xmrig | 2c023db2a57cc2b9b868d13e256c356514521cdd42683852400ced0edcefb48e

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
Size

2.2MB
MD5

2d5a6ee6903465faced44f58b5972380
SHA1

46c617b461369ec2e1092fb0ce2c31a1d6a40d66
SHA256

2c023db2a57cc2b9b868d13e256c356514521cdd42683852400ced0edcefb48e
SHA512

8a6d0986eeb92d784f4e545558be64f211850df93c3f665c5efadfff7bab89025e661ad6de0e8710a8d6540d75d021b6a705d4208a1874bafb844619306516c5
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKwOowx8QdKQZV:oemTLkNdfE0pZrp

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3276-0-0x00007FF7C5D60000-0x00007FF7C60B4000-memory.dmp	xmrig
behavioral2/files/0x000800000002340a-8.dat	xmrig
behavioral2/files/0x0007000000023414-50.dat	xmrig
behavioral2/files/0x000700000002340f-52.dat	xmrig
behavioral2/files/0x0007000000023412-76.dat	xmrig
behavioral2/files/0x000700000002341b-102.dat	xmrig
behavioral2/files/0x0007000000023418-119.dat	xmrig
behavioral2/files/0x0007000000023423-158.dat	xmrig
behavioral2/files/0x0009000000023400-178.dat	xmrig
behavioral2/memory/4064-190-0x00007FF6FB790000-0x00007FF6FBAE4000-memory.dmp	xmrig
behavioral2/memory/740-195-0x00007FF6977D0000-0x00007FF697B24000-memory.dmp	xmrig
behavioral2/memory/2108-203-0x00007FF7BCF50000-0x00007FF7BD2A4000-memory.dmp	xmrig
behavioral2/memory/3852-202-0x00007FF609D70000-0x00007FF60A0C4000-memory.dmp	xmrig
behavioral2/memory/4824-201-0x00007FF646AF0000-0x00007FF646E44000-memory.dmp	xmrig
behavioral2/memory/2908-200-0x00007FF7878E0000-0x00007FF787C34000-memory.dmp	xmrig
behavioral2/memory/2728-199-0x00007FF749FA0000-0x00007FF74A2F4000-memory.dmp	xmrig
behavioral2/memory/2000-198-0x00007FF688830000-0x00007FF688B84000-memory.dmp	xmrig
behavioral2/memory/768-197-0x00007FF60EE50000-0x00007FF60F1A4000-memory.dmp	xmrig
behavioral2/memory/2604-196-0x00007FF6ABEB0000-0x00007FF6AC204000-memory.dmp	xmrig
behavioral2/memory/2280-194-0x00007FF7EBA70000-0x00007FF7EBDC4000-memory.dmp	xmrig
behavioral2/memory/3620-193-0x00007FF79AF40000-0x00007FF79B294000-memory.dmp	xmrig
behavioral2/memory/4776-192-0x00007FF73BB70000-0x00007FF73BEC4000-memory.dmp	xmrig
behavioral2/memory/1128-191-0x00007FF6A4EF0000-0x00007FF6A5244000-memory.dmp	xmrig
behavioral2/memory/908-186-0x00007FF61AE10000-0x00007FF61B164000-memory.dmp	xmrig
behavioral2/memory/2036-185-0x00007FF6C7700000-0x00007FF6C7A54000-memory.dmp	xmrig
behavioral2/memory/1612-180-0x00007FF774580000-0x00007FF7748D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-176.dat	xmrig
behavioral2/files/0x000700000002342a-175.dat	xmrig
behavioral2/memory/3288-174-0x00007FF6B07C0000-0x00007FF6B0B14000-memory.dmp	xmrig
behavioral2/memory/4556-173-0x00007FF604D60000-0x00007FF6050B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-171.dat	xmrig
behavioral2/files/0x0007000000023429-170.dat	xmrig
behavioral2/files/0x000700000002341d-168.dat	xmrig
behavioral2/files/0x0007000000023428-166.dat	xmrig
behavioral2/files/0x0007000000023427-165.dat	xmrig
behavioral2/files/0x0007000000023426-162.dat	xmrig
behavioral2/files/0x0007000000023425-159.dat	xmrig
behavioral2/files/0x0007000000023422-154.dat	xmrig
behavioral2/files/0x000700000002341f-152.dat	xmrig
behavioral2/files/0x0007000000023421-150.dat	xmrig
behavioral2/files/0x0007000000023420-147.dat	xmrig
behavioral2/files/0x000700000002341c-142.dat	xmrig
behavioral2/files/0x000700000002341e-141.dat	xmrig
behavioral2/memory/3968-140-0x00007FF7E1960000-0x00007FF7E1CB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-130.dat	xmrig
behavioral2/files/0x000700000002341a-128.dat	xmrig
behavioral2/memory/4940-126-0x00007FF6DF070000-0x00007FF6DF3C4000-memory.dmp	xmrig
behavioral2/memory/3180-125-0x00007FF7BB1B0000-0x00007FF7BB504000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-117.dat	xmrig
behavioral2/memory/3508-108-0x00007FF782130000-0x00007FF782484000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-91.dat	xmrig
behavioral2/files/0x0007000000023410-90.dat	xmrig
behavioral2/memory/4256-84-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-70.dat	xmrig
behavioral2/files/0x0007000000023413-96.dat	xmrig
behavioral2/files/0x000700000002340e-67.dat	xmrig
behavioral2/memory/2964-64-0x00007FF7459C0000-0x00007FF745D14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-60.dat	xmrig
behavioral2/memory/1224-56-0x00007FF785870000-0x00007FF785BC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-46.dat	xmrig
behavioral2/files/0x000700000002340d-65.dat	xmrig
behavioral2/memory/984-36-0x00007FF749FB0000-0x00007FF74A304000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-44.dat	xmrig
behavioral2/memory/808-31-0x00007FF63C3D0000-0x00007FF63C724000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3300	sHAWswG.exe
808	tXJwEpQ.exe
740	TAiwlyJ.exe
984	cGWNvRZ.exe
1224	NFNVICR.exe
2964	UNpBzRw.exe
4256	rCHbKou.exe
2604	CvEmZpY.exe
768	zxnhIRC.exe
3508	ONyGWZD.exe
3180	ehfQOcE.exe
4940	rqXnvYV.exe
2000	PaDKAiW.exe
2728	DPCflDS.exe
3968	dIHIfHq.exe
4556	nLsIpKB.exe
2908	OpMRhTU.exe
3288	URKRsEX.exe
1612	BffULhp.exe
2036	gdvSDzI.exe
908	Yulyvuu.exe
4064	mPvREiP.exe
4824	zClDGrZ.exe
1128	kghYvof.exe
4776	ZIcLXXt.exe
3620	kjhnUWQ.exe
2280	KLjVAHb.exe
3852	JElVKeI.exe
2108	KwTPkXn.exe
224	zaRDziH.exe
32	yFdNBhK.exe
2984	XjyXKfH.exe
3940	uvgVNUl.exe
1488	zumAjAP.exe
3864	UkdxvVo.exe
2828	nJuzuDJ.exe
4476	AVdgNXL.exe
4040	mYQNDtw.exe
4024	mcIBmXC.exe
2304	ZVFrrea.exe
4968	fNADWxd.exe
1088	JMRiagG.exe
948	KRkkWDc.exe
4312	YyUQQKf.exe
1436	MSrEVCs.exe
2660	AczyRxq.exe
2912	upKchHN.exe
1912	ZIRkdzK.exe
4316	JGASckm.exe
4404	pAtpycw.exe
3840	ycxnCDT.exe
1048	lYQXmXM.exe
3640	VMrnMpB.exe
3092	VqJrODN.exe
2996	GExYPQE.exe
1956	QSuJucW.exe
3472	ZDWjdpR.exe
3232	LiswAXY.exe
2084	bbxCzzU.exe
3876	KEclVEr.exe
2676	pZitmQm.exe
640	mivCZzH.exe
916	YyjneJg.exe
4336	HiqdMyW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3276-0-0x00007FF7C5D60000-0x00007FF7C60B4000-memory.dmp	upx
behavioral2/files/0x000800000002340a-8.dat	upx
behavioral2/files/0x0007000000023414-50.dat	upx
behavioral2/files/0x000700000002340f-52.dat	upx
behavioral2/files/0x0007000000023412-76.dat	upx
behavioral2/files/0x000700000002341b-102.dat	upx
behavioral2/files/0x0007000000023418-119.dat	upx
behavioral2/files/0x0007000000023423-158.dat	upx
behavioral2/files/0x0009000000023400-178.dat	upx
behavioral2/memory/4064-190-0x00007FF6FB790000-0x00007FF6FBAE4000-memory.dmp	upx
behavioral2/memory/740-195-0x00007FF6977D0000-0x00007FF697B24000-memory.dmp	upx
behavioral2/memory/2108-203-0x00007FF7BCF50000-0x00007FF7BD2A4000-memory.dmp	upx
behavioral2/memory/3852-202-0x00007FF609D70000-0x00007FF60A0C4000-memory.dmp	upx
behavioral2/memory/4824-201-0x00007FF646AF0000-0x00007FF646E44000-memory.dmp	upx
behavioral2/memory/2908-200-0x00007FF7878E0000-0x00007FF787C34000-memory.dmp	upx
behavioral2/memory/2728-199-0x00007FF749FA0000-0x00007FF74A2F4000-memory.dmp	upx
behavioral2/memory/2000-198-0x00007FF688830000-0x00007FF688B84000-memory.dmp	upx
behavioral2/memory/768-197-0x00007FF60EE50000-0x00007FF60F1A4000-memory.dmp	upx
behavioral2/memory/2604-196-0x00007FF6ABEB0000-0x00007FF6AC204000-memory.dmp	upx
behavioral2/memory/2280-194-0x00007FF7EBA70000-0x00007FF7EBDC4000-memory.dmp	upx
behavioral2/memory/3620-193-0x00007FF79AF40000-0x00007FF79B294000-memory.dmp	upx
behavioral2/memory/4776-192-0x00007FF73BB70000-0x00007FF73BEC4000-memory.dmp	upx
behavioral2/memory/1128-191-0x00007FF6A4EF0000-0x00007FF6A5244000-memory.dmp	upx
behavioral2/memory/908-186-0x00007FF61AE10000-0x00007FF61B164000-memory.dmp	upx
behavioral2/memory/2036-185-0x00007FF6C7700000-0x00007FF6C7A54000-memory.dmp	upx
behavioral2/memory/1612-180-0x00007FF774580000-0x00007FF7748D4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-176.dat	upx
behavioral2/files/0x000700000002342a-175.dat	upx
behavioral2/memory/3288-174-0x00007FF6B07C0000-0x00007FF6B0B14000-memory.dmp	upx
behavioral2/memory/4556-173-0x00007FF604D60000-0x00007FF6050B4000-memory.dmp	upx
behavioral2/files/0x0007000000023424-171.dat	upx
behavioral2/files/0x0007000000023429-170.dat	upx
behavioral2/files/0x000700000002341d-168.dat	upx
behavioral2/files/0x0007000000023428-166.dat	upx
behavioral2/files/0x0007000000023427-165.dat	upx
behavioral2/files/0x0007000000023426-162.dat	upx
behavioral2/files/0x0007000000023425-159.dat	upx
behavioral2/files/0x0007000000023422-154.dat	upx
behavioral2/files/0x000700000002341f-152.dat	upx
behavioral2/files/0x0007000000023421-150.dat	upx
behavioral2/files/0x0007000000023420-147.dat	upx
behavioral2/files/0x000700000002341c-142.dat	upx
behavioral2/files/0x000700000002341e-141.dat	upx
behavioral2/memory/3968-140-0x00007FF7E1960000-0x00007FF7E1CB4000-memory.dmp	upx
behavioral2/files/0x0007000000023416-130.dat	upx
behavioral2/files/0x000700000002341a-128.dat	upx
behavioral2/memory/4940-126-0x00007FF6DF070000-0x00007FF6DF3C4000-memory.dmp	upx
behavioral2/memory/3180-125-0x00007FF7BB1B0000-0x00007FF7BB504000-memory.dmp	upx
behavioral2/files/0x0007000000023417-117.dat	upx
behavioral2/memory/3508-108-0x00007FF782130000-0x00007FF782484000-memory.dmp	upx
behavioral2/files/0x0007000000023419-91.dat	upx
behavioral2/files/0x0007000000023410-90.dat	upx
behavioral2/memory/4256-84-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp	upx
behavioral2/files/0x0007000000023411-70.dat	upx
behavioral2/files/0x0007000000023413-96.dat	upx
behavioral2/files/0x000700000002340e-67.dat	upx
behavioral2/memory/2964-64-0x00007FF7459C0000-0x00007FF745D14000-memory.dmp	upx
behavioral2/files/0x0007000000023415-60.dat	upx
behavioral2/memory/1224-56-0x00007FF785870000-0x00007FF785BC4000-memory.dmp	upx
behavioral2/files/0x000700000002340c-46.dat	upx
behavioral2/files/0x000700000002340d-65.dat	upx
behavioral2/memory/984-36-0x00007FF749FB0000-0x00007FF74A304000-memory.dmp	upx
behavioral2/files/0x000700000002340b-44.dat	upx
behavioral2/memory/808-31-0x00007FF63C3D0000-0x00007FF63C724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mEPPxPE.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\UTsJNHS.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\KLLhvPo.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\YLauIFl.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\KaAWwIu.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\WCZpujD.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\SnfNGjW.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\JUOXtkW.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\RgTufYp.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\XJkKKat.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\uYtrtrS.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\PxMsNNX.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\aGBhMnf.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\mtCejOM.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\eKENCbc.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\gaYzDpk.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\shuEKAf.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\nJuzuDJ.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\LRjIyCk.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\kZGJahG.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\NbqBtJd.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\gLuylcy.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\MYTEgou.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\uZEdNem.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\VLMYcyT.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\xPKKELe.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\rvNyznp.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\jwnSqra.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\KhbRTyB.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\ZKwdCgF.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\TtxJztt.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\ImRKwGV.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\jsGwaMs.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\sCJKGeJ.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\SAdsIIy.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\rYNbefF.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\kdRDmHX.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\HzjCvdv.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\HKlpxCg.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\rbzvvzj.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\HSOHqKo.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\cWjtikV.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\cqkOiMr.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\jiBduzK.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\KLjVAHb.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\ILmqpyj.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\nzZldxh.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\URKRsEX.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\SGnAnlk.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\QIYPTzX.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\iabZIjk.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\KGVFObj.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\bBZOjYe.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\HSDnlir.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\KzJVrzI.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\TciWeZs.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\JJygIno.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\HYXkuAQ.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\JGASckm.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\vkuGYjL.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\eQChgGL.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\TOjAXkj.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\pMylzeo.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
File created	C:\Windows\System\KePESdO.exe	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14020	dwm.exe
Token: SeChangeNotifyPrivilege	14020	dwm.exe
Token: 33	14020	dwm.exe
Token: SeIncBasePriorityPrivilege	14020	dwm.exe
Token: SeShutdownPrivilege	14020	dwm.exe
Token: SeCreatePagefilePrivilege	14020	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 3300	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	82
PID 3276 wrote to memory of 3300	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	82
PID 3276 wrote to memory of 808	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	83
PID 3276 wrote to memory of 808	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	83
PID 3276 wrote to memory of 740	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	84
PID 3276 wrote to memory of 740	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	84
PID 3276 wrote to memory of 984	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	85
PID 3276 wrote to memory of 984	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	85
PID 3276 wrote to memory of 1224	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	86
PID 3276 wrote to memory of 1224	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	86
PID 3276 wrote to memory of 2964	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	87
PID 3276 wrote to memory of 2964	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	87
PID 3276 wrote to memory of 4256	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	88
PID 3276 wrote to memory of 4256	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	88
PID 3276 wrote to memory of 3508	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	89
PID 3276 wrote to memory of 3508	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	89
PID 3276 wrote to memory of 2604	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	90
PID 3276 wrote to memory of 2604	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	90
PID 3276 wrote to memory of 768	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	91
PID 3276 wrote to memory of 768	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	91
PID 3276 wrote to memory of 3180	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	92
PID 3276 wrote to memory of 3180	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	92
PID 3276 wrote to memory of 4940	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	93
PID 3276 wrote to memory of 4940	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	93
PID 3276 wrote to memory of 2000	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	94
PID 3276 wrote to memory of 2000	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	94
PID 3276 wrote to memory of 2728	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	96
PID 3276 wrote to memory of 2728	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	96
PID 3276 wrote to memory of 3968	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	97
PID 3276 wrote to memory of 3968	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	97
PID 3276 wrote to memory of 4556	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	98
PID 3276 wrote to memory of 4556	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	98
PID 3276 wrote to memory of 2908	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	99
PID 3276 wrote to memory of 2908	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	99
PID 3276 wrote to memory of 3288	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	100
PID 3276 wrote to memory of 3288	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	100
PID 3276 wrote to memory of 1612	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	101
PID 3276 wrote to memory of 1612	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	101
PID 3276 wrote to memory of 2036	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	102
PID 3276 wrote to memory of 2036	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	102
PID 3276 wrote to memory of 908	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	103
PID 3276 wrote to memory of 908	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	103
PID 3276 wrote to memory of 4064	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	104
PID 3276 wrote to memory of 4064	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	104
PID 3276 wrote to memory of 4776	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	105
PID 3276 wrote to memory of 4776	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	105
PID 3276 wrote to memory of 4824	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	106
PID 3276 wrote to memory of 4824	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	106
PID 3276 wrote to memory of 1128	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	107
PID 3276 wrote to memory of 1128	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	107
PID 3276 wrote to memory of 3620	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	108
PID 3276 wrote to memory of 3620	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	108
PID 3276 wrote to memory of 2280	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	109
PID 3276 wrote to memory of 2280	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	109
PID 3276 wrote to memory of 3852	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	110
PID 3276 wrote to memory of 3852	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	110
PID 3276 wrote to memory of 2108	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	111
PID 3276 wrote to memory of 2108	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	111
PID 3276 wrote to memory of 224	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	112
PID 3276 wrote to memory of 224	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	112
PID 3276 wrote to memory of 32	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	113
PID 3276 wrote to memory of 32	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	113
PID 3276 wrote to memory of 2984	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	114
PID 3276 wrote to memory of 2984	3276	2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d5a6ee6903465faced44f58b5972380_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Windows\System\sHAWswG.exe
  C:\Windows\System\sHAWswG.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\tXJwEpQ.exe
  C:\Windows\System\tXJwEpQ.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\TAiwlyJ.exe
  C:\Windows\System\TAiwlyJ.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\cGWNvRZ.exe
  C:\Windows\System\cGWNvRZ.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\NFNVICR.exe
  C:\Windows\System\NFNVICR.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\UNpBzRw.exe
  C:\Windows\System\UNpBzRw.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\rCHbKou.exe
  C:\Windows\System\rCHbKou.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\ONyGWZD.exe
  C:\Windows\System\ONyGWZD.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\CvEmZpY.exe
  C:\Windows\System\CvEmZpY.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\zxnhIRC.exe
  C:\Windows\System\zxnhIRC.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\ehfQOcE.exe
  C:\Windows\System\ehfQOcE.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\rqXnvYV.exe
  C:\Windows\System\rqXnvYV.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\PaDKAiW.exe
  C:\Windows\System\PaDKAiW.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\DPCflDS.exe
  C:\Windows\System\DPCflDS.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\dIHIfHq.exe
  C:\Windows\System\dIHIfHq.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\nLsIpKB.exe
  C:\Windows\System\nLsIpKB.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\OpMRhTU.exe
  C:\Windows\System\OpMRhTU.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\URKRsEX.exe
  C:\Windows\System\URKRsEX.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\BffULhp.exe
  C:\Windows\System\BffULhp.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\gdvSDzI.exe
  C:\Windows\System\gdvSDzI.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\Yulyvuu.exe
  C:\Windows\System\Yulyvuu.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\mPvREiP.exe
  C:\Windows\System\mPvREiP.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\ZIcLXXt.exe
  C:\Windows\System\ZIcLXXt.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\zClDGrZ.exe
  C:\Windows\System\zClDGrZ.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\kghYvof.exe
  C:\Windows\System\kghYvof.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\kjhnUWQ.exe
  C:\Windows\System\kjhnUWQ.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\KLjVAHb.exe
  C:\Windows\System\KLjVAHb.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\JElVKeI.exe
  C:\Windows\System\JElVKeI.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\KwTPkXn.exe
  C:\Windows\System\KwTPkXn.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\zaRDziH.exe
  C:\Windows\System\zaRDziH.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\yFdNBhK.exe
  C:\Windows\System\yFdNBhK.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\XjyXKfH.exe
  C:\Windows\System\XjyXKfH.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\uvgVNUl.exe
  C:\Windows\System\uvgVNUl.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\zumAjAP.exe
  C:\Windows\System\zumAjAP.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\UkdxvVo.exe
  C:\Windows\System\UkdxvVo.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\nJuzuDJ.exe
  C:\Windows\System\nJuzuDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\AVdgNXL.exe
  C:\Windows\System\AVdgNXL.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\mYQNDtw.exe
  C:\Windows\System\mYQNDtw.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\mcIBmXC.exe
  C:\Windows\System\mcIBmXC.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\ZVFrrea.exe
  C:\Windows\System\ZVFrrea.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\fNADWxd.exe
  C:\Windows\System\fNADWxd.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\JMRiagG.exe
  C:\Windows\System\JMRiagG.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\KRkkWDc.exe
  C:\Windows\System\KRkkWDc.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\YyUQQKf.exe
  C:\Windows\System\YyUQQKf.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\MSrEVCs.exe
  C:\Windows\System\MSrEVCs.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\AczyRxq.exe
  C:\Windows\System\AczyRxq.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\upKchHN.exe
  C:\Windows\System\upKchHN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ZIRkdzK.exe
  C:\Windows\System\ZIRkdzK.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\JGASckm.exe
  C:\Windows\System\JGASckm.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\pAtpycw.exe
  C:\Windows\System\pAtpycw.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\ycxnCDT.exe
  C:\Windows\System\ycxnCDT.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\lYQXmXM.exe
  C:\Windows\System\lYQXmXM.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\VMrnMpB.exe
  C:\Windows\System\VMrnMpB.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\VqJrODN.exe
  C:\Windows\System\VqJrODN.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\GExYPQE.exe
  C:\Windows\System\GExYPQE.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\QSuJucW.exe
  C:\Windows\System\QSuJucW.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ZDWjdpR.exe
  C:\Windows\System\ZDWjdpR.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\LiswAXY.exe
  C:\Windows\System\LiswAXY.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\bbxCzzU.exe
  C:\Windows\System\bbxCzzU.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\KEclVEr.exe
  C:\Windows\System\KEclVEr.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\pZitmQm.exe
  C:\Windows\System\pZitmQm.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\mivCZzH.exe
  C:\Windows\System\mivCZzH.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\YyjneJg.exe
  C:\Windows\System\YyjneJg.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\HiqdMyW.exe
  C:\Windows\System\HiqdMyW.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\fQcVzPf.exe
  C:\Windows\System\fQcVzPf.exe
  2⤵
  PID:432
- C:\Windows\System\LjBODaL.exe
  C:\Windows\System\LjBODaL.exe
  2⤵
  PID:2364
- C:\Windows\System\USGJWcg.exe
  C:\Windows\System\USGJWcg.exe
  2⤵
  PID:232
- C:\Windows\System\FMnOaET.exe
  C:\Windows\System\FMnOaET.exe
  2⤵
  PID:2524
- C:\Windows\System\pWWvClF.exe
  C:\Windows\System\pWWvClF.exe
  2⤵
  PID:1332
- C:\Windows\System\gLuylcy.exe
  C:\Windows\System\gLuylcy.exe
  2⤵
  PID:1148
- C:\Windows\System\MywOnyI.exe
  C:\Windows\System\MywOnyI.exe
  2⤵
  PID:2016
- C:\Windows\System\LRjIyCk.exe
  C:\Windows\System\LRjIyCk.exe
  2⤵
  PID:1504
- C:\Windows\System\dNExRkF.exe
  C:\Windows\System\dNExRkF.exe
  2⤵
  PID:1768
- C:\Windows\System\ytiphDD.exe
  C:\Windows\System\ytiphDD.exe
  2⤵
  PID:1692
- C:\Windows\System\jxNoaow.exe
  C:\Windows\System\jxNoaow.exe
  2⤵
  PID:3036
- C:\Windows\System\TKQRflm.exe
  C:\Windows\System\TKQRflm.exe
  2⤵
  PID:1648
- C:\Windows\System\iQmqPij.exe
  C:\Windows\System\iQmqPij.exe
  2⤵
  PID:2580
- C:\Windows\System\uQBvbhS.exe
  C:\Windows\System\uQBvbhS.exe
  2⤵
  PID:2376
- C:\Windows\System\wiGIYPw.exe
  C:\Windows\System\wiGIYPw.exe
  2⤵
  PID:5092
- C:\Windows\System\uYtrtrS.exe
  C:\Windows\System\uYtrtrS.exe
  2⤵
  PID:3832
- C:\Windows\System\GNNifEw.exe
  C:\Windows\System\GNNifEw.exe
  2⤵
  PID:1020
- C:\Windows\System\NYpgQhc.exe
  C:\Windows\System\NYpgQhc.exe
  2⤵
  PID:2096
- C:\Windows\System\GJjVAVr.exe
  C:\Windows\System\GJjVAVr.exe
  2⤵
  PID:4712
- C:\Windows\System\rPnfkPr.exe
  C:\Windows\System\rPnfkPr.exe
  2⤵
  PID:4748
- C:\Windows\System\dlVKSgi.exe
  C:\Windows\System\dlVKSgi.exe
  2⤵
  PID:4248
- C:\Windows\System\yAwvBYw.exe
  C:\Windows\System\yAwvBYw.exe
  2⤵
  PID:3328
- C:\Windows\System\AjPclAT.exe
  C:\Windows\System\AjPclAT.exe
  2⤵
  PID:2472
- C:\Windows\System\WdFwrQQ.exe
  C:\Windows\System\WdFwrQQ.exe
  2⤵
  PID:4076
- C:\Windows\System\cRGCHyM.exe
  C:\Windows\System\cRGCHyM.exe
  2⤵
  PID:3364
- C:\Windows\System\DnAWEJg.exe
  C:\Windows\System\DnAWEJg.exe
  2⤵
  PID:5016
- C:\Windows\System\jiBduzK.exe
  C:\Windows\System\jiBduzK.exe
  2⤵
  PID:2444
- C:\Windows\System\brcOyuN.exe
  C:\Windows\System\brcOyuN.exe
  2⤵
  PID:2572
- C:\Windows\System\ANpdZiN.exe
  C:\Windows\System\ANpdZiN.exe
  2⤵
  PID:1156
- C:\Windows\System\jvrpJBT.exe
  C:\Windows\System\jvrpJBT.exe
  2⤵
  PID:3948
- C:\Windows\System\ZRdGxPs.exe
  C:\Windows\System\ZRdGxPs.exe
  2⤵
  PID:4572
- C:\Windows\System\AqCrCyM.exe
  C:\Windows\System\AqCrCyM.exe
  2⤵
  PID:1472
- C:\Windows\System\ozvqUDj.exe
  C:\Windows\System\ozvqUDj.exe
  2⤵
  PID:2948
- C:\Windows\System\ZyGMrDX.exe
  C:\Windows\System\ZyGMrDX.exe
  2⤵
  PID:1508
- C:\Windows\System\NZBFuQI.exe
  C:\Windows\System\NZBFuQI.exe
  2⤵
  PID:2124
- C:\Windows\System\TpzKNCQ.exe
  C:\Windows\System\TpzKNCQ.exe
  2⤵
  PID:912
- C:\Windows\System\WQtPnpa.exe
  C:\Windows\System\WQtPnpa.exe
  2⤵
  PID:4764
- C:\Windows\System\lJULtxm.exe
  C:\Windows\System\lJULtxm.exe
  2⤵
  PID:5156
- C:\Windows\System\ckXiihS.exe
  C:\Windows\System\ckXiihS.exe
  2⤵
  PID:5180
- C:\Windows\System\JGqwUsc.exe
  C:\Windows\System\JGqwUsc.exe
  2⤵
  PID:5200
- C:\Windows\System\ffxhAWM.exe
  C:\Windows\System\ffxhAWM.exe
  2⤵
  PID:5240
- C:\Windows\System\vKTGCBX.exe
  C:\Windows\System\vKTGCBX.exe
  2⤵
  PID:5260
- C:\Windows\System\tuAZxiQ.exe
  C:\Windows\System\tuAZxiQ.exe
  2⤵
  PID:5284
- C:\Windows\System\FWjyihH.exe
  C:\Windows\System\FWjyihH.exe
  2⤵
  PID:5304
- C:\Windows\System\jwnSqra.exe
  C:\Windows\System\jwnSqra.exe
  2⤵
  PID:5340
- C:\Windows\System\gSQRtxZ.exe
  C:\Windows\System\gSQRtxZ.exe
  2⤵
  PID:5376
- C:\Windows\System\sKJOzCc.exe
  C:\Windows\System\sKJOzCc.exe
  2⤵
  PID:5404
- C:\Windows\System\eflRcLv.exe
  C:\Windows\System\eflRcLv.exe
  2⤵
  PID:5424
- C:\Windows\System\cJUsKFz.exe
  C:\Windows\System\cJUsKFz.exe
  2⤵
  PID:5456
- C:\Windows\System\KPlHsKa.exe
  C:\Windows\System\KPlHsKa.exe
  2⤵
  PID:5492
- C:\Windows\System\jLKmkTa.exe
  C:\Windows\System\jLKmkTa.exe
  2⤵
  PID:5508
- C:\Windows\System\ItQNejj.exe
  C:\Windows\System\ItQNejj.exe
  2⤵
  PID:5524
- C:\Windows\System\cIGOWeF.exe
  C:\Windows\System\cIGOWeF.exe
  2⤵
  PID:5564
- C:\Windows\System\UeKybNb.exe
  C:\Windows\System\UeKybNb.exe
  2⤵
  PID:5580
- C:\Windows\System\ScKtvWY.exe
  C:\Windows\System\ScKtvWY.exe
  2⤵
  PID:5596
- C:\Windows\System\zuDwlaO.exe
  C:\Windows\System\zuDwlaO.exe
  2⤵
  PID:5628
- C:\Windows\System\SExQzFM.exe
  C:\Windows\System\SExQzFM.exe
  2⤵
  PID:5664
- C:\Windows\System\VIezbEc.exe
  C:\Windows\System\VIezbEc.exe
  2⤵
  PID:5700
- C:\Windows\System\vkuGYjL.exe
  C:\Windows\System\vkuGYjL.exe
  2⤵
  PID:5732
- C:\Windows\System\dUABLDn.exe
  C:\Windows\System\dUABLDn.exe
  2⤵
  PID:5760
- C:\Windows\System\fRZBINa.exe
  C:\Windows\System\fRZBINa.exe
  2⤵
  PID:5800
- C:\Windows\System\rYNbefF.exe
  C:\Windows\System\rYNbefF.exe
  2⤵
  PID:5816
- C:\Windows\System\upXuGPv.exe
  C:\Windows\System\upXuGPv.exe
  2⤵
  PID:5840
- C:\Windows\System\KaAWwIu.exe
  C:\Windows\System\KaAWwIu.exe
  2⤵
  PID:5872
- C:\Windows\System\ksjbupp.exe
  C:\Windows\System\ksjbupp.exe
  2⤵
  PID:5888
- C:\Windows\System\ReyQTNl.exe
  C:\Windows\System\ReyQTNl.exe
  2⤵
  PID:5928
- C:\Windows\System\EfmiSHF.exe
  C:\Windows\System\EfmiSHF.exe
  2⤵
  PID:5944
- C:\Windows\System\QwQOCCa.exe
  C:\Windows\System\QwQOCCa.exe
  2⤵
  PID:5980
- C:\Windows\System\sHtGriz.exe
  C:\Windows\System\sHtGriz.exe
  2⤵
  PID:6004
- C:\Windows\System\KzJVrzI.exe
  C:\Windows\System\KzJVrzI.exe
  2⤵
  PID:6024
- C:\Windows\System\DzRWBSu.exe
  C:\Windows\System\DzRWBSu.exe
  2⤵
  PID:6056
- C:\Windows\System\LGhfQJP.exe
  C:\Windows\System\LGhfQJP.exe
  2⤵
  PID:6084
- C:\Windows\System\iIvqdPu.exe
  C:\Windows\System\iIvqdPu.exe
  2⤵
  PID:6112
- C:\Windows\System\yxaVorY.exe
  C:\Windows\System\yxaVorY.exe
  2⤵
  PID:5128
- C:\Windows\System\AAZJPuU.exe
  C:\Windows\System\AAZJPuU.exe
  2⤵
  PID:5196
- C:\Windows\System\SjAiDyw.exe
  C:\Windows\System\SjAiDyw.exe
  2⤵
  PID:5236
- C:\Windows\System\FRWDxPv.exe
  C:\Windows\System\FRWDxPv.exe
  2⤵
  PID:5336
- C:\Windows\System\PLgwGAn.exe
  C:\Windows\System\PLgwGAn.exe
  2⤵
  PID:5396
- C:\Windows\System\ZdJqdZU.exe
  C:\Windows\System\ZdJqdZU.exe
  2⤵
  PID:5480
- C:\Windows\System\ZUAMAaV.exe
  C:\Windows\System\ZUAMAaV.exe
  2⤵
  PID:5520
- C:\Windows\System\onoVNpu.exe
  C:\Windows\System\onoVNpu.exe
  2⤵
  PID:5576
- C:\Windows\System\WCZpujD.exe
  C:\Windows\System\WCZpujD.exe
  2⤵
  PID:5648
- C:\Windows\System\AMZbXWt.exe
  C:\Windows\System\AMZbXWt.exe
  2⤵
  PID:5716
- C:\Windows\System\hbaSMHQ.exe
  C:\Windows\System\hbaSMHQ.exe
  2⤵
  PID:5780
- C:\Windows\System\rXmtrbB.exe
  C:\Windows\System\rXmtrbB.exe
  2⤵
  PID:5864
- C:\Windows\System\EfRAmeu.exe
  C:\Windows\System\EfRAmeu.exe
  2⤵
  PID:5880
- C:\Windows\System\QoFnroR.exe
  C:\Windows\System\QoFnroR.exe
  2⤵
  PID:5956
- C:\Windows\System\KhbRTyB.exe
  C:\Windows\System\KhbRTyB.exe
  2⤵
  PID:6036
- C:\Windows\System\jEnKXte.exe
  C:\Windows\System\jEnKXte.exe
  2⤵
  PID:6100
- C:\Windows\System\neJliVD.exe
  C:\Windows\System\neJliVD.exe
  2⤵
  PID:5164
- C:\Windows\System\dddVjlR.exe
  C:\Windows\System\dddVjlR.exe
  2⤵
  PID:5384
- C:\Windows\System\UwGyHbP.exe
  C:\Windows\System\UwGyHbP.exe
  2⤵
  PID:5464
- C:\Windows\System\mxhRwjq.exe
  C:\Windows\System\mxhRwjq.exe
  2⤵
  PID:5624
- C:\Windows\System\WhDFnfN.exe
  C:\Windows\System\WhDFnfN.exe
  2⤵
  PID:5912
- C:\Windows\System\DCZmlhf.exe
  C:\Windows\System\DCZmlhf.exe
  2⤵
  PID:5936
- C:\Windows\System\BosFFYR.exe
  C:\Windows\System\BosFFYR.exe
  2⤵
  PID:6072
- C:\Windows\System\kZGJahG.exe
  C:\Windows\System\kZGJahG.exe
  2⤵
  PID:5536
- C:\Windows\System\zhcRJDb.exe
  C:\Windows\System\zhcRJDb.exe
  2⤵
  PID:5748
- C:\Windows\System\JKZtbxP.exe
  C:\Windows\System\JKZtbxP.exe
  2⤵
  PID:6076
- C:\Windows\System\BQXfNNn.exe
  C:\Windows\System\BQXfNNn.exe
  2⤵
  PID:6044
- C:\Windows\System\nqORqkM.exe
  C:\Windows\System\nqORqkM.exe
  2⤵
  PID:6172
- C:\Windows\System\iUrHHPx.exe
  C:\Windows\System\iUrHHPx.exe
  2⤵
  PID:6192
- C:\Windows\System\gCdqmQX.exe
  C:\Windows\System\gCdqmQX.exe
  2⤵
  PID:6220
- C:\Windows\System\tGFpLbZ.exe
  C:\Windows\System\tGFpLbZ.exe
  2⤵
  PID:6248
- C:\Windows\System\lPaiGKY.exe
  C:\Windows\System\lPaiGKY.exe
  2⤵
  PID:6276
- C:\Windows\System\wzuKUsC.exe
  C:\Windows\System\wzuKUsC.exe
  2⤵
  PID:6296
- C:\Windows\System\ELGWJnE.exe
  C:\Windows\System\ELGWJnE.exe
  2⤵
  PID:6328
- C:\Windows\System\BEMuJLT.exe
  C:\Windows\System\BEMuJLT.exe
  2⤵
  PID:6356
- C:\Windows\System\yBMyFes.exe
  C:\Windows\System\yBMyFes.exe
  2⤵
  PID:6392
- C:\Windows\System\iCxCpVN.exe
  C:\Windows\System\iCxCpVN.exe
  2⤵
  PID:6424
- C:\Windows\System\kwPxclx.exe
  C:\Windows\System\kwPxclx.exe
  2⤵
  PID:6448
- C:\Windows\System\HoDxdkC.exe
  C:\Windows\System\HoDxdkC.exe
  2⤵
  PID:6472
- C:\Windows\System\tBjlsyF.exe
  C:\Windows\System\tBjlsyF.exe
  2⤵
  PID:6504
- C:\Windows\System\ztOqLdb.exe
  C:\Windows\System\ztOqLdb.exe
  2⤵
  PID:6524
- C:\Windows\System\kZQGQNp.exe
  C:\Windows\System\kZQGQNp.exe
  2⤵
  PID:6552
- C:\Windows\System\cQjOjCd.exe
  C:\Windows\System\cQjOjCd.exe
  2⤵
  PID:6588
- C:\Windows\System\kdRDmHX.exe
  C:\Windows\System\kdRDmHX.exe
  2⤵
  PID:6608
- C:\Windows\System\mHWohPd.exe
  C:\Windows\System\mHWohPd.exe
  2⤵
  PID:6636
- C:\Windows\System\XiaLLxW.exe
  C:\Windows\System\XiaLLxW.exe
  2⤵
  PID:6664
- C:\Windows\System\rJhcqoZ.exe
  C:\Windows\System\rJhcqoZ.exe
  2⤵
  PID:6692
- C:\Windows\System\iQEURxl.exe
  C:\Windows\System\iQEURxl.exe
  2⤵
  PID:6724
- C:\Windows\System\yplPMve.exe
  C:\Windows\System\yplPMve.exe
  2⤵
  PID:6748
- C:\Windows\System\etQeXHx.exe
  C:\Windows\System\etQeXHx.exe
  2⤵
  PID:6776
- C:\Windows\System\TRUwhtE.exe
  C:\Windows\System\TRUwhtE.exe
  2⤵
  PID:6820
- C:\Windows\System\ZJarwXt.exe
  C:\Windows\System\ZJarwXt.exe
  2⤵
  PID:6848
- C:\Windows\System\DHbfevt.exe
  C:\Windows\System\DHbfevt.exe
  2⤵
  PID:6876
- C:\Windows\System\DNmnapW.exe
  C:\Windows\System\DNmnapW.exe
  2⤵
  PID:6892
- C:\Windows\System\ReUMSsO.exe
  C:\Windows\System\ReUMSsO.exe
  2⤵
  PID:6920
- C:\Windows\System\jgVIFfI.exe
  C:\Windows\System\jgVIFfI.exe
  2⤵
  PID:6948
- C:\Windows\System\bpYnyqG.exe
  C:\Windows\System\bpYnyqG.exe
  2⤵
  PID:6980
- C:\Windows\System\MYTEgou.exe
  C:\Windows\System\MYTEgou.exe
  2⤵
  PID:7004
- C:\Windows\System\itPFGNz.exe
  C:\Windows\System\itPFGNz.exe
  2⤵
  PID:7028
- C:\Windows\System\jzdpdQZ.exe
  C:\Windows\System\jzdpdQZ.exe
  2⤵
  PID:7060
- C:\Windows\System\GJMzxuM.exe
  C:\Windows\System\GJMzxuM.exe
  2⤵
  PID:7076
- C:\Windows\System\YStWnSK.exe
  C:\Windows\System\YStWnSK.exe
  2⤵
  PID:7104
- C:\Windows\System\vCdTlRe.exe
  C:\Windows\System\vCdTlRe.exe
  2⤵
  PID:7132
- C:\Windows\System\hhBHxgh.exe
  C:\Windows\System\hhBHxgh.exe
  2⤵
  PID:6140
- C:\Windows\System\dUQhGgD.exe
  C:\Windows\System\dUQhGgD.exe
  2⤵
  PID:6200
- C:\Windows\System\NHtrnFH.exe
  C:\Windows\System\NHtrnFH.exe
  2⤵
  PID:6236
- C:\Windows\System\vSPGEeM.exe
  C:\Windows\System\vSPGEeM.exe
  2⤵
  PID:6320
- C:\Windows\System\haUdVvt.exe
  C:\Windows\System\haUdVvt.exe
  2⤵
  PID:6344
- C:\Windows\System\CkaJYtp.exe
  C:\Windows\System\CkaJYtp.exe
  2⤵
  PID:6464
- C:\Windows\System\IuvDPkJ.exe
  C:\Windows\System\IuvDPkJ.exe
  2⤵
  PID:6520
- C:\Windows\System\gcZVgOU.exe
  C:\Windows\System\gcZVgOU.exe
  2⤵
  PID:6580
- C:\Windows\System\PKLnTas.exe
  C:\Windows\System\PKLnTas.exe
  2⤵
  PID:6604
- C:\Windows\System\cMLCbMG.exe
  C:\Windows\System\cMLCbMG.exe
  2⤵
  PID:6660
- C:\Windows\System\BSrBAsh.exe
  C:\Windows\System\BSrBAsh.exe
  2⤵
  PID:6736
- C:\Windows\System\NJVZJWS.exe
  C:\Windows\System\NJVZJWS.exe
  2⤵
  PID:6872
- C:\Windows\System\YtcKHvr.exe
  C:\Windows\System\YtcKHvr.exe
  2⤵
  PID:6888
- C:\Windows\System\RTUnnwV.exe
  C:\Windows\System\RTUnnwV.exe
  2⤵
  PID:6976
- C:\Windows\System\PWHBpIZ.exe
  C:\Windows\System\PWHBpIZ.exe
  2⤵
  PID:7052
- C:\Windows\System\pclbtRh.exe
  C:\Windows\System\pclbtRh.exe
  2⤵
  PID:7124
- C:\Windows\System\scHpLnl.exe
  C:\Windows\System\scHpLnl.exe
  2⤵
  PID:6184
- C:\Windows\System\qeLpaat.exe
  C:\Windows\System\qeLpaat.exe
  2⤵
  PID:6288
- C:\Windows\System\GAGVFly.exe
  C:\Windows\System\GAGVFly.exe
  2⤵
  PID:6432
- C:\Windows\System\iWronTr.exe
  C:\Windows\System\iWronTr.exe
  2⤵
  PID:6516
- C:\Windows\System\oRuQmCr.exe
  C:\Windows\System\oRuQmCr.exe
  2⤵
  PID:6732
- C:\Windows\System\iJugaob.exe
  C:\Windows\System\iJugaob.exe
  2⤵
  PID:6884
- C:\Windows\System\yGnJiyI.exe
  C:\Windows\System\yGnJiyI.exe
  2⤵
  PID:7012
- C:\Windows\System\uxmvyiw.exe
  C:\Windows\System\uxmvyiw.exe
  2⤵
  PID:6216
- C:\Windows\System\ClPHFCB.exe
  C:\Windows\System\ClPHFCB.exe
  2⤵
  PID:6624
- C:\Windows\System\RkDOMAh.exe
  C:\Windows\System\RkDOMAh.exe
  2⤵
  PID:6760
- C:\Windows\System\SnfNGjW.exe
  C:\Windows\System\SnfNGjW.exe
  2⤵
  PID:6988
- C:\Windows\System\mEPPxPE.exe
  C:\Windows\System\mEPPxPE.exe
  2⤵
  PID:7152
- C:\Windows\System\toxZUqd.exe
  C:\Windows\System\toxZUqd.exe
  2⤵
  PID:7200
- C:\Windows\System\xYVOdSe.exe
  C:\Windows\System\xYVOdSe.exe
  2⤵
  PID:7216
- C:\Windows\System\CyvBOKq.exe
  C:\Windows\System\CyvBOKq.exe
  2⤵
  PID:7232
- C:\Windows\System\uiRMRwB.exe
  C:\Windows\System\uiRMRwB.exe
  2⤵
  PID:7264
- C:\Windows\System\WFxZEux.exe
  C:\Windows\System\WFxZEux.exe
  2⤵
  PID:7304
- C:\Windows\System\JUOXtkW.exe
  C:\Windows\System\JUOXtkW.exe
  2⤵
  PID:7332
- C:\Windows\System\jzZYQBy.exe
  C:\Windows\System\jzZYQBy.exe
  2⤵
  PID:7372
- C:\Windows\System\HQdFPZx.exe
  C:\Windows\System\HQdFPZx.exe
  2⤵
  PID:7388
- C:\Windows\System\FmCRhyE.exe
  C:\Windows\System\FmCRhyE.exe
  2⤵
  PID:7404
- C:\Windows\System\azcRaJO.exe
  C:\Windows\System\azcRaJO.exe
  2⤵
  PID:7420
- C:\Windows\System\egoIJXu.exe
  C:\Windows\System\egoIJXu.exe
  2⤵
  PID:7440
- C:\Windows\System\RKafFjQ.exe
  C:\Windows\System\RKafFjQ.exe
  2⤵
  PID:7472
- C:\Windows\System\orBImmU.exe
  C:\Windows\System\orBImmU.exe
  2⤵
  PID:7504
- C:\Windows\System\sjUBJfw.exe
  C:\Windows\System\sjUBJfw.exe
  2⤵
  PID:7520
- C:\Windows\System\qmnTbMk.exe
  C:\Windows\System\qmnTbMk.exe
  2⤵
  PID:7552
- C:\Windows\System\DdlWYdP.exe
  C:\Windows\System\DdlWYdP.exe
  2⤵
  PID:7604
- C:\Windows\System\rVSrQjJ.exe
  C:\Windows\System\rVSrQjJ.exe
  2⤵
  PID:7628
- C:\Windows\System\ZKwdCgF.exe
  C:\Windows\System\ZKwdCgF.exe
  2⤵
  PID:7660
- C:\Windows\System\TNBFfzU.exe
  C:\Windows\System\TNBFfzU.exe
  2⤵
  PID:7696
- C:\Windows\System\SkMoxRj.exe
  C:\Windows\System\SkMoxRj.exe
  2⤵
  PID:7716
- C:\Windows\System\wJNeLBe.exe
  C:\Windows\System\wJNeLBe.exe
  2⤵
  PID:7744
- C:\Windows\System\XaKTvnY.exe
  C:\Windows\System\XaKTvnY.exe
  2⤵
  PID:7772
- C:\Windows\System\ZaDTEGi.exe
  C:\Windows\System\ZaDTEGi.exe
  2⤵
  PID:7800
- C:\Windows\System\ygumIHO.exe
  C:\Windows\System\ygumIHO.exe
  2⤵
  PID:7824
- C:\Windows\System\bhLJSir.exe
  C:\Windows\System\bhLJSir.exe
  2⤵
  PID:7856
- C:\Windows\System\gAIxzmX.exe
  C:\Windows\System\gAIxzmX.exe
  2⤵
  PID:7892
- C:\Windows\System\qzoXTiD.exe
  C:\Windows\System\qzoXTiD.exe
  2⤵
  PID:7912
- C:\Windows\System\laxnaqa.exe
  C:\Windows\System\laxnaqa.exe
  2⤵
  PID:7944
- C:\Windows\System\QbCrAod.exe
  C:\Windows\System\QbCrAod.exe
  2⤵
  PID:7984
- C:\Windows\System\lAnGTFm.exe
  C:\Windows\System\lAnGTFm.exe
  2⤵
  PID:8004
- C:\Windows\System\pBmXMjK.exe
  C:\Windows\System\pBmXMjK.exe
  2⤵
  PID:8020
- C:\Windows\System\xsOuGTY.exe
  C:\Windows\System\xsOuGTY.exe
  2⤵
  PID:8056
- C:\Windows\System\vTqNSoy.exe
  C:\Windows\System\vTqNSoy.exe
  2⤵
  PID:8084
- C:\Windows\System\IUSnUoJ.exe
  C:\Windows\System\IUSnUoJ.exe
  2⤵
  PID:8116
- C:\Windows\System\HfvAGav.exe
  C:\Windows\System\HfvAGav.exe
  2⤵
  PID:8144
- C:\Windows\System\YitnDDz.exe
  C:\Windows\System\YitnDDz.exe
  2⤵
  PID:8172
- C:\Windows\System\PvmViCd.exe
  C:\Windows\System\PvmViCd.exe
  2⤵
  PID:7180
- C:\Windows\System\BbHjJTe.exe
  C:\Windows\System\BbHjJTe.exe
  2⤵
  PID:7240
- C:\Windows\System\ntWRFud.exe
  C:\Windows\System\ntWRFud.exe
  2⤵
  PID:7276
- C:\Windows\System\OqiAQiQ.exe
  C:\Windows\System\OqiAQiQ.exe
  2⤵
  PID:7364
- C:\Windows\System\YDPzPTH.exe
  C:\Windows\System\YDPzPTH.exe
  2⤵
  PID:7460
- C:\Windows\System\PGDTbLV.exe
  C:\Windows\System\PGDTbLV.exe
  2⤵
  PID:7496
- C:\Windows\System\yRgDwSf.exe
  C:\Windows\System\yRgDwSf.exe
  2⤵
  PID:7584
- C:\Windows\System\IvurzAS.exe
  C:\Windows\System\IvurzAS.exe
  2⤵
  PID:7620
- C:\Windows\System\dnZghWQ.exe
  C:\Windows\System\dnZghWQ.exe
  2⤵
  PID:7680
- C:\Windows\System\RONHNWI.exe
  C:\Windows\System\RONHNWI.exe
  2⤵
  PID:7796
- C:\Windows\System\rTjcwFp.exe
  C:\Windows\System\rTjcwFp.exe
  2⤵
  PID:7848
- C:\Windows\System\TciWeZs.exe
  C:\Windows\System\TciWeZs.exe
  2⤵
  PID:7900
- C:\Windows\System\WDrLcGl.exe
  C:\Windows\System\WDrLcGl.exe
  2⤵
  PID:7924
- C:\Windows\System\zMHNJxJ.exe
  C:\Windows\System\zMHNJxJ.exe
  2⤵
  PID:8044
- C:\Windows\System\YikyQsS.exe
  C:\Windows\System\YikyQsS.exe
  2⤵
  PID:8104
- C:\Windows\System\FClOJDd.exe
  C:\Windows\System\FClOJDd.exe
  2⤵
  PID:8188
- C:\Windows\System\uGCiQQl.exe
  C:\Windows\System\uGCiQQl.exe
  2⤵
  PID:7224
- C:\Windows\System\eQChgGL.exe
  C:\Windows\System\eQChgGL.exe
  2⤵
  PID:7344
- C:\Windows\System\HSDnlir.exe
  C:\Windows\System\HSDnlir.exe
  2⤵
  PID:7512
- C:\Windows\System\TSnZkmE.exe
  C:\Windows\System\TSnZkmE.exe
  2⤵
  PID:7624
- C:\Windows\System\uZEdNem.exe
  C:\Windows\System\uZEdNem.exe
  2⤵
  PID:7880
- C:\Windows\System\VDZNtKn.exe
  C:\Windows\System\VDZNtKn.exe
  2⤵
  PID:7996
- C:\Windows\System\gDByqHR.exe
  C:\Windows\System\gDByqHR.exe
  2⤵
  PID:8068
- C:\Windows\System\ILmqpyj.exe
  C:\Windows\System\ILmqpyj.exe
  2⤵
  PID:7288
- C:\Windows\System\yScXUze.exe
  C:\Windows\System\yScXUze.exe
  2⤵
  PID:7780
- C:\Windows\System\TOjAXkj.exe
  C:\Windows\System\TOjAXkj.exe
  2⤵
  PID:8080
- C:\Windows\System\mEayqOH.exe
  C:\Windows\System\mEayqOH.exe
  2⤵
  PID:8108
- C:\Windows\System\AexSJZK.exe
  C:\Windows\System\AexSJZK.exe
  2⤵
  PID:7640
- C:\Windows\System\mawhcIG.exe
  C:\Windows\System\mawhcIG.exe
  2⤵
  PID:8220
- C:\Windows\System\SGaAoYn.exe
  C:\Windows\System\SGaAoYn.exe
  2⤵
  PID:8256
- C:\Windows\System\jzfGeoJ.exe
  C:\Windows\System\jzfGeoJ.exe
  2⤵
  PID:8288
- C:\Windows\System\axSKUDN.exe
  C:\Windows\System\axSKUDN.exe
  2⤵
  PID:8308
- C:\Windows\System\EkgTOZj.exe
  C:\Windows\System\EkgTOZj.exe
  2⤵
  PID:8332
- C:\Windows\System\LNvhTiA.exe
  C:\Windows\System\LNvhTiA.exe
  2⤵
  PID:8360
- C:\Windows\System\PzhypUI.exe
  C:\Windows\System\PzhypUI.exe
  2⤵
  PID:8388
- C:\Windows\System\HhVvyfA.exe
  C:\Windows\System\HhVvyfA.exe
  2⤵
  PID:8404
- C:\Windows\System\ZumCAHL.exe
  C:\Windows\System\ZumCAHL.exe
  2⤵
  PID:8444
- C:\Windows\System\weyjnEH.exe
  C:\Windows\System\weyjnEH.exe
  2⤵
  PID:8472
- C:\Windows\System\TtxJztt.exe
  C:\Windows\System\TtxJztt.exe
  2⤵
  PID:8500
- C:\Windows\System\eDFJCsS.exe
  C:\Windows\System\eDFJCsS.exe
  2⤵
  PID:8528
- C:\Windows\System\QvnbkGY.exe
  C:\Windows\System\QvnbkGY.exe
  2⤵
  PID:8564
- C:\Windows\System\qMHdwNb.exe
  C:\Windows\System\qMHdwNb.exe
  2⤵
  PID:8596
- C:\Windows\System\UsbYbWB.exe
  C:\Windows\System\UsbYbWB.exe
  2⤵
  PID:8612
- C:\Windows\System\NPeUhAq.exe
  C:\Windows\System\NPeUhAq.exe
  2⤵
  PID:8640
- C:\Windows\System\rIvZxEW.exe
  C:\Windows\System\rIvZxEW.exe
  2⤵
  PID:8668
- C:\Windows\System\rGXAXRy.exe
  C:\Windows\System\rGXAXRy.exe
  2⤵
  PID:8684
- C:\Windows\System\FKbpfIY.exe
  C:\Windows\System\FKbpfIY.exe
  2⤵
  PID:8724
- C:\Windows\System\eKENCbc.exe
  C:\Windows\System\eKENCbc.exe
  2⤵
  PID:8752
- C:\Windows\System\IjWSKAB.exe
  C:\Windows\System\IjWSKAB.exe
  2⤵
  PID:8772
- C:\Windows\System\BPXsgmx.exe
  C:\Windows\System\BPXsgmx.exe
  2⤵
  PID:8812
- C:\Windows\System\NaDBsCO.exe
  C:\Windows\System\NaDBsCO.exe
  2⤵
  PID:8836
- C:\Windows\System\kBgKHkp.exe
  C:\Windows\System\kBgKHkp.exe
  2⤵
  PID:8864
- C:\Windows\System\pwmovrR.exe
  C:\Windows\System\pwmovrR.exe
  2⤵
  PID:8900
- C:\Windows\System\ImRKwGV.exe
  C:\Windows\System\ImRKwGV.exe
  2⤵
  PID:8932
- C:\Windows\System\LvtyjvN.exe
  C:\Windows\System\LvtyjvN.exe
  2⤵
  PID:8948
- C:\Windows\System\wZHqklc.exe
  C:\Windows\System\wZHqklc.exe
  2⤵
  PID:8984
- C:\Windows\System\AvWAzFy.exe
  C:\Windows\System\AvWAzFy.exe
  2⤵
  PID:9008
- C:\Windows\System\Aawaulh.exe
  C:\Windows\System\Aawaulh.exe
  2⤵
  PID:9032
- C:\Windows\System\yxNfGkB.exe
  C:\Windows\System\yxNfGkB.exe
  2⤵
  PID:9060
- C:\Windows\System\rJQWSYv.exe
  C:\Windows\System\rJQWSYv.exe
  2⤵
  PID:9084
- C:\Windows\System\eaISNOu.exe
  C:\Windows\System\eaISNOu.exe
  2⤵
  PID:9112
- C:\Windows\System\MxOuqdX.exe
  C:\Windows\System\MxOuqdX.exe
  2⤵
  PID:9136
- C:\Windows\System\lxFdgCJ.exe
  C:\Windows\System\lxFdgCJ.exe
  2⤵
  PID:9196
- C:\Windows\System\JJygIno.exe
  C:\Windows\System\JJygIno.exe
  2⤵
  PID:9212
- C:\Windows\System\OXvLGDV.exe
  C:\Windows\System\OXvLGDV.exe
  2⤵
  PID:8248
- C:\Windows\System\IevZPoo.exe
  C:\Windows\System\IevZPoo.exe
  2⤵
  PID:8304
- C:\Windows\System\wbFUlYy.exe
  C:\Windows\System\wbFUlYy.exe
  2⤵
  PID:8328
- C:\Windows\System\XwrhVRV.exe
  C:\Windows\System\XwrhVRV.exe
  2⤵
  PID:8396
- C:\Windows\System\PrTmfqI.exe
  C:\Windows\System\PrTmfqI.exe
  2⤵
  PID:8512
- C:\Windows\System\mCXdewN.exe
  C:\Windows\System\mCXdewN.exe
  2⤵
  PID:8552
- C:\Windows\System\VVsFSwX.exe
  C:\Windows\System\VVsFSwX.exe
  2⤵
  PID:8584
- C:\Windows\System\zawRTcX.exe
  C:\Windows\System\zawRTcX.exe
  2⤵
  PID:8656
- C:\Windows\System\RWaMTCt.exe
  C:\Windows\System\RWaMTCt.exe
  2⤵
  PID:8744
- C:\Windows\System\SPZCqFd.exe
  C:\Windows\System\SPZCqFd.exe
  2⤵
  PID:8780
- C:\Windows\System\dgwMFHb.exe
  C:\Windows\System\dgwMFHb.exe
  2⤵
  PID:8832
- C:\Windows\System\nJjZXPQ.exe
  C:\Windows\System\nJjZXPQ.exe
  2⤵
  PID:8920
- C:\Windows\System\PsjVbCS.exe
  C:\Windows\System\PsjVbCS.exe
  2⤵
  PID:9004
- C:\Windows\System\wUYSelL.exe
  C:\Windows\System\wUYSelL.exe
  2⤵
  PID:9104
- C:\Windows\System\XAbVOoV.exe
  C:\Windows\System\XAbVOoV.exe
  2⤵
  PID:9132
- C:\Windows\System\pMylzeo.exe
  C:\Windows\System\pMylzeo.exe
  2⤵
  PID:8212
- C:\Windows\System\HFMGwZC.exe
  C:\Windows\System\HFMGwZC.exe
  2⤵
  PID:8296
- C:\Windows\System\tDSOAfv.exe
  C:\Windows\System\tDSOAfv.exe
  2⤵
  PID:6412
- C:\Windows\System\BMudMhf.exe
  C:\Windows\System\BMudMhf.exe
  2⤵
  PID:8624
- C:\Windows\System\NbqBtJd.exe
  C:\Windows\System\NbqBtJd.exe
  2⤵
  PID:8704
- C:\Windows\System\RgTufYp.exe
  C:\Windows\System\RgTufYp.exe
  2⤵
  PID:8924
- C:\Windows\System\JOnKkmg.exe
  C:\Windows\System\JOnKkmg.exe
  2⤵
  PID:9072
- C:\Windows\System\gliOrQf.exe
  C:\Windows\System\gliOrQf.exe
  2⤵
  PID:9164
- C:\Windows\System\BASFmwZ.exe
  C:\Windows\System\BASFmwZ.exe
  2⤵
  PID:8460
- C:\Windows\System\VRoicAY.exe
  C:\Windows\System\VRoicAY.exe
  2⤵
  PID:8560
- C:\Windows\System\mIEKLhT.exe
  C:\Windows\System\mIEKLhT.exe
  2⤵
  PID:9124
- C:\Windows\System\HYXkuAQ.exe
  C:\Windows\System\HYXkuAQ.exe
  2⤵
  PID:8972
- C:\Windows\System\dxWflaS.exe
  C:\Windows\System\dxWflaS.exe
  2⤵
  PID:8896
- C:\Windows\System\MvxGKRl.exe
  C:\Windows\System\MvxGKRl.exe
  2⤵
  PID:9224
- C:\Windows\System\KePESdO.exe
  C:\Windows\System\KePESdO.exe
  2⤵
  PID:9256
- C:\Windows\System\ZKGDXBF.exe
  C:\Windows\System\ZKGDXBF.exe
  2⤵
  PID:9296
- C:\Windows\System\fcENWzz.exe
  C:\Windows\System\fcENWzz.exe
  2⤵
  PID:9316
- C:\Windows\System\thSYtkT.exe
  C:\Windows\System\thSYtkT.exe
  2⤵
  PID:9348
- C:\Windows\System\lJyjYtJ.exe
  C:\Windows\System\lJyjYtJ.exe
  2⤵
  PID:9372
- C:\Windows\System\iLatUOs.exe
  C:\Windows\System\iLatUOs.exe
  2⤵
  PID:9388
- C:\Windows\System\KcMvZsA.exe
  C:\Windows\System\KcMvZsA.exe
  2⤵
  PID:9420
- C:\Windows\System\QCWrFHS.exe
  C:\Windows\System\QCWrFHS.exe
  2⤵
  PID:9452
- C:\Windows\System\VLMYcyT.exe
  C:\Windows\System\VLMYcyT.exe
  2⤵
  PID:9484
- C:\Windows\System\NghEkOh.exe
  C:\Windows\System\NghEkOh.exe
  2⤵
  PID:9512
- C:\Windows\System\Eomzuaa.exe
  C:\Windows\System\Eomzuaa.exe
  2⤵
  PID:9548
- C:\Windows\System\sgLvqiq.exe
  C:\Windows\System\sgLvqiq.exe
  2⤵
  PID:9576
- C:\Windows\System\XJkKKat.exe
  C:\Windows\System\XJkKKat.exe
  2⤵
  PID:9620
- C:\Windows\System\FlBCmsJ.exe
  C:\Windows\System\FlBCmsJ.exe
  2⤵
  PID:9640
- C:\Windows\System\MvOtiGf.exe
  C:\Windows\System\MvOtiGf.exe
  2⤵
  PID:9656
- C:\Windows\System\bnWvoHH.exe
  C:\Windows\System\bnWvoHH.exe
  2⤵
  PID:9692
- C:\Windows\System\HQoGFuQ.exe
  C:\Windows\System\HQoGFuQ.exe
  2⤵
  PID:9724
- C:\Windows\System\JAoUkaJ.exe
  C:\Windows\System\JAoUkaJ.exe
  2⤵
  PID:9756
- C:\Windows\System\CMCiBTc.exe
  C:\Windows\System\CMCiBTc.exe
  2⤵
  PID:9784
- C:\Windows\System\GolCkbU.exe
  C:\Windows\System\GolCkbU.exe
  2⤵
  PID:9820
- C:\Windows\System\HvKxfhp.exe
  C:\Windows\System\HvKxfhp.exe
  2⤵
  PID:9848
- C:\Windows\System\kmYPpQy.exe
  C:\Windows\System\kmYPpQy.exe
  2⤵
  PID:9864
- C:\Windows\System\nzZldxh.exe
  C:\Windows\System\nzZldxh.exe
  2⤵
  PID:9892
- C:\Windows\System\EfNrlSl.exe
  C:\Windows\System\EfNrlSl.exe
  2⤵
  PID:9924
- C:\Windows\System\GKEtxcs.exe
  C:\Windows\System\GKEtxcs.exe
  2⤵
  PID:9948
- C:\Windows\System\eRSLATI.exe
  C:\Windows\System\eRSLATI.exe
  2⤵
  PID:9988
- C:\Windows\System\svjhExB.exe
  C:\Windows\System\svjhExB.exe
  2⤵
  PID:10016
- C:\Windows\System\SVdlqmF.exe
  C:\Windows\System\SVdlqmF.exe
  2⤵
  PID:10044
- C:\Windows\System\KUGXUXn.exe
  C:\Windows\System\KUGXUXn.exe
  2⤵
  PID:10072
- C:\Windows\System\vBGLSWL.exe
  C:\Windows\System\vBGLSWL.exe
  2⤵
  PID:10100
- C:\Windows\System\jbRQSeT.exe
  C:\Windows\System\jbRQSeT.exe
  2⤵
  PID:10128
- C:\Windows\System\SdvHCJJ.exe
  C:\Windows\System\SdvHCJJ.exe
  2⤵
  PID:10144
- C:\Windows\System\vYyYJTH.exe
  C:\Windows\System\vYyYJTH.exe
  2⤵
  PID:10164
- C:\Windows\System\YZmcaRY.exe
  C:\Windows\System\YZmcaRY.exe
  2⤵
  PID:10188
- C:\Windows\System\CoRunUM.exe
  C:\Windows\System\CoRunUM.exe
  2⤵
  PID:10212
- C:\Windows\System\MdqrLMj.exe
  C:\Windows\System\MdqrLMj.exe
  2⤵
  PID:9096
- C:\Windows\System\AUYvnWE.exe
  C:\Windows\System\AUYvnWE.exe
  2⤵
  PID:9232
- C:\Windows\System\uBxPvci.exe
  C:\Windows\System\uBxPvci.exe
  2⤵
  PID:9328
- C:\Windows\System\ioAxmIY.exe
  C:\Windows\System\ioAxmIY.exe
  2⤵
  PID:9436
- C:\Windows\System\LrQVhug.exe
  C:\Windows\System\LrQVhug.exe
  2⤵
  PID:9500
- C:\Windows\System\PTGRhYb.exe
  C:\Windows\System\PTGRhYb.exe
  2⤵
  PID:9596
- C:\Windows\System\HzjCvdv.exe
  C:\Windows\System\HzjCvdv.exe
  2⤵
  PID:9648
- C:\Windows\System\bxYsmRn.exe
  C:\Windows\System\bxYsmRn.exe
  2⤵
  PID:9716
- C:\Windows\System\HyKyxKj.exe
  C:\Windows\System\HyKyxKj.exe
  2⤵
  PID:9812
- C:\Windows\System\IMqZlOd.exe
  C:\Windows\System\IMqZlOd.exe
  2⤵
  PID:9832
- C:\Windows\System\GRWMdCx.exe
  C:\Windows\System\GRWMdCx.exe
  2⤵
  PID:9968
- C:\Windows\System\WQTDspR.exe
  C:\Windows\System\WQTDspR.exe
  2⤵
  PID:10000
- C:\Windows\System\tFVfVvl.exe
  C:\Windows\System\tFVfVvl.exe
  2⤵
  PID:10056
- C:\Windows\System\jEZhsWF.exe
  C:\Windows\System\jEZhsWF.exe
  2⤵
  PID:10136
- C:\Windows\System\UHursXo.exe
  C:\Windows\System\UHursXo.exe
  2⤵
  PID:10232
- C:\Windows\System\ViIEQyJ.exe
  C:\Windows\System\ViIEQyJ.exe
  2⤵
  PID:10224
- C:\Windows\System\HKlpxCg.exe
  C:\Windows\System\HKlpxCg.exe
  2⤵
  PID:8804
- C:\Windows\System\ZxrkOVD.exe
  C:\Windows\System\ZxrkOVD.exe
  2⤵
  PID:9560
- C:\Windows\System\zmmjgRm.exe
  C:\Windows\System\zmmjgRm.exe
  2⤵
  PID:9676
- C:\Windows\System\uuwnxgE.exe
  C:\Windows\System\uuwnxgE.exe
  2⤵
  PID:9880
- C:\Windows\System\bWcLGYH.exe
  C:\Windows\System\bWcLGYH.exe
  2⤵
  PID:10004
- C:\Windows\System\obgZnnG.exe
  C:\Windows\System\obgZnnG.exe
  2⤵
  PID:10208
- C:\Windows\System\ORKhHsf.exe
  C:\Windows\System\ORKhHsf.exe
  2⤵
  PID:9632
- C:\Windows\System\XoIyqci.exe
  C:\Windows\System\XoIyqci.exe
  2⤵
  PID:9808
- C:\Windows\System\SGnAnlk.exe
  C:\Windows\System\SGnAnlk.exe
  2⤵
  PID:10180
- C:\Windows\System\suKxBXb.exe
  C:\Windows\System\suKxBXb.exe
  2⤵
  PID:9960
- C:\Windows\System\QIYPTzX.exe
  C:\Windows\System\QIYPTzX.exe
  2⤵
  PID:10260
- C:\Windows\System\YOfLNXe.exe
  C:\Windows\System\YOfLNXe.exe
  2⤵
  PID:10276
- C:\Windows\System\mouvqrA.exe
  C:\Windows\System\mouvqrA.exe
  2⤵
  PID:10300
- C:\Windows\System\rLenlmC.exe
  C:\Windows\System\rLenlmC.exe
  2⤵
  PID:10332
- C:\Windows\System\GrxhvGH.exe
  C:\Windows\System\GrxhvGH.exe
  2⤵
  PID:10352
- C:\Windows\System\YnLJqhl.exe
  C:\Windows\System\YnLJqhl.exe
  2⤵
  PID:10388
- C:\Windows\System\rbzvvzj.exe
  C:\Windows\System\rbzvvzj.exe
  2⤵
  PID:10412
- C:\Windows\System\HNNaTWK.exe
  C:\Windows\System\HNNaTWK.exe
  2⤵
  PID:10444
- C:\Windows\System\mrcVREc.exe
  C:\Windows\System\mrcVREc.exe
  2⤵
  PID:10472
- C:\Windows\System\ykKKgRx.exe
  C:\Windows\System\ykKKgRx.exe
  2⤵
  PID:10508
- C:\Windows\System\AiUJRsQ.exe
  C:\Windows\System\AiUJRsQ.exe
  2⤵
  PID:10532
- C:\Windows\System\PxMsNNX.exe
  C:\Windows\System\PxMsNNX.exe
  2⤵
  PID:10564
- C:\Windows\System\eBvvCsm.exe
  C:\Windows\System\eBvvCsm.exe
  2⤵
  PID:10588
- C:\Windows\System\xBBKUOW.exe
  C:\Windows\System\xBBKUOW.exe
  2⤵
  PID:10612
- C:\Windows\System\dXfPoZU.exe
  C:\Windows\System\dXfPoZU.exe
  2⤵
  PID:10644
- C:\Windows\System\lmJjGIX.exe
  C:\Windows\System\lmJjGIX.exe
  2⤵
  PID:10668
- C:\Windows\System\HJkhzZx.exe
  C:\Windows\System\HJkhzZx.exe
  2⤵
  PID:10696
- C:\Windows\System\FIhALgM.exe
  C:\Windows\System\FIhALgM.exe
  2⤵
  PID:10732
- C:\Windows\System\XGiBwLy.exe
  C:\Windows\System\XGiBwLy.exe
  2⤵
  PID:10760
- C:\Windows\System\ZAwPXmn.exe
  C:\Windows\System\ZAwPXmn.exe
  2⤵
  PID:10776
- C:\Windows\System\DcJBsPu.exe
  C:\Windows\System\DcJBsPu.exe
  2⤵
  PID:10808
- C:\Windows\System\ySAELAD.exe
  C:\Windows\System\ySAELAD.exe
  2⤵
  PID:10836
- C:\Windows\System\qKwUzeV.exe
  C:\Windows\System\qKwUzeV.exe
  2⤵
  PID:10872
- C:\Windows\System\VnSHlPd.exe
  C:\Windows\System\VnSHlPd.exe
  2⤵
  PID:10896
- C:\Windows\System\MxHGBnw.exe
  C:\Windows\System\MxHGBnw.exe
  2⤵
  PID:10924
- C:\Windows\System\RLVHAaz.exe
  C:\Windows\System\RLVHAaz.exe
  2⤵
  PID:10948
- C:\Windows\System\HSOHqKo.exe
  C:\Windows\System\HSOHqKo.exe
  2⤵
  PID:10964
- C:\Windows\System\eoaXint.exe
  C:\Windows\System\eoaXint.exe
  2⤵
  PID:10996
- C:\Windows\System\Dshvpvs.exe
  C:\Windows\System\Dshvpvs.exe
  2⤵
  PID:11032
- C:\Windows\System\nqzKbAa.exe
  C:\Windows\System\nqzKbAa.exe
  2⤵
  PID:11048
- C:\Windows\System\lIsAKux.exe
  C:\Windows\System\lIsAKux.exe
  2⤵
  PID:11068
- C:\Windows\System\BqssnWE.exe
  C:\Windows\System\BqssnWE.exe
  2⤵
  PID:11088
- C:\Windows\System\gYskImk.exe
  C:\Windows\System\gYskImk.exe
  2⤵
  PID:11112
- C:\Windows\System\pzVyqbo.exe
  C:\Windows\System\pzVyqbo.exe
  2⤵
  PID:11136
- C:\Windows\System\qcHwKir.exe
  C:\Windows\System\qcHwKir.exe
  2⤵
  PID:11164
- C:\Windows\System\jopQoUP.exe
  C:\Windows\System\jopQoUP.exe
  2⤵
  PID:11200
- C:\Windows\System\WWmChIU.exe
  C:\Windows\System\WWmChIU.exe
  2⤵
  PID:11228
- C:\Windows\System\DWJIPHX.exe
  C:\Windows\System\DWJIPHX.exe
  2⤵
  PID:10244
- C:\Windows\System\zgBlbdH.exe
  C:\Windows\System\zgBlbdH.exe
  2⤵
  PID:10284
- C:\Windows\System\kmSjgmF.exe
  C:\Windows\System\kmSjgmF.exe
  2⤵
  PID:10376
- C:\Windows\System\rSpnjKm.exe
  C:\Windows\System\rSpnjKm.exe
  2⤵
  PID:10396
- C:\Windows\System\QpYHfCs.exe
  C:\Windows\System\QpYHfCs.exe
  2⤵
  PID:10464
- C:\Windows\System\namBVQU.exe
  C:\Windows\System\namBVQU.exe
  2⤵
  PID:10528
- C:\Windows\System\HSsUgga.exe
  C:\Windows\System\HSsUgga.exe
  2⤵
  PID:10624
- C:\Windows\System\WGFSFeV.exe
  C:\Windows\System\WGFSFeV.exe
  2⤵
  PID:10680
- C:\Windows\System\bHBHDrq.exe
  C:\Windows\System\bHBHDrq.exe
  2⤵
  PID:10744
- C:\Windows\System\oASysNC.exe
  C:\Windows\System\oASysNC.exe
  2⤵
  PID:10824
- C:\Windows\System\lwsoVJg.exe
  C:\Windows\System\lwsoVJg.exe
  2⤵
  PID:10888
- C:\Windows\System\wydVzji.exe
  C:\Windows\System\wydVzji.exe
  2⤵
  PID:10916
- C:\Windows\System\aESUhnT.exe
  C:\Windows\System\aESUhnT.exe
  2⤵
  PID:11020
- C:\Windows\System\nOfSRHU.exe
  C:\Windows\System\nOfSRHU.exe
  2⤵
  PID:11060
- C:\Windows\System\Urdruih.exe
  C:\Windows\System\Urdruih.exe
  2⤵
  PID:11180
- C:\Windows\System\jgIwnZk.exe
  C:\Windows\System\jgIwnZk.exe
  2⤵
  PID:11124
- C:\Windows\System\RQXRSga.exe
  C:\Windows\System\RQXRSga.exe
  2⤵
  PID:11260
- C:\Windows\System\sxGCqaw.exe
  C:\Windows\System\sxGCqaw.exe
  2⤵
  PID:10432
- C:\Windows\System\ZLOGbaG.exe
  C:\Windows\System\ZLOGbaG.exe
  2⤵
  PID:10688
- C:\Windows\System\QPrHTMk.exe
  C:\Windows\System\QPrHTMk.exe
  2⤵
  PID:10792
- C:\Windows\System\tDukOTA.exe
  C:\Windows\System\tDukOTA.exe
  2⤵
  PID:10988
- C:\Windows\System\OxltgRc.exe
  C:\Windows\System\OxltgRc.exe
  2⤵
  PID:11240
- C:\Windows\System\JJQyyHt.exe
  C:\Windows\System\JJQyyHt.exe
  2⤵
  PID:11120
- C:\Windows\System\HXZKsoc.exe
  C:\Windows\System\HXZKsoc.exe
  2⤵
  PID:10560
- C:\Windows\System\hobmrxO.exe
  C:\Windows\System\hobmrxO.exe
  2⤵
  PID:10976
- C:\Windows\System\MUNovVo.exe
  C:\Windows\System\MUNovVo.exe
  2⤵
  PID:11040
- C:\Windows\System\PMJBZbi.exe
  C:\Windows\System\PMJBZbi.exe
  2⤵
  PID:10664
- C:\Windows\System\pzfqqXK.exe
  C:\Windows\System\pzfqqXK.exe
  2⤵
  PID:11276
- C:\Windows\System\VhPpNYj.exe
  C:\Windows\System\VhPpNYj.exe
  2⤵
  PID:11308
- C:\Windows\System\wpRyRGR.exe
  C:\Windows\System\wpRyRGR.exe
  2⤵
  PID:11328
- C:\Windows\System\aGBhMnf.exe
  C:\Windows\System\aGBhMnf.exe
  2⤵
  PID:11372
- C:\Windows\System\IhPSkDG.exe
  C:\Windows\System\IhPSkDG.exe
  2⤵
  PID:11396
- C:\Windows\System\huLGMdF.exe
  C:\Windows\System\huLGMdF.exe
  2⤵
  PID:11420
- C:\Windows\System\ITTZWpJ.exe
  C:\Windows\System\ITTZWpJ.exe
  2⤵
  PID:11448
- C:\Windows\System\gFulcJJ.exe
  C:\Windows\System\gFulcJJ.exe
  2⤵
  PID:11480
- C:\Windows\System\KSQKJVT.exe
  C:\Windows\System\KSQKJVT.exe
  2⤵
  PID:11504
- C:\Windows\System\gaYzDpk.exe
  C:\Windows\System\gaYzDpk.exe
  2⤵
  PID:11536
- C:\Windows\System\fJufeSd.exe
  C:\Windows\System\fJufeSd.exe
  2⤵
  PID:11556
- C:\Windows\System\rloCyfw.exe
  C:\Windows\System\rloCyfw.exe
  2⤵
  PID:11580
- C:\Windows\System\ZTdjMss.exe
  C:\Windows\System\ZTdjMss.exe
  2⤵
  PID:11608
- C:\Windows\System\LpYmcoJ.exe
  C:\Windows\System\LpYmcoJ.exe
  2⤵
  PID:11640
- C:\Windows\System\IkOdTwc.exe
  C:\Windows\System\IkOdTwc.exe
  2⤵
  PID:11664
- C:\Windows\System\iabZIjk.exe
  C:\Windows\System\iabZIjk.exe
  2⤵
  PID:11704
- C:\Windows\System\yujkdLH.exe
  C:\Windows\System\yujkdLH.exe
  2⤵
  PID:11728
- C:\Windows\System\BLseImv.exe
  C:\Windows\System\BLseImv.exe
  2⤵
  PID:11764
- C:\Windows\System\zxjknRl.exe
  C:\Windows\System\zxjknRl.exe
  2⤵
  PID:11800
- C:\Windows\System\BVzSRJL.exe
  C:\Windows\System\BVzSRJL.exe
  2⤵
  PID:11824
- C:\Windows\System\TCcJZTF.exe
  C:\Windows\System\TCcJZTF.exe
  2⤵
  PID:11852
- C:\Windows\System\mjIHCvO.exe
  C:\Windows\System\mjIHCvO.exe
  2⤵
  PID:11880
- C:\Windows\System\shuEKAf.exe
  C:\Windows\System\shuEKAf.exe
  2⤵
  PID:11916
- C:\Windows\System\vfbKEKf.exe
  C:\Windows\System\vfbKEKf.exe
  2⤵
  PID:11936
- C:\Windows\System\AsHWLoW.exe
  C:\Windows\System\AsHWLoW.exe
  2⤵
  PID:11952
- C:\Windows\System\RxkzHKp.exe
  C:\Windows\System\RxkzHKp.exe
  2⤵
  PID:11992
- C:\Windows\System\VYYjJUv.exe
  C:\Windows\System\VYYjJUv.exe
  2⤵
  PID:12008
- C:\Windows\System\gzIIbFO.exe
  C:\Windows\System\gzIIbFO.exe
  2⤵
  PID:12024
- C:\Windows\System\mgQqane.exe
  C:\Windows\System\mgQqane.exe
  2⤵
  PID:12056
- C:\Windows\System\bAQHrQd.exe
  C:\Windows\System\bAQHrQd.exe
  2⤵
  PID:12088
- C:\Windows\System\zdNGNim.exe
  C:\Windows\System\zdNGNim.exe
  2⤵
  PID:12116
- C:\Windows\System\EzUqwXB.exe
  C:\Windows\System\EzUqwXB.exe
  2⤵
  PID:12156
- C:\Windows\System\dvTVkDx.exe
  C:\Windows\System\dvTVkDx.exe
  2⤵
  PID:12180
- C:\Windows\System\VsIJyTC.exe
  C:\Windows\System\VsIJyTC.exe
  2⤵
  PID:12204
- C:\Windows\System\WSAfPAE.exe
  C:\Windows\System\WSAfPAE.exe
  2⤵
  PID:12240
- C:\Windows\System\uSYDXFZ.exe
  C:\Windows\System\uSYDXFZ.exe
  2⤵
  PID:12272
- C:\Windows\System\KlaTAWR.exe
  C:\Windows\System\KlaTAWR.exe
  2⤵
  PID:10940
- C:\Windows\System\oFKPOvW.exe
  C:\Windows\System\oFKPOvW.exe
  2⤵
  PID:11324
- C:\Windows\System\lFLiIRD.exe
  C:\Windows\System\lFLiIRD.exe
  2⤵
  PID:11412
- C:\Windows\System\IXZGsrs.exe
  C:\Windows\System\IXZGsrs.exe
  2⤵
  PID:11436
- C:\Windows\System\ZfDoONo.exe
  C:\Windows\System\ZfDoONo.exe
  2⤵
  PID:11524
- C:\Windows\System\PQavchR.exe
  C:\Windows\System\PQavchR.exe
  2⤵
  PID:11596
- C:\Windows\System\aaRqvby.exe
  C:\Windows\System\aaRqvby.exe
  2⤵
  PID:11652
- C:\Windows\System\FvtJHkG.exe
  C:\Windows\System\FvtJHkG.exe
  2⤵
  PID:11724
- C:\Windows\System\ALXMvrv.exe
  C:\Windows\System\ALXMvrv.exe
  2⤵
  PID:11808
- C:\Windows\System\CRWvGYd.exe
  C:\Windows\System\CRWvGYd.exe
  2⤵
  PID:11896
- C:\Windows\System\WLUOyki.exe
  C:\Windows\System\WLUOyki.exe
  2⤵
  PID:11944
- C:\Windows\System\jIPkkyW.exe
  C:\Windows\System\jIPkkyW.exe
  2⤵
  PID:11972
- C:\Windows\System\bWymHyD.exe
  C:\Windows\System\bWymHyD.exe
  2⤵
  PID:12052
- C:\Windows\System\dSkHPBf.exe
  C:\Windows\System\dSkHPBf.exe
  2⤵
  PID:12048
- C:\Windows\System\NGPFPrS.exe
  C:\Windows\System\NGPFPrS.exe
  2⤵
  PID:12188
- C:\Windows\System\bPcTgdu.exe
  C:\Windows\System\bPcTgdu.exe
  2⤵
  PID:12260
- C:\Windows\System\ciRjuIe.exe
  C:\Windows\System\ciRjuIe.exe
  2⤵
  PID:11296
- C:\Windows\System\hJLmbUi.exe
  C:\Windows\System\hJLmbUi.exe
  2⤵
  PID:11472
- C:\Windows\System\rpdGSOE.exe
  C:\Windows\System\rpdGSOE.exe
  2⤵
  PID:11636
- C:\Windows\System\xsZdpHE.exe
  C:\Windows\System\xsZdpHE.exe
  2⤵
  PID:11756
- C:\Windows\System\KsxfMzu.exe
  C:\Windows\System\KsxfMzu.exe
  2⤵
  PID:11964
- C:\Windows\System\elHzcFy.exe
  C:\Windows\System\elHzcFy.exe
  2⤵
  PID:12128
- C:\Windows\System\BXcUIoI.exe
  C:\Windows\System\BXcUIoI.exe
  2⤵
  PID:10252
- C:\Windows\System\EhjGBDh.exe
  C:\Windows\System\EhjGBDh.exe
  2⤵
  PID:11388
- C:\Windows\System\FHzCBQq.exe
  C:\Windows\System\FHzCBQq.exe
  2⤵
  PID:11816
- C:\Windows\System\LUjEjwR.exe
  C:\Windows\System\LUjEjwR.exe
  2⤵
  PID:12256
- C:\Windows\System\FceXCYF.exe
  C:\Windows\System\FceXCYF.exe
  2⤵
  PID:11684
- C:\Windows\System\OVBpIJA.exe
  C:\Windows\System\OVBpIJA.exe
  2⤵
  PID:11380
- C:\Windows\System\OmSpbVc.exe
  C:\Windows\System\OmSpbVc.exe
  2⤵
  PID:12316
- C:\Windows\System\AtZyVce.exe
  C:\Windows\System\AtZyVce.exe
  2⤵
  PID:12352
- C:\Windows\System\KplkJbC.exe
  C:\Windows\System\KplkJbC.exe
  2⤵
  PID:12372
- C:\Windows\System\MTihDch.exe
  C:\Windows\System\MTihDch.exe
  2⤵
  PID:12412
- C:\Windows\System\JdkKIrh.exe
  C:\Windows\System\JdkKIrh.exe
  2⤵
  PID:12436
- C:\Windows\System\yApXEeZ.exe
  C:\Windows\System\yApXEeZ.exe
  2⤵
  PID:12464
- C:\Windows\System\XtLWBbw.exe
  C:\Windows\System\XtLWBbw.exe
  2⤵
  PID:12492
- C:\Windows\System\foHqHtA.exe
  C:\Windows\System\foHqHtA.exe
  2⤵
  PID:12516
- C:\Windows\System\CMIruDd.exe
  C:\Windows\System\CMIruDd.exe
  2⤵
  PID:12536
- C:\Windows\System\FeQPWFL.exe
  C:\Windows\System\FeQPWFL.exe
  2⤵
  PID:12552
- C:\Windows\System\LsuKZKw.exe
  C:\Windows\System\LsuKZKw.exe
  2⤵
  PID:12584
- C:\Windows\System\KXLfjNb.exe
  C:\Windows\System\KXLfjNb.exe
  2⤵
  PID:12624
- C:\Windows\System\KHyzSJz.exe
  C:\Windows\System\KHyzSJz.exe
  2⤵
  PID:12660
- C:\Windows\System\dksTyjD.exe
  C:\Windows\System\dksTyjD.exe
  2⤵
  PID:12684
- C:\Windows\System\duwNOTE.exe
  C:\Windows\System\duwNOTE.exe
  2⤵
  PID:12704
- C:\Windows\System\sOLnEgs.exe
  C:\Windows\System\sOLnEgs.exe
  2⤵
  PID:12736
- C:\Windows\System\ISMgGaR.exe
  C:\Windows\System\ISMgGaR.exe
  2⤵
  PID:12780
- C:\Windows\System\mQFTuDD.exe
  C:\Windows\System\mQFTuDD.exe
  2⤵
  PID:12804
- C:\Windows\System\jLyQwZu.exe
  C:\Windows\System\jLyQwZu.exe
  2⤵
  PID:12836
- C:\Windows\System\fQmUzVV.exe
  C:\Windows\System\fQmUzVV.exe
  2⤵
  PID:12872
- C:\Windows\System\StnHSfF.exe
  C:\Windows\System\StnHSfF.exe
  2⤵
  PID:12888
- C:\Windows\System\ecwaIQT.exe
  C:\Windows\System\ecwaIQT.exe
  2⤵
  PID:12908
- C:\Windows\System\pivTUeK.exe
  C:\Windows\System\pivTUeK.exe
  2⤵
  PID:12940
- C:\Windows\System\ZqddKyU.exe
  C:\Windows\System\ZqddKyU.exe
  2⤵
  PID:12960
- C:\Windows\System\ouvibCP.exe
  C:\Windows\System\ouvibCP.exe
  2⤵
  PID:12988
- C:\Windows\System\fgGBvex.exe
  C:\Windows\System\fgGBvex.exe
  2⤵
  PID:13020
- C:\Windows\System\cWjtikV.exe
  C:\Windows\System\cWjtikV.exe
  2⤵
  PID:13056
- C:\Windows\System\MUJAoqx.exe
  C:\Windows\System\MUJAoqx.exe
  2⤵
  PID:13084
- C:\Windows\System\LqePTeI.exe
  C:\Windows\System\LqePTeI.exe
  2⤵
  PID:13112
- C:\Windows\System\zdzIuhY.exe
  C:\Windows\System\zdzIuhY.exe
  2⤵
  PID:13132
- C:\Windows\System\bcCeVtI.exe
  C:\Windows\System\bcCeVtI.exe
  2⤵
  PID:13160
- C:\Windows\System\qgtFgKg.exe
  C:\Windows\System\qgtFgKg.exe
  2⤵
  PID:13196
- C:\Windows\System\ieznryg.exe
  C:\Windows\System\ieznryg.exe
  2⤵
  PID:13224
- C:\Windows\System\bzLArfp.exe
  C:\Windows\System\bzLArfp.exe
  2⤵
  PID:13252
- C:\Windows\System\aofSyIY.exe
  C:\Windows\System\aofSyIY.exe
  2⤵
  PID:13284
- C:\Windows\System\qtNcGNj.exe
  C:\Windows\System\qtNcGNj.exe
  2⤵
  PID:11460
- C:\Windows\System\cqkOiMr.exe
  C:\Windows\System\cqkOiMr.exe
  2⤵
  PID:12336
- C:\Windows\System\tagSAZn.exe
  C:\Windows\System\tagSAZn.exe
  2⤵
  PID:12368
- C:\Windows\System\pPMuVYw.exe
  C:\Windows\System\pPMuVYw.exe
  2⤵
  PID:12476
- C:\Windows\System\YQtHPOa.exe
  C:\Windows\System\YQtHPOa.exe
  2⤵
  PID:12548
- C:\Windows\System\HHidOSG.exe
  C:\Windows\System\HHidOSG.exe
  2⤵
  PID:12580
- C:\Windows\System\JUBHNej.exe
  C:\Windows\System\JUBHNej.exe
  2⤵
  PID:12652
- C:\Windows\System\mQWksIE.exe
  C:\Windows\System\mQWksIE.exe
  2⤵
  PID:12696
- C:\Windows\System\ExeFKAH.exe
  C:\Windows\System\ExeFKAH.exe
  2⤵
  PID:12768
- C:\Windows\System\gSPtlXX.exe
  C:\Windows\System\gSPtlXX.exe
  2⤵
  PID:12832
- C:\Windows\System\ubhcfea.exe
  C:\Windows\System\ubhcfea.exe
  2⤵
  PID:12884
- C:\Windows\System\WshgRir.exe
  C:\Windows\System\WshgRir.exe
  2⤵
  PID:12880
- C:\Windows\System\hYbVScU.exe
  C:\Windows\System\hYbVScU.exe
  2⤵
  PID:12976
- C:\Windows\System\BlnFhPa.exe
  C:\Windows\System\BlnFhPa.exe
  2⤵
  PID:13068
- C:\Windows\System\BJthoiH.exe
  C:\Windows\System\BJthoiH.exe
  2⤵
  PID:13080
- C:\Windows\System\jeEtzSk.exe
  C:\Windows\System\jeEtzSk.exe
  2⤵
  PID:13212
- C:\Windows\System\AhmbmYc.exe
  C:\Windows\System\AhmbmYc.exe
  2⤵
  PID:13244
- C:\Windows\System\sidZBKo.exe
  C:\Windows\System\sidZBKo.exe
  2⤵
  PID:12348
- C:\Windows\System\dCgjJWt.exe
  C:\Windows\System\dCgjJWt.exe
  2⤵
  PID:12332
- C:\Windows\System\hnEBDqm.exe
  C:\Windows\System\hnEBDqm.exe
  2⤵
  PID:12480
- C:\Windows\System\lZKNyHt.exe
  C:\Windows\System\lZKNyHt.exe
  2⤵
  PID:12672
- C:\Windows\System\EcVnnpK.exe
  C:\Windows\System\EcVnnpK.exe
  2⤵
  PID:12864
- C:\Windows\System\RFHNBDs.exe
  C:\Windows\System\RFHNBDs.exe
  2⤵
  PID:13052
- C:\Windows\System\UAjIKYY.exe
  C:\Windows\System\UAjIKYY.exe
  2⤵
  PID:12956
- C:\Windows\System\OPtpAiq.exe
  C:\Windows\System\OPtpAiq.exe
  2⤵
  PID:13264
- C:\Windows\System\RoQsqzN.exe
  C:\Windows\System\RoQsqzN.exe
  2⤵
  PID:12296
- C:\Windows\System\FQkNskX.exe
  C:\Windows\System\FQkNskX.exe
  2⤵
  PID:13004
- C:\Windows\System\wlSZekE.exe
  C:\Windows\System\wlSZekE.exe
  2⤵
  PID:12972
- C:\Windows\System\ptbmVZJ.exe
  C:\Windows\System\ptbmVZJ.exe
  2⤵
  PID:11364
- C:\Windows\System\oEjajZB.exe
  C:\Windows\System\oEjajZB.exe
  2⤵
  PID:12932
- C:\Windows\System\pbXyege.exe
  C:\Windows\System\pbXyege.exe
  2⤵
  PID:13316
- C:\Windows\System\wxWQTGa.exe
  C:\Windows\System\wxWQTGa.exe
  2⤵
  PID:13332
- C:\Windows\System\AtvwCcQ.exe
  C:\Windows\System\AtvwCcQ.exe
  2⤵
  PID:13360
- C:\Windows\System\UTsJNHS.exe
  C:\Windows\System\UTsJNHS.exe
  2⤵
  PID:13392
- C:\Windows\System\IBLNeBE.exe
  C:\Windows\System\IBLNeBE.exe
  2⤵
  PID:13416
- C:\Windows\System\cgtpcxY.exe
  C:\Windows\System\cgtpcxY.exe
  2⤵
  PID:13440
- C:\Windows\System\xPKKELe.exe
  C:\Windows\System\xPKKELe.exe
  2⤵
  PID:13468
- C:\Windows\System\OfOEaXC.exe
  C:\Windows\System\OfOEaXC.exe
  2⤵
  PID:13496
- C:\Windows\System\kDgOdxU.exe
  C:\Windows\System\kDgOdxU.exe
  2⤵
  PID:13524
- C:\Windows\System\fuLezMo.exe
  C:\Windows\System\fuLezMo.exe
  2⤵
  PID:13560
- C:\Windows\System\LuVeFWq.exe
  C:\Windows\System\LuVeFWq.exe
  2⤵
  PID:13592
- C:\Windows\System\JIydwpf.exe
  C:\Windows\System\JIydwpf.exe
  2⤵
  PID:13620
- C:\Windows\System\jsGwaMs.exe
  C:\Windows\System\jsGwaMs.exe
  2⤵
  PID:13648
- C:\Windows\System\hxpUgFu.exe
  C:\Windows\System\hxpUgFu.exe
  2⤵
  PID:13680
- C:\Windows\System\eaUGGXz.exe
  C:\Windows\System\eaUGGXz.exe
  2⤵
  PID:13696
- C:\Windows\System\OBOMdPO.exe
  C:\Windows\System\OBOMdPO.exe
  2⤵
  PID:13720
- C:\Windows\System\qKWmLYU.exe
  C:\Windows\System\qKWmLYU.exe
  2⤵
  PID:13752
- C:\Windows\System\fFVZXGH.exe
  C:\Windows\System\fFVZXGH.exe
  2⤵
  PID:13772
- C:\Windows\System\HpkEJkj.exe
  C:\Windows\System\HpkEJkj.exe
  2⤵
  PID:13804
- C:\Windows\System\KGVFObj.exe
  C:\Windows\System\KGVFObj.exe
  2⤵
  PID:13840
- C:\Windows\System\mtCejOM.exe
  C:\Windows\System\mtCejOM.exe
  2⤵
  PID:13872
- C:\Windows\System\DlAdfPX.exe
  C:\Windows\System\DlAdfPX.exe
  2⤵
  PID:13908
- C:\Windows\System\zdcdptx.exe
  C:\Windows\System\zdcdptx.exe
  2⤵
  PID:13932
- C:\Windows\System\AZJeNaT.exe
  C:\Windows\System\AZJeNaT.exe
  2⤵
  PID:13948
- C:\Windows\System\wEInyWy.exe
  C:\Windows\System\wEInyWy.exe
  2⤵
  PID:14048
- C:\Windows\System\rXIWxBK.exe
  C:\Windows\System\rXIWxBK.exe
  2⤵
  PID:14064
- C:\Windows\System\ODcKaPZ.exe
  C:\Windows\System\ODcKaPZ.exe
  2⤵
  PID:14092
- C:\Windows\System\jeXighQ.exe
  C:\Windows\System\jeXighQ.exe
  2⤵
  PID:14120
- C:\Windows\System\jPvvCMS.exe
  C:\Windows\System\jPvvCMS.exe
  2⤵
  PID:14144
- C:\Windows\System\BUeNpUX.exe
  C:\Windows\System\BUeNpUX.exe
  2⤵
  PID:14164
- C:\Windows\System\ZYHgKWv.exe
  C:\Windows\System\ZYHgKWv.exe
  2⤵
  PID:14180
- C:\Windows\System\XZFqYXz.exe
  C:\Windows\System\XZFqYXz.exe
  2⤵
  PID:14196
- C:\Windows\System\TYQdjvh.exe
  C:\Windows\System\TYQdjvh.exe
  2⤵
  PID:14232
- C:\Windows\System\LSWpUuo.exe
  C:\Windows\System\LSWpUuo.exe
  2⤵
  PID:14256
- C:\Windows\System\tKREVZL.exe
  C:\Windows\System\tKREVZL.exe
  2⤵
  PID:14292
- C:\Windows\System\AgSwxKv.exe
  C:\Windows\System\AgSwxKv.exe
  2⤵
  PID:14324
- C:\Windows\System\KUHOfdQ.exe
  C:\Windows\System\KUHOfdQ.exe
  2⤵
  PID:1232
- C:\Windows\System\ToQNigf.exe
  C:\Windows\System\ToQNigf.exe
  2⤵
  PID:13448
- C:\Windows\System\QVDonvL.exe
  C:\Windows\System\QVDonvL.exe
  2⤵
  PID:13480
- C:\Windows\System\GvnzdtH.exe
  C:\Windows\System\GvnzdtH.exe
  2⤵
  PID:13456
- C:\Windows\System\VqqFqsa.exe
  C:\Windows\System\VqqFqsa.exe
  2⤵
  PID:13536
- C:\Windows\System\KLLhvPo.exe
  C:\Windows\System\KLLhvPo.exe
  2⤵
  PID:13644
- C:\Windows\System\mpxQCjV.exe
  C:\Windows\System\mpxQCjV.exe
  2⤵
  PID:13708
- C:\Windows\System\meXgXzw.exe
  C:\Windows\System\meXgXzw.exe
  2⤵
  PID:13828
- C:\Windows\System\jcZizBz.exe
  C:\Windows\System\jcZizBz.exe
  2⤵
  PID:13816
- C:\Windows\System\tbmMskG.exe
  C:\Windows\System\tbmMskG.exe
  2⤵
  PID:13920
- C:\Windows\System\rQJLtfw.exe
  C:\Windows\System\rQJLtfw.exe
  2⤵
  PID:13972
- C:\Windows\System\fpSjdNQ.exe
  C:\Windows\System\fpSjdNQ.exe
  2⤵
  PID:14060
- C:\Windows\System\sCJKGeJ.exe
  C:\Windows\System\sCJKGeJ.exe
  2⤵
  PID:14104
- C:\Windows\System\KSZKdOM.exe
  C:\Windows\System\KSZKdOM.exe
  2⤵
  PID:14208

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BffULhp.exe

Filesize
2.2MB

MD5
38bfb8b0e74061f097e97e83c4e1c98a

SHA1
a4f41351e141ce785be8fc54851c80ccb3d36059

SHA256
1c5fd9d7491198ee5c7d0b0e00364c583a750d035a7936118bbfa4f8406e550c

SHA512
2b2249059cc24c7f41f34dc374b2cddef62b6c959868804b74921cb5c34ea9a2be924102bbf0a504e416b052f60929ae11d72f53907434ad489b0366076170b3

Download Submit
C:\Windows\System\CvEmZpY.exe

Filesize
2.2MB

MD5
4df194dafb7837ef28fa8a5397a6652b

SHA1
a6a91bdab7afb459c11194b43712477f59baf8e0

SHA256
156f5c843427a841cee7eb1fece0188d72abceb0ad6ebb0127243bb134f7aa32

SHA512
c455b5e5f8e5d480f0e3ab6bc439577ecf54dedf59feaf0784344eb777af15d613b28f7b4cc44c4d13c3be717c0a8cece83584dde414ef96dbb66cba58d98258

Download Submit
C:\Windows\System\DPCflDS.exe

Filesize
2.2MB

MD5
3dcadb2d8efa0885bbafb2fc29f02191

SHA1
e0275ce7acf11f143b9a45bee7361846329e3bf8

SHA256
34c54a5b78520dd1d5ab2b8a0d23e5837b03026a97ff37ea33d2a7939968a3ac

SHA512
dd5b153cf14e698285df77c9a67fdd1ac1ddef14dbb490de2bf20149dc27e3e498d619921ab4b9201bf92285d4af719f67f64ab66fc972fda7eaa21007e5a47c

Download Submit
C:\Windows\System\JElVKeI.exe

Filesize
2.2MB

MD5
29f910446dd3c72ca38eddc4753ddac5

SHA1
5e02fc0ab890725f4f95aae982b0b0108e5765bb

SHA256
46fe8e01d70c4f02a1cb337ec41a207f836061759d7918adde344a156cf35185

SHA512
b7b8a0de3beffbff8667add677686ca969eb586e91b53d332a5a2ece71c73a7314fc08f2f994dd73436ed8f0fdbf5195b631a40995314bd7d3499dc12f4ea97c

Download Submit
C:\Windows\System\KLjVAHb.exe

Filesize
2.2MB

MD5
9a263ee0711b59115c750e7ceb9715cf

SHA1
615034bc98371c97181673fc75e3f736d94e25d6

SHA256
25845cc681c7671d3f78e91cd0a7495a9a3b9878cf1eb1bedd2479dc4f786dbd

SHA512
3040aa8ebd5f992d02a181717fc712771492f266f188c619d5ed962db39bd4ef017fd26b12146c1ae1bebfcdbb7974f4144059b41a01d47cbe02aff7771bff16

Download Submit
C:\Windows\System\KwTPkXn.exe

Filesize
2.2MB

MD5
1f390bc7e0c3f8a64b10a3108947b0f9

SHA1
bfceaee11a7bfac818138b43d59fefdaf5601709

SHA256
5b49c04fcbbb4a22c6bba47ffe126d2d2922a516104abe8209e25b516be395ac

SHA512
b0dd2642876d80e338d64df59042c597813950620b2d136531390a335dd4a9b7b56acf09718200596da418544e10f7b1a3d59c481f9a9462346ad31a3cb828a6

Download Submit
C:\Windows\System\NFNVICR.exe

Filesize
2.2MB

MD5
d2449ec34215118c7f3a5b7bc81a8869

SHA1
ede838e5ce815eea4a14d1e9acdb0a2168381164

SHA256
62d10ba1a46cc4afd1bc9f7b2469748a71e94ed016d334eda38e7f823f4343dd

SHA512
40633df4233f7ab1087442d7f83eb4c3df4e9955936c05cee4e7a9d87bd93f0ae78838f0da9727aacf38cd874248dfd8761d5d876da63617e31c0b7c5ebf8089

Download Submit
C:\Windows\System\ONyGWZD.exe

Filesize
2.2MB

MD5
fad5f6663a1faad6cd3381edd8bf046f

SHA1
e7411db421fab69662e0d40560fffd1db571dd0f

SHA256
4914c719104e14c7b7b26a7a572fd02e5c4a53fd041837b0b62689664bf2ea02

SHA512
8fe102d4099ecd5187c43ae0adf7e0d2558e9913f2269e77fb212a4bc9afb10df232946437725af81e5c8dbfa0435450db1c716fd97d4ddf560111072be13d4a

Download Submit
C:\Windows\System\OpMRhTU.exe

Filesize
2.2MB

MD5
9babc215d3ed05d356466cb38fb7931d

SHA1
4df79b34b0c95d6ca48e300083b856f71b797c6f

SHA256
1a05bde9b46a1f1ec24df8a22e550d570973a80dc62789aa781546362607a1bb

SHA512
44a6894eddcc417ebaeee8be47c26e4eec518760956c67dc3a8c2912aca0600fbbd0f0acfe663b09ae9c4f4dfe73428cb7ec97a1c2201f40c7499ed6f955fba4

Download Submit
C:\Windows\System\PaDKAiW.exe

Filesize
2.2MB

MD5
b6c8c57a2c80441d92fdd1c803d5d682

SHA1
c3902bac1914adb816c9094f2857de1aa5449c5b

SHA256
7275d1e04e14048bd7721a3afe1eda2f0b80115206dc3563190a072351992878

SHA512
c97d5110985d5f7eba46eccb4dfda4437a76fc8195bc5f3e1984abf7420a648c2e30eae87827a060954b64ec25267fcbfeb9a3fd9dc4d5f0a2dd5d65f3376d9b

Download Submit
C:\Windows\System\TAiwlyJ.exe

Filesize
2.2MB

MD5
73ac6169d0d0d594a5da7638b996c891

SHA1
38afd6a96b0cd3b30b77bf3cce89d625f92017a0

SHA256
6e46e685295351a94b7874028aae684882fcf345c6793175afc34c9e65e117db

SHA512
3d240c806dec805e8f4b8cc8d57e0c27e8a3f9902164027c75678f5d51db3c92f73414ca28a0379cad277d5a3b569624ab53994860f48dfb3900896a7d18e093

Download Submit
C:\Windows\System\UNpBzRw.exe

Filesize
2.2MB

MD5
b3bb2437d4815f08c11088e2b9ffbe9d

SHA1
b037851da8943e3d3a9a6d6f0f3d22f1f4b669b0

SHA256
9443d18a6114fdaad320bdf197bb4aecb0de39cabf8a01c82c2da7fd90e27505

SHA512
518aa2debfed3902d342733f535aab0d65b3e637bfb80ddd6c635ac9cc98e5395baaa8dbcadd05518bc010b436e0f91c97d99ed9bff978846f29986e49b62296

Download Submit
C:\Windows\System\URKRsEX.exe

Filesize
2.2MB

MD5
9dfede0948d28162971f237a260bd4a3

SHA1
7c0dab14cc4ab3995e91c22fa6c2aa13b38bbcb9

SHA256
e7dcd557960b284c1355b00c773971f2a3247cee7b1bef3169062a48ac90372f

SHA512
c006bf3a3ddef3e862849a849b52966ae3b27583d2874a6fea4fbab8da2b7c9383efae622242ef637a8c9af6c9463c78313fcfc8d26912e2c739fa9136e88046

Download Submit
C:\Windows\System\UkdxvVo.exe

Filesize
2.2MB

MD5
d33ef774c1c3337634556f0cfb6c8dec

SHA1
f2ded7b3cbe079027e8987f876a3844c5f138c32

SHA256
3a1660264c3a2bba55dbfef4b23c5cb7653423a3e4331ec32a7999c6b21da3ab

SHA512
7778ac515c88fbea9f1ba501f1b8b81719679b3b6488cd6d26614d114ffa147aa2919aa0ab6cc1fe9d43af36a559f3418ca37333ac80f2eb1ea3b15080420b37

Download Submit
C:\Windows\System\XjyXKfH.exe

Filesize
2.2MB

MD5
454ab5113301911b154a3cc280300029

SHA1
3345939e4a1dfb7887ad7fb1f97a328055ec8f55

SHA256
6ad4aaea210f68cccdeef26191d00cd9a78f11d4aa34dd65a53b90d3a30d1e7b

SHA512
37ce821527912416a33ebbabbf28cc9363a85552a92ccfcfb1de16eb0c64e641b160326cf2b2dccd6ea0ece159e7ce6b130398abe0797b55e8306d2d3f8ab44a

Download Submit
C:\Windows\System\Yulyvuu.exe

Filesize
2.2MB

MD5
5b4e07d0d0ddc53a5654ae63d79ead02

SHA1
8475f0eb309ca97383bc1de2bfeaa1f6abbd351d

SHA256
c16c08a85d294e134cd955b7e4f83246e33e60325d69408f72335fd23d3593b9

SHA512
a160990e96d8b4be523cfbe3b7c1419b4c77739b456af7ff5ca52355f61edf1edab3251cf679b66229387d2c4fe55b8a54c41d1213e610d459bcaee9f5e72ab7

Download Submit
C:\Windows\System\ZIcLXXt.exe

Filesize
2.2MB

MD5
d2bb122451fd082979614a9fa1b694ba

SHA1
1d7bf851d9bbba7ae5536e368ee2e5c8a64a9539

SHA256
cd41670d08b893cc85ac5b34116fb47e125a4e3e90b55ef164bf1350af0d34be

SHA512
641c740103e8fa26e9e0fe4031a7fe08e2459b03d44640191a5bf070c1ffc0e022458150474897b3dd461db8782f16af4775bfbca1868885ffa64ed39f2f8ffa

Download Submit
C:\Windows\System\cGWNvRZ.exe

Filesize
2.2MB

MD5
4cc1cde13bc86c0925e51597fbc155f1

SHA1
c589e381238486fa0ed0d4a30c05b80418bd129d

SHA256
0211c297d947064ba25651c499bb89396f21ed00f3ea76fb21135e0ff339c52e

SHA512
d042e11323c6b5cbb1e8edc0a10098b67b27681c0622f81886116ace942aa16c79abdeee3305988addbdafd60f3d3fbef33dacb458b03639aa28da59e8d7c35d

Download Submit
C:\Windows\System\dIHIfHq.exe

Filesize
2.2MB

MD5
e16b9740cfee275acd3ea69109ccdee6

SHA1
be1526d601dcbc34e180b3bd15c4fddfa6ad06a8

SHA256
30d0e18638a3e6e5450c01eeac328159ffd128ff6bc7f76c295e48a2a2e51020

SHA512
29a5995380c1ec80bb937b9901e06c937bf9c723f516405383d73d1b9b7f78428b544134a3d7446d6b4d3312699176d079d7ae88a6162b9ce6e8b5aec91368b5

Download Submit
C:\Windows\System\ehfQOcE.exe

Filesize
2.2MB

MD5
0a7453393c1ba12f31d518b196d467a2

SHA1
66349e2861f054f54217e39f99dd5d91a8b12e5a

SHA256
e4e8a091f15e37277002d7a4903e537e18155929a4a3642ff3c99e836302b1ae

SHA512
377a0620d2b63aa8a7913d135783f7475e17e23f4249eeaace7225f64ecc86577e8059ac638ede58592e248c9ab76f23acd293dfbff4095f1b602bf2c83fdf01

Download Submit
C:\Windows\System\gdvSDzI.exe

Filesize
2.2MB

MD5
0964eb7c49c9869ad913e2fab5925713

SHA1
9f9b4053e2cd84c1986a66331eb245b3e1b369f9

SHA256
1a34946d1d8ff69f5736f630558eaeef3b85816d4a9d573d2f3682f5cdd46c64

SHA512
2e7080ea4f9a45b0d617ea5ac33ada8ec1a82f896be283f2aaa1cb5a9f73c437282538e77f70604174646a80e790e1a97d1b9f35d2f2d364d6db0e876383f34e

Download Submit
C:\Windows\System\kghYvof.exe

Filesize
2.2MB

MD5
252e0eb6c00aa827f6b7d5de47a341d7

SHA1
5abab32d1ef36247e750bf610c9c1491c562cb26

SHA256
9eda199f07e5e04bd205d00dfb526c67c87cb4d8e9ec8ab6c735b2d24c1aaee3

SHA512
003e0741c79f77a0e1848069f89091f28a4d0d69a08228b15bdac5432c973b829161b8b3b1eb175b7bd0a8b8b9acb89ddc297ba8b9c2fae7c47c3d06d15487de

Download Submit
C:\Windows\System\kjhnUWQ.exe

Filesize
2.2MB

MD5
4b4b7caaa299ae0eb755016d9523c8ad

SHA1
51f2889eaa041f99ceac166e2852bf0fe5464c9f

SHA256
379300816913e7677ac86eaeb55d0e9a42823a9b949e2975e7667519bb7c9875

SHA512
579f14d961c94b340e14a6df6b257e359b66de3a98f5e95d62e27d0bc7d8cd205bc07ab783a70da70df2761748b1e152d3b314abcc65346e431f58a3116eba9c

Download Submit
C:\Windows\System\mPvREiP.exe

Filesize
2.2MB

MD5
99e6111d34016c44ec8c33995bd9ae94

SHA1
2dd4cb53bbb289b1cff7f1cca4f4d6312c19d85d

SHA256
338d34bf21780ef76665939057fcf424b1e34b6286bc5f57f15dce8c79c9877e

SHA512
b073e527b790a63c9ad704a4ecf770aff13c174760b3cfa6a4fba8534f9290335f212d923349e3cf239b683287002ebded30d1efcbeb9867360694a5983455b0

Download Submit
C:\Windows\System\nJuzuDJ.exe

Filesize
2.2MB

MD5
56f9f4f19b89589da96e8f9b01ce8bb8

SHA1
48b623a9be576b658bdaf7a05c82c300423018e3

SHA256
07417d6933acb5c437d6c97b86af5b3ff4bc3366cc71dcd9a4005d74072e441c

SHA512
7ecd8e6e1ca1d32119920d07e6eb4cbe53d67ac46eb7258118c46ebe972dac11ab66dfec0372a7b21e800d4618d8f7424d418a27635762868f7d06307cf9117c

Download Submit
C:\Windows\System\nLsIpKB.exe

Filesize
2.2MB

MD5
546fc6a755e8df6e354b312c79f9e1f7

SHA1
c4250bb1a260073cee59556420f3f5256768e747

SHA256
742ff396add04479c2d1eb36823a5589d0f96c8c754cf6996802ce41f529c3a1

SHA512
af4189124313403e148ca5414cb6111a785a23f8a1c833919e0f25c3aeb60ec01f681bfe84bbda77f6ed08c8f5c10821547146879e5bed61a612193767f02644

Download Submit
C:\Windows\System\rCHbKou.exe

Filesize
2.2MB

MD5
9b4870c2b6bad8d7239eb7be67470fec

SHA1
125ac425622af0ef572bd0f08bfadd3302b1c8ea

SHA256
116c8cd45a2f889da82f669f01c6035ef69c9c59204aca72d942c5bf4bc3fa34

SHA512
f3644b0742127ede4807f2cd79f909ca8b569c9858d8b1a1220c57a62b34f234aef70377d40eadf704238dae9d3f919ca8cb9a49e6dab7e7aa156c2e0391d5ea

Download Submit
C:\Windows\System\rqXnvYV.exe

Filesize
2.2MB

MD5
3c9021ebc62447de78b40ec9b0b61d62

SHA1
c63ad266e0361f89c8a68e26ac21dc6c8126b979

SHA256
b954027297875bc820a1d2d05c8cc50b817816c5776106c1bf92235414381d16

SHA512
e3475548d86b399ac1571ae6f0ebdb9472851b5b0db14c0d78f11063c209f39d08ad5f33dc5cc7715e72cbcfc67e16d80da3aa073f2b45fa174b432ac40b5a02

Download Submit
C:\Windows\System\sHAWswG.exe

Filesize
2.2MB

MD5
8e899c35bb728fa59766030a8152f84a

SHA1
7acc704e2d757c2b6dc7b2edd113e160a52607fa

SHA256
9b6772f4d5906c4c151c8e7aa1adaf40f62ba4827c520e4079046f0499463889

SHA512
bd88b1620983d4c9bdfe825957a9b9f14c9fe4d6f01098732a192b6ad7115fa6d7fd8d721cca978eb1999ffe0f1075861884044e131048332454f6d9ec11f6af

Download Submit
C:\Windows\System\tXJwEpQ.exe

Filesize
2.2MB

MD5
7e36890aca37793de6ec5b58a0cb2bf2

SHA1
4f79f8ca950b593b2a9a7af21e34357a4c69ed22

SHA256
98ad9330a98d8fe7def532a2aa8f859f658596559d1ebb92f1b6953c01bf13be

SHA512
248c5ebe1175e70bcc395911ed578c45de6149fdf3c58ce11424bd1ce2975dbda6e456e67d11c37715290a2062886b8e8c5e25b6767e25600578490dc3233adc

Download Submit
C:\Windows\System\uvgVNUl.exe

Filesize
2.2MB

MD5
6d57c968ee3ae39fc51c9e3c5f962f44

SHA1
f378916c91b4f2ca0bda1ac3350d2b4595445383

SHA256
075b763d7b7408deab948bda20f43e50ac6222ead6988fb51b5dbcc27e0b39c3

SHA512
7e9e6bab0cb666cdd7ea97868af92e4cfed8ece9777aaf80db6d7ac96f8b6dba49d1d5e2039fdd740bf5d6e22b366c017a889f1a9ad4134ade4470435f6dcdf3

Download Submit
C:\Windows\System\yFdNBhK.exe

Filesize
2.2MB

MD5
0496d50af2983838b67e7cb501f97962

SHA1
9e6b3960f5e0e4fcdf17de8a323a3e396de5b222

SHA256
ab9e22adc6d27e479d13bb0c35d89f8d1727d5a17bcc5a0004f35aad298560ca

SHA512
f145693fad5d0d41ceb654befc66aa4072dd5f317d803155b43d627e2b21bfaf54673d54245e5a604f7ee9978251ff12eddbce742fada2b0d3d27feecfe61d7b

Download Submit
C:\Windows\System\zClDGrZ.exe

Filesize
2.2MB

MD5
7870c553044c00f6ea35d2e94f291e57

SHA1
91910cb3cdb4b3f3e3fd5790a637d0a012b14194

SHA256
9580c0645e1699812f4aa0f4a25f06d282df59e8aeba9587aff877c455ad52ad

SHA512
d968b503127cdc4e65be614f87d9420d1cf7789058786bc2d6cd6c1e78d55c0dec3d5a3fbe5ee8d59ddf3a47b4d2fd43afee751232725e014e8e0cf36ccf59d1

Download Submit
C:\Windows\System\zaRDziH.exe

Filesize
2.2MB

MD5
4736b2e108b77e4905f04867c4e21035

SHA1
adbcfffdddb162b1d74d0bc4128911b8a4ee081e

SHA256
36620355880531876b84e023c404c424ef6210595da6dedab4062bb7a6451897

SHA512
8aed24e15b32d8f3f02a44cbff17048b5ea9af25208f6d41678626a640d5d321a10b0c3bab9892646aeed9388257e73892ea3f9f502ea05c306c847adce2a52c

Download Submit
C:\Windows\System\zumAjAP.exe

Filesize
2.2MB

MD5
ea13624654827b42c4a3562e53688c8b

SHA1
fd347d9ff449d970db1dd9fb28ae29219efd0800

SHA256
861b169437e5c17aaab8a36689b46ae270dfd5d66cc9c2d4da4f344b9517e086

SHA512
e625dc1875cb8e9906e5fa50885c462fce135360f37c83a0df215a067a0ec9be6f159a250292605f8eca6f2fe4e5f993be27db4578ee5d3a12d40710bf1cfd4b

Download Submit
C:\Windows\System\zxnhIRC.exe

Filesize
2.2MB

MD5
10942726b8bc7cafe95870ca54b21ef7

SHA1
bf2ad421d41d6d15b1c1142bc01e14c98ed23a5e

SHA256
4be1ad4a75390a2e6a07722d21ba61b1581915eb2b0461830427850097961274

SHA512
a6e8b2394c71e2fb4c7495d8bfb8a4585f743f2d8a66b46654d909f9e4d07812da867f3a4f246c67995c3c704406ad7ed8c41771042d03b60c2985a294247bd1

Download Submit
memory/740-2118-0x00007FF6977D0000-0x00007FF697B24000-memory.dmp

Filesize
3.3MB

Download
memory/740-195-0x00007FF6977D0000-0x00007FF697B24000-memory.dmp

Filesize
3.3MB

Download
memory/768-2125-0x00007FF60EE50000-0x00007FF60F1A4000-memory.dmp

Filesize
3.3MB

Download
memory/768-197-0x00007FF60EE50000-0x00007FF60F1A4000-memory.dmp

Filesize
3.3MB

Download
memory/808-2126-0x00007FF63C3D0000-0x00007FF63C724000-memory.dmp

Filesize
3.3MB

Download
memory/808-31-0x00007FF63C3D0000-0x00007FF63C724000-memory.dmp

Filesize
3.3MB

Download
memory/808-2111-0x00007FF63C3D0000-0x00007FF63C724000-memory.dmp

Filesize
3.3MB

Download
memory/908-186-0x00007FF61AE10000-0x00007FF61B164000-memory.dmp

Filesize
3.3MB

Download
memory/908-2141-0x00007FF61AE10000-0x00007FF61B164000-memory.dmp

Filesize
3.3MB

Download
memory/984-36-0x00007FF749FB0000-0x00007FF74A304000-memory.dmp

Filesize
3.3MB

Download
memory/984-2112-0x00007FF749FB0000-0x00007FF74A304000-memory.dmp

Filesize
3.3MB

Download
memory/984-2124-0x00007FF749FB0000-0x00007FF74A304000-memory.dmp

Filesize
3.3MB

Download
memory/1128-191-0x00007FF6A4EF0000-0x00007FF6A5244000-memory.dmp

Filesize
3.3MB

Download
memory/1128-2137-0x00007FF6A4EF0000-0x00007FF6A5244000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2120-0x00007FF785870000-0x00007FF785BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-56-0x00007FF785870000-0x00007FF785BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2113-0x00007FF785870000-0x00007FF785BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2136-0x00007FF774580000-0x00007FF7748D4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-180-0x00007FF774580000-0x00007FF7748D4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-2121-0x00007FF688830000-0x00007FF688B84000-memory.dmp

Filesize
3.3MB

Download
memory/2000-198-0x00007FF688830000-0x00007FF688B84000-memory.dmp

Filesize
3.3MB

Download
memory/2036-185-0x00007FF6C7700000-0x00007FF6C7A54000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2134-0x00007FF6C7700000-0x00007FF6C7A54000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2142-0x00007FF7BCF50000-0x00007FF7BD2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-203-0x00007FF7BCF50000-0x00007FF7BD2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-2145-0x00007FF7EBA70000-0x00007FF7EBDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-194-0x00007FF7EBA70000-0x00007FF7EBDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2123-0x00007FF6ABEB0000-0x00007FF6AC204000-memory.dmp

Filesize
3.3MB

Download
memory/2604-196-0x00007FF6ABEB0000-0x00007FF6AC204000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2144-0x00007FF749FA0000-0x00007FF74A2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-199-0x00007FF749FA0000-0x00007FF74A2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2132-0x00007FF7878E0000-0x00007FF787C34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-200-0x00007FF7878E0000-0x00007FF787C34000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2119-0x00007FF7459C0000-0x00007FF745D14000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2114-0x00007FF7459C0000-0x00007FF745D14000-memory.dmp

Filesize
3.3MB

Download
memory/2964-64-0x00007FF7459C0000-0x00007FF745D14000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2116-0x00007FF7BB1B0000-0x00007FF7BB504000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2128-0x00007FF7BB1B0000-0x00007FF7BB504000-memory.dmp

Filesize
3.3MB

Download
memory/3180-125-0x00007FF7BB1B0000-0x00007FF7BB504000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2109-0x00007FF7C5D60000-0x00007FF7C60B4000-memory.dmp

Filesize
3.3MB

Download
memory/3276-1-0x00000188B6650000-0x00000188B6660000-memory.dmp

Filesize
64KB

Download
memory/3276-0-0x00007FF7C5D60000-0x00007FF7C60B4000-memory.dmp

Filesize
3.3MB

Download
memory/3288-2140-0x00007FF6B07C0000-0x00007FF6B0B14000-memory.dmp

Filesize
3.3MB

Download
memory/3288-174-0x00007FF6B07C0000-0x00007FF6B0B14000-memory.dmp

Filesize
3.3MB

Download
memory/3300-14-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-2117-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-2110-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2131-0x00007FF782130000-0x00007FF782484000-memory.dmp

Filesize
3.3MB

Download
memory/3508-108-0x00007FF782130000-0x00007FF782484000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2115-0x00007FF782130000-0x00007FF782484000-memory.dmp

Filesize
3.3MB

Download
memory/3620-193-0x00007FF79AF40000-0x00007FF79B294000-memory.dmp

Filesize
3.3MB

Download
memory/3620-2139-0x00007FF79AF40000-0x00007FF79B294000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2143-0x00007FF609D70000-0x00007FF60A0C4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-202-0x00007FF609D70000-0x00007FF60A0C4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-140-0x00007FF7E1960000-0x00007FF7E1CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-2129-0x00007FF7E1960000-0x00007FF7E1CB4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-2133-0x00007FF6FB790000-0x00007FF6FBAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-190-0x00007FF6FB790000-0x00007FF6FBAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-84-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2122-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp

Filesize
3.3MB

Download
memory/4556-2127-0x00007FF604D60000-0x00007FF6050B4000-memory.dmp

Filesize
3.3MB

Download
memory/4556-173-0x00007FF604D60000-0x00007FF6050B4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-192-0x00007FF73BB70000-0x00007FF73BEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2138-0x00007FF73BB70000-0x00007FF73BEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-2135-0x00007FF646AF0000-0x00007FF646E44000-memory.dmp

Filesize
3.3MB

Download
memory/4824-201-0x00007FF646AF0000-0x00007FF646E44000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2130-0x00007FF6DF070000-0x00007FF6DF3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4940-126-0x00007FF6DF070000-0x00007FF6DF3C4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads