xmrig | 84bfb4053a234f3f63cfce4107295e4ca39e3da62ae062bff8b4a951d7e51b1b

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 22:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
Size

2.3MB
MD5

225832657beee50bd66a1d85460c1d40
SHA1

5d41fcc76e74db768c2ca6e0e0125a9c49333cf7
SHA256

84bfb4053a234f3f63cfce4107295e4ca39e3da62ae062bff8b4a951d7e51b1b
SHA512

fe4c7eea3e36fe1cdaa917e1e71668ede030827ab0de45874b4efb70becedfd2636ca3a490cf1891407f1fae837a209a35bdf1f4907821c1255a4e1b059265c3
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQHxlUyfL:oemTLkNdfE0pZrQ5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3516-0-0x00007FF7383C0000-0x00007FF738714000-memory.dmp	xmrig
behavioral2/files/0x0006000000023288-5.dat	xmrig
behavioral2/files/0x000700000002341f-7.dat	xmrig
behavioral2/files/0x0007000000023420-20.dat	xmrig
behavioral2/files/0x0007000000023421-24.dat	xmrig
behavioral2/files/0x0007000000023422-38.dat	xmrig
behavioral2/files/0x0007000000023426-53.dat	xmrig
behavioral2/files/0x0007000000023429-65.dat	xmrig
behavioral2/files/0x0007000000023428-72.dat	xmrig
behavioral2/files/0x000700000002342b-83.dat	xmrig
behavioral2/files/0x000700000002342e-96.dat	xmrig
behavioral2/files/0x0007000000023431-119.dat	xmrig
behavioral2/files/0x0007000000023435-137.dat	xmrig
behavioral2/files/0x0007000000023438-155.dat	xmrig
behavioral2/files/0x000700000002343f-179.dat	xmrig
behavioral2/memory/804-189-0x00007FF793830000-0x00007FF793B84000-memory.dmp	xmrig
behavioral2/memory/4660-198-0x00007FF667EE0000-0x00007FF668234000-memory.dmp	xmrig
behavioral2/memory/4976-206-0x00007FF61F670000-0x00007FF61F9C4000-memory.dmp	xmrig
behavioral2/memory/2084-211-0x00007FF64A780000-0x00007FF64AAD4000-memory.dmp	xmrig
behavioral2/memory/4744-210-0x00007FF7B0A90000-0x00007FF7B0DE4000-memory.dmp	xmrig
behavioral2/memory/4776-209-0x00007FF7EBDB0000-0x00007FF7EC104000-memory.dmp	xmrig
behavioral2/memory/1556-208-0x00007FF7C9820000-0x00007FF7C9B74000-memory.dmp	xmrig
behavioral2/memory/1248-207-0x00007FF7CC6D0000-0x00007FF7CCA24000-memory.dmp	xmrig
behavioral2/memory/2588-205-0x00007FF6BEF30000-0x00007FF6BF284000-memory.dmp	xmrig
behavioral2/memory/4948-204-0x00007FF7D7E40000-0x00007FF7D8194000-memory.dmp	xmrig
behavioral2/memory/1288-203-0x00007FF754620000-0x00007FF754974000-memory.dmp	xmrig
behavioral2/memory/3480-202-0x00007FF7FA720000-0x00007FF7FAA74000-memory.dmp	xmrig
behavioral2/memory/2796-201-0x00007FF6A1900000-0x00007FF6A1C54000-memory.dmp	xmrig
behavioral2/memory/4040-200-0x00007FF7F1080000-0x00007FF7F13D4000-memory.dmp	xmrig
behavioral2/memory/2604-199-0x00007FF7CB730000-0x00007FF7CBA84000-memory.dmp	xmrig
behavioral2/memory/4116-197-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp	xmrig
behavioral2/memory/4524-190-0x00007FF719470000-0x00007FF7197C4000-memory.dmp	xmrig
behavioral2/memory/4168-188-0x00007FF7CC280000-0x00007FF7CC5D4000-memory.dmp	xmrig
behavioral2/memory/4376-182-0x00007FF651420000-0x00007FF651774000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-180.dat	xmrig
behavioral2/files/0x000700000002343e-174.dat	xmrig
behavioral2/files/0x000700000002343d-173.dat	xmrig
behavioral2/memory/2908-172-0x00007FF7EE200000-0x00007FF7EE554000-memory.dmp	xmrig
behavioral2/memory/2000-171-0x00007FF76A650000-0x00007FF76A9A4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-170.dat	xmrig
behavioral2/files/0x000700000002343b-169.dat	xmrig
behavioral2/files/0x000700000002343a-168.dat	xmrig
behavioral2/files/0x0007000000023439-165.dat	xmrig
behavioral2/files/0x0009000000023418-158.dat	xmrig
behavioral2/files/0x0007000000023437-151.dat	xmrig
behavioral2/memory/4940-148-0x00007FF613A40000-0x00007FF613D94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-145.dat	xmrig
behavioral2/files/0x0007000000023436-140.dat	xmrig
behavioral2/files/0x0007000000023433-123.dat	xmrig
behavioral2/files/0x0007000000023432-121.dat	xmrig
behavioral2/files/0x0007000000023430-117.dat	xmrig
behavioral2/files/0x000700000002342f-115.dat	xmrig
behavioral2/files/0x000700000002342d-111.dat	xmrig
behavioral2/files/0x000700000002342c-109.dat	xmrig
behavioral2/memory/3732-101-0x00007FF752170000-0x00007FF7524C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-91.dat	xmrig
behavioral2/memory/1200-80-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-70.dat	xmrig
behavioral2/memory/3016-69-0x00007FF788A70000-0x00007FF788DC4000-memory.dmp	xmrig
behavioral2/memory/3672-62-0x00007FF6C17F0000-0x00007FF6C1B44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-61.dat	xmrig
behavioral2/files/0x0007000000023424-44.dat	xmrig
behavioral2/files/0x0007000000023423-42.dat	xmrig
behavioral2/memory/1816-27-0x00007FF761410000-0x00007FF761764000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3884	EZBZLrn.exe
2900	xDcqOnB.exe
4976	viqDcgw.exe
1816	gpHxRGl.exe
3672	bfuMWQt.exe
1248	tQcqXKG.exe
1556	MGZsPON.exe
3016	MQXAeXY.exe
1200	MKZoqlK.exe
3732	NaoDmYk.exe
4940	iGAdlru.exe
2000	EhOfySc.exe
2908	iiyTuxH.exe
4376	azamVqe.exe
4776	zlmZtCP.exe
4168	PeLVrEO.exe
804	fuQxQOC.exe
4524	KUPwlaE.exe
4744	qHMZGFH.exe
4116	bvauaUw.exe
4660	WHMYcsR.exe
2604	zGMEyWX.exe
4040	bwyreEG.exe
2796	xfeAnlK.exe
3480	TVAXjYR.exe
1288	BDfKXGw.exe
4948	fUgiMTf.exe
2084	gjMLebc.exe
2588	AmzOoZf.exe
880	EDuYVeV.exe
1948	GEBCxRr.exe
3912	WRZzfCS.exe
1396	FSEzKpz.exe
3252	LGkxYgE.exe
4612	JcKilPx.exe
1300	EXiFkUZ.exe
3840	rfBCKFl.exe
1840	xGgRYFP.exe
1360	LXkernD.exe
5012	hSdiISa.exe
364	KWWIhmT.exe
3804	rnsEHVR.exe
4596	bxefwSz.exe
3100	zrjRSad.exe
3568	ErDuldT.exe
4892	eZbzJBb.exe
3028	BoRmuzg.exe
4640	ARdiWJm.exe
4008	gRRANUG.exe
1132	fzybJBF.exe
1888	rfLHZla.exe
4848	EmyZypz.exe
4668	INGjuJX.exe
1344	BdGfWAX.exe
2488	NGMkqPp.exe
408	gCEynyy.exe
3768	PIOkvpk.exe
4012	EJRYYRU.exe
4072	NAUGwEH.exe
1652	kHyDkrL.exe
4440	lObikqT.exe
1792	shWNwzf.exe
1412	LtPgFWQ.exe
4652	ueHRfva.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3516-0-0x00007FF7383C0000-0x00007FF738714000-memory.dmp	upx
behavioral2/files/0x0006000000023288-5.dat	upx
behavioral2/files/0x000700000002341f-7.dat	upx
behavioral2/files/0x0007000000023420-20.dat	upx
behavioral2/files/0x0007000000023421-24.dat	upx
behavioral2/files/0x0007000000023422-38.dat	upx
behavioral2/files/0x0007000000023426-53.dat	upx
behavioral2/files/0x0007000000023429-65.dat	upx
behavioral2/files/0x0007000000023428-72.dat	upx
behavioral2/files/0x000700000002342b-83.dat	upx
behavioral2/files/0x000700000002342e-96.dat	upx
behavioral2/files/0x0007000000023431-119.dat	upx
behavioral2/files/0x0007000000023435-137.dat	upx
behavioral2/files/0x0007000000023438-155.dat	upx
behavioral2/files/0x000700000002343f-179.dat	upx
behavioral2/memory/804-189-0x00007FF793830000-0x00007FF793B84000-memory.dmp	upx
behavioral2/memory/4660-198-0x00007FF667EE0000-0x00007FF668234000-memory.dmp	upx
behavioral2/memory/4976-206-0x00007FF61F670000-0x00007FF61F9C4000-memory.dmp	upx
behavioral2/memory/2084-211-0x00007FF64A780000-0x00007FF64AAD4000-memory.dmp	upx
behavioral2/memory/4744-210-0x00007FF7B0A90000-0x00007FF7B0DE4000-memory.dmp	upx
behavioral2/memory/4776-209-0x00007FF7EBDB0000-0x00007FF7EC104000-memory.dmp	upx
behavioral2/memory/1556-208-0x00007FF7C9820000-0x00007FF7C9B74000-memory.dmp	upx
behavioral2/memory/1248-207-0x00007FF7CC6D0000-0x00007FF7CCA24000-memory.dmp	upx
behavioral2/memory/2588-205-0x00007FF6BEF30000-0x00007FF6BF284000-memory.dmp	upx
behavioral2/memory/4948-204-0x00007FF7D7E40000-0x00007FF7D8194000-memory.dmp	upx
behavioral2/memory/1288-203-0x00007FF754620000-0x00007FF754974000-memory.dmp	upx
behavioral2/memory/3480-202-0x00007FF7FA720000-0x00007FF7FAA74000-memory.dmp	upx
behavioral2/memory/2796-201-0x00007FF6A1900000-0x00007FF6A1C54000-memory.dmp	upx
behavioral2/memory/4040-200-0x00007FF7F1080000-0x00007FF7F13D4000-memory.dmp	upx
behavioral2/memory/2604-199-0x00007FF7CB730000-0x00007FF7CBA84000-memory.dmp	upx
behavioral2/memory/4116-197-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp	upx
behavioral2/memory/4524-190-0x00007FF719470000-0x00007FF7197C4000-memory.dmp	upx
behavioral2/memory/4168-188-0x00007FF7CC280000-0x00007FF7CC5D4000-memory.dmp	upx
behavioral2/memory/4376-182-0x00007FF651420000-0x00007FF651774000-memory.dmp	upx
behavioral2/files/0x0007000000023440-180.dat	upx
behavioral2/files/0x000700000002343e-174.dat	upx
behavioral2/files/0x000700000002343d-173.dat	upx
behavioral2/memory/2908-172-0x00007FF7EE200000-0x00007FF7EE554000-memory.dmp	upx
behavioral2/memory/2000-171-0x00007FF76A650000-0x00007FF76A9A4000-memory.dmp	upx
behavioral2/files/0x000700000002343c-170.dat	upx
behavioral2/files/0x000700000002343b-169.dat	upx
behavioral2/files/0x000700000002343a-168.dat	upx
behavioral2/files/0x0007000000023439-165.dat	upx
behavioral2/files/0x0009000000023418-158.dat	upx
behavioral2/files/0x0007000000023437-151.dat	upx
behavioral2/memory/4940-148-0x00007FF613A40000-0x00007FF613D94000-memory.dmp	upx
behavioral2/files/0x0007000000023434-145.dat	upx
behavioral2/files/0x0007000000023436-140.dat	upx
behavioral2/files/0x0007000000023433-123.dat	upx
behavioral2/files/0x0007000000023432-121.dat	upx
behavioral2/files/0x0007000000023430-117.dat	upx
behavioral2/files/0x000700000002342f-115.dat	upx
behavioral2/files/0x000700000002342d-111.dat	upx
behavioral2/files/0x000700000002342c-109.dat	upx
behavioral2/memory/3732-101-0x00007FF752170000-0x00007FF7524C4000-memory.dmp	upx
behavioral2/files/0x000700000002342a-91.dat	upx
behavioral2/memory/1200-80-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp	upx
behavioral2/files/0x0007000000023427-70.dat	upx
behavioral2/memory/3016-69-0x00007FF788A70000-0x00007FF788DC4000-memory.dmp	upx
behavioral2/memory/3672-62-0x00007FF6C17F0000-0x00007FF6C1B44000-memory.dmp	upx
behavioral2/files/0x0007000000023425-61.dat	upx
behavioral2/files/0x0007000000023424-44.dat	upx
behavioral2/files/0x0007000000023423-42.dat	upx
behavioral2/memory/1816-27-0x00007FF761410000-0x00007FF761764000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QXUYlEu.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\QLCkxot.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\ZcamDSL.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\OOZerOo.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\NndBXbP.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\EdHLLVI.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\oLPXcGm.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\jVocDNc.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\XbFNdsQ.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\azamVqe.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\QZoFGut.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\wJJBqTe.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\tTHzNrd.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\ZEltPuM.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\lVnYsvP.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\TcWnjNN.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\puNkksB.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\fLUzRYo.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\KDRjCFM.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\PljGGVV.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\pXYHZnZ.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\lYTtUzz.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\tbCGYeL.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\WLRNBAY.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\AvUzYtV.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\MApDKPC.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\dWBZaun.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\dIXopoK.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\OeTkrwA.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\TBJBDie.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\GSqubwb.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\NrlTIDx.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\DxlHhHO.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\wLoEtIB.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\TVAXjYR.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\pAcWHgz.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\gIZBrDm.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\tWXssca.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\OptakRn.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\nxlrHGM.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\AjXTJvS.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\ktslpCU.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\zNkGvxr.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\NPalbmY.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\bnnlSMp.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\hkrSITr.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\diQDJjF.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\GjFOMes.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\eIprmyX.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\TQojEMS.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\TcMEcZA.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\wFbKVVg.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\wSFmUXW.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\qJGRYsl.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\AwAEMEa.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\qtSVWCa.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\tIUREOE.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\lrlryUr.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\wittaKJ.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\YjGUNpv.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\CSJcifK.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\bBgLMUZ.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\NRQNQMQ.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
File created	C:\Windows\System\VyfHUSe.exe	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14132	dwm.exe
Token: SeChangeNotifyPrivilege	14132	dwm.exe
Token: 33	14132	dwm.exe
Token: SeIncBasePriorityPrivilege	14132	dwm.exe
Token: SeShutdownPrivilege	14132	dwm.exe
Token: SeCreatePagefilePrivilege	14132	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 3884	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	83
PID 3516 wrote to memory of 3884	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	83
PID 3516 wrote to memory of 2900	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	84
PID 3516 wrote to memory of 2900	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	84
PID 3516 wrote to memory of 1816	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	85
PID 3516 wrote to memory of 1816	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	85
PID 3516 wrote to memory of 4976	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	86
PID 3516 wrote to memory of 4976	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	86
PID 3516 wrote to memory of 3672	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	87
PID 3516 wrote to memory of 3672	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	87
PID 3516 wrote to memory of 1248	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	88
PID 3516 wrote to memory of 1248	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	88
PID 3516 wrote to memory of 1556	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	89
PID 3516 wrote to memory of 1556	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	89
PID 3516 wrote to memory of 3016	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	90
PID 3516 wrote to memory of 3016	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	90
PID 3516 wrote to memory of 1200	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	91
PID 3516 wrote to memory of 1200	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	91
PID 3516 wrote to memory of 3732	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	92
PID 3516 wrote to memory of 3732	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	92
PID 3516 wrote to memory of 4940	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	93
PID 3516 wrote to memory of 4940	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	93
PID 3516 wrote to memory of 2000	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	94
PID 3516 wrote to memory of 2000	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	94
PID 3516 wrote to memory of 2908	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	95
PID 3516 wrote to memory of 2908	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	95
PID 3516 wrote to memory of 4376	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	96
PID 3516 wrote to memory of 4376	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	96
PID 3516 wrote to memory of 4776	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	97
PID 3516 wrote to memory of 4776	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	97
PID 3516 wrote to memory of 4168	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	98
PID 3516 wrote to memory of 4168	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	98
PID 3516 wrote to memory of 804	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	99
PID 3516 wrote to memory of 804	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	99
PID 3516 wrote to memory of 4524	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	100
PID 3516 wrote to memory of 4524	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	100
PID 3516 wrote to memory of 4744	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	101
PID 3516 wrote to memory of 4744	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	101
PID 3516 wrote to memory of 4116	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	102
PID 3516 wrote to memory of 4116	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	102
PID 3516 wrote to memory of 4660	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	103
PID 3516 wrote to memory of 4660	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	103
PID 3516 wrote to memory of 2604	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	104
PID 3516 wrote to memory of 2604	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	104
PID 3516 wrote to memory of 4040	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	105
PID 3516 wrote to memory of 4040	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	105
PID 3516 wrote to memory of 2796	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	106
PID 3516 wrote to memory of 2796	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	106
PID 3516 wrote to memory of 3480	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	107
PID 3516 wrote to memory of 3480	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	107
PID 3516 wrote to memory of 1288	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	108
PID 3516 wrote to memory of 1288	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	108
PID 3516 wrote to memory of 4948	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	109
PID 3516 wrote to memory of 4948	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	109
PID 3516 wrote to memory of 2084	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	110
PID 3516 wrote to memory of 2084	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	110
PID 3516 wrote to memory of 2588	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	111
PID 3516 wrote to memory of 2588	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	111
PID 3516 wrote to memory of 880	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	112
PID 3516 wrote to memory of 880	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	112
PID 3516 wrote to memory of 1948	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	113
PID 3516 wrote to memory of 1948	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	113
PID 3516 wrote to memory of 3912	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	114
PID 3516 wrote to memory of 3912	3516	225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\225832657beee50bd66a1d85460c1d40_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Windows\System\EZBZLrn.exe
  C:\Windows\System\EZBZLrn.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\xDcqOnB.exe
  C:\Windows\System\xDcqOnB.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\gpHxRGl.exe
  C:\Windows\System\gpHxRGl.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\viqDcgw.exe
  C:\Windows\System\viqDcgw.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\bfuMWQt.exe
  C:\Windows\System\bfuMWQt.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\tQcqXKG.exe
  C:\Windows\System\tQcqXKG.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\MGZsPON.exe
  C:\Windows\System\MGZsPON.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\MQXAeXY.exe
  C:\Windows\System\MQXAeXY.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\MKZoqlK.exe
  C:\Windows\System\MKZoqlK.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\NaoDmYk.exe
  C:\Windows\System\NaoDmYk.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\iGAdlru.exe
  C:\Windows\System\iGAdlru.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\EhOfySc.exe
  C:\Windows\System\EhOfySc.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\iiyTuxH.exe
  C:\Windows\System\iiyTuxH.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\azamVqe.exe
  C:\Windows\System\azamVqe.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\zlmZtCP.exe
  C:\Windows\System\zlmZtCP.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\PeLVrEO.exe
  C:\Windows\System\PeLVrEO.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\fuQxQOC.exe
  C:\Windows\System\fuQxQOC.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\KUPwlaE.exe
  C:\Windows\System\KUPwlaE.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\qHMZGFH.exe
  C:\Windows\System\qHMZGFH.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\bvauaUw.exe
  C:\Windows\System\bvauaUw.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\WHMYcsR.exe
  C:\Windows\System\WHMYcsR.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\zGMEyWX.exe
  C:\Windows\System\zGMEyWX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\bwyreEG.exe
  C:\Windows\System\bwyreEG.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\xfeAnlK.exe
  C:\Windows\System\xfeAnlK.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\TVAXjYR.exe
  C:\Windows\System\TVAXjYR.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\BDfKXGw.exe
  C:\Windows\System\BDfKXGw.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\fUgiMTf.exe
  C:\Windows\System\fUgiMTf.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\gjMLebc.exe
  C:\Windows\System\gjMLebc.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\AmzOoZf.exe
  C:\Windows\System\AmzOoZf.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\EDuYVeV.exe
  C:\Windows\System\EDuYVeV.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\GEBCxRr.exe
  C:\Windows\System\GEBCxRr.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\WRZzfCS.exe
  C:\Windows\System\WRZzfCS.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\FSEzKpz.exe
  C:\Windows\System\FSEzKpz.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\LGkxYgE.exe
  C:\Windows\System\LGkxYgE.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\JcKilPx.exe
  C:\Windows\System\JcKilPx.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\EXiFkUZ.exe
  C:\Windows\System\EXiFkUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\rfBCKFl.exe
  C:\Windows\System\rfBCKFl.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\xGgRYFP.exe
  C:\Windows\System\xGgRYFP.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\LXkernD.exe
  C:\Windows\System\LXkernD.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\hSdiISa.exe
  C:\Windows\System\hSdiISa.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\KWWIhmT.exe
  C:\Windows\System\KWWIhmT.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\rnsEHVR.exe
  C:\Windows\System\rnsEHVR.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\bxefwSz.exe
  C:\Windows\System\bxefwSz.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\zrjRSad.exe
  C:\Windows\System\zrjRSad.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\ErDuldT.exe
  C:\Windows\System\ErDuldT.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\eZbzJBb.exe
  C:\Windows\System\eZbzJBb.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\BoRmuzg.exe
  C:\Windows\System\BoRmuzg.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ARdiWJm.exe
  C:\Windows\System\ARdiWJm.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\gRRANUG.exe
  C:\Windows\System\gRRANUG.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\fzybJBF.exe
  C:\Windows\System\fzybJBF.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\rfLHZla.exe
  C:\Windows\System\rfLHZla.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\EmyZypz.exe
  C:\Windows\System\EmyZypz.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\INGjuJX.exe
  C:\Windows\System\INGjuJX.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\BdGfWAX.exe
  C:\Windows\System\BdGfWAX.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\NGMkqPp.exe
  C:\Windows\System\NGMkqPp.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\gCEynyy.exe
  C:\Windows\System\gCEynyy.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\PIOkvpk.exe
  C:\Windows\System\PIOkvpk.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\EJRYYRU.exe
  C:\Windows\System\EJRYYRU.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\NAUGwEH.exe
  C:\Windows\System\NAUGwEH.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\kHyDkrL.exe
  C:\Windows\System\kHyDkrL.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\lObikqT.exe
  C:\Windows\System\lObikqT.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\shWNwzf.exe
  C:\Windows\System\shWNwzf.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\LtPgFWQ.exe
  C:\Windows\System\LtPgFWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\ueHRfva.exe
  C:\Windows\System\ueHRfva.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\pAcWHgz.exe
  C:\Windows\System\pAcWHgz.exe
  2⤵
  PID:1576
- C:\Windows\System\ECUiWoe.exe
  C:\Windows\System\ECUiWoe.exe
  2⤵
  PID:3312
- C:\Windows\System\QZoFGut.exe
  C:\Windows\System\QZoFGut.exe
  2⤵
  PID:2444
- C:\Windows\System\bEVseJs.exe
  C:\Windows\System\bEVseJs.exe
  2⤵
  PID:4560
- C:\Windows\System\EXzMHEs.exe
  C:\Windows\System\EXzMHEs.exe
  2⤵
  PID:3864
- C:\Windows\System\XYZmQMR.exe
  C:\Windows\System\XYZmQMR.exe
  2⤵
  PID:4000
- C:\Windows\System\ktpxQgx.exe
  C:\Windows\System\ktpxQgx.exe
  2⤵
  PID:2232
- C:\Windows\System\hIxsNMm.exe
  C:\Windows\System\hIxsNMm.exe
  2⤵
  PID:3368
- C:\Windows\System\tIZeykp.exe
  C:\Windows\System\tIZeykp.exe
  2⤵
  PID:3200
- C:\Windows\System\gLiUNdl.exe
  C:\Windows\System\gLiUNdl.exe
  2⤵
  PID:3548
- C:\Windows\System\RxbPYtP.exe
  C:\Windows\System\RxbPYtP.exe
  2⤵
  PID:2888
- C:\Windows\System\gIZBrDm.exe
  C:\Windows\System\gIZBrDm.exe
  2⤵
  PID:3508
- C:\Windows\System\VxkcYWG.exe
  C:\Windows\System\VxkcYWG.exe
  2⤵
  PID:2476
- C:\Windows\System\DlrIlpq.exe
  C:\Windows\System\DlrIlpq.exe
  2⤵
  PID:3080
- C:\Windows\System\xKZAozo.exe
  C:\Windows\System\xKZAozo.exe
  2⤵
  PID:724
- C:\Windows\System\xzYtWQZ.exe
  C:\Windows\System\xzYtWQZ.exe
  2⤵
  PID:4684
- C:\Windows\System\VfeCztA.exe
  C:\Windows\System\VfeCztA.exe
  2⤵
  PID:3288
- C:\Windows\System\ARMDINq.exe
  C:\Windows\System\ARMDINq.exe
  2⤵
  PID:2088
- C:\Windows\System\LrVePNS.exe
  C:\Windows\System\LrVePNS.exe
  2⤵
  PID:2924
- C:\Windows\System\OImjORI.exe
  C:\Windows\System\OImjORI.exe
  2⤵
  PID:1052
- C:\Windows\System\BEleqSA.exe
  C:\Windows\System\BEleqSA.exe
  2⤵
  PID:3704
- C:\Windows\System\OPkOOBL.exe
  C:\Windows\System\OPkOOBL.exe
  2⤵
  PID:4836
- C:\Windows\System\puNkksB.exe
  C:\Windows\System\puNkksB.exe
  2⤵
  PID:4472
- C:\Windows\System\SqyPHko.exe
  C:\Windows\System\SqyPHko.exe
  2⤵
  PID:1612
- C:\Windows\System\eOhJnaP.exe
  C:\Windows\System\eOhJnaP.exe
  2⤵
  PID:5052
- C:\Windows\System\JjHLFqe.exe
  C:\Windows\System\JjHLFqe.exe
  2⤵
  PID:3652
- C:\Windows\System\aCqoqgY.exe
  C:\Windows\System\aCqoqgY.exe
  2⤵
  PID:3144
- C:\Windows\System\tIUREOE.exe
  C:\Windows\System\tIUREOE.exe
  2⤵
  PID:2016
- C:\Windows\System\aOqjvYh.exe
  C:\Windows\System\aOqjvYh.exe
  2⤵
  PID:4276
- C:\Windows\System\rwPadoA.exe
  C:\Windows\System\rwPadoA.exe
  2⤵
  PID:4380
- C:\Windows\System\tWXssca.exe
  C:\Windows\System\tWXssca.exe
  2⤵
  PID:3888
- C:\Windows\System\TokRWYg.exe
  C:\Windows\System\TokRWYg.exe
  2⤵
  PID:3764
- C:\Windows\System\RXLsbtU.exe
  C:\Windows\System\RXLsbtU.exe
  2⤵
  PID:2356
- C:\Windows\System\UrwaWwo.exe
  C:\Windows\System\UrwaWwo.exe
  2⤵
  PID:5148
- C:\Windows\System\ZrTrrak.exe
  C:\Windows\System\ZrTrrak.exe
  2⤵
  PID:5168
- C:\Windows\System\jmtZvQS.exe
  C:\Windows\System\jmtZvQS.exe
  2⤵
  PID:5200
- C:\Windows\System\iLZgDbl.exe
  C:\Windows\System\iLZgDbl.exe
  2⤵
  PID:5228
- C:\Windows\System\SjMIyhn.exe
  C:\Windows\System\SjMIyhn.exe
  2⤵
  PID:5256
- C:\Windows\System\YyOBfBj.exe
  C:\Windows\System\YyOBfBj.exe
  2⤵
  PID:5284
- C:\Windows\System\zxgrYqu.exe
  C:\Windows\System\zxgrYqu.exe
  2⤵
  PID:5312
- C:\Windows\System\Jscfbph.exe
  C:\Windows\System\Jscfbph.exe
  2⤵
  PID:5340
- C:\Windows\System\wkpfNDa.exe
  C:\Windows\System\wkpfNDa.exe
  2⤵
  PID:5372
- C:\Windows\System\QpUQrxw.exe
  C:\Windows\System\QpUQrxw.exe
  2⤵
  PID:5400
- C:\Windows\System\wJJBqTe.exe
  C:\Windows\System\wJJBqTe.exe
  2⤵
  PID:5432
- C:\Windows\System\AnhAklT.exe
  C:\Windows\System\AnhAklT.exe
  2⤵
  PID:5448
- C:\Windows\System\peCsogO.exe
  C:\Windows\System\peCsogO.exe
  2⤵
  PID:5496
- C:\Windows\System\TmQFGWj.exe
  C:\Windows\System\TmQFGWj.exe
  2⤵
  PID:5524
- C:\Windows\System\dsihhyN.exe
  C:\Windows\System\dsihhyN.exe
  2⤵
  PID:5552
- C:\Windows\System\pnXkVGJ.exe
  C:\Windows\System\pnXkVGJ.exe
  2⤵
  PID:5580
- C:\Windows\System\iPALVcw.exe
  C:\Windows\System\iPALVcw.exe
  2⤵
  PID:5608
- C:\Windows\System\EOhRftz.exe
  C:\Windows\System\EOhRftz.exe
  2⤵
  PID:5636
- C:\Windows\System\ShGSitz.exe
  C:\Windows\System\ShGSitz.exe
  2⤵
  PID:5664
- C:\Windows\System\hGeoXRS.exe
  C:\Windows\System\hGeoXRS.exe
  2⤵
  PID:5684
- C:\Windows\System\YkGVHKQ.exe
  C:\Windows\System\YkGVHKQ.exe
  2⤵
  PID:5708
- C:\Windows\System\lrlryUr.exe
  C:\Windows\System\lrlryUr.exe
  2⤵
  PID:5728
- C:\Windows\System\OrsnBse.exe
  C:\Windows\System\OrsnBse.exe
  2⤵
  PID:5752
- C:\Windows\System\HRILFUx.exe
  C:\Windows\System\HRILFUx.exe
  2⤵
  PID:5772
- C:\Windows\System\iJIXWHO.exe
  C:\Windows\System\iJIXWHO.exe
  2⤵
  PID:5804
- C:\Windows\System\mKdHZvF.exe
  C:\Windows\System\mKdHZvF.exe
  2⤵
  PID:5824
- C:\Windows\System\TjEeETr.exe
  C:\Windows\System\TjEeETr.exe
  2⤵
  PID:5856
- C:\Windows\System\AlAzhlr.exe
  C:\Windows\System\AlAzhlr.exe
  2⤵
  PID:5892
- C:\Windows\System\MuFZzhQ.exe
  C:\Windows\System\MuFZzhQ.exe
  2⤵
  PID:5924
- C:\Windows\System\GVZasQo.exe
  C:\Windows\System\GVZasQo.exe
  2⤵
  PID:5944
- C:\Windows\System\Zigjyyh.exe
  C:\Windows\System\Zigjyyh.exe
  2⤵
  PID:5980
- C:\Windows\System\VyfHUSe.exe
  C:\Windows\System\VyfHUSe.exe
  2⤵
  PID:6012
- C:\Windows\System\lmdLmro.exe
  C:\Windows\System\lmdLmro.exe
  2⤵
  PID:6048
- C:\Windows\System\YRrnOce.exe
  C:\Windows\System\YRrnOce.exe
  2⤵
  PID:6076
- C:\Windows\System\vkELGvl.exe
  C:\Windows\System\vkELGvl.exe
  2⤵
  PID:6108
- C:\Windows\System\OzauXTI.exe
  C:\Windows\System\OzauXTI.exe
  2⤵
  PID:6136
- C:\Windows\System\lqKlHex.exe
  C:\Windows\System\lqKlHex.exe
  2⤵
  PID:5188
- C:\Windows\System\TTMODus.exe
  C:\Windows\System\TTMODus.exe
  2⤵
  PID:5248
- C:\Windows\System\QVNmLzc.exe
  C:\Windows\System\QVNmLzc.exe
  2⤵
  PID:5324
- C:\Windows\System\iKGbLIi.exe
  C:\Windows\System\iKGbLIi.exe
  2⤵
  PID:5392
- C:\Windows\System\sgaxHkX.exe
  C:\Windows\System\sgaxHkX.exe
  2⤵
  PID:5444
- C:\Windows\System\wtYqWBz.exe
  C:\Windows\System\wtYqWBz.exe
  2⤵
  PID:5508
- C:\Windows\System\PtNeiUW.exe
  C:\Windows\System\PtNeiUW.exe
  2⤵
  PID:5492
- C:\Windows\System\JbcWRVU.exe
  C:\Windows\System\JbcWRVU.exe
  2⤵
  PID:5620
- C:\Windows\System\zawqyUA.exe
  C:\Windows\System\zawqyUA.exe
  2⤵
  PID:5704
- C:\Windows\System\aVrCcYA.exe
  C:\Windows\System\aVrCcYA.exe
  2⤵
  PID:5780
- C:\Windows\System\diQDJjF.exe
  C:\Windows\System\diQDJjF.exe
  2⤵
  PID:5788
- C:\Windows\System\KGcCEdI.exe
  C:\Windows\System\KGcCEdI.exe
  2⤵
  PID:5872
- C:\Windows\System\sLLcVbX.exe
  C:\Windows\System\sLLcVbX.exe
  2⤵
  PID:5936
- C:\Windows\System\FYzxTQN.exe
  C:\Windows\System\FYzxTQN.exe
  2⤵
  PID:6024
- C:\Windows\System\oEWULvN.exe
  C:\Windows\System\oEWULvN.exe
  2⤵
  PID:6068
- C:\Windows\System\xaBmfuj.exe
  C:\Windows\System\xaBmfuj.exe
  2⤵
  PID:3304
- C:\Windows\System\HDUEcep.exe
  C:\Windows\System\HDUEcep.exe
  2⤵
  PID:5216
- C:\Windows\System\hesMYhT.exe
  C:\Windows\System\hesMYhT.exe
  2⤵
  PID:5352
- C:\Windows\System\kFrljSy.exe
  C:\Windows\System\kFrljSy.exe
  2⤵
  PID:5564
- C:\Windows\System\ceNGFRq.exe
  C:\Windows\System\ceNGFRq.exe
  2⤵
  PID:5724
- C:\Windows\System\pPNlyBo.exe
  C:\Windows\System\pPNlyBo.exe
  2⤵
  PID:5848
- C:\Windows\System\KVtwzYp.exe
  C:\Windows\System\KVtwzYp.exe
  2⤵
  PID:5972
- C:\Windows\System\ugAGHfX.exe
  C:\Windows\System\ugAGHfX.exe
  2⤵
  PID:6064
- C:\Windows\System\RfcgamL.exe
  C:\Windows\System\RfcgamL.exe
  2⤵
  PID:5360
- C:\Windows\System\JHoVqak.exe
  C:\Windows\System\JHoVqak.exe
  2⤵
  PID:5740
- C:\Windows\System\vvtCLgf.exe
  C:\Windows\System\vvtCLgf.exe
  2⤵
  PID:5960
- C:\Windows\System\JokeiQv.exe
  C:\Windows\System\JokeiQv.exe
  2⤵
  PID:6168
- C:\Windows\System\RyqltVw.exe
  C:\Windows\System\RyqltVw.exe
  2⤵
  PID:6188
- C:\Windows\System\JlmcCHj.exe
  C:\Windows\System\JlmcCHj.exe
  2⤵
  PID:6236
- C:\Windows\System\mRUBFsj.exe
  C:\Windows\System\mRUBFsj.exe
  2⤵
  PID:6256
- C:\Windows\System\qPhIgQt.exe
  C:\Windows\System\qPhIgQt.exe
  2⤵
  PID:6272
- C:\Windows\System\HoLNWjl.exe
  C:\Windows\System\HoLNWjl.exe
  2⤵
  PID:6288
- C:\Windows\System\DOBTppp.exe
  C:\Windows\System\DOBTppp.exe
  2⤵
  PID:6328
- C:\Windows\System\tTHzNrd.exe
  C:\Windows\System\tTHzNrd.exe
  2⤵
  PID:6348
- C:\Windows\System\uFZqcor.exe
  C:\Windows\System\uFZqcor.exe
  2⤵
  PID:6384
- C:\Windows\System\PljGGVV.exe
  C:\Windows\System\PljGGVV.exe
  2⤵
  PID:6412
- C:\Windows\System\jywLvUn.exe
  C:\Windows\System\jywLvUn.exe
  2⤵
  PID:6452
- C:\Windows\System\CZcOouA.exe
  C:\Windows\System\CZcOouA.exe
  2⤵
  PID:6480
- C:\Windows\System\MFTIHhB.exe
  C:\Windows\System\MFTIHhB.exe
  2⤵
  PID:6508
- C:\Windows\System\oFLjzQH.exe
  C:\Windows\System\oFLjzQH.exe
  2⤵
  PID:6536
- C:\Windows\System\TPpIHnD.exe
  C:\Windows\System\TPpIHnD.exe
  2⤵
  PID:6552
- C:\Windows\System\ETXIriv.exe
  C:\Windows\System\ETXIriv.exe
  2⤵
  PID:6568
- C:\Windows\System\wittaKJ.exe
  C:\Windows\System\wittaKJ.exe
  2⤵
  PID:6584
- C:\Windows\System\OEhnTwe.exe
  C:\Windows\System\OEhnTwe.exe
  2⤵
  PID:6608
- C:\Windows\System\vOcRjhc.exe
  C:\Windows\System\vOcRjhc.exe
  2⤵
  PID:6628
- C:\Windows\System\nBENdkE.exe
  C:\Windows\System\nBENdkE.exe
  2⤵
  PID:6652
- C:\Windows\System\oejmwxh.exe
  C:\Windows\System\oejmwxh.exe
  2⤵
  PID:6684
- C:\Windows\System\gYFvEKx.exe
  C:\Windows\System\gYFvEKx.exe
  2⤵
  PID:6708
- C:\Windows\System\JpmnlhA.exe
  C:\Windows\System\JpmnlhA.exe
  2⤵
  PID:6744
- C:\Windows\System\fHudcNI.exe
  C:\Windows\System\fHudcNI.exe
  2⤵
  PID:6776
- C:\Windows\System\wYXVOle.exe
  C:\Windows\System\wYXVOle.exe
  2⤵
  PID:6812
- C:\Windows\System\XEPqpfj.exe
  C:\Windows\System\XEPqpfj.exe
  2⤵
  PID:6844
- C:\Windows\System\VOWEaIU.exe
  C:\Windows\System\VOWEaIU.exe
  2⤵
  PID:6876
- C:\Windows\System\NajpeQS.exe
  C:\Windows\System\NajpeQS.exe
  2⤵
  PID:6916
- C:\Windows\System\lqiuWcY.exe
  C:\Windows\System\lqiuWcY.exe
  2⤵
  PID:6944
- C:\Windows\System\zoKeCPo.exe
  C:\Windows\System\zoKeCPo.exe
  2⤵
  PID:6960
- C:\Windows\System\skcFXjA.exe
  C:\Windows\System\skcFXjA.exe
  2⤵
  PID:6980
- C:\Windows\System\njSEEGa.exe
  C:\Windows\System\njSEEGa.exe
  2⤵
  PID:7008
- C:\Windows\System\OOkKZsn.exe
  C:\Windows\System\OOkKZsn.exe
  2⤵
  PID:7032
- C:\Windows\System\tDzEXti.exe
  C:\Windows\System\tDzEXti.exe
  2⤵
  PID:7056
- C:\Windows\System\nOpOEdV.exe
  C:\Windows\System\nOpOEdV.exe
  2⤵
  PID:7092
- C:\Windows\System\qfkWJdb.exe
  C:\Windows\System\qfkWJdb.exe
  2⤵
  PID:7132
- C:\Windows\System\xvrDvCl.exe
  C:\Windows\System\xvrDvCl.exe
  2⤵
  PID:5964
- C:\Windows\System\NgHpWEs.exe
  C:\Windows\System\NgHpWEs.exe
  2⤵
  PID:6184
- C:\Windows\System\NHnXmhA.exe
  C:\Windows\System\NHnXmhA.exe
  2⤵
  PID:6252
- C:\Windows\System\tjXKHQh.exe
  C:\Windows\System\tjXKHQh.exe
  2⤵
  PID:6316
- C:\Windows\System\QbrycZe.exe
  C:\Windows\System\QbrycZe.exe
  2⤵
  PID:6368
- C:\Windows\System\RyeAxBp.exe
  C:\Windows\System\RyeAxBp.exe
  2⤵
  PID:6440
- C:\Windows\System\VSQdIuc.exe
  C:\Windows\System\VSQdIuc.exe
  2⤵
  PID:6504
- C:\Windows\System\ZlzTrYj.exe
  C:\Windows\System\ZlzTrYj.exe
  2⤵
  PID:6580
- C:\Windows\System\llVTiOI.exe
  C:\Windows\System\llVTiOI.exe
  2⤵
  PID:6676
- C:\Windows\System\ibmylvi.exe
  C:\Windows\System\ibmylvi.exe
  2⤵
  PID:6700
- C:\Windows\System\PxqkbIY.exe
  C:\Windows\System\PxqkbIY.exe
  2⤵
  PID:6788
- C:\Windows\System\zjWpeLp.exe
  C:\Windows\System\zjWpeLp.exe
  2⤵
  PID:6824
- C:\Windows\System\SJmXmgM.exe
  C:\Windows\System\SJmXmgM.exe
  2⤵
  PID:6900
- C:\Windows\System\TEHFiiq.exe
  C:\Windows\System\TEHFiiq.exe
  2⤵
  PID:6976
- C:\Windows\System\NlYStsF.exe
  C:\Windows\System\NlYStsF.exe
  2⤵
  PID:7000
- C:\Windows\System\ktslpCU.exe
  C:\Windows\System\ktslpCU.exe
  2⤵
  PID:7088
- C:\Windows\System\xDXYNCh.exe
  C:\Windows\System\xDXYNCh.exe
  2⤵
  PID:7128
- C:\Windows\System\vkKkudK.exe
  C:\Windows\System\vkKkudK.exe
  2⤵
  PID:6156
- C:\Windows\System\wRYBnrh.exe
  C:\Windows\System\wRYBnrh.exe
  2⤵
  PID:6360
- C:\Windows\System\ZdQtEbO.exe
  C:\Windows\System\ZdQtEbO.exe
  2⤵
  PID:6396
- C:\Windows\System\HxnfmWF.exe
  C:\Windows\System\HxnfmWF.exe
  2⤵
  PID:6648
- C:\Windows\System\pZmvLRQ.exe
  C:\Windows\System\pZmvLRQ.exe
  2⤵
  PID:6800
- C:\Windows\System\PUGRGHD.exe
  C:\Windows\System\PUGRGHD.exe
  2⤵
  PID:6896
- C:\Windows\System\DYHevHz.exe
  C:\Windows\System\DYHevHz.exe
  2⤵
  PID:7084
- C:\Windows\System\WCcozUj.exe
  C:\Windows\System\WCcozUj.exe
  2⤵
  PID:7164
- C:\Windows\System\exHQkXJ.exe
  C:\Windows\System\exHQkXJ.exe
  2⤵
  PID:6420
- C:\Windows\System\OptakRn.exe
  C:\Windows\System\OptakRn.exe
  2⤵
  PID:6888
- C:\Windows\System\bzyHQZq.exe
  C:\Windows\System\bzyHQZq.exe
  2⤵
  PID:7020
- C:\Windows\System\YkDzQre.exe
  C:\Windows\System\YkDzQre.exe
  2⤵
  PID:7204
- C:\Windows\System\oIhRAeN.exe
  C:\Windows\System\oIhRAeN.exe
  2⤵
  PID:7236
- C:\Windows\System\HvPsHUD.exe
  C:\Windows\System\HvPsHUD.exe
  2⤵
  PID:7276
- C:\Windows\System\UZeJWkC.exe
  C:\Windows\System\UZeJWkC.exe
  2⤵
  PID:7296
- C:\Windows\System\QXUYlEu.exe
  C:\Windows\System\QXUYlEu.exe
  2⤵
  PID:7320
- C:\Windows\System\kFvrZCB.exe
  C:\Windows\System\kFvrZCB.exe
  2⤵
  PID:7348
- C:\Windows\System\XAyxNbw.exe
  C:\Windows\System\XAyxNbw.exe
  2⤵
  PID:7388
- C:\Windows\System\IPhZfuJ.exe
  C:\Windows\System\IPhZfuJ.exe
  2⤵
  PID:7420
- C:\Windows\System\zNkGvxr.exe
  C:\Windows\System\zNkGvxr.exe
  2⤵
  PID:7456
- C:\Windows\System\AcdhfSj.exe
  C:\Windows\System\AcdhfSj.exe
  2⤵
  PID:7484
- C:\Windows\System\LEBmXDF.exe
  C:\Windows\System\LEBmXDF.exe
  2⤵
  PID:7500
- C:\Windows\System\VpWCxKU.exe
  C:\Windows\System\VpWCxKU.exe
  2⤵
  PID:7532
- C:\Windows\System\MApDKPC.exe
  C:\Windows\System\MApDKPC.exe
  2⤵
  PID:7556
- C:\Windows\System\qWCwVFo.exe
  C:\Windows\System\qWCwVFo.exe
  2⤵
  PID:7588
- C:\Windows\System\HdxUDDH.exe
  C:\Windows\System\HdxUDDH.exe
  2⤵
  PID:7624
- C:\Windows\System\TmNetPe.exe
  C:\Windows\System\TmNetPe.exe
  2⤵
  PID:7648
- C:\Windows\System\vCSPPJc.exe
  C:\Windows\System\vCSPPJc.exe
  2⤵
  PID:7684
- C:\Windows\System\pXYHZnZ.exe
  C:\Windows\System\pXYHZnZ.exe
  2⤵
  PID:7700
- C:\Windows\System\YjGUNpv.exe
  C:\Windows\System\YjGUNpv.exe
  2⤵
  PID:7724
- C:\Windows\System\iUCqRtN.exe
  C:\Windows\System\iUCqRtN.exe
  2⤵
  PID:7756
- C:\Windows\System\sSfmLGC.exe
  C:\Windows\System\sSfmLGC.exe
  2⤵
  PID:7796
- C:\Windows\System\cLdbffY.exe
  C:\Windows\System\cLdbffY.exe
  2⤵
  PID:7824
- C:\Windows\System\CpukJgR.exe
  C:\Windows\System\CpukJgR.exe
  2⤵
  PID:7840
- C:\Windows\System\IFIvjvq.exe
  C:\Windows\System\IFIvjvq.exe
  2⤵
  PID:7860
- C:\Windows\System\oXzcHhy.exe
  C:\Windows\System\oXzcHhy.exe
  2⤵
  PID:7884
- C:\Windows\System\WeWFGDU.exe
  C:\Windows\System\WeWFGDU.exe
  2⤵
  PID:7912
- C:\Windows\System\lzSzBDX.exe
  C:\Windows\System\lzSzBDX.exe
  2⤵
  PID:7952
- C:\Windows\System\sawKysv.exe
  C:\Windows\System\sawKysv.exe
  2⤵
  PID:7976
- C:\Windows\System\TcMEcZA.exe
  C:\Windows\System\TcMEcZA.exe
  2⤵
  PID:8016
- C:\Windows\System\kMviRHA.exe
  C:\Windows\System\kMviRHA.exe
  2⤵
  PID:8044
- C:\Windows\System\yGHdLjq.exe
  C:\Windows\System\yGHdLjq.exe
  2⤵
  PID:8068
- C:\Windows\System\EYMtCJK.exe
  C:\Windows\System\EYMtCJK.exe
  2⤵
  PID:8092
- C:\Windows\System\YeJKWsC.exe
  C:\Windows\System\YeJKWsC.exe
  2⤵
  PID:8132
- C:\Windows\System\nuCwvoh.exe
  C:\Windows\System\nuCwvoh.exe
  2⤵
  PID:8160
- C:\Windows\System\CaKrOlz.exe
  C:\Windows\System\CaKrOlz.exe
  2⤵
  PID:8176
- C:\Windows\System\poUnzJw.exe
  C:\Windows\System\poUnzJw.exe
  2⤵
  PID:6940
- C:\Windows\System\WcnGBFM.exe
  C:\Windows\System\WcnGBFM.exe
  2⤵
  PID:6264
- C:\Windows\System\NWXqEsJ.exe
  C:\Windows\System\NWXqEsJ.exe
  2⤵
  PID:7284
- C:\Windows\System\sOMqDdt.exe
  C:\Windows\System\sOMqDdt.exe
  2⤵
  PID:7312
- C:\Windows\System\myjREbM.exe
  C:\Windows\System\myjREbM.exe
  2⤵
  PID:7428
- C:\Windows\System\pSHHMld.exe
  C:\Windows\System\pSHHMld.exe
  2⤵
  PID:7468
- C:\Windows\System\kIbwcOP.exe
  C:\Windows\System\kIbwcOP.exe
  2⤵
  PID:7528
- C:\Windows\System\zIEGIzR.exe
  C:\Windows\System\zIEGIzR.exe
  2⤵
  PID:7608
- C:\Windows\System\TSAiPJz.exe
  C:\Windows\System\TSAiPJz.exe
  2⤵
  PID:7676
- C:\Windows\System\mTasfwo.exe
  C:\Windows\System\mTasfwo.exe
  2⤵
  PID:7720
- C:\Windows\System\QLCkxot.exe
  C:\Windows\System\QLCkxot.exe
  2⤵
  PID:7808
- C:\Windows\System\xXHmHsT.exe
  C:\Windows\System\xXHmHsT.exe
  2⤵
  PID:7876
- C:\Windows\System\KUNvkSp.exe
  C:\Windows\System\KUNvkSp.exe
  2⤵
  PID:7940
- C:\Windows\System\XNLEvIU.exe
  C:\Windows\System\XNLEvIU.exe
  2⤵
  PID:8008
- C:\Windows\System\mJZEpDK.exe
  C:\Windows\System\mJZEpDK.exe
  2⤵
  PID:8084
- C:\Windows\System\AEjeYnP.exe
  C:\Windows\System\AEjeYnP.exe
  2⤵
  PID:8112
- C:\Windows\System\oDXcXTH.exe
  C:\Windows\System\oDXcXTH.exe
  2⤵
  PID:8188
- C:\Windows\System\loboNxu.exe
  C:\Windows\System\loboNxu.exe
  2⤵
  PID:7256
- C:\Windows\System\xLSDFzC.exe
  C:\Windows\System\xLSDFzC.exe
  2⤵
  PID:7496
- C:\Windows\System\daYLvBX.exe
  C:\Windows\System\daYLvBX.exe
  2⤵
  PID:7672
- C:\Windows\System\QHjIhpg.exe
  C:\Windows\System\QHjIhpg.exe
  2⤵
  PID:7788
- C:\Windows\System\LxUcNhz.exe
  C:\Windows\System\LxUcNhz.exe
  2⤵
  PID:7908
- C:\Windows\System\GWSziRc.exe
  C:\Windows\System\GWSziRc.exe
  2⤵
  PID:7964
- C:\Windows\System\BuJixjF.exe
  C:\Windows\System\BuJixjF.exe
  2⤵
  PID:8152
- C:\Windows\System\BxTVGAk.exe
  C:\Windows\System\BxTVGAk.exe
  2⤵
  PID:7376
- C:\Windows\System\EfUEFBq.exe
  C:\Windows\System\EfUEFBq.exe
  2⤵
  PID:7836
- C:\Windows\System\vvZBFqU.exe
  C:\Windows\System\vvZBFqU.exe
  2⤵
  PID:8052
- C:\Windows\System\COScolw.exe
  C:\Windows\System\COScolw.exe
  2⤵
  PID:7364
- C:\Windows\System\odksSqT.exe
  C:\Windows\System\odksSqT.exe
  2⤵
  PID:8228
- C:\Windows\System\EZvbFJs.exe
  C:\Windows\System\EZvbFJs.exe
  2⤵
  PID:8256
- C:\Windows\System\CMdZMcJ.exe
  C:\Windows\System\CMdZMcJ.exe
  2⤵
  PID:8272
- C:\Windows\System\vWWZGoP.exe
  C:\Windows\System\vWWZGoP.exe
  2⤵
  PID:8304
- C:\Windows\System\spyPZLt.exe
  C:\Windows\System\spyPZLt.exe
  2⤵
  PID:8332
- C:\Windows\System\lOkSkSJ.exe
  C:\Windows\System\lOkSkSJ.exe
  2⤵
  PID:8356
- C:\Windows\System\LDGKefq.exe
  C:\Windows\System\LDGKefq.exe
  2⤵
  PID:8384
- C:\Windows\System\hRgQPIW.exe
  C:\Windows\System\hRgQPIW.exe
  2⤵
  PID:8412
- C:\Windows\System\LdqjHNv.exe
  C:\Windows\System\LdqjHNv.exe
  2⤵
  PID:8440
- C:\Windows\System\QqZoBxQ.exe
  C:\Windows\System\QqZoBxQ.exe
  2⤵
  PID:8480
- C:\Windows\System\MSEndMs.exe
  C:\Windows\System\MSEndMs.exe
  2⤵
  PID:8508
- C:\Windows\System\vvwqbNy.exe
  C:\Windows\System\vvwqbNy.exe
  2⤵
  PID:8524
- C:\Windows\System\iTCgldV.exe
  C:\Windows\System\iTCgldV.exe
  2⤵
  PID:8560
- C:\Windows\System\CeLKpqF.exe
  C:\Windows\System\CeLKpqF.exe
  2⤵
  PID:8580
- C:\Windows\System\wFbKVVg.exe
  C:\Windows\System\wFbKVVg.exe
  2⤵
  PID:8608
- C:\Windows\System\fLUzRYo.exe
  C:\Windows\System\fLUzRYo.exe
  2⤵
  PID:8624
- C:\Windows\System\acMswIG.exe
  C:\Windows\System\acMswIG.exe
  2⤵
  PID:8648
- C:\Windows\System\redXrOg.exe
  C:\Windows\System\redXrOg.exe
  2⤵
  PID:8684
- C:\Windows\System\AJaGlbS.exe
  C:\Windows\System\AJaGlbS.exe
  2⤵
  PID:8704
- C:\Windows\System\nsftmYr.exe
  C:\Windows\System\nsftmYr.exe
  2⤵
  PID:8744
- C:\Windows\System\TcGZREW.exe
  C:\Windows\System\TcGZREW.exe
  2⤵
  PID:8772
- C:\Windows\System\YcQyroJ.exe
  C:\Windows\System\YcQyroJ.exe
  2⤵
  PID:8804
- C:\Windows\System\piwthyr.exe
  C:\Windows\System\piwthyr.exe
  2⤵
  PID:8832
- C:\Windows\System\truhxwk.exe
  C:\Windows\System\truhxwk.exe
  2⤵
  PID:8868
- C:\Windows\System\tWGcrqH.exe
  C:\Windows\System\tWGcrqH.exe
  2⤵
  PID:8888
- C:\Windows\System\VtyGTTn.exe
  C:\Windows\System\VtyGTTn.exe
  2⤵
  PID:8912
- C:\Windows\System\QOkDksj.exe
  C:\Windows\System\QOkDksj.exe
  2⤵
  PID:8932
- C:\Windows\System\iBPbMwV.exe
  C:\Windows\System\iBPbMwV.exe
  2⤵
  PID:8956
- C:\Windows\System\JyzQwmp.exe
  C:\Windows\System\JyzQwmp.exe
  2⤵
  PID:8992
- C:\Windows\System\vADXQre.exe
  C:\Windows\System\vADXQre.exe
  2⤵
  PID:9028
- C:\Windows\System\idCooVN.exe
  C:\Windows\System\idCooVN.exe
  2⤵
  PID:9056
- C:\Windows\System\sabINzG.exe
  C:\Windows\System\sabINzG.exe
  2⤵
  PID:9084
- C:\Windows\System\fHSVUUg.exe
  C:\Windows\System\fHSVUUg.exe
  2⤵
  PID:9116
- C:\Windows\System\CIphDHp.exe
  C:\Windows\System\CIphDHp.exe
  2⤵
  PID:9144
- C:\Windows\System\dfqEMca.exe
  C:\Windows\System\dfqEMca.exe
  2⤵
  PID:9168
- C:\Windows\System\yXGZyhF.exe
  C:\Windows\System\yXGZyhF.exe
  2⤵
  PID:9200
- C:\Windows\System\BHtNdry.exe
  C:\Windows\System\BHtNdry.exe
  2⤵
  PID:6576
- C:\Windows\System\zYaRxEM.exe
  C:\Windows\System\zYaRxEM.exe
  2⤵
  PID:8240
- C:\Windows\System\GMEIJvt.exe
  C:\Windows\System\GMEIJvt.exe
  2⤵
  PID:8316
- C:\Windows\System\XlRflVQ.exe
  C:\Windows\System\XlRflVQ.exe
  2⤵
  PID:8372
- C:\Windows\System\jPXhPfZ.exe
  C:\Windows\System\jPXhPfZ.exe
  2⤵
  PID:8464
- C:\Windows\System\jFZZEMz.exe
  C:\Windows\System\jFZZEMz.exe
  2⤵
  PID:8516
- C:\Windows\System\JyIZcDa.exe
  C:\Windows\System\JyIZcDa.exe
  2⤵
  PID:8600
- C:\Windows\System\rbeNkqX.exe
  C:\Windows\System\rbeNkqX.exe
  2⤵
  PID:8644
- C:\Windows\System\SYYGHtM.exe
  C:\Windows\System\SYYGHtM.exe
  2⤵
  PID:8728
- C:\Windows\System\SsadNLq.exe
  C:\Windows\System\SsadNLq.exe
  2⤵
  PID:8796
- C:\Windows\System\rYdHvvT.exe
  C:\Windows\System\rYdHvvT.exe
  2⤵
  PID:8844
- C:\Windows\System\nYkfDJn.exe
  C:\Windows\System\nYkfDJn.exe
  2⤵
  PID:8876
- C:\Windows\System\wjkkMVO.exe
  C:\Windows\System\wjkkMVO.exe
  2⤵
  PID:8980
- C:\Windows\System\bdtiCbU.exe
  C:\Windows\System\bdtiCbU.exe
  2⤵
  PID:9044
- C:\Windows\System\cgsvVJp.exe
  C:\Windows\System\cgsvVJp.exe
  2⤵
  PID:9068
- C:\Windows\System\TrsMThd.exe
  C:\Windows\System\TrsMThd.exe
  2⤵
  PID:9184
- C:\Windows\System\KtTDVmj.exe
  C:\Windows\System\KtTDVmj.exe
  2⤵
  PID:9192
- C:\Windows\System\VjEkZBO.exe
  C:\Windows\System\VjEkZBO.exe
  2⤵
  PID:8284
- C:\Windows\System\ZPUUDPB.exe
  C:\Windows\System\ZPUUDPB.exe
  2⤵
  PID:8432
- C:\Windows\System\EmYrgXQ.exe
  C:\Windows\System\EmYrgXQ.exe
  2⤵
  PID:8576
- C:\Windows\System\OjfwsMQ.exe
  C:\Windows\System\OjfwsMQ.exe
  2⤵
  PID:8700
- C:\Windows\System\xTkqejq.exe
  C:\Windows\System\xTkqejq.exe
  2⤵
  PID:8948
- C:\Windows\System\BCrnjim.exe
  C:\Windows\System\BCrnjim.exe
  2⤵
  PID:9012
- C:\Windows\System\ZEltPuM.exe
  C:\Windows\System\ZEltPuM.exe
  2⤵
  PID:8452
- C:\Windows\System\wSFmUXW.exe
  C:\Windows\System\wSFmUXW.exe
  2⤵
  PID:8696
- C:\Windows\System\KDtBjEX.exe
  C:\Windows\System\KDtBjEX.exe
  2⤵
  PID:8820
- C:\Windows\System\GiNUtgK.exe
  C:\Windows\System\GiNUtgK.exe
  2⤵
  PID:8908
- C:\Windows\System\lRclgtT.exe
  C:\Windows\System\lRclgtT.exe
  2⤵
  PID:8224
- C:\Windows\System\TiuNRnC.exe
  C:\Windows\System\TiuNRnC.exe
  2⤵
  PID:9236
- C:\Windows\System\qPiEFBr.exe
  C:\Windows\System\qPiEFBr.exe
  2⤵
  PID:9268
- C:\Windows\System\bLQBCan.exe
  C:\Windows\System\bLQBCan.exe
  2⤵
  PID:9292
- C:\Windows\System\PyDgMzL.exe
  C:\Windows\System\PyDgMzL.exe
  2⤵
  PID:9308
- C:\Windows\System\BKAOIxF.exe
  C:\Windows\System\BKAOIxF.exe
  2⤵
  PID:9336
- C:\Windows\System\tjbpQEH.exe
  C:\Windows\System\tjbpQEH.exe
  2⤵
  PID:9368
- C:\Windows\System\rGCEDnm.exe
  C:\Windows\System\rGCEDnm.exe
  2⤵
  PID:9416
- C:\Windows\System\jRdVpTe.exe
  C:\Windows\System\jRdVpTe.exe
  2⤵
  PID:9440
- C:\Windows\System\lKoEoRb.exe
  C:\Windows\System\lKoEoRb.exe
  2⤵
  PID:9476
- C:\Windows\System\rjEvyDE.exe
  C:\Windows\System\rjEvyDE.exe
  2⤵
  PID:9500
- C:\Windows\System\gnzZIeC.exe
  C:\Windows\System\gnzZIeC.exe
  2⤵
  PID:9516
- C:\Windows\System\tiKTWas.exe
  C:\Windows\System\tiKTWas.exe
  2⤵
  PID:9532
- C:\Windows\System\LxlDkix.exe
  C:\Windows\System\LxlDkix.exe
  2⤵
  PID:9572
- C:\Windows\System\UOSgyFn.exe
  C:\Windows\System\UOSgyFn.exe
  2⤵
  PID:9616
- C:\Windows\System\EYiXVwp.exe
  C:\Windows\System\EYiXVwp.exe
  2⤵
  PID:9656
- C:\Windows\System\bLwGQxQ.exe
  C:\Windows\System\bLwGQxQ.exe
  2⤵
  PID:9680
- C:\Windows\System\QUbRoCt.exe
  C:\Windows\System\QUbRoCt.exe
  2⤵
  PID:9712
- C:\Windows\System\NPalbmY.exe
  C:\Windows\System\NPalbmY.exe
  2⤵
  PID:9748
- C:\Windows\System\CSJcifK.exe
  C:\Windows\System\CSJcifK.exe
  2⤵
  PID:9764
- C:\Windows\System\jmNYiNL.exe
  C:\Windows\System\jmNYiNL.exe
  2⤵
  PID:9792
- C:\Windows\System\pBMSXDs.exe
  C:\Windows\System\pBMSXDs.exe
  2⤵
  PID:9828
- C:\Windows\System\HtgWgWq.exe
  C:\Windows\System\HtgWgWq.exe
  2⤵
  PID:9860
- C:\Windows\System\EaxZXsz.exe
  C:\Windows\System\EaxZXsz.exe
  2⤵
  PID:9876
- C:\Windows\System\IcOijNm.exe
  C:\Windows\System\IcOijNm.exe
  2⤵
  PID:9908
- C:\Windows\System\ImvSwJG.exe
  C:\Windows\System\ImvSwJG.exe
  2⤵
  PID:9932
- C:\Windows\System\LtjZOEo.exe
  C:\Windows\System\LtjZOEo.exe
  2⤵
  PID:9972
- C:\Windows\System\BeLgjRk.exe
  C:\Windows\System\BeLgjRk.exe
  2⤵
  PID:10000
- C:\Windows\System\VgHRSAY.exe
  C:\Windows\System\VgHRSAY.exe
  2⤵
  PID:10032
- C:\Windows\System\DTYnCTO.exe
  C:\Windows\System\DTYnCTO.exe
  2⤵
  PID:10052
- C:\Windows\System\aHplVSd.exe
  C:\Windows\System\aHplVSd.exe
  2⤵
  PID:10076
- C:\Windows\System\deLwijt.exe
  C:\Windows\System\deLwijt.exe
  2⤵
  PID:10104
- C:\Windows\System\tsKLozk.exe
  C:\Windows\System\tsKLozk.exe
  2⤵
  PID:10132
- C:\Windows\System\SBoqPoM.exe
  C:\Windows\System\SBoqPoM.exe
  2⤵
  PID:10168
- C:\Windows\System\OeTkrwA.exe
  C:\Windows\System\OeTkrwA.exe
  2⤵
  PID:10188
- C:\Windows\System\VQpsmNl.exe
  C:\Windows\System\VQpsmNl.exe
  2⤵
  PID:10216
- C:\Windows\System\PhYhWej.exe
  C:\Windows\System\PhYhWej.exe
  2⤵
  PID:8616
- C:\Windows\System\CuppFAD.exe
  C:\Windows\System\CuppFAD.exe
  2⤵
  PID:9232
- C:\Windows\System\KPKDNZy.exe
  C:\Windows\System\KPKDNZy.exe
  2⤵
  PID:9324
- C:\Windows\System\hvAQNgR.exe
  C:\Windows\System\hvAQNgR.exe
  2⤵
  PID:9400
- C:\Windows\System\kFuFTKR.exe
  C:\Windows\System\kFuFTKR.exe
  2⤵
  PID:9460
- C:\Windows\System\acmkmjV.exe
  C:\Windows\System\acmkmjV.exe
  2⤵
  PID:9508
- C:\Windows\System\jUCODGy.exe
  C:\Windows\System\jUCODGy.exe
  2⤵
  PID:9568
- C:\Windows\System\WOZQCeU.exe
  C:\Windows\System\WOZQCeU.exe
  2⤵
  PID:9624
- C:\Windows\System\bnnlSMp.exe
  C:\Windows\System\bnnlSMp.exe
  2⤵
  PID:9692
- C:\Windows\System\mOBQdMg.exe
  C:\Windows\System\mOBQdMg.exe
  2⤵
  PID:9756
- C:\Windows\System\lYTtUzz.exe
  C:\Windows\System\lYTtUzz.exe
  2⤵
  PID:9804
- C:\Windows\System\MJdQRZG.exe
  C:\Windows\System\MJdQRZG.exe
  2⤵
  PID:9872
- C:\Windows\System\PLqMoXO.exe
  C:\Windows\System\PLqMoXO.exe
  2⤵
  PID:9952
- C:\Windows\System\GpbmoWG.exe
  C:\Windows\System\GpbmoWG.exe
  2⤵
  PID:10024
- C:\Windows\System\TOtupQU.exe
  C:\Windows\System\TOtupQU.exe
  2⤵
  PID:10096
- C:\Windows\System\KmmtOcZ.exe
  C:\Windows\System\KmmtOcZ.exe
  2⤵
  PID:10176
- C:\Windows\System\oDQvFBv.exe
  C:\Windows\System\oDQvFBv.exe
  2⤵
  PID:8752
- C:\Windows\System\ocCpFwe.exe
  C:\Windows\System\ocCpFwe.exe
  2⤵
  PID:9160
- C:\Windows\System\nxlrHGM.exe
  C:\Windows\System\nxlrHGM.exe
  2⤵
  PID:9380
- C:\Windows\System\OLEacms.exe
  C:\Windows\System\OLEacms.exe
  2⤵
  PID:9596
- C:\Windows\System\KdoAqaS.exe
  C:\Windows\System\KdoAqaS.exe
  2⤵
  PID:9784
- C:\Windows\System\HuXvrsp.exe
  C:\Windows\System\HuXvrsp.exe
  2⤵
  PID:9896
- C:\Windows\System\TVuuSzN.exe
  C:\Windows\System\TVuuSzN.exe
  2⤵
  PID:10072
- C:\Windows\System\AtYHZga.exe
  C:\Windows\System\AtYHZga.exe
  2⤵
  PID:10156
- C:\Windows\System\aHImsAn.exe
  C:\Windows\System\aHImsAn.exe
  2⤵
  PID:9076
- C:\Windows\System\YDloSln.exe
  C:\Windows\System\YDloSln.exe
  2⤵
  PID:9528
- C:\Windows\System\TBJBDie.exe
  C:\Windows\System\TBJBDie.exe
  2⤵
  PID:10120
- C:\Windows\System\VtHgJJJ.exe
  C:\Windows\System\VtHgJJJ.exe
  2⤵
  PID:9608
- C:\Windows\System\cTGxuFQ.exe
  C:\Windows\System\cTGxuFQ.exe
  2⤵
  PID:9836
- C:\Windows\System\VBUtduj.exe
  C:\Windows\System\VBUtduj.exe
  2⤵
  PID:10264
- C:\Windows\System\sRzulQW.exe
  C:\Windows\System\sRzulQW.exe
  2⤵
  PID:10292
- C:\Windows\System\fxgAkdX.exe
  C:\Windows\System\fxgAkdX.exe
  2⤵
  PID:10332
- C:\Windows\System\JKyRWEz.exe
  C:\Windows\System\JKyRWEz.exe
  2⤵
  PID:10360
- C:\Windows\System\KDRjCFM.exe
  C:\Windows\System\KDRjCFM.exe
  2⤵
  PID:10388
- C:\Windows\System\AjXTJvS.exe
  C:\Windows\System\AjXTJvS.exe
  2⤵
  PID:10408
- C:\Windows\System\wlxmHOr.exe
  C:\Windows\System\wlxmHOr.exe
  2⤵
  PID:10432
- C:\Windows\System\hjGjgiE.exe
  C:\Windows\System\hjGjgiE.exe
  2⤵
  PID:10460
- C:\Windows\System\qtSVWCa.exe
  C:\Windows\System\qtSVWCa.exe
  2⤵
  PID:10492
- C:\Windows\System\PRuACsF.exe
  C:\Windows\System\PRuACsF.exe
  2⤵
  PID:10520
- C:\Windows\System\GSqubwb.exe
  C:\Windows\System\GSqubwb.exe
  2⤵
  PID:10548
- C:\Windows\System\FexiUZG.exe
  C:\Windows\System\FexiUZG.exe
  2⤵
  PID:10572
- C:\Windows\System\ystbCSO.exe
  C:\Windows\System\ystbCSO.exe
  2⤵
  PID:10608
- C:\Windows\System\NNQWwFW.exe
  C:\Windows\System\NNQWwFW.exe
  2⤵
  PID:10628
- C:\Windows\System\pzAsAlC.exe
  C:\Windows\System\pzAsAlC.exe
  2⤵
  PID:10652
- C:\Windows\System\pBTocfh.exe
  C:\Windows\System\pBTocfh.exe
  2⤵
  PID:10684
- C:\Windows\System\xzaCJgm.exe
  C:\Windows\System\xzaCJgm.exe
  2⤵
  PID:10712
- C:\Windows\System\IcKMtsk.exe
  C:\Windows\System\IcKMtsk.exe
  2⤵
  PID:10740
- C:\Windows\System\TtwTLsH.exe
  C:\Windows\System\TtwTLsH.exe
  2⤵
  PID:10764
- C:\Windows\System\csdIeJH.exe
  C:\Windows\System\csdIeJH.exe
  2⤵
  PID:10796
- C:\Windows\System\wLoEtIB.exe
  C:\Windows\System\wLoEtIB.exe
  2⤵
  PID:10824
- C:\Windows\System\NlhZmdh.exe
  C:\Windows\System\NlhZmdh.exe
  2⤵
  PID:10852
- C:\Windows\System\nGcKYQq.exe
  C:\Windows\System\nGcKYQq.exe
  2⤵
  PID:10872
- C:\Windows\System\qgHaVKd.exe
  C:\Windows\System\qgHaVKd.exe
  2⤵
  PID:10888
- C:\Windows\System\bcxyCRb.exe
  C:\Windows\System\bcxyCRb.exe
  2⤵
  PID:10936
- C:\Windows\System\qJGRYsl.exe
  C:\Windows\System\qJGRYsl.exe
  2⤵
  PID:10956
- C:\Windows\System\ZcamDSL.exe
  C:\Windows\System\ZcamDSL.exe
  2⤵
  PID:10992
- C:\Windows\System\QzJYbbb.exe
  C:\Windows\System\QzJYbbb.exe
  2⤵
  PID:11020
- C:\Windows\System\WJzcTbQ.exe
  C:\Windows\System\WJzcTbQ.exe
  2⤵
  PID:11044
- C:\Windows\System\pBwLbdH.exe
  C:\Windows\System\pBwLbdH.exe
  2⤵
  PID:11064
- C:\Windows\System\iMuVmiW.exe
  C:\Windows\System\iMuVmiW.exe
  2⤵
  PID:11092
- C:\Windows\System\VyCdwQc.exe
  C:\Windows\System\VyCdwQc.exe
  2⤵
  PID:11120
- C:\Windows\System\YSqeEFf.exe
  C:\Windows\System\YSqeEFf.exe
  2⤵
  PID:11160
- C:\Windows\System\zQzOqAT.exe
  C:\Windows\System\zQzOqAT.exe
  2⤵
  PID:11184
- C:\Windows\System\palblOW.exe
  C:\Windows\System\palblOW.exe
  2⤵
  PID:11200
- C:\Windows\System\BwILNvF.exe
  C:\Windows\System\BwILNvF.exe
  2⤵
  PID:11224
- C:\Windows\System\pxKDFQl.exe
  C:\Windows\System\pxKDFQl.exe
  2⤵
  PID:11260
- C:\Windows\System\dYClWmH.exe
  C:\Windows\System\dYClWmH.exe
  2⤵
  PID:10260
- C:\Windows\System\ZTVepIu.exe
  C:\Windows\System\ZTVepIu.exe
  2⤵
  PID:10320
- C:\Windows\System\RxkGfrY.exe
  C:\Windows\System\RxkGfrY.exe
  2⤵
  PID:10380
- C:\Windows\System\lPmPnAm.exe
  C:\Windows\System\lPmPnAm.exe
  2⤵
  PID:10428
- C:\Windows\System\bNwPQSB.exe
  C:\Windows\System\bNwPQSB.exe
  2⤵
  PID:10500
- C:\Windows\System\msmcEBH.exe
  C:\Windows\System\msmcEBH.exe
  2⤵
  PID:10600
- C:\Windows\System\xzxjYZn.exe
  C:\Windows\System\xzxjYZn.exe
  2⤵
  PID:10676
- C:\Windows\System\nZdsbpd.exe
  C:\Windows\System\nZdsbpd.exe
  2⤵
  PID:10728
- C:\Windows\System\LqDwZbR.exe
  C:\Windows\System\LqDwZbR.exe
  2⤵
  PID:10784
- C:\Windows\System\lzsjNKt.exe
  C:\Windows\System\lzsjNKt.exe
  2⤵
  PID:10844
- C:\Windows\System\ztQkCBu.exe
  C:\Windows\System\ztQkCBu.exe
  2⤵
  PID:10880
- C:\Windows\System\HdmrWOE.exe
  C:\Windows\System\HdmrWOE.exe
  2⤵
  PID:10948
- C:\Windows\System\wswETsE.exe
  C:\Windows\System\wswETsE.exe
  2⤵
  PID:11036
- C:\Windows\System\CzFzBHQ.exe
  C:\Windows\System\CzFzBHQ.exe
  2⤵
  PID:11136
- C:\Windows\System\VApgdsN.exe
  C:\Windows\System\VApgdsN.exe
  2⤵
  PID:11176
- C:\Windows\System\AwAEMEa.exe
  C:\Windows\System\AwAEMEa.exe
  2⤵
  PID:9388
- C:\Windows\System\wihSurk.exe
  C:\Windows\System\wihSurk.exe
  2⤵
  PID:10312
- C:\Windows\System\bkuOdEc.exe
  C:\Windows\System\bkuOdEc.exe
  2⤵
  PID:10448
- C:\Windows\System\wqFgtKn.exe
  C:\Windows\System\wqFgtKn.exe
  2⤵
  PID:10640
- C:\Windows\System\sIfdwMx.exe
  C:\Windows\System\sIfdwMx.exe
  2⤵
  PID:10840
- C:\Windows\System\TLKjiuz.exe
  C:\Windows\System\TLKjiuz.exe
  2⤵
  PID:10968
- C:\Windows\System\OOZerOo.exe
  C:\Windows\System\OOZerOo.exe
  2⤵
  PID:11104
- C:\Windows\System\YTtwlwl.exe
  C:\Windows\System\YTtwlwl.exe
  2⤵
  PID:11232
- C:\Windows\System\ehLcSeZ.exe
  C:\Windows\System\ehLcSeZ.exe
  2⤵
  PID:10532
- C:\Windows\System\XCSwrWj.exe
  C:\Windows\System\XCSwrWj.exe
  2⤵
  PID:11152
- C:\Windows\System\WBjOrAs.exe
  C:\Windows\System\WBjOrAs.exe
  2⤵
  PID:10808
- C:\Windows\System\hkrSITr.exe
  C:\Windows\System\hkrSITr.exe
  2⤵
  PID:11292
- C:\Windows\System\XMzgSZj.exe
  C:\Windows\System\XMzgSZj.exe
  2⤵
  PID:11328
- C:\Windows\System\sjGHcZN.exe
  C:\Windows\System\sjGHcZN.exe
  2⤵
  PID:11352
- C:\Windows\System\bBgLMUZ.exe
  C:\Windows\System\bBgLMUZ.exe
  2⤵
  PID:11388
- C:\Windows\System\AbjfGQL.exe
  C:\Windows\System\AbjfGQL.exe
  2⤵
  PID:11412
- C:\Windows\System\NRQNQMQ.exe
  C:\Windows\System\NRQNQMQ.exe
  2⤵
  PID:11448
- C:\Windows\System\ixPxXmw.exe
  C:\Windows\System\ixPxXmw.exe
  2⤵
  PID:11476
- C:\Windows\System\alBHaHn.exe
  C:\Windows\System\alBHaHn.exe
  2⤵
  PID:11500
- C:\Windows\System\VPsYZSJ.exe
  C:\Windows\System\VPsYZSJ.exe
  2⤵
  PID:11532
- C:\Windows\System\GXMBhfa.exe
  C:\Windows\System\GXMBhfa.exe
  2⤵
  PID:11556
- C:\Windows\System\AIhPJDe.exe
  C:\Windows\System\AIhPJDe.exe
  2⤵
  PID:11584
- C:\Windows\System\UcBwdPx.exe
  C:\Windows\System\UcBwdPx.exe
  2⤵
  PID:11624
- C:\Windows\System\NvjHKnQ.exe
  C:\Windows\System\NvjHKnQ.exe
  2⤵
  PID:11648
- C:\Windows\System\yTwiQtv.exe
  C:\Windows\System\yTwiQtv.exe
  2⤵
  PID:11672
- C:\Windows\System\RfTgbic.exe
  C:\Windows\System\RfTgbic.exe
  2⤵
  PID:11696
- C:\Windows\System\zQEIzFP.exe
  C:\Windows\System\zQEIzFP.exe
  2⤵
  PID:11736
- C:\Windows\System\GaPzZGl.exe
  C:\Windows\System\GaPzZGl.exe
  2⤵
  PID:11764
- C:\Windows\System\CZGbMEh.exe
  C:\Windows\System\CZGbMEh.exe
  2⤵
  PID:11780
- C:\Windows\System\oyXYyac.exe
  C:\Windows\System\oyXYyac.exe
  2⤵
  PID:11800
- C:\Windows\System\zfjICen.exe
  C:\Windows\System\zfjICen.exe
  2⤵
  PID:11844
- C:\Windows\System\KzYBEbf.exe
  C:\Windows\System\KzYBEbf.exe
  2⤵
  PID:11876
- C:\Windows\System\IpOoynP.exe
  C:\Windows\System\IpOoynP.exe
  2⤵
  PID:11900
- C:\Windows\System\STCvtQy.exe
  C:\Windows\System\STCvtQy.exe
  2⤵
  PID:11932
- C:\Windows\System\bjBRwrq.exe
  C:\Windows\System\bjBRwrq.exe
  2⤵
  PID:11960
- C:\Windows\System\vanOtYv.exe
  C:\Windows\System\vanOtYv.exe
  2⤵
  PID:11976
- C:\Windows\System\ZRHbChy.exe
  C:\Windows\System\ZRHbChy.exe
  2⤵
  PID:11996
- C:\Windows\System\eiHjpuV.exe
  C:\Windows\System\eiHjpuV.exe
  2⤵
  PID:12032
- C:\Windows\System\RIRLtpg.exe
  C:\Windows\System\RIRLtpg.exe
  2⤵
  PID:12060
- C:\Windows\System\hSJyXVa.exe
  C:\Windows\System\hSJyXVa.exe
  2⤵
  PID:12136
- C:\Windows\System\CbozLVy.exe
  C:\Windows\System\CbozLVy.exe
  2⤵
  PID:12152
- C:\Windows\System\nRHIvtU.exe
  C:\Windows\System\nRHIvtU.exe
  2⤵
  PID:12180
- C:\Windows\System\fOrAKtH.exe
  C:\Windows\System\fOrAKtH.exe
  2⤵
  PID:12200
- C:\Windows\System\oiKTeia.exe
  C:\Windows\System\oiKTeia.exe
  2⤵
  PID:12248
- C:\Windows\System\dWBZaun.exe
  C:\Windows\System\dWBZaun.exe
  2⤵
  PID:12268
- C:\Windows\System\FfJBlbe.exe
  C:\Windows\System\FfJBlbe.exe
  2⤵
  PID:10316
- C:\Windows\System\kgZBBXF.exe
  C:\Windows\System\kgZBBXF.exe
  2⤵
  PID:11212
- C:\Windows\System\tbCGYeL.exe
  C:\Windows\System\tbCGYeL.exe
  2⤵
  PID:11316
- C:\Windows\System\cGSmTuG.exe
  C:\Windows\System\cGSmTuG.exe
  2⤵
  PID:11376
- C:\Windows\System\DcqnpDh.exe
  C:\Windows\System\DcqnpDh.exe
  2⤵
  PID:11428
- C:\Windows\System\NndBXbP.exe
  C:\Windows\System\NndBXbP.exe
  2⤵
  PID:11436
- C:\Windows\System\hHlfVtS.exe
  C:\Windows\System\hHlfVtS.exe
  2⤵
  PID:11520
- C:\Windows\System\KMalEGq.exe
  C:\Windows\System\KMalEGq.exe
  2⤵
  PID:11596
- C:\Windows\System\gCBvdhw.exe
  C:\Windows\System\gCBvdhw.exe
  2⤵
  PID:11692
- C:\Windows\System\NFXHYQN.exe
  C:\Windows\System\NFXHYQN.exe
  2⤵
  PID:11772
- C:\Windows\System\YMuvdMt.exe
  C:\Windows\System\YMuvdMt.exe
  2⤵
  PID:11836
- C:\Windows\System\hJLxAxm.exe
  C:\Windows\System\hJLxAxm.exe
  2⤵
  PID:11892
- C:\Windows\System\tPEoyge.exe
  C:\Windows\System\tPEoyge.exe
  2⤵
  PID:11916
- C:\Windows\System\gukzNVU.exe
  C:\Windows\System\gukzNVU.exe
  2⤵
  PID:12048
- C:\Windows\System\aSywOMJ.exe
  C:\Windows\System\aSywOMJ.exe
  2⤵
  PID:12104
- C:\Windows\System\qotTVsg.exe
  C:\Windows\System\qotTVsg.exe
  2⤵
  PID:1256
- C:\Windows\System\WSBsEaI.exe
  C:\Windows\System\WSBsEaI.exe
  2⤵
  PID:12232
- C:\Windows\System\mygJMPJ.exe
  C:\Windows\System\mygJMPJ.exe
  2⤵
  PID:10916
- C:\Windows\System\YVlbFKD.exe
  C:\Windows\System\YVlbFKD.exe
  2⤵
  PID:11468
- C:\Windows\System\RNDMTbp.exe
  C:\Windows\System\RNDMTbp.exe
  2⤵
  PID:11516
- C:\Windows\System\NCKZdhi.exe
  C:\Windows\System\NCKZdhi.exe
  2⤵
  PID:11812
- C:\Windows\System\eFWQcgY.exe
  C:\Windows\System\eFWQcgY.exe
  2⤵
  PID:11972
- C:\Windows\System\UdZQSOW.exe
  C:\Windows\System\UdZQSOW.exe
  2⤵
  PID:3360
- C:\Windows\System\nsjTCFI.exe
  C:\Windows\System\nsjTCFI.exe
  2⤵
  PID:12028
- C:\Windows\System\caUeone.exe
  C:\Windows\System\caUeone.exe
  2⤵
  PID:11464
- C:\Windows\System\HWvpjsk.exe
  C:\Windows\System\HWvpjsk.exe
  2⤵
  PID:11552
- C:\Windows\System\rndoQnU.exe
  C:\Windows\System\rndoQnU.exe
  2⤵
  PID:11884
- C:\Windows\System\dQvOiyH.exe
  C:\Windows\System\dQvOiyH.exe
  2⤵
  PID:12312
- C:\Windows\System\DiWHRGG.exe
  C:\Windows\System\DiWHRGG.exe
  2⤵
  PID:12336
- C:\Windows\System\MeOKBCH.exe
  C:\Windows\System\MeOKBCH.exe
  2⤵
  PID:12360
- C:\Windows\System\KjRqIhF.exe
  C:\Windows\System\KjRqIhF.exe
  2⤵
  PID:12384
- C:\Windows\System\HANowQx.exe
  C:\Windows\System\HANowQx.exe
  2⤵
  PID:12412
- C:\Windows\System\sbXxFWN.exe
  C:\Windows\System\sbXxFWN.exe
  2⤵
  PID:12436
- C:\Windows\System\JUAahsu.exe
  C:\Windows\System\JUAahsu.exe
  2⤵
  PID:12476
- C:\Windows\System\MguDumz.exe
  C:\Windows\System\MguDumz.exe
  2⤵
  PID:12516
- C:\Windows\System\xfRdoeg.exe
  C:\Windows\System\xfRdoeg.exe
  2⤵
  PID:12544
- C:\Windows\System\wrzueiX.exe
  C:\Windows\System\wrzueiX.exe
  2⤵
  PID:12564
- C:\Windows\System\imMBEDE.exe
  C:\Windows\System\imMBEDE.exe
  2⤵
  PID:12596
- C:\Windows\System\MvZsjSH.exe
  C:\Windows\System\MvZsjSH.exe
  2⤵
  PID:12632
- C:\Windows\System\tIKZdRZ.exe
  C:\Windows\System\tIKZdRZ.exe
  2⤵
  PID:12684
- C:\Windows\System\CLXzUSf.exe
  C:\Windows\System\CLXzUSf.exe
  2⤵
  PID:12720
- C:\Windows\System\UcsULHO.exe
  C:\Windows\System\UcsULHO.exe
  2⤵
  PID:12740
- C:\Windows\System\WceJWbG.exe
  C:\Windows\System\WceJWbG.exe
  2⤵
  PID:12768
- C:\Windows\System\GjFOMes.exe
  C:\Windows\System\GjFOMes.exe
  2⤵
  PID:12796
- C:\Windows\System\IjyljXL.exe
  C:\Windows\System\IjyljXL.exe
  2⤵
  PID:12820
- C:\Windows\System\upGBovI.exe
  C:\Windows\System\upGBovI.exe
  2⤵
  PID:12852
- C:\Windows\System\LiHkHxb.exe
  C:\Windows\System\LiHkHxb.exe
  2⤵
  PID:12876
- C:\Windows\System\ZORPXne.exe
  C:\Windows\System\ZORPXne.exe
  2⤵
  PID:12896
- C:\Windows\System\EdHLLVI.exe
  C:\Windows\System\EdHLLVI.exe
  2⤵
  PID:12920
- C:\Windows\System\DUeqeUR.exe
  C:\Windows\System\DUeqeUR.exe
  2⤵
  PID:12964
- C:\Windows\System\WLRNBAY.exe
  C:\Windows\System\WLRNBAY.exe
  2⤵
  PID:12992
- C:\Windows\System\lsCxyyp.exe
  C:\Windows\System\lsCxyyp.exe
  2⤵
  PID:13032
- C:\Windows\System\SIPmugZ.exe
  C:\Windows\System\SIPmugZ.exe
  2⤵
  PID:13056
- C:\Windows\System\BJBijUu.exe
  C:\Windows\System\BJBijUu.exe
  2⤵
  PID:13088
- C:\Windows\System\rnIVmLT.exe
  C:\Windows\System\rnIVmLT.exe
  2⤵
  PID:13124
- C:\Windows\System\eIprmyX.exe
  C:\Windows\System\eIprmyX.exe
  2⤵
  PID:13144
- C:\Windows\System\krmHlDH.exe
  C:\Windows\System\krmHlDH.exe
  2⤵
  PID:13176
- C:\Windows\System\HXVgvMc.exe
  C:\Windows\System\HXVgvMc.exe
  2⤵
  PID:13212
- C:\Windows\System\abvAKdx.exe
  C:\Windows\System\abvAKdx.exe
  2⤵
  PID:13240
- C:\Windows\System\nmUfGqw.exe
  C:\Windows\System\nmUfGqw.exe
  2⤵
  PID:13260
- C:\Windows\System\cglpvVy.exe
  C:\Windows\System\cglpvVy.exe
  2⤵
  PID:13288
- C:\Windows\System\JVDgiiE.exe
  C:\Windows\System\JVDgiiE.exe
  2⤵
  PID:13308
- C:\Windows\System\XcGZYQL.exe
  C:\Windows\System\XcGZYQL.exe
  2⤵
  PID:12056
- C:\Windows\System\dIXopoK.exe
  C:\Windows\System\dIXopoK.exe
  2⤵
  PID:12344
- C:\Windows\System\RjJemtZ.exe
  C:\Windows\System\RjJemtZ.exe
  2⤵
  PID:12408
- C:\Windows\System\GwFQqGP.exe
  C:\Windows\System\GwFQqGP.exe
  2⤵
  PID:12504
- C:\Windows\System\dzqrVgK.exe
  C:\Windows\System\dzqrVgK.exe
  2⤵
  PID:12528
- C:\Windows\System\JWwnZDk.exe
  C:\Windows\System\JWwnZDk.exe
  2⤵
  PID:12588
- C:\Windows\System\AueQZCC.exe
  C:\Windows\System\AueQZCC.exe
  2⤵
  PID:12696
- C:\Windows\System\ToTmVoH.exe
  C:\Windows\System\ToTmVoH.exe
  2⤵
  PID:12760
- C:\Windows\System\MHrvTMN.exe
  C:\Windows\System\MHrvTMN.exe
  2⤵
  PID:12792
- C:\Windows\System\LsbHjEX.exe
  C:\Windows\System\LsbHjEX.exe
  2⤵
  PID:12908
- C:\Windows\System\fbQUxCv.exe
  C:\Windows\System\fbQUxCv.exe
  2⤵
  PID:12952
- C:\Windows\System\AtkFFBp.exe
  C:\Windows\System\AtkFFBp.exe
  2⤵
  PID:12980
- C:\Windows\System\cqkwVmH.exe
  C:\Windows\System\cqkwVmH.exe
  2⤵
  PID:13072
- C:\Windows\System\lVnYsvP.exe
  C:\Windows\System\lVnYsvP.exe
  2⤵
  PID:13108
- C:\Windows\System\CHFnBiJ.exe
  C:\Windows\System\CHFnBiJ.exe
  2⤵
  PID:13156
- C:\Windows\System\UpXRoPX.exe
  C:\Windows\System\UpXRoPX.exe
  2⤵
  PID:13224
- C:\Windows\System\AZTkHIe.exe
  C:\Windows\System\AZTkHIe.exe
  2⤵
  PID:11612
- C:\Windows\System\BWtvlCe.exe
  C:\Windows\System\BWtvlCe.exe
  2⤵
  PID:12376
- C:\Windows\System\atrFkvZ.exe
  C:\Windows\System\atrFkvZ.exe
  2⤵
  PID:12628
- C:\Windows\System\hwfKVEg.exe
  C:\Windows\System\hwfKVEg.exe
  2⤵
  PID:12680
- C:\Windows\System\oLPXcGm.exe
  C:\Windows\System\oLPXcGm.exe
  2⤵
  PID:12816
- C:\Windows\System\OecTwct.exe
  C:\Windows\System\OecTwct.exe
  2⤵
  PID:12976
- C:\Windows\System\toYzunC.exe
  C:\Windows\System\toYzunC.exe
  2⤵
  PID:13020
- C:\Windows\System\jnJLLfQ.exe
  C:\Windows\System\jnJLLfQ.exe
  2⤵
  PID:13204
- C:\Windows\System\ckOrTnz.exe
  C:\Windows\System\ckOrTnz.exe
  2⤵
  PID:12400
- C:\Windows\System\eDTZNuc.exe
  C:\Windows\System\eDTZNuc.exe
  2⤵
  PID:3344
- C:\Windows\System\uSFGqUe.exe
  C:\Windows\System\uSFGqUe.exe
  2⤵
  PID:2460
- C:\Windows\System\TQojEMS.exe
  C:\Windows\System\TQojEMS.exe
  2⤵
  PID:13120
- C:\Windows\System\nXayLEY.exe
  C:\Windows\System\nXayLEY.exe
  2⤵
  PID:12624
- C:\Windows\System\oreZVgd.exe
  C:\Windows\System\oreZVgd.exe
  2⤵
  PID:13336
- C:\Windows\System\lAzyAzT.exe
  C:\Windows\System\lAzyAzT.exe
  2⤵
  PID:13368
- C:\Windows\System\HwyjxeO.exe
  C:\Windows\System\HwyjxeO.exe
  2⤵
  PID:13396
- C:\Windows\System\qJPxVkY.exe
  C:\Windows\System\qJPxVkY.exe
  2⤵
  PID:13420
- C:\Windows\System\jofDblQ.exe
  C:\Windows\System\jofDblQ.exe
  2⤵
  PID:13452
- C:\Windows\System\CbDoeAk.exe
  C:\Windows\System\CbDoeAk.exe
  2⤵
  PID:13484
- C:\Windows\System\jVocDNc.exe
  C:\Windows\System\jVocDNc.exe
  2⤵
  PID:13500
- C:\Windows\System\VendpHU.exe
  C:\Windows\System\VendpHU.exe
  2⤵
  PID:13524
- C:\Windows\System\urLfLSv.exe
  C:\Windows\System\urLfLSv.exe
  2⤵
  PID:13540
- C:\Windows\System\ASTceid.exe
  C:\Windows\System\ASTceid.exe
  2⤵
  PID:13568
- C:\Windows\System\KTRFmaR.exe
  C:\Windows\System\KTRFmaR.exe
  2⤵
  PID:13596
- C:\Windows\System\HFbEpzH.exe
  C:\Windows\System\HFbEpzH.exe
  2⤵
  PID:13636
- C:\Windows\System\IsctCYm.exe
  C:\Windows\System\IsctCYm.exe
  2⤵
  PID:13672
- C:\Windows\System\FHnxNSw.exe
  C:\Windows\System\FHnxNSw.exe
  2⤵
  PID:13700
- C:\Windows\System\IjgBSMB.exe
  C:\Windows\System\IjgBSMB.exe
  2⤵
  PID:13728
- C:\Windows\System\pegpJTs.exe
  C:\Windows\System\pegpJTs.exe
  2⤵
  PID:13756
- C:\Windows\System\AvUzYtV.exe
  C:\Windows\System\AvUzYtV.exe
  2⤵
  PID:13776
- C:\Windows\System\GCtqEFd.exe
  C:\Windows\System\GCtqEFd.exe
  2⤵
  PID:13808
- C:\Windows\System\rKRwAMN.exe
  C:\Windows\System\rKRwAMN.exe
  2⤵
  PID:13832
- C:\Windows\System\bJLimxX.exe
  C:\Windows\System\bJLimxX.exe
  2⤵
  PID:13860
- C:\Windows\System\TZtnsAF.exe
  C:\Windows\System\TZtnsAF.exe
  2⤵
  PID:13884
- C:\Windows\System\vAhbDcZ.exe
  C:\Windows\System\vAhbDcZ.exe
  2⤵
  PID:13912
- C:\Windows\System\NrlTIDx.exe
  C:\Windows\System\NrlTIDx.exe
  2⤵
  PID:13940
- C:\Windows\System\qHzmqoA.exe
  C:\Windows\System\qHzmqoA.exe
  2⤵
  PID:13972
- C:\Windows\System\gfdMtzO.exe
  C:\Windows\System\gfdMtzO.exe
  2⤵
  PID:13996
- C:\Windows\System\RzEQHtS.exe
  C:\Windows\System\RzEQHtS.exe
  2⤵
  PID:14024
- C:\Windows\System\wrqwpxB.exe
  C:\Windows\System\wrqwpxB.exe
  2⤵
  PID:14060
- C:\Windows\System\fjNkQqN.exe
  C:\Windows\System\fjNkQqN.exe
  2⤵
  PID:14092
- C:\Windows\System\iTQigMK.exe
  C:\Windows\System\iTQigMK.exe
  2⤵
  PID:14120
- C:\Windows\System\CRoYEuU.exe
  C:\Windows\System\CRoYEuU.exe
  2⤵
  PID:14152
- C:\Windows\System\dBscvoZ.exe
  C:\Windows\System\dBscvoZ.exe
  2⤵
  PID:14192
- C:\Windows\System\hkwJMYs.exe
  C:\Windows\System\hkwJMYs.exe
  2⤵
  PID:14220
- C:\Windows\System\xqhehJu.exe
  C:\Windows\System\xqhehJu.exe
  2⤵
  PID:14260
- C:\Windows\System\sSoGwiy.exe
  C:\Windows\System\sSoGwiy.exe
  2⤵
  PID:14288
- C:\Windows\System\xBsqoGR.exe
  C:\Windows\System\xBsqoGR.exe
  2⤵
  PID:14304
- C:\Windows\System\AJCOTbx.exe
  C:\Windows\System\AJCOTbx.exe
  2⤵
  PID:12864
- C:\Windows\System\IMWvRzf.exe
  C:\Windows\System\IMWvRzf.exe
  2⤵
  PID:4868
- C:\Windows\System\FbwcPpZ.exe
  C:\Windows\System\FbwcPpZ.exe
  2⤵
  PID:13392
- C:\Windows\System\wnBSxVG.exe
  C:\Windows\System\wnBSxVG.exe
  2⤵
  PID:13460
- C:\Windows\System\XbFNdsQ.exe
  C:\Windows\System\XbFNdsQ.exe
  2⤵
  PID:13480
- C:\Windows\System\mUwxejW.exe
  C:\Windows\System\mUwxejW.exe
  2⤵
  PID:13616
- C:\Windows\System\cbqZaIp.exe
  C:\Windows\System\cbqZaIp.exe
  2⤵
  PID:13684
- C:\Windows\System\OiXNeUo.exe
  C:\Windows\System\OiXNeUo.exe
  2⤵
  PID:13804
- C:\Windows\System\KmFzOzv.exe
  C:\Windows\System\KmFzOzv.exe
  2⤵
  PID:13724
- C:\Windows\System\HbvADPf.exe
  C:\Windows\System\HbvADPf.exe
  2⤵
  PID:13848
- C:\Windows\System\jdJzAum.exe
  C:\Windows\System\jdJzAum.exe
  2⤵
  PID:13872
- C:\Windows\System\FHCjfVL.exe
  C:\Windows\System\FHCjfVL.exe
  2⤵
  PID:13956
- C:\Windows\System\ZMtjIKR.exe
  C:\Windows\System\ZMtjIKR.exe
  2⤵
  PID:14016
- C:\Windows\System\ROxozws.exe
  C:\Windows\System\ROxozws.exe
  2⤵
  PID:14144
- C:\Windows\System\xJmRFkp.exe
  C:\Windows\System\xJmRFkp.exe
  2⤵
  PID:14204
- C:\Windows\System\IhEVKrS.exe
  C:\Windows\System\IhEVKrS.exe
  2⤵
  PID:14276

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AmzOoZf.exe

Filesize
2.3MB

MD5
2f6b64a21db5156438ea080432bb03e7

SHA1
2093fad557e02c843ec62f07557d770ed8989b2b

SHA256
d846ef809e84d469721f7da1d59fbe465babe91486c62d6cefe0760546c8a9c5

SHA512
907412330652131135ca4161b6cd44164a0e0b39b37345b64573b6f9bbcd0c5210caf3cde79d93953869d5a15f1f5bd3bfeafd647954aa36aea86873102a5283

Download Submit
C:\Windows\System\BDfKXGw.exe

Filesize
2.3MB

MD5
d3b097293b4c4a3beb2502ca5cdc360b

SHA1
bfa4ea6c00707e7e65f545792cbd081409d83cee

SHA256
628c4303f56fe6b4f8e5536a4b9ad9d0e4c4f3e1684df1054464aef8594a2c15

SHA512
0149aaa911d61984408ced604e73e9627c4e13d986dc1d034e05b3774f017077c3b50fce42bde57b36d859364601cf7e30a937552cfe14b0a231f66aea8830b4

Download Submit
C:\Windows\System\EDuYVeV.exe

Filesize
2.3MB

MD5
b6d1cd0de1ee52c7fb54522ceb2d08f5

SHA1
c943579f54499de995d38afbca2d538bdc53e9ef

SHA256
ba53b9ac861a9c76eb2175b4e4f627b588edd2a05561c6d163d8a3fa4d862be5

SHA512
b459ce3b2f1c80e2c8037ad4f976699ae45c6fdc1c937a3ceaa871f19c41dd156d345775b59441438f1fa69a6af7bf7c086959e4fb8afafaad586e1363e6c277

Download Submit
C:\Windows\System\EXiFkUZ.exe

Filesize
2.3MB

MD5
6456dc96deef6cf65a06d609ab48212c

SHA1
291547238fb83e8f2d5268f3132a8ca311ff27a0

SHA256
ca72eb8d6113a61322c406d6a9363877c13ff46044c8a129d455d09cc8cea518

SHA512
2396693c9656cdb2f344db618b50fcc4ac23062fe914ed4a62a28ada410eb1b58bf323878187c4f06fce533e3f39dd49ece5588d22b774a76c825eafbe51e8d0

Download Submit
C:\Windows\System\EZBZLrn.exe

Filesize
2.3MB

MD5
101aaf6e8f7decb16b982803af96fb02

SHA1
5f4293ccacc8d68aa1eff22dfc6bbcf732b1f3b7

SHA256
e8d8adc2706e9b9166bc7b01e333d75b666c9f613d219fedda7ab79b00a0700a

SHA512
86514214d9b58892833cadc19ca315601dfb90a90646e8ceb6429bea4176d8f2b0f96bb0718ee947d14ed57ba2352af97eab00adca46cd28e1468979aedcb593

Download Submit
C:\Windows\System\EhOfySc.exe

Filesize
2.3MB

MD5
2ec49b59e8bc1c22a10962a7373b8f0c

SHA1
bd001d4dc57529452a2343d61288d6cfd666821c

SHA256
c6e85c44f419351051126907243154f62925ba2f7fd0a9199148c14dd9d70ad5

SHA512
8efe5fdf644fb6e075470821e23d9b7a013fd321c8f2ed7ff5548da47feacd107995fcbc884be27742b1ce9f2f84b44ed9b556bed289da9461d5e34e3f3ee536

Download Submit
C:\Windows\System\FSEzKpz.exe

Filesize
2.3MB

MD5
719fa51500b70a4a6a091801d8753e66

SHA1
6ffcaa9b532ba42c689227ac7398362cf08ae9bd

SHA256
e5767547f9b7364bb3cea67426d2e36251d5fd74099895d151aa0fe104d3cbcc

SHA512
394cfe050a7044998b5b16b80eb2949bb014425ca275627584608b882eb6fbd5fc473a0b8c659ead7a487d04c14ec11bbe4b4c7ab139793dc6d1b68540fbe939

Download Submit
C:\Windows\System\GEBCxRr.exe

Filesize
2.3MB

MD5
2e14003635e4481bf1fdc04191b6b0ea

SHA1
8e41c647931b0db6f6dbe7372de9ad6469bdb1a9

SHA256
9a52d4b05c35f6a4ba618c6401bad3f436c5397ebac8c5499d0611390e4cf8a3

SHA512
3c231c6dbab7963b18433b67bb6cc68774c0dbaaeb88c0ad767a45fa2481a5826061b99e11b46a08c75afcc84d2a0c2be275762e50b8360191c917a31eff6e34

Download Submit
C:\Windows\System\JcKilPx.exe

Filesize
2.3MB

MD5
a7caf0a0c4afd45c7c7b480e274c04a4

SHA1
949d571dd31f40f1b00b9b95f2f6ae954bf36329

SHA256
2f735c47108f1874f1a27037499df67d3934507d5d7772e86ee1a91ae425faa3

SHA512
eaeb7ae3aecc51f38f6eed6c83690b71849f4e80d374b63fec928eedd40d27bca923de946e7f225870cf889fe01236da814b9dfabb9b2cbeabd76197a1997bc3

Download Submit
C:\Windows\System\KUPwlaE.exe

Filesize
2.3MB

MD5
7346024f0d9803ef3d06ec11e5bed97f

SHA1
e984c1034267e7d649bf3dca63b4a80d3bec5101

SHA256
3015d457bfad95b2818f70c1eb014641a0cfc203d1dd7716f4bb818a160fabd8

SHA512
1f4ffe4ca9a86cf9146564ec81a1e8d9abf3b2c9a7745f9e06ed07e234025b1ffb7e52b4098a6399898a3045d27f7ccdb0cd4465a845275a89f3082100548da8

Download Submit
C:\Windows\System\LGkxYgE.exe

Filesize
2.3MB

MD5
e448727573e9ffb6bb66af35e6e43b24

SHA1
608f1d34d34bb0f56aebb713d74c722f02c97665

SHA256
1bc21f0fad71f2ad34a6e9a717e6f053a6cb6d36c644d44941fdb2db0341d893

SHA512
d4d8c83ab056ee251650d7652a371a43262d8d54b14a2648134cd3b6be6ca983c54ac90a33c703e2f08046f6702dda69d87edea01b245c433ccad19b545289d3

Download Submit
C:\Windows\System\MGZsPON.exe

Filesize
2.3MB

MD5
a7d7abb11b5ec701a86c96e799bfd879

SHA1
2f985419ae890dcf8f577cefcd5b092774791a75

SHA256
1d21bde3152708b9921615c0e362d201a5b32bd24a54985bc6d96942e6831b35

SHA512
af77b4bd06c03ba4186623ac0ff3074f3c95da2b2133ad4fa73c359a54ab822cc1fa24b038933acbb8bbb3507d7a3c230332321666dd97bb8116e596b6cefe15

Download Submit
C:\Windows\System\MKZoqlK.exe

Filesize
2.3MB

MD5
775901b1fbf50e2914e6565aa1f02251

SHA1
4940fef9d1558a0692138ec31b357e4e2278bdd2

SHA256
d4b09c0ff0d8f2c96fd8a8ba36aead7f2c1f80b1a2072241442052ca7d76e371

SHA512
a2587c950c0daf74c6396384c8fc1aeff155a701af37339a63a960ebe1753916bfd1d5b8287ac928ef5bcc8642ea95ca176695f7ec596ec2dd4536457073e5cb

Download Submit
C:\Windows\System\MQXAeXY.exe

Filesize
2.3MB

MD5
c1812ae5f61c2d40aec5ed0f2cf41542

SHA1
b64411405316c400bcd2183cc0f402c3061b07f3

SHA256
373f58158ad8a7d8c2057bd7686c21536e826c12418bb0fab12ac8ff2de645b8

SHA512
5bf592b8784b00aaa40e1d72a032a95a8653d0ecbda6ea57df9c703fa10a6f6a4e321d8499a5610be26ed4dd9d629922bbca305b074c138ec0fa7c65451d6a21

Download Submit
C:\Windows\System\NaoDmYk.exe

Filesize
2.3MB

MD5
d568142af386f18a66dcfc48e0b7b1dd

SHA1
cec5858d217e5de8f2681f68430927b6fc19b936

SHA256
a86b1d188e76ef2d2face70a0593867507a75fe9f7e726ff06af43e4a5c828bd

SHA512
464d90e20d71641977bf5d1112c8ce2aa36c419ad9abe1329a6ace19ef7e4f23f519686998a238dde953f52a0790fe8df8bca73c667cdb2eb1e98512b8a85502

Download Submit
C:\Windows\System\PeLVrEO.exe

Filesize
2.3MB

MD5
228ce685823804ec9968266f7dececb6

SHA1
ea3fc33bd1ef8a75a75f7c33672cbe60b3105756

SHA256
e2b9c979253d3c90383506ffc85ba188f07692dd33fa5663f4de8a0284778538

SHA512
f121b2a5b9c8f7fb50ac0823225d5d896ec81521a149b6b747265ba56e05f2692aac9e4934a9a5d70f6d15db513edab2c9c3c0e6110c1691b86961af41baa297

Download Submit
C:\Windows\System\TVAXjYR.exe

Filesize
2.3MB

MD5
a0473d8449b9bc0b023a3b6c4f278204

SHA1
c3ca1f61599aa68a9d90774a61fc64e3eac120ee

SHA256
2de2b8a87a9f079c40bf11da225aa9a5955706fe4c9671c470f28a0af765952e

SHA512
8f877ec6795601ba581950a93da8d208e913e09fb6ffca3fbad4fa38483e154be92af4c6b482bb8f61be5096c6737081013b55acb4be269838a3eeb2ef91a537

Download Submit
C:\Windows\System\WHMYcsR.exe

Filesize
2.3MB

MD5
15d5bce5691920dc11dfdfe48e30e070

SHA1
d3500b7538db9e90dfa67bb3650fa9145d5c543c

SHA256
29396d0b8e80484d3cf16b9b535b61328fd2be9b6e979ae606c34404545e6cb1

SHA512
20b907d3d9f341820ff7b74b62e6f5ec95a280403b9f83ba7d7ee5e92530f876a0503e156382541feebd0a4ad474e20fed96d80bbf0506b474d73d3d4a1921a3

Download Submit
C:\Windows\System\WRZzfCS.exe

Filesize
2.3MB

MD5
71c9c27f1dedf9eb3bd0811fc07d4fa2

SHA1
ce97ce2d308bd4b2ed78a075bdf11ffe80a7dc5c

SHA256
db9e1f446f675f05f42590eb48a9506d635eec0367f8caa93bc0790c56bbf3f2

SHA512
4ca08f88ee84233032ce6f85d2fd617621da61163840f4ac74c01923e1a95fdf5cac17760ae83b80671d6119c956e16878434eec7f54f80fa8c1ef07928f50cf

Download Submit
C:\Windows\System\azamVqe.exe

Filesize
2.3MB

MD5
93c571223db62fb1ede4dd60d604bfda

SHA1
604b60277912e8c800121444b3417268f755f80d

SHA256
b52f77f328bf183976876d6c003fbbe3b94dfc66c2598a57023c002b511345e4

SHA512
d1f8d392d5b29b2705ac71d3c3e26e0773d299ba010100b3614e2f82486058bad6a66a4a0fce57cb27e93edcde3a389152ad97ff0ce4a4bf7726166e2b5117a7

Download Submit
C:\Windows\System\bfuMWQt.exe

Filesize
2.3MB

MD5
372b00d5f243c3e6909d3cb60e3cebf8

SHA1
113949ed86c7a50e1eea2c10d9a20530efaeefd7

SHA256
5769cd4494e58d23e6dd58f8d56098952c49d62cfaa784c1f8e7a16116a76177

SHA512
1d6297b86f5e3d6dfbe9107b46f2e94665080932b8fceb3e1254d5f285f41963948cb9a2104708135bb80a3d9aff36bbc27d65df7ff6877d6782b1439725aaf0

Download Submit
C:\Windows\System\bvauaUw.exe

Filesize
2.3MB

MD5
f8845e73fa1971f1140d1499842302ff

SHA1
06a6c6aad28d06f7b7b7180fd389543b093ccbd6

SHA256
a2abd80660ff1b444d5de306f7e5433e38296c1beaeb62eeb975123fd356c990

SHA512
0db142f78e3aff7ddc8d5db4ab6487c6b5baa1832301a7de5138cd594214fa17bdceca1e7ae8fd5a617a0676c4129bc87c698b9728e2673db7eda3e94f6e6415

Download Submit
C:\Windows\System\bwyreEG.exe

Filesize
2.3MB

MD5
0f9832ab1a9f69df0db64863904b9f14

SHA1
7bd63824d412d3230d3ab86b0db8cef040e3f8b0

SHA256
584e1330b255eff4a0de1ac7239556564a5844570be6c559b5728e51bead2ee7

SHA512
44d2b37608b4097ae556134f4e0ead54dfcfbe53c9de996aeea39c6452533f470c7ee00ac03902476b62107411928a4dcf9c7f9dd252adb84f7a8d4da4af5322

Download Submit
C:\Windows\System\fUgiMTf.exe

Filesize
2.3MB

MD5
ea1b9f28f9513dec7fb0ecd450118510

SHA1
6a5a7646bdc3601792590bcdc55866aea126bc3f

SHA256
43d2622699a4b339ef00a79bdfa43770c7c8e9cd29dc897cc51406de8aa99c68

SHA512
a8d1d1df8b33f5462b63930eb1c644a789feda666728aed2ac2fc51b1d595e5c6e2e846b4dab6df7002de7753bbb05886699087a35f11315c19e508db65050f2

Download Submit
C:\Windows\System\fuQxQOC.exe

Filesize
2.3MB

MD5
1dffa81234a5d965ce98b75c9617ebd8

SHA1
6bd3592496f75b1e108bef26fcc0bd0d02640bf1

SHA256
dbd2f328e0ae5d75a56e54d44d9963d772ec74b15b1e6da5501e54952d3505b8

SHA512
2f272ded568c33367fa212bc4798c3608820105c5937c97bf95efe4b696753b1e3e838f1a08ad8ce52e471ad2a64f289247be9933ffd318495eda1f799d02e5a

Download Submit
C:\Windows\System\gjMLebc.exe

Filesize
2.3MB

MD5
9d0031d4bc9472bc08f24e41f1754714

SHA1
23f723dcad1a3f8526bfec377b2d1cd6160cb8ba

SHA256
c2eadf24e55d09a08bb24b56325d749a1e6a2544d4bb9ccedd0f9c3364a559d4

SHA512
fa49c2ec9e8d9081f434fb94eabdb1c3f889a6fc59d2bd864fe121e9e11428869b27e908789ed36e6df126ef8a19c836f44b44a35d36c6e2911aaa4905c5e5bf

Download Submit
C:\Windows\System\gpHxRGl.exe

Filesize
2.3MB

MD5
5116fd0125205eb1d597116cc7540359

SHA1
918130290ff7630b537ee82146dadfbfab5e47ef

SHA256
ee19a1b8d907659cfcb578002166f15c2ae2ab8fadf3d5db3d04950c6a500a57

SHA512
ef6d92ae5fea01626c29eb3713c72647ef23529f3330cf6fb61f62a20b34b787c86b8b4f515b93129e0b0d0762fa07a86eba877a89921abaec3f9fb00bca9d58

Download Submit
C:\Windows\System\iGAdlru.exe

Filesize
2.3MB

MD5
43cdd3b845a3749c24774f3ca5c18917

SHA1
c62bdc0a52d8c8ed20a1d0c78b1e7f059b90ea0f

SHA256
3accd240e363bc6bd96a0faf38ffc610a47478f662d41a773de6c0b835698e6e

SHA512
a1eaf2f077f84f6351f52fc92542d2d6f7a6ac5818790617d2019925a1b7d7ca811e0e37c603087ddd951013766ad99e354a7c4eb6bfb1ae02ceff6d09e3f8a9

Download Submit
C:\Windows\System\iiyTuxH.exe

Filesize
2.3MB

MD5
cb0f2066ed7d7c446ead7444c5f96827

SHA1
3831ae256e489dd2716ae1d2de40af0887f065f9

SHA256
e509152a9c2954ecec194ddbc3eb8cab68663127659649a55bfd9357e1d18caa

SHA512
6f375822e4144fa638a13d19f3601092fa28faedfdd464c3c214ccc6dcefd9448ae478624197d1f50a5c8e6d99b9255da35af52ca19ba4fa9f281d9ce9f5e9e9

Download Submit
C:\Windows\System\qHMZGFH.exe

Filesize
2.3MB

MD5
9c8a297e95319333aff7b08244be3fb6

SHA1
80157bcc0ca24381c6c764a5958a6e0bea50d876

SHA256
d02ef6fbd86941cedbd090928db346d57e52cd92f64cac828f8c9a23524d5940

SHA512
4f571a372d24f070053b6fa714cc7525df7d277a5069ec1079bc67da5e2ce9f83880de7ae664b8f3d0b6b23d431334ff5af217dbae274a83b81c3a036fe71d47

Download Submit
C:\Windows\System\rfBCKFl.exe

Filesize
2.3MB

MD5
745ad6c16ce2e5dd8c3250fdda12892d

SHA1
24ffb0e2088619508ee8b2ba44816a04d4105625

SHA256
a5694c488199aad7446eef7c2484bedf45d211d89fd9bf4d19ef36c80a36c8ad

SHA512
7445b299272c7759f16a7bb167ca356a1c6b1d10e4519b17b4e14f481da8da77d6ab7ad88379e2073d325e2238211a9f8c8f3b38d78f6bb722dd4cf0a21db4cc

Download Submit
C:\Windows\System\tQcqXKG.exe

Filesize
2.3MB

MD5
e14a44296162242db64dc4d12d6c7fd1

SHA1
717854ede1361c7ec327b5c298aeeb5e10c0fd58

SHA256
4be999fa70b0e30a325560517a87b60a96ea7a119a3a29f66cbf76b20649d521

SHA512
1edfd32e0d4a2ebf60885d7c8da746b8d3512c4aedd2192b0482d4e5669aa97cff827cf5602878488f4ae169a7515cf27225bddc367f530a922f01cb65a3bcc4

Download Submit
C:\Windows\System\viqDcgw.exe

Filesize
2.3MB

MD5
6c9fc3d08411cdb278033edf7c7346fd

SHA1
068cd247f396eb2529be5082d37708159655f48d

SHA256
f04e5429b6944ad40ef25504b156f3865a926831cbf0b25c632000fc044f1fcc

SHA512
67c1bb79c88f70d8d9f630ee6523a9404b5b0e78683bb4b3af0996f0fd98dfcbf423e14742d564462eb499d9a87be430de78fefca554f55e38054293317a688d

Download Submit
C:\Windows\System\xDcqOnB.exe

Filesize
2.3MB

MD5
6f3d32bafa8ce664095a6ce18b5b8c4d

SHA1
33e33655d4642261da372f589b0de2c77bb38ebd

SHA256
e7b20851f3e08cc25819c237f054405d9ce152089ce0785bad2eaa2cb4597bd4

SHA512
d4043a9019b7bcb2e2bd0516b0fd9bac4ec719c589302679b1fad7c620f55aaf67f8e8128d7bb53b2fab61802175f16610201a1746ff409bf10d0f9fb19f2ec8

Download Submit
C:\Windows\System\xfeAnlK.exe

Filesize
2.3MB

MD5
b4dd77da49a19929dc79cc30bfea07f1

SHA1
3ca60ed133d9eaa295b0692f95b72a666ad59f5f

SHA256
9a5eb8a6dba0d370041920c3ff64b2a6641349778830b78cbe926481dcc272eb

SHA512
28666ffc13357f216a65a01d74f2ca4fa582b2ce0239e21749e0d9fae2f756712c0d3aedcb80c0db2be4578ab37870862ab13e6e23ead44f0023dcd8b44d79ea

Download Submit
C:\Windows\System\zGMEyWX.exe

Filesize
2.3MB

MD5
1dc72425ec4ca91bb2c4839a7e5b84f4

SHA1
748c5172124e7f97c2981c152d85fbf36e210d3c

SHA256
ce659e168fb91f2220817e8aeb996007fa1f2958927f11db61b6e8365e978d57

SHA512
b2cf1c9d98bdb96a0cc8c24008467a00711da9a872ec4da59498cac39ad9a618c589c16be5d3cae3dc44b96fd95e40312a98c6e29bab6b398537e6a142fb1476

Download Submit
C:\Windows\System\zlmZtCP.exe

Filesize
2.3MB

MD5
29fdb3548b23e303aa728c17cc5d2101

SHA1
d85dbe6674ada5c33f3586eda74cdd6758b6ab4a

SHA256
0ca3b6760af4ef6814dde5a82cf4b13b6a81058350a88d69f8d08c525bea6314

SHA512
feb61a6a48565fe22f71e3c03cdb75adff4463fc7af950de54115a0a2b42abf1613a256c372471c45f584d620b60faaf9e873bc2e15210eaeb375017410d4366

Download Submit
memory/804-2103-0x00007FF793830000-0x00007FF793B84000-memory.dmp

Filesize
3.3MB

Download
memory/804-189-0x00007FF793830000-0x00007FF793B84000-memory.dmp

Filesize
3.3MB

Download
memory/1200-2089-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp

Filesize
3.3MB

Download
memory/1200-80-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2085-0x00007FF7CC6D0000-0x00007FF7CCA24000-memory.dmp

Filesize
3.3MB

Download
memory/1248-207-0x00007FF7CC6D0000-0x00007FF7CCA24000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2107-0x00007FF754620000-0x00007FF754974000-memory.dmp

Filesize
3.3MB

Download
memory/1288-203-0x00007FF754620000-0x00007FF754974000-memory.dmp

Filesize
3.3MB

Download
memory/1556-2087-0x00007FF7C9820000-0x00007FF7C9B74000-memory.dmp

Filesize
3.3MB

Download
memory/1556-208-0x00007FF7C9820000-0x00007FF7C9B74000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2080-0x00007FF761410000-0x00007FF761764000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2088-0x00007FF761410000-0x00007FF761764000-memory.dmp

Filesize
3.3MB

Download
memory/1816-27-0x00007FF761410000-0x00007FF761764000-memory.dmp

Filesize
3.3MB

Download
memory/2000-2094-0x00007FF76A650000-0x00007FF76A9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-171-0x00007FF76A650000-0x00007FF76A9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2109-0x00007FF64A780000-0x00007FF64AAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-211-0x00007FF64A780000-0x00007FF64AAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2106-0x00007FF6BEF30000-0x00007FF6BF284000-memory.dmp

Filesize
3.3MB

Download
memory/2588-205-0x00007FF6BEF30000-0x00007FF6BF284000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2096-0x00007FF7CB730000-0x00007FF7CBA84000-memory.dmp

Filesize
3.3MB

Download
memory/2604-199-0x00007FF7CB730000-0x00007FF7CBA84000-memory.dmp

Filesize
3.3MB

Download
memory/2796-201-0x00007FF6A1900000-0x00007FF6A1C54000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2104-0x00007FF6A1900000-0x00007FF6A1C54000-memory.dmp

Filesize
3.3MB

Download
memory/2900-18-0x00007FF767D80000-0x00007FF7680D4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2079-0x00007FF767D80000-0x00007FF7680D4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2082-0x00007FF767D80000-0x00007FF7680D4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-172-0x00007FF7EE200000-0x00007FF7EE554000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2093-0x00007FF7EE200000-0x00007FF7EE554000-memory.dmp

Filesize
3.3MB

Download
memory/3016-69-0x00007FF788A70000-0x00007FF788DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2086-0x00007FF788A70000-0x00007FF788DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2105-0x00007FF7FA720000-0x00007FF7FAA74000-memory.dmp

Filesize
3.3MB

Download
memory/3480-202-0x00007FF7FA720000-0x00007FF7FAA74000-memory.dmp

Filesize
3.3MB

Download
memory/3516-0-0x00007FF7383C0000-0x00007FF738714000-memory.dmp

Filesize
3.3MB

Download
memory/3516-1-0x000001E8C7EF0000-0x000001E8C7F00000-memory.dmp

Filesize
64KB

Download
memory/3672-62-0x00007FF6C17F0000-0x00007FF6C1B44000-memory.dmp

Filesize
3.3MB

Download
memory/3672-2083-0x00007FF6C17F0000-0x00007FF6C1B44000-memory.dmp

Filesize
3.3MB

Download
memory/3732-2090-0x00007FF752170000-0x00007FF7524C4000-memory.dmp

Filesize
3.3MB

Download
memory/3732-101-0x00007FF752170000-0x00007FF7524C4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2078-0x00007FF7D74F0000-0x00007FF7D7844000-memory.dmp

Filesize
3.3MB

Download
memory/3884-9-0x00007FF7D74F0000-0x00007FF7D7844000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2081-0x00007FF7D74F0000-0x00007FF7D7844000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2095-0x00007FF7F1080000-0x00007FF7F13D4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-200-0x00007FF7F1080000-0x00007FF7F13D4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-197-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp

Filesize
3.3MB

Download
memory/4116-2098-0x00007FF6CFA30000-0x00007FF6CFD84000-memory.dmp

Filesize
3.3MB

Download
memory/4168-188-0x00007FF7CC280000-0x00007FF7CC5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-2102-0x00007FF7CC280000-0x00007FF7CC5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-182-0x00007FF651420000-0x00007FF651774000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2099-0x00007FF651420000-0x00007FF651774000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2100-0x00007FF719470000-0x00007FF7197C4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-190-0x00007FF719470000-0x00007FF7197C4000-memory.dmp

Filesize
3.3MB

Download
memory/4660-198-0x00007FF667EE0000-0x00007FF668234000-memory.dmp

Filesize
3.3MB

Download
memory/4660-2097-0x00007FF667EE0000-0x00007FF668234000-memory.dmp

Filesize
3.3MB

Download
memory/4744-2101-0x00007FF7B0A90000-0x00007FF7B0DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4744-210-0x00007FF7B0A90000-0x00007FF7B0DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2092-0x00007FF7EBDB0000-0x00007FF7EC104000-memory.dmp

Filesize
3.3MB

Download
memory/4776-209-0x00007FF7EBDB0000-0x00007FF7EC104000-memory.dmp

Filesize
3.3MB

Download
memory/4940-148-0x00007FF613A40000-0x00007FF613D94000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2091-0x00007FF613A40000-0x00007FF613D94000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2108-0x00007FF7D7E40000-0x00007FF7D8194000-memory.dmp

Filesize
3.3MB

Download
memory/4948-204-0x00007FF7D7E40000-0x00007FF7D8194000-memory.dmp

Filesize
3.3MB

Download
memory/4976-206-0x00007FF61F670000-0x00007FF61F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2084-0x00007FF61F670000-0x00007FF61F9C4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads