xmrig | 49ae76ebb0cc82d67f0c0d8ab96d38897eefa2a5ac8252058253049c4f9d35e3

Analysis

max time kernel
115s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
Size

1.8MB
MD5

97a2a86583041e230def6a56c2969a30
SHA1

de2b6aa98ad86e198ea024b3bc62e68279dbc182
SHA256

49ae76ebb0cc82d67f0c0d8ab96d38897eefa2a5ac8252058253049c4f9d35e3
SHA512

276e45babb734f4b5c029107a3acd0328f61a3f19f2f6a777464edef4ce4af5361baec287b3ceca85bbecafc4650f0221ab4dd9f364c2220f3cf01789ab42d0b
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727XL1+KwesnL4q9XKBp5rxXUj/cy8Mo26ZpOSZCokFf:ROdWCCi7/rahHxYUq9XKBJXsToyVrSY

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1528-36-0x00007FF61A550000-0x00007FF61A8A1000-memory.dmp	xmrig
behavioral2/memory/3964-133-0x00007FF7E4090000-0x00007FF7E43E1000-memory.dmp	xmrig
behavioral2/memory/1780-135-0x00007FF640780000-0x00007FF640AD1000-memory.dmp	xmrig
behavioral2/memory/4796-132-0x00007FF608DF0000-0x00007FF609141000-memory.dmp	xmrig
behavioral2/memory/2088-129-0x00007FF686890000-0x00007FF686BE1000-memory.dmp	xmrig
behavioral2/memory/3140-128-0x00007FF6D0030000-0x00007FF6D0381000-memory.dmp	xmrig
behavioral2/memory/4872-118-0x00007FF7FF4C0000-0x00007FF7FF811000-memory.dmp	xmrig
behavioral2/memory/2288-112-0x00007FF77DE90000-0x00007FF77E1E1000-memory.dmp	xmrig
behavioral2/memory/3152-59-0x00007FF66BD60000-0x00007FF66C0B1000-memory.dmp	xmrig
behavioral2/memory/4524-41-0x00007FF7C8FE0000-0x00007FF7C9331000-memory.dmp	xmrig
behavioral2/memory/2188-148-0x00007FF7A2800000-0x00007FF7A2B51000-memory.dmp	xmrig
behavioral2/memory/3076-196-0x00007FF742FA0000-0x00007FF7432F1000-memory.dmp	xmrig
behavioral2/memory/2064-185-0x00007FF713EE0000-0x00007FF714231000-memory.dmp	xmrig
behavioral2/memory/880-170-0x00007FF75EA60000-0x00007FF75EDB1000-memory.dmp	xmrig
behavioral2/memory/4884-164-0x00007FF789A90000-0x00007FF789DE1000-memory.dmp	xmrig
behavioral2/memory/2888-155-0x00007FF7FFA80000-0x00007FF7FFDD1000-memory.dmp	xmrig
behavioral2/memory/4896-1417-0x00007FF62E6C0000-0x00007FF62EA11000-memory.dmp	xmrig
behavioral2/memory/4524-2139-0x00007FF7C8FE0000-0x00007FF7C9331000-memory.dmp	xmrig
behavioral2/memory/1476-2270-0x00007FF75C060000-0x00007FF75C3B1000-memory.dmp	xmrig
behavioral2/memory/2652-2271-0x00007FF77AC40000-0x00007FF77AF91000-memory.dmp	xmrig
behavioral2/memory/1652-2273-0x00007FF767360000-0x00007FF7676B1000-memory.dmp	xmrig
behavioral2/memory/4636-2272-0x00007FF786810000-0x00007FF786B61000-memory.dmp	xmrig
behavioral2/memory/1932-2281-0x00007FF719CB0000-0x00007FF71A001000-memory.dmp	xmrig
behavioral2/memory/2072-2282-0x00007FF6CEC20000-0x00007FF6CEF71000-memory.dmp	xmrig
behavioral2/memory/1920-2284-0x00007FF7F3F60000-0x00007FF7F42B1000-memory.dmp	xmrig
behavioral2/memory/4068-2309-0x00007FF6190F0000-0x00007FF619441000-memory.dmp	xmrig
behavioral2/memory/1756-2310-0x00007FF7D9810000-0x00007FF7D9B61000-memory.dmp	xmrig
behavioral2/memory/2928-2318-0x00007FF71CF80000-0x00007FF71D2D1000-memory.dmp	xmrig
behavioral2/memory/1732-2319-0x00007FF788750000-0x00007FF788AA1000-memory.dmp	xmrig
behavioral2/memory/3424-2323-0x00007FF6BC5C0000-0x00007FF6BC911000-memory.dmp	xmrig
behavioral2/memory/4884-2328-0x00007FF789A90000-0x00007FF789DE1000-memory.dmp	xmrig
behavioral2/memory/880-2330-0x00007FF75EA60000-0x00007FF75EDB1000-memory.dmp	xmrig
behavioral2/memory/4896-2332-0x00007FF62E6C0000-0x00007FF62EA11000-memory.dmp	xmrig
behavioral2/memory/1528-2336-0x00007FF61A550000-0x00007FF61A8A1000-memory.dmp	xmrig
behavioral2/memory/3076-2334-0x00007FF742FA0000-0x00007FF7432F1000-memory.dmp	xmrig
behavioral2/memory/4524-2338-0x00007FF7C8FE0000-0x00007FF7C9331000-memory.dmp	xmrig
behavioral2/memory/3152-2340-0x00007FF66BD60000-0x00007FF66C0B1000-memory.dmp	xmrig
behavioral2/memory/2288-2342-0x00007FF77DE90000-0x00007FF77E1E1000-memory.dmp	xmrig
behavioral2/memory/4872-2344-0x00007FF7FF4C0000-0x00007FF7FF811000-memory.dmp	xmrig
behavioral2/memory/2652-2350-0x00007FF77AC40000-0x00007FF77AF91000-memory.dmp	xmrig
behavioral2/memory/1372-2354-0x00007FF6C50A0000-0x00007FF6C53F1000-memory.dmp	xmrig
behavioral2/memory/3964-2356-0x00007FF7E4090000-0x00007FF7E43E1000-memory.dmp	xmrig
behavioral2/memory/4796-2360-0x00007FF608DF0000-0x00007FF609141000-memory.dmp	xmrig
behavioral2/memory/1932-2366-0x00007FF719CB0000-0x00007FF71A001000-memory.dmp	xmrig
behavioral2/memory/2072-2368-0x00007FF6CEC20000-0x00007FF6CEF71000-memory.dmp	xmrig
behavioral2/memory/1652-2365-0x00007FF767360000-0x00007FF7676B1000-memory.dmp	xmrig
behavioral2/memory/1780-2362-0x00007FF640780000-0x00007FF640AD1000-memory.dmp	xmrig
behavioral2/memory/3140-2359-0x00007FF6D0030000-0x00007FF6D0381000-memory.dmp	xmrig
behavioral2/memory/4636-2348-0x00007FF786810000-0x00007FF786B61000-memory.dmp	xmrig
behavioral2/memory/2088-2346-0x00007FF686890000-0x00007FF686BE1000-memory.dmp	xmrig
behavioral2/memory/1476-2352-0x00007FF75C060000-0x00007FF75C3B1000-memory.dmp	xmrig
behavioral2/memory/1920-2370-0x00007FF7F3F60000-0x00007FF7F42B1000-memory.dmp	xmrig
behavioral2/memory/4068-2372-0x00007FF6190F0000-0x00007FF619441000-memory.dmp	xmrig
behavioral2/memory/2888-2429-0x00007FF7FFA80000-0x00007FF7FFDD1000-memory.dmp	xmrig
behavioral2/memory/2928-2431-0x00007FF71CF80000-0x00007FF71D2D1000-memory.dmp	xmrig
behavioral2/memory/1756-2433-0x00007FF7D9810000-0x00007FF7D9B61000-memory.dmp	xmrig
behavioral2/memory/1732-2435-0x00007FF788750000-0x00007FF788AA1000-memory.dmp	xmrig
behavioral2/memory/2064-2437-0x00007FF713EE0000-0x00007FF714231000-memory.dmp	xmrig
behavioral2/memory/3424-2439-0x00007FF6BC5C0000-0x00007FF6BC911000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4884	YMJkYjI.exe
880	VrmGtIl.exe
3076	dtRXUsn.exe
4896	qUEfOKx.exe
1528	PFzRGof.exe
4524	ZYoThNc.exe
3152	PCjoRlP.exe
2288	UYXnRuo.exe
1372	OHqnESF.exe
1476	dPtITLC.exe
2652	deAeobZ.exe
4872	nxkIoMl.exe
3140	fxIvIey.exe
1932	TdEkXlp.exe
2088	AAErqVU.exe
4636	RMsfDqm.exe
4796	tBCnLAx.exe
2072	GjpnUXr.exe
1652	LJUFBPs.exe
3964	dIlEitz.exe
1780	cAuXYNP.exe
4068	daRJhxS.exe
1920	YIUTWJt.exe
2888	JlNdGun.exe
2928	OklcgWD.exe
1756	kyiNkLU.exe
3424	xCQimNe.exe
2064	KvLgvDX.exe
1732	IUqPqaV.exe
1872	vofQHxt.exe
3904	SulzAlb.exe
4244	xcHHmZW.exe
3484	ducgivl.exe
4392	VErFcIB.exe
4804	wZOghXl.exe
636	asmbPcv.exe
3456	VZxVTTV.exe
1868	bbuUhmz.exe
3476	KeXGLXM.exe
3508	HkUqbMX.exe
4652	gMfQdLA.exe
1064	RyEsDaM.exe
3792	DQyQqyo.exe
3032	iPmpQsr.exe
1068	kCMueDy.exe
1544	KyCHgCc.exe
3552	dkIMdua.exe
3532	wbukcVz.exe
4060	bQxMIzb.exe
924	HLTIuSf.exe
2612	algmrfc.exe
4968	mpIfkKz.exe
3744	znHBLeH.exe
544	cRPwaBC.exe
3752	pByPKjS.exe
912	cEwvdSr.exe
632	XXvtFdp.exe
4428	BbUCVLD.exe
1640	TGYJFaK.exe
2120	moJMkkD.exe
2884	phfytCd.exe
4656	ARDcbCh.exe
864	PjQNQxv.exe
3688	aGtyQBs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2188-0-0x00007FF7A2800000-0x00007FF7A2B51000-memory.dmp	upx
behavioral2/files/0x000800000002340e-5.dat	upx
behavioral2/memory/4884-7-0x00007FF789A90000-0x00007FF789DE1000-memory.dmp	upx
behavioral2/files/0x0008000000023411-11.dat	upx
behavioral2/files/0x0007000000023413-20.dat	upx
behavioral2/files/0x0007000000023412-24.dat	upx
behavioral2/files/0x0007000000023414-30.dat	upx
behavioral2/memory/3076-21-0x00007FF742FA0000-0x00007FF7432F1000-memory.dmp	upx
behavioral2/memory/4896-22-0x00007FF62E6C0000-0x00007FF62EA11000-memory.dmp	upx
behavioral2/memory/880-16-0x00007FF75EA60000-0x00007FF75EDB1000-memory.dmp	upx
behavioral2/files/0x0007000000023415-34.dat	upx
behavioral2/memory/1528-36-0x00007FF61A550000-0x00007FF61A8A1000-memory.dmp	upx
behavioral2/files/0x0007000000023418-77.dat	upx
behavioral2/files/0x000700000002341f-96.dat	upx
behavioral2/files/0x0007000000023420-97.dat	upx
behavioral2/files/0x0007000000023422-105.dat	upx
behavioral2/files/0x0007000000023423-114.dat	upx
behavioral2/memory/3964-133-0x00007FF7E4090000-0x00007FF7E43E1000-memory.dmp	upx
behavioral2/files/0x0007000000023425-139.dat	upx
behavioral2/files/0x0007000000023424-137.dat	upx
behavioral2/memory/4068-136-0x00007FF6190F0000-0x00007FF619441000-memory.dmp	upx
behavioral2/memory/1780-135-0x00007FF640780000-0x00007FF640AD1000-memory.dmp	upx
behavioral2/memory/1920-134-0x00007FF7F3F60000-0x00007FF7F42B1000-memory.dmp	upx
behavioral2/memory/4796-132-0x00007FF608DF0000-0x00007FF609141000-memory.dmp	upx
behavioral2/memory/2088-129-0x00007FF686890000-0x00007FF686BE1000-memory.dmp	upx
behavioral2/memory/3140-128-0x00007FF6D0030000-0x00007FF6D0381000-memory.dmp	upx
behavioral2/files/0x0007000000023421-121.dat	upx
behavioral2/memory/4872-118-0x00007FF7FF4C0000-0x00007FF7FF811000-memory.dmp	upx
behavioral2/memory/2288-112-0x00007FF77DE90000-0x00007FF77E1E1000-memory.dmp	upx
behavioral2/memory/1652-111-0x00007FF767360000-0x00007FF7676B1000-memory.dmp	upx
behavioral2/files/0x000700000002341c-110.dat	upx
behavioral2/memory/2072-103-0x00007FF6CEC20000-0x00007FF6CEF71000-memory.dmp	upx
behavioral2/memory/4636-102-0x00007FF786810000-0x00007FF786B61000-memory.dmp	upx
behavioral2/files/0x000700000002341b-99.dat	upx
behavioral2/files/0x000700000002341e-100.dat	upx
behavioral2/memory/1932-93-0x00007FF719CB0000-0x00007FF71A001000-memory.dmp	upx
behavioral2/files/0x0007000000023417-89.dat	upx
behavioral2/files/0x0007000000023419-85.dat	upx
behavioral2/files/0x000700000002341d-81.dat	upx
behavioral2/memory/2652-76-0x00007FF77AC40000-0x00007FF77AF91000-memory.dmp	upx
behavioral2/memory/1476-73-0x00007FF75C060000-0x00007FF75C3B1000-memory.dmp	upx
behavioral2/memory/1372-66-0x00007FF6C50A0000-0x00007FF6C53F1000-memory.dmp	upx
behavioral2/files/0x000700000002341a-62.dat	upx
behavioral2/memory/3152-59-0x00007FF66BD60000-0x00007FF66C0B1000-memory.dmp	upx
behavioral2/files/0x000800000002340f-54.dat	upx
behavioral2/files/0x0007000000023416-42.dat	upx
behavioral2/memory/4524-41-0x00007FF7C8FE0000-0x00007FF7C9331000-memory.dmp	upx
behavioral2/files/0x0007000000023426-143.dat	upx
behavioral2/files/0x000c0000000006c3-151.dat	upx
behavioral2/memory/2188-148-0x00007FF7A2800000-0x00007FF7A2B51000-memory.dmp	upx
behavioral2/files/0x000c000000023383-153.dat	upx
behavioral2/files/0x0007000000023427-162.dat	upx
behavioral2/files/0x0007000000023428-167.dat	upx
behavioral2/files/0x0007000000023429-179.dat	upx
behavioral2/files/0x000700000002342a-188.dat	upx
behavioral2/files/0x000700000002342d-192.dat	upx
behavioral2/memory/3076-196-0x00007FF742FA0000-0x00007FF7432F1000-memory.dmp	upx
behavioral2/files/0x000700000002342c-194.dat	upx
behavioral2/memory/2064-185-0x00007FF713EE0000-0x00007FF714231000-memory.dmp	upx
behavioral2/memory/3424-184-0x00007FF6BC5C0000-0x00007FF6BC911000-memory.dmp	upx
behavioral2/files/0x000700000002342b-177.dat	upx
behavioral2/memory/1732-176-0x00007FF788750000-0x00007FF788AA1000-memory.dmp	upx
behavioral2/memory/2928-175-0x00007FF71CF80000-0x00007FF71D2D1000-memory.dmp	upx
behavioral2/memory/880-170-0x00007FF75EA60000-0x00007FF75EDB1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HTASuzf.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\NvSHZzj.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\dJMNmLZ.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\FfmpptZ.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\hrzjtyE.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\kiYLCAJ.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\YbNTYRO.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\RXMknzz.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\TfdQejj.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\rfrSHVo.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\EtXbPwq.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\KgcRlYv.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\ZWRknbo.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\kyiNkLU.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\WKFXomE.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\BxGfNQa.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\fLGcIxR.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\jqjNsNj.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\MFhEpqq.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\UzgKKeW.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\opiYgav.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\XXvtFdp.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\jlfXzCC.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\MUpuweR.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\IlscazR.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\KMvoqUp.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\esRGtGl.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\YpNPtuy.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\qxxfpRQ.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\HqlvXgr.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\vMrwpNW.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\fIJJZqu.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\DDzrTNm.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\ytbVgEP.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\zVRxsvl.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\VnLshXR.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\sTbMsyG.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\jvLFDNU.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\DRPvUPf.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\HcMmJwz.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\RwTIlbI.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\SzKRGFf.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\fbJYRtD.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\AhOcgfU.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\kfuSwey.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\YmHLPNs.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\DWfMmFg.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\cMuuLzs.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\aRgzQZk.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\pUyJTJl.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\hkZWfqK.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\AAYDFBb.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\AAErqVU.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\NyLRtSV.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\ezSElbq.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\ZyHodwo.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\CeimZCm.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\sLcUYUX.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\OVlEjoM.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\YxdEMRF.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\DMdaUDY.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\FqwivbV.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\FlfSoes.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
File created	C:\Windows\System\ZRbRncu.exe	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14752	dwm.exe
Token: SeChangeNotifyPrivilege	14752	dwm.exe
Token: 33	14752	dwm.exe
Token: SeIncBasePriorityPrivilege	14752	dwm.exe
Token: SeShutdownPrivilege	14752	dwm.exe
Token: SeCreatePagefilePrivilege	14752	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 4884	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	82
PID 2188 wrote to memory of 4884	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	82
PID 2188 wrote to memory of 880	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	83
PID 2188 wrote to memory of 880	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	83
PID 2188 wrote to memory of 3076	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	84
PID 2188 wrote to memory of 3076	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	84
PID 2188 wrote to memory of 4896	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	85
PID 2188 wrote to memory of 4896	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	85
PID 2188 wrote to memory of 1528	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	86
PID 2188 wrote to memory of 1528	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	86
PID 2188 wrote to memory of 4524	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	87
PID 2188 wrote to memory of 4524	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	87
PID 2188 wrote to memory of 3152	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	88
PID 2188 wrote to memory of 3152	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	88
PID 2188 wrote to memory of 2288	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	89
PID 2188 wrote to memory of 2288	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	89
PID 2188 wrote to memory of 1372	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	90
PID 2188 wrote to memory of 1372	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	90
PID 2188 wrote to memory of 1476	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	91
PID 2188 wrote to memory of 1476	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	91
PID 2188 wrote to memory of 2652	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	92
PID 2188 wrote to memory of 2652	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	92
PID 2188 wrote to memory of 4872	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	93
PID 2188 wrote to memory of 4872	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	93
PID 2188 wrote to memory of 3140	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	94
PID 2188 wrote to memory of 3140	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	94
PID 2188 wrote to memory of 1932	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	95
PID 2188 wrote to memory of 1932	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	95
PID 2188 wrote to memory of 2088	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	96
PID 2188 wrote to memory of 2088	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	96
PID 2188 wrote to memory of 4636	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	97
PID 2188 wrote to memory of 4636	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	97
PID 2188 wrote to memory of 4796	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	98
PID 2188 wrote to memory of 4796	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	98
PID 2188 wrote to memory of 2072	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	99
PID 2188 wrote to memory of 2072	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	99
PID 2188 wrote to memory of 1652	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	100
PID 2188 wrote to memory of 1652	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	100
PID 2188 wrote to memory of 3964	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	101
PID 2188 wrote to memory of 3964	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	101
PID 2188 wrote to memory of 1780	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	103
PID 2188 wrote to memory of 1780	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	103
PID 2188 wrote to memory of 4068	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	104
PID 2188 wrote to memory of 4068	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	104
PID 2188 wrote to memory of 1920	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	105
PID 2188 wrote to memory of 1920	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	105
PID 2188 wrote to memory of 2888	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	106
PID 2188 wrote to memory of 2888	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	106
PID 2188 wrote to memory of 2928	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	109
PID 2188 wrote to memory of 2928	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	109
PID 2188 wrote to memory of 1756	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	110
PID 2188 wrote to memory of 1756	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	110
PID 2188 wrote to memory of 3424	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	111
PID 2188 wrote to memory of 3424	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	111
PID 2188 wrote to memory of 2064	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	112
PID 2188 wrote to memory of 2064	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	112
PID 2188 wrote to memory of 1732	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	113
PID 2188 wrote to memory of 1732	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	113
PID 2188 wrote to memory of 1872	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	114
PID 2188 wrote to memory of 1872	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	114
PID 2188 wrote to memory of 3904	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	115
PID 2188 wrote to memory of 3904	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	115
PID 2188 wrote to memory of 4244	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	116
PID 2188 wrote to memory of 4244	2188	97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\97a2a86583041e230def6a56c2969a30_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\System\YMJkYjI.exe
  C:\Windows\System\YMJkYjI.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\VrmGtIl.exe
  C:\Windows\System\VrmGtIl.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\dtRXUsn.exe
  C:\Windows\System\dtRXUsn.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\qUEfOKx.exe
  C:\Windows\System\qUEfOKx.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\PFzRGof.exe
  C:\Windows\System\PFzRGof.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ZYoThNc.exe
  C:\Windows\System\ZYoThNc.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\PCjoRlP.exe
  C:\Windows\System\PCjoRlP.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\UYXnRuo.exe
  C:\Windows\System\UYXnRuo.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\OHqnESF.exe
  C:\Windows\System\OHqnESF.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\dPtITLC.exe
  C:\Windows\System\dPtITLC.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\deAeobZ.exe
  C:\Windows\System\deAeobZ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\nxkIoMl.exe
  C:\Windows\System\nxkIoMl.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\fxIvIey.exe
  C:\Windows\System\fxIvIey.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\TdEkXlp.exe
  C:\Windows\System\TdEkXlp.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\AAErqVU.exe
  C:\Windows\System\AAErqVU.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\RMsfDqm.exe
  C:\Windows\System\RMsfDqm.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\tBCnLAx.exe
  C:\Windows\System\tBCnLAx.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\GjpnUXr.exe
  C:\Windows\System\GjpnUXr.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\LJUFBPs.exe
  C:\Windows\System\LJUFBPs.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\dIlEitz.exe
  C:\Windows\System\dIlEitz.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\cAuXYNP.exe
  C:\Windows\System\cAuXYNP.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\daRJhxS.exe
  C:\Windows\System\daRJhxS.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\YIUTWJt.exe
  C:\Windows\System\YIUTWJt.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\JlNdGun.exe
  C:\Windows\System\JlNdGun.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\OklcgWD.exe
  C:\Windows\System\OklcgWD.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\kyiNkLU.exe
  C:\Windows\System\kyiNkLU.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\xCQimNe.exe
  C:\Windows\System\xCQimNe.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\KvLgvDX.exe
  C:\Windows\System\KvLgvDX.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\IUqPqaV.exe
  C:\Windows\System\IUqPqaV.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\vofQHxt.exe
  C:\Windows\System\vofQHxt.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\SulzAlb.exe
  C:\Windows\System\SulzAlb.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\xcHHmZW.exe
  C:\Windows\System\xcHHmZW.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\ducgivl.exe
  C:\Windows\System\ducgivl.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\VErFcIB.exe
  C:\Windows\System\VErFcIB.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\wZOghXl.exe
  C:\Windows\System\wZOghXl.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\asmbPcv.exe
  C:\Windows\System\asmbPcv.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\VZxVTTV.exe
  C:\Windows\System\VZxVTTV.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\bbuUhmz.exe
  C:\Windows\System\bbuUhmz.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\KeXGLXM.exe
  C:\Windows\System\KeXGLXM.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\HkUqbMX.exe
  C:\Windows\System\HkUqbMX.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\gMfQdLA.exe
  C:\Windows\System\gMfQdLA.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\RyEsDaM.exe
  C:\Windows\System\RyEsDaM.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\DQyQqyo.exe
  C:\Windows\System\DQyQqyo.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\iPmpQsr.exe
  C:\Windows\System\iPmpQsr.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\kCMueDy.exe
  C:\Windows\System\kCMueDy.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\KyCHgCc.exe
  C:\Windows\System\KyCHgCc.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\dkIMdua.exe
  C:\Windows\System\dkIMdua.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\wbukcVz.exe
  C:\Windows\System\wbukcVz.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\bQxMIzb.exe
  C:\Windows\System\bQxMIzb.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\HLTIuSf.exe
  C:\Windows\System\HLTIuSf.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\algmrfc.exe
  C:\Windows\System\algmrfc.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\mpIfkKz.exe
  C:\Windows\System\mpIfkKz.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\znHBLeH.exe
  C:\Windows\System\znHBLeH.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\cRPwaBC.exe
  C:\Windows\System\cRPwaBC.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\pByPKjS.exe
  C:\Windows\System\pByPKjS.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\cEwvdSr.exe
  C:\Windows\System\cEwvdSr.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\XXvtFdp.exe
  C:\Windows\System\XXvtFdp.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\BbUCVLD.exe
  C:\Windows\System\BbUCVLD.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\TGYJFaK.exe
  C:\Windows\System\TGYJFaK.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\moJMkkD.exe
  C:\Windows\System\moJMkkD.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\phfytCd.exe
  C:\Windows\System\phfytCd.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\ARDcbCh.exe
  C:\Windows\System\ARDcbCh.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\PjQNQxv.exe
  C:\Windows\System\PjQNQxv.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\aGtyQBs.exe
  C:\Windows\System\aGtyQBs.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\gGkAJGN.exe
  C:\Windows\System\gGkAJGN.exe
  2⤵
  PID:4952
- C:\Windows\System\HEkRbqS.exe
  C:\Windows\System\HEkRbqS.exe
  2⤵
  PID:2664
- C:\Windows\System\jVISYtt.exe
  C:\Windows\System\jVISYtt.exe
  2⤵
  PID:3628
- C:\Windows\System\vhgrhIN.exe
  C:\Windows\System\vhgrhIN.exe
  2⤵
  PID:1620
- C:\Windows\System\CgDOQrA.exe
  C:\Windows\System\CgDOQrA.exe
  2⤵
  PID:1336
- C:\Windows\System\inMRHtO.exe
  C:\Windows\System\inMRHtO.exe
  2⤵
  PID:2036
- C:\Windows\System\lflSBrc.exe
  C:\Windows\System\lflSBrc.exe
  2⤵
  PID:2468
- C:\Windows\System\VWThBui.exe
  C:\Windows\System\VWThBui.exe
  2⤵
  PID:5088
- C:\Windows\System\DfqSMpB.exe
  C:\Windows\System\DfqSMpB.exe
  2⤵
  PID:5000
- C:\Windows\System\HxKLtcB.exe
  C:\Windows\System\HxKLtcB.exe
  2⤵
  PID:4220
- C:\Windows\System\wNAqlXG.exe
  C:\Windows\System\wNAqlXG.exe
  2⤵
  PID:4104
- C:\Windows\System\NyLRtSV.exe
  C:\Windows\System\NyLRtSV.exe
  2⤵
  PID:1488
- C:\Windows\System\ijMseXy.exe
  C:\Windows\System\ijMseXy.exe
  2⤵
  PID:2408
- C:\Windows\System\nsZWYEF.exe
  C:\Windows\System\nsZWYEF.exe
  2⤵
  PID:1592
- C:\Windows\System\EEyHbJH.exe
  C:\Windows\System\EEyHbJH.exe
  2⤵
  PID:3856
- C:\Windows\System\hLDDfbO.exe
  C:\Windows\System\hLDDfbO.exe
  2⤵
  PID:5004
- C:\Windows\System\EuzHRML.exe
  C:\Windows\System\EuzHRML.exe
  2⤵
  PID:3396
- C:\Windows\System\nNodJMm.exe
  C:\Windows\System\nNodJMm.exe
  2⤵
  PID:4076
- C:\Windows\System\RPvCVCq.exe
  C:\Windows\System\RPvCVCq.exe
  2⤵
  PID:936
- C:\Windows\System\iFEbKmS.exe
  C:\Windows\System\iFEbKmS.exe
  2⤵
  PID:228
- C:\Windows\System\kfuSwey.exe
  C:\Windows\System\kfuSwey.exe
  2⤵
  PID:4972
- C:\Windows\System\BPPcSyp.exe
  C:\Windows\System\BPPcSyp.exe
  2⤵
  PID:1668
- C:\Windows\System\lNxbdhN.exe
  C:\Windows\System\lNxbdhN.exe
  2⤵
  PID:4116
- C:\Windows\System\EbMOdVU.exe
  C:\Windows\System\EbMOdVU.exe
  2⤵
  PID:1608
- C:\Windows\System\RXMknzz.exe
  C:\Windows\System\RXMknzz.exe
  2⤵
  PID:4280
- C:\Windows\System\iemUWEx.exe
  C:\Windows\System\iemUWEx.exe
  2⤵
  PID:4688
- C:\Windows\System\EXHjHyj.exe
  C:\Windows\System\EXHjHyj.exe
  2⤵
  PID:1664
- C:\Windows\System\jvkWXiq.exe
  C:\Windows\System\jvkWXiq.exe
  2⤵
  PID:4444
- C:\Windows\System\iDXwbeH.exe
  C:\Windows\System\iDXwbeH.exe
  2⤵
  PID:5148
- C:\Windows\System\mqmfkGQ.exe
  C:\Windows\System\mqmfkGQ.exe
  2⤵
  PID:5164
- C:\Windows\System\MtcQQun.exe
  C:\Windows\System\MtcQQun.exe
  2⤵
  PID:5188
- C:\Windows\System\vvPWAfv.exe
  C:\Windows\System\vvPWAfv.exe
  2⤵
  PID:5212
- C:\Windows\System\kbUTRVT.exe
  C:\Windows\System\kbUTRVT.exe
  2⤵
  PID:5236
- C:\Windows\System\OpSfhKg.exe
  C:\Windows\System\OpSfhKg.exe
  2⤵
  PID:5256
- C:\Windows\System\wkSXxZZ.exe
  C:\Windows\System\wkSXxZZ.exe
  2⤵
  PID:5292
- C:\Windows\System\VjujdlE.exe
  C:\Windows\System\VjujdlE.exe
  2⤵
  PID:5312
- C:\Windows\System\RGIxGgc.exe
  C:\Windows\System\RGIxGgc.exe
  2⤵
  PID:5344
- C:\Windows\System\TAnuHlG.exe
  C:\Windows\System\TAnuHlG.exe
  2⤵
  PID:5380
- C:\Windows\System\AAPBnOg.exe
  C:\Windows\System\AAPBnOg.exe
  2⤵
  PID:5400
- C:\Windows\System\OVlEjoM.exe
  C:\Windows\System\OVlEjoM.exe
  2⤵
  PID:5416
- C:\Windows\System\wgagykA.exe
  C:\Windows\System\wgagykA.exe
  2⤵
  PID:5468
- C:\Windows\System\cpBOLeH.exe
  C:\Windows\System\cpBOLeH.exe
  2⤵
  PID:5496
- C:\Windows\System\OZmKtxR.exe
  C:\Windows\System\OZmKtxR.exe
  2⤵
  PID:5520
- C:\Windows\System\MtmbuPn.exe
  C:\Windows\System\MtmbuPn.exe
  2⤵
  PID:5536
- C:\Windows\System\iIRoIhs.exe
  C:\Windows\System\iIRoIhs.exe
  2⤵
  PID:5556
- C:\Windows\System\ORtFuvs.exe
  C:\Windows\System\ORtFuvs.exe
  2⤵
  PID:5580
- C:\Windows\System\inGEVai.exe
  C:\Windows\System\inGEVai.exe
  2⤵
  PID:5600
- C:\Windows\System\doZqFsH.exe
  C:\Windows\System\doZqFsH.exe
  2⤵
  PID:5628
- C:\Windows\System\TLSHGef.exe
  C:\Windows\System\TLSHGef.exe
  2⤵
  PID:5648
- C:\Windows\System\OFPFLzI.exe
  C:\Windows\System\OFPFLzI.exe
  2⤵
  PID:5708
- C:\Windows\System\jDkOLio.exe
  C:\Windows\System\jDkOLio.exe
  2⤵
  PID:5732
- C:\Windows\System\lVPpbDv.exe
  C:\Windows\System\lVPpbDv.exe
  2⤵
  PID:5784
- C:\Windows\System\koiHwpX.exe
  C:\Windows\System\koiHwpX.exe
  2⤵
  PID:5804
- C:\Windows\System\lhJxqJT.exe
  C:\Windows\System\lhJxqJT.exe
  2⤵
  PID:5828
- C:\Windows\System\OHIjyQy.exe
  C:\Windows\System\OHIjyQy.exe
  2⤵
  PID:5872
- C:\Windows\System\mekMDiO.exe
  C:\Windows\System\mekMDiO.exe
  2⤵
  PID:5896
- C:\Windows\System\yuYHWkc.exe
  C:\Windows\System\yuYHWkc.exe
  2⤵
  PID:5912
- C:\Windows\System\XPjktWp.exe
  C:\Windows\System\XPjktWp.exe
  2⤵
  PID:5932
- C:\Windows\System\qhWMcpq.exe
  C:\Windows\System\qhWMcpq.exe
  2⤵
  PID:5972
- C:\Windows\System\XJsrdVG.exe
  C:\Windows\System\XJsrdVG.exe
  2⤵
  PID:6008
- C:\Windows\System\GHOiWih.exe
  C:\Windows\System\GHOiWih.exe
  2⤵
  PID:6044
- C:\Windows\System\HQMQdhz.exe
  C:\Windows\System\HQMQdhz.exe
  2⤵
  PID:6064
- C:\Windows\System\esjZyig.exe
  C:\Windows\System\esjZyig.exe
  2⤵
  PID:6104
- C:\Windows\System\YnJykDm.exe
  C:\Windows\System\YnJykDm.exe
  2⤵
  PID:6128
- C:\Windows\System\puMVXMx.exe
  C:\Windows\System\puMVXMx.exe
  2⤵
  PID:2868
- C:\Windows\System\ORoQtAP.exe
  C:\Windows\System\ORoQtAP.exe
  2⤵
  PID:5144
- C:\Windows\System\aIFmDYf.exe
  C:\Windows\System\aIFmDYf.exe
  2⤵
  PID:5180
- C:\Windows\System\ECkmWan.exe
  C:\Windows\System\ECkmWan.exe
  2⤵
  PID:5308
- C:\Windows\System\TfdQejj.exe
  C:\Windows\System\TfdQejj.exe
  2⤵
  PID:5288
- C:\Windows\System\EjZCXFC.exe
  C:\Windows\System\EjZCXFC.exe
  2⤵
  PID:5352
- C:\Windows\System\zmIzWcQ.exe
  C:\Windows\System\zmIzWcQ.exe
  2⤵
  PID:5408
- C:\Windows\System\PjuPRTW.exe
  C:\Windows\System\PjuPRTW.exe
  2⤵
  PID:5488
- C:\Windows\System\PjTfmvN.exe
  C:\Windows\System\PjTfmvN.exe
  2⤵
  PID:5476
- C:\Windows\System\nBSPvmM.exe
  C:\Windows\System\nBSPvmM.exe
  2⤵
  PID:5564
- C:\Windows\System\BUfrqJc.exe
  C:\Windows\System\BUfrqJc.exe
  2⤵
  PID:5620
- C:\Windows\System\HYuLrPE.exe
  C:\Windows\System\HYuLrPE.exe
  2⤵
  PID:5764
- C:\Windows\System\XwjxwVD.exe
  C:\Windows\System\XwjxwVD.exe
  2⤵
  PID:5928
- C:\Windows\System\nEiVfbU.exe
  C:\Windows\System\nEiVfbU.exe
  2⤵
  PID:5968
- C:\Windows\System\EyoCXYg.exe
  C:\Windows\System\EyoCXYg.exe
  2⤵
  PID:6060
- C:\Windows\System\bFFEqJW.exe
  C:\Windows\System\bFFEqJW.exe
  2⤵
  PID:3684
- C:\Windows\System\KcHtenB.exe
  C:\Windows\System\KcHtenB.exe
  2⤵
  PID:5136
- C:\Windows\System\VSyWNOJ.exe
  C:\Windows\System\VSyWNOJ.exe
  2⤵
  PID:5264
- C:\Windows\System\QZQLCSJ.exe
  C:\Windows\System\QZQLCSJ.exe
  2⤵
  PID:5388
- C:\Windows\System\jvLFDNU.exe
  C:\Windows\System\jvLFDNU.exe
  2⤵
  PID:5460
- C:\Windows\System\OyxCPUh.exe
  C:\Windows\System\OyxCPUh.exe
  2⤵
  PID:5512
- C:\Windows\System\oipFkuz.exe
  C:\Windows\System\oipFkuz.exe
  2⤵
  PID:5908
- C:\Windows\System\CrlhCUQ.exe
  C:\Windows\System\CrlhCUQ.exe
  2⤵
  PID:6052
- C:\Windows\System\xNgbwxe.exe
  C:\Windows\System\xNgbwxe.exe
  2⤵
  PID:1276
- C:\Windows\System\EHHvpHV.exe
  C:\Windows\System\EHHvpHV.exe
  2⤵
  PID:5680
- C:\Windows\System\lEYccWE.exe
  C:\Windows\System\lEYccWE.exe
  2⤵
  PID:5760
- C:\Windows\System\gbwvYgI.exe
  C:\Windows\System\gbwvYgI.exe
  2⤵
  PID:6084
- C:\Windows\System\URtZtdU.exe
  C:\Windows\System\URtZtdU.exe
  2⤵
  PID:5944
- C:\Windows\System\BxbcsLO.exe
  C:\Windows\System\BxbcsLO.exe
  2⤵
  PID:5952
- C:\Windows\System\JluYieS.exe
  C:\Windows\System\JluYieS.exe
  2⤵
  PID:6168
- C:\Windows\System\OVnjGyW.exe
  C:\Windows\System\OVnjGyW.exe
  2⤵
  PID:6188
- C:\Windows\System\KZygJnh.exe
  C:\Windows\System\KZygJnh.exe
  2⤵
  PID:6228
- C:\Windows\System\eRcnaHg.exe
  C:\Windows\System\eRcnaHg.exe
  2⤵
  PID:6252
- C:\Windows\System\IlvaTNA.exe
  C:\Windows\System\IlvaTNA.exe
  2⤵
  PID:6276
- C:\Windows\System\ezFTwtG.exe
  C:\Windows\System\ezFTwtG.exe
  2⤵
  PID:6296
- C:\Windows\System\HPaZcKb.exe
  C:\Windows\System\HPaZcKb.exe
  2⤵
  PID:6364
- C:\Windows\System\iXaEWry.exe
  C:\Windows\System\iXaEWry.exe
  2⤵
  PID:6388
- C:\Windows\System\dDUlSYH.exe
  C:\Windows\System\dDUlSYH.exe
  2⤵
  PID:6404
- C:\Windows\System\mzYTthz.exe
  C:\Windows\System\mzYTthz.exe
  2⤵
  PID:6448
- C:\Windows\System\rmqezGS.exe
  C:\Windows\System\rmqezGS.exe
  2⤵
  PID:6464
- C:\Windows\System\ghlTxsT.exe
  C:\Windows\System\ghlTxsT.exe
  2⤵
  PID:6496
- C:\Windows\System\ETUUCWD.exe
  C:\Windows\System\ETUUCWD.exe
  2⤵
  PID:6512
- C:\Windows\System\QabpgtH.exe
  C:\Windows\System\QabpgtH.exe
  2⤵
  PID:6536
- C:\Windows\System\tjcuxhJ.exe
  C:\Windows\System\tjcuxhJ.exe
  2⤵
  PID:6564
- C:\Windows\System\yZhlSPv.exe
  C:\Windows\System\yZhlSPv.exe
  2⤵
  PID:6608
- C:\Windows\System\ZKoKSji.exe
  C:\Windows\System\ZKoKSji.exe
  2⤵
  PID:6632
- C:\Windows\System\sTgVrMp.exe
  C:\Windows\System\sTgVrMp.exe
  2⤵
  PID:6684
- C:\Windows\System\bkrZCUQ.exe
  C:\Windows\System\bkrZCUQ.exe
  2⤵
  PID:6704
- C:\Windows\System\vMrwpNW.exe
  C:\Windows\System\vMrwpNW.exe
  2⤵
  PID:6728
- C:\Windows\System\jlfXzCC.exe
  C:\Windows\System\jlfXzCC.exe
  2⤵
  PID:6756
- C:\Windows\System\BFCTjTd.exe
  C:\Windows\System\BFCTjTd.exe
  2⤵
  PID:6776
- C:\Windows\System\fJmyvaL.exe
  C:\Windows\System\fJmyvaL.exe
  2⤵
  PID:6828
- C:\Windows\System\fIJJZqu.exe
  C:\Windows\System\fIJJZqu.exe
  2⤵
  PID:6844
- C:\Windows\System\qyLNDdq.exe
  C:\Windows\System\qyLNDdq.exe
  2⤵
  PID:6880
- C:\Windows\System\rhgHvoT.exe
  C:\Windows\System\rhgHvoT.exe
  2⤵
  PID:6900
- C:\Windows\System\tnypSSC.exe
  C:\Windows\System\tnypSSC.exe
  2⤵
  PID:6924
- C:\Windows\System\pTNrEpp.exe
  C:\Windows\System\pTNrEpp.exe
  2⤵
  PID:6956
- C:\Windows\System\LjxaUzz.exe
  C:\Windows\System\LjxaUzz.exe
  2⤵
  PID:6976
- C:\Windows\System\rfrSHVo.exe
  C:\Windows\System\rfrSHVo.exe
  2⤵
  PID:6996
- C:\Windows\System\nrDMPZr.exe
  C:\Windows\System\nrDMPZr.exe
  2⤵
  PID:7056
- C:\Windows\System\EtXbPwq.exe
  C:\Windows\System\EtXbPwq.exe
  2⤵
  PID:7072
- C:\Windows\System\ygKKoHA.exe
  C:\Windows\System\ygKKoHA.exe
  2⤵
  PID:7104
- C:\Windows\System\qLjPDdx.exe
  C:\Windows\System\qLjPDdx.exe
  2⤵
  PID:7124
- C:\Windows\System\YmHLPNs.exe
  C:\Windows\System\YmHLPNs.exe
  2⤵
  PID:7152
- C:\Windows\System\IykNKyw.exe
  C:\Windows\System\IykNKyw.exe
  2⤵
  PID:6024
- C:\Windows\System\gwvyysd.exe
  C:\Windows\System\gwvyysd.exe
  2⤵
  PID:6184
- C:\Windows\System\nepKuQK.exe
  C:\Windows\System\nepKuQK.exe
  2⤵
  PID:6396
- C:\Windows\System\cBtPAOA.exe
  C:\Windows\System\cBtPAOA.exe
  2⤵
  PID:6356
- C:\Windows\System\RxCyHYG.exe
  C:\Windows\System\RxCyHYG.exe
  2⤵
  PID:6484
- C:\Windows\System\sULopDF.exe
  C:\Windows\System\sULopDF.exe
  2⤵
  PID:6504
- C:\Windows\System\ZxbBREO.exe
  C:\Windows\System\ZxbBREO.exe
  2⤵
  PID:6576
- C:\Windows\System\rmYBcVh.exe
  C:\Windows\System\rmYBcVh.exe
  2⤵
  PID:6656
- C:\Windows\System\CFlPChz.exe
  C:\Windows\System\CFlPChz.exe
  2⤵
  PID:6712
- C:\Windows\System\QNUfheQ.exe
  C:\Windows\System\QNUfheQ.exe
  2⤵
  PID:6768
- C:\Windows\System\TCErDHO.exe
  C:\Windows\System\TCErDHO.exe
  2⤵
  PID:6932
- C:\Windows\System\InVszby.exe
  C:\Windows\System\InVszby.exe
  2⤵
  PID:6948
- C:\Windows\System\iljDWQt.exe
  C:\Windows\System\iljDWQt.exe
  2⤵
  PID:6964
- C:\Windows\System\aFUvQsV.exe
  C:\Windows\System\aFUvQsV.exe
  2⤵
  PID:3420
- C:\Windows\System\vUaifyI.exe
  C:\Windows\System\vUaifyI.exe
  2⤵
  PID:7036
- C:\Windows\System\qzutpPA.exe
  C:\Windows\System\qzutpPA.exe
  2⤵
  PID:7132
- C:\Windows\System\MjRhQdd.exe
  C:\Windows\System\MjRhQdd.exe
  2⤵
  PID:7144
- C:\Windows\System\ReOQWxl.exe
  C:\Windows\System\ReOQWxl.exe
  2⤵
  PID:6224
- C:\Windows\System\NaIctfw.exe
  C:\Windows\System\NaIctfw.exe
  2⤵
  PID:6376
- C:\Windows\System\DWfMmFg.exe
  C:\Windows\System\DWfMmFg.exe
  2⤵
  PID:6544
- C:\Windows\System\iPiKybi.exe
  C:\Windows\System\iPiKybi.exe
  2⤵
  PID:6616
- C:\Windows\System\GJIkphc.exe
  C:\Windows\System\GJIkphc.exe
  2⤵
  PID:6896
- C:\Windows\System\uanNkpt.exe
  C:\Windows\System\uanNkpt.exe
  2⤵
  PID:6972
- C:\Windows\System\jlAAuyw.exe
  C:\Windows\System\jlAAuyw.exe
  2⤵
  PID:6372
- C:\Windows\System\WjDVIyR.exe
  C:\Windows\System\WjDVIyR.exe
  2⤵
  PID:6456
- C:\Windows\System\OJNcCyL.exe
  C:\Windows\System\OJNcCyL.exe
  2⤵
  PID:6788
- C:\Windows\System\BDQMJnt.exe
  C:\Windows\System\BDQMJnt.exe
  2⤵
  PID:6920
- C:\Windows\System\cTrQYiA.exe
  C:\Windows\System\cTrQYiA.exe
  2⤵
  PID:7180
- C:\Windows\System\iPStVZu.exe
  C:\Windows\System\iPStVZu.exe
  2⤵
  PID:7204
- C:\Windows\System\XOOHaZe.exe
  C:\Windows\System\XOOHaZe.exe
  2⤵
  PID:7232
- C:\Windows\System\rerohNc.exe
  C:\Windows\System\rerohNc.exe
  2⤵
  PID:7256
- C:\Windows\System\GSYTSkr.exe
  C:\Windows\System\GSYTSkr.exe
  2⤵
  PID:7276
- C:\Windows\System\MZcKMEc.exe
  C:\Windows\System\MZcKMEc.exe
  2⤵
  PID:7308
- C:\Windows\System\FELFwWQ.exe
  C:\Windows\System\FELFwWQ.exe
  2⤵
  PID:7328
- C:\Windows\System\VRCnmdA.exe
  C:\Windows\System\VRCnmdA.exe
  2⤵
  PID:7492
- C:\Windows\System\VFQptil.exe
  C:\Windows\System\VFQptil.exe
  2⤵
  PID:7508
- C:\Windows\System\pWSQNXm.exe
  C:\Windows\System\pWSQNXm.exe
  2⤵
  PID:7524
- C:\Windows\System\IHKvWif.exe
  C:\Windows\System\IHKvWif.exe
  2⤵
  PID:7540
- C:\Windows\System\jQGeZmF.exe
  C:\Windows\System\jQGeZmF.exe
  2⤵
  PID:7556
- C:\Windows\System\ihtYucw.exe
  C:\Windows\System\ihtYucw.exe
  2⤵
  PID:7572
- C:\Windows\System\fvlgNfo.exe
  C:\Windows\System\fvlgNfo.exe
  2⤵
  PID:7588
- C:\Windows\System\KsymGMT.exe
  C:\Windows\System\KsymGMT.exe
  2⤵
  PID:7604
- C:\Windows\System\PRkfuvG.exe
  C:\Windows\System\PRkfuvG.exe
  2⤵
  PID:7620
- C:\Windows\System\ezSElbq.exe
  C:\Windows\System\ezSElbq.exe
  2⤵
  PID:7636
- C:\Windows\System\DRPvUPf.exe
  C:\Windows\System\DRPvUPf.exe
  2⤵
  PID:7652
- C:\Windows\System\NXJUQaG.exe
  C:\Windows\System\NXJUQaG.exe
  2⤵
  PID:7668
- C:\Windows\System\tYvVHCa.exe
  C:\Windows\System\tYvVHCa.exe
  2⤵
  PID:7688
- C:\Windows\System\sfrUbmd.exe
  C:\Windows\System\sfrUbmd.exe
  2⤵
  PID:7716
- C:\Windows\System\DBRjWnH.exe
  C:\Windows\System\DBRjWnH.exe
  2⤵
  PID:7852
- C:\Windows\System\iBVJfRo.exe
  C:\Windows\System\iBVJfRo.exe
  2⤵
  PID:7900
- C:\Windows\System\lFYQzce.exe
  C:\Windows\System\lFYQzce.exe
  2⤵
  PID:7920
- C:\Windows\System\pzXNsdA.exe
  C:\Windows\System\pzXNsdA.exe
  2⤵
  PID:7944
- C:\Windows\System\bbGeaEH.exe
  C:\Windows\System\bbGeaEH.exe
  2⤵
  PID:7968
- C:\Windows\System\OkOEWbI.exe
  C:\Windows\System\OkOEWbI.exe
  2⤵
  PID:7988
- C:\Windows\System\jVnEmoU.exe
  C:\Windows\System\jVnEmoU.exe
  2⤵
  PID:8064
- C:\Windows\System\OfvyUQu.exe
  C:\Windows\System\OfvyUQu.exe
  2⤵
  PID:8100
- C:\Windows\System\jkHxIWl.exe
  C:\Windows\System\jkHxIWl.exe
  2⤵
  PID:8124
- C:\Windows\System\BGdwcVb.exe
  C:\Windows\System\BGdwcVb.exe
  2⤵
  PID:8144
- C:\Windows\System\CkyltXN.exe
  C:\Windows\System\CkyltXN.exe
  2⤵
  PID:8164
- C:\Windows\System\zeIjzcL.exe
  C:\Windows\System\zeIjzcL.exe
  2⤵
  PID:6836
- C:\Windows\System\oivLrPs.exe
  C:\Windows\System\oivLrPs.exe
  2⤵
  PID:7188
- C:\Windows\System\QVVuhrj.exe
  C:\Windows\System\QVVuhrj.exe
  2⤵
  PID:7252
- C:\Windows\System\ZyHodwo.exe
  C:\Windows\System\ZyHodwo.exe
  2⤵
  PID:7436
- C:\Windows\System\ptwEFtK.exe
  C:\Windows\System\ptwEFtK.exe
  2⤵
  PID:7456
- C:\Windows\System\MUpuweR.exe
  C:\Windows\System\MUpuweR.exe
  2⤵
  PID:7472
- C:\Windows\System\rHJljtA.exe
  C:\Windows\System\rHJljtA.exe
  2⤵
  PID:7504
- C:\Windows\System\JbkCFAa.exe
  C:\Windows\System\JbkCFAa.exe
  2⤵
  PID:7368
- C:\Windows\System\IhmuUFb.exe
  C:\Windows\System\IhmuUFb.exe
  2⤵
  PID:7408
- C:\Windows\System\ZKGoTWG.exe
  C:\Windows\System\ZKGoTWG.exe
  2⤵
  PID:7548
- C:\Windows\System\tLJFUkq.exe
  C:\Windows\System\tLJFUkq.exe
  2⤵
  PID:7632
- C:\Windows\System\eGrehTH.exe
  C:\Windows\System\eGrehTH.exe
  2⤵
  PID:7684
- C:\Windows\System\wddLHsC.exe
  C:\Windows\System\wddLHsC.exe
  2⤵
  PID:7784
- C:\Windows\System\SMLhrlL.exe
  C:\Windows\System\SMLhrlL.exe
  2⤵
  PID:7776
- C:\Windows\System\TsxzqWA.exe
  C:\Windows\System\TsxzqWA.exe
  2⤵
  PID:7884
- C:\Windows\System\PHQUTfa.exe
  C:\Windows\System\PHQUTfa.exe
  2⤵
  PID:8020
- C:\Windows\System\RceigKv.exe
  C:\Windows\System\RceigKv.exe
  2⤵
  PID:8080
- C:\Windows\System\qIvhwgH.exe
  C:\Windows\System\qIvhwgH.exe
  2⤵
  PID:8120
- C:\Windows\System\lgjSGMl.exe
  C:\Windows\System\lgjSGMl.exe
  2⤵
  PID:8160
- C:\Windows\System\aIqdeHH.exe
  C:\Windows\System\aIqdeHH.exe
  2⤵
  PID:6140
- C:\Windows\System\bbmKgfp.exe
  C:\Windows\System\bbmKgfp.exe
  2⤵
  PID:7288
- C:\Windows\System\ljvvQCE.exe
  C:\Windows\System\ljvvQCE.exe
  2⤵
  PID:7320
- C:\Windows\System\CeimZCm.exe
  C:\Windows\System\CeimZCm.exe
  2⤵
  PID:7364
- C:\Windows\System\AqqtRNE.exe
  C:\Windows\System\AqqtRNE.exe
  2⤵
  PID:7520
- C:\Windows\System\HTASuzf.exe
  C:\Windows\System\HTASuzf.exe
  2⤵
  PID:7564
- C:\Windows\System\PYbKhoj.exe
  C:\Windows\System\PYbKhoj.exe
  2⤵
  PID:7712
- C:\Windows\System\dyPFajz.exe
  C:\Windows\System\dyPFajz.exe
  2⤵
  PID:8056
- C:\Windows\System\WKFXomE.exe
  C:\Windows\System\WKFXomE.exe
  2⤵
  PID:8140
- C:\Windows\System\bxOinku.exe
  C:\Windows\System\bxOinku.exe
  2⤵
  PID:7680
- C:\Windows\System\IVXYFlN.exe
  C:\Windows\System\IVXYFlN.exe
  2⤵
  PID:8116
- C:\Windows\System\wqhlGuG.exe
  C:\Windows\System\wqhlGuG.exe
  2⤵
  PID:7860
- C:\Windows\System\NhmxJzU.exe
  C:\Windows\System\NhmxJzU.exe
  2⤵
  PID:8000
- C:\Windows\System\QrNUFfr.exe
  C:\Windows\System\QrNUFfr.exe
  2⤵
  PID:8220
- C:\Windows\System\lLHOBxm.exe
  C:\Windows\System\lLHOBxm.exe
  2⤵
  PID:8248
- C:\Windows\System\ZUbwkgl.exe
  C:\Windows\System\ZUbwkgl.exe
  2⤵
  PID:8276
- C:\Windows\System\gMTjynQ.exe
  C:\Windows\System\gMTjynQ.exe
  2⤵
  PID:8304
- C:\Windows\System\ZjgmuHW.exe
  C:\Windows\System\ZjgmuHW.exe
  2⤵
  PID:8324
- C:\Windows\System\BxGfNQa.exe
  C:\Windows\System\BxGfNQa.exe
  2⤵
  PID:8344
- C:\Windows\System\WyGkMfN.exe
  C:\Windows\System\WyGkMfN.exe
  2⤵
  PID:8368
- C:\Windows\System\PNfHBOa.exe
  C:\Windows\System\PNfHBOa.exe
  2⤵
  PID:8388
- C:\Windows\System\HHBTkpW.exe
  C:\Windows\System\HHBTkpW.exe
  2⤵
  PID:8436
- C:\Windows\System\eZJErzi.exe
  C:\Windows\System\eZJErzi.exe
  2⤵
  PID:8472
- C:\Windows\System\qkQrUGa.exe
  C:\Windows\System\qkQrUGa.exe
  2⤵
  PID:8492
- C:\Windows\System\IlscazR.exe
  C:\Windows\System\IlscazR.exe
  2⤵
  PID:8512
- C:\Windows\System\KUrOIoT.exe
  C:\Windows\System\KUrOIoT.exe
  2⤵
  PID:8540
- C:\Windows\System\WuyDbNE.exe
  C:\Windows\System\WuyDbNE.exe
  2⤵
  PID:8556
- C:\Windows\System\CMaAVTo.exe
  C:\Windows\System\CMaAVTo.exe
  2⤵
  PID:8588
- C:\Windows\System\sbTikpB.exe
  C:\Windows\System\sbTikpB.exe
  2⤵
  PID:8604
- C:\Windows\System\LUsPkgC.exe
  C:\Windows\System\LUsPkgC.exe
  2⤵
  PID:8688
- C:\Windows\System\KgcRlYv.exe
  C:\Windows\System\KgcRlYv.exe
  2⤵
  PID:8708
- C:\Windows\System\IKKFPUC.exe
  C:\Windows\System\IKKFPUC.exe
  2⤵
  PID:8736
- C:\Windows\System\qPXHQXi.exe
  C:\Windows\System\qPXHQXi.exe
  2⤵
  PID:8768
- C:\Windows\System\hlKbzIb.exe
  C:\Windows\System\hlKbzIb.exe
  2⤵
  PID:8792
- C:\Windows\System\qATxZUb.exe
  C:\Windows\System\qATxZUb.exe
  2⤵
  PID:8824
- C:\Windows\System\eANvTen.exe
  C:\Windows\System\eANvTen.exe
  2⤵
  PID:8856
- C:\Windows\System\XFDlift.exe
  C:\Windows\System\XFDlift.exe
  2⤵
  PID:8872
- C:\Windows\System\LiIFEmd.exe
  C:\Windows\System\LiIFEmd.exe
  2⤵
  PID:8916
- C:\Windows\System\ZWRknbo.exe
  C:\Windows\System\ZWRknbo.exe
  2⤵
  PID:8940
- C:\Windows\System\WfiAeNc.exe
  C:\Windows\System\WfiAeNc.exe
  2⤵
  PID:8960
- C:\Windows\System\TlAnjer.exe
  C:\Windows\System\TlAnjer.exe
  2⤵
  PID:8980
- C:\Windows\System\NvSHZzj.exe
  C:\Windows\System\NvSHZzj.exe
  2⤵
  PID:9004
- C:\Windows\System\xHipiSE.exe
  C:\Windows\System\xHipiSE.exe
  2⤵
  PID:9032
- C:\Windows\System\wsgOmhu.exe
  C:\Windows\System\wsgOmhu.exe
  2⤵
  PID:9056
- C:\Windows\System\yIYoDKY.exe
  C:\Windows\System\yIYoDKY.exe
  2⤵
  PID:9092
- C:\Windows\System\fektFDV.exe
  C:\Windows\System\fektFDV.exe
  2⤵
  PID:9120
- C:\Windows\System\yyqYfjL.exe
  C:\Windows\System\yyqYfjL.exe
  2⤵
  PID:9140
- C:\Windows\System\CjYoYzN.exe
  C:\Windows\System\CjYoYzN.exe
  2⤵
  PID:9164
- C:\Windows\System\AHMqoFh.exe
  C:\Windows\System\AHMqoFh.exe
  2⤵
  PID:9188
- C:\Windows\System\dTvtESK.exe
  C:\Windows\System\dTvtESK.exe
  2⤵
  PID:9212
- C:\Windows\System\HHjCfmw.exe
  C:\Windows\System\HHjCfmw.exe
  2⤵
  PID:8184
- C:\Windows\System\bVJMEvf.exe
  C:\Windows\System\bVJMEvf.exe
  2⤵
  PID:8240
- C:\Windows\System\ZDGSDLO.exe
  C:\Windows\System\ZDGSDLO.exe
  2⤵
  PID:8376
- C:\Windows\System\vGocmgZ.exe
  C:\Windows\System\vGocmgZ.exe
  2⤵
  PID:8340
- C:\Windows\System\bOMqgWi.exe
  C:\Windows\System\bOMqgWi.exe
  2⤵
  PID:8416
- C:\Windows\System\puUwBxy.exe
  C:\Windows\System\puUwBxy.exe
  2⤵
  PID:8484
- C:\Windows\System\jcgNPVz.exe
  C:\Windows\System\jcgNPVz.exe
  2⤵
  PID:8504
- C:\Windows\System\HcMmJwz.exe
  C:\Windows\System\HcMmJwz.exe
  2⤵
  PID:8552
- C:\Windows\System\lXuFKZG.exe
  C:\Windows\System\lXuFKZG.exe
  2⤵
  PID:8640
- C:\Windows\System\bGhgqrp.exe
  C:\Windows\System\bGhgqrp.exe
  2⤵
  PID:8704
- C:\Windows\System\JjWhfQV.exe
  C:\Windows\System\JjWhfQV.exe
  2⤵
  PID:8716
- C:\Windows\System\CZGTzAW.exe
  C:\Windows\System\CZGTzAW.exe
  2⤵
  PID:8788
- C:\Windows\System\UrZKltN.exe
  C:\Windows\System\UrZKltN.exe
  2⤵
  PID:8844
- C:\Windows\System\UTyMCQY.exe
  C:\Windows\System\UTyMCQY.exe
  2⤵
  PID:9068
- C:\Windows\System\EFaiWYA.exe
  C:\Windows\System\EFaiWYA.exe
  2⤵
  PID:9108
- C:\Windows\System\qbQjOQM.exe
  C:\Windows\System\qbQjOQM.exe
  2⤵
  PID:8200
- C:\Windows\System\WMOolnF.exe
  C:\Windows\System\WMOolnF.exe
  2⤵
  PID:9196
- C:\Windows\System\ZIjcprn.exe
  C:\Windows\System\ZIjcprn.exe
  2⤵
  PID:8332
- C:\Windows\System\RhjKMpA.exe
  C:\Windows\System\RhjKMpA.exe
  2⤵
  PID:8536
- C:\Windows\System\OMhmgch.exe
  C:\Windows\System\OMhmgch.exe
  2⤵
  PID:8868
- C:\Windows\System\KMtWfqY.exe
  C:\Windows\System\KMtWfqY.exe
  2⤵
  PID:9028
- C:\Windows\System\KMvoqUp.exe
  C:\Windows\System\KMvoqUp.exe
  2⤵
  PID:9160
- C:\Windows\System\GXgLZbC.exe
  C:\Windows\System\GXgLZbC.exe
  2⤵
  PID:8380
- C:\Windows\System\JQvjJIB.exe
  C:\Windows\System\JQvjJIB.exe
  2⤵
  PID:8952
- C:\Windows\System\GhUtzWD.exe
  C:\Windows\System\GhUtzWD.exe
  2⤵
  PID:8996
- C:\Windows\System\gWTpbcP.exe
  C:\Windows\System\gWTpbcP.exe
  2⤵
  PID:8212
- C:\Windows\System\VPkqZYT.exe
  C:\Windows\System\VPkqZYT.exe
  2⤵
  PID:9220
- C:\Windows\System\cQICsjR.exe
  C:\Windows\System\cQICsjR.exe
  2⤵
  PID:9268
- C:\Windows\System\RzHOVJr.exe
  C:\Windows\System\RzHOVJr.exe
  2⤵
  PID:9296
- C:\Windows\System\KuAzbRa.exe
  C:\Windows\System\KuAzbRa.exe
  2⤵
  PID:9320
- C:\Windows\System\sLcUYUX.exe
  C:\Windows\System\sLcUYUX.exe
  2⤵
  PID:9340
- C:\Windows\System\BaTZiaV.exe
  C:\Windows\System\BaTZiaV.exe
  2⤵
  PID:9388
- C:\Windows\System\encKajD.exe
  C:\Windows\System\encKajD.exe
  2⤵
  PID:9416
- C:\Windows\System\uLYLNqq.exe
  C:\Windows\System\uLYLNqq.exe
  2⤵
  PID:9456
- C:\Windows\System\OtNjXxs.exe
  C:\Windows\System\OtNjXxs.exe
  2⤵
  PID:9476
- C:\Windows\System\ojYgVHt.exe
  C:\Windows\System\ojYgVHt.exe
  2⤵
  PID:9500
- C:\Windows\System\keqkNpL.exe
  C:\Windows\System\keqkNpL.exe
  2⤵
  PID:9524
- C:\Windows\System\EisEMSD.exe
  C:\Windows\System\EisEMSD.exe
  2⤵
  PID:9544
- C:\Windows\System\RwTIlbI.exe
  C:\Windows\System\RwTIlbI.exe
  2⤵
  PID:9568
- C:\Windows\System\wprlDwm.exe
  C:\Windows\System\wprlDwm.exe
  2⤵
  PID:9588
- C:\Windows\System\RvrXXmD.exe
  C:\Windows\System\RvrXXmD.exe
  2⤵
  PID:9628
- C:\Windows\System\bgSqznh.exe
  C:\Windows\System\bgSqznh.exe
  2⤵
  PID:9656
- C:\Windows\System\yVNNGAR.exe
  C:\Windows\System\yVNNGAR.exe
  2⤵
  PID:9688
- C:\Windows\System\AaEVHDR.exe
  C:\Windows\System\AaEVHDR.exe
  2⤵
  PID:9712
- C:\Windows\System\fuzyStc.exe
  C:\Windows\System\fuzyStc.exe
  2⤵
  PID:9732
- C:\Windows\System\OWvwQdM.exe
  C:\Windows\System\OWvwQdM.exe
  2⤵
  PID:9752
- C:\Windows\System\OSHTjHt.exe
  C:\Windows\System\OSHTjHt.exe
  2⤵
  PID:9776
- C:\Windows\System\dSfWTEK.exe
  C:\Windows\System\dSfWTEK.exe
  2⤵
  PID:9800
- C:\Windows\System\tkigxoC.exe
  C:\Windows\System\tkigxoC.exe
  2⤵
  PID:9828
- C:\Windows\System\oCAtKkL.exe
  C:\Windows\System\oCAtKkL.exe
  2⤵
  PID:9852
- C:\Windows\System\KPKGJXw.exe
  C:\Windows\System\KPKGJXw.exe
  2⤵
  PID:9876
- C:\Windows\System\AWVcQfD.exe
  C:\Windows\System\AWVcQfD.exe
  2⤵
  PID:9896
- C:\Windows\System\NjTzfXS.exe
  C:\Windows\System\NjTzfXS.exe
  2⤵
  PID:9960
- C:\Windows\System\WTeKdCf.exe
  C:\Windows\System\WTeKdCf.exe
  2⤵
  PID:9984
- C:\Windows\System\jvpMpUI.exe
  C:\Windows\System\jvpMpUI.exe
  2⤵
  PID:10004
- C:\Windows\System\dJMNmLZ.exe
  C:\Windows\System\dJMNmLZ.exe
  2⤵
  PID:10044
- C:\Windows\System\zvxElxx.exe
  C:\Windows\System\zvxElxx.exe
  2⤵
  PID:10068
- C:\Windows\System\QGChNhL.exe
  C:\Windows\System\QGChNhL.exe
  2⤵
  PID:10096
- C:\Windows\System\UXpXFZP.exe
  C:\Windows\System\UXpXFZP.exe
  2⤵
  PID:10116
- C:\Windows\System\jEyUYYK.exe
  C:\Windows\System\jEyUYYK.exe
  2⤵
  PID:10140
- C:\Windows\System\ZRbRncu.exe
  C:\Windows\System\ZRbRncu.exe
  2⤵
  PID:10164
- C:\Windows\System\zaLJkqm.exe
  C:\Windows\System\zaLJkqm.exe
  2⤵
  PID:10196
- C:\Windows\System\esRGtGl.exe
  C:\Windows\System\esRGtGl.exe
  2⤵
  PID:9172
- C:\Windows\System\hAurFYl.exe
  C:\Windows\System\hAurFYl.exe
  2⤵
  PID:9236
- C:\Windows\System\OLZwPkb.exe
  C:\Windows\System\OLZwPkb.exe
  2⤵
  PID:9332
- C:\Windows\System\qOTbkPL.exe
  C:\Windows\System\qOTbkPL.exe
  2⤵
  PID:9448
- C:\Windows\System\zzSKpGD.exe
  C:\Windows\System\zzSKpGD.exe
  2⤵
  PID:9468
- C:\Windows\System\edDHxVK.exe
  C:\Windows\System\edDHxVK.exe
  2⤵
  PID:9540
- C:\Windows\System\eVxgQKf.exe
  C:\Windows\System\eVxgQKf.exe
  2⤵
  PID:9608
- C:\Windows\System\Ijztggx.exe
  C:\Windows\System\Ijztggx.exe
  2⤵
  PID:9644
- C:\Windows\System\rrlmnDp.exe
  C:\Windows\System\rrlmnDp.exe
  2⤵
  PID:9728
- C:\Windows\System\YxdEMRF.exe
  C:\Windows\System\YxdEMRF.exe
  2⤵
  PID:9808
- C:\Windows\System\LAtnmsY.exe
  C:\Windows\System\LAtnmsY.exe
  2⤵
  PID:9772
- C:\Windows\System\CDEwHGz.exe
  C:\Windows\System\CDEwHGz.exe
  2⤵
  PID:9920
- C:\Windows\System\YuQKKWu.exe
  C:\Windows\System\YuQKKWu.exe
  2⤵
  PID:9948
- C:\Windows\System\KIQOcNP.exe
  C:\Windows\System\KIQOcNP.exe
  2⤵
  PID:10084
- C:\Windows\System\rtqwNEh.exe
  C:\Windows\System\rtqwNEh.exe
  2⤵
  PID:10132
- C:\Windows\System\KIqgozt.exe
  C:\Windows\System\KIqgozt.exe
  2⤵
  PID:10236
- C:\Windows\System\znCNvzU.exe
  C:\Windows\System\znCNvzU.exe
  2⤵
  PID:9316
- C:\Windows\System\uqtMYzn.exe
  C:\Windows\System\uqtMYzn.exe
  2⤵
  PID:9436
- C:\Windows\System\jfNaMCx.exe
  C:\Windows\System\jfNaMCx.exe
  2⤵
  PID:9580
- C:\Windows\System\SOImIBl.exe
  C:\Windows\System\SOImIBl.exe
  2⤵
  PID:9648
- C:\Windows\System\DDzrTNm.exe
  C:\Windows\System\DDzrTNm.exe
  2⤵
  PID:9768
- C:\Windows\System\NfTgcUR.exe
  C:\Windows\System\NfTgcUR.exe
  2⤵
  PID:9976
- C:\Windows\System\OPjqBEq.exe
  C:\Windows\System\OPjqBEq.exe
  2⤵
  PID:10052
- C:\Windows\System\EjEenRt.exe
  C:\Windows\System\EjEenRt.exe
  2⤵
  PID:10232
- C:\Windows\System\qqLWEuD.exe
  C:\Windows\System\qqLWEuD.exe
  2⤵
  PID:9400
- C:\Windows\System\QyORKUx.exe
  C:\Windows\System\QyORKUx.exe
  2⤵
  PID:9848
- C:\Windows\System\UZGpzLz.exe
  C:\Windows\System\UZGpzLz.exe
  2⤵
  PID:10160
- C:\Windows\System\hMcBzDA.exe
  C:\Windows\System\hMcBzDA.exe
  2⤵
  PID:9484
- C:\Windows\System\gEfnAeS.exe
  C:\Windows\System\gEfnAeS.exe
  2⤵
  PID:10248
- C:\Windows\System\XWUTYKd.exe
  C:\Windows\System\XWUTYKd.exe
  2⤵
  PID:10288
- C:\Windows\System\XVKzdvs.exe
  C:\Windows\System\XVKzdvs.exe
  2⤵
  PID:10328
- C:\Windows\System\EaCdIuK.exe
  C:\Windows\System\EaCdIuK.exe
  2⤵
  PID:10360
- C:\Windows\System\ozywoEA.exe
  C:\Windows\System\ozywoEA.exe
  2⤵
  PID:10388
- C:\Windows\System\OVQxyiS.exe
  C:\Windows\System\OVQxyiS.exe
  2⤵
  PID:10452
- C:\Windows\System\DlOfiNj.exe
  C:\Windows\System\DlOfiNj.exe
  2⤵
  PID:10468
- C:\Windows\System\bUoKVOd.exe
  C:\Windows\System\bUoKVOd.exe
  2⤵
  PID:10492
- C:\Windows\System\aQzAglA.exe
  C:\Windows\System\aQzAglA.exe
  2⤵
  PID:10512
- C:\Windows\System\tYjqvUv.exe
  C:\Windows\System\tYjqvUv.exe
  2⤵
  PID:10540
- C:\Windows\System\gjaIvMA.exe
  C:\Windows\System\gjaIvMA.exe
  2⤵
  PID:10580
- C:\Windows\System\pVnkiGz.exe
  C:\Windows\System\pVnkiGz.exe
  2⤵
  PID:10604
- C:\Windows\System\RvyuVKy.exe
  C:\Windows\System\RvyuVKy.exe
  2⤵
  PID:10624
- C:\Windows\System\EqOzMWK.exe
  C:\Windows\System\EqOzMWK.exe
  2⤵
  PID:10640
- C:\Windows\System\DMdaUDY.exe
  C:\Windows\System\DMdaUDY.exe
  2⤵
  PID:10684
- C:\Windows\System\SfLhlkT.exe
  C:\Windows\System\SfLhlkT.exe
  2⤵
  PID:10708
- C:\Windows\System\ONKkXla.exe
  C:\Windows\System\ONKkXla.exe
  2⤵
  PID:10748
- C:\Windows\System\UxPRReG.exe
  C:\Windows\System\UxPRReG.exe
  2⤵
  PID:10768
- C:\Windows\System\FEyULEy.exe
  C:\Windows\System\FEyULEy.exe
  2⤵
  PID:10792
- C:\Windows\System\EjJRuhQ.exe
  C:\Windows\System\EjJRuhQ.exe
  2⤵
  PID:10812
- C:\Windows\System\CzAxvWq.exe
  C:\Windows\System\CzAxvWq.exe
  2⤵
  PID:10872
- C:\Windows\System\ifsxvxq.exe
  C:\Windows\System\ifsxvxq.exe
  2⤵
  PID:10892
- C:\Windows\System\sJaOvvL.exe
  C:\Windows\System\sJaOvvL.exe
  2⤵
  PID:10908
- C:\Windows\System\HECPpzL.exe
  C:\Windows\System\HECPpzL.exe
  2⤵
  PID:10924
- C:\Windows\System\TRHwgMP.exe
  C:\Windows\System\TRHwgMP.exe
  2⤵
  PID:10940
- C:\Windows\System\lrDBnjN.exe
  C:\Windows\System\lrDBnjN.exe
  2⤵
  PID:10956
- C:\Windows\System\usUNmpx.exe
  C:\Windows\System\usUNmpx.exe
  2⤵
  PID:10972
- C:\Windows\System\FtbDJqJ.exe
  C:\Windows\System\FtbDJqJ.exe
  2⤵
  PID:10992
- C:\Windows\System\yCbAJNE.exe
  C:\Windows\System\yCbAJNE.exe
  2⤵
  PID:11016
- C:\Windows\System\PLlKLYD.exe
  C:\Windows\System\PLlKLYD.exe
  2⤵
  PID:11036
- C:\Windows\System\ALpwxsl.exe
  C:\Windows\System\ALpwxsl.exe
  2⤵
  PID:11108
- C:\Windows\System\zSuLLGA.exe
  C:\Windows\System\zSuLLGA.exe
  2⤵
  PID:10276
- C:\Windows\System\beEqOeD.exe
  C:\Windows\System\beEqOeD.exe
  2⤵
  PID:10320
- C:\Windows\System\OeQGZFq.exe
  C:\Windows\System\OeQGZFq.exe
  2⤵
  PID:10424
- C:\Windows\System\BDHCPaq.exe
  C:\Windows\System\BDHCPaq.exe
  2⤵
  PID:10428
- C:\Windows\System\kiYLCAJ.exe
  C:\Windows\System\kiYLCAJ.exe
  2⤵
  PID:10524
- C:\Windows\System\QnvNcOM.exe
  C:\Windows\System\QnvNcOM.exe
  2⤵
  PID:10588
- C:\Windows\System\otyoXTy.exe
  C:\Windows\System\otyoXTy.exe
  2⤵
  PID:10724
- C:\Windows\System\MRHMiyX.exe
  C:\Windows\System\MRHMiyX.exe
  2⤵
  PID:10764
- C:\Windows\System\NGlLHXU.exe
  C:\Windows\System\NGlLHXU.exe
  2⤵
  PID:10864
- C:\Windows\System\KFcXayh.exe
  C:\Windows\System\KFcXayh.exe
  2⤵
  PID:10828
- C:\Windows\System\Zkydayd.exe
  C:\Windows\System\Zkydayd.exe
  2⤵
  PID:10836
- C:\Windows\System\OwIyvYt.exe
  C:\Windows\System\OwIyvYt.exe
  2⤵
  PID:10900
- C:\Windows\System\sFkYwPb.exe
  C:\Windows\System\sFkYwPb.exe
  2⤵
  PID:10984
- C:\Windows\System\zELFovK.exe
  C:\Windows\System\zELFovK.exe
  2⤵
  PID:11160
- C:\Windows\System\CBmjpkL.exe
  C:\Windows\System\CBmjpkL.exe
  2⤵
  PID:11216
- C:\Windows\System\BHyXZiR.exe
  C:\Windows\System\BHyXZiR.exe
  2⤵
  PID:11240
- C:\Windows\System\JflBXOd.exe
  C:\Windows\System\JflBXOd.exe
  2⤵
  PID:10036
- C:\Windows\System\wcXrlhH.exe
  C:\Windows\System\wcXrlhH.exe
  2⤵
  PID:11104
- C:\Windows\System\yMaveSA.exe
  C:\Windows\System\yMaveSA.exe
  2⤵
  PID:10284
- C:\Windows\System\NKaSand.exe
  C:\Windows\System\NKaSand.exe
  2⤵
  PID:10400
- C:\Windows\System\sBiWrRN.exe
  C:\Windows\System\sBiWrRN.exe
  2⤵
  PID:10596
- C:\Windows\System\wWrCPym.exe
  C:\Windows\System\wWrCPym.exe
  2⤵
  PID:10732
- C:\Windows\System\ccASxSa.exe
  C:\Windows\System\ccASxSa.exe
  2⤵
  PID:10784
- C:\Windows\System\ryZvhtf.exe
  C:\Windows\System\ryZvhtf.exe
  2⤵
  PID:10920
- C:\Windows\System\wbbwmds.exe
  C:\Windows\System\wbbwmds.exe
  2⤵
  PID:11192
- C:\Windows\System\qVpcVvf.exe
  C:\Windows\System\qVpcVvf.exe
  2⤵
  PID:11260
- C:\Windows\System\biusZkQ.exe
  C:\Windows\System\biusZkQ.exe
  2⤵
  PID:10352
- C:\Windows\System\pFTnHIN.exe
  C:\Windows\System\pFTnHIN.exe
  2⤵
  PID:10560
- C:\Windows\System\RnJWiYk.exe
  C:\Windows\System\RnJWiYk.exe
  2⤵
  PID:10744
- C:\Windows\System\hNfqRov.exe
  C:\Windows\System\hNfqRov.exe
  2⤵
  PID:10848
- C:\Windows\System\UzgKKeW.exe
  C:\Windows\System\UzgKKeW.exe
  2⤵
  PID:11228
- C:\Windows\System\lGYiwje.exe
  C:\Windows\System\lGYiwje.exe
  2⤵
  PID:10380
- C:\Windows\System\FqwivbV.exe
  C:\Windows\System\FqwivbV.exe
  2⤵
  PID:11272
- C:\Windows\System\UgaQXee.exe
  C:\Windows\System\UgaQXee.exe
  2⤵
  PID:11300
- C:\Windows\System\ahAJqgo.exe
  C:\Windows\System\ahAJqgo.exe
  2⤵
  PID:11324
- C:\Windows\System\rHPoEef.exe
  C:\Windows\System\rHPoEef.exe
  2⤵
  PID:11340
- C:\Windows\System\tjlMnNU.exe
  C:\Windows\System\tjlMnNU.exe
  2⤵
  PID:11368
- C:\Windows\System\QZYJGUU.exe
  C:\Windows\System\QZYJGUU.exe
  2⤵
  PID:11392
- C:\Windows\System\GXIAxoy.exe
  C:\Windows\System\GXIAxoy.exe
  2⤵
  PID:11412
- C:\Windows\System\rdNmzPp.exe
  C:\Windows\System\rdNmzPp.exe
  2⤵
  PID:11436
- C:\Windows\System\tLXBYKH.exe
  C:\Windows\System\tLXBYKH.exe
  2⤵
  PID:11456
- C:\Windows\System\YGrsGeA.exe
  C:\Windows\System\YGrsGeA.exe
  2⤵
  PID:11508
- C:\Windows\System\SOSbbYL.exe
  C:\Windows\System\SOSbbYL.exe
  2⤵
  PID:11544
- C:\Windows\System\FPBZFRW.exe
  C:\Windows\System\FPBZFRW.exe
  2⤵
  PID:11576
- C:\Windows\System\SpATRIS.exe
  C:\Windows\System\SpATRIS.exe
  2⤵
  PID:11596
- C:\Windows\System\JcTmTwm.exe
  C:\Windows\System\JcTmTwm.exe
  2⤵
  PID:11624
- C:\Windows\System\ByEqmNX.exe
  C:\Windows\System\ByEqmNX.exe
  2⤵
  PID:11676
- C:\Windows\System\hfzcrqM.exe
  C:\Windows\System\hfzcrqM.exe
  2⤵
  PID:11780
- C:\Windows\System\XsPrjnu.exe
  C:\Windows\System\XsPrjnu.exe
  2⤵
  PID:11804
- C:\Windows\System\HZtbgrr.exe
  C:\Windows\System\HZtbgrr.exe
  2⤵
  PID:11852
- C:\Windows\System\EKQnAAR.exe
  C:\Windows\System\EKQnAAR.exe
  2⤵
  PID:11876
- C:\Windows\System\BUqWbkY.exe
  C:\Windows\System\BUqWbkY.exe
  2⤵
  PID:11896
- C:\Windows\System\KuMcWZA.exe
  C:\Windows\System\KuMcWZA.exe
  2⤵
  PID:11928
- C:\Windows\System\mIFdJoq.exe
  C:\Windows\System\mIFdJoq.exe
  2⤵
  PID:11952
- C:\Windows\System\IGuROaN.exe
  C:\Windows\System\IGuROaN.exe
  2⤵
  PID:11980
- C:\Windows\System\SzKRGFf.exe
  C:\Windows\System\SzKRGFf.exe
  2⤵
  PID:12004
- C:\Windows\System\cMuuLzs.exe
  C:\Windows\System\cMuuLzs.exe
  2⤵
  PID:12024
- C:\Windows\System\hKnFOSb.exe
  C:\Windows\System\hKnFOSb.exe
  2⤵
  PID:12068
- C:\Windows\System\FNOEnKF.exe
  C:\Windows\System\FNOEnKF.exe
  2⤵
  PID:12092
- C:\Windows\System\RgrbSLQ.exe
  C:\Windows\System\RgrbSLQ.exe
  2⤵
  PID:12120
- C:\Windows\System\YkNKyhd.exe
  C:\Windows\System\YkNKyhd.exe
  2⤵
  PID:12136
- C:\Windows\System\BatWvED.exe
  C:\Windows\System\BatWvED.exe
  2⤵
  PID:12180
- C:\Windows\System\HLgoPqW.exe
  C:\Windows\System\HLgoPqW.exe
  2⤵
  PID:12204
- C:\Windows\System\BByfspv.exe
  C:\Windows\System\BByfspv.exe
  2⤵
  PID:12232
- C:\Windows\System\PFpmcBK.exe
  C:\Windows\System\PFpmcBK.exe
  2⤵
  PID:12264
- C:\Windows\System\cnaljEv.exe
  C:\Windows\System\cnaljEv.exe
  2⤵
  PID:11168
- C:\Windows\System\UqmRoEo.exe
  C:\Windows\System\UqmRoEo.exe
  2⤵
  PID:11348
- C:\Windows\System\wdFrOmW.exe
  C:\Windows\System\wdFrOmW.exe
  2⤵
  PID:11356
- C:\Windows\System\tAlQxdH.exe
  C:\Windows\System\tAlQxdH.exe
  2⤵
  PID:11488
- C:\Windows\System\FfmpptZ.exe
  C:\Windows\System\FfmpptZ.exe
  2⤵
  PID:11504
- C:\Windows\System\wEmFojX.exe
  C:\Windows\System\wEmFojX.exe
  2⤵
  PID:11552
- C:\Windows\System\SzffhLX.exe
  C:\Windows\System\SzffhLX.exe
  2⤵
  PID:11592
- C:\Windows\System\zVRuHoR.exe
  C:\Windows\System\zVRuHoR.exe
  2⤵
  PID:11716
- C:\Windows\System\PreDDDD.exe
  C:\Windows\System\PreDDDD.exe
  2⤵
  PID:11732
- C:\Windows\System\fJKckWj.exe
  C:\Windows\System\fJKckWj.exe
  2⤵
  PID:11760
- C:\Windows\System\dJSwrrf.exe
  C:\Windows\System\dJSwrrf.exe
  2⤵
  PID:11660
- C:\Windows\System\mAgFeNW.exe
  C:\Windows\System\mAgFeNW.exe
  2⤵
  PID:11828
- C:\Windows\System\DZpqbfu.exe
  C:\Windows\System\DZpqbfu.exe
  2⤵
  PID:11924
- C:\Windows\System\aNElTjm.exe
  C:\Windows\System\aNElTjm.exe
  2⤵
  PID:11972
- C:\Windows\System\rmKVYbo.exe
  C:\Windows\System\rmKVYbo.exe
  2⤵
  PID:11992
- C:\Windows\System\TicpejA.exe
  C:\Windows\System\TicpejA.exe
  2⤵
  PID:12056
- C:\Windows\System\fpmpgmU.exe
  C:\Windows\System\fpmpgmU.exe
  2⤵
  PID:12152
- C:\Windows\System\lwtGiNm.exe
  C:\Windows\System\lwtGiNm.exe
  2⤵
  PID:2192
- C:\Windows\System\rysBqgt.exe
  C:\Windows\System\rysBqgt.exe
  2⤵
  PID:12212
- C:\Windows\System\mknzgSc.exe
  C:\Windows\System\mknzgSc.exe
  2⤵
  PID:12256
- C:\Windows\System\eeJNAEb.exe
  C:\Windows\System\eeJNAEb.exe
  2⤵
  PID:12280
- C:\Windows\System\fdOHSyn.exe
  C:\Windows\System\fdOHSyn.exe
  2⤵
  PID:11408
- C:\Windows\System\HXeOTfR.exe
  C:\Windows\System\HXeOTfR.exe
  2⤵
  PID:11696
- C:\Windows\System\ofxLhmD.exe
  C:\Windows\System\ofxLhmD.exe
  2⤵
  PID:11712
- C:\Windows\System\kRuWHdm.exe
  C:\Windows\System\kRuWHdm.exe
  2⤵
  PID:11844
- C:\Windows\System\arhikvF.exe
  C:\Windows\System\arhikvF.exe
  2⤵
  PID:11872
- C:\Windows\System\ETirsBJ.exe
  C:\Windows\System\ETirsBJ.exe
  2⤵
  PID:12156
- C:\Windows\System\igrnWHu.exe
  C:\Windows\System\igrnWHu.exe
  2⤵
  PID:11420
- C:\Windows\System\PmMtPWV.exe
  C:\Windows\System\PmMtPWV.exe
  2⤵
  PID:11768
- C:\Windows\System\DwNEnBr.exe
  C:\Windows\System\DwNEnBr.exe
  2⤵
  PID:12112
- C:\Windows\System\FlfSoes.exe
  C:\Windows\System\FlfSoes.exe
  2⤵
  PID:11916
- C:\Windows\System\ZPOjvkT.exe
  C:\Windows\System\ZPOjvkT.exe
  2⤵
  PID:12304
- C:\Windows\System\avjJOWX.exe
  C:\Windows\System\avjJOWX.exe
  2⤵
  PID:12328
- C:\Windows\System\cNxmFyi.exe
  C:\Windows\System\cNxmFyi.exe
  2⤵
  PID:12352
- C:\Windows\System\AICevGB.exe
  C:\Windows\System\AICevGB.exe
  2⤵
  PID:12400
- C:\Windows\System\ttACzwK.exe
  C:\Windows\System\ttACzwK.exe
  2⤵
  PID:12420
- C:\Windows\System\bfbZxGb.exe
  C:\Windows\System\bfbZxGb.exe
  2⤵
  PID:12448
- C:\Windows\System\aAPksDo.exe
  C:\Windows\System\aAPksDo.exe
  2⤵
  PID:12472
- C:\Windows\System\rqlDRjC.exe
  C:\Windows\System\rqlDRjC.exe
  2⤵
  PID:12516
- C:\Windows\System\eKklnYr.exe
  C:\Windows\System\eKklnYr.exe
  2⤵
  PID:12540
- C:\Windows\System\AklZCIg.exe
  C:\Windows\System\AklZCIg.exe
  2⤵
  PID:12560
- C:\Windows\System\ytbVgEP.exe
  C:\Windows\System\ytbVgEP.exe
  2⤵
  PID:12588
- C:\Windows\System\USahqGc.exe
  C:\Windows\System\USahqGc.exe
  2⤵
  PID:12612
- C:\Windows\System\rjFrhBr.exe
  C:\Windows\System\rjFrhBr.exe
  2⤵
  PID:12632
- C:\Windows\System\Vejgvhd.exe
  C:\Windows\System\Vejgvhd.exe
  2⤵
  PID:12660
- C:\Windows\System\gBkNbZk.exe
  C:\Windows\System\gBkNbZk.exe
  2⤵
  PID:12692
- C:\Windows\System\PPeDoBC.exe
  C:\Windows\System\PPeDoBC.exe
  2⤵
  PID:12716
- C:\Windows\System\RpmaMyN.exe
  C:\Windows\System\RpmaMyN.exe
  2⤵
  PID:12736
- C:\Windows\System\DAijJOZ.exe
  C:\Windows\System\DAijJOZ.exe
  2⤵
  PID:12756
- C:\Windows\System\fbJYRtD.exe
  C:\Windows\System\fbJYRtD.exe
  2⤵
  PID:12780
- C:\Windows\System\bYKRaWn.exe
  C:\Windows\System\bYKRaWn.exe
  2⤵
  PID:12832
- C:\Windows\System\vRPZgvd.exe
  C:\Windows\System\vRPZgvd.exe
  2⤵
  PID:12860
- C:\Windows\System\hrzjtyE.exe
  C:\Windows\System\hrzjtyE.exe
  2⤵
  PID:12888
- C:\Windows\System\pJgwZxW.exe
  C:\Windows\System\pJgwZxW.exe
  2⤵
  PID:12912
- C:\Windows\System\oubLfKJ.exe
  C:\Windows\System\oubLfKJ.exe
  2⤵
  PID:12956
- C:\Windows\System\DDpoKpC.exe
  C:\Windows\System\DDpoKpC.exe
  2⤵
  PID:12984
- C:\Windows\System\FGtHMls.exe
  C:\Windows\System\FGtHMls.exe
  2⤵
  PID:13004
- C:\Windows\System\hhZKdVM.exe
  C:\Windows\System\hhZKdVM.exe
  2⤵
  PID:13032
- C:\Windows\System\mCpqdjz.exe
  C:\Windows\System\mCpqdjz.exe
  2⤵
  PID:13056
- C:\Windows\System\THvCRDQ.exe
  C:\Windows\System\THvCRDQ.exe
  2⤵
  PID:13076
- C:\Windows\System\fkMtevB.exe
  C:\Windows\System\fkMtevB.exe
  2⤵
  PID:13108
- C:\Windows\System\wjKuIex.exe
  C:\Windows\System\wjKuIex.exe
  2⤵
  PID:13148
- C:\Windows\System\tVrMcdA.exe
  C:\Windows\System\tVrMcdA.exe
  2⤵
  PID:13168
- C:\Windows\System\UYbBGps.exe
  C:\Windows\System\UYbBGps.exe
  2⤵
  PID:13192
- C:\Windows\System\agCsXzI.exe
  C:\Windows\System\agCsXzI.exe
  2⤵
  PID:13220
- C:\Windows\System\ujNPIXx.exe
  C:\Windows\System\ujNPIXx.exe
  2⤵
  PID:13240
- C:\Windows\System\opiYgav.exe
  C:\Windows\System\opiYgav.exe
  2⤵
  PID:13284
- C:\Windows\System\dLWvqyU.exe
  C:\Windows\System\dLWvqyU.exe
  2⤵
  PID:12320
- C:\Windows\System\KExEHPV.exe
  C:\Windows\System\KExEHPV.exe
  2⤵
  PID:12412
- C:\Windows\System\VmwDNUF.exe
  C:\Windows\System\VmwDNUF.exe
  2⤵
  PID:12460
- C:\Windows\System\svTjjnh.exe
  C:\Windows\System\svTjjnh.exe
  2⤵
  PID:12488
- C:\Windows\System\yHUyyLm.exe
  C:\Windows\System\yHUyyLm.exe
  2⤵
  PID:12568
- C:\Windows\System\KoWUwOq.exe
  C:\Windows\System\KoWUwOq.exe
  2⤵
  PID:12648
- C:\Windows\System\tmDiRFL.exe
  C:\Windows\System\tmDiRFL.exe
  2⤵
  PID:12704
- C:\Windows\System\pKDXWqa.exe
  C:\Windows\System\pKDXWqa.exe
  2⤵
  PID:12788
- C:\Windows\System\NsuEuWJ.exe
  C:\Windows\System\NsuEuWJ.exe
  2⤵
  PID:12880
- C:\Windows\System\qDMBYSQ.exe
  C:\Windows\System\qDMBYSQ.exe
  2⤵
  PID:12948
- C:\Windows\System\wTuYDYV.exe
  C:\Windows\System\wTuYDYV.exe
  2⤵
  PID:13028
- C:\Windows\System\kmARaPq.exe
  C:\Windows\System\kmARaPq.exe
  2⤵
  PID:13048
- C:\Windows\System\OxmyxFA.exe
  C:\Windows\System\OxmyxFA.exe
  2⤵
  PID:13212
- C:\Windows\System\TSbezzm.exe
  C:\Windows\System\TSbezzm.exe
  2⤵
  PID:13184
- C:\Windows\System\ciUPUMo.exe
  C:\Windows\System\ciUPUMo.exe
  2⤵
  PID:13280
- C:\Windows\System\YpNPtuy.exe
  C:\Windows\System\YpNPtuy.exe
  2⤵
  PID:12260
- C:\Windows\System\LAVhaud.exe
  C:\Windows\System\LAVhaud.exe
  2⤵
  PID:12408
- C:\Windows\System\DQXKyZf.exe
  C:\Windows\System\DQXKyZf.exe
  2⤵
  PID:12444
- C:\Windows\System\omLNDIc.exe
  C:\Windows\System\omLNDIc.exe
  2⤵
  PID:12684
- C:\Windows\System\nEfvHsA.exe
  C:\Windows\System\nEfvHsA.exe
  2⤵
  PID:12812
- C:\Windows\System\JCthOMH.exe
  C:\Windows\System\JCthOMH.exe
  2⤵
  PID:13024
- C:\Windows\System\XpSQwFp.exe
  C:\Windows\System\XpSQwFp.exe
  2⤵
  PID:13136
- C:\Windows\System\EBUepAF.exe
  C:\Windows\System\EBUepAF.exe
  2⤵
  PID:13232
- C:\Windows\System\KLPABMt.exe
  C:\Windows\System\KLPABMt.exe
  2⤵
  PID:13292
- C:\Windows\System\mKVfMxe.exe
  C:\Windows\System\mKVfMxe.exe
  2⤵
  PID:12996
- C:\Windows\System\hkZWfqK.exe
  C:\Windows\System\hkZWfqK.exe
  2⤵
  PID:11744
- C:\Windows\System\jrAeOlV.exe
  C:\Windows\System\jrAeOlV.exe
  2⤵
  PID:12776
- C:\Windows\System\GoqQEUE.exe
  C:\Windows\System\GoqQEUE.exe
  2⤵
  PID:13320
- C:\Windows\System\ocTLKeK.exe
  C:\Windows\System\ocTLKeK.exe
  2⤵
  PID:13348
- C:\Windows\System\hJrjAkk.exe
  C:\Windows\System\hJrjAkk.exe
  2⤵
  PID:13372
- C:\Windows\System\yWfdGKS.exe
  C:\Windows\System\yWfdGKS.exe
  2⤵
  PID:13388
- C:\Windows\System\zgFPWrB.exe
  C:\Windows\System\zgFPWrB.exe
  2⤵
  PID:13440
- C:\Windows\System\VQcatKd.exe
  C:\Windows\System\VQcatKd.exe
  2⤵
  PID:13472
- C:\Windows\System\SDbjuQY.exe
  C:\Windows\System\SDbjuQY.exe
  2⤵
  PID:13496
- C:\Windows\System\xcIPDqO.exe
  C:\Windows\System\xcIPDqO.exe
  2⤵
  PID:13528
- C:\Windows\System\usZKaTx.exe
  C:\Windows\System\usZKaTx.exe
  2⤵
  PID:13552
- C:\Windows\System\Qcwsmoz.exe
  C:\Windows\System\Qcwsmoz.exe
  2⤵
  PID:13592
- C:\Windows\System\lAfdjLh.exe
  C:\Windows\System\lAfdjLh.exe
  2⤵
  PID:13612
- C:\Windows\System\OtPCXys.exe
  C:\Windows\System\OtPCXys.exe
  2⤵
  PID:13640
- C:\Windows\System\lMCSyYs.exe
  C:\Windows\System\lMCSyYs.exe
  2⤵
  PID:13664
- C:\Windows\System\XarFImv.exe
  C:\Windows\System\XarFImv.exe
  2⤵
  PID:13708
- C:\Windows\System\ApthAdW.exe
  C:\Windows\System\ApthAdW.exe
  2⤵
  PID:13732
- C:\Windows\System\sTbMsyG.exe
  C:\Windows\System\sTbMsyG.exe
  2⤵
  PID:13748
- C:\Windows\System\gAiEejv.exe
  C:\Windows\System\gAiEejv.exe
  2⤵
  PID:13784
- C:\Windows\System\RBchBjd.exe
  C:\Windows\System\RBchBjd.exe
  2⤵
  PID:13820
- C:\Windows\System\TyPOBeg.exe
  C:\Windows\System\TyPOBeg.exe
  2⤵
  PID:13844
- C:\Windows\System\GyXqjdQ.exe
  C:\Windows\System\GyXqjdQ.exe
  2⤵
  PID:13864
- C:\Windows\System\yTkfSUn.exe
  C:\Windows\System\yTkfSUn.exe
  2⤵
  PID:13892
- C:\Windows\System\cWPZTxW.exe
  C:\Windows\System\cWPZTxW.exe
  2⤵
  PID:13920
- C:\Windows\System\EDOfqSx.exe
  C:\Windows\System\EDOfqSx.exe
  2⤵
  PID:13948
- C:\Windows\System\qHfIjBz.exe
  C:\Windows\System\qHfIjBz.exe
  2⤵
  PID:13976
- C:\Windows\System\RqJDmLG.exe
  C:\Windows\System\RqJDmLG.exe
  2⤵
  PID:14004
- C:\Windows\System\Tazfrzc.exe
  C:\Windows\System\Tazfrzc.exe
  2⤵
  PID:14028
- C:\Windows\System\XBaQJqZ.exe
  C:\Windows\System\XBaQJqZ.exe
  2⤵
  PID:14044
- C:\Windows\System\lJqVIKe.exe
  C:\Windows\System\lJqVIKe.exe
  2⤵
  PID:14060
- C:\Windows\System\wsKoPkU.exe
  C:\Windows\System\wsKoPkU.exe
  2⤵
  PID:14088
- C:\Windows\System\ZYOBywu.exe
  C:\Windows\System\ZYOBywu.exe
  2⤵
  PID:14112
- C:\Windows\System\RuHbzOV.exe
  C:\Windows\System\RuHbzOV.exe
  2⤵
  PID:14160
- C:\Windows\System\rimsDyV.exe
  C:\Windows\System\rimsDyV.exe
  2⤵
  PID:14188
- C:\Windows\System\qxxfpRQ.exe
  C:\Windows\System\qxxfpRQ.exe
  2⤵
  PID:14208
- C:\Windows\System\cCjjzxv.exe
  C:\Windows\System\cCjjzxv.exe
  2⤵
  PID:14228
- C:\Windows\System\fYlAbUi.exe
  C:\Windows\System\fYlAbUi.exe
  2⤵
  PID:14276
- C:\Windows\System\cchXuJh.exe
  C:\Windows\System\cchXuJh.exe
  2⤵
  PID:14324
- C:\Windows\System\atSCvkR.exe
  C:\Windows\System\atSCvkR.exe
  2⤵
  PID:13316
- C:\Windows\System\RekYhFX.exe
  C:\Windows\System\RekYhFX.exe
  2⤵
  PID:13364
- C:\Windows\System\DmZRHps.exe
  C:\Windows\System\DmZRHps.exe
  2⤵
  PID:376
- C:\Windows\System\tsIlZiT.exe
  C:\Windows\System\tsIlZiT.exe
  2⤵
  PID:13448
- C:\Windows\System\pPYxaPS.exe
  C:\Windows\System\pPYxaPS.exe
  2⤵
  PID:13536
- C:\Windows\System\zVRxsvl.exe
  C:\Windows\System\zVRxsvl.exe
  2⤵
  PID:13608
- C:\Windows\System\KMgREay.exe
  C:\Windows\System\KMgREay.exe
  2⤵
  PID:13728
- C:\Windows\System\vBsSWru.exe
  C:\Windows\System\vBsSWru.exe
  2⤵
  PID:13800
- C:\Windows\System\auaGkXp.exe
  C:\Windows\System\auaGkXp.exe
  2⤵
  PID:4212
- C:\Windows\System\fxoOHWi.exe
  C:\Windows\System\fxoOHWi.exe
  2⤵
  PID:13856
- C:\Windows\System\lrErekc.exe
  C:\Windows\System\lrErekc.exe
  2⤵
  PID:13888
- C:\Windows\System\bNOrIeO.exe
  C:\Windows\System\bNOrIeO.exe
  2⤵
  PID:13908
- C:\Windows\System\xgukVzW.exe
  C:\Windows\System\xgukVzW.exe
  2⤵
  PID:14016
- C:\Windows\System\qyXrUMc.exe
  C:\Windows\System\qyXrUMc.exe
  2⤵
  PID:13996
- C:\Windows\System\wpCDxGV.exe
  C:\Windows\System\wpCDxGV.exe
  2⤵
  PID:4100
- C:\Windows\System\nKIPDiM.exe
  C:\Windows\System\nKIPDiM.exe
  2⤵
  PID:13468
- C:\Windows\System\GcolsFY.exe
  C:\Windows\System\GcolsFY.exe
  2⤵
  PID:13400
- C:\Windows\System\UVTZmNF.exe
  C:\Windows\System\UVTZmNF.exe
  2⤵
  PID:13580
- C:\Windows\System\sqamahd.exe
  C:\Windows\System\sqamahd.exe
  2⤵
  PID:13648
- C:\Windows\System\TNOafOl.exe
  C:\Windows\System\TNOafOl.exe
  2⤵
  PID:13744
- C:\Windows\System\arpqssT.exe
  C:\Windows\System\arpqssT.exe
  2⤵
  PID:13816
- C:\Windows\System\EQQEQHs.exe
  C:\Windows\System\EQQEQHs.exe
  2⤵
  PID:13860
- C:\Windows\System\zUodFOd.exe
  C:\Windows\System\zUodFOd.exe
  2⤵
  PID:13968
- C:\Windows\System\tQNNnBg.exe
  C:\Windows\System\tQNNnBg.exe
  2⤵
  PID:13984
- C:\Windows\System\VnLshXR.exe
  C:\Windows\System\VnLshXR.exe
  2⤵
  PID:14056
- C:\Windows\System\OuNJTNN.exe
  C:\Windows\System\OuNJTNN.exe
  2⤵
  PID:14052
- C:\Windows\System\LajdBGF.exe
  C:\Windows\System\LajdBGF.exe
  2⤵
  PID:14340
- C:\Windows\System\RGGQqGX.exe
  C:\Windows\System\RGGQqGX.exe
  2⤵
  PID:14356
- C:\Windows\System\JJLwnlD.exe
  C:\Windows\System\JJLwnlD.exe
  2⤵
  PID:14372
- C:\Windows\System\gnTwEeV.exe
  C:\Windows\System\gnTwEeV.exe
  2⤵
  PID:14392
- C:\Windows\System\GbxMynm.exe
  C:\Windows\System\GbxMynm.exe
  2⤵
  PID:14412
- C:\Windows\System\MZhWtKR.exe
  C:\Windows\System\MZhWtKR.exe
  2⤵
  PID:14428
- C:\Windows\System\fLGcIxR.exe
  C:\Windows\System\fLGcIxR.exe
  2⤵
  PID:14448
- C:\Windows\System\xNYMpPY.exe
  C:\Windows\System\xNYMpPY.exe
  2⤵
  PID:14480
- C:\Windows\System\Nkfzllk.exe
  C:\Windows\System\Nkfzllk.exe
  2⤵
  PID:14552
- C:\Windows\System\ZXoHprN.exe
  C:\Windows\System\ZXoHprN.exe
  2⤵
  PID:14644
- C:\Windows\System\XRluEFy.exe
  C:\Windows\System\XRluEFy.exe
  2⤵
  PID:14764
- C:\Windows\System\aWitQud.exe
  C:\Windows\System\aWitQud.exe
  2⤵
  PID:15088

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AAErqVU.exe

Filesize
1.8MB

MD5
dfe0f331571634a21b7ccdec1a2d4f58

SHA1
24c8d3b66f1f4c728d1238441d5abfeaaedc6ec7

SHA256
fafb4ff17d284dc9601f505377b64d3bb41c08b00b5496a9859676509c634f0f

SHA512
96852423fadce27bab848ca9970cd17ce94171fd581faa6b3bebfcd6187711ecbb01b16923a762e513bf79f92aa0a5031aac29a226ca5e8b4f5fb5094985993a

Download Submit
C:\Windows\System\GjpnUXr.exe

Filesize
1.8MB

MD5
147c2a2b52180ec5d38d84236d6bf235

SHA1
035bbe2d3a433eb912e7c0c3d8a5037e4fb6b9f6

SHA256
f1b09d7ad7d740023d2aa621f140b8f2d7b44900a35174504787d10f5e2b0ede

SHA512
2cc7ff43335828a4940be1afe8eae85987fa2c95b12e98de6ddb5b1e2152d0d0553a538fdfdbe1bbb48c02ee4a3d3a9b23753ad25cc4327ccb06ecb72a8877e5

Download Submit
C:\Windows\System\IUqPqaV.exe

Filesize
1.8MB

MD5
b58c4e7aee5dca555b78fe3a0bf25976

SHA1
92baee9cf209b6eaf1a171ea26df8f9fc39d59fd

SHA256
0b970d6376d7cb866db0ab435e10925efeeeb27f34bdb2a3732d37731accb0a9

SHA512
8800baa889a5e22bbd02bb9d93e8b9d72a19853420715e99f8d1cfdbd08c64819d1d86f3e76b2c7c6c424c0fc8d81c3ff3b6d856984b18e4539f16345d1209cc

Download Submit
C:\Windows\System\JlNdGun.exe

Filesize
1.8MB

MD5
95c553c08962dadb228b0e8fc394fb33

SHA1
aafc977e8ae67e493f3310c44649480b1f72d577

SHA256
a05faeb8bd4bafb45e3b01fb4bf34f80b597f8c4ea314c13c29635e09859b688

SHA512
fb341e924fb1379bb5a7ae8a0d9643aaa1ab4fdfd260a14b23bb461c69c521ac3d974ed5811f6d229fc8706d048d0dc944399ac7fd6a0632f090bad89e0b9071

Download Submit
C:\Windows\System\KvLgvDX.exe

Filesize
1.8MB

MD5
9bf7fa9f144a8108d14a43e0d35c8b61

SHA1
a328520d5bc294ea7bc9e28388d0ff7bcd639146

SHA256
33b4ce5ab71d5cc81edaffe0e3cbfa70ad62485af6e77343cb54c9f5e1684f47

SHA512
3f4a4db584d738c67a99deea68de8643e3bd815013f68126b120b2d547b4f4c89bef81869a015dcf2e71c0670ea4c865923f0906eb665a92b94dadf8196a9918

Download Submit
C:\Windows\System\LJUFBPs.exe

Filesize
1.8MB

MD5
d3af670491bd30924e6917eb8e2ddd52

SHA1
3b4a90357361add590596cec1fdc951fe3a93e13

SHA256
f1b6ed3639f8e5c6ace231b19a5c1107298f45fa35bcbfef46e81588d52d5d67

SHA512
266b46679412ebaf362992b567094cee84e16e1e8ec36af5f8cad458ea8fcbae17b7247a1135b23b5f007c693d743278b256cd2ca1c8c82a406c7b04f5a6a9ae

Download Submit
C:\Windows\System\OHqnESF.exe

Filesize
1.8MB

MD5
a9d63a24cd07aba7e0a2836d99bf2ec5

SHA1
0f5805db4d8f32d8b02fe984a74323364af19d49

SHA256
4d53f45070f6934eae244911f78d367ecefc30d270dde4642603c91c201daa0a

SHA512
13e23901f16c81cd4fc4dce21170dbe556c126cb638b7114b68b652a7c0a7c048d55ab1868dec488feb5724b417da4a8e4a39dd06003d2d20ee03fda03ed09ca

Download Submit
C:\Windows\System\OklcgWD.exe

Filesize
1.8MB

MD5
a834f0fc678616460704f34134556ae4

SHA1
753f4a49fe1133d44cb5c12e79b2544bd4f4b8c9

SHA256
eb16851ee8658a29f3c38a6bf3b89bb8b542ae18a32a09b0a9766560fae6d3b0

SHA512
ff7efa3d68748c885a703b9d108e92630e9bbf5b4052bc808fcef7de21c09e0ad5905bc2af890792488a5e8c1196fad25ac104588588f778a949eee1ef6bd81e

Download Submit
C:\Windows\System\PCjoRlP.exe

Filesize
1.8MB

MD5
adb1c266182ee68461a41ae27d87403c

SHA1
fdcefb4860bb784a00b0e259acb0a5fe27604ca8

SHA256
4d5e62b9338dee3324c5eae0150cdbb71d4d55e1a839ee2cfb4ccca3149e2bfc

SHA512
573d82bd3649d218dff36408ab16792f8a61dd761c7ecd78d000aa3747b0f33769dcc706da527f5fdf3f2c36805f8cd87b9fef2e77f015d6c78360b4fb857c34

Download Submit
C:\Windows\System\PFzRGof.exe

Filesize
1.8MB

MD5
aec77937f424f86312c1ccfcee722ae3

SHA1
d3b2e421a0776d8717b4b223074fd1ebec202bef

SHA256
fcb1c40c1b2e9ea2fb65c5327da8025974778ad4b5c618eac43812d92681b18a

SHA512
69947357aa411d8aad2a02b5c5b2f098882f421fc57b2b7f647ec9da41d1d798d7aec08a4788b99b091e9f0858c82d26e096e903fccb7beac2fa3245cf68d4da

Download Submit
C:\Windows\System\RMsfDqm.exe

Filesize
1.8MB

MD5
a79691dcbd839d95dce5947828f1fcbb

SHA1
3f099ca1ff50a312f2141ea53b65c5ea0fe5aea1

SHA256
469652be737098fe6af0f72246b19048b71e31b420c7964b7d8f981925a9eae3

SHA512
318fbb732cabe3a8d519d84db09326f9f10e96cf4263ab6c113edd9e70eae1285faad18d122282eac71300338202375849989609cf7656fe347be2fe99ad4e95

Download Submit
C:\Windows\System\SulzAlb.exe

Filesize
1.8MB

MD5
655418b55d1c0dbf1164ddbc85c6b90a

SHA1
412f4a707510bc812b66c40844ac3b08c3b73f8f

SHA256
e306e0478b7dba3e147449c4e3da2a4be9f157c51eff11e78484e562d1726dd7

SHA512
0a5a3aee7ab6770768cf689bbc7f303f59b08b9ea39811def035e864c4982415e65dd2f8a1074f3a7a9abd763b341982e1cc0d26903a92c10fdeca4a5803b680

Download Submit
C:\Windows\System\TdEkXlp.exe

Filesize
1.8MB

MD5
efc5216337aa20f923d4d5430c13e7ed

SHA1
5099a39302fe383dbff5e34c7af494bc64231c6f

SHA256
5f2b3a4c26f99432ea8eb33b496a46b6a9f81215ce887985a77b0dbc8245f4ee

SHA512
f8cbe1aed7172614bc23f6b64828c1c0f8f8a2b5d86911873aa92d298721acf07f459bdb3b99b1461c589949a8b146fdcbaeb4df5d6da415fde4e06b58ef711c

Download Submit
C:\Windows\System\UYXnRuo.exe

Filesize
1.8MB

MD5
03a4c093f513d8ef9d8a249c802c5f91

SHA1
6b3be67cf253a74a65d42ec8f61af472c5244c40

SHA256
fbb54546ed75660086e1eb04abf93417b2dd87101eaca0961682443cd3d3886a

SHA512
9f4a847ae428e738cfe01342932c6d1e6b4a7658fbeaaf9121338f2079260cf13448db5af5913f70cedd1f83adf63be585edfc8acc425ff86db93465a538a3be

Download Submit
C:\Windows\System\VrmGtIl.exe

Filesize
1.8MB

MD5
3bc855cb4e609a70e6d3896dc28992d2

SHA1
ea62731f8122d161108b28e62cee2013ca6802a6

SHA256
7bbf2938f5b360680f20628dce5d0c3a9e8a4d611d05d5b87ba81c9bfd98674f

SHA512
82220050a0f9ab7274a6438ead782e149b58abb16cefdcb68b23290d22338776fd23e990f9e77891f0ed1b4472ad20a434b75f6aa3f0cccd138ef56836d96916

Download Submit
C:\Windows\System\YIUTWJt.exe

Filesize
1.8MB

MD5
c8393965811a9ff9ac66168527b7c2d6

SHA1
36f167b5a9553b3aec96747c53b488eebb62234a

SHA256
541df182c76081a0a09393d03406ceffe3de14e2ce43aa5dc0da248ae3915b5c

SHA512
775b8beff560a5d422f1687a14cda19abab0f9177b09be740e434230927a594259ac961e5bba35dd84a99f84249d8f2eaaab98552f39181a5c78c7d25353715a

Download Submit
C:\Windows\System\YMJkYjI.exe

Filesize
1.8MB

MD5
07a50e52b7aa9a2c2a9153a3c4fc8147

SHA1
f2a7286cc60afabda5ef1924761eb59753a17dc4

SHA256
8a12801ac286da8db5d5f267327331735475c8f371949dffd7ac95e202540563

SHA512
6461f4e212cd63b39836256d713e86f8db0e8fa328eff5090ae16189de03387605152d9a30b3bfeb5b2e525fa0ac5dc4d41f49388c32856d08efd0cbb857f002

Download Submit
C:\Windows\System\ZYoThNc.exe

Filesize
1.8MB

MD5
32180f0e346d3018e53b9303e6f81005

SHA1
2f5464408f6bdae894dfd72a1b569fac1c4fa8ab

SHA256
62937633f81088780608b4972839e44b24fe7c6e66e304f6ffe78f27afbe03c2

SHA512
30cc671ca8fed3a63921b342491266e0f15bf3ac451c8c0493cf638284109f91532757af67fd806c4c48a02118a50b1ac0bf099251674d30bbb976ee8756d54d

Download Submit
C:\Windows\System\cAuXYNP.exe

Filesize
1.8MB

MD5
f04d8366339f28e599cdb8309be4f245

SHA1
bf0dbbc79639ee979dc18ca010d1f38995a1334f

SHA256
cb0f8eec58056d4fbfc1665a5607be7dc515d39071210afbae95ddfe9d910eaf

SHA512
0f6d4d7ef669763310b90a956f43b3ea4612246e97d475ba9011d4f0cee5421949842d25734d743b90a592e9fdb48ade6be21f00baa462f10a1bc9663d8f037c

Download Submit
C:\Windows\System\dIlEitz.exe

Filesize
1.8MB

MD5
cd0ffbc09023a6cf1fc6d742b54213fa

SHA1
1e7e0d06d4d84dfee944b3ac17133fd660202ab7

SHA256
22fc181998b53bc58ecf1e3b65118b7544cb8ed8bc27917994c39f45ebb23eac

SHA512
f15a870a1417e0f9a125d9908ca43b1bff827cf32cfef689463fec78d47c1935ac6e76e8437b71101fc6f3d323d9e5742ab19d936da5ce7ef799cf95b754f5fb

Download Submit
C:\Windows\System\dPtITLC.exe

Filesize
1.8MB

MD5
f006dda776e711d150d2bf049e4520c1

SHA1
a7fc1905167e21e448348dec90fc86d018b04b9d

SHA256
41cf0d9c879567c29d24ecd5b9b9ded4397496cf1d428e24d15416ff2bfbf5c7

SHA512
ec642dfde4aadcb2e0ba384da769a379483b1c478b51401cd26cd25d7dd1490514d7940ae192ffd330caf7e597f441cc972f73eb953162d5d06664a51f98f097

Download Submit
C:\Windows\System\daRJhxS.exe

Filesize
1.8MB

MD5
9438d7ba981485467297ee6106ab4bc2

SHA1
aef195f9ed0ee8f15f824ca2d14fd466334f9006

SHA256
e223e61ea227650e9712f733237b90bc2a93896fc0e5dc095135a52ee4fc35f8

SHA512
c1b8f3a7089797c833c067bd59b04648efd3f7ee28c598cb0962f9db9dd09587ef175e6349e4223bffd74a95f18202856c72e8001fa0db203e7748cb516711de

Download Submit
C:\Windows\System\deAeobZ.exe

Filesize
1.8MB

MD5
cf29f4eaabbeb94e21483c4701df7b5e

SHA1
3d0189ba6063b9c42ff4655881bfe7d79d9bc5fb

SHA256
47172ae5a8c3f993ef3362f16093c41935241e25caacecd45dafabfda39058e7

SHA512
279b5b6f952754f0da6fa6512f2ac4f4aa01e3ea28cd2e22e7c11ce1ac870fc9a08bc8fc366bbf2d4477c9b37974274bbdd03aa260b432cf529f6bc1470086a0

Download Submit
C:\Windows\System\dtRXUsn.exe

Filesize
1.8MB

MD5
c5fdfbde04dd65be7b04e4aff783b273

SHA1
b3bffcfd22f1d2c8d38e713e3fd768d588ed8162

SHA256
c0e1850efcc4966c308396edb63d49bbc9825d8c13ee446ab3bf3bf75eb635c0

SHA512
cd3235dda38da0d5069f4379056f6fbf742e16261afdbf08e9f40b189b7e6b77f6566c35a8a8e4bd94c18c80015fb752bec1b9c54658bf703f998ef0352de117

Download Submit
C:\Windows\System\ducgivl.exe

Filesize
1.8MB

MD5
5c41d4c672b1c65d633064e3172f025c

SHA1
50ed6649a0f3f106389f2c49445f5020d7aaeba4

SHA256
3b2fcf524122b5523539d20d9a0036f6f8499b3a30da0f3439019844a79a2c74

SHA512
e8890cf76bcf9549210f722b9d30ac5e7240ae9e1d35ab49fcde28834010b6c9e68190ecf5f4fa88ae855d7cef3045941cae25886932a8cfd645d4246d2d6d1b

Download Submit
C:\Windows\System\fxIvIey.exe

Filesize
1.8MB

MD5
b016b56ad1ac9a594f2e443b712b47d9

SHA1
2ee10742a1635b78e46f6ab0d51e271adc0ed162

SHA256
85c0e79c889d6a4f4a8be9f26a25319788db1f3807d5aa109aa6133e1b03f937

SHA512
797c3a5a9134f10b26af3ee74cddaaa0ae4cd7b99e78a0c91cef4c1debff18650f60a5cef4e36be8756ca869b0c8116911cf3cd679c892ebb39e198848e5b94f

Download Submit
C:\Windows\System\kyiNkLU.exe

Filesize
1.8MB

MD5
5c3f80b51c8ea1e05418a8abfdffef1d

SHA1
8c76d4608c074e24b7f1f63760783f48f5c497af

SHA256
541992641888b2c5cc9dcd9af0cdb1a786398c08a6028b46c8ae99f767c62d7a

SHA512
b770e92ac8383397c12f7d62afc7746b7050d96aac3e83bd9bb79a0175a68390ca1fd1d96da9d7fb193ef071053564ec5171eb9682362d9a76ee529b8b37ba31

Download Submit
C:\Windows\System\nxkIoMl.exe

Filesize
1.8MB

MD5
3df7bb8761872d12d6e26584985b6c00

SHA1
b55d96caa48a3362cc50ae530caa57c9a5cb4071

SHA256
d9b31393ca517ffc51fa8993cf59bb131ef6b7591bd2b5ca58b92bd252105329

SHA512
fe724fc473ef1ad1fe725bd9bb0684175d5c6363613de60711095cee94ee52d8847ee63d04d64bbe8d1d665dac4e6ad845c94415ee699c918be0e5aeadfdc3b8

Download Submit
C:\Windows\System\qUEfOKx.exe

Filesize
1.8MB

MD5
e00daf6fa85fd81b7d6df21cc4771321

SHA1
92ddd1cde35c13a358558c880cacd8b01b338e71

SHA256
6680bbe74af574cca1d6ffa6575099d916826ba7c42702b00a2396c14d62da2a

SHA512
f9658298995a069df6800da8136938fe07c7fccaf6f9f1235e3d790a557293e2ed68ed2475207b89d43c22990d8f0b482a16185056e290a06d17147c817795a0

Download Submit
C:\Windows\System\tBCnLAx.exe

Filesize
1.8MB

MD5
8c3f3828971440ec424877474230f173

SHA1
bedfe3fd102f7546bfc36afccdda1abf5f089055

SHA256
430816d99d252fc80b21c1d25ab459bd7dcaa209c6b6d885736c4e43b6b4f866

SHA512
cbd928863710ac56a89f6e3f432db439912c1325c73ec5f2301e8a68680bb2ae3548c61fa71484ada7256f346f44879bfee532d31f334ebf59a1b445874bc060

Download Submit
C:\Windows\System\vofQHxt.exe

Filesize
1.8MB

MD5
008babf61d17dd4f541d439baa893f85

SHA1
9644da15ab5b7eb6494411fd948b6c0a0f0ec6a3

SHA256
06cb4fb6db41f381223f7cace4fcf4ea4795d4f078e6819597e9289504ac5f00

SHA512
d9b255d84ab0dd0eb9d80ba89ba31829678d5c3745e5222a0676f21bb52b739d6a23a09f892a768a72a5485381eab704d7fbf314ca1d172790f2c7ec5edecf5f

Download Submit
C:\Windows\System\xCQimNe.exe

Filesize
1.8MB

MD5
4ecfb2ad6403d4e0a04558dc66d370ff

SHA1
b27f992288826e503f1d6dc9d073bf731b66d291

SHA256
265a6be91f8ce4a092bcff315a942629f87f2a97334ee49e1debead03fa22795

SHA512
2852c06170dcd357818cd72878e631611662668e89187a9f788da8c277e96c418b1dd50a28288120e2cd358d39e2749b49b9edb7d150ab771238700353c921c8

Download Submit
C:\Windows\System\xcHHmZW.exe

Filesize
1.8MB

MD5
a902dd7ede77c03a1a0b2c8171eb870a

SHA1
116b6f68fb815107d79d15efad42e8cc6ac6f0b3

SHA256
26ad7635e7d84354d8dd83360f5eca1c64aa16318e849d11d80bcdfad6c412fb

SHA512
3bd9c0529f79033d044594f5de36e2721994ed42918443edf8e20904faf5709d3125d6bf490820eed72af19d87ac9a059ef8bd7f7e2583b641c0713a04e3a98d

Download Submit
memory/880-2330-0x00007FF75EA60000-0x00007FF75EDB1000-memory.dmp

Filesize
3.3MB

Download
memory/880-16-0x00007FF75EA60000-0x00007FF75EDB1000-memory.dmp

Filesize
3.3MB

Download
memory/880-170-0x00007FF75EA60000-0x00007FF75EDB1000-memory.dmp

Filesize
3.3MB

Download
memory/1372-66-0x00007FF6C50A0000-0x00007FF6C53F1000-memory.dmp

Filesize
3.3MB

Download
memory/1372-2354-0x00007FF6C50A0000-0x00007FF6C53F1000-memory.dmp

Filesize
3.3MB

Download
memory/1476-73-0x00007FF75C060000-0x00007FF75C3B1000-memory.dmp

Filesize
3.3MB

Download
memory/1476-2352-0x00007FF75C060000-0x00007FF75C3B1000-memory.dmp

Filesize
3.3MB

Download
memory/1476-2270-0x00007FF75C060000-0x00007FF75C3B1000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2336-0x00007FF61A550000-0x00007FF61A8A1000-memory.dmp

Filesize
3.3MB

Download
memory/1528-36-0x00007FF61A550000-0x00007FF61A8A1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2365-0x00007FF767360000-0x00007FF7676B1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-111-0x00007FF767360000-0x00007FF7676B1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2273-0x00007FF767360000-0x00007FF7676B1000-memory.dmp

Filesize
3.3MB

Download
memory/1732-2319-0x00007FF788750000-0x00007FF788AA1000-memory.dmp

Filesize
3.3MB

Download
memory/1732-176-0x00007FF788750000-0x00007FF788AA1000-memory.dmp

Filesize
3.3MB

Download
memory/1732-2435-0x00007FF788750000-0x00007FF788AA1000-memory.dmp

Filesize
3.3MB

Download
memory/1756-158-0x00007FF7D9810000-0x00007FF7D9B61000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2310-0x00007FF7D9810000-0x00007FF7D9B61000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2433-0x00007FF7D9810000-0x00007FF7D9B61000-memory.dmp

Filesize
3.3MB

Download
memory/1780-135-0x00007FF640780000-0x00007FF640AD1000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2362-0x00007FF640780000-0x00007FF640AD1000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2370-0x00007FF7F3F60000-0x00007FF7F42B1000-memory.dmp

Filesize
3.3MB

Download
memory/1920-134-0x00007FF7F3F60000-0x00007FF7F42B1000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2284-0x00007FF7F3F60000-0x00007FF7F42B1000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2281-0x00007FF719CB0000-0x00007FF71A001000-memory.dmp

Filesize
3.3MB

Download
memory/1932-93-0x00007FF719CB0000-0x00007FF71A001000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2366-0x00007FF719CB0000-0x00007FF71A001000-memory.dmp

Filesize
3.3MB

Download
memory/2064-185-0x00007FF713EE0000-0x00007FF714231000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2437-0x00007FF713EE0000-0x00007FF714231000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2282-0x00007FF6CEC20000-0x00007FF6CEF71000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2368-0x00007FF6CEC20000-0x00007FF6CEF71000-memory.dmp

Filesize
3.3MB

Download
memory/2072-103-0x00007FF6CEC20000-0x00007FF6CEF71000-memory.dmp

Filesize
3.3MB

Download
memory/2088-129-0x00007FF686890000-0x00007FF686BE1000-memory.dmp

Filesize
3.3MB

Download
memory/2088-2346-0x00007FF686890000-0x00007FF686BE1000-memory.dmp

Filesize
3.3MB

Download
memory/2188-148-0x00007FF7A2800000-0x00007FF7A2B51000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1-0x000002711B5E0000-0x000002711B5F0000-memory.dmp

Filesize
64KB

Download
memory/2188-0-0x00007FF7A2800000-0x00007FF7A2B51000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2342-0x00007FF77DE90000-0x00007FF77E1E1000-memory.dmp

Filesize
3.3MB

Download
memory/2288-112-0x00007FF77DE90000-0x00007FF77E1E1000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2271-0x00007FF77AC40000-0x00007FF77AF91000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2350-0x00007FF77AC40000-0x00007FF77AF91000-memory.dmp

Filesize
3.3MB

Download
memory/2652-76-0x00007FF77AC40000-0x00007FF77AF91000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2429-0x00007FF7FFA80000-0x00007FF7FFDD1000-memory.dmp

Filesize
3.3MB

Download
memory/2888-155-0x00007FF7FFA80000-0x00007FF7FFDD1000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2431-0x00007FF71CF80000-0x00007FF71D2D1000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2318-0x00007FF71CF80000-0x00007FF71D2D1000-memory.dmp

Filesize
3.3MB

Download
memory/2928-175-0x00007FF71CF80000-0x00007FF71D2D1000-memory.dmp

Filesize
3.3MB

Download
memory/3076-196-0x00007FF742FA0000-0x00007FF7432F1000-memory.dmp

Filesize
3.3MB

Download
memory/3076-21-0x00007FF742FA0000-0x00007FF7432F1000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2334-0x00007FF742FA0000-0x00007FF7432F1000-memory.dmp

Filesize
3.3MB

Download
memory/3140-128-0x00007FF6D0030000-0x00007FF6D0381000-memory.dmp

Filesize
3.3MB

Download
memory/3140-2359-0x00007FF6D0030000-0x00007FF6D0381000-memory.dmp

Filesize
3.3MB

Download
memory/3152-59-0x00007FF66BD60000-0x00007FF66C0B1000-memory.dmp

Filesize
3.3MB

Download
memory/3152-2340-0x00007FF66BD60000-0x00007FF66C0B1000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2439-0x00007FF6BC5C0000-0x00007FF6BC911000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2323-0x00007FF6BC5C0000-0x00007FF6BC911000-memory.dmp

Filesize
3.3MB

Download
memory/3424-184-0x00007FF6BC5C0000-0x00007FF6BC911000-memory.dmp

Filesize
3.3MB

Download
memory/3964-133-0x00007FF7E4090000-0x00007FF7E43E1000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2356-0x00007FF7E4090000-0x00007FF7E43E1000-memory.dmp

Filesize
3.3MB

Download
memory/4068-136-0x00007FF6190F0000-0x00007FF619441000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2309-0x00007FF6190F0000-0x00007FF619441000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2372-0x00007FF6190F0000-0x00007FF619441000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2139-0x00007FF7C8FE0000-0x00007FF7C9331000-memory.dmp

Filesize
3.3MB

Download
memory/4524-41-0x00007FF7C8FE0000-0x00007FF7C9331000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2338-0x00007FF7C8FE0000-0x00007FF7C9331000-memory.dmp

Filesize
3.3MB

Download
memory/4636-2272-0x00007FF786810000-0x00007FF786B61000-memory.dmp

Filesize
3.3MB

Download
memory/4636-2348-0x00007FF786810000-0x00007FF786B61000-memory.dmp

Filesize
3.3MB

Download
memory/4636-102-0x00007FF786810000-0x00007FF786B61000-memory.dmp

Filesize
3.3MB

Download
memory/4796-132-0x00007FF608DF0000-0x00007FF609141000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2360-0x00007FF608DF0000-0x00007FF609141000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2344-0x00007FF7FF4C0000-0x00007FF7FF811000-memory.dmp

Filesize
3.3MB

Download
memory/4872-118-0x00007FF7FF4C0000-0x00007FF7FF811000-memory.dmp

Filesize
3.3MB

Download
memory/4884-164-0x00007FF789A90000-0x00007FF789DE1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-7-0x00007FF789A90000-0x00007FF789DE1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2328-0x00007FF789A90000-0x00007FF789DE1000-memory.dmp

Filesize
3.3MB

Download
memory/4896-1417-0x00007FF62E6C0000-0x00007FF62EA11000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2332-0x00007FF62E6C0000-0x00007FF62EA11000-memory.dmp

Filesize
3.3MB

Download
memory/4896-22-0x00007FF62E6C0000-0x00007FF62EA11000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads