xmrig | b7c57b19f5cd44e320076bcd1f25a4d080b6329b9ef62c97da955118c862e6e0

Analysis

max time kernel
142s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
Size

2.3MB
MD5

ca42df36239135b8a27d6c60af15ade0
SHA1

f0057e226d422b3c2ae837066b4234c9bfebb5ca
SHA256

b7c57b19f5cd44e320076bcd1f25a4d080b6329b9ef62c97da955118c862e6e0
SHA512

8dadf72501bee1a1e50bc831dd663efd0dc176baf2b2f2057cee344f0c4c04a47bd5feacbcd1365b7b4eadebb310c06dc16c91a36700e3b3da378ee9bba83fb2
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQW/dLUoJlruRXaC3L:oemTLkNdfE0pZrQh

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1596-0-0x00007FF650930000-0x00007FF650C84000-memory.dmp	xmrig
behavioral2/files/0x00090000000233e2-5.dat	xmrig
behavioral2/memory/4996-7-0x00007FF61CC90000-0x00007FF61CFE4000-memory.dmp	xmrig
behavioral2/files/0x00080000000233f6-9.dat	xmrig
behavioral2/files/0x00080000000233f5-17.dat	xmrig
behavioral2/files/0x00070000000233f7-27.dat	xmrig
behavioral2/files/0x00070000000233fc-45.dat	xmrig
behavioral2/files/0x00070000000233fe-60.dat	xmrig
behavioral2/files/0x0007000000023403-86.dat	xmrig
behavioral2/files/0x0007000000023405-98.dat	xmrig
behavioral2/files/0x000700000002340f-148.dat	xmrig
behavioral2/memory/940-585-0x00007FF75BDD0000-0x00007FF75C124000-memory.dmp	xmrig
behavioral2/memory/2564-586-0x00007FF6FD960000-0x00007FF6FDCB4000-memory.dmp	xmrig
behavioral2/memory/1668-587-0x00007FF791CC0000-0x00007FF792014000-memory.dmp	xmrig
behavioral2/memory/1408-588-0x00007FF676BA0000-0x00007FF676EF4000-memory.dmp	xmrig
behavioral2/memory/2820-589-0x00007FF6E5B20000-0x00007FF6E5E74000-memory.dmp	xmrig
behavioral2/memory/3748-590-0x00007FF7C4520000-0x00007FF7C4874000-memory.dmp	xmrig
behavioral2/memory/2208-591-0x00007FF7744E0000-0x00007FF774834000-memory.dmp	xmrig
behavioral2/memory/3120-592-0x00007FF79EEE0000-0x00007FF79F234000-memory.dmp	xmrig
behavioral2/memory/3372-593-0x00007FF6EEF40000-0x00007FF6EF294000-memory.dmp	xmrig
behavioral2/memory/2092-594-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp	xmrig
behavioral2/memory/344-612-0x00007FF6EDDF0000-0x00007FF6EE144000-memory.dmp	xmrig
behavioral2/memory/3924-650-0x00007FF69E340000-0x00007FF69E694000-memory.dmp	xmrig
behavioral2/memory/3684-660-0x00007FF6EACC0000-0x00007FF6EB014000-memory.dmp	xmrig
behavioral2/memory/404-667-0x00007FF6DD360000-0x00007FF6DD6B4000-memory.dmp	xmrig
behavioral2/memory/1356-674-0x00007FF784E90000-0x00007FF7851E4000-memory.dmp	xmrig
behavioral2/memory/3524-685-0x00007FF73AAB0000-0x00007FF73AE04000-memory.dmp	xmrig
behavioral2/memory/2400-720-0x00007FF7AC8F0000-0x00007FF7ACC44000-memory.dmp	xmrig
behavioral2/memory/4148-738-0x00007FF7DBA30000-0x00007FF7DBD84000-memory.dmp	xmrig
behavioral2/memory/3444-715-0x00007FF7D39C0000-0x00007FF7D3D14000-memory.dmp	xmrig
behavioral2/memory/4264-705-0x00007FF7193D0000-0x00007FF719724000-memory.dmp	xmrig
behavioral2/memory/4528-688-0x00007FF78B380000-0x00007FF78B6D4000-memory.dmp	xmrig
behavioral2/memory/4544-641-0x00007FF7EE980000-0x00007FF7EECD4000-memory.dmp	xmrig
behavioral2/memory/372-637-0x00007FF77F610000-0x00007FF77F964000-memory.dmp	xmrig
behavioral2/memory/4480-626-0x00007FF7C6F70000-0x00007FF7C72C4000-memory.dmp	xmrig
behavioral2/memory/5064-615-0x00007FF796380000-0x00007FF7966D4000-memory.dmp	xmrig
behavioral2/memory/744-605-0x00007FF7F7B20000-0x00007FF7F7E74000-memory.dmp	xmrig
behavioral2/memory/4772-602-0x00007FF6FBBE0000-0x00007FF6FBF34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-165.dat	xmrig
behavioral2/files/0x0007000000023412-163.dat	xmrig
behavioral2/files/0x0007000000023413-160.dat	xmrig
behavioral2/files/0x0007000000023411-158.dat	xmrig
behavioral2/files/0x0007000000023410-153.dat	xmrig
behavioral2/files/0x000700000002340e-143.dat	xmrig
behavioral2/files/0x000700000002340d-138.dat	xmrig
behavioral2/files/0x000700000002340c-133.dat	xmrig
behavioral2/files/0x000700000002340b-128.dat	xmrig
behavioral2/files/0x000700000002340a-123.dat	xmrig
behavioral2/files/0x0007000000023409-118.dat	xmrig
behavioral2/files/0x0007000000023408-113.dat	xmrig
behavioral2/files/0x0007000000023407-108.dat	xmrig
behavioral2/files/0x0007000000023406-103.dat	xmrig
behavioral2/files/0x0007000000023404-93.dat	xmrig
behavioral2/files/0x0007000000023402-81.dat	xmrig
behavioral2/files/0x0007000000023401-76.dat	xmrig
behavioral2/files/0x0007000000023400-68.dat	xmrig
behavioral2/files/0x00070000000233ff-66.dat	xmrig
behavioral2/files/0x00070000000233fd-56.dat	xmrig
behavioral2/files/0x00070000000233fb-46.dat	xmrig
behavioral2/files/0x00070000000233fa-41.dat	xmrig
behavioral2/files/0x00070000000233f9-36.dat	xmrig
behavioral2/files/0x00070000000233f8-32.dat	xmrig
behavioral2/memory/4004-19-0x00007FF7D8030000-0x00007FF7D8384000-memory.dmp	xmrig
behavioral2/memory/4996-2139-0x00007FF61CC90000-0x00007FF61CFE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4996	wodQGzW.exe
4004	cGaFOyR.exe
940	grorHRx.exe
4148	tGEmpZv.exe
2564	NLJkohd.exe
1668	KRGUhCA.exe
1408	WsvGHvz.exe
2820	QduhQes.exe
3748	wZKdYpu.exe
2208	CSvJSMl.exe
3120	fLQVjhv.exe
3372	WJFvTVG.exe
2092	VUFPmlC.exe
4772	vPcOtcN.exe
744	RNByska.exe
344	pMYuISy.exe
5064	ymlyvup.exe
4480	yEDHMEa.exe
372	jBKDHin.exe
4544	HyzsvdN.exe
3924	YDOdeUq.exe
3684	WFmVMOO.exe
404	DRwwlsu.exe
1356	UNoLIHl.exe
3524	XBJZDhI.exe
4528	CtgylRm.exe
4264	TkKtucc.exe
3444	SUlugcK.exe
2400	HGjBdEQ.exe
2700	LKRlicC.exe
3176	FsePCnR.exe
4568	PPeFSsu.exe
4488	iLlxXmC.exe
2724	GeCkXjA.exe
3356	fmViorG.exe
2780	tOkMQxh.exe
920	ppRVSXa.exe
3104	vHQVVCH.exe
4116	vkFHmeC.exe
4496	kqBVGjg.exe
4112	dEckOXI.exe
3412	mFpcxWT.exe
4160	WhgQqgI.exe
5100	kHqgfkM.exe
1852	Amjcrsk.exe
4536	KFcXTZp.exe
1496	PTiKucs.exe
4592	nlyckxA.exe
3844	klZOJtN.exe
2576	ljOEIuw.exe
1056	YxsoVtz.exe
4364	cOLGxqe.exe
4604	RPCjRXX.exe
692	MzkWqOM.exe
1128	tonqZWU.exe
3452	CbSpgoU.exe
516	ysCohAF.exe
4872	JlfHZYp.exe
3808	OjIDGcK.exe
4540	GXlDvja.exe
5044	nIhsZDt.exe
4452	PDtcRfG.exe
1964	DVMXFTe.exe
3260	dDXiUOW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1596-0-0x00007FF650930000-0x00007FF650C84000-memory.dmp	upx
behavioral2/files/0x00090000000233e2-5.dat	upx
behavioral2/memory/4996-7-0x00007FF61CC90000-0x00007FF61CFE4000-memory.dmp	upx
behavioral2/files/0x00080000000233f6-9.dat	upx
behavioral2/files/0x00080000000233f5-17.dat	upx
behavioral2/files/0x00070000000233f7-27.dat	upx
behavioral2/files/0x00070000000233fc-45.dat	upx
behavioral2/files/0x00070000000233fe-60.dat	upx
behavioral2/files/0x0007000000023403-86.dat	upx
behavioral2/files/0x0007000000023405-98.dat	upx
behavioral2/files/0x000700000002340f-148.dat	upx
behavioral2/memory/940-585-0x00007FF75BDD0000-0x00007FF75C124000-memory.dmp	upx
behavioral2/memory/2564-586-0x00007FF6FD960000-0x00007FF6FDCB4000-memory.dmp	upx
behavioral2/memory/1668-587-0x00007FF791CC0000-0x00007FF792014000-memory.dmp	upx
behavioral2/memory/1408-588-0x00007FF676BA0000-0x00007FF676EF4000-memory.dmp	upx
behavioral2/memory/2820-589-0x00007FF6E5B20000-0x00007FF6E5E74000-memory.dmp	upx
behavioral2/memory/3748-590-0x00007FF7C4520000-0x00007FF7C4874000-memory.dmp	upx
behavioral2/memory/2208-591-0x00007FF7744E0000-0x00007FF774834000-memory.dmp	upx
behavioral2/memory/3120-592-0x00007FF79EEE0000-0x00007FF79F234000-memory.dmp	upx
behavioral2/memory/3372-593-0x00007FF6EEF40000-0x00007FF6EF294000-memory.dmp	upx
behavioral2/memory/2092-594-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp	upx
behavioral2/memory/344-612-0x00007FF6EDDF0000-0x00007FF6EE144000-memory.dmp	upx
behavioral2/memory/3924-650-0x00007FF69E340000-0x00007FF69E694000-memory.dmp	upx
behavioral2/memory/3684-660-0x00007FF6EACC0000-0x00007FF6EB014000-memory.dmp	upx
behavioral2/memory/404-667-0x00007FF6DD360000-0x00007FF6DD6B4000-memory.dmp	upx
behavioral2/memory/1356-674-0x00007FF784E90000-0x00007FF7851E4000-memory.dmp	upx
behavioral2/memory/3524-685-0x00007FF73AAB0000-0x00007FF73AE04000-memory.dmp	upx
behavioral2/memory/2400-720-0x00007FF7AC8F0000-0x00007FF7ACC44000-memory.dmp	upx
behavioral2/memory/4148-738-0x00007FF7DBA30000-0x00007FF7DBD84000-memory.dmp	upx
behavioral2/memory/3444-715-0x00007FF7D39C0000-0x00007FF7D3D14000-memory.dmp	upx
behavioral2/memory/4264-705-0x00007FF7193D0000-0x00007FF719724000-memory.dmp	upx
behavioral2/memory/4528-688-0x00007FF78B380000-0x00007FF78B6D4000-memory.dmp	upx
behavioral2/memory/4544-641-0x00007FF7EE980000-0x00007FF7EECD4000-memory.dmp	upx
behavioral2/memory/372-637-0x00007FF77F610000-0x00007FF77F964000-memory.dmp	upx
behavioral2/memory/4480-626-0x00007FF7C6F70000-0x00007FF7C72C4000-memory.dmp	upx
behavioral2/memory/5064-615-0x00007FF796380000-0x00007FF7966D4000-memory.dmp	upx
behavioral2/memory/744-605-0x00007FF7F7B20000-0x00007FF7F7E74000-memory.dmp	upx
behavioral2/memory/4772-602-0x00007FF6FBBE0000-0x00007FF6FBF34000-memory.dmp	upx
behavioral2/files/0x0007000000023414-165.dat	upx
behavioral2/files/0x0007000000023412-163.dat	upx
behavioral2/files/0x0007000000023413-160.dat	upx
behavioral2/files/0x0007000000023411-158.dat	upx
behavioral2/files/0x0007000000023410-153.dat	upx
behavioral2/files/0x000700000002340e-143.dat	upx
behavioral2/files/0x000700000002340d-138.dat	upx
behavioral2/files/0x000700000002340c-133.dat	upx
behavioral2/files/0x000700000002340b-128.dat	upx
behavioral2/files/0x000700000002340a-123.dat	upx
behavioral2/files/0x0007000000023409-118.dat	upx
behavioral2/files/0x0007000000023408-113.dat	upx
behavioral2/files/0x0007000000023407-108.dat	upx
behavioral2/files/0x0007000000023406-103.dat	upx
behavioral2/files/0x0007000000023404-93.dat	upx
behavioral2/files/0x0007000000023402-81.dat	upx
behavioral2/files/0x0007000000023401-76.dat	upx
behavioral2/files/0x0007000000023400-68.dat	upx
behavioral2/files/0x00070000000233ff-66.dat	upx
behavioral2/files/0x00070000000233fd-56.dat	upx
behavioral2/files/0x00070000000233fb-46.dat	upx
behavioral2/files/0x00070000000233fa-41.dat	upx
behavioral2/files/0x00070000000233f9-36.dat	upx
behavioral2/files/0x00070000000233f8-32.dat	upx
behavioral2/memory/4004-19-0x00007FF7D8030000-0x00007FF7D8384000-memory.dmp	upx
behavioral2/memory/4996-2139-0x00007FF61CC90000-0x00007FF61CFE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MjHRyYl.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\shjiDfu.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\nDCPExX.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\SWuwRTj.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\zsGGLyx.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\nMIibBD.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\EgIdBZJ.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\pUTSolH.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\ZrNTQdU.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\KyqGNJB.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\TLJdYlw.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\BvXEkOW.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\TkKtucc.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\HdyHYWq.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\vzyYNrX.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\tnnMeoB.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\pPeWEGO.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\XjzNJse.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\gZjtQQi.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\FJzIUkG.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\oFRJgsO.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\mayaSzo.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\lkYDLyu.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\gjKOERF.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\YZEkJzD.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\AroWTit.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\HyzsvdN.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\fmViorG.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\PedwyoU.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\yquABOw.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\cJyTMic.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\CXIcgOe.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\PomOjOy.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\ERkWFKR.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\OWOusPY.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\CpkfdZK.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\GeCkXjA.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\TlAPsJE.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\rGXEqIP.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\YxsoVtz.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\nIkObvj.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\XWGCmGn.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\wXApdQR.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\DmxtKiJ.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\PAZwZWu.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\VmCbvad.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\AlNNsLU.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\FhzaUPQ.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\VlqHRQH.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\qjuoavV.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\xKRMcKd.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\gCIMgCd.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\viTsXWH.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\AaQonEk.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\GjzYbJz.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\SbTzyHE.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\aHtDDHh.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\ooZdJhh.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\UTuGmFn.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\FhzdWQC.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\QelnCNu.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\tFkfmkZ.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\rEycOjv.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
File created	C:\Windows\System\KNHnwUV.exe	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3624	dwm.exe
Token: SeChangeNotifyPrivilege	3624	dwm.exe
Token: 33	3624	dwm.exe
Token: SeIncBasePriorityPrivilege	3624	dwm.exe
Token: SeShutdownPrivilege	3624	dwm.exe
Token: SeCreatePagefilePrivilege	3624	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 4996	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	82
PID 1596 wrote to memory of 4996	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	82
PID 1596 wrote to memory of 4004	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	83
PID 1596 wrote to memory of 4004	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	83
PID 1596 wrote to memory of 940	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	84
PID 1596 wrote to memory of 940	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	84
PID 1596 wrote to memory of 2564	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	85
PID 1596 wrote to memory of 2564	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	85
PID 1596 wrote to memory of 4148	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	86
PID 1596 wrote to memory of 4148	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	86
PID 1596 wrote to memory of 1668	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	87
PID 1596 wrote to memory of 1668	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	87
PID 1596 wrote to memory of 1408	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	88
PID 1596 wrote to memory of 1408	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	88
PID 1596 wrote to memory of 2820	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	89
PID 1596 wrote to memory of 2820	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	89
PID 1596 wrote to memory of 3748	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	90
PID 1596 wrote to memory of 3748	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	90
PID 1596 wrote to memory of 2208	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	91
PID 1596 wrote to memory of 2208	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	91
PID 1596 wrote to memory of 3120	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	92
PID 1596 wrote to memory of 3120	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	92
PID 1596 wrote to memory of 3372	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	93
PID 1596 wrote to memory of 3372	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	93
PID 1596 wrote to memory of 2092	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	94
PID 1596 wrote to memory of 2092	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	94
PID 1596 wrote to memory of 4772	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	95
PID 1596 wrote to memory of 4772	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	95
PID 1596 wrote to memory of 744	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	96
PID 1596 wrote to memory of 744	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	96
PID 1596 wrote to memory of 344	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	97
PID 1596 wrote to memory of 344	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	97
PID 1596 wrote to memory of 5064	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	98
PID 1596 wrote to memory of 5064	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	98
PID 1596 wrote to memory of 4480	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	99
PID 1596 wrote to memory of 4480	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	99
PID 1596 wrote to memory of 372	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	100
PID 1596 wrote to memory of 372	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	100
PID 1596 wrote to memory of 4544	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	101
PID 1596 wrote to memory of 4544	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	101
PID 1596 wrote to memory of 3924	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	102
PID 1596 wrote to memory of 3924	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	102
PID 1596 wrote to memory of 3684	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	103
PID 1596 wrote to memory of 3684	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	103
PID 1596 wrote to memory of 404	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	104
PID 1596 wrote to memory of 404	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	104
PID 1596 wrote to memory of 1356	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	105
PID 1596 wrote to memory of 1356	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	105
PID 1596 wrote to memory of 3524	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	106
PID 1596 wrote to memory of 3524	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	106
PID 1596 wrote to memory of 4528	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	107
PID 1596 wrote to memory of 4528	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	107
PID 1596 wrote to memory of 4264	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	108
PID 1596 wrote to memory of 4264	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	108
PID 1596 wrote to memory of 3444	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	109
PID 1596 wrote to memory of 3444	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	109
PID 1596 wrote to memory of 2400	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	110
PID 1596 wrote to memory of 2400	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	110
PID 1596 wrote to memory of 2700	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	111
PID 1596 wrote to memory of 2700	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	111
PID 1596 wrote to memory of 3176	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	112
PID 1596 wrote to memory of 3176	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	112
PID 1596 wrote to memory of 4568	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	113
PID 1596 wrote to memory of 4568	1596	ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ca42df36239135b8a27d6c60af15ade0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Windows\System\wodQGzW.exe
  C:\Windows\System\wodQGzW.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\cGaFOyR.exe
  C:\Windows\System\cGaFOyR.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\grorHRx.exe
  C:\Windows\System\grorHRx.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\NLJkohd.exe
  C:\Windows\System\NLJkohd.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\tGEmpZv.exe
  C:\Windows\System\tGEmpZv.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\KRGUhCA.exe
  C:\Windows\System\KRGUhCA.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\WsvGHvz.exe
  C:\Windows\System\WsvGHvz.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\QduhQes.exe
  C:\Windows\System\QduhQes.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\wZKdYpu.exe
  C:\Windows\System\wZKdYpu.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\CSvJSMl.exe
  C:\Windows\System\CSvJSMl.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\fLQVjhv.exe
  C:\Windows\System\fLQVjhv.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\WJFvTVG.exe
  C:\Windows\System\WJFvTVG.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\VUFPmlC.exe
  C:\Windows\System\VUFPmlC.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\vPcOtcN.exe
  C:\Windows\System\vPcOtcN.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\RNByska.exe
  C:\Windows\System\RNByska.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\pMYuISy.exe
  C:\Windows\System\pMYuISy.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\ymlyvup.exe
  C:\Windows\System\ymlyvup.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\yEDHMEa.exe
  C:\Windows\System\yEDHMEa.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\jBKDHin.exe
  C:\Windows\System\jBKDHin.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\HyzsvdN.exe
  C:\Windows\System\HyzsvdN.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\YDOdeUq.exe
  C:\Windows\System\YDOdeUq.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\WFmVMOO.exe
  C:\Windows\System\WFmVMOO.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\DRwwlsu.exe
  C:\Windows\System\DRwwlsu.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\UNoLIHl.exe
  C:\Windows\System\UNoLIHl.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\XBJZDhI.exe
  C:\Windows\System\XBJZDhI.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\CtgylRm.exe
  C:\Windows\System\CtgylRm.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\TkKtucc.exe
  C:\Windows\System\TkKtucc.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\SUlugcK.exe
  C:\Windows\System\SUlugcK.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\HGjBdEQ.exe
  C:\Windows\System\HGjBdEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\LKRlicC.exe
  C:\Windows\System\LKRlicC.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\FsePCnR.exe
  C:\Windows\System\FsePCnR.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\PPeFSsu.exe
  C:\Windows\System\PPeFSsu.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\iLlxXmC.exe
  C:\Windows\System\iLlxXmC.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\GeCkXjA.exe
  C:\Windows\System\GeCkXjA.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\fmViorG.exe
  C:\Windows\System\fmViorG.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\tOkMQxh.exe
  C:\Windows\System\tOkMQxh.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ppRVSXa.exe
  C:\Windows\System\ppRVSXa.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\vHQVVCH.exe
  C:\Windows\System\vHQVVCH.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\vkFHmeC.exe
  C:\Windows\System\vkFHmeC.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\kqBVGjg.exe
  C:\Windows\System\kqBVGjg.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\dEckOXI.exe
  C:\Windows\System\dEckOXI.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\mFpcxWT.exe
  C:\Windows\System\mFpcxWT.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\WhgQqgI.exe
  C:\Windows\System\WhgQqgI.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\kHqgfkM.exe
  C:\Windows\System\kHqgfkM.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\Amjcrsk.exe
  C:\Windows\System\Amjcrsk.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\KFcXTZp.exe
  C:\Windows\System\KFcXTZp.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\PTiKucs.exe
  C:\Windows\System\PTiKucs.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\nlyckxA.exe
  C:\Windows\System\nlyckxA.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\klZOJtN.exe
  C:\Windows\System\klZOJtN.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\ljOEIuw.exe
  C:\Windows\System\ljOEIuw.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\YxsoVtz.exe
  C:\Windows\System\YxsoVtz.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\cOLGxqe.exe
  C:\Windows\System\cOLGxqe.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\RPCjRXX.exe
  C:\Windows\System\RPCjRXX.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\MzkWqOM.exe
  C:\Windows\System\MzkWqOM.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\tonqZWU.exe
  C:\Windows\System\tonqZWU.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\CbSpgoU.exe
  C:\Windows\System\CbSpgoU.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\ysCohAF.exe
  C:\Windows\System\ysCohAF.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\JlfHZYp.exe
  C:\Windows\System\JlfHZYp.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\OjIDGcK.exe
  C:\Windows\System\OjIDGcK.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\GXlDvja.exe
  C:\Windows\System\GXlDvja.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\nIhsZDt.exe
  C:\Windows\System\nIhsZDt.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\PDtcRfG.exe
  C:\Windows\System\PDtcRfG.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\DVMXFTe.exe
  C:\Windows\System\DVMXFTe.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\dDXiUOW.exe
  C:\Windows\System\dDXiUOW.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\xPuSfGD.exe
  C:\Windows\System\xPuSfGD.exe
  2⤵
  PID:4956
- C:\Windows\System\rudpHCh.exe
  C:\Windows\System\rudpHCh.exe
  2⤵
  PID:4268
- C:\Windows\System\RLuEUjM.exe
  C:\Windows\System\RLuEUjM.exe
  2⤵
  PID:804
- C:\Windows\System\qmsRfml.exe
  C:\Windows\System\qmsRfml.exe
  2⤵
  PID:2640
- C:\Windows\System\nDCPExX.exe
  C:\Windows\System\nDCPExX.exe
  2⤵
  PID:412
- C:\Windows\System\CpLnFfO.exe
  C:\Windows\System\CpLnFfO.exe
  2⤵
  PID:3428
- C:\Windows\System\pUTSolH.exe
  C:\Windows\System\pUTSolH.exe
  2⤵
  PID:1520
- C:\Windows\System\ufePQEd.exe
  C:\Windows\System\ufePQEd.exe
  2⤵
  PID:3956
- C:\Windows\System\kUXYZLT.exe
  C:\Windows\System\kUXYZLT.exe
  2⤵
  PID:4236
- C:\Windows\System\iqLMQIw.exe
  C:\Windows\System\iqLMQIw.exe
  2⤵
  PID:4968
- C:\Windows\System\fAyDVQC.exe
  C:\Windows\System\fAyDVQC.exe
  2⤵
  PID:2184
- C:\Windows\System\RBgIxby.exe
  C:\Windows\System\RBgIxby.exe
  2⤵
  PID:3916
- C:\Windows\System\mJFRBGh.exe
  C:\Windows\System\mJFRBGh.exe
  2⤵
  PID:2356
- C:\Windows\System\oFRJgsO.exe
  C:\Windows\System\oFRJgsO.exe
  2⤵
  PID:3056
- C:\Windows\System\ErzBCIo.exe
  C:\Windows\System\ErzBCIo.exe
  2⤵
  PID:1672
- C:\Windows\System\dKJrLYh.exe
  C:\Windows\System\dKJrLYh.exe
  2⤵
  PID:2764
- C:\Windows\System\FrcNZXL.exe
  C:\Windows\System\FrcNZXL.exe
  2⤵
  PID:4860
- C:\Windows\System\uWnMcfJ.exe
  C:\Windows\System\uWnMcfJ.exe
  2⤵
  PID:3556
- C:\Windows\System\GBbkCNQ.exe
  C:\Windows\System\GBbkCNQ.exe
  2⤵
  PID:1540
- C:\Windows\System\QhKpVOE.exe
  C:\Windows\System\QhKpVOE.exe
  2⤵
  PID:5148
- C:\Windows\System\imzfnmF.exe
  C:\Windows\System\imzfnmF.exe
  2⤵
  PID:5176
- C:\Windows\System\AblFxBw.exe
  C:\Windows\System\AblFxBw.exe
  2⤵
  PID:5204
- C:\Windows\System\QIHWfdT.exe
  C:\Windows\System\QIHWfdT.exe
  2⤵
  PID:5228
- C:\Windows\System\PycTvgy.exe
  C:\Windows\System\PycTvgy.exe
  2⤵
  PID:5260
- C:\Windows\System\mayaSzo.exe
  C:\Windows\System\mayaSzo.exe
  2⤵
  PID:5288
- C:\Windows\System\XRtwWdV.exe
  C:\Windows\System\XRtwWdV.exe
  2⤵
  PID:5316
- C:\Windows\System\pwiWAbP.exe
  C:\Windows\System\pwiWAbP.exe
  2⤵
  PID:5340
- C:\Windows\System\EYLpfif.exe
  C:\Windows\System\EYLpfif.exe
  2⤵
  PID:5368
- C:\Windows\System\EKoBUvK.exe
  C:\Windows\System\EKoBUvK.exe
  2⤵
  PID:5396
- C:\Windows\System\nkJKfDx.exe
  C:\Windows\System\nkJKfDx.exe
  2⤵
  PID:5428
- C:\Windows\System\ykuLBlD.exe
  C:\Windows\System\ykuLBlD.exe
  2⤵
  PID:5456
- C:\Windows\System\uyPfbMj.exe
  C:\Windows\System\uyPfbMj.exe
  2⤵
  PID:5484
- C:\Windows\System\xIEaDLf.exe
  C:\Windows\System\xIEaDLf.exe
  2⤵
  PID:5512
- C:\Windows\System\AlNNsLU.exe
  C:\Windows\System\AlNNsLU.exe
  2⤵
  PID:5540
- C:\Windows\System\LVKIaly.exe
  C:\Windows\System\LVKIaly.exe
  2⤵
  PID:5568
- C:\Windows\System\ELxCWRJ.exe
  C:\Windows\System\ELxCWRJ.exe
  2⤵
  PID:5596
- C:\Windows\System\AetmwNe.exe
  C:\Windows\System\AetmwNe.exe
  2⤵
  PID:5624
- C:\Windows\System\psocpxZ.exe
  C:\Windows\System\psocpxZ.exe
  2⤵
  PID:5652
- C:\Windows\System\msBJcEL.exe
  C:\Windows\System\msBJcEL.exe
  2⤵
  PID:5680
- C:\Windows\System\qQUtqda.exe
  C:\Windows\System\qQUtqda.exe
  2⤵
  PID:5712
- C:\Windows\System\ZiWdEKD.exe
  C:\Windows\System\ZiWdEKD.exe
  2⤵
  PID:5736
- C:\Windows\System\iGqLBkd.exe
  C:\Windows\System\iGqLBkd.exe
  2⤵
  PID:5764
- C:\Windows\System\XPLSuBZ.exe
  C:\Windows\System\XPLSuBZ.exe
  2⤵
  PID:5792
- C:\Windows\System\HPSTmHm.exe
  C:\Windows\System\HPSTmHm.exe
  2⤵
  PID:5816
- C:\Windows\System\HqnvOVj.exe
  C:\Windows\System\HqnvOVj.exe
  2⤵
  PID:5848
- C:\Windows\System\AfFsPxr.exe
  C:\Windows\System\AfFsPxr.exe
  2⤵
  PID:5876
- C:\Windows\System\IijqvXu.exe
  C:\Windows\System\IijqvXu.exe
  2⤵
  PID:5908
- C:\Windows\System\ooZdJhh.exe
  C:\Windows\System\ooZdJhh.exe
  2⤵
  PID:5932
- C:\Windows\System\lAWZmVH.exe
  C:\Windows\System\lAWZmVH.exe
  2⤵
  PID:5960
- C:\Windows\System\IACTwtD.exe
  C:\Windows\System\IACTwtD.exe
  2⤵
  PID:5988
- C:\Windows\System\qIYKLch.exe
  C:\Windows\System\qIYKLch.exe
  2⤵
  PID:6016
- C:\Windows\System\PSJPqGQ.exe
  C:\Windows\System\PSJPqGQ.exe
  2⤵
  PID:6044
- C:\Windows\System\vOVxhft.exe
  C:\Windows\System\vOVxhft.exe
  2⤵
  PID:6072
- C:\Windows\System\LaGaqEG.exe
  C:\Windows\System\LaGaqEG.exe
  2⤵
  PID:6100
- C:\Windows\System\iraDcsX.exe
  C:\Windows\System\iraDcsX.exe
  2⤵
  PID:6128
- C:\Windows\System\ovqvDZF.exe
  C:\Windows\System\ovqvDZF.exe
  2⤵
  PID:4128
- C:\Windows\System\xBHrJLV.exe
  C:\Windows\System\xBHrJLV.exe
  2⤵
  PID:2060
- C:\Windows\System\jhiMVCH.exe
  C:\Windows\System\jhiMVCH.exe
  2⤵
  PID:1280
- C:\Windows\System\pIEnuVn.exe
  C:\Windows\System\pIEnuVn.exe
  2⤵
  PID:1264
- C:\Windows\System\gCIMgCd.exe
  C:\Windows\System\gCIMgCd.exe
  2⤵
  PID:4408
- C:\Windows\System\ebZMjrD.exe
  C:\Windows\System\ebZMjrD.exe
  2⤵
  PID:676
- C:\Windows\System\fENvDXv.exe
  C:\Windows\System\fENvDXv.exe
  2⤵
  PID:5168
- C:\Windows\System\WPvYjws.exe
  C:\Windows\System\WPvYjws.exe
  2⤵
  PID:5244
- C:\Windows\System\inuwzLF.exe
  C:\Windows\System\inuwzLF.exe
  2⤵
  PID:5304
- C:\Windows\System\atjHPWD.exe
  C:\Windows\System\atjHPWD.exe
  2⤵
  PID:5364
- C:\Windows\System\lkYDLyu.exe
  C:\Windows\System\lkYDLyu.exe
  2⤵
  PID:5440
- C:\Windows\System\YEvousR.exe
  C:\Windows\System\YEvousR.exe
  2⤵
  PID:5500
- C:\Windows\System\TlAPsJE.exe
  C:\Windows\System\TlAPsJE.exe
  2⤵
  PID:5556
- C:\Windows\System\PWSkslN.exe
  C:\Windows\System\PWSkslN.exe
  2⤵
  PID:5636
- C:\Windows\System\NkNiMdr.exe
  C:\Windows\System\NkNiMdr.exe
  2⤵
  PID:5704
- C:\Windows\System\PwnzOwq.exe
  C:\Windows\System\PwnzOwq.exe
  2⤵
  PID:5780
- C:\Windows\System\TIUJsSA.exe
  C:\Windows\System\TIUJsSA.exe
  2⤵
  PID:5860
- C:\Windows\System\cCuvYzP.exe
  C:\Windows\System\cCuvYzP.exe
  2⤵
  PID:5892
- C:\Windows\System\fItqiAZ.exe
  C:\Windows\System\fItqiAZ.exe
  2⤵
  PID:5952
- C:\Windows\System\iLysQTV.exe
  C:\Windows\System\iLysQTV.exe
  2⤵
  PID:6028
- C:\Windows\System\BdAVVEc.exe
  C:\Windows\System\BdAVVEc.exe
  2⤵
  PID:6064
- C:\Windows\System\kQZRxWt.exe
  C:\Windows\System\kQZRxWt.exe
  2⤵
  PID:3612
- C:\Windows\System\trXsiNO.exe
  C:\Windows\System\trXsiNO.exe
  2⤵
  PID:4868
- C:\Windows\System\nVDFmVV.exe
  C:\Windows\System\nVDFmVV.exe
  2⤵
  PID:2464
- C:\Windows\System\jVmzSZt.exe
  C:\Windows\System\jVmzSZt.exe
  2⤵
  PID:5160
- C:\Windows\System\EDQrZlw.exe
  C:\Windows\System\EDQrZlw.exe
  2⤵
  PID:5336
- C:\Windows\System\kmjsbWJ.exe
  C:\Windows\System\kmjsbWJ.exe
  2⤵
  PID:5476
- C:\Windows\System\cSvjhLi.exe
  C:\Windows\System\cSvjhLi.exe
  2⤵
  PID:5612
- C:\Windows\System\pPeWEGO.exe
  C:\Windows\System\pPeWEGO.exe
  2⤵
  PID:5776
- C:\Windows\System\laLEVDJ.exe
  C:\Windows\System\laLEVDJ.exe
  2⤵
  PID:5928
- C:\Windows\System\hIeVECi.exe
  C:\Windows\System\hIeVECi.exe
  2⤵
  PID:6112
- C:\Windows\System\BLDBXow.exe
  C:\Windows\System\BLDBXow.exe
  2⤵
  PID:3048
- C:\Windows\System\wdEWyIg.exe
  C:\Windows\System\wdEWyIg.exe
  2⤵
  PID:5280
- C:\Windows\System\RrETzvm.exe
  C:\Windows\System\RrETzvm.exe
  2⤵
  PID:2960
- C:\Windows\System\mmxMccC.exe
  C:\Windows\System\mmxMccC.exe
  2⤵
  PID:5888
- C:\Windows\System\VWUZvyP.exe
  C:\Windows\System\VWUZvyP.exe
  2⤵
  PID:6168
- C:\Windows\System\HKbUtZE.exe
  C:\Windows\System\HKbUtZE.exe
  2⤵
  PID:6196
- C:\Windows\System\nvwvyaJ.exe
  C:\Windows\System\nvwvyaJ.exe
  2⤵
  PID:6224
- C:\Windows\System\rEycOjv.exe
  C:\Windows\System\rEycOjv.exe
  2⤵
  PID:6252
- C:\Windows\System\HvwpOpl.exe
  C:\Windows\System\HvwpOpl.exe
  2⤵
  PID:6280
- C:\Windows\System\cszAsfZ.exe
  C:\Windows\System\cszAsfZ.exe
  2⤵
  PID:6308
- C:\Windows\System\cEogGyL.exe
  C:\Windows\System\cEogGyL.exe
  2⤵
  PID:6332
- C:\Windows\System\dhrBNTC.exe
  C:\Windows\System\dhrBNTC.exe
  2⤵
  PID:6364
- C:\Windows\System\JZfxoWb.exe
  C:\Windows\System\JZfxoWb.exe
  2⤵
  PID:6392
- C:\Windows\System\bLYxOKc.exe
  C:\Windows\System\bLYxOKc.exe
  2⤵
  PID:6420
- C:\Windows\System\pyztiau.exe
  C:\Windows\System\pyztiau.exe
  2⤵
  PID:6448
- C:\Windows\System\uJMUeKd.exe
  C:\Windows\System\uJMUeKd.exe
  2⤵
  PID:6476
- C:\Windows\System\wwucvss.exe
  C:\Windows\System\wwucvss.exe
  2⤵
  PID:6504
- C:\Windows\System\tzKTavW.exe
  C:\Windows\System\tzKTavW.exe
  2⤵
  PID:6532
- C:\Windows\System\FwZmZDd.exe
  C:\Windows\System\FwZmZDd.exe
  2⤵
  PID:6560
- C:\Windows\System\sJSkZCz.exe
  C:\Windows\System\sJSkZCz.exe
  2⤵
  PID:6588
- C:\Windows\System\zPdGTaL.exe
  C:\Windows\System\zPdGTaL.exe
  2⤵
  PID:6616
- C:\Windows\System\yjrubgS.exe
  C:\Windows\System\yjrubgS.exe
  2⤵
  PID:6644
- C:\Windows\System\psSxWlI.exe
  C:\Windows\System\psSxWlI.exe
  2⤵
  PID:6672
- C:\Windows\System\xdcKZPd.exe
  C:\Windows\System\xdcKZPd.exe
  2⤵
  PID:6700
- C:\Windows\System\RGlCjbm.exe
  C:\Windows\System\RGlCjbm.exe
  2⤵
  PID:6788
- C:\Windows\System\ztXsewr.exe
  C:\Windows\System\ztXsewr.exe
  2⤵
  PID:6816
- C:\Windows\System\nKpkVWD.exe
  C:\Windows\System\nKpkVWD.exe
  2⤵
  PID:6840
- C:\Windows\System\FLdYbnk.exe
  C:\Windows\System\FLdYbnk.exe
  2⤵
  PID:6864
- C:\Windows\System\LQXbCez.exe
  C:\Windows\System\LQXbCez.exe
  2⤵
  PID:6880
- C:\Windows\System\iXfskoZ.exe
  C:\Windows\System\iXfskoZ.exe
  2⤵
  PID:6896
- C:\Windows\System\APDlUqU.exe
  C:\Windows\System\APDlUqU.exe
  2⤵
  PID:6916
- C:\Windows\System\PRJqIPw.exe
  C:\Windows\System\PRJqIPw.exe
  2⤵
  PID:6940
- C:\Windows\System\HFuMxPG.exe
  C:\Windows\System\HFuMxPG.exe
  2⤵
  PID:6964
- C:\Windows\System\EApzixY.exe
  C:\Windows\System\EApzixY.exe
  2⤵
  PID:7012
- C:\Windows\System\RapWPfx.exe
  C:\Windows\System\RapWPfx.exe
  2⤵
  PID:7032
- C:\Windows\System\vfDsJEy.exe
  C:\Windows\System\vfDsJEy.exe
  2⤵
  PID:7060
- C:\Windows\System\KnMyXix.exe
  C:\Windows\System\KnMyXix.exe
  2⤵
  PID:7080
- C:\Windows\System\TMUxXzf.exe
  C:\Windows\System\TMUxXzf.exe
  2⤵
  PID:7108
- C:\Windows\System\xPdYiKP.exe
  C:\Windows\System\xPdYiKP.exe
  2⤵
  PID:7124
- C:\Windows\System\ExDTnQS.exe
  C:\Windows\System\ExDTnQS.exe
  2⤵
  PID:7144
- C:\Windows\System\hYvBnaK.exe
  C:\Windows\System\hYvBnaK.exe
  2⤵
  PID:2344
- C:\Windows\System\YBPUKgO.exe
  C:\Windows\System\YBPUKgO.exe
  2⤵
  PID:5752
- C:\Windows\System\YDqxYAa.exe
  C:\Windows\System\YDqxYAa.exe
  2⤵
  PID:6184
- C:\Windows\System\AXdsopA.exe
  C:\Windows\System\AXdsopA.exe
  2⤵
  PID:6216
- C:\Windows\System\dzfiEdD.exe
  C:\Windows\System\dzfiEdD.exe
  2⤵
  PID:6264
- C:\Windows\System\svBeHtn.exe
  C:\Windows\System\svBeHtn.exe
  2⤵
  PID:4108
- C:\Windows\System\VGqPwsZ.exe
  C:\Windows\System\VGqPwsZ.exe
  2⤵
  PID:6384
- C:\Windows\System\hLdxYZH.exe
  C:\Windows\System\hLdxYZH.exe
  2⤵
  PID:6440
- C:\Windows\System\RAhUTRE.exe
  C:\Windows\System\RAhUTRE.exe
  2⤵
  PID:6524
- C:\Windows\System\lxCcobM.exe
  C:\Windows\System\lxCcobM.exe
  2⤵
  PID:1348
- C:\Windows\System\UTuGmFn.exe
  C:\Windows\System\UTuGmFn.exe
  2⤵
  PID:6604
- C:\Windows\System\KHfjEnq.exe
  C:\Windows\System\KHfjEnq.exe
  2⤵
  PID:4964
- C:\Windows\System\TTWnuqK.exe
  C:\Windows\System\TTWnuqK.exe
  2⤵
  PID:6664
- C:\Windows\System\YUNqYiK.exe
  C:\Windows\System\YUNqYiK.exe
  2⤵
  PID:3420
- C:\Windows\System\xhLMgKO.exe
  C:\Windows\System\xhLMgKO.exe
  2⤵
  PID:2360
- C:\Windows\System\vIfEKXF.exe
  C:\Windows\System\vIfEKXF.exe
  2⤵
  PID:1616
- C:\Windows\System\GKzuVkF.exe
  C:\Windows\System\GKzuVkF.exe
  2⤵
  PID:4656
- C:\Windows\System\rnBOxSl.exe
  C:\Windows\System\rnBOxSl.exe
  2⤵
  PID:4672
- C:\Windows\System\QPtTnOo.exe
  C:\Windows\System\QPtTnOo.exe
  2⤵
  PID:3960
- C:\Windows\System\jwlLHoK.exe
  C:\Windows\System\jwlLHoK.exe
  2⤵
  PID:6776
- C:\Windows\System\sVqdAlR.exe
  C:\Windows\System\sVqdAlR.exe
  2⤵
  PID:636
- C:\Windows\System\OdrMOSn.exe
  C:\Windows\System\OdrMOSn.exe
  2⤵
  PID:3180
- C:\Windows\System\LvDvLEu.exe
  C:\Windows\System\LvDvLEu.exe
  2⤵
  PID:4216
- C:\Windows\System\rovSJUn.exe
  C:\Windows\System\rovSJUn.exe
  2⤵
  PID:6996
- C:\Windows\System\LqYsFcE.exe
  C:\Windows\System\LqYsFcE.exe
  2⤵
  PID:6960
- C:\Windows\System\HhLwdYz.exe
  C:\Windows\System\HhLwdYz.exe
  2⤵
  PID:7088
- C:\Windows\System\sMXpukH.exe
  C:\Windows\System\sMXpukH.exe
  2⤵
  PID:7132
- C:\Windows\System\PYdzKIz.exe
  C:\Windows\System\PYdzKIz.exe
  2⤵
  PID:4516
- C:\Windows\System\EKibVsE.exe
  C:\Windows\System\EKibVsE.exe
  2⤵
  PID:6328
- C:\Windows\System\lVrwJDj.exe
  C:\Windows\System\lVrwJDj.exe
  2⤵
  PID:6212
- C:\Windows\System\oibzlpB.exe
  C:\Windows\System\oibzlpB.exe
  2⤵
  PID:6436
- C:\Windows\System\YZpGntM.exe
  C:\Windows\System\YZpGntM.exe
  2⤵
  PID:6936
- C:\Windows\System\gCDqZSO.exe
  C:\Windows\System\gCDqZSO.exe
  2⤵
  PID:7116
- C:\Windows\System\rCnndSc.exe
  C:\Windows\System\rCnndSc.exe
  2⤵
  PID:3664
- C:\Windows\System\gINTenm.exe
  C:\Windows\System\gINTenm.exe
  2⤵
  PID:4124
- C:\Windows\System\PTkPqyQ.exe
  C:\Windows\System\PTkPqyQ.exe
  2⤵
  PID:6244
- C:\Windows\System\lSDUGGp.exe
  C:\Windows\System\lSDUGGp.exe
  2⤵
  PID:7196
- C:\Windows\System\mzXUsJt.exe
  C:\Windows\System\mzXUsJt.exe
  2⤵
  PID:7232
- C:\Windows\System\MjcoHjw.exe
  C:\Windows\System\MjcoHjw.exe
  2⤵
  PID:7252
- C:\Windows\System\YGuPqFx.exe
  C:\Windows\System\YGuPqFx.exe
  2⤵
  PID:7296
- C:\Windows\System\ubYMZyH.exe
  C:\Windows\System\ubYMZyH.exe
  2⤵
  PID:7340
- C:\Windows\System\rbgYuAq.exe
  C:\Windows\System\rbgYuAq.exe
  2⤵
  PID:7360
- C:\Windows\System\BZJcUGW.exe
  C:\Windows\System\BZJcUGW.exe
  2⤵
  PID:7400
- C:\Windows\System\lhlodbb.exe
  C:\Windows\System\lhlodbb.exe
  2⤵
  PID:7472
- C:\Windows\System\BwigfXK.exe
  C:\Windows\System\BwigfXK.exe
  2⤵
  PID:7500
- C:\Windows\System\WOsOXjx.exe
  C:\Windows\System\WOsOXjx.exe
  2⤵
  PID:7528
- C:\Windows\System\wXApdQR.exe
  C:\Windows\System\wXApdQR.exe
  2⤵
  PID:7556
- C:\Windows\System\mKgIqqG.exe
  C:\Windows\System\mKgIqqG.exe
  2⤵
  PID:7596
- C:\Windows\System\WhczJEi.exe
  C:\Windows\System\WhczJEi.exe
  2⤵
  PID:7620
- C:\Windows\System\UHQKDzH.exe
  C:\Windows\System\UHQKDzH.exe
  2⤵
  PID:7648
- C:\Windows\System\QLEIzJT.exe
  C:\Windows\System\QLEIzJT.exe
  2⤵
  PID:7680
- C:\Windows\System\IwXUPhF.exe
  C:\Windows\System\IwXUPhF.exe
  2⤵
  PID:7704
- C:\Windows\System\meOCJnL.exe
  C:\Windows\System\meOCJnL.exe
  2⤵
  PID:7736
- C:\Windows\System\hLbXZwG.exe
  C:\Windows\System\hLbXZwG.exe
  2⤵
  PID:7756
- C:\Windows\System\OuYQElQ.exe
  C:\Windows\System\OuYQElQ.exe
  2⤵
  PID:7776
- C:\Windows\System\qfpvEMQ.exe
  C:\Windows\System\qfpvEMQ.exe
  2⤵
  PID:7820
- C:\Windows\System\dAEOkIT.exe
  C:\Windows\System\dAEOkIT.exe
  2⤵
  PID:7852
- C:\Windows\System\OIIRZZY.exe
  C:\Windows\System\OIIRZZY.exe
  2⤵
  PID:7884
- C:\Windows\System\gadyrFg.exe
  C:\Windows\System\gadyrFg.exe
  2⤵
  PID:7904
- C:\Windows\System\ZWJCFpG.exe
  C:\Windows\System\ZWJCFpG.exe
  2⤵
  PID:7948
- C:\Windows\System\VTXfvGt.exe
  C:\Windows\System\VTXfvGt.exe
  2⤵
  PID:7968
- C:\Windows\System\ZrNTQdU.exe
  C:\Windows\System\ZrNTQdU.exe
  2⤵
  PID:7992
- C:\Windows\System\RNUWMcs.exe
  C:\Windows\System\RNUWMcs.exe
  2⤵
  PID:8012
- C:\Windows\System\sZmgVTx.exe
  C:\Windows\System\sZmgVTx.exe
  2⤵
  PID:8052
- C:\Windows\System\IJpzuWq.exe
  C:\Windows\System\IJpzuWq.exe
  2⤵
  PID:8092
- C:\Windows\System\hYoDthH.exe
  C:\Windows\System\hYoDthH.exe
  2⤵
  PID:8108
- C:\Windows\System\FBmYcXt.exe
  C:\Windows\System\FBmYcXt.exe
  2⤵
  PID:8124
- C:\Windows\System\mkGDtcj.exe
  C:\Windows\System\mkGDtcj.exe
  2⤵
  PID:8160
- C:\Windows\System\RzaLGqC.exe
  C:\Windows\System\RzaLGqC.exe
  2⤵
  PID:7176
- C:\Windows\System\FhzaUPQ.exe
  C:\Windows\System\FhzaUPQ.exe
  2⤵
  PID:7260
- C:\Windows\System\BkNQkLB.exe
  C:\Windows\System\BkNQkLB.exe
  2⤵
  PID:6732
- C:\Windows\System\QJFmbGr.exe
  C:\Windows\System\QJFmbGr.exe
  2⤵
  PID:7336
- C:\Windows\System\rzkmNzB.exe
  C:\Windows\System\rzkmNzB.exe
  2⤵
  PID:7388
- C:\Windows\System\KNHnwUV.exe
  C:\Windows\System\KNHnwUV.exe
  2⤵
  PID:7484
- C:\Windows\System\VVGbyUR.exe
  C:\Windows\System\VVGbyUR.exe
  2⤵
  PID:7552
- C:\Windows\System\MQYeGCo.exe
  C:\Windows\System\MQYeGCo.exe
  2⤵
  PID:7584
- C:\Windows\System\FxFFdco.exe
  C:\Windows\System\FxFFdco.exe
  2⤵
  PID:6756
- C:\Windows\System\PcclBVD.exe
  C:\Windows\System\PcclBVD.exe
  2⤵
  PID:7712
- C:\Windows\System\MjhyMNQ.exe
  C:\Windows\System\MjhyMNQ.exe
  2⤵
  PID:7748
- C:\Windows\System\MVntzoo.exe
  C:\Windows\System\MVntzoo.exe
  2⤵
  PID:7832
- C:\Windows\System\dHtPOUR.exe
  C:\Windows\System\dHtPOUR.exe
  2⤵
  PID:7880
- C:\Windows\System\JCwQYWL.exe
  C:\Windows\System\JCwQYWL.exe
  2⤵
  PID:7960
- C:\Windows\System\oTnLYjI.exe
  C:\Windows\System\oTnLYjI.exe
  2⤵
  PID:6752
- C:\Windows\System\ZjSwvCI.exe
  C:\Windows\System\ZjSwvCI.exe
  2⤵
  PID:8076
- C:\Windows\System\eCstzyx.exe
  C:\Windows\System\eCstzyx.exe
  2⤵
  PID:8136
- C:\Windows\System\LnyHhtH.exe
  C:\Windows\System\LnyHhtH.exe
  2⤵
  PID:8188
- C:\Windows\System\KyqGNJB.exe
  C:\Windows\System\KyqGNJB.exe
  2⤵
  PID:7100
- C:\Windows\System\VlqHRQH.exe
  C:\Windows\System\VlqHRQH.exe
  2⤵
  PID:6740
- C:\Windows\System\wcGsJeb.exe
  C:\Windows\System\wcGsJeb.exe
  2⤵
  PID:748
- C:\Windows\System\QfwwEAP.exe
  C:\Windows\System\QfwwEAP.exe
  2⤵
  PID:7636
- C:\Windows\System\UALrTCb.exe
  C:\Windows\System\UALrTCb.exe
  2⤵
  PID:7772
- C:\Windows\System\ytXllfi.exe
  C:\Windows\System\ytXllfi.exe
  2⤵
  PID:6744
- C:\Windows\System\EnuIAPW.exe
  C:\Windows\System\EnuIAPW.exe
  2⤵
  PID:4760
- C:\Windows\System\capooZm.exe
  C:\Windows\System\capooZm.exe
  2⤵
  PID:6848
- C:\Windows\System\DXeiIHP.exe
  C:\Windows\System\DXeiIHP.exe
  2⤵
  PID:2324
- C:\Windows\System\opkliNl.exe
  C:\Windows\System\opkliNl.exe
  2⤵
  PID:3584
- C:\Windows\System\FhzdWQC.exe
  C:\Windows\System\FhzdWQC.exe
  2⤵
  PID:7412
- C:\Windows\System\NLBeWkU.exe
  C:\Windows\System\NLBeWkU.exe
  2⤵
  PID:7568
- C:\Windows\System\wXcmptk.exe
  C:\Windows\System\wXcmptk.exe
  2⤵
  PID:7976
- C:\Windows\System\kHoYGQj.exe
  C:\Windows\System\kHoYGQj.exe
  2⤵
  PID:7240
- C:\Windows\System\ABFuEfZ.exe
  C:\Windows\System\ABFuEfZ.exe
  2⤵
  PID:7520
- C:\Windows\System\CXIcgOe.exe
  C:\Windows\System\CXIcgOe.exe
  2⤵
  PID:2352
- C:\Windows\System\xmFAlrL.exe
  C:\Windows\System\xmFAlrL.exe
  2⤵
  PID:8228
- C:\Windows\System\OKZYAhg.exe
  C:\Windows\System\OKZYAhg.exe
  2⤵
  PID:8260
- C:\Windows\System\xycAYJa.exe
  C:\Windows\System\xycAYJa.exe
  2⤵
  PID:8292
- C:\Windows\System\PedwyoU.exe
  C:\Windows\System\PedwyoU.exe
  2⤵
  PID:8320
- C:\Windows\System\SKqngqG.exe
  C:\Windows\System\SKqngqG.exe
  2⤵
  PID:8348
- C:\Windows\System\bSnSOgs.exe
  C:\Windows\System\bSnSOgs.exe
  2⤵
  PID:8376
- C:\Windows\System\BynBgHb.exe
  C:\Windows\System\BynBgHb.exe
  2⤵
  PID:8396
- C:\Windows\System\ZFTbNfs.exe
  C:\Windows\System\ZFTbNfs.exe
  2⤵
  PID:8432
- C:\Windows\System\OkFkVEE.exe
  C:\Windows\System\OkFkVEE.exe
  2⤵
  PID:8460
- C:\Windows\System\IPlfpDy.exe
  C:\Windows\System\IPlfpDy.exe
  2⤵
  PID:8488
- C:\Windows\System\LQVFYXB.exe
  C:\Windows\System\LQVFYXB.exe
  2⤵
  PID:8524
- C:\Windows\System\zXJXQNr.exe
  C:\Windows\System\zXJXQNr.exe
  2⤵
  PID:8552
- C:\Windows\System\KFJwONy.exe
  C:\Windows\System\KFJwONy.exe
  2⤵
  PID:8584
- C:\Windows\System\xKsyjis.exe
  C:\Windows\System\xKsyjis.exe
  2⤵
  PID:8612
- C:\Windows\System\naDckRs.exe
  C:\Windows\System\naDckRs.exe
  2⤵
  PID:8640
- C:\Windows\System\QWYGLpe.exe
  C:\Windows\System\QWYGLpe.exe
  2⤵
  PID:8668
- C:\Windows\System\jaIlIDt.exe
  C:\Windows\System\jaIlIDt.exe
  2⤵
  PID:8696
- C:\Windows\System\GxCVLvQ.exe
  C:\Windows\System\GxCVLvQ.exe
  2⤵
  PID:8724
- C:\Windows\System\ymDMarE.exe
  C:\Windows\System\ymDMarE.exe
  2⤵
  PID:8760
- C:\Windows\System\yYpjhdd.exe
  C:\Windows\System\yYpjhdd.exe
  2⤵
  PID:8788
- C:\Windows\System\XuhzWsa.exe
  C:\Windows\System\XuhzWsa.exe
  2⤵
  PID:8816
- C:\Windows\System\hwhLhxT.exe
  C:\Windows\System\hwhLhxT.exe
  2⤵
  PID:8848
- C:\Windows\System\HdyHYWq.exe
  C:\Windows\System\HdyHYWq.exe
  2⤵
  PID:8872
- C:\Windows\System\UoPOwUl.exe
  C:\Windows\System\UoPOwUl.exe
  2⤵
  PID:8900
- C:\Windows\System\PomOjOy.exe
  C:\Windows\System\PomOjOy.exe
  2⤵
  PID:8928
- C:\Windows\System\BcWtOMn.exe
  C:\Windows\System\BcWtOMn.exe
  2⤵
  PID:8964
- C:\Windows\System\YyTiasO.exe
  C:\Windows\System\YyTiasO.exe
  2⤵
  PID:8984
- C:\Windows\System\YBcgsBK.exe
  C:\Windows\System\YBcgsBK.exe
  2⤵
  PID:9012
- C:\Windows\System\jKXcKQe.exe
  C:\Windows\System\jKXcKQe.exe
  2⤵
  PID:9040
- C:\Windows\System\RDeZKyn.exe
  C:\Windows\System\RDeZKyn.exe
  2⤵
  PID:9068
- C:\Windows\System\uZBuMym.exe
  C:\Windows\System\uZBuMym.exe
  2⤵
  PID:9096
- C:\Windows\System\veOSnHd.exe
  C:\Windows\System\veOSnHd.exe
  2⤵
  PID:9124
- C:\Windows\System\vzHgUhu.exe
  C:\Windows\System\vzHgUhu.exe
  2⤵
  PID:9152
- C:\Windows\System\kHzbIlF.exe
  C:\Windows\System\kHzbIlF.exe
  2⤵
  PID:9184
- C:\Windows\System\GGUdObZ.exe
  C:\Windows\System\GGUdObZ.exe
  2⤵
  PID:8064
- C:\Windows\System\hODIBIX.exe
  C:\Windows\System\hODIBIX.exe
  2⤵
  PID:8252
- C:\Windows\System\BqkwINj.exe
  C:\Windows\System\BqkwINj.exe
  2⤵
  PID:8284
- C:\Windows\System\vHoIwVg.exe
  C:\Windows\System\vHoIwVg.exe
  2⤵
  PID:8316
- C:\Windows\System\OIHtgOD.exe
  C:\Windows\System\OIHtgOD.exe
  2⤵
  PID:8372
- C:\Windows\System\viTsXWH.exe
  C:\Windows\System\viTsXWH.exe
  2⤵
  PID:8448
- C:\Windows\System\Inqagoj.exe
  C:\Windows\System\Inqagoj.exe
  2⤵
  PID:8516
- C:\Windows\System\iWUaDuB.exe
  C:\Windows\System\iWUaDuB.exe
  2⤵
  PID:8628
- C:\Windows\System\IAwBUmb.exe
  C:\Windows\System\IAwBUmb.exe
  2⤵
  PID:8688
- C:\Windows\System\lCKYzPO.exe
  C:\Windows\System\lCKYzPO.exe
  2⤵
  PID:8784
- C:\Windows\System\bmaoqPe.exe
  C:\Windows\System\bmaoqPe.exe
  2⤵
  PID:8856
- C:\Windows\System\awHEbzE.exe
  C:\Windows\System\awHEbzE.exe
  2⤵
  PID:8916
- C:\Windows\System\OBNkerb.exe
  C:\Windows\System\OBNkerb.exe
  2⤵
  PID:8976
- C:\Windows\System\ZMZKTlC.exe
  C:\Windows\System\ZMZKTlC.exe
  2⤵
  PID:9036
- C:\Windows\System\EPoSLpV.exe
  C:\Windows\System\EPoSLpV.exe
  2⤵
  PID:9108
- C:\Windows\System\vEaZqVD.exe
  C:\Windows\System\vEaZqVD.exe
  2⤵
  PID:9176
- C:\Windows\System\ydlRzyl.exe
  C:\Windows\System\ydlRzyl.exe
  2⤵
  PID:8208
- C:\Windows\System\ArhXgTt.exe
  C:\Windows\System\ArhXgTt.exe
  2⤵
  PID:8424
- C:\Windows\System\nIkObvj.exe
  C:\Windows\System\nIkObvj.exe
  2⤵
  PID:8544
- C:\Windows\System\DHxZjVi.exe
  C:\Windows\System\DHxZjVi.exe
  2⤵
  PID:8748
- C:\Windows\System\CyyrHUJ.exe
  C:\Windows\System\CyyrHUJ.exe
  2⤵
  PID:8896
- C:\Windows\System\SUQpwus.exe
  C:\Windows\System\SUQpwus.exe
  2⤵
  PID:9064
- C:\Windows\System\FlHsiVB.exe
  C:\Windows\System\FlHsiVB.exe
  2⤵
  PID:8212
- C:\Windows\System\VwFUsyU.exe
  C:\Windows\System\VwFUsyU.exe
  2⤵
  PID:8512
- C:\Windows\System\TockNNq.exe
  C:\Windows\System\TockNNq.exe
  2⤵
  PID:8972
- C:\Windows\System\FdPiLah.exe
  C:\Windows\System\FdPiLah.exe
  2⤵
  PID:8392
- C:\Windows\System\IuPuekZ.exe
  C:\Windows\System\IuPuekZ.exe
  2⤵
  PID:8496
- C:\Windows\System\aoDkAjg.exe
  C:\Windows\System\aoDkAjg.exe
  2⤵
  PID:9232
- C:\Windows\System\IebzqTR.exe
  C:\Windows\System\IebzqTR.exe
  2⤵
  PID:9260
- C:\Windows\System\huZQOBa.exe
  C:\Windows\System\huZQOBa.exe
  2⤵
  PID:9288
- C:\Windows\System\kyYgjwL.exe
  C:\Windows\System\kyYgjwL.exe
  2⤵
  PID:9316
- C:\Windows\System\YWpFYjm.exe
  C:\Windows\System\YWpFYjm.exe
  2⤵
  PID:9348
- C:\Windows\System\DVoVWGo.exe
  C:\Windows\System\DVoVWGo.exe
  2⤵
  PID:9376
- C:\Windows\System\VeAmHQH.exe
  C:\Windows\System\VeAmHQH.exe
  2⤵
  PID:9404
- C:\Windows\System\iPtWzzV.exe
  C:\Windows\System\iPtWzzV.exe
  2⤵
  PID:9432
- C:\Windows\System\QelnCNu.exe
  C:\Windows\System\QelnCNu.exe
  2⤵
  PID:9460
- C:\Windows\System\fPeJlyY.exe
  C:\Windows\System\fPeJlyY.exe
  2⤵
  PID:9476
- C:\Windows\System\VTIQNlm.exe
  C:\Windows\System\VTIQNlm.exe
  2⤵
  PID:9516
- C:\Windows\System\KHCVxfQ.exe
  C:\Windows\System\KHCVxfQ.exe
  2⤵
  PID:9544
- C:\Windows\System\pnTmCKd.exe
  C:\Windows\System\pnTmCKd.exe
  2⤵
  PID:9572
- C:\Windows\System\EmGPSob.exe
  C:\Windows\System\EmGPSob.exe
  2⤵
  PID:9600
- C:\Windows\System\YsYHBjZ.exe
  C:\Windows\System\YsYHBjZ.exe
  2⤵
  PID:9628
- C:\Windows\System\gaHBDMs.exe
  C:\Windows\System\gaHBDMs.exe
  2⤵
  PID:9656
- C:\Windows\System\AaQonEk.exe
  C:\Windows\System\AaQonEk.exe
  2⤵
  PID:9684
- C:\Windows\System\OLoAkCi.exe
  C:\Windows\System\OLoAkCi.exe
  2⤵
  PID:9708
- C:\Windows\System\kFGNYYl.exe
  C:\Windows\System\kFGNYYl.exe
  2⤵
  PID:9728
- C:\Windows\System\eXQJwFT.exe
  C:\Windows\System\eXQJwFT.exe
  2⤵
  PID:9756
- C:\Windows\System\aDYbjHL.exe
  C:\Windows\System\aDYbjHL.exe
  2⤵
  PID:9796
- C:\Windows\System\kjPvFbj.exe
  C:\Windows\System\kjPvFbj.exe
  2⤵
  PID:9824
- C:\Windows\System\pvWnYgf.exe
  C:\Windows\System\pvWnYgf.exe
  2⤵
  PID:9840
- C:\Windows\System\TRfxOer.exe
  C:\Windows\System\TRfxOer.exe
  2⤵
  PID:9864
- C:\Windows\System\fmUXeam.exe
  C:\Windows\System\fmUXeam.exe
  2⤵
  PID:9896
- C:\Windows\System\DpDtRif.exe
  C:\Windows\System\DpDtRif.exe
  2⤵
  PID:9912
- C:\Windows\System\TiStJKk.exe
  C:\Windows\System\TiStJKk.exe
  2⤵
  PID:9956
- C:\Windows\System\cFrdSUh.exe
  C:\Windows\System\cFrdSUh.exe
  2⤵
  PID:9992
- C:\Windows\System\hIoqoCA.exe
  C:\Windows\System\hIoqoCA.exe
  2⤵
  PID:10024
- C:\Windows\System\DCrWYfN.exe
  C:\Windows\System\DCrWYfN.exe
  2⤵
  PID:10040
- C:\Windows\System\VgLUjdS.exe
  C:\Windows\System\VgLUjdS.exe
  2⤵
  PID:10068
- C:\Windows\System\ZjpoqGr.exe
  C:\Windows\System\ZjpoqGr.exe
  2⤵
  PID:10108
- C:\Windows\System\nDZuLFc.exe
  C:\Windows\System\nDZuLFc.exe
  2⤵
  PID:10132
- C:\Windows\System\upmliSj.exe
  C:\Windows\System\upmliSj.exe
  2⤵
  PID:10164
- C:\Windows\System\MribRoo.exe
  C:\Windows\System\MribRoo.exe
  2⤵
  PID:10188
- C:\Windows\System\ctBDMXB.exe
  C:\Windows\System\ctBDMXB.exe
  2⤵
  PID:10220
- C:\Windows\System\UFVorCb.exe
  C:\Windows\System\UFVorCb.exe
  2⤵
  PID:9228
- C:\Windows\System\lYRkxlR.exe
  C:\Windows\System\lYRkxlR.exe
  2⤵
  PID:9300
- C:\Windows\System\WJfkVoK.exe
  C:\Windows\System\WJfkVoK.exe
  2⤵
  PID:9368
- C:\Windows\System\OazpksM.exe
  C:\Windows\System\OazpksM.exe
  2⤵
  PID:9428
- C:\Windows\System\pPjsHXg.exe
  C:\Windows\System\pPjsHXg.exe
  2⤵
  PID:9468
- C:\Windows\System\CaghbnL.exe
  C:\Windows\System\CaghbnL.exe
  2⤵
  PID:9564
- C:\Windows\System\nMQXUhP.exe
  C:\Windows\System\nMQXUhP.exe
  2⤵
  PID:9620
- C:\Windows\System\DhRFgLb.exe
  C:\Windows\System\DhRFgLb.exe
  2⤵
  PID:9680
- C:\Windows\System\PmXsxZa.exe
  C:\Windows\System\PmXsxZa.exe
  2⤵
  PID:9740
- C:\Windows\System\UcQbNah.exe
  C:\Windows\System\UcQbNah.exe
  2⤵
  PID:9816
- C:\Windows\System\AETHGKm.exe
  C:\Windows\System\AETHGKm.exe
  2⤵
  PID:9856
- C:\Windows\System\fsTJGoP.exe
  C:\Windows\System\fsTJGoP.exe
  2⤵
  PID:9936
- C:\Windows\System\wLfqHAo.exe
  C:\Windows\System\wLfqHAo.exe
  2⤵
  PID:9980
- C:\Windows\System\EBNeFMd.exe
  C:\Windows\System\EBNeFMd.exe
  2⤵
  PID:10080
- C:\Windows\System\CpiOjbx.exe
  C:\Windows\System\CpiOjbx.exe
  2⤵
  PID:10140
- C:\Windows\System\waFeBNR.exe
  C:\Windows\System\waFeBNR.exe
  2⤵
  PID:10180
- C:\Windows\System\ZwrIRwt.exe
  C:\Windows\System\ZwrIRwt.exe
  2⤵
  PID:9284
- C:\Windows\System\InifMvO.exe
  C:\Windows\System\InifMvO.exe
  2⤵
  PID:9448
- C:\Windows\System\dYhYDaf.exe
  C:\Windows\System\dYhYDaf.exe
  2⤵
  PID:9532
- C:\Windows\System\LDaiIdi.exe
  C:\Windows\System\LDaiIdi.exe
  2⤵
  PID:9672
- C:\Windows\System\SWuwRTj.exe
  C:\Windows\System\SWuwRTj.exe
  2⤵
  PID:9836
- C:\Windows\System\DmxtKiJ.exe
  C:\Windows\System\DmxtKiJ.exe
  2⤵
  PID:9964
- C:\Windows\System\tFkfmkZ.exe
  C:\Windows\System\tFkfmkZ.exe
  2⤵
  PID:10148
- C:\Windows\System\IxMlhvR.exe
  C:\Windows\System\IxMlhvR.exe
  2⤵
  PID:9420
- C:\Windows\System\GjzYbJz.exe
  C:\Windows\System\GjzYbJz.exe
  2⤵
  PID:9784
- C:\Windows\System\kqLPznY.exe
  C:\Windows\System\kqLPznY.exe
  2⤵
  PID:9880
- C:\Windows\System\TIrKUos.exe
  C:\Windows\System\TIrKUos.exe
  2⤵
  PID:9596
- C:\Windows\System\ERkWFKR.exe
  C:\Windows\System\ERkWFKR.exe
  2⤵
  PID:9904
- C:\Windows\System\jLOKpQK.exe
  C:\Windows\System\jLOKpQK.exe
  2⤵
  PID:10268
- C:\Windows\System\PBgXwKr.exe
  C:\Windows\System\PBgXwKr.exe
  2⤵
  PID:10292
- C:\Windows\System\tBcxzRC.exe
  C:\Windows\System\tBcxzRC.exe
  2⤵
  PID:10312
- C:\Windows\System\GcfqCfI.exe
  C:\Windows\System\GcfqCfI.exe
  2⤵
  PID:10328
- C:\Windows\System\eBLLiCD.exe
  C:\Windows\System\eBLLiCD.exe
  2⤵
  PID:10376
- C:\Windows\System\iruKiUN.exe
  C:\Windows\System\iruKiUN.exe
  2⤵
  PID:10408
- C:\Windows\System\hfvfvYe.exe
  C:\Windows\System\hfvfvYe.exe
  2⤵
  PID:10436
- C:\Windows\System\nTYqAvY.exe
  C:\Windows\System\nTYqAvY.exe
  2⤵
  PID:10460
- C:\Windows\System\zrBfiVh.exe
  C:\Windows\System\zrBfiVh.exe
  2⤵
  PID:10480
- C:\Windows\System\HZJoSiL.exe
  C:\Windows\System\HZJoSiL.exe
  2⤵
  PID:10524
- C:\Windows\System\tNZyDNn.exe
  C:\Windows\System\tNZyDNn.exe
  2⤵
  PID:10552
- C:\Windows\System\EPdxBZt.exe
  C:\Windows\System\EPdxBZt.exe
  2⤵
  PID:10580
- C:\Windows\System\TDmXtXI.exe
  C:\Windows\System\TDmXtXI.exe
  2⤵
  PID:10608
- C:\Windows\System\WsNmifY.exe
  C:\Windows\System\WsNmifY.exe
  2⤵
  PID:10628
- C:\Windows\System\krGBmZL.exe
  C:\Windows\System\krGBmZL.exe
  2⤵
  PID:10652
- C:\Windows\System\SCafvfZ.exe
  C:\Windows\System\SCafvfZ.exe
  2⤵
  PID:10692
- C:\Windows\System\BfXXwcF.exe
  C:\Windows\System\BfXXwcF.exe
  2⤵
  PID:10708
- C:\Windows\System\nyIfjqZ.exe
  C:\Windows\System\nyIfjqZ.exe
  2⤵
  PID:10724
- C:\Windows\System\bEdtzFv.exe
  C:\Windows\System\bEdtzFv.exe
  2⤵
  PID:10776
- C:\Windows\System\vzyYNrX.exe
  C:\Windows\System\vzyYNrX.exe
  2⤵
  PID:10804
- C:\Windows\System\uUEWuhx.exe
  C:\Windows\System\uUEWuhx.exe
  2⤵
  PID:10828
- C:\Windows\System\VgrLzJG.exe
  C:\Windows\System\VgrLzJG.exe
  2⤵
  PID:10848
- C:\Windows\System\lbhCoLm.exe
  C:\Windows\System\lbhCoLm.exe
  2⤵
  PID:10884
- C:\Windows\System\rxSPtYT.exe
  C:\Windows\System\rxSPtYT.exe
  2⤵
  PID:10904
- C:\Windows\System\cbuRWmt.exe
  C:\Windows\System\cbuRWmt.exe
  2⤵
  PID:10932
- C:\Windows\System\QWvyeNi.exe
  C:\Windows\System\QWvyeNi.exe
  2⤵
  PID:10960
- C:\Windows\System\RDzdYRj.exe
  C:\Windows\System\RDzdYRj.exe
  2⤵
  PID:10988
- C:\Windows\System\OMPLhax.exe
  C:\Windows\System\OMPLhax.exe
  2⤵
  PID:11016
- C:\Windows\System\erGNFyc.exe
  C:\Windows\System\erGNFyc.exe
  2⤵
  PID:11060
- C:\Windows\System\vaoeRsD.exe
  C:\Windows\System\vaoeRsD.exe
  2⤵
  PID:11088
- C:\Windows\System\YFCzCgf.exe
  C:\Windows\System\YFCzCgf.exe
  2⤵
  PID:11104
- C:\Windows\System\nLQZoLL.exe
  C:\Windows\System\nLQZoLL.exe
  2⤵
  PID:11144
- C:\Windows\System\LlLewKS.exe
  C:\Windows\System\LlLewKS.exe
  2⤵
  PID:11172
- C:\Windows\System\weTxwlp.exe
  C:\Windows\System\weTxwlp.exe
  2⤵
  PID:11188
- C:\Windows\System\OcMUobf.exe
  C:\Windows\System\OcMUobf.exe
  2⤵
  PID:11228
- C:\Windows\System\TLJdYlw.exe
  C:\Windows\System\TLJdYlw.exe
  2⤵
  PID:11244
- C:\Windows\System\kGhCUkw.exe
  C:\Windows\System\kGhCUkw.exe
  2⤵
  PID:10288
- C:\Windows\System\rGXEqIP.exe
  C:\Windows\System\rGXEqIP.exe
  2⤵
  PID:10364
- C:\Windows\System\hFhaicP.exe
  C:\Windows\System\hFhaicP.exe
  2⤵
  PID:10372
- C:\Windows\System\nqDneQI.exe
  C:\Windows\System\nqDneQI.exe
  2⤵
  PID:10472
- C:\Windows\System\tpFHZdq.exe
  C:\Windows\System\tpFHZdq.exe
  2⤵
  PID:10536
- C:\Windows\System\TkQSKVg.exe
  C:\Windows\System\TkQSKVg.exe
  2⤵
  PID:10568
- C:\Windows\System\DeuLnBR.exe
  C:\Windows\System\DeuLnBR.exe
  2⤵
  PID:10636
- C:\Windows\System\cwAiwhF.exe
  C:\Windows\System\cwAiwhF.exe
  2⤵
  PID:10676
- C:\Windows\System\VCrCNGm.exe
  C:\Windows\System\VCrCNGm.exe
  2⤵
  PID:10772
- C:\Windows\System\LTtSUnB.exe
  C:\Windows\System\LTtSUnB.exe
  2⤵
  PID:10836
- C:\Windows\System\ksLgJaM.exe
  C:\Windows\System\ksLgJaM.exe
  2⤵
  PID:10900
- C:\Windows\System\vPkfRuc.exe
  C:\Windows\System\vPkfRuc.exe
  2⤵
  PID:10984
- C:\Windows\System\gztvUVC.exe
  C:\Windows\System\gztvUVC.exe
  2⤵
  PID:11040
- C:\Windows\System\YjsPRsB.exe
  C:\Windows\System\YjsPRsB.exe
  2⤵
  PID:11128
- C:\Windows\System\QuHDdyW.exe
  C:\Windows\System\QuHDdyW.exe
  2⤵
  PID:11168
- C:\Windows\System\rqxEnYT.exe
  C:\Windows\System\rqxEnYT.exe
  2⤵
  PID:9492
- C:\Windows\System\fTFrHJu.exe
  C:\Windows\System\fTFrHJu.exe
  2⤵
  PID:10392
- C:\Windows\System\lUTgyRP.exe
  C:\Windows\System\lUTgyRP.exe
  2⤵
  PID:10492
- C:\Windows\System\NjdobhT.exe
  C:\Windows\System\NjdobhT.exe
  2⤵
  PID:10600
- C:\Windows\System\HCSawsL.exe
  C:\Windows\System\HCSawsL.exe
  2⤵
  PID:10820
- C:\Windows\System\gjKOERF.exe
  C:\Windows\System\gjKOERF.exe
  2⤵
  PID:11036
- C:\Windows\System\iFfVNLL.exe
  C:\Windows\System\iFfVNLL.exe
  2⤵
  PID:11072
- C:\Windows\System\cGVZbEh.exe
  C:\Windows\System\cGVZbEh.exe
  2⤵
  PID:11240
- C:\Windows\System\mLgwIwq.exe
  C:\Windows\System\mLgwIwq.exe
  2⤵
  PID:10664
- C:\Windows\System\fSqRZCI.exe
  C:\Windows\System\fSqRZCI.exe
  2⤵
  PID:10896
- C:\Windows\System\qjuoavV.exe
  C:\Windows\System\qjuoavV.exe
  2⤵
  PID:11080
- C:\Windows\System\TBHIdNX.exe
  C:\Windows\System\TBHIdNX.exe
  2⤵
  PID:10428
- C:\Windows\System\MPOIehR.exe
  C:\Windows\System\MPOIehR.exe
  2⤵
  PID:10812
- C:\Windows\System\mIzaCKR.exe
  C:\Windows\System\mIzaCKR.exe
  2⤵
  PID:11288
- C:\Windows\System\AxxhLRa.exe
  C:\Windows\System\AxxhLRa.exe
  2⤵
  PID:11340
- C:\Windows\System\QwwzFTc.exe
  C:\Windows\System\QwwzFTc.exe
  2⤵
  PID:11356
- C:\Windows\System\SbRTwvC.exe
  C:\Windows\System\SbRTwvC.exe
  2⤵
  PID:11376
- C:\Windows\System\MkdWiPk.exe
  C:\Windows\System\MkdWiPk.exe
  2⤵
  PID:11424
- C:\Windows\System\RFJYAgd.exe
  C:\Windows\System\RFJYAgd.exe
  2⤵
  PID:11464
- C:\Windows\System\PKpXkwv.exe
  C:\Windows\System\PKpXkwv.exe
  2⤵
  PID:11492
- C:\Windows\System\wXhKIAl.exe
  C:\Windows\System\wXhKIAl.exe
  2⤵
  PID:11520
- C:\Windows\System\gJVJvly.exe
  C:\Windows\System\gJVJvly.exe
  2⤵
  PID:11536
- C:\Windows\System\twDhnVq.exe
  C:\Windows\System\twDhnVq.exe
  2⤵
  PID:11564
- C:\Windows\System\RnrcbGX.exe
  C:\Windows\System\RnrcbGX.exe
  2⤵
  PID:11604
- C:\Windows\System\YZEkJzD.exe
  C:\Windows\System\YZEkJzD.exe
  2⤵
  PID:11620
- C:\Windows\System\FzyniZN.exe
  C:\Windows\System\FzyniZN.exe
  2⤵
  PID:11656
- C:\Windows\System\cqkRELI.exe
  C:\Windows\System\cqkRELI.exe
  2⤵
  PID:11680
- C:\Windows\System\BMAVAKH.exe
  C:\Windows\System\BMAVAKH.exe
  2⤵
  PID:11704
- C:\Windows\System\QKKxVtt.exe
  C:\Windows\System\QKKxVtt.exe
  2⤵
  PID:11736
- C:\Windows\System\lqdWsBf.exe
  C:\Windows\System\lqdWsBf.exe
  2⤵
  PID:11764
- C:\Windows\System\ieLRiGJ.exe
  C:\Windows\System\ieLRiGJ.exe
  2⤵
  PID:11792
- C:\Windows\System\bqRyIDU.exe
  C:\Windows\System\bqRyIDU.exe
  2⤵
  PID:11820
- C:\Windows\System\eIQVVFD.exe
  C:\Windows\System\eIQVVFD.exe
  2⤵
  PID:11836
- C:\Windows\System\KZJSeEe.exe
  C:\Windows\System\KZJSeEe.exe
  2⤵
  PID:11888
- C:\Windows\System\DZyPqkg.exe
  C:\Windows\System\DZyPqkg.exe
  2⤵
  PID:11916
- C:\Windows\System\EscTQta.exe
  C:\Windows\System\EscTQta.exe
  2⤵
  PID:11944
- C:\Windows\System\vsyxVtu.exe
  C:\Windows\System\vsyxVtu.exe
  2⤵
  PID:11972
- C:\Windows\System\OZsqneu.exe
  C:\Windows\System\OZsqneu.exe
  2⤵
  PID:12000
- C:\Windows\System\kpfmoYW.exe
  C:\Windows\System\kpfmoYW.exe
  2⤵
  PID:12016
- C:\Windows\System\QXVKWNp.exe
  C:\Windows\System\QXVKWNp.exe
  2⤵
  PID:12056
- C:\Windows\System\vRKUgvn.exe
  C:\Windows\System\vRKUgvn.exe
  2⤵
  PID:12072
- C:\Windows\System\bymcXzL.exe
  C:\Windows\System\bymcXzL.exe
  2⤵
  PID:12100
- C:\Windows\System\OWOusPY.exe
  C:\Windows\System\OWOusPY.exe
  2⤵
  PID:12120
- C:\Windows\System\hHzYavd.exe
  C:\Windows\System\hHzYavd.exe
  2⤵
  PID:12168
- C:\Windows\System\JzBKAke.exe
  C:\Windows\System\JzBKAke.exe
  2⤵
  PID:12196
- C:\Windows\System\VUMIWIm.exe
  C:\Windows\System\VUMIWIm.exe
  2⤵
  PID:12224
- C:\Windows\System\bBehDEd.exe
  C:\Windows\System\bBehDEd.exe
  2⤵
  PID:12244
- C:\Windows\System\cceaucJ.exe
  C:\Windows\System\cceaucJ.exe
  2⤵
  PID:12268
- C:\Windows\System\rskVtSV.exe
  C:\Windows\System\rskVtSV.exe
  2⤵
  PID:11268
- C:\Windows\System\IvqZDQX.exe
  C:\Windows\System\IvqZDQX.exe
  2⤵
  PID:11328
- C:\Windows\System\asPcJBt.exe
  C:\Windows\System\asPcJBt.exe
  2⤵
  PID:11372
- C:\Windows\System\SbTzyHE.exe
  C:\Windows\System\SbTzyHE.exe
  2⤵
  PID:11456
- C:\Windows\System\bOBmemv.exe
  C:\Windows\System\bOBmemv.exe
  2⤵
  PID:11508
- C:\Windows\System\PsiJUvl.exe
  C:\Windows\System\PsiJUvl.exe
  2⤵
  PID:11596
- C:\Windows\System\CpkfdZK.exe
  C:\Windows\System\CpkfdZK.exe
  2⤵
  PID:11636
- C:\Windows\System\zUZAJzr.exe
  C:\Windows\System\zUZAJzr.exe
  2⤵
  PID:11720
- C:\Windows\System\oRzLEXL.exe
  C:\Windows\System\oRzLEXL.exe
  2⤵
  PID:11808
- C:\Windows\System\DmbaXRV.exe
  C:\Windows\System\DmbaXRV.exe
  2⤵
  PID:11876
- C:\Windows\System\XzTqCOd.exe
  C:\Windows\System\XzTqCOd.exe
  2⤵
  PID:11908
- C:\Windows\System\LWqwpFW.exe
  C:\Windows\System\LWqwpFW.exe
  2⤵
  PID:11996
- C:\Windows\System\sxXqWzc.exe
  C:\Windows\System\sxXqWzc.exe
  2⤵
  PID:12048
- C:\Windows\System\npzrQdJ.exe
  C:\Windows\System\npzrQdJ.exe
  2⤵
  PID:12116
- C:\Windows\System\SavuQQt.exe
  C:\Windows\System\SavuQQt.exe
  2⤵
  PID:12192
- C:\Windows\System\duuQpXT.exe
  C:\Windows\System\duuQpXT.exe
  2⤵
  PID:12264
- C:\Windows\System\LgAdSci.exe
  C:\Windows\System\LgAdSci.exe
  2⤵
  PID:11324
- C:\Windows\System\ZyYzjnP.exe
  C:\Windows\System\ZyYzjnP.exe
  2⤵
  PID:11476
- C:\Windows\System\fACvTCy.exe
  C:\Windows\System\fACvTCy.exe
  2⤵
  PID:11584
- C:\Windows\System\GTTqmnE.exe
  C:\Windows\System\GTTqmnE.exe
  2⤵
  PID:11744
- C:\Windows\System\fdKzatA.exe
  C:\Windows\System\fdKzatA.exe
  2⤵
  PID:11928
- C:\Windows\System\TmJynXc.exe
  C:\Windows\System\TmJynXc.exe
  2⤵
  PID:12108
- C:\Windows\System\TQogRTV.exe
  C:\Windows\System\TQogRTV.exe
  2⤵
  PID:12188
- C:\Windows\System\nWDcmxh.exe
  C:\Windows\System\nWDcmxh.exe
  2⤵
  PID:11560
- C:\Windows\System\pCzWQVk.exe
  C:\Windows\System\pCzWQVk.exe
  2⤵
  PID:12044
- C:\Windows\System\wlCalMN.exe
  C:\Windows\System\wlCalMN.exe
  2⤵
  PID:12260
- C:\Windows\System\gZjtQQi.exe
  C:\Windows\System\gZjtQQi.exe
  2⤵
  PID:12012
- C:\Windows\System\FQuwDmc.exe
  C:\Windows\System\FQuwDmc.exe
  2⤵
  PID:11760
- C:\Windows\System\wldNKmj.exe
  C:\Windows\System\wldNKmj.exe
  2⤵
  PID:12312
- C:\Windows\System\TKcCnPR.exe
  C:\Windows\System\TKcCnPR.exe
  2⤵
  PID:12336
- C:\Windows\System\HLsZlUW.exe
  C:\Windows\System\HLsZlUW.exe
  2⤵
  PID:12356
- C:\Windows\System\QCdVqiF.exe
  C:\Windows\System\QCdVqiF.exe
  2⤵
  PID:12388
- C:\Windows\System\zsGGLyx.exe
  C:\Windows\System\zsGGLyx.exe
  2⤵
  PID:12424
- C:\Windows\System\CjkdkGH.exe
  C:\Windows\System\CjkdkGH.exe
  2⤵
  PID:12452
- C:\Windows\System\ULNjlGY.exe
  C:\Windows\System\ULNjlGY.exe
  2⤵
  PID:12468
- C:\Windows\System\LDeNlHt.exe
  C:\Windows\System\LDeNlHt.exe
  2⤵
  PID:12496
- C:\Windows\System\xnTXpOK.exe
  C:\Windows\System\xnTXpOK.exe
  2⤵
  PID:12548
- C:\Windows\System\nlcaYAn.exe
  C:\Windows\System\nlcaYAn.exe
  2⤵
  PID:12576
- C:\Windows\System\iOAQRvv.exe
  C:\Windows\System\iOAQRvv.exe
  2⤵
  PID:12600
- C:\Windows\System\pNjzNRS.exe
  C:\Windows\System\pNjzNRS.exe
  2⤵
  PID:12620
- C:\Windows\System\HJRmxhe.exe
  C:\Windows\System\HJRmxhe.exe
  2⤵
  PID:12656
- C:\Windows\System\XjzNJse.exe
  C:\Windows\System\XjzNJse.exe
  2⤵
  PID:12676
- C:\Windows\System\VTphNAk.exe
  C:\Windows\System\VTphNAk.exe
  2⤵
  PID:12704
- C:\Windows\System\BWBlJzM.exe
  C:\Windows\System\BWBlJzM.exe
  2⤵
  PID:12744
- C:\Windows\System\iiXAYAI.exe
  C:\Windows\System\iiXAYAI.exe
  2⤵
  PID:12772
- C:\Windows\System\qXLvkJO.exe
  C:\Windows\System\qXLvkJO.exe
  2⤵
  PID:12800
- C:\Windows\System\EJJRyua.exe
  C:\Windows\System\EJJRyua.exe
  2⤵
  PID:12828
- C:\Windows\System\XxbzQWM.exe
  C:\Windows\System\XxbzQWM.exe
  2⤵
  PID:12856
- C:\Windows\System\MqxVyRB.exe
  C:\Windows\System\MqxVyRB.exe
  2⤵
  PID:12884
- C:\Windows\System\XaSyFta.exe
  C:\Windows\System\XaSyFta.exe
  2⤵
  PID:12912
- C:\Windows\System\xKRMcKd.exe
  C:\Windows\System\xKRMcKd.exe
  2⤵
  PID:12940
- C:\Windows\System\BvubrPL.exe
  C:\Windows\System\BvubrPL.exe
  2⤵
  PID:12968
- C:\Windows\System\nuTQwXt.exe
  C:\Windows\System\nuTQwXt.exe
  2⤵
  PID:12984
- C:\Windows\System\nMIibBD.exe
  C:\Windows\System\nMIibBD.exe
  2⤵
  PID:13024
- C:\Windows\System\yquABOw.exe
  C:\Windows\System\yquABOw.exe
  2⤵
  PID:13044
- C:\Windows\System\DMzDOIR.exe
  C:\Windows\System\DMzDOIR.exe
  2⤵
  PID:13064
- C:\Windows\System\aHtDDHh.exe
  C:\Windows\System\aHtDDHh.exe
  2⤵
  PID:13112
- C:\Windows\System\MEePgiq.exe
  C:\Windows\System\MEePgiq.exe
  2⤵
  PID:13140
- C:\Windows\System\uldbAfU.exe
  C:\Windows\System\uldbAfU.exe
  2⤵
  PID:13164
- C:\Windows\System\wSQMxmE.exe
  C:\Windows\System\wSQMxmE.exe
  2⤵
  PID:13196
- C:\Windows\System\jjyIvsw.exe
  C:\Windows\System\jjyIvsw.exe
  2⤵
  PID:13224
- C:\Windows\System\RyUovxW.exe
  C:\Windows\System\RyUovxW.exe
  2⤵
  PID:13252
- C:\Windows\System\NCtXiLh.exe
  C:\Windows\System\NCtXiLh.exe
  2⤵
  PID:13268
- C:\Windows\System\ZwSAKmq.exe
  C:\Windows\System\ZwSAKmq.exe
  2⤵
  PID:13296
- C:\Windows\System\OGDPJDj.exe
  C:\Windows\System\OGDPJDj.exe
  2⤵
  PID:12348
- C:\Windows\System\lbwQISm.exe
  C:\Windows\System\lbwQISm.exe
  2⤵
  PID:12372
- C:\Windows\System\ldbtDoW.exe
  C:\Windows\System\ldbtDoW.exe
  2⤵
  PID:12488
- C:\Windows\System\pbzSfST.exe
  C:\Windows\System\pbzSfST.exe
  2⤵
  PID:12516
- C:\Windows\System\MxnFkBa.exe
  C:\Windows\System\MxnFkBa.exe
  2⤵
  PID:12616
- C:\Windows\System\jZbFLcp.exe
  C:\Windows\System\jZbFLcp.exe
  2⤵
  PID:12664
- C:\Windows\System\QrymZOW.exe
  C:\Windows\System\QrymZOW.exe
  2⤵
  PID:12740
- C:\Windows\System\nVRNcXP.exe
  C:\Windows\System\nVRNcXP.exe
  2⤵
  PID:12788
- C:\Windows\System\dTsVYBz.exe
  C:\Windows\System\dTsVYBz.exe
  2⤵
  PID:12840
- C:\Windows\System\VRFZoKT.exe
  C:\Windows\System\VRFZoKT.exe
  2⤵
  PID:12936
- C:\Windows\System\zinHZaM.exe
  C:\Windows\System\zinHZaM.exe
  2⤵
  PID:13032
- C:\Windows\System\ExYPxwa.exe
  C:\Windows\System\ExYPxwa.exe
  2⤵
  PID:13084
- C:\Windows\System\IGitBsv.exe
  C:\Windows\System\IGitBsv.exe
  2⤵
  PID:13136
- C:\Windows\System\EgIdBZJ.exe
  C:\Windows\System\EgIdBZJ.exe
  2⤵
  PID:13220
- C:\Windows\System\rjYPoIz.exe
  C:\Windows\System\rjYPoIz.exe
  2⤵
  PID:13260
- C:\Windows\System\fmyRcVL.exe
  C:\Windows\System\fmyRcVL.exe
  2⤵
  PID:12320
- C:\Windows\System\BvXEkOW.exe
  C:\Windows\System\BvXEkOW.exe
  2⤵
  PID:12420
- C:\Windows\System\nkAIhPr.exe
  C:\Windows\System\nkAIhPr.exe
  2⤵
  PID:12608
- C:\Windows\System\phmqWwB.exe
  C:\Windows\System\phmqWwB.exe
  2⤵
  PID:12784
- C:\Windows\System\GZAgCtF.exe
  C:\Windows\System\GZAgCtF.exe
  2⤵
  PID:12904
- C:\Windows\System\rbElREg.exe
  C:\Windows\System\rbElREg.exe
  2⤵
  PID:13076
- C:\Windows\System\RbrphEA.exe
  C:\Windows\System\RbrphEA.exe
  2⤵
  PID:13292
- C:\Windows\System\SWAScch.exe
  C:\Windows\System\SWAScch.exe
  2⤵
  PID:12564
- C:\Windows\System\qPaYbUP.exe
  C:\Windows\System\qPaYbUP.exe
  2⤵
  PID:12640
- C:\Windows\System\jXpazuH.exe
  C:\Windows\System\jXpazuH.exe
  2⤵
  PID:13248
- C:\Windows\System\tnnMeoB.exe
  C:\Windows\System\tnnMeoB.exe
  2⤵
  PID:12536
- C:\Windows\System\dGEiEnS.exe
  C:\Windows\System\dGEiEnS.exe
  2⤵
  PID:12508
- C:\Windows\System\ORUsJnW.exe
  C:\Windows\System\ORUsJnW.exe
  2⤵
  PID:13340
- C:\Windows\System\cWxorcR.exe
  C:\Windows\System\cWxorcR.exe
  2⤵
  PID:13360
- C:\Windows\System\muYAdcm.exe
  C:\Windows\System\muYAdcm.exe
  2⤵
  PID:13396
- C:\Windows\System\EOShQPD.exe
  C:\Windows\System\EOShQPD.exe
  2⤵
  PID:13412
- C:\Windows\System\ILnkBPq.exe
  C:\Windows\System\ILnkBPq.exe
  2⤵
  PID:13432
- C:\Windows\System\vLqgltu.exe
  C:\Windows\System\vLqgltu.exe
  2⤵
  PID:13468
- C:\Windows\System\MBVUgmy.exe
  C:\Windows\System\MBVUgmy.exe
  2⤵
  PID:13512
- C:\Windows\System\vkunLti.exe
  C:\Windows\System\vkunLti.exe
  2⤵
  PID:13532
- C:\Windows\System\dSSuCuR.exe
  C:\Windows\System\dSSuCuR.exe
  2⤵
  PID:13556
- C:\Windows\System\aKSJMHC.exe
  C:\Windows\System\aKSJMHC.exe
  2⤵
  PID:13584
- C:\Windows\System\ETetAnS.exe
  C:\Windows\System\ETetAnS.exe
  2⤵
  PID:13612
- C:\Windows\System\wcADupZ.exe
  C:\Windows\System\wcADupZ.exe
  2⤵
  PID:13632
- C:\Windows\System\dJHjpNA.exe
  C:\Windows\System\dJHjpNA.exe
  2⤵
  PID:13668
- C:\Windows\System\XWGCmGn.exe
  C:\Windows\System\XWGCmGn.exe
  2⤵
  PID:13688
- C:\Windows\System\VmCbvad.exe
  C:\Windows\System\VmCbvad.exe
  2⤵
  PID:13712
- C:\Windows\System\HkvWPcO.exe
  C:\Windows\System\HkvWPcO.exe
  2⤵
  PID:13748
- C:\Windows\System\veBzTPW.exe
  C:\Windows\System\veBzTPW.exe
  2⤵
  PID:13780
- C:\Windows\System\ZZJImUL.exe
  C:\Windows\System\ZZJImUL.exe
  2⤵
  PID:13808
- C:\Windows\System\qhYGxZf.exe
  C:\Windows\System\qhYGxZf.exe
  2⤵
  PID:13836
- C:\Windows\System\TUGAKxo.exe
  C:\Windows\System\TUGAKxo.exe
  2⤵
  PID:13864
- C:\Windows\System\byJBpUj.exe
  C:\Windows\System\byJBpUj.exe
  2⤵
  PID:13880
- C:\Windows\System\nGtUuSz.exe
  C:\Windows\System\nGtUuSz.exe
  2⤵
  PID:13912
- C:\Windows\System\HitLiUB.exe
  C:\Windows\System\HitLiUB.exe
  2⤵
  PID:13944
- C:\Windows\System\ESxuowN.exe
  C:\Windows\System\ESxuowN.exe
  2⤵
  PID:13976
- C:\Windows\System\DsXNzxi.exe
  C:\Windows\System\DsXNzxi.exe
  2⤵
  PID:14004
- C:\Windows\System\PAZwZWu.exe
  C:\Windows\System\PAZwZWu.exe
  2⤵
  PID:14032
- C:\Windows\System\eeoQUky.exe
  C:\Windows\System\eeoQUky.exe
  2⤵
  PID:14072
- C:\Windows\System\igwxiQK.exe
  C:\Windows\System\igwxiQK.exe
  2⤵
  PID:14088
- C:\Windows\System\PPjhYLt.exe
  C:\Windows\System\PPjhYLt.exe
  2⤵
  PID:14128
- C:\Windows\System\zeuAvQJ.exe
  C:\Windows\System\zeuAvQJ.exe
  2⤵
  PID:14148
- C:\Windows\System\BWAnfHn.exe
  C:\Windows\System\BWAnfHn.exe
  2⤵
  PID:14172
- C:\Windows\System\qARVTQL.exe
  C:\Windows\System\qARVTQL.exe
  2⤵
  PID:14212
- C:\Windows\System\KMrHxUp.exe
  C:\Windows\System\KMrHxUp.exe
  2⤵
  PID:14228
- C:\Windows\System\GuBLDVF.exe
  C:\Windows\System\GuBLDVF.exe
  2⤵
  PID:14268
- C:\Windows\System\HYEYpFw.exe
  C:\Windows\System\HYEYpFw.exe
  2⤵
  PID:14284
- C:\Windows\System\ygTLYhH.exe
  C:\Windows\System\ygTLYhH.exe
  2⤵
  PID:14312
- C:\Windows\System\DQykIKS.exe
  C:\Windows\System\DQykIKS.exe
  2⤵
  PID:13368
- C:\Windows\System\jdtQSbC.exe
  C:\Windows\System\jdtQSbC.exe
  2⤵
  PID:13404
- C:\Windows\System\hLDckFA.exe
  C:\Windows\System\hLDckFA.exe
  2⤵
  PID:13456
- C:\Windows\System\deRfiUa.exe
  C:\Windows\System\deRfiUa.exe
  2⤵
  PID:13524
- C:\Windows\System\ngLpgFL.exe
  C:\Windows\System\ngLpgFL.exe
  2⤵
  PID:13572
- C:\Windows\System\GQmtVuv.exe
  C:\Windows\System\GQmtVuv.exe
  2⤵
  PID:13624
- C:\Windows\System\OgmwNZC.exe
  C:\Windows\System\OgmwNZC.exe
  2⤵
  PID:13676
- C:\Windows\System\bSEIouq.exe
  C:\Windows\System\bSEIouq.exe
  2⤵
  PID:13732
- C:\Windows\System\DyaPdkH.exe
  C:\Windows\System\DyaPdkH.exe
  2⤵
  PID:13820
- C:\Windows\System\NLYLhqE.exe
  C:\Windows\System\NLYLhqE.exe
  2⤵
  PID:13940
- C:\Windows\System\zwIiWMM.exe
  C:\Windows\System\zwIiWMM.exe
  2⤵
  PID:13996
- C:\Windows\System\TtLIeFa.exe
  C:\Windows\System\TtLIeFa.exe
  2⤵
  PID:14044
- C:\Windows\System\blWQEyq.exe
  C:\Windows\System\blWQEyq.exe
  2⤵
  PID:14080
- C:\Windows\System\MjHRyYl.exe
  C:\Windows\System\MjHRyYl.exe
  2⤵
  PID:14140
- C:\Windows\System\SuBORMy.exe
  C:\Windows\System\SuBORMy.exe
  2⤵
  PID:14252
- C:\Windows\System\mNtHUbG.exe
  C:\Windows\System\mNtHUbG.exe
  2⤵
  PID:14280
- C:\Windows\System\VtfUEKq.exe
  C:\Windows\System\VtfUEKq.exe
  2⤵
  PID:13328

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CSvJSMl.exe

Filesize
2.3MB

MD5
b0cb41b8d3200906009599cd24be4513

SHA1
fd069534be308c8181d419175d3cf0a8e199a5e0

SHA256
76b0ed9f7573c38e218173f892923388ab67a2d9bb277efedcb66b1bb33df3ae

SHA512
6116f18371324d0c382bb14854254fecd0ad7c2ce2468bad6f17a4bb59720836c382fad69700118c793bc013ab705c15fe991f521fa4616a6d10f7430930df99

Download Submit
C:\Windows\System\CtgylRm.exe

Filesize
2.3MB

MD5
0c0b0f246c66442f420091d958236423

SHA1
425921bc20e27fcba7272ea9556508062f0eeaad

SHA256
e7a126e82c28e040eae5464057d4bd661f82ee33e05eac65544cda2903f9d7d6

SHA512
22cdb3a7500bd0fb1043dfe5cdb8093fa5e364957b98a5c7e09b936232f32378dba33115e6c50094dc15e8da9d8c59fe40c779de218b0277b6f0803215af2812

Download Submit
C:\Windows\System\DRwwlsu.exe

Filesize
2.3MB

MD5
89cbd3981d0a32d5507c13fff969c1cf

SHA1
144f97d947ca7213d4888cddb934103fef92f5f3

SHA256
b170afe65fbca20c27854dd083ee3c009f759ce5afdcc8a0bbc6c0aecb6b677c

SHA512
8e9593c0497effea2284c85eb351ceccfa6887bcb8db3877d9ee7780907374be82a6706bfd842326b1e65f3882e12ea07fd0c2a493b2c54a73858ab78eab6dcd

Download Submit
C:\Windows\System\FsePCnR.exe

Filesize
2.3MB

MD5
41924370c433696fc9089faf2113c055

SHA1
ab22ca7bf0f2e2701914b63c78c0c19af2430845

SHA256
854d5a9d38e0e93c2a18645560a56ca686335cfef19713944bd90856542747ab

SHA512
3d6c431581b7d2c766dc0baf1a8ac9af348a01b5ac2ee28aed6b80f8e6606f11833445c79b0e8728a10f282cc8443f6d69ad0e8e12df1d8159f46dc028c9509d

Download Submit
C:\Windows\System\HGjBdEQ.exe

Filesize
2.3MB

MD5
996589e9f55aacbc937dd179b02ab6d0

SHA1
d927227be108ae39f800c7896c28080090026d2e

SHA256
a0ca40ddd0e048d0b233e79ca0cc0349fb9e3aae4e9ab8ba2f389b8ed8b34d04

SHA512
b2ef92e3b212d0341eb015cc15e11d9c306e29d7a89ee575986385141eb4fada1dec08ba023da6055ea101c8a87064ea816bf5489163dfb2760e65714c9e524b

Download Submit
C:\Windows\System\HyzsvdN.exe

Filesize
2.3MB

MD5
8b05544cfafaf70da775b2fbffd7bd6a

SHA1
2b43e9612ccf96632676e5d047326ab2e3fe356f

SHA256
d99dc1c30f2d6b659f5756ac4a10d7bc19874c93271f67d8777a9b74f15f7fc2

SHA512
0325cdb7ab32218b89c2b4c6b9ad46c2248b5f85580618582b6924f85df70320b67fd10ffdd9ef4c380a36542f55244927f56bd9c1b6acf8ad0bd53bc3c4ac6c

Download Submit
C:\Windows\System\KRGUhCA.exe

Filesize
2.3MB

MD5
d0c04a5b9980d2cba6f11ec431f12772

SHA1
688fb9aebfd0e277ff142aaac583499b7d64de2e

SHA256
0bb7f056e556971224aa8630cd1a7075d3484de5f64bb88880650c229b804a6d

SHA512
38678b53956d381a6aa3e45b527c845d492574e836200a819b75028b6447d780ee3348ba12cec6f4842192ab7e5df94dfc2ade31d2b789da94bbfc5ccbb11345

Download Submit
C:\Windows\System\LKRlicC.exe

Filesize
2.3MB

MD5
e0e33228cc149227eb04ff8e03615a4c

SHA1
ac51efa889db0eab186c117df393af08c3c8cf5f

SHA256
8d6d8b7bfd867744e0cf341008f3a6b01959d78837d5fb2a01b9db83cf36c94b

SHA512
74cf3d1d124ffdd274ebaf28f6fc92d49412846ac204b8186633506b11baadcf303c7cfa5f87384da43291aed7ca699b2c753931104488236a5f6a8fb638dee9

Download Submit
C:\Windows\System\NLJkohd.exe

Filesize
2.3MB

MD5
8a24e9a6523f08382fa923808e435ae0

SHA1
333de9354802f9744e3640037adb5f9b4859f2fc

SHA256
8b51f33aa27737697661e0ae373783a16cf5fa2c78bbd04255eb939d7ae5e9e7

SHA512
b64e05deb9d0637315ec81115088c92185a66a3ae2e7e54dd9f78817b7e3b1251e7f7eab5ef110b13e289ffa4ada9e9bcb19338582217a0a94354e11a09bdfbe

Download Submit
C:\Windows\System\PPeFSsu.exe

Filesize
2.3MB

MD5
e228f7c495c55a1c91f051a82880b389

SHA1
cd0a7c9aa01c62e55515957189032bf023d12447

SHA256
5e6b7e1d7138cce0c8803d43339a83c83d1e3d16f68348a43830738712ea23ea

SHA512
5f35e7e2820f824ab90aa1d994177390fc0913c6ab8df814c5e50d1b0ace7392ebb67f05c23b09b31467c77d721cdb97912f28e89d9c9fb47e4c3c9ea2d2ae6e

Download Submit
C:\Windows\System\QduhQes.exe

Filesize
2.3MB

MD5
bfa5c451295f58bcd3cd33660edd9f73

SHA1
26df758448e4cff0e9e1326696b4c525115e83e2

SHA256
cf571d66af59ed17869b8cd85288c027e629a4a195069062568499c20b00a20b

SHA512
d0469a64514107b3607ce37da8cdde807e58b35e49fbd6e1b96bfee097723df5bd2101253fc14a2909659aacc9aa6086ec4a44b2200e8de08dd31d367a006ec8

Download Submit
C:\Windows\System\RNByska.exe

Filesize
2.3MB

MD5
3a959da6808548efb541b12c642c714d

SHA1
df0ca8cdbd33951312f8f6e4646f9686a7d42612

SHA256
acdfce181e77ae3cfd76faa5f006a6f048cb94070baaaedf88f91fc537ea5cf4

SHA512
525b6a783bb092b595a41664a467461bbd0b2a40ff89a7315713c225892e6ed0f48311562c88ef7d406ae6aa173728b1d609649e5be371a9b2ce1c75de0ee830

Download Submit
C:\Windows\System\SUlugcK.exe

Filesize
2.3MB

MD5
622a4c954b6d8a16522abf1947274049

SHA1
c4014092ad5d716897d3771d08622de124feea8e

SHA256
d894407438fc90228cb197ab4be6f0d0cf3080d91cabee5275cef803b6a42c19

SHA512
f1748416c8469b4dff3e6ba7742e47e9a75874c4d92b5a922da2b9d1bdd9f5cd0a3d4d2cec6a683e0e848cf3a96d4891a1f2c1aef788cf00fef54d5e9e00c8a0

Download Submit
C:\Windows\System\TkKtucc.exe

Filesize
2.3MB

MD5
c2a9f61c22b89859ef0d9f0517e19e94

SHA1
f3004d49946e78acb80dee9390d7272a553a5130

SHA256
d5704c603d3fc17642ffad7ee2c73090a8676edb6505a26172b65929714fd7d3

SHA512
950e136856ff7e1c532a2c1b858360f08308155df73b2a0f2a26814bed83bbc63ebd7d9b286dfedd5c0be7ad31073b2c91ebc81d5c821eb90516a2acf9c30a15

Download Submit
C:\Windows\System\UNoLIHl.exe

Filesize
2.3MB

MD5
7d8823758203c91cfa01ceca0da09faa

SHA1
25116408f4e953254a193e3af1b53a5efb600afd

SHA256
365bdff07c481d1043ee86271599a3cc1aa391cbc5f4d00ebf64081a1f68b071

SHA512
4aef3a18ce0b124177c705914bb4c6a4062d0fd405b7fa922d9489b8b41c7b549902dcc7721d57f44e08fb93e925ca73b759f2efb9303cb7a537cef32339a871

Download Submit
C:\Windows\System\VUFPmlC.exe

Filesize
2.3MB

MD5
67c241385867caf6e72f0d2a73f5aa6f

SHA1
9e133675172f1c81ca8af981ddf3bc4dd2c9aba7

SHA256
73dbd7dcc1a68feda91192e524c7150391baac06e57def1c03c64428e476476c

SHA512
d57fb60d8e46cc783e89aa39090804ebdcdfbdc81d66969ab09e1d67bd8571ef51167163eb8d6479db6db5136f5662363d55188553bde9a0be62fbcac93b8259

Download Submit
C:\Windows\System\WFmVMOO.exe

Filesize
2.3MB

MD5
27f28d817fa16046a8582bb1a8deb18a

SHA1
d10f039151826715f96fecf66822b89718057b02

SHA256
c281c9d7da6ce86b584fd002f395baaff5ea74755ca0182482f226de8c75e533

SHA512
0edb75ba0ff580de12932f027d3158977539f66128ddad41e357c2020287ca4db87149cd5269826065384c33a5f59c8a2bd36337f6c5e6de8b38110ed3e3e300

Download Submit
C:\Windows\System\WJFvTVG.exe

Filesize
2.3MB

MD5
df96253c9af6791ea5c2556eb6e7b52e

SHA1
4a519689fae57a5ac16be19912c49b8c4180d552

SHA256
5de7c20f8f3450081970700074b95a851c9e7f743824bfc8f7d6482c4e5b8d60

SHA512
e261154e669b89d3d2652b2b3c3bfa354dfa9efef87f366cc9ddc22ea9905a8a0fc78a312481df4bd6b61510e89e720d1f70174672d45ac20390e8cac4c19425

Download Submit
C:\Windows\System\WsvGHvz.exe

Filesize
2.3MB

MD5
f64b0e37bd48b336f2511d9ee42d0e4d

SHA1
713ad061f50a8fd46daefb075817abd733cfb1e5

SHA256
95f66ac1a55b6fda6f7b9951ee92c20a8dede3d92560697fe4fb8f425e291442

SHA512
c9537d4fd7b49fca920a48fb56d0bf6d4d5cb28afcdaa7683ab7cdf074dbe11bb4a1f2d0cd743a2971f107c214bb484dcccec91712c3d825f5f3369c2d155694

Download Submit
C:\Windows\System\XBJZDhI.exe

Filesize
2.3MB

MD5
97976ee24a88f816dd45f6eb78d79f5a

SHA1
35756465853862d2141e65d95ef7154df711244b

SHA256
940e997080949474e55f2a1613d8dd72d7fcbfb4cf10713671c1e7e7535b6f4a

SHA512
a983d5f847ed89bcaa3d2813b24e22e857f0ee158afcefd3a00d1cb40ed475dc677298d32e67a6fc13bb3af41391c2c9f476d447018b3f88564795a235d6885b

Download Submit
C:\Windows\System\YDOdeUq.exe

Filesize
2.3MB

MD5
632e878a55671c16883a80191bf59635

SHA1
4d68a7b99156332833722cf27b25e6562a467f66

SHA256
9ac171c793075300ab624e382f3a4525a13f62434504a21ff7b2530d481ff91d

SHA512
e97f981aa5b1b64dc6ff2e929ce95dc6efb11c0972830f8b5fcb9bcfb0b66d0c1fb86420b2c205889cfe535ce8813a06d1ce623d8237cd4b03daf604f87849b5

Download Submit
C:\Windows\System\cGaFOyR.exe

Filesize
2.3MB

MD5
e15cd26861a0b18cc8b42c58056e5d11

SHA1
e3cdcb54e1760a807d0997642e71a0eced3142fb

SHA256
4731c7fc8ec22b436995aac8d1d6f6d66cd9197560486a3e564d259213f56f95

SHA512
aa4f93cc1e99b75a18e2a3daf41b3dc2542cf4e0fc7cd2f88e31c8cbbf045b9bae23ea987a04a099c497ca09a5ee96f8297e37f557368ebc31de327287f488d5

Download Submit
C:\Windows\System\fLQVjhv.exe

Filesize
2.3MB

MD5
473e9e56794599dbb2193db0b05c6ac7

SHA1
06cc37ede6bb40d8fc4e9c7d728428d067122f3f

SHA256
8f011bae41143b85a20c14c603c56b0540ae8f34466d11cac05b57cae232090a

SHA512
84b853a125f77b572c56bae3f9364d94b663c65a953b3888b4c8b0ff31f72e522a701ff7d64f3c5260b6f716d98a2cc745c58c17c0903008ab0df5d62501516d

Download Submit
C:\Windows\System\grorHRx.exe

Filesize
2.3MB

MD5
f7f8a136dcd3b38cca99d4a1589d0b53

SHA1
99a000287023ea72d20527d3a0bffe8a46504413

SHA256
f1112b38481a3f460c4cfd9dfc3731a0c4376e9fbd494c6750631b0f8b30a12d

SHA512
0f740903244e500e043ba11ab91772eb5aa8f9eda2351c1f5e79350d4a26c2dc11cb861e6bff3762c91f6840e06f2e6e90cbf2cbe767f9cbd5bdfba7187ae8fe

Download Submit
C:\Windows\System\iLlxXmC.exe

Filesize
2.3MB

MD5
b5eff4dad7e49438acbba1d3765fd0df

SHA1
9739fa14fa2ac6d12aba94153cd915ed6a57d066

SHA256
8897a89d08b6cb08829ef5853f2337712275ed3c2092a8ab092332019828805b

SHA512
0c2b146302dca5c5cbf41207f1ef37e54b5c83a7e6d2991cf2615145e76e8e797a07aa20073c1bd5f9acc113d2983e32df18838281bd6c10b3be9b13f728aff9

Download Submit
C:\Windows\System\jBKDHin.exe

Filesize
2.3MB

MD5
ea450285836b9e71e0366dd606b57b03

SHA1
b1c7900f6c3bfea85803f261a2083e5e812f2f27

SHA256
dfc23c80da80fe1b2919ef1a09e02be4224f68b936acd3afedad0e5b949baac8

SHA512
695a8fc679c6308f7a31520766cc536f7a9deb3db219fe6213522bf26bfa492138230199ee6c37ac8399ad48bd358860d26bdd5be0f6b40c3e21b681457f4923

Download Submit
C:\Windows\System\pMYuISy.exe

Filesize
2.3MB

MD5
cbd770fd6d4a9826ff47336212c193c1

SHA1
4d179821385b3799338b9b32747b0f0a3101ad33

SHA256
243d1be321aed548c1cb8d5b42c5556ae1331310e39d95b9452dbf99bf9cce09

SHA512
489e541f7b059365b77558f739d4e706b02c551977fa079cb71f1ad0fe35da5719c75151f0ae2e55eeeccadd3fea39c2cbe2d3a5156675ec6d22f4df74ff5fe6

Download Submit
C:\Windows\System\tGEmpZv.exe

Filesize
2.3MB

MD5
7114992c5e6aa0e059e36ec81ee7c8d3

SHA1
080fa2b52591db01cbbc6df07e9ffd1ba820431a

SHA256
7ecac7655545201a54c45df6f173757d893f70e5bb507d131dad1a0c44a90610

SHA512
38ff8258707c2f1eafafd42925ed3aa59b21f045eccfcf987143f114d212473d2d84ad79d02ffb0af08d421c60f42352e77621511a7c94f6b7d60f50dd9a64b2

Download Submit
C:\Windows\System\vPcOtcN.exe

Filesize
2.3MB

MD5
0d46d450cd4c192d279000b9775c23f3

SHA1
76de71e1875d958193512d56d15204bab014e6f2

SHA256
ec4440244e01947a84d7cd9f04201f42d11044fc76caf6e80cbce2fd5e82c6f8

SHA512
43c80d8ab9da8afb97fc40fc2c892d0b0b4d1ac1771f705eb1a0d0ed44639d074139ce439fc7ba326da2a9fce7a692914a35e3a50b91db034180384a0b0f122a

Download Submit
C:\Windows\System\wZKdYpu.exe

Filesize
2.3MB

MD5
4903f23285e1e242177eb693d5717e04

SHA1
cda8a3a1aec5015e60b881c9e79c6e2f648cdc9d

SHA256
5b30b7844b3838981a1b964dc60a6d0e61c7fdf71b11a76034c6a49d9bdf4389

SHA512
7a77007c2ba1c6be45483a3b525afc773ed6ddbf5e14f3fd56a4efb87897d7b9a421ef5a1397faa889a67ff4a5a6b262589a66ccca4ac909c19a7f0f97d53f09

Download Submit
C:\Windows\System\wodQGzW.exe

Filesize
2.3MB

MD5
760b22b501cafe955bcf7d85a59c5a5f

SHA1
5a7cdc7680aa1dc6ee1df48ea45f19fdbd906a61

SHA256
9837bc4c702881d0cc94674b8121cd6202baf41f0f1d49dd4654337443ccae37

SHA512
8f9a9875b37806ccc7464d99491edaec6d2d69a964a81275905cb1df08885d9c007f9bfb6be218a0fa90e0cc4ccbc0da38385c180a36fec56ea32abd0fe05cca

Download Submit
C:\Windows\System\yEDHMEa.exe

Filesize
2.3MB

MD5
1b2f33fe23e33ce32af2d2227efc786f

SHA1
27331574e57ab7887a3178a42b9057a02aacd09e

SHA256
d78dffbf928273a612effad7b104cc4ca076926b6117f8a44f1b2c00035c0418

SHA512
9c6da95b758759f4b4b4465e143a024bd0a4d80164d4ae6e7b2c40567b81784cb58dc188f909d71ebdf5c5da6f701ee2c601a58b134e9559e0cf1917095936bb

Download Submit
C:\Windows\System\ymlyvup.exe

Filesize
2.3MB

MD5
859d3baa5c79cdf56d05145253bececd

SHA1
ec4e04b959b90687b5a11b30c75fb8e363d51683

SHA256
9ea255507028c16d3de739936a7808f56bb6adabc6d7bbac85ad2fd6d5bbecec

SHA512
9fba3e2f27fd8bc89b6d43c2c6eb3e40fe1d9ffc155b9391175e2790221a518916e4661fc4710e5a80603ecbb8ed0daa63adb8675b60e974159c2ee37240b6a5

Download Submit
memory/344-612-0x00007FF6EDDF0000-0x00007FF6EE144000-memory.dmp

Filesize
3.3MB

Download
memory/344-2158-0x00007FF6EDDF0000-0x00007FF6EE144000-memory.dmp

Filesize
3.3MB

Download
memory/372-2165-0x00007FF77F610000-0x00007FF77F964000-memory.dmp

Filesize
3.3MB

Download
memory/372-637-0x00007FF77F610000-0x00007FF77F964000-memory.dmp

Filesize
3.3MB

Download
memory/404-667-0x00007FF6DD360000-0x00007FF6DD6B4000-memory.dmp

Filesize
3.3MB

Download
memory/404-2164-0x00007FF6DD360000-0x00007FF6DD6B4000-memory.dmp

Filesize
3.3MB

Download
memory/744-605-0x00007FF7F7B20000-0x00007FF7F7E74000-memory.dmp

Filesize
3.3MB

Download
memory/744-2150-0x00007FF7F7B20000-0x00007FF7F7E74000-memory.dmp

Filesize
3.3MB

Download
memory/940-2143-0x00007FF75BDD0000-0x00007FF75C124000-memory.dmp

Filesize
3.3MB

Download
memory/940-2140-0x00007FF75BDD0000-0x00007FF75C124000-memory.dmp

Filesize
3.3MB

Download
memory/940-585-0x00007FF75BDD0000-0x00007FF75C124000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2163-0x00007FF784E90000-0x00007FF7851E4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-674-0x00007FF784E90000-0x00007FF7851E4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2147-0x00007FF676BA0000-0x00007FF676EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-588-0x00007FF676BA0000-0x00007FF676EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-0-0x00007FF650930000-0x00007FF650C84000-memory.dmp

Filesize
3.3MB

Download
memory/1596-1-0x0000024A55470000-0x0000024A55480000-memory.dmp

Filesize
64KB

Download
memory/1668-2144-0x00007FF791CC0000-0x00007FF792014000-memory.dmp

Filesize
3.3MB

Download
memory/1668-587-0x00007FF791CC0000-0x00007FF792014000-memory.dmp

Filesize
3.3MB

Download
memory/2092-594-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2151-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2154-0x00007FF7744E0000-0x00007FF774834000-memory.dmp

Filesize
3.3MB

Download
memory/2208-591-0x00007FF7744E0000-0x00007FF774834000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2169-0x00007FF7AC8F0000-0x00007FF7ACC44000-memory.dmp

Filesize
3.3MB

Download
memory/2400-720-0x00007FF7AC8F0000-0x00007FF7ACC44000-memory.dmp

Filesize
3.3MB

Download
memory/2564-586-0x00007FF6FD960000-0x00007FF6FDCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2145-0x00007FF6FD960000-0x00007FF6FDCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-589-0x00007FF6E5B20000-0x00007FF6E5E74000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2148-0x00007FF6E5B20000-0x00007FF6E5E74000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2153-0x00007FF79EEE0000-0x00007FF79F234000-memory.dmp

Filesize
3.3MB

Download
memory/3120-592-0x00007FF79EEE0000-0x00007FF79F234000-memory.dmp

Filesize
3.3MB

Download
memory/3372-593-0x00007FF6EEF40000-0x00007FF6EF294000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2152-0x00007FF6EEF40000-0x00007FF6EF294000-memory.dmp

Filesize
3.3MB

Download
memory/3444-715-0x00007FF7D39C0000-0x00007FF7D3D14000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2162-0x00007FF7D39C0000-0x00007FF7D3D14000-memory.dmp

Filesize
3.3MB

Download
memory/3524-685-0x00007FF73AAB0000-0x00007FF73AE04000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2157-0x00007FF73AAB0000-0x00007FF73AE04000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2167-0x00007FF6EACC0000-0x00007FF6EB014000-memory.dmp

Filesize
3.3MB

Download
memory/3684-660-0x00007FF6EACC0000-0x00007FF6EB014000-memory.dmp

Filesize
3.3MB

Download
memory/3748-590-0x00007FF7C4520000-0x00007FF7C4874000-memory.dmp

Filesize
3.3MB

Download
memory/3748-2149-0x00007FF7C4520000-0x00007FF7C4874000-memory.dmp

Filesize
3.3MB

Download
memory/3924-2161-0x00007FF69E340000-0x00007FF69E694000-memory.dmp

Filesize
3.3MB

Download
memory/3924-650-0x00007FF69E340000-0x00007FF69E694000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2142-0x00007FF7D8030000-0x00007FF7D8384000-memory.dmp

Filesize
3.3MB

Download
memory/4004-19-0x00007FF7D8030000-0x00007FF7D8384000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2146-0x00007FF7DBA30000-0x00007FF7DBD84000-memory.dmp

Filesize
3.3MB

Download
memory/4148-738-0x00007FF7DBA30000-0x00007FF7DBD84000-memory.dmp

Filesize
3.3MB

Download
memory/4264-705-0x00007FF7193D0000-0x00007FF719724000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2168-0x00007FF7193D0000-0x00007FF719724000-memory.dmp

Filesize
3.3MB

Download
memory/4480-2156-0x00007FF7C6F70000-0x00007FF7C72C4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-626-0x00007FF7C6F70000-0x00007FF7C72C4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-688-0x00007FF78B380000-0x00007FF78B6D4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2160-0x00007FF78B380000-0x00007FF78B6D4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-641-0x00007FF7EE980000-0x00007FF7EECD4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2166-0x00007FF7EE980000-0x00007FF7EECD4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-602-0x00007FF6FBBE0000-0x00007FF6FBF34000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2159-0x00007FF6FBBE0000-0x00007FF6FBF34000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2141-0x00007FF61CC90000-0x00007FF61CFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-7-0x00007FF61CC90000-0x00007FF61CFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2139-0x00007FF61CC90000-0x00007FF61CFE4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-615-0x00007FF796380000-0x00007FF7966D4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2155-0x00007FF796380000-0x00007FF7966D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads