xmrig | fc6d71369548cd233c48d475c39e051d4bd864273cb3f5897a5e7d1162556d7e

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
Size

2.2MB
MD5

822f3d49acc6d785ea6b811f378600b0
SHA1

905e697c0c07e729461e3430bd67a55c226cee43
SHA256

fc6d71369548cd233c48d475c39e051d4bd864273cb3f5897a5e7d1162556d7e
SHA512

df6e6b5462cedb17b4b80eee94cca915a1ce46ea6fb38e7366fe8d04a02a7c1c2dae033bdb9df6e5f2f03b8b5a52698448ef94377885da0686710bad14a98133
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQwNU6ff91f2T9W:oemTLkNdfE0pZrQu

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2524-0-0x00007FF616380000-0x00007FF6166D4000-memory.dmp	xmrig
behavioral2/memory/2488-11-0x00007FF7EC970000-0x00007FF7ECCC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023569-10.dat	xmrig
behavioral2/files/0x0008000000023568-18.dat	xmrig
behavioral2/files/0x000f0000000234de-16.dat	xmrig
behavioral2/files/0x000700000002356a-27.dat	xmrig
behavioral2/files/0x000700000002356e-39.dat	xmrig
behavioral2/files/0x0007000000023572-64.dat	xmrig
behavioral2/memory/4040-63-0x00007FF675E80000-0x00007FF6761D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002357b-101.dat	xmrig
behavioral2/files/0x000700000002357e-129.dat	xmrig
behavioral2/files/0x0007000000023583-155.dat	xmrig
behavioral2/files/0x0007000000023580-189.dat	xmrig
behavioral2/memory/1552-199-0x00007FF6CA380000-0x00007FF6CA6D4000-memory.dmp	xmrig
behavioral2/memory/4532-204-0x00007FF6E7200000-0x00007FF6E7554000-memory.dmp	xmrig
behavioral2/memory/432-208-0x00007FF6F9DF0000-0x00007FF6FA144000-memory.dmp	xmrig
behavioral2/memory/3608-207-0x00007FF6A0650000-0x00007FF6A09A4000-memory.dmp	xmrig
behavioral2/memory/3700-206-0x00007FF7CA890000-0x00007FF7CABE4000-memory.dmp	xmrig
behavioral2/memory/2156-205-0x00007FF60BC80000-0x00007FF60BFD4000-memory.dmp	xmrig
behavioral2/memory/796-203-0x00007FF7C4500000-0x00007FF7C4854000-memory.dmp	xmrig
behavioral2/memory/3268-202-0x00007FF6FCB20000-0x00007FF6FCE74000-memory.dmp	xmrig
behavioral2/memory/1272-201-0x00007FF692830000-0x00007FF692B84000-memory.dmp	xmrig
behavioral2/memory/1112-200-0x00007FF71F440000-0x00007FF71F794000-memory.dmp	xmrig
behavioral2/memory/880-198-0x00007FF7ED790000-0x00007FF7EDAE4000-memory.dmp	xmrig
behavioral2/memory/1528-197-0x00007FF7509E0000-0x00007FF750D34000-memory.dmp	xmrig
behavioral2/memory/2632-196-0x00007FF720730000-0x00007FF720A84000-memory.dmp	xmrig
behavioral2/memory/4784-195-0x00007FF68A300000-0x00007FF68A654000-memory.dmp	xmrig
behavioral2/memory/980-194-0x00007FF743830000-0x00007FF743B84000-memory.dmp	xmrig
behavioral2/files/0x000700000002357c-193.dat	xmrig
behavioral2/files/0x000700000002358c-192.dat	xmrig
behavioral2/files/0x0007000000023581-190.dat	xmrig
behavioral2/files/0x000700000002357f-187.dat	xmrig
behavioral2/files/0x000700000002358b-186.dat	xmrig
behavioral2/memory/1804-181-0x00007FF7ABF90000-0x00007FF7AC2E4000-memory.dmp	xmrig
behavioral2/memory/5084-178-0x00007FF72C100000-0x00007FF72C454000-memory.dmp	xmrig
behavioral2/files/0x000700000002358a-177.dat	xmrig
behavioral2/files/0x0007000000023589-174.dat	xmrig
behavioral2/files/0x0007000000023588-171.dat	xmrig
behavioral2/files/0x0007000000023587-166.dat	xmrig
behavioral2/files/0x0007000000023586-163.dat	xmrig
behavioral2/files/0x0007000000023585-160.dat	xmrig
behavioral2/files/0x000700000002357d-159.dat	xmrig
behavioral2/memory/4944-150-0x00007FF7A6C90000-0x00007FF7A6FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023582-144.dat	xmrig
behavioral2/files/0x0007000000023584-156.dat	xmrig
behavioral2/files/0x000700000002357a-128.dat	xmrig
behavioral2/memory/4352-125-0x00007FF6BC9F0000-0x00007FF6BCD44000-memory.dmp	xmrig
behavioral2/memory/2992-116-0x00007FF692F30000-0x00007FF693284000-memory.dmp	xmrig
behavioral2/files/0x0007000000023579-112.dat	xmrig
behavioral2/files/0x0007000000023578-108.dat	xmrig
behavioral2/files/0x0007000000023575-106.dat	xmrig
behavioral2/files/0x0007000000023574-104.dat	xmrig
behavioral2/files/0x0007000000023577-103.dat	xmrig
behavioral2/memory/1708-102-0x00007FF70E080000-0x00007FF70E3D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023573-99.dat	xmrig
behavioral2/files/0x0007000000023576-94.dat	xmrig
behavioral2/memory/1884-84-0x00007FF695D50000-0x00007FF6960A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023571-83.dat	xmrig
behavioral2/files/0x000700000002356f-72.dat	xmrig
behavioral2/files/0x000700000002356d-67.dat	xmrig
behavioral2/files/0x0007000000023570-59.dat	xmrig
behavioral2/memory/2920-56-0x00007FF6B11D0000-0x00007FF6B1524000-memory.dmp	xmrig
behavioral2/files/0x000700000002356b-50.dat	xmrig
behavioral2/memory/2444-44-0x00007FF7C1EC0000-0x00007FF7C2214000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2488	YUekxrn.exe
4368	RkfFtEn.exe
2920	aJAUdcn.exe
4868	embBrKD.exe
4040	lTbDBbs.exe
436	XGQeQXo.exe
1884	AuZCRjL.exe
2444	zSlEHge.exe
796	MSHTaFx.exe
1708	xMtaNdh.exe
2992	MHANobi.exe
4532	tCOauep.exe
4352	rVoUOEx.exe
4944	WULGuXv.exe
2156	dRezSkA.exe
3700	zBUeyaZ.exe
5084	gskpEUw.exe
1804	eKmhzZO.exe
980	tyafZXQ.exe
4784	zpktFfK.exe
2632	ffoTcTO.exe
3608	tEFAXUI.exe
1528	ozTZoGR.exe
880	qnJMxWQ.exe
1552	UzDEAfe.exe
1112	EkoqjMR.exe
1272	ISYiRVf.exe
432	VkRPECJ.exe
3268	utdvUFB.exe
3100	CyHtCfW.exe
3168	QbYBHAJ.exe
656	lQCIaTh.exe
2748	fzuCavt.exe
4804	cCFjLps.exe
1192	WFyJmwG.exe
2948	rrIvZxC.exe
4572	eZuqUpv.exe
2752	iuhgBpw.exe
3016	poYylSi.exe
1900	lBrGFaM.exe
2460	vDDqiSU.exe
496	nOHiUkq.exe
2128	WUoLkcQ.exe
3872	rkXONFp.exe
2260	vpKwBts.exe
2700	ZdHvjhJ.exe
3112	HamRiKN.exe
2584	GMuAoJG.exe
4024	WHmjiiW.exe
1540	nUqaKTA.exe
692	ltVDxBn.exe
4772	ctJTLzJ.exe
5024	ZqqgPir.exe
4900	ECpGmuM.exe
4524	mWUpvPe.exe
5028	unWwzwi.exe
4620	Lmqmgdo.exe
5000	jEHVxMN.exe
4516	eDzLtkn.exe
4888	oZJUIyr.exe
3928	EdHWEAr.exe
884	DNOAzAY.exe
4344	AXyYQOx.exe
4752	ZjqHiws.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2524-0-0x00007FF616380000-0x00007FF6166D4000-memory.dmp	upx
behavioral2/memory/2488-11-0x00007FF7EC970000-0x00007FF7ECCC4000-memory.dmp	upx
behavioral2/files/0x0007000000023569-10.dat	upx
behavioral2/files/0x0008000000023568-18.dat	upx
behavioral2/files/0x000f0000000234de-16.dat	upx
behavioral2/files/0x000700000002356a-27.dat	upx
behavioral2/files/0x000700000002356e-39.dat	upx
behavioral2/files/0x0007000000023572-64.dat	upx
behavioral2/memory/4040-63-0x00007FF675E80000-0x00007FF6761D4000-memory.dmp	upx
behavioral2/files/0x000700000002357b-101.dat	upx
behavioral2/files/0x000700000002357e-129.dat	upx
behavioral2/files/0x0007000000023583-155.dat	upx
behavioral2/files/0x0007000000023580-189.dat	upx
behavioral2/memory/1552-199-0x00007FF6CA380000-0x00007FF6CA6D4000-memory.dmp	upx
behavioral2/memory/4532-204-0x00007FF6E7200000-0x00007FF6E7554000-memory.dmp	upx
behavioral2/memory/432-208-0x00007FF6F9DF0000-0x00007FF6FA144000-memory.dmp	upx
behavioral2/memory/3608-207-0x00007FF6A0650000-0x00007FF6A09A4000-memory.dmp	upx
behavioral2/memory/3700-206-0x00007FF7CA890000-0x00007FF7CABE4000-memory.dmp	upx
behavioral2/memory/2156-205-0x00007FF60BC80000-0x00007FF60BFD4000-memory.dmp	upx
behavioral2/memory/796-203-0x00007FF7C4500000-0x00007FF7C4854000-memory.dmp	upx
behavioral2/memory/3268-202-0x00007FF6FCB20000-0x00007FF6FCE74000-memory.dmp	upx
behavioral2/memory/1272-201-0x00007FF692830000-0x00007FF692B84000-memory.dmp	upx
behavioral2/memory/1112-200-0x00007FF71F440000-0x00007FF71F794000-memory.dmp	upx
behavioral2/memory/880-198-0x00007FF7ED790000-0x00007FF7EDAE4000-memory.dmp	upx
behavioral2/memory/1528-197-0x00007FF7509E0000-0x00007FF750D34000-memory.dmp	upx
behavioral2/memory/2632-196-0x00007FF720730000-0x00007FF720A84000-memory.dmp	upx
behavioral2/memory/4784-195-0x00007FF68A300000-0x00007FF68A654000-memory.dmp	upx
behavioral2/memory/980-194-0x00007FF743830000-0x00007FF743B84000-memory.dmp	upx
behavioral2/files/0x000700000002357c-193.dat	upx
behavioral2/files/0x000700000002358c-192.dat	upx
behavioral2/files/0x0007000000023581-190.dat	upx
behavioral2/files/0x000700000002357f-187.dat	upx
behavioral2/files/0x000700000002358b-186.dat	upx
behavioral2/memory/1804-181-0x00007FF7ABF90000-0x00007FF7AC2E4000-memory.dmp	upx
behavioral2/memory/5084-178-0x00007FF72C100000-0x00007FF72C454000-memory.dmp	upx
behavioral2/files/0x000700000002358a-177.dat	upx
behavioral2/files/0x0007000000023589-174.dat	upx
behavioral2/files/0x0007000000023588-171.dat	upx
behavioral2/files/0x0007000000023587-166.dat	upx
behavioral2/files/0x0007000000023586-163.dat	upx
behavioral2/files/0x0007000000023585-160.dat	upx
behavioral2/files/0x000700000002357d-159.dat	upx
behavioral2/memory/4944-150-0x00007FF7A6C90000-0x00007FF7A6FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023582-144.dat	upx
behavioral2/files/0x0007000000023584-156.dat	upx
behavioral2/files/0x000700000002357a-128.dat	upx
behavioral2/memory/4352-125-0x00007FF6BC9F0000-0x00007FF6BCD44000-memory.dmp	upx
behavioral2/memory/2992-116-0x00007FF692F30000-0x00007FF693284000-memory.dmp	upx
behavioral2/files/0x0007000000023579-112.dat	upx
behavioral2/files/0x0007000000023578-108.dat	upx
behavioral2/files/0x0007000000023575-106.dat	upx
behavioral2/files/0x0007000000023574-104.dat	upx
behavioral2/files/0x0007000000023577-103.dat	upx
behavioral2/memory/1708-102-0x00007FF70E080000-0x00007FF70E3D4000-memory.dmp	upx
behavioral2/files/0x0007000000023573-99.dat	upx
behavioral2/files/0x0007000000023576-94.dat	upx
behavioral2/memory/1884-84-0x00007FF695D50000-0x00007FF6960A4000-memory.dmp	upx
behavioral2/files/0x0007000000023571-83.dat	upx
behavioral2/files/0x000700000002356f-72.dat	upx
behavioral2/files/0x000700000002356d-67.dat	upx
behavioral2/files/0x0007000000023570-59.dat	upx
behavioral2/memory/2920-56-0x00007FF6B11D0000-0x00007FF6B1524000-memory.dmp	upx
behavioral2/files/0x000700000002356b-50.dat	upx
behavioral2/memory/2444-44-0x00007FF7C1EC0000-0x00007FF7C2214000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AuZCRjL.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\kJiLJxW.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\fDstRms.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\acBucfo.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\qNtSprl.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\MSHTaFx.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\YesmakV.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\WGIVPYm.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\DPKWHYs.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\tYkJAKf.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\zWVhvtG.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\fLniNsu.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\VxfgAzK.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\ISYiRVf.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\qhUyISg.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\ytpjvSr.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\AuqPqAJ.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\GfyfVyh.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\fbIlrIS.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\uJFFnAO.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\XRlRDsS.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\sqlakAb.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\bkltVks.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\zfdSKgG.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\kPvFKzL.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\KdFyyLB.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\IUpnfGw.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\ozTZoGR.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\vDDqiSU.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\MLqlCos.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\HeriqUy.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\bDCtSZB.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\AwCFuer.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\pIuplOH.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\SIUsYNO.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\ZILDwhU.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\mZlrWmO.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\kWcBXRZ.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\cbCLiiC.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\PeGbCRZ.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\JqWqoUU.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\mvIaWOC.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\PXAoxYg.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\ykKMXqY.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\gSQaDab.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\PUfYtbu.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\QumoTXh.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\CAVxGeH.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\EQkssBi.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\VsCRrpL.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\embBrKD.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\tyafZXQ.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\wUFHVQS.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\sOoyIjr.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\kSqMsTm.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\vctsTCT.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\tEFAXUI.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\TdCOylN.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\xgXAgKl.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\nVKisfj.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\ceKzmxE.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\xDdeuuf.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\wKFbnTQ.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
File created	C:\Windows\System\HamRiKN.exe	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	640	dwm.exe
Token: SeChangeNotifyPrivilege	640	dwm.exe
Token: 33	640	dwm.exe
Token: SeIncBasePriorityPrivilege	640	dwm.exe
Token: SeShutdownPrivilege	640	dwm.exe
Token: SeCreatePagefilePrivilege	640	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2488	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	82
PID 2524 wrote to memory of 2488	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	82
PID 2524 wrote to memory of 2920	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	83
PID 2524 wrote to memory of 2920	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	83
PID 2524 wrote to memory of 4368	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	84
PID 2524 wrote to memory of 4368	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	84
PID 2524 wrote to memory of 4868	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	85
PID 2524 wrote to memory of 4868	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	85
PID 2524 wrote to memory of 436	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	86
PID 2524 wrote to memory of 436	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	86
PID 2524 wrote to memory of 4040	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	87
PID 2524 wrote to memory of 4040	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	87
PID 2524 wrote to memory of 1884	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	88
PID 2524 wrote to memory of 1884	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	88
PID 2524 wrote to memory of 2444	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	89
PID 2524 wrote to memory of 2444	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	89
PID 2524 wrote to memory of 796	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	90
PID 2524 wrote to memory of 796	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	90
PID 2524 wrote to memory of 1708	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	91
PID 2524 wrote to memory of 1708	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	91
PID 2524 wrote to memory of 2992	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	92
PID 2524 wrote to memory of 2992	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	92
PID 2524 wrote to memory of 4532	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	93
PID 2524 wrote to memory of 4532	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	93
PID 2524 wrote to memory of 4352	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	94
PID 2524 wrote to memory of 4352	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	94
PID 2524 wrote to memory of 4944	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	95
PID 2524 wrote to memory of 4944	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	95
PID 2524 wrote to memory of 5084	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	96
PID 2524 wrote to memory of 5084	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	96
PID 2524 wrote to memory of 2156	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	97
PID 2524 wrote to memory of 2156	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	97
PID 2524 wrote to memory of 3700	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	98
PID 2524 wrote to memory of 3700	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	98
PID 2524 wrote to memory of 1804	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	99
PID 2524 wrote to memory of 1804	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	99
PID 2524 wrote to memory of 980	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	100
PID 2524 wrote to memory of 980	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	100
PID 2524 wrote to memory of 4784	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	101
PID 2524 wrote to memory of 4784	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	101
PID 2524 wrote to memory of 2632	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	102
PID 2524 wrote to memory of 2632	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	102
PID 2524 wrote to memory of 1112	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	103
PID 2524 wrote to memory of 1112	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	103
PID 2524 wrote to memory of 3100	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	104
PID 2524 wrote to memory of 3100	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	104
PID 2524 wrote to memory of 3608	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	105
PID 2524 wrote to memory of 3608	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	105
PID 2524 wrote to memory of 1528	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	106
PID 2524 wrote to memory of 1528	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	106
PID 2524 wrote to memory of 880	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	107
PID 2524 wrote to memory of 880	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	107
PID 2524 wrote to memory of 1552	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	108
PID 2524 wrote to memory of 1552	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	108
PID 2524 wrote to memory of 1272	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	109
PID 2524 wrote to memory of 1272	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	109
PID 2524 wrote to memory of 432	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	110
PID 2524 wrote to memory of 432	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	110
PID 2524 wrote to memory of 3268	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	111
PID 2524 wrote to memory of 3268	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	111
PID 2524 wrote to memory of 3168	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	112
PID 2524 wrote to memory of 3168	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	112
PID 2524 wrote to memory of 656	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	113
PID 2524 wrote to memory of 656	2524	822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\822f3d49acc6d785ea6b811f378600b0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\System\YUekxrn.exe
  C:\Windows\System\YUekxrn.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\aJAUdcn.exe
  C:\Windows\System\aJAUdcn.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\RkfFtEn.exe
  C:\Windows\System\RkfFtEn.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\embBrKD.exe
  C:\Windows\System\embBrKD.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\XGQeQXo.exe
  C:\Windows\System\XGQeQXo.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\lTbDBbs.exe
  C:\Windows\System\lTbDBbs.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\AuZCRjL.exe
  C:\Windows\System\AuZCRjL.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\zSlEHge.exe
  C:\Windows\System\zSlEHge.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\MSHTaFx.exe
  C:\Windows\System\MSHTaFx.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\xMtaNdh.exe
  C:\Windows\System\xMtaNdh.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\MHANobi.exe
  C:\Windows\System\MHANobi.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\tCOauep.exe
  C:\Windows\System\tCOauep.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\rVoUOEx.exe
  C:\Windows\System\rVoUOEx.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\WULGuXv.exe
  C:\Windows\System\WULGuXv.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\gskpEUw.exe
  C:\Windows\System\gskpEUw.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\dRezSkA.exe
  C:\Windows\System\dRezSkA.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zBUeyaZ.exe
  C:\Windows\System\zBUeyaZ.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\eKmhzZO.exe
  C:\Windows\System\eKmhzZO.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\tyafZXQ.exe
  C:\Windows\System\tyafZXQ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\zpktFfK.exe
  C:\Windows\System\zpktFfK.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\ffoTcTO.exe
  C:\Windows\System\ffoTcTO.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\EkoqjMR.exe
  C:\Windows\System\EkoqjMR.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\CyHtCfW.exe
  C:\Windows\System\CyHtCfW.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\tEFAXUI.exe
  C:\Windows\System\tEFAXUI.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\ozTZoGR.exe
  C:\Windows\System\ozTZoGR.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\qnJMxWQ.exe
  C:\Windows\System\qnJMxWQ.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\UzDEAfe.exe
  C:\Windows\System\UzDEAfe.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\ISYiRVf.exe
  C:\Windows\System\ISYiRVf.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\VkRPECJ.exe
  C:\Windows\System\VkRPECJ.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\utdvUFB.exe
  C:\Windows\System\utdvUFB.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\QbYBHAJ.exe
  C:\Windows\System\QbYBHAJ.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\lQCIaTh.exe
  C:\Windows\System\lQCIaTh.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\fzuCavt.exe
  C:\Windows\System\fzuCavt.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\cCFjLps.exe
  C:\Windows\System\cCFjLps.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\WFyJmwG.exe
  C:\Windows\System\WFyJmwG.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\rrIvZxC.exe
  C:\Windows\System\rrIvZxC.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\eZuqUpv.exe
  C:\Windows\System\eZuqUpv.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\iuhgBpw.exe
  C:\Windows\System\iuhgBpw.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\poYylSi.exe
  C:\Windows\System\poYylSi.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\lBrGFaM.exe
  C:\Windows\System\lBrGFaM.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\vDDqiSU.exe
  C:\Windows\System\vDDqiSU.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\nOHiUkq.exe
  C:\Windows\System\nOHiUkq.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\WUoLkcQ.exe
  C:\Windows\System\WUoLkcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\rkXONFp.exe
  C:\Windows\System\rkXONFp.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\vpKwBts.exe
  C:\Windows\System\vpKwBts.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\ZdHvjhJ.exe
  C:\Windows\System\ZdHvjhJ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\HamRiKN.exe
  C:\Windows\System\HamRiKN.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\GMuAoJG.exe
  C:\Windows\System\GMuAoJG.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\WHmjiiW.exe
  C:\Windows\System\WHmjiiW.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\nUqaKTA.exe
  C:\Windows\System\nUqaKTA.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\ltVDxBn.exe
  C:\Windows\System\ltVDxBn.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ctJTLzJ.exe
  C:\Windows\System\ctJTLzJ.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\ZqqgPir.exe
  C:\Windows\System\ZqqgPir.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\ECpGmuM.exe
  C:\Windows\System\ECpGmuM.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\mWUpvPe.exe
  C:\Windows\System\mWUpvPe.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\unWwzwi.exe
  C:\Windows\System\unWwzwi.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\Lmqmgdo.exe
  C:\Windows\System\Lmqmgdo.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\jEHVxMN.exe
  C:\Windows\System\jEHVxMN.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\eDzLtkn.exe
  C:\Windows\System\eDzLtkn.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\oZJUIyr.exe
  C:\Windows\System\oZJUIyr.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\EdHWEAr.exe
  C:\Windows\System\EdHWEAr.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\DNOAzAY.exe
  C:\Windows\System\DNOAzAY.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\AXyYQOx.exe
  C:\Windows\System\AXyYQOx.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\ZjqHiws.exe
  C:\Windows\System\ZjqHiws.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\vCoYRcu.exe
  C:\Windows\System\vCoYRcu.exe
  2⤵
  PID:556
- C:\Windows\System\slGXsWW.exe
  C:\Windows\System\slGXsWW.exe
  2⤵
  PID:1228
- C:\Windows\System\JYBLaQx.exe
  C:\Windows\System\JYBLaQx.exe
  2⤵
  PID:724
- C:\Windows\System\tzPFaVw.exe
  C:\Windows\System\tzPFaVw.exe
  2⤵
  PID:3676
- C:\Windows\System\ekByCet.exe
  C:\Windows\System\ekByCet.exe
  2⤵
  PID:1572
- C:\Windows\System\ovFsokm.exe
  C:\Windows\System\ovFsokm.exe
  2⤵
  PID:464
- C:\Windows\System\zndRrOf.exe
  C:\Windows\System\zndRrOf.exe
  2⤵
  PID:1260
- C:\Windows\System\fzeYAXl.exe
  C:\Windows\System\fzeYAXl.exe
  2⤵
  PID:3688
- C:\Windows\System\ARrWWdz.exe
  C:\Windows\System\ARrWWdz.exe
  2⤵
  PID:4840
- C:\Windows\System\MLqlCos.exe
  C:\Windows\System\MLqlCos.exe
  2⤵
  PID:4464
- C:\Windows\System\dOLFaXt.exe
  C:\Windows\System\dOLFaXt.exe
  2⤵
  PID:524
- C:\Windows\System\HXbFmgO.exe
  C:\Windows\System\HXbFmgO.exe
  2⤵
  PID:3728
- C:\Windows\System\CksqKmf.exe
  C:\Windows\System\CksqKmf.exe
  2⤵
  PID:4940
- C:\Windows\System\qJfxQCj.exe
  C:\Windows\System\qJfxQCj.exe
  2⤵
  PID:4552
- C:\Windows\System\LJaqsLg.exe
  C:\Windows\System\LJaqsLg.exe
  2⤵
  PID:4312
- C:\Windows\System\GLeXJKm.exe
  C:\Windows\System\GLeXJKm.exe
  2⤵
  PID:4396
- C:\Windows\System\cPlyRCQ.exe
  C:\Windows\System\cPlyRCQ.exe
  2⤵
  PID:2304
- C:\Windows\System\jBbnyoP.exe
  C:\Windows\System\jBbnyoP.exe
  2⤵
  PID:552
- C:\Windows\System\WfaWICk.exe
  C:\Windows\System\WfaWICk.exe
  2⤵
  PID:4208
- C:\Windows\System\GfyfVyh.exe
  C:\Windows\System\GfyfVyh.exe
  2⤵
  PID:2860
- C:\Windows\System\LTRdteY.exe
  C:\Windows\System\LTRdteY.exe
  2⤵
  PID:1320
- C:\Windows\System\xYvDlzP.exe
  C:\Windows\System\xYvDlzP.exe
  2⤵
  PID:3844
- C:\Windows\System\gXMdstT.exe
  C:\Windows\System\gXMdstT.exe
  2⤵
  PID:1384
- C:\Windows\System\NcDbwdY.exe
  C:\Windows\System\NcDbwdY.exe
  2⤵
  PID:560
- C:\Windows\System\wkMKcJQ.exe
  C:\Windows\System\wkMKcJQ.exe
  2⤵
  PID:3144
- C:\Windows\System\xCbnXaF.exe
  C:\Windows\System\xCbnXaF.exe
  2⤵
  PID:4432
- C:\Windows\System\Glfwmpe.exe
  C:\Windows\System\Glfwmpe.exe
  2⤵
  PID:3224
- C:\Windows\System\exiiyOu.exe
  C:\Windows\System\exiiyOu.exe
  2⤵
  PID:3240
- C:\Windows\System\UVvklEr.exe
  C:\Windows\System\UVvklEr.exe
  2⤵
  PID:4924
- C:\Windows\System\xniUXze.exe
  C:\Windows\System\xniUXze.exe
  2⤵
  PID:928
- C:\Windows\System\KbKWDKV.exe
  C:\Windows\System\KbKWDKV.exe
  2⤵
  PID:3732
- C:\Windows\System\brVOIMW.exe
  C:\Windows\System\brVOIMW.exe
  2⤵
  PID:4860
- C:\Windows\System\YbRZiLT.exe
  C:\Windows\System\YbRZiLT.exe
  2⤵
  PID:4452
- C:\Windows\System\zFimLrc.exe
  C:\Windows\System\zFimLrc.exe
  2⤵
  PID:2256
- C:\Windows\System\SErSVFE.exe
  C:\Windows\System\SErSVFE.exe
  2⤵
  PID:5080
- C:\Windows\System\EKChgLh.exe
  C:\Windows\System\EKChgLh.exe
  2⤵
  PID:4508
- C:\Windows\System\SQczlOj.exe
  C:\Windows\System\SQczlOj.exe
  2⤵
  PID:2724
- C:\Windows\System\wHpPBFI.exe
  C:\Windows\System\wHpPBFI.exe
  2⤵
  PID:760
- C:\Windows\System\NwsaGuy.exe
  C:\Windows\System\NwsaGuy.exe
  2⤵
  PID:3280
- C:\Windows\System\mJTawej.exe
  C:\Windows\System\mJTawej.exe
  2⤵
  PID:5136
- C:\Windows\System\wjHmxvb.exe
  C:\Windows\System\wjHmxvb.exe
  2⤵
  PID:5164
- C:\Windows\System\IWQylce.exe
  C:\Windows\System\IWQylce.exe
  2⤵
  PID:5192
- C:\Windows\System\KQQABGF.exe
  C:\Windows\System\KQQABGF.exe
  2⤵
  PID:5232
- C:\Windows\System\HNDOYPP.exe
  C:\Windows\System\HNDOYPP.exe
  2⤵
  PID:5252
- C:\Windows\System\nQaOPbp.exe
  C:\Windows\System\nQaOPbp.exe
  2⤵
  PID:5284
- C:\Windows\System\VBzvMuO.exe
  C:\Windows\System\VBzvMuO.exe
  2⤵
  PID:5312
- C:\Windows\System\BUKgrgB.exe
  C:\Windows\System\BUKgrgB.exe
  2⤵
  PID:5344
- C:\Windows\System\dPquucG.exe
  C:\Windows\System\dPquucG.exe
  2⤵
  PID:5380
- C:\Windows\System\ybGNNlQ.exe
  C:\Windows\System\ybGNNlQ.exe
  2⤵
  PID:5440
- C:\Windows\System\gVeAjyY.exe
  C:\Windows\System\gVeAjyY.exe
  2⤵
  PID:5464
- C:\Windows\System\bkltVks.exe
  C:\Windows\System\bkltVks.exe
  2⤵
  PID:5496
- C:\Windows\System\jqYIgVD.exe
  C:\Windows\System\jqYIgVD.exe
  2⤵
  PID:5516
- C:\Windows\System\gKUQjfK.exe
  C:\Windows\System\gKUQjfK.exe
  2⤵
  PID:5548
- C:\Windows\System\ZUhGZBl.exe
  C:\Windows\System\ZUhGZBl.exe
  2⤵
  PID:5580
- C:\Windows\System\BAJVUGg.exe
  C:\Windows\System\BAJVUGg.exe
  2⤵
  PID:5596
- C:\Windows\System\eSCjBdV.exe
  C:\Windows\System\eSCjBdV.exe
  2⤵
  PID:5632
- C:\Windows\System\ZbgkayY.exe
  C:\Windows\System\ZbgkayY.exe
  2⤵
  PID:5656
- C:\Windows\System\IklNvnb.exe
  C:\Windows\System\IklNvnb.exe
  2⤵
  PID:5680
- C:\Windows\System\WGIVPYm.exe
  C:\Windows\System\WGIVPYm.exe
  2⤵
  PID:5708
- C:\Windows\System\rkWITEy.exe
  C:\Windows\System\rkWITEy.exe
  2⤵
  PID:5740
- C:\Windows\System\vVjSGvh.exe
  C:\Windows\System\vVjSGvh.exe
  2⤵
  PID:5776
- C:\Windows\System\UrTqkUS.exe
  C:\Windows\System\UrTqkUS.exe
  2⤵
  PID:5812
- C:\Windows\System\RaRsszx.exe
  C:\Windows\System\RaRsszx.exe
  2⤵
  PID:5852
- C:\Windows\System\qAWrQzQ.exe
  C:\Windows\System\qAWrQzQ.exe
  2⤵
  PID:5880
- C:\Windows\System\YHplJcf.exe
  C:\Windows\System\YHplJcf.exe
  2⤵
  PID:5916
- C:\Windows\System\zfdSKgG.exe
  C:\Windows\System\zfdSKgG.exe
  2⤵
  PID:5940
- C:\Windows\System\WShQCZa.exe
  C:\Windows\System\WShQCZa.exe
  2⤵
  PID:5972
- C:\Windows\System\SgHdBmC.exe
  C:\Windows\System\SgHdBmC.exe
  2⤵
  PID:6000
- C:\Windows\System\gkRditr.exe
  C:\Windows\System\gkRditr.exe
  2⤵
  PID:6024
- C:\Windows\System\FjrOIoe.exe
  C:\Windows\System\FjrOIoe.exe
  2⤵
  PID:6064
- C:\Windows\System\cUVlBmY.exe
  C:\Windows\System\cUVlBmY.exe
  2⤵
  PID:6100
- C:\Windows\System\RXpLMbf.exe
  C:\Windows\System\RXpLMbf.exe
  2⤵
  PID:6120
- C:\Windows\System\fJrLPna.exe
  C:\Windows\System\fJrLPna.exe
  2⤵
  PID:6136
- C:\Windows\System\AcgvXCy.exe
  C:\Windows\System\AcgvXCy.exe
  2⤵
  PID:5176
- C:\Windows\System\kPvFKzL.exe
  C:\Windows\System\kPvFKzL.exe
  2⤵
  PID:5272
- C:\Windows\System\XpmNInF.exe
  C:\Windows\System\XpmNInF.exe
  2⤵
  PID:5352
- C:\Windows\System\lFjzCjI.exe
  C:\Windows\System\lFjzCjI.exe
  2⤵
  PID:5408
- C:\Windows\System\gFrmUsd.exe
  C:\Windows\System\gFrmUsd.exe
  2⤵
  PID:5480
- C:\Windows\System\kJiLJxW.exe
  C:\Windows\System\kJiLJxW.exe
  2⤵
  PID:5564
- C:\Windows\System\TjHvnfX.exe
  C:\Windows\System\TjHvnfX.exe
  2⤵
  PID:5644
- C:\Windows\System\stHjRcJ.exe
  C:\Windows\System\stHjRcJ.exe
  2⤵
  PID:5720
- C:\Windows\System\KqLoQXz.exe
  C:\Windows\System\KqLoQXz.exe
  2⤵
  PID:5692
- C:\Windows\System\wttrCdV.exe
  C:\Windows\System\wttrCdV.exe
  2⤵
  PID:5848
- C:\Windows\System\HeriqUy.exe
  C:\Windows\System\HeriqUy.exe
  2⤵
  PID:5864
- C:\Windows\System\AIjGQph.exe
  C:\Windows\System\AIjGQph.exe
  2⤵
  PID:5936
- C:\Windows\System\tUQdENn.exe
  C:\Windows\System\tUQdENn.exe
  2⤵
  PID:6020
- C:\Windows\System\NJlyvph.exe
  C:\Windows\System\NJlyvph.exe
  2⤵
  PID:6084
- C:\Windows\System\ZmuNsJb.exe
  C:\Windows\System\ZmuNsJb.exe
  2⤵
  PID:5156
- C:\Windows\System\uwJgxjh.exe
  C:\Windows\System\uwJgxjh.exe
  2⤵
  PID:5376
- C:\Windows\System\lvmYQqR.exe
  C:\Windows\System\lvmYQqR.exe
  2⤵
  PID:5560
- C:\Windows\System\xlZITIK.exe
  C:\Windows\System\xlZITIK.exe
  2⤵
  PID:5716
- C:\Windows\System\CoCrTxO.exe
  C:\Windows\System\CoCrTxO.exe
  2⤵
  PID:5808
- C:\Windows\System\nJqcQfR.exe
  C:\Windows\System\nJqcQfR.exe
  2⤵
  PID:6108
- C:\Windows\System\rsWqPgd.exe
  C:\Windows\System\rsWqPgd.exe
  2⤵
  PID:6092
- C:\Windows\System\ykKMXqY.exe
  C:\Windows\System\ykKMXqY.exe
  2⤵
  PID:5640
- C:\Windows\System\nJaodBc.exe
  C:\Windows\System\nJaodBc.exe
  2⤵
  PID:5928
- C:\Windows\System\tPgQfOa.exe
  C:\Windows\System\tPgQfOa.exe
  2⤵
  PID:5992
- C:\Windows\System\iizsrFD.exe
  C:\Windows\System\iizsrFD.exe
  2⤵
  PID:6156
- C:\Windows\System\PeGbCRZ.exe
  C:\Windows\System\PeGbCRZ.exe
  2⤵
  PID:6180
- C:\Windows\System\BAbgIza.exe
  C:\Windows\System\BAbgIza.exe
  2⤵
  PID:6212
- C:\Windows\System\EtIYZvC.exe
  C:\Windows\System\EtIYZvC.exe
  2⤵
  PID:6244
- C:\Windows\System\YtZricO.exe
  C:\Windows\System\YtZricO.exe
  2⤵
  PID:6284
- C:\Windows\System\wBQevrw.exe
  C:\Windows\System\wBQevrw.exe
  2⤵
  PID:6316
- C:\Windows\System\vIAAtKd.exe
  C:\Windows\System\vIAAtKd.exe
  2⤵
  PID:6332
- C:\Windows\System\BqHnoSj.exe
  C:\Windows\System\BqHnoSj.exe
  2⤵
  PID:6372
- C:\Windows\System\KkHmBpH.exe
  C:\Windows\System\KkHmBpH.exe
  2⤵
  PID:6404
- C:\Windows\System\niBOwsF.exe
  C:\Windows\System\niBOwsF.exe
  2⤵
  PID:6436
- C:\Windows\System\YbXHwgC.exe
  C:\Windows\System\YbXHwgC.exe
  2⤵
  PID:6464
- C:\Windows\System\zwjioYy.exe
  C:\Windows\System\zwjioYy.exe
  2⤵
  PID:6500
- C:\Windows\System\RmaJCMI.exe
  C:\Windows\System\RmaJCMI.exe
  2⤵
  PID:6532
- C:\Windows\System\azsAMhZ.exe
  C:\Windows\System\azsAMhZ.exe
  2⤵
  PID:6548
- C:\Windows\System\IhoPEPV.exe
  C:\Windows\System\IhoPEPV.exe
  2⤵
  PID:6576
- C:\Windows\System\xXZRpWM.exe
  C:\Windows\System\xXZRpWM.exe
  2⤵
  PID:6604
- C:\Windows\System\fRFtBRE.exe
  C:\Windows\System\fRFtBRE.exe
  2⤵
  PID:6624
- C:\Windows\System\JqWqoUU.exe
  C:\Windows\System\JqWqoUU.exe
  2⤵
  PID:6664
- C:\Windows\System\PrcBhWG.exe
  C:\Windows\System\PrcBhWG.exe
  2⤵
  PID:6704
- C:\Windows\System\LsjDtEl.exe
  C:\Windows\System\LsjDtEl.exe
  2⤵
  PID:6736
- C:\Windows\System\shJSMyT.exe
  C:\Windows\System\shJSMyT.exe
  2⤵
  PID:6760
- C:\Windows\System\TCSTpfv.exe
  C:\Windows\System\TCSTpfv.exe
  2⤵
  PID:6800
- C:\Windows\System\DbsgGOR.exe
  C:\Windows\System\DbsgGOR.exe
  2⤵
  PID:6836
- C:\Windows\System\xgcexFR.exe
  C:\Windows\System\xgcexFR.exe
  2⤵
  PID:6868
- C:\Windows\System\WqxMbZG.exe
  C:\Windows\System\WqxMbZG.exe
  2⤵
  PID:6908
- C:\Windows\System\DPKWHYs.exe
  C:\Windows\System\DPKWHYs.exe
  2⤵
  PID:6932
- C:\Windows\System\MHOevAv.exe
  C:\Windows\System\MHOevAv.exe
  2⤵
  PID:6956
- C:\Windows\System\CAVxGeH.exe
  C:\Windows\System\CAVxGeH.exe
  2⤵
  PID:6992
- C:\Windows\System\rYrkitO.exe
  C:\Windows\System\rYrkitO.exe
  2⤵
  PID:7008
- C:\Windows\System\scbEULS.exe
  C:\Windows\System\scbEULS.exe
  2⤵
  PID:7024
- C:\Windows\System\gfDKIrD.exe
  C:\Windows\System\gfDKIrD.exe
  2⤵
  PID:7044
- C:\Windows\System\TdCOylN.exe
  C:\Windows\System\TdCOylN.exe
  2⤵
  PID:7060
- C:\Windows\System\bHNAubd.exe
  C:\Windows\System\bHNAubd.exe
  2⤵
  PID:7096
- C:\Windows\System\HyOsBFz.exe
  C:\Windows\System\HyOsBFz.exe
  2⤵
  PID:7132
- C:\Windows\System\twaHRRi.exe
  C:\Windows\System\twaHRRi.exe
  2⤵
  PID:5616
- C:\Windows\System\MOlQFMg.exe
  C:\Windows\System\MOlQFMg.exe
  2⤵
  PID:2736
- C:\Windows\System\lTRotFD.exe
  C:\Windows\System\lTRotFD.exe
  2⤵
  PID:6236
- C:\Windows\System\EBtadZK.exe
  C:\Windows\System\EBtadZK.exe
  2⤵
  PID:6356
- C:\Windows\System\KdFyyLB.exe
  C:\Windows\System\KdFyyLB.exe
  2⤵
  PID:6428
- C:\Windows\System\ZoPAIkM.exe
  C:\Windows\System\ZoPAIkM.exe
  2⤵
  PID:6488
- C:\Windows\System\ATPECYM.exe
  C:\Windows\System\ATPECYM.exe
  2⤵
  PID:6568
- C:\Windows\System\jxlzAAp.exe
  C:\Windows\System\jxlzAAp.exe
  2⤵
  PID:6632
- C:\Windows\System\KLaSWRi.exe
  C:\Windows\System\KLaSWRi.exe
  2⤵
  PID:6684
- C:\Windows\System\WNHbYxd.exe
  C:\Windows\System\WNHbYxd.exe
  2⤵
  PID:6748
- C:\Windows\System\NSukoDL.exe
  C:\Windows\System\NSukoDL.exe
  2⤵
  PID:6820
- C:\Windows\System\UqjabgW.exe
  C:\Windows\System\UqjabgW.exe
  2⤵
  PID:6884
- C:\Windows\System\ppCOYFY.exe
  C:\Windows\System\ppCOYFY.exe
  2⤵
  PID:7020
- C:\Windows\System\GevNpQY.exe
  C:\Windows\System\GevNpQY.exe
  2⤵
  PID:7072
- C:\Windows\System\tYkJAKf.exe
  C:\Windows\System\tYkJAKf.exe
  2⤵
  PID:7128
- C:\Windows\System\GGRwPZd.exe
  C:\Windows\System\GGRwPZd.exe
  2⤵
  PID:6152
- C:\Windows\System\XpFirkY.exe
  C:\Windows\System\XpFirkY.exe
  2⤵
  PID:6412
- C:\Windows\System\ynzyKoa.exe
  C:\Windows\System\ynzyKoa.exe
  2⤵
  PID:6496
- C:\Windows\System\fQOUgxV.exe
  C:\Windows\System\fQOUgxV.exe
  2⤵
  PID:6716
- C:\Windows\System\kzSoCfF.exe
  C:\Windows\System\kzSoCfF.exe
  2⤵
  PID:6744
- C:\Windows\System\eabayiq.exe
  C:\Windows\System\eabayiq.exe
  2⤵
  PID:6988
- C:\Windows\System\ctRrXbc.exe
  C:\Windows\System\ctRrXbc.exe
  2⤵
  PID:7108
- C:\Windows\System\pVXlUvp.exe
  C:\Windows\System\pVXlUvp.exe
  2⤵
  PID:6460
- C:\Windows\System\BQoCiGS.exe
  C:\Windows\System\BQoCiGS.exe
  2⤵
  PID:6860
- C:\Windows\System\ZTjaaiQ.exe
  C:\Windows\System\ZTjaaiQ.exe
  2⤵
  PID:6220
- C:\Windows\System\OfGzaGH.exe
  C:\Windows\System\OfGzaGH.exe
  2⤵
  PID:7188
- C:\Windows\System\QqiJnTF.exe
  C:\Windows\System\QqiJnTF.exe
  2⤵
  PID:7220
- C:\Windows\System\cofUwgw.exe
  C:\Windows\System\cofUwgw.exe
  2⤵
  PID:7244
- C:\Windows\System\aBABond.exe
  C:\Windows\System\aBABond.exe
  2⤵
  PID:7272
- C:\Windows\System\DvvcoiT.exe
  C:\Windows\System\DvvcoiT.exe
  2⤵
  PID:7300
- C:\Windows\System\CSnpoUy.exe
  C:\Windows\System\CSnpoUy.exe
  2⤵
  PID:7332
- C:\Windows\System\RZmqqGa.exe
  C:\Windows\System\RZmqqGa.exe
  2⤵
  PID:7368
- C:\Windows\System\AnIdsJd.exe
  C:\Windows\System\AnIdsJd.exe
  2⤵
  PID:7404
- C:\Windows\System\VYVkflF.exe
  C:\Windows\System\VYVkflF.exe
  2⤵
  PID:7444
- C:\Windows\System\fbIlrIS.exe
  C:\Windows\System\fbIlrIS.exe
  2⤵
  PID:7472
- C:\Windows\System\JGoYYTD.exe
  C:\Windows\System\JGoYYTD.exe
  2⤵
  PID:7500
- C:\Windows\System\mtwutur.exe
  C:\Windows\System\mtwutur.exe
  2⤵
  PID:7520
- C:\Windows\System\oaeGogR.exe
  C:\Windows\System\oaeGogR.exe
  2⤵
  PID:7556
- C:\Windows\System\UZwkDpn.exe
  C:\Windows\System\UZwkDpn.exe
  2⤵
  PID:7588
- C:\Windows\System\puAuWeo.exe
  C:\Windows\System\puAuWeo.exe
  2⤵
  PID:7612
- C:\Windows\System\dJyYIrL.exe
  C:\Windows\System\dJyYIrL.exe
  2⤵
  PID:7636
- C:\Windows\System\rjCKvuv.exe
  C:\Windows\System\rjCKvuv.exe
  2⤵
  PID:7652
- C:\Windows\System\bbJjElc.exe
  C:\Windows\System\bbJjElc.exe
  2⤵
  PID:7680
- C:\Windows\System\BeLOuAD.exe
  C:\Windows\System\BeLOuAD.exe
  2⤵
  PID:7720
- C:\Windows\System\AAskMDk.exe
  C:\Windows\System\AAskMDk.exe
  2⤵
  PID:7760
- C:\Windows\System\GjnWVhF.exe
  C:\Windows\System\GjnWVhF.exe
  2⤵
  PID:7792
- C:\Windows\System\ubMFjkE.exe
  C:\Windows\System\ubMFjkE.exe
  2⤵
  PID:7808
- C:\Windows\System\Iatqmnc.exe
  C:\Windows\System\Iatqmnc.exe
  2⤵
  PID:7836
- C:\Windows\System\DYnISVT.exe
  C:\Windows\System\DYnISVT.exe
  2⤵
  PID:7872
- C:\Windows\System\blQYKxQ.exe
  C:\Windows\System\blQYKxQ.exe
  2⤵
  PID:7904
- C:\Windows\System\OIAoERk.exe
  C:\Windows\System\OIAoERk.exe
  2⤵
  PID:7932
- C:\Windows\System\EguOXuI.exe
  C:\Windows\System\EguOXuI.exe
  2⤵
  PID:7964
- C:\Windows\System\QeItFOU.exe
  C:\Windows\System\QeItFOU.exe
  2⤵
  PID:7996
- C:\Windows\System\nEZeZSd.exe
  C:\Windows\System\nEZeZSd.exe
  2⤵
  PID:8020
- C:\Windows\System\penOaYw.exe
  C:\Windows\System\penOaYw.exe
  2⤵
  PID:8064
- C:\Windows\System\dHqZmJl.exe
  C:\Windows\System\dHqZmJl.exe
  2⤵
  PID:8088
- C:\Windows\System\MeflDHa.exe
  C:\Windows\System\MeflDHa.exe
  2⤵
  PID:8104
- C:\Windows\System\WtgQqlx.exe
  C:\Windows\System\WtgQqlx.exe
  2⤵
  PID:8136
- C:\Windows\System\lSTwRiL.exe
  C:\Windows\System\lSTwRiL.exe
  2⤵
  PID:8176
- C:\Windows\System\OPROxot.exe
  C:\Windows\System\OPROxot.exe
  2⤵
  PID:6660
- C:\Windows\System\isnsqKh.exe
  C:\Windows\System\isnsqKh.exe
  2⤵
  PID:7124
- C:\Windows\System\ZbXJgxR.exe
  C:\Windows\System\ZbXJgxR.exe
  2⤵
  PID:7320
- C:\Windows\System\DOwYpFL.exe
  C:\Windows\System\DOwYpFL.exe
  2⤵
  PID:7360
- C:\Windows\System\NddHiCk.exe
  C:\Windows\System\NddHiCk.exe
  2⤵
  PID:7440
- C:\Windows\System\nBliaSw.exe
  C:\Windows\System\nBliaSw.exe
  2⤵
  PID:7464
- C:\Windows\System\cOcBHAd.exe
  C:\Windows\System\cOcBHAd.exe
  2⤵
  PID:7508
- C:\Windows\System\bDCtSZB.exe
  C:\Windows\System\bDCtSZB.exe
  2⤵
  PID:7552
- C:\Windows\System\CWxYNWC.exe
  C:\Windows\System\CWxYNWC.exe
  2⤵
  PID:7608
- C:\Windows\System\NcbTYan.exe
  C:\Windows\System\NcbTYan.exe
  2⤵
  PID:7648
- C:\Windows\System\dcWzmOu.exe
  C:\Windows\System\dcWzmOu.exe
  2⤵
  PID:7756
- C:\Windows\System\cJQLEHS.exe
  C:\Windows\System\cJQLEHS.exe
  2⤵
  PID:7820
- C:\Windows\System\XOtZygG.exe
  C:\Windows\System\XOtZygG.exe
  2⤵
  PID:7864
- C:\Windows\System\oqdhcNk.exe
  C:\Windows\System\oqdhcNk.exe
  2⤵
  PID:7960
- C:\Windows\System\TKpOBzZ.exe
  C:\Windows\System\TKpOBzZ.exe
  2⤵
  PID:7988
- C:\Windows\System\sHBfYZM.exe
  C:\Windows\System\sHBfYZM.exe
  2⤵
  PID:8080
- C:\Windows\System\aqzuxmL.exe
  C:\Windows\System\aqzuxmL.exe
  2⤵
  PID:8048
- C:\Windows\System\DRzMDCd.exe
  C:\Windows\System\DRzMDCd.exe
  2⤵
  PID:8184
- C:\Windows\System\DdgoCGU.exe
  C:\Windows\System\DdgoCGU.exe
  2⤵
  PID:7264
- C:\Windows\System\glGwuBb.exe
  C:\Windows\System\glGwuBb.exe
  2⤵
  PID:7392
- C:\Windows\System\KxmIRAw.exe
  C:\Windows\System\KxmIRAw.exe
  2⤵
  PID:7488
- C:\Windows\System\yMlPJhs.exe
  C:\Windows\System\yMlPJhs.exe
  2⤵
  PID:7776
- C:\Windows\System\UhtWSHb.exe
  C:\Windows\System\UhtWSHb.exe
  2⤵
  PID:7916
- C:\Windows\System\sAjhxoo.exe
  C:\Windows\System\sAjhxoo.exe
  2⤵
  PID:7976
- C:\Windows\System\bpCkeMf.exe
  C:\Windows\System\bpCkeMf.exe
  2⤵
  PID:8172
- C:\Windows\System\EMxifvp.exe
  C:\Windows\System\EMxifvp.exe
  2⤵
  PID:7184
- C:\Windows\System\gyOvpdg.exe
  C:\Windows\System\gyOvpdg.exe
  2⤵
  PID:7920
- C:\Windows\System\WOCsmfx.exe
  C:\Windows\System\WOCsmfx.exe
  2⤵
  PID:8196
- C:\Windows\System\tEpgEIB.exe
  C:\Windows\System\tEpgEIB.exe
  2⤵
  PID:8236
- C:\Windows\System\Gunpcyf.exe
  C:\Windows\System\Gunpcyf.exe
  2⤵
  PID:8264
- C:\Windows\System\encVWZY.exe
  C:\Windows\System\encVWZY.exe
  2⤵
  PID:8304
- C:\Windows\System\XQGpEkL.exe
  C:\Windows\System\XQGpEkL.exe
  2⤵
  PID:8320
- C:\Windows\System\ydzUlJV.exe
  C:\Windows\System\ydzUlJV.exe
  2⤵
  PID:8364
- C:\Windows\System\jfwliNF.exe
  C:\Windows\System\jfwliNF.exe
  2⤵
  PID:8392
- C:\Windows\System\RDdmOhO.exe
  C:\Windows\System\RDdmOhO.exe
  2⤵
  PID:8416
- C:\Windows\System\fDstRms.exe
  C:\Windows\System\fDstRms.exe
  2⤵
  PID:8444
- C:\Windows\System\DukVRiW.exe
  C:\Windows\System\DukVRiW.exe
  2⤵
  PID:8480
- C:\Windows\System\FelGFpi.exe
  C:\Windows\System\FelGFpi.exe
  2⤵
  PID:8516
- C:\Windows\System\sFgvEuT.exe
  C:\Windows\System\sFgvEuT.exe
  2⤵
  PID:8544
- C:\Windows\System\tqHTcfk.exe
  C:\Windows\System\tqHTcfk.exe
  2⤵
  PID:8572
- C:\Windows\System\UjbXiBQ.exe
  C:\Windows\System\UjbXiBQ.exe
  2⤵
  PID:8604
- C:\Windows\System\JYsjvRl.exe
  C:\Windows\System\JYsjvRl.exe
  2⤵
  PID:8636
- C:\Windows\System\FqetkvA.exe
  C:\Windows\System\FqetkvA.exe
  2⤵
  PID:8660
- C:\Windows\System\PHuSwyr.exe
  C:\Windows\System\PHuSwyr.exe
  2⤵
  PID:8684
- C:\Windows\System\HwgxThD.exe
  C:\Windows\System\HwgxThD.exe
  2⤵
  PID:8720
- C:\Windows\System\wUFHVQS.exe
  C:\Windows\System\wUFHVQS.exe
  2⤵
  PID:8780
- C:\Windows\System\FLLtlMz.exe
  C:\Windows\System\FLLtlMz.exe
  2⤵
  PID:8800
- C:\Windows\System\AQgnPzN.exe
  C:\Windows\System\AQgnPzN.exe
  2⤵
  PID:8820
- C:\Windows\System\PMUgNcP.exe
  C:\Windows\System\PMUgNcP.exe
  2⤵
  PID:8856
- C:\Windows\System\lBlPGfi.exe
  C:\Windows\System\lBlPGfi.exe
  2⤵
  PID:8884
- C:\Windows\System\PzVXmSk.exe
  C:\Windows\System\PzVXmSk.exe
  2⤵
  PID:8900
- C:\Windows\System\GTWcLAD.exe
  C:\Windows\System\GTWcLAD.exe
  2⤵
  PID:8920
- C:\Windows\System\nAFJSrz.exe
  C:\Windows\System\nAFJSrz.exe
  2⤵
  PID:8948
- C:\Windows\System\FJtkEiu.exe
  C:\Windows\System\FJtkEiu.exe
  2⤵
  PID:8988
- C:\Windows\System\AwCFuer.exe
  C:\Windows\System\AwCFuer.exe
  2⤵
  PID:9024
- C:\Windows\System\mWTnByV.exe
  C:\Windows\System\mWTnByV.exe
  2⤵
  PID:9040
- C:\Windows\System\EiaKxMS.exe
  C:\Windows\System\EiaKxMS.exe
  2⤵
  PID:9088
- C:\Windows\System\eAtpojq.exe
  C:\Windows\System\eAtpojq.exe
  2⤵
  PID:9108
- C:\Windows\System\sdwqyBa.exe
  C:\Windows\System\sdwqyBa.exe
  2⤵
  PID:9128
- C:\Windows\System\sgHjoqR.exe
  C:\Windows\System\sgHjoqR.exe
  2⤵
  PID:9152
- C:\Windows\System\bYIEbhm.exe
  C:\Windows\System\bYIEbhm.exe
  2⤵
  PID:9180
- C:\Windows\System\LmOyQfG.exe
  C:\Windows\System\LmOyQfG.exe
  2⤵
  PID:9212
- C:\Windows\System\uJFFnAO.exe
  C:\Windows\System\uJFFnAO.exe
  2⤵
  PID:8224
- C:\Windows\System\hIbtMEK.exe
  C:\Windows\System\hIbtMEK.exe
  2⤵
  PID:8284
- C:\Windows\System\nqjVHLt.exe
  C:\Windows\System\nqjVHLt.exe
  2⤵
  PID:8380
- C:\Windows\System\NqPKAmM.exe
  C:\Windows\System\NqPKAmM.exe
  2⤵
  PID:8472
- C:\Windows\System\iBzpCqi.exe
  C:\Windows\System\iBzpCqi.exe
  2⤵
  PID:8492
- C:\Windows\System\oCPYvrC.exe
  C:\Windows\System\oCPYvrC.exe
  2⤵
  PID:8564
- C:\Windows\System\chCBKnk.exe
  C:\Windows\System\chCBKnk.exe
  2⤵
  PID:8644
- C:\Windows\System\gSQaDab.exe
  C:\Windows\System\gSQaDab.exe
  2⤵
  PID:8704
- C:\Windows\System\xcDSQfN.exe
  C:\Windows\System\xcDSQfN.exe
  2⤵
  PID:8816
- C:\Windows\System\VbPOsDu.exe
  C:\Windows\System\VbPOsDu.exe
  2⤵
  PID:5892
- C:\Windows\System\jvAbVlM.exe
  C:\Windows\System\jvAbVlM.exe
  2⤵
  PID:5800
- C:\Windows\System\IyXogqR.exe
  C:\Windows\System\IyXogqR.exe
  2⤵
  PID:5536
- C:\Windows\System\oEtzBbr.exe
  C:\Windows\System\oEtzBbr.exe
  2⤵
  PID:8916
- C:\Windows\System\OcbPICw.exe
  C:\Windows\System\OcbPICw.exe
  2⤵
  PID:8996
- C:\Windows\System\YpiOmRr.exe
  C:\Windows\System\YpiOmRr.exe
  2⤵
  PID:9096
- C:\Windows\System\RUcIXbT.exe
  C:\Windows\System\RUcIXbT.exe
  2⤵
  PID:9192
- C:\Windows\System\seYVJih.exe
  C:\Windows\System\seYVJih.exe
  2⤵
  PID:8216
- C:\Windows\System\bcDPKUy.exe
  C:\Windows\System\bcDPKUy.exe
  2⤵
  PID:8340
- C:\Windows\System\ovvQYGF.exe
  C:\Windows\System\ovvQYGF.exe
  2⤵
  PID:8536
- C:\Windows\System\OwZdlYp.exe
  C:\Windows\System\OwZdlYp.exe
  2⤵
  PID:8680
- C:\Windows\System\yHIYrGy.exe
  C:\Windows\System\yHIYrGy.exe
  2⤵
  PID:8828
- C:\Windows\System\MwPfAVq.exe
  C:\Windows\System\MwPfAVq.exe
  2⤵
  PID:8956
- C:\Windows\System\leljbMk.exe
  C:\Windows\System\leljbMk.exe
  2⤵
  PID:8968
- C:\Windows\System\crytsFK.exe
  C:\Windows\System\crytsFK.exe
  2⤵
  PID:7460
- C:\Windows\System\DxUUJLf.exe
  C:\Windows\System\DxUUJLf.exe
  2⤵
  PID:8456
- C:\Windows\System\EwQaekl.exe
  C:\Windows\System\EwQaekl.exe
  2⤵
  PID:5836
- C:\Windows\System\XTGInqa.exe
  C:\Windows\System\XTGInqa.exe
  2⤵
  PID:8976
- C:\Windows\System\uRltfAc.exe
  C:\Windows\System\uRltfAc.exe
  2⤵
  PID:9208
- C:\Windows\System\eLJwwOK.exe
  C:\Windows\System\eLJwwOK.exe
  2⤵
  PID:9220
- C:\Windows\System\PJGznUU.exe
  C:\Windows\System\PJGznUU.exe
  2⤵
  PID:9248
- C:\Windows\System\RHQEpbI.exe
  C:\Windows\System\RHQEpbI.exe
  2⤵
  PID:9288
- C:\Windows\System\aVumcfI.exe
  C:\Windows\System\aVumcfI.exe
  2⤵
  PID:9316
- C:\Windows\System\LOwyhMd.exe
  C:\Windows\System\LOwyhMd.exe
  2⤵
  PID:9344
- C:\Windows\System\lmGPVwv.exe
  C:\Windows\System\lmGPVwv.exe
  2⤵
  PID:9372
- C:\Windows\System\xeHVXjc.exe
  C:\Windows\System\xeHVXjc.exe
  2⤵
  PID:9400
- C:\Windows\System\sPlonuV.exe
  C:\Windows\System\sPlonuV.exe
  2⤵
  PID:9416
- C:\Windows\System\VnbUQKu.exe
  C:\Windows\System\VnbUQKu.exe
  2⤵
  PID:9456
- C:\Windows\System\QvWxMkP.exe
  C:\Windows\System\QvWxMkP.exe
  2⤵
  PID:9484
- C:\Windows\System\WqMTeTH.exe
  C:\Windows\System\WqMTeTH.exe
  2⤵
  PID:9500
- C:\Windows\System\ZpJlnoI.exe
  C:\Windows\System\ZpJlnoI.exe
  2⤵
  PID:9532
- C:\Windows\System\bQNOgre.exe
  C:\Windows\System\bQNOgre.exe
  2⤵
  PID:9568
- C:\Windows\System\OECLeUD.exe
  C:\Windows\System\OECLeUD.exe
  2⤵
  PID:9596
- C:\Windows\System\jcabdlv.exe
  C:\Windows\System\jcabdlv.exe
  2⤵
  PID:9612
- C:\Windows\System\QVnfcym.exe
  C:\Windows\System\QVnfcym.exe
  2⤵
  PID:9644
- C:\Windows\System\Vecypda.exe
  C:\Windows\System\Vecypda.exe
  2⤵
  PID:9668
- C:\Windows\System\HAJiDWK.exe
  C:\Windows\System\HAJiDWK.exe
  2⤵
  PID:9696
- C:\Windows\System\ScqPmXO.exe
  C:\Windows\System\ScqPmXO.exe
  2⤵
  PID:9736
- C:\Windows\System\CqAXbLT.exe
  C:\Windows\System\CqAXbLT.exe
  2⤵
  PID:9764
- C:\Windows\System\CWFfWDT.exe
  C:\Windows\System\CWFfWDT.exe
  2⤵
  PID:9788
- C:\Windows\System\wBGPLsM.exe
  C:\Windows\System\wBGPLsM.exe
  2⤵
  PID:9820
- C:\Windows\System\oXmYAHt.exe
  C:\Windows\System\oXmYAHt.exe
  2⤵
  PID:9848
- C:\Windows\System\qhUyISg.exe
  C:\Windows\System\qhUyISg.exe
  2⤵
  PID:9872
- C:\Windows\System\hjricWB.exe
  C:\Windows\System\hjricWB.exe
  2⤵
  PID:9904
- C:\Windows\System\DlpOdvq.exe
  C:\Windows\System\DlpOdvq.exe
  2⤵
  PID:9932
- C:\Windows\System\PUfYtbu.exe
  C:\Windows\System\PUfYtbu.exe
  2⤵
  PID:9948
- C:\Windows\System\aSnYrFm.exe
  C:\Windows\System\aSnYrFm.exe
  2⤵
  PID:9976
- C:\Windows\System\ZgGFIUp.exe
  C:\Windows\System\ZgGFIUp.exe
  2⤵
  PID:9992
- C:\Windows\System\RktrHxt.exe
  C:\Windows\System\RktrHxt.exe
  2⤵
  PID:10032
- C:\Windows\System\aYebIbu.exe
  C:\Windows\System\aYebIbu.exe
  2⤵
  PID:10060
- C:\Windows\System\RLoIcdd.exe
  C:\Windows\System\RLoIcdd.exe
  2⤵
  PID:10096
- C:\Windows\System\sqcArCo.exe
  C:\Windows\System\sqcArCo.exe
  2⤵
  PID:10116
- C:\Windows\System\EQkssBi.exe
  C:\Windows\System\EQkssBi.exe
  2⤵
  PID:10144
- C:\Windows\System\mQwLzyL.exe
  C:\Windows\System\mQwLzyL.exe
  2⤵
  PID:10184
- C:\Windows\System\sJivuac.exe
  C:\Windows\System\sJivuac.exe
  2⤵
  PID:10204
- C:\Windows\System\sOoyIjr.exe
  C:\Windows\System\sOoyIjr.exe
  2⤵
  PID:10232
- C:\Windows\System\QSibsgK.exe
  C:\Windows\System\QSibsgK.exe
  2⤵
  PID:8404
- C:\Windows\System\SNJZphn.exe
  C:\Windows\System\SNJZphn.exe
  2⤵
  PID:9276
- C:\Windows\System\FwiSvKy.exe
  C:\Windows\System\FwiSvKy.exe
  2⤵
  PID:9356
- C:\Windows\System\asDrpup.exe
  C:\Windows\System\asDrpup.exe
  2⤵
  PID:9436
- C:\Windows\System\ytpjvSr.exe
  C:\Windows\System\ytpjvSr.exe
  2⤵
  PID:9496
- C:\Windows\System\vEtGtjA.exe
  C:\Windows\System\vEtGtjA.exe
  2⤵
  PID:9552
- C:\Windows\System\MjCvtDU.exe
  C:\Windows\System\MjCvtDU.exe
  2⤵
  PID:9608
- C:\Windows\System\CwFGHjp.exe
  C:\Windows\System\CwFGHjp.exe
  2⤵
  PID:9688
- C:\Windows\System\wYbUbKA.exe
  C:\Windows\System\wYbUbKA.exe
  2⤵
  PID:9748
- C:\Windows\System\PkecuKs.exe
  C:\Windows\System\PkecuKs.exe
  2⤵
  PID:9832
- C:\Windows\System\kLYTmTe.exe
  C:\Windows\System\kLYTmTe.exe
  2⤵
  PID:9920
- C:\Windows\System\xgXAgKl.exe
  C:\Windows\System\xgXAgKl.exe
  2⤵
  PID:9984
- C:\Windows\System\QuUlvQp.exe
  C:\Windows\System\QuUlvQp.exe
  2⤵
  PID:10024
- C:\Windows\System\ZHByJBY.exe
  C:\Windows\System\ZHByJBY.exe
  2⤵
  PID:10092
- C:\Windows\System\QmqtLvV.exe
  C:\Windows\System\QmqtLvV.exe
  2⤵
  PID:10156
- C:\Windows\System\nIRWnEB.exe
  C:\Windows\System\nIRWnEB.exe
  2⤵
  PID:10220
- C:\Windows\System\DdFonSq.exe
  C:\Windows\System\DdFonSq.exe
  2⤵
  PID:9052
- C:\Windows\System\bgWmAAm.exe
  C:\Windows\System\bgWmAAm.exe
  2⤵
  PID:9408
- C:\Windows\System\uYsqqmd.exe
  C:\Windows\System\uYsqqmd.exe
  2⤵
  PID:9476
- C:\Windows\System\IFAGNoB.exe
  C:\Windows\System\IFAGNoB.exe
  2⤵
  PID:9716
- C:\Windows\System\ROBpAMt.exe
  C:\Windows\System\ROBpAMt.exe
  2⤵
  PID:9856
- C:\Windows\System\eeylrQP.exe
  C:\Windows\System\eeylrQP.exe
  2⤵
  PID:10004
- C:\Windows\System\IOmxfUp.exe
  C:\Windows\System\IOmxfUp.exe
  2⤵
  PID:10140
- C:\Windows\System\DzFezGb.exe
  C:\Windows\System\DzFezGb.exe
  2⤵
  PID:8776
- C:\Windows\System\qxEJrKP.exe
  C:\Windows\System\qxEJrKP.exe
  2⤵
  PID:9664
- C:\Windows\System\nVKisfj.exe
  C:\Windows\System\nVKisfj.exe
  2⤵
  PID:10048
- C:\Windows\System\JrfwltW.exe
  C:\Windows\System\JrfwltW.exe
  2⤵
  PID:9492
- C:\Windows\System\rwNaTYh.exe
  C:\Windows\System\rwNaTYh.exe
  2⤵
  PID:9512
- C:\Windows\System\ZfgVStP.exe
  C:\Windows\System\ZfgVStP.exe
  2⤵
  PID:10260
- C:\Windows\System\ysIwwdP.exe
  C:\Windows\System\ysIwwdP.exe
  2⤵
  PID:10300
- C:\Windows\System\pFFYgHL.exe
  C:\Windows\System\pFFYgHL.exe
  2⤵
  PID:10328
- C:\Windows\System\celmvgO.exe
  C:\Windows\System\celmvgO.exe
  2⤵
  PID:10352
- C:\Windows\System\RMxlTFs.exe
  C:\Windows\System\RMxlTFs.exe
  2⤵
  PID:10372
- C:\Windows\System\wvqYugZ.exe
  C:\Windows\System\wvqYugZ.exe
  2⤵
  PID:10388
- C:\Windows\System\itACqUt.exe
  C:\Windows\System\itACqUt.exe
  2⤵
  PID:10420
- C:\Windows\System\IjpMYMA.exe
  C:\Windows\System\IjpMYMA.exe
  2⤵
  PID:10460
- C:\Windows\System\asfExPU.exe
  C:\Windows\System\asfExPU.exe
  2⤵
  PID:10484
- C:\Windows\System\CEtYmEC.exe
  C:\Windows\System\CEtYmEC.exe
  2⤵
  PID:10512
- C:\Windows\System\AEVlhpr.exe
  C:\Windows\System\AEVlhpr.exe
  2⤵
  PID:10548
- C:\Windows\System\zxjjyFr.exe
  C:\Windows\System\zxjjyFr.exe
  2⤵
  PID:10568
- C:\Windows\System\JqsQRvo.exe
  C:\Windows\System\JqsQRvo.exe
  2⤵
  PID:10596
- C:\Windows\System\cqtgJvv.exe
  C:\Windows\System\cqtgJvv.exe
  2⤵
  PID:10624
- C:\Windows\System\wkHTkOv.exe
  C:\Windows\System\wkHTkOv.exe
  2⤵
  PID:10660
- C:\Windows\System\ceKzmxE.exe
  C:\Windows\System\ceKzmxE.exe
  2⤵
  PID:10676
- C:\Windows\System\HvmeOLN.exe
  C:\Windows\System\HvmeOLN.exe
  2⤵
  PID:10708
- C:\Windows\System\xWGZwOJ.exe
  C:\Windows\System\xWGZwOJ.exe
  2⤵
  PID:10736
- C:\Windows\System\aYmMpMV.exe
  C:\Windows\System\aYmMpMV.exe
  2⤵
  PID:10756
- C:\Windows\System\xjVMihS.exe
  C:\Windows\System\xjVMihS.exe
  2⤵
  PID:10784
- C:\Windows\System\yKQVXXB.exe
  C:\Windows\System\yKQVXXB.exe
  2⤵
  PID:10824
- C:\Windows\System\rTDhQds.exe
  C:\Windows\System\rTDhQds.exe
  2⤵
  PID:10852
- C:\Windows\System\cWBwjGS.exe
  C:\Windows\System\cWBwjGS.exe
  2⤵
  PID:10880
- C:\Windows\System\DsNqLbX.exe
  C:\Windows\System\DsNqLbX.exe
  2⤵
  PID:10904
- C:\Windows\System\QumoTXh.exe
  C:\Windows\System\QumoTXh.exe
  2⤵
  PID:10944
- C:\Windows\System\wazmSfR.exe
  C:\Windows\System\wazmSfR.exe
  2⤵
  PID:10960
- C:\Windows\System\RzxKTmo.exe
  C:\Windows\System\RzxKTmo.exe
  2⤵
  PID:10992
- C:\Windows\System\TPwttVy.exe
  C:\Windows\System\TPwttVy.exe
  2⤵
  PID:11020
- C:\Windows\System\nXPQFvi.exe
  C:\Windows\System\nXPQFvi.exe
  2⤵
  PID:11048
- C:\Windows\System\yPaGcxI.exe
  C:\Windows\System\yPaGcxI.exe
  2⤵
  PID:11084
- C:\Windows\System\cNlKAaG.exe
  C:\Windows\System\cNlKAaG.exe
  2⤵
  PID:11112
- C:\Windows\System\XzXzkWt.exe
  C:\Windows\System\XzXzkWt.exe
  2⤵
  PID:11140
- C:\Windows\System\QmOHbsP.exe
  C:\Windows\System\QmOHbsP.exe
  2⤵
  PID:11168
- C:\Windows\System\SWNEqqE.exe
  C:\Windows\System\SWNEqqE.exe
  2⤵
  PID:11192
- C:\Windows\System\gJVxsyv.exe
  C:\Windows\System\gJVxsyv.exe
  2⤵
  PID:11212
- C:\Windows\System\RlYOjOf.exe
  C:\Windows\System\RlYOjOf.exe
  2⤵
  PID:11252
- C:\Windows\System\acBucfo.exe
  C:\Windows\System\acBucfo.exe
  2⤵
  PID:10256
- C:\Windows\System\MwOyUAD.exe
  C:\Windows\System\MwOyUAD.exe
  2⤵
  PID:10312
- C:\Windows\System\xDdeuuf.exe
  C:\Windows\System\xDdeuuf.exe
  2⤵
  PID:10380
- C:\Windows\System\YamZkoa.exe
  C:\Windows\System\YamZkoa.exe
  2⤵
  PID:10412
- C:\Windows\System\YesmakV.exe
  C:\Windows\System\YesmakV.exe
  2⤵
  PID:10528
- C:\Windows\System\jBNveEc.exe
  C:\Windows\System\jBNveEc.exe
  2⤵
  PID:10580
- C:\Windows\System\GJLNUHy.exe
  C:\Windows\System\GJLNUHy.exe
  2⤵
  PID:10640
- C:\Windows\System\IzshwCV.exe
  C:\Windows\System\IzshwCV.exe
  2⤵
  PID:10720
- C:\Windows\System\rUfvOAD.exe
  C:\Windows\System\rUfvOAD.exe
  2⤵
  PID:10796
- C:\Windows\System\pmNSkph.exe
  C:\Windows\System\pmNSkph.exe
  2⤵
  PID:10844
- C:\Windows\System\IJvaLrb.exe
  C:\Windows\System\IJvaLrb.exe
  2⤵
  PID:10916
- C:\Windows\System\yQBeAzY.exe
  C:\Windows\System\yQBeAzY.exe
  2⤵
  PID:11000
- C:\Windows\System\qeWaoPN.exe
  C:\Windows\System\qeWaoPN.exe
  2⤵
  PID:11008
- C:\Windows\System\qmxlqiQ.exe
  C:\Windows\System\qmxlqiQ.exe
  2⤵
  PID:11104
- C:\Windows\System\ZdgqEFj.exe
  C:\Windows\System\ZdgqEFj.exe
  2⤵
  PID:11156
- C:\Windows\System\FMIbfqc.exe
  C:\Windows\System\FMIbfqc.exe
  2⤵
  PID:11232
- C:\Windows\System\PDbKWOA.exe
  C:\Windows\System\PDbKWOA.exe
  2⤵
  PID:10284
- C:\Windows\System\KWVBckM.exe
  C:\Windows\System\KWVBckM.exe
  2⤵
  PID:10404
- C:\Windows\System\mHmFNEk.exe
  C:\Windows\System\mHmFNEk.exe
  2⤵
  PID:10672
- C:\Windows\System\djjgsFi.exe
  C:\Windows\System\djjgsFi.exe
  2⤵
  PID:10780
- C:\Windows\System\aJoieYP.exe
  C:\Windows\System\aJoieYP.exe
  2⤵
  PID:10956
- C:\Windows\System\DXpCOwV.exe
  C:\Windows\System\DXpCOwV.exe
  2⤵
  PID:11068
- C:\Windows\System\XRlRDsS.exe
  C:\Windows\System\XRlRDsS.exe
  2⤵
  PID:10244
- C:\Windows\System\vmUmvaH.exe
  C:\Windows\System\vmUmvaH.exe
  2⤵
  PID:10696
- C:\Windows\System\DFYxGfD.exe
  C:\Windows\System\DFYxGfD.exe
  2⤵
  PID:11076
- C:\Windows\System\dAlNqpJ.exe
  C:\Windows\System\dAlNqpJ.exe
  2⤵
  PID:10560
- C:\Windows\System\pIuplOH.exe
  C:\Windows\System\pIuplOH.exe
  2⤵
  PID:10936
- C:\Windows\System\nZYmPIu.exe
  C:\Windows\System\nZYmPIu.exe
  2⤵
  PID:11284
- C:\Windows\System\EyjqhOG.exe
  C:\Windows\System\EyjqhOG.exe
  2⤵
  PID:11312
- C:\Windows\System\AuqPqAJ.exe
  C:\Windows\System\AuqPqAJ.exe
  2⤵
  PID:11340
- C:\Windows\System\OkwbMsr.exe
  C:\Windows\System\OkwbMsr.exe
  2⤵
  PID:11376
- C:\Windows\System\CQUdjzu.exe
  C:\Windows\System\CQUdjzu.exe
  2⤵
  PID:11404
- C:\Windows\System\IHnZyRn.exe
  C:\Windows\System\IHnZyRn.exe
  2⤵
  PID:11436
- C:\Windows\System\hIJQRGb.exe
  C:\Windows\System\hIJQRGb.exe
  2⤵
  PID:11464
- C:\Windows\System\YVBzAyo.exe
  C:\Windows\System\YVBzAyo.exe
  2⤵
  PID:11492
- C:\Windows\System\VsCRrpL.exe
  C:\Windows\System\VsCRrpL.exe
  2⤵
  PID:11520
- C:\Windows\System\BoJtWae.exe
  C:\Windows\System\BoJtWae.exe
  2⤵
  PID:11548
- C:\Windows\System\SIUsYNO.exe
  C:\Windows\System\SIUsYNO.exe
  2⤵
  PID:11568
- C:\Windows\System\VgRCUfk.exe
  C:\Windows\System\VgRCUfk.exe
  2⤵
  PID:11604
- C:\Windows\System\rVzQfXF.exe
  C:\Windows\System\rVzQfXF.exe
  2⤵
  PID:11624
- C:\Windows\System\eJeyVoG.exe
  C:\Windows\System\eJeyVoG.exe
  2⤵
  PID:11652
- C:\Windows\System\YDLiNPx.exe
  C:\Windows\System\YDLiNPx.exe
  2⤵
  PID:11676
- C:\Windows\System\BptNbKc.exe
  C:\Windows\System\BptNbKc.exe
  2⤵
  PID:11704
- C:\Windows\System\iSYuMvp.exe
  C:\Windows\System\iSYuMvp.exe
  2⤵
  PID:11748
- C:\Windows\System\cDVdqUr.exe
  C:\Windows\System\cDVdqUr.exe
  2⤵
  PID:11772
- C:\Windows\System\ROjVphf.exe
  C:\Windows\System\ROjVphf.exe
  2⤵
  PID:11788
- C:\Windows\System\FXULADR.exe
  C:\Windows\System\FXULADR.exe
  2⤵
  PID:11820
- C:\Windows\System\kSqMsTm.exe
  C:\Windows\System\kSqMsTm.exe
  2⤵
  PID:11856
- C:\Windows\System\OTCgcYj.exe
  C:\Windows\System\OTCgcYj.exe
  2⤵
  PID:11884
- C:\Windows\System\hScXUEh.exe
  C:\Windows\System\hScXUEh.exe
  2⤵
  PID:11900
- C:\Windows\System\beTlSun.exe
  C:\Windows\System\beTlSun.exe
  2⤵
  PID:11916
- C:\Windows\System\bQykOKf.exe
  C:\Windows\System\bQykOKf.exe
  2⤵
  PID:11940
- C:\Windows\System\JgEkLvP.exe
  C:\Windows\System\JgEkLvP.exe
  2⤵
  PID:11960
- C:\Windows\System\aLUOXXX.exe
  C:\Windows\System\aLUOXXX.exe
  2⤵
  PID:11988
- C:\Windows\System\XYDWvZU.exe
  C:\Windows\System\XYDWvZU.exe
  2⤵
  PID:12020
- C:\Windows\System\WggbBDk.exe
  C:\Windows\System\WggbBDk.exe
  2⤵
  PID:12048
- C:\Windows\System\DZxaraF.exe
  C:\Windows\System\DZxaraF.exe
  2⤵
  PID:12096
- C:\Windows\System\SJpNoIb.exe
  C:\Windows\System\SJpNoIb.exe
  2⤵
  PID:12136
- C:\Windows\System\YFbTaHk.exe
  C:\Windows\System\YFbTaHk.exe
  2⤵
  PID:12156
- C:\Windows\System\AAufrDG.exe
  C:\Windows\System\AAufrDG.exe
  2⤵
  PID:12192
- C:\Windows\System\lCaesrU.exe
  C:\Windows\System\lCaesrU.exe
  2⤵
  PID:12208
- C:\Windows\System\ymDQPLg.exe
  C:\Windows\System\ymDQPLg.exe
  2⤵
  PID:12236
- C:\Windows\System\rAfVvhg.exe
  C:\Windows\System\rAfVvhg.exe
  2⤵
  PID:12260
- C:\Windows\System\UvmhFKv.exe
  C:\Windows\System\UvmhFKv.exe
  2⤵
  PID:10988
- C:\Windows\System\XPjeRLg.exe
  C:\Windows\System\XPjeRLg.exe
  2⤵
  PID:11296
- C:\Windows\System\IfPpgCk.exe
  C:\Windows\System\IfPpgCk.exe
  2⤵
  PID:11388
- C:\Windows\System\NIXtDyM.exe
  C:\Windows\System\NIXtDyM.exe
  2⤵
  PID:11448
- C:\Windows\System\oxJIxcY.exe
  C:\Windows\System\oxJIxcY.exe
  2⤵
  PID:11504
- C:\Windows\System\HgtnEPO.exe
  C:\Windows\System\HgtnEPO.exe
  2⤵
  PID:11596
- C:\Windows\System\XMSKORz.exe
  C:\Windows\System\XMSKORz.exe
  2⤵
  PID:11660
- C:\Windows\System\zWVhvtG.exe
  C:\Windows\System\zWVhvtG.exe
  2⤵
  PID:11700
- C:\Windows\System\jDtHACw.exe
  C:\Windows\System\jDtHACw.exe
  2⤵
  PID:11800
- C:\Windows\System\cpjsOhA.exe
  C:\Windows\System\cpjsOhA.exe
  2⤵
  PID:11868
- C:\Windows\System\CXvwDGT.exe
  C:\Windows\System\CXvwDGT.exe
  2⤵
  PID:11936
- C:\Windows\System\NxIwHzn.exe
  C:\Windows\System\NxIwHzn.exe
  2⤵
  PID:11952
- C:\Windows\System\wMDecSe.exe
  C:\Windows\System\wMDecSe.exe
  2⤵
  PID:12028
- C:\Windows\System\xgZfMum.exe
  C:\Windows\System\xgZfMum.exe
  2⤵
  PID:12084
- C:\Windows\System\prUvKDo.exe
  C:\Windows\System\prUvKDo.exe
  2⤵
  PID:12180
- C:\Windows\System\GXNZBek.exe
  C:\Windows\System\GXNZBek.exe
  2⤵
  PID:12200
- C:\Windows\System\dGknLtr.exe
  C:\Windows\System\dGknLtr.exe
  2⤵
  PID:12248
- C:\Windows\System\BoUStYf.exe
  C:\Windows\System\BoUStYf.exe
  2⤵
  PID:11332
- C:\Windows\System\jXAicbn.exe
  C:\Windows\System\jXAicbn.exe
  2⤵
  PID:11428
- C:\Windows\System\vctsTCT.exe
  C:\Windows\System\vctsTCT.exe
  2⤵
  PID:11644
- C:\Windows\System\USewPMR.exe
  C:\Windows\System\USewPMR.exe
  2⤵
  PID:11768
- C:\Windows\System\EeNuIgZ.exe
  C:\Windows\System\EeNuIgZ.exe
  2⤵
  PID:11908
- C:\Windows\System\sqlakAb.exe
  C:\Windows\System\sqlakAb.exe
  2⤵
  PID:12056
- C:\Windows\System\IUpnfGw.exe
  C:\Windows\System\IUpnfGw.exe
  2⤵
  PID:12204
- C:\Windows\System\IVsWKuy.exe
  C:\Windows\System\IVsWKuy.exe
  2⤵
  PID:11372
- C:\Windows\System\TCnFNdM.exe
  C:\Windows\System\TCnFNdM.exe
  2⤵
  PID:12000
- C:\Windows\System\NukJZWV.exe
  C:\Windows\System\NukJZWV.exe
  2⤵
  PID:10400
- C:\Windows\System\ZvzOBks.exe
  C:\Windows\System\ZvzOBks.exe
  2⤵
  PID:11668
- C:\Windows\System\JSmncnF.exe
  C:\Windows\System\JSmncnF.exe
  2⤵
  PID:12316
- C:\Windows\System\HTczRzU.exe
  C:\Windows\System\HTczRzU.exe
  2⤵
  PID:12336
- C:\Windows\System\zXFNPHL.exe
  C:\Windows\System\zXFNPHL.exe
  2⤵
  PID:12364
- C:\Windows\System\mErvJIJ.exe
  C:\Windows\System\mErvJIJ.exe
  2⤵
  PID:12392
- C:\Windows\System\VZRUKfm.exe
  C:\Windows\System\VZRUKfm.exe
  2⤵
  PID:12428
- C:\Windows\System\GhlWheQ.exe
  C:\Windows\System\GhlWheQ.exe
  2⤵
  PID:12448
- C:\Windows\System\RSjtdPr.exe
  C:\Windows\System\RSjtdPr.exe
  2⤵
  PID:12472
- C:\Windows\System\brPHIBz.exe
  C:\Windows\System\brPHIBz.exe
  2⤵
  PID:12508
- C:\Windows\System\ZILDwhU.exe
  C:\Windows\System\ZILDwhU.exe
  2⤵
  PID:12544
- C:\Windows\System\sOouxNi.exe
  C:\Windows\System\sOouxNi.exe
  2⤵
  PID:12564
- C:\Windows\System\zyIfqKN.exe
  C:\Windows\System\zyIfqKN.exe
  2⤵
  PID:12584
- C:\Windows\System\hnwwooH.exe
  C:\Windows\System\hnwwooH.exe
  2⤵
  PID:12624
- C:\Windows\System\UStfDMy.exe
  C:\Windows\System\UStfDMy.exe
  2⤵
  PID:12656
- C:\Windows\System\HcDBJrG.exe
  C:\Windows\System\HcDBJrG.exe
  2⤵
  PID:12684
- C:\Windows\System\iJURRGo.exe
  C:\Windows\System\iJURRGo.exe
  2⤵
  PID:12700
- C:\Windows\System\iNwzsGU.exe
  C:\Windows\System\iNwzsGU.exe
  2⤵
  PID:12736
- C:\Windows\System\KiGGvrT.exe
  C:\Windows\System\KiGGvrT.exe
  2⤵
  PID:12756
- C:\Windows\System\GOqnuld.exe
  C:\Windows\System\GOqnuld.exe
  2⤵
  PID:12788
- C:\Windows\System\mlCFUwR.exe
  C:\Windows\System\mlCFUwR.exe
  2⤵
  PID:12812
- C:\Windows\System\LmpCvxu.exe
  C:\Windows\System\LmpCvxu.exe
  2⤵
  PID:12844
- C:\Windows\System\grRPEGk.exe
  C:\Windows\System\grRPEGk.exe
  2⤵
  PID:12880
- C:\Windows\System\qJXopzP.exe
  C:\Windows\System\qJXopzP.exe
  2⤵
  PID:12908
- C:\Windows\System\NBtadNH.exe
  C:\Windows\System\NBtadNH.exe
  2⤵
  PID:12924
- C:\Windows\System\WUrNzzM.exe
  C:\Windows\System\WUrNzzM.exe
  2⤵
  PID:12952
- C:\Windows\System\ZljCtIp.exe
  C:\Windows\System\ZljCtIp.exe
  2⤵
  PID:12976
- C:\Windows\System\QswYdLh.exe
  C:\Windows\System\QswYdLh.exe
  2⤵
  PID:13004
- C:\Windows\System\sFXiJfJ.exe
  C:\Windows\System\sFXiJfJ.exe
  2⤵
  PID:13024
- C:\Windows\System\sacybLZ.exe
  C:\Windows\System\sacybLZ.exe
  2⤵
  PID:13044
- C:\Windows\System\ZfZATFB.exe
  C:\Windows\System\ZfZATFB.exe
  2⤵
  PID:13076
- C:\Windows\System\awOSeQt.exe
  C:\Windows\System\awOSeQt.exe
  2⤵
  PID:13108
- C:\Windows\System\EQLNBqE.exe
  C:\Windows\System\EQLNBqE.exe
  2⤵
  PID:13132
- C:\Windows\System\snanTNV.exe
  C:\Windows\System\snanTNV.exe
  2⤵
  PID:13164
- C:\Windows\System\kOwEObS.exe
  C:\Windows\System\kOwEObS.exe
  2⤵
  PID:13212
- C:\Windows\System\XFgAgiA.exe
  C:\Windows\System\XFgAgiA.exe
  2⤵
  PID:13232
- C:\Windows\System\fYkMXYX.exe
  C:\Windows\System\fYkMXYX.exe
  2⤵
  PID:13264
- C:\Windows\System\cMmJbKf.exe
  C:\Windows\System\cMmJbKf.exe
  2⤵
  PID:13308
- C:\Windows\System\qDKztBT.exe
  C:\Windows\System\qDKztBT.exe
  2⤵
  PID:11276
- C:\Windows\System\mZlrWmO.exe
  C:\Windows\System\mZlrWmO.exe
  2⤵
  PID:12348
- C:\Windows\System\PLjsgqv.exe
  C:\Windows\System\PLjsgqv.exe
  2⤵
  PID:12420
- C:\Windows\System\vrqPbmd.exe
  C:\Windows\System\vrqPbmd.exe
  2⤵
  PID:12492
- C:\Windows\System\AbwxNak.exe
  C:\Windows\System\AbwxNak.exe
  2⤵
  PID:12556
- C:\Windows\System\HSrPIGD.exe
  C:\Windows\System\HSrPIGD.exe
  2⤵
  PID:12576
- C:\Windows\System\cpOxcHq.exe
  C:\Windows\System\cpOxcHq.exe
  2⤵
  PID:12668
- C:\Windows\System\yHqFjJw.exe
  C:\Windows\System\yHqFjJw.exe
  2⤵
  PID:12696
- C:\Windows\System\auzEPaj.exe
  C:\Windows\System\auzEPaj.exe
  2⤵
  PID:12784
- C:\Windows\System\PpeaGnv.exe
  C:\Windows\System\PpeaGnv.exe
  2⤵
  PID:12836
- C:\Windows\System\yNwMOes.exe
  C:\Windows\System\yNwMOes.exe
  2⤵
  PID:12900
- C:\Windows\System\vPGppEL.exe
  C:\Windows\System\vPGppEL.exe
  2⤵
  PID:12992
- C:\Windows\System\qNtSprl.exe
  C:\Windows\System\qNtSprl.exe
  2⤵
  PID:13064
- C:\Windows\System\VIPmXia.exe
  C:\Windows\System\VIPmXia.exe
  2⤵
  PID:13152
- C:\Windows\System\krrgkMk.exe
  C:\Windows\System\krrgkMk.exe
  2⤵
  PID:13124
- C:\Windows\System\cifhCAy.exe
  C:\Windows\System\cifhCAy.exe
  2⤵
  PID:13260
- C:\Windows\System\FGixlXe.exe
  C:\Windows\System\FGixlXe.exe
  2⤵
  PID:12304
- C:\Windows\System\lJhOBpc.exe
  C:\Windows\System\lJhOBpc.exe
  2⤵
  PID:3336
- C:\Windows\System\LEekmjR.exe
  C:\Windows\System\LEekmjR.exe
  2⤵
  PID:2484
- C:\Windows\System\JrhJbkK.exe
  C:\Windows\System\JrhJbkK.exe
  2⤵
  PID:12572
- C:\Windows\System\SJsRnsd.exe
  C:\Windows\System\SJsRnsd.exe
  2⤵
  PID:12720
- C:\Windows\System\TmgFDAX.exe
  C:\Windows\System\TmgFDAX.exe
  2⤵
  PID:12800
- C:\Windows\System\HIeagIB.exe
  C:\Windows\System\HIeagIB.exe
  2⤵
  PID:12988
- C:\Windows\System\cokeoHQ.exe
  C:\Windows\System\cokeoHQ.exe
  2⤵
  PID:13192
- C:\Windows\System\dhixYeh.exe
  C:\Windows\System\dhixYeh.exe
  2⤵
  PID:13280
- C:\Windows\System\dXevYKg.exe
  C:\Windows\System\dXevYKg.exe
  2⤵
  PID:12580
- C:\Windows\System\lFPOwJX.exe
  C:\Windows\System\lFPOwJX.exe
  2⤵
  PID:12744
- C:\Windows\System\uIFuztB.exe
  C:\Windows\System\uIFuztB.exe
  2⤵
  PID:13128
- C:\Windows\System\eglQBUx.exe
  C:\Windows\System\eglQBUx.exe
  2⤵
  PID:12532
- C:\Windows\System\fLniNsu.exe
  C:\Windows\System\fLniNsu.exe
  2⤵
  PID:13288
- C:\Windows\System\qHSuCWs.exe
  C:\Windows\System\qHSuCWs.exe
  2⤵
  PID:13340
- C:\Windows\System\NkNAHCh.exe
  C:\Windows\System\NkNAHCh.exe
  2⤵
  PID:13376
- C:\Windows\System\Ikflsat.exe
  C:\Windows\System\Ikflsat.exe
  2⤵
  PID:13400
- C:\Windows\System\CUrbxWe.exe
  C:\Windows\System\CUrbxWe.exe
  2⤵
  PID:13428
- C:\Windows\System\PbirVCV.exe
  C:\Windows\System\PbirVCV.exe
  2⤵
  PID:13464
- C:\Windows\System\HojzvXW.exe
  C:\Windows\System\HojzvXW.exe
  2⤵
  PID:13480
- C:\Windows\System\IhfSZOX.exe
  C:\Windows\System\IhfSZOX.exe
  2⤵
  PID:13508
- C:\Windows\System\cqFaiYf.exe
  C:\Windows\System\cqFaiYf.exe
  2⤵
  PID:13536
- C:\Windows\System\wmqhVHw.exe
  C:\Windows\System\wmqhVHw.exe
  2⤵
  PID:13552
- C:\Windows\System\wbLPAXM.exe
  C:\Windows\System\wbLPAXM.exe
  2⤵
  PID:13580
- C:\Windows\System\KugeVGr.exe
  C:\Windows\System\KugeVGr.exe
  2⤵
  PID:13604
- C:\Windows\System\pSYNqYE.exe
  C:\Windows\System\pSYNqYE.exe
  2⤵
  PID:13624
- C:\Windows\System\XjmRvaJ.exe
  C:\Windows\System\XjmRvaJ.exe
  2⤵
  PID:13656
- C:\Windows\System\oCFrfrU.exe
  C:\Windows\System\oCFrfrU.exe
  2⤵
  PID:13680
- C:\Windows\System\ofjzTNf.exe
  C:\Windows\System\ofjzTNf.exe
  2⤵
  PID:13708
- C:\Windows\System\oMYMEvP.exe
  C:\Windows\System\oMYMEvP.exe
  2⤵
  PID:13748
- C:\Windows\System\LuLEGfm.exe
  C:\Windows\System\LuLEGfm.exe
  2⤵
  PID:13780
- C:\Windows\System\jNaWDcl.exe
  C:\Windows\System\jNaWDcl.exe
  2⤵
  PID:13816
- C:\Windows\System\UCelYNb.exe
  C:\Windows\System\UCelYNb.exe
  2⤵
  PID:13844
- C:\Windows\System\kWcBXRZ.exe
  C:\Windows\System\kWcBXRZ.exe
  2⤵
  PID:13872
- C:\Windows\System\kddvfJX.exe
  C:\Windows\System\kddvfJX.exe
  2⤵
  PID:13892
- C:\Windows\System\iQYwrjY.exe
  C:\Windows\System\iQYwrjY.exe
  2⤵
  PID:13920
- C:\Windows\System\flnZJQU.exe
  C:\Windows\System\flnZJQU.exe
  2⤵
  PID:13944
- C:\Windows\System\brGbePO.exe
  C:\Windows\System\brGbePO.exe
  2⤵
  PID:13972
- C:\Windows\System\yqrVDLT.exe
  C:\Windows\System\yqrVDLT.exe
  2⤵
  PID:14004
- C:\Windows\System\rzgDVKM.exe
  C:\Windows\System\rzgDVKM.exe
  2⤵
  PID:14040
- C:\Windows\System\wFPRUfh.exe
  C:\Windows\System\wFPRUfh.exe
  2⤵
  PID:14060
- C:\Windows\System\sTnmywX.exe
  C:\Windows\System\sTnmywX.exe
  2⤵
  PID:14084
- C:\Windows\System\cbCLiiC.exe
  C:\Windows\System\cbCLiiC.exe
  2⤵
  PID:14100
- C:\Windows\System\mvIaWOC.exe
  C:\Windows\System\mvIaWOC.exe
  2⤵
  PID:14128
- C:\Windows\System\GjfHJVH.exe
  C:\Windows\System\GjfHJVH.exe
  2⤵
  PID:14148
- C:\Windows\System\JqwhPBr.exe
  C:\Windows\System\JqwhPBr.exe
  2⤵
  PID:14184
- C:\Windows\System\cgmvhRf.exe
  C:\Windows\System\cgmvhRf.exe
  2⤵
  PID:14216
- C:\Windows\System\AUgnrVz.exe
  C:\Windows\System\AUgnrVz.exe
  2⤵
  PID:14236
- C:\Windows\System\OUHgcJK.exe
  C:\Windows\System\OUHgcJK.exe
  2⤵
  PID:14268
- C:\Windows\System\PYDulzw.exe
  C:\Windows\System\PYDulzw.exe
  2⤵
  PID:4416
- C:\Windows\System\FWPJhgX.exe
  C:\Windows\System\FWPJhgX.exe
  2⤵
  PID:13328
- C:\Windows\System\ptzUJTN.exe
  C:\Windows\System\ptzUJTN.exe
  2⤵
  PID:4360
- C:\Windows\System\GOCnffi.exe
  C:\Windows\System\GOCnffi.exe
  2⤵
  PID:13408
- C:\Windows\System\rxrXzRH.exe
  C:\Windows\System\rxrXzRH.exe
  2⤵
  PID:13472
- C:\Windows\System\OwifBot.exe
  C:\Windows\System\OwifBot.exe
  2⤵
  PID:13528
- C:\Windows\System\cxeXvvz.exe
  C:\Windows\System\cxeXvvz.exe
  2⤵
  PID:13616
- C:\Windows\System\qLjVtOx.exe
  C:\Windows\System\qLjVtOx.exe
  2⤵
  PID:816
- C:\Windows\System\NqBpbPz.exe
  C:\Windows\System\NqBpbPz.exe
  2⤵
  PID:13696
- C:\Windows\System\MKNJxjZ.exe
  C:\Windows\System\MKNJxjZ.exe
  2⤵
  PID:13724
- C:\Windows\System\tIqdusG.exe
  C:\Windows\System\tIqdusG.exe
  2⤵
  PID:13836
- C:\Windows\System\aVxQXex.exe
  C:\Windows\System\aVxQXex.exe
  2⤵
  PID:13888
- C:\Windows\System\KGSxdph.exe
  C:\Windows\System\KGSxdph.exe
  2⤵
  PID:13940
- C:\Windows\System\TVFBVRX.exe
  C:\Windows\System\TVFBVRX.exe
  2⤵
  PID:14016
- C:\Windows\System\qhjmxVe.exe
  C:\Windows\System\qhjmxVe.exe
  2⤵
  PID:14092
- C:\Windows\System\yUODhOA.exe
  C:\Windows\System\yUODhOA.exe
  2⤵
  PID:14160
- C:\Windows\System\pzKUVzm.exe
  C:\Windows\System\pzKUVzm.exe
  2⤵
  PID:14276
- C:\Windows\System\dGIDcqo.exe
  C:\Windows\System\dGIDcqo.exe
  2⤵
  PID:14284
- C:\Windows\System\TAgCGzM.exe
  C:\Windows\System\TAgCGzM.exe
  2⤵
  PID:14228
- C:\Windows\System\HHaXsHv.exe
  C:\Windows\System\HHaXsHv.exe
  2⤵
  PID:13332
- C:\Windows\System\aAUgeYU.exe
  C:\Windows\System\aAUgeYU.exe
  2⤵
  PID:13452
- C:\Windows\System\GMqNupD.exe
  C:\Windows\System\GMqNupD.exe
  2⤵
  PID:13588

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AuZCRjL.exe

Filesize
2.2MB

MD5
6b26202284bc3ed5695a5b6c8545fb20

SHA1
4db3fa181594c6262191ef30b19a70feb9ad779d

SHA256
fde6c401bf8d09ffa3ce53e7b6d24ac1557896607ea8b60ca2fb25503f00b3e5

SHA512
a60a1aacb3bdf84ad7d6051bfd356c40b05e59d477443084f96ff5d900f3a894b34f78dcdaa9508030c8b19bf7abde5a18f406547afde28c6710113220280e94

Download Submit
C:\Windows\System\CyHtCfW.exe

Filesize
2.2MB

MD5
8673988603ab392af524f44fe36c2c0e

SHA1
0178ab180e09767a9ba83c26f8b76f98803f5d19

SHA256
4b1e1833c07843ac86d20ff3e7cb5b4115f7d1fbab2547b0e770354e4b2a6b74

SHA512
6934a76c8f81cbcd2235563a7c79a198a16335bf04a927555d3de08533b881e1da9f4549b4d498ec26d5868ccdf7336ba3a7237382c26ec928eca1ed17a1fcbe

Download Submit
C:\Windows\System\EkoqjMR.exe

Filesize
2.2MB

MD5
7842f63691f1521f5ca586aa145de483

SHA1
e99beca211bd4be53ac70ed88321dcac0968f24b

SHA256
c032926366c3e84ac0c1ac7023eb8f871935677a2cb1f6c725a62d4efa98ddaf

SHA512
d04e2290d34a805013c7cd7c3a2bf7b98c9fd0d36363a423fd16ccbad08768447d7e2a0388219804fdc8c0f854eac29feecd04bf264cf207e687cda4f858cb10

Download Submit
C:\Windows\System\ISYiRVf.exe

Filesize
2.2MB

MD5
52973cc0cb232fff5d9fa43036f768a4

SHA1
a9f8d0f8af2e991fea609ba6289e5ab4a1540af9

SHA256
8af53069df0fc51ef1564ddf0226c310c616a34759187766b52cf9fb9723d570

SHA512
2cdb536a4d35f577d64b76dd4c71235680667bec28764cdc0cf6447747bb42e6be38a777eebbfa34aa2f63c4bc9b04b25b5ec69d03fb49c3db0483732f749388

Download Submit
C:\Windows\System\MHANobi.exe

Filesize
2.2MB

MD5
19433371b276d94389b731d2eb4566c2

SHA1
14edbfa41f440593797b01e2a63aa90c6cac9b33

SHA256
a244d9397a54d7b5db548b88c42b023360794ecaca85b1debe5c375d717b17d2

SHA512
96e1acc80c6116b8d82107fc3420bc85b0b53c15d3a6a26c145268eb1fb81b8ba6811e75d3aea1de72860161558419baa3546c1c41048a8392a1ccbb19d3beef

Download Submit
C:\Windows\System\MSHTaFx.exe

Filesize
2.2MB

MD5
bc9c8e32b5c48de9981cfa23dc5ff66d

SHA1
29d6952b9cfa839ca9c877b489e22ce7873eab60

SHA256
d6fb72d376dead0af26807d60ec4f0a5d20bed73de6d4ff82d97575fe819d465

SHA512
62ca0ccff20312e5fdffa6148afde4a21d603b3d4ff513c1a5979972c9999f113cd9d5970a5ce272a43fbc4f2051ff5fe42e9df09314b550196f85f321e21168

Download Submit
C:\Windows\System\QbYBHAJ.exe

Filesize
2.2MB

MD5
c1f5482e73512245e6128449699335d7

SHA1
25e5d8da902f739438c31bd7f50b5d122d8fb6d2

SHA256
7a82e12ee0184e846208acecb71d2539649302a6a1ed6f45e3b49b7580392d94

SHA512
7b7bca4a0976193d470e3cbdb6527361a4216450974b9451098e7f54f61d6fb2aa34b530d603b59af8cfc760562550d35d1fc5c717f32d04b5a83a872e354081

Download Submit
C:\Windows\System\RkfFtEn.exe

Filesize
2.2MB

MD5
f9821d3c906a292280f966682066d49d

SHA1
f271a6f983c81bacc4f7189c7f5f91b79f39d86e

SHA256
58e9dd25131e14cb7b4cc3787996db750b2af22650c51140eece154de35b14c8

SHA512
90fc94b66bf336535313b449c266444628f47faae2e811bc8cb273c826ee45d146cd2d8e17e22fff7d766a2e0e6b5ec5532e42a59fcbb62558b280c2faef0fe1

Download Submit
C:\Windows\System\UzDEAfe.exe

Filesize
2.2MB

MD5
b837a48e935632ae234ed255b8e238a4

SHA1
8fb5a4eefc9d2f1838db911d9b6b1b77d6d37b07

SHA256
1c82d89087e066b105b6318ca9c0560047e29a6a1fbf49b5eb131d7179e0d33f

SHA512
b6b1d17ca2966a01a5e0a1d2893f56a1dab38fdb51ceded33a6b72fab1e52b98412a6cf02c2145d7bb65fdca5ca7fc4cf6725352f7fa42f973f305677bea410e

Download Submit
C:\Windows\System\VkRPECJ.exe

Filesize
2.2MB

MD5
5fda394e85f74318822526af979c3c07

SHA1
5aca2e9afb8753e9061fe576acbea3fd7b3d67c6

SHA256
6ab77b78c02d53d1116ec3aede6386e8bd36f4598cf654aba303c3a9d7e28036

SHA512
83ac8963c8167df172cc5ea88734186834334241edff8c769eee2a20e9ca104c33553ea8de584cd918eba9cc1f886612cfe5e3d639fc8f813798459414b3228f

Download Submit
C:\Windows\System\WFyJmwG.exe

Filesize
2.2MB

MD5
044121b72b0a72ca182d0accda32ac75

SHA1
1e83c41181224a4a5eaf50c513ff8d621d319aa2

SHA256
bf92e166d0bf7d3589f39329633dbe5eddedc6d2997bc3e9db127ad4131a496f

SHA512
5e4f60f6ffbac68e5568c171a941952baf413c362d22807ce4ef5086c48bb2cb28f7b2d972c58c6eb9a610a4515ed1f91d11f327627c59e2c39e551e5c6436a1

Download Submit
C:\Windows\System\WULGuXv.exe

Filesize
2.2MB

MD5
16d9ec61755315d1701fd5736d1403b6

SHA1
efbb7637e275e4e8c6df59b5ed58d65f283e788e

SHA256
6cbc956c1b3c833a3f5c3f43aa23a80b1078f44c188d2177c94a689d175ad788

SHA512
b6050598863daa51487ce1a15a57bc96a4d552904ed712abd89a67092ca1b9439fcf21b55e027e7e99a247d555865b6cb91dad8dbb54203ed0952e5e077746dc

Download Submit
C:\Windows\System\XGQeQXo.exe

Filesize
2.2MB

MD5
6c62ecf46ee52331897e1ba0cd305455

SHA1
023c121e3575cffefe3da144fb23e0be35af3d55

SHA256
e0295d4c3b8179468e3bb48b80d091eba9173e9811c75e3b3ab81ca5940c5074

SHA512
8f023c2c378563e056206f6f3a915facd34bf390c59dcc14830bfc4862f0a95c918b448d90c8e4c683dd0aa01618007dd2d2ffa9a34bf2fa3c4f720e28d8abc6

Download Submit
C:\Windows\System\YUekxrn.exe

Filesize
2.2MB

MD5
28d120c081ffd01c796b9ab25d1787b3

SHA1
bb07f28055790da2de88397e1a88b3d59b03bb01

SHA256
f7f5a49e5fa7faf734cea7457ee35eaf69f9610439c5f804c9f29eb6c235672d

SHA512
6e0db26bbc5797089561e828f45c51aad489bee8b60123c97a32dd46ffe5b114fedc6ea37be2f2558d0c35392b64807cf2ccad641adad027b75ce6539697da0a

Download Submit
C:\Windows\System\aJAUdcn.exe

Filesize
2.2MB

MD5
5e26fc23847e5d05342296d545ecda2d

SHA1
85f03870954e9815ff95cc824f7fc41518d5dc2c

SHA256
2b226b29e9486b59f64a317caa9e05c975cbdbe8d70b79b3ca2ac6a3b3e7808f

SHA512
6018ffe8f2826084ae6093dac7459cd1186c424def60e8df808a67ad116db5d66d139d368002a97cbbdee541c8279af1cb79506096f2673674de3c87e443a58e

Download Submit
C:\Windows\System\cCFjLps.exe

Filesize
2.2MB

MD5
45ec3f42226428a47de6a3f8265fbd1a

SHA1
e58b885881de1fe6f070af85c9c5ac78dfd9b8b7

SHA256
9ea29be618c24a31b990c445d74e58c8fea17efd6e9b56525bcb88751d628615

SHA512
542e351b95fb190a605c67b6074516098ae921fe1a64d75d06cf0a61c1bf1ee3350391bea1fe89c39694cfa943c706f91087d5fc81e2d9e5575dae197b45e514

Download Submit
C:\Windows\System\dRezSkA.exe

Filesize
2.2MB

MD5
c6ef38926a3a1685acc60bcd03b6450c

SHA1
9816950551406d3d576c018a3f60d6f87fd0ab44

SHA256
edb613ac9e9f62949aefcd93b95d5cbce5044e6ac785d70fb8fdddd79b557e02

SHA512
492817e542ab7fbe261ee2f0716731123c59916aa33ae64528caffbded1742ec0fcf182cf36dca333313cb4d9d64800639af4a6b47bf06d54b149f000c607f9d

Download Submit
C:\Windows\System\eKmhzZO.exe

Filesize
2.2MB

MD5
e9a3d9c545fc35e2603e28953fd2908b

SHA1
5e5cf2e0be9e6c8ebc51ad60a71ca4b5f09eda43

SHA256
4df3008414a52c72821428062d083b4c661e86b9c0f1d618e2fad95169ac1d26

SHA512
28d3bfb4c54fe48dc6c5af0a8c47651f54c0bcde995d9905971a03f121289d9fdf6198e37f01ef7965d3d9e68432ef4cd2dd9485fe720151ce68f878acf02148

Download Submit
C:\Windows\System\eZuqUpv.exe

Filesize
2.2MB

MD5
5abc67bcc8ed196e33d8bce26aeb7ec3

SHA1
8622ec9bcd25c2d20de5122c713266f87b3ac457

SHA256
65387d5e9a73049fddeea02153d58c4942dc19534740d741a7b1538878ff16b1

SHA512
e5d1a0b4224c178acc5cd95b3b8f68cfc8fac4a6f039f79b998c2fade81e8c416ec85c80c28fd48d82d759d082e36428c423455e6d05bd0d0f8f23fb0201bccd

Download Submit
C:\Windows\System\embBrKD.exe

Filesize
2.2MB

MD5
a0fee7b87cd3047e82fbf95f6418a364

SHA1
daae66236f933cf2551de1f26283d9ecaef959af

SHA256
fd6f4adf1c51e6a4b85bf32eb1fa7e623c8d56b5b6f7e18309b3b08aecc0a96c

SHA512
6f8ce2815de3c704da36576311964ed9573489ab2e39c29e201d0acadcfe573551b9d94c153821e7b6c91d8fd760ac17eeaf1aa99d83f5a9db071add05698ebe

Download Submit
C:\Windows\System\ffoTcTO.exe

Filesize
2.2MB

MD5
9184be09f403885317752f28783cc4ac

SHA1
a09e3ccc593320a50af234b60c8143c14b2b1988

SHA256
ca461d5489e9e7045f0c6cbbf3595fceacf7f67f8decf24089df27010c8bb712

SHA512
4b6ca6e7117f2823b20d1656d950d8241c33149eb9154813e2cd6d819ccc5442467f487aeffe406d680e483864af42b178657d8311b0c01a82a52cc578a9bcc0

Download Submit
C:\Windows\System\fzuCavt.exe

Filesize
2.2MB

MD5
c912f7bddd2ee698276359f6a09f9221

SHA1
1f17c3051b8caad53d2934786722e57d2140a952

SHA256
2172f488a48fa2930f9937728eae84c5e662c5a821f4b4888cdf32b8d52eaba8

SHA512
0394b4c448ab7d602502add60ef386c4ae5d8a36ef278b309cc9a8b457877f2407b28825a1a22c8e1dd0c56bbb07048b0d8517409dfab2ab4a3784eaf16be352

Download Submit
C:\Windows\System\gskpEUw.exe

Filesize
2.2MB

MD5
3a8c7170b3d8c40702b790204ca9e14f

SHA1
47873a1e76152d1fa8f093ace2481cbaa1acb7dd

SHA256
f9a0e550e464d546504ae761357f9f147b5ac3fd11927c848346aa2d2f44e882

SHA512
11f0491b1049c486e3f22d1ef4751f815de1323dfb490cbf96a47c6eab186935014bd14e140dd42f5a6b342c3f7e165a1bfd2858c885829d2b8175d1de1bba3a

Download Submit
C:\Windows\System\iuhgBpw.exe

Filesize
2.2MB

MD5
924c72f85026fd2ca18d84554d282018

SHA1
2e4c9c955414f97b18c4e03a80d3a0c6a8aef2ac

SHA256
a40f4dbddcd2f4e51ae774626a986d5c495a0ad87771309e811c148eeb32c100

SHA512
0363a0f2b93df1ef86b7577e4dfd295915dfc2b4a372570b9e4910267f96066fc2918b0036611799cd2bae2440817cb4f8a3503fa056bd6d703b06a87eddba2d

Download Submit
C:\Windows\System\lQCIaTh.exe

Filesize
2.2MB

MD5
6d739ce912d5de4ccc0c07fb5ad5d0c9

SHA1
248c60bd6f5c0cc5dfc1bea756185e0a4f3b9ca0

SHA256
764c69ec15918595a97aea3be8d330dab033a7bc0c145e6d995fed5eae42e3db

SHA512
a4985b3c020068d62446eaa92e4f7bd1afc5abd8331dd74a9febbfc6a703e7e404240d5eebaaf0b8726285a861549e2a1af38889b70eadeede71158f1bcd678c

Download Submit
C:\Windows\System\lTbDBbs.exe

Filesize
2.2MB

MD5
60c9720431e5b5679534c73718cf3440

SHA1
8333d8e23ad02f3d100509615f73a4e60a911db2

SHA256
4ca1cc6f4283f0fe7fd316d0b21f394539582a2d618f9ccd5b8b3a74cb87e030

SHA512
0621cbcbe5d28fd3a3d29807fd7a4a870b00f5b4c59e72b77a123a7bb3ef321db3390b6ea096a0cb6734b51c3588929159f3e24dad0f69263952fb8cbae32b43

Download Submit
C:\Windows\System\ozTZoGR.exe

Filesize
2.2MB

MD5
f21af914d221fb17bc09b5305fdfb982

SHA1
75a8d5bad7d3d51b995d547bf56d839b5a3240c8

SHA256
9249945849dd42d29747bad5cc01bdcfaec76d948416eafa7de0a236b0839ee0

SHA512
f41bf2b58ad449b9a07375abe71d93c8ebdaa8f7a7af9c41d76e202f7f84984ba955a090ebd37065605ca8329278c93bd11cf8a5cc68e7ae20e83a4f0260381b

Download Submit
C:\Windows\System\qnJMxWQ.exe

Filesize
2.2MB

MD5
e1fd44369452cc122dddea178af3a320

SHA1
91a94cf4e060d095619e6bbd7d3d6a9af38adcf6

SHA256
a9475e0e5336f071d643b54aacef252d1db6b1efc90123ac8801f7367a7ec7a2

SHA512
321866fcfbda8d3c22d283d630f240353f9301286e6a8f5a36f860bd8fe3969e81205fb14a0cdd82c9031fcfa9fc93501f06d85ba7af5db8abb80901265bec56

Download Submit
C:\Windows\System\rVoUOEx.exe

Filesize
2.2MB

MD5
0f7200af60e7469e377492c370826e26

SHA1
4db73fe638a662e372b15e81cdeaa93eda19f191

SHA256
c8916010315f06d3a178dc3d9579a33a4df8fbc5c71da31d12da7bfb1e7b399b

SHA512
c19849e79170ba60acdac21ece616f64077f027cfa71384b82728149f4d1c8d36542d26cc0b209e00642cfc6938bdc2339a1788ce00bc838d74e90808bea0b7e

Download Submit
C:\Windows\System\rrIvZxC.exe

Filesize
2.2MB

MD5
5cba3c7eda4d8d578f7201894f003126

SHA1
b54d69141cee784e71f7c16cfad46e78894fff03

SHA256
7f7a4de8ac0765103719c4ae0c3efdd4034e461fd1527707ed5b02938fdcc222

SHA512
5e381fb5329692660141d24861ed6021810d94e174b4d33f4a34a0a09f245bb28ad53bd6b4bfd28397a3b172d05c5ce918a54b25d58a0b11f7625bd8ef6a73a7

Download Submit
C:\Windows\System\tCOauep.exe

Filesize
2.2MB

MD5
76702c7387942d9e71f62b4cd9311980

SHA1
630dbadfc4f89ae768bb3e22b42b42cfaf7eb038

SHA256
e0a8c956f169c9e72e952594d85564c397edb662932544cd909368ae5c8b0225

SHA512
382b816de4d9696d22bbce42245734a829029f605ab28fd237b7d7f410f5b50856f100a471abba59b115ca4da7cd5277ed93ef52d7bee3881fa7611d323dadf9

Download Submit
C:\Windows\System\tEFAXUI.exe

Filesize
2.2MB

MD5
7ebaa98611ae6db7870340d725130418

SHA1
1e9aa336638d2b95461a17488dc2ccc70aec0857

SHA256
1ce6b88e7c201c182c3dc3f042ee107d20e61fd761273a6ef0308183051330f9

SHA512
dbaab8eb2ad330cf83e1050c5657c782fc06d7a553fd66f14e76d7ca6a8b4db3fd946d94dcd45f61c7b8cf8a9d2ec1c090e41d4f596ffef7b049ad294016187d

Download Submit
C:\Windows\System\tyafZXQ.exe

Filesize
2.2MB

MD5
d4a478b494dbbd7ac6ef83a080573c71

SHA1
ac8d0b814d6ffc246a80ca54d26e27888dc5085b

SHA256
c24a47a7f56a736a4c00fe7203eb0e9e2349a54ffc6bcdb1272ce5b2c70b6845

SHA512
611147279d53ed56ba5bdf5fd54350a4b236163e5dc47eea72c82b76053b7b91bab3aa2e6e51ad9709bfa2cee7fee034293a6e1b29d856781d5a261bb9d84505

Download Submit
C:\Windows\System\utdvUFB.exe

Filesize
2.2MB

MD5
6b02fa341030d09848a8bd9c38d87d31

SHA1
7d11b577ddc5bda9ff0af43ec0f874d905270161

SHA256
131099b8c3476c0d74df8e0d84041406c93c674873f263237777fb5d4c992dbc

SHA512
cc3a43733ded18e7e9a9a9fd6532dfc13ee3bf5efd60838d573914ed820e6415b87a9b5d6d7caa42cd14560848d902a2e6c9b0a76cc31c54da2efb4192c5dba6

Download Submit
C:\Windows\System\xMtaNdh.exe

Filesize
2.2MB

MD5
721c0bddeff72914345594c8c43e7f4b

SHA1
2fb46d9371ee97fcb495de6d3f389b067b1e773e

SHA256
9e416cb07f33ef0a74f9c7a329e2e43684bd6aad3bfe4b176a4b93b72a0d73c5

SHA512
e49477c891295334efabd09f2c7f092e52cad95fd1c9e442d7dd76c50f3e09b7519e000c89bf85dc6959a38a5fe567da560adbf501e60407b138852c764c23fd

Download Submit
C:\Windows\System\zBUeyaZ.exe

Filesize
2.2MB

MD5
183b1fc2802f14590b06a6f1f037303a

SHA1
c7d2801e8f611535d3848603cb54aa86c99b14d2

SHA256
acc7b709be5ba3fe8573bd2b82939be46325a0cf03ceb4aab2f0ca4d0430307c

SHA512
c82c3ca524973c6de4cfc49e8b7f2eb1bb752eb56a895cf52306c221412e157544bea402a1fd03481bcb815a273ccc9b9c78b5ccf0e4383a23c6a5fdaaa4766a

Download Submit
C:\Windows\System\zSlEHge.exe

Filesize
2.2MB

MD5
5066a5acaf8f99b0252654474645f36c

SHA1
b127cf470b3f20ff713f155e4ce26b8b1805c3a0

SHA256
5a539c5a39aec09abfd7f57211e5d0cc42f0a9a4357621a0acef7f7eb21b1f3d

SHA512
f0b5a4134878201043bcbeb6767a5940e4fe632d1f1dc9121f10ec8ccb810d8d30d4db7bd37d6b145d3774b874eb279f1cc097995d9b1296323bcae138d98705

Download Submit
C:\Windows\System\zpktFfK.exe

Filesize
2.2MB

MD5
14ccc2f8fe49382ff8ebcff6a457d3e3

SHA1
ae7fd5bd334583b82b835c47af8dbc4be94a39f6

SHA256
b9e3f1deee8f1a70e2ddd9ed0552911246b9399babbadb6bc0558f56663c1b58

SHA512
efcf0e9f22968e6f69b2bfecd5750e48aaf7bcb19b2e368de5f502a3cb031f6022af2ce4ca0995fcadbc30f155c3be09c72f964fdfc4d6b3562914ba4cd70ca6

Download Submit
memory/432-2179-0x00007FF6F9DF0000-0x00007FF6FA144000-memory.dmp

Filesize
3.3MB

Download
memory/432-208-0x00007FF6F9DF0000-0x00007FF6FA144000-memory.dmp

Filesize
3.3MB

Download
memory/432-2154-0x00007FF6F9DF0000-0x00007FF6FA144000-memory.dmp

Filesize
3.3MB

Download
memory/436-2163-0x00007FF6C80F0000-0x00007FF6C8444000-memory.dmp

Filesize
3.3MB

Download
memory/436-2147-0x00007FF6C80F0000-0x00007FF6C8444000-memory.dmp

Filesize
3.3MB

Download
memory/436-40-0x00007FF6C80F0000-0x00007FF6C8444000-memory.dmp

Filesize
3.3MB

Download
memory/796-2164-0x00007FF7C4500000-0x00007FF7C4854000-memory.dmp

Filesize
3.3MB

Download
memory/796-203-0x00007FF7C4500000-0x00007FF7C4854000-memory.dmp

Filesize
3.3MB

Download
memory/880-2150-0x00007FF7ED790000-0x00007FF7EDAE4000-memory.dmp

Filesize
3.3MB

Download
memory/880-198-0x00007FF7ED790000-0x00007FF7EDAE4000-memory.dmp

Filesize
3.3MB

Download
memory/880-2178-0x00007FF7ED790000-0x00007FF7EDAE4000-memory.dmp

Filesize
3.3MB

Download
memory/980-2174-0x00007FF743830000-0x00007FF743B84000-memory.dmp

Filesize
3.3MB

Download
memory/980-194-0x00007FF743830000-0x00007FF743B84000-memory.dmp

Filesize
3.3MB

Download
memory/1112-2182-0x00007FF71F440000-0x00007FF71F794000-memory.dmp

Filesize
3.3MB

Download
memory/1112-2151-0x00007FF71F440000-0x00007FF71F794000-memory.dmp

Filesize
3.3MB

Download
memory/1112-200-0x00007FF71F440000-0x00007FF71F794000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2152-0x00007FF692830000-0x00007FF692B84000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2180-0x00007FF692830000-0x00007FF692B84000-memory.dmp

Filesize
3.3MB

Download
memory/1272-201-0x00007FF692830000-0x00007FF692B84000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2175-0x00007FF7509E0000-0x00007FF750D34000-memory.dmp

Filesize
3.3MB

Download
memory/1528-197-0x00007FF7509E0000-0x00007FF750D34000-memory.dmp

Filesize
3.3MB

Download
memory/1552-199-0x00007FF6CA380000-0x00007FF6CA6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2177-0x00007FF6CA380000-0x00007FF6CA6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-102-0x00007FF70E080000-0x00007FF70E3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2168-0x00007FF70E080000-0x00007FF70E3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-181-0x00007FF7ABF90000-0x00007FF7AC2E4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2169-0x00007FF7ABF90000-0x00007FF7AC2E4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-2166-0x00007FF695D50000-0x00007FF6960A4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-84-0x00007FF695D50000-0x00007FF6960A4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-205-0x00007FF60BC80000-0x00007FF60BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2162-0x00007FF60BC80000-0x00007FF60BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-44-0x00007FF7C1EC0000-0x00007FF7C2214000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2161-0x00007FF7C1EC0000-0x00007FF7C2214000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2148-0x00007FF7C1EC0000-0x00007FF7C2214000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2156-0x00007FF7EC970000-0x00007FF7ECCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-11-0x00007FF7EC970000-0x00007FF7ECCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1-0x0000023AC3BD0000-0x0000023AC3BE0000-memory.dmp

Filesize
64KB

Download
memory/2524-2145-0x00007FF616380000-0x00007FF6166D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-0-0x00007FF616380000-0x00007FF6166D4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-196-0x00007FF720730000-0x00007FF720A84000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2149-0x00007FF720730000-0x00007FF720A84000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2181-0x00007FF720730000-0x00007FF720A84000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2159-0x00007FF6B11D0000-0x00007FF6B1524000-memory.dmp

Filesize
3.3MB

Download
memory/2920-56-0x00007FF6B11D0000-0x00007FF6B1524000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2167-0x00007FF692F30000-0x00007FF693284000-memory.dmp

Filesize
3.3MB

Download
memory/2992-116-0x00007FF692F30000-0x00007FF693284000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2183-0x00007FF6FCB20000-0x00007FF6FCE74000-memory.dmp

Filesize
3.3MB

Download
memory/3268-202-0x00007FF6FCB20000-0x00007FF6FCE74000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2153-0x00007FF6FCB20000-0x00007FF6FCE74000-memory.dmp

Filesize
3.3MB

Download
memory/3608-2173-0x00007FF6A0650000-0x00007FF6A09A4000-memory.dmp

Filesize
3.3MB

Download
memory/3608-207-0x00007FF6A0650000-0x00007FF6A09A4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2170-0x00007FF7CA890000-0x00007FF7CABE4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-206-0x00007FF7CA890000-0x00007FF7CABE4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-63-0x00007FF675E80000-0x00007FF6761D4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2158-0x00007FF675E80000-0x00007FF6761D4000-memory.dmp

Filesize
3.3MB

Download
memory/4352-2160-0x00007FF6BC9F0000-0x00007FF6BCD44000-memory.dmp

Filesize
3.3MB

Download
memory/4352-125-0x00007FF6BC9F0000-0x00007FF6BCD44000-memory.dmp

Filesize
3.3MB

Download
memory/4368-21-0x00007FF767400000-0x00007FF767754000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2155-0x00007FF767400000-0x00007FF767754000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2165-0x00007FF6E7200000-0x00007FF6E7554000-memory.dmp

Filesize
3.3MB

Download
memory/4532-204-0x00007FF6E7200000-0x00007FF6E7554000-memory.dmp

Filesize
3.3MB

Download
memory/4784-195-0x00007FF68A300000-0x00007FF68A654000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2176-0x00007FF68A300000-0x00007FF68A654000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2146-0x00007FF6A03B0000-0x00007FF6A0704000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2157-0x00007FF6A03B0000-0x00007FF6A0704000-memory.dmp

Filesize
3.3MB

Download
memory/4868-30-0x00007FF6A03B0000-0x00007FF6A0704000-memory.dmp

Filesize
3.3MB

Download
memory/4944-150-0x00007FF7A6C90000-0x00007FF7A6FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2171-0x00007FF7A6C90000-0x00007FF7A6FE4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-178-0x00007FF72C100000-0x00007FF72C454000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2172-0x00007FF72C100000-0x00007FF72C454000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads