xmrig | 61caa77986332376168372059efb78b50922c0597c7878f0d0fc322b6cf5fc92

Analysis

max time kernel
118s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
Size

1.8MB
MD5

c2bb5af2225952b15bc59a9145516a90
SHA1

445ae40f251848841c0a064a15c80244f568ac51
SHA256

61caa77986332376168372059efb78b50922c0597c7878f0d0fc322b6cf5fc92
SHA512

e2a1419dd4b0022d1c2f496a5dc8aa2c2f8cc009bf86f0931b14a527e1388c221a449be3e56603d2d71d23390d35c3f46df05a4341ab8cee24463ccb9232069d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKavC2f:BemTLkNdfE0pZrK

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/64-0-0x00007FF64BE80000-0x00007FF64C1D4000-memory.dmp	xmrig
behavioral2/files/0x00080000000233e6-6.dat	xmrig
behavioral2/files/0x00070000000233eb-8.dat	xmrig
behavioral2/files/0x00070000000233ec-30.dat	xmrig
behavioral2/files/0x00070000000233ef-55.dat	xmrig
behavioral2/files/0x00070000000233f6-65.dat	xmrig
behavioral2/files/0x00070000000233f8-81.dat	xmrig
behavioral2/files/0x0007000000023401-116.dat	xmrig
behavioral2/files/0x0007000000023407-161.dat	xmrig
behavioral2/files/0x000700000002340a-178.dat	xmrig
behavioral2/memory/4896-206-0x00007FF642FE0000-0x00007FF643334000-memory.dmp	xmrig
behavioral2/memory/4052-215-0x00007FF67F200000-0x00007FF67F554000-memory.dmp	xmrig
behavioral2/memory/2736-230-0x00007FF789020000-0x00007FF789374000-memory.dmp	xmrig
behavioral2/memory/3652-238-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp	xmrig
behavioral2/memory/3256-244-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp	xmrig
behavioral2/memory/3268-245-0x00007FF78F3E0000-0x00007FF78F734000-memory.dmp	xmrig
behavioral2/memory/4240-243-0x00007FF66C4F0000-0x00007FF66C844000-memory.dmp	xmrig
behavioral2/memory/3892-242-0x00007FF608090000-0x00007FF6083E4000-memory.dmp	xmrig
behavioral2/memory/2412-241-0x00007FF74E450000-0x00007FF74E7A4000-memory.dmp	xmrig
behavioral2/memory/4972-240-0x00007FF711940000-0x00007FF711C94000-memory.dmp	xmrig
behavioral2/memory/1076-239-0x00007FF7CAAA0000-0x00007FF7CADF4000-memory.dmp	xmrig
behavioral2/memory/5024-237-0x00007FF6AE690000-0x00007FF6AE9E4000-memory.dmp	xmrig
behavioral2/memory/2184-236-0x00007FF75CE50000-0x00007FF75D1A4000-memory.dmp	xmrig
behavioral2/memory/4464-235-0x00007FF6C6AE0000-0x00007FF6C6E34000-memory.dmp	xmrig
behavioral2/memory/5072-234-0x00007FF68AF70000-0x00007FF68B2C4000-memory.dmp	xmrig
behavioral2/memory/4788-233-0x00007FF60BC50000-0x00007FF60BFA4000-memory.dmp	xmrig
behavioral2/memory/464-232-0x00007FF743EE0000-0x00007FF744234000-memory.dmp	xmrig
behavioral2/memory/5084-231-0x00007FF6B89F0000-0x00007FF6B8D44000-memory.dmp	xmrig
behavioral2/memory/3904-229-0x00007FF751EF0000-0x00007FF752244000-memory.dmp	xmrig
behavioral2/memory/1004-228-0x00007FF776F50000-0x00007FF7772A4000-memory.dmp	xmrig
behavioral2/memory/2176-225-0x00007FF60AE60000-0x00007FF60B1B4000-memory.dmp	xmrig
behavioral2/memory/4928-214-0x00007FF716D70000-0x00007FF7170C4000-memory.dmp	xmrig
behavioral2/memory/3036-197-0x00007FF7BA010000-0x00007FF7BA364000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-174.dat	xmrig
behavioral2/files/0x0007000000023406-164.dat	xmrig
behavioral2/files/0x0007000000023409-177.dat	xmrig
behavioral2/files/0x0007000000023405-152.dat	xmrig
behavioral2/files/0x0007000000023404-150.dat	xmrig
behavioral2/files/0x00070000000233fb-148.dat	xmrig
behavioral2/files/0x0007000000023403-146.dat	xmrig
behavioral2/files/0x0007000000023402-144.dat	xmrig
behavioral2/files/0x0007000000023400-140.dat	xmrig
behavioral2/files/0x00070000000233ff-138.dat	xmrig
behavioral2/files/0x00070000000233fe-136.dat	xmrig
behavioral2/files/0x00070000000233fd-134.dat	xmrig
behavioral2/files/0x00070000000233fc-132.dat	xmrig
behavioral2/files/0x00070000000233f7-130.dat	xmrig
behavioral2/files/0x00070000000233f9-127.dat	xmrig
behavioral2/files/0x00070000000233f5-123.dat	xmrig
behavioral2/files/0x00070000000233fa-113.dat	xmrig
behavioral2/files/0x00070000000233f2-95.dat	xmrig
behavioral2/memory/5012-92-0x00007FF74B0B0000-0x00007FF74B404000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f4-84.dat	xmrig
behavioral2/memory/1944-66-0x00007FF68FE70000-0x00007FF6901C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f0-61.dat	xmrig
behavioral2/files/0x00070000000233f3-74.dat	xmrig
behavioral2/files/0x00070000000233ed-72.dat	xmrig
behavioral2/files/0x00070000000233f1-69.dat	xmrig
behavioral2/memory/2572-53-0x00007FF6EA6A0000-0x00007FF6EA9F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ee-43.dat	xmrig
behavioral2/memory/972-41-0x00007FF68F450000-0x00007FF68F7A4000-memory.dmp	xmrig
behavioral2/memory/4044-36-0x00007FF7D9D80000-0x00007FF7DA0D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ea-28.dat	xmrig
behavioral2/memory/1620-18-0x00007FF69FEA0000-0x00007FF6A01F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1620	cCkSvJQ.exe
4044	oSHNTEb.exe
972	eJdyVrG.exe
2572	UrCKclv.exe
2412	hgdYSiU.exe
1944	ilIUiKF.exe
5012	DztzQRc.exe
3892	NSHqsJP.exe
3036	jqVhkMF.exe
4896	sdVrQKv.exe
4928	ZHprKSD.exe
4240	JkRGrja.exe
4052	oaLlIbe.exe
3256	xnWvBxr.exe
2176	AQStMDL.exe
1004	ZHIxvbE.exe
3904	vgoOfNo.exe
2736	HvFQEwT.exe
3268	eQislvs.exe
5084	zgoTVgS.exe
464	mQnEPwK.exe
4788	knJKsDF.exe
5072	qLAoYnW.exe
4464	lIqmiHW.exe
2184	QWOvFHR.exe
5024	WOAdlKx.exe
3652	MkvPGys.exe
1076	uKCOXRq.exe
4972	wwXtjXr.exe
4488	DYInAps.exe
2932	eTMDwbm.exe
2832	IrgzXGa.exe
4396	OoBoEVe.exe
636	McInWfF.exe
3172	guEAJhm.exe
4308	QdemMAe.exe
3620	AvMIAKK.exe
3924	mLDmpny.exe
3032	FqBtVde.exe
3584	IpqWyNY.exe
2608	spiUSeJ.exe
4068	BiaXrIt.exe
1316	TANyOLB.exe
3220	DMygfST.exe
2020	WmauYGg.exe
4036	tSjmMrV.exe
3264	scNqfBI.exe
3560	ZqRgeId.exe
2296	rpRSTOb.exe
5096	hSwOEEi.exe
3000	ugkqQvc.exe
392	JykKIOp.exe
1816	XytMPme.exe
2360	nVGiYaA.exe
2872	tAXAkVf.exe
4964	atLVaFb.exe
4012	iGgWyCk.exe
4712	hnvXiXb.exe
2128	AFtglLq.exe
4904	hrPEZgF.exe
2912	IhdBNXQ.exe
3580	vXFblbf.exe
3528	bjfRMll.exe
2324	jlsdVvc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/64-0-0x00007FF64BE80000-0x00007FF64C1D4000-memory.dmp	upx
behavioral2/files/0x00080000000233e6-6.dat	upx
behavioral2/files/0x00070000000233eb-8.dat	upx
behavioral2/files/0x00070000000233ec-30.dat	upx
behavioral2/files/0x00070000000233ef-55.dat	upx
behavioral2/files/0x00070000000233f6-65.dat	upx
behavioral2/files/0x00070000000233f8-81.dat	upx
behavioral2/files/0x0007000000023401-116.dat	upx
behavioral2/files/0x0007000000023407-161.dat	upx
behavioral2/files/0x000700000002340a-178.dat	upx
behavioral2/memory/4896-206-0x00007FF642FE0000-0x00007FF643334000-memory.dmp	upx
behavioral2/memory/4052-215-0x00007FF67F200000-0x00007FF67F554000-memory.dmp	upx
behavioral2/memory/2736-230-0x00007FF789020000-0x00007FF789374000-memory.dmp	upx
behavioral2/memory/3652-238-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp	upx
behavioral2/memory/3256-244-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp	upx
behavioral2/memory/3268-245-0x00007FF78F3E0000-0x00007FF78F734000-memory.dmp	upx
behavioral2/memory/4240-243-0x00007FF66C4F0000-0x00007FF66C844000-memory.dmp	upx
behavioral2/memory/3892-242-0x00007FF608090000-0x00007FF6083E4000-memory.dmp	upx
behavioral2/memory/2412-241-0x00007FF74E450000-0x00007FF74E7A4000-memory.dmp	upx
behavioral2/memory/4972-240-0x00007FF711940000-0x00007FF711C94000-memory.dmp	upx
behavioral2/memory/1076-239-0x00007FF7CAAA0000-0x00007FF7CADF4000-memory.dmp	upx
behavioral2/memory/5024-237-0x00007FF6AE690000-0x00007FF6AE9E4000-memory.dmp	upx
behavioral2/memory/2184-236-0x00007FF75CE50000-0x00007FF75D1A4000-memory.dmp	upx
behavioral2/memory/4464-235-0x00007FF6C6AE0000-0x00007FF6C6E34000-memory.dmp	upx
behavioral2/memory/5072-234-0x00007FF68AF70000-0x00007FF68B2C4000-memory.dmp	upx
behavioral2/memory/4788-233-0x00007FF60BC50000-0x00007FF60BFA4000-memory.dmp	upx
behavioral2/memory/464-232-0x00007FF743EE0000-0x00007FF744234000-memory.dmp	upx
behavioral2/memory/5084-231-0x00007FF6B89F0000-0x00007FF6B8D44000-memory.dmp	upx
behavioral2/memory/3904-229-0x00007FF751EF0000-0x00007FF752244000-memory.dmp	upx
behavioral2/memory/1004-228-0x00007FF776F50000-0x00007FF7772A4000-memory.dmp	upx
behavioral2/memory/2176-225-0x00007FF60AE60000-0x00007FF60B1B4000-memory.dmp	upx
behavioral2/memory/4928-214-0x00007FF716D70000-0x00007FF7170C4000-memory.dmp	upx
behavioral2/memory/3036-197-0x00007FF7BA010000-0x00007FF7BA364000-memory.dmp	upx
behavioral2/files/0x0007000000023408-174.dat	upx
behavioral2/files/0x0007000000023406-164.dat	upx
behavioral2/files/0x0007000000023409-177.dat	upx
behavioral2/files/0x0007000000023405-152.dat	upx
behavioral2/files/0x0007000000023404-150.dat	upx
behavioral2/files/0x00070000000233fb-148.dat	upx
behavioral2/files/0x0007000000023403-146.dat	upx
behavioral2/files/0x0007000000023402-144.dat	upx
behavioral2/files/0x0007000000023400-140.dat	upx
behavioral2/files/0x00070000000233ff-138.dat	upx
behavioral2/files/0x00070000000233fe-136.dat	upx
behavioral2/files/0x00070000000233fd-134.dat	upx
behavioral2/files/0x00070000000233fc-132.dat	upx
behavioral2/files/0x00070000000233f7-130.dat	upx
behavioral2/files/0x00070000000233f9-127.dat	upx
behavioral2/files/0x00070000000233f5-123.dat	upx
behavioral2/files/0x00070000000233fa-113.dat	upx
behavioral2/files/0x00070000000233f2-95.dat	upx
behavioral2/memory/5012-92-0x00007FF74B0B0000-0x00007FF74B404000-memory.dmp	upx
behavioral2/files/0x00070000000233f4-84.dat	upx
behavioral2/memory/1944-66-0x00007FF68FE70000-0x00007FF6901C4000-memory.dmp	upx
behavioral2/files/0x00070000000233f0-61.dat	upx
behavioral2/files/0x00070000000233f3-74.dat	upx
behavioral2/files/0x00070000000233ed-72.dat	upx
behavioral2/files/0x00070000000233f1-69.dat	upx
behavioral2/memory/2572-53-0x00007FF6EA6A0000-0x00007FF6EA9F4000-memory.dmp	upx
behavioral2/files/0x00070000000233ee-43.dat	upx
behavioral2/memory/972-41-0x00007FF68F450000-0x00007FF68F7A4000-memory.dmp	upx
behavioral2/memory/4044-36-0x00007FF7D9D80000-0x00007FF7DA0D4000-memory.dmp	upx
behavioral2/files/0x00070000000233ea-28.dat	upx
behavioral2/memory/1620-18-0x00007FF69FEA0000-0x00007FF6A01F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pMmZbOK.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\eHlDiUm.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\WOAdlKx.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\hSwOEEi.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\qsYJmWN.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\zbnVAGJ.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\ZyNbghX.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\IAVZQkX.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\CdrdKuY.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\JYHWFOF.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\mdqxQIF.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\mPSvMQf.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\uTpgVey.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\HQVciRL.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\bvnHZLn.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\ZqRgeId.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\BtbHKYi.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\SXYONFc.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\GOTGeeZ.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\HsCfqzt.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\YCTmGMW.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\OUFeLcn.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\VgRzHCF.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\BgXfqfL.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\qMdpZYn.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\cfhHFmX.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\HYhKJUk.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\iWXtpys.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\IpqWyNY.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\kwqkPBc.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\DiDOPCL.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\uNppzDl.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\mQnEPwK.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\HlcBvnu.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\FgerQvO.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\PQOeYNb.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\DDZOBez.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\UXqnDZq.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\DrNwbbn.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\NONbQUv.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\KyeTNjM.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\eiVRfrA.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\XTDZuYU.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\uzrvWQz.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\dWoURLH.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\rYmrHsO.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\zdxYGRp.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\egaaFrw.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\HYQpAFm.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\tyvMwjO.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\kFRqWLh.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\oaLlIbe.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\BvWNthY.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\pvcTFNR.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\RWwrxwd.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\fzDEirZ.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\byJxkDS.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\eTMDwbm.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\lApzKUd.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\phyuvcN.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\McISmlQ.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\HMUsQuy.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\RpDcfTc.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
File created	C:\Windows\System\WlXOKDg.exe	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14804	dwm.exe
Token: SeChangeNotifyPrivilege	14804	dwm.exe
Token: 33	14804	dwm.exe
Token: SeIncBasePriorityPrivilege	14804	dwm.exe
Token: SeShutdownPrivilege	14804	dwm.exe
Token: SeCreatePagefilePrivilege	14804	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 1620	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	84
PID 64 wrote to memory of 1620	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	84
PID 64 wrote to memory of 4044	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	85
PID 64 wrote to memory of 4044	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	85
PID 64 wrote to memory of 972	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	86
PID 64 wrote to memory of 972	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	86
PID 64 wrote to memory of 2572	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	87
PID 64 wrote to memory of 2572	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	87
PID 64 wrote to memory of 5012	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	88
PID 64 wrote to memory of 5012	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	88
PID 64 wrote to memory of 2412	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	89
PID 64 wrote to memory of 2412	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	89
PID 64 wrote to memory of 1944	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	90
PID 64 wrote to memory of 1944	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	90
PID 64 wrote to memory of 3892	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	91
PID 64 wrote to memory of 3892	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	91
PID 64 wrote to memory of 3036	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	92
PID 64 wrote to memory of 3036	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	92
PID 64 wrote to memory of 4896	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	93
PID 64 wrote to memory of 4896	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	93
PID 64 wrote to memory of 4928	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	94
PID 64 wrote to memory of 4928	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	94
PID 64 wrote to memory of 4240	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	95
PID 64 wrote to memory of 4240	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	95
PID 64 wrote to memory of 2176	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	96
PID 64 wrote to memory of 2176	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	96
PID 64 wrote to memory of 4052	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	97
PID 64 wrote to memory of 4052	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	97
PID 64 wrote to memory of 3256	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	98
PID 64 wrote to memory of 3256	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	98
PID 64 wrote to memory of 1004	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	99
PID 64 wrote to memory of 1004	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	99
PID 64 wrote to memory of 3904	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	100
PID 64 wrote to memory of 3904	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	100
PID 64 wrote to memory of 2736	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	101
PID 64 wrote to memory of 2736	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	101
PID 64 wrote to memory of 3268	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	102
PID 64 wrote to memory of 3268	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	102
PID 64 wrote to memory of 5084	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	103
PID 64 wrote to memory of 5084	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	103
PID 64 wrote to memory of 464	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	104
PID 64 wrote to memory of 464	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	104
PID 64 wrote to memory of 4788	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	105
PID 64 wrote to memory of 4788	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	105
PID 64 wrote to memory of 5072	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	106
PID 64 wrote to memory of 5072	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	106
PID 64 wrote to memory of 4464	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	107
PID 64 wrote to memory of 4464	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	107
PID 64 wrote to memory of 2184	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	108
PID 64 wrote to memory of 2184	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	108
PID 64 wrote to memory of 5024	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	109
PID 64 wrote to memory of 5024	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	109
PID 64 wrote to memory of 3652	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	110
PID 64 wrote to memory of 3652	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	110
PID 64 wrote to memory of 1076	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	111
PID 64 wrote to memory of 1076	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	111
PID 64 wrote to memory of 4972	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	112
PID 64 wrote to memory of 4972	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	112
PID 64 wrote to memory of 4488	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	113
PID 64 wrote to memory of 4488	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	113
PID 64 wrote to memory of 2932	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	114
PID 64 wrote to memory of 2932	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	114
PID 64 wrote to memory of 2832	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	115
PID 64 wrote to memory of 2832	64	c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c2bb5af2225952b15bc59a9145516a90_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:64
- C:\Windows\System\cCkSvJQ.exe
  C:\Windows\System\cCkSvJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\oSHNTEb.exe
  C:\Windows\System\oSHNTEb.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\eJdyVrG.exe
  C:\Windows\System\eJdyVrG.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\UrCKclv.exe
  C:\Windows\System\UrCKclv.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\DztzQRc.exe
  C:\Windows\System\DztzQRc.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\hgdYSiU.exe
  C:\Windows\System\hgdYSiU.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\ilIUiKF.exe
  C:\Windows\System\ilIUiKF.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\NSHqsJP.exe
  C:\Windows\System\NSHqsJP.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\jqVhkMF.exe
  C:\Windows\System\jqVhkMF.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\sdVrQKv.exe
  C:\Windows\System\sdVrQKv.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\ZHprKSD.exe
  C:\Windows\System\ZHprKSD.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\JkRGrja.exe
  C:\Windows\System\JkRGrja.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\AQStMDL.exe
  C:\Windows\System\AQStMDL.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\oaLlIbe.exe
  C:\Windows\System\oaLlIbe.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\xnWvBxr.exe
  C:\Windows\System\xnWvBxr.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\ZHIxvbE.exe
  C:\Windows\System\ZHIxvbE.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\vgoOfNo.exe
  C:\Windows\System\vgoOfNo.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\HvFQEwT.exe
  C:\Windows\System\HvFQEwT.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\eQislvs.exe
  C:\Windows\System\eQislvs.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\zgoTVgS.exe
  C:\Windows\System\zgoTVgS.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\mQnEPwK.exe
  C:\Windows\System\mQnEPwK.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\knJKsDF.exe
  C:\Windows\System\knJKsDF.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\qLAoYnW.exe
  C:\Windows\System\qLAoYnW.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\lIqmiHW.exe
  C:\Windows\System\lIqmiHW.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\QWOvFHR.exe
  C:\Windows\System\QWOvFHR.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\WOAdlKx.exe
  C:\Windows\System\WOAdlKx.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\MkvPGys.exe
  C:\Windows\System\MkvPGys.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\uKCOXRq.exe
  C:\Windows\System\uKCOXRq.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\wwXtjXr.exe
  C:\Windows\System\wwXtjXr.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\DYInAps.exe
  C:\Windows\System\DYInAps.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\eTMDwbm.exe
  C:\Windows\System\eTMDwbm.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\IrgzXGa.exe
  C:\Windows\System\IrgzXGa.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\OoBoEVe.exe
  C:\Windows\System\OoBoEVe.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\McInWfF.exe
  C:\Windows\System\McInWfF.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\guEAJhm.exe
  C:\Windows\System\guEAJhm.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\QdemMAe.exe
  C:\Windows\System\QdemMAe.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\AvMIAKK.exe
  C:\Windows\System\AvMIAKK.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\mLDmpny.exe
  C:\Windows\System\mLDmpny.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\FqBtVde.exe
  C:\Windows\System\FqBtVde.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\IpqWyNY.exe
  C:\Windows\System\IpqWyNY.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\spiUSeJ.exe
  C:\Windows\System\spiUSeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\BiaXrIt.exe
  C:\Windows\System\BiaXrIt.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\TANyOLB.exe
  C:\Windows\System\TANyOLB.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\DMygfST.exe
  C:\Windows\System\DMygfST.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\WmauYGg.exe
  C:\Windows\System\WmauYGg.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\tSjmMrV.exe
  C:\Windows\System\tSjmMrV.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\scNqfBI.exe
  C:\Windows\System\scNqfBI.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\ZqRgeId.exe
  C:\Windows\System\ZqRgeId.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\rpRSTOb.exe
  C:\Windows\System\rpRSTOb.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\hSwOEEi.exe
  C:\Windows\System\hSwOEEi.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\ugkqQvc.exe
  C:\Windows\System\ugkqQvc.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\JykKIOp.exe
  C:\Windows\System\JykKIOp.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\XytMPme.exe
  C:\Windows\System\XytMPme.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\nVGiYaA.exe
  C:\Windows\System\nVGiYaA.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\tAXAkVf.exe
  C:\Windows\System\tAXAkVf.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\atLVaFb.exe
  C:\Windows\System\atLVaFb.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\iGgWyCk.exe
  C:\Windows\System\iGgWyCk.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\hnvXiXb.exe
  C:\Windows\System\hnvXiXb.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\AFtglLq.exe
  C:\Windows\System\AFtglLq.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\hrPEZgF.exe
  C:\Windows\System\hrPEZgF.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\IhdBNXQ.exe
  C:\Windows\System\IhdBNXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\vXFblbf.exe
  C:\Windows\System\vXFblbf.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\bjfRMll.exe
  C:\Windows\System\bjfRMll.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\jlsdVvc.exe
  C:\Windows\System\jlsdVvc.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\kwqkPBc.exe
  C:\Windows\System\kwqkPBc.exe
  2⤵
  PID:2716
- C:\Windows\System\BvWNthY.exe
  C:\Windows\System\BvWNthY.exe
  2⤵
  PID:3464
- C:\Windows\System\TQEOnmO.exe
  C:\Windows\System\TQEOnmO.exe
  2⤵
  PID:3816
- C:\Windows\System\wqtaSga.exe
  C:\Windows\System\wqtaSga.exe
  2⤵
  PID:2924
- C:\Windows\System\pjKPonY.exe
  C:\Windows\System\pjKPonY.exe
  2⤵
  PID:2024
- C:\Windows\System\jFBpsKN.exe
  C:\Windows\System\jFBpsKN.exe
  2⤵
  PID:3432
- C:\Windows\System\rdwWFIV.exe
  C:\Windows\System\rdwWFIV.exe
  2⤵
  PID:4656
- C:\Windows\System\KjwUODg.exe
  C:\Windows\System\KjwUODg.exe
  2⤵
  PID:2148
- C:\Windows\System\ZZYQWfv.exe
  C:\Windows\System\ZZYQWfv.exe
  2⤵
  PID:2512
- C:\Windows\System\zVwQUOG.exe
  C:\Windows\System\zVwQUOG.exe
  2⤵
  PID:4652
- C:\Windows\System\VQkFDTO.exe
  C:\Windows\System\VQkFDTO.exe
  2⤵
  PID:1640
- C:\Windows\System\HliOnFz.exe
  C:\Windows\System\HliOnFz.exe
  2⤵
  PID:2548
- C:\Windows\System\NaHySFG.exe
  C:\Windows\System\NaHySFG.exe
  2⤵
  PID:5388
- C:\Windows\System\XSbGzVJ.exe
  C:\Windows\System\XSbGzVJ.exe
  2⤵
  PID:5420
- C:\Windows\System\yuWwQwk.exe
  C:\Windows\System\yuWwQwk.exe
  2⤵
  PID:5436
- C:\Windows\System\LdQDbMH.exe
  C:\Windows\System\LdQDbMH.exe
  2⤵
  PID:5452
- C:\Windows\System\ZLfOOfB.exe
  C:\Windows\System\ZLfOOfB.exe
  2⤵
  PID:5468
- C:\Windows\System\NRKRoee.exe
  C:\Windows\System\NRKRoee.exe
  2⤵
  PID:5484
- C:\Windows\System\KTUGfJb.exe
  C:\Windows\System\KTUGfJb.exe
  2⤵
  PID:5500
- C:\Windows\System\lApzKUd.exe
  C:\Windows\System\lApzKUd.exe
  2⤵
  PID:5516
- C:\Windows\System\VKVoUez.exe
  C:\Windows\System\VKVoUez.exe
  2⤵
  PID:5532
- C:\Windows\System\wsZVoZD.exe
  C:\Windows\System\wsZVoZD.exe
  2⤵
  PID:5548
- C:\Windows\System\qwKmbNc.exe
  C:\Windows\System\qwKmbNc.exe
  2⤵
  PID:5564
- C:\Windows\System\zUkBLmB.exe
  C:\Windows\System\zUkBLmB.exe
  2⤵
  PID:5580
- C:\Windows\System\kxflKNW.exe
  C:\Windows\System\kxflKNW.exe
  2⤵
  PID:5596
- C:\Windows\System\UMNgUMi.exe
  C:\Windows\System\UMNgUMi.exe
  2⤵
  PID:5612
- C:\Windows\System\TQASnNC.exe
  C:\Windows\System\TQASnNC.exe
  2⤵
  PID:5628
- C:\Windows\System\qsYJmWN.exe
  C:\Windows\System\qsYJmWN.exe
  2⤵
  PID:5652
- C:\Windows\System\jcZyzev.exe
  C:\Windows\System\jcZyzev.exe
  2⤵
  PID:5668
- C:\Windows\System\QQhnmiF.exe
  C:\Windows\System\QQhnmiF.exe
  2⤵
  PID:5684
- C:\Windows\System\oxpnFsw.exe
  C:\Windows\System\oxpnFsw.exe
  2⤵
  PID:5700
- C:\Windows\System\zbnVAGJ.exe
  C:\Windows\System\zbnVAGJ.exe
  2⤵
  PID:5720
- C:\Windows\System\TEXcSrV.exe
  C:\Windows\System\TEXcSrV.exe
  2⤵
  PID:5736
- C:\Windows\System\bTtiSoT.exe
  C:\Windows\System\bTtiSoT.exe
  2⤵
  PID:5752
- C:\Windows\System\uzrvWQz.exe
  C:\Windows\System\uzrvWQz.exe
  2⤵
  PID:5772
- C:\Windows\System\ghjYkBW.exe
  C:\Windows\System\ghjYkBW.exe
  2⤵
  PID:5792
- C:\Windows\System\HMUsQuy.exe
  C:\Windows\System\HMUsQuy.exe
  2⤵
  PID:5808
- C:\Windows\System\FVSZFmn.exe
  C:\Windows\System\FVSZFmn.exe
  2⤵
  PID:2556
- C:\Windows\System\BKHIFsU.exe
  C:\Windows\System\BKHIFsU.exe
  2⤵
  PID:4480
- C:\Windows\System\qpnAjyr.exe
  C:\Windows\System\qpnAjyr.exe
  2⤵
  PID:1376
- C:\Windows\System\wXbfYtO.exe
  C:\Windows\System\wXbfYtO.exe
  2⤵
  PID:4932
- C:\Windows\System\POwSYJT.exe
  C:\Windows\System\POwSYJT.exe
  2⤵
  PID:4680
- C:\Windows\System\ntfdsWH.exe
  C:\Windows\System\ntfdsWH.exe
  2⤵
  PID:1692
- C:\Windows\System\TtQYvEl.exe
  C:\Windows\System\TtQYvEl.exe
  2⤵
  PID:652
- C:\Windows\System\tOAtVgA.exe
  C:\Windows\System\tOAtVgA.exe
  2⤵
  PID:5268
- C:\Windows\System\OpUrrJL.exe
  C:\Windows\System\OpUrrJL.exe
  2⤵
  PID:5324
- C:\Windows\System\CQsBkTJ.exe
  C:\Windows\System\CQsBkTJ.exe
  2⤵
  PID:5476
- C:\Windows\System\qhLfyOC.exe
  C:\Windows\System\qhLfyOC.exe
  2⤵
  PID:5512
- C:\Windows\System\CpvUXvg.exe
  C:\Windows\System\CpvUXvg.exe
  2⤵
  PID:5544
- C:\Windows\System\pMmZbOK.exe
  C:\Windows\System\pMmZbOK.exe
  2⤵
  PID:5592
- C:\Windows\System\ppSoxBZ.exe
  C:\Windows\System\ppSoxBZ.exe
  2⤵
  PID:5636
- C:\Windows\System\AUoonBY.exe
  C:\Windows\System\AUoonBY.exe
  2⤵
  PID:5680
- C:\Windows\System\OQBoIau.exe
  C:\Windows\System\OQBoIau.exe
  2⤵
  PID:3960
- C:\Windows\System\DrNwbbn.exe
  C:\Windows\System\DrNwbbn.exe
  2⤵
  PID:5800
- C:\Windows\System\YMydXnT.exe
  C:\Windows\System\YMydXnT.exe
  2⤵
  PID:5856
- C:\Windows\System\SoNLRen.exe
  C:\Windows\System\SoNLRen.exe
  2⤵
  PID:4528
- C:\Windows\System\lpasjMD.exe
  C:\Windows\System\lpasjMD.exe
  2⤵
  PID:4984
- C:\Windows\System\vyzraOg.exe
  C:\Windows\System\vyzraOg.exe
  2⤵
  PID:2144
- C:\Windows\System\DCFFvgH.exe
  C:\Windows\System\DCFFvgH.exe
  2⤵
  PID:3204
- C:\Windows\System\VRPMJSO.exe
  C:\Windows\System\VRPMJSO.exe
  2⤵
  PID:1148
- C:\Windows\System\pfYZIKF.exe
  C:\Windows\System\pfYZIKF.exe
  2⤵
  PID:3312
- C:\Windows\System\fDEDThS.exe
  C:\Windows\System\fDEDThS.exe
  2⤵
  PID:1592
- C:\Windows\System\mHCSKpT.exe
  C:\Windows\System\mHCSKpT.exe
  2⤵
  PID:6104
- C:\Windows\System\CFqrDRO.exe
  C:\Windows\System\CFqrDRO.exe
  2⤵
  PID:6112
- C:\Windows\System\DiDOPCL.exe
  C:\Windows\System\DiDOPCL.exe
  2⤵
  PID:6080
- C:\Windows\System\qsTXxSs.exe
  C:\Windows\System\qsTXxSs.exe
  2⤵
  PID:4420
- C:\Windows\System\rAPEOZQ.exe
  C:\Windows\System\rAPEOZQ.exe
  2⤵
  PID:4828
- C:\Windows\System\YXaznYm.exe
  C:\Windows\System\YXaznYm.exe
  2⤵
  PID:220
- C:\Windows\System\shpNhIw.exe
  C:\Windows\System\shpNhIw.exe
  2⤵
  PID:5156
- C:\Windows\System\fcfOuUq.exe
  C:\Windows\System\fcfOuUq.exe
  2⤵
  PID:5604
- C:\Windows\System\OxgtAoZ.exe
  C:\Windows\System\OxgtAoZ.exe
  2⤵
  PID:4976
- C:\Windows\System\CmEZGLp.exe
  C:\Windows\System\CmEZGLp.exe
  2⤵
  PID:5648
- C:\Windows\System\JKCXQmO.exe
  C:\Windows\System\JKCXQmO.exe
  2⤵
  PID:5728
- C:\Windows\System\VlMIeNz.exe
  C:\Windows\System\VlMIeNz.exe
  2⤵
  PID:5968
- C:\Windows\System\dWoURLH.exe
  C:\Windows\System\dWoURLH.exe
  2⤵
  PID:4148
- C:\Windows\System\bOBrfXw.exe
  C:\Windows\System\bOBrfXw.exe
  2⤵
  PID:2564
- C:\Windows\System\xUlkmvj.exe
  C:\Windows\System\xUlkmvj.exe
  2⤵
  PID:2192
- C:\Windows\System\DkpaWMJ.exe
  C:\Windows\System\DkpaWMJ.exe
  2⤵
  PID:4040
- C:\Windows\System\sjYpbJt.exe
  C:\Windows\System\sjYpbJt.exe
  2⤵
  PID:6120
- C:\Windows\System\wgnjcdU.exe
  C:\Windows\System\wgnjcdU.exe
  2⤵
  PID:2812
- C:\Windows\System\JgRenua.exe
  C:\Windows\System\JgRenua.exe
  2⤵
  PID:2332
- C:\Windows\System\kRrbmsY.exe
  C:\Windows\System\kRrbmsY.exe
  2⤵
  PID:5572
- C:\Windows\System\SfDjGHZ.exe
  C:\Windows\System\SfDjGHZ.exe
  2⤵
  PID:5508
- C:\Windows\System\FARUTVI.exe
  C:\Windows\System\FARUTVI.exe
  2⤵
  PID:3444
- C:\Windows\System\pETBXHP.exe
  C:\Windows\System\pETBXHP.exe
  2⤵
  PID:3228
- C:\Windows\System\BzbtAVt.exe
  C:\Windows\System\BzbtAVt.exe
  2⤵
  PID:1940
- C:\Windows\System\zBfvtHb.exe
  C:\Windows\System\zBfvtHb.exe
  2⤵
  PID:2936
- C:\Windows\System\mBSuJni.exe
  C:\Windows\System\mBSuJni.exe
  2⤵
  PID:5008
- C:\Windows\System\qrvbDYz.exe
  C:\Windows\System\qrvbDYz.exe
  2⤵
  PID:5496
- C:\Windows\System\xUXhdUe.exe
  C:\Windows\System\xUXhdUe.exe
  2⤵
  PID:2816
- C:\Windows\System\ByTcJsV.exe
  C:\Windows\System\ByTcJsV.exe
  2⤵
  PID:3792
- C:\Windows\System\gGWkVco.exe
  C:\Windows\System\gGWkVco.exe
  2⤵
  PID:1996
- C:\Windows\System\ypNlhIi.exe
  C:\Windows\System\ypNlhIi.exe
  2⤵
  PID:6172
- C:\Windows\System\eXBHotf.exe
  C:\Windows\System\eXBHotf.exe
  2⤵
  PID:6192
- C:\Windows\System\ICQytPr.exe
  C:\Windows\System\ICQytPr.exe
  2⤵
  PID:6208
- C:\Windows\System\xTzxuOj.exe
  C:\Windows\System\xTzxuOj.exe
  2⤵
  PID:6248
- C:\Windows\System\CjXxMqB.exe
  C:\Windows\System\CjXxMqB.exe
  2⤵
  PID:6276
- C:\Windows\System\ObhzVsk.exe
  C:\Windows\System\ObhzVsk.exe
  2⤵
  PID:6308
- C:\Windows\System\UtXhQOi.exe
  C:\Windows\System\UtXhQOi.exe
  2⤵
  PID:6336
- C:\Windows\System\tAsGmVr.exe
  C:\Windows\System\tAsGmVr.exe
  2⤵
  PID:6364
- C:\Windows\System\JWdPaNh.exe
  C:\Windows\System\JWdPaNh.exe
  2⤵
  PID:6392
- C:\Windows\System\aeLFdSx.exe
  C:\Windows\System\aeLFdSx.exe
  2⤵
  PID:6420
- C:\Windows\System\LRDefEu.exe
  C:\Windows\System\LRDefEu.exe
  2⤵
  PID:6448
- C:\Windows\System\gPQTxGt.exe
  C:\Windows\System\gPQTxGt.exe
  2⤵
  PID:6476
- C:\Windows\System\jdqyiWQ.exe
  C:\Windows\System\jdqyiWQ.exe
  2⤵
  PID:6504
- C:\Windows\System\tHuDSdw.exe
  C:\Windows\System\tHuDSdw.exe
  2⤵
  PID:6532
- C:\Windows\System\OUFeLcn.exe
  C:\Windows\System\OUFeLcn.exe
  2⤵
  PID:6560
- C:\Windows\System\uNppzDl.exe
  C:\Windows\System\uNppzDl.exe
  2⤵
  PID:6588
- C:\Windows\System\PQOeYNb.exe
  C:\Windows\System\PQOeYNb.exe
  2⤵
  PID:6612
- C:\Windows\System\mbTwOJJ.exe
  C:\Windows\System\mbTwOJJ.exe
  2⤵
  PID:6644
- C:\Windows\System\pLSBdGX.exe
  C:\Windows\System\pLSBdGX.exe
  2⤵
  PID:6672
- C:\Windows\System\wlRMEAX.exe
  C:\Windows\System\wlRMEAX.exe
  2⤵
  PID:6692
- C:\Windows\System\KoULvQp.exe
  C:\Windows\System\KoULvQp.exe
  2⤵
  PID:6728
- C:\Windows\System\muXjUzk.exe
  C:\Windows\System\muXjUzk.exe
  2⤵
  PID:6760
- C:\Windows\System\LARoXCM.exe
  C:\Windows\System\LARoXCM.exe
  2⤵
  PID:6788
- C:\Windows\System\NwsGqMT.exe
  C:\Windows\System\NwsGqMT.exe
  2⤵
  PID:6820
- C:\Windows\System\ZTaSMsu.exe
  C:\Windows\System\ZTaSMsu.exe
  2⤵
  PID:6848
- C:\Windows\System\WQfNwmS.exe
  C:\Windows\System\WQfNwmS.exe
  2⤵
  PID:6872
- C:\Windows\System\UhpTEWr.exe
  C:\Windows\System\UhpTEWr.exe
  2⤵
  PID:6888
- C:\Windows\System\qcLMSXq.exe
  C:\Windows\System\qcLMSXq.exe
  2⤵
  PID:6904
- C:\Windows\System\qLjWXEa.exe
  C:\Windows\System\qLjWXEa.exe
  2⤵
  PID:6920
- C:\Windows\System\UrrWwMz.exe
  C:\Windows\System\UrrWwMz.exe
  2⤵
  PID:6936
- C:\Windows\System\tUizCYC.exe
  C:\Windows\System\tUizCYC.exe
  2⤵
  PID:6952
- C:\Windows\System\ZyNbghX.exe
  C:\Windows\System\ZyNbghX.exe
  2⤵
  PID:6980
- C:\Windows\System\FbPztUq.exe
  C:\Windows\System\FbPztUq.exe
  2⤵
  PID:7012
- C:\Windows\System\NONbQUv.exe
  C:\Windows\System\NONbQUv.exe
  2⤵
  PID:7048
- C:\Windows\System\rdJHFie.exe
  C:\Windows\System\rdJHFie.exe
  2⤵
  PID:7084
- C:\Windows\System\UaIwWOn.exe
  C:\Windows\System\UaIwWOn.exe
  2⤵
  PID:7120
- C:\Windows\System\SvykWIY.exe
  C:\Windows\System\SvykWIY.exe
  2⤵
  PID:7152
- C:\Windows\System\OHAPKiW.exe
  C:\Windows\System\OHAPKiW.exe
  2⤵
  PID:6200
- C:\Windows\System\ngjJfvB.exe
  C:\Windows\System\ngjJfvB.exe
  2⤵
  PID:2124
- C:\Windows\System\vQCvHen.exe
  C:\Windows\System\vQCvHen.exe
  2⤵
  PID:6328
- C:\Windows\System\OfYxokS.exe
  C:\Windows\System\OfYxokS.exe
  2⤵
  PID:6376
- C:\Windows\System\RvUMUCk.exe
  C:\Windows\System\RvUMUCk.exe
  2⤵
  PID:6388
- C:\Windows\System\rYmrHsO.exe
  C:\Windows\System\rYmrHsO.exe
  2⤵
  PID:6460
- C:\Windows\System\eWeUbTf.exe
  C:\Windows\System\eWeUbTf.exe
  2⤵
  PID:6524
- C:\Windows\System\SfrWxPy.exe
  C:\Windows\System\SfrWxPy.exe
  2⤵
  PID:6604
- C:\Windows\System\DDZOBez.exe
  C:\Windows\System\DDZOBez.exe
  2⤵
  PID:6656
- C:\Windows\System\gidLCDX.exe
  C:\Windows\System\gidLCDX.exe
  2⤵
  PID:6736
- C:\Windows\System\seArfrp.exe
  C:\Windows\System\seArfrp.exe
  2⤵
  PID:6808
- C:\Windows\System\NgocbkD.exe
  C:\Windows\System\NgocbkD.exe
  2⤵
  PID:6864
- C:\Windows\System\VaWfkcN.exe
  C:\Windows\System\VaWfkcN.exe
  2⤵
  PID:6912
- C:\Windows\System\cfhHFmX.exe
  C:\Windows\System\cfhHFmX.exe
  2⤵
  PID:6948
- C:\Windows\System\xcgGvAI.exe
  C:\Windows\System\xcgGvAI.exe
  2⤵
  PID:7008
- C:\Windows\System\WtpKpmr.exe
  C:\Windows\System\WtpKpmr.exe
  2⤵
  PID:7104
- C:\Windows\System\eiusmcM.exe
  C:\Windows\System\eiusmcM.exe
  2⤵
  PID:6180
- C:\Windows\System\yAaikoW.exe
  C:\Windows\System\yAaikoW.exe
  2⤵
  PID:6412
- C:\Windows\System\HKsgkew.exe
  C:\Windows\System\HKsgkew.exe
  2⤵
  PID:6544
- C:\Windows\System\HcSEnja.exe
  C:\Windows\System\HcSEnja.exe
  2⤵
  PID:6580
- C:\Windows\System\QuhcgGY.exe
  C:\Windows\System\QuhcgGY.exe
  2⤵
  PID:6772
- C:\Windows\System\mEHJSvC.exe
  C:\Windows\System\mEHJSvC.exe
  2⤵
  PID:6928
- C:\Windows\System\fPhJtLH.exe
  C:\Windows\System\fPhJtLH.exe
  2⤵
  PID:5060
- C:\Windows\System\uNdNPIB.exe
  C:\Windows\System\uNdNPIB.exe
  2⤵
  PID:6360
- C:\Windows\System\mdqxQIF.exe
  C:\Windows\System\mdqxQIF.exe
  2⤵
  PID:6840
- C:\Windows\System\PMeDJlo.exe
  C:\Windows\System\PMeDJlo.exe
  2⤵
  PID:6272
- C:\Windows\System\gCGYAzE.exe
  C:\Windows\System\gCGYAzE.exe
  2⤵
  PID:7056
- C:\Windows\System\MXEmxWA.exe
  C:\Windows\System\MXEmxWA.exe
  2⤵
  PID:7196
- C:\Windows\System\ninDpAZ.exe
  C:\Windows\System\ninDpAZ.exe
  2⤵
  PID:7224
- C:\Windows\System\NLaJtLi.exe
  C:\Windows\System\NLaJtLi.exe
  2⤵
  PID:7256
- C:\Windows\System\PBMCqpj.exe
  C:\Windows\System\PBMCqpj.exe
  2⤵
  PID:7284
- C:\Windows\System\fqNVlXq.exe
  C:\Windows\System\fqNVlXq.exe
  2⤵
  PID:7312
- C:\Windows\System\gUfCdrw.exe
  C:\Windows\System\gUfCdrw.exe
  2⤵
  PID:7328
- C:\Windows\System\KFbwTEw.exe
  C:\Windows\System\KFbwTEw.exe
  2⤵
  PID:7360
- C:\Windows\System\QObpNNM.exe
  C:\Windows\System\QObpNNM.exe
  2⤵
  PID:7388
- C:\Windows\System\XlSEeOu.exe
  C:\Windows\System\XlSEeOu.exe
  2⤵
  PID:7408
- C:\Windows\System\EDMQgXL.exe
  C:\Windows\System\EDMQgXL.exe
  2⤵
  PID:7436
- C:\Windows\System\SQfdGtB.exe
  C:\Windows\System\SQfdGtB.exe
  2⤵
  PID:7472
- C:\Windows\System\GVapRRJ.exe
  C:\Windows\System\GVapRRJ.exe
  2⤵
  PID:7500
- C:\Windows\System\HlcBvnu.exe
  C:\Windows\System\HlcBvnu.exe
  2⤵
  PID:7528
- C:\Windows\System\TJhWOdz.exe
  C:\Windows\System\TJhWOdz.exe
  2⤵
  PID:7556
- C:\Windows\System\JUwNkhS.exe
  C:\Windows\System\JUwNkhS.exe
  2⤵
  PID:7584
- C:\Windows\System\eglJHQd.exe
  C:\Windows\System\eglJHQd.exe
  2⤵
  PID:7616
- C:\Windows\System\lWlesmw.exe
  C:\Windows\System\lWlesmw.exe
  2⤵
  PID:7652
- C:\Windows\System\KwdNkGP.exe
  C:\Windows\System\KwdNkGP.exe
  2⤵
  PID:7680
- C:\Windows\System\ihWQJKC.exe
  C:\Windows\System\ihWQJKC.exe
  2⤵
  PID:7708
- C:\Windows\System\IuckIpm.exe
  C:\Windows\System\IuckIpm.exe
  2⤵
  PID:7736
- C:\Windows\System\szHFazr.exe
  C:\Windows\System\szHFazr.exe
  2⤵
  PID:7764
- C:\Windows\System\SmqKjnu.exe
  C:\Windows\System\SmqKjnu.exe
  2⤵
  PID:7792
- C:\Windows\System\Ejhqnbe.exe
  C:\Windows\System\Ejhqnbe.exe
  2⤵
  PID:7828
- C:\Windows\System\IAVZQkX.exe
  C:\Windows\System\IAVZQkX.exe
  2⤵
  PID:7848
- C:\Windows\System\oAnTxGn.exe
  C:\Windows\System\oAnTxGn.exe
  2⤵
  PID:7864
- C:\Windows\System\JxgWqdF.exe
  C:\Windows\System\JxgWqdF.exe
  2⤵
  PID:7884
- C:\Windows\System\uotVeWl.exe
  C:\Windows\System\uotVeWl.exe
  2⤵
  PID:7920
- C:\Windows\System\egaaFrw.exe
  C:\Windows\System\egaaFrw.exe
  2⤵
  PID:7952
- C:\Windows\System\NsigDlf.exe
  C:\Windows\System\NsigDlf.exe
  2⤵
  PID:7972
- C:\Windows\System\YkonYOB.exe
  C:\Windows\System\YkonYOB.exe
  2⤵
  PID:8008
- C:\Windows\System\vPfwSzg.exe
  C:\Windows\System\vPfwSzg.exe
  2⤵
  PID:8044
- C:\Windows\System\sifjeUd.exe
  C:\Windows\System\sifjeUd.exe
  2⤵
  PID:8072
- C:\Windows\System\lzsToWx.exe
  C:\Windows\System\lzsToWx.exe
  2⤵
  PID:8092
- C:\Windows\System\kshvhor.exe
  C:\Windows\System\kshvhor.exe
  2⤵
  PID:8116
- C:\Windows\System\NfWNrBG.exe
  C:\Windows\System\NfWNrBG.exe
  2⤵
  PID:8148
- C:\Windows\System\CUnfDTL.exe
  C:\Windows\System\CUnfDTL.exe
  2⤵
  PID:8184
- C:\Windows\System\grADdHZ.exe
  C:\Windows\System\grADdHZ.exe
  2⤵
  PID:7192
- C:\Windows\System\eLOVBEj.exe
  C:\Windows\System\eLOVBEj.exe
  2⤵
  PID:7264
- C:\Windows\System\OicQJwQ.exe
  C:\Windows\System\OicQJwQ.exe
  2⤵
  PID:7324
- C:\Windows\System\qEIbjdt.exe
  C:\Windows\System\qEIbjdt.exe
  2⤵
  PID:7400
- C:\Windows\System\XPXrgLG.exe
  C:\Windows\System\XPXrgLG.exe
  2⤵
  PID:7444
- C:\Windows\System\oVThxaX.exe
  C:\Windows\System\oVThxaX.exe
  2⤵
  PID:7520
- C:\Windows\System\JaWOxeQ.exe
  C:\Windows\System\JaWOxeQ.exe
  2⤵
  PID:7572
- C:\Windows\System\ZnMgqmh.exe
  C:\Windows\System\ZnMgqmh.exe
  2⤵
  PID:7664
- C:\Windows\System\tPWKKVa.exe
  C:\Windows\System\tPWKKVa.exe
  2⤵
  PID:7776
- C:\Windows\System\pmybePt.exe
  C:\Windows\System\pmybePt.exe
  2⤵
  PID:7816
- C:\Windows\System\SizbwKJ.exe
  C:\Windows\System\SizbwKJ.exe
  2⤵
  PID:7900
- C:\Windows\System\vAtQnQL.exe
  C:\Windows\System\vAtQnQL.exe
  2⤵
  PID:7992
- C:\Windows\System\BtbHKYi.exe
  C:\Windows\System\BtbHKYi.exe
  2⤵
  PID:8064
- C:\Windows\System\hythOKC.exe
  C:\Windows\System\hythOKC.exe
  2⤵
  PID:8128
- C:\Windows\System\KPFwLBW.exe
  C:\Windows\System\KPFwLBW.exe
  2⤵
  PID:6784
- C:\Windows\System\eqparWG.exe
  C:\Windows\System\eqparWG.exe
  2⤵
  PID:7304
- C:\Windows\System\JxXDmYx.exe
  C:\Windows\System\JxXDmYx.exe
  2⤵
  PID:7456
- C:\Windows\System\gZlqXEC.exe
  C:\Windows\System\gZlqXEC.exe
  2⤵
  PID:7640
- C:\Windows\System\WymsPXJ.exe
  C:\Windows\System\WymsPXJ.exe
  2⤵
  PID:7840
- C:\Windows\System\uvNcoRx.exe
  C:\Windows\System\uvNcoRx.exe
  2⤵
  PID:7964
- C:\Windows\System\ytyuNej.exe
  C:\Windows\System\ytyuNej.exe
  2⤵
  PID:8176
- C:\Windows\System\RAFPrcc.exe
  C:\Windows\System\RAFPrcc.exe
  2⤵
  PID:7308
- C:\Windows\System\rvtLjEF.exe
  C:\Windows\System\rvtLjEF.exe
  2⤵
  PID:7880
- C:\Windows\System\RTEmeXe.exe
  C:\Windows\System\RTEmeXe.exe
  2⤵
  PID:7296
- C:\Windows\System\jJunLez.exe
  C:\Windows\System\jJunLez.exe
  2⤵
  PID:7752
- C:\Windows\System\ajdzwuy.exe
  C:\Windows\System\ajdzwuy.exe
  2⤵
  PID:8208
- C:\Windows\System\JAZhGlJ.exe
  C:\Windows\System\JAZhGlJ.exe
  2⤵
  PID:8236
- C:\Windows\System\RWwMqgA.exe
  C:\Windows\System\RWwMqgA.exe
  2⤵
  PID:8260
- C:\Windows\System\GTRRiDE.exe
  C:\Windows\System\GTRRiDE.exe
  2⤵
  PID:8292
- C:\Windows\System\ZjVnilR.exe
  C:\Windows\System\ZjVnilR.exe
  2⤵
  PID:8328
- C:\Windows\System\hGWxJou.exe
  C:\Windows\System\hGWxJou.exe
  2⤵
  PID:8360
- C:\Windows\System\scxqgPH.exe
  C:\Windows\System\scxqgPH.exe
  2⤵
  PID:8388
- C:\Windows\System\BMzqWZP.exe
  C:\Windows\System\BMzqWZP.exe
  2⤵
  PID:8404
- C:\Windows\System\hLpTfVO.exe
  C:\Windows\System\hLpTfVO.exe
  2⤵
  PID:8436
- C:\Windows\System\fBECpQJ.exe
  C:\Windows\System\fBECpQJ.exe
  2⤵
  PID:8472
- C:\Windows\System\VgRzHCF.exe
  C:\Windows\System\VgRzHCF.exe
  2⤵
  PID:8504
- C:\Windows\System\kVQzrDO.exe
  C:\Windows\System\kVQzrDO.exe
  2⤵
  PID:8528
- C:\Windows\System\UXqnDZq.exe
  C:\Windows\System\UXqnDZq.exe
  2⤵
  PID:8556
- C:\Windows\System\rZdskvF.exe
  C:\Windows\System\rZdskvF.exe
  2⤵
  PID:8584
- C:\Windows\System\btJtvsf.exe
  C:\Windows\System\btJtvsf.exe
  2⤵
  PID:8612
- C:\Windows\System\hUQoLGA.exe
  C:\Windows\System\hUQoLGA.exe
  2⤵
  PID:8640
- C:\Windows\System\ktUcEnt.exe
  C:\Windows\System\ktUcEnt.exe
  2⤵
  PID:8668
- C:\Windows\System\wUUPbJM.exe
  C:\Windows\System\wUUPbJM.exe
  2⤵
  PID:8696
- C:\Windows\System\ADnCaxF.exe
  C:\Windows\System\ADnCaxF.exe
  2⤵
  PID:8724
- C:\Windows\System\POFDVxM.exe
  C:\Windows\System\POFDVxM.exe
  2⤵
  PID:8752
- C:\Windows\System\JEqmaEr.exe
  C:\Windows\System\JEqmaEr.exe
  2⤵
  PID:8768
- C:\Windows\System\AedcBHB.exe
  C:\Windows\System\AedcBHB.exe
  2⤵
  PID:8800
- C:\Windows\System\FELNdQQ.exe
  C:\Windows\System\FELNdQQ.exe
  2⤵
  PID:8824
- C:\Windows\System\UAlgFvq.exe
  C:\Windows\System\UAlgFvq.exe
  2⤵
  PID:8872
- C:\Windows\System\RbRgfiW.exe
  C:\Windows\System\RbRgfiW.exe
  2⤵
  PID:8900
- C:\Windows\System\eIxzVaO.exe
  C:\Windows\System\eIxzVaO.exe
  2⤵
  PID:8932
- C:\Windows\System\gHaHCaE.exe
  C:\Windows\System\gHaHCaE.exe
  2⤵
  PID:8956
- C:\Windows\System\qFRlTKY.exe
  C:\Windows\System\qFRlTKY.exe
  2⤵
  PID:8980
- C:\Windows\System\rcbETxN.exe
  C:\Windows\System\rcbETxN.exe
  2⤵
  PID:9016
- C:\Windows\System\lmRXLMn.exe
  C:\Windows\System\lmRXLMn.exe
  2⤵
  PID:9044
- C:\Windows\System\FmaapiQ.exe
  C:\Windows\System\FmaapiQ.exe
  2⤵
  PID:9064
- C:\Windows\System\NUEaKXb.exe
  C:\Windows\System\NUEaKXb.exe
  2⤵
  PID:9088
- C:\Windows\System\hLyaVqS.exe
  C:\Windows\System\hLyaVqS.exe
  2⤵
  PID:9124
- C:\Windows\System\cfRTkhQ.exe
  C:\Windows\System\cfRTkhQ.exe
  2⤵
  PID:9156
- C:\Windows\System\EJPzclc.exe
  C:\Windows\System\EJPzclc.exe
  2⤵
  PID:9184
- C:\Windows\System\dNclkme.exe
  C:\Windows\System\dNclkme.exe
  2⤵
  PID:8204
- C:\Windows\System\ZlPAiiJ.exe
  C:\Windows\System\ZlPAiiJ.exe
  2⤵
  PID:8256
- C:\Windows\System\JQCqBAa.exe
  C:\Windows\System\JQCqBAa.exe
  2⤵
  PID:8324
- C:\Windows\System\DoSgOfW.exe
  C:\Windows\System\DoSgOfW.exe
  2⤵
  PID:8376
- C:\Windows\System\DHxZsEG.exe
  C:\Windows\System\DHxZsEG.exe
  2⤵
  PID:8432
- C:\Windows\System\WYURuCS.exe
  C:\Windows\System\WYURuCS.exe
  2⤵
  PID:8496
- C:\Windows\System\tyJAJIq.exe
  C:\Windows\System\tyJAJIq.exe
  2⤵
  PID:8576
- C:\Windows\System\UytkTkH.exe
  C:\Windows\System\UytkTkH.exe
  2⤵
  PID:8636
- C:\Windows\System\NsDbSuZ.exe
  C:\Windows\System\NsDbSuZ.exe
  2⤵
  PID:8708
- C:\Windows\System\lnpfCua.exe
  C:\Windows\System\lnpfCua.exe
  2⤵
  PID:8792
- C:\Windows\System\dfypDdm.exe
  C:\Windows\System\dfypDdm.exe
  2⤵
  PID:8868
- C:\Windows\System\IhfLfjJ.exe
  C:\Windows\System\IhfLfjJ.exe
  2⤵
  PID:8948
- C:\Windows\System\qmfNWUP.exe
  C:\Windows\System\qmfNWUP.exe
  2⤵
  PID:9000
- C:\Windows\System\KCcVEQi.exe
  C:\Windows\System\KCcVEQi.exe
  2⤵
  PID:9100
- C:\Windows\System\ZTFVTbr.exe
  C:\Windows\System\ZTFVTbr.exe
  2⤵
  PID:9180
- C:\Windows\System\IiotuzW.exe
  C:\Windows\System\IiotuzW.exe
  2⤵
  PID:8244
- C:\Windows\System\BgXfqfL.exe
  C:\Windows\System\BgXfqfL.exe
  2⤵
  PID:8416
- C:\Windows\System\miUuwJw.exe
  C:\Windows\System\miUuwJw.exe
  2⤵
  PID:8540
- C:\Windows\System\NqXOBUu.exe
  C:\Windows\System\NqXOBUu.exe
  2⤵
  PID:8736
- C:\Windows\System\mEzBBwL.exe
  C:\Windows\System\mEzBBwL.exe
  2⤵
  PID:8908
- C:\Windows\System\ZUFzuCU.exe
  C:\Windows\System\ZUFzuCU.exe
  2⤵
  PID:9144
- C:\Windows\System\ZIsHKes.exe
  C:\Windows\System\ZIsHKes.exe
  2⤵
  PID:8348
- C:\Windows\System\RFWHPOO.exe
  C:\Windows\System\RFWHPOO.exe
  2⤵
  PID:8680
- C:\Windows\System\HYQpAFm.exe
  C:\Windows\System\HYQpAFm.exe
  2⤵
  PID:9228
- C:\Windows\System\QXyiIYz.exe
  C:\Windows\System\QXyiIYz.exe
  2⤵
  PID:9260
- C:\Windows\System\DNwDWfl.exe
  C:\Windows\System\DNwDWfl.exe
  2⤵
  PID:9288
- C:\Windows\System\RdepECG.exe
  C:\Windows\System\RdepECG.exe
  2⤵
  PID:9316
- C:\Windows\System\SXYONFc.exe
  C:\Windows\System\SXYONFc.exe
  2⤵
  PID:9344
- C:\Windows\System\KZJxiwj.exe
  C:\Windows\System\KZJxiwj.exe
  2⤵
  PID:9384
- C:\Windows\System\HupzCAO.exe
  C:\Windows\System\HupzCAO.exe
  2⤵
  PID:9412
- C:\Windows\System\epNFJxN.exe
  C:\Windows\System\epNFJxN.exe
  2⤵
  PID:9444
- C:\Windows\System\IBKIIld.exe
  C:\Windows\System\IBKIIld.exe
  2⤵
  PID:9480
- C:\Windows\System\rHGGlzX.exe
  C:\Windows\System\rHGGlzX.exe
  2⤵
  PID:9500
- C:\Windows\System\gYUImbE.exe
  C:\Windows\System\gYUImbE.exe
  2⤵
  PID:9532
- C:\Windows\System\ZFRZFyf.exe
  C:\Windows\System\ZFRZFyf.exe
  2⤵
  PID:9564
- C:\Windows\System\SwzUXlQ.exe
  C:\Windows\System\SwzUXlQ.exe
  2⤵
  PID:9584
- C:\Windows\System\FdvePcJ.exe
  C:\Windows\System\FdvePcJ.exe
  2⤵
  PID:9616
- C:\Windows\System\LHADKLf.exe
  C:\Windows\System\LHADKLf.exe
  2⤵
  PID:9644
- C:\Windows\System\AXWaMQM.exe
  C:\Windows\System\AXWaMQM.exe
  2⤵
  PID:9676
- C:\Windows\System\HYhKJUk.exe
  C:\Windows\System\HYhKJUk.exe
  2⤵
  PID:9704
- C:\Windows\System\tHqJKHV.exe
  C:\Windows\System\tHqJKHV.exe
  2⤵
  PID:9748
- C:\Windows\System\WJbXKxO.exe
  C:\Windows\System\WJbXKxO.exe
  2⤵
  PID:9784
- C:\Windows\System\SudnKem.exe
  C:\Windows\System\SudnKem.exe
  2⤵
  PID:9816
- C:\Windows\System\sxcLyxl.exe
  C:\Windows\System\sxcLyxl.exe
  2⤵
  PID:9848
- C:\Windows\System\QvTALOo.exe
  C:\Windows\System\QvTALOo.exe
  2⤵
  PID:9892
- C:\Windows\System\JdEPbBC.exe
  C:\Windows\System\JdEPbBC.exe
  2⤵
  PID:9924
- C:\Windows\System\WnQicRV.exe
  C:\Windows\System\WnQicRV.exe
  2⤵
  PID:9976
- C:\Windows\System\LEAbRAy.exe
  C:\Windows\System\LEAbRAy.exe
  2⤵
  PID:10000
- C:\Windows\System\wHtXRIr.exe
  C:\Windows\System\wHtXRIr.exe
  2⤵
  PID:10032
- C:\Windows\System\hAmULfP.exe
  C:\Windows\System\hAmULfP.exe
  2⤵
  PID:10068
- C:\Windows\System\EKzbwpB.exe
  C:\Windows\System\EKzbwpB.exe
  2⤵
  PID:10100
- C:\Windows\System\BHzFIEg.exe
  C:\Windows\System\BHzFIEg.exe
  2⤵
  PID:10116
- C:\Windows\System\phyuvcN.exe
  C:\Windows\System\phyuvcN.exe
  2⤵
  PID:10148
- C:\Windows\System\QkNEskc.exe
  C:\Windows\System\QkNEskc.exe
  2⤵
  PID:10180
- C:\Windows\System\OyxZsgp.exe
  C:\Windows\System\OyxZsgp.exe
  2⤵
  PID:10200
- C:\Windows\System\FWNagMq.exe
  C:\Windows\System\FWNagMq.exe
  2⤵
  PID:10228
- C:\Windows\System\gMQKfGj.exe
  C:\Windows\System\gMQKfGj.exe
  2⤵
  PID:8200
- C:\Windows\System\GyJtLXy.exe
  C:\Windows\System\GyJtLXy.exe
  2⤵
  PID:8988
- C:\Windows\System\qwrNfnZ.exe
  C:\Windows\System\qwrNfnZ.exe
  2⤵
  PID:9300
- C:\Windows\System\kZaRvwr.exe
  C:\Windows\System\kZaRvwr.exe
  2⤵
  PID:9328
- C:\Windows\System\ejNlNOZ.exe
  C:\Windows\System\ejNlNOZ.exe
  2⤵
  PID:9396
- C:\Windows\System\MbEGflB.exe
  C:\Windows\System\MbEGflB.exe
  2⤵
  PID:9516
- C:\Windows\System\VEXccyv.exe
  C:\Windows\System\VEXccyv.exe
  2⤵
  PID:9552
- C:\Windows\System\uIRzKjX.exe
  C:\Windows\System\uIRzKjX.exe
  2⤵
  PID:9580
- C:\Windows\System\kQqdFVn.exe
  C:\Windows\System\kQqdFVn.exe
  2⤵
  PID:9700
- C:\Windows\System\PNEUzYT.exe
  C:\Windows\System\PNEUzYT.exe
  2⤵
  PID:9780
- C:\Windows\System\uossywj.exe
  C:\Windows\System\uossywj.exe
  2⤵
  PID:9836
- C:\Windows\System\UovPKeT.exe
  C:\Windows\System\UovPKeT.exe
  2⤵
  PID:9944
- C:\Windows\System\oZcoKNN.exe
  C:\Windows\System\oZcoKNN.exe
  2⤵
  PID:10028
- C:\Windows\System\FOrYkzp.exe
  C:\Windows\System\FOrYkzp.exe
  2⤵
  PID:10096
- C:\Windows\System\ECfzDXr.exe
  C:\Windows\System\ECfzDXr.exe
  2⤵
  PID:10144
- C:\Windows\System\XMZZfRp.exe
  C:\Windows\System\XMZZfRp.exe
  2⤵
  PID:10192
- C:\Windows\System\qyQJKnf.exe
  C:\Windows\System\qyQJKnf.exe
  2⤵
  PID:8816
- C:\Windows\System\nLKUHYG.exe
  C:\Windows\System\nLKUHYG.exe
  2⤵
  PID:9404
- C:\Windows\System\inXEwUN.exe
  C:\Windows\System\inXEwUN.exe
  2⤵
  PID:9512
- C:\Windows\System\vpPsNIj.exe
  C:\Windows\System\vpPsNIj.exe
  2⤵
  PID:9560
- C:\Windows\System\oMYEGxh.exe
  C:\Windows\System\oMYEGxh.exe
  2⤵
  PID:9856
- C:\Windows\System\jvSewTy.exe
  C:\Windows\System\jvSewTy.exe
  2⤵
  PID:9884
- C:\Windows\System\fGHxAAS.exe
  C:\Windows\System\fGHxAAS.exe
  2⤵
  PID:10168
- C:\Windows\System\GviKFei.exe
  C:\Windows\System\GviKFei.exe
  2⤵
  PID:9284
- C:\Windows\System\sTcWwpv.exe
  C:\Windows\System\sTcWwpv.exe
  2⤵
  PID:10008
- C:\Windows\System\ldoLxUC.exe
  C:\Windows\System\ldoLxUC.exe
  2⤵
  PID:10056
- C:\Windows\System\mckwSJa.exe
  C:\Windows\System\mckwSJa.exe
  2⤵
  PID:10244
- C:\Windows\System\qMdpZYn.exe
  C:\Windows\System\qMdpZYn.exe
  2⤵
  PID:10272
- C:\Windows\System\TCgofyj.exe
  C:\Windows\System\TCgofyj.exe
  2⤵
  PID:10292
- C:\Windows\System\mwcGaEf.exe
  C:\Windows\System\mwcGaEf.exe
  2⤵
  PID:10320
- C:\Windows\System\fmzoVEz.exe
  C:\Windows\System\fmzoVEz.exe
  2⤵
  PID:10356
- C:\Windows\System\WInCvzI.exe
  C:\Windows\System\WInCvzI.exe
  2⤵
  PID:10384
- C:\Windows\System\WzvzlBN.exe
  C:\Windows\System\WzvzlBN.exe
  2⤵
  PID:10416
- C:\Windows\System\DldHYrS.exe
  C:\Windows\System\DldHYrS.exe
  2⤵
  PID:10456
- C:\Windows\System\BmZLFxC.exe
  C:\Windows\System\BmZLFxC.exe
  2⤵
  PID:10484
- C:\Windows\System\WVpXybw.exe
  C:\Windows\System\WVpXybw.exe
  2⤵
  PID:10512
- C:\Windows\System\yADcdsG.exe
  C:\Windows\System\yADcdsG.exe
  2⤵
  PID:10548
- C:\Windows\System\aDOBxhg.exe
  C:\Windows\System\aDOBxhg.exe
  2⤵
  PID:10584
- C:\Windows\System\TDufeAP.exe
  C:\Windows\System\TDufeAP.exe
  2⤵
  PID:10616
- C:\Windows\System\VPBIOsL.exe
  C:\Windows\System\VPBIOsL.exe
  2⤵
  PID:10636
- C:\Windows\System\ghUxpuJ.exe
  C:\Windows\System\ghUxpuJ.exe
  2⤵
  PID:10668
- C:\Windows\System\OrrUnGl.exe
  C:\Windows\System\OrrUnGl.exe
  2⤵
  PID:10712
- C:\Windows\System\vOyUElo.exe
  C:\Windows\System\vOyUElo.exe
  2⤵
  PID:10736
- C:\Windows\System\SNdcERF.exe
  C:\Windows\System\SNdcERF.exe
  2⤵
  PID:10760
- C:\Windows\System\fdtPjME.exe
  C:\Windows\System\fdtPjME.exe
  2⤵
  PID:10788
- C:\Windows\System\wHHwzUz.exe
  C:\Windows\System\wHHwzUz.exe
  2⤵
  PID:10816
- C:\Windows\System\FCkQcXK.exe
  C:\Windows\System\FCkQcXK.exe
  2⤵
  PID:10872
- C:\Windows\System\vAAgSIb.exe
  C:\Windows\System\vAAgSIb.exe
  2⤵
  PID:10896
- C:\Windows\System\StZEeOG.exe
  C:\Windows\System\StZEeOG.exe
  2⤵
  PID:10924
- C:\Windows\System\dzjXQJq.exe
  C:\Windows\System\dzjXQJq.exe
  2⤵
  PID:10948
- C:\Windows\System\ySAijLv.exe
  C:\Windows\System\ySAijLv.exe
  2⤵
  PID:10968
- C:\Windows\System\NfwXjeN.exe
  C:\Windows\System\NfwXjeN.exe
  2⤵
  PID:11000
- C:\Windows\System\VcxzbWT.exe
  C:\Windows\System\VcxzbWT.exe
  2⤵
  PID:11036
- C:\Windows\System\mjhNAeh.exe
  C:\Windows\System\mjhNAeh.exe
  2⤵
  PID:11064
- C:\Windows\System\seljqPA.exe
  C:\Windows\System\seljqPA.exe
  2⤵
  PID:11080
- C:\Windows\System\UZDckIQ.exe
  C:\Windows\System\UZDckIQ.exe
  2⤵
  PID:11108
- C:\Windows\System\dZWxByg.exe
  C:\Windows\System\dZWxByg.exe
  2⤵
  PID:11136
- C:\Windows\System\eqcBUUn.exe
  C:\Windows\System\eqcBUUn.exe
  2⤵
  PID:11160
- C:\Windows\System\yGzbDgF.exe
  C:\Windows\System\yGzbDgF.exe
  2⤵
  PID:11200
- C:\Windows\System\VjsCUOz.exe
  C:\Windows\System\VjsCUOz.exe
  2⤵
  PID:11220
- C:\Windows\System\MZBBVnA.exe
  C:\Windows\System\MZBBVnA.exe
  2⤵
  PID:11256
- C:\Windows\System\rriCcWp.exe
  C:\Windows\System\rriCcWp.exe
  2⤵
  PID:9312
- C:\Windows\System\DdDdZuX.exe
  C:\Windows\System\DdDdZuX.exe
  2⤵
  PID:9876
- C:\Windows\System\BDWkdsg.exe
  C:\Windows\System\BDWkdsg.exe
  2⤵
  PID:10332
- C:\Windows\System\isHthxx.exe
  C:\Windows\System\isHthxx.exe
  2⤵
  PID:10476
- C:\Windows\System\qcqnQWA.exe
  C:\Windows\System\qcqnQWA.exe
  2⤵
  PID:10572
- C:\Windows\System\xAQrouV.exe
  C:\Windows\System\xAQrouV.exe
  2⤵
  PID:10536
- C:\Windows\System\GOTGeeZ.exe
  C:\Windows\System\GOTGeeZ.exe
  2⤵
  PID:10564
- C:\Windows\System\GeEzIuf.exe
  C:\Windows\System\GeEzIuf.exe
  2⤵
  PID:10724
- C:\Windows\System\YjHyEoT.exe
  C:\Windows\System\YjHyEoT.exe
  2⤵
  PID:10796
- C:\Windows\System\eTKruat.exe
  C:\Windows\System\eTKruat.exe
  2⤵
  PID:10832
- C:\Windows\System\RtaHgnX.exe
  C:\Windows\System\RtaHgnX.exe
  2⤵
  PID:10936
- C:\Windows\System\zVkrZoW.exe
  C:\Windows\System\zVkrZoW.exe
  2⤵
  PID:10980
- C:\Windows\System\bIgFCYi.exe
  C:\Windows\System\bIgFCYi.exe
  2⤵
  PID:11024
- C:\Windows\System\drxWPut.exe
  C:\Windows\System\drxWPut.exe
  2⤵
  PID:11092
- C:\Windows\System\tyvMwjO.exe
  C:\Windows\System\tyvMwjO.exe
  2⤵
  PID:11172
- C:\Windows\System\mPSvMQf.exe
  C:\Windows\System\mPSvMQf.exe
  2⤵
  PID:11144
- C:\Windows\System\jyTwgoG.exe
  C:\Windows\System\jyTwgoG.exe
  2⤵
  PID:11248
- C:\Windows\System\bTpciCq.exe
  C:\Windows\System\bTpciCq.exe
  2⤵
  PID:10260
- C:\Windows\System\opfdqgU.exe
  C:\Windows\System\opfdqgU.exe
  2⤵
  PID:10464
- C:\Windows\System\upVNTQI.exe
  C:\Windows\System\upVNTQI.exe
  2⤵
  PID:10612
- C:\Windows\System\byZSLXX.exe
  C:\Windows\System\byZSLXX.exe
  2⤵
  PID:10776
- C:\Windows\System\NWsjeis.exe
  C:\Windows\System\NWsjeis.exe
  2⤵
  PID:10888
- C:\Windows\System\BpfoBkc.exe
  C:\Windows\System\BpfoBkc.exe
  2⤵
  PID:11076
- C:\Windows\System\ohjEeKj.exe
  C:\Windows\System\ohjEeKj.exe
  2⤵
  PID:11100
- C:\Windows\System\zdxYGRp.exe
  C:\Windows\System\zdxYGRp.exe
  2⤵
  PID:10532
- C:\Windows\System\EufsDYp.exe
  C:\Windows\System\EufsDYp.exe
  2⤵
  PID:10660
- C:\Windows\System\uUfnjmu.exe
  C:\Windows\System\uUfnjmu.exe
  2⤵
  PID:11020
- C:\Windows\System\uHJXwGO.exe
  C:\Windows\System\uHJXwGO.exe
  2⤵
  PID:10880
- C:\Windows\System\dzAByZp.exe
  C:\Windows\System\dzAByZp.exe
  2⤵
  PID:11280
- C:\Windows\System\EJXuLrv.exe
  C:\Windows\System\EJXuLrv.exe
  2⤵
  PID:11304
- C:\Windows\System\KhQcikV.exe
  C:\Windows\System\KhQcikV.exe
  2⤵
  PID:11320
- C:\Windows\System\TQnhvnr.exe
  C:\Windows\System\TQnhvnr.exe
  2⤵
  PID:11352
- C:\Windows\System\nqtLlxi.exe
  C:\Windows\System\nqtLlxi.exe
  2⤵
  PID:11372
- C:\Windows\System\uTpgVey.exe
  C:\Windows\System\uTpgVey.exe
  2⤵
  PID:11404
- C:\Windows\System\WrLuiFS.exe
  C:\Windows\System\WrLuiFS.exe
  2⤵
  PID:11432
- C:\Windows\System\zrkjwOW.exe
  C:\Windows\System\zrkjwOW.exe
  2⤵
  PID:11456
- C:\Windows\System\cwVaeUE.exe
  C:\Windows\System\cwVaeUE.exe
  2⤵
  PID:11480
- C:\Windows\System\iWXtpys.exe
  C:\Windows\System\iWXtpys.exe
  2⤵
  PID:11512
- C:\Windows\System\TImrcwD.exe
  C:\Windows\System\TImrcwD.exe
  2⤵
  PID:11540
- C:\Windows\System\hOEyLUv.exe
  C:\Windows\System\hOEyLUv.exe
  2⤵
  PID:11580
- C:\Windows\System\KMfFyhZ.exe
  C:\Windows\System\KMfFyhZ.exe
  2⤵
  PID:11628
- C:\Windows\System\zywvYlE.exe
  C:\Windows\System\zywvYlE.exe
  2⤵
  PID:11644
- C:\Windows\System\DcUwvkB.exe
  C:\Windows\System\DcUwvkB.exe
  2⤵
  PID:11672
- C:\Windows\System\gACHgMl.exe
  C:\Windows\System\gACHgMl.exe
  2⤵
  PID:11704
- C:\Windows\System\FqABeSC.exe
  C:\Windows\System\FqABeSC.exe
  2⤵
  PID:11740
- C:\Windows\System\HvfcXxK.exe
  C:\Windows\System\HvfcXxK.exe
  2⤵
  PID:11768
- C:\Windows\System\TDIfXxM.exe
  C:\Windows\System\TDIfXxM.exe
  2⤵
  PID:11800
- C:\Windows\System\CciwzBX.exe
  C:\Windows\System\CciwzBX.exe
  2⤵
  PID:11836
- C:\Windows\System\gJjQavh.exe
  C:\Windows\System\gJjQavh.exe
  2⤵
  PID:11864
- C:\Windows\System\xSXwqhf.exe
  C:\Windows\System\xSXwqhf.exe
  2⤵
  PID:11892
- C:\Windows\System\JKNnvgG.exe
  C:\Windows\System\JKNnvgG.exe
  2⤵
  PID:11920
- C:\Windows\System\GVJBcAF.exe
  C:\Windows\System\GVJBcAF.exe
  2⤵
  PID:11948
- C:\Windows\System\KEKTmXb.exe
  C:\Windows\System\KEKTmXb.exe
  2⤵
  PID:11976
- C:\Windows\System\ohShUEw.exe
  C:\Windows\System\ohShUEw.exe
  2⤵
  PID:12004
- C:\Windows\System\hGQKqlL.exe
  C:\Windows\System\hGQKqlL.exe
  2⤵
  PID:12032
- C:\Windows\System\UJdLjUU.exe
  C:\Windows\System\UJdLjUU.exe
  2⤵
  PID:12060
- C:\Windows\System\KaaEPKq.exe
  C:\Windows\System\KaaEPKq.exe
  2⤵
  PID:12088
- C:\Windows\System\pePzBlt.exe
  C:\Windows\System\pePzBlt.exe
  2⤵
  PID:12120
- C:\Windows\System\bAaNOxb.exe
  C:\Windows\System\bAaNOxb.exe
  2⤵
  PID:12144
- C:\Windows\System\lIsRgXw.exe
  C:\Windows\System\lIsRgXw.exe
  2⤵
  PID:12176
- C:\Windows\System\mAsPVdY.exe
  C:\Windows\System\mAsPVdY.exe
  2⤵
  PID:12212
- C:\Windows\System\lUafyFe.exe
  C:\Windows\System\lUafyFe.exe
  2⤵
  PID:12240
- C:\Windows\System\kFRqWLh.exe
  C:\Windows\System\kFRqWLh.exe
  2⤵
  PID:12256
- C:\Windows\System\grrIviV.exe
  C:\Windows\System\grrIviV.exe
  2⤵
  PID:12276
- C:\Windows\System\CkvGJmF.exe
  C:\Windows\System\CkvGJmF.exe
  2⤵
  PID:10404
- C:\Windows\System\jdpUgLj.exe
  C:\Windows\System\jdpUgLj.exe
  2⤵
  PID:11396
- C:\Windows\System\eHyTOhH.exe
  C:\Windows\System\eHyTOhH.exe
  2⤵
  PID:11332
- C:\Windows\System\zgbCZLt.exe
  C:\Windows\System\zgbCZLt.exe
  2⤵
  PID:11448
- C:\Windows\System\xBNBMCS.exe
  C:\Windows\System\xBNBMCS.exe
  2⤵
  PID:11528
- C:\Windows\System\tIzNHTI.exe
  C:\Windows\System\tIzNHTI.exe
  2⤵
  PID:11604
- C:\Windows\System\gLRYfyt.exe
  C:\Windows\System\gLRYfyt.exe
  2⤵
  PID:11596
- C:\Windows\System\jPGanPh.exe
  C:\Windows\System\jPGanPh.exe
  2⤵
  PID:11688
- C:\Windows\System\bpqDCuH.exe
  C:\Windows\System\bpqDCuH.exe
  2⤵
  PID:11792
- C:\Windows\System\uGuEtVp.exe
  C:\Windows\System\uGuEtVp.exe
  2⤵
  PID:11876
- C:\Windows\System\KyeTNjM.exe
  C:\Windows\System\KyeTNjM.exe
  2⤵
  PID:11944
- C:\Windows\System\dKSgClb.exe
  C:\Windows\System\dKSgClb.exe
  2⤵
  PID:12044
- C:\Windows\System\VmWJCVZ.exe
  C:\Windows\System\VmWJCVZ.exe
  2⤵
  PID:12084
- C:\Windows\System\KSAIHxT.exe
  C:\Windows\System\KSAIHxT.exe
  2⤵
  PID:12116
- C:\Windows\System\BYpgbdF.exe
  C:\Windows\System\BYpgbdF.exe
  2⤵
  PID:12204
- C:\Windows\System\SLCiqbz.exe
  C:\Windows\System\SLCiqbz.exe
  2⤵
  PID:12284
- C:\Windows\System\SSnDdnh.exe
  C:\Windows\System\SSnDdnh.exe
  2⤵
  PID:11312
- C:\Windows\System\VGYzXLE.exe
  C:\Windows\System\VGYzXLE.exe
  2⤵
  PID:11416
- C:\Windows\System\imgeJTw.exe
  C:\Windows\System\imgeJTw.exe
  2⤵
  PID:11640
- C:\Windows\System\WdHgWIT.exe
  C:\Windows\System\WdHgWIT.exe
  2⤵
  PID:11728
- C:\Windows\System\RpDcfTc.exe
  C:\Windows\System\RpDcfTc.exe
  2⤵
  PID:11936
- C:\Windows\System\mVjuOko.exe
  C:\Windows\System\mVjuOko.exe
  2⤵
  PID:12160
- C:\Windows\System\XTDZuYU.exe
  C:\Windows\System\XTDZuYU.exe
  2⤵
  PID:10996
- C:\Windows\System\JNMMBlK.exe
  C:\Windows\System\JNMMBlK.exe
  2⤵
  PID:11588
- C:\Windows\System\LkBRefy.exe
  C:\Windows\System\LkBRefy.exe
  2⤵
  PID:11992
- C:\Windows\System\VXTxsQy.exe
  C:\Windows\System\VXTxsQy.exe
  2⤵
  PID:12292
- C:\Windows\System\nHPEZUG.exe
  C:\Windows\System\nHPEZUG.exe
  2⤵
  PID:12320
- C:\Windows\System\tBrqFHD.exe
  C:\Windows\System\tBrqFHD.exe
  2⤵
  PID:12360
- C:\Windows\System\HsCfqzt.exe
  C:\Windows\System\HsCfqzt.exe
  2⤵
  PID:12376
- C:\Windows\System\tBGkPGw.exe
  C:\Windows\System\tBGkPGw.exe
  2⤵
  PID:12404
- C:\Windows\System\JHTxRPe.exe
  C:\Windows\System\JHTxRPe.exe
  2⤵
  PID:12432
- C:\Windows\System\McISmlQ.exe
  C:\Windows\System\McISmlQ.exe
  2⤵
  PID:12456
- C:\Windows\System\nhvjkpP.exe
  C:\Windows\System\nhvjkpP.exe
  2⤵
  PID:12488
- C:\Windows\System\nyLqGiH.exe
  C:\Windows\System\nyLqGiH.exe
  2⤵
  PID:12504
- C:\Windows\System\ohvfFNF.exe
  C:\Windows\System\ohvfFNF.exe
  2⤵
  PID:12524
- C:\Windows\System\AkHREdG.exe
  C:\Windows\System\AkHREdG.exe
  2⤵
  PID:12556
- C:\Windows\System\TmnOMGy.exe
  C:\Windows\System\TmnOMGy.exe
  2⤵
  PID:12584
- C:\Windows\System\lxkzUzC.exe
  C:\Windows\System\lxkzUzC.exe
  2⤵
  PID:12612
- C:\Windows\System\qUEZkQg.exe
  C:\Windows\System\qUEZkQg.exe
  2⤵
  PID:12680
- C:\Windows\System\YjXZSKs.exe
  C:\Windows\System\YjXZSKs.exe
  2⤵
  PID:12708
- C:\Windows\System\pvcTFNR.exe
  C:\Windows\System\pvcTFNR.exe
  2⤵
  PID:12748
- C:\Windows\System\HCSxoKo.exe
  C:\Windows\System\HCSxoKo.exe
  2⤵
  PID:12764
- C:\Windows\System\TERwMEU.exe
  C:\Windows\System\TERwMEU.exe
  2⤵
  PID:12796
- C:\Windows\System\BfFaPVg.exe
  C:\Windows\System\BfFaPVg.exe
  2⤵
  PID:12828
- C:\Windows\System\BczyyrA.exe
  C:\Windows\System\BczyyrA.exe
  2⤵
  PID:12860
- C:\Windows\System\pvhQZus.exe
  C:\Windows\System\pvhQZus.exe
  2⤵
  PID:12880
- C:\Windows\System\fWgjvjZ.exe
  C:\Windows\System\fWgjvjZ.exe
  2⤵
  PID:12904
- C:\Windows\System\yqCtiDT.exe
  C:\Windows\System\yqCtiDT.exe
  2⤵
  PID:12932
- C:\Windows\System\gAEiCOi.exe
  C:\Windows\System\gAEiCOi.exe
  2⤵
  PID:12952
- C:\Windows\System\FPqiCSS.exe
  C:\Windows\System\FPqiCSS.exe
  2⤵
  PID:12980
- C:\Windows\System\wwmafiG.exe
  C:\Windows\System\wwmafiG.exe
  2⤵
  PID:13004
- C:\Windows\System\uxFlEiA.exe
  C:\Windows\System\uxFlEiA.exe
  2⤵
  PID:13032
- C:\Windows\System\AoDLQlJ.exe
  C:\Windows\System\AoDLQlJ.exe
  2⤵
  PID:13068
- C:\Windows\System\zbiAVPj.exe
  C:\Windows\System\zbiAVPj.exe
  2⤵
  PID:13088
- C:\Windows\System\pXpeOIQ.exe
  C:\Windows\System\pXpeOIQ.exe
  2⤵
  PID:13116
- C:\Windows\System\cxkTugh.exe
  C:\Windows\System\cxkTugh.exe
  2⤵
  PID:13156
- C:\Windows\System\SlYWXlP.exe
  C:\Windows\System\SlYWXlP.exe
  2⤵
  PID:13184
- C:\Windows\System\ODlxqtC.exe
  C:\Windows\System\ODlxqtC.exe
  2⤵
  PID:13212
- C:\Windows\System\TnyeoLq.exe
  C:\Windows\System\TnyeoLq.exe
  2⤵
  PID:13240
- C:\Windows\System\FgerQvO.exe
  C:\Windows\System\FgerQvO.exe
  2⤵
  PID:13268
- C:\Windows\System\nZvYJgu.exe
  C:\Windows\System\nZvYJgu.exe
  2⤵
  PID:13296
- C:\Windows\System\OGjfQHU.exe
  C:\Windows\System\OGjfQHU.exe
  2⤵
  PID:12308
- C:\Windows\System\fzDEirZ.exe
  C:\Windows\System\fzDEirZ.exe
  2⤵
  PID:12332
- C:\Windows\System\vBPDorK.exe
  C:\Windows\System\vBPDorK.exe
  2⤵
  PID:12480
- C:\Windows\System\QthVTGk.exe
  C:\Windows\System\QthVTGk.exe
  2⤵
  PID:12444
- C:\Windows\System\LaDFQba.exe
  C:\Windows\System\LaDFQba.exe
  2⤵
  PID:12564
- C:\Windows\System\pPNaKvy.exe
  C:\Windows\System\pPNaKvy.exe
  2⤵
  PID:12656
- C:\Windows\System\kWjZesw.exe
  C:\Windows\System\kWjZesw.exe
  2⤵
  PID:12732
- C:\Windows\System\MZzrfmg.exe
  C:\Windows\System\MZzrfmg.exe
  2⤵
  PID:12780
- C:\Windows\System\vrZHXBZ.exe
  C:\Windows\System\vrZHXBZ.exe
  2⤵
  PID:12852
- C:\Windows\System\CdrdKuY.exe
  C:\Windows\System\CdrdKuY.exe
  2⤵
  PID:12924
- C:\Windows\System\tcDBlBl.exe
  C:\Windows\System\tcDBlBl.exe
  2⤵
  PID:12976
- C:\Windows\System\GlaiZfi.exe
  C:\Windows\System\GlaiZfi.exe
  2⤵
  PID:13044
- C:\Windows\System\mXXfBsc.exe
  C:\Windows\System\mXXfBsc.exe
  2⤵
  PID:13080
- C:\Windows\System\RWwrxwd.exe
  C:\Windows\System\RWwrxwd.exe
  2⤵
  PID:13180
- C:\Windows\System\fgqjkyT.exe
  C:\Windows\System\fgqjkyT.exe
  2⤵
  PID:13232
- C:\Windows\System\JYHWFOF.exe
  C:\Windows\System\JYHWFOF.exe
  2⤵
  PID:13288
- C:\Windows\System\gDqCche.exe
  C:\Windows\System\gDqCche.exe
  2⤵
  PID:12400
- C:\Windows\System\RczdkVF.exe
  C:\Windows\System\RczdkVF.exe
  2⤵
  PID:12624
- C:\Windows\System\rTqdzUf.exe
  C:\Windows\System\rTqdzUf.exe
  2⤵
  PID:12688
- C:\Windows\System\sjAgEdT.exe
  C:\Windows\System\sjAgEdT.exe
  2⤵
  PID:12888
- C:\Windows\System\upYNiQg.exe
  C:\Windows\System\upYNiQg.exe
  2⤵
  PID:13000
- C:\Windows\System\GxvLnnB.exe
  C:\Windows\System\GxvLnnB.exe
  2⤵
  PID:13124
- C:\Windows\System\aySVbPl.exe
  C:\Windows\System\aySVbPl.exe
  2⤵
  PID:13284
- C:\Windows\System\YCTmGMW.exe
  C:\Windows\System\YCTmGMW.exe
  2⤵
  PID:12836
- C:\Windows\System\IWtCDrl.exe
  C:\Windows\System\IWtCDrl.exe
  2⤵
  PID:13020
- C:\Windows\System\VahNByb.exe
  C:\Windows\System\VahNByb.exe
  2⤵
  PID:11472
- C:\Windows\System\YwRgUAd.exe
  C:\Windows\System\YwRgUAd.exe
  2⤵
  PID:13024
- C:\Windows\System\TBFUqDZ.exe
  C:\Windows\System\TBFUqDZ.exe
  2⤵
  PID:1060
- C:\Windows\System\SVvUOGd.exe
  C:\Windows\System\SVvUOGd.exe
  2⤵
  PID:2540
- C:\Windows\System\eiVRfrA.exe
  C:\Windows\System\eiVRfrA.exe
  2⤵
  PID:13324
- C:\Windows\System\fQhLwWn.exe
  C:\Windows\System\fQhLwWn.exe
  2⤵
  PID:13348
- C:\Windows\System\rFSEyeZ.exe
  C:\Windows\System\rFSEyeZ.exe
  2⤵
  PID:13384
- C:\Windows\System\CUOGQGm.exe
  C:\Windows\System\CUOGQGm.exe
  2⤵
  PID:13404
- C:\Windows\System\vazsdlW.exe
  C:\Windows\System\vazsdlW.exe
  2⤵
  PID:13428
- C:\Windows\System\XIQHxMJ.exe
  C:\Windows\System\XIQHxMJ.exe
  2⤵
  PID:13456
- C:\Windows\System\HQVciRL.exe
  C:\Windows\System\HQVciRL.exe
  2⤵
  PID:13480
- C:\Windows\System\ViiiBpn.exe
  C:\Windows\System\ViiiBpn.exe
  2⤵
  PID:13512
- C:\Windows\System\PGdgflJ.exe
  C:\Windows\System\PGdgflJ.exe
  2⤵
  PID:13536
- C:\Windows\System\FLtWywB.exe
  C:\Windows\System\FLtWywB.exe
  2⤵
  PID:13552
- C:\Windows\System\QYkmBqR.exe
  C:\Windows\System\QYkmBqR.exe
  2⤵
  PID:13568
- C:\Windows\System\iwMdsOl.exe
  C:\Windows\System\iwMdsOl.exe
  2⤵
  PID:13592
- C:\Windows\System\SlGptvc.exe
  C:\Windows\System\SlGptvc.exe
  2⤵
  PID:13616
- C:\Windows\System\unBkQBF.exe
  C:\Windows\System\unBkQBF.exe
  2⤵
  PID:13652
- C:\Windows\System\bvnHZLn.exe
  C:\Windows\System\bvnHZLn.exe
  2⤵
  PID:13676
- C:\Windows\System\PDVOBCa.exe
  C:\Windows\System\PDVOBCa.exe
  2⤵
  PID:13704
- C:\Windows\System\oLNspGj.exe
  C:\Windows\System\oLNspGj.exe
  2⤵
  PID:13736
- C:\Windows\System\MopoRtN.exe
  C:\Windows\System\MopoRtN.exe
  2⤵
  PID:13764
- C:\Windows\System\XhZiZKy.exe
  C:\Windows\System\XhZiZKy.exe
  2⤵
  PID:13780
- C:\Windows\System\EOvALdT.exe
  C:\Windows\System\EOvALdT.exe
  2⤵
  PID:13808
- C:\Windows\System\XfYqRtl.exe
  C:\Windows\System\XfYqRtl.exe
  2⤵
  PID:13840
- C:\Windows\System\lrdytyL.exe
  C:\Windows\System\lrdytyL.exe
  2⤵
  PID:13872
- C:\Windows\System\QIhukMF.exe
  C:\Windows\System\QIhukMF.exe
  2⤵
  PID:13908
- C:\Windows\System\YdKvzys.exe
  C:\Windows\System\YdKvzys.exe
  2⤵
  PID:13928
- C:\Windows\System\tBAtQxj.exe
  C:\Windows\System\tBAtQxj.exe
  2⤵
  PID:13960
- C:\Windows\System\ePCPJmx.exe
  C:\Windows\System\ePCPJmx.exe
  2⤵
  PID:13996
- C:\Windows\System\oTTbBJH.exe
  C:\Windows\System\oTTbBJH.exe
  2⤵
  PID:14016
- C:\Windows\System\McOPZnW.exe
  C:\Windows\System\McOPZnW.exe
  2⤵
  PID:14048
- C:\Windows\System\EEHpgmQ.exe
  C:\Windows\System\EEHpgmQ.exe
  2⤵
  PID:14080
- C:\Windows\System\ykqvhsn.exe
  C:\Windows\System\ykqvhsn.exe
  2⤵
  PID:14104
- C:\Windows\System\uezWpjC.exe
  C:\Windows\System\uezWpjC.exe
  2⤵
  PID:14140
- C:\Windows\System\niUxlBs.exe
  C:\Windows\System\niUxlBs.exe
  2⤵
  PID:14168
- C:\Windows\System\lBiwFDt.exe
  C:\Windows\System\lBiwFDt.exe
  2⤵
  PID:14192
- C:\Windows\System\BVJviGY.exe
  C:\Windows\System\BVJviGY.exe
  2⤵
  PID:14216
- C:\Windows\System\RZlWpXl.exe
  C:\Windows\System\RZlWpXl.exe
  2⤵
  PID:14236
- C:\Windows\System\NPPLqNS.exe
  C:\Windows\System\NPPLqNS.exe
  2⤵
  PID:14272
- C:\Windows\System\SfJcPHk.exe
  C:\Windows\System\SfJcPHk.exe
  2⤵
  PID:14308
- C:\Windows\System\eTqWhwH.exe
  C:\Windows\System\eTqWhwH.exe
  2⤵
  PID:14332
- C:\Windows\System\hvvdcFR.exe
  C:\Windows\System\hvvdcFR.exe
  2⤵
  PID:13332
- C:\Windows\System\OJPgeav.exe
  C:\Windows\System\OJPgeav.exe
  2⤵
  PID:13376
- C:\Windows\System\pWHuLOa.exe
  C:\Windows\System\pWHuLOa.exe
  2⤵
  PID:13524
- C:\Windows\System\YqETlwK.exe
  C:\Windows\System\YqETlwK.exe
  2⤵
  PID:13624
- C:\Windows\System\eQrNmZc.exe
  C:\Windows\System\eQrNmZc.exe
  2⤵
  PID:13496
- C:\Windows\System\aFKqqQu.exe
  C:\Windows\System\aFKqqQu.exe
  2⤵
  PID:13664
- C:\Windows\System\LRCkukF.exe
  C:\Windows\System\LRCkukF.exe
  2⤵
  PID:13696
- C:\Windows\System\CcuUaZJ.exe
  C:\Windows\System\CcuUaZJ.exe
  2⤵
  PID:13836
- C:\Windows\System\QNvfaOE.exe
  C:\Windows\System\QNvfaOE.exe
  2⤵
  PID:13820
- C:\Windows\System\axQtcue.exe
  C:\Windows\System\axQtcue.exe
  2⤵
  PID:13988
- C:\Windows\System\pcFfyzD.exe
  C:\Windows\System\pcFfyzD.exe
  2⤵
  PID:14036
- C:\Windows\System\tEqvpey.exe
  C:\Windows\System\tEqvpey.exe
  2⤵
  PID:13984
- C:\Windows\System\lNyjMpa.exe
  C:\Windows\System\lNyjMpa.exe
  2⤵
  PID:14176
- C:\Windows\System\covYnGZ.exe
  C:\Windows\System\covYnGZ.exe
  2⤵
  PID:14156
- C:\Windows\System\cJpFHUV.exe
  C:\Windows\System\cJpFHUV.exe
  2⤵
  PID:14248
- C:\Windows\System\LyDwkuA.exe
  C:\Windows\System\LyDwkuA.exe
  2⤵
  PID:14316
- C:\Windows\System\JWujNLA.exe
  C:\Windows\System\JWujNLA.exe
  2⤵
  PID:13508
- C:\Windows\System\ECQcWcY.exe
  C:\Windows\System\ECQcWcY.exe
  2⤵
  PID:13476
- C:\Windows\System\wDRopJO.exe
  C:\Windows\System\wDRopJO.exe
  2⤵
  PID:13488
- C:\Windows\System\FNVXFRt.exe
  C:\Windows\System\FNVXFRt.exe
  2⤵
  PID:13864
- C:\Windows\System\FPqwxjk.exe
  C:\Windows\System\FPqwxjk.exe
  2⤵
  PID:14004
- C:\Windows\System\ATpJnTe.exe
  C:\Windows\System\ATpJnTe.exe
  2⤵
  PID:14260
- C:\Windows\System\WlXOKDg.exe
  C:\Windows\System\WlXOKDg.exe
  2⤵
  PID:14092
- C:\Windows\System\xTjUjxR.exe
  C:\Windows\System\xTjUjxR.exe
  2⤵
  PID:13668
- C:\Windows\System\qWuZpXE.exe
  C:\Windows\System\qWuZpXE.exe
  2⤵
  PID:13760

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AQStMDL.exe

Filesize
1.8MB

MD5
4fe26f20a125000973a41c468327beb7

SHA1
663b0cdaccf7b9105a903dd8180f1439c442d5d4

SHA256
6969594ee6402d58dcfcb13841bc352ffd84d60aa58140564416dca6b0099a00

SHA512
832df3a8e5154386a971676ce714a7300953111a538d0ef29c4faff844bc1bde506ef368c7e562213e64022fb594d5c6d9ffc4c8b930e605134859e53db87983

Download Submit
C:\Windows\System\DYInAps.exe

Filesize
1.8MB

MD5
0486ffe15c20c3102a1fce94cf721ef6

SHA1
b3c3bef7665d0e0223f0ff73ca9f1e1f2e2a8e0c

SHA256
1c0702d6a5e228147c2bd4a67dedbe3839e68ae19c1e9114595cde3ea7bfd656

SHA512
eda64d6fbca407cd9d7ae0dd766e24bb16ea7543397749af8181bd8b1380d822707f16b3892ed663cec459d895b22b758093608f564b9f3e1ebabf385f4e2cf5

Download Submit
C:\Windows\System\DztzQRc.exe

Filesize
1.8MB

MD5
593441481c610bfe92b0f9111702d3db

SHA1
ea90076c03724562be6f3af6e0ec807db54731fe

SHA256
1ac265341e0327e6913438c5abe075e31f4b14aea6d491e019cc0c2da8539a57

SHA512
443bffa8d55e2341097dafc29fb8ab08e1c5c99a08c361fbea0aff8f121d17ee75ebca73821eba8161db371ee986d90b8a15d580998bb3a053fd9f383954342e

Download Submit
C:\Windows\System\HvFQEwT.exe

Filesize
1.8MB

MD5
2bbf32d742695f557ed52a111f90f13c

SHA1
a96357dbc5faca9a55c6adc15f832012c02f4ff8

SHA256
aaf96073dafefadd0b35eda539fc5e6097ca0f794c9149ea82455a386bf88895

SHA512
88739a0cff913644004be42885c374f6d285948373120cabfab3561ab515802bf6d2fb783f52b964ebcb98b2d286688b2e596ea10995e925522b93cbdf9f275f

Download Submit
C:\Windows\System\IrgzXGa.exe

Filesize
1.8MB

MD5
8511ce0d865aa21eb05d564327d9ab53

SHA1
0cb57ea6d50230f1ab939b843d6873416aacc3e7

SHA256
458f2407e37f43fcc125df69ac84262aa1be02f12d75ef525f28dbc202fa2176

SHA512
7d45ecdb8a9c5fb7eaa6dd9a65f2398708117b8bdaa0a9feeab186a0a6e2f6cc39d22c75a22962391869ae5cb9766ba824a6b395112b3552f807e3719645a08f

Download Submit
C:\Windows\System\JkRGrja.exe

Filesize
1.8MB

MD5
61f2109c5001721311dfd9d1bd09ad75

SHA1
e7b3e186005faf5021d9fc8a27b064924344452f

SHA256
bd378cad5db9543323f3dab2074a20e652e83471065b8a395ed595fb8a4f6404

SHA512
8ff919f76313393414c36f8bc47eb2ee1ef9097bd0003fafdd0cec7cb857a306b705fb30a653a51d20e823c545796cd5dfbb513a7912aafd9157a05cdb4f1edf

Download Submit
C:\Windows\System\McInWfF.exe

Filesize
1.9MB

MD5
024d934c52db23668cf009089e12dd33

SHA1
acf1eae76d8971a3f9d72a0b56521f1e0baf575e

SHA256
1b33b893f858184acfcd130fe5f2d305d396e51d81f7d26860486b24f414fc7b

SHA512
a73f4b40028740b418e9b739004b092785b7f1e098cbfb3368db03ae88a48f6a89609645c39402a8eec5085086707ca915dc42d8e0b9ebdee25f8a4870de7806

Download Submit
C:\Windows\System\MkvPGys.exe

Filesize
1.8MB

MD5
e26f4190806c3a61cf6a1616c0e8fb80

SHA1
ae6961311af75b47b8d4d039f335da72f65b5eed

SHA256
da04dd31882c0e469a3d401c6f5eabdf4bcf8dc71faede3fa9c494c73298cbc7

SHA512
9e8e2cd998457cf670d21b7a141d79943cf97b512b4849520a07f4d7a48bd80f2a8de46026eaba8b7985ac5881e66571c96ecc15ee85143678bcae223d59e5d7

Download Submit
C:\Windows\System\NSHqsJP.exe

Filesize
1.8MB

MD5
6399e8c389111f1f28181b69a5a302ce

SHA1
13448c685c1c94ba0947e7304431113801fb9c54

SHA256
6b22eeb10fa6ad65c2c40f7b9871876c67f7e634c0397c88aa29e2a2ef4ef3fd

SHA512
3989ddb417dbb715b3ded0e06a2013808848a00bc0d7128e5583510c45cf1f06abf1f82fc2ef5241649d854500620cd14b92aa33de5eb519f6ccca11b0b14bd2

Download Submit
C:\Windows\System\OoBoEVe.exe

Filesize
1.9MB

MD5
0fe8b831ab9292fdcd0334a19dfe9e64

SHA1
e769160974f345c5d1884221d43ce984881c859a

SHA256
d41e8af9c1f7998c343c3a4c61cf701a465cbc0d82e3d48b03489e2f875144c8

SHA512
21167fb25346b9e29621484b3fb25ae49082c9e0be693281fb6c921f7a0555836035aab1d96dcfea3c5b13ecf6196e9c023939e799029421d719e9a794f798c3

Download Submit
C:\Windows\System\QWOvFHR.exe

Filesize
1.8MB

MD5
9340c0ea87aecb3b2b3bd46b0dd0b20c

SHA1
a12b7d1e068bbca363cf902e6926bb271f4993b8

SHA256
a7c54e2fbaa3f87da8f3766ace94137d69fc1f5377c379af130b4bce63a253dd

SHA512
325dd607b758569b8615019ae9044c7a4242fbc49a5fd1d440023cc6650684859d66024cfae664c782d284196582cd9bd342ee15144e0a924e76c09fbc0527ad

Download Submit
C:\Windows\System\UrCKclv.exe

Filesize
1.8MB

MD5
ee48822505b67bc49b42b7edd9ed668f

SHA1
27607fcb7a167eb42cc822b1335aa80f2d2e540d

SHA256
56307e91bd9efc9ec8e475d88a3eb11b8ad0214a2dd06b78d18155ca18745de7

SHA512
382c410c83e0c7426dc1eb984efb392e0eb15585f4033424301241e84434377c11d3f62e2ee1f7accbc358bafc7141ffbfbe160e0b163e5440f4a87397172e78

Download Submit
C:\Windows\System\WOAdlKx.exe

Filesize
1.8MB

MD5
8e0516c8b846f97048194f8e9f71745d

SHA1
3c9413e6620f341fff1bcaee0cb862aa7ddf9c4d

SHA256
3d43f343b7392f1ad8f39d2ca686aac4ddf3f9817546c2326e4726fe45905ab0

SHA512
dc097ce0788512cf0fd15a950e402613963928a49c0b2380e8b13b71c22826cf521429529b16bf1fb00affa4ec31fb6eb2a218867d7b7e4b918fdc044385a462

Download Submit
C:\Windows\System\ZHIxvbE.exe

Filesize
1.8MB

MD5
26da96611d07138c314691aa764a34da

SHA1
98f6227ae5c75486d354840c0cc934d9a4e423a6

SHA256
04229e437bb142a98c03a6243b503da518684b9922873b4b59daae3eaf2e56f4

SHA512
c7edadd167374c7a7068fbd31f216350830050133c821f0f39929927594484feb8cc25e45cc6641784c48778fd5e41110309e4884f8d32a7a00ebc48078f73da

Download Submit
C:\Windows\System\ZHprKSD.exe

Filesize
1.8MB

MD5
b38432bca1be0112f645cd11de194f01

SHA1
d17fd094d6517cd003f82c1091577d7003aa1893

SHA256
7ef52b8588231509f6e0547e1512489c75a269502de6f5b5976777fb1148c34f

SHA512
a571583d901d28557570f052dab1a0684871c0990440c0f8f26f43a31480502d4ece2206ac78e0133bc10bfe720d6a94f987fc2c3eb7f4f973cceab79ccb8937

Download Submit
C:\Windows\System\cCkSvJQ.exe

Filesize
1.8MB

MD5
8d8802283b9e3133fa6070045b4adbb2

SHA1
38e90a4b0d1c085fa3f2201e3bebba178fd4e711

SHA256
4f76010a0fffc674cb76b96eb37a8c0483e66944cf325368df79649eeafa6cfb

SHA512
431456119663c5232b8f408cc367483d84314c6da64e29dc02a693ae5708f124fba52f1fc41b456cb049679ce56e9e0f1b3f28941240e943a56a1f2d3e842da7

Download Submit
C:\Windows\System\eJdyVrG.exe

Filesize
1.8MB

MD5
ac458250a19e90e468efcafb9d9357b9

SHA1
d85d2a69d88746487549f0541b425fef532ce71f

SHA256
fe3f44ff8bcfb91792a2d115898a95b90c4ea78f3fd7889f9c3b4a6686e85a88

SHA512
0f2fe89b8839941b6e1cd7b4208a0f7a05ada8c1bbda6b6c113fa6bced76da11c5b8baf93be468a4ecfd87b27ee57522ae307a5af6e96f4102cc7e971ee920f3

Download Submit
C:\Windows\System\eQislvs.exe

Filesize
1.8MB

MD5
c93cb3904d139515048b84c5944aa51d

SHA1
72cda6fe8910a65b9ce9cec9e9421d336586f03c

SHA256
b822d9a5f25603bab45379eacfd0ade9ce806c36691c2f7017cc11b4433504ca

SHA512
7fe66c2034d0a3c378cfc5ba4aa573f58540b7af7d40f6b33d1f999bb942e9691d7dbb4c2cbb7c14aee5272663891b34a1411c07ffa94bdb949e5f8a8f4325d7

Download Submit
C:\Windows\System\eTMDwbm.exe

Filesize
1.8MB

MD5
202ed60fdc95c22b4a66ee5a2bb90c6a

SHA1
de56af240b2dab0e9ebe60a91d9429049f259db8

SHA256
4e35b0591ffbe69a7759f4ce896421a9648029979fa4a564707b6df98504008a

SHA512
23f43c7bc634a5ff9d3eced1d8675479bcfd6b47daba66c0391e6fd78355ddc4074edf89bf81ab0c86e7115c7051dd8febf36f9d5ffd7d3769800c89bcb4090d

Download Submit
C:\Windows\System\hgdYSiU.exe

Filesize
1.8MB

MD5
8e18b1004bcf8e2f90fed780b2c682ca

SHA1
5fbb5eb2b489a624b1d1346233c10e6feb07862f

SHA256
2d410f6f8ea080364222b870e3e6ca4095d198acbbf893bfbaa09450aab100b9

SHA512
445d2dc94fe7f1f2afefe71c3f2949dcb76d53a238fb22510b31f4bfa8f46cd27ebab0411b5920f9a8ba9697e98ce45b8bd36853bc2a280de98b21d4f53237ec

Download Submit
C:\Windows\System\ilIUiKF.exe

Filesize
1.8MB

MD5
b09b1e392546b2bf1ec3e66e8a2149ae

SHA1
dcfe13deda06a67d69fc66e46136c90d59d83e49

SHA256
e9015773e919a6ec493fbc06f115d733238a094df8816ff4436a9ae5c9bf8eaa

SHA512
1af89bc8b01da833abfad256856fcd8dedf02ca3d041797552948354dc8c020ce32e624ea55053ba6b0dfa72434f617c8f0ae8cb55e1ebbc6ac29889ac53419b

Download Submit
C:\Windows\System\jqVhkMF.exe

Filesize
1.8MB

MD5
f61d2859a1eab342b1dd9232afecdf7a

SHA1
23bbed788f2da815441262f61da630f2c739d9a8

SHA256
43d3512bc8878238c4211eb6a2457fb76a91dac43e27093f30cf1033d636f83e

SHA512
8e8aa96125242ef7c98ca3cdad0cf578e7a566872cc1513b4a35a216d304b937fd8ba350927c0ad0b1742dcb27227f0dd9d56b9d4ddb7b1547b2570b0150c5b8

Download Submit
C:\Windows\System\knJKsDF.exe

Filesize
1.8MB

MD5
44f9d1bddfe162c6d36dd51212b53022

SHA1
4dd745aa30c48e99ee10ef201c067d76504c2b30

SHA256
e4cd6aea5d822776d43a293181c3eb83d25e1734465a25901e0a6a772f03b0e0

SHA512
14b82422b6710246568db41480e9b03f0df2ef442257e43a63fa84510a0349baf904efd32e271eaf8337ce55b3ccf4a2b3e1a5f40d8035e86489418a689866ea

Download Submit
C:\Windows\System\lIqmiHW.exe

Filesize
1.8MB

MD5
e6ee0fa1e1b9340c7289197bb22e6944

SHA1
3b3138cb5d80f61f7097376d9dc253ace8bed2e2

SHA256
235eee6505d18c97711e11a82f7c282aa676d76045c1303cff36827577096604

SHA512
7f254ee88f4d43cc0447376509bc5990596bc623579cc7f09e5a4f3dd29b1fc0cc143b8bc4811873391c015cac1f72b031dde0bd2354fb25e6e84ebfd414b33f

Download Submit
C:\Windows\System\mQnEPwK.exe

Filesize
1.8MB

MD5
69677dceed5ef6b0ee83ad87e3339d0c

SHA1
baf0dc8970e5d520347a5497366c4accd141282c

SHA256
eb78af180b4a14235cabd7dd209691fb9875910475e69552a571c60c3f19d5f6

SHA512
3302600df1fb9bcb75f85acd4afc0348a9ec0fb81972de80712ea2fc5cc3ab284be98a65dcdb00c26889396bb1e09255eb9a6ef8c0fcd5b1b5909955c2e21bcb

Download Submit
C:\Windows\System\oSHNTEb.exe

Filesize
1.8MB

MD5
f0dc8724e424846329d05a2aa2f1c2cb

SHA1
60790105310df8ba985e6038172f20fec0590b4b

SHA256
d16e4f1a24715ecc13681aea3022c52856d0ca2bd91d7a3073757891c184c4f0

SHA512
24de96c05f383f5d94536d6da30ce8c0b1e1b1f4e799f12b5547011a780deef9a47e3401c24a8b0ba43b766015a9f98feb73d1ae4704e1a33d55961c35c4789c

Download Submit
C:\Windows\System\oaLlIbe.exe

Filesize
1.8MB

MD5
d96a4e6e93611ca30526c99d1db01a47

SHA1
7d00530524ac65fe97998075f9961b2930f1ca76

SHA256
1e0872cc71703b192b23ab06c66c92ba565589c7996da0f7c7b5725f373a642e

SHA512
8011090d6a0a1588d90776b058253cf08a976736d9052c3099ea7f3732d8002ce9150c4f32acf10c071fbae0d0477c40202d48a61adae17dcb782be0d3d3e5d7

Download Submit
C:\Windows\System\qLAoYnW.exe

Filesize
1.8MB

MD5
6d23bf267d9819793dea49a2b7b39049

SHA1
fcfe52dd103b6a79153c76fef016cbfa2b1aca96

SHA256
452ddbcfbe042791ee40478e03ac4bf1de03a5065700207d34839ce7a35bd26b

SHA512
2cf66745cf6374116a4c21aaa2ea9a6a41b585ca795f14bcdc90def5e78d2f1f7ed697f602a1e93ae13e4e8101f8a4d59cab8b5194d31991ff6ffac74f3a75b0

Download Submit
C:\Windows\System\sdVrQKv.exe

Filesize
1.8MB

MD5
9354b1ba055908d03bbcd4a80e03503e

SHA1
2581a9f47511bbb38a8a86344a1f0420fb5d6494

SHA256
b2f36d60e57585cd011f58e887f089a49652851349523057902cd4fd27f2e2b3

SHA512
34e90c5652556521ef27251bd85ba1c1cd2f966e2ef35a2532e795f6f275b82e876f2bc7370bb1534cc15273dbe1e0146d39cba5bebf5dfdb9d443f09433e4c4

Download Submit
C:\Windows\System\uKCOXRq.exe

Filesize
1.8MB

MD5
d054c391a9c64704dec6a804fedb5355

SHA1
9c528e4470c9a81686186459ba3368760aec2239

SHA256
c9b100257a317970486b6fade764be306e105485a31424fe4ca79b1a1b66634b

SHA512
69eb6955a5b5327dfb9a039aa4dc78c6658acf7358d2e29ee220fd7077d83224baeb530e57c1dbe9ce76d7260a8d47a9ec172179814e5e6c9fe91db0e16e2108

Download Submit
C:\Windows\System\vgoOfNo.exe

Filesize
1.8MB

MD5
9e7a494175745f429cfa07d18300b6cd

SHA1
157eb5733f7e82d420ff6085dc7395467ccffd84

SHA256
341da48e804e449c1cab76999fd08cc9cf837b59ccc430da8193898f82e6eb3b

SHA512
3d7ca97b8c6f86c0488c2e529a5804fbebcfe07673820160b8cb351b1793b8ef5fc6c7d8a1803a10f92904b55a267420cb95aeccd7599cc63bc4fd3701f2b3f2

Download Submit
C:\Windows\System\wwXtjXr.exe

Filesize
1.8MB

MD5
132c18af7aee7648362361de9dc6d542

SHA1
924577c4c64d2af25ac5ff7904069c23f2a32c7a

SHA256
b336ee70eab8fb1a4411c6551946eb74c8c6688fcde92ed1f837cc2e3d0c8f0b

SHA512
a0355c7b5267d082bcd78b59bf86cd6e363c6195de1b14e1b095584552b0f46c27c4dae4655b0544cee1f2dba98c1d4974594bc1423117f9c7e1e7378b228c20

Download Submit
C:\Windows\System\xnWvBxr.exe

Filesize
1.8MB

MD5
37ad032f9f4c5ac51a6b3a31bdf28f67

SHA1
2b823e8eb3477ad9fb546ce93b2760324a47cf6b

SHA256
1e25acca2ef1a9ca4c69d6977c33f6db308e05b9d9431744b2b2b1c12d2a2f58

SHA512
ec810ac9eddae7f4b9319b25087a6335e1e86e3db2c1f1c9e591b6965d49d09ff5ad55a1339202bae403086a420e014a02f262f9541c23e6b8b8356b95787a48

Download Submit
C:\Windows\System\zgoTVgS.exe

Filesize
1.8MB

MD5
56bb8fceeb1f17b44e3bdc7bb3e72caf

SHA1
336995e78c3ea847af1e2d4f571ebfa40a4f3031

SHA256
bd67bc1dd06541cd1bfcee958cd15d40b4eb2f93e254c3a5831083554c924366

SHA512
ef2bdb829a60c84af4c1fe6810077d60d06cef2f3802dee65b3879edb4ef497caabacd68610a18eca1205b7ab7b925e49c1e10b1437b2d8a48ce64d28112b938

Download Submit
memory/64-0-0x00007FF64BE80000-0x00007FF64C1D4000-memory.dmp

Filesize
3.3MB

Download
memory/64-1-0x000001ED0AEB0000-0x000001ED0AEC0000-memory.dmp

Filesize
64KB

Download
memory/464-232-0x00007FF743EE0000-0x00007FF744234000-memory.dmp

Filesize
3.3MB

Download
memory/464-2160-0x00007FF743EE0000-0x00007FF744234000-memory.dmp

Filesize
3.3MB

Download
memory/972-2142-0x00007FF68F450000-0x00007FF68F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/972-41-0x00007FF68F450000-0x00007FF68F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-228-0x00007FF776F50000-0x00007FF7772A4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2157-0x00007FF776F50000-0x00007FF7772A4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-239-0x00007FF7CAAA0000-0x00007FF7CADF4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-2167-0x00007FF7CAAA0000-0x00007FF7CADF4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-18-0x00007FF69FEA0000-0x00007FF6A01F4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2141-0x00007FF69FEA0000-0x00007FF6A01F4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2139-0x00007FF68FE70000-0x00007FF6901C4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2146-0x00007FF68FE70000-0x00007FF6901C4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-66-0x00007FF68FE70000-0x00007FF6901C4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2155-0x00007FF60AE60000-0x00007FF60B1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-225-0x00007FF60AE60000-0x00007FF60B1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-236-0x00007FF75CE50000-0x00007FF75D1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2166-0x00007FF75CE50000-0x00007FF75D1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-2145-0x00007FF74E450000-0x00007FF74E7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-241-0x00007FF74E450000-0x00007FF74E7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2143-0x00007FF6EA6A0000-0x00007FF6EA9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-53-0x00007FF6EA6A0000-0x00007FF6EA9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2152-0x00007FF789020000-0x00007FF789374000-memory.dmp

Filesize
3.3MB

Download
memory/2736-230-0x00007FF789020000-0x00007FF789374000-memory.dmp

Filesize
3.3MB

Download
memory/3036-197-0x00007FF7BA010000-0x00007FF7BA364000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2151-0x00007FF7BA010000-0x00007FF7BA364000-memory.dmp

Filesize
3.3MB

Download
memory/3256-244-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp

Filesize
3.3MB

Download
memory/3256-2159-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp

Filesize
3.3MB

Download
memory/3268-245-0x00007FF78F3E0000-0x00007FF78F734000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2168-0x00007FF78F3E0000-0x00007FF78F734000-memory.dmp

Filesize
3.3MB

Download
memory/3652-238-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp

Filesize
3.3MB

Download
memory/3652-2169-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2147-0x00007FF608090000-0x00007FF6083E4000-memory.dmp

Filesize
3.3MB

Download
memory/3892-242-0x00007FF608090000-0x00007FF6083E4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-2156-0x00007FF751EF0000-0x00007FF752244000-memory.dmp

Filesize
3.3MB

Download
memory/3904-229-0x00007FF751EF0000-0x00007FF752244000-memory.dmp

Filesize
3.3MB

Download
memory/4044-36-0x00007FF7D9D80000-0x00007FF7DA0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2144-0x00007FF7D9D80000-0x00007FF7DA0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2138-0x00007FF7D9D80000-0x00007FF7DA0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2153-0x00007FF67F200000-0x00007FF67F554000-memory.dmp

Filesize
3.3MB

Download
memory/4052-215-0x00007FF67F200000-0x00007FF67F554000-memory.dmp

Filesize
3.3MB

Download
memory/4240-243-0x00007FF66C4F0000-0x00007FF66C844000-memory.dmp

Filesize
3.3MB

Download
memory/4240-2149-0x00007FF66C4F0000-0x00007FF66C844000-memory.dmp

Filesize
3.3MB

Download
memory/4464-235-0x00007FF6C6AE0000-0x00007FF6C6E34000-memory.dmp

Filesize
3.3MB

Download
memory/4464-2164-0x00007FF6C6AE0000-0x00007FF6C6E34000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2161-0x00007FF60BC50000-0x00007FF60BFA4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-233-0x00007FF60BC50000-0x00007FF60BFA4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-206-0x00007FF642FE0000-0x00007FF643334000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2150-0x00007FF642FE0000-0x00007FF643334000-memory.dmp

Filesize
3.3MB

Download
memory/4928-214-0x00007FF716D70000-0x00007FF7170C4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2154-0x00007FF716D70000-0x00007FF7170C4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-240-0x00007FF711940000-0x00007FF711C94000-memory.dmp

Filesize
3.3MB

Download
memory/4972-2162-0x00007FF711940000-0x00007FF711C94000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2148-0x00007FF74B0B0000-0x00007FF74B404000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2140-0x00007FF74B0B0000-0x00007FF74B404000-memory.dmp

Filesize
3.3MB

Download
memory/5012-92-0x00007FF74B0B0000-0x00007FF74B404000-memory.dmp

Filesize
3.3MB

Download
memory/5024-237-0x00007FF6AE690000-0x00007FF6AE9E4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2165-0x00007FF6AE690000-0x00007FF6AE9E4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-234-0x00007FF68AF70000-0x00007FF68B2C4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2163-0x00007FF68AF70000-0x00007FF68B2C4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-231-0x00007FF6B89F0000-0x00007FF6B8D44000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2158-0x00007FF6B89F0000-0x00007FF6B8D44000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads