xmrig | d7c7f8206a0fe5ce8a1cb21826d92ff3c47fb35a41b5bfbe01993b79399e935c

Analysis

max time kernel
149s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
Size

2.9MB
MD5

2c8cb3a881f69d57efb16fa6f1e06db0
SHA1

9a8f452d6bcf3e75bd7a108342d6f9fdc1a18ffd
SHA256

d7c7f8206a0fe5ce8a1cb21826d92ff3c47fb35a41b5bfbe01993b79399e935c
SHA512

afc47d3faa2e176337c85df8516993e19ff11384bb156a56964108892b42206d6a6a342b51ba36caaa29bea2120d36ffee6b5a56d03caae12132923570b7903d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIM56uL3pgrCEdMKPFotsgE1vLCCChPP:BemTLkNdfE0pZrM56utgpPFotBEE

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4420-0-0x00007FF607890000-0x00007FF607BE4000-memory.dmp	xmrig
behavioral2/memory/4964-8-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b54-10.dat	xmrig
behavioral2/memory/3320-16-0x00007FF6E17E0000-0x00007FF6E1B34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b99-22.dat	xmrig
behavioral2/files/0x000a000000023b9a-28.dat	xmrig
behavioral2/files/0x000a000000023b9c-33.dat	xmrig
behavioral2/memory/4664-34-0x00007FF69D200000-0x00007FF69D554000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9e-46.dat	xmrig
behavioral2/files/0x000a000000023b9d-44.dat	xmrig
behavioral2/memory/4792-38-0x00007FF6623A0000-0x00007FF6626F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9b-32.dat	xmrig
behavioral2/memory/4932-26-0x00007FF727260000-0x00007FF7275B4000-memory.dmp	xmrig
behavioral2/memory/2532-20-0x00007FF737DD0000-0x00007FF738124000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b8d-14.dat	xmrig
behavioral2/memory/2948-49-0x00007FF735AE0000-0x00007FF735E34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9f-53.dat	xmrig
behavioral2/memory/4948-52-0x00007FF68BB60000-0x00007FF68BEB4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b91-60.dat	xmrig
behavioral2/files/0x000a000000023ba2-64.dat	xmrig
behavioral2/files/0x000a000000023ba1-62.dat	xmrig
behavioral2/files/0x000a000000023ba4-79.dat	xmrig
behavioral2/files/0x000a000000023ba6-85.dat	xmrig
behavioral2/files/0x000a000000023ba5-89.dat	xmrig
behavioral2/files/0x000a000000023ba7-98.dat	xmrig
behavioral2/files/0x000a000000023ba8-101.dat	xmrig
behavioral2/files/0x000a000000023ba9-109.dat	xmrig
behavioral2/files/0x000a000000023baa-114.dat	xmrig
behavioral2/files/0x000a000000023bac-123.dat	xmrig
behavioral2/files/0x000a000000023bad-134.dat	xmrig
behavioral2/files/0x000a000000023bb1-146.dat	xmrig
behavioral2/files/0x000a000000023bb2-159.dat	xmrig
behavioral2/files/0x0031000000023bb6-171.dat	xmrig
behavioral2/memory/3664-616-0x00007FF72FFD0000-0x00007FF730324000-memory.dmp	xmrig
behavioral2/files/0x0031000000023bb7-176.dat	xmrig
behavioral2/files/0x0031000000023bb5-174.dat	xmrig
behavioral2/files/0x000a000000023bb4-169.dat	xmrig
behavioral2/files/0x000a000000023bb3-164.dat	xmrig
behavioral2/files/0x000a000000023bb0-149.dat	xmrig
behavioral2/files/0x000a000000023baf-144.dat	xmrig
behavioral2/files/0x000a000000023bae-139.dat	xmrig
behavioral2/files/0x000a000000023bab-121.dat	xmrig
behavioral2/memory/4864-97-0x00007FF632AD0000-0x00007FF632E24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba3-86.dat	xmrig
behavioral2/memory/5024-82-0x00007FF699E20000-0x00007FF69A174000-memory.dmp	xmrig
behavioral2/memory/1744-78-0x00007FF6FE030000-0x00007FF6FE384000-memory.dmp	xmrig
behavioral2/memory/3584-75-0x00007FF6A5700000-0x00007FF6A5A54000-memory.dmp	xmrig
behavioral2/memory/4636-66-0x00007FF70A7B0000-0x00007FF70AB04000-memory.dmp	xmrig
behavioral2/memory/3972-632-0x00007FF7FF6F0000-0x00007FF7FFA44000-memory.dmp	xmrig
behavioral2/memory/1544-628-0x00007FF7689B0000-0x00007FF768D04000-memory.dmp	xmrig
behavioral2/memory/4052-625-0x00007FF65CA30000-0x00007FF65CD84000-memory.dmp	xmrig
behavioral2/memory/4732-622-0x00007FF73A190000-0x00007FF73A4E4000-memory.dmp	xmrig
behavioral2/memory/1948-649-0x00007FF6D41A0000-0x00007FF6D44F4000-memory.dmp	xmrig
behavioral2/memory/4464-674-0x00007FF660FD0000-0x00007FF661324000-memory.dmp	xmrig
behavioral2/memory/4508-687-0x00007FF781740000-0x00007FF781A94000-memory.dmp	xmrig
behavioral2/memory/4048-693-0x00007FF68BA20000-0x00007FF68BD74000-memory.dmp	xmrig
behavioral2/memory/4420-685-0x00007FF607890000-0x00007FF607BE4000-memory.dmp	xmrig
behavioral2/memory/4928-683-0x00007FF7E49D0000-0x00007FF7E4D24000-memory.dmp	xmrig
behavioral2/memory/1864-680-0x00007FF759270000-0x00007FF7595C4000-memory.dmp	xmrig
behavioral2/memory/4560-673-0x00007FF7C6B80000-0x00007FF7C6ED4000-memory.dmp	xmrig
behavioral2/memory/1000-671-0x00007FF7DC420000-0x00007FF7DC774000-memory.dmp	xmrig
behavioral2/memory/1252-663-0x00007FF7F6C70000-0x00007FF7F6FC4000-memory.dmp	xmrig
behavioral2/memory/3928-653-0x00007FF78AF90000-0x00007FF78B2E4000-memory.dmp	xmrig
behavioral2/memory/4876-638-0x00007FF77A570000-0x00007FF77A8C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4964	MARoOPu.exe
3320	ffLRPVt.exe
2532	iioTuRn.exe
4932	qCyhplf.exe
4664	bCYySXZ.exe
4792	MppaQlz.exe
2948	LVXEqxI.exe
4948	vuIRxch.exe
4636	fnHIGNP.exe
4864	tUXkTTg.exe
3584	afnlfEL.exe
1744	EvLKFOE.exe
3664	exkgOsq.exe
4732	BVAqniH.exe
5024	bFcCXMY.exe
4052	mKupRLO.exe
4508	PYNNdrV.exe
4048	MBKBHaj.exe
1544	dvSSerV.exe
3972	LQHmZkd.exe
4876	MsJdqpY.exe
1948	nYYQpOO.exe
3928	NFHXPqb.exe
1252	WtYnTrY.exe
1000	OBUBSRZ.exe
4560	lLpgnZC.exe
4464	jRDezJQ.exe
1864	fkXWMfh.exe
4928	KikHegQ.exe
5020	ixjDlLF.exe
3616	DMhghEs.exe
3464	zVoJTJA.exe
3812	GdgZpAk.exe
2964	hBZTOgC.exe
2064	vpyTcoh.exe
816	sGipIpa.exe
4172	TRESkNb.exe
4520	rDvlWYf.exe
4168	MCAchdb.exe
216	addWZFr.exe
4036	ShVWZCg.exe
4236	ZpXjVCs.exe
4308	DLyGEVb.exe
2668	QwCqADI.exe
5088	shQkqlF.exe
1496	cNpbrxq.exe
3404	IEbMjyo.exe
4628	mvdcBYa.exe
2748	sdGojmi.exe
2944	HxcaDwU.exe
1164	ZNwimvB.exe
3156	FEBBrDo.exe
4912	JqYxIpi.exe
3948	hhsxJai.exe
3260	OcfbNCm.exe
2576	vycKokK.exe
2708	LKfhoIf.exe
2740	OSXeREO.exe
3084	oTsBMzH.exe
3692	MlWRPdC.exe
4652	aQwBLxf.exe
2136	ZbCcvKr.exe
4596	PCugfPr.exe
2984	tFdngXU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4420-0-0x00007FF607890000-0x00007FF607BE4000-memory.dmp	upx
behavioral2/memory/4964-8-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp	upx
behavioral2/files/0x000c000000023b54-10.dat	upx
behavioral2/memory/3320-16-0x00007FF6E17E0000-0x00007FF6E1B34000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-22.dat	upx
behavioral2/files/0x000a000000023b9a-28.dat	upx
behavioral2/files/0x000a000000023b9c-33.dat	upx
behavioral2/memory/4664-34-0x00007FF69D200000-0x00007FF69D554000-memory.dmp	upx
behavioral2/files/0x000a000000023b9e-46.dat	upx
behavioral2/files/0x000a000000023b9d-44.dat	upx
behavioral2/memory/4792-38-0x00007FF6623A0000-0x00007FF6626F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-32.dat	upx
behavioral2/memory/4932-26-0x00007FF727260000-0x00007FF7275B4000-memory.dmp	upx
behavioral2/memory/2532-20-0x00007FF737DD0000-0x00007FF738124000-memory.dmp	upx
behavioral2/files/0x000c000000023b8d-14.dat	upx
behavioral2/memory/2948-49-0x00007FF735AE0000-0x00007FF735E34000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-53.dat	upx
behavioral2/memory/4948-52-0x00007FF68BB60000-0x00007FF68BEB4000-memory.dmp	upx
behavioral2/files/0x000d000000023b91-60.dat	upx
behavioral2/files/0x000a000000023ba2-64.dat	upx
behavioral2/files/0x000a000000023ba1-62.dat	upx
behavioral2/files/0x000a000000023ba4-79.dat	upx
behavioral2/files/0x000a000000023ba6-85.dat	upx
behavioral2/files/0x000a000000023ba5-89.dat	upx
behavioral2/files/0x000a000000023ba7-98.dat	upx
behavioral2/files/0x000a000000023ba8-101.dat	upx
behavioral2/files/0x000a000000023ba9-109.dat	upx
behavioral2/files/0x000a000000023baa-114.dat	upx
behavioral2/files/0x000a000000023bac-123.dat	upx
behavioral2/files/0x000a000000023bad-134.dat	upx
behavioral2/files/0x000a000000023bb1-146.dat	upx
behavioral2/files/0x000a000000023bb2-159.dat	upx
behavioral2/files/0x0031000000023bb6-171.dat	upx
behavioral2/memory/3664-616-0x00007FF72FFD0000-0x00007FF730324000-memory.dmp	upx
behavioral2/files/0x0031000000023bb7-176.dat	upx
behavioral2/files/0x0031000000023bb5-174.dat	upx
behavioral2/files/0x000a000000023bb4-169.dat	upx
behavioral2/files/0x000a000000023bb3-164.dat	upx
behavioral2/files/0x000a000000023bb0-149.dat	upx
behavioral2/files/0x000a000000023baf-144.dat	upx
behavioral2/files/0x000a000000023bae-139.dat	upx
behavioral2/files/0x000a000000023bab-121.dat	upx
behavioral2/memory/4864-97-0x00007FF632AD0000-0x00007FF632E24000-memory.dmp	upx
behavioral2/files/0x000a000000023ba3-86.dat	upx
behavioral2/memory/5024-82-0x00007FF699E20000-0x00007FF69A174000-memory.dmp	upx
behavioral2/memory/1744-78-0x00007FF6FE030000-0x00007FF6FE384000-memory.dmp	upx
behavioral2/memory/3584-75-0x00007FF6A5700000-0x00007FF6A5A54000-memory.dmp	upx
behavioral2/memory/4636-66-0x00007FF70A7B0000-0x00007FF70AB04000-memory.dmp	upx
behavioral2/memory/3972-632-0x00007FF7FF6F0000-0x00007FF7FFA44000-memory.dmp	upx
behavioral2/memory/1544-628-0x00007FF7689B0000-0x00007FF768D04000-memory.dmp	upx
behavioral2/memory/4052-625-0x00007FF65CA30000-0x00007FF65CD84000-memory.dmp	upx
behavioral2/memory/4732-622-0x00007FF73A190000-0x00007FF73A4E4000-memory.dmp	upx
behavioral2/memory/1948-649-0x00007FF6D41A0000-0x00007FF6D44F4000-memory.dmp	upx
behavioral2/memory/4464-674-0x00007FF660FD0000-0x00007FF661324000-memory.dmp	upx
behavioral2/memory/4508-687-0x00007FF781740000-0x00007FF781A94000-memory.dmp	upx
behavioral2/memory/4048-693-0x00007FF68BA20000-0x00007FF68BD74000-memory.dmp	upx
behavioral2/memory/4420-685-0x00007FF607890000-0x00007FF607BE4000-memory.dmp	upx
behavioral2/memory/4928-683-0x00007FF7E49D0000-0x00007FF7E4D24000-memory.dmp	upx
behavioral2/memory/1864-680-0x00007FF759270000-0x00007FF7595C4000-memory.dmp	upx
behavioral2/memory/4560-673-0x00007FF7C6B80000-0x00007FF7C6ED4000-memory.dmp	upx
behavioral2/memory/1000-671-0x00007FF7DC420000-0x00007FF7DC774000-memory.dmp	upx
behavioral2/memory/1252-663-0x00007FF7F6C70000-0x00007FF7F6FC4000-memory.dmp	upx
behavioral2/memory/3928-653-0x00007FF78AF90000-0x00007FF78B2E4000-memory.dmp	upx
behavioral2/memory/4876-638-0x00007FF77A570000-0x00007FF77A8C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FcNGnbt.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\KzkPhlh.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\qmpjwfC.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\ZlnNnIf.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\kIWtZTg.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\TfHqalr.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\ytEiGhg.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\TAdWxfh.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\pxIFPsF.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\kMQgmYL.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\OBUBSRZ.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\uNwxgZf.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\sgmGpdI.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\qCyhplf.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\vghwUNM.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\kUWiOlD.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\HSvGFKk.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\nxRSQyX.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\CDIsjEx.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\dpINJiN.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\wQEpqAu.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\OjZQPie.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\ZtmAcnj.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\IEbMjyo.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\yXvDTEb.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\OhQpqzA.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\NuDoFgH.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\amakBUd.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\TWPNimP.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\addWZFr.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\jUlQXET.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\HYVIQiz.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\ykxEzVN.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\WEFCjbv.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\gsTNHMf.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\bcucZHK.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\PEZZmck.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\DGKopXx.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\PYSjFxd.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\HdaMvuE.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\sdObVgU.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\GYFUIqB.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\IgwqqBx.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\ywIwJMr.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\ulFcqqk.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\MtsDoWq.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\qSeghjP.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\KxvFnCl.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\HiyFvNS.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\xVmYEVR.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\nwzSImV.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\bCYySXZ.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\ncTuNRT.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\wzmxQKo.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\QeWKHtG.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\xHabpev.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\HoXNBZN.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\MgYkdrq.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\JvNQZOp.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\oqPDMpz.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\PNPQwmZ.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\cfxbDQY.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\pkYvtss.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
File created	C:\Windows\System\KikHegQ.exe	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15232	dwm.exe
Token: SeChangeNotifyPrivilege	15232	dwm.exe
Token: 33	15232	dwm.exe
Token: SeIncBasePriorityPrivilege	15232	dwm.exe
Token: SeShutdownPrivilege	15232	dwm.exe
Token: SeCreatePagefilePrivilege	15232	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 4964	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	85
PID 4420 wrote to memory of 4964	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	85
PID 4420 wrote to memory of 3320	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	86
PID 4420 wrote to memory of 3320	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	86
PID 4420 wrote to memory of 2532	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	87
PID 4420 wrote to memory of 2532	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	87
PID 4420 wrote to memory of 4932	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	88
PID 4420 wrote to memory of 4932	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	88
PID 4420 wrote to memory of 4664	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	89
PID 4420 wrote to memory of 4664	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	89
PID 4420 wrote to memory of 4792	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	90
PID 4420 wrote to memory of 4792	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	90
PID 4420 wrote to memory of 2948	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	91
PID 4420 wrote to memory of 2948	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	91
PID 4420 wrote to memory of 4948	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	92
PID 4420 wrote to memory of 4948	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	92
PID 4420 wrote to memory of 4636	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	93
PID 4420 wrote to memory of 4636	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	93
PID 4420 wrote to memory of 4864	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	94
PID 4420 wrote to memory of 4864	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	94
PID 4420 wrote to memory of 3584	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	95
PID 4420 wrote to memory of 3584	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	95
PID 4420 wrote to memory of 1744	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	96
PID 4420 wrote to memory of 1744	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	96
PID 4420 wrote to memory of 3664	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	97
PID 4420 wrote to memory of 3664	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	97
PID 4420 wrote to memory of 4732	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	98
PID 4420 wrote to memory of 4732	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	98
PID 4420 wrote to memory of 5024	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	99
PID 4420 wrote to memory of 5024	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	99
PID 4420 wrote to memory of 4052	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	100
PID 4420 wrote to memory of 4052	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	100
PID 4420 wrote to memory of 4508	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	101
PID 4420 wrote to memory of 4508	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	101
PID 4420 wrote to memory of 4048	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	102
PID 4420 wrote to memory of 4048	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	102
PID 4420 wrote to memory of 1544	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	103
PID 4420 wrote to memory of 1544	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	103
PID 4420 wrote to memory of 3972	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	104
PID 4420 wrote to memory of 3972	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	104
PID 4420 wrote to memory of 4876	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	105
PID 4420 wrote to memory of 4876	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	105
PID 4420 wrote to memory of 1948	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	106
PID 4420 wrote to memory of 1948	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	106
PID 4420 wrote to memory of 3928	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	107
PID 4420 wrote to memory of 3928	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	107
PID 4420 wrote to memory of 1252	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	108
PID 4420 wrote to memory of 1252	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	108
PID 4420 wrote to memory of 1000	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	109
PID 4420 wrote to memory of 1000	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	109
PID 4420 wrote to memory of 4560	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	110
PID 4420 wrote to memory of 4560	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	110
PID 4420 wrote to memory of 4464	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	111
PID 4420 wrote to memory of 4464	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	111
PID 4420 wrote to memory of 1864	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	112
PID 4420 wrote to memory of 1864	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	112
PID 4420 wrote to memory of 4928	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	113
PID 4420 wrote to memory of 4928	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	113
PID 4420 wrote to memory of 5020	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	114
PID 4420 wrote to memory of 5020	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	114
PID 4420 wrote to memory of 3616	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	115
PID 4420 wrote to memory of 3616	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	115
PID 4420 wrote to memory of 3464	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	116
PID 4420 wrote to memory of 3464	4420	2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe	116

C:\Users\Admin\AppData\Local\Temp\2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\2c8cb3a881f69d57efb16fa6f1e06db0_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\System\MARoOPu.exe
  C:\Windows\System\MARoOPu.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\ffLRPVt.exe
  C:\Windows\System\ffLRPVt.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\iioTuRn.exe
  C:\Windows\System\iioTuRn.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\qCyhplf.exe
  C:\Windows\System\qCyhplf.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\bCYySXZ.exe
  C:\Windows\System\bCYySXZ.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\MppaQlz.exe
  C:\Windows\System\MppaQlz.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\LVXEqxI.exe
  C:\Windows\System\LVXEqxI.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\vuIRxch.exe
  C:\Windows\System\vuIRxch.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\fnHIGNP.exe
  C:\Windows\System\fnHIGNP.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\tUXkTTg.exe
  C:\Windows\System\tUXkTTg.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\afnlfEL.exe
  C:\Windows\System\afnlfEL.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\EvLKFOE.exe
  C:\Windows\System\EvLKFOE.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\exkgOsq.exe
  C:\Windows\System\exkgOsq.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\BVAqniH.exe
  C:\Windows\System\BVAqniH.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\bFcCXMY.exe
  C:\Windows\System\bFcCXMY.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\mKupRLO.exe
  C:\Windows\System\mKupRLO.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\PYNNdrV.exe
  C:\Windows\System\PYNNdrV.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\MBKBHaj.exe
  C:\Windows\System\MBKBHaj.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\dvSSerV.exe
  C:\Windows\System\dvSSerV.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\LQHmZkd.exe
  C:\Windows\System\LQHmZkd.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\MsJdqpY.exe
  C:\Windows\System\MsJdqpY.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\nYYQpOO.exe
  C:\Windows\System\nYYQpOO.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\NFHXPqb.exe
  C:\Windows\System\NFHXPqb.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\WtYnTrY.exe
  C:\Windows\System\WtYnTrY.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\OBUBSRZ.exe
  C:\Windows\System\OBUBSRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\lLpgnZC.exe
  C:\Windows\System\lLpgnZC.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\jRDezJQ.exe
  C:\Windows\System\jRDezJQ.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\fkXWMfh.exe
  C:\Windows\System\fkXWMfh.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\KikHegQ.exe
  C:\Windows\System\KikHegQ.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\ixjDlLF.exe
  C:\Windows\System\ixjDlLF.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\DMhghEs.exe
  C:\Windows\System\DMhghEs.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\zVoJTJA.exe
  C:\Windows\System\zVoJTJA.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\GdgZpAk.exe
  C:\Windows\System\GdgZpAk.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\hBZTOgC.exe
  C:\Windows\System\hBZTOgC.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\vpyTcoh.exe
  C:\Windows\System\vpyTcoh.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\sGipIpa.exe
  C:\Windows\System\sGipIpa.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\TRESkNb.exe
  C:\Windows\System\TRESkNb.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\rDvlWYf.exe
  C:\Windows\System\rDvlWYf.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\MCAchdb.exe
  C:\Windows\System\MCAchdb.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\addWZFr.exe
  C:\Windows\System\addWZFr.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\ShVWZCg.exe
  C:\Windows\System\ShVWZCg.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\ZpXjVCs.exe
  C:\Windows\System\ZpXjVCs.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\DLyGEVb.exe
  C:\Windows\System\DLyGEVb.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\QwCqADI.exe
  C:\Windows\System\QwCqADI.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\shQkqlF.exe
  C:\Windows\System\shQkqlF.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\cNpbrxq.exe
  C:\Windows\System\cNpbrxq.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\IEbMjyo.exe
  C:\Windows\System\IEbMjyo.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\mvdcBYa.exe
  C:\Windows\System\mvdcBYa.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\sdGojmi.exe
  C:\Windows\System\sdGojmi.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\HxcaDwU.exe
  C:\Windows\System\HxcaDwU.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ZNwimvB.exe
  C:\Windows\System\ZNwimvB.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\FEBBrDo.exe
  C:\Windows\System\FEBBrDo.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\JqYxIpi.exe
  C:\Windows\System\JqYxIpi.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\hhsxJai.exe
  C:\Windows\System\hhsxJai.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\OcfbNCm.exe
  C:\Windows\System\OcfbNCm.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\vycKokK.exe
  C:\Windows\System\vycKokK.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\LKfhoIf.exe
  C:\Windows\System\LKfhoIf.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\OSXeREO.exe
  C:\Windows\System\OSXeREO.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\oTsBMzH.exe
  C:\Windows\System\oTsBMzH.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\MlWRPdC.exe
  C:\Windows\System\MlWRPdC.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\aQwBLxf.exe
  C:\Windows\System\aQwBLxf.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\ZbCcvKr.exe
  C:\Windows\System\ZbCcvKr.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\PCugfPr.exe
  C:\Windows\System\PCugfPr.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\tFdngXU.exe
  C:\Windows\System\tFdngXU.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\vKTkOGx.exe
  C:\Windows\System\vKTkOGx.exe
  2⤵
  PID:1724
- C:\Windows\System\MDrvUaa.exe
  C:\Windows\System\MDrvUaa.exe
  2⤵
  PID:460
- C:\Windows\System\doQMxwN.exe
  C:\Windows\System\doQMxwN.exe
  2⤵
  PID:2476
- C:\Windows\System\sdObVgU.exe
  C:\Windows\System\sdObVgU.exe
  2⤵
  PID:4476
- C:\Windows\System\XwnuIPX.exe
  C:\Windows\System\XwnuIPX.exe
  2⤵
  PID:1428
- C:\Windows\System\BkqlUug.exe
  C:\Windows\System\BkqlUug.exe
  2⤵
  PID:2716
- C:\Windows\System\TSpEEFJ.exe
  C:\Windows\System\TSpEEFJ.exe
  2⤵
  PID:1792
- C:\Windows\System\FLLzCew.exe
  C:\Windows\System\FLLzCew.exe
  2⤵
  PID:3504
- C:\Windows\System\VqCFlHF.exe
  C:\Windows\System\VqCFlHF.exe
  2⤵
  PID:4008
- C:\Windows\System\AThwneP.exe
  C:\Windows\System\AThwneP.exe
  2⤵
  PID:1892
- C:\Windows\System\nbFGYin.exe
  C:\Windows\System\nbFGYin.exe
  2⤵
  PID:4456
- C:\Windows\System\yosqTHP.exe
  C:\Windows\System\yosqTHP.exe
  2⤵
  PID:3524
- C:\Windows\System\ziwadPO.exe
  C:\Windows\System\ziwadPO.exe
  2⤵
  PID:2284
- C:\Windows\System\sxhtVlC.exe
  C:\Windows\System\sxhtVlC.exe
  2⤵
  PID:4804
- C:\Windows\System\iJVdyVp.exe
  C:\Windows\System\iJVdyVp.exe
  2⤵
  PID:3476
- C:\Windows\System\QFgpqme.exe
  C:\Windows\System\QFgpqme.exe
  2⤵
  PID:316
- C:\Windows\System\xzxnfLZ.exe
  C:\Windows\System\xzxnfLZ.exe
  2⤵
  PID:5132
- C:\Windows\System\yqvCpZS.exe
  C:\Windows\System\yqvCpZS.exe
  2⤵
  PID:5160
- C:\Windows\System\wxpAYuw.exe
  C:\Windows\System\wxpAYuw.exe
  2⤵
  PID:5188
- C:\Windows\System\PanvIfR.exe
  C:\Windows\System\PanvIfR.exe
  2⤵
  PID:5216
- C:\Windows\System\duwSHOs.exe
  C:\Windows\System\duwSHOs.exe
  2⤵
  PID:5244
- C:\Windows\System\gsTNHMf.exe
  C:\Windows\System\gsTNHMf.exe
  2⤵
  PID:5272
- C:\Windows\System\mEdJpYi.exe
  C:\Windows\System\mEdJpYi.exe
  2⤵
  PID:5300
- C:\Windows\System\uzPnZme.exe
  C:\Windows\System\uzPnZme.exe
  2⤵
  PID:5328
- C:\Windows\System\dxWhLCI.exe
  C:\Windows\System\dxWhLCI.exe
  2⤵
  PID:5352
- C:\Windows\System\MgYkdrq.exe
  C:\Windows\System\MgYkdrq.exe
  2⤵
  PID:5384
- C:\Windows\System\nzGHmas.exe
  C:\Windows\System\nzGHmas.exe
  2⤵
  PID:5412
- C:\Windows\System\VWjddFV.exe
  C:\Windows\System\VWjddFV.exe
  2⤵
  PID:5436
- C:\Windows\System\eQlPOIr.exe
  C:\Windows\System\eQlPOIr.exe
  2⤵
  PID:5464
- C:\Windows\System\qXmZupk.exe
  C:\Windows\System\qXmZupk.exe
  2⤵
  PID:5492
- C:\Windows\System\xYIJDOK.exe
  C:\Windows\System\xYIJDOK.exe
  2⤵
  PID:5520
- C:\Windows\System\DBlKoEd.exe
  C:\Windows\System\DBlKoEd.exe
  2⤵
  PID:5548
- C:\Windows\System\rXEnQri.exe
  C:\Windows\System\rXEnQri.exe
  2⤵
  PID:5576
- C:\Windows\System\QFAsDeL.exe
  C:\Windows\System\QFAsDeL.exe
  2⤵
  PID:5604
- C:\Windows\System\sUxfPBv.exe
  C:\Windows\System\sUxfPBv.exe
  2⤵
  PID:5632
- C:\Windows\System\wQEpqAu.exe
  C:\Windows\System\wQEpqAu.exe
  2⤵
  PID:5660
- C:\Windows\System\bdpekRM.exe
  C:\Windows\System\bdpekRM.exe
  2⤵
  PID:5688
- C:\Windows\System\xKTJAFD.exe
  C:\Windows\System\xKTJAFD.exe
  2⤵
  PID:5716
- C:\Windows\System\kknDIfe.exe
  C:\Windows\System\kknDIfe.exe
  2⤵
  PID:5744
- C:\Windows\System\PWWrCcm.exe
  C:\Windows\System\PWWrCcm.exe
  2⤵
  PID:5772
- C:\Windows\System\MtsDoWq.exe
  C:\Windows\System\MtsDoWq.exe
  2⤵
  PID:5800
- C:\Windows\System\BCuvawi.exe
  C:\Windows\System\BCuvawi.exe
  2⤵
  PID:5828
- C:\Windows\System\wpZjLPJ.exe
  C:\Windows\System\wpZjLPJ.exe
  2⤵
  PID:5856
- C:\Windows\System\lKKPSSs.exe
  C:\Windows\System\lKKPSSs.exe
  2⤵
  PID:5884
- C:\Windows\System\cfQlIJt.exe
  C:\Windows\System\cfQlIJt.exe
  2⤵
  PID:5912
- C:\Windows\System\ndyqtet.exe
  C:\Windows\System\ndyqtet.exe
  2⤵
  PID:5940
- C:\Windows\System\kIWtZTg.exe
  C:\Windows\System\kIWtZTg.exe
  2⤵
  PID:5968
- C:\Windows\System\hwsgAyY.exe
  C:\Windows\System\hwsgAyY.exe
  2⤵
  PID:5996
- C:\Windows\System\kDkAviB.exe
  C:\Windows\System\kDkAviB.exe
  2⤵
  PID:6016
- C:\Windows\System\NqHlBgQ.exe
  C:\Windows\System\NqHlBgQ.exe
  2⤵
  PID:6044
- C:\Windows\System\mXuaMYg.exe
  C:\Windows\System\mXuaMYg.exe
  2⤵
  PID:6072
- C:\Windows\System\ylQQdyP.exe
  C:\Windows\System\ylQQdyP.exe
  2⤵
  PID:6100
- C:\Windows\System\EmpyjBF.exe
  C:\Windows\System\EmpyjBF.exe
  2⤵
  PID:6128
- C:\Windows\System\XNhPCYq.exe
  C:\Windows\System\XNhPCYq.exe
  2⤵
  PID:2960
- C:\Windows\System\LUZNLma.exe
  C:\Windows\System\LUZNLma.exe
  2⤵
  PID:3680
- C:\Windows\System\GgmxmgY.exe
  C:\Windows\System\GgmxmgY.exe
  2⤵
  PID:2256
- C:\Windows\System\WEFCjbv.exe
  C:\Windows\System\WEFCjbv.exe
  2⤵
  PID:5124
- C:\Windows\System\xxQWkJX.exe
  C:\Windows\System\xxQWkJX.exe
  2⤵
  PID:5284
- C:\Windows\System\xcRWljV.exe
  C:\Windows\System\xcRWljV.exe
  2⤵
  PID:5316
- C:\Windows\System\qNtQQKT.exe
  C:\Windows\System\qNtQQKT.exe
  2⤵
  PID:5348
- C:\Windows\System\JDHFWXz.exe
  C:\Windows\System\JDHFWXz.exe
  2⤵
  PID:5404
- C:\Windows\System\RtiBFiY.exe
  C:\Windows\System\RtiBFiY.exe
  2⤵
  PID:5480
- C:\Windows\System\zefPjJt.exe
  C:\Windows\System\zefPjJt.exe
  2⤵
  PID:5540
- C:\Windows\System\lvMZLpA.exe
  C:\Windows\System\lvMZLpA.exe
  2⤵
  PID:5600
- C:\Windows\System\xHaIHJD.exe
  C:\Windows\System\xHaIHJD.exe
  2⤵
  PID:5676
- C:\Windows\System\pwZrZqm.exe
  C:\Windows\System\pwZrZqm.exe
  2⤵
  PID:5736
- C:\Windows\System\tUCMcTj.exe
  C:\Windows\System\tUCMcTj.exe
  2⤵
  PID:5796
- C:\Windows\System\WiWwhpD.exe
  C:\Windows\System\WiWwhpD.exe
  2⤵
  PID:5872
- C:\Windows\System\QqlHhXd.exe
  C:\Windows\System\QqlHhXd.exe
  2⤵
  PID:5932
- C:\Windows\System\QTsTyUj.exe
  C:\Windows\System\QTsTyUj.exe
  2⤵
  PID:5964
- C:\Windows\System\nxkPspN.exe
  C:\Windows\System\nxkPspN.exe
  2⤵
  PID:6032
- C:\Windows\System\kknyzCD.exe
  C:\Windows\System\kknyzCD.exe
  2⤵
  PID:6092
- C:\Windows\System\PAFzFCg.exe
  C:\Windows\System\PAFzFCg.exe
  2⤵
  PID:2032
- C:\Windows\System\RvlBuLr.exe
  C:\Windows\System\RvlBuLr.exe
  2⤵
  PID:4612
- C:\Windows\System\ZTRBtsI.exe
  C:\Windows\System\ZTRBtsI.exe
  2⤵
  PID:5200
- C:\Windows\System\CQkPOUX.exe
  C:\Windows\System\CQkPOUX.exe
  2⤵
  PID:5400
- C:\Windows\System\ywaOHYO.exe
  C:\Windows\System\ywaOHYO.exe
  2⤵
  PID:5536
- C:\Windows\System\uTygsFi.exe
  C:\Windows\System\uTygsFi.exe
  2⤵
  PID:5708
- C:\Windows\System\HEHgfbR.exe
  C:\Windows\System\HEHgfbR.exe
  2⤵
  PID:5848
- C:\Windows\System\EFcymTe.exe
  C:\Windows\System\EFcymTe.exe
  2⤵
  PID:5960
- C:\Windows\System\PJilOoj.exe
  C:\Windows\System\PJilOoj.exe
  2⤵
  PID:4996
- C:\Windows\System\GEZEvKV.exe
  C:\Windows\System\GEZEvKV.exe
  2⤵
  PID:5172
- C:\Windows\System\IbJEmsH.exe
  C:\Windows\System\IbJEmsH.exe
  2⤵
  PID:5460
- C:\Windows\System\aNrExqz.exe
  C:\Windows\System\aNrExqz.exe
  2⤵
  PID:6172
- C:\Windows\System\osytMud.exe
  C:\Windows\System\osytMud.exe
  2⤵
  PID:6200
- C:\Windows\System\DvKNrrX.exe
  C:\Windows\System\DvKNrrX.exe
  2⤵
  PID:6228
- C:\Windows\System\PJuzDmL.exe
  C:\Windows\System\PJuzDmL.exe
  2⤵
  PID:6256
- C:\Windows\System\XZUxugQ.exe
  C:\Windows\System\XZUxugQ.exe
  2⤵
  PID:6284
- C:\Windows\System\wZIavzt.exe
  C:\Windows\System\wZIavzt.exe
  2⤵
  PID:6312
- C:\Windows\System\neqBRPV.exe
  C:\Windows\System\neqBRPV.exe
  2⤵
  PID:6340
- C:\Windows\System\dpINJiN.exe
  C:\Windows\System\dpINJiN.exe
  2⤵
  PID:6368
- C:\Windows\System\qQSAngP.exe
  C:\Windows\System\qQSAngP.exe
  2⤵
  PID:6396
- C:\Windows\System\PgUVMzm.exe
  C:\Windows\System\PgUVMzm.exe
  2⤵
  PID:6424
- C:\Windows\System\GfCqFLK.exe
  C:\Windows\System\GfCqFLK.exe
  2⤵
  PID:6452
- C:\Windows\System\TXDyNoL.exe
  C:\Windows\System\TXDyNoL.exe
  2⤵
  PID:6480
- C:\Windows\System\PYZYsef.exe
  C:\Windows\System\PYZYsef.exe
  2⤵
  PID:6508
- C:\Windows\System\qjsdDMS.exe
  C:\Windows\System\qjsdDMS.exe
  2⤵
  PID:6536
- C:\Windows\System\ACZDPLD.exe
  C:\Windows\System\ACZDPLD.exe
  2⤵
  PID:6564
- C:\Windows\System\HoXNBZN.exe
  C:\Windows\System\HoXNBZN.exe
  2⤵
  PID:6592
- C:\Windows\System\HQWIRls.exe
  C:\Windows\System\HQWIRls.exe
  2⤵
  PID:6620
- C:\Windows\System\dWwYCwQ.exe
  C:\Windows\System\dWwYCwQ.exe
  2⤵
  PID:6648
- C:\Windows\System\DbKdoXW.exe
  C:\Windows\System\DbKdoXW.exe
  2⤵
  PID:6676
- C:\Windows\System\nxRSQyX.exe
  C:\Windows\System\nxRSQyX.exe
  2⤵
  PID:6704
- C:\Windows\System\EbGdCWB.exe
  C:\Windows\System\EbGdCWB.exe
  2⤵
  PID:6732
- C:\Windows\System\VIHdYkm.exe
  C:\Windows\System\VIHdYkm.exe
  2⤵
  PID:6760
- C:\Windows\System\ihjCqhD.exe
  C:\Windows\System\ihjCqhD.exe
  2⤵
  PID:6788
- C:\Windows\System\zYOzpYM.exe
  C:\Windows\System\zYOzpYM.exe
  2⤵
  PID:6816
- C:\Windows\System\VTizqlt.exe
  C:\Windows\System\VTizqlt.exe
  2⤵
  PID:6840
- C:\Windows\System\lytYZkJ.exe
  C:\Windows\System\lytYZkJ.exe
  2⤵
  PID:6872
- C:\Windows\System\NxjsFQf.exe
  C:\Windows\System\NxjsFQf.exe
  2⤵
  PID:6900
- C:\Windows\System\LtGtUFL.exe
  C:\Windows\System\LtGtUFL.exe
  2⤵
  PID:6928
- C:\Windows\System\RyhKFyG.exe
  C:\Windows\System\RyhKFyG.exe
  2⤵
  PID:6956
- C:\Windows\System\bcucZHK.exe
  C:\Windows\System\bcucZHK.exe
  2⤵
  PID:6984
- C:\Windows\System\zcdGaDT.exe
  C:\Windows\System\zcdGaDT.exe
  2⤵
  PID:7012
- C:\Windows\System\luWBZfn.exe
  C:\Windows\System\luWBZfn.exe
  2⤵
  PID:7040
- C:\Windows\System\jMKrQtw.exe
  C:\Windows\System\jMKrQtw.exe
  2⤵
  PID:7068
- C:\Windows\System\TfHqalr.exe
  C:\Windows\System\TfHqalr.exe
  2⤵
  PID:7124
- C:\Windows\System\IzKpoDN.exe
  C:\Windows\System\IzKpoDN.exe
  2⤵
  PID:7160
- C:\Windows\System\rGWrSnt.exe
  C:\Windows\System\rGWrSnt.exe
  2⤵
  PID:6012
- C:\Windows\System\lqqanHP.exe
  C:\Windows\System\lqqanHP.exe
  2⤵
  PID:2840
- C:\Windows\System\UtXWvvJ.exe
  C:\Windows\System\UtXWvvJ.exe
  2⤵
  PID:4392
- C:\Windows\System\GGCQCYR.exe
  C:\Windows\System\GGCQCYR.exe
  2⤵
  PID:6188
- C:\Windows\System\TwvlhuI.exe
  C:\Windows\System\TwvlhuI.exe
  2⤵
  PID:3044
- C:\Windows\System\TcJjXnH.exe
  C:\Windows\System\TcJjXnH.exe
  2⤵
  PID:6276
- C:\Windows\System\YjVlgny.exe
  C:\Windows\System\YjVlgny.exe
  2⤵
  PID:6352
- C:\Windows\System\gCuvoaW.exe
  C:\Windows\System\gCuvoaW.exe
  2⤵
  PID:6384
- C:\Windows\System\ZcEhMUw.exe
  C:\Windows\System\ZcEhMUw.exe
  2⤵
  PID:6472
- C:\Windows\System\GBVcAiU.exe
  C:\Windows\System\GBVcAiU.exe
  2⤵
  PID:4812
- C:\Windows\System\SiQLxeG.exe
  C:\Windows\System\SiQLxeG.exe
  2⤵
  PID:3824
- C:\Windows\System\cFRktFO.exe
  C:\Windows\System\cFRktFO.exe
  2⤵
  PID:6664
- C:\Windows\System\iwfgiLd.exe
  C:\Windows\System\iwfgiLd.exe
  2⤵
  PID:6744
- C:\Windows\System\uOvorRB.exe
  C:\Windows\System\uOvorRB.exe
  2⤵
  PID:6800
- C:\Windows\System\vlFOGJE.exe
  C:\Windows\System\vlFOGJE.exe
  2⤵
  PID:6856
- C:\Windows\System\TzBNkyI.exe
  C:\Windows\System\TzBNkyI.exe
  2⤵
  PID:6892
- C:\Windows\System\ynbRwyT.exe
  C:\Windows\System\ynbRwyT.exe
  2⤵
  PID:3764
- C:\Windows\System\gFaIuET.exe
  C:\Windows\System\gFaIuET.exe
  2⤵
  PID:6968
- C:\Windows\System\bJsUWSx.exe
  C:\Windows\System\bJsUWSx.exe
  2⤵
  PID:4836
- C:\Windows\System\KHDREvD.exe
  C:\Windows\System\KHDREvD.exe
  2⤵
  PID:7148
- C:\Windows\System\RcfxMwt.exe
  C:\Windows\System\RcfxMwt.exe
  2⤵
  PID:6160
- C:\Windows\System\ealSCJa.exe
  C:\Windows\System\ealSCJa.exe
  2⤵
  PID:6248
- C:\Windows\System\yXvDTEb.exe
  C:\Windows\System\yXvDTEb.exe
  2⤵
  PID:6360
- C:\Windows\System\EorjZRE.exe
  C:\Windows\System\EorjZRE.exe
  2⤵
  PID:6660
- C:\Windows\System\glsqUhb.exe
  C:\Windows\System\glsqUhb.exe
  2⤵
  PID:6832
- C:\Windows\System\cVyFZHi.exe
  C:\Windows\System\cVyFZHi.exe
  2⤵
  PID:6916
- C:\Windows\System\ItaGDxH.exe
  C:\Windows\System\ItaGDxH.exe
  2⤵
  PID:7000
- C:\Windows\System\XamvHGB.exe
  C:\Windows\System\XamvHGB.exe
  2⤵
  PID:6220
- C:\Windows\System\NztxTca.exe
  C:\Windows\System\NztxTca.exe
  2⤵
  PID:6776
- C:\Windows\System\poQJvyu.exe
  C:\Windows\System\poQJvyu.exe
  2⤵
  PID:5908
- C:\Windows\System\MfhdARF.exe
  C:\Windows\System\MfhdARF.exe
  2⤵
  PID:5340
- C:\Windows\System\GYFUIqB.exe
  C:\Windows\System\GYFUIqB.exe
  2⤵
  PID:6780
- C:\Windows\System\aAIlLRf.exe
  C:\Windows\System\aAIlLRf.exe
  2⤵
  PID:1572
- C:\Windows\System\ZcohPwT.exe
  C:\Windows\System\ZcohPwT.exe
  2⤵
  PID:5792
- C:\Windows\System\hPiivRg.exe
  C:\Windows\System\hPiivRg.exe
  2⤵
  PID:5768
- C:\Windows\System\IpFjNxZ.exe
  C:\Windows\System\IpFjNxZ.exe
  2⤵
  PID:6444
- C:\Windows\System\rELculC.exe
  C:\Windows\System\rELculC.exe
  2⤵
  PID:7172
- C:\Windows\System\XkqzykP.exe
  C:\Windows\System\XkqzykP.exe
  2⤵
  PID:7236
- C:\Windows\System\NYsFWRW.exe
  C:\Windows\System\NYsFWRW.exe
  2⤵
  PID:7264
- C:\Windows\System\Ilewwxq.exe
  C:\Windows\System\Ilewwxq.exe
  2⤵
  PID:7280
- C:\Windows\System\TtiupAV.exe
  C:\Windows\System\TtiupAV.exe
  2⤵
  PID:7308
- C:\Windows\System\BtbcHTJ.exe
  C:\Windows\System\BtbcHTJ.exe
  2⤵
  PID:7324
- C:\Windows\System\BRdWIcF.exe
  C:\Windows\System\BRdWIcF.exe
  2⤵
  PID:7344
- C:\Windows\System\OEkPWTc.exe
  C:\Windows\System\OEkPWTc.exe
  2⤵
  PID:7368
- C:\Windows\System\WULlPHz.exe
  C:\Windows\System\WULlPHz.exe
  2⤵
  PID:7400
- C:\Windows\System\pXQeJCo.exe
  C:\Windows\System\pXQeJCo.exe
  2⤵
  PID:7436
- C:\Windows\System\VjVsoBV.exe
  C:\Windows\System\VjVsoBV.exe
  2⤵
  PID:7476
- C:\Windows\System\HvZRtxa.exe
  C:\Windows\System\HvZRtxa.exe
  2⤵
  PID:7492
- C:\Windows\System\ScIFBte.exe
  C:\Windows\System\ScIFBte.exe
  2⤵
  PID:7520
- C:\Windows\System\bBcBpSA.exe
  C:\Windows\System\bBcBpSA.exe
  2⤵
  PID:7544
- C:\Windows\System\RirCayp.exe
  C:\Windows\System\RirCayp.exe
  2⤵
  PID:7600
- C:\Windows\System\QnGGegd.exe
  C:\Windows\System\QnGGegd.exe
  2⤵
  PID:7628
- C:\Windows\System\bLVACTX.exe
  C:\Windows\System\bLVACTX.exe
  2⤵
  PID:7648
- C:\Windows\System\xfvqSBp.exe
  C:\Windows\System\xfvqSBp.exe
  2⤵
  PID:7684
- C:\Windows\System\UFMQZdu.exe
  C:\Windows\System\UFMQZdu.exe
  2⤵
  PID:7720
- C:\Windows\System\qPgTOza.exe
  C:\Windows\System\qPgTOza.exe
  2⤵
  PID:7736
- C:\Windows\System\FqhdYfU.exe
  C:\Windows\System\FqhdYfU.exe
  2⤵
  PID:7772
- C:\Windows\System\ytEiGhg.exe
  C:\Windows\System\ytEiGhg.exe
  2⤵
  PID:7792
- C:\Windows\System\FvtrAVt.exe
  C:\Windows\System\FvtrAVt.exe
  2⤵
  PID:7828
- C:\Windows\System\XjAcmEj.exe
  C:\Windows\System\XjAcmEj.exe
  2⤵
  PID:7872
- C:\Windows\System\AVIxuEW.exe
  C:\Windows\System\AVIxuEW.exe
  2⤵
  PID:7900
- C:\Windows\System\fJodRlC.exe
  C:\Windows\System\fJodRlC.exe
  2⤵
  PID:7932
- C:\Windows\System\vAfLnDC.exe
  C:\Windows\System\vAfLnDC.exe
  2⤵
  PID:7960
- C:\Windows\System\tsXizfC.exe
  C:\Windows\System\tsXizfC.exe
  2⤵
  PID:7988
- C:\Windows\System\CDIsjEx.exe
  C:\Windows\System\CDIsjEx.exe
  2⤵
  PID:8004
- C:\Windows\System\aNAdHhR.exe
  C:\Windows\System\aNAdHhR.exe
  2⤵
  PID:8036
- C:\Windows\System\FcNGnbt.exe
  C:\Windows\System\FcNGnbt.exe
  2⤵
  PID:8060
- C:\Windows\System\zHLDHCj.exe
  C:\Windows\System\zHLDHCj.exe
  2⤵
  PID:8100
- C:\Windows\System\CRMqoMD.exe
  C:\Windows\System\CRMqoMD.exe
  2⤵
  PID:8128
- C:\Windows\System\jFsZvtg.exe
  C:\Windows\System\jFsZvtg.exe
  2⤵
  PID:8160
- C:\Windows\System\JvNQZOp.exe
  C:\Windows\System\JvNQZOp.exe
  2⤵
  PID:8176
- C:\Windows\System\qSeghjP.exe
  C:\Windows\System\qSeghjP.exe
  2⤵
  PID:7188
- C:\Windows\System\XVWgzcW.exe
  C:\Windows\System\XVWgzcW.exe
  2⤵
  PID:7232
- C:\Windows\System\AsAhpOs.exe
  C:\Windows\System\AsAhpOs.exe
  2⤵
  PID:7316
- C:\Windows\System\GEeSQTP.exe
  C:\Windows\System\GEeSQTP.exe
  2⤵
  PID:7380
- C:\Windows\System\oqPDMpz.exe
  C:\Windows\System\oqPDMpz.exe
  2⤵
  PID:7464
- C:\Windows\System\kkKDDPn.exe
  C:\Windows\System\kkKDDPn.exe
  2⤵
  PID:7508
- C:\Windows\System\GUftlvs.exe
  C:\Windows\System\GUftlvs.exe
  2⤵
  PID:7596
- C:\Windows\System\ncTuNRT.exe
  C:\Windows\System\ncTuNRT.exe
  2⤵
  PID:7644
- C:\Windows\System\VvSqwQX.exe
  C:\Windows\System\VvSqwQX.exe
  2⤵
  PID:7696
- C:\Windows\System\cwpAKzX.exe
  C:\Windows\System\cwpAKzX.exe
  2⤵
  PID:7768
- C:\Windows\System\BfnqVyq.exe
  C:\Windows\System\BfnqVyq.exe
  2⤵
  PID:7848
- C:\Windows\System\vwLJQyN.exe
  C:\Windows\System\vwLJQyN.exe
  2⤵
  PID:7916
- C:\Windows\System\VNDKJym.exe
  C:\Windows\System\VNDKJym.exe
  2⤵
  PID:8056
- C:\Windows\System\ZFLjXSq.exe
  C:\Windows\System\ZFLjXSq.exe
  2⤵
  PID:8140
- C:\Windows\System\FDlafXf.exe
  C:\Windows\System\FDlafXf.exe
  2⤵
  PID:8172
- C:\Windows\System\zWtqfjH.exe
  C:\Windows\System\zWtqfjH.exe
  2⤵
  PID:7208
- C:\Windows\System\hnQxGCg.exe
  C:\Windows\System\hnQxGCg.exe
  2⤵
  PID:7384
- C:\Windows\System\jUlQXET.exe
  C:\Windows\System\jUlQXET.exe
  2⤵
  PID:7588
- C:\Windows\System\RaLlwtu.exe
  C:\Windows\System\RaLlwtu.exe
  2⤵
  PID:7732
- C:\Windows\System\UbWDcjx.exe
  C:\Windows\System\UbWDcjx.exe
  2⤵
  PID:7980
- C:\Windows\System\qRZFvJB.exe
  C:\Windows\System\qRZFvJB.exe
  2⤵
  PID:8120
- C:\Windows\System\niOoCjy.exe
  C:\Windows\System\niOoCjy.exe
  2⤵
  PID:7084
- C:\Windows\System\OhQpqzA.exe
  C:\Windows\System\OhQpqzA.exe
  2⤵
  PID:7320
- C:\Windows\System\VvvDzKW.exe
  C:\Windows\System\VvvDzKW.exe
  2⤵
  PID:7536
- C:\Windows\System\MZpnmCN.exe
  C:\Windows\System\MZpnmCN.exe
  2⤵
  PID:7868
- C:\Windows\System\RzuCYNI.exe
  C:\Windows\System\RzuCYNI.exe
  2⤵
  PID:2096
- C:\Windows\System\ITFGWzN.exe
  C:\Windows\System\ITFGWzN.exe
  2⤵
  PID:6912
- C:\Windows\System\mUhWYMR.exe
  C:\Windows\System\mUhWYMR.exe
  2⤵
  PID:7728
- C:\Windows\System\CArsAuN.exe
  C:\Windows\System\CArsAuN.exe
  2⤵
  PID:6556
- C:\Windows\System\XAJeWWf.exe
  C:\Windows\System\XAJeWWf.exe
  2⤵
  PID:8220
- C:\Windows\System\byNxKst.exe
  C:\Windows\System\byNxKst.exe
  2⤵
  PID:8264
- C:\Windows\System\IgwqqBx.exe
  C:\Windows\System\IgwqqBx.exe
  2⤵
  PID:8288
- C:\Windows\System\langJMc.exe
  C:\Windows\System\langJMc.exe
  2⤵
  PID:8316
- C:\Windows\System\yhamaUK.exe
  C:\Windows\System\yhamaUK.exe
  2⤵
  PID:8340
- C:\Windows\System\HSvGFKk.exe
  C:\Windows\System\HSvGFKk.exe
  2⤵
  PID:8360
- C:\Windows\System\KrtXZKW.exe
  C:\Windows\System\KrtXZKW.exe
  2⤵
  PID:8404
- C:\Windows\System\IydAdlk.exe
  C:\Windows\System\IydAdlk.exe
  2⤵
  PID:8432
- C:\Windows\System\WNgWrbR.exe
  C:\Windows\System\WNgWrbR.exe
  2⤵
  PID:8448
- C:\Windows\System\ShfQroL.exe
  C:\Windows\System\ShfQroL.exe
  2⤵
  PID:8484
- C:\Windows\System\RtcRxBS.exe
  C:\Windows\System\RtcRxBS.exe
  2⤵
  PID:8504
- C:\Windows\System\jitEXUU.exe
  C:\Windows\System\jitEXUU.exe
  2⤵
  PID:8532
- C:\Windows\System\zSHzTZH.exe
  C:\Windows\System\zSHzTZH.exe
  2⤵
  PID:8572
- C:\Windows\System\ywIfbAk.exe
  C:\Windows\System\ywIfbAk.exe
  2⤵
  PID:8604
- C:\Windows\System\ZGuCMku.exe
  C:\Windows\System\ZGuCMku.exe
  2⤵
  PID:8624
- C:\Windows\System\QjssMKv.exe
  C:\Windows\System\QjssMKv.exe
  2⤵
  PID:8656
- C:\Windows\System\YLfHeJK.exe
  C:\Windows\System\YLfHeJK.exe
  2⤵
  PID:8688
- C:\Windows\System\btQaAhn.exe
  C:\Windows\System\btQaAhn.exe
  2⤵
  PID:8720
- C:\Windows\System\oMyFxNa.exe
  C:\Windows\System\oMyFxNa.exe
  2⤵
  PID:8744
- C:\Windows\System\HYVIQiz.exe
  C:\Windows\System\HYVIQiz.exe
  2⤵
  PID:8760
- C:\Windows\System\KdxFFXj.exe
  C:\Windows\System\KdxFFXj.exe
  2⤵
  PID:8776
- C:\Windows\System\QASDeTH.exe
  C:\Windows\System\QASDeTH.exe
  2⤵
  PID:8808
- C:\Windows\System\TtPmgMi.exe
  C:\Windows\System\TtPmgMi.exe
  2⤵
  PID:8840
- C:\Windows\System\seKUpEO.exe
  C:\Windows\System\seKUpEO.exe
  2⤵
  PID:8884
- C:\Windows\System\plVzhdR.exe
  C:\Windows\System\plVzhdR.exe
  2⤵
  PID:8912
- C:\Windows\System\WGbHSmj.exe
  C:\Windows\System\WGbHSmj.exe
  2⤵
  PID:8928
- C:\Windows\System\haGpszB.exe
  C:\Windows\System\haGpszB.exe
  2⤵
  PID:8960
- C:\Windows\System\MbBjgXZ.exe
  C:\Windows\System\MbBjgXZ.exe
  2⤵
  PID:8996
- C:\Windows\System\wzmxQKo.exe
  C:\Windows\System\wzmxQKo.exe
  2⤵
  PID:9024
- C:\Windows\System\ABhZiBr.exe
  C:\Windows\System\ABhZiBr.exe
  2⤵
  PID:9052
- C:\Windows\System\dyYVVoT.exe
  C:\Windows\System\dyYVVoT.exe
  2⤵
  PID:9084
- C:\Windows\System\KAiIfqA.exe
  C:\Windows\System\KAiIfqA.exe
  2⤵
  PID:9100
- C:\Windows\System\yPvcuha.exe
  C:\Windows\System\yPvcuha.exe
  2⤵
  PID:9124
- C:\Windows\System\ahkEggv.exe
  C:\Windows\System\ahkEggv.exe
  2⤵
  PID:9152
- C:\Windows\System\LnnsZwl.exe
  C:\Windows\System\LnnsZwl.exe
  2⤵
  PID:9176
- C:\Windows\System\HdzpqBO.exe
  C:\Windows\System\HdzpqBO.exe
  2⤵
  PID:8076
- C:\Windows\System\gNvhCYN.exe
  C:\Windows\System\gNvhCYN.exe
  2⤵
  PID:8324
- C:\Windows\System\vghwUNM.exe
  C:\Windows\System\vghwUNM.exe
  2⤵
  PID:8420
- C:\Windows\System\FBpNQcD.exe
  C:\Windows\System\FBpNQcD.exe
  2⤵
  PID:8500
- C:\Windows\System\JBnvplo.exe
  C:\Windows\System\JBnvplo.exe
  2⤵
  PID:8520
- C:\Windows\System\ruCjbJW.exe
  C:\Windows\System\ruCjbJW.exe
  2⤵
  PID:8636
- C:\Windows\System\BlskZNx.exe
  C:\Windows\System\BlskZNx.exe
  2⤵
  PID:8708
- C:\Windows\System\foHQLVS.exe
  C:\Windows\System\foHQLVS.exe
  2⤵
  PID:8756
- C:\Windows\System\zdwjwgR.exe
  C:\Windows\System\zdwjwgR.exe
  2⤵
  PID:8860
- C:\Windows\System\BjkmdRd.exe
  C:\Windows\System\BjkmdRd.exe
  2⤵
  PID:8896
- C:\Windows\System\rWuDjWO.exe
  C:\Windows\System\rWuDjWO.exe
  2⤵
  PID:8984
- C:\Windows\System\mCfdXnn.exe
  C:\Windows\System\mCfdXnn.exe
  2⤵
  PID:9064
- C:\Windows\System\pSdEdzi.exe
  C:\Windows\System\pSdEdzi.exe
  2⤵
  PID:3828
- C:\Windows\System\KPNvlPT.exe
  C:\Windows\System\KPNvlPT.exe
  2⤵
  PID:9112
- C:\Windows\System\jeiVByK.exe
  C:\Windows\System\jeiVByK.exe
  2⤵
  PID:4748
- C:\Windows\System\BSeGmAc.exe
  C:\Windows\System\BSeGmAc.exe
  2⤵
  PID:2892
- C:\Windows\System\MVlCxYH.exe
  C:\Windows\System\MVlCxYH.exe
  2⤵
  PID:8472
- C:\Windows\System\GnzNWnp.exe
  C:\Windows\System\GnzNWnp.exe
  2⤵
  PID:8548
- C:\Windows\System\ccNLNSS.exe
  C:\Windows\System\ccNLNSS.exe
  2⤵
  PID:8740
- C:\Windows\System\zxHInSN.exe
  C:\Windows\System\zxHInSN.exe
  2⤵
  PID:8788
- C:\Windows\System\BVVMaqA.exe
  C:\Windows\System\BVVMaqA.exe
  2⤵
  PID:9040
- C:\Windows\System\GfhZVxt.exe
  C:\Windows\System\GfhZVxt.exe
  2⤵
  PID:3232
- C:\Windows\System\PEZZmck.exe
  C:\Windows\System\PEZZmck.exe
  2⤵
  PID:2012
- C:\Windows\System\bLiepGn.exe
  C:\Windows\System\bLiepGn.exe
  2⤵
  PID:8476
- C:\Windows\System\BPIWxGH.exe
  C:\Windows\System\BPIWxGH.exe
  2⤵
  PID:1272
- C:\Windows\System\jbsLKlU.exe
  C:\Windows\System\jbsLKlU.exe
  2⤵
  PID:5040
- C:\Windows\System\dvEJdRc.exe
  C:\Windows\System\dvEJdRc.exe
  2⤵
  PID:8796
- C:\Windows\System\tLzJbfk.exe
  C:\Windows\System\tLzJbfk.exe
  2⤵
  PID:9196
- C:\Windows\System\uQTdpuN.exe
  C:\Windows\System\uQTdpuN.exe
  2⤵
  PID:9236
- C:\Windows\System\YUdhCVx.exe
  C:\Windows\System\YUdhCVx.exe
  2⤵
  PID:9264
- C:\Windows\System\JYdLYdm.exe
  C:\Windows\System\JYdLYdm.exe
  2⤵
  PID:9292
- C:\Windows\System\pFlpSot.exe
  C:\Windows\System\pFlpSot.exe
  2⤵
  PID:9328
- C:\Windows\System\uWHRLMU.exe
  C:\Windows\System\uWHRLMU.exe
  2⤵
  PID:9356
- C:\Windows\System\RQGxsss.exe
  C:\Windows\System\RQGxsss.exe
  2⤵
  PID:9380
- C:\Windows\System\HwFaqju.exe
  C:\Windows\System\HwFaqju.exe
  2⤵
  PID:9400
- C:\Windows\System\zHOMcHg.exe
  C:\Windows\System\zHOMcHg.exe
  2⤵
  PID:9428
- C:\Windows\System\sopEuaN.exe
  C:\Windows\System\sopEuaN.exe
  2⤵
  PID:9444
- C:\Windows\System\QiEprTk.exe
  C:\Windows\System\QiEprTk.exe
  2⤵
  PID:9484
- C:\Windows\System\Pxdqdyv.exe
  C:\Windows\System\Pxdqdyv.exe
  2⤵
  PID:9532
- C:\Windows\System\GTpcNUP.exe
  C:\Windows\System\GTpcNUP.exe
  2⤵
  PID:9548
- C:\Windows\System\dHIXXgd.exe
  C:\Windows\System\dHIXXgd.exe
  2⤵
  PID:9588
- C:\Windows\System\UrOUaNa.exe
  C:\Windows\System\UrOUaNa.exe
  2⤵
  PID:9604
- C:\Windows\System\fHCOVOf.exe
  C:\Windows\System\fHCOVOf.exe
  2⤵
  PID:9644
- C:\Windows\System\PRVjosU.exe
  C:\Windows\System\PRVjosU.exe
  2⤵
  PID:9672
- C:\Windows\System\IPDriqB.exe
  C:\Windows\System\IPDriqB.exe
  2⤵
  PID:9708
- C:\Windows\System\mfyLeJm.exe
  C:\Windows\System\mfyLeJm.exe
  2⤵
  PID:9736
- C:\Windows\System\FyBcnSP.exe
  C:\Windows\System\FyBcnSP.exe
  2⤵
  PID:9764
- C:\Windows\System\sMWBMAv.exe
  C:\Windows\System\sMWBMAv.exe
  2⤵
  PID:9784
- C:\Windows\System\mvLqXKT.exe
  C:\Windows\System\mvLqXKT.exe
  2⤵
  PID:9808
- C:\Windows\System\iSkhPCI.exe
  C:\Windows\System\iSkhPCI.exe
  2⤵
  PID:9872
- C:\Windows\System\TAdWxfh.exe
  C:\Windows\System\TAdWxfh.exe
  2⤵
  PID:9900
- C:\Windows\System\DGKopXx.exe
  C:\Windows\System\DGKopXx.exe
  2⤵
  PID:9916
- C:\Windows\System\SiGakfK.exe
  C:\Windows\System\SiGakfK.exe
  2⤵
  PID:9956
- C:\Windows\System\fSreMoF.exe
  C:\Windows\System\fSreMoF.exe
  2⤵
  PID:10004
- C:\Windows\System\MhhRBgu.exe
  C:\Windows\System\MhhRBgu.exe
  2⤵
  PID:10036
- C:\Windows\System\LJfOYKg.exe
  C:\Windows\System\LJfOYKg.exe
  2⤵
  PID:10080
- C:\Windows\System\HlGwtYW.exe
  C:\Windows\System\HlGwtYW.exe
  2⤵
  PID:10104
- C:\Windows\System\elwObpU.exe
  C:\Windows\System\elwObpU.exe
  2⤵
  PID:10148
- C:\Windows\System\rdoPQQS.exe
  C:\Windows\System\rdoPQQS.exe
  2⤵
  PID:10164
- C:\Windows\System\gLiVshk.exe
  C:\Windows\System\gLiVshk.exe
  2⤵
  PID:10200
- C:\Windows\System\umjzHev.exe
  C:\Windows\System\umjzHev.exe
  2⤵
  PID:10232
- C:\Windows\System\weAsTky.exe
  C:\Windows\System\weAsTky.exe
  2⤵
  PID:9348
- C:\Windows\System\gPExiLB.exe
  C:\Windows\System\gPExiLB.exe
  2⤵
  PID:9372
- C:\Windows\System\CFgadAx.exe
  C:\Windows\System\CFgadAx.exe
  2⤵
  PID:2776
- C:\Windows\System\zibJwjT.exe
  C:\Windows\System\zibJwjT.exe
  2⤵
  PID:9528
- C:\Windows\System\ULlTDxn.exe
  C:\Windows\System\ULlTDxn.exe
  2⤵
  PID:9640
- C:\Windows\System\QwgAXml.exe
  C:\Windows\System\QwgAXml.exe
  2⤵
  PID:9688
- C:\Windows\System\sckzWHV.exe
  C:\Windows\System\sckzWHV.exe
  2⤵
  PID:9760
- C:\Windows\System\jQWhDHE.exe
  C:\Windows\System\jQWhDHE.exe
  2⤵
  PID:9860
- C:\Windows\System\XnBxnhA.exe
  C:\Windows\System\XnBxnhA.exe
  2⤵
  PID:1556
- C:\Windows\System\HlMkWnJ.exe
  C:\Windows\System\HlMkWnJ.exe
  2⤵
  PID:9936
- C:\Windows\System\dVmQNOx.exe
  C:\Windows\System\dVmQNOx.exe
  2⤵
  PID:9976
- C:\Windows\System\LNRPyMp.exe
  C:\Windows\System\LNRPyMp.exe
  2⤵
  PID:10064
- C:\Windows\System\NBTrhUV.exe
  C:\Windows\System\NBTrhUV.exe
  2⤵
  PID:10156
- C:\Windows\System\eSnhAQd.exe
  C:\Windows\System\eSnhAQd.exe
  2⤵
  PID:10216
- C:\Windows\System\QeWKHtG.exe
  C:\Windows\System\QeWKHtG.exe
  2⤵
  PID:9416
- C:\Windows\System\mRCwkzC.exe
  C:\Windows\System\mRCwkzC.exe
  2⤵
  PID:9624
- C:\Windows\System\pCiEhDN.exe
  C:\Windows\System\pCiEhDN.exe
  2⤵
  PID:9772
- C:\Windows\System\UlLANeP.exe
  C:\Windows\System\UlLANeP.exe
  2⤵
  PID:4424
- C:\Windows\System\pLJUxMc.exe
  C:\Windows\System\pLJUxMc.exe
  2⤵
  PID:10044
- C:\Windows\System\vmCPkuA.exe
  C:\Windows\System\vmCPkuA.exe
  2⤵
  PID:10128
- C:\Windows\System\gnVbjLd.exe
  C:\Windows\System\gnVbjLd.exe
  2⤵
  PID:9796
- C:\Windows\System\gmOvSKz.exe
  C:\Windows\System\gmOvSKz.exe
  2⤵
  PID:9912
- C:\Windows\System\ZBMMzij.exe
  C:\Windows\System\ZBMMzij.exe
  2⤵
  PID:9984
- C:\Windows\System\thkknKE.exe
  C:\Windows\System\thkknKE.exe
  2⤵
  PID:10260
- C:\Windows\System\rIDDflh.exe
  C:\Windows\System\rIDDflh.exe
  2⤵
  PID:10288
- C:\Windows\System\OjZQPie.exe
  C:\Windows\System\OjZQPie.exe
  2⤵
  PID:10304
- C:\Windows\System\WEsjros.exe
  C:\Windows\System\WEsjros.exe
  2⤵
  PID:10324
- C:\Windows\System\tskJBfD.exe
  C:\Windows\System\tskJBfD.exe
  2⤵
  PID:10360
- C:\Windows\System\UvSfluy.exe
  C:\Windows\System\UvSfluy.exe
  2⤵
  PID:10400
- C:\Windows\System\bIeKPtO.exe
  C:\Windows\System\bIeKPtO.exe
  2⤵
  PID:10428
- C:\Windows\System\wddIySZ.exe
  C:\Windows\System\wddIySZ.exe
  2⤵
  PID:10444
- C:\Windows\System\aghdylJ.exe
  C:\Windows\System\aghdylJ.exe
  2⤵
  PID:10484
- C:\Windows\System\yVrpJYK.exe
  C:\Windows\System\yVrpJYK.exe
  2⤵
  PID:10512
- C:\Windows\System\TPhtePB.exe
  C:\Windows\System\TPhtePB.exe
  2⤵
  PID:10540
- C:\Windows\System\irUWVqp.exe
  C:\Windows\System\irUWVqp.exe
  2⤵
  PID:10576
- C:\Windows\System\ScTdmBG.exe
  C:\Windows\System\ScTdmBG.exe
  2⤵
  PID:10592
- C:\Windows\System\mShBPel.exe
  C:\Windows\System\mShBPel.exe
  2⤵
  PID:10632
- C:\Windows\System\gjdXXMk.exe
  C:\Windows\System\gjdXXMk.exe
  2⤵
  PID:10648
- C:\Windows\System\PNPQwmZ.exe
  C:\Windows\System\PNPQwmZ.exe
  2⤵
  PID:10680
- C:\Windows\System\YIuFPNS.exe
  C:\Windows\System\YIuFPNS.exe
  2⤵
  PID:10716
- C:\Windows\System\bZeqqBe.exe
  C:\Windows\System\bZeqqBe.exe
  2⤵
  PID:10736
- C:\Windows\System\eEgLktm.exe
  C:\Windows\System\eEgLktm.exe
  2⤵
  PID:10772
- C:\Windows\System\hqZkYFE.exe
  C:\Windows\System\hqZkYFE.exe
  2⤵
  PID:10796
- C:\Windows\System\LrYdvUk.exe
  C:\Windows\System\LrYdvUk.exe
  2⤵
  PID:10816
- C:\Windows\System\siVWHSH.exe
  C:\Windows\System\siVWHSH.exe
  2⤵
  PID:10872
- C:\Windows\System\xHabpev.exe
  C:\Windows\System\xHabpev.exe
  2⤵
  PID:10908
- C:\Windows\System\prFStYh.exe
  C:\Windows\System\prFStYh.exe
  2⤵
  PID:10936
- C:\Windows\System\yLRoLhP.exe
  C:\Windows\System\yLRoLhP.exe
  2⤵
  PID:10964
- C:\Windows\System\REkRwMJ.exe
  C:\Windows\System\REkRwMJ.exe
  2⤵
  PID:10992
- C:\Windows\System\tqGfPQV.exe
  C:\Windows\System\tqGfPQV.exe
  2⤵
  PID:11020
- C:\Windows\System\GxcihlY.exe
  C:\Windows\System\GxcihlY.exe
  2⤵
  PID:11048
- C:\Windows\System\EJkbkLZ.exe
  C:\Windows\System\EJkbkLZ.exe
  2⤵
  PID:11076
- C:\Windows\System\GSQsTbI.exe
  C:\Windows\System\GSQsTbI.exe
  2⤵
  PID:11104
- C:\Windows\System\XtfCfir.exe
  C:\Windows\System\XtfCfir.exe
  2⤵
  PID:11132
- C:\Windows\System\bFpOLeD.exe
  C:\Windows\System\bFpOLeD.exe
  2⤵
  PID:11152
- C:\Windows\System\ZGMZFkW.exe
  C:\Windows\System\ZGMZFkW.exe
  2⤵
  PID:11188
- C:\Windows\System\KzkPhlh.exe
  C:\Windows\System\KzkPhlh.exe
  2⤵
  PID:11216
- C:\Windows\System\ySQqNSc.exe
  C:\Windows\System\ySQqNSc.exe
  2⤵
  PID:11248
- C:\Windows\System\HYyHjEj.exe
  C:\Windows\System\HYyHjEj.exe
  2⤵
  PID:10280
- C:\Windows\System\AaQIYdx.exe
  C:\Windows\System\AaQIYdx.exe
  2⤵
  PID:10316
- C:\Windows\System\yCWWDYf.exe
  C:\Windows\System\yCWWDYf.exe
  2⤵
  PID:10380
- C:\Windows\System\bmkeBSp.exe
  C:\Windows\System\bmkeBSp.exe
  2⤵
  PID:10472
- C:\Windows\System\qmpjwfC.exe
  C:\Windows\System\qmpjwfC.exe
  2⤵
  PID:10536
- C:\Windows\System\XBmzhnJ.exe
  C:\Windows\System\XBmzhnJ.exe
  2⤵
  PID:10588
- C:\Windows\System\KxvFnCl.exe
  C:\Windows\System\KxvFnCl.exe
  2⤵
  PID:10668
- C:\Windows\System\SkIbhTl.exe
  C:\Windows\System\SkIbhTl.exe
  2⤵
  PID:10700
- C:\Windows\System\WjWtHLN.exe
  C:\Windows\System\WjWtHLN.exe
  2⤵
  PID:4208
- C:\Windows\System\uNwxgZf.exe
  C:\Windows\System\uNwxgZf.exe
  2⤵
  PID:10844
- C:\Windows\System\XEvEgCX.exe
  C:\Windows\System\XEvEgCX.exe
  2⤵
  PID:10928
- C:\Windows\System\dglSZFp.exe
  C:\Windows\System\dglSZFp.exe
  2⤵
  PID:10976
- C:\Windows\System\tuHJEmp.exe
  C:\Windows\System\tuHJEmp.exe
  2⤵
  PID:11040
- C:\Windows\System\ngyNzEJ.exe
  C:\Windows\System\ngyNzEJ.exe
  2⤵
  PID:11116
- C:\Windows\System\ICGkplX.exe
  C:\Windows\System\ICGkplX.exe
  2⤵
  PID:11184
- C:\Windows\System\MHpfszv.exe
  C:\Windows\System\MHpfszv.exe
  2⤵
  PID:11256
- C:\Windows\System\wiWdiLE.exe
  C:\Windows\System\wiWdiLE.exe
  2⤵
  PID:10376
- C:\Windows\System\mQfjxQa.exe
  C:\Windows\System\mQfjxQa.exe
  2⤵
  PID:10532
- C:\Windows\System\kCmgiYk.exe
  C:\Windows\System\kCmgiYk.exe
  2⤵
  PID:4176
- C:\Windows\System\vimNEKN.exe
  C:\Windows\System\vimNEKN.exe
  2⤵
  PID:10704
- C:\Windows\System\hNGRNPI.exe
  C:\Windows\System\hNGRNPI.exe
  2⤵
  PID:10792
- C:\Windows\System\ssEmWNf.exe
  C:\Windows\System\ssEmWNf.exe
  2⤵
  PID:10960
- C:\Windows\System\xxEPeRe.exe
  C:\Windows\System\xxEPeRe.exe
  2⤵
  PID:11100
- C:\Windows\System\QhkmtiS.exe
  C:\Windows\System\QhkmtiS.exe
  2⤵
  PID:10476
- C:\Windows\System\VMygqnN.exe
  C:\Windows\System\VMygqnN.exe
  2⤵
  PID:1420
- C:\Windows\System\ppcAJla.exe
  C:\Windows\System\ppcAJla.exe
  2⤵
  PID:4340
- C:\Windows\System\lvrERck.exe
  C:\Windows\System\lvrERck.exe
  2⤵
  PID:10252
- C:\Windows\System\ZtFwywb.exe
  C:\Windows\System\ZtFwywb.exe
  2⤵
  PID:10900
- C:\Windows\System\OPVAvmU.exe
  C:\Windows\System\OPVAvmU.exe
  2⤵
  PID:11236
- C:\Windows\System\jOxiMpQ.exe
  C:\Windows\System\jOxiMpQ.exe
  2⤵
  PID:11284
- C:\Windows\System\FtaXJUV.exe
  C:\Windows\System\FtaXJUV.exe
  2⤵
  PID:11312
- C:\Windows\System\xwivGIn.exe
  C:\Windows\System\xwivGIn.exe
  2⤵
  PID:11340
- C:\Windows\System\SlMKTGh.exe
  C:\Windows\System\SlMKTGh.exe
  2⤵
  PID:11368
- C:\Windows\System\IMMnyhF.exe
  C:\Windows\System\IMMnyhF.exe
  2⤵
  PID:11396
- C:\Windows\System\QNEfKkN.exe
  C:\Windows\System\QNEfKkN.exe
  2⤵
  PID:11424
- C:\Windows\System\Fpykjod.exe
  C:\Windows\System\Fpykjod.exe
  2⤵
  PID:11452
- C:\Windows\System\WicrnLF.exe
  C:\Windows\System\WicrnLF.exe
  2⤵
  PID:11480
- C:\Windows\System\jdpeLqR.exe
  C:\Windows\System\jdpeLqR.exe
  2⤵
  PID:11508
- C:\Windows\System\xmnDjlP.exe
  C:\Windows\System\xmnDjlP.exe
  2⤵
  PID:11536
- C:\Windows\System\cORyOpN.exe
  C:\Windows\System\cORyOpN.exe
  2⤵
  PID:11564
- C:\Windows\System\VdGcnOx.exe
  C:\Windows\System\VdGcnOx.exe
  2⤵
  PID:11592
- C:\Windows\System\EJclmGC.exe
  C:\Windows\System\EJclmGC.exe
  2⤵
  PID:11620
- C:\Windows\System\PONLDXs.exe
  C:\Windows\System\PONLDXs.exe
  2⤵
  PID:11648
- C:\Windows\System\WKXtuLv.exe
  C:\Windows\System\WKXtuLv.exe
  2⤵
  PID:11676
- C:\Windows\System\OzLMNdQ.exe
  C:\Windows\System\OzLMNdQ.exe
  2⤵
  PID:11732
- C:\Windows\System\ycSfnwP.exe
  C:\Windows\System\ycSfnwP.exe
  2⤵
  PID:11764
- C:\Windows\System\zrecctJ.exe
  C:\Windows\System\zrecctJ.exe
  2⤵
  PID:11796
- C:\Windows\System\NuDoFgH.exe
  C:\Windows\System\NuDoFgH.exe
  2⤵
  PID:11836
- C:\Windows\System\YuuCytd.exe
  C:\Windows\System\YuuCytd.exe
  2⤵
  PID:11852
- C:\Windows\System\sicfFNB.exe
  C:\Windows\System\sicfFNB.exe
  2⤵
  PID:11880
- C:\Windows\System\rAIflMT.exe
  C:\Windows\System\rAIflMT.exe
  2⤵
  PID:11912
- C:\Windows\System\knIqVEr.exe
  C:\Windows\System\knIqVEr.exe
  2⤵
  PID:11940
- C:\Windows\System\OXBiXMs.exe
  C:\Windows\System\OXBiXMs.exe
  2⤵
  PID:11968
- C:\Windows\System\RdIGTjt.exe
  C:\Windows\System\RdIGTjt.exe
  2⤵
  PID:11996
- C:\Windows\System\habJmak.exe
  C:\Windows\System\habJmak.exe
  2⤵
  PID:12024
- C:\Windows\System\pgfpQvC.exe
  C:\Windows\System\pgfpQvC.exe
  2⤵
  PID:12056
- C:\Windows\System\dHcoeld.exe
  C:\Windows\System\dHcoeld.exe
  2⤵
  PID:12084
- C:\Windows\System\amakBUd.exe
  C:\Windows\System\amakBUd.exe
  2⤵
  PID:12112
- C:\Windows\System\oxkmnAB.exe
  C:\Windows\System\oxkmnAB.exe
  2⤵
  PID:12140
- C:\Windows\System\UyPcloW.exe
  C:\Windows\System\UyPcloW.exe
  2⤵
  PID:12168
- C:\Windows\System\SfwUvPK.exe
  C:\Windows\System\SfwUvPK.exe
  2⤵
  PID:12196
- C:\Windows\System\JvISqwW.exe
  C:\Windows\System\JvISqwW.exe
  2⤵
  PID:12224
- C:\Windows\System\ulyGyCI.exe
  C:\Windows\System\ulyGyCI.exe
  2⤵
  PID:12252
- C:\Windows\System\yKPjadL.exe
  C:\Windows\System\yKPjadL.exe
  2⤵
  PID:12280
- C:\Windows\System\owjfJlC.exe
  C:\Windows\System\owjfJlC.exe
  2⤵
  PID:11308
- C:\Windows\System\ZtmAcnj.exe
  C:\Windows\System\ZtmAcnj.exe
  2⤵
  PID:11388
- C:\Windows\System\OZgOngE.exe
  C:\Windows\System\OZgOngE.exe
  2⤵
  PID:11448
- C:\Windows\System\FovzSCc.exe
  C:\Windows\System\FovzSCc.exe
  2⤵
  PID:11520
- C:\Windows\System\sUzeaGO.exe
  C:\Windows\System\sUzeaGO.exe
  2⤵
  PID:11584
- C:\Windows\System\ZlnNnIf.exe
  C:\Windows\System\ZlnNnIf.exe
  2⤵
  PID:11644
- C:\Windows\System\qRgoTql.exe
  C:\Windows\System\qRgoTql.exe
  2⤵
  PID:11720
- C:\Windows\System\ywIwJMr.exe
  C:\Windows\System\ywIwJMr.exe
  2⤵
  PID:11808
- C:\Windows\System\bynutYd.exe
  C:\Windows\System\bynutYd.exe
  2⤵
  PID:11872
- C:\Windows\System\JwcNNZk.exe
  C:\Windows\System\JwcNNZk.exe
  2⤵
  PID:11936
- C:\Windows\System\ykxEzVN.exe
  C:\Windows\System\ykxEzVN.exe
  2⤵
  PID:4108
- C:\Windows\System\AqwRGAa.exe
  C:\Windows\System\AqwRGAa.exe
  2⤵
  PID:12068
- C:\Windows\System\evtboxX.exe
  C:\Windows\System\evtboxX.exe
  2⤵
  PID:12132
- C:\Windows\System\TMBbqIu.exe
  C:\Windows\System\TMBbqIu.exe
  2⤵
  PID:12192
- C:\Windows\System\zdqNejG.exe
  C:\Windows\System\zdqNejG.exe
  2⤵
  PID:12268
- C:\Windows\System\kEyOfuz.exe
  C:\Windows\System\kEyOfuz.exe
  2⤵
  PID:11364
- C:\Windows\System\EINYBeb.exe
  C:\Windows\System\EINYBeb.exe
  2⤵
  PID:11548
- C:\Windows\System\BepHdpW.exe
  C:\Windows\System\BepHdpW.exe
  2⤵
  PID:11700
- C:\Windows\System\zNtFYQA.exe
  C:\Windows\System\zNtFYQA.exe
  2⤵
  PID:11864
- C:\Windows\System\YnUmLFB.exe
  C:\Windows\System\YnUmLFB.exe
  2⤵
  PID:12020
- C:\Windows\System\uuhNPGs.exe
  C:\Windows\System\uuhNPGs.exe
  2⤵
  PID:12128
- C:\Windows\System\XnpdYqP.exe
  C:\Windows\System\XnpdYqP.exe
  2⤵
  PID:12248
- C:\Windows\System\uxdzVGk.exe
  C:\Windows\System\uxdzVGk.exe
  2⤵
  PID:11500
- C:\Windows\System\EFhgbjo.exe
  C:\Windows\System\EFhgbjo.exe
  2⤵
  PID:11844
- C:\Windows\System\zChhCgS.exe
  C:\Windows\System\zChhCgS.exe
  2⤵
  PID:12244
- C:\Windows\System\jPahngr.exe
  C:\Windows\System\jPahngr.exe
  2⤵
  PID:12296
- C:\Windows\System\lBxYYpU.exe
  C:\Windows\System\lBxYYpU.exe
  2⤵
  PID:12316
- C:\Windows\System\PwNLgpY.exe
  C:\Windows\System\PwNLgpY.exe
  2⤵
  PID:12336
- C:\Windows\System\voGndmq.exe
  C:\Windows\System\voGndmq.exe
  2⤵
  PID:12364
- C:\Windows\System\GLFSNWk.exe
  C:\Windows\System\GLFSNWk.exe
  2⤵
  PID:12396
- C:\Windows\System\HAsIJKg.exe
  C:\Windows\System\HAsIJKg.exe
  2⤵
  PID:12428
- C:\Windows\System\fPjyZzh.exe
  C:\Windows\System\fPjyZzh.exe
  2⤵
  PID:12444
- C:\Windows\System\AoGOjdm.exe
  C:\Windows\System\AoGOjdm.exe
  2⤵
  PID:12484
- C:\Windows\System\nvspwoO.exe
  C:\Windows\System\nvspwoO.exe
  2⤵
  PID:12512
- C:\Windows\System\niiHLqD.exe
  C:\Windows\System\niiHLqD.exe
  2⤵
  PID:12552
- C:\Windows\System\tfQcvBY.exe
  C:\Windows\System\tfQcvBY.exe
  2⤵
  PID:12568
- C:\Windows\System\vtfdhAy.exe
  C:\Windows\System\vtfdhAy.exe
  2⤵
  PID:12608
- C:\Windows\System\SDrRupa.exe
  C:\Windows\System\SDrRupa.exe
  2⤵
  PID:12636
- C:\Windows\System\hEFTnoJ.exe
  C:\Windows\System\hEFTnoJ.exe
  2⤵
  PID:12660
- C:\Windows\System\cfxbDQY.exe
  C:\Windows\System\cfxbDQY.exe
  2⤵
  PID:12692
- C:\Windows\System\FYlPpBx.exe
  C:\Windows\System\FYlPpBx.exe
  2⤵
  PID:12720
- C:\Windows\System\WVBkjfR.exe
  C:\Windows\System\WVBkjfR.exe
  2⤵
  PID:12748
- C:\Windows\System\DNBmUSt.exe
  C:\Windows\System\DNBmUSt.exe
  2⤵
  PID:12776
- C:\Windows\System\aZMKBwy.exe
  C:\Windows\System\aZMKBwy.exe
  2⤵
  PID:12804
- C:\Windows\System\VKAHklt.exe
  C:\Windows\System\VKAHklt.exe
  2⤵
  PID:12836
- C:\Windows\System\pkYvtss.exe
  C:\Windows\System\pkYvtss.exe
  2⤵
  PID:12864
- C:\Windows\System\gXkIZsE.exe
  C:\Windows\System\gXkIZsE.exe
  2⤵
  PID:12896
- C:\Windows\System\HiyFvNS.exe
  C:\Windows\System\HiyFvNS.exe
  2⤵
  PID:12924
- C:\Windows\System\ZGumDPO.exe
  C:\Windows\System\ZGumDPO.exe
  2⤵
  PID:12952
- C:\Windows\System\wfUlHqH.exe
  C:\Windows\System\wfUlHqH.exe
  2⤵
  PID:12980
- C:\Windows\System\FEHjXWc.exe
  C:\Windows\System\FEHjXWc.exe
  2⤵
  PID:13008
- C:\Windows\System\oUJKIZv.exe
  C:\Windows\System\oUJKIZv.exe
  2⤵
  PID:13036
- C:\Windows\System\VCchGJJ.exe
  C:\Windows\System\VCchGJJ.exe
  2⤵
  PID:13064
- C:\Windows\System\xfCGWvg.exe
  C:\Windows\System\xfCGWvg.exe
  2⤵
  PID:13092
- C:\Windows\System\XUlSqaw.exe
  C:\Windows\System\XUlSqaw.exe
  2⤵
  PID:13120
- C:\Windows\System\YMUjaKA.exe
  C:\Windows\System\YMUjaKA.exe
  2⤵
  PID:13148
- C:\Windows\System\hVKgCUW.exe
  C:\Windows\System\hVKgCUW.exe
  2⤵
  PID:13176
- C:\Windows\System\DhEcwKa.exe
  C:\Windows\System\DhEcwKa.exe
  2⤵
  PID:13204
- C:\Windows\System\ejstdlt.exe
  C:\Windows\System\ejstdlt.exe
  2⤵
  PID:13232
- C:\Windows\System\TEJkRkF.exe
  C:\Windows\System\TEJkRkF.exe
  2⤵
  PID:13260
- C:\Windows\System\kTjhrsU.exe
  C:\Windows\System\kTjhrsU.exe
  2⤵
  PID:13288
- C:\Windows\System\mFHdVuO.exe
  C:\Windows\System\mFHdVuO.exe
  2⤵
  PID:11672
- C:\Windows\System\EErOykw.exe
  C:\Windows\System\EErOykw.exe
  2⤵
  PID:12344
- C:\Windows\System\tVWcEAg.exe
  C:\Windows\System\tVWcEAg.exe
  2⤵
  PID:12392
- C:\Windows\System\OEKEeoN.exe
  C:\Windows\System\OEKEeoN.exe
  2⤵
  PID:12460
- C:\Windows\System\hXUwdie.exe
  C:\Windows\System\hXUwdie.exe
  2⤵
  PID:12536
- C:\Windows\System\pbOGZFL.exe
  C:\Windows\System\pbOGZFL.exe
  2⤵
  PID:12592
- C:\Windows\System\vGkmBdL.exe
  C:\Windows\System\vGkmBdL.exe
  2⤵
  PID:12668
- C:\Windows\System\xVmYEVR.exe
  C:\Windows\System\xVmYEVR.exe
  2⤵
  PID:12732
- C:\Windows\System\IRypQDp.exe
  C:\Windows\System\IRypQDp.exe
  2⤵
  PID:12796
- C:\Windows\System\iJHdJRA.exe
  C:\Windows\System\iJHdJRA.exe
  2⤵
  PID:12860
- C:\Windows\System\yDFJvVi.exe
  C:\Windows\System\yDFJvVi.exe
  2⤵
  PID:12936
- C:\Windows\System\qhBMuch.exe
  C:\Windows\System\qhBMuch.exe
  2⤵
  PID:13000
- C:\Windows\System\WNBcbBY.exe
  C:\Windows\System\WNBcbBY.exe
  2⤵
  PID:13060
- C:\Windows\System\LyrcrDh.exe
  C:\Windows\System\LyrcrDh.exe
  2⤵
  PID:13104
- C:\Windows\System\kUWiOlD.exe
  C:\Windows\System\kUWiOlD.exe
  2⤵
  PID:13172
- C:\Windows\System\amZUpBz.exe
  C:\Windows\System\amZUpBz.exe
  2⤵
  PID:13256
- C:\Windows\System\hhKOJuw.exe
  C:\Windows\System\hhKOJuw.exe
  2⤵
  PID:12328
- C:\Windows\System\ORPIrrl.exe
  C:\Windows\System\ORPIrrl.exe
  2⤵
  PID:12508
- C:\Windows\System\ADfEcHI.exe
  C:\Windows\System\ADfEcHI.exe
  2⤵
  PID:12564
- C:\Windows\System\mDJJcsm.exe
  C:\Windows\System\mDJJcsm.exe
  2⤵
  PID:12792
- C:\Windows\System\fTjbHzk.exe
  C:\Windows\System\fTjbHzk.exe
  2⤵
  PID:12972
- C:\Windows\System\ZeRNvEb.exe
  C:\Windows\System\ZeRNvEb.exe
  2⤵
  PID:13084
- C:\Windows\System\fsnOiwN.exe
  C:\Windows\System\fsnOiwN.exe
  2⤵
  PID:13200
- C:\Windows\System\tzVrzdT.exe
  C:\Windows\System\tzVrzdT.exe
  2⤵
  PID:2040
- C:\Windows\System\EPUGESf.exe
  C:\Windows\System\EPUGESf.exe
  2⤵
  PID:4744
- C:\Windows\System\oaENLGZ.exe
  C:\Windows\System\oaENLGZ.exe
  2⤵
  PID:12916
- C:\Windows\System\WfTepEr.exe
  C:\Windows\System\WfTepEr.exe
  2⤵
  PID:13028
- C:\Windows\System\hwKEWAn.exe
  C:\Windows\System\hwKEWAn.exe
  2⤵
  PID:13052
- C:\Windows\System\vALJGtC.exe
  C:\Windows\System\vALJGtC.exe
  2⤵
  PID:13348
- C:\Windows\System\MGLcAvP.exe
  C:\Windows\System\MGLcAvP.exe
  2⤵
  PID:13380
- C:\Windows\System\iZgAqNd.exe
  C:\Windows\System\iZgAqNd.exe
  2⤵
  PID:13416
- C:\Windows\System\egfyovb.exe
  C:\Windows\System\egfyovb.exe
  2⤵
  PID:13444
- C:\Windows\System\GdifwVw.exe
  C:\Windows\System\GdifwVw.exe
  2⤵
  PID:13508
- C:\Windows\System\zeszoCw.exe
  C:\Windows\System\zeszoCw.exe
  2⤵
  PID:13552
- C:\Windows\System\gNcsCvt.exe
  C:\Windows\System\gNcsCvt.exe
  2⤵
  PID:13572
- C:\Windows\System\HmGsuAg.exe
  C:\Windows\System\HmGsuAg.exe
  2⤵
  PID:13608
- C:\Windows\System\EEAekzU.exe
  C:\Windows\System\EEAekzU.exe
  2⤵
  PID:13652
- C:\Windows\System\axsOKtE.exe
  C:\Windows\System\axsOKtE.exe
  2⤵
  PID:13684
- C:\Windows\System\OlIJDNv.exe
  C:\Windows\System\OlIJDNv.exe
  2⤵
  PID:13712
- C:\Windows\System\oDCvMBS.exe
  C:\Windows\System\oDCvMBS.exe
  2⤵
  PID:13740
- C:\Windows\System\uNEFgsO.exe
  C:\Windows\System\uNEFgsO.exe
  2⤵
  PID:13760
- C:\Windows\System\GrOlwjT.exe
  C:\Windows\System\GrOlwjT.exe
  2⤵
  PID:13788
- C:\Windows\System\ArSwZrl.exe
  C:\Windows\System\ArSwZrl.exe
  2⤵
  PID:13832
- C:\Windows\System\CoDRhyd.exe
  C:\Windows\System\CoDRhyd.exe
  2⤵
  PID:13856
- C:\Windows\System\AvpvSut.exe
  C:\Windows\System\AvpvSut.exe
  2⤵
  PID:13888
- C:\Windows\System\mKesHlo.exe
  C:\Windows\System\mKesHlo.exe
  2⤵
  PID:13924
- C:\Windows\System\KqmLfNh.exe
  C:\Windows\System\KqmLfNh.exe
  2⤵
  PID:13952
- C:\Windows\System\yBqSbds.exe
  C:\Windows\System\yBqSbds.exe
  2⤵
  PID:13972
- C:\Windows\System\pxIFPsF.exe
  C:\Windows\System\pxIFPsF.exe
  2⤵
  PID:14008
- C:\Windows\System\mrBxBSD.exe
  C:\Windows\System\mrBxBSD.exe
  2⤵
  PID:14036
- C:\Windows\System\LBJRiZr.exe
  C:\Windows\System\LBJRiZr.exe
  2⤵
  PID:14064
- C:\Windows\System\jHXoQco.exe
  C:\Windows\System\jHXoQco.exe
  2⤵
  PID:14092
- C:\Windows\System\YnEeDQF.exe
  C:\Windows\System\YnEeDQF.exe
  2⤵
  PID:14120
- C:\Windows\System\KLvvHNY.exe
  C:\Windows\System\KLvvHNY.exe
  2⤵
  PID:14148
- C:\Windows\System\KirMlVj.exe
  C:\Windows\System\KirMlVj.exe
  2⤵
  PID:14176
- C:\Windows\System\UUIwifc.exe
  C:\Windows\System\UUIwifc.exe
  2⤵
  PID:14204
- C:\Windows\System\uxeEYCG.exe
  C:\Windows\System\uxeEYCG.exe
  2⤵
  PID:14232
- C:\Windows\System\lXhNeFw.exe
  C:\Windows\System\lXhNeFw.exe
  2⤵
  PID:14260
- C:\Windows\System\akJIFJN.exe
  C:\Windows\System\akJIFJN.exe
  2⤵
  PID:14288
- C:\Windows\System\fYWCVhP.exe
  C:\Windows\System\fYWCVhP.exe
  2⤵
  PID:14316
- C:\Windows\System\rDFAXsD.exe
  C:\Windows\System\rDFAXsD.exe
  2⤵
  PID:13340
- C:\Windows\System\jnJvHMG.exe
  C:\Windows\System\jnJvHMG.exe
  2⤵
  PID:13408
- C:\Windows\System\vaFJRvU.exe
  C:\Windows\System\vaFJRvU.exe
  2⤵
  PID:13544
- C:\Windows\System\BGeqVZs.exe
  C:\Windows\System\BGeqVZs.exe
  2⤵
  PID:13600
- C:\Windows\System\IYrRQrv.exe
  C:\Windows\System\IYrRQrv.exe
  2⤵
  PID:13676
- C:\Windows\System\qzKgZmM.exe
  C:\Windows\System\qzKgZmM.exe
  2⤵
  PID:13748
- C:\Windows\System\QHhMPgE.exe
  C:\Windows\System\QHhMPgE.exe
  2⤵
  PID:13816
- C:\Windows\System\JGHLWFt.exe
  C:\Windows\System\JGHLWFt.exe
  2⤵
  PID:13896
- C:\Windows\System\InSTHho.exe
  C:\Windows\System\InSTHho.exe
  2⤵
  PID:13960
- C:\Windows\System\ncFZVWx.exe
  C:\Windows\System\ncFZVWx.exe
  2⤵
  PID:14020
- C:\Windows\System\rpLKQDu.exe
  C:\Windows\System\rpLKQDu.exe
  2⤵
  PID:14076
- C:\Windows\System\gMJFUtm.exe
  C:\Windows\System\gMJFUtm.exe
  2⤵
  PID:14172
- C:\Windows\System\IFMakgs.exe
  C:\Windows\System\IFMakgs.exe
  2⤵
  PID:14220
- C:\Windows\System\UyVPfmg.exe
  C:\Windows\System\UyVPfmg.exe
  2⤵
  PID:13440
- C:\Windows\System\JwJRFTx.exe
  C:\Windows\System\JwJRFTx.exe
  2⤵
  PID:13668
- C:\Windows\System\xhCRqzF.exe
  C:\Windows\System\xhCRqzF.exe
  2⤵
  PID:13720
- C:\Windows\System\PYSjFxd.exe
  C:\Windows\System\PYSjFxd.exe
  2⤵
  PID:13936
- C:\Windows\System\IHxQQLX.exe
  C:\Windows\System\IHxQQLX.exe
  2⤵
  PID:14140
- C:\Windows\System\hvRJWoA.exe
  C:\Windows\System\hvRJWoA.exe
  2⤵
  PID:14300
- C:\Windows\System\VscVHqZ.exe
  C:\Windows\System\VscVHqZ.exe
  2⤵
  PID:13812
- C:\Windows\System\HOdGKed.exe
  C:\Windows\System\HOdGKed.exe
  2⤵
  PID:14056
- C:\Windows\System\HdaMvuE.exe
  C:\Windows\System\HdaMvuE.exe
  2⤵
  PID:14088
- C:\Windows\System\uxAqRQR.exe
  C:\Windows\System\uxAqRQR.exe
  2⤵
  PID:13728
- C:\Windows\System\oWEzqkK.exe
  C:\Windows\System\oWEzqkK.exe
  2⤵
  PID:14356
- C:\Windows\System\jCNqpKs.exe
  C:\Windows\System\jCNqpKs.exe
  2⤵
  PID:14384
- C:\Windows\System\VXoNYln.exe
  C:\Windows\System\VXoNYln.exe
  2⤵
  PID:14412
- C:\Windows\System\TqxWjRJ.exe
  C:\Windows\System\TqxWjRJ.exe
  2⤵
  PID:14440
- C:\Windows\System\YyNGAuT.exe
  C:\Windows\System\YyNGAuT.exe
  2⤵
  PID:14468
- C:\Windows\System\RIlBgsA.exe
  C:\Windows\System\RIlBgsA.exe
  2⤵
  PID:14496
- C:\Windows\System\nDlpIsL.exe
  C:\Windows\System\nDlpIsL.exe
  2⤵
  PID:14524
- C:\Windows\System\AwELtqp.exe
  C:\Windows\System\AwELtqp.exe
  2⤵
  PID:14552
- C:\Windows\System\tHRlRmd.exe
  C:\Windows\System\tHRlRmd.exe
  2⤵
  PID:14580
- C:\Windows\System\ePxhPxv.exe
  C:\Windows\System\ePxhPxv.exe
  2⤵
  PID:14608

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BVAqniH.exe

Filesize
2.9MB

MD5
753979ae58b15c20159a96dd372b47ad

SHA1
3e5df7758479aff1ab59a489445b1201dfcc7b99

SHA256
944a7a29b4fedb52ba7b48dc66760e14b36b54da862106d4d896ecfec1320171

SHA512
c52abf89c959fab3335042dc866e8915008fe814e30967f63008e4eec85bf8e7e5e283af6f49dadbbaf9de4caee77b967bb8f5510610d016cf8e3f5b270113c5

Download Submit
C:\Windows\System\DMhghEs.exe

Filesize
2.9MB

MD5
80e79e5af8e098941b0e87d4eb52a083

SHA1
8011f90d7241d37a9fd9913f322ddc1f42581159

SHA256
e19eff3ad18f5ebda65845e315305fd83a871ae2e38350b64ecb3e67fa473581

SHA512
932d5a3253c65e498eeefb2f27d0c327a5bd98a4c2f2933299f1e408f617b12eb15f7e3ecfb1eaa0b1f6c59ecec99c8696bcc3c1856ffb3cbaea1dbee759e190

Download Submit
C:\Windows\System\EvLKFOE.exe

Filesize
2.9MB

MD5
65fae3e62a11ce711aeea28be4b1304d

SHA1
eb35800f83accb88a45689b85a98c12342dc9156

SHA256
48f6a587016d25ceefa27d3c0ffd505bd871e45fd1bca05ea28c0db6e05df2a8

SHA512
5c2f6ca980b757beda907266714df0160f093bba3441a1eb831226c8a544247df11e919a3d61a86f195fb353fe0fd2ed73717b244f5959c54fba7541253faa0f

Download Submit
C:\Windows\System\GdgZpAk.exe

Filesize
2.9MB

MD5
1dde15371e2de280dd03d3a3d2f6d31f

SHA1
1b157a898881df118cac3a88368ea302c4b003da

SHA256
5a58138aafec52a4f31993f6c2758638b673c938095de94f1aaadc31bdbe25fd

SHA512
dfa9bbc927ed337c7eb1a8935c53ecc8121ecf2e51b45b75cb3b00e35e1ce516e85ebd7db10dfde753519a5da8b714368f53fc0b6354a5b5275a0da6ed804801

Download Submit
C:\Windows\System\KikHegQ.exe

Filesize
2.9MB

MD5
7d53f4c5e0e2fd3f9ea50572ee65f1a5

SHA1
757aba9d60f5e056d9ea9447bfb39c8e158b4d96

SHA256
86034716194eb8dcd8e2245b32065b46cd488ac01396895c03c21470b6f7b105

SHA512
1cc82226ec04ca7ebd3a95e1ff2ab8d136d0f6154309a630000a461689d7578b12a00347cd1e119f36c8217b2425ffbf39ce8c5a66baf1d6b4dfa552bbe9b596

Download Submit
C:\Windows\System\LQHmZkd.exe

Filesize
2.9MB

MD5
e5de23e32182a03f56e24cd68fe32302

SHA1
387fe8b6b422229d9228e89ae576821940bf91e5

SHA256
89d51cfa758e36f471342590bb61d0bebd07d7d154c3686c4ac869c46a671cd9

SHA512
cd02c331f1200ccdc8bf1dfbe38658d48d3a1fa74914b013c47aa3ff7787f628da8170461a348a0fbaa726cf010f950372c7f429322e5f9bc7cb5eea132cb93a

Download Submit
C:\Windows\System\LVXEqxI.exe

Filesize
2.9MB

MD5
5ec7106a28d32742259bc741fa856881

SHA1
e6b26f13a7969475be44c1479507456cf590bfb5

SHA256
f79ea24b14f301e62187224b0d0b05fadc45411d354fcedbbef6349212cb26a3

SHA512
c14081a0a37ed4269231421d011ca9c3d23cbcfbd3fa4b855aac4427a006dc582f6584c273d794649c1c86d421c16a4f2e254809e2e0c705298e3d3f7d02f2ee

Download Submit
C:\Windows\System\MARoOPu.exe

Filesize
2.9MB

MD5
af1d0aaa1c2776917d58a382b94629fd

SHA1
d4966532f513b5b84430bc89222fd2a3c09623f1

SHA256
a65c8da0e0257829555524a44e0dc86d26e8f8a268ea7e98b2ac6777e367dfdd

SHA512
10a129ffae7a1e6b143da934666eec25c738ceabf39283eaa714b0c43f8e8e85eab0ca4c2900153b59e1003d139a618d22094cccefc0fedc19e53bc3f924346f

Download Submit
C:\Windows\System\MBKBHaj.exe

Filesize
2.9MB

MD5
1254f199a1154dfeecee937ba735a6e6

SHA1
9c910dc0e0d4ff7b5fe55a9cd77d225cea6c78f5

SHA256
399bb1c563ee3ffc4ac1e8596856bf7866984ea9cd7a19f73e46797cdf611db4

SHA512
e18ea335e9ac73c53967552497abcf26c383556030f9d8afcb5e322f1bda25502af5d2e80e17414a52a25f12709a53e07fb42c2c12b02e245462c0cf07b9a7cc

Download Submit
C:\Windows\System\MppaQlz.exe

Filesize
2.9MB

MD5
993c3fc6a0c0dfa8f5e5544ea05c316e

SHA1
293f0f7df41adba14b0101e2a4366305a7441c32

SHA256
a0b5b5bc076bbe6d23937195358378f9ca1868b00a3edd615b026a9a99c7bff1

SHA512
32883d6e761d7b785d46153b5f9129a1723fd9c2d1e7030c2fd1da66820e0e128873617bc3640001efa5efdf47cc0654522587c7395437a3559e4fe4281ddcfc

Download Submit
C:\Windows\System\MsJdqpY.exe

Filesize
2.9MB

MD5
2010fca94dc4c435d37b90c8c18a6dd2

SHA1
9fd4bb2e8e60ee8f6157501d348007a0c344b33c

SHA256
50876c189da4038236053d55289558a6cee63bb0950267ec90bc8cbcfdbf41ce

SHA512
5cbae6ca29591db9d0245f1eb1ad7e4752c86c0ffbd51c754d29b7e91989e8dd5c904c65e472209f569573b408cda53f0b6147d8646e7c06cdf9eaf604a8010d

Download Submit
C:\Windows\System\NFHXPqb.exe

Filesize
2.9MB

MD5
1759562b64cb9060acbe70bc639b8975

SHA1
26f87c50331ec03a9c95bfc4afbe67bdcc2a4ead

SHA256
def3f9053e0490c847031ff2aacfbfc516a685475d5078cb8dd15f122e60499d

SHA512
e65fcc45c4925e2601e5c8da922d4c5aa65805d820caafa956164fb7e294e3d7a6f4a1be417955ed60056fbe8ea0c0acdb38fe8e4875d6936653ace9054b097d

Download Submit
C:\Windows\System\OBUBSRZ.exe

Filesize
2.9MB

MD5
46d55fddc39576523ba8b7ca870dacc3

SHA1
b51c3eae9d34399062a0ea707a6fc0cbb428e35b

SHA256
5c6552c3972fdb61083e74e7bda7c2a21b586829f557fcf58213f56d9e405eb8

SHA512
27ceee2a626255e60ebc62575658badde234537339f19590183a278d4bdda024c7ab8bb403e857ea55d7c570ecbc4793861e8474ed2bbf6c2ac81af3bdc766b5

Download Submit
C:\Windows\System\PYNNdrV.exe

Filesize
2.9MB

MD5
07ed9d103e35c36d1d80e8796f4e1cd6

SHA1
0356c87b2637eecb02cf378062d52f86d55c7629

SHA256
d7a2d0114705e76351d1c8f211e1c079460d77d2742a10410e4a55003c6c4175

SHA512
645a7a315bb54235641664378d8870589836ef2249689a08d3f7b54c89362337c3dc072b1fe03ee292c9be2d3b00456ff468cbe273374815eededf8f4b8a205d

Download Submit
C:\Windows\System\WtYnTrY.exe

Filesize
2.9MB

MD5
052722b622034161e73673feab26efde

SHA1
2b8042b860dc5dd352322c621e7da5ed6cc78128

SHA256
cd9014865e99a6417f4be4b15a48a7c2aa8f8f0b55129be53225e553d807e734

SHA512
7dc2b27f9994d3fabae60cc24e8bb7a1d9527fde65ac93b24f44ca5fda84bcabaaff949a56ccebe084e89207d44d38fffb383a401edf22d1edd12aebee20c98c

Download Submit
C:\Windows\System\afnlfEL.exe

Filesize
2.9MB

MD5
c2ee2303096fcd43fcf6f5b1eec43606

SHA1
2fda972978f433ea9f93d8f55e1dafef8ec39d53

SHA256
abdcfc2db89ee7558b0732957ea2fbc5b594a3fe8667e1be146cd78f0fe9c823

SHA512
7387385421ff9799a1f0fde8b764a863f9d7f87cbfa565af5d8bf05a5ee4266b896061c472d94eee10a3b00b025473cfc15d7a105b7c213514bcce5fd2a7e5f3

Download Submit
C:\Windows\System\bCYySXZ.exe

Filesize
2.9MB

MD5
e3e0f755eef5e7ab20e3309b39b50241

SHA1
229c0f68b9ce3075811548f94b4f9b83db66e02d

SHA256
b32c5dbb6a24e61b81325c40c76616da40a0d2290c21dfd3ca9e6e28bebcafd6

SHA512
77c1e29f591e5d1ec91f4c57e739224d0c8f972e1f3e5d944bd099a201754543069271853c3929e41bd7552dcebf0b659d8e2adbc1933c8b2f6dd5c9134943dd

Download Submit
C:\Windows\System\bFcCXMY.exe

Filesize
2.9MB

MD5
1bb7318ddab6068e26294cf7e1513afb

SHA1
6b234c13292be5368fa3aa85362635691d46e59a

SHA256
4aaa023f26c6f38d36b0b8cc57ca2dfb4f9922cfb86383241da2f997af59f93e

SHA512
1229b8d2945b721222b32ca59e41e63137a56bb3993b930ca49034bf00d9438323f3004055d883366c319abfdbdad118dacf2dbdfbdcaf07f03987d127f9a152

Download Submit
C:\Windows\System\dvSSerV.exe

Filesize
2.9MB

MD5
f6810eab206ee5a6d87bd9cf7d0ee223

SHA1
58c25038ef84ff8800aac41238f55367114ca589

SHA256
10d7f7fa43a922a8713c817cdd73d95228455024acc9bb96b5493f03b7d60e2e

SHA512
07967f16ae0d9ca99da9c20ddc3efc95bbfc777c9e1bf2606c0c2fc39ac061f012968adb9fcf062a4d6a79f2768e78c9022e0d1752169fb3473112c3117e68a9

Download Submit
C:\Windows\System\exkgOsq.exe

Filesize
2.9MB

MD5
984dbd05fcbbf4c1e27942562e48eecf

SHA1
abba7b8ec623efed161f2c82612b7f86ab461bac

SHA256
7ea61748537498c99f982ffd28e92090124f2cea7906fb6cf2f55239829adf2a

SHA512
f315f3b257c87e54075b523749b65a7925eeeb6a5d3d01c348e70166d72481cef791c399cf2559376869cbbc141a172219a7cf66cfb41ef727423d8349979fc1

Download Submit
C:\Windows\System\ffLRPVt.exe

Filesize
2.9MB

MD5
24fb175bfd3735dd30834e10e25f3b41

SHA1
42acbdde9fb7ce5aef7cdb138a002bb65fa76c49

SHA256
f34c94dc6657501e433d0c7d85dc5394a43f791352b95e6b442032cfb6e794fe

SHA512
da293c5f15e1268deee013f5471c368bb3858d5ce85819d71abacb7cee5d788ddea50f7a995b3c0daeb59e585c3a8feb4e4370fcd3354b11ef5e00ab891de392

Download Submit
C:\Windows\System\fkXWMfh.exe

Filesize
2.9MB

MD5
d29e07622a5538fe583005e5459f89cf

SHA1
33812a70f18c783336e53d28b1fcede4458988eb

SHA256
b7245f78a1bbb45301123a9545d0f118c2f6c45b8051f6651e9c7d22a71aa877

SHA512
a5e9877f9877d006f1fadb0b75bbc59efb9a39e7716f95e740b250a0ac749a41d4780a7111797021cd5197a0d316ac12106152a72fa1ec722dd1d99e9ebf837f

Download Submit
C:\Windows\System\fnHIGNP.exe

Filesize
2.9MB

MD5
2c135140f2b805dd09600eff4bdf6dac

SHA1
987ea371ef72c0571ccd44eb404a1080f1ab2ccd

SHA256
1f2f7cf1d2a4989e20c928462ded51134904a82cd86debd39e89b4df455c5973

SHA512
9cf55a56e4c85ae19374b62a6e369db9c7484545f39b001e6d4721fefe3bf9bb3b18db59344a67f95959323fce943f582dde9ca89701e779a1e83050f4483faa

Download Submit
C:\Windows\System\iioTuRn.exe

Filesize
2.9MB

MD5
05999f762b7a5c7a77173fc067005b3c

SHA1
3f6ed2f2ab0f3263b4c9ff96dffd7912adda8b95

SHA256
a82d1820ebcc86c5007fa9fce7ff12f448e89241b44fc832a3d9c6210a68a30a

SHA512
f257c0b3ccd60a91fbcb015f27f2d413246c3cd9bea7dc10a0c5ebec93907ace1ca5f568ac6dc0014a96a0808be33fd4c4a457baa25f56ac645bb01169365932

Download Submit
C:\Windows\System\ixjDlLF.exe

Filesize
2.9MB

MD5
1946576aa63b3094a7dc03ae7c364c6c

SHA1
c190e9ef1896071250c7286e43d8fad2ce1cb261

SHA256
a3ad16dcf1794af42053488af27b9a864d9d2a4674444ea0e5e7d162541b5d13

SHA512
062f462ce24e10b7d41561c70de8512943b9280e79290f4e05cd644b0703df4bd35697956f1044bc2b18b54611d9c7b0558b5a21c028f27db91a2d339d0f81f9

Download Submit
C:\Windows\System\jRDezJQ.exe

Filesize
2.9MB

MD5
877bc5405a585cb3ec4487c511ac3bdc

SHA1
1467b74e14c9d026d68f560076c2ff8c17c7f9d9

SHA256
4430c0c3e45bd6ab133ecc4b28b6dfcd0a125fca20a34132d9cc2250e984727a

SHA512
100d144cad441f414246c9f5f8c84aeea1876b53e6a31365e6da2a2e0fc2ee53a54e88c32746e923c2be67bc70e0a3c13a5bc8de4c4197f1fa71efdb6b0fa8c4

Download Submit
C:\Windows\System\lLpgnZC.exe

Filesize
2.9MB

MD5
2855d83302a3e26eae1db3d5267d5401

SHA1
1aa7d091a3885c7057931c63dfa059b07b20f49c

SHA256
4269363326ee346d8e6b4514302d32bc088143fe77013e93563906c991462d48

SHA512
98da7b3ddf2c664b207c5b13c0242121b2d0fe7a468a8a4b0ed8b77460db96fbbfd57f92d02da6cae02baf2f143438a09f351da4f06b90abc65dbe2ed34542d2

Download Submit
C:\Windows\System\mKupRLO.exe

Filesize
2.9MB

MD5
d8174d5249660f98a9794481d5d84f1d

SHA1
072f8aa9c2a4a2e12188a31f4bef4639a309ffc0

SHA256
ad0d22c3dd02cd3004aac31141b6346fb96beca6b1338e8a1d21d8c8a9305f63

SHA512
e0be7506422b0959dd0df2f11dfdbb3cfa5edc0f46aadfaf1c17c07d7c7d7d9050aca55f0a813ca2768cb3a088d0a1ac743370cfc60b04fbc94b8f482b954bf5

Download Submit
C:\Windows\System\nYYQpOO.exe

Filesize
2.9MB

MD5
5bc85bcf5aac3c251083462f60178776

SHA1
3395fc08e4d7797e2800912c8019daaaf697324a

SHA256
e9d3d4724431d387a832af41f6f0fdbec34a4ba4d5e4a6bf5e75090f65fdb713

SHA512
f8528d806680939c73041c2bb4a8fbfbcad51d1d52b6db5faae6daf613a36fb385a2633bb0f1120d147223a9bb96cdc31634878eb06ca3de0d357fdfd23d6a63

Download Submit
C:\Windows\System\qCyhplf.exe

Filesize
2.9MB

MD5
6f8ffede048fe8af2e7a615ba9570e01

SHA1
3a85bb54e5b4ba98531d8e4196130d04b8d8047b

SHA256
dc8dae179d53cedd011187205fb79b08a1891188113d7bb8cbb9b1fa7a05f284

SHA512
d1d8d2aeff97d2cf1f380199505e38948b69e55525d9255cadbe9803823dc64fd8c16ece9de0e4d2f26d8e90299d33c6754fe01d3f7b31c86e80c13573466ad2

Download Submit
C:\Windows\System\tUXkTTg.exe

Filesize
2.9MB

MD5
b0a7f5038727ef9fbc6f4e6baa316ce8

SHA1
f43b98d965e72f0a754f26a0b58ae2a43381ce59

SHA256
48e16200c111d5731b08cccfceed20530acdda1bf9d78f918f55b0752c808143

SHA512
a39b400aec761e11387033e250d33d8e47a502f761768c9f5a9919db4c12842f4df4f563cf4cd556bde87cbc24dedb2d2219624bb1bb1b6e4e9e5958e0d50f35

Download Submit
C:\Windows\System\vuIRxch.exe

Filesize
2.9MB

MD5
d8422d358e87738889282a1d670eb799

SHA1
3f56e45ccb321dd2516448717b097bc5176c4662

SHA256
65829c403d095f72fb0a5c858ba7c9092cbdd841b844d34615d919ff0ccd4907

SHA512
5b589df803dd67294238ca415cd1cd302dbc8dc8f39c5feaff635c2e3ea76a68ba42746721cf38744e0c7caf5fe6da7af1877af560075417557fd273a6a26eee

Download Submit
C:\Windows\System\zVoJTJA.exe

Filesize
2.9MB

MD5
49034591d14d5eda158d85bcbaee5df5

SHA1
bba83cdbbaae0ff2c6309c7ba0ceeea90ff88647

SHA256
c35a35e94080d95c3553226c45375ca4650f9227475d5263af7f3469816655fd

SHA512
8579a9ff2e6ae4c8de12ea1cf19d22a031010a688764c82b2b4f651d522dfa082f70b42c79aebdc3f3a187e0887d7040d93ce0776b7f1c25250a3351f31cb564

Download Submit
memory/1000-2151-0x00007FF7DC420000-0x00007FF7DC774000-memory.dmp

Filesize
3.3MB

Download
memory/1000-671-0x00007FF7DC420000-0x00007FF7DC774000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2152-0x00007FF7F6C70000-0x00007FF7F6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-663-0x00007FF7F6C70000-0x00007FF7F6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2143-0x00007FF7689B0000-0x00007FF768D04000-memory.dmp

Filesize
3.3MB

Download
memory/1544-628-0x00007FF7689B0000-0x00007FF768D04000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2140-0x00007FF6FE030000-0x00007FF6FE384000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2125-0x00007FF6FE030000-0x00007FF6FE384000-memory.dmp

Filesize
3.3MB

Download
memory/1744-78-0x00007FF6FE030000-0x00007FF6FE384000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2149-0x00007FF759270000-0x00007FF7595C4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-680-0x00007FF759270000-0x00007FF7595C4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-2154-0x00007FF6D41A0000-0x00007FF6D44F4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-649-0x00007FF6D41A0000-0x00007FF6D44F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2129-0x00007FF737DD0000-0x00007FF738124000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1656-0x00007FF737DD0000-0x00007FF738124000-memory.dmp

Filesize
3.3MB

Download
memory/2532-20-0x00007FF737DD0000-0x00007FF738124000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2132-0x00007FF735AE0000-0x00007FF735E34000-memory.dmp

Filesize
3.3MB

Download
memory/2948-49-0x00007FF735AE0000-0x00007FF735E34000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2128-0x00007FF6E17E0000-0x00007FF6E1B34000-memory.dmp

Filesize
3.3MB

Download
memory/3320-1399-0x00007FF6E17E0000-0x00007FF6E1B34000-memory.dmp

Filesize
3.3MB

Download
memory/3320-16-0x00007FF6E17E0000-0x00007FF6E1B34000-memory.dmp

Filesize
3.3MB

Download
memory/3584-2137-0x00007FF6A5700000-0x00007FF6A5A54000-memory.dmp

Filesize
3.3MB

Download
memory/3584-2124-0x00007FF6A5700000-0x00007FF6A5A54000-memory.dmp

Filesize
3.3MB

Download
memory/3584-75-0x00007FF6A5700000-0x00007FF6A5A54000-memory.dmp

Filesize
3.3MB

Download
memory/3664-2138-0x00007FF72FFD0000-0x00007FF730324000-memory.dmp

Filesize
3.3MB

Download
memory/3664-616-0x00007FF72FFD0000-0x00007FF730324000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2155-0x00007FF78AF90000-0x00007FF78B2E4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-653-0x00007FF78AF90000-0x00007FF78B2E4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2147-0x00007FF7FF6F0000-0x00007FF7FFA44000-memory.dmp

Filesize
3.3MB

Download
memory/3972-632-0x00007FF7FF6F0000-0x00007FF7FFA44000-memory.dmp

Filesize
3.3MB

Download
memory/4048-693-0x00007FF68BA20000-0x00007FF68BD74000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2144-0x00007FF68BA20000-0x00007FF68BD74000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2142-0x00007FF65CA30000-0x00007FF65CD84000-memory.dmp

Filesize
3.3MB

Download
memory/4052-625-0x00007FF65CA30000-0x00007FF65CD84000-memory.dmp

Filesize
3.3MB

Download
memory/4420-685-0x00007FF607890000-0x00007FF607BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-1-0x000001C766A60000-0x000001C766A70000-memory.dmp

Filesize
64KB

Download
memory/4420-0-0x00007FF607890000-0x00007FF607BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-2150-0x00007FF660FD0000-0x00007FF661324000-memory.dmp

Filesize
3.3MB

Download
memory/4464-674-0x00007FF660FD0000-0x00007FF661324000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2145-0x00007FF781740000-0x00007FF781A94000-memory.dmp

Filesize
3.3MB

Download
memory/4508-687-0x00007FF781740000-0x00007FF781A94000-memory.dmp

Filesize
3.3MB

Download
memory/4560-673-0x00007FF7C6B80000-0x00007FF7C6ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2153-0x00007FF7C6B80000-0x00007FF7C6ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4636-2135-0x00007FF70A7B0000-0x00007FF70AB04000-memory.dmp

Filesize
3.3MB

Download
memory/4636-66-0x00007FF70A7B0000-0x00007FF70AB04000-memory.dmp

Filesize
3.3MB

Download
memory/4664-34-0x00007FF69D200000-0x00007FF69D554000-memory.dmp

Filesize
3.3MB

Download
memory/4664-2133-0x00007FF69D200000-0x00007FF69D554000-memory.dmp

Filesize
3.3MB

Download
memory/4664-1992-0x00007FF69D200000-0x00007FF69D554000-memory.dmp

Filesize
3.3MB

Download
memory/4732-622-0x00007FF73A190000-0x00007FF73A4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2141-0x00007FF73A190000-0x00007FF73A4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-38-0x00007FF6623A0000-0x00007FF6626F4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2134-0x00007FF6623A0000-0x00007FF6626F4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-97-0x00007FF632AD0000-0x00007FF632E24000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2136-0x00007FF632AD0000-0x00007FF632E24000-memory.dmp

Filesize
3.3MB

Download
memory/4876-2146-0x00007FF77A570000-0x00007FF77A8C4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-638-0x00007FF77A570000-0x00007FF77A8C4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-683-0x00007FF7E49D0000-0x00007FF7E4D24000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2148-0x00007FF7E49D0000-0x00007FF7E4D24000-memory.dmp

Filesize
3.3MB

Download
memory/4932-1989-0x00007FF727260000-0x00007FF7275B4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-26-0x00007FF727260000-0x00007FF7275B4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2130-0x00007FF727260000-0x00007FF7275B4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2131-0x00007FF68BB60000-0x00007FF68BEB4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-52-0x00007FF68BB60000-0x00007FF68BEB4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-8-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2127-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1040-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2126-0x00007FF699E20000-0x00007FF69A174000-memory.dmp

Filesize
3.3MB

Download
memory/5024-82-0x00007FF699E20000-0x00007FF69A174000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2139-0x00007FF699E20000-0x00007FF69A174000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads