xmrig | d33363a34f7a90db0e54d9733e8962bbfe7f1d0ba0de2c6dedbc1db5d46797ac

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2024 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

305dac81d4955c8e4d0840bf3e601640_NEAS.exe
Size

1.4MB
MD5

305dac81d4955c8e4d0840bf3e601640
SHA1

3efe7922ba3306e3954f8cc5ac81ed42046db911
SHA256

d33363a34f7a90db0e54d9733e8962bbfe7f1d0ba0de2c6dedbc1db5d46797ac
SHA512

ddb762b5de66c72b450958a13fcef3d58a382f0b11fe5e2ac5491d6b05273486248ec23f9a14e794a1870821204f9f3a56e3a3663359ae790052f2fc704c823d
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727P/Q50xJiYYIFddXpa2qVWhBilx7To30bVwUWtex:ROdWCCi7/rahw5UP6Qsx7UMVwex

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1884-22-0x00007FF6FE3F0000-0x00007FF6FE741000-memory.dmp	xmrig
behavioral2/memory/2620-34-0x00007FF691710000-0x00007FF691A61000-memory.dmp	xmrig
behavioral2/memory/3724-73-0x00007FF7F66E0000-0x00007FF7F6A31000-memory.dmp	xmrig
behavioral2/memory/4716-79-0x00007FF74D5C0000-0x00007FF74D911000-memory.dmp	xmrig
behavioral2/memory/5056-106-0x00007FF7DE330000-0x00007FF7DE681000-memory.dmp	xmrig
behavioral2/memory/1888-190-0x00007FF6293D0000-0x00007FF629721000-memory.dmp	xmrig
behavioral2/memory/3120-189-0x00007FF690710000-0x00007FF690A61000-memory.dmp	xmrig
behavioral2/memory/2012-182-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp	xmrig
behavioral2/memory/4236-169-0x00007FF76A510000-0x00007FF76A861000-memory.dmp	xmrig
behavioral2/memory/4784-156-0x00007FF7C8A50000-0x00007FF7C8DA1000-memory.dmp	xmrig
behavioral2/memory/1880-143-0x00007FF6E9160000-0x00007FF6E94B1000-memory.dmp	xmrig
behavioral2/memory/4516-102-0x00007FF641770000-0x00007FF641AC1000-memory.dmp	xmrig
behavioral2/memory/1360-101-0x00007FF6AF6C0000-0x00007FF6AFA11000-memory.dmp	xmrig
behavioral2/memory/4128-93-0x00007FF792D00000-0x00007FF793051000-memory.dmp	xmrig
behavioral2/memory/4108-86-0x00007FF7D1630000-0x00007FF7D1981000-memory.dmp	xmrig
behavioral2/memory/2012-85-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp	xmrig
behavioral2/memory/908-37-0x00007FF61A1A0000-0x00007FF61A4F1000-memory.dmp	xmrig
behavioral2/memory/4784-33-0x00007FF7C8A50000-0x00007FF7C8DA1000-memory.dmp	xmrig
behavioral2/memory/3660-10-0x00007FF69B290000-0x00007FF69B5E1000-memory.dmp	xmrig
behavioral2/memory/3616-2114-0x00007FF7CDEB0000-0x00007FF7CE201000-memory.dmp	xmrig
behavioral2/memory/4656-2111-0x00007FF6623A0000-0x00007FF6626F1000-memory.dmp	xmrig
behavioral2/memory/1092-2252-0x00007FF7465C0000-0x00007FF746911000-memory.dmp	xmrig
behavioral2/memory/2884-2253-0x00007FF7B8450000-0x00007FF7B87A1000-memory.dmp	xmrig
behavioral2/memory/64-2254-0x00007FF6B5C90000-0x00007FF6B5FE1000-memory.dmp	xmrig
behavioral2/memory/3852-2255-0x00007FF7569A0000-0x00007FF756CF1000-memory.dmp	xmrig
behavioral2/memory/4036-2284-0x00007FF700EC0000-0x00007FF701211000-memory.dmp	xmrig
behavioral2/memory/4596-2290-0x00007FF72C1B0000-0x00007FF72C501000-memory.dmp	xmrig
behavioral2/memory/744-2289-0x00007FF742100000-0x00007FF742451000-memory.dmp	xmrig
behavioral2/memory/1040-2291-0x00007FF725CC0000-0x00007FF726011000-memory.dmp	xmrig
behavioral2/memory/1912-2295-0x00007FF6C0140000-0x00007FF6C0491000-memory.dmp	xmrig
behavioral2/memory/3660-2298-0x00007FF69B290000-0x00007FF69B5E1000-memory.dmp	xmrig
behavioral2/memory/1884-2300-0x00007FF6FE3F0000-0x00007FF6FE741000-memory.dmp	xmrig
behavioral2/memory/4784-2306-0x00007FF7C8A50000-0x00007FF7C8DA1000-memory.dmp	xmrig
behavioral2/memory/908-2305-0x00007FF61A1A0000-0x00007FF61A4F1000-memory.dmp	xmrig
behavioral2/memory/2620-2304-0x00007FF691710000-0x00007FF691A61000-memory.dmp	xmrig
behavioral2/memory/4716-2316-0x00007FF74D5C0000-0x00007FF74D911000-memory.dmp	xmrig
behavioral2/memory/3120-2310-0x00007FF690710000-0x00007FF690A61000-memory.dmp	xmrig
behavioral2/memory/4236-2309-0x00007FF76A510000-0x00007FF76A861000-memory.dmp	xmrig
behavioral2/memory/1888-2312-0x00007FF6293D0000-0x00007FF629721000-memory.dmp	xmrig
behavioral2/memory/3724-2314-0x00007FF7F66E0000-0x00007FF7F6A31000-memory.dmp	xmrig
behavioral2/memory/4128-2320-0x00007FF792D00000-0x00007FF793051000-memory.dmp	xmrig
behavioral2/memory/4516-2324-0x00007FF641770000-0x00007FF641AC1000-memory.dmp	xmrig
behavioral2/memory/5056-2328-0x00007FF7DE330000-0x00007FF7DE681000-memory.dmp	xmrig
behavioral2/memory/2012-2326-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp	xmrig
behavioral2/memory/1360-2322-0x00007FF6AF6C0000-0x00007FF6AFA11000-memory.dmp	xmrig
behavioral2/memory/4108-2318-0x00007FF7D1630000-0x00007FF7D1981000-memory.dmp	xmrig
behavioral2/memory/3616-2330-0x00007FF7CDEB0000-0x00007FF7CE201000-memory.dmp	xmrig
behavioral2/memory/64-2355-0x00007FF6B5C90000-0x00007FF6B5FE1000-memory.dmp	xmrig
behavioral2/memory/1040-2344-0x00007FF725CC0000-0x00007FF726011000-memory.dmp	xmrig
behavioral2/memory/4036-2342-0x00007FF700EC0000-0x00007FF701211000-memory.dmp	xmrig
behavioral2/memory/3852-2340-0x00007FF7569A0000-0x00007FF756CF1000-memory.dmp	xmrig
behavioral2/memory/2352-2336-0x00007FF7E93D0000-0x00007FF7E9721000-memory.dmp	xmrig
behavioral2/memory/2884-2334-0x00007FF7B8450000-0x00007FF7B87A1000-memory.dmp	xmrig
behavioral2/memory/1092-2332-0x00007FF7465C0000-0x00007FF746911000-memory.dmp	xmrig
behavioral2/memory/1912-2352-0x00007FF6C0140000-0x00007FF6C0491000-memory.dmp	xmrig
behavioral2/memory/4252-2350-0x00007FF609BC0000-0x00007FF609F11000-memory.dmp	xmrig
behavioral2/memory/744-2348-0x00007FF742100000-0x00007FF742451000-memory.dmp	xmrig
behavioral2/memory/4596-2346-0x00007FF72C1B0000-0x00007FF72C501000-memory.dmp	xmrig
behavioral2/memory/4656-2338-0x00007FF6623A0000-0x00007FF6626F1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3660	QpXyyDc.exe
1884	vLuyPwG.exe
4784	AKFRyEf.exe
908	BdhvjoK.exe
2620	HSlqUYq.exe
4236	UzLYuLB.exe
3120	BDwMrRs.exe
1888	OFMTBLs.exe
3724	XYjmYrk.exe
4716	adWHUxx.exe
2012	WnBxOrR.exe
4108	DzNHnaC.exe
4128	qShDOIe.exe
1360	YASlrhQ.exe
4516	rZxPOSD.exe
5056	swrDdMN.exe
4656	tpYVqts.exe
3616	XAWOHwo.exe
2352	LlyhUrq.exe
1092	awzzJlr.exe
2884	hLScsaw.exe
64	uWlKxZZ.exe
3852	avDRaZT.exe
4036	HdpbXQc.exe
744	aUTRAlh.exe
4596	WVTKfYz.exe
1040	pdUswoH.exe
1912	hFdlaCh.exe
4252	jHrdlwq.exe
3044	RjwsqKU.exe
636	osqNGse.exe
4444	eXCqTnH.exe
4900	BtShjBD.exe
3940	oSKxLrG.exe
2892	pklzUVr.exe
1980	qbRjXzK.exe
1496	WfTnNnm.exe
852	QSrQzMb.exe
4120	YyVWBEf.exe
3768	psdYYTe.exe
1800	LLcAnyN.exe
3320	SJTyMFA.exe
432	bZiDlYg.exe
4316	iTWCUQY.exe
3796	WZCaNuu.exe
3480	hgsnUqO.exe
3820	PwunwTh.exe
4944	hHOdylv.exe
2228	rkvHDDY.exe
2280	hXzIiwh.exe
4676	ocQClyw.exe
2600	eCAaPNR.exe
4472	qHzPxFj.exe
4724	MMxgCqU.exe
3032	CNryWsh.exe
3412	fAGbouS.exe
3808	gcxMcKC.exe
1720	HfVQVYw.exe
3732	mtaerAv.exe
1252	mBDKfrA.exe
4932	vFgKGzf.exe
3640	aPiJVHp.exe
960	DyIbcdN.exe
1032	gGfKNFI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1880-0-0x00007FF6E9160000-0x00007FF6E94B1000-memory.dmp	upx
behavioral2/files/0x000a000000023b97-9.dat	upx
behavioral2/memory/1884-22-0x00007FF6FE3F0000-0x00007FF6FE741000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-31.dat	upx
behavioral2/memory/2620-34-0x00007FF691710000-0x00007FF691A61000-memory.dmp	upx
behavioral2/files/0x000a000000023b9a-36.dat	upx
behavioral2/files/0x000a000000023b9b-40.dat	upx
behavioral2/files/0x000a000000023b9c-49.dat	upx
behavioral2/files/0x000a000000023b9d-53.dat	upx
behavioral2/files/0x000a000000023b9e-64.dat	upx
behavioral2/files/0x000a000000023ba0-66.dat	upx
behavioral2/memory/3724-73-0x00007FF7F66E0000-0x00007FF7F6A31000-memory.dmp	upx
behavioral2/memory/4716-79-0x00007FF74D5C0000-0x00007FF74D911000-memory.dmp	upx
behavioral2/files/0x000a000000023ba4-90.dat	upx
behavioral2/memory/5056-106-0x00007FF7DE330000-0x00007FF7DE681000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-115.dat	upx
behavioral2/memory/64-137-0x00007FF6B5C90000-0x00007FF6B5FE1000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-147.dat	upx
behavioral2/files/0x000a000000023bae-170.dat	upx
behavioral2/files/0x000a000000023bb4-198.dat	upx
behavioral2/files/0x000a000000023bb2-196.dat	upx
behavioral2/files/0x000a000000023bb3-193.dat	upx
behavioral2/files/0x000a000000023bb1-191.dat	upx
behavioral2/memory/1888-190-0x00007FF6293D0000-0x00007FF629721000-memory.dmp	upx
behavioral2/memory/3120-189-0x00007FF690710000-0x00007FF690A61000-memory.dmp	upx
behavioral2/memory/4252-188-0x00007FF609BC0000-0x00007FF609F11000-memory.dmp	upx
behavioral2/files/0x000a000000023bb0-183.dat	upx
behavioral2/memory/2012-182-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-177.dat	upx
behavioral2/memory/1912-176-0x00007FF6C0140000-0x00007FF6C0491000-memory.dmp	upx
behavioral2/memory/1040-175-0x00007FF725CC0000-0x00007FF726011000-memory.dmp	upx
behavioral2/memory/4236-169-0x00007FF76A510000-0x00007FF76A861000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-164.dat	upx
behavioral2/memory/4596-163-0x00007FF72C1B0000-0x00007FF72C501000-memory.dmp	upx
behavioral2/memory/744-157-0x00007FF742100000-0x00007FF742451000-memory.dmp	upx
behavioral2/memory/4784-156-0x00007FF7C8A50000-0x00007FF7C8DA1000-memory.dmp	upx
behavioral2/files/0x000a000000023bab-151.dat	upx
behavioral2/memory/4036-150-0x00007FF700EC0000-0x00007FF701211000-memory.dmp	upx
behavioral2/files/0x000a000000023baa-145.dat	upx
behavioral2/memory/3852-144-0x00007FF7569A0000-0x00007FF756CF1000-memory.dmp	upx
behavioral2/memory/1880-143-0x00007FF6E9160000-0x00007FF6E94B1000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-138.dat	upx
behavioral2/files/0x000a000000023ba8-132.dat	upx
behavioral2/memory/2884-131-0x00007FF7B8450000-0x00007FF7B87A1000-memory.dmp	upx
behavioral2/memory/1092-125-0x00007FF7465C0000-0x00007FF746911000-memory.dmp	upx
behavioral2/memory/2352-124-0x00007FF7E93D0000-0x00007FF7E9721000-memory.dmp	upx
behavioral2/files/0x000c000000023b8f-119.dat	upx
behavioral2/memory/3616-118-0x00007FF7CDEB0000-0x00007FF7CE201000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-113.dat	upx
behavioral2/memory/4656-112-0x00007FF6623A0000-0x00007FF6626F1000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-107.dat	upx
behavioral2/memory/4516-102-0x00007FF641770000-0x00007FF641AC1000-memory.dmp	upx
behavioral2/memory/1360-101-0x00007FF6AF6C0000-0x00007FF6AFA11000-memory.dmp	upx
behavioral2/files/0x000a000000023ba3-95.dat	upx
behavioral2/memory/4128-93-0x00007FF792D00000-0x00007FF793051000-memory.dmp	upx
behavioral2/files/0x000a000000023ba2-87.dat	upx
behavioral2/memory/4108-86-0x00007FF7D1630000-0x00007FF7D1981000-memory.dmp	upx
behavioral2/memory/2012-85-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp	upx
behavioral2/files/0x000a000000023ba1-80.dat	upx
behavioral2/files/0x000a000000023b9f-69.dat	upx
behavioral2/memory/1888-48-0x00007FF6293D0000-0x00007FF629721000-memory.dmp	upx
behavioral2/memory/3120-45-0x00007FF690710000-0x00007FF690A61000-memory.dmp	upx
behavioral2/memory/908-37-0x00007FF61A1A0000-0x00007FF61A4F1000-memory.dmp	upx
behavioral2/memory/4236-35-0x00007FF76A510000-0x00007FF76A861000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CCpqvsI.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\HmAtPFJ.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\yxvHCmY.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\XtekRWP.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\UOwQPDM.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\wauAfEl.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\RJKCiLF.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\vdISqvd.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\CgWzWuA.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\AatLnly.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\CgGqLCs.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\zoNuCgL.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\dpzKdBB.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\PivOhbF.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\bLtCkWD.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\zvAaIVe.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\qIQbjRP.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\RlLhnEe.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\VOQwDBU.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\fYmGTQI.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\dodRPWM.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\KDRSinh.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\jizqPkN.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\YtUvjWm.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\LlyhUrq.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\hLScsaw.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\FrvqJVC.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\SQUBuMV.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\PXXZXcF.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\DfZlkGu.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\byiGqeL.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\ktkSXbO.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\HSlqUYq.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\OFMTBLs.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\IqVuSKk.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\oBnpkJK.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\GiwtNYq.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\duMQjTU.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\dbFqKYW.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\HeAKFLi.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\eCAaPNR.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\gnIQiLu.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\ZBtExXL.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\rchoOgX.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\tlmlDDl.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\DOATlaq.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\XrdhOmH.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\QBnTsys.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\LyHFQkO.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\dLbZWtS.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\SqakGiM.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\hOoPyHm.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\lIIXnRE.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\uWlKxZZ.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\SWUorDH.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\ZgzQgBF.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\pYvohBv.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\gRUbrDW.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\dyEOGHn.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\gNViSve.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\nEpydnn.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\TwqVGoc.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\BtShjBD.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe
File created	C:\Windows\System\oPYLpFu.exe	305dac81d4955c8e4d0840bf3e601640_NEAS.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14176	dwm.exe
Token: SeChangeNotifyPrivilege	14176	dwm.exe
Token: 33	14176	dwm.exe
Token: SeIncBasePriorityPrivilege	14176	dwm.exe
Token: SeShutdownPrivilege	14176	dwm.exe
Token: SeCreatePagefilePrivilege	14176	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 3660	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	84
PID 1880 wrote to memory of 3660	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	84
PID 1880 wrote to memory of 1884	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	85
PID 1880 wrote to memory of 1884	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	85
PID 1880 wrote to memory of 4784	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	86
PID 1880 wrote to memory of 4784	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	86
PID 1880 wrote to memory of 908	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	87
PID 1880 wrote to memory of 908	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	87
PID 1880 wrote to memory of 2620	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	88
PID 1880 wrote to memory of 2620	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	88
PID 1880 wrote to memory of 4236	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	89
PID 1880 wrote to memory of 4236	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	89
PID 1880 wrote to memory of 3120	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	90
PID 1880 wrote to memory of 3120	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	90
PID 1880 wrote to memory of 1888	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	91
PID 1880 wrote to memory of 1888	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	91
PID 1880 wrote to memory of 3724	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	92
PID 1880 wrote to memory of 3724	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	92
PID 1880 wrote to memory of 4716	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	93
PID 1880 wrote to memory of 4716	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	93
PID 1880 wrote to memory of 2012	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	94
PID 1880 wrote to memory of 2012	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	94
PID 1880 wrote to memory of 4108	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	95
PID 1880 wrote to memory of 4108	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	95
PID 1880 wrote to memory of 4128	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	96
PID 1880 wrote to memory of 4128	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	96
PID 1880 wrote to memory of 1360	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	97
PID 1880 wrote to memory of 1360	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	97
PID 1880 wrote to memory of 4516	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	98
PID 1880 wrote to memory of 4516	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	98
PID 1880 wrote to memory of 5056	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	99
PID 1880 wrote to memory of 5056	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	99
PID 1880 wrote to memory of 4656	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	100
PID 1880 wrote to memory of 4656	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	100
PID 1880 wrote to memory of 3616	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	101
PID 1880 wrote to memory of 3616	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	101
PID 1880 wrote to memory of 2352	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	102
PID 1880 wrote to memory of 2352	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	102
PID 1880 wrote to memory of 1092	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	103
PID 1880 wrote to memory of 1092	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	103
PID 1880 wrote to memory of 2884	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	104
PID 1880 wrote to memory of 2884	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	104
PID 1880 wrote to memory of 64	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	105
PID 1880 wrote to memory of 64	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	105
PID 1880 wrote to memory of 3852	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	106
PID 1880 wrote to memory of 3852	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	106
PID 1880 wrote to memory of 4036	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	107
PID 1880 wrote to memory of 4036	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	107
PID 1880 wrote to memory of 744	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	108
PID 1880 wrote to memory of 744	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	108
PID 1880 wrote to memory of 4596	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	109
PID 1880 wrote to memory of 4596	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	109
PID 1880 wrote to memory of 1040	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	110
PID 1880 wrote to memory of 1040	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	110
PID 1880 wrote to memory of 1912	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	111
PID 1880 wrote to memory of 1912	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	111
PID 1880 wrote to memory of 4252	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	112
PID 1880 wrote to memory of 4252	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	112
PID 1880 wrote to memory of 3044	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	113
PID 1880 wrote to memory of 3044	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	113
PID 1880 wrote to memory of 636	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	114
PID 1880 wrote to memory of 636	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	114
PID 1880 wrote to memory of 4444	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	115
PID 1880 wrote to memory of 4444	1880	305dac81d4955c8e4d0840bf3e601640_NEAS.exe	115

C:\Users\Admin\AppData\Local\Temp\305dac81d4955c8e4d0840bf3e601640_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\305dac81d4955c8e4d0840bf3e601640_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\System\QpXyyDc.exe
  C:\Windows\System\QpXyyDc.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\vLuyPwG.exe
  C:\Windows\System\vLuyPwG.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\AKFRyEf.exe
  C:\Windows\System\AKFRyEf.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\BdhvjoK.exe
  C:\Windows\System\BdhvjoK.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\HSlqUYq.exe
  C:\Windows\System\HSlqUYq.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\UzLYuLB.exe
  C:\Windows\System\UzLYuLB.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\BDwMrRs.exe
  C:\Windows\System\BDwMrRs.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\OFMTBLs.exe
  C:\Windows\System\OFMTBLs.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\XYjmYrk.exe
  C:\Windows\System\XYjmYrk.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\adWHUxx.exe
  C:\Windows\System\adWHUxx.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\WnBxOrR.exe
  C:\Windows\System\WnBxOrR.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\DzNHnaC.exe
  C:\Windows\System\DzNHnaC.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\qShDOIe.exe
  C:\Windows\System\qShDOIe.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\YASlrhQ.exe
  C:\Windows\System\YASlrhQ.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\rZxPOSD.exe
  C:\Windows\System\rZxPOSD.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\swrDdMN.exe
  C:\Windows\System\swrDdMN.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\tpYVqts.exe
  C:\Windows\System\tpYVqts.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\XAWOHwo.exe
  C:\Windows\System\XAWOHwo.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\LlyhUrq.exe
  C:\Windows\System\LlyhUrq.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\awzzJlr.exe
  C:\Windows\System\awzzJlr.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\hLScsaw.exe
  C:\Windows\System\hLScsaw.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\uWlKxZZ.exe
  C:\Windows\System\uWlKxZZ.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\avDRaZT.exe
  C:\Windows\System\avDRaZT.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\HdpbXQc.exe
  C:\Windows\System\HdpbXQc.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\aUTRAlh.exe
  C:\Windows\System\aUTRAlh.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\WVTKfYz.exe
  C:\Windows\System\WVTKfYz.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\pdUswoH.exe
  C:\Windows\System\pdUswoH.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\hFdlaCh.exe
  C:\Windows\System\hFdlaCh.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\jHrdlwq.exe
  C:\Windows\System\jHrdlwq.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\RjwsqKU.exe
  C:\Windows\System\RjwsqKU.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\osqNGse.exe
  C:\Windows\System\osqNGse.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\eXCqTnH.exe
  C:\Windows\System\eXCqTnH.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\BtShjBD.exe
  C:\Windows\System\BtShjBD.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\oSKxLrG.exe
  C:\Windows\System\oSKxLrG.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\pklzUVr.exe
  C:\Windows\System\pklzUVr.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\qbRjXzK.exe
  C:\Windows\System\qbRjXzK.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\WfTnNnm.exe
  C:\Windows\System\WfTnNnm.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\QSrQzMb.exe
  C:\Windows\System\QSrQzMb.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\YyVWBEf.exe
  C:\Windows\System\YyVWBEf.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\psdYYTe.exe
  C:\Windows\System\psdYYTe.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\LLcAnyN.exe
  C:\Windows\System\LLcAnyN.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\SJTyMFA.exe
  C:\Windows\System\SJTyMFA.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\bZiDlYg.exe
  C:\Windows\System\bZiDlYg.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\iTWCUQY.exe
  C:\Windows\System\iTWCUQY.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\WZCaNuu.exe
  C:\Windows\System\WZCaNuu.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\hgsnUqO.exe
  C:\Windows\System\hgsnUqO.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\PwunwTh.exe
  C:\Windows\System\PwunwTh.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\hHOdylv.exe
  C:\Windows\System\hHOdylv.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\rkvHDDY.exe
  C:\Windows\System\rkvHDDY.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\hXzIiwh.exe
  C:\Windows\System\hXzIiwh.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\ocQClyw.exe
  C:\Windows\System\ocQClyw.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\eCAaPNR.exe
  C:\Windows\System\eCAaPNR.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\qHzPxFj.exe
  C:\Windows\System\qHzPxFj.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\MMxgCqU.exe
  C:\Windows\System\MMxgCqU.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\CNryWsh.exe
  C:\Windows\System\CNryWsh.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\fAGbouS.exe
  C:\Windows\System\fAGbouS.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\gcxMcKC.exe
  C:\Windows\System\gcxMcKC.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\HfVQVYw.exe
  C:\Windows\System\HfVQVYw.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\mtaerAv.exe
  C:\Windows\System\mtaerAv.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\mBDKfrA.exe
  C:\Windows\System\mBDKfrA.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\vFgKGzf.exe
  C:\Windows\System\vFgKGzf.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\aPiJVHp.exe
  C:\Windows\System\aPiJVHp.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\DyIbcdN.exe
  C:\Windows\System\DyIbcdN.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\gGfKNFI.exe
  C:\Windows\System\gGfKNFI.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\KAurxkI.exe
  C:\Windows\System\KAurxkI.exe
  2⤵
  PID:4492
- C:\Windows\System\PCEGdld.exe
  C:\Windows\System\PCEGdld.exe
  2⤵
  PID:5100
- C:\Windows\System\zvAaIVe.exe
  C:\Windows\System\zvAaIVe.exe
  2⤵
  PID:4440
- C:\Windows\System\ownJVTl.exe
  C:\Windows\System\ownJVTl.exe
  2⤵
  PID:2152
- C:\Windows\System\twXvLQQ.exe
  C:\Windows\System\twXvLQQ.exe
  2⤵
  PID:3744
- C:\Windows\System\FHQJpBw.exe
  C:\Windows\System\FHQJpBw.exe
  2⤵
  PID:4952
- C:\Windows\System\vOfCPrz.exe
  C:\Windows\System\vOfCPrz.exe
  2⤵
  PID:5132
- C:\Windows\System\oyWhrhx.exe
  C:\Windows\System\oyWhrhx.exe
  2⤵
  PID:5156
- C:\Windows\System\tJbuhat.exe
  C:\Windows\System\tJbuhat.exe
  2⤵
  PID:5188
- C:\Windows\System\saPeaxs.exe
  C:\Windows\System\saPeaxs.exe
  2⤵
  PID:5216
- C:\Windows\System\UWlJWgC.exe
  C:\Windows\System\UWlJWgC.exe
  2⤵
  PID:5244
- C:\Windows\System\TfkEBHY.exe
  C:\Windows\System\TfkEBHY.exe
  2⤵
  PID:5272
- C:\Windows\System\vdISqvd.exe
  C:\Windows\System\vdISqvd.exe
  2⤵
  PID:5300
- C:\Windows\System\rMiEfEk.exe
  C:\Windows\System\rMiEfEk.exe
  2⤵
  PID:5328
- C:\Windows\System\eYvfyEo.exe
  C:\Windows\System\eYvfyEo.exe
  2⤵
  PID:5356
- C:\Windows\System\HVQCmfa.exe
  C:\Windows\System\HVQCmfa.exe
  2⤵
  PID:5384
- C:\Windows\System\sPSNosP.exe
  C:\Windows\System\sPSNosP.exe
  2⤵
  PID:5412
- C:\Windows\System\lQnActn.exe
  C:\Windows\System\lQnActn.exe
  2⤵
  PID:5440
- C:\Windows\System\FCmyTmi.exe
  C:\Windows\System\FCmyTmi.exe
  2⤵
  PID:5468
- C:\Windows\System\JsSyYYU.exe
  C:\Windows\System\JsSyYYU.exe
  2⤵
  PID:5496
- C:\Windows\System\olnGMFx.exe
  C:\Windows\System\olnGMFx.exe
  2⤵
  PID:5524
- C:\Windows\System\xmpyqtE.exe
  C:\Windows\System\xmpyqtE.exe
  2⤵
  PID:5548
- C:\Windows\System\vDujdVC.exe
  C:\Windows\System\vDujdVC.exe
  2⤵
  PID:5580
- C:\Windows\System\MouEzOI.exe
  C:\Windows\System\MouEzOI.exe
  2⤵
  PID:5612
- C:\Windows\System\GpLtdze.exe
  C:\Windows\System\GpLtdze.exe
  2⤵
  PID:5636
- C:\Windows\System\IFtHBmr.exe
  C:\Windows\System\IFtHBmr.exe
  2⤵
  PID:5660
- C:\Windows\System\lnECIdY.exe
  C:\Windows\System\lnECIdY.exe
  2⤵
  PID:5692
- C:\Windows\System\gQojHmj.exe
  C:\Windows\System\gQojHmj.exe
  2⤵
  PID:5720
- C:\Windows\System\aaOFjPQ.exe
  C:\Windows\System\aaOFjPQ.exe
  2⤵
  PID:5748
- C:\Windows\System\TLIrRUP.exe
  C:\Windows\System\TLIrRUP.exe
  2⤵
  PID:5772
- C:\Windows\System\ZGTQEXi.exe
  C:\Windows\System\ZGTQEXi.exe
  2⤵
  PID:5804
- C:\Windows\System\ixmaLpX.exe
  C:\Windows\System\ixmaLpX.exe
  2⤵
  PID:5832
- C:\Windows\System\gNlaNTk.exe
  C:\Windows\System\gNlaNTk.exe
  2⤵
  PID:5860
- C:\Windows\System\DOATlaq.exe
  C:\Windows\System\DOATlaq.exe
  2⤵
  PID:5884
- C:\Windows\System\tDUSigP.exe
  C:\Windows\System\tDUSigP.exe
  2⤵
  PID:5916
- C:\Windows\System\PeOVMXr.exe
  C:\Windows\System\PeOVMXr.exe
  2⤵
  PID:5944
- C:\Windows\System\UosDFvP.exe
  C:\Windows\System\UosDFvP.exe
  2⤵
  PID:5972
- C:\Windows\System\CCzdBfI.exe
  C:\Windows\System\CCzdBfI.exe
  2⤵
  PID:6000
- C:\Windows\System\xwufxUF.exe
  C:\Windows\System\xwufxUF.exe
  2⤵
  PID:6028
- C:\Windows\System\WGbsFzM.exe
  C:\Windows\System\WGbsFzM.exe
  2⤵
  PID:6056
- C:\Windows\System\MuintYQ.exe
  C:\Windows\System\MuintYQ.exe
  2⤵
  PID:6084
- C:\Windows\System\wJfkrag.exe
  C:\Windows\System\wJfkrag.exe
  2⤵
  PID:6112
- C:\Windows\System\NPNqPlt.exe
  C:\Windows\System\NPNqPlt.exe
  2⤵
  PID:6140
- C:\Windows\System\VgkWmRZ.exe
  C:\Windows\System\VgkWmRZ.exe
  2⤵
  PID:1924
- C:\Windows\System\txOCEHy.exe
  C:\Windows\System\txOCEHy.exe
  2⤵
  PID:1536
- C:\Windows\System\cnSVgoQ.exe
  C:\Windows\System\cnSVgoQ.exe
  2⤵
  PID:1944
- C:\Windows\System\AnbTmez.exe
  C:\Windows\System\AnbTmez.exe
  2⤵
  PID:1384
- C:\Windows\System\sYGshgU.exe
  C:\Windows\System\sYGshgU.exe
  2⤵
  PID:4380
- C:\Windows\System\XyuvwLI.exe
  C:\Windows\System\XyuvwLI.exe
  2⤵
  PID:5124
- C:\Windows\System\BEcraXO.exe
  C:\Windows\System\BEcraXO.exe
  2⤵
  PID:5180
- C:\Windows\System\lKRhcnG.exe
  C:\Windows\System\lKRhcnG.exe
  2⤵
  PID:5256
- C:\Windows\System\yGDuYBv.exe
  C:\Windows\System\yGDuYBv.exe
  2⤵
  PID:5316
- C:\Windows\System\tojkmtn.exe
  C:\Windows\System\tojkmtn.exe
  2⤵
  PID:5372
- C:\Windows\System\kjooqKc.exe
  C:\Windows\System\kjooqKc.exe
  2⤵
  PID:5428
- C:\Windows\System\JXcThvf.exe
  C:\Windows\System\JXcThvf.exe
  2⤵
  PID:5484
- C:\Windows\System\psIZsRF.exe
  C:\Windows\System\psIZsRF.exe
  2⤵
  PID:5540
- C:\Windows\System\YnynOPa.exe
  C:\Windows\System\YnynOPa.exe
  2⤵
  PID:5600
- C:\Windows\System\tWixhtw.exe
  C:\Windows\System\tWixhtw.exe
  2⤵
  PID:5676
- C:\Windows\System\TCGQMqF.exe
  C:\Windows\System\TCGQMqF.exe
  2⤵
  PID:5736
- C:\Windows\System\EuICBet.exe
  C:\Windows\System\EuICBet.exe
  2⤵
  PID:2460
- C:\Windows\System\IyQPIkv.exe
  C:\Windows\System\IyQPIkv.exe
  2⤵
  PID:5848
- C:\Windows\System\odcrFMj.exe
  C:\Windows\System\odcrFMj.exe
  2⤵
  PID:5908
- C:\Windows\System\lswbwym.exe
  C:\Windows\System\lswbwym.exe
  2⤵
  PID:6020
- C:\Windows\System\hHmRxPs.exe
  C:\Windows\System\hHmRxPs.exe
  2⤵
  PID:6072
- C:\Windows\System\SUSZmXK.exe
  C:\Windows\System\SUSZmXK.exe
  2⤵
  PID:6100
- C:\Windows\System\MzidWKP.exe
  C:\Windows\System\MzidWKP.exe
  2⤵
  PID:3964
- C:\Windows\System\ijMLhbg.exe
  C:\Windows\System\ijMLhbg.exe
  2⤵
  PID:1168
- C:\Windows\System\mickRUX.exe
  C:\Windows\System\mickRUX.exe
  2⤵
  PID:380
- C:\Windows\System\YDrzUgF.exe
  C:\Windows\System\YDrzUgF.exe
  2⤵
  PID:5172
- C:\Windows\System\oPYLpFu.exe
  C:\Windows\System\oPYLpFu.exe
  2⤵
  PID:5284
- C:\Windows\System\bKCdUiY.exe
  C:\Windows\System\bKCdUiY.exe
  2⤵
  PID:5344
- C:\Windows\System\DpRnjCp.exe
  C:\Windows\System\DpRnjCp.exe
  2⤵
  PID:5088
- C:\Windows\System\BWHTcAD.exe
  C:\Windows\System\BWHTcAD.exe
  2⤵
  PID:5648
- C:\Windows\System\XFHHvSj.exe
  C:\Windows\System\XFHHvSj.exe
  2⤵
  PID:5768
- C:\Windows\System\WcbrsAC.exe
  C:\Windows\System\WcbrsAC.exe
  2⤵
  PID:5900
- C:\Windows\System\mGkGEGP.exe
  C:\Windows\System\mGkGEGP.exe
  2⤵
  PID:6012
- C:\Windows\System\MtZHYNX.exe
  C:\Windows\System\MtZHYNX.exe
  2⤵
  PID:6132
- C:\Windows\System\yJNwUuY.exe
  C:\Windows\System\yJNwUuY.exe
  2⤵
  PID:4536
- C:\Windows\System\QDkEerb.exe
  C:\Windows\System\QDkEerb.exe
  2⤵
  PID:3060
- C:\Windows\System\zoArTye.exe
  C:\Windows\System\zoArTye.exe
  2⤵
  PID:6160
- C:\Windows\System\CCpqvsI.exe
  C:\Windows\System\CCpqvsI.exe
  2⤵
  PID:6188
- C:\Windows\System\IqpEUKJ.exe
  C:\Windows\System\IqpEUKJ.exe
  2⤵
  PID:6220
- C:\Windows\System\MlTzMCb.exe
  C:\Windows\System\MlTzMCb.exe
  2⤵
  PID:6248
- C:\Windows\System\qIQbjRP.exe
  C:\Windows\System\qIQbjRP.exe
  2⤵
  PID:6272
- C:\Windows\System\pdCsvMV.exe
  C:\Windows\System\pdCsvMV.exe
  2⤵
  PID:6300
- C:\Windows\System\KJALwOh.exe
  C:\Windows\System\KJALwOh.exe
  2⤵
  PID:6332
- C:\Windows\System\ibNPEDv.exe
  C:\Windows\System\ibNPEDv.exe
  2⤵
  PID:6356
- C:\Windows\System\wUpfnwN.exe
  C:\Windows\System\wUpfnwN.exe
  2⤵
  PID:6384
- C:\Windows\System\ViffqfY.exe
  C:\Windows\System\ViffqfY.exe
  2⤵
  PID:6412
- C:\Windows\System\qXEXlvr.exe
  C:\Windows\System\qXEXlvr.exe
  2⤵
  PID:6440
- C:\Windows\System\rPfjyXm.exe
  C:\Windows\System\rPfjyXm.exe
  2⤵
  PID:6472
- C:\Windows\System\ZALppkf.exe
  C:\Windows\System\ZALppkf.exe
  2⤵
  PID:6500
- C:\Windows\System\WtesEmX.exe
  C:\Windows\System\WtesEmX.exe
  2⤵
  PID:6528
- C:\Windows\System\AQsARgM.exe
  C:\Windows\System\AQsARgM.exe
  2⤵
  PID:6556
- C:\Windows\System\RsLYCxN.exe
  C:\Windows\System\RsLYCxN.exe
  2⤵
  PID:6580
- C:\Windows\System\TJbsVLS.exe
  C:\Windows\System\TJbsVLS.exe
  2⤵
  PID:6608
- C:\Windows\System\lRFFEje.exe
  C:\Windows\System\lRFFEje.exe
  2⤵
  PID:6640
- C:\Windows\System\OYTTtdz.exe
  C:\Windows\System\OYTTtdz.exe
  2⤵
  PID:6668
- C:\Windows\System\znBEaEr.exe
  C:\Windows\System\znBEaEr.exe
  2⤵
  PID:6696
- C:\Windows\System\qVkJKWF.exe
  C:\Windows\System\qVkJKWF.exe
  2⤵
  PID:6720
- C:\Windows\System\EWfDQYo.exe
  C:\Windows\System\EWfDQYo.exe
  2⤵
  PID:6748
- C:\Windows\System\jKovbIq.exe
  C:\Windows\System\jKovbIq.exe
  2⤵
  PID:6780
- C:\Windows\System\VqTlavU.exe
  C:\Windows\System\VqTlavU.exe
  2⤵
  PID:6808
- C:\Windows\System\LPvodbH.exe
  C:\Windows\System\LPvodbH.exe
  2⤵
  PID:6832
- C:\Windows\System\HVbjIhp.exe
  C:\Windows\System\HVbjIhp.exe
  2⤵
  PID:6860
- C:\Windows\System\XrdhOmH.exe
  C:\Windows\System\XrdhOmH.exe
  2⤵
  PID:6888
- C:\Windows\System\nUSEHaV.exe
  C:\Windows\System\nUSEHaV.exe
  2⤵
  PID:6920
- C:\Windows\System\zCcfVrz.exe
  C:\Windows\System\zCcfVrz.exe
  2⤵
  PID:6948
- C:\Windows\System\dGMJtvb.exe
  C:\Windows\System\dGMJtvb.exe
  2⤵
  PID:6976
- C:\Windows\System\hOIXBVk.exe
  C:\Windows\System\hOIXBVk.exe
  2⤵
  PID:7000
- C:\Windows\System\rqUkRDP.exe
  C:\Windows\System\rqUkRDP.exe
  2⤵
  PID:7028
- C:\Windows\System\FGwdPXA.exe
  C:\Windows\System\FGwdPXA.exe
  2⤵
  PID:7060
- C:\Windows\System\fNwlJEK.exe
  C:\Windows\System\fNwlJEK.exe
  2⤵
  PID:7088
- C:\Windows\System\fXHBFOO.exe
  C:\Windows\System\fXHBFOO.exe
  2⤵
  PID:7116
- C:\Windows\System\jKPXFhA.exe
  C:\Windows\System\jKPXFhA.exe
  2⤵
  PID:7144
- C:\Windows\System\hONAKvD.exe
  C:\Windows\System\hONAKvD.exe
  2⤵
  PID:5340
- C:\Windows\System\mnsJnMn.exe
  C:\Windows\System\mnsJnMn.exe
  2⤵
  PID:4352
- C:\Windows\System\bngGKVO.exe
  C:\Windows\System\bngGKVO.exe
  2⤵
  PID:1372
- C:\Windows\System\oVplZgu.exe
  C:\Windows\System\oVplZgu.exe
  2⤵
  PID:4188
- C:\Windows\System\pKAqbBf.exe
  C:\Windows\System\pKAqbBf.exe
  2⤵
  PID:3304
- C:\Windows\System\ueYgnCT.exe
  C:\Windows\System\ueYgnCT.exe
  2⤵
  PID:6176
- C:\Windows\System\jjkFDrA.exe
  C:\Windows\System\jjkFDrA.exe
  2⤵
  PID:6232
- C:\Windows\System\RlLhnEe.exe
  C:\Windows\System\RlLhnEe.exe
  2⤵
  PID:6264
- C:\Windows\System\cIxTXnQ.exe
  C:\Windows\System\cIxTXnQ.exe
  2⤵
  PID:6316
- C:\Windows\System\GlhUEZL.exe
  C:\Windows\System\GlhUEZL.exe
  2⤵
  PID:6372
- C:\Windows\System\oQRCBHX.exe
  C:\Windows\System\oQRCBHX.exe
  2⤵
  PID:2580
- C:\Windows\System\KycbJQB.exe
  C:\Windows\System\KycbJQB.exe
  2⤵
  PID:4004
- C:\Windows\System\KmCzIxP.exe
  C:\Windows\System\KmCzIxP.exe
  2⤵
  PID:6540
- C:\Windows\System\pMFsPQt.exe
  C:\Windows\System\pMFsPQt.exe
  2⤵
  PID:1760
- C:\Windows\System\levTiTx.exe
  C:\Windows\System\levTiTx.exe
  2⤵
  PID:6600
- C:\Windows\System\lBhqZgK.exe
  C:\Windows\System\lBhqZgK.exe
  2⤵
  PID:6652
- C:\Windows\System\GxlVRYG.exe
  C:\Windows\System\GxlVRYG.exe
  2⤵
  PID:3500
- C:\Windows\System\IJxPIhi.exe
  C:\Windows\System\IJxPIhi.exe
  2⤵
  PID:6740
- C:\Windows\System\bkdCOPB.exe
  C:\Windows\System\bkdCOPB.exe
  2⤵
  PID:6792
- C:\Windows\System\OORWpTa.exe
  C:\Windows\System\OORWpTa.exe
  2⤵
  PID:6852
- C:\Windows\System\WDqvTYJ.exe
  C:\Windows\System\WDqvTYJ.exe
  2⤵
  PID:6912
- C:\Windows\System\XvSCjIW.exe
  C:\Windows\System\XvSCjIW.exe
  2⤵
  PID:6988
- C:\Windows\System\CvkgnHu.exe
  C:\Windows\System\CvkgnHu.exe
  2⤵
  PID:7044
- C:\Windows\System\dLbZWtS.exe
  C:\Windows\System\dLbZWtS.exe
  2⤵
  PID:7100
- C:\Windows\System\TmOJrsk.exe
  C:\Windows\System\TmOJrsk.exe
  2⤵
  PID:7160
- C:\Windows\System\mEccUQN.exe
  C:\Windows\System\mEccUQN.exe
  2⤵
  PID:5760
- C:\Windows\System\OxlithH.exe
  C:\Windows\System\OxlithH.exe
  2⤵
  PID:3672
- C:\Windows\System\gehyjJs.exe
  C:\Windows\System\gehyjJs.exe
  2⤵
  PID:6292
- C:\Windows\System\QKgQJpe.exe
  C:\Windows\System\QKgQJpe.exe
  2⤵
  PID:6456
- C:\Windows\System\CNvBqjL.exe
  C:\Windows\System\CNvBqjL.exe
  2⤵
  PID:1976
- C:\Windows\System\YndEaPr.exe
  C:\Windows\System\YndEaPr.exe
  2⤵
  PID:3376
- C:\Windows\System\YumyNxq.exe
  C:\Windows\System\YumyNxq.exe
  2⤵
  PID:1508
- C:\Windows\System\GUKNgkf.exe
  C:\Windows\System\GUKNgkf.exe
  2⤵
  PID:1568
- C:\Windows\System\FjaIFMl.exe
  C:\Windows\System\FjaIFMl.exe
  2⤵
  PID:6824
- C:\Windows\System\OonRvKv.exe
  C:\Windows\System\OonRvKv.exe
  2⤵
  PID:6904
- C:\Windows\System\XrTLQvB.exe
  C:\Windows\System\XrTLQvB.exe
  2⤵
  PID:2396
- C:\Windows\System\SkByhWQ.exe
  C:\Windows\System\SkByhWQ.exe
  2⤵
  PID:7136
- C:\Windows\System\SrGSRFU.exe
  C:\Windows\System\SrGSRFU.exe
  2⤵
  PID:4864
- C:\Windows\System\AXajUVb.exe
  C:\Windows\System\AXajUVb.exe
  2⤵
  PID:4304
- C:\Windows\System\FZTwLFX.exe
  C:\Windows\System\FZTwLFX.exe
  2⤵
  PID:6148
- C:\Windows\System\xfaBbsA.exe
  C:\Windows\System\xfaBbsA.exe
  2⤵
  PID:4276
- C:\Windows\System\aREjvNp.exe
  C:\Windows\System\aREjvNp.exe
  2⤵
  PID:3372
- C:\Windows\System\IhDdZGL.exe
  C:\Windows\System\IhDdZGL.exe
  2⤵
  PID:1376
- C:\Windows\System\feDFRYF.exe
  C:\Windows\System\feDFRYF.exe
  2⤵
  PID:6492
- C:\Windows\System\FrvqJVC.exe
  C:\Windows\System\FrvqJVC.exe
  2⤵
  PID:6516
- C:\Windows\System\NtUBHZa.exe
  C:\Windows\System\NtUBHZa.exe
  2⤵
  PID:6940
- C:\Windows\System\moxLcFb.exe
  C:\Windows\System\moxLcFb.exe
  2⤵
  PID:716
- C:\Windows\System\hachhET.exe
  C:\Windows\System\hachhET.exe
  2⤵
  PID:2260
- C:\Windows\System\rgsCUeh.exe
  C:\Windows\System\rgsCUeh.exe
  2⤵
  PID:3648
- C:\Windows\System\orcKpcN.exe
  C:\Windows\System\orcKpcN.exe
  2⤵
  PID:712
- C:\Windows\System\frsjGfO.exe
  C:\Windows\System\frsjGfO.exe
  2⤵
  PID:3748
- C:\Windows\System\fgsgLDR.exe
  C:\Windows\System\fgsgLDR.exe
  2⤵
  PID:6204
- C:\Windows\System\ABFWMrA.exe
  C:\Windows\System\ABFWMrA.exe
  2⤵
  PID:7200
- C:\Windows\System\hAUMLwn.exe
  C:\Windows\System\hAUMLwn.exe
  2⤵
  PID:7220
- C:\Windows\System\XEJZqrO.exe
  C:\Windows\System\XEJZqrO.exe
  2⤵
  PID:7236
- C:\Windows\System\HGRtFiF.exe
  C:\Windows\System\HGRtFiF.exe
  2⤵
  PID:7264
- C:\Windows\System\fXhddsW.exe
  C:\Windows\System\fXhddsW.exe
  2⤵
  PID:7288
- C:\Windows\System\FufPdwa.exe
  C:\Windows\System\FufPdwa.exe
  2⤵
  PID:7304
- C:\Windows\System\xItTDYd.exe
  C:\Windows\System\xItTDYd.exe
  2⤵
  PID:7360
- C:\Windows\System\lKRXoKI.exe
  C:\Windows\System\lKRXoKI.exe
  2⤵
  PID:7376
- C:\Windows\System\Onwpvew.exe
  C:\Windows\System\Onwpvew.exe
  2⤵
  PID:7424
- C:\Windows\System\xoyweUt.exe
  C:\Windows\System\xoyweUt.exe
  2⤵
  PID:7456
- C:\Windows\System\lNIOudu.exe
  C:\Windows\System\lNIOudu.exe
  2⤵
  PID:7504
- C:\Windows\System\xAfoMLC.exe
  C:\Windows\System\xAfoMLC.exe
  2⤵
  PID:7524
- C:\Windows\System\aqjeEjc.exe
  C:\Windows\System\aqjeEjc.exe
  2⤵
  PID:7576
- C:\Windows\System\fIPVdIy.exe
  C:\Windows\System\fIPVdIy.exe
  2⤵
  PID:7596
- C:\Windows\System\oCiZTel.exe
  C:\Windows\System\oCiZTel.exe
  2⤵
  PID:7616
- C:\Windows\System\cLNJaDQ.exe
  C:\Windows\System\cLNJaDQ.exe
  2⤵
  PID:7644
- C:\Windows\System\sCVisFV.exe
  C:\Windows\System\sCVisFV.exe
  2⤵
  PID:7680
- C:\Windows\System\KFBNaXK.exe
  C:\Windows\System\KFBNaXK.exe
  2⤵
  PID:7700
- C:\Windows\System\VOQwDBU.exe
  C:\Windows\System\VOQwDBU.exe
  2⤵
  PID:7728
- C:\Windows\System\jvmBqKX.exe
  C:\Windows\System\jvmBqKX.exe
  2⤵
  PID:7744
- C:\Windows\System\IqVuSKk.exe
  C:\Windows\System\IqVuSKk.exe
  2⤵
  PID:7772
- C:\Windows\System\sHIwSKH.exe
  C:\Windows\System\sHIwSKH.exe
  2⤵
  PID:7796
- C:\Windows\System\jfSWKJV.exe
  C:\Windows\System\jfSWKJV.exe
  2⤵
  PID:7812
- C:\Windows\System\pJbNORS.exe
  C:\Windows\System\pJbNORS.exe
  2⤵
  PID:7832
- C:\Windows\System\gnIQiLu.exe
  C:\Windows\System\gnIQiLu.exe
  2⤵
  PID:7852
- C:\Windows\System\awsUpry.exe
  C:\Windows\System\awsUpry.exe
  2⤵
  PID:7900
- C:\Windows\System\fzRAsVX.exe
  C:\Windows\System\fzRAsVX.exe
  2⤵
  PID:7924
- C:\Windows\System\dodRPWM.exe
  C:\Windows\System\dodRPWM.exe
  2⤵
  PID:7944
- C:\Windows\System\pkiuxaK.exe
  C:\Windows\System\pkiuxaK.exe
  2⤵
  PID:7980
- C:\Windows\System\sFAabeW.exe
  C:\Windows\System\sFAabeW.exe
  2⤵
  PID:8016
- C:\Windows\System\sEMOLIZ.exe
  C:\Windows\System\sEMOLIZ.exe
  2⤵
  PID:8052
- C:\Windows\System\HKLHyXi.exe
  C:\Windows\System\HKLHyXi.exe
  2⤵
  PID:8072
- C:\Windows\System\mKozBOR.exe
  C:\Windows\System\mKozBOR.exe
  2⤵
  PID:8092
- C:\Windows\System\AohFmBT.exe
  C:\Windows\System\AohFmBT.exe
  2⤵
  PID:8112
- C:\Windows\System\GKCIBYB.exe
  C:\Windows\System\GKCIBYB.exe
  2⤵
  PID:8140
- C:\Windows\System\ZNUeySa.exe
  C:\Windows\System\ZNUeySa.exe
  2⤵
  PID:7180
- C:\Windows\System\zqpKTnC.exe
  C:\Windows\System\zqpKTnC.exe
  2⤵
  PID:7340
- C:\Windows\System\dNcsPfP.exe
  C:\Windows\System\dNcsPfP.exe
  2⤵
  PID:7228
- C:\Windows\System\SWUorDH.exe
  C:\Windows\System\SWUorDH.exe
  2⤵
  PID:7384
- C:\Windows\System\vRlNcBy.exe
  C:\Windows\System\vRlNcBy.exe
  2⤵
  PID:7372
- C:\Windows\System\xNPMvUm.exe
  C:\Windows\System\xNPMvUm.exe
  2⤵
  PID:7452
- C:\Windows\System\dMVEObP.exe
  C:\Windows\System\dMVEObP.exe
  2⤵
  PID:7520
- C:\Windows\System\AqPnOMl.exe
  C:\Windows\System\AqPnOMl.exe
  2⤵
  PID:7568
- C:\Windows\System\oBnpkJK.exe
  C:\Windows\System\oBnpkJK.exe
  2⤵
  PID:7640
- C:\Windows\System\ZgzQgBF.exe
  C:\Windows\System\ZgzQgBF.exe
  2⤵
  PID:7740
- C:\Windows\System\XHbHVMc.exe
  C:\Windows\System\XHbHVMc.exe
  2⤵
  PID:7780
- C:\Windows\System\dMepGIP.exe
  C:\Windows\System\dMepGIP.exe
  2⤵
  PID:7828
- C:\Windows\System\XLCdNZK.exe
  C:\Windows\System\XLCdNZK.exe
  2⤵
  PID:7952
- C:\Windows\System\YJXvZwE.exe
  C:\Windows\System\YJXvZwE.exe
  2⤵
  PID:7932
- C:\Windows\System\WxNKnNS.exe
  C:\Windows\System\WxNKnNS.exe
  2⤵
  PID:7976
- C:\Windows\System\bVtlWDr.exe
  C:\Windows\System\bVtlWDr.exe
  2⤵
  PID:8028
- C:\Windows\System\UOwQPDM.exe
  C:\Windows\System\UOwQPDM.exe
  2⤵
  PID:8088
- C:\Windows\System\IbQGXSL.exe
  C:\Windows\System\IbQGXSL.exe
  2⤵
  PID:8104
- C:\Windows\System\inEgdMG.exe
  C:\Windows\System\inEgdMG.exe
  2⤵
  PID:8188
- C:\Windows\System\SqakGiM.exe
  C:\Windows\System\SqakGiM.exe
  2⤵
  PID:7356
- C:\Windows\System\UxeXxyS.exe
  C:\Windows\System\UxeXxyS.exe
  2⤵
  PID:7416
- C:\Windows\System\onPbcXo.exe
  C:\Windows\System\onPbcXo.exe
  2⤵
  PID:7516
- C:\Windows\System\gBKBDVE.exe
  C:\Windows\System\gBKBDVE.exe
  2⤵
  PID:7592
- C:\Windows\System\GiwtNYq.exe
  C:\Windows\System\GiwtNYq.exe
  2⤵
  PID:7764
- C:\Windows\System\DzwaDbP.exe
  C:\Windows\System\DzwaDbP.exe
  2⤵
  PID:8180
- C:\Windows\System\XXhprdG.exe
  C:\Windows\System\XXhprdG.exe
  2⤵
  PID:7888
- C:\Windows\System\sialNRl.exe
  C:\Windows\System\sialNRl.exe
  2⤵
  PID:8012
- C:\Windows\System\pYvohBv.exe
  C:\Windows\System\pYvohBv.exe
  2⤵
  PID:7548
- C:\Windows\System\MCIgRGA.exe
  C:\Windows\System\MCIgRGA.exe
  2⤵
  PID:8212
- C:\Windows\System\bWwXBPe.exe
  C:\Windows\System\bWwXBPe.exe
  2⤵
  PID:8232
- C:\Windows\System\BLdercv.exe
  C:\Windows\System\BLdercv.exe
  2⤵
  PID:8252
- C:\Windows\System\XXHkCME.exe
  C:\Windows\System\XXHkCME.exe
  2⤵
  PID:8284
- C:\Windows\System\jbReCzl.exe
  C:\Windows\System\jbReCzl.exe
  2⤵
  PID:8324
- C:\Windows\System\HZFIhjs.exe
  C:\Windows\System\HZFIhjs.exe
  2⤵
  PID:8348
- C:\Windows\System\iUAJXFW.exe
  C:\Windows\System\iUAJXFW.exe
  2⤵
  PID:8364
- C:\Windows\System\MbaFhkU.exe
  C:\Windows\System\MbaFhkU.exe
  2⤵
  PID:8384
- C:\Windows\System\ZhRfoXf.exe
  C:\Windows\System\ZhRfoXf.exe
  2⤵
  PID:8416
- C:\Windows\System\HSBBJOo.exe
  C:\Windows\System\HSBBJOo.exe
  2⤵
  PID:8436
- C:\Windows\System\FfHQMCu.exe
  C:\Windows\System\FfHQMCu.exe
  2⤵
  PID:8452
- C:\Windows\System\vtSnawd.exe
  C:\Windows\System\vtSnawd.exe
  2⤵
  PID:8472
- C:\Windows\System\vxMAbMf.exe
  C:\Windows\System\vxMAbMf.exe
  2⤵
  PID:8524
- C:\Windows\System\SqoZkJr.exe
  C:\Windows\System\SqoZkJr.exe
  2⤵
  PID:8540
- C:\Windows\System\poLsjsa.exe
  C:\Windows\System\poLsjsa.exe
  2⤵
  PID:8560
- C:\Windows\System\YCJRwxu.exe
  C:\Windows\System\YCJRwxu.exe
  2⤵
  PID:8600
- C:\Windows\System\UxxJzkn.exe
  C:\Windows\System\UxxJzkn.exe
  2⤵
  PID:8620
- C:\Windows\System\JIINglS.exe
  C:\Windows\System\JIINglS.exe
  2⤵
  PID:8664
- C:\Windows\System\BRSzdXn.exe
  C:\Windows\System\BRSzdXn.exe
  2⤵
  PID:8700
- C:\Windows\System\JDuGCXL.exe
  C:\Windows\System\JDuGCXL.exe
  2⤵
  PID:8732
- C:\Windows\System\uOiomYc.exe
  C:\Windows\System\uOiomYc.exe
  2⤵
  PID:8748
- C:\Windows\System\aXpdBMq.exe
  C:\Windows\System\aXpdBMq.exe
  2⤵
  PID:8768
- C:\Windows\System\jOFPXTe.exe
  C:\Windows\System\jOFPXTe.exe
  2⤵
  PID:8792
- C:\Windows\System\dKnETcw.exe
  C:\Windows\System\dKnETcw.exe
  2⤵
  PID:8820
- C:\Windows\System\THHEYnp.exe
  C:\Windows\System\THHEYnp.exe
  2⤵
  PID:8868
- C:\Windows\System\HmAtPFJ.exe
  C:\Windows\System\HmAtPFJ.exe
  2⤵
  PID:8892
- C:\Windows\System\PoydzkY.exe
  C:\Windows\System\PoydzkY.exe
  2⤵
  PID:8920
- C:\Windows\System\CiBIYuw.exe
  C:\Windows\System\CiBIYuw.exe
  2⤵
  PID:8940
- C:\Windows\System\GGZvswB.exe
  C:\Windows\System\GGZvswB.exe
  2⤵
  PID:8980
- C:\Windows\System\mfSFbxw.exe
  C:\Windows\System\mfSFbxw.exe
  2⤵
  PID:9016
- C:\Windows\System\tvtTYSK.exe
  C:\Windows\System\tvtTYSK.exe
  2⤵
  PID:9036
- C:\Windows\System\bpcjAyz.exe
  C:\Windows\System\bpcjAyz.exe
  2⤵
  PID:9072
- C:\Windows\System\LvhyJZX.exe
  C:\Windows\System\LvhyJZX.exe
  2⤵
  PID:9096
- C:\Windows\System\ScQCJAo.exe
  C:\Windows\System\ScQCJAo.exe
  2⤵
  PID:9136
- C:\Windows\System\sNYyeJy.exe
  C:\Windows\System\sNYyeJy.exe
  2⤵
  PID:9156
- C:\Windows\System\PgazWpL.exe
  C:\Windows\System\PgazWpL.exe
  2⤵
  PID:9176
- C:\Windows\System\ltnOgTK.exe
  C:\Windows\System\ltnOgTK.exe
  2⤵
  PID:9208
- C:\Windows\System\mRuEUpj.exe
  C:\Windows\System\mRuEUpj.exe
  2⤵
  PID:8244
- C:\Windows\System\sISyxKI.exe
  C:\Windows\System\sISyxKI.exe
  2⤵
  PID:8260
- C:\Windows\System\gDaopTg.exe
  C:\Windows\System\gDaopTg.exe
  2⤵
  PID:8316
- C:\Windows\System\BNFFWcy.exe
  C:\Windows\System\BNFFWcy.exe
  2⤵
  PID:8396
- C:\Windows\System\zrjHnnK.exe
  C:\Windows\System\zrjHnnK.exe
  2⤵
  PID:8444
- C:\Windows\System\znSxiex.exe
  C:\Windows\System\znSxiex.exe
  2⤵
  PID:8532
- C:\Windows\System\JyqVWue.exe
  C:\Windows\System\JyqVWue.exe
  2⤵
  PID:8536
- C:\Windows\System\mvpSZlZ.exe
  C:\Windows\System\mvpSZlZ.exe
  2⤵
  PID:8628
- C:\Windows\System\SMwsGsh.exe
  C:\Windows\System\SMwsGsh.exe
  2⤵
  PID:8652
- C:\Windows\System\lBDqAEn.exe
  C:\Windows\System\lBDqAEn.exe
  2⤵
  PID:8724
- C:\Windows\System\SQUBuMV.exe
  C:\Windows\System\SQUBuMV.exe
  2⤵
  PID:8780
- C:\Windows\System\CzzAGtP.exe
  C:\Windows\System\CzzAGtP.exe
  2⤵
  PID:8968
- C:\Windows\System\zELkcOj.exe
  C:\Windows\System\zELkcOj.exe
  2⤵
  PID:9048
- C:\Windows\System\cSTjXYR.exe
  C:\Windows\System\cSTjXYR.exe
  2⤵
  PID:9108
- C:\Windows\System\rxRnvuG.exe
  C:\Windows\System\rxRnvuG.exe
  2⤵
  PID:9124
- C:\Windows\System\DkgmFpA.exe
  C:\Windows\System\DkgmFpA.exe
  2⤵
  PID:7300
- C:\Windows\System\tLWzSzg.exe
  C:\Windows\System\tLWzSzg.exe
  2⤵
  PID:8340
- C:\Windows\System\wrJNxjr.exe
  C:\Windows\System\wrJNxjr.exe
  2⤵
  PID:8312
- C:\Windows\System\LXNUgNi.exe
  C:\Windows\System\LXNUgNi.exe
  2⤵
  PID:8468
- C:\Windows\System\bTBTtKS.exe
  C:\Windows\System\bTBTtKS.exe
  2⤵
  PID:8616
- C:\Windows\System\LhynSVb.exe
  C:\Windows\System\LhynSVb.exe
  2⤵
  PID:8756
- C:\Windows\System\iNUPgkj.exe
  C:\Windows\System\iNUPgkj.exe
  2⤵
  PID:8860
- C:\Windows\System\HeQnNja.exe
  C:\Windows\System\HeQnNja.exe
  2⤵
  PID:9008
- C:\Windows\System\ayGlHTS.exe
  C:\Windows\System\ayGlHTS.exe
  2⤵
  PID:8500
- C:\Windows\System\eSxkjuN.exe
  C:\Windows\System\eSxkjuN.exe
  2⤵
  PID:8592
- C:\Windows\System\NHJKTiJ.exe
  C:\Windows\System\NHJKTiJ.exe
  2⤵
  PID:9060
- C:\Windows\System\akqGVkK.exe
  C:\Windows\System\akqGVkK.exe
  2⤵
  PID:9228
- C:\Windows\System\XczhMHo.exe
  C:\Windows\System\XczhMHo.exe
  2⤵
  PID:9248
- C:\Windows\System\ZBtExXL.exe
  C:\Windows\System\ZBtExXL.exe
  2⤵
  PID:9268
- C:\Windows\System\YrKBUbx.exe
  C:\Windows\System\YrKBUbx.exe
  2⤵
  PID:9288
- C:\Windows\System\AXCXoeG.exe
  C:\Windows\System\AXCXoeG.exe
  2⤵
  PID:9308
- C:\Windows\System\HuepqEg.exe
  C:\Windows\System\HuepqEg.exe
  2⤵
  PID:9328
- C:\Windows\System\lbZEeHX.exe
  C:\Windows\System\lbZEeHX.exe
  2⤵
  PID:9404
- C:\Windows\System\XATRNaJ.exe
  C:\Windows\System\XATRNaJ.exe
  2⤵
  PID:9420
- C:\Windows\System\aqaHwIY.exe
  C:\Windows\System\aqaHwIY.exe
  2⤵
  PID:9444
- C:\Windows\System\gQdfwzo.exe
  C:\Windows\System\gQdfwzo.exe
  2⤵
  PID:9464
- C:\Windows\System\tKEALdX.exe
  C:\Windows\System\tKEALdX.exe
  2⤵
  PID:9532
- C:\Windows\System\AiIybeZ.exe
  C:\Windows\System\AiIybeZ.exe
  2⤵
  PID:9552
- C:\Windows\System\GvieFIU.exe
  C:\Windows\System\GvieFIU.exe
  2⤵
  PID:9576
- C:\Windows\System\XDfvnGk.exe
  C:\Windows\System\XDfvnGk.exe
  2⤵
  PID:9596
- C:\Windows\System\cOturaH.exe
  C:\Windows\System\cOturaH.exe
  2⤵
  PID:9620
- C:\Windows\System\zhJCvMU.exe
  C:\Windows\System\zhJCvMU.exe
  2⤵
  PID:9656
- C:\Windows\System\DOLWCGY.exe
  C:\Windows\System\DOLWCGY.exe
  2⤵
  PID:9672
- C:\Windows\System\mglToLz.exe
  C:\Windows\System\mglToLz.exe
  2⤵
  PID:9696
- C:\Windows\System\icgQydD.exe
  C:\Windows\System\icgQydD.exe
  2⤵
  PID:9724
- C:\Windows\System\XIqHRIh.exe
  C:\Windows\System\XIqHRIh.exe
  2⤵
  PID:9748
- C:\Windows\System\hfuPMOO.exe
  C:\Windows\System\hfuPMOO.exe
  2⤵
  PID:9784
- C:\Windows\System\eXwmiKY.exe
  C:\Windows\System\eXwmiKY.exe
  2⤵
  PID:9828
- C:\Windows\System\uNJFdDp.exe
  C:\Windows\System\uNJFdDp.exe
  2⤵
  PID:9848
- C:\Windows\System\PXXZXcF.exe
  C:\Windows\System\PXXZXcF.exe
  2⤵
  PID:9868
- C:\Windows\System\dpzKdBB.exe
  C:\Windows\System\dpzKdBB.exe
  2⤵
  PID:9892
- C:\Windows\System\wauAfEl.exe
  C:\Windows\System\wauAfEl.exe
  2⤵
  PID:9912
- C:\Windows\System\rchoOgX.exe
  C:\Windows\System\rchoOgX.exe
  2⤵
  PID:9964
- C:\Windows\System\tAokysw.exe
  C:\Windows\System\tAokysw.exe
  2⤵
  PID:10000
- C:\Windows\System\dTKTAwR.exe
  C:\Windows\System\dTKTAwR.exe
  2⤵
  PID:10028
- C:\Windows\System\wagQgNS.exe
  C:\Windows\System\wagQgNS.exe
  2⤵
  PID:10068
- C:\Windows\System\WfqRAnc.exe
  C:\Windows\System\WfqRAnc.exe
  2⤵
  PID:10100
- C:\Windows\System\eHjggDi.exe
  C:\Windows\System\eHjggDi.exe
  2⤵
  PID:10124
- C:\Windows\System\xCjibLb.exe
  C:\Windows\System\xCjibLb.exe
  2⤵
  PID:10144
- C:\Windows\System\SzLCTAq.exe
  C:\Windows\System\SzLCTAq.exe
  2⤵
  PID:10196
- C:\Windows\System\oUqYgDb.exe
  C:\Windows\System\oUqYgDb.exe
  2⤵
  PID:10216
- C:\Windows\System\mbasrLD.exe
  C:\Windows\System\mbasrLD.exe
  2⤵
  PID:10236
- C:\Windows\System\kEIthCl.exe
  C:\Windows\System\kEIthCl.exe
  2⤵
  PID:8584
- C:\Windows\System\qPHxhkh.exe
  C:\Windows\System\qPHxhkh.exe
  2⤵
  PID:9276
- C:\Windows\System\fNsOBxk.exe
  C:\Windows\System\fNsOBxk.exe
  2⤵
  PID:9300
- C:\Windows\System\UVqxqtp.exe
  C:\Windows\System\UVqxqtp.exe
  2⤵
  PID:9368
- C:\Windows\System\JYJxURw.exe
  C:\Windows\System\JYJxURw.exe
  2⤵
  PID:9436
- C:\Windows\System\RcJWhUD.exe
  C:\Windows\System\RcJWhUD.exe
  2⤵
  PID:9524
- C:\Windows\System\KDRSinh.exe
  C:\Windows\System\KDRSinh.exe
  2⤵
  PID:9612
- C:\Windows\System\YqLLbDg.exe
  C:\Windows\System\YqLLbDg.exe
  2⤵
  PID:9668
- C:\Windows\System\DlveATP.exe
  C:\Windows\System\DlveATP.exe
  2⤵
  PID:9692
- C:\Windows\System\HehXNBY.exe
  C:\Windows\System\HehXNBY.exe
  2⤵
  PID:9840
- C:\Windows\System\KchtwKW.exe
  C:\Windows\System\KchtwKW.exe
  2⤵
  PID:9856
- C:\Windows\System\UqwwNoy.exe
  C:\Windows\System\UqwwNoy.exe
  2⤵
  PID:9900
- C:\Windows\System\CgWzWuA.exe
  C:\Windows\System\CgWzWuA.exe
  2⤵
  PID:10008
- C:\Windows\System\DzBlZbH.exe
  C:\Windows\System\DzBlZbH.exe
  2⤵
  PID:10140
- C:\Windows\System\ihgEmQu.exe
  C:\Windows\System\ihgEmQu.exe
  2⤵
  PID:10164
- C:\Windows\System\pTdtzAO.exe
  C:\Windows\System\pTdtzAO.exe
  2⤵
  PID:10224
- C:\Windows\System\DQkYKgs.exe
  C:\Windows\System\DQkYKgs.exe
  2⤵
  PID:8432
- C:\Windows\System\jYocCvE.exe
  C:\Windows\System\jYocCvE.exe
  2⤵
  PID:9284
- C:\Windows\System\lvfPXNy.exe
  C:\Windows\System\lvfPXNy.exe
  2⤵
  PID:9416
- C:\Windows\System\iOgJMiQ.exe
  C:\Windows\System\iOgJMiQ.exe
  2⤵
  PID:9688
- C:\Windows\System\OobVGeZ.exe
  C:\Windows\System\OobVGeZ.exe
  2⤵
  PID:9704
- C:\Windows\System\hOoPyHm.exe
  C:\Windows\System\hOoPyHm.exe
  2⤵
  PID:9884
- C:\Windows\System\GuOuaMZ.exe
  C:\Windows\System\GuOuaMZ.exe
  2⤵
  PID:9992
- C:\Windows\System\aNKyBwk.exe
  C:\Windows\System\aNKyBwk.exe
  2⤵
  PID:10084
- C:\Windows\System\pZKwwnw.exe
  C:\Windows\System\pZKwwnw.exe
  2⤵
  PID:10136
- C:\Windows\System\CvpUePo.exe
  C:\Windows\System\CvpUePo.exe
  2⤵
  PID:9560
- C:\Windows\System\DdlkLJS.exe
  C:\Windows\System\DdlkLJS.exe
  2⤵
  PID:9428
- C:\Windows\System\PivOhbF.exe
  C:\Windows\System\PivOhbF.exe
  2⤵
  PID:10020
- C:\Windows\System\etxUGaD.exe
  C:\Windows\System\etxUGaD.exe
  2⤵
  PID:10264
- C:\Windows\System\pPLgjeu.exe
  C:\Windows\System\pPLgjeu.exe
  2⤵
  PID:10284
- C:\Windows\System\duMQjTU.exe
  C:\Windows\System\duMQjTU.exe
  2⤵
  PID:10304
- C:\Windows\System\mSamdMo.exe
  C:\Windows\System\mSamdMo.exe
  2⤵
  PID:10328
- C:\Windows\System\KeeMdDH.exe
  C:\Windows\System\KeeMdDH.exe
  2⤵
  PID:10348
- C:\Windows\System\IjysxSH.exe
  C:\Windows\System\IjysxSH.exe
  2⤵
  PID:10400
- C:\Windows\System\pBUCIeH.exe
  C:\Windows\System\pBUCIeH.exe
  2⤵
  PID:10428
- C:\Windows\System\denxsEs.exe
  C:\Windows\System\denxsEs.exe
  2⤵
  PID:10448
- C:\Windows\System\SRCCrti.exe
  C:\Windows\System\SRCCrti.exe
  2⤵
  PID:10472
- C:\Windows\System\yQVdxsq.exe
  C:\Windows\System\yQVdxsq.exe
  2⤵
  PID:10520
- C:\Windows\System\UJFePFK.exe
  C:\Windows\System\UJFePFK.exe
  2⤵
  PID:10540
- C:\Windows\System\mdVQPgp.exe
  C:\Windows\System\mdVQPgp.exe
  2⤵
  PID:10604
- C:\Windows\System\mrkBGfj.exe
  C:\Windows\System\mrkBGfj.exe
  2⤵
  PID:10640
- C:\Windows\System\LwciLcd.exe
  C:\Windows\System\LwciLcd.exe
  2⤵
  PID:10656
- C:\Windows\System\pGBoUAt.exe
  C:\Windows\System\pGBoUAt.exe
  2⤵
  PID:10684
- C:\Windows\System\OVtPCwT.exe
  C:\Windows\System\OVtPCwT.exe
  2⤵
  PID:10776
- C:\Windows\System\cqBsBVA.exe
  C:\Windows\System\cqBsBVA.exe
  2⤵
  PID:10824
- C:\Windows\System\XewWvti.exe
  C:\Windows\System\XewWvti.exe
  2⤵
  PID:10888
- C:\Windows\System\UTiBPaQ.exe
  C:\Windows\System\UTiBPaQ.exe
  2⤵
  PID:10904
- C:\Windows\System\jYCkZEU.exe
  C:\Windows\System\jYCkZEU.exe
  2⤵
  PID:10968
- C:\Windows\System\uQLwcMc.exe
  C:\Windows\System\uQLwcMc.exe
  2⤵
  PID:10984
- C:\Windows\System\KLwkgIo.exe
  C:\Windows\System\KLwkgIo.exe
  2⤵
  PID:11000
- C:\Windows\System\tTUDCtS.exe
  C:\Windows\System\tTUDCtS.exe
  2⤵
  PID:11016
- C:\Windows\System\DfinVFU.exe
  C:\Windows\System\DfinVFU.exe
  2⤵
  PID:11032
- C:\Windows\System\YwvyExD.exe
  C:\Windows\System\YwvyExD.exe
  2⤵
  PID:11048
- C:\Windows\System\zsAhOrD.exe
  C:\Windows\System\zsAhOrD.exe
  2⤵
  PID:11064
- C:\Windows\System\bToHbml.exe
  C:\Windows\System\bToHbml.exe
  2⤵
  PID:11080
- C:\Windows\System\rgevyGq.exe
  C:\Windows\System\rgevyGq.exe
  2⤵
  PID:11096
- C:\Windows\System\tLZyOBa.exe
  C:\Windows\System\tLZyOBa.exe
  2⤵
  PID:11112
- C:\Windows\System\uAIYKTK.exe
  C:\Windows\System\uAIYKTK.exe
  2⤵
  PID:11128
- C:\Windows\System\ZKVSLfS.exe
  C:\Windows\System\ZKVSLfS.exe
  2⤵
  PID:11144
- C:\Windows\System\wBwAmIJ.exe
  C:\Windows\System\wBwAmIJ.exe
  2⤵
  PID:11160
- C:\Windows\System\enJBiFh.exe
  C:\Windows\System\enJBiFh.exe
  2⤵
  PID:11228
- C:\Windows\System\IHcrjqH.exe
  C:\Windows\System\IHcrjqH.exe
  2⤵
  PID:11256
- C:\Windows\System\FmGCiZB.exe
  C:\Windows\System\FmGCiZB.exe
  2⤵
  PID:10296
- C:\Windows\System\nocjdrZ.exe
  C:\Windows\System\nocjdrZ.exe
  2⤵
  PID:10392
- C:\Windows\System\qGAyLoS.exe
  C:\Windows\System\qGAyLoS.exe
  2⤵
  PID:10464
- C:\Windows\System\PjtbttT.exe
  C:\Windows\System\PjtbttT.exe
  2⤵
  PID:10628
- C:\Windows\System\bVxWXHk.exe
  C:\Windows\System\bVxWXHk.exe
  2⤵
  PID:10772
- C:\Windows\System\oQTSdtd.exe
  C:\Windows\System\oQTSdtd.exe
  2⤵
  PID:10800
- C:\Windows\System\QBnTsys.exe
  C:\Windows\System\QBnTsys.exe
  2⤵
  PID:10880
- C:\Windows\System\swxswqK.exe
  C:\Windows\System\swxswqK.exe
  2⤵
  PID:10844
- C:\Windows\System\lxcTfSr.exe
  C:\Windows\System\lxcTfSr.exe
  2⤵
  PID:10804
- C:\Windows\System\PJjiBiq.exe
  C:\Windows\System\PJjiBiq.exe
  2⤵
  PID:10912
- C:\Windows\System\tqVDMJI.exe
  C:\Windows\System\tqVDMJI.exe
  2⤵
  PID:11024
- C:\Windows\System\NYTfIJa.exe
  C:\Windows\System\NYTfIJa.exe
  2⤵
  PID:11056
- C:\Windows\System\gMOTjNN.exe
  C:\Windows\System\gMOTjNN.exe
  2⤵
  PID:10956
- C:\Windows\System\HVWQpAw.exe
  C:\Windows\System\HVWQpAw.exe
  2⤵
  PID:11028
- C:\Windows\System\hkQCvyt.exe
  C:\Windows\System\hkQCvyt.exe
  2⤵
  PID:9236
- C:\Windows\System\fYmGTQI.exe
  C:\Windows\System\fYmGTQI.exe
  2⤵
  PID:9824
- C:\Windows\System\yxvHCmY.exe
  C:\Windows\System\yxvHCmY.exe
  2⤵
  PID:10408
- C:\Windows\System\tNHcPzY.exe
  C:\Windows\System\tNHcPzY.exe
  2⤵
  PID:10484
- C:\Windows\System\UsfoUCG.exe
  C:\Windows\System\UsfoUCG.exe
  2⤵
  PID:10748
- C:\Windows\System\gffVBRc.exe
  C:\Windows\System\gffVBRc.exe
  2⤵
  PID:10816
- C:\Windows\System\LPcXIGe.exe
  C:\Windows\System\LPcXIGe.exe
  2⤵
  PID:10832
- C:\Windows\System\oXFwqtl.exe
  C:\Windows\System\oXFwqtl.exe
  2⤵
  PID:10848
- C:\Windows\System\lBVctEr.exe
  C:\Windows\System\lBVctEr.exe
  2⤵
  PID:10940
- C:\Windows\System\tlmlDDl.exe
  C:\Windows\System\tlmlDDl.exe
  2⤵
  PID:10208
- C:\Windows\System\XAEsZrK.exe
  C:\Windows\System\XAEsZrK.exe
  2⤵
  PID:10468
- C:\Windows\System\gRUbrDW.exe
  C:\Windows\System\gRUbrDW.exe
  2⤵
  PID:10868
- C:\Windows\System\XtekRWP.exe
  C:\Windows\System\XtekRWP.exe
  2⤵
  PID:10980
- C:\Windows\System\nCehfHv.exe
  C:\Windows\System\nCehfHv.exe
  2⤵
  PID:11120
- C:\Windows\System\oxYykic.exe
  C:\Windows\System\oxYykic.exe
  2⤵
  PID:10024
- C:\Windows\System\aPWOIYc.exe
  C:\Windows\System\aPWOIYc.exe
  2⤵
  PID:11276
- C:\Windows\System\wacZnax.exe
  C:\Windows\System\wacZnax.exe
  2⤵
  PID:11296
- C:\Windows\System\OxCTDjN.exe
  C:\Windows\System\OxCTDjN.exe
  2⤵
  PID:11360
- C:\Windows\System\FxESQYc.exe
  C:\Windows\System\FxESQYc.exe
  2⤵
  PID:11380
- C:\Windows\System\KWFjLUl.exe
  C:\Windows\System\KWFjLUl.exe
  2⤵
  PID:11416
- C:\Windows\System\UHEtEEk.exe
  C:\Windows\System\UHEtEEk.exe
  2⤵
  PID:11436
- C:\Windows\System\ePKOqHi.exe
  C:\Windows\System\ePKOqHi.exe
  2⤵
  PID:11452
- C:\Windows\System\YTzMSLq.exe
  C:\Windows\System\YTzMSLq.exe
  2⤵
  PID:11504
- C:\Windows\System\AatLnly.exe
  C:\Windows\System\AatLnly.exe
  2⤵
  PID:11528
- C:\Windows\System\RJyrLoG.exe
  C:\Windows\System\RJyrLoG.exe
  2⤵
  PID:11548
- C:\Windows\System\akkMPzW.exe
  C:\Windows\System\akkMPzW.exe
  2⤵
  PID:11604
- C:\Windows\System\oHjqFwt.exe
  C:\Windows\System\oHjqFwt.exe
  2⤵
  PID:11620
- C:\Windows\System\GVBHrcr.exe
  C:\Windows\System\GVBHrcr.exe
  2⤵
  PID:11640
- C:\Windows\System\rdbbeHJ.exe
  C:\Windows\System\rdbbeHJ.exe
  2⤵
  PID:11664
- C:\Windows\System\XvivVSJ.exe
  C:\Windows\System\XvivVSJ.exe
  2⤵
  PID:11704
- C:\Windows\System\NKKHxZJ.exe
  C:\Windows\System\NKKHxZJ.exe
  2⤵
  PID:11736
- C:\Windows\System\GanjkkV.exe
  C:\Windows\System\GanjkkV.exe
  2⤵
  PID:11768
- C:\Windows\System\MyCIVKS.exe
  C:\Windows\System\MyCIVKS.exe
  2⤵
  PID:11788
- C:\Windows\System\ahPdewK.exe
  C:\Windows\System\ahPdewK.exe
  2⤵
  PID:11808
- C:\Windows\System\CgGqLCs.exe
  C:\Windows\System\CgGqLCs.exe
  2⤵
  PID:11836
- C:\Windows\System\urBiSCO.exe
  C:\Windows\System\urBiSCO.exe
  2⤵
  PID:11864
- C:\Windows\System\HkRjLeq.exe
  C:\Windows\System\HkRjLeq.exe
  2⤵
  PID:11892
- C:\Windows\System\DhNxdeD.exe
  C:\Windows\System\DhNxdeD.exe
  2⤵
  PID:11924
- C:\Windows\System\jizqPkN.exe
  C:\Windows\System\jizqPkN.exe
  2⤵
  PID:11948
- C:\Windows\System\YtUvjWm.exe
  C:\Windows\System\YtUvjWm.exe
  2⤵
  PID:11972
- C:\Windows\System\FDbLfjX.exe
  C:\Windows\System\FDbLfjX.exe
  2⤵
  PID:12012
- C:\Windows\System\dnWnKwW.exe
  C:\Windows\System\dnWnKwW.exe
  2⤵
  PID:12032
- C:\Windows\System\DpdxwJK.exe
  C:\Windows\System\DpdxwJK.exe
  2⤵
  PID:12056
- C:\Windows\System\jUPUyxd.exe
  C:\Windows\System\jUPUyxd.exe
  2⤵
  PID:12076
- C:\Windows\System\alWDmnC.exe
  C:\Windows\System\alWDmnC.exe
  2⤵
  PID:12100
- C:\Windows\System\pBODnSC.exe
  C:\Windows\System\pBODnSC.exe
  2⤵
  PID:12144
- C:\Windows\System\PtQIKVJ.exe
  C:\Windows\System\PtQIKVJ.exe
  2⤵
  PID:12164
- C:\Windows\System\TRRfTWE.exe
  C:\Windows\System\TRRfTWE.exe
  2⤵
  PID:12188
- C:\Windows\System\iEYixWs.exe
  C:\Windows\System\iEYixWs.exe
  2⤵
  PID:12208
- C:\Windows\System\IgxhvSJ.exe
  C:\Windows\System\IgxhvSJ.exe
  2⤵
  PID:12240
- C:\Windows\System\YWLGybo.exe
  C:\Windows\System\YWLGybo.exe
  2⤵
  PID:12268
- C:\Windows\System\zmBTbCB.exe
  C:\Windows\System\zmBTbCB.exe
  2⤵
  PID:11312
- C:\Windows\System\gOhqkZb.exe
  C:\Windows\System\gOhqkZb.exe
  2⤵
  PID:11352
- C:\Windows\System\NJRBbfK.exe
  C:\Windows\System\NJRBbfK.exe
  2⤵
  PID:11392
- C:\Windows\System\deKzdLN.exe
  C:\Windows\System\deKzdLN.exe
  2⤵
  PID:11444
- C:\Windows\System\BhpuOgS.exe
  C:\Windows\System\BhpuOgS.exe
  2⤵
  PID:11500
- C:\Windows\System\yzsGRYP.exe
  C:\Windows\System\yzsGRYP.exe
  2⤵
  PID:11572
- C:\Windows\System\KEoEQrH.exe
  C:\Windows\System\KEoEQrH.exe
  2⤵
  PID:11636
- C:\Windows\System\hJFUzOm.exe
  C:\Windows\System\hJFUzOm.exe
  2⤵
  PID:11696
- C:\Windows\System\UVrmYgk.exe
  C:\Windows\System\UVrmYgk.exe
  2⤵
  PID:11756
- C:\Windows\System\cKpOMCc.exe
  C:\Windows\System\cKpOMCc.exe
  2⤵
  PID:11824
- C:\Windows\System\gseKaxE.exe
  C:\Windows\System\gseKaxE.exe
  2⤵
  PID:11880
- C:\Windows\System\RJKCiLF.exe
  C:\Windows\System\RJKCiLF.exe
  2⤵
  PID:11932
- C:\Windows\System\LFegoQu.exe
  C:\Windows\System\LFegoQu.exe
  2⤵
  PID:12048
- C:\Windows\System\KgxuNcP.exe
  C:\Windows\System\KgxuNcP.exe
  2⤵
  PID:12092
- C:\Windows\System\SkHsCWj.exe
  C:\Windows\System\SkHsCWj.exe
  2⤵
  PID:12204
- C:\Windows\System\XvzJtFq.exe
  C:\Windows\System\XvzJtFq.exe
  2⤵
  PID:12256
- C:\Windows\System\nPoxYkw.exe
  C:\Windows\System\nPoxYkw.exe
  2⤵
  PID:12280
- C:\Windows\System\yPVHEVU.exe
  C:\Windows\System\yPVHEVU.exe
  2⤵
  PID:11372
- C:\Windows\System\FUrOzgL.exe
  C:\Windows\System\FUrOzgL.exe
  2⤵
  PID:11564
- C:\Windows\System\EnZwNgH.exe
  C:\Windows\System\EnZwNgH.exe
  2⤵
  PID:11660
- C:\Windows\System\YlHymVR.exe
  C:\Windows\System\YlHymVR.exe
  2⤵
  PID:11656
- C:\Windows\System\taaXdVS.exe
  C:\Windows\System\taaXdVS.exe
  2⤵
  PID:11860
- C:\Windows\System\NsAUNuF.exe
  C:\Windows\System\NsAUNuF.exe
  2⤵
  PID:11936
- C:\Windows\System\IFjlHhs.exe
  C:\Windows\System\IFjlHhs.exe
  2⤵
  PID:12052
- C:\Windows\System\yCpgKMu.exe
  C:\Windows\System\yCpgKMu.exe
  2⤵
  PID:11424
- C:\Windows\System\aYMnVah.exe
  C:\Windows\System\aYMnVah.exe
  2⤵
  PID:4996
- C:\Windows\System\UvsKXTp.exe
  C:\Windows\System\UvsKXTp.exe
  2⤵
  PID:12116
- C:\Windows\System\GcXhBZM.exe
  C:\Windows\System\GcXhBZM.exe
  2⤵
  PID:12236
- C:\Windows\System\pqqpbBe.exe
  C:\Windows\System\pqqpbBe.exe
  2⤵
  PID:12296
- C:\Windows\System\FTyilHZ.exe
  C:\Windows\System\FTyilHZ.exe
  2⤵
  PID:12320
- C:\Windows\System\pIAgjqq.exe
  C:\Windows\System\pIAgjqq.exe
  2⤵
  PID:12340
- C:\Windows\System\SyywsYY.exe
  C:\Windows\System\SyywsYY.exe
  2⤵
  PID:12360
- C:\Windows\System\VGJmptQ.exe
  C:\Windows\System\VGJmptQ.exe
  2⤵
  PID:12420
- C:\Windows\System\TDoheix.exe
  C:\Windows\System\TDoheix.exe
  2⤵
  PID:12468
- C:\Windows\System\AEJjpgA.exe
  C:\Windows\System\AEJjpgA.exe
  2⤵
  PID:12500
- C:\Windows\System\ydyUtbx.exe
  C:\Windows\System\ydyUtbx.exe
  2⤵
  PID:12528
- C:\Windows\System\YAkRgCc.exe
  C:\Windows\System\YAkRgCc.exe
  2⤵
  PID:12552
- C:\Windows\System\mENEUlT.exe
  C:\Windows\System\mENEUlT.exe
  2⤵
  PID:12572
- C:\Windows\System\pgrYBNg.exe
  C:\Windows\System\pgrYBNg.exe
  2⤵
  PID:12596
- C:\Windows\System\suPzvcP.exe
  C:\Windows\System\suPzvcP.exe
  2⤵
  PID:12616
- C:\Windows\System\BQJwgai.exe
  C:\Windows\System\BQJwgai.exe
  2⤵
  PID:12652
- C:\Windows\System\AZAEhfn.exe
  C:\Windows\System\AZAEhfn.exe
  2⤵
  PID:12688
- C:\Windows\System\dPqYOAR.exe
  C:\Windows\System\dPqYOAR.exe
  2⤵
  PID:12708
- C:\Windows\System\LzSTWIm.exe
  C:\Windows\System\LzSTWIm.exe
  2⤵
  PID:12736
- C:\Windows\System\aeWbkQr.exe
  C:\Windows\System\aeWbkQr.exe
  2⤵
  PID:12764
- C:\Windows\System\qeLQpVt.exe
  C:\Windows\System\qeLQpVt.exe
  2⤵
  PID:12792
- C:\Windows\System\YLtypOD.exe
  C:\Windows\System\YLtypOD.exe
  2⤵
  PID:12824
- C:\Windows\System\BGfdBvc.exe
  C:\Windows\System\BGfdBvc.exe
  2⤵
  PID:12844
- C:\Windows\System\orItLRl.exe
  C:\Windows\System\orItLRl.exe
  2⤵
  PID:12860
- C:\Windows\System\RyCqBtY.exe
  C:\Windows\System\RyCqBtY.exe
  2⤵
  PID:12888
- C:\Windows\System\JNgQcJW.exe
  C:\Windows\System\JNgQcJW.exe
  2⤵
  PID:12912
- C:\Windows\System\PUCuRWx.exe
  C:\Windows\System\PUCuRWx.exe
  2⤵
  PID:12952
- C:\Windows\System\KlbnmgY.exe
  C:\Windows\System\KlbnmgY.exe
  2⤵
  PID:12980
- C:\Windows\System\FbikPHd.exe
  C:\Windows\System\FbikPHd.exe
  2⤵
  PID:13008
- C:\Windows\System\dyEOGHn.exe
  C:\Windows\System\dyEOGHn.exe
  2⤵
  PID:13032
- C:\Windows\System\MtPFGYr.exe
  C:\Windows\System\MtPFGYr.exe
  2⤵
  PID:13048
- C:\Windows\System\VJAyzve.exe
  C:\Windows\System\VJAyzve.exe
  2⤵
  PID:13072
- C:\Windows\System\bAAwFNi.exe
  C:\Windows\System\bAAwFNi.exe
  2⤵
  PID:13124
- C:\Windows\System\UDlSWkm.exe
  C:\Windows\System\UDlSWkm.exe
  2⤵
  PID:13148
- C:\Windows\System\KBrviup.exe
  C:\Windows\System\KBrviup.exe
  2⤵
  PID:13188
- C:\Windows\System\fHJmvXj.exe
  C:\Windows\System\fHJmvXj.exe
  2⤵
  PID:13216
- C:\Windows\System\QteQRhc.exe
  C:\Windows\System\QteQRhc.exe
  2⤵
  PID:13256
- C:\Windows\System\GBtAsRl.exe
  C:\Windows\System\GBtAsRl.exe
  2⤵
  PID:13292
- C:\Windows\System\vZtKhGx.exe
  C:\Windows\System\vZtKhGx.exe
  2⤵
  PID:13308
- C:\Windows\System\NAjAmKG.exe
  C:\Windows\System\NAjAmKG.exe
  2⤵
  PID:12252
- C:\Windows\System\rlDaPTX.exe
  C:\Windows\System\rlDaPTX.exe
  2⤵
  PID:12304
- C:\Windows\System\oOiNsIo.exe
  C:\Windows\System\oOiNsIo.exe
  2⤵
  PID:12412
- C:\Windows\System\OWzNQiT.exe
  C:\Windows\System\OWzNQiT.exe
  2⤵
  PID:12452
- C:\Windows\System\DcaBXwF.exe
  C:\Windows\System\DcaBXwF.exe
  2⤵
  PID:12524
- C:\Windows\System\zoNuCgL.exe
  C:\Windows\System\zoNuCgL.exe
  2⤵
  PID:12588
- C:\Windows\System\KwKhVeh.exe
  C:\Windows\System\KwKhVeh.exe
  2⤵
  PID:12676
- C:\Windows\System\BgwHduU.exe
  C:\Windows\System\BgwHduU.exe
  2⤵
  PID:12724
- C:\Windows\System\twPDfPN.exe
  C:\Windows\System\twPDfPN.exe
  2⤵
  PID:12836
- C:\Windows\System\zjXxtUw.exe
  C:\Windows\System\zjXxtUw.exe
  2⤵
  PID:12856
- C:\Windows\System\guDAeRe.exe
  C:\Windows\System\guDAeRe.exe
  2⤵
  PID:12896
- C:\Windows\System\dVBnGbj.exe
  C:\Windows\System\dVBnGbj.exe
  2⤵
  PID:12976
- C:\Windows\System\LMgLmUL.exe
  C:\Windows\System\LMgLmUL.exe
  2⤵
  PID:13116
- C:\Windows\System\WsybHFn.exe
  C:\Windows\System\WsybHFn.exe
  2⤵
  PID:13068
- C:\Windows\System\LlrIOLH.exe
  C:\Windows\System\LlrIOLH.exe
  2⤵
  PID:13176
- C:\Windows\System\QGtOPvY.exe
  C:\Windows\System\QGtOPvY.exe
  2⤵
  PID:13288
- C:\Windows\System\gNViSve.exe
  C:\Windows\System\gNViSve.exe
  2⤵
  PID:12292
- C:\Windows\System\owoFTbO.exe
  C:\Windows\System\owoFTbO.exe
  2⤵
  PID:12492
- C:\Windows\System\DfZlkGu.exe
  C:\Windows\System\DfZlkGu.exe
  2⤵
  PID:3900
- C:\Windows\System\Qktuzde.exe
  C:\Windows\System\Qktuzde.exe
  2⤵
  PID:12636
- C:\Windows\System\TaDLRQo.exe
  C:\Windows\System\TaDLRQo.exe
  2⤵
  PID:12880
- C:\Windows\System\pwvbxwy.exe
  C:\Windows\System\pwvbxwy.exe
  2⤵
  PID:12832
- C:\Windows\System\fjiAseX.exe
  C:\Windows\System\fjiAseX.exe
  2⤵
  PID:12972
- C:\Windows\System\FccqTYc.exe
  C:\Windows\System\FccqTYc.exe
  2⤵
  PID:13136
- C:\Windows\System\eapOVTA.exe
  C:\Windows\System\eapOVTA.exe
  2⤵
  PID:1796
- C:\Windows\System\KNjuLaP.exe
  C:\Windows\System\KNjuLaP.exe
  2⤵
  PID:11612
- C:\Windows\System\dbFqKYW.exe
  C:\Windows\System\dbFqKYW.exe
  2⤵
  PID:13240
- C:\Windows\System\vEVsDvJ.exe
  C:\Windows\System\vEVsDvJ.exe
  2⤵
  PID:12644
- C:\Windows\System\oQZqgnF.exe
  C:\Windows\System\oQZqgnF.exe
  2⤵
  PID:12776
- C:\Windows\System\kxQkzXy.exe
  C:\Windows\System\kxQkzXy.exe
  2⤵
  PID:4204
- C:\Windows\System\jSLaoPZ.exe
  C:\Windows\System\jSLaoPZ.exe
  2⤵
  PID:12480
- C:\Windows\System\fCVyOhb.exe
  C:\Windows\System\fCVyOhb.exe
  2⤵
  PID:4144
- C:\Windows\System\LtveEMg.exe
  C:\Windows\System\LtveEMg.exe
  2⤵
  PID:13324
- C:\Windows\System\SsiwXEO.exe
  C:\Windows\System\SsiwXEO.exe
  2⤵
  PID:13344
- C:\Windows\System\XfRjQyV.exe
  C:\Windows\System\XfRjQyV.exe
  2⤵
  PID:13388
- C:\Windows\System\ysMcIMb.exe
  C:\Windows\System\ysMcIMb.exe
  2⤵
  PID:13440
- C:\Windows\System\kZmKrkC.exe
  C:\Windows\System\kZmKrkC.exe
  2⤵
  PID:13464
- C:\Windows\System\GMYnJVW.exe
  C:\Windows\System\GMYnJVW.exe
  2⤵
  PID:13488
- C:\Windows\System\ygBNgRn.exe
  C:\Windows\System\ygBNgRn.exe
  2⤵
  PID:13512
- C:\Windows\System\QzIqzUN.exe
  C:\Windows\System\QzIqzUN.exe
  2⤵
  PID:13528
- C:\Windows\System\nEpydnn.exe
  C:\Windows\System\nEpydnn.exe
  2⤵
  PID:13572
- C:\Windows\System\RHKMqXR.exe
  C:\Windows\System\RHKMqXR.exe
  2⤵
  PID:13592
- C:\Windows\System\mmYfJHs.exe
  C:\Windows\System\mmYfJHs.exe
  2⤵
  PID:13608
- C:\Windows\System\gItQEYx.exe
  C:\Windows\System\gItQEYx.exe
  2⤵
  PID:13628
- C:\Windows\System\TwqVGoc.exe
  C:\Windows\System\TwqVGoc.exe
  2⤵
  PID:13644
- C:\Windows\System\HeAKFLi.exe
  C:\Windows\System\HeAKFLi.exe
  2⤵
  PID:13720
- C:\Windows\System\QmvwaWe.exe
  C:\Windows\System\QmvwaWe.exe
  2⤵
  PID:13740
- C:\Windows\System\MXCcOPD.exe
  C:\Windows\System\MXCcOPD.exe
  2⤵
  PID:13768
- C:\Windows\System\MvTBBjd.exe
  C:\Windows\System\MvTBBjd.exe
  2⤵
  PID:13792
- C:\Windows\System\bSQQlgx.exe
  C:\Windows\System\bSQQlgx.exe
  2⤵
  PID:13812
- C:\Windows\System\bvBvufZ.exe
  C:\Windows\System\bvBvufZ.exe
  2⤵
  PID:13836
- C:\Windows\System\CikLYqz.exe
  C:\Windows\System\CikLYqz.exe
  2⤵
  PID:13880
- C:\Windows\System\oWnycmi.exe
  C:\Windows\System\oWnycmi.exe
  2⤵
  PID:13896
- C:\Windows\System\AaBLjhY.exe
  C:\Windows\System\AaBLjhY.exe
  2⤵
  PID:13920
- C:\Windows\System\ANBDHBp.exe
  C:\Windows\System\ANBDHBp.exe
  2⤵
  PID:13952
- C:\Windows\System\SjnRwHA.exe
  C:\Windows\System\SjnRwHA.exe
  2⤵
  PID:13968
- C:\Windows\System\rmVZoXx.exe
  C:\Windows\System\rmVZoXx.exe
  2⤵
  PID:13996
- C:\Windows\System\ZOQQLPi.exe
  C:\Windows\System\ZOQQLPi.exe
  2⤵
  PID:14052
- C:\Windows\System\YPSDMGV.exe
  C:\Windows\System\YPSDMGV.exe
  2⤵
  PID:14088
- C:\Windows\System\NpKwGQs.exe
  C:\Windows\System\NpKwGQs.exe
  2⤵
  PID:14108
- C:\Windows\System\jMOnhct.exe
  C:\Windows\System\jMOnhct.exe
  2⤵
  PID:14128
- C:\Windows\System\huffuGz.exe
  C:\Windows\System\huffuGz.exe
  2⤵
  PID:14148
- C:\Windows\System\PJZBRxi.exe
  C:\Windows\System\PJZBRxi.exe
  2⤵
  PID:14172
- C:\Windows\System\HNCQrJH.exe
  C:\Windows\System\HNCQrJH.exe
  2⤵
  PID:14200
- C:\Windows\System\uebvtgZ.exe
  C:\Windows\System\uebvtgZ.exe
  2⤵
  PID:14244
- C:\Windows\System\ntgANlU.exe
  C:\Windows\System\ntgANlU.exe
  2⤵
  PID:14296
- C:\Windows\System\DIpJMuN.exe
  C:\Windows\System\DIpJMuN.exe
  2⤵
  PID:1620
- C:\Windows\System\KPfNUyw.exe
  C:\Windows\System\KPfNUyw.exe
  2⤵
  PID:13412
- C:\Windows\System\pCcQuLh.exe
  C:\Windows\System\pCcQuLh.exe
  2⤵
  PID:13368
- C:\Windows\System\GyujrfJ.exe
  C:\Windows\System\GyujrfJ.exe
  2⤵
  PID:13476
- C:\Windows\System\ZYYiuzR.exe
  C:\Windows\System\ZYYiuzR.exe
  2⤵
  PID:2464
- C:\Windows\System\ugMyauZ.exe
  C:\Windows\System\ugMyauZ.exe
  2⤵
  PID:13620
- C:\Windows\System\UIvhaRu.exe
  C:\Windows\System\UIvhaRu.exe
  2⤵
  PID:13636
- C:\Windows\System\byiGqeL.exe
  C:\Windows\System\byiGqeL.exe
  2⤵
  PID:13716
- C:\Windows\System\ACFtEBH.exe
  C:\Windows\System\ACFtEBH.exe
  2⤵
  PID:13808
- C:\Windows\System\fGNleJX.exe
  C:\Windows\System\fGNleJX.exe
  2⤵
  PID:13892
- C:\Windows\System\AVgleRE.exe
  C:\Windows\System\AVgleRE.exe
  2⤵
  PID:13964
- C:\Windows\System\EMyNSoV.exe
  C:\Windows\System\EMyNSoV.exe
  2⤵
  PID:13992
- C:\Windows\System\fmzkPyl.exe
  C:\Windows\System\fmzkPyl.exe
  2⤵
  PID:14028
- C:\Windows\System\CMNHXWd.exe
  C:\Windows\System\CMNHXWd.exe
  2⤵
  PID:14104
- C:\Windows\System\bzqRFYK.exe
  C:\Windows\System\bzqRFYK.exe
  2⤵
  PID:14124
- C:\Windows\System\bLtCkWD.exe
  C:\Windows\System\bLtCkWD.exe
  2⤵
  PID:14224
- C:\Windows\System\lIIXnRE.exe
  C:\Windows\System\lIIXnRE.exe
  2⤵
  PID:14304
- C:\Windows\System\aItiCkL.exe
  C:\Windows\System\aItiCkL.exe
  2⤵
  PID:14220
- C:\Windows\System\YloHPcQ.exe
  C:\Windows\System\YloHPcQ.exe
  2⤵
  PID:14264
- C:\Windows\System\bZwxulE.exe
  C:\Windows\System\bZwxulE.exe
  2⤵
  PID:14284
- C:\Windows\System\LyHFQkO.exe
  C:\Windows\System\LyHFQkO.exe
  2⤵
  PID:14320
- C:\Windows\System\DNXZyfF.exe
  C:\Windows\System\DNXZyfF.exe
  2⤵
  PID:1132
- C:\Windows\System\YjSSFQj.exe
  C:\Windows\System\YjSSFQj.exe
  2⤵
  PID:13600
- C:\Windows\System\usbrVys.exe
  C:\Windows\System\usbrVys.exe
  2⤵
  PID:13776
- C:\Windows\System\wsapwYn.exe
  C:\Windows\System\wsapwYn.exe
  2⤵
  PID:13940
- C:\Windows\System\LQUxqel.exe
  C:\Windows\System\LQUxqel.exe
  2⤵
  PID:14140
- C:\Windows\System\JTMjYAD.exe
  C:\Windows\System\JTMjYAD.exe
  2⤵
  PID:14208
- C:\Windows\System\OuZUSiW.exe
  C:\Windows\System\OuZUSiW.exe
  2⤵
  PID:14308
- C:\Windows\System\TFsxSql.exe
  C:\Windows\System\TFsxSql.exe
  2⤵
  PID:13332
- C:\Windows\System\dXmqbWX.exe
  C:\Windows\System\dXmqbWX.exe
  2⤵
  PID:13672
- C:\Windows\System\DZOvYyy.exe
  C:\Windows\System\DZOvYyy.exe
  2⤵
  PID:13976
- C:\Windows\System\qvFqexi.exe
  C:\Windows\System\qvFqexi.exe
  2⤵
  PID:14240
- C:\Windows\System\fRLiFEn.exe
  C:\Windows\System\fRLiFEn.exe
  2⤵
  PID:4268
- C:\Windows\System\Ruyqsba.exe
  C:\Windows\System\Ruyqsba.exe
  2⤵
  PID:13904
- C:\Windows\System\ArUidGv.exe
  C:\Windows\System\ArUidGv.exe
  2⤵
  PID:14348
- C:\Windows\System\hzPnvWr.exe
  C:\Windows\System\hzPnvWr.exe
  2⤵
  PID:14372

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AKFRyEf.exe

Filesize
1.4MB

MD5
6b80009b6e031f1828df8f88b7111b8a

SHA1
d9c3ba674863c824c94f252b1d7f07cb59a96e31

SHA256
fc2fec4b4fd5c37dff49f323a9b9741be9daa8bbef317f2900cd8e0955f69695

SHA512
509ace3710be30d46b6a6636dd867a79ad9acbc76b19f0756a936470faa26e6feb1b7f915a5ae1c03966593fd168869ae729273c1f051b9affb3b27120800aec

Download Submit
C:\Windows\System\BDwMrRs.exe

Filesize
1.5MB

MD5
e88a8ad5f8cdbf7b91285de154463382

SHA1
a6e1d742291f8d97392ed1712c554ac47203c2f2

SHA256
09d16c6d746351943a3c3068487660026cdaa2e3bb1c61b457de7fd0767ea0b1

SHA512
86836a13809dd95ae37de99e5e4da256967c0fca9ce1a81610b38704f2a796b7800c58c033a7a2b9fcb4924da3b24bfc671529299f36d8de4f83af5aec34b4a9

Download Submit
C:\Windows\System\BdhvjoK.exe

Filesize
1.5MB

MD5
a706df1478d3971407cfa2db3405ae1f

SHA1
de7390c5627f7ec13f115494de59e5c13c3d427c

SHA256
3f810f662803b01a257988d5e3140a513f0a9b237267fa77b04e837054cb34dc

SHA512
6a4e4c694832b84ed8274c74af8e9e81f7ffa77b3a8b184ee2f11a741777641dee4d444d2127da4cae78e833affc8dba7b0064555f78e240fe43e9148c038e86

Download Submit
C:\Windows\System\BtShjBD.exe

Filesize
1.5MB

MD5
631f75a6c9eff64d18142d431b62ac1b

SHA1
3e80700eec074f5c588a3951f110f5dcf97d74bc

SHA256
b7040a0078f484daebd086f52688bcf0918d1588241e26ceece036b9acb90dcd

SHA512
5befc4eaed376fe8aaa09d702bf31400ebc9ad5e72e08c9a566979ee06b86a827ed8aa3ac9a5df25e3e8cfcf817623d556a00714b0edab8663d459e2ea8927f0

Download Submit
C:\Windows\System\DzNHnaC.exe

Filesize
1.5MB

MD5
8b1c8fc34c648c502412b6d6eaffb7fb

SHA1
ba744a58ade3afc12cdf2c4a0f37edb1a3c3e9ca

SHA256
5386d9041b1d2a9ebbbf7ae8b9bbbd857bc98104c5fa9f30d62ad68576f00a8a

SHA512
9c55b4e87a188d452e6ddd9db042d1094042d79133b87db7bf70f4da6789b37d03262db7e3c343ea6df3ba687ad16c8de85b4c15d9c572d34b1eac3ae27874a9

Download Submit
C:\Windows\System\HSlqUYq.exe

Filesize
1.5MB

MD5
2342511957b4287c01d47b469f6bcef5

SHA1
26bd5036e09611c63c38f970cb685470f2fd6d25

SHA256
d846fe214837e90e72a8ba071723b978aa65169e61aeb9b0da87bcfad3868613

SHA512
f4d180e87a318d7d7b7037caab6e7303ba644c817d65b7eb223871a051c68669256a1c40c8a7ff0d467c43f9f71bb15d401d8681d9772bba397b7ee3a713df25

Download Submit
C:\Windows\System\HdpbXQc.exe

Filesize
1.5MB

MD5
337950b7024e56d70e7d341b120064d5

SHA1
df81bcd848d516e65b78531b3053b54a35fd5386

SHA256
2ecd7cfa246008b5e850cb17da0674c0c3c31d20ff0fdd15ed3253fe080f8b93

SHA512
1a8443ba008e22ea86cfbdfb0b6bac9cba398323348d93b62c7e4f5b7a673eb0b2140089f0fe96b08917d901980e547b10c907bd2fb10e75ba0f9395cd1ccaea

Download Submit
C:\Windows\System\LlyhUrq.exe

Filesize
1.5MB

MD5
6b81a34bb82098085e45df1f10ccf78f

SHA1
6bbc3aa10e7cf9a356f6a0c20de5c2a6491154f4

SHA256
1b325cc55982e536b7eddf047ff976d7dbe42f1436bc30df76702d7689d2afc6

SHA512
518463ab47455e4126bd4a8c5588313ba1a477e48accc537f24b833cee41be7144c22cb33fb96344df50403c4c61e0d3ba2f40d6a4aeb556cc950eb8f15bf63c

Download Submit
C:\Windows\System\OFMTBLs.exe

Filesize
1.5MB

MD5
ee300b484b669cafb781c7475d3e32ff

SHA1
74030125d26c01802b0435065ce4bca1e3f77a2c

SHA256
315ea00c575bcae08bd9b464e44ae7431c88a34acec878379457500bc0c8c31b

SHA512
cf0839bc65d893c57ba981a9691c9b8ed92be0172093fb044aac06bf9e40435dfa0cbca118292a6efb37bcb8527d9ad7a72de7baee2e9a3f3f94255001f08455

Download Submit
C:\Windows\System\QpXyyDc.exe

Filesize
1.4MB

MD5
c4b96dd571d7f0f370e0533af1ee244f

SHA1
6384a84d664022ad267f0ef2addf6925cb4a2b4d

SHA256
9343c02a2a8ef747f29c930360d1b74bf4efb83d72abb6eff6efc5c18d7152b2

SHA512
1cb95b87134b7532a96171339634f703b6d37865dc133719e86027ba0e7434780c2c5d8055d214284a8d5d95e19e6b8d888ca9a6eede2e2a5d07a7a56f9c5aa1

Download Submit
C:\Windows\System\RjwsqKU.exe

Filesize
1.5MB

MD5
68a736a4acbc808b7bee2e852757a579

SHA1
8815808074214b063050a02563f296e3278ff4f1

SHA256
53d043f81efbe3d01fa469366db9ceeaab2240a26ac8daf983c9b46e6603c028

SHA512
6134e0fd33134b42f044b08e1e60b8a01c0b9078e4e1ac4df9660b72825c9f98c36c83b33ca33ac42eaf2b89d3ff7880cda41a5b3fb4124eec096f5ecb517e54

Download Submit
C:\Windows\System\UzLYuLB.exe

Filesize
1.5MB

MD5
81293e26f9a460bb85ca490f935de0f0

SHA1
7668f81c220daef2bb551ecb9d5deec331450c01

SHA256
f88c4da1b46f87c08fe7999d7223f27716205851a70ca9113c5f6fc80f24e3a3

SHA512
c39dd0a1799be7a63846d0fdfafa6cb1603fdfa386ce187d56a54ce9ebc345dacdbf7ff4993d18188d51c2d42b081d9a1f8939588ce5a1a6394f1c7dff84219d

Download Submit
C:\Windows\System\WVTKfYz.exe

Filesize
1.5MB

MD5
c66455d6e62b71f66f2b3c7f2e40762f

SHA1
56bb0c6ee5f93ae0113548054ea301950bb24a5a

SHA256
b00da157dc74b4d9595cd229e3b53f7b6be28da9e2f12935c4d16259fe7ff3b9

SHA512
c1df036e548bce13179e3ccc779c5a6b797f8f97c375c5c7295ce97e7fb8c1051e22068dbe32f2addfe86f99bc353cf7ae1dc4c79290bec30284872ced866980

Download Submit
C:\Windows\System\WnBxOrR.exe

Filesize
1.5MB

MD5
f48e7167cb576ffc55dc918cb8f54ca0

SHA1
9837c136ee8834d7f8251c2b1662a45cacb4001c

SHA256
cd8d3ed26a614f1bea69127792e0e93cccbefab959177435b8ebf5fc57ab4bf2

SHA512
3e62e03b663d485798dcd01751e5e4bfd7bc54342ff1eacdd2d44e836ac8830c392f4ddb316ad45f61231907fb590d063adfc2c013d9d76814319198752b9325

Download Submit
C:\Windows\System\XAWOHwo.exe

Filesize
1.5MB

MD5
38876b3776e949130eb8aebce704f97d

SHA1
6ba518bd37691ccd3286727e519f1e3d49f46399

SHA256
a224f2b563a7cd69a2b6c0e01d8f49b3afda1879546deb7bcbe9a99b71977a06

SHA512
380dd977034a154e67eb4981a16733bb156477c70cc31aa3b61cdf21c0bc889a9bbd15ff29176d712e6e678280092289865dc53776f808779034eb69d24db5f3

Download Submit
C:\Windows\System\XYjmYrk.exe

Filesize
1.5MB

MD5
b1ca0bb7e9e17a77390aa470f1bbf2d7

SHA1
a18ec4801dfa67c9daccb03ac3e7188133b89021

SHA256
83f270236a6125548d2e51dc3bc45358a18a42000f271033a0c490591b4669a3

SHA512
314e69506d856ff7411079668a5b421c5b9f4ca3fd5ba59668414a6ee8a55096ebf8e538ec04ce259523830b08aae0cb8509bc33df052e49ba82ffea50866a67

Download Submit
C:\Windows\System\YASlrhQ.exe

Filesize
1.5MB

MD5
de88c5627972de9395f6cf226c5d7614

SHA1
14bb843902dfa67e3a6504a99007ac9dbc1e9042

SHA256
cc5f82cc20a8c27bd42f779f688967e4d4655ebca133be5707d6bf2301a00ee6

SHA512
15cdfba94b20c52e18f52dd17b59b877c372f6dc0ac2c48b4d794b9a415ebc936c3dd61e2f719fa51d26b1bea714e5930aa79c7754dac9fe44c7f8114f78aabc

Download Submit
C:\Windows\System\aUTRAlh.exe

Filesize
1.5MB

MD5
1d339e57345e40c200940bbcdaa9a10d

SHA1
9fd15abaf03516709fc718a824ce7875be8641f9

SHA256
320acd94db19b4475aef44b7c94dfe85ef87ab32192f792a37590f8283b6b751

SHA512
7f73aa9e5f46be7fbab1e0342d83086e993ccccad95fa8d65a5674fdbf02c15dd6f00af3d811f22f2dc1a93d7757251f13c0da737aa26ab7edfa90273e59d58a

Download Submit
C:\Windows\System\adWHUxx.exe

Filesize
1.5MB

MD5
6abe03e6d194029d420eb31c0dffee84

SHA1
165a7688c29c5e414d2b45f3ad969fadba53177f

SHA256
4b99f5963be979a31a92bca15f962ebd2717a4dcd4861f35f2705468b592c8f8

SHA512
d9c6a74a8eb5c335eef24d5d7894934505b21bff198c5f8b24347d82d5d44accf74f8cd6b94d8bbd19096bd3153acc1012c743f66f232d6c4c5c26c2b4c5eb25

Download Submit
C:\Windows\System\avDRaZT.exe

Filesize
1.5MB

MD5
f0d03f6e595b940613e124707ccab9a7

SHA1
fb81c9fa2c748aa79b90a74cc162fad3c22a87ed

SHA256
6c88ac38531de549bea792f42051898411df4307eb408decbda1196749254894

SHA512
d9d746e8d52726e1c299cca043f1b811424f7d32e3bab77081436eb12a76770e0165202c956a8f30e45ee0ce294a0affb7b388e050b5eb4e15a7f9dba168e9f1

Download Submit
C:\Windows\System\awzzJlr.exe

Filesize
1.5MB

MD5
4d0c8957a93627067a7bc465e34f3c58

SHA1
287f8b4d9862fd36858c64edbc3f1110ca8d0168

SHA256
23ebd1d167bb3848fb364b5f38578f9768ddb7f20933bb103bf8f38391334b23

SHA512
c093d1459762f6bb9fc4bc1a14e4549fa0735aeda83a1ada6bdf185deaf7d34002f2248357bc8285122ae115eb2a45c3d29b3592bc66d7288c823053dfe67937

Download Submit
C:\Windows\System\eXCqTnH.exe

Filesize
1.5MB

MD5
90c4de035e652d08008980e3b0190782

SHA1
d4e3dec298d017e6810a0c6b5a890976f4238046

SHA256
12c1b633dde883aa48bc79b9d72c56bb47cacc6f6b921600eb4fba2678cb4db2

SHA512
8ed304d51f9892cd0a20acec1cc7ea19f99b307658cb959c418f4de9820123ab8ac949b3db62d2af7090e31e96fde63fccf745a5ddb4cb0bd76fd8f525d2cba9

Download Submit
C:\Windows\System\hFdlaCh.exe

Filesize
1.5MB

MD5
b05e53faf9e565bcc7a8b90e4599d22b

SHA1
4b7f644bba1defef9e9911854942ec36c0937cdc

SHA256
de40bf74a6453854ce822786c0fcacc03a0eda9fa48a4bf1ca8732e251f27b8b

SHA512
a03ccb50b5e55d1dfb830518704bf7c370f5440f0b4f253e490f8ecb74366d9801fd196df7c05972694b94251639eb1e3f02db0c2b91001ad20780778fe971be

Download Submit
C:\Windows\System\hLScsaw.exe

Filesize
1.5MB

MD5
78948ed9ef03b699f3e92b0057c4dadc

SHA1
b1b89edc8f01f325c96135a1a69ace915b175a86

SHA256
ad5b314b30befcec7add9f1ef368b2426d07305a91b7fb561a8f6856e8799723

SHA512
a377181129b06187e65f78c3af3e27f500ce59b8ae0df46cc3f64389e9df5cc12497e23976b78ff801db36959a24da2d35ed4b51b6feadc92b87e70ed236bc6e

Download Submit
C:\Windows\System\jHrdlwq.exe

Filesize
1.5MB

MD5
ca6c77df5c4c9a08540efa5e2fffeef0

SHA1
b02e772977c197c14b63b7a16f61205a877244cb

SHA256
0ea3dd478acba0c678826dfb9be5807c2aabd9e97bef4f62ee1600281deef72e

SHA512
40bb05db36c26117200ef65ac27e6b9d0e784aebc525419eefa2ac1ecf2e909f36c5b23b7f5ad9b963f1b83ca4e6f3e37ca979d85c4863df63d9e308647c18ce

Download Submit
C:\Windows\System\osqNGse.exe

Filesize
1.5MB

MD5
42e785f361052f7ab389bec728219c02

SHA1
953a81e08c1557c31a14ac981c31bffc30c3a1f0

SHA256
694a18d74bc16324eabafcf523eb6968ff4ce7a506d216c22033b938facbb593

SHA512
5045f045d5607b8456c15b12618b198110b1a8f45392f19318cc5a87c4793556232e8d41d413f95bb7e68efec505659fd2241266d794edc46a6596e01656b565

Download Submit
C:\Windows\System\pdUswoH.exe

Filesize
1.5MB

MD5
731c94cf8ce9175b4fea77d065fcdc84

SHA1
08d60c3dc307ee8a23e2f5529ba819f78d8bb661

SHA256
76ad42b096d14bb153efa270a1e216951f92b2cabfc76b32f18865afa0c7ed66

SHA512
e093b4a65c4784934f6e3f5830e137b9119d75e625d514c766ede6cdf91220dd6b173dab9570cea9ec3112b4aa657cb5bdfe17ca4f6d551b14e7f23426b93c7f

Download Submit
C:\Windows\System\qShDOIe.exe

Filesize
1.5MB

MD5
5a35910645ec3cc3744dd8992994f80b

SHA1
b357bcab1de0465444926181b58ce3c78de9ebee

SHA256
8d1160136a92445f00264fd2f3717da4dd9e705440ee04f9835cb645a1b49c42

SHA512
20cf5ec60794513d6bb3707cd3c3606ee5d765792794f642eb3829da66c36c6a7bda5e74733ea1e56dd998b4ee43d6c9077150d616332dc30710a89c8d097bb7

Download Submit
C:\Windows\System\rZxPOSD.exe

Filesize
1.5MB

MD5
cea6d3a5d103d52d8bbc51fc62f66e82

SHA1
6e4dc71af344318d1f0c51943233900d6c41923d

SHA256
df4b00e273bf49dfdd591bedd27ab629e7d2be00259b8a13f149afb5a777a616

SHA512
787d9e6a3e029dc288feb2d1bead13d3ebc4e41e38d6b8ed59d05b105712c11bd837e53392d854fe6fd85cf8c0c174952f51fe62922bd59aff71c6446b350fa4

Download Submit
C:\Windows\System\swrDdMN.exe

Filesize
1.5MB

MD5
66fd46fb443f170f2553b3a5e0be346e

SHA1
380a094398bca996a0b9bb2c35073b0e31a39269

SHA256
704c7a331e7dabc3906a43d0f8ea239deef8726c3eb5ef55a6c9f0d17d7982f8

SHA512
b466419c3f022458124612d554d5bf7332fbc23e83883073d0cb3e4e963cbf4bc2a56bced2e0cd45876620f34f81e8c845ab032d16707716c60b2a153813ef2e

Download Submit
C:\Windows\System\tpYVqts.exe

Filesize
1.5MB

MD5
82a0e83ae0e549f8957e72a2c49ffc21

SHA1
8e9e5d8a61af637fb6467436b43b16ce9c9573ed

SHA256
fd3aa139986437635f0dc47296215d5ca290e2cc66e91baf4c75da2b7df8a61f

SHA512
fac9b7e3a8bf2172d525248f81fbd7719a69144d65963e79db7f10e6b98867b62f2cd5a5c665ac9eacce68804611d148a544222fce3ab13c8f89109718adba4e

Download Submit
C:\Windows\System\uWlKxZZ.exe

Filesize
1.5MB

MD5
310891b6542820e6c12cf0177d7e9972

SHA1
bdd04cb065fadbe3851bc0f0173f61ab9da82ce4

SHA256
c3429fcf47d90171b3dd23af977b965835dcbadcdcc43ff4e8d7b053a7ff3eee

SHA512
149fd56c823c3791cacd85d521277ffea8c24074d457dff01ac95e584a668cc69a5a69d7b7e2edb5f682b5282981f2fbec0f23b3ea5991c3c9af7ef788c11f73

Download Submit
C:\Windows\System\vLuyPwG.exe

Filesize
1.4MB

MD5
7823bcdf59d2bd3f4fb0411f5c7615ba

SHA1
6da1856fb41eaaef86db0f0e0129f2a2d2ccf929

SHA256
f8215596615f0d3bf1c8afeb084776e69c3e5e7d853b3f2cf41f156bd28f65cc

SHA512
a21ce2cbd041dc5eeb4c2def398c73e42bc69029033a4c7b8b673f93e5e51ddb10ed4254668662d79a74025897537d03d5d151f5f8fb13baa212928671ec64f7

Download Submit
memory/64-2355-0x00007FF6B5C90000-0x00007FF6B5FE1000-memory.dmp

Filesize
3.3MB

Download
memory/64-137-0x00007FF6B5C90000-0x00007FF6B5FE1000-memory.dmp

Filesize
3.3MB

Download
memory/64-2254-0x00007FF6B5C90000-0x00007FF6B5FE1000-memory.dmp

Filesize
3.3MB

Download
memory/744-2348-0x00007FF742100000-0x00007FF742451000-memory.dmp

Filesize
3.3MB

Download
memory/744-157-0x00007FF742100000-0x00007FF742451000-memory.dmp

Filesize
3.3MB

Download
memory/744-2289-0x00007FF742100000-0x00007FF742451000-memory.dmp

Filesize
3.3MB

Download
memory/908-37-0x00007FF61A1A0000-0x00007FF61A4F1000-memory.dmp

Filesize
3.3MB

Download
memory/908-2305-0x00007FF61A1A0000-0x00007FF61A4F1000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2344-0x00007FF725CC0000-0x00007FF726011000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2291-0x00007FF725CC0000-0x00007FF726011000-memory.dmp

Filesize
3.3MB

Download
memory/1040-175-0x00007FF725CC0000-0x00007FF726011000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2252-0x00007FF7465C0000-0x00007FF746911000-memory.dmp

Filesize
3.3MB

Download
memory/1092-125-0x00007FF7465C0000-0x00007FF746911000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2332-0x00007FF7465C0000-0x00007FF746911000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2322-0x00007FF6AF6C0000-0x00007FF6AFA11000-memory.dmp

Filesize
3.3MB

Download
memory/1360-101-0x00007FF6AF6C0000-0x00007FF6AFA11000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1-0x000001D2143E0000-0x000001D2143F0000-memory.dmp

Filesize
64KB

Download
memory/1880-143-0x00007FF6E9160000-0x00007FF6E94B1000-memory.dmp

Filesize
3.3MB

Download
memory/1880-0-0x00007FF6E9160000-0x00007FF6E94B1000-memory.dmp

Filesize
3.3MB

Download
memory/1884-2300-0x00007FF6FE3F0000-0x00007FF6FE741000-memory.dmp

Filesize
3.3MB

Download
memory/1884-22-0x00007FF6FE3F0000-0x00007FF6FE741000-memory.dmp

Filesize
3.3MB

Download
memory/1888-190-0x00007FF6293D0000-0x00007FF629721000-memory.dmp

Filesize
3.3MB

Download
memory/1888-48-0x00007FF6293D0000-0x00007FF629721000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2312-0x00007FF6293D0000-0x00007FF629721000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2295-0x00007FF6C0140000-0x00007FF6C0491000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2352-0x00007FF6C0140000-0x00007FF6C0491000-memory.dmp

Filesize
3.3MB

Download
memory/1912-176-0x00007FF6C0140000-0x00007FF6C0491000-memory.dmp

Filesize
3.3MB

Download
memory/2012-182-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2326-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp

Filesize
3.3MB

Download
memory/2012-85-0x00007FF7F0C70000-0x00007FF7F0FC1000-memory.dmp

Filesize
3.3MB

Download
memory/2352-124-0x00007FF7E93D0000-0x00007FF7E9721000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2336-0x00007FF7E93D0000-0x00007FF7E9721000-memory.dmp

Filesize
3.3MB

Download
memory/2620-34-0x00007FF691710000-0x00007FF691A61000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2304-0x00007FF691710000-0x00007FF691A61000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2253-0x00007FF7B8450000-0x00007FF7B87A1000-memory.dmp

Filesize
3.3MB

Download
memory/2884-131-0x00007FF7B8450000-0x00007FF7B87A1000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2334-0x00007FF7B8450000-0x00007FF7B87A1000-memory.dmp

Filesize
3.3MB

Download
memory/3120-189-0x00007FF690710000-0x00007FF690A61000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2310-0x00007FF690710000-0x00007FF690A61000-memory.dmp

Filesize
3.3MB

Download
memory/3120-45-0x00007FF690710000-0x00007FF690A61000-memory.dmp

Filesize
3.3MB

Download
memory/3616-2114-0x00007FF7CDEB0000-0x00007FF7CE201000-memory.dmp

Filesize
3.3MB

Download
memory/3616-118-0x00007FF7CDEB0000-0x00007FF7CE201000-memory.dmp

Filesize
3.3MB

Download
memory/3616-2330-0x00007FF7CDEB0000-0x00007FF7CE201000-memory.dmp

Filesize
3.3MB

Download
memory/3660-10-0x00007FF69B290000-0x00007FF69B5E1000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2298-0x00007FF69B290000-0x00007FF69B5E1000-memory.dmp

Filesize
3.3MB

Download
memory/3724-2314-0x00007FF7F66E0000-0x00007FF7F6A31000-memory.dmp

Filesize
3.3MB

Download
memory/3724-73-0x00007FF7F66E0000-0x00007FF7F6A31000-memory.dmp

Filesize
3.3MB

Download
memory/3852-144-0x00007FF7569A0000-0x00007FF756CF1000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2255-0x00007FF7569A0000-0x00007FF756CF1000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2340-0x00007FF7569A0000-0x00007FF756CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2342-0x00007FF700EC0000-0x00007FF701211000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2284-0x00007FF700EC0000-0x00007FF701211000-memory.dmp

Filesize
3.3MB

Download
memory/4036-150-0x00007FF700EC0000-0x00007FF701211000-memory.dmp

Filesize
3.3MB

Download
memory/4108-86-0x00007FF7D1630000-0x00007FF7D1981000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2318-0x00007FF7D1630000-0x00007FF7D1981000-memory.dmp

Filesize
3.3MB

Download
memory/4128-93-0x00007FF792D00000-0x00007FF793051000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2320-0x00007FF792D00000-0x00007FF793051000-memory.dmp

Filesize
3.3MB

Download
memory/4236-35-0x00007FF76A510000-0x00007FF76A861000-memory.dmp

Filesize
3.3MB

Download
memory/4236-2309-0x00007FF76A510000-0x00007FF76A861000-memory.dmp

Filesize
3.3MB

Download
memory/4236-169-0x00007FF76A510000-0x00007FF76A861000-memory.dmp

Filesize
3.3MB

Download
memory/4252-2350-0x00007FF609BC0000-0x00007FF609F11000-memory.dmp

Filesize
3.3MB

Download
memory/4252-188-0x00007FF609BC0000-0x00007FF609F11000-memory.dmp

Filesize
3.3MB

Download
memory/4516-2324-0x00007FF641770000-0x00007FF641AC1000-memory.dmp

Filesize
3.3MB

Download
memory/4516-102-0x00007FF641770000-0x00007FF641AC1000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2290-0x00007FF72C1B0000-0x00007FF72C501000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2346-0x00007FF72C1B0000-0x00007FF72C501000-memory.dmp

Filesize
3.3MB

Download
memory/4596-163-0x00007FF72C1B0000-0x00007FF72C501000-memory.dmp

Filesize
3.3MB

Download
memory/4656-112-0x00007FF6623A0000-0x00007FF6626F1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2111-0x00007FF6623A0000-0x00007FF6626F1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2338-0x00007FF6623A0000-0x00007FF6626F1000-memory.dmp

Filesize
3.3MB

Download
memory/4716-79-0x00007FF74D5C0000-0x00007FF74D911000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2316-0x00007FF74D5C0000-0x00007FF74D911000-memory.dmp

Filesize
3.3MB

Download
memory/4784-156-0x00007FF7C8A50000-0x00007FF7C8DA1000-memory.dmp

Filesize
3.3MB

Download
memory/4784-33-0x00007FF7C8A50000-0x00007FF7C8DA1000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2306-0x00007FF7C8A50000-0x00007FF7C8DA1000-memory.dmp

Filesize
3.3MB

Download
memory/5056-106-0x00007FF7DE330000-0x00007FF7DE681000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2328-0x00007FF7DE330000-0x00007FF7DE681000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads