xmrig | 2af32b8759e20f24cc1b2a4b2e03da0449de8a1c91f71b95f45c8ea2c67b77f3

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
Size

2.0MB
MD5

59f947decbae521f2203cf9a08ce0840
SHA1

b0ab5439cbae9337d2f9ccf30d0937d162371d04
SHA256

2af32b8759e20f24cc1b2a4b2e03da0449de8a1c91f71b95f45c8ea2c67b77f3
SHA512

a7a6c4649d651986eb64c1d574124ef2cde0ebe6787934b063caa28e98ea8a019b72b1ca61d5f989d352917f6e152993f03ee01b5c2ca206508d4bd11f5b8a5d
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQF3OioF5qdZwWP:oemTLkNdfE0pZrQZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1104-0-0x00007FF7FA510000-0x00007FF7FA864000-memory.dmp	xmrig
behavioral2/files/0x00080000000233fe-5.dat	xmrig
behavioral2/files/0x0007000000023403-7.dat	xmrig
behavioral2/memory/2824-14-0x00007FF7FE430000-0x00007FF7FE784000-memory.dmp	xmrig
behavioral2/files/0x0007000000023404-31.dat	xmrig
behavioral2/files/0x0007000000023406-41.dat	xmrig
behavioral2/files/0x0007000000023407-45.dat	xmrig
behavioral2/files/0x0007000000023408-51.dat	xmrig
behavioral2/files/0x000700000002340a-58.dat	xmrig
behavioral2/files/0x000700000002340b-62.dat	xmrig
behavioral2/files/0x000700000002340c-74.dat	xmrig
behavioral2/files/0x000700000002340e-84.dat	xmrig
behavioral2/files/0x0007000000023411-99.dat	xmrig
behavioral2/files/0x0007000000023414-114.dat	xmrig
behavioral2/files/0x000700000002341c-154.dat	xmrig
behavioral2/files/0x0007000000023421-171.dat	xmrig
behavioral2/memory/740-607-0x00007FF63C040000-0x00007FF63C394000-memory.dmp	xmrig
behavioral2/memory/3660-608-0x00007FF7FC990000-0x00007FF7FCCE4000-memory.dmp	xmrig
behavioral2/memory/3964-609-0x00007FF7CEF30000-0x00007FF7CF284000-memory.dmp	xmrig
behavioral2/memory/4584-610-0x00007FF68C870000-0x00007FF68CBC4000-memory.dmp	xmrig
behavioral2/memory/1208-611-0x00007FF79B350000-0x00007FF79B6A4000-memory.dmp	xmrig
behavioral2/memory/948-612-0x00007FF66E230000-0x00007FF66E584000-memory.dmp	xmrig
behavioral2/memory/3656-629-0x00007FF7188D0000-0x00007FF718C24000-memory.dmp	xmrig
behavioral2/memory/2652-677-0x00007FF624660000-0x00007FF6249B4000-memory.dmp	xmrig
behavioral2/memory/1332-732-0x00007FF766370000-0x00007FF7666C4000-memory.dmp	xmrig
behavioral2/memory/3256-717-0x00007FF63A900000-0x00007FF63AC54000-memory.dmp	xmrig
behavioral2/memory/216-702-0x00007FF6F83F0000-0x00007FF6F8744000-memory.dmp	xmrig
behavioral2/memory/4108-691-0x00007FF790EF0000-0x00007FF791244000-memory.dmp	xmrig
behavioral2/memory/1728-686-0x00007FF7CA970000-0x00007FF7CACC4000-memory.dmp	xmrig
behavioral2/memory/2412-666-0x00007FF7370B0000-0x00007FF737404000-memory.dmp	xmrig
behavioral2/memory/3432-663-0x00007FF794D70000-0x00007FF7950C4000-memory.dmp	xmrig
behavioral2/memory/1524-655-0x00007FF6F5C10000-0x00007FF6F5F64000-memory.dmp	xmrig
behavioral2/memory/3600-645-0x00007FF7B7380000-0x00007FF7B76D4000-memory.dmp	xmrig
behavioral2/memory/1764-635-0x00007FF6DD510000-0x00007FF6DD864000-memory.dmp	xmrig
behavioral2/memory/3604-625-0x00007FF6F0290000-0x00007FF6F05E4000-memory.dmp	xmrig
behavioral2/memory/4076-619-0x00007FF6719D0000-0x00007FF671D24000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-169.dat	xmrig
behavioral2/files/0x0007000000023420-166.dat	xmrig
behavioral2/files/0x000700000002341e-164.dat	xmrig
behavioral2/files/0x000700000002341d-159.dat	xmrig
behavioral2/files/0x000700000002341b-149.dat	xmrig
behavioral2/files/0x000700000002341a-144.dat	xmrig
behavioral2/files/0x0007000000023419-139.dat	xmrig
behavioral2/files/0x0007000000023418-134.dat	xmrig
behavioral2/files/0x0007000000023417-129.dat	xmrig
behavioral2/files/0x0007000000023416-124.dat	xmrig
behavioral2/files/0x0007000000023415-119.dat	xmrig
behavioral2/files/0x0007000000023413-109.dat	xmrig
behavioral2/files/0x0007000000023412-104.dat	xmrig
behavioral2/files/0x0007000000023410-94.dat	xmrig
behavioral2/files/0x000700000002340f-89.dat	xmrig
behavioral2/files/0x000700000002340d-79.dat	xmrig
behavioral2/memory/3064-61-0x00007FF709D40000-0x00007FF70A094000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-56.dat	xmrig
behavioral2/memory/448-55-0x00007FF771250000-0x00007FF7715A4000-memory.dmp	xmrig
behavioral2/memory/3352-50-0x00007FF6A3F30000-0x00007FF6A4284000-memory.dmp	xmrig
behavioral2/memory/3760-44-0x00007FF63CA30000-0x00007FF63CD84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023405-39.dat	xmrig
behavioral2/memory/960-37-0x00007FF687860000-0x00007FF687BB4000-memory.dmp	xmrig
behavioral2/memory/2436-34-0x00007FF63FC50000-0x00007FF63FFA4000-memory.dmp	xmrig
behavioral2/memory/4356-28-0x00007FF64B210000-0x00007FF64B564000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-17.dat	xmrig
behavioral2/memory/2904-9-0x00007FF681540000-0x00007FF681894000-memory.dmp	xmrig
behavioral2/memory/2904-1640-0x00007FF681540000-0x00007FF681894000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2904	nAaGhcX.exe
2824	UedoDxk.exe
4356	ZcPNAQf.exe
2436	TTZcLqD.exe
3760	SdYlDBl.exe
960	YsQtmgn.exe
3352	VpUMuJz.exe
448	VJxxDUy.exe
3064	lXkPDqH.exe
740	EMcvJvk.exe
1332	qaRzRAZ.exe
3660	XXLmhBE.exe
3964	kfhdnIM.exe
4584	RHWrrgQ.exe
1208	ISmRfVo.exe
948	cmvletV.exe
4076	SEuEWCd.exe
3604	QFSOEBh.exe
3656	VkZGFDz.exe
1764	gwgDyWj.exe
3600	tGQiTTk.exe
1524	iplqzzJ.exe
3432	qLLRuIO.exe
2412	mVkWpuH.exe
2652	hgxyaaN.exe
1728	CrRcATC.exe
4108	jXFjplV.exe
216	kjuraOP.exe
3256	VyMUdfD.exe
1048	AtsoNgE.exe
3904	tOWIvZt.exe
1356	OZxxneV.exe
644	FlKZpeV.exe
4552	XtsLFVF.exe
1840	WASSxdu.exe
4416	TkyRrrY.exe
4880	bKIpTCu.exe
4604	xpWlyNX.exe
3504	wpFZlcn.exe
3956	vdBfIYw.exe
3204	KPdlnMM.exe
3952	XizyzWa.exe
4576	BrnZjmo.exe
3972	uukTDyD.exe
3644	toiCJMf.exe
3536	AxwQQSr.exe
4376	EYqwRsu.exe
3308	UezcNgs.exe
2888	GPaffOt.exe
5112	cgvvufq.exe
1956	RGHhETT.exe
4492	HBvvdsE.exe
4404	GVmtKdI.exe
4344	AcQGVdn.exe
2780	jgdaUCZ.exe
4920	VUWxrxJ.exe
1360	OveirIr.exe
1940	VWdtlGn.exe
1960	iRAOTmy.exe
4992	UVGpLnA.exe
1436	CUsqgWq.exe
4692	psITXIv.exe
3052	TywQqRV.exe
2164	LAXWepn.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1104-0-0x00007FF7FA510000-0x00007FF7FA864000-memory.dmp	upx
behavioral2/files/0x00080000000233fe-5.dat	upx
behavioral2/files/0x0007000000023403-7.dat	upx
behavioral2/memory/2824-14-0x00007FF7FE430000-0x00007FF7FE784000-memory.dmp	upx
behavioral2/files/0x0007000000023404-31.dat	upx
behavioral2/files/0x0007000000023406-41.dat	upx
behavioral2/files/0x0007000000023407-45.dat	upx
behavioral2/files/0x0007000000023408-51.dat	upx
behavioral2/files/0x000700000002340a-58.dat	upx
behavioral2/files/0x000700000002340b-62.dat	upx
behavioral2/files/0x000700000002340c-74.dat	upx
behavioral2/files/0x000700000002340e-84.dat	upx
behavioral2/files/0x0007000000023411-99.dat	upx
behavioral2/files/0x0007000000023414-114.dat	upx
behavioral2/files/0x000700000002341c-154.dat	upx
behavioral2/files/0x0007000000023421-171.dat	upx
behavioral2/memory/740-607-0x00007FF63C040000-0x00007FF63C394000-memory.dmp	upx
behavioral2/memory/3660-608-0x00007FF7FC990000-0x00007FF7FCCE4000-memory.dmp	upx
behavioral2/memory/3964-609-0x00007FF7CEF30000-0x00007FF7CF284000-memory.dmp	upx
behavioral2/memory/4584-610-0x00007FF68C870000-0x00007FF68CBC4000-memory.dmp	upx
behavioral2/memory/1208-611-0x00007FF79B350000-0x00007FF79B6A4000-memory.dmp	upx
behavioral2/memory/948-612-0x00007FF66E230000-0x00007FF66E584000-memory.dmp	upx
behavioral2/memory/3656-629-0x00007FF7188D0000-0x00007FF718C24000-memory.dmp	upx
behavioral2/memory/2652-677-0x00007FF624660000-0x00007FF6249B4000-memory.dmp	upx
behavioral2/memory/1332-732-0x00007FF766370000-0x00007FF7666C4000-memory.dmp	upx
behavioral2/memory/3256-717-0x00007FF63A900000-0x00007FF63AC54000-memory.dmp	upx
behavioral2/memory/216-702-0x00007FF6F83F0000-0x00007FF6F8744000-memory.dmp	upx
behavioral2/memory/4108-691-0x00007FF790EF0000-0x00007FF791244000-memory.dmp	upx
behavioral2/memory/1728-686-0x00007FF7CA970000-0x00007FF7CACC4000-memory.dmp	upx
behavioral2/memory/2412-666-0x00007FF7370B0000-0x00007FF737404000-memory.dmp	upx
behavioral2/memory/3432-663-0x00007FF794D70000-0x00007FF7950C4000-memory.dmp	upx
behavioral2/memory/1524-655-0x00007FF6F5C10000-0x00007FF6F5F64000-memory.dmp	upx
behavioral2/memory/3600-645-0x00007FF7B7380000-0x00007FF7B76D4000-memory.dmp	upx
behavioral2/memory/1764-635-0x00007FF6DD510000-0x00007FF6DD864000-memory.dmp	upx
behavioral2/memory/3604-625-0x00007FF6F0290000-0x00007FF6F05E4000-memory.dmp	upx
behavioral2/memory/4076-619-0x00007FF6719D0000-0x00007FF671D24000-memory.dmp	upx
behavioral2/files/0x000700000002341f-169.dat	upx
behavioral2/files/0x0007000000023420-166.dat	upx
behavioral2/files/0x000700000002341e-164.dat	upx
behavioral2/files/0x000700000002341d-159.dat	upx
behavioral2/files/0x000700000002341b-149.dat	upx
behavioral2/files/0x000700000002341a-144.dat	upx
behavioral2/files/0x0007000000023419-139.dat	upx
behavioral2/files/0x0007000000023418-134.dat	upx
behavioral2/files/0x0007000000023417-129.dat	upx
behavioral2/files/0x0007000000023416-124.dat	upx
behavioral2/files/0x0007000000023415-119.dat	upx
behavioral2/files/0x0007000000023413-109.dat	upx
behavioral2/files/0x0007000000023412-104.dat	upx
behavioral2/files/0x0007000000023410-94.dat	upx
behavioral2/files/0x000700000002340f-89.dat	upx
behavioral2/files/0x000700000002340d-79.dat	upx
behavioral2/memory/3064-61-0x00007FF709D40000-0x00007FF70A094000-memory.dmp	upx
behavioral2/files/0x0007000000023409-56.dat	upx
behavioral2/memory/448-55-0x00007FF771250000-0x00007FF7715A4000-memory.dmp	upx
behavioral2/memory/3352-50-0x00007FF6A3F30000-0x00007FF6A4284000-memory.dmp	upx
behavioral2/memory/3760-44-0x00007FF63CA30000-0x00007FF63CD84000-memory.dmp	upx
behavioral2/files/0x0007000000023405-39.dat	upx
behavioral2/memory/960-37-0x00007FF687860000-0x00007FF687BB4000-memory.dmp	upx
behavioral2/memory/2436-34-0x00007FF63FC50000-0x00007FF63FFA4000-memory.dmp	upx
behavioral2/memory/4356-28-0x00007FF64B210000-0x00007FF64B564000-memory.dmp	upx
behavioral2/files/0x0007000000023402-17.dat	upx
behavioral2/memory/2904-9-0x00007FF681540000-0x00007FF681894000-memory.dmp	upx
behavioral2/memory/2904-1640-0x00007FF681540000-0x00007FF681894000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CiyRNwB.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\hhGUxns.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\PBfDAtL.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\kytiyzc.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\LGDYemr.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\CktTyJS.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\dOCKRGO.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\schRRrI.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\PVFwXdW.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\XlEhdcq.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\sQBKhGW.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\ojVLTtc.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\ZLZhXqL.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\FPcrppR.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\VJPxSAb.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\kQavjOE.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\eLszwjN.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\rPqInFq.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\XsxskGx.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\FursLtM.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\XjULqEy.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\uevpIIr.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\VJxxDUy.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\EPNcsKh.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\knLHDTk.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\bgMZmMO.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\KYZrKZJ.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\bqzdctr.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\MBmBZeh.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\NOxkrjq.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\ggxopkH.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\gBccZfX.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\LxCVKRr.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\FAXkmqq.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\wSbdyAN.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\WASSxdu.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\gGYvsPV.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\SQABLEa.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\BrnZjmo.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\hPkRFyW.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\sHWwINJ.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\fEclXDH.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\EdCHkgw.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\acsxbPM.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\FJgUSDg.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\cQsPMzf.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\XuYAUfK.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\kXkEUSg.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\dZjWiUY.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\CkhWHNs.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\FZrjBTh.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\DHdIXoK.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\yVKpZsi.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\vJvndpd.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\FTkKTQe.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\PtyJbBo.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\hqnZbtH.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\RHWrrgQ.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\IEFsiBR.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\jtzkLwU.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\fJvuXxl.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\umDDfuc.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\YPARkcF.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
File created	C:\Windows\System\xXQrEhP.exe	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	412	dwm.exe
Token: SeChangeNotifyPrivilege	412	dwm.exe
Token: 33	412	dwm.exe
Token: SeIncBasePriorityPrivilege	412	dwm.exe
Token: SeShutdownPrivilege	412	dwm.exe
Token: SeCreatePagefilePrivilege	412	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2904	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	83
PID 1104 wrote to memory of 2904	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	83
PID 1104 wrote to memory of 2824	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	84
PID 1104 wrote to memory of 2824	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	84
PID 1104 wrote to memory of 4356	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	85
PID 1104 wrote to memory of 4356	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	85
PID 1104 wrote to memory of 2436	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	86
PID 1104 wrote to memory of 2436	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	86
PID 1104 wrote to memory of 3760	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	87
PID 1104 wrote to memory of 3760	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	87
PID 1104 wrote to memory of 960	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	88
PID 1104 wrote to memory of 960	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	88
PID 1104 wrote to memory of 3352	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	89
PID 1104 wrote to memory of 3352	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	89
PID 1104 wrote to memory of 448	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	90
PID 1104 wrote to memory of 448	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	90
PID 1104 wrote to memory of 3064	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	91
PID 1104 wrote to memory of 3064	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	91
PID 1104 wrote to memory of 740	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	92
PID 1104 wrote to memory of 740	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	92
PID 1104 wrote to memory of 1332	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	93
PID 1104 wrote to memory of 1332	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	93
PID 1104 wrote to memory of 3660	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	94
PID 1104 wrote to memory of 3660	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	94
PID 1104 wrote to memory of 3964	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	95
PID 1104 wrote to memory of 3964	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	95
PID 1104 wrote to memory of 4584	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	96
PID 1104 wrote to memory of 4584	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	96
PID 1104 wrote to memory of 1208	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	97
PID 1104 wrote to memory of 1208	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	97
PID 1104 wrote to memory of 948	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	98
PID 1104 wrote to memory of 948	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	98
PID 1104 wrote to memory of 4076	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	99
PID 1104 wrote to memory of 4076	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	99
PID 1104 wrote to memory of 3604	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	100
PID 1104 wrote to memory of 3604	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	100
PID 1104 wrote to memory of 3656	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	101
PID 1104 wrote to memory of 3656	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	101
PID 1104 wrote to memory of 1764	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	102
PID 1104 wrote to memory of 1764	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	102
PID 1104 wrote to memory of 3600	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	103
PID 1104 wrote to memory of 3600	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	103
PID 1104 wrote to memory of 1524	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	104
PID 1104 wrote to memory of 1524	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	104
PID 1104 wrote to memory of 3432	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	105
PID 1104 wrote to memory of 3432	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	105
PID 1104 wrote to memory of 2412	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	106
PID 1104 wrote to memory of 2412	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	106
PID 1104 wrote to memory of 2652	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	107
PID 1104 wrote to memory of 2652	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	107
PID 1104 wrote to memory of 1728	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	108
PID 1104 wrote to memory of 1728	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	108
PID 1104 wrote to memory of 4108	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	109
PID 1104 wrote to memory of 4108	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	109
PID 1104 wrote to memory of 216	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	110
PID 1104 wrote to memory of 216	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	110
PID 1104 wrote to memory of 3256	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	111
PID 1104 wrote to memory of 3256	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	111
PID 1104 wrote to memory of 1048	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	112
PID 1104 wrote to memory of 1048	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	112
PID 1104 wrote to memory of 3904	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	113
PID 1104 wrote to memory of 3904	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	113
PID 1104 wrote to memory of 1356	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	114
PID 1104 wrote to memory of 1356	1104	59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\59f947decbae521f2203cf9a08ce0840_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\System\nAaGhcX.exe
  C:\Windows\System\nAaGhcX.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\UedoDxk.exe
  C:\Windows\System\UedoDxk.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ZcPNAQf.exe
  C:\Windows\System\ZcPNAQf.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\TTZcLqD.exe
  C:\Windows\System\TTZcLqD.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\SdYlDBl.exe
  C:\Windows\System\SdYlDBl.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\YsQtmgn.exe
  C:\Windows\System\YsQtmgn.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\VpUMuJz.exe
  C:\Windows\System\VpUMuJz.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\VJxxDUy.exe
  C:\Windows\System\VJxxDUy.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\lXkPDqH.exe
  C:\Windows\System\lXkPDqH.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\EMcvJvk.exe
  C:\Windows\System\EMcvJvk.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\qaRzRAZ.exe
  C:\Windows\System\qaRzRAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\XXLmhBE.exe
  C:\Windows\System\XXLmhBE.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\kfhdnIM.exe
  C:\Windows\System\kfhdnIM.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\RHWrrgQ.exe
  C:\Windows\System\RHWrrgQ.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\ISmRfVo.exe
  C:\Windows\System\ISmRfVo.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\cmvletV.exe
  C:\Windows\System\cmvletV.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\SEuEWCd.exe
  C:\Windows\System\SEuEWCd.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\QFSOEBh.exe
  C:\Windows\System\QFSOEBh.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\VkZGFDz.exe
  C:\Windows\System\VkZGFDz.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\gwgDyWj.exe
  C:\Windows\System\gwgDyWj.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\tGQiTTk.exe
  C:\Windows\System\tGQiTTk.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\iplqzzJ.exe
  C:\Windows\System\iplqzzJ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\qLLRuIO.exe
  C:\Windows\System\qLLRuIO.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\mVkWpuH.exe
  C:\Windows\System\mVkWpuH.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\hgxyaaN.exe
  C:\Windows\System\hgxyaaN.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\CrRcATC.exe
  C:\Windows\System\CrRcATC.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\jXFjplV.exe
  C:\Windows\System\jXFjplV.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\kjuraOP.exe
  C:\Windows\System\kjuraOP.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\VyMUdfD.exe
  C:\Windows\System\VyMUdfD.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\AtsoNgE.exe
  C:\Windows\System\AtsoNgE.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\tOWIvZt.exe
  C:\Windows\System\tOWIvZt.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\OZxxneV.exe
  C:\Windows\System\OZxxneV.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\FlKZpeV.exe
  C:\Windows\System\FlKZpeV.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\XtsLFVF.exe
  C:\Windows\System\XtsLFVF.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\WASSxdu.exe
  C:\Windows\System\WASSxdu.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\TkyRrrY.exe
  C:\Windows\System\TkyRrrY.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\bKIpTCu.exe
  C:\Windows\System\bKIpTCu.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\xpWlyNX.exe
  C:\Windows\System\xpWlyNX.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\wpFZlcn.exe
  C:\Windows\System\wpFZlcn.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\vdBfIYw.exe
  C:\Windows\System\vdBfIYw.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\KPdlnMM.exe
  C:\Windows\System\KPdlnMM.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\XizyzWa.exe
  C:\Windows\System\XizyzWa.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\BrnZjmo.exe
  C:\Windows\System\BrnZjmo.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\uukTDyD.exe
  C:\Windows\System\uukTDyD.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\toiCJMf.exe
  C:\Windows\System\toiCJMf.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\AxwQQSr.exe
  C:\Windows\System\AxwQQSr.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\EYqwRsu.exe
  C:\Windows\System\EYqwRsu.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\UezcNgs.exe
  C:\Windows\System\UezcNgs.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\GPaffOt.exe
  C:\Windows\System\GPaffOt.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\cgvvufq.exe
  C:\Windows\System\cgvvufq.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\RGHhETT.exe
  C:\Windows\System\RGHhETT.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\HBvvdsE.exe
  C:\Windows\System\HBvvdsE.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\GVmtKdI.exe
  C:\Windows\System\GVmtKdI.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\AcQGVdn.exe
  C:\Windows\System\AcQGVdn.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\jgdaUCZ.exe
  C:\Windows\System\jgdaUCZ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\VUWxrxJ.exe
  C:\Windows\System\VUWxrxJ.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\OveirIr.exe
  C:\Windows\System\OveirIr.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\VWdtlGn.exe
  C:\Windows\System\VWdtlGn.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\iRAOTmy.exe
  C:\Windows\System\iRAOTmy.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\UVGpLnA.exe
  C:\Windows\System\UVGpLnA.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\CUsqgWq.exe
  C:\Windows\System\CUsqgWq.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\psITXIv.exe
  C:\Windows\System\psITXIv.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\TywQqRV.exe
  C:\Windows\System\TywQqRV.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\LAXWepn.exe
  C:\Windows\System\LAXWepn.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\sTMyRrc.exe
  C:\Windows\System\sTMyRrc.exe
  2⤵
  PID:1444
- C:\Windows\System\VStZnzr.exe
  C:\Windows\System\VStZnzr.exe
  2⤵
  PID:536
- C:\Windows\System\XzDbBAK.exe
  C:\Windows\System\XzDbBAK.exe
  2⤵
  PID:1620
- C:\Windows\System\LgqBHBy.exe
  C:\Windows\System\LgqBHBy.exe
  2⤵
  PID:2684
- C:\Windows\System\msdgLyy.exe
  C:\Windows\System\msdgLyy.exe
  2⤵
  PID:2236
- C:\Windows\System\ePOXihs.exe
  C:\Windows\System\ePOXihs.exe
  2⤵
  PID:2000
- C:\Windows\System\HyrUfoM.exe
  C:\Windows\System\HyrUfoM.exe
  2⤵
  PID:2040
- C:\Windows\System\KYZrKZJ.exe
  C:\Windows\System\KYZrKZJ.exe
  2⤵
  PID:2848
- C:\Windows\System\VztwAVE.exe
  C:\Windows\System\VztwAVE.exe
  2⤵
  PID:3636
- C:\Windows\System\ieBiLJp.exe
  C:\Windows\System\ieBiLJp.exe
  2⤵
  PID:1044
- C:\Windows\System\OdRgqVK.exe
  C:\Windows\System\OdRgqVK.exe
  2⤵
  PID:4952
- C:\Windows\System\dZjWiUY.exe
  C:\Windows\System\dZjWiUY.exe
  2⤵
  PID:3268
- C:\Windows\System\sQBKhGW.exe
  C:\Windows\System\sQBKhGW.exe
  2⤵
  PID:2528
- C:\Windows\System\NRDAAvh.exe
  C:\Windows\System\NRDAAvh.exe
  2⤵
  PID:4560
- C:\Windows\System\LJEgEAn.exe
  C:\Windows\System\LJEgEAn.exe
  2⤵
  PID:4536
- C:\Windows\System\YuhvQuo.exe
  C:\Windows\System\YuhvQuo.exe
  2⤵
  PID:3200
- C:\Windows\System\JSwIeGl.exe
  C:\Windows\System\JSwIeGl.exe
  2⤵
  PID:3564
- C:\Windows\System\VIIQbix.exe
  C:\Windows\System\VIIQbix.exe
  2⤵
  PID:512
- C:\Windows\System\GwFGnIR.exe
  C:\Windows\System\GwFGnIR.exe
  2⤵
  PID:2628
- C:\Windows\System\MCebMCT.exe
  C:\Windows\System\MCebMCT.exe
  2⤵
  PID:5140
- C:\Windows\System\cXjlEeJ.exe
  C:\Windows\System\cXjlEeJ.exe
  2⤵
  PID:5168
- C:\Windows\System\eLszwjN.exe
  C:\Windows\System\eLszwjN.exe
  2⤵
  PID:5196
- C:\Windows\System\aDsmxzK.exe
  C:\Windows\System\aDsmxzK.exe
  2⤵
  PID:5224
- C:\Windows\System\DuSgfyD.exe
  C:\Windows\System\DuSgfyD.exe
  2⤵
  PID:5252
- C:\Windows\System\PPEkdcS.exe
  C:\Windows\System\PPEkdcS.exe
  2⤵
  PID:5280
- C:\Windows\System\qWZkVaC.exe
  C:\Windows\System\qWZkVaC.exe
  2⤵
  PID:5308
- C:\Windows\System\ZWJNzTU.exe
  C:\Windows\System\ZWJNzTU.exe
  2⤵
  PID:5336
- C:\Windows\System\JNOXgcD.exe
  C:\Windows\System\JNOXgcD.exe
  2⤵
  PID:5364
- C:\Windows\System\FrAdnFC.exe
  C:\Windows\System\FrAdnFC.exe
  2⤵
  PID:5392
- C:\Windows\System\mzrpjOF.exe
  C:\Windows\System\mzrpjOF.exe
  2⤵
  PID:5420
- C:\Windows\System\mLQblfH.exe
  C:\Windows\System\mLQblfH.exe
  2⤵
  PID:5448
- C:\Windows\System\CkhWHNs.exe
  C:\Windows\System\CkhWHNs.exe
  2⤵
  PID:5476
- C:\Windows\System\nHmrXvQ.exe
  C:\Windows\System\nHmrXvQ.exe
  2⤵
  PID:5504
- C:\Windows\System\GlnDAUY.exe
  C:\Windows\System\GlnDAUY.exe
  2⤵
  PID:5532
- C:\Windows\System\QAlACBt.exe
  C:\Windows\System\QAlACBt.exe
  2⤵
  PID:5560
- C:\Windows\System\YxkYlKG.exe
  C:\Windows\System\YxkYlKG.exe
  2⤵
  PID:5588
- C:\Windows\System\HXexPvt.exe
  C:\Windows\System\HXexPvt.exe
  2⤵
  PID:5616
- C:\Windows\System\tzWjJfv.exe
  C:\Windows\System\tzWjJfv.exe
  2⤵
  PID:5644
- C:\Windows\System\ajgcflR.exe
  C:\Windows\System\ajgcflR.exe
  2⤵
  PID:5672
- C:\Windows\System\DjAUbeQ.exe
  C:\Windows\System\DjAUbeQ.exe
  2⤵
  PID:5700
- C:\Windows\System\NMqaxBv.exe
  C:\Windows\System\NMqaxBv.exe
  2⤵
  PID:5728
- C:\Windows\System\CiyRNwB.exe
  C:\Windows\System\CiyRNwB.exe
  2⤵
  PID:5756
- C:\Windows\System\Bcoujmn.exe
  C:\Windows\System\Bcoujmn.exe
  2⤵
  PID:5784
- C:\Windows\System\gGYvsPV.exe
  C:\Windows\System\gGYvsPV.exe
  2⤵
  PID:5812
- C:\Windows\System\bmexLfR.exe
  C:\Windows\System\bmexLfR.exe
  2⤵
  PID:5840
- C:\Windows\System\rIKYpKC.exe
  C:\Windows\System\rIKYpKC.exe
  2⤵
  PID:5868
- C:\Windows\System\hhGUxns.exe
  C:\Windows\System\hhGUxns.exe
  2⤵
  PID:5896
- C:\Windows\System\FZrjBTh.exe
  C:\Windows\System\FZrjBTh.exe
  2⤵
  PID:5924
- C:\Windows\System\LxCVKRr.exe
  C:\Windows\System\LxCVKRr.exe
  2⤵
  PID:5952
- C:\Windows\System\wsxTIyu.exe
  C:\Windows\System\wsxTIyu.exe
  2⤵
  PID:5980
- C:\Windows\System\kmjZmFN.exe
  C:\Windows\System\kmjZmFN.exe
  2⤵
  PID:6008
- C:\Windows\System\QWTAxUr.exe
  C:\Windows\System\QWTAxUr.exe
  2⤵
  PID:6036
- C:\Windows\System\WUCFcYA.exe
  C:\Windows\System\WUCFcYA.exe
  2⤵
  PID:6064
- C:\Windows\System\WlxJQJa.exe
  C:\Windows\System\WlxJQJa.exe
  2⤵
  PID:6092
- C:\Windows\System\sZOqHjG.exe
  C:\Windows\System\sZOqHjG.exe
  2⤵
  PID:6120
- C:\Windows\System\JaguAKt.exe
  C:\Windows\System\JaguAKt.exe
  2⤵
  PID:4748
- C:\Windows\System\IEFsiBR.exe
  C:\Windows\System\IEFsiBR.exe
  2⤵
  PID:4332
- C:\Windows\System\RjmpHEo.exe
  C:\Windows\System\RjmpHEo.exe
  2⤵
  PID:1464
- C:\Windows\System\oelpmkz.exe
  C:\Windows\System\oelpmkz.exe
  2⤵
  PID:4436
- C:\Windows\System\sUeBSEo.exe
  C:\Windows\System\sUeBSEo.exe
  2⤵
  PID:3912
- C:\Windows\System\KlKaRlp.exe
  C:\Windows\System\KlKaRlp.exe
  2⤵
  PID:2924
- C:\Windows\System\XnrRSRB.exe
  C:\Windows\System\XnrRSRB.exe
  2⤵
  PID:5128
- C:\Windows\System\lWvsWsS.exe
  C:\Windows\System\lWvsWsS.exe
  2⤵
  PID:5188
- C:\Windows\System\zJMIYXk.exe
  C:\Windows\System\zJMIYXk.exe
  2⤵
  PID:5264
- C:\Windows\System\MtyaVoy.exe
  C:\Windows\System\MtyaVoy.exe
  2⤵
  PID:5324
- C:\Windows\System\yezcbHq.exe
  C:\Windows\System\yezcbHq.exe
  2⤵
  PID:5384
- C:\Windows\System\HupbhJx.exe
  C:\Windows\System\HupbhJx.exe
  2⤵
  PID:5460
- C:\Windows\System\aXWGvog.exe
  C:\Windows\System\aXWGvog.exe
  2⤵
  PID:5520
- C:\Windows\System\vHkBtZL.exe
  C:\Windows\System\vHkBtZL.exe
  2⤵
  PID:5580
- C:\Windows\System\wxhPHaL.exe
  C:\Windows\System\wxhPHaL.exe
  2⤵
  PID:5656
- C:\Windows\System\MhLLVry.exe
  C:\Windows\System\MhLLVry.exe
  2⤵
  PID:5716
- C:\Windows\System\ATnSInA.exe
  C:\Windows\System\ATnSInA.exe
  2⤵
  PID:5776
- C:\Windows\System\jtzkLwU.exe
  C:\Windows\System\jtzkLwU.exe
  2⤵
  PID:5852
- C:\Windows\System\mhkxDyi.exe
  C:\Windows\System\mhkxDyi.exe
  2⤵
  PID:5912
- C:\Windows\System\HYkrvhb.exe
  C:\Windows\System\HYkrvhb.exe
  2⤵
  PID:5972
- C:\Windows\System\efGFZPa.exe
  C:\Windows\System\efGFZPa.exe
  2⤵
  PID:6048
- C:\Windows\System\OKgobTU.exe
  C:\Windows\System\OKgobTU.exe
  2⤵
  PID:6108
- C:\Windows\System\kaJALNB.exe
  C:\Windows\System\kaJALNB.exe
  2⤵
  PID:3472
- C:\Windows\System\JqNqPPN.exe
  C:\Windows\System\JqNqPPN.exe
  2⤵
  PID:1724
- C:\Windows\System\OburBUH.exe
  C:\Windows\System\OburBUH.exe
  2⤵
  PID:4936
- C:\Windows\System\rPqInFq.exe
  C:\Windows\System\rPqInFq.exe
  2⤵
  PID:5216
- C:\Windows\System\fQZjhyR.exe
  C:\Windows\System\fQZjhyR.exe
  2⤵
  PID:3448
- C:\Windows\System\opMBIXo.exe
  C:\Windows\System\opMBIXo.exe
  2⤵
  PID:5492
- C:\Windows\System\PGkZvLN.exe
  C:\Windows\System\PGkZvLN.exe
  2⤵
  PID:5632
- C:\Windows\System\sIQNUJv.exe
  C:\Windows\System\sIQNUJv.exe
  2⤵
  PID:5804
- C:\Windows\System\dDvrxXe.exe
  C:\Windows\System\dDvrxXe.exe
  2⤵
  PID:5944
- C:\Windows\System\WyFCZyk.exe
  C:\Windows\System\WyFCZyk.exe
  2⤵
  PID:6080
- C:\Windows\System\mVvPsBz.exe
  C:\Windows\System\mVvPsBz.exe
  2⤵
  PID:2224
- C:\Windows\System\JtPSxzJ.exe
  C:\Windows\System\JtPSxzJ.exe
  2⤵
  PID:1808
- C:\Windows\System\nZYhRMd.exe
  C:\Windows\System\nZYhRMd.exe
  2⤵
  PID:5432
- C:\Windows\System\rhodrwf.exe
  C:\Windows\System\rhodrwf.exe
  2⤵
  PID:5880
- C:\Windows\System\dKTroLE.exe
  C:\Windows\System\dKTroLE.exe
  2⤵
  PID:6076
- C:\Windows\System\XsxskGx.exe
  C:\Windows\System\XsxskGx.exe
  2⤵
  PID:6148
- C:\Windows\System\ojVLTtc.exe
  C:\Windows\System\ojVLTtc.exe
  2⤵
  PID:6176
- C:\Windows\System\ZLZhXqL.exe
  C:\Windows\System\ZLZhXqL.exe
  2⤵
  PID:6204
- C:\Windows\System\afvBVvv.exe
  C:\Windows\System\afvBVvv.exe
  2⤵
  PID:6232
- C:\Windows\System\VZWovcG.exe
  C:\Windows\System\VZWovcG.exe
  2⤵
  PID:6260
- C:\Windows\System\qCcYLVr.exe
  C:\Windows\System\qCcYLVr.exe
  2⤵
  PID:6288
- C:\Windows\System\yTCjeMF.exe
  C:\Windows\System\yTCjeMF.exe
  2⤵
  PID:6316
- C:\Windows\System\BcezJpT.exe
  C:\Windows\System\BcezJpT.exe
  2⤵
  PID:6344
- C:\Windows\System\xsbvfKV.exe
  C:\Windows\System\xsbvfKV.exe
  2⤵
  PID:6372
- C:\Windows\System\vMnORwd.exe
  C:\Windows\System\vMnORwd.exe
  2⤵
  PID:6400
- C:\Windows\System\TnQQKzY.exe
  C:\Windows\System\TnQQKzY.exe
  2⤵
  PID:6428
- C:\Windows\System\bPWVhmr.exe
  C:\Windows\System\bPWVhmr.exe
  2⤵
  PID:6456
- C:\Windows\System\MEsnIGc.exe
  C:\Windows\System\MEsnIGc.exe
  2⤵
  PID:6484
- C:\Windows\System\mrCmDMp.exe
  C:\Windows\System\mrCmDMp.exe
  2⤵
  PID:6508
- C:\Windows\System\DCAmJdW.exe
  C:\Windows\System\DCAmJdW.exe
  2⤵
  PID:6540
- C:\Windows\System\ZojZbEc.exe
  C:\Windows\System\ZojZbEc.exe
  2⤵
  PID:6568
- C:\Windows\System\wAgOFZn.exe
  C:\Windows\System\wAgOFZn.exe
  2⤵
  PID:6596
- C:\Windows\System\ayoQAjG.exe
  C:\Windows\System\ayoQAjG.exe
  2⤵
  PID:6624
- C:\Windows\System\kuJkSDJ.exe
  C:\Windows\System\kuJkSDJ.exe
  2⤵
  PID:6648
- C:\Windows\System\nIInrhm.exe
  C:\Windows\System\nIInrhm.exe
  2⤵
  PID:6680
- C:\Windows\System\qxLjFRc.exe
  C:\Windows\System\qxLjFRc.exe
  2⤵
  PID:6708
- C:\Windows\System\UkZFlLy.exe
  C:\Windows\System\UkZFlLy.exe
  2⤵
  PID:6736
- C:\Windows\System\dbEaqiE.exe
  C:\Windows\System\dbEaqiE.exe
  2⤵
  PID:6760
- C:\Windows\System\FursLtM.exe
  C:\Windows\System\FursLtM.exe
  2⤵
  PID:6864
- C:\Windows\System\nLMGilH.exe
  C:\Windows\System\nLMGilH.exe
  2⤵
  PID:6892
- C:\Windows\System\KNqvYmj.exe
  C:\Windows\System\KNqvYmj.exe
  2⤵
  PID:6912
- C:\Windows\System\fJvuXxl.exe
  C:\Windows\System\fJvuXxl.exe
  2⤵
  PID:6932
- C:\Windows\System\KpgQxGl.exe
  C:\Windows\System\KpgQxGl.exe
  2⤵
  PID:6952
- C:\Windows\System\xHYtOqJ.exe
  C:\Windows\System\xHYtOqJ.exe
  2⤵
  PID:6972
- C:\Windows\System\rAqzFVZ.exe
  C:\Windows\System\rAqzFVZ.exe
  2⤵
  PID:6996
- C:\Windows\System\qHYuQXI.exe
  C:\Windows\System\qHYuQXI.exe
  2⤵
  PID:7024
- C:\Windows\System\kXXBuCT.exe
  C:\Windows\System\kXXBuCT.exe
  2⤵
  PID:7044
- C:\Windows\System\mbnHKno.exe
  C:\Windows\System\mbnHKno.exe
  2⤵
  PID:7072
- C:\Windows\System\cgOSSOt.exe
  C:\Windows\System\cgOSSOt.exe
  2⤵
  PID:7096
- C:\Windows\System\aVbgjzR.exe
  C:\Windows\System\aVbgjzR.exe
  2⤵
  PID:7112
- C:\Windows\System\wiLEgcN.exe
  C:\Windows\System\wiLEgcN.exe
  2⤵
  PID:7164
- C:\Windows\System\PitqLBb.exe
  C:\Windows\System\PitqLBb.exe
  2⤵
  PID:5608
- C:\Windows\System\Nzbwlyp.exe
  C:\Windows\System\Nzbwlyp.exe
  2⤵
  PID:5888
- C:\Windows\System\cyplZCU.exe
  C:\Windows\System\cyplZCU.exe
  2⤵
  PID:6168
- C:\Windows\System\VKiDNYU.exe
  C:\Windows\System\VKiDNYU.exe
  2⤵
  PID:6224
- C:\Windows\System\tuOnaIJ.exe
  C:\Windows\System\tuOnaIJ.exe
  2⤵
  PID:6280
- C:\Windows\System\wxYMOMZ.exe
  C:\Windows\System\wxYMOMZ.exe
  2⤵
  PID:6336
- C:\Windows\System\BCLWNrT.exe
  C:\Windows\System\BCLWNrT.exe
  2⤵
  PID:6384
- C:\Windows\System\YbLzRxf.exe
  C:\Windows\System\YbLzRxf.exe
  2⤵
  PID:6444
- C:\Windows\System\ZaNlWrS.exe
  C:\Windows\System\ZaNlWrS.exe
  2⤵
  PID:6524
- C:\Windows\System\iFmDKdc.exe
  C:\Windows\System\iFmDKdc.exe
  2⤵
  PID:6552
- C:\Windows\System\VgZbvXd.exe
  C:\Windows\System\VgZbvXd.exe
  2⤵
  PID:6588
- C:\Windows\System\vnWwASS.exe
  C:\Windows\System\vnWwASS.exe
  2⤵
  PID:6636
- C:\Windows\System\ZUdkMCq.exe
  C:\Windows\System\ZUdkMCq.exe
  2⤵
  PID:6668
- C:\Windows\System\SRHIeVK.exe
  C:\Windows\System\SRHIeVK.exe
  2⤵
  PID:2088
- C:\Windows\System\yFfMWQE.exe
  C:\Windows\System\yFfMWQE.exe
  2⤵
  PID:6748
- C:\Windows\System\wpRUdaq.exe
  C:\Windows\System\wpRUdaq.exe
  2⤵
  PID:6752
- C:\Windows\System\MaAXZOJ.exe
  C:\Windows\System\MaAXZOJ.exe
  2⤵
  PID:6888
- C:\Windows\System\CkUAaIF.exe
  C:\Windows\System\CkUAaIF.exe
  2⤵
  PID:1428
- C:\Windows\System\PqtZMRe.exe
  C:\Windows\System\PqtZMRe.exe
  2⤵
  PID:1416
- C:\Windows\System\ZtDMHwK.exe
  C:\Windows\System\ZtDMHwK.exe
  2⤵
  PID:4052
- C:\Windows\System\umDDfuc.exe
  C:\Windows\System\umDDfuc.exe
  2⤵
  PID:2636
- C:\Windows\System\XWigoQL.exe
  C:\Windows\System\XWigoQL.exe
  2⤵
  PID:3736
- C:\Windows\System\FTNmxSw.exe
  C:\Windows\System\FTNmxSw.exe
  2⤵
  PID:3260
- C:\Windows\System\hvqMgyD.exe
  C:\Windows\System\hvqMgyD.exe
  2⤵
  PID:6960
- C:\Windows\System\dmCnKjy.exe
  C:\Windows\System\dmCnKjy.exe
  2⤵
  PID:1948
- C:\Windows\System\NwxUpAR.exe
  C:\Windows\System\NwxUpAR.exe
  2⤵
  PID:7004
- C:\Windows\System\SlsvbnD.exe
  C:\Windows\System\SlsvbnD.exe
  2⤵
  PID:7064
- C:\Windows\System\pCbvMXs.exe
  C:\Windows\System\pCbvMXs.exe
  2⤵
  PID:7108
- C:\Windows\System\iVoovVt.exe
  C:\Windows\System\iVoovVt.exe
  2⤵
  PID:5744
- C:\Windows\System\lmAETsR.exe
  C:\Windows\System\lmAETsR.exe
  2⤵
  PID:4508
- C:\Windows\System\cJjOjNZ.exe
  C:\Windows\System\cJjOjNZ.exe
  2⤵
  PID:6360
- C:\Windows\System\ILvyPHK.exe
  C:\Windows\System\ILvyPHK.exe
  2⤵
  PID:6504
- C:\Windows\System\CVuWzZW.exe
  C:\Windows\System\CVuWzZW.exe
  2⤵
  PID:4544
- C:\Windows\System\ITIrxxf.exe
  C:\Windows\System\ITIrxxf.exe
  2⤵
  PID:4392
- C:\Windows\System\ZAOTtWs.exe
  C:\Windows\System\ZAOTtWs.exe
  2⤵
  PID:6908
- C:\Windows\System\NadRtRG.exe
  C:\Windows\System\NadRtRG.exe
  2⤵
  PID:6984
- C:\Windows\System\kytiyzc.exe
  C:\Windows\System\kytiyzc.exe
  2⤵
  PID:7088
- C:\Windows\System\pgxcOSu.exe
  C:\Windows\System\pgxcOSu.exe
  2⤵
  PID:5300
- C:\Windows\System\PqQiGFy.exe
  C:\Windows\System\PqQiGFy.exe
  2⤵
  PID:7208
- C:\Windows\System\RjRViMy.exe
  C:\Windows\System\RjRViMy.exe
  2⤵
  PID:7300
- C:\Windows\System\JizDhMD.exe
  C:\Windows\System\JizDhMD.exe
  2⤵
  PID:7368
- C:\Windows\System\nNocQSY.exe
  C:\Windows\System\nNocQSY.exe
  2⤵
  PID:7384
- C:\Windows\System\iwWjXrS.exe
  C:\Windows\System\iwWjXrS.exe
  2⤵
  PID:7488
- C:\Windows\System\dKvITah.exe
  C:\Windows\System\dKvITah.exe
  2⤵
  PID:7528
- C:\Windows\System\hPkRFyW.exe
  C:\Windows\System\hPkRFyW.exe
  2⤵
  PID:7600
- C:\Windows\System\sHWwINJ.exe
  C:\Windows\System\sHWwINJ.exe
  2⤵
  PID:7620
- C:\Windows\System\HxhkwQb.exe
  C:\Windows\System\HxhkwQb.exe
  2⤵
  PID:7652
- C:\Windows\System\SccJxSz.exe
  C:\Windows\System\SccJxSz.exe
  2⤵
  PID:7680
- C:\Windows\System\FAXkmqq.exe
  C:\Windows\System\FAXkmqq.exe
  2⤵
  PID:7712
- C:\Windows\System\WYDFuzG.exe
  C:\Windows\System\WYDFuzG.exe
  2⤵
  PID:7732
- C:\Windows\System\OVkxqta.exe
  C:\Windows\System\OVkxqta.exe
  2⤵
  PID:7776
- C:\Windows\System\oQjoRfb.exe
  C:\Windows\System\oQjoRfb.exe
  2⤵
  PID:7796
- C:\Windows\System\hQYkbiT.exe
  C:\Windows\System\hQYkbiT.exe
  2⤵
  PID:7832
- C:\Windows\System\yjHlSXy.exe
  C:\Windows\System\yjHlSXy.exe
  2⤵
  PID:7860
- C:\Windows\System\irYWcjC.exe
  C:\Windows\System\irYWcjC.exe
  2⤵
  PID:7888
- C:\Windows\System\wgqcIUe.exe
  C:\Windows\System\wgqcIUe.exe
  2⤵
  PID:7904
- C:\Windows\System\hpbyIYo.exe
  C:\Windows\System\hpbyIYo.exe
  2⤵
  PID:7920
- C:\Windows\System\FWMnZkD.exe
  C:\Windows\System\FWMnZkD.exe
  2⤵
  PID:7968
- C:\Windows\System\zeaQtGy.exe
  C:\Windows\System\zeaQtGy.exe
  2⤵
  PID:8012
- C:\Windows\System\rUYNDks.exe
  C:\Windows\System\rUYNDks.exe
  2⤵
  PID:8036
- C:\Windows\System\fltSBLc.exe
  C:\Windows\System\fltSBLc.exe
  2⤵
  PID:8064
- C:\Windows\System\hoJXfgj.exe
  C:\Windows\System\hoJXfgj.exe
  2⤵
  PID:8092
- C:\Windows\System\TzuDmyO.exe
  C:\Windows\System\TzuDmyO.exe
  2⤵
  PID:8120
- C:\Windows\System\fEclXDH.exe
  C:\Windows\System\fEclXDH.exe
  2⤵
  PID:8148
- C:\Windows\System\xxfVmXi.exe
  C:\Windows\System\xxfVmXi.exe
  2⤵
  PID:8168
- C:\Windows\System\hVOeWbo.exe
  C:\Windows\System\hVOeWbo.exe
  2⤵
  PID:3884
- C:\Windows\System\uDQQTdw.exe
  C:\Windows\System\uDQQTdw.exe
  2⤵
  PID:3560
- C:\Windows\System\aLWvMFd.exe
  C:\Windows\System\aLWvMFd.exe
  2⤵
  PID:2800
- C:\Windows\System\BfZHvVr.exe
  C:\Windows\System\BfZHvVr.exe
  2⤵
  PID:7040
- C:\Windows\System\UkMHJPx.exe
  C:\Windows\System\UkMHJPx.exe
  2⤵
  PID:7224
- C:\Windows\System\wSbdyAN.exe
  C:\Windows\System\wSbdyAN.exe
  2⤵
  PID:2656
- C:\Windows\System\gfKNCdf.exe
  C:\Windows\System\gfKNCdf.exe
  2⤵
  PID:7316
- C:\Windows\System\WBMtjvS.exe
  C:\Windows\System\WBMtjvS.exe
  2⤵
  PID:7376
- C:\Windows\System\MpJihzF.exe
  C:\Windows\System\MpJihzF.exe
  2⤵
  PID:7512
- C:\Windows\System\YlwBboe.exe
  C:\Windows\System\YlwBboe.exe
  2⤵
  PID:7424
- C:\Windows\System\WVSmQjx.exe
  C:\Windows\System\WVSmQjx.exe
  2⤵
  PID:7436
- C:\Windows\System\YPARkcF.exe
  C:\Windows\System\YPARkcF.exe
  2⤵
  PID:7616
- C:\Windows\System\DHdIXoK.exe
  C:\Windows\System\DHdIXoK.exe
  2⤵
  PID:7720
- C:\Windows\System\SQABLEa.exe
  C:\Windows\System\SQABLEa.exe
  2⤵
  PID:7784
- C:\Windows\System\MDibUid.exe
  C:\Windows\System\MDibUid.exe
  2⤵
  PID:7872
- C:\Windows\System\YEXGIHL.exe
  C:\Windows\System\YEXGIHL.exe
  2⤵
  PID:7952
- C:\Windows\System\yhlTyhF.exe
  C:\Windows\System\yhlTyhF.exe
  2⤵
  PID:8004
- C:\Windows\System\HEYrQut.exe
  C:\Windows\System\HEYrQut.exe
  2⤵
  PID:6820
- C:\Windows\System\CXJaZpg.exe
  C:\Windows\System\CXJaZpg.exe
  2⤵
  PID:8112
- C:\Windows\System\hYYuFtq.exe
  C:\Windows\System\hYYuFtq.exe
  2⤵
  PID:8156
- C:\Windows\System\EPNcsKh.exe
  C:\Windows\System\EPNcsKh.exe
  2⤵
  PID:3420
- C:\Windows\System\AjSOrXG.exe
  C:\Windows\System\AjSOrXG.exe
  2⤵
  PID:7176
- C:\Windows\System\KjTHnpA.exe
  C:\Windows\System\KjTHnpA.exe
  2⤵
  PID:4744
- C:\Windows\System\ZVNcUXm.exe
  C:\Windows\System\ZVNcUXm.exe
  2⤵
  PID:7444
- C:\Windows\System\kcYcvmg.exe
  C:\Windows\System\kcYcvmg.exe
  2⤵
  PID:7504
- C:\Windows\System\nGmumEa.exe
  C:\Windows\System\nGmumEa.exe
  2⤵
  PID:7672
- C:\Windows\System\XoYauEu.exe
  C:\Windows\System\XoYauEu.exe
  2⤵
  PID:6964
- C:\Windows\System\iAyCKeU.exe
  C:\Windows\System\iAyCKeU.exe
  2⤵
  PID:7992
- C:\Windows\System\NbrIVoB.exe
  C:\Windows\System\NbrIVoB.exe
  2⤵
  PID:2548
- C:\Windows\System\SiFEsKV.exe
  C:\Windows\System\SiFEsKV.exe
  2⤵
  PID:2928
- C:\Windows\System\rXqEUiK.exe
  C:\Windows\System\rXqEUiK.exe
  2⤵
  PID:5412
- C:\Windows\System\SDzjcvg.exe
  C:\Windows\System\SDzjcvg.exe
  2⤵
  PID:7408
- C:\Windows\System\WVpgqIq.exe
  C:\Windows\System\WVpgqIq.exe
  2⤵
  PID:6828
- C:\Windows\System\uNXlXiE.exe
  C:\Windows\System\uNXlXiE.exe
  2⤵
  PID:7056
- C:\Windows\System\cyzvvyv.exe
  C:\Windows\System\cyzvvyv.exe
  2⤵
  PID:6664
- C:\Windows\System\EdCHkgw.exe
  C:\Windows\System\EdCHkgw.exe
  2⤵
  PID:7428
- C:\Windows\System\jSaysBV.exe
  C:\Windows\System\jSaysBV.exe
  2⤵
  PID:6420
- C:\Windows\System\uTcprMG.exe
  C:\Windows\System\uTcprMG.exe
  2⤵
  PID:1228
- C:\Windows\System\ULGyCGK.exe
  C:\Windows\System\ULGyCGK.exe
  2⤵
  PID:8132
- C:\Windows\System\WXVCmas.exe
  C:\Windows\System\WXVCmas.exe
  2⤵
  PID:8212
- C:\Windows\System\eTtcEYo.exe
  C:\Windows\System\eTtcEYo.exe
  2⤵
  PID:8244
- C:\Windows\System\KriJfPZ.exe
  C:\Windows\System\KriJfPZ.exe
  2⤵
  PID:8280
- C:\Windows\System\MyOWMdM.exe
  C:\Windows\System\MyOWMdM.exe
  2⤵
  PID:8296
- C:\Windows\System\baKBpBU.exe
  C:\Windows\System\baKBpBU.exe
  2⤵
  PID:8316
- C:\Windows\System\siowFrF.exe
  C:\Windows\System\siowFrF.exe
  2⤵
  PID:8340
- C:\Windows\System\MmZbrpA.exe
  C:\Windows\System\MmZbrpA.exe
  2⤵
  PID:8416
- C:\Windows\System\WhStBqh.exe
  C:\Windows\System\WhStBqh.exe
  2⤵
  PID:8444
- C:\Windows\System\uVQlgPP.exe
  C:\Windows\System\uVQlgPP.exe
  2⤵
  PID:8472
- C:\Windows\System\BJTiyFf.exe
  C:\Windows\System\BJTiyFf.exe
  2⤵
  PID:8500
- C:\Windows\System\pXOqlDV.exe
  C:\Windows\System\pXOqlDV.exe
  2⤵
  PID:8532
- C:\Windows\System\jxEIJRd.exe
  C:\Windows\System\jxEIJRd.exe
  2⤵
  PID:8560
- C:\Windows\System\ckOouEf.exe
  C:\Windows\System\ckOouEf.exe
  2⤵
  PID:8588
- C:\Windows\System\xXQrEhP.exe
  C:\Windows\System\xXQrEhP.exe
  2⤵
  PID:8616
- C:\Windows\System\fMZpPaN.exe
  C:\Windows\System\fMZpPaN.exe
  2⤵
  PID:8652
- C:\Windows\System\HEWCHRO.exe
  C:\Windows\System\HEWCHRO.exe
  2⤵
  PID:8684
- C:\Windows\System\dtenWLl.exe
  C:\Windows\System\dtenWLl.exe
  2⤵
  PID:8712
- C:\Windows\System\xgEApWx.exe
  C:\Windows\System\xgEApWx.exe
  2⤵
  PID:8740
- C:\Windows\System\gVhAenr.exe
  C:\Windows\System\gVhAenr.exe
  2⤵
  PID:8768
- C:\Windows\System\VLsURPT.exe
  C:\Windows\System\VLsURPT.exe
  2⤵
  PID:8796
- C:\Windows\System\ynSTvKz.exe
  C:\Windows\System\ynSTvKz.exe
  2⤵
  PID:8824
- C:\Windows\System\wPsPBKv.exe
  C:\Windows\System\wPsPBKv.exe
  2⤵
  PID:8852
- C:\Windows\System\qPCyBnR.exe
  C:\Windows\System\qPCyBnR.exe
  2⤵
  PID:8880
- C:\Windows\System\inMEGlc.exe
  C:\Windows\System\inMEGlc.exe
  2⤵
  PID:8908
- C:\Windows\System\PrCAqaz.exe
  C:\Windows\System\PrCAqaz.exe
  2⤵
  PID:8924
- C:\Windows\System\uLuirDU.exe
  C:\Windows\System\uLuirDU.exe
  2⤵
  PID:8952
- C:\Windows\System\NlMhlCs.exe
  C:\Windows\System\NlMhlCs.exe
  2⤵
  PID:8980
- C:\Windows\System\zXvrUyd.exe
  C:\Windows\System\zXvrUyd.exe
  2⤵
  PID:9020
- C:\Windows\System\hwfxKUs.exe
  C:\Windows\System\hwfxKUs.exe
  2⤵
  PID:9048
- C:\Windows\System\qBnbmKq.exe
  C:\Windows\System\qBnbmKq.exe
  2⤵
  PID:9064
- C:\Windows\System\LpDzTxW.exe
  C:\Windows\System\LpDzTxW.exe
  2⤵
  PID:9092
- C:\Windows\System\FIilJvO.exe
  C:\Windows\System\FIilJvO.exe
  2⤵
  PID:9120
- C:\Windows\System\rvqkdkc.exe
  C:\Windows\System\rvqkdkc.exe
  2⤵
  PID:9148
- C:\Windows\System\XVjquUT.exe
  C:\Windows\System\XVjquUT.exe
  2⤵
  PID:9176
- C:\Windows\System\NGlMFwX.exe
  C:\Windows\System\NGlMFwX.exe
  2⤵
  PID:8204
- C:\Windows\System\dLdYKop.exe
  C:\Windows\System\dLdYKop.exe
  2⤵
  PID:7460
- C:\Windows\System\ZLxIgxg.exe
  C:\Windows\System\ZLxIgxg.exe
  2⤵
  PID:8324
- C:\Windows\System\HQXbcNU.exe
  C:\Windows\System\HQXbcNU.exe
  2⤵
  PID:8312
- C:\Windows\System\BoWKwSO.exe
  C:\Windows\System\BoWKwSO.exe
  2⤵
  PID:8408
- C:\Windows\System\BGVvmtt.exe
  C:\Windows\System\BGVvmtt.exe
  2⤵
  PID:8468
- C:\Windows\System\fVFJQcC.exe
  C:\Windows\System\fVFJQcC.exe
  2⤵
  PID:8576
- C:\Windows\System\syQDBRW.exe
  C:\Windows\System\syQDBRW.exe
  2⤵
  PID:8644
- C:\Windows\System\kapeKtT.exe
  C:\Windows\System\kapeKtT.exe
  2⤵
  PID:8708
- C:\Windows\System\LXsQvYx.exe
  C:\Windows\System\LXsQvYx.exe
  2⤵
  PID:8780
- C:\Windows\System\knLHDTk.exe
  C:\Windows\System\knLHDTk.exe
  2⤵
  PID:8844
- C:\Windows\System\FPcrppR.exe
  C:\Windows\System\FPcrppR.exe
  2⤵
  PID:8872
- C:\Windows\System\VJPxSAb.exe
  C:\Windows\System\VJPxSAb.exe
  2⤵
  PID:8964
- C:\Windows\System\sHeTJwg.exe
  C:\Windows\System\sHeTJwg.exe
  2⤵
  PID:9044
- C:\Windows\System\ECpADoU.exe
  C:\Windows\System\ECpADoU.exe
  2⤵
  PID:9104
- C:\Windows\System\UpJigfw.exe
  C:\Windows\System\UpJigfw.exe
  2⤵
  PID:9160
- C:\Windows\System\NPLDUJV.exe
  C:\Windows\System\NPLDUJV.exe
  2⤵
  PID:8256
- C:\Windows\System\AlNJVlq.exe
  C:\Windows\System\AlNJVlq.exe
  2⤵
  PID:8304
- C:\Windows\System\TvJywDg.exe
  C:\Windows\System\TvJywDg.exe
  2⤵
  PID:8384
- C:\Windows\System\MASEIhG.exe
  C:\Windows\System\MASEIhG.exe
  2⤵
  PID:8632
- C:\Windows\System\LGDYemr.exe
  C:\Windows\System\LGDYemr.exe
  2⤵
  PID:8704
- C:\Windows\System\sUWccrR.exe
  C:\Windows\System\sUWccrR.exe
  2⤵
  PID:8904
- C:\Windows\System\hxXbnGQ.exe
  C:\Windows\System\hxXbnGQ.exe
  2⤵
  PID:9088
- C:\Windows\System\CktTyJS.exe
  C:\Windows\System\CktTyJS.exe
  2⤵
  PID:8292
- C:\Windows\System\bqzdctr.exe
  C:\Windows\System\bqzdctr.exe
  2⤵
  PID:8488
- C:\Windows\System\yVKpZsi.exe
  C:\Windows\System\yVKpZsi.exe
  2⤵
  PID:8524
- C:\Windows\System\lwwhZnI.exe
  C:\Windows\System\lwwhZnI.exe
  2⤵
  PID:9032
- C:\Windows\System\rSXHUBa.exe
  C:\Windows\System\rSXHUBa.exe
  2⤵
  PID:9208
- C:\Windows\System\UEgHeAo.exe
  C:\Windows\System\UEgHeAo.exe
  2⤵
  PID:9248
- C:\Windows\System\MBmBZeh.exe
  C:\Windows\System\MBmBZeh.exe
  2⤵
  PID:9312
- C:\Windows\System\VCHylVr.exe
  C:\Windows\System\VCHylVr.exe
  2⤵
  PID:9344
- C:\Windows\System\tGYpLMk.exe
  C:\Windows\System\tGYpLMk.exe
  2⤵
  PID:9372
- C:\Windows\System\zCQireZ.exe
  C:\Windows\System\zCQireZ.exe
  2⤵
  PID:9388
- C:\Windows\System\OAmEisK.exe
  C:\Windows\System\OAmEisK.exe
  2⤵
  PID:9428
- C:\Windows\System\vyunATL.exe
  C:\Windows\System\vyunATL.exe
  2⤵
  PID:9456
- C:\Windows\System\kQavjOE.exe
  C:\Windows\System\kQavjOE.exe
  2⤵
  PID:9476
- C:\Windows\System\ZuNCDnf.exe
  C:\Windows\System\ZuNCDnf.exe
  2⤵
  PID:9504
- C:\Windows\System\IGOiJMK.exe
  C:\Windows\System\IGOiJMK.exe
  2⤵
  PID:9532
- C:\Windows\System\DRMyyxq.exe
  C:\Windows\System\DRMyyxq.exe
  2⤵
  PID:9572
- C:\Windows\System\czVpAuj.exe
  C:\Windows\System\czVpAuj.exe
  2⤵
  PID:9588
- C:\Windows\System\VueAvwM.exe
  C:\Windows\System\VueAvwM.exe
  2⤵
  PID:9616
- C:\Windows\System\FhFgOHU.exe
  C:\Windows\System\FhFgOHU.exe
  2⤵
  PID:9644
- C:\Windows\System\dOCKRGO.exe
  C:\Windows\System\dOCKRGO.exe
  2⤵
  PID:9684
- C:\Windows\System\jbSIwkP.exe
  C:\Windows\System\jbSIwkP.exe
  2⤵
  PID:9700
- C:\Windows\System\EwuEyiD.exe
  C:\Windows\System\EwuEyiD.exe
  2⤵
  PID:9728
- C:\Windows\System\sYctFdb.exe
  C:\Windows\System\sYctFdb.exe
  2⤵
  PID:9760
- C:\Windows\System\bUCDWeL.exe
  C:\Windows\System\bUCDWeL.exe
  2⤵
  PID:9796
- C:\Windows\System\azfvALm.exe
  C:\Windows\System\azfvALm.exe
  2⤵
  PID:9820
- C:\Windows\System\ikfGVWt.exe
  C:\Windows\System\ikfGVWt.exe
  2⤵
  PID:9840
- C:\Windows\System\SlFapic.exe
  C:\Windows\System\SlFapic.exe
  2⤵
  PID:9868
- C:\Windows\System\WCFVlAn.exe
  C:\Windows\System\WCFVlAn.exe
  2⤵
  PID:9900
- C:\Windows\System\vJvndpd.exe
  C:\Windows\System\vJvndpd.exe
  2⤵
  PID:9924
- C:\Windows\System\dOKhScT.exe
  C:\Windows\System\dOKhScT.exe
  2⤵
  PID:9964
- C:\Windows\System\DeGRjOB.exe
  C:\Windows\System\DeGRjOB.exe
  2⤵
  PID:9992
- C:\Windows\System\EAkSHFb.exe
  C:\Windows\System\EAkSHFb.exe
  2⤵
  PID:10020
- C:\Windows\System\Qypneib.exe
  C:\Windows\System\Qypneib.exe
  2⤵
  PID:10036
- C:\Windows\System\hOXwNDP.exe
  C:\Windows\System\hOXwNDP.exe
  2⤵
  PID:10072
- C:\Windows\System\rBcSicM.exe
  C:\Windows\System\rBcSicM.exe
  2⤵
  PID:10092
- C:\Windows\System\ThTwJqq.exe
  C:\Windows\System\ThTwJqq.exe
  2⤵
  PID:10132
- C:\Windows\System\wBGqkWm.exe
  C:\Windows\System\wBGqkWm.exe
  2⤵
  PID:10160
- C:\Windows\System\wvzFanh.exe
  C:\Windows\System\wvzFanh.exe
  2⤵
  PID:10188
- C:\Windows\System\sixKEtq.exe
  C:\Windows\System\sixKEtq.exe
  2⤵
  PID:10216
- C:\Windows\System\OwUnEmB.exe
  C:\Windows\System\OwUnEmB.exe
  2⤵
  PID:8676
- C:\Windows\System\ravVXXh.exe
  C:\Windows\System\ravVXXh.exe
  2⤵
  PID:8508
- C:\Windows\System\CMstqap.exe
  C:\Windows\System\CMstqap.exe
  2⤵
  PID:9276
- C:\Windows\System\vadecZU.exe
  C:\Windows\System\vadecZU.exe
  2⤵
  PID:9328
- C:\Windows\System\bgMZmMO.exe
  C:\Windows\System\bgMZmMO.exe
  2⤵
  PID:9412
- C:\Windows\System\vzZOXqc.exe
  C:\Windows\System\vzZOXqc.exe
  2⤵
  PID:9468
- C:\Windows\System\bYsWnkw.exe
  C:\Windows\System\bYsWnkw.exe
  2⤵
  PID:9528
- C:\Windows\System\fNidDKk.exe
  C:\Windows\System\fNidDKk.exe
  2⤵
  PID:9600
- C:\Windows\System\GIoPuyY.exe
  C:\Windows\System\GIoPuyY.exe
  2⤵
  PID:9692
- C:\Windows\System\ykSsYPz.exe
  C:\Windows\System\ykSsYPz.exe
  2⤵
  PID:9720
- C:\Windows\System\DSMLjTq.exe
  C:\Windows\System\DSMLjTq.exe
  2⤵
  PID:9768
- C:\Windows\System\uSfJjPX.exe
  C:\Windows\System\uSfJjPX.exe
  2⤵
  PID:9860
- C:\Windows\System\FTkKTQe.exe
  C:\Windows\System\FTkKTQe.exe
  2⤵
  PID:9920
- C:\Windows\System\wOgGHsg.exe
  C:\Windows\System\wOgGHsg.exe
  2⤵
  PID:10012
- C:\Windows\System\eyBwfKF.exe
  C:\Windows\System\eyBwfKF.exe
  2⤵
  PID:10080
- C:\Windows\System\zgXFfFZ.exe
  C:\Windows\System\zgXFfFZ.exe
  2⤵
  PID:10144
- C:\Windows\System\CrcsHOn.exe
  C:\Windows\System\CrcsHOn.exe
  2⤵
  PID:10180
- C:\Windows\System\CPkalDQ.exe
  C:\Windows\System\CPkalDQ.exe
  2⤵
  PID:10228
- C:\Windows\System\QdaJpgB.exe
  C:\Windows\System\QdaJpgB.exe
  2⤵
  PID:8544
- C:\Windows\System\FoWchXc.exe
  C:\Windows\System\FoWchXc.exe
  2⤵
  PID:9408
- C:\Windows\System\OaXzOSI.exe
  C:\Windows\System\OaXzOSI.exe
  2⤵
  PID:9640
- C:\Windows\System\qKWYEiF.exe
  C:\Windows\System\qKWYEiF.exe
  2⤵
  PID:9896
- C:\Windows\System\DElhxsQ.exe
  C:\Windows\System\DElhxsQ.exe
  2⤵
  PID:9984
- C:\Windows\System\VuphDHh.exe
  C:\Windows\System\VuphDHh.exe
  2⤵
  PID:10172
- C:\Windows\System\PhsczRX.exe
  C:\Windows\System\PhsczRX.exe
  2⤵
  PID:10208
- C:\Windows\System\ufbDZlR.exe
  C:\Windows\System\ufbDZlR.exe
  2⤵
  PID:9556
- C:\Windows\System\SxkSQzz.exe
  C:\Windows\System\SxkSQzz.exe
  2⤵
  PID:10108
- C:\Windows\System\YmVGtKn.exe
  C:\Windows\System\YmVGtKn.exe
  2⤵
  PID:10200
- C:\Windows\System\zEhtSos.exe
  C:\Windows\System\zEhtSos.exe
  2⤵
  PID:10112
- C:\Windows\System\amFUoJJ.exe
  C:\Windows\System\amFUoJJ.exe
  2⤵
  PID:10256
- C:\Windows\System\JGktlEA.exe
  C:\Windows\System\JGktlEA.exe
  2⤵
  PID:10284
- C:\Windows\System\ZbMZPUR.exe
  C:\Windows\System\ZbMZPUR.exe
  2⤵
  PID:10304
- C:\Windows\System\gMWtYlV.exe
  C:\Windows\System\gMWtYlV.exe
  2⤵
  PID:10328
- C:\Windows\System\uiQYyqI.exe
  C:\Windows\System\uiQYyqI.exe
  2⤵
  PID:10356
- C:\Windows\System\ReobCsw.exe
  C:\Windows\System\ReobCsw.exe
  2⤵
  PID:10384
- C:\Windows\System\glWxZgm.exe
  C:\Windows\System\glWxZgm.exe
  2⤵
  PID:10420
- C:\Windows\System\XjULqEy.exe
  C:\Windows\System\XjULqEy.exe
  2⤵
  PID:10452
- C:\Windows\System\fYshTiZ.exe
  C:\Windows\System\fYshTiZ.exe
  2⤵
  PID:10480
- C:\Windows\System\FJVMURI.exe
  C:\Windows\System\FJVMURI.exe
  2⤵
  PID:10508
- C:\Windows\System\Woctoso.exe
  C:\Windows\System\Woctoso.exe
  2⤵
  PID:10536
- C:\Windows\System\XHReCci.exe
  C:\Windows\System\XHReCci.exe
  2⤵
  PID:10572
- C:\Windows\System\pVxhiCM.exe
  C:\Windows\System\pVxhiCM.exe
  2⤵
  PID:10588
- C:\Windows\System\yRRMQPX.exe
  C:\Windows\System\yRRMQPX.exe
  2⤵
  PID:10616
- C:\Windows\System\eDlXAOm.exe
  C:\Windows\System\eDlXAOm.exe
  2⤵
  PID:10640
- C:\Windows\System\GkRSQSv.exe
  C:\Windows\System\GkRSQSv.exe
  2⤵
  PID:10672
- C:\Windows\System\QJDhEPY.exe
  C:\Windows\System\QJDhEPY.exe
  2⤵
  PID:10712
- C:\Windows\System\QbHjvmK.exe
  C:\Windows\System\QbHjvmK.exe
  2⤵
  PID:10740
- C:\Windows\System\pawySHs.exe
  C:\Windows\System\pawySHs.exe
  2⤵
  PID:10756
- C:\Windows\System\NGJXHWg.exe
  C:\Windows\System\NGJXHWg.exe
  2⤵
  PID:10796
- C:\Windows\System\YvXbKKs.exe
  C:\Windows\System\YvXbKKs.exe
  2⤵
  PID:10816
- C:\Windows\System\dJrlINO.exe
  C:\Windows\System\dJrlINO.exe
  2⤵
  PID:10852
- C:\Windows\System\iqOFBqL.exe
  C:\Windows\System\iqOFBqL.exe
  2⤵
  PID:10868
- C:\Windows\System\jGtRKYn.exe
  C:\Windows\System\jGtRKYn.exe
  2⤵
  PID:10896
- C:\Windows\System\dJWvmxK.exe
  C:\Windows\System\dJWvmxK.exe
  2⤵
  PID:10936
- C:\Windows\System\mXqLvpG.exe
  C:\Windows\System\mXqLvpG.exe
  2⤵
  PID:10964
- C:\Windows\System\hqBbsBj.exe
  C:\Windows\System\hqBbsBj.exe
  2⤵
  PID:10992
- C:\Windows\System\nfHQVAk.exe
  C:\Windows\System\nfHQVAk.exe
  2⤵
  PID:11020
- C:\Windows\System\QCWepDn.exe
  C:\Windows\System\QCWepDn.exe
  2⤵
  PID:11036
- C:\Windows\System\mJwsBVL.exe
  C:\Windows\System\mJwsBVL.exe
  2⤵
  PID:11080
- C:\Windows\System\BqBdEug.exe
  C:\Windows\System\BqBdEug.exe
  2⤵
  PID:11108
- C:\Windows\System\acsxbPM.exe
  C:\Windows\System\acsxbPM.exe
  2⤵
  PID:11124
- C:\Windows\System\dcqZrSA.exe
  C:\Windows\System\dcqZrSA.exe
  2⤵
  PID:11164
- C:\Windows\System\FnHiOVO.exe
  C:\Windows\System\FnHiOVO.exe
  2⤵
  PID:11192
- C:\Windows\System\kMeSaFC.exe
  C:\Windows\System\kMeSaFC.exe
  2⤵
  PID:11208
- C:\Windows\System\wXXaEAX.exe
  C:\Windows\System\wXXaEAX.exe
  2⤵
  PID:11248
- C:\Windows\System\RQVAXBb.exe
  C:\Windows\System\RQVAXBb.exe
  2⤵
  PID:10244
- C:\Windows\System\NOxkrjq.exe
  C:\Windows\System\NOxkrjq.exe
  2⤵
  PID:10316
- C:\Windows\System\kltvksU.exe
  C:\Windows\System\kltvksU.exe
  2⤵
  PID:10376
- C:\Windows\System\SdWLIWZ.exe
  C:\Windows\System\SdWLIWZ.exe
  2⤵
  PID:10436
- C:\Windows\System\mEXZTAG.exe
  C:\Windows\System\mEXZTAG.exe
  2⤵
  PID:10488
- C:\Windows\System\JmanfzI.exe
  C:\Windows\System\JmanfzI.exe
  2⤵
  PID:10552
- C:\Windows\System\iJxZYOc.exe
  C:\Windows\System\iJxZYOc.exe
  2⤵
  PID:10632
- C:\Windows\System\naPVUBo.exe
  C:\Windows\System\naPVUBo.exe
  2⤵
  PID:10700
- C:\Windows\System\ebtotYH.exe
  C:\Windows\System\ebtotYH.exe
  2⤵
  PID:10752
- C:\Windows\System\rBRqcsB.exe
  C:\Windows\System\rBRqcsB.exe
  2⤵
  PID:10824
- C:\Windows\System\JkdCfyU.exe
  C:\Windows\System\JkdCfyU.exe
  2⤵
  PID:10916
- C:\Windows\System\HgISLss.exe
  C:\Windows\System\HgISLss.exe
  2⤵
  PID:10984
- C:\Windows\System\zjXhzns.exe
  C:\Windows\System\zjXhzns.exe
  2⤵
  PID:11060
- C:\Windows\System\dCSaUhe.exe
  C:\Windows\System\dCSaUhe.exe
  2⤵
  PID:11116
- C:\Windows\System\nJqpggO.exe
  C:\Windows\System\nJqpggO.exe
  2⤵
  PID:11184
- C:\Windows\System\LqEIlQJ.exe
  C:\Windows\System\LqEIlQJ.exe
  2⤵
  PID:11240
- C:\Windows\System\IZiHBOI.exe
  C:\Windows\System\IZiHBOI.exe
  2⤵
  PID:10292
- C:\Windows\System\EwGZiZB.exe
  C:\Windows\System\EwGZiZB.exe
  2⤵
  PID:10348
- C:\Windows\System\lvvuOZd.exe
  C:\Windows\System\lvvuOZd.exe
  2⤵
  PID:10560
- C:\Windows\System\FPPBefY.exe
  C:\Windows\System\FPPBefY.exe
  2⤵
  PID:10724
- C:\Windows\System\ggxopkH.exe
  C:\Windows\System\ggxopkH.exe
  2⤵
  PID:10860
- C:\Windows\System\OlHtRuO.exe
  C:\Windows\System\OlHtRuO.exe
  2⤵
  PID:11012
- C:\Windows\System\rQWgSeU.exe
  C:\Windows\System\rQWgSeU.exe
  2⤵
  PID:11176
- C:\Windows\System\AjRQwhX.exe
  C:\Windows\System\AjRQwhX.exe
  2⤵
  PID:10476
- C:\Windows\System\ILvxHwN.exe
  C:\Windows\System\ILvxHwN.exe
  2⤵
  PID:10792
- C:\Windows\System\iIoRgPT.exe
  C:\Windows\System\iIoRgPT.exe
  2⤵
  PID:10368
- C:\Windows\System\ETnfqxi.exe
  C:\Windows\System\ETnfqxi.exe
  2⤵
  PID:11100
- C:\Windows\System\KowLhIY.exe
  C:\Windows\System\KowLhIY.exe
  2⤵
  PID:11276
- C:\Windows\System\hoKRqGm.exe
  C:\Windows\System\hoKRqGm.exe
  2⤵
  PID:11292
- C:\Windows\System\VslyGwO.exe
  C:\Windows\System\VslyGwO.exe
  2⤵
  PID:11308
- C:\Windows\System\cVLDtVV.exe
  C:\Windows\System\cVLDtVV.exe
  2⤵
  PID:11336
- C:\Windows\System\CVwTxps.exe
  C:\Windows\System\CVwTxps.exe
  2⤵
  PID:11388
- C:\Windows\System\EWTxTfo.exe
  C:\Windows\System\EWTxTfo.exe
  2⤵
  PID:11404
- C:\Windows\System\Ivmfscw.exe
  C:\Windows\System\Ivmfscw.exe
  2⤵
  PID:11432
- C:\Windows\System\AhHnVxU.exe
  C:\Windows\System\AhHnVxU.exe
  2⤵
  PID:11464
- C:\Windows\System\ZcZMLHd.exe
  C:\Windows\System\ZcZMLHd.exe
  2⤵
  PID:11500
- C:\Windows\System\RnOYvaE.exe
  C:\Windows\System\RnOYvaE.exe
  2⤵
  PID:11516
- C:\Windows\System\InFinZX.exe
  C:\Windows\System\InFinZX.exe
  2⤵
  PID:11544
- C:\Windows\System\OuVhesV.exe
  C:\Windows\System\OuVhesV.exe
  2⤵
  PID:11584
- C:\Windows\System\OpuGojF.exe
  C:\Windows\System\OpuGojF.exe
  2⤵
  PID:11612
- C:\Windows\System\oQofMcJ.exe
  C:\Windows\System\oQofMcJ.exe
  2⤵
  PID:11636
- C:\Windows\System\clBxgtW.exe
  C:\Windows\System\clBxgtW.exe
  2⤵
  PID:11656
- C:\Windows\System\WsuCEeC.exe
  C:\Windows\System\WsuCEeC.exe
  2⤵
  PID:11700
- C:\Windows\System\BuJjRZv.exe
  C:\Windows\System\BuJjRZv.exe
  2⤵
  PID:11728
- C:\Windows\System\tRVuWrM.exe
  C:\Windows\System\tRVuWrM.exe
  2⤵
  PID:11756
- C:\Windows\System\schRRrI.exe
  C:\Windows\System\schRRrI.exe
  2⤵
  PID:11776
- C:\Windows\System\cLSQzAg.exe
  C:\Windows\System\cLSQzAg.exe
  2⤵
  PID:11796
- C:\Windows\System\dqFbNLr.exe
  C:\Windows\System\dqFbNLr.exe
  2⤵
  PID:11824
- C:\Windows\System\fDpVIcb.exe
  C:\Windows\System\fDpVIcb.exe
  2⤵
  PID:11844
- C:\Windows\System\mWxiOaE.exe
  C:\Windows\System\mWxiOaE.exe
  2⤵
  PID:11892
- C:\Windows\System\yecrbLB.exe
  C:\Windows\System\yecrbLB.exe
  2⤵
  PID:11912
- C:\Windows\System\JHYPujH.exe
  C:\Windows\System\JHYPujH.exe
  2⤵
  PID:11952
- C:\Windows\System\qzaeTFN.exe
  C:\Windows\System\qzaeTFN.exe
  2⤵
  PID:11980
- C:\Windows\System\bwutOoE.exe
  C:\Windows\System\bwutOoE.exe
  2⤵
  PID:12008
- C:\Windows\System\sHjPcrV.exe
  C:\Windows\System\sHjPcrV.exe
  2⤵
  PID:12036
- C:\Windows\System\GhWeJpU.exe
  C:\Windows\System\GhWeJpU.exe
  2⤵
  PID:12056
- C:\Windows\System\ESFnvLf.exe
  C:\Windows\System\ESFnvLf.exe
  2⤵
  PID:12092
- C:\Windows\System\ZgzSUjr.exe
  C:\Windows\System\ZgzSUjr.exe
  2⤵
  PID:12120
- C:\Windows\System\PVFwXdW.exe
  C:\Windows\System\PVFwXdW.exe
  2⤵
  PID:12148
- C:\Windows\System\ZykbsHL.exe
  C:\Windows\System\ZykbsHL.exe
  2⤵
  PID:12168
- C:\Windows\System\RJykbIJ.exe
  C:\Windows\System\RJykbIJ.exe
  2⤵
  PID:12208
- C:\Windows\System\ltIDfBu.exe
  C:\Windows\System\ltIDfBu.exe
  2⤵
  PID:12232
- C:\Windows\System\lXVmPDG.exe
  C:\Windows\System\lXVmPDG.exe
  2⤵
  PID:12264
- C:\Windows\System\GlSEeqv.exe
  C:\Windows\System\GlSEeqv.exe
  2⤵
  PID:12280
- C:\Windows\System\LThuWpd.exe
  C:\Windows\System\LThuWpd.exe
  2⤵
  PID:11300
- C:\Windows\System\FJgUSDg.exe
  C:\Windows\System\FJgUSDg.exe
  2⤵
  PID:11384
- C:\Windows\System\UqicNXr.exe
  C:\Windows\System\UqicNXr.exe
  2⤵
  PID:11444
- C:\Windows\System\rGRfQPA.exe
  C:\Windows\System\rGRfQPA.exe
  2⤵
  PID:11492
- C:\Windows\System\jpijYyS.exe
  C:\Windows\System\jpijYyS.exe
  2⤵
  PID:11560
- C:\Windows\System\WDZScSe.exe
  C:\Windows\System\WDZScSe.exe
  2⤵
  PID:11624
- C:\Windows\System\iiLmwNE.exe
  C:\Windows\System\iiLmwNE.exe
  2⤵
  PID:11696
- C:\Windows\System\AvqzYxW.exe
  C:\Windows\System\AvqzYxW.exe
  2⤵
  PID:11812
- C:\Windows\System\fOadiYo.exe
  C:\Windows\System\fOadiYo.exe
  2⤵
  PID:11792
- C:\Windows\System\bSEaQDI.exe
  C:\Windows\System\bSEaQDI.exe
  2⤵
  PID:11876
- C:\Windows\System\rsQvpKn.exe
  C:\Windows\System\rsQvpKn.exe
  2⤵
  PID:11948
- C:\Windows\System\jJxoKim.exe
  C:\Windows\System\jJxoKim.exe
  2⤵
  PID:12020
- C:\Windows\System\pvLrPzH.exe
  C:\Windows\System\pvLrPzH.exe
  2⤵
  PID:12080
- C:\Windows\System\MQkUmQA.exe
  C:\Windows\System\MQkUmQA.exe
  2⤵
  PID:12160
- C:\Windows\System\UnUanmL.exe
  C:\Windows\System\UnUanmL.exe
  2⤵
  PID:12204
- C:\Windows\System\IDALTPZ.exe
  C:\Windows\System\IDALTPZ.exe
  2⤵
  PID:12252
- C:\Windows\System\EbdmnTI.exe
  C:\Windows\System\EbdmnTI.exe
  2⤵
  PID:11320
- C:\Windows\System\hjxXROU.exe
  C:\Windows\System\hjxXROU.exe
  2⤵
  PID:11532
- C:\Windows\System\IfwoUUf.exe
  C:\Windows\System\IfwoUUf.exe
  2⤵
  PID:11596
- C:\Windows\System\KjNalrs.exe
  C:\Windows\System\KjNalrs.exe
  2⤵
  PID:11808
- C:\Windows\System\cQsPMzf.exe
  C:\Windows\System\cQsPMzf.exe
  2⤵
  PID:11992
- C:\Windows\System\NEFRewv.exe
  C:\Windows\System\NEFRewv.exe
  2⤵
  PID:12196
- C:\Windows\System\DnBdjbg.exe
  C:\Windows\System\DnBdjbg.exe
  2⤵
  PID:11288
- C:\Windows\System\JYWzFmG.exe
  C:\Windows\System\JYWzFmG.exe
  2⤵
  PID:11352
- C:\Windows\System\jnpsNRJ.exe
  C:\Windows\System\jnpsNRJ.exe
  2⤵
  PID:11868
- C:\Windows\System\zTiGqmP.exe
  C:\Windows\System\zTiGqmP.exe
  2⤵
  PID:12240
- C:\Windows\System\YpKXEgY.exe
  C:\Windows\System\YpKXEgY.exe
  2⤵
  PID:11576
- C:\Windows\System\faNqMfA.exe
  C:\Windows\System\faNqMfA.exe
  2⤵
  PID:12300
- C:\Windows\System\ucspIjx.exe
  C:\Windows\System\ucspIjx.exe
  2⤵
  PID:12316
- C:\Windows\System\NQlXvyW.exe
  C:\Windows\System\NQlXvyW.exe
  2⤵
  PID:12344
- C:\Windows\System\joZnhBd.exe
  C:\Windows\System\joZnhBd.exe
  2⤵
  PID:12376
- C:\Windows\System\HcXtDCW.exe
  C:\Windows\System\HcXtDCW.exe
  2⤵
  PID:12404
- C:\Windows\System\enIvQPE.exe
  C:\Windows\System\enIvQPE.exe
  2⤵
  PID:12428
- C:\Windows\System\MADIVjI.exe
  C:\Windows\System\MADIVjI.exe
  2⤵
  PID:12480
- C:\Windows\System\MLTLbqM.exe
  C:\Windows\System\MLTLbqM.exe
  2⤵
  PID:12508
- C:\Windows\System\wCnWrdw.exe
  C:\Windows\System\wCnWrdw.exe
  2⤵
  PID:12536
- C:\Windows\System\nlpiNWa.exe
  C:\Windows\System\nlpiNWa.exe
  2⤵
  PID:12560
- C:\Windows\System\aTBsaIF.exe
  C:\Windows\System\aTBsaIF.exe
  2⤵
  PID:12580
- C:\Windows\System\PBfDAtL.exe
  C:\Windows\System\PBfDAtL.exe
  2⤵
  PID:12620
- C:\Windows\System\NMjhKve.exe
  C:\Windows\System\NMjhKve.exe
  2⤵
  PID:12636
- C:\Windows\System\zMFrExO.exe
  C:\Windows\System\zMFrExO.exe
  2⤵
  PID:12656
- C:\Windows\System\YaHArJV.exe
  C:\Windows\System\YaHArJV.exe
  2⤵
  PID:12684
- C:\Windows\System\KfzYcTs.exe
  C:\Windows\System\KfzYcTs.exe
  2⤵
  PID:12736
- C:\Windows\System\NKsqduX.exe
  C:\Windows\System\NKsqduX.exe
  2⤵
  PID:12752
- C:\Windows\System\UBzqhsJ.exe
  C:\Windows\System\UBzqhsJ.exe
  2⤵
  PID:12792
- C:\Windows\System\aPePINY.exe
  C:\Windows\System\aPePINY.exe
  2⤵
  PID:12812
- C:\Windows\System\jyfoifN.exe
  C:\Windows\System\jyfoifN.exe
  2⤵
  PID:12840
- C:\Windows\System\tBhGwUs.exe
  C:\Windows\System\tBhGwUs.exe
  2⤵
  PID:12860
- C:\Windows\System\DMyZkMt.exe
  C:\Windows\System\DMyZkMt.exe
  2⤵
  PID:12880
- C:\Windows\System\MjJdfNG.exe
  C:\Windows\System\MjJdfNG.exe
  2⤵
  PID:12920
- C:\Windows\System\wApEdpI.exe
  C:\Windows\System\wApEdpI.exe
  2⤵
  PID:12952
- C:\Windows\System\QwCeVcT.exe
  C:\Windows\System\QwCeVcT.exe
  2⤵
  PID:12984
- C:\Windows\System\uVNlqaB.exe
  C:\Windows\System\uVNlqaB.exe
  2⤵
  PID:13016
- C:\Windows\System\zCrnefw.exe
  C:\Windows\System\zCrnefw.exe
  2⤵
  PID:13044
- C:\Windows\System\cMPZPQO.exe
  C:\Windows\System\cMPZPQO.exe
  2⤵
  PID:13084
- C:\Windows\System\YRFDpWl.exe
  C:\Windows\System\YRFDpWl.exe
  2⤵
  PID:13112
- C:\Windows\System\qHeZYeD.exe
  C:\Windows\System\qHeZYeD.exe
  2⤵
  PID:13140
- C:\Windows\System\AkUOebb.exe
  C:\Windows\System\AkUOebb.exe
  2⤵
  PID:13168
- C:\Windows\System\hfLGcNf.exe
  C:\Windows\System\hfLGcNf.exe
  2⤵
  PID:13196
- C:\Windows\System\CKbrsBN.exe
  C:\Windows\System\CKbrsBN.exe
  2⤵
  PID:13212
- C:\Windows\System\AhhmRdz.exe
  C:\Windows\System\AhhmRdz.exe
  2⤵
  PID:13244
- C:\Windows\System\EvpouUf.exe
  C:\Windows\System\EvpouUf.exe
  2⤵
  PID:13272
- C:\Windows\System\fmGZvom.exe
  C:\Windows\System\fmGZvom.exe
  2⤵
  PID:13296
- C:\Windows\System\iuNCMOy.exe
  C:\Windows\System\iuNCMOy.exe
  2⤵
  PID:1012
- C:\Windows\System\uevpIIr.exe
  C:\Windows\System\uevpIIr.exe
  2⤵
  PID:12364
- C:\Windows\System\uByWBZC.exe
  C:\Windows\System\uByWBZC.exe
  2⤵
  PID:12396
- C:\Windows\System\XGyEbSE.exe
  C:\Windows\System\XGyEbSE.exe
  2⤵
  PID:12496
- C:\Windows\System\cRTJgOf.exe
  C:\Windows\System\cRTJgOf.exe
  2⤵
  PID:12552
- C:\Windows\System\gkYxuiY.exe
  C:\Windows\System\gkYxuiY.exe
  2⤵
  PID:12568
- C:\Windows\System\RivGOKL.exe
  C:\Windows\System\RivGOKL.exe
  2⤵
  PID:12644
- C:\Windows\System\cHaxKaX.exe
  C:\Windows\System\cHaxKaX.exe
  2⤵
  PID:12676
- C:\Windows\System\QyJcBxG.exe
  C:\Windows\System\QyJcBxG.exe
  2⤵
  PID:12788
- C:\Windows\System\AKGvSCB.exe
  C:\Windows\System\AKGvSCB.exe
  2⤵
  PID:12836
- C:\Windows\System\VDyMLYH.exe
  C:\Windows\System\VDyMLYH.exe
  2⤵
  PID:12944
- C:\Windows\System\QzrfgnY.exe
  C:\Windows\System\QzrfgnY.exe
  2⤵
  PID:13004
- C:\Windows\System\jqJcHbh.exe
  C:\Windows\System\jqJcHbh.exe
  2⤵
  PID:13040
- C:\Windows\System\COrRVgQ.exe
  C:\Windows\System\COrRVgQ.exe
  2⤵
  PID:13080
- C:\Windows\System\mhhmWMl.exe
  C:\Windows\System\mhhmWMl.exe
  2⤵
  PID:13192
- C:\Windows\System\marBajk.exe
  C:\Windows\System\marBajk.exe
  2⤵
  PID:13224
- C:\Windows\System\bAkmvus.exe
  C:\Windows\System\bAkmvus.exe
  2⤵
  PID:12312
- C:\Windows\System\pWzqlTQ.exe
  C:\Windows\System\pWzqlTQ.exe
  2⤵
  PID:12360
- C:\Windows\System\vbGGAkI.exe
  C:\Windows\System\vbGGAkI.exe
  2⤵
  PID:12476
- C:\Windows\System\evypjQs.exe
  C:\Windows\System\evypjQs.exe
  2⤵
  PID:4860
- C:\Windows\System\HxBEgOg.exe
  C:\Windows\System\HxBEgOg.exe
  2⤵
  PID:12800
- C:\Windows\System\sOsJDuN.exe
  C:\Windows\System\sOsJDuN.exe
  2⤵
  PID:12876
- C:\Windows\System\GKXstTe.exe
  C:\Windows\System\GKXstTe.exe
  2⤵
  PID:13068
- C:\Windows\System\MCyzzfI.exe
  C:\Windows\System\MCyzzfI.exe
  2⤵
  PID:12044
- C:\Windows\System\QsPWhnO.exe
  C:\Windows\System\QsPWhnO.exe
  2⤵
  PID:12328
- C:\Windows\System\LIFtBZJ.exe
  C:\Windows\System\LIFtBZJ.exe
  2⤵
  PID:12784
- C:\Windows\System\VjegEfc.exe
  C:\Windows\System\VjegEfc.exe
  2⤵
  PID:13032
- C:\Windows\System\STeAfcX.exe
  C:\Windows\System\STeAfcX.exe
  2⤵
  PID:13284
- C:\Windows\System\IDUrJox.exe
  C:\Windows\System\IDUrJox.exe
  2⤵
  PID:12968
- C:\Windows\System\XTexkBm.exe
  C:\Windows\System\XTexkBm.exe
  2⤵
  PID:13256
- C:\Windows\System\QaWzmYk.exe
  C:\Windows\System\QaWzmYk.exe
  2⤵
  PID:12616
- C:\Windows\System\IwpsVAh.exe
  C:\Windows\System\IwpsVAh.exe
  2⤵
  PID:13340
- C:\Windows\System\XiqfWgN.exe
  C:\Windows\System\XiqfWgN.exe
  2⤵
  PID:13388
- C:\Windows\System\aYEHXVo.exe
  C:\Windows\System\aYEHXVo.exe
  2⤵
  PID:13408
- C:\Windows\System\mWRHqdY.exe
  C:\Windows\System\mWRHqdY.exe
  2⤵
  PID:13428
- C:\Windows\System\nZDbRMq.exe
  C:\Windows\System\nZDbRMq.exe
  2⤵
  PID:13448
- C:\Windows\System\wJcfbVr.exe
  C:\Windows\System\wJcfbVr.exe
  2⤵
  PID:13500
- C:\Windows\System\bRXLLAF.exe
  C:\Windows\System\bRXLLAF.exe
  2⤵
  PID:13520
- C:\Windows\System\PtyJbBo.exe
  C:\Windows\System\PtyJbBo.exe
  2⤵
  PID:13536
- C:\Windows\System\RdUTYCp.exe
  C:\Windows\System\RdUTYCp.exe
  2⤵
  PID:13592
- C:\Windows\System\mLsoxfu.exe
  C:\Windows\System\mLsoxfu.exe
  2⤵
  PID:13608
- C:\Windows\System\LknVzwD.exe
  C:\Windows\System\LknVzwD.exe
  2⤵
  PID:13648
- C:\Windows\System\kPAdWYM.exe
  C:\Windows\System\kPAdWYM.exe
  2⤵
  PID:13676
- C:\Windows\System\cmpuhwg.exe
  C:\Windows\System\cmpuhwg.exe
  2⤵
  PID:13692
- C:\Windows\System\lGUaFKb.exe
  C:\Windows\System\lGUaFKb.exe
  2⤵
  PID:13728
- C:\Windows\System\zjguZFt.exe
  C:\Windows\System\zjguZFt.exe
  2⤵
  PID:13748
- C:\Windows\System\XuYAUfK.exe
  C:\Windows\System\XuYAUfK.exe
  2⤵
  PID:13776
- C:\Windows\System\glNiQKz.exe
  C:\Windows\System\glNiQKz.exe
  2⤵
  PID:13828
- C:\Windows\System\kXkEUSg.exe
  C:\Windows\System\kXkEUSg.exe
  2⤵
  PID:13852
- C:\Windows\System\kitGLPL.exe
  C:\Windows\System\kitGLPL.exe
  2⤵
  PID:13868
- C:\Windows\System\alDNLjI.exe
  C:\Windows\System\alDNLjI.exe
  2⤵
  PID:13908
- C:\Windows\System\uwmSZmO.exe
  C:\Windows\System\uwmSZmO.exe
  2⤵
  PID:13924
- C:\Windows\System\MmRHzYf.exe
  C:\Windows\System\MmRHzYf.exe
  2⤵
  PID:13964
- C:\Windows\System\JZdjiPo.exe
  C:\Windows\System\JZdjiPo.exe
  2⤵
  PID:13980
- C:\Windows\System\CITkHCm.exe
  C:\Windows\System\CITkHCm.exe
  2⤵
  PID:14012
- C:\Windows\System\lCdgtLw.exe
  C:\Windows\System\lCdgtLw.exe
  2⤵
  PID:14036
- C:\Windows\System\xZwoTLF.exe
  C:\Windows\System\xZwoTLF.exe
  2⤵
  PID:14052
- C:\Windows\System\AIVMAnn.exe
  C:\Windows\System\AIVMAnn.exe
  2⤵
  PID:14092
- C:\Windows\System\JRTLQKY.exe
  C:\Windows\System\JRTLQKY.exe
  2⤵
  PID:14132
- C:\Windows\System\dgYMGxZ.exe
  C:\Windows\System\dgYMGxZ.exe
  2⤵
  PID:14160
- C:\Windows\System\hqnZbtH.exe
  C:\Windows\System\hqnZbtH.exe
  2⤵
  PID:14188
- C:\Windows\System\jEhPTwv.exe
  C:\Windows\System\jEhPTwv.exe
  2⤵
  PID:14204
- C:\Windows\System\WLVtpBm.exe
  C:\Windows\System\WLVtpBm.exe
  2⤵
  PID:14224
- C:\Windows\System\qeFFCwW.exe
  C:\Windows\System\qeFFCwW.exe
  2⤵
  PID:14244
- C:\Windows\System\eNTAoND.exe
  C:\Windows\System\eNTAoND.exe
  2⤵
  PID:14284
- C:\Windows\System\XKPqpaa.exe
  C:\Windows\System\XKPqpaa.exe
  2⤵
  PID:14308
- C:\Windows\System\IVqujqE.exe
  C:\Windows\System\IVqujqE.exe
  2⤵
  PID:13320
- C:\Windows\System\aEGdyiP.exe
  C:\Windows\System\aEGdyiP.exe
  2⤵
  PID:13376
- C:\Windows\System\vsnoDMC.exe
  C:\Windows\System\vsnoDMC.exe
  2⤵
  PID:13492
- C:\Windows\System\chzidtZ.exe
  C:\Windows\System\chzidtZ.exe
  2⤵
  PID:13528
- C:\Windows\System\ssBNpjd.exe
  C:\Windows\System\ssBNpjd.exe
  2⤵
  PID:13628
- C:\Windows\System\eRgpIaT.exe
  C:\Windows\System\eRgpIaT.exe
  2⤵
  PID:13668
- C:\Windows\System\rUURrCR.exe
  C:\Windows\System\rUURrCR.exe
  2⤵
  PID:13736
- C:\Windows\System\bjUzMTS.exe
  C:\Windows\System\bjUzMTS.exe
  2⤵
  PID:13816
- C:\Windows\System\EQWbtNn.exe
  C:\Windows\System\EQWbtNn.exe
  2⤵
  PID:13880
- C:\Windows\System\cELvAFL.exe
  C:\Windows\System\cELvAFL.exe
  2⤵
  PID:13920
- C:\Windows\System\jxLWMUu.exe
  C:\Windows\System\jxLWMUu.exe
  2⤵
  PID:14064
- C:\Windows\System\qPcnGbE.exe
  C:\Windows\System\qPcnGbE.exe
  2⤵
  PID:14112
- C:\Windows\System\SYQgsKF.exe
  C:\Windows\System\SYQgsKF.exe
  2⤵
  PID:14176
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14176 -s 248
    3⤵
    PID:14084

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AtsoNgE.exe

Filesize
2.0MB

MD5
b4f1744d5872566152ec239c9d95c095

SHA1
28a8675c87b2a9d66ba5712920a01988c9a53f21

SHA256
a4ab191f146b4de10d6d59df521f4902af10115035a53910c491978699c18632

SHA512
864d23aad6fb6be523b24d36cd3af58c43c5bc37b7e81f80e6e40c35208b2fb13e8d4254422f65228a6c7ab0b738f96444655f9c49fec75ab13864e04e80ea95

Download Submit
C:\Windows\System\CrRcATC.exe

Filesize
2.0MB

MD5
d64900abf92c4d4a8e7983096349fb8a

SHA1
3508032aa718282332eafc8126ff240ead4872bb

SHA256
b8e06d22fefefa104bf3453b2289528400af52caee55fce2e32245922fb0582d

SHA512
c735e9f1c346e95ee207798a5253d4959a007bdef16db3ec575cab25d0177f18d6e3e33a4f0a83d5a1b6620380b56744bdb67a77e6ca8c2b8c2ae6e67a4af66d

Download Submit
C:\Windows\System\EMcvJvk.exe

Filesize
2.0MB

MD5
fb611766fd630a13266c5bc0cbfa0948

SHA1
927e6df06988b553bc63efe21a74b4f7fd15e857

SHA256
57f3b2dfacbf61dc9b1b3cccabea0862e2b76471baebe510ad91d6dd2229551c

SHA512
e964eed1fd4104868317958f03bab087426dd1df3fc638599172fad9a7f14e09098765b049d099fa2c7c64f8edc16bcb5bd17fa4af59c202c4f03acf970049e3

Download Submit
C:\Windows\System\FlKZpeV.exe

Filesize
2.0MB

MD5
fe269549879f2022db293324122c95ce

SHA1
5fe9770ba4417690f3436a92343cbe61c9b346bb

SHA256
40bb717556d26660515cf3fd7a4fdf5a92e075657b7dd07d86028a2f0c382c60

SHA512
cb14dd87e0375ea31ef0366a05e5a66f80f997dc1f92788b13ba60e8433934c1598f1458a826fd0ebe09a2efe4ed979e0887956c9adc05d409c296c1bf5bd60a

Download Submit
C:\Windows\System\ISmRfVo.exe

Filesize
2.0MB

MD5
23e4d8c615d1a1a7311287eb44afcf95

SHA1
c9c1074d1d8e50903e0d84ec47ff03b93f236480

SHA256
c1a8a0acb7bd496e9d374e3bd23bfa2a660712a0a80ba7af738c8df0fad04d3c

SHA512
6c2de72b5fd18ada8b4b2bfef44b855be2466a3e1a492423c3517f96fdf439d3dc61d6b631d4d4fe5d8491fa945dfa13f346acbb5f92dc5cd77b1e0c58ec7ed8

Download Submit
C:\Windows\System\OZxxneV.exe

Filesize
2.0MB

MD5
0df7ab7efd70ac9fae3b2fe3416d2ff6

SHA1
87128f210d651d2d030cc86d9d49b1e94b560c85

SHA256
b36aba12e4d4a6901c2c16bab7a21f3fd94d46bba00c22f86699298ef0a64e27

SHA512
30f1e763e54668117b42f3d587d83f6ba18c65d99c4c529de9f4a263cdb5ad8d43c80033837be10a962819848593d95417fd49a0b8c74ab3252993c89b19def0

Download Submit
C:\Windows\System\QFSOEBh.exe

Filesize
2.0MB

MD5
3df007a29a61c66b5093c9dc08bc7c48

SHA1
34d6adadda8867c6a5a6871c51eb5326dbb8ef84

SHA256
3411aeae916ccd8f0851c0d17da2375a67da4b12d50356e3d1bddc3ff3808f67

SHA512
b728db3fded06ce55b1c8a33e1feb47687101905d9861022796127defb2e6f70787ebe55adcfb6532e23e02ac8a9fbe8c0b5db42c52c7d75cd7ba1b6f4e96bbc

Download Submit
C:\Windows\System\RHWrrgQ.exe

Filesize
2.0MB

MD5
3a0ddef1c1c38af16ddacfb7974c7644

SHA1
4006ba313050c6ae411eeacc32d4687e50e9efea

SHA256
972534a00d541cbed9aa1ee7c796cf7455de84edd9eb3ecc026f5af15272222c

SHA512
2b915e8b3c3cb3a9e2a3d777a0dc31497ba984c2358b3e527cb5538a2f401f199e6b0ec8a2bb31f400593c04b076740b26608dd8902df84bc647dc8fabb90908

Download Submit
C:\Windows\System\SEuEWCd.exe

Filesize
2.0MB

MD5
043f4543fc0c107a9f6318c23dfa3fbe

SHA1
0e67f55dd71d9a2b8295400f8956d36acb45a478

SHA256
4c658b46ca1d43e7c8c3fbde009260d5766915de7662e185074d5fd4f1a69598

SHA512
46ee0904b8c8dc86b7d4b79edcb186a9ba3a636712020147f2939e2abf6c00cfe6ec1ed4033b68d50b13abcce72b7c6f2db22b727083a11796d8358935ab1629

Download Submit
C:\Windows\System\SdYlDBl.exe

Filesize
2.0MB

MD5
c19dd03d3947314d1dcb1e76f4093042

SHA1
a469f0ff4193358572517123e7f84e1c4ded5082

SHA256
81b7dd62438acdf90ffa445642e4e68283239c25bd9fb8e2f83b73509ed1d7e4

SHA512
6ce37e7f8a17ad4fb7c746984e6e8dfd08c3e085dfaffde4ec7a5d6a9a381bfb42a12b5bfd5be52ba927d82e6796944812bd1d7f89a28bdbdd93dca9a02a9206

Download Submit
C:\Windows\System\TTZcLqD.exe

Filesize
2.0MB

MD5
4bd8ea3b76e1a1c3c639be0166e8ff64

SHA1
a8b12c52f648a07793ee7a1e9695fbf02b31f167

SHA256
eb7c731fc1533e5c59ccfee897defb9708c584fa5fcbeba8aec59ba45bc35d28

SHA512
a05257b35406a372a45e6a0858aa4b96c94b6f831496aca8f0dafb10e5042f4322cf059098a95dc7ed2d2537f7fa051fca96b6acb945b1180ea96f90b1afff40

Download Submit
C:\Windows\System\UedoDxk.exe

Filesize
2.0MB

MD5
9708c42bcdacd93f9f642491adaa753f

SHA1
cd62b2d56d9d2174dd7c0765441f8f72a46eaa86

SHA256
99ccfb201ff113574d440eaa49023e5f94196e1f649fedcf103b6fe3038e7e7b

SHA512
507e39d38d4bb48a264ba43a9376518a1dae7cc50d81caf7f95b25a0e9a64916060fb145de4671f55ce57b757d3838ccbfa83475c6a08e2e403fdc68382467c5

Download Submit
C:\Windows\System\VJxxDUy.exe

Filesize
2.0MB

MD5
e65a21c95a6e57219ec317e2ba835302

SHA1
05bce62b3ba469aab1b265ea21a1574c095e029d

SHA256
efbc0494dcb4f60eb20d648d5db77abfa77470b51e0aa7a78c1662e6ebd5d4e6

SHA512
dede1a662e9b5222a5a042571797118f8555056dfdc81dd78e65bd462f18b0542a1f1e5bfc5cd886433b1273efd4d5370edcd523eeb2d9ac0786514c60a4fc4a

Download Submit
C:\Windows\System\VkZGFDz.exe

Filesize
2.0MB

MD5
bb8cad89269adf814df9eafc15221091

SHA1
383c0af7a34f4786451a7695181d9169562f1cd9

SHA256
d4263d823f2bd76229624e713383eefe81d921704118a99b809d7856883f88a7

SHA512
65aadcc1577e690f6a1d89c9d3fd5f494ac6769ac3e5c30fd483ab4185a60e7274c25bb3357bbe4108f0c475dbc29d311f4a027cd04779b2ac5913f76be155dc

Download Submit
C:\Windows\System\VpUMuJz.exe

Filesize
2.0MB

MD5
3364d1052eb999239318f7d5e16839b3

SHA1
c661a55057979477b02e8415f11679171248b4c5

SHA256
0ef0ace08f91be685ed501e58797e7be764ac3449e5cdd1976e0057184d730f7

SHA512
f10cf33b96b7e2764653101fccdb07262d7cdf464c620fa7e229169bf0d97a1d813657f8568c554b6d90770e9956b74c76dc90959f0cc242f5d6df62d0146309

Download Submit
C:\Windows\System\VyMUdfD.exe

Filesize
2.0MB

MD5
9e353defe76158e59401519f0597fa10

SHA1
9588c6ae729e93242fcfd0b087e764f957ff3cca

SHA256
030c32b21464846655ac6db6e4c6e2a0c90a55323cfc55ac2f7ed485df3fc069

SHA512
74f24bb6de6fcbc7c052986016d5819576b3a5a20bd19aca2239a79c3e2d6401bb69cd21c5fecbcd36ae2eef5a97af8fab0002f5e0a92cadb40acbaba8840015

Download Submit
C:\Windows\System\XXLmhBE.exe

Filesize
2.0MB

MD5
06bb732e3a9d1fa182fa7187725fa532

SHA1
d37cebd45e188f9479a4e8809f325d4e73d3b5b3

SHA256
0cd571c8124a8f139ae09587df740e44cbbf6264c08adb0a3e19a6eeb9ff569d

SHA512
917a3351c91e32d16695eeb4ce4dc304e8fd2b6702daf7408032177bd8c6b05911b05304918fdaa732b7a3fa29ad1d41f38d2b80171355989e7ba872364610cc

Download Submit
C:\Windows\System\YsQtmgn.exe

Filesize
2.0MB

MD5
cb6d7092c8d808d3aff0acfb26e225f5

SHA1
667eebdd422c4d9aa3ac29d43bd21682781bcf53

SHA256
34ac67b57bb82549f5fe71a8ce4de85fe250abcc80abdf5d00178906c262a518

SHA512
b5b1000631e3cd6ceef46d1507b1b8cc86c62f8924fc0e4e9a75ebc798325f89711b50b400a3cecfe464d24c40d5971dd767ea19b7132386f50d51ec1826cd64

Download Submit
C:\Windows\System\ZcPNAQf.exe

Filesize
2.0MB

MD5
4a7170d68e1f9e4c4528ae184f1f1ccb

SHA1
c9ecb58d88331c5f4ef6b4d496cb339e54afe0ba

SHA256
e6ebf4ddb1668822d21b72a6ccdbefdf2ee131d4faf6aa0d5142e76fbe0216ac

SHA512
e2b0f85586d8fd6bb5f90b99a8ca2b141b56bc96d598cc70366ea567548278536d0d0ab02c9e5909947359e358e159658ebdd830003aad0061def9b1c46ece0e

Download Submit
C:\Windows\System\cmvletV.exe

Filesize
2.0MB

MD5
78e7a492ed71dc4f6f7122ed7590cfa5

SHA1
0915d9130f1aabde994f0357fdbb940a09d76579

SHA256
b07f55120addc2ab293d6c022da92f5fa3493145a511974a9f1c1e193fd9853b

SHA512
6e007fa9c3e896b50ee4f3990b6c3f0a99840d55f402aa55ae197962b207cb6eb00274f029a8dc205ac044cef3ff938e2b55a80a68e1721322fc57fececd39ce

Download Submit
C:\Windows\System\gwgDyWj.exe

Filesize
2.0MB

MD5
7a105cedc735b09855c9d5e8efc34212

SHA1
3731ceadff5b29611403191f36858cb2df0acfc9

SHA256
6a536a6a4c5da49e9ca56eb84ea5d510dba7a622d565ae934ca8bb643e620e1a

SHA512
88dd9500cc9d7beecaab3c88e69c3fa75ca5394395de0cc7ca99ae880c0a0280591231f038461b9f4cafed0a48924e6e09053b450d0ebf33874496e198f397b5

Download Submit
C:\Windows\System\hgxyaaN.exe

Filesize
2.0MB

MD5
b8e4f78097c86aee19803b7227eb1cb2

SHA1
2ac41712f20ca13bfde635f927cc9986541a4333

SHA256
d7cd5322c26589b1018494155da84aec9a86485fe1a2c34edc1a2c8a59a17094

SHA512
69ae0be10cfd5e09a5859ca7de5618a0c15ce6fd866e501100cb9e11d60240827b11e6075f89b8afbee0dd149e69723f0e841257d4395c8c3883eb3b5da458d9

Download Submit
C:\Windows\System\iplqzzJ.exe

Filesize
2.0MB

MD5
ebf85abe69a75e9ebac05cdc9923339c

SHA1
2aa3371113cff096d4f83404a9d7f7cad558cf8c

SHA256
934ac5fb3bfa8a67bcb37929d24b057528fdf12daf663933520a1c47412edde3

SHA512
8b2bf573df2dfc5fcc8915fae8dbb3acc0f27e490cff7cad080dba762b0b0c18e4907c77e1e83995b393a7d0aec0717ad6adb764f14557636f9cf5fc1750b5dd

Download Submit
C:\Windows\System\jXFjplV.exe

Filesize
2.0MB

MD5
8e2efb77bfaa1fe6be67fae562496f8e

SHA1
12ae0eec990c72ab7dc80221a03d75b13968db2f

SHA256
161fbd5cac30beebeeaa34586146b57020b025b194a144892c893d35fd8e96c3

SHA512
0a385c65c9cf5582cb51f71d3e5dd54f62041dfae4ef3a46e42a75e20734bb3300fe71afa703780292c0da71b913aa25d6ac5249d8e515e004c45cf706ae8d16

Download Submit
C:\Windows\System\kfhdnIM.exe

Filesize
2.0MB

MD5
ce15a1d4a415d0cdee7d0d46bd5a909a

SHA1
f84c9d15b35358e56ff48199330ec0f5f569639c

SHA256
9318d44a229570ef05d7241d1bf4347860401c44ebc87ad3e0c540296200fdeb

SHA512
2cfe5f97720c57124578fb966c7049d8c99a0167c43fbbf2459aa2aa419fc9a948a3d3d963235bc03bdb3fd4e37c1d872aecb7304aca4523801afb70b52f2366

Download Submit
C:\Windows\System\kjuraOP.exe

Filesize
2.0MB

MD5
7ae1bcd6c60b2436376f372727a555bc

SHA1
ab5cbcab5d86a16572d8b282417e364c83c6c9f3

SHA256
a574e2a17c78c17e2979e4107d12d0243493c70ce5c48016443cbb3a9e55b618

SHA512
340c092bf7eb0d4a62bf709ba9480b85f470041e1b8adb628a141d9d8316774d55aac2aa366c47fae7309109e70bad35220dfc2fb34fabe05c306344a20c26cb

Download Submit
C:\Windows\System\lXkPDqH.exe

Filesize
2.0MB

MD5
465ef4f4a5e17e82bd291daf6d4a20e0

SHA1
807681b4183af9b97859b2e198934d6eeddcf6d5

SHA256
3ed13059f8432739fc4a1aea0b36f84542399f0f0f74ac994593dc7e143741bc

SHA512
d14101b811e11e7d3c711b246ea3124d36491a0b8e8d94dda83d6f1dd56e711d68e72e62b9fe0c0106d1ac14b6d8a81df882fe1726e710f0fb57c1b3515fa643

Download Submit
C:\Windows\System\mVkWpuH.exe

Filesize
2.0MB

MD5
6bbe1b84a447e354312064e2f98fc029

SHA1
ae91cef71e5ba951fe59ee3fc8a814eabae07628

SHA256
cc48429864e4a498886d1e4986e5804a69b06f0ee6ed3b4cf2f61df2baadc967

SHA512
419f1830c0e2f84f2dfd9f93022c34e8d98c3f674aee83e66c7ff890f58432e6df956a1148e66f359d999224e1ba1d153d7d09f5b11f0e98bc9bc7fa3ca235d6

Download Submit
C:\Windows\System\nAaGhcX.exe

Filesize
2.0MB

MD5
8065e2ffb087c52b6fb5742bbe50a69a

SHA1
db75d471592c969cf070487f2a9a1c6ff426cbe7

SHA256
55b1bd385339e97fc22da9b2855458a83ccd15dc95954e6d5867bfe140a40128

SHA512
22db6ff140b6bd7c5df27b60e26a05e3f61daf59ec18a1a05fe205736865d5453476e306b2f9223a7b52a296713a934016dfe52f1d3cf6931c89248e1def8215

Download Submit
C:\Windows\System\qLLRuIO.exe

Filesize
2.0MB

MD5
3677448a2430744499a28c42f99bf7a1

SHA1
f356040a299d3377148bd9236e0c59c93fab17a5

SHA256
566db0bdc160fe25990ee0be26bc7ce9dbfd3fe1ecac8f6b8b743056d97e4f8f

SHA512
8411cf0fd7d9ee2b8d5162ded1f6eb9025d60d8a78094b9c54e35a6f22ef3828e25d9d57cd3a1eb2cfa79173d99da11d225622a8aefafaf028094adf8680ea74

Download Submit
C:\Windows\System\qaRzRAZ.exe

Filesize
2.0MB

MD5
a2c176813d79901d22f53fe4c1de9a95

SHA1
3e67601beb5a7742f8bb36f1d3195bc17deef56a

SHA256
2b26d0f327fb40406c0fb3ba7b9dda2154205678c810f402cd3f07925e6df3f8

SHA512
c4df77565fe5e9f4f608b5b30fd13e7b180be664d9c2ab04a72fd39b0dd4ca14b26700379ef6f8bccc0e449ff04aefeaabdbcbdff997aef551a579eaf69d12b8

Download Submit
C:\Windows\System\tGQiTTk.exe

Filesize
2.0MB

MD5
7a1e55678e4a870b5408c8b3f5cf5f65

SHA1
9911686ed4644a858987246aa0e642e8b571c1c6

SHA256
e484a9731d0c9b4b6d9d7636a0de9289a815c01e0fb765758d400096ca765fa1

SHA512
1e256f187a7539d12402efa09895504268896d025818cf937884ac7062a187856c083601235bbcdbb7a15c842462b807a998eb6779d308a80592faa3b5f49b78

Download Submit
C:\Windows\System\tOWIvZt.exe

Filesize
2.0MB

MD5
4b86cee384df23230c8bd358abb8d7a1

SHA1
fa38c7611b3c7615123d7a305f1dd2f9aec1fb44

SHA256
2467c1bef6d115a99cf7f476c9a99b8bfa2a5bb03bf23af163274540239aa8c3

SHA512
97d731e0d3bf9fce87e563ce498cacb5b0cbbe18223d966359b9de22df9a5c797cc85c41cf1a02b9c25b06796dc0089264a59cbecce4b4e065c3464896a3e229

Download Submit
memory/216-702-0x00007FF6F83F0000-0x00007FF6F8744000-memory.dmp

Filesize
3.3MB

Download
memory/216-2189-0x00007FF6F83F0000-0x00007FF6F8744000-memory.dmp

Filesize
3.3MB

Download
memory/448-2161-0x00007FF771250000-0x00007FF7715A4000-memory.dmp

Filesize
3.3MB

Download
memory/448-55-0x00007FF771250000-0x00007FF7715A4000-memory.dmp

Filesize
3.3MB

Download
memory/448-2168-0x00007FF771250000-0x00007FF7715A4000-memory.dmp

Filesize
3.3MB

Download
memory/740-2190-0x00007FF63C040000-0x00007FF63C394000-memory.dmp

Filesize
3.3MB

Download
memory/740-607-0x00007FF63C040000-0x00007FF63C394000-memory.dmp

Filesize
3.3MB

Download
memory/948-2176-0x00007FF66E230000-0x00007FF66E584000-memory.dmp

Filesize
3.3MB

Download
memory/948-612-0x00007FF66E230000-0x00007FF66E584000-memory.dmp

Filesize
3.3MB

Download
memory/960-2166-0x00007FF687860000-0x00007FF687BB4000-memory.dmp

Filesize
3.3MB

Download
memory/960-2158-0x00007FF687860000-0x00007FF687BB4000-memory.dmp

Filesize
3.3MB

Download
memory/960-37-0x00007FF687860000-0x00007FF687BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2030-0x00007FF7FA510000-0x00007FF7FA864000-memory.dmp

Filesize
3.3MB

Download
memory/1104-1-0x000001A9B45A0000-0x000001A9B45B0000-memory.dmp

Filesize
64KB

Download
memory/1104-0-0x00007FF7FA510000-0x00007FF7FA864000-memory.dmp

Filesize
3.3MB

Download
memory/1208-611-0x00007FF79B350000-0x00007FF79B6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-2175-0x00007FF79B350000-0x00007FF79B6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2172-0x00007FF766370000-0x00007FF7666C4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-732-0x00007FF766370000-0x00007FF7666C4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2181-0x00007FF6F5C10000-0x00007FF6F5F64000-memory.dmp

Filesize
3.3MB

Download
memory/1524-655-0x00007FF6F5C10000-0x00007FF6F5F64000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2188-0x00007FF7CA970000-0x00007FF7CACC4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-686-0x00007FF7CA970000-0x00007FF7CACC4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2183-0x00007FF6DD510000-0x00007FF6DD864000-memory.dmp

Filesize
3.3MB

Download
memory/1764-635-0x00007FF6DD510000-0x00007FF6DD864000-memory.dmp

Filesize
3.3MB

Download
memory/2412-666-0x00007FF7370B0000-0x00007FF737404000-memory.dmp

Filesize
3.3MB

Download
memory/2412-2182-0x00007FF7370B0000-0x00007FF737404000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2167-0x00007FF63FC50000-0x00007FF63FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-34-0x00007FF63FC50000-0x00007FF63FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2157-0x00007FF63FC50000-0x00007FF63FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-677-0x00007FF624660000-0x00007FF6249B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2186-0x00007FF624660000-0x00007FF6249B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2163-0x00007FF7FE430000-0x00007FF7FE784000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2156-0x00007FF7FE430000-0x00007FF7FE784000-memory.dmp

Filesize
3.3MB

Download
memory/2824-14-0x00007FF7FE430000-0x00007FF7FE784000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2162-0x00007FF681540000-0x00007FF681894000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1640-0x00007FF681540000-0x00007FF681894000-memory.dmp

Filesize
3.3MB

Download
memory/2904-9-0x00007FF681540000-0x00007FF681894000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2160-0x00007FF709D40000-0x00007FF70A094000-memory.dmp

Filesize
3.3MB

Download
memory/3064-61-0x00007FF709D40000-0x00007FF70A094000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2170-0x00007FF709D40000-0x00007FF70A094000-memory.dmp

Filesize
3.3MB

Download
memory/3256-2187-0x00007FF63A900000-0x00007FF63AC54000-memory.dmp

Filesize
3.3MB

Download
memory/3256-717-0x00007FF63A900000-0x00007FF63AC54000-memory.dmp

Filesize
3.3MB

Download
memory/3352-2159-0x00007FF6A3F30000-0x00007FF6A4284000-memory.dmp

Filesize
3.3MB

Download
memory/3352-50-0x00007FF6A3F30000-0x00007FF6A4284000-memory.dmp

Filesize
3.3MB

Download
memory/3352-2169-0x00007FF6A3F30000-0x00007FF6A4284000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2179-0x00007FF794D70000-0x00007FF7950C4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-663-0x00007FF794D70000-0x00007FF7950C4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-645-0x00007FF7B7380000-0x00007FF7B76D4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2184-0x00007FF7B7380000-0x00007FF7B76D4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-625-0x00007FF6F0290000-0x00007FF6F05E4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2177-0x00007FF6F0290000-0x00007FF6F05E4000-memory.dmp

Filesize
3.3MB

Download
memory/3656-2178-0x00007FF7188D0000-0x00007FF718C24000-memory.dmp

Filesize
3.3MB

Download
memory/3656-629-0x00007FF7188D0000-0x00007FF718C24000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2171-0x00007FF7FC990000-0x00007FF7FCCE4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-608-0x00007FF7FC990000-0x00007FF7FCCE4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-44-0x00007FF63CA30000-0x00007FF63CD84000-memory.dmp

Filesize
3.3MB

Download
memory/3760-2165-0x00007FF63CA30000-0x00007FF63CD84000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2173-0x00007FF7CEF30000-0x00007FF7CF284000-memory.dmp

Filesize
3.3MB

Download
memory/3964-609-0x00007FF7CEF30000-0x00007FF7CF284000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2180-0x00007FF6719D0000-0x00007FF671D24000-memory.dmp

Filesize
3.3MB

Download
memory/4076-619-0x00007FF6719D0000-0x00007FF671D24000-memory.dmp

Filesize
3.3MB

Download
memory/4108-691-0x00007FF790EF0000-0x00007FF791244000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2185-0x00007FF790EF0000-0x00007FF791244000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2164-0x00007FF64B210000-0x00007FF64B564000-memory.dmp

Filesize
3.3MB

Download
memory/4356-28-0x00007FF64B210000-0x00007FF64B564000-memory.dmp

Filesize
3.3MB

Download
memory/4584-610-0x00007FF68C870000-0x00007FF68CBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2174-0x00007FF68C870000-0x00007FF68CBC4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads