dmp	upx
behavioral2/memory/1904-179-0x00007FF7E1400000-0x00007FF7E1754000-memory.dmp	upx
behavioral2/memory/2380-177-0x00007FF6AAB30000-0x00007FF6AAE84000-memory.dmp	upx
behavioral2/memory/3616-176-0x00007FF6AFBD0000-0x00007FF6AFF24000-memory.dmp	upx
behavioral2/memory/3024-175-0x00007FF70DB20000-0x00007FF70DE74000-memory.dmp	upx
behavioral2/memory/2800-174-0x00007FF7CD630000-0x00007FF7CD984000-memory.dmp	upx
behavioral2/memory/4684-173-0x00007FF6BD410000-0x00007FF6BD764000-memory.dmp	upx
behavioral2/memory/3672-171-0x00007FF704110000-0x00007FF704464000-memory.dmp	upx
behavioral2/memory/3472-170-0x00007FF76BF60000-0x00007FF76C2B4000-memory.dmp	upx
behavioral2/memory/1332-169-0x00007FF663120000-0x00007FF663474000-memory.dmp	upx
behavioral2/files/0x0007000000023427-167.dat	upx
behavioral2/files/0x0007000000023426-165.dat	upx
behavioral2/files/0x0007000000023424-161.dat	upx
behavioral2/files/0x0007000000023423-159.dat	upx
behavioral2/files/0x0007000000023421-155.dat	upx
behavioral2/files/0x0007000000023420-153.dat	upx
behavioral2/memory/692-152-0x00007FF721A40000-0x00007FF721D94000-memory.dmp	upx
behavioral2/memory/1028-151-0x00007FF72EB30000-0x00007FF72EE84000-memory.dmp	upx
behavioral2/files/0x000700000002341f-139.dat	upx
behavioral2/files/0x000700000002341e-135.dat	upx
behavioral2/files/0x000700000002341c-123.dat	upx
behavioral2/files/0x000700000002341b-117.dat	upx
behavioral2/files/0x000700000002341a-109.dat	upx
behavioral2/files/0x0007000000023418-90.dat	upx
behavioral2/files/0x0007000000023417-88.dat	upx
behavioral2/files/0x0007000000023416-86.dat	upx
behavioral2/files/0x0007000000023415-84.dat	upx
behavioral2/files/0x0007000000023414-82.dat	upx
behavioral2/files/0x0007000000023413-80.dat	upx
behavioral2/files/0x000700000002340e-76.dat	upx
behavioral2/files/0x000700000002340f-70.dat	upx
behavioral2/memory/3296-67-0x00007FF72C5C0000-0x00007FF72C914000-memory.dmp	upx
behavioral2/files/0x000700000002340d-55.dat	upx
behavioral2/files/0x0007000000023411-50.dat	upx
behavioral2/memory/3640-46-0x00007FF73EF50000-0x00007FF73F2A4000-memory.dmp	upx
behavioral2/files/0x000700000002340c-35.dat	upx
behavioral2/memory/1876-27-0x00007FF71D500000-0x00007FF71D854000-memory.dmp	upx
behavioral2/files/0x000700000002340b-22.dat	upx
behavioral2/memory/3452-14-0x00007FF6BBB50000-0x00007FF6BBEA4000-memory.dmp	upx
behavioral2/memory/3296-2151-0x00007FF72C5C0000-0x00007FF72C914000-memory.dmp	upx
behavioral2/memory/1028-2152-0x00007FF72EB30000-0x00007FF72EE84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MmMZheq.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\alHjdDY.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\JokYRaW.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\EcRunPp.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\ZaVOgvW.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\zVxxqko.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\UeOhbTA.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\RogmKri.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\qlQfNux.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\nTxTqeI.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\aTsUdYt.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\XQiqCSb.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\PkGsAiZ.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\yNIZPdw.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\mpAkNuX.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\JRDuqjp.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\ifIgzvV.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\KtFloVk.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\YyjbKrX.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\SDvTkWV.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\aBiSzav.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\ImyiSpU.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\JjbGdyq.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\CYUTNCd.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\kMKSBtF.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\GOGvnZL.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\bYAsMTM.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\oftQfzO.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\dEsSCol.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\oVkxiIb.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\vIyYzrc.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\gDjwjIX.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\hUamDAV.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\ZwvQnHl.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\QPsWodp.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\WAahWyd.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\KvlNCKv.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\vncisAy.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\mlZKwvb.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\pHQYBZd.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\RjYbioF.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\osjESBo.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\hxCKoFW.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\KfTbxFQ.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\beBEAqK.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\ZvJkBrr.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\MUFRCpU.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\YdnmBGL.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\LrJaahE.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\tJnrHlt.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\TuzHBzi.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\qrmZkiO.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\JLiFGqT.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\xShGWUf.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\eCiLeJI.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\aTBfRfy.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\AzLSmVz.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\XrZueMT.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\lPFYzyL.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\sVPinRB.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\GtiILbb.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\QeHNXYs.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\ygzxJRE.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
File created	C:\Windows\System\QOtTGHT.exe	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13876	dwm.exe
Token: SeChangeNotifyPrivilege	13876	dwm.exe
Token: 33	13876	dwm.exe
Token: SeIncBasePriorityPrivilege	13876	dwm.exe
Token: SeShutdownPrivilege	13876	dwm.exe
Token: SeCreatePagefilePrivilege	13876	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 3452	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	82
PID 1588 wrote to memory of 3452	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	82
PID 1588 wrote to memory of 1876	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	83
PID 1588 wrote to memory of 1876	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	83
PID 1588 wrote to memory of 4668	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	84
PID 1588 wrote to memory of 4668	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	84
PID 1588 wrote to memory of 3640	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	85
PID 1588 wrote to memory of 3640	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	85
PID 1588 wrote to memory of 916	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	86
PID 1588 wrote to memory of 916	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	86
PID 1588 wrote to memory of 3296	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	87
PID 1588 wrote to memory of 3296	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	87
PID 1588 wrote to memory of 1028	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	88
PID 1588 wrote to memory of 1028	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	88
PID 1588 wrote to memory of 692	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	89
PID 1588 wrote to memory of 692	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	89
PID 1588 wrote to memory of 1332	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	90
PID 1588 wrote to memory of 1332	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	90
PID 1588 wrote to memory of 3472	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	91
PID 1588 wrote to memory of 3472	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	91
PID 1588 wrote to memory of 3440	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	92
PID 1588 wrote to memory of 3440	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	92
PID 1588 wrote to memory of 3672	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	93
PID 1588 wrote to memory of 3672	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	93
PID 1588 wrote to memory of 1956	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	94
PID 1588 wrote to memory of 1956	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	94
PID 1588 wrote to memory of 548	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	95
PID 1588 wrote to memory of 548	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	95
PID 1588 wrote to memory of 4684	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	96
PID 1588 wrote to memory of 4684	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	96
PID 1588 wrote to memory of 2800	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	97
PID 1588 wrote to memory of 2800	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	97
PID 1588 wrote to memory of 3024	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	98
PID 1588 wrote to memory of 3024	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	98
PID 1588 wrote to memory of 3616	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	99
PID 1588 wrote to memory of 3616	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	99
PID 1588 wrote to memory of 2380	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	100
PID 1588 wrote to memory of 2380	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	100
PID 1588 wrote to memory of 1996	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	101
PID 1588 wrote to memory of 1996	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	101
PID 1588 wrote to memory of 1904	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	102
PID 1588 wrote to memory of 1904	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	102
PID 1588 wrote to memory of 1400	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	103
PID 1588 wrote to memory of 1400	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	103
PID 1588 wrote to memory of 4348	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	104
PID 1588 wrote to memory of 4348	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	104
PID 1588 wrote to memory of 2004	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	105
PID 1588 wrote to memory of 2004	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	105
PID 1588 wrote to memory of 208	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	106
PID 1588 wrote to memory of 208	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	106
PID 1588 wrote to memory of 4504	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	107
PID 1588 wrote to memory of 4504	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	107
PID 1588 wrote to memory of 2300	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	108
PID 1588 wrote to memory of 2300	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	108
PID 1588 wrote to memory of 2572	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	109
PID 1588 wrote to memory of 2572	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	109
PID 1588 wrote to memory of 1980	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	110
PID 1588 wrote to memory of 1980	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	110
PID 1588 wrote to memory of 1812	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	111
PID 1588 wrote to memory of 1812	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	111
PID 1588 wrote to memory of 224	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	112
PID 1588 wrote to memory of 224	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	112
PID 1588 wrote to memory of 324	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	113
PID 1588 wrote to memory of 324	1588	1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1833e762952f559b70c3efcaeac0d730_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Windows\System\cTJbkjo.exe
  C:\Windows\System\cTJbkjo.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\PdeFHAc.exe
  C:\Windows\System\PdeFHAc.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\eCiLeJI.exe
  C:\Windows\System\eCiLeJI.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\Jwyacii.exe
  C:\Windows\System\Jwyacii.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\LnCOOsn.exe
  C:\Windows\System\LnCOOsn.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\jFAOYel.exe
  C:\Windows\System\jFAOYel.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\fkcItFr.exe
  C:\Windows\System\fkcItFr.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\zqLhbDl.exe
  C:\Windows\System\zqLhbDl.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\JORXEoW.exe
  C:\Windows\System\JORXEoW.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\mrpOpqW.exe
  C:\Windows\System\mrpOpqW.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\WTGFQrr.exe
  C:\Windows\System\WTGFQrr.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\hJyQdCy.exe
  C:\Windows\System\hJyQdCy.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\thUHAjN.exe
  C:\Windows\System\thUHAjN.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\gsvGmdt.exe
  C:\Windows\System\gsvGmdt.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\GpJojJS.exe
  C:\Windows\System\GpJojJS.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\YXhqjIx.exe
  C:\Windows\System\YXhqjIx.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\aTSqLrA.exe
  C:\Windows\System\aTSqLrA.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\PZzKClD.exe
  C:\Windows\System\PZzKClD.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\BmChGCb.exe
  C:\Windows\System\BmChGCb.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\GtiILbb.exe
  C:\Windows\System\GtiILbb.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\MlfovNS.exe
  C:\Windows\System\MlfovNS.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\sGUTAXD.exe
  C:\Windows\System\sGUTAXD.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\GvmdZZM.exe
  C:\Windows\System\GvmdZZM.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\jMdTtAX.exe
  C:\Windows\System\jMdTtAX.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\lwtfKyk.exe
  C:\Windows\System\lwtfKyk.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\AycXXOM.exe
  C:\Windows\System\AycXXOM.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\sdXkXDN.exe
  C:\Windows\System\sdXkXDN.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\IePNwxJ.exe
  C:\Windows\System\IePNwxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\GSbbBao.exe
  C:\Windows\System\GSbbBao.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\XOEsYXs.exe
  C:\Windows\System\XOEsYXs.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\IzITTyt.exe
  C:\Windows\System\IzITTyt.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\UqVgQci.exe
  C:\Windows\System\UqVgQci.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\qGgCrOB.exe
  C:\Windows\System\qGgCrOB.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\LtuwmxK.exe
  C:\Windows\System\LtuwmxK.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\eZLvCcl.exe
  C:\Windows\System\eZLvCcl.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\UVVyxvx.exe
  C:\Windows\System\UVVyxvx.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\EZjodgz.exe
  C:\Windows\System\EZjodgz.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\iemPdvm.exe
  C:\Windows\System\iemPdvm.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\jcKbiDC.exe
  C:\Windows\System\jcKbiDC.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\eyQKhtu.exe
  C:\Windows\System\eyQKhtu.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\XibRcPH.exe
  C:\Windows\System\XibRcPH.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\vMFXzzx.exe
  C:\Windows\System\vMFXzzx.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\eGMaKGE.exe
  C:\Windows\System\eGMaKGE.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\oHVdLfz.exe
  C:\Windows\System\oHVdLfz.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\lPVyELQ.exe
  C:\Windows\System\lPVyELQ.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\sMrsAkX.exe
  C:\Windows\System\sMrsAkX.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\IdoVHBm.exe
  C:\Windows\System\IdoVHBm.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\HbERRfg.exe
  C:\Windows\System\HbERRfg.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\kneTbau.exe
  C:\Windows\System\kneTbau.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\gLcGPIS.exe
  C:\Windows\System\gLcGPIS.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\nUBTtId.exe
  C:\Windows\System\nUBTtId.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\PXIkDbp.exe
  C:\Windows\System\PXIkDbp.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\htdgcsS.exe
  C:\Windows\System\htdgcsS.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\IAsyvGy.exe
  C:\Windows\System\IAsyvGy.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\SzWKQfn.exe
  C:\Windows\System\SzWKQfn.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\PdIlkPo.exe
  C:\Windows\System\PdIlkPo.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\quzcxZF.exe
  C:\Windows\System\quzcxZF.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\dEsSCol.exe
  C:\Windows\System\dEsSCol.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\HxgtCcV.exe
  C:\Windows\System\HxgtCcV.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\lRaNhHB.exe
  C:\Windows\System\lRaNhHB.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\LlZzoAs.exe
  C:\Windows\System\LlZzoAs.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\nOPzMJH.exe
  C:\Windows\System\nOPzMJH.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\SgIHVAj.exe
  C:\Windows\System\SgIHVAj.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\YptxbGk.exe
  C:\Windows\System\YptxbGk.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\RcgiUnZ.exe
  C:\Windows\System\RcgiUnZ.exe
  2⤵
  PID:2440
- C:\Windows\System\GFBCShD.exe
  C:\Windows\System\GFBCShD.exe
  2⤵
  PID:5040
- C:\Windows\System\VjHuHfP.exe
  C:\Windows\System\VjHuHfP.exe
  2⤵
  PID:4980
- C:\Windows\System\InMzSTQ.exe
  C:\Windows\System\InMzSTQ.exe
  2⤵
  PID:3864
- C:\Windows\System\DdDYIub.exe
  C:\Windows\System\DdDYIub.exe
  2⤵
  PID:5056
- C:\Windows\System\nakZlLX.exe
  C:\Windows\System\nakZlLX.exe
  2⤵
  PID:372
- C:\Windows\System\yOYoCEO.exe
  C:\Windows\System\yOYoCEO.exe
  2⤵
  PID:2568
- C:\Windows\System\JuCImde.exe
  C:\Windows\System\JuCImde.exe
  2⤵
  PID:3428
- C:\Windows\System\QLOSQhZ.exe
  C:\Windows\System\QLOSQhZ.exe
  2⤵
  PID:3328
- C:\Windows\System\lkSUssS.exe
  C:\Windows\System\lkSUssS.exe
  2⤵
  PID:4476
- C:\Windows\System\wPAjGbW.exe
  C:\Windows\System\wPAjGbW.exe
  2⤵
  PID:4036
- C:\Windows\System\favnHCG.exe
  C:\Windows\System\favnHCG.exe
  2⤵
  PID:3844
- C:\Windows\System\XluIiHh.exe
  C:\Windows\System\XluIiHh.exe
  2⤵
  PID:2792
- C:\Windows\System\ysBsGat.exe
  C:\Windows\System\ysBsGat.exe
  2⤵
  PID:4280
- C:\Windows\System\NhxBZmc.exe
  C:\Windows\System\NhxBZmc.exe
  2⤵
  PID:5052
- C:\Windows\System\jXYvMTB.exe
  C:\Windows\System\jXYvMTB.exe
  2⤵
  PID:2548
- C:\Windows\System\QfWcbvB.exe
  C:\Windows\System\QfWcbvB.exe
  2⤵
  PID:2016
- C:\Windows\System\eCGWTbg.exe
  C:\Windows\System\eCGWTbg.exe
  2⤵
  PID:3036
- C:\Windows\System\aWkFEXe.exe
  C:\Windows\System\aWkFEXe.exe
  2⤵
  PID:2304
- C:\Windows\System\pmBjvLE.exe
  C:\Windows\System\pmBjvLE.exe
  2⤵
  PID:3868
- C:\Windows\System\LiQkIjl.exe
  C:\Windows\System\LiQkIjl.exe
  2⤵
  PID:680
- C:\Windows\System\WnytSxG.exe
  C:\Windows\System\WnytSxG.exe
  2⤵
  PID:1680
- C:\Windows\System\fVBtTdM.exe
  C:\Windows\System\fVBtTdM.exe
  2⤵
  PID:4936
- C:\Windows\System\FsddqWH.exe
  C:\Windows\System\FsddqWH.exe
  2⤵
  PID:2780
- C:\Windows\System\OSBpmXM.exe
  C:\Windows\System\OSBpmXM.exe
  2⤵
  PID:4352
- C:\Windows\System\XQiqCSb.exe
  C:\Windows\System\XQiqCSb.exe
  2⤵
  PID:752
- C:\Windows\System\HlCeQlk.exe
  C:\Windows\System\HlCeQlk.exe
  2⤵
  PID:3608
- C:\Windows\System\sPHgHap.exe
  C:\Windows\System\sPHgHap.exe
  2⤵
  PID:4600
- C:\Windows\System\lWpzWrL.exe
  C:\Windows\System\lWpzWrL.exe
  2⤵
  PID:3884
- C:\Windows\System\LrJaahE.exe
  C:\Windows\System\LrJaahE.exe
  2⤵
  PID:2012
- C:\Windows\System\ZKSEuIw.exe
  C:\Windows\System\ZKSEuIw.exe
  2⤵
  PID:3464
- C:\Windows\System\CNjnyeo.exe
  C:\Windows\System\CNjnyeo.exe
  2⤵
  PID:336
- C:\Windows\System\MkAsskx.exe
  C:\Windows\System\MkAsskx.exe
  2⤵
  PID:2260
- C:\Windows\System\cHDlUlE.exe
  C:\Windows\System\cHDlUlE.exe
  2⤵
  PID:3832
- C:\Windows\System\PMyKipj.exe
  C:\Windows\System\PMyKipj.exe
  2⤵
  PID:2232
- C:\Windows\System\dkZjKPG.exe
  C:\Windows\System\dkZjKPG.exe
  2⤵
  PID:2980
- C:\Windows\System\UntBAzd.exe
  C:\Windows\System\UntBAzd.exe
  2⤵
  PID:3504
- C:\Windows\System\kokVoKM.exe
  C:\Windows\System\kokVoKM.exe
  2⤵
  PID:2092
- C:\Windows\System\hlRUkiJ.exe
  C:\Windows\System\hlRUkiJ.exe
  2⤵
  PID:4548
- C:\Windows\System\VTSBSyv.exe
  C:\Windows\System\VTSBSyv.exe
  2⤵
  PID:5124
- C:\Windows\System\iywFffr.exe
  C:\Windows\System\iywFffr.exe
  2⤵
  PID:5152
- C:\Windows\System\KIuUwGW.exe
  C:\Windows\System\KIuUwGW.exe
  2⤵
  PID:5176
- C:\Windows\System\cOyKZTl.exe
  C:\Windows\System\cOyKZTl.exe
  2⤵
  PID:5204
- C:\Windows\System\lHVpxnT.exe
  C:\Windows\System\lHVpxnT.exe
  2⤵
  PID:5232
- C:\Windows\System\dJGXtWY.exe
  C:\Windows\System\dJGXtWY.exe
  2⤵
  PID:5264
- C:\Windows\System\xbFMgxz.exe
  C:\Windows\System\xbFMgxz.exe
  2⤵
  PID:5300
- C:\Windows\System\xGyeINr.exe
  C:\Windows\System\xGyeINr.exe
  2⤵
  PID:5328
- C:\Windows\System\rHwYLKK.exe
  C:\Windows\System\rHwYLKK.exe
  2⤵
  PID:5348
- C:\Windows\System\rMEsMQh.exe
  C:\Windows\System\rMEsMQh.exe
  2⤵
  PID:5372
- C:\Windows\System\JRWOLlH.exe
  C:\Windows\System\JRWOLlH.exe
  2⤵
  PID:5400
- C:\Windows\System\mVxPybA.exe
  C:\Windows\System\mVxPybA.exe
  2⤵
  PID:5428
- C:\Windows\System\DUUdBkw.exe
  C:\Windows\System\DUUdBkw.exe
  2⤵
  PID:5464
- C:\Windows\System\oKGTpva.exe
  C:\Windows\System\oKGTpva.exe
  2⤵
  PID:5484
- C:\Windows\System\GKAvyxn.exe
  C:\Windows\System\GKAvyxn.exe
  2⤵
  PID:5524
- C:\Windows\System\GHMymns.exe
  C:\Windows\System\GHMymns.exe
  2⤵
  PID:5540
- C:\Windows\System\vDGogpQ.exe
  C:\Windows\System\vDGogpQ.exe
  2⤵
  PID:5572
- C:\Windows\System\ejrslDu.exe
  C:\Windows\System\ejrslDu.exe
  2⤵
  PID:5608
- C:\Windows\System\NZfrOde.exe
  C:\Windows\System\NZfrOde.exe
  2⤵
  PID:5636
- C:\Windows\System\PNwShmS.exe
  C:\Windows\System\PNwShmS.exe
  2⤵
  PID:5668
- C:\Windows\System\YNlZcgC.exe
  C:\Windows\System\YNlZcgC.exe
  2⤵
  PID:5696
- C:\Windows\System\rXKUTTn.exe
  C:\Windows\System\rXKUTTn.exe
  2⤵
  PID:5728
- C:\Windows\System\HFbydjU.exe
  C:\Windows\System\HFbydjU.exe
  2⤵
  PID:5752
- C:\Windows\System\FUYzGYA.exe
  C:\Windows\System\FUYzGYA.exe
  2⤵
  PID:5780
- C:\Windows\System\ifEzKgQ.exe
  C:\Windows\System\ifEzKgQ.exe
  2⤵
  PID:5796
- C:\Windows\System\DqGwXbb.exe
  C:\Windows\System\DqGwXbb.exe
  2⤵
  PID:5812
- C:\Windows\System\JFpXrwU.exe
  C:\Windows\System\JFpXrwU.exe
  2⤵
  PID:5848
- C:\Windows\System\dMwcHCx.exe
  C:\Windows\System\dMwcHCx.exe
  2⤵
  PID:5872
- C:\Windows\System\egOEBFf.exe
  C:\Windows\System\egOEBFf.exe
  2⤵
  PID:5904
- C:\Windows\System\vXKGdSX.exe
  C:\Windows\System\vXKGdSX.exe
  2⤵
  PID:5932
- C:\Windows\System\VEIzqxP.exe
  C:\Windows\System\VEIzqxP.exe
  2⤵
  PID:5968
- C:\Windows\System\HhDiLbO.exe
  C:\Windows\System\HhDiLbO.exe
  2⤵
  PID:6000
- C:\Windows\System\LqPfCZj.exe
  C:\Windows\System\LqPfCZj.exe
  2⤵
  PID:6036
- C:\Windows\System\tJnrHlt.exe
  C:\Windows\System\tJnrHlt.exe
  2⤵
  PID:6064
- C:\Windows\System\MZYHCBJ.exe
  C:\Windows\System\MZYHCBJ.exe
  2⤵
  PID:6092
- C:\Windows\System\eyeWmtF.exe
  C:\Windows\System\eyeWmtF.exe
  2⤵
  PID:6108
- C:\Windows\System\iJLBxSa.exe
  C:\Windows\System\iJLBxSa.exe
  2⤵
  PID:6124
- C:\Windows\System\WEZNCpl.exe
  C:\Windows\System\WEZNCpl.exe
  2⤵
  PID:6140
- C:\Windows\System\SSfFabq.exe
  C:\Windows\System\SSfFabq.exe
  2⤵
  PID:5132
- C:\Windows\System\jbBmIkc.exe
  C:\Windows\System\jbBmIkc.exe
  2⤵
  PID:5160
- C:\Windows\System\ifIgzvV.exe
  C:\Windows\System\ifIgzvV.exe
  2⤵
  PID:5196
- C:\Windows\System\pZNcrKP.exe
  C:\Windows\System\pZNcrKP.exe
  2⤵
  PID:5252
- C:\Windows\System\xxuuPfN.exe
  C:\Windows\System\xxuuPfN.exe
  2⤵
  PID:5284
- C:\Windows\System\Xtgdkdd.exe
  C:\Windows\System\Xtgdkdd.exe
  2⤵
  PID:5368
- C:\Windows\System\PkGsAiZ.exe
  C:\Windows\System\PkGsAiZ.exe
  2⤵
  PID:5424
- C:\Windows\System\izexWPe.exe
  C:\Windows\System\izexWPe.exe
  2⤵
  PID:5496
- C:\Windows\System\ChwabaW.exe
  C:\Windows\System\ChwabaW.exe
  2⤵
  PID:5556
- C:\Windows\System\DdCjRdt.exe
  C:\Windows\System\DdCjRdt.exe
  2⤵
  PID:5660
- C:\Windows\System\jsaoNiu.exe
  C:\Windows\System\jsaoNiu.exe
  2⤵
  PID:5720
- C:\Windows\System\Gponiki.exe
  C:\Windows\System\Gponiki.exe
  2⤵
  PID:5824
- C:\Windows\System\ItSJzTe.exe
  C:\Windows\System\ItSJzTe.exe
  2⤵
  PID:5924
- C:\Windows\System\uJKlcsq.exe
  C:\Windows\System\uJKlcsq.exe
  2⤵
  PID:6008
- C:\Windows\System\yOupyyf.exe
  C:\Windows\System\yOupyyf.exe
  2⤵
  PID:6076
- C:\Windows\System\jpAAtNm.exe
  C:\Windows\System\jpAAtNm.exe
  2⤵
  PID:5312
- C:\Windows\System\yhhfHnH.exe
  C:\Windows\System\yhhfHnH.exe
  2⤵
  PID:5188
- C:\Windows\System\kwvPNyU.exe
  C:\Windows\System\kwvPNyU.exe
  2⤵
  PID:5324
- C:\Windows\System\QQCHXlR.exe
  C:\Windows\System\QQCHXlR.exe
  2⤵
  PID:5536
- C:\Windows\System\DjgxKJR.exe
  C:\Windows\System\DjgxKJR.exe
  2⤵
  PID:5716
- C:\Windows\System\FRGmfPG.exe
  C:\Windows\System\FRGmfPG.exe
  2⤵
  PID:5888
- C:\Windows\System\BXZhxPo.exe
  C:\Windows\System\BXZhxPo.exe
  2⤵
  PID:4528
- C:\Windows\System\YKUGDqk.exe
  C:\Windows\System\YKUGDqk.exe
  2⤵
  PID:5360
- C:\Windows\System\UBoyuQC.exe
  C:\Windows\System\UBoyuQC.exe
  2⤵
  PID:1972
- C:\Windows\System\HfVDsqm.exe
  C:\Windows\System\HfVDsqm.exe
  2⤵
  PID:5632
- C:\Windows\System\pHQYBZd.exe
  C:\Windows\System\pHQYBZd.exe
  2⤵
  PID:6152
- C:\Windows\System\VZBdaBH.exe
  C:\Windows\System\VZBdaBH.exe
  2⤵
  PID:6172
- C:\Windows\System\mQLEvbU.exe
  C:\Windows\System\mQLEvbU.exe
  2⤵
  PID:6200
- C:\Windows\System\xRpqjvO.exe
  C:\Windows\System\xRpqjvO.exe
  2⤵
  PID:6236
- C:\Windows\System\GJFLLSV.exe
  C:\Windows\System\GJFLLSV.exe
  2⤵
  PID:6272
- C:\Windows\System\zwxYXiI.exe
  C:\Windows\System\zwxYXiI.exe
  2⤵
  PID:6308
- C:\Windows\System\SSHxNLL.exe
  C:\Windows\System\SSHxNLL.exe
  2⤵
  PID:6328
- C:\Windows\System\kMKSBtF.exe
  C:\Windows\System\kMKSBtF.exe
  2⤵
  PID:6364
- C:\Windows\System\vRjatcu.exe
  C:\Windows\System\vRjatcu.exe
  2⤵
  PID:6400
- C:\Windows\System\euYXDfv.exe
  C:\Windows\System\euYXDfv.exe
  2⤵
  PID:6424
- C:\Windows\System\gWNESpC.exe
  C:\Windows\System\gWNESpC.exe
  2⤵
  PID:6460
- C:\Windows\System\KSdWiTb.exe
  C:\Windows\System\KSdWiTb.exe
  2⤵
  PID:6488
- C:\Windows\System\VOPbJAG.exe
  C:\Windows\System\VOPbJAG.exe
  2⤵
  PID:6528
- C:\Windows\System\JvXOsxI.exe
  C:\Windows\System\JvXOsxI.exe
  2⤵
  PID:6560
- C:\Windows\System\ozlypbl.exe
  C:\Windows\System\ozlypbl.exe
  2⤵
  PID:6580
- C:\Windows\System\LIPjGgC.exe
  C:\Windows\System\LIPjGgC.exe
  2⤵
  PID:6616
- C:\Windows\System\ZaVOgvW.exe
  C:\Windows\System\ZaVOgvW.exe
  2⤵
  PID:6640
- C:\Windows\System\nYBfDPX.exe
  C:\Windows\System\nYBfDPX.exe
  2⤵
  PID:6672
- C:\Windows\System\VdtGeww.exe
  C:\Windows\System\VdtGeww.exe
  2⤵
  PID:6688
- C:\Windows\System\NrLIVkO.exe
  C:\Windows\System\NrLIVkO.exe
  2⤵
  PID:6724
- C:\Windows\System\ixwDKLd.exe
  C:\Windows\System\ixwDKLd.exe
  2⤵
  PID:6756
- C:\Windows\System\ibwIjEd.exe
  C:\Windows\System\ibwIjEd.exe
  2⤵
  PID:6776
- C:\Windows\System\AHUcVoA.exe
  C:\Windows\System\AHUcVoA.exe
  2⤵
  PID:6812
- C:\Windows\System\srrICkL.exe
  C:\Windows\System\srrICkL.exe
  2⤵
  PID:6848
- C:\Windows\System\ZKWVfvr.exe
  C:\Windows\System\ZKWVfvr.exe
  2⤵
  PID:6880
- C:\Windows\System\wCDFMcr.exe
  C:\Windows\System\wCDFMcr.exe
  2⤵
  PID:6912
- C:\Windows\System\QimoLeD.exe
  C:\Windows\System\QimoLeD.exe
  2⤵
  PID:6932
- C:\Windows\System\EYusKBF.exe
  C:\Windows\System\EYusKBF.exe
  2⤵
  PID:6960
- C:\Windows\System\ANCcJze.exe
  C:\Windows\System\ANCcJze.exe
  2⤵
  PID:6984
- C:\Windows\System\yKjbkiw.exe
  C:\Windows\System\yKjbkiw.exe
  2⤵
  PID:7000
- C:\Windows\System\TpducUi.exe
  C:\Windows\System\TpducUi.exe
  2⤵
  PID:7016
- C:\Windows\System\tVrEsZo.exe
  C:\Windows\System\tVrEsZo.exe
  2⤵
  PID:7040
- C:\Windows\System\XWhTMpv.exe
  C:\Windows\System\XWhTMpv.exe
  2⤵
  PID:7056
- C:\Windows\System\lNNgZWL.exe
  C:\Windows\System\lNNgZWL.exe
  2⤵
  PID:7084
- C:\Windows\System\wWaojNK.exe
  C:\Windows\System\wWaojNK.exe
  2⤵
  PID:7116
- C:\Windows\System\DdTTabT.exe
  C:\Windows\System\DdTTabT.exe
  2⤵
  PID:7156
- C:\Windows\System\hxCKoFW.exe
  C:\Windows\System\hxCKoFW.exe
  2⤵
  PID:5516
- C:\Windows\System\sxyVjdE.exe
  C:\Windows\System\sxyVjdE.exe
  2⤵
  PID:6196
- C:\Windows\System\EqVXZIf.exe
  C:\Windows\System\EqVXZIf.exe
  2⤵
  PID:6284
- C:\Windows\System\QeHNXYs.exe
  C:\Windows\System\QeHNXYs.exe
  2⤵
  PID:6336
- C:\Windows\System\yDjtrBt.exe
  C:\Windows\System\yDjtrBt.exe
  2⤵
  PID:6388
- C:\Windows\System\iSdyxkf.exe
  C:\Windows\System\iSdyxkf.exe
  2⤵
  PID:6448
- C:\Windows\System\PUMnGNT.exe
  C:\Windows\System\PUMnGNT.exe
  2⤵
  PID:6540
- C:\Windows\System\kNADscs.exe
  C:\Windows\System\kNADscs.exe
  2⤵
  PID:6624
- C:\Windows\System\AHkeiEj.exe
  C:\Windows\System\AHkeiEj.exe
  2⤵
  PID:6708
- C:\Windows\System\KfTbxFQ.exe
  C:\Windows\System\KfTbxFQ.exe
  2⤵
  PID:6768
- C:\Windows\System\FPhOWkf.exe
  C:\Windows\System\FPhOWkf.exe
  2⤵
  PID:6860
- C:\Windows\System\oEhRJDj.exe
  C:\Windows\System\oEhRJDj.exe
  2⤵
  PID:6940
- C:\Windows\System\sSzXzoP.exe
  C:\Windows\System\sSzXzoP.exe
  2⤵
  PID:7008
- C:\Windows\System\RjYbioF.exe
  C:\Windows\System\RjYbioF.exe
  2⤵
  PID:6996
- C:\Windows\System\sWOzPxQ.exe
  C:\Windows\System\sWOzPxQ.exe
  2⤵
  PID:7032
- C:\Windows\System\UeOhbTA.exe
  C:\Windows\System\UeOhbTA.exe
  2⤵
  PID:7148
- C:\Windows\System\ulbkqZv.exe
  C:\Windows\System\ulbkqZv.exe
  2⤵
  PID:6164
- C:\Windows\System\jTHRJGm.exe
  C:\Windows\System\jTHRJGm.exe
  2⤵
  PID:6432
- C:\Windows\System\iHVpSAr.exe
  C:\Windows\System\iHVpSAr.exe
  2⤵
  PID:6612
- C:\Windows\System\qhluEcu.exe
  C:\Windows\System\qhluEcu.exe
  2⤵
  PID:6764
- C:\Windows\System\CabhAzN.exe
  C:\Windows\System\CabhAzN.exe
  2⤵
  PID:6920
- C:\Windows\System\jSPfuaB.exe
  C:\Windows\System\jSPfuaB.exe
  2⤵
  PID:7144
- C:\Windows\System\FDukwWL.exe
  C:\Windows\System\FDukwWL.exe
  2⤵
  PID:6168
- C:\Windows\System\DyakJTa.exe
  C:\Windows\System\DyakJTa.exe
  2⤵
  PID:6264
- C:\Windows\System\OqWFiLh.exe
  C:\Windows\System\OqWFiLh.exe
  2⤵
  PID:6700
- C:\Windows\System\IFjBYpD.exe
  C:\Windows\System\IFjBYpD.exe
  2⤵
  PID:7128
- C:\Windows\System\IfBzmvH.exe
  C:\Windows\System\IfBzmvH.exe
  2⤵
  PID:6224
- C:\Windows\System\YMerHoa.exe
  C:\Windows\System\YMerHoa.exe
  2⤵
  PID:7192
- C:\Windows\System\TGVbqXj.exe
  C:\Windows\System\TGVbqXj.exe
  2⤵
  PID:7216
- C:\Windows\System\KOROIBP.exe
  C:\Windows\System\KOROIBP.exe
  2⤵
  PID:7252
- C:\Windows\System\ELKWnaR.exe
  C:\Windows\System\ELKWnaR.exe
  2⤵
  PID:7288
- C:\Windows\System\wpBQouC.exe
  C:\Windows\System\wpBQouC.exe
  2⤵
  PID:7308
- C:\Windows\System\dXZRSWU.exe
  C:\Windows\System\dXZRSWU.exe
  2⤵
  PID:7336
- C:\Windows\System\knDuxJb.exe
  C:\Windows\System\knDuxJb.exe
  2⤵
  PID:7376
- C:\Windows\System\imWXWJJ.exe
  C:\Windows\System\imWXWJJ.exe
  2⤵
  PID:7412
- C:\Windows\System\NLaXVWP.exe
  C:\Windows\System\NLaXVWP.exe
  2⤵
  PID:7444
- C:\Windows\System\UVvovvd.exe
  C:\Windows\System\UVvovvd.exe
  2⤵
  PID:7480
- C:\Windows\System\luKMtez.exe
  C:\Windows\System\luKMtez.exe
  2⤵
  PID:7508
- C:\Windows\System\cCNKgOZ.exe
  C:\Windows\System\cCNKgOZ.exe
  2⤵
  PID:7524
- C:\Windows\System\oglvGzG.exe
  C:\Windows\System\oglvGzG.exe
  2⤵
  PID:7552
- C:\Windows\System\YSnIbqb.exe
  C:\Windows\System\YSnIbqb.exe
  2⤵
  PID:7584
- C:\Windows\System\ZsacDWZ.exe
  C:\Windows\System\ZsacDWZ.exe
  2⤵
  PID:7620
- C:\Windows\System\DflFaRc.exe
  C:\Windows\System\DflFaRc.exe
  2⤵
  PID:7636
- C:\Windows\System\itpOtqO.exe
  C:\Windows\System\itpOtqO.exe
  2⤵
  PID:7664
- C:\Windows\System\GuqoHOl.exe
  C:\Windows\System\GuqoHOl.exe
  2⤵
  PID:7692
- C:\Windows\System\vdSCLAl.exe
  C:\Windows\System\vdSCLAl.exe
  2⤵
  PID:7720
- C:\Windows\System\SAPwKYr.exe
  C:\Windows\System\SAPwKYr.exe
  2⤵
  PID:7752
- C:\Windows\System\JDMDZYK.exe
  C:\Windows\System\JDMDZYK.exe
  2⤵
  PID:7776
- C:\Windows\System\KtFloVk.exe
  C:\Windows\System\KtFloVk.exe
  2⤵
  PID:7812
- C:\Windows\System\lmRFSkQ.exe
  C:\Windows\System\lmRFSkQ.exe
  2⤵
  PID:7840
- C:\Windows\System\hkXWpih.exe
  C:\Windows\System\hkXWpih.exe
  2⤵
  PID:7868
- C:\Windows\System\IKGVEWn.exe
  C:\Windows\System\IKGVEWn.exe
  2⤵
  PID:7896
- C:\Windows\System\zJYigGH.exe
  C:\Windows\System\zJYigGH.exe
  2⤵
  PID:7932
- C:\Windows\System\bMEfwWh.exe
  C:\Windows\System\bMEfwWh.exe
  2⤵
  PID:7964
- C:\Windows\System\DnmPDpv.exe
  C:\Windows\System\DnmPDpv.exe
  2⤵
  PID:7992
- C:\Windows\System\UrtybsN.exe
  C:\Windows\System\UrtybsN.exe
  2⤵
  PID:8020
- C:\Windows\System\beBEAqK.exe
  C:\Windows\System\beBEAqK.exe
  2⤵
  PID:8048
- C:\Windows\System\guvEPqx.exe
  C:\Windows\System\guvEPqx.exe
  2⤵
  PID:8076
- C:\Windows\System\gGuKhQc.exe
  C:\Windows\System\gGuKhQc.exe
  2⤵
  PID:8104
- C:\Windows\System\YKhzGqm.exe
  C:\Windows\System\YKhzGqm.exe
  2⤵
  PID:8120
- C:\Windows\System\kwpnift.exe
  C:\Windows\System\kwpnift.exe
  2⤵
  PID:8148
- C:\Windows\System\HkPsaxi.exe
  C:\Windows\System\HkPsaxi.exe
  2⤵
  PID:8176
- C:\Windows\System\SEJzmcp.exe
  C:\Windows\System\SEJzmcp.exe
  2⤵
  PID:6840
- C:\Windows\System\OcrEASE.exe
  C:\Windows\System\OcrEASE.exe
  2⤵
  PID:7232
- C:\Windows\System\HMnawCz.exe
  C:\Windows\System\HMnawCz.exe
  2⤵
  PID:7316
- C:\Windows\System\cOcENEn.exe
  C:\Windows\System\cOcENEn.exe
  2⤵
  PID:7352
- C:\Windows\System\nJyGxpF.exe
  C:\Windows\System\nJyGxpF.exe
  2⤵
  PID:7436
- C:\Windows\System\gDjwjIX.exe
  C:\Windows\System\gDjwjIX.exe
  2⤵
  PID:7540
- C:\Windows\System\ILRTfCD.exe
  C:\Windows\System\ILRTfCD.exe
  2⤵
  PID:7576
- C:\Windows\System\ttfRQkN.exe
  C:\Windows\System\ttfRQkN.exe
  2⤵
  PID:7648
- C:\Windows\System\zVxxqko.exe
  C:\Windows\System\zVxxqko.exe
  2⤵
  PID:7684
- C:\Windows\System\szjEwXX.exe
  C:\Windows\System\szjEwXX.exe
  2⤵
  PID:7784
- C:\Windows\System\GOGvnZL.exe
  C:\Windows\System\GOGvnZL.exe
  2⤵
  PID:7804
- C:\Windows\System\vJzdmQj.exe
  C:\Windows\System\vJzdmQj.exe
  2⤵
  PID:7892
- C:\Windows\System\ZvJkBrr.exe
  C:\Windows\System\ZvJkBrr.exe
  2⤵
  PID:7980
- C:\Windows\System\cyULvHa.exe
  C:\Windows\System\cyULvHa.exe
  2⤵
  PID:8044
- C:\Windows\System\ghifCzO.exe
  C:\Windows\System\ghifCzO.exe
  2⤵
  PID:8112
- C:\Windows\System\YyjbKrX.exe
  C:\Windows\System\YyjbKrX.exe
  2⤵
  PID:8172
- C:\Windows\System\IYsBUFg.exe
  C:\Windows\System\IYsBUFg.exe
  2⤵
  PID:7180
- C:\Windows\System\wHUiQng.exe
  C:\Windows\System\wHUiQng.exe
  2⤵
  PID:7356
- C:\Windows\System\udlBuUc.exe
  C:\Windows\System\udlBuUc.exe
  2⤵
  PID:7468
- C:\Windows\System\dZsEEqu.exe
  C:\Windows\System\dZsEEqu.exe
  2⤵
  PID:7536
- C:\Windows\System\UCeHJGX.exe
  C:\Windows\System\UCeHJGX.exe
  2⤵
  PID:7708
- C:\Windows\System\pnfEWNK.exe
  C:\Windows\System\pnfEWNK.exe
  2⤵
  PID:7880
- C:\Windows\System\ZTSpLAr.exe
  C:\Windows\System\ZTSpLAr.exe
  2⤵
  PID:8032
- C:\Windows\System\Fowcfhh.exe
  C:\Windows\System\Fowcfhh.exe
  2⤵
  PID:6588
- C:\Windows\System\dOjXmuO.exe
  C:\Windows\System\dOjXmuO.exe
  2⤵
  PID:7948
- C:\Windows\System\kzbPRMB.exe
  C:\Windows\System\kzbPRMB.exe
  2⤵
  PID:7952
- C:\Windows\System\fMwGlRg.exe
  C:\Windows\System\fMwGlRg.exe
  2⤵
  PID:7632
- C:\Windows\System\LRcZhvf.exe
  C:\Windows\System\LRcZhvf.exe
  2⤵
  PID:7520
- C:\Windows\System\pMWJYvW.exe
  C:\Windows\System\pMWJYvW.exe
  2⤵
  PID:8220
- C:\Windows\System\sjJNDmi.exe
  C:\Windows\System\sjJNDmi.exe
  2⤵
  PID:8252
- C:\Windows\System\AAeEIlG.exe
  C:\Windows\System\AAeEIlG.exe
  2⤵
  PID:8280
- C:\Windows\System\SDvTkWV.exe
  C:\Windows\System\SDvTkWV.exe
  2⤵
  PID:8308
- C:\Windows\System\twYWquo.exe
  C:\Windows\System\twYWquo.exe
  2⤵
  PID:8336
- C:\Windows\System\kUCjDaQ.exe
  C:\Windows\System\kUCjDaQ.exe
  2⤵
  PID:8364
- C:\Windows\System\MyLrbMG.exe
  C:\Windows\System\MyLrbMG.exe
  2⤵
  PID:8392
- C:\Windows\System\LjBbnsO.exe
  C:\Windows\System\LjBbnsO.exe
  2⤵
  PID:8420
- C:\Windows\System\bCSeSNX.exe
  C:\Windows\System\bCSeSNX.exe
  2⤵
  PID:8448
- C:\Windows\System\ITaTGaH.exe
  C:\Windows\System\ITaTGaH.exe
  2⤵
  PID:8476
- C:\Windows\System\nnypMKe.exe
  C:\Windows\System\nnypMKe.exe
  2⤵
  PID:8504
- C:\Windows\System\VpRpKqO.exe
  C:\Windows\System\VpRpKqO.exe
  2⤵
  PID:8524
- C:\Windows\System\mUwDOGQ.exe
  C:\Windows\System\mUwDOGQ.exe
  2⤵
  PID:8544
- C:\Windows\System\dYWlRRg.exe
  C:\Windows\System\dYWlRRg.exe
  2⤵
  PID:8568
- C:\Windows\System\gyTWmyM.exe
  C:\Windows\System\gyTWmyM.exe
  2⤵
  PID:8588
- C:\Windows\System\wezqqaf.exe
  C:\Windows\System\wezqqaf.exe
  2⤵
  PID:8616
- C:\Windows\System\avleiVB.exe
  C:\Windows\System\avleiVB.exe
  2⤵
  PID:8660
- C:\Windows\System\YLfjBRf.exe
  C:\Windows\System\YLfjBRf.exe
  2⤵
  PID:8684
- C:\Windows\System\kQtUxVl.exe
  C:\Windows\System\kQtUxVl.exe
  2⤵
  PID:8704
- C:\Windows\System\POAvKSm.exe
  C:\Windows\System\POAvKSm.exe
  2⤵
  PID:8740
- C:\Windows\System\VBMwDIf.exe
  C:\Windows\System\VBMwDIf.exe
  2⤵
  PID:8772
- C:\Windows\System\xgWKAqY.exe
  C:\Windows\System\xgWKAqY.exe
  2⤵
  PID:8796
- C:\Windows\System\hwsjNcK.exe
  C:\Windows\System\hwsjNcK.exe
  2⤵
  PID:8832
- C:\Windows\System\CnFhOId.exe
  C:\Windows\System\CnFhOId.exe
  2⤵
  PID:8868
- C:\Windows\System\ZwvQnHl.exe
  C:\Windows\System\ZwvQnHl.exe
  2⤵
  PID:8908
- C:\Windows\System\JyMwFao.exe
  C:\Windows\System\JyMwFao.exe
  2⤵
  PID:8936
- C:\Windows\System\XrZueMT.exe
  C:\Windows\System\XrZueMT.exe
  2⤵
  PID:8964
- C:\Windows\System\hGHqOyu.exe
  C:\Windows\System\hGHqOyu.exe
  2⤵
  PID:8992
- C:\Windows\System\UDBcPrx.exe
  C:\Windows\System\UDBcPrx.exe
  2⤵
  PID:9020
- C:\Windows\System\YygZCUs.exe
  C:\Windows\System\YygZCUs.exe
  2⤵
  PID:9036
- C:\Windows\System\DWiJCrJ.exe
  C:\Windows\System\DWiJCrJ.exe
  2⤵
  PID:9064
- C:\Windows\System\gHyYqng.exe
  C:\Windows\System\gHyYqng.exe
  2⤵
  PID:9104
- C:\Windows\System\QPsWodp.exe
  C:\Windows\System\QPsWodp.exe
  2⤵
  PID:9132
- C:\Windows\System\lWytfKC.exe
  C:\Windows\System\lWytfKC.exe
  2⤵
  PID:9148
- C:\Windows\System\PhiJcJs.exe
  C:\Windows\System\PhiJcJs.exe
  2⤵
  PID:9176
- C:\Windows\System\OefCFVw.exe
  C:\Windows\System\OefCFVw.exe
  2⤵
  PID:7768
- C:\Windows\System\lHKwqno.exe
  C:\Windows\System\lHKwqno.exe
  2⤵
  PID:8240
- C:\Windows\System\lkthYPc.exe
  C:\Windows\System\lkthYPc.exe
  2⤵
  PID:8304
- C:\Windows\System\iCpmfpz.exe
  C:\Windows\System\iCpmfpz.exe
  2⤵
  PID:8376
- C:\Windows\System\umtGLGn.exe
  C:\Windows\System\umtGLGn.exe
  2⤵
  PID:8440
- C:\Windows\System\ejVlQsu.exe
  C:\Windows\System\ejVlQsu.exe
  2⤵
  PID:8500
- C:\Windows\System\eKSZEYL.exe
  C:\Windows\System\eKSZEYL.exe
  2⤵
  PID:8564
- C:\Windows\System\QiKDKfO.exe
  C:\Windows\System\QiKDKfO.exe
  2⤵
  PID:8632
- C:\Windows\System\NwHoqce.exe
  C:\Windows\System\NwHoqce.exe
  2⤵
  PID:8600
- C:\Windows\System\WAahWyd.exe
  C:\Windows\System\WAahWyd.exe
  2⤵
  PID:8736
- C:\Windows\System\YujqBYB.exe
  C:\Windows\System\YujqBYB.exe
  2⤵
  PID:8856
- C:\Windows\System\rAdxlIn.exe
  C:\Windows\System\rAdxlIn.exe
  2⤵
  PID:8892
- C:\Windows\System\vPSmrOQ.exe
  C:\Windows\System\vPSmrOQ.exe
  2⤵
  PID:8956
- C:\Windows\System\kDOnlvm.exe
  C:\Windows\System\kDOnlvm.exe
  2⤵
  PID:9032
- C:\Windows\System\KMTDErZ.exe
  C:\Windows\System\KMTDErZ.exe
  2⤵
  PID:9116
- C:\Windows\System\aOBVASf.exe
  C:\Windows\System\aOBVASf.exe
  2⤵
  PID:9164
- C:\Windows\System\qMwEzsA.exe
  C:\Windows\System\qMwEzsA.exe
  2⤵
  PID:8216
- C:\Windows\System\acQvFZg.exe
  C:\Windows\System\acQvFZg.exe
  2⤵
  PID:8356
- C:\Windows\System\ArGzkec.exe
  C:\Windows\System\ArGzkec.exe
  2⤵
  PID:8468
- C:\Windows\System\xAsNUMf.exe
  C:\Windows\System\xAsNUMf.exe
  2⤵
  PID:8672
- C:\Windows\System\yNIZPdw.exe
  C:\Windows\System\yNIZPdw.exe
  2⤵
  PID:8724
- C:\Windows\System\bwxtKlr.exe
  C:\Windows\System\bwxtKlr.exe
  2⤵
  PID:8844
- C:\Windows\System\peJpfSf.exe
  C:\Windows\System\peJpfSf.exe
  2⤵
  PID:9096
- C:\Windows\System\edBEjQn.exe
  C:\Windows\System\edBEjQn.exe
  2⤵
  PID:9204
- C:\Windows\System\oWPmOFr.exe
  C:\Windows\System\oWPmOFr.exe
  2⤵
  PID:8512
- C:\Windows\System\MCsXUma.exe
  C:\Windows\System\MCsXUma.exe
  2⤵
  PID:9028
- C:\Windows\System\GfdmYPc.exe
  C:\Windows\System\GfdmYPc.exe
  2⤵
  PID:9208
- C:\Windows\System\RybLqIr.exe
  C:\Windows\System\RybLqIr.exe
  2⤵
  PID:9072
- C:\Windows\System\MUFRCpU.exe
  C:\Windows\System\MUFRCpU.exe
  2⤵
  PID:9236
- C:\Windows\System\RQZkYVJ.exe
  C:\Windows\System\RQZkYVJ.exe
  2⤵
  PID:9256
- C:\Windows\System\inAyDIc.exe
  C:\Windows\System\inAyDIc.exe
  2⤵
  PID:9280
- C:\Windows\System\aTBfRfy.exe
  C:\Windows\System\aTBfRfy.exe
  2⤵
  PID:9312
- C:\Windows\System\KvlNCKv.exe
  C:\Windows\System\KvlNCKv.exe
  2⤵
  PID:9348
- C:\Windows\System\YuSVqYE.exe
  C:\Windows\System\YuSVqYE.exe
  2⤵
  PID:9376
- C:\Windows\System\vncisAy.exe
  C:\Windows\System\vncisAy.exe
  2⤵
  PID:9404
- C:\Windows\System\zslKjQQ.exe
  C:\Windows\System\zslKjQQ.exe
  2⤵
  PID:9436
- C:\Windows\System\QCmWqGH.exe
  C:\Windows\System\QCmWqGH.exe
  2⤵
  PID:9460
- C:\Windows\System\EyrywiH.exe
  C:\Windows\System\EyrywiH.exe
  2⤵
  PID:9492
- C:\Windows\System\ZMIlqln.exe
  C:\Windows\System\ZMIlqln.exe
  2⤵
  PID:9524
- C:\Windows\System\EOQdVkM.exe
  C:\Windows\System\EOQdVkM.exe
  2⤵
  PID:9556
- C:\Windows\System\gXBiEjU.exe
  C:\Windows\System\gXBiEjU.exe
  2⤵
  PID:9584
- C:\Windows\System\hozewOo.exe
  C:\Windows\System\hozewOo.exe
  2⤵
  PID:9604
- C:\Windows\System\PNcjVEd.exe
  C:\Windows\System\PNcjVEd.exe
  2⤵
  PID:9636
- C:\Windows\System\PSQMwEn.exe
  C:\Windows\System\PSQMwEn.exe
  2⤵
  PID:9672
- C:\Windows\System\YdnmBGL.exe
  C:\Windows\System\YdnmBGL.exe
  2⤵
  PID:9700
- C:\Windows\System\GDzLYGl.exe
  C:\Windows\System\GDzLYGl.exe
  2⤵
  PID:9736
- C:\Windows\System\XyTHJSN.exe
  C:\Windows\System\XyTHJSN.exe
  2⤵
  PID:9764
- C:\Windows\System\tPTssje.exe
  C:\Windows\System\tPTssje.exe
  2⤵
  PID:9796
- C:\Windows\System\AGrYSGf.exe
  C:\Windows\System\AGrYSGf.exe
  2⤵
  PID:9824
- C:\Windows\System\SAUWcAU.exe
  C:\Windows\System\SAUWcAU.exe
  2⤵
  PID:9852
- C:\Windows\System\yIpFhJV.exe
  C:\Windows\System\yIpFhJV.exe
  2⤵
  PID:9880
- C:\Windows\System\lzwTRxv.exe
  C:\Windows\System\lzwTRxv.exe
  2⤵
  PID:9908
- C:\Windows\System\qaBEljn.exe
  C:\Windows\System\qaBEljn.exe
  2⤵
  PID:9936
- C:\Windows\System\uIkDwkE.exe
  C:\Windows\System\uIkDwkE.exe
  2⤵
  PID:9960
- C:\Windows\System\xoJmXTi.exe
  C:\Windows\System\xoJmXTi.exe
  2⤵
  PID:9992
- C:\Windows\System\OFZsHuR.exe
  C:\Windows\System\OFZsHuR.exe
  2⤵
  PID:10020
- C:\Windows\System\EXyyGna.exe
  C:\Windows\System\EXyyGna.exe
  2⤵
  PID:10048
- C:\Windows\System\zzLUrJH.exe
  C:\Windows\System\zzLUrJH.exe
  2⤵
  PID:10076
- C:\Windows\System\fABgfOm.exe
  C:\Windows\System\fABgfOm.exe
  2⤵
  PID:10092
- C:\Windows\System\yxEvjxz.exe
  C:\Windows\System\yxEvjxz.exe
  2⤵
  PID:10108
- C:\Windows\System\yGADBHI.exe
  C:\Windows\System\yGADBHI.exe
  2⤵
  PID:10136
- C:\Windows\System\hfjzBUS.exe
  C:\Windows\System\hfjzBUS.exe
  2⤵
  PID:10164
- C:\Windows\System\szbaNWW.exe
  C:\Windows\System\szbaNWW.exe
  2⤵
  PID:10204
- C:\Windows\System\lqNaBnJ.exe
  C:\Windows\System\lqNaBnJ.exe
  2⤵
  PID:10220
- C:\Windows\System\MsdQOzR.exe
  C:\Windows\System\MsdQOzR.exe
  2⤵
  PID:8432
- C:\Windows\System\ntDcmGQ.exe
  C:\Windows\System\ntDcmGQ.exe
  2⤵
  PID:9268
- C:\Windows\System\FzHnOST.exe
  C:\Windows\System\FzHnOST.exe
  2⤵
  PID:9340
- C:\Windows\System\ZMIIESt.exe
  C:\Windows\System\ZMIIESt.exe
  2⤵
  PID:9412
- C:\Windows\System\qLCWSAU.exe
  C:\Windows\System\qLCWSAU.exe
  2⤵
  PID:9488
- C:\Windows\System\dJUVlwe.exe
  C:\Windows\System\dJUVlwe.exe
  2⤵
  PID:9576
- C:\Windows\System\umgoJnk.exe
  C:\Windows\System\umgoJnk.exe
  2⤵
  PID:9684
- C:\Windows\System\KCxehbq.exe
  C:\Windows\System\KCxehbq.exe
  2⤵
  PID:9696
- C:\Windows\System\seXIxPt.exe
  C:\Windows\System\seXIxPt.exe
  2⤵
  PID:9760
- C:\Windows\System\XkqTLYQ.exe
  C:\Windows\System\XkqTLYQ.exe
  2⤵
  PID:9864
- C:\Windows\System\PcIMxaS.exe
  C:\Windows\System\PcIMxaS.exe
  2⤵
  PID:9896
- C:\Windows\System\VtNgqda.exe
  C:\Windows\System\VtNgqda.exe
  2⤵
  PID:9968
- C:\Windows\System\MYcawke.exe
  C:\Windows\System\MYcawke.exe
  2⤵
  PID:10072
- C:\Windows\System\sHYSwaM.exe
  C:\Windows\System\sHYSwaM.exe
  2⤵
  PID:10148
- C:\Windows\System\Ohaeinu.exe
  C:\Windows\System\Ohaeinu.exe
  2⤵
  PID:10176
- C:\Windows\System\mwrxDAp.exe
  C:\Windows\System\mwrxDAp.exe
  2⤵
  PID:9264
- C:\Windows\System\JmNRniY.exe
  C:\Windows\System\JmNRniY.exe
  2⤵
  PID:9300
- C:\Windows\System\yqjuCpe.exe
  C:\Windows\System\yqjuCpe.exe
  2⤵
  PID:9508
- C:\Windows\System\JLiFGqT.exe
  C:\Windows\System\JLiFGqT.exe
  2⤵
  PID:9688
- C:\Windows\System\FXkfUam.exe
  C:\Windows\System\FXkfUam.exe
  2⤵
  PID:9872
- C:\Windows\System\QSsZrIq.exe
  C:\Windows\System\QSsZrIq.exe
  2⤵
  PID:9956
- C:\Windows\System\iFZcFNG.exe
  C:\Windows\System\iFZcFNG.exe
  2⤵
  PID:10120
- C:\Windows\System\IvuMROm.exe
  C:\Windows\System\IvuMROm.exe
  2⤵
  PID:8696
- C:\Windows\System\eIGuCEv.exe
  C:\Windows\System\eIGuCEv.exe
  2⤵
  PID:9652
- C:\Windows\System\jfnsvbF.exe
  C:\Windows\System\jfnsvbF.exe
  2⤵
  PID:10044
- C:\Windows\System\QTwrOao.exe
  C:\Windows\System\QTwrOao.exe
  2⤵
  PID:9592
- C:\Windows\System\MQklksO.exe
  C:\Windows\System\MQklksO.exe
  2⤵
  PID:10216
- C:\Windows\System\DXzpZRt.exe
  C:\Windows\System\DXzpZRt.exe
  2⤵
  PID:10256
- C:\Windows\System\wwVHnLi.exe
  C:\Windows\System\wwVHnLi.exe
  2⤵
  PID:10292
- C:\Windows\System\exkbThj.exe
  C:\Windows\System\exkbThj.exe
  2⤵
  PID:10316
- C:\Windows\System\aBiSzav.exe
  C:\Windows\System\aBiSzav.exe
  2⤵
  PID:10352
- C:\Windows\System\HDIZjUm.exe
  C:\Windows\System\HDIZjUm.exe
  2⤵
  PID:10380
- C:\Windows\System\LnxvWSE.exe
  C:\Windows\System\LnxvWSE.exe
  2⤵
  PID:10396
- C:\Windows\System\sGGfqDJ.exe
  C:\Windows\System\sGGfqDJ.exe
  2⤵
  PID:10420
- C:\Windows\System\vWfWfsT.exe
  C:\Windows\System\vWfWfsT.exe
  2⤵
  PID:10456
- C:\Windows\System\GhJmthI.exe
  C:\Windows\System\GhJmthI.exe
  2⤵
  PID:10488
- C:\Windows\System\UaOrUQw.exe
  C:\Windows\System\UaOrUQw.exe
  2⤵
  PID:10520
- C:\Windows\System\RixODNS.exe
  C:\Windows\System\RixODNS.exe
  2⤵
  PID:10540
- C:\Windows\System\NglKnVR.exe
  C:\Windows\System\NglKnVR.exe
  2⤵
  PID:10564
- C:\Windows\System\rTtXvyO.exe
  C:\Windows\System\rTtXvyO.exe
  2⤵
  PID:10592
- C:\Windows\System\ERKxNbS.exe
  C:\Windows\System\ERKxNbS.exe
  2⤵
  PID:10620
- C:\Windows\System\jdMUqCO.exe
  C:\Windows\System\jdMUqCO.exe
  2⤵
  PID:10656
- C:\Windows\System\dtUisNe.exe
  C:\Windows\System\dtUisNe.exe
  2⤵
  PID:10676
- C:\Windows\System\zhPbXPW.exe
  C:\Windows\System\zhPbXPW.exe
  2⤵
  PID:10704
- C:\Windows\System\XrzJsOr.exe
  C:\Windows\System\XrzJsOr.exe
  2⤵
  PID:10732
- C:\Windows\System\eqisfZN.exe
  C:\Windows\System\eqisfZN.exe
  2⤵
  PID:10760
- C:\Windows\System\AErytsY.exe
  C:\Windows\System\AErytsY.exe
  2⤵
  PID:10784
- C:\Windows\System\hsdezJo.exe
  C:\Windows\System\hsdezJo.exe
  2⤵
  PID:10808
- C:\Windows\System\gifVRzX.exe
  C:\Windows\System\gifVRzX.exe
  2⤵
  PID:10832
- C:\Windows\System\KdvDpLa.exe
  C:\Windows\System\KdvDpLa.exe
  2⤵
  PID:10860
- C:\Windows\System\CguRnKq.exe
  C:\Windows\System\CguRnKq.exe
  2⤵
  PID:10876
- C:\Windows\System\xShGWUf.exe
  C:\Windows\System\xShGWUf.exe
  2⤵
  PID:10908
- C:\Windows\System\MmMZheq.exe
  C:\Windows\System\MmMZheq.exe
  2⤵
  PID:10932
- C:\Windows\System\PXjmSoT.exe
  C:\Windows\System\PXjmSoT.exe
  2⤵
  PID:10956
- C:\Windows\System\TUWfhrZ.exe
  C:\Windows\System\TUWfhrZ.exe
  2⤵
  PID:10988
- C:\Windows\System\LCQdZUV.exe
  C:\Windows\System\LCQdZUV.exe
  2⤵
  PID:11008
- C:\Windows\System\vgWzIWZ.exe
  C:\Windows\System\vgWzIWZ.exe
  2⤵
  PID:11040
- C:\Windows\System\hWxjsGv.exe
  C:\Windows\System\hWxjsGv.exe
  2⤵
  PID:11076
- C:\Windows\System\zeDwKZr.exe
  C:\Windows\System\zeDwKZr.exe
  2⤵
  PID:11104
- C:\Windows\System\ygzxJRE.exe
  C:\Windows\System\ygzxJRE.exe
  2⤵
  PID:11144
- C:\Windows\System\WDCIoCg.exe
  C:\Windows\System\WDCIoCg.exe
  2⤵
  PID:11180
- C:\Windows\System\GAEBBIt.exe
  C:\Windows\System\GAEBBIt.exe
  2⤵
  PID:11200
- C:\Windows\System\QRWtrpk.exe
  C:\Windows\System\QRWtrpk.exe
  2⤵
  PID:11236
- C:\Windows\System\xSnRjce.exe
  C:\Windows\System\xSnRjce.exe
  2⤵
  PID:11260
- C:\Windows\System\TuzHBzi.exe
  C:\Windows\System\TuzHBzi.exe
  2⤵
  PID:9392
- C:\Windows\System\vjLvqUW.exe
  C:\Windows\System\vjLvqUW.exe
  2⤵
  PID:10340
- C:\Windows\System\shfpXqt.exe
  C:\Windows\System\shfpXqt.exe
  2⤵
  PID:10412
- C:\Windows\System\oVkxiIb.exe
  C:\Windows\System\oVkxiIb.exe
  2⤵
  PID:10496
- C:\Windows\System\QKhlkee.exe
  C:\Windows\System\QKhlkee.exe
  2⤵
  PID:10548
- C:\Windows\System\cWJlcid.exe
  C:\Windows\System\cWJlcid.exe
  2⤵
  PID:10576
- C:\Windows\System\RElKtuP.exe
  C:\Windows\System\RElKtuP.exe
  2⤵
  PID:10644
- C:\Windows\System\qcEYZqo.exe
  C:\Windows\System\qcEYZqo.exe
  2⤵
  PID:10720
- C:\Windows\System\gUNZjDM.exe
  C:\Windows\System\gUNZjDM.exe
  2⤵
  PID:10848
- C:\Windows\System\yuJRTNE.exe
  C:\Windows\System\yuJRTNE.exe
  2⤵
  PID:10872
- C:\Windows\System\LaSEHeu.exe
  C:\Windows\System\LaSEHeu.exe
  2⤵
  PID:10904
- C:\Windows\System\jaKbdvh.exe
  C:\Windows\System\jaKbdvh.exe
  2⤵
  PID:10980
- C:\Windows\System\MCJcSJJ.exe
  C:\Windows\System\MCJcSJJ.exe
  2⤵
  PID:11052
- C:\Windows\System\cycaBtJ.exe
  C:\Windows\System\cycaBtJ.exe
  2⤵
  PID:11092
- C:\Windows\System\VjzMUGE.exe
  C:\Windows\System\VjzMUGE.exe
  2⤵
  PID:11220
- C:\Windows\System\NQQNaGb.exe
  C:\Windows\System\NQQNaGb.exe
  2⤵
  PID:9812
- C:\Windows\System\XgzjpvP.exe
  C:\Windows\System\XgzjpvP.exe
  2⤵
  PID:10364
- C:\Windows\System\BZaFDwV.exe
  C:\Windows\System\BZaFDwV.exe
  2⤵
  PID:10516
- C:\Windows\System\OWvXaQy.exe
  C:\Windows\System\OWvXaQy.exe
  2⤵
  PID:10664
- C:\Windows\System\tVGRemY.exe
  C:\Windows\System\tVGRemY.exe
  2⤵
  PID:10840
- C:\Windows\System\JRCAHfq.exe
  C:\Windows\System\JRCAHfq.exe
  2⤵
  PID:10920
- C:\Windows\System\pqWwmkj.exe
  C:\Windows\System\pqWwmkj.exe
  2⤵
  PID:11112
- C:\Windows\System\BCumrqK.exe
  C:\Windows\System\BCumrqK.exe
  2⤵
  PID:10284
- C:\Windows\System\gGDiewt.exe
  C:\Windows\System\gGDiewt.exe
  2⤵
  PID:10480
- C:\Windows\System\RogmKri.exe
  C:\Windows\System\RogmKri.exe
  2⤵
  PID:10924
- C:\Windows\System\qrmZkiO.exe
  C:\Windows\System\qrmZkiO.exe
  2⤵
  PID:10780
- C:\Windows\System\uXxSKqG.exe
  C:\Windows\System\uXxSKqG.exe
  2⤵
  PID:11284
- C:\Windows\System\kwhLCUG.exe
  C:\Windows\System\kwhLCUG.exe
  2⤵
  PID:11300
- C:\Windows\System\FlUYEUS.exe
  C:\Windows\System\FlUYEUS.exe
  2⤵
  PID:11320
- C:\Windows\System\PUVXDGQ.exe
  C:\Windows\System\PUVXDGQ.exe
  2⤵
  PID:11344
- C:\Windows\System\cQTdvDj.exe
  C:\Windows\System\cQTdvDj.exe
  2⤵
  PID:11364
- C:\Windows\System\iOGuNFJ.exe
  C:\Windows\System\iOGuNFJ.exe
  2⤵
  PID:11400
- C:\Windows\System\LGOSQhY.exe
  C:\Windows\System\LGOSQhY.exe
  2⤵
  PID:11420
- C:\Windows\System\rsNTyFz.exe
  C:\Windows\System\rsNTyFz.exe
  2⤵
  PID:11456
- C:\Windows\System\yJznNpf.exe
  C:\Windows\System\yJznNpf.exe
  2⤵
  PID:11476
- C:\Windows\System\FbiWhYQ.exe
  C:\Windows\System\FbiWhYQ.exe
  2⤵
  PID:11512
- C:\Windows\System\lPFYzyL.exe
  C:\Windows\System\lPFYzyL.exe
  2⤵
  PID:11540
- C:\Windows\System\qlQfNux.exe
  C:\Windows\System\qlQfNux.exe
  2⤵
  PID:11580
- C:\Windows\System\OlyNcPg.exe
  C:\Windows\System\OlyNcPg.exe
  2⤵
  PID:11604
- C:\Windows\System\UaKIska.exe
  C:\Windows\System\UaKIska.exe
  2⤵
  PID:11644
- C:\Windows\System\wvAogge.exe
  C:\Windows\System\wvAogge.exe
  2⤵
  PID:11672
- C:\Windows\System\fbNtxFk.exe
  C:\Windows\System\fbNtxFk.exe
  2⤵
  PID:11696
- C:\Windows\System\rYVhlcp.exe
  C:\Windows\System\rYVhlcp.exe
  2⤵
  PID:11728
- C:\Windows\System\noivJwr.exe
  C:\Windows\System\noivJwr.exe
  2⤵
  PID:11756
- C:\Windows\System\smiewZt.exe
  C:\Windows\System\smiewZt.exe
  2⤵
  PID:11788
- C:\Windows\System\mxiOJak.exe
  C:\Windows\System\mxiOJak.exe
  2⤵
  PID:11824
- C:\Windows\System\IrmDJdx.exe
  C:\Windows\System\IrmDJdx.exe
  2⤵
  PID:11848
- C:\Windows\System\qDhOSrL.exe
  C:\Windows\System\qDhOSrL.exe
  2⤵
  PID:11872
- C:\Windows\System\pBszuKZ.exe
  C:\Windows\System\pBszuKZ.exe
  2⤵
  PID:11908
- C:\Windows\System\brJnuma.exe
  C:\Windows\System\brJnuma.exe
  2⤵
  PID:11924
- C:\Windows\System\Djfykke.exe
  C:\Windows\System\Djfykke.exe
  2⤵
  PID:11948
- C:\Windows\System\pkrvRkn.exe
  C:\Windows\System\pkrvRkn.exe
  2⤵
  PID:11968
- C:\Windows\System\YICNQku.exe
  C:\Windows\System\YICNQku.exe
  2⤵
  PID:11996
- C:\Windows\System\ImyiSpU.exe
  C:\Windows\System\ImyiSpU.exe
  2⤵
  PID:12016
- C:\Windows\System\LxVSXHV.exe
  C:\Windows\System\LxVSXHV.exe
  2⤵
  PID:12044
- C:\Windows\System\GgfZmmx.exe
  C:\Windows\System\GgfZmmx.exe
  2⤵
  PID:12080
- C:\Windows\System\mpAkNuX.exe
  C:\Windows\System\mpAkNuX.exe
  2⤵
  PID:12112
- C:\Windows\System\AOxswww.exe
  C:\Windows\System\AOxswww.exe
  2⤵
  PID:12144
- C:\Windows\System\bTKRYKf.exe
  C:\Windows\System\bTKRYKf.exe
  2⤵
  PID:12172
- C:\Windows\System\KPGLtel.exe
  C:\Windows\System\KPGLtel.exe
  2⤵
  PID:12192
- C:\Windows\System\AduUMpq.exe
  C:\Windows\System\AduUMpq.exe
  2⤵
  PID:12228
- C:\Windows\System\nTxTqeI.exe
  C:\Windows\System\nTxTqeI.exe
  2⤵
  PID:12248
- C:\Windows\System\kGteCYK.exe
  C:\Windows\System\kGteCYK.exe
  2⤵
  PID:12268
- C:\Windows\System\aTsUdYt.exe
  C:\Windows\System\aTsUdYt.exe
  2⤵
  PID:10464
- C:\Windows\System\hUamDAV.exe
  C:\Windows\System\hUamDAV.exe
  2⤵
  PID:11292
- C:\Windows\System\VgalPWx.exe
  C:\Windows\System\VgalPWx.exe
  2⤵
  PID:11388
- C:\Windows\System\ocMApcX.exe
  C:\Windows\System\ocMApcX.exe
  2⤵
  PID:11428
- C:\Windows\System\XeJUHnR.exe
  C:\Windows\System\XeJUHnR.exe
  2⤵
  PID:11528
- C:\Windows\System\BaojnEa.exe
  C:\Windows\System\BaojnEa.exe
  2⤵
  PID:11564
- C:\Windows\System\TvHXZVH.exe
  C:\Windows\System\TvHXZVH.exe
  2⤵
  PID:11664
- C:\Windows\System\hstXSpy.exe
  C:\Windows\System\hstXSpy.exe
  2⤵
  PID:11740
- C:\Windows\System\dsmARmC.exe
  C:\Windows\System\dsmARmC.exe
  2⤵
  PID:11808
- C:\Windows\System\AasSLhr.exe
  C:\Windows\System\AasSLhr.exe
  2⤵
  PID:11880
- C:\Windows\System\HBTxrih.exe
  C:\Windows\System\HBTxrih.exe
  2⤵
  PID:11956
- C:\Windows\System\vLJHjPR.exe
  C:\Windows\System\vLJHjPR.exe
  2⤵
  PID:11940
- C:\Windows\System\xPcXyDG.exe
  C:\Windows\System\xPcXyDG.exe
  2⤵
  PID:12004
- C:\Windows\System\iORwPKK.exe
  C:\Windows\System\iORwPKK.exe
  2⤵
  PID:12068
- C:\Windows\System\MslCEDR.exe
  C:\Windows\System\MslCEDR.exe
  2⤵
  PID:12124
- C:\Windows\System\BvDVjdD.exe
  C:\Windows\System\BvDVjdD.exe
  2⤵
  PID:12264
- C:\Windows\System\RhYKlsr.exe
  C:\Windows\System\RhYKlsr.exe
  2⤵
  PID:12276
- C:\Windows\System\yBLmYYJ.exe
  C:\Windows\System\yBLmYYJ.exe
  2⤵
  PID:11352
- C:\Windows\System\daYOgTB.exe
  C:\Windows\System\daYOgTB.exe
  2⤵
  PID:11620
- C:\Windows\System\mlZKwvb.exe
  C:\Windows\System\mlZKwvb.exe
  2⤵
  PID:11600
- C:\Windows\System\CPYQrLt.exe
  C:\Windows\System\CPYQrLt.exe
  2⤵
  PID:11752
- C:\Windows\System\IavdeVW.exe
  C:\Windows\System\IavdeVW.exe
  2⤵
  PID:11936
- C:\Windows\System\dXoIabU.exe
  C:\Windows\System\dXoIabU.exe
  2⤵
  PID:12100
- C:\Windows\System\YWdatyu.exe
  C:\Windows\System\YWdatyu.exe
  2⤵
  PID:12180
- C:\Windows\System\cQbZKbQ.exe
  C:\Windows\System\cQbZKbQ.exe
  2⤵
  PID:11448
- C:\Windows\System\gsqCkMy.exe
  C:\Windows\System\gsqCkMy.exe
  2⤵
  PID:11568
- C:\Windows\System\zHsxLpt.exe
  C:\Windows\System\zHsxLpt.exe
  2⤵
  PID:12056
- C:\Windows\System\ovGjfSG.exe
  C:\Windows\System\ovGjfSG.exe
  2⤵
  PID:11784
- C:\Windows\System\SdzWOQy.exe
  C:\Windows\System\SdzWOQy.exe
  2⤵
  PID:12316
- C:\Windows\System\YMqrylC.exe
  C:\Windows\System\YMqrylC.exe
  2⤵
  PID:12332
- C:\Windows\System\osjESBo.exe
  C:\Windows\System\osjESBo.exe
  2⤵
  PID:12348
- C:\Windows\System\YCzqfAk.exe
  C:\Windows\System\YCzqfAk.exe
  2⤵
  PID:12380
- C:\Windows\System\vpvCrlc.exe
  C:\Windows\System\vpvCrlc.exe
  2⤵
  PID:12404
- C:\Windows\System\cCAahlL.exe
  C:\Windows\System\cCAahlL.exe
  2⤵
  PID:12424
- C:\Windows\System\MjYVnPX.exe
  C:\Windows\System\MjYVnPX.exe
  2⤵
  PID:12456
- C:\Windows\System\uLdYQAa.exe
  C:\Windows\System\uLdYQAa.exe
  2⤵
  PID:12472
- C:\Windows\System\skvXPxe.exe
  C:\Windows\System\skvXPxe.exe
  2⤵
  PID:12500
- C:\Windows\System\UeHfVjT.exe
  C:\Windows\System\UeHfVjT.exe
  2⤵
  PID:12532
- C:\Windows\System\TMsUNsj.exe
  C:\Windows\System\TMsUNsj.exe
  2⤵
  PID:12556
- C:\Windows\System\qHmIteA.exe
  C:\Windows\System\qHmIteA.exe
  2⤵
  PID:12596
- C:\Windows\System\ImygydX.exe
  C:\Windows\System\ImygydX.exe
  2⤵
  PID:12624
- C:\Windows\System\UcwjVCa.exe
  C:\Windows\System\UcwjVCa.exe
  2⤵
  PID:12656
- C:\Windows\System\RzVkLcs.exe
  C:\Windows\System\RzVkLcs.exe
  2⤵
  PID:12684
- C:\Windows\System\JrqmMEY.exe
  C:\Windows\System\JrqmMEY.exe
  2⤵
  PID:12712
- C:\Windows\System\zfXHFjE.exe
  C:\Windows\System\zfXHFjE.exe
  2⤵
  PID:12736
- C:\Windows\System\jKPuDkc.exe
  C:\Windows\System\jKPuDkc.exe
  2⤵
  PID:12768
- C:\Windows\System\yHzxVwa.exe
  C:\Windows\System\yHzxVwa.exe
  2⤵
  PID:12788
- C:\Windows\System\JjbGdyq.exe
  C:\Windows\System\JjbGdyq.exe
  2⤵
  PID:12820
- C:\Windows\System\tfxFdkQ.exe
  C:\Windows\System\tfxFdkQ.exe
  2⤵
  PID:12848
- C:\Windows\System\ysSapuf.exe
  C:\Windows\System\ysSapuf.exe
  2⤵
  PID:12872
- C:\Windows\System\fTvlrNS.exe
  C:\Windows\System\fTvlrNS.exe
  2⤵
  PID:12888
- C:\Windows\System\oyOcvZl.exe
  C:\Windows\System\oyOcvZl.exe
  2⤵
  PID:12908
- C:\Windows\System\eKOoHqR.exe
  C:\Windows\System\eKOoHqR.exe
  2⤵
  PID:12936
- C:\Windows\System\OQnwkOn.exe
  C:\Windows\System\OQnwkOn.exe
  2⤵
  PID:12964
- C:\Windows\System\alHjdDY.exe
  C:\Windows\System\alHjdDY.exe
  2⤵
  PID:12992
- C:\Windows\System\JokYRaW.exe
  C:\Windows\System\JokYRaW.exe
  2⤵
  PID:13012
- C:\Windows\System\aMEPQvG.exe
  C:\Windows\System\aMEPQvG.exe
  2⤵
  PID:13032
- C:\Windows\System\JhahnsN.exe
  C:\Windows\System\JhahnsN.exe
  2⤵
  PID:13064
- C:\Windows\System\mQdcxoW.exe
  C:\Windows\System\mQdcxoW.exe
  2⤵
  PID:13092
- C:\Windows\System\PJKCPxv.exe
  C:\Windows\System\PJKCPxv.exe
  2⤵
  PID:13116
- C:\Windows\System\yWszUlo.exe
  C:\Windows\System\yWszUlo.exe
  2⤵
  PID:13140
- C:\Windows\System\RxOLLEa.exe
  C:\Windows\System\RxOLLEa.exe
  2⤵
  PID:13168
- C:\Windows\System\gHAyuGV.exe
  C:\Windows\System\gHAyuGV.exe
  2⤵
  PID:13200
- C:\Windows\System\hguLUei.exe
  C:\Windows\System\hguLUei.exe
  2⤵
  PID:13216
- C:\Windows\System\mlRUHQl.exe
  C:\Windows\System\mlRUHQl.exe
  2⤵
  PID:13256
- C:\Windows\System\ERPuCXc.exe
  C:\Windows\System\ERPuCXc.exe
  2⤵
  PID:13284
- C:\Windows\System\lCEhffd.exe
  C:\Windows\System\lCEhffd.exe
  2⤵
  PID:13308
- C:\Windows\System\gVmgGks.exe
  C:\Windows\System\gVmgGks.exe
  2⤵
  PID:12292
- C:\Windows\System\fDwDmxt.exe
  C:\Windows\System\fDwDmxt.exe
  2⤵
  PID:12400
- C:\Windows\System\XMenexm.exe
  C:\Windows\System\XMenexm.exe
  2⤵
  PID:12364
- C:\Windows\System\WrucEmk.exe
  C:\Windows\System\WrucEmk.exe
  2⤵
  PID:12464
- C:\Windows\System\EywfHzD.exe
  C:\Windows\System\EywfHzD.exe
  2⤵
  PID:12604
- C:\Windows\System\JxIfZxK.exe
  C:\Windows\System\JxIfZxK.exe
  2⤵
  PID:12632
- C:\Windows\System\onYUZwc.exe
  C:\Windows\System\onYUZwc.exe
  2⤵
  PID:12728
- C:\Windows\System\OqlQsTw.exe
  C:\Windows\System\OqlQsTw.exe
  2⤵
  PID:12760
- C:\Windows\System\bwhkFbn.exe
  C:\Windows\System\bwhkFbn.exe
  2⤵
  PID:12704
- C:\Windows\System\rbMrREK.exe
  C:\Windows\System\rbMrREK.exe
  2⤵
  PID:12900
- C:\Windows\System\afhAxzH.exe
  C:\Windows\System\afhAxzH.exe
  2⤵
  PID:12956
- C:\Windows\System\kyenRGl.exe
  C:\Windows\System\kyenRGl.exe
  2⤵
  PID:12868
- C:\Windows\System\UkvUtTH.exe
  C:\Windows\System\UkvUtTH.exe
  2⤵
  PID:13052
- C:\Windows\System\TQIbIlQ.exe
  C:\Windows\System\TQIbIlQ.exe
  2⤵
  PID:13008
- C:\Windows\System\JewpSQX.exe
  C:\Windows\System\JewpSQX.exe
  2⤵
  PID:13180
- C:\Windows\System\gAFOxxu.exe
  C:\Windows\System\gAFOxxu.exe
  2⤵
  PID:13084
- C:\Windows\System\DEVaEsH.exe
  C:\Windows\System\DEVaEsH.exe
  2⤵
  PID:13156
- C:\Windows\System\CYUTNCd.exe
  C:\Windows\System\CYUTNCd.exe
  2⤵
  PID:13236
- C:\Windows\System\ZAYJyjM.exe
  C:\Windows\System\ZAYJyjM.exe
  2⤵
  PID:13268
- C:\Windows\System\ocHhERQ.exe
  C:\Windows\System\ocHhERQ.exe
  2⤵
  PID:12448
- C:\Windows\System\GMrdHBU.exe
  C:\Windows\System\GMrdHBU.exe
  2⤵
  PID:12392
- C:\Windows\System\WFaLeCU.exe
  C:\Windows\System\WFaLeCU.exe
  2⤵
  PID:12576
- C:\Windows\System\EcRunPp.exe
  C:\Windows\System\EcRunPp.exe
  2⤵
  PID:1232
- C:\Windows\System\iaRdiHa.exe
  C:\Windows\System\iaRdiHa.exe
  2⤵
  PID:12984
- C:\Windows\System\auBgFLp.exe
  C:\Windows\System\auBgFLp.exe
  2⤵
  PID:13000
- C:\Windows\System\sVPinRB.exe
  C:\Windows\System\sVPinRB.exe
  2⤵
  PID:13212
- C:\Windows\System\mZPVLac.exe
  C:\Windows\System\mZPVLac.exe
  2⤵
  PID:13004
- C:\Windows\System\pniFaZH.exe
  C:\Windows\System\pniFaZH.exe
  2⤵
  PID:12492
- C:\Windows\System\CMSGwYT.exe
  C:\Windows\System\CMSGwYT.exe
  2⤵
  PID:13336
- C:\Windows\System\ejXwVxY.exe
  C:\Windows\System\ejXwVxY.exe
  2⤵
  PID:13376
- C:\Windows\System\tgLyrDV.exe
  C:\Windows\System\tgLyrDV.exe
  2⤵
  PID:13400
- C:\Windows\System\sgKnzkz.exe
  C:\Windows\System\sgKnzkz.exe
  2⤵
  PID:13420
- C:\Windows\System\SkbmaMg.exe
  C:\Windows\System\SkbmaMg.exe
  2⤵
  PID:13444
- C:\Windows\System\vIyYzrc.exe
  C:\Windows\System\vIyYzrc.exe
  2⤵
  PID:13480
- C:\Windows\System\ebkkYwY.exe
  C:\Windows\System\ebkkYwY.exe
  2⤵
  PID:13496
- C:\Windows\System\lOeaMMM.exe
  C:\Windows\System\lOeaMMM.exe
  2⤵
  PID:13528
- C:\Windows\System\ArlYGMm.exe
  C:\Windows\System\ArlYGMm.exe
  2⤵
  PID:13552
- C:\Windows\System\VcIashq.exe
  C:\Windows\System\VcIashq.exe
  2⤵
  PID:13580
- C:\Windows\System\QZwvUvd.exe
  C:\Windows\System\QZwvUvd.exe
  2⤵
  PID:13600
- C:\Windows\System\JRDuqjp.exe
  C:\Windows\System\JRDuqjp.exe
  2⤵
  PID:13632
- C:\Windows\System\HiVuxqi.exe
  C:\Windows\System\HiVuxqi.exe
  2⤵
  PID:13660
- C:\Windows\System\blxkzrM.exe
  C:\Windows\System\blxkzrM.exe
  2⤵
  PID:13688
- C:\Windows\System\QMYBnTM.exe
  C:\Windows\System\QMYBnTM.exe
  2⤵
  PID:13712
- C:\Windows\System\qxWNMkn.exe
  C:\Windows\System\qxWNMkn.exe
  2⤵
  PID:13756
- C:\Windows\System\BxRxuqN.exe
  C:\Windows\System\BxRxuqN.exe
  2⤵
  PID:13772
- C:\Windows\System\XdQPUVl.exe
  C:\Windows\System\XdQPUVl.exe
  2⤵
  PID:13792
- C:\Windows\System\nnJiadU.exe
  C:\Windows\System\nnJiadU.exe
  2⤵
  PID:13820
- C:\Windows\System\BEfzdfo.exe
  C:\Windows\System\BEfzdfo.exe
  2⤵
  PID:13856
- C:\Windows\System\psWyBuP.exe
  C:\Windows\System\psWyBuP.exe
  2⤵
  PID:13884
- C:\Windows\System\SDWZCGP.exe
  C:\Windows\System\SDWZCGP.exe
  2⤵
  PID:13920
- C:\Windows\System\apDpYwV.exe
  C:\Windows\System\apDpYwV.exe
  2⤵
  PID:13948
- C:\Windows\System\PLZIWkA.exe
  C:\Windows\System\PLZIWkA.exe
  2⤵
  PID:13976
- C:\Windows\System\hRRQbBZ.exe
  C:\Windows\System\hRRQbBZ.exe
  2⤵
  PID:14012
- C:\Windows\System\SltQivF.exe
  C:\Windows\System\SltQivF.exe
  2⤵
  PID:14036
- C:\Windows\System\sFywEsR.exe
  C:\Windows\System\sFywEsR.exe
  2⤵
  PID:14060
- C:\Windows\System\uTDHZlp.exe
  C:\Windows\System\uTDHZlp.exe
  2⤵
  PID:14088
- C:\Windows\System\sJfshBq.exe
  C:\Windows\System\sJfshBq.exe
  2⤵
  PID:14116
- C:\Windows\System\acyzwBX.exe
  C:\Windows\System\acyzwBX.exe
  2⤵
  PID:14148
- C:\Windows\System\oftQfzO.exe
  C:\Windows\System\oftQfzO.exe
  2⤵
  PID:14176
- C:\Windows\System\VWTekvG.exe
  C:\Windows\System\VWTekvG.exe
  2⤵
  PID:14204
- C:\Windows\System\QPXKaBD.exe
  C:\Windows\System\QPXKaBD.exe
  2⤵
  PID:14232
- C:\Windows\System\FGxYxAi.exe
  C:\Windows\System\FGxYxAi.exe
  2⤵
  PID:14268
- C:\Windows\System\bZonMce.exe
  C:\Windows\System\bZonMce.exe
  2⤵
  PID:14292
- C:\Windows\System\nexPbBG.exe
  C:\Windows\System\nexPbBG.exe
  2⤵
  PID:14324
- C:\Windows\System\EzJURhL.exe
  C:\Windows\System\EzJURhL.exe
  2⤵
  PID:12568
- C:\Windows\System\mTnLzoA.exe
  C:\Windows\System\mTnLzoA.exe
  2⤵
  PID:12952
- C:\Windows\System\UrjeJJY.exe
  C:\Windows\System\UrjeJJY.exe
  2⤵
  PID:1336
- C:\Windows\System\enOnlhF.exe
  C:\Windows\System\enOnlhF.exe
  2⤵
  PID:13644
- C:\Windows\System\JtnBRdR.exe
  C:\Windows\System\JtnBRdR.exe
  2⤵
  PID:13940
- C:\Windows\System\kvcMZjb.exe
  C:\Windows\System\kvcMZjb.exe
  2⤵
  PID:13812
- C:\Windows\System\UwFGdZo.exe
  C:\Windows\System\UwFGdZo.exe
  2⤵
  PID:13840
- C:\Windows\System\LhRRlYj.exe
  C:\Windows\System\LhRRlYj.exe
  2⤵
  PID:13932
- C:\Windows\System\ApPNNbx.exe
  C:\Windows\System\ApPNNbx.exe
  2⤵
  PID:14080
- C:\Windows\System\NXAQerS.exe
  C:\Windows\System\NXAQerS.exe
  2⤵
  PID:14004
- C:\Windows\System\UubtSvq.exe
  C:\Windows\System\UubtSvq.exe
  2⤵
  PID:14256

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AycXXOM.exe

Filesize
1.9MB

MD5
1684fef4ebef22236d020145c700166d

SHA1
70201d9c35caa433b5f183553ac710d5fe7d6c11

SHA256
f1f31e9fa25f783e36c621e01e09d31fed300d0fa759941f44637b607a59ada0

SHA512
0b7c236ee9b86c0d9494ada576c80691c70b2e21ac7c755577e0626e7b9d28e82935da71ba5ca1a9ea878c2f94b1e43d1d136ec023bcb27b12f30fb78b2029ad

Download Submit
C:\Windows\System\BmChGCb.exe

Filesize
1.9MB

MD5
75603ef32f3200255cf2e9a732c0609d

SHA1
81f1ee4a4d53e8d9a527592fc6668de2d168b50a

SHA256
a957075bddd92182799fb724475d6215bf984b3e3e6645fcf36a7a5650b4b915

SHA512
c00746750639de04e50a5fe5d664d3161e3c8612d43379ed7b32dbffae4cebdcc6f9b06f3d187d565b6cf9ac5ec1654ee948d0259ea858aeca35192d8b43a81f

Download Submit
C:\Windows\System\GSbbBao.exe

Filesize
1.9MB

MD5
093ce22a7a5ae3c0f7e5342f279f9d94

SHA1
9f2347da0a00197debd95adcdb04ca730ba95442

SHA256
fd662c9d4b01514d6b28deee5e4d6c16bce093fea33b1d6197e548944b621b69

SHA512
15c7109f851fccd112e729e10e2ddfa1a23d63c29b79324ed7d8da2259ea6cd6c6b69c31028fa246a74bf8dfc19e2c589e7caea149dc064f733ab45e0bded47c

Download Submit
C:\Windows\System\GpJojJS.exe

Filesize
1.9MB

MD5
3957ba60a9091922c93d0428e7f671bf

SHA1
177555f7f12ce923c05f97913a5bd784fc580e7d

SHA256
7d65d8a251dfd0608b679983775bf95ebc1f4a5420a4b134e43e44a23610e16e

SHA512
cf00acd516c5e6b472f8303bf986bab0d88b24850f74020e1927fdaff2ae956f71a391e07348a3a4d64a45e3084d8e6767db4f14057f6a713f70a4cfadebe466

Download Submit
C:\Windows\System\GtiILbb.exe

Filesize
1.9MB

MD5
3d2d985baab1643eb82ac5da898423d0

SHA1
e01a975aa5dbce25c39141fceab4037da91e6355

SHA256
1e84396fc333f7762c018894715057bd368adcf179f4a8ee7ac2e4a580bd69a6

SHA512
118d4f49bd8109d5cac359ef9e296a141a2674301568c856acdd8529a330954b58dca20c5e1516333188f922a57add574d4923360ecf6dc98dfb1363cda17cf2

Download Submit
C:\Windows\System\GvmdZZM.exe

Filesize
1.9MB

MD5
400a762162a96497924b0d1d83bb33c7

SHA1
8ab12469afab9c9c2efb4c0d6ffbc05b58c7422c

SHA256
fe7d37b2be20cc5a123787f633dca409f49d018947de16dd3ae218ee736871bf

SHA512
81529356046b0308592d1ff90b0ee858a32c9e055b449bdfcd817b42fbc308d998709cf3af34b5aa4e5d09a079fecd80c52335a10431713283f1a6c08f60d40c

Download Submit
C:\Windows\System\IePNwxJ.exe

Filesize
1.9MB

MD5
5ad24d0d8a501398c8787f4bd6794e13

SHA1
7de016155f1ef6e14b697f962e601d0b1450afda

SHA256
bc219bd3efa76081891cc0d47d1a2f7f682f222c40f74cbcb58f1514176358e6

SHA512
55e2fd098ba778344cdfcbe65037072ea5ba03657059a79ce07326231dfe8b87989c793ea27b278ba6aa7b155723ff641f53a32312efdc772c876f9ca6e9fce0

Download Submit
C:\Windows\System\IzITTyt.exe

Filesize
1.9MB

MD5
943fd0eaf07a32c84e8f4ba7278a4c9c

SHA1
fbb200f56d9b84b74290de53025a9a2dca1b7615

SHA256
c8f9860bc5ab1c3d5753286a13047739b545c68863ac21b5f2ae85ffe43807e6

SHA512
fc33a3e7c0b30e1d2c9c5b9b123d680ff09fb536480bcd59972ef5ce5293a681bcacf75d9a8589ff54b9efe9f97a83a7af93cec2db9087ecc155ba40b729798d

Download Submit
C:\Windows\System\JORXEoW.exe

Filesize
1.9MB

MD5
04164ef90f56b936aa8b27ea560c2f45

SHA1
c6a59d0b20366039e571f2b280a7f004b5b78d2a

SHA256
5cfbb1062ce43f4f3de5f89d8f067f412abb0ce3f842b27a2ce98484d96632d4

SHA512
d43de10aafaae759b95e815a0f716487d947f14775b97b65752ea7b6eddfd270fa622b50e7c1b59645da7e37e1fd9d87b60be35961dacffb091d27b1a9a26526

Download Submit
C:\Windows\System\Jwyacii.exe

Filesize
1.9MB

MD5
2065c71281d418fdcf21515441ff73af

SHA1
b8bd4949c9b1c55b2dd7366c7780c83040325379

SHA256
aa3b76bf2bcd1ed9ed8533cd2476c5137487b5ec986013e3449a444f8d775c0d

SHA512
2015ebb36a7763556f6e671b6fc3481c1781a2f4e6d9912f4073597547fc3465d01a3d1f6006daf70281f96e8ec312a6bae7632831fd239ad234e647a4f7b0ec

Download Submit
C:\Windows\System\LnCOOsn.exe

Filesize
1.9MB

MD5
c95414cbea45543ddbf16655c1e800f6

SHA1
e4a0a447368ec055a6414e73cf4f0dec106874d5

SHA256
41a9f8f9437c91d6dbc14c07d2f01252bd1dc606e32f29bbbccf8ad42d5fd927

SHA512
d1ffa98ff2d9627155fdd86df0ea095cd17c74dd778e25b7c3eef5e5daeeaba49cc980ef96952dde6d7ee29afa80e695c8ca030fb68ac1c1dbb2931b5595ab59

Download Submit
C:\Windows\System\MlfovNS.exe

Filesize
1.9MB

MD5
9bf36b56cd7eabf125ab415925b25bec

SHA1
d539ecb19aed706617f129e6be7a5a7dbbee4d69

SHA256
1ab2ba2f32f812734dd7685ef951ee971e9f01dfb970fc9b2a3fa7ac7da2a98e

SHA512
be16a5f0d9eaa7ed04e373cf7d0bb3ca001d349c8e0806ab0841aba938dec713f5ae18a3890bda66a6d3a66847a23e84b25e11405768b80d32d21ae14207db71

Download Submit
C:\Windows\System\PZzKClD.exe

Filesize
1.9MB

MD5
3bdbd2a516b62dbe6eb30025dca36844

SHA1
7b939cf220fb521ef05001404dccf6ce5e2daeed

SHA256
185fa90bfec115835ddcaffbb92479e6341639f1f0d0e64081941c336c1ce240

SHA512
3b7e7a584653692956620ef5dd26902a42ea7a7f437bd4fd01134eec6a843542de8aaa8ca07544844fba9bfa3722409c1244e54deff7cd54d9eacfe99d40ebde

Download Submit
C:\Windows\System\PdeFHAc.exe

Filesize
1.8MB

MD5
9e1aa072923ec5f784f7adb1fea91871

SHA1
abaab4af7c59a496bffa5e4e28b0ff927340548e

SHA256
10004bad22e3965569481503476da0d28d555677a8d0669335dc738a573a95cd

SHA512
692fd676848df427e3688de320ccf102d2deceddc912feeaf0af89db7fbbbc773c31be2d07092e02fe12b56f2baa68f588d02c1cc6e5f8f083e1e21bf2524107

Download Submit
C:\Windows\System\UqVgQci.exe

Filesize
1.9MB

MD5
eae67d08ec379613af6a859495c6d385

SHA1
22dce2bd8903c556fdfa9a40ff5e9762d06da3ad

SHA256
f5b9b16dd6412a976b59afab152ac07e7f6dffb98b2f004ac81dc63d2c4a7447

SHA512
1e25893dc3659ea300a62fb39e7e3caf9442d7f5b66842ca916f1e6cd2f5c67045fc751b6533c52b6cfafbf325f732fddb8b677a93f62146bebd9810f6fdd6fe

Download Submit
C:\Windows\System\WTGFQrr.exe

Filesize
1.9MB

MD5
0ca19b6538f7f8262c9745afa1ccf8c8

SHA1
17e2990dc96e7ddce351b73e056c5e445ada2866

SHA256
29c40a050a91421c0a2b3f761dd8225a36c6a7ae91f9a71bba9f0deb2a6cf4ab

SHA512
edb4d3faa40e08997c555e86e07e9ede058687bf95b23d294d7840f760b4b18d76ffe030628744b2401a5561bd9d7e5aea7984ad2abfca5e997397a2b0fb6f26

Download Submit
C:\Windows\System\XOEsYXs.exe

Filesize
1.9MB

MD5
48d51a11a0ca18ce0e53ba56f686e063

SHA1
eeb529e82ba60d5bbc4181c66673c8df622ba57b

SHA256
fbb77a9c0b74a7ab6f9577899bfae6c3ac0335774921a3a7c603579733613675

SHA512
48cbb4d04ec7dadbfb739b33cc9ced2dd47109ba28e7b51eb970334602da3afba02e4ae07431ba1536a0639034b45028c06c6d4092bb7080af3222aa636de1be

Download Submit
C:\Windows\System\YXhqjIx.exe

Filesize
1.9MB

MD5
02a52a0b1ac466ee95658cb7f878c02e

SHA1
f9e4b81f43814d40ab7e9661cd1507a17474b94b

SHA256
bd635b03293f493e181e1bc36611a3e91ed9fa7470b3cbf80e27aef9a96527cd

SHA512
ea1916819c8645d55161fea0f5d51d80b04bc1d4ce3ee7f0572d187c8ea31560c5bf314b49a7f7f0d88d41d0dc24bf7279e24d902739afe73cc56e2348a9bbd5

Download Submit
C:\Windows\System\aTSqLrA.exe

Filesize
1.9MB

MD5
15ba1c9a442cbb3fc25ccde15f91fe25

SHA1
bfa73e25ced728c7e3c58e70accfe97112cdf7e4

SHA256
85e55b8d1668e7f30cfa085ceb8e7eac9efffcb5ad4f4041a6e819985968730e

SHA512
0d053dd941da06b3102c9abd0155667106438b0981b6adf0b0f97a256000ffb7ac9b85fe3b0abc734111d8fe55bfe035ba5bdba4a2b4da2bb0b8dd6a50413242

Download Submit
C:\Windows\System\cTJbkjo.exe

Filesize
1.8MB

MD5
acdbdd1cfdc742a6e5a95c1af78f15b5

SHA1
710d136674e5007e6cd9726c9836c2e251f9d927

SHA256
febe795f19ab3636f445b4161f520979bd21f644248ed0b66a2e952dbb4169eb

SHA512
ff6403d74bb5af03dabcc8c95b877c1f9e28ee4934142a4660be7a8863e20231f7acd275d3698543926f4e8c5e1fb0a96c3c4938e4d31cd483289e147c74f210

Download Submit
C:\Windows\System\eCiLeJI.exe

Filesize
1.8MB

MD5
7cda5e9e5468052823011189701924c7

SHA1
cff50e245e3e41948777ac58ea155f38330cf735

SHA256
752224e91d591b5c2369eab13aa2e3963bcb78f09b3484f207f1f6051a84ef39

SHA512
54c81f43a38d1b1655e70efb7e84b8091209feb4ea3e17bc9270d15cad5acf6a06e1f20191cf220d56f43e20a1c98d5bdbe00e4734cc923933bebf8338bb7525

Download Submit
C:\Windows\System\fkcItFr.exe

Filesize
1.9MB

MD5
4b5f3f2b5dd80e0dd8ca73cd87049b85

SHA1
9579d8cdccd51de64f6269a2a0d8762d794f59fe

SHA256
31630310daab8f98717bcc82e2e894a280992cbf2e7819a21e6176b01f883e48

SHA512
82bdaa0c23aa8ed0baba88755e7c6e87e87b80eae47574ad60c7424d4cccd0253d0432ff3efe393fd1041907789bb43f76b42d5d9d2e4eb0292f3b63e02adda6

Download Submit
C:\Windows\System\gsvGmdt.exe

Filesize
1.9MB

MD5
819a32197346586cd92d69e5dfc6e2b6

SHA1
eac2a2e897e743b318cb130bb5beffa872caaf50

SHA256
b86e2abd1f648f056de8847af40f1fd2a8b53832375240fb12d1919a8249f933

SHA512
bb6ae5af50a8ea94c9a8bdb1725dae90c92391c0cf055b7760ed3064dc8be1eff140fe12f557a2906f4d5a429e2816115108e6b5bff4d6b1756b180e8db0af76

Download Submit
C:\Windows\System\hJyQdCy.exe

Filesize
1.9MB

MD5
a897c5748af330e35a45f0d18062c60d

SHA1
1d7a04f6ebb1002f0113c27a5b3b6565fc66dc2d

SHA256
1174a2a5eb17634d1f2e4a649ef61d7d02a261a81d0b7ca001f766ce38bd5a5f

SHA512
24492f3d6b49aca869c07729f443b525876490649171bdd558003965163cdf6b6b49ec968af544fe938476c0eeb2aad904a2f62171d14ada06be1f707a30bc5c

Download Submit
C:\Windows\System\jFAOYel.exe

Filesize
1.9MB

MD5
a0250f524563e98e03a93fb80840dec1

SHA1
d219cb6ef23e653d6234381d3e4a673badf7d94d

SHA256
5ef122b143420b61a30a6c7e50e77128584dceee25e11f50b9f6c6cc4e5c2052

SHA512
2eee2903bf8aabb3269464b043b32af1a9b6050060a37666c338d85e2371d760acdf216d2cd898bbbee16545141780b7550b2718225112e08620eafbe4d082d4

Download Submit
C:\Windows\System\jMdTtAX.exe

Filesize
1.9MB

MD5
e37a18c7dc905d5885aef2f902522262

SHA1
32366f29063dcbb27636cd4b8ad4a79e930e734d

SHA256
ee53bf1b5c2d40eb369b7af9eaccb5656ba10e672cb5fafa6bfc5b5995a6211b

SHA512
b9089ab526ceb9889260466a31b5e346903d216648afc0b30d8c2219027deb63a02d49e5e6faf4fc80ecce86018557f76295f76408162e07ac5cd23822f12cc3

Download Submit
C:\Windows\System\lwtfKyk.exe

Filesize
1.9MB

MD5
fda20d41fe74bd55f567c6fe8ee2351e

SHA1
6d48893573d5cd5877d9a5e106e9c11a6347fd3a

SHA256
bd0014df67afda916380e768488c01aa17933d4ee0ac7c33d50d2ff0e351451e

SHA512
6549c6e103e787bfba9c4a6c09d23bf77cd1809ca34d7cf0ce62c8d4e68b8b1486e7ade849fbfbf25f858e94214d5bf2aa62caaef0a44fa8a2c8ed92b9b6b662

Download Submit
C:\Windows\System\mrpOpqW.exe

Filesize
1.9MB

MD5
79616d94b259b7db60836f4a652f973e

SHA1
930eaf52e09c7dce082650470a92708e5119b5e4

SHA256
0396fb147957f85dcf1834d68f4c725a22222bef1108f960a3f12e9177bc39c2

SHA512
aa3771fd9e0a37441aa0a2b4465b443f6e23cdcb5b62053a46877ee995f24e95cee2349db64ebb0dbb4c0823708eb37a59a1157d0d785f55d797a72779f5bb20

Download Submit
C:\Windows\System\sGUTAXD.exe

Filesize
1.9MB

MD5
4d3ce95b17b8d6b0abae9ceed6b93bb7

SHA1
73ff609e94dd4d17f8d3c9d8e54d1c8643384642

SHA256
a7a3ac1ddf98759183c310ad15d3a47912510175f3c885f836243b427ba47e9a

SHA512
09206a98a091fedca7dcb3ce40e5480a0c7798463c179a96a1c839c75ffb2fdf8f2abdadac700a40aa371fce8e56dfaec4d72b8b6385905a8907b245f895b137

Download Submit
C:\Windows\System\sdXkXDN.exe

Filesize
1.9MB

MD5
b58978411c8d270328a4d4c257f498ce

SHA1
0070a9ce796db8c6ab506bdc554d590dd668ba8e

SHA256
4de11ab9d6dbf33c8fbd9620db92d32ef4f59d84cff6a8facbef7931701a9d8d

SHA512
5bcc2c68192fc28359158c62505f27057b032af2ccc272d1a46c1190f781562e33908ba3679ec05146e3f150e1712662c4fd0dd88f40bac8765fc74c9c8b86a3

Download Submit
C:\Windows\System\thUHAjN.exe

Filesize
1.9MB

MD5
4ebe46e40acd18dae4c660a5eaf4cd10

SHA1
4486de7ef21f4cc9b275999b4aa84938d19c7e06

SHA256
80935f5d0555a47b3715b9c4caf49283b74cbec82be0d68ca57f37f8c7542806

SHA512
9cbebfb34ed49a33fd2d827f936981360d8556e7510ca8eaf016aab6e65512fe1da16d9247a6e6795f1c72edeeb529893c003693d1773a424652f7d47cd351fa

Download Submit
C:\Windows\System\zqLhbDl.exe

Filesize
1.9MB

MD5
95bab2a1ab72a59ac8eae734753e7e62

SHA1
b769d8e21bb30a848a1801bb414c052109c2d9e0

SHA256
7a86cbdf936d014033b65391d29954d21b9644ca35f28248ae97a82f4f48dece

SHA512
e5b226e16177f427498723080d3f38cc719d94c64bad35544d7737c6ba362f989617b3c924a872326ec16fbb4cb1847f9a9a461d3c82cf4f966d56c8e7cc2519

Download Submit
memory/208-183-0x00007FF754310000-0x00007FF754664000-memory.dmp

Filesize
3.3MB

Download
memory/208-2178-0x00007FF754310000-0x00007FF754664000-memory.dmp

Filesize
3.3MB

Download
memory/548-191-0x00007FF6E8290000-0x00007FF6E85E4000-memory.dmp

Filesize
3.3MB

Download
memory/548-2172-0x00007FF6E8290000-0x00007FF6E85E4000-memory.dmp

Filesize
3.3MB

Download
memory/692-152-0x00007FF721A40000-0x00007FF721D94000-memory.dmp

Filesize
3.3MB

Download
memory/692-2167-0x00007FF721A40000-0x00007FF721D94000-memory.dmp

Filesize
3.3MB

Download
memory/916-189-0x00007FF60D490000-0x00007FF60D7E4000-memory.dmp

Filesize
3.3MB

Download
memory/916-2155-0x00007FF60D490000-0x00007FF60D7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-151-0x00007FF72EB30000-0x00007FF72EE84000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2168-0x00007FF72EB30000-0x00007FF72EE84000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2152-0x00007FF72EB30000-0x00007FF72EE84000-memory.dmp

Filesize
3.3MB

Download
memory/1332-169-0x00007FF663120000-0x00007FF663474000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2161-0x00007FF663120000-0x00007FF663474000-memory.dmp

Filesize
3.3MB

Download
memory/1400-180-0x00007FF73D740000-0x00007FF73DA94000-memory.dmp

Filesize
3.3MB

Download
memory/1400-2174-0x00007FF73D740000-0x00007FF73DA94000-memory.dmp

Filesize
3.3MB

Download
memory/1588-0-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp

Filesize
3.3MB

Download
memory/1588-1-0x000001F20B780000-0x000001F20B790000-memory.dmp

Filesize
64KB

Download
memory/1876-2153-0x00007FF71D500000-0x00007FF71D854000-memory.dmp

Filesize
3.3MB

Download
memory/1876-27-0x00007FF71D500000-0x00007FF71D854000-memory.dmp

Filesize
3.3MB

Download
memory/1904-179-0x00007FF7E1400000-0x00007FF7E1754000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2166-0x00007FF7E1400000-0x00007FF7E1754000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2173-0x00007FF745640000-0x00007FF745994000-memory.dmp

Filesize
3.3MB

Download
memory/1956-172-0x00007FF745640000-0x00007FF745994000-memory.dmp

Filesize
3.3MB

Download
memory/1980-187-0x00007FF789390000-0x00007FF7896E4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2176-0x00007FF789390000-0x00007FF7896E4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-178-0x00007FF747C70000-0x00007FF747FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2162-0x00007FF747C70000-0x00007FF747FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-182-0x00007FF79D020000-0x00007FF79D374000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2180-0x00007FF79D020000-0x00007FF79D374000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2175-0x00007FF669900000-0x00007FF669C54000-memory.dmp

Filesize
3.3MB

Download
memory/2300-185-0x00007FF669900000-0x00007FF669C54000-memory.dmp

Filesize
3.3MB

Download
memory/2380-177-0x00007FF6AAB30000-0x00007FF6AAE84000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2164-0x00007FF6AAB30000-0x00007FF6AAE84000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2177-0x00007FF6B5790000-0x00007FF6B5AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-186-0x00007FF6B5790000-0x00007FF6B5AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-174-0x00007FF7CD630000-0x00007FF7CD984000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2158-0x00007FF7CD630000-0x00007FF7CD984000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2159-0x00007FF70DB20000-0x00007FF70DE74000-memory.dmp

Filesize
3.3MB

Download
memory/3024-175-0x00007FF70DB20000-0x00007FF70DE74000-memory.dmp

Filesize
3.3MB

Download
memory/3296-2163-0x00007FF72C5C0000-0x00007FF72C914000-memory.dmp

Filesize
3.3MB

Download
memory/3296-2151-0x00007FF72C5C0000-0x00007FF72C914000-memory.dmp

Filesize
3.3MB

Download
memory/3296-67-0x00007FF72C5C0000-0x00007FF72C914000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2169-0x00007FF7EED10000-0x00007FF7EF064000-memory.dmp

Filesize
3.3MB

Download
memory/3440-190-0x00007FF7EED10000-0x00007FF7EF064000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2157-0x00007FF6BBB50000-0x00007FF6BBEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3452-14-0x00007FF6BBB50000-0x00007FF6BBEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2160-0x00007FF76BF60000-0x00007FF76C2B4000-memory.dmp

Filesize
3.3MB

Download
memory/3472-170-0x00007FF76BF60000-0x00007FF76C2B4000-memory.dmp

Filesize
3.3MB

Download
memory/3616-2170-0x00007FF6AFBD0000-0x00007FF6AFF24000-memory.dmp

Filesize
3.3MB

Download
memory/3616-176-0x00007FF6AFBD0000-0x00007FF6AFF24000-memory.dmp

Filesize
3.3MB

Download
memory/3640-46-0x00007FF73EF50000-0x00007FF73F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-2154-0x00007FF73EF50000-0x00007FF73F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-2165-0x00007FF704110000-0x00007FF704464000-memory.dmp

Filesize
3.3MB

Download
memory/3672-171-0x00007FF704110000-0x00007FF704464000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2181-0x00007FF641450000-0x00007FF6417A4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-181-0x00007FF641450000-0x00007FF6417A4000-memory.dmp

Filesize
3.3MB

Download
memory/4504-184-0x00007FF740590000-0x00007FF7408E4000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2179-0x00007FF740590000-0x00007FF7408E4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2156-0x00007FF71B5E0000-0x00007FF71B934000-memory.dmp

Filesize
3.3MB

Download
memory/4668-188-0x00007FF71B5E0000-0x00007FF71B934000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2171-0x00007FF6BD410000-0x00007FF6BD764000-memory.dmp

Filesize
3.3MB

Download
memory/4684-173-0x00007FF6BD410000-0x00007FF6BD764000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads