xmrig | 7594ed13022a98d041b63a73ac64deb2fad24055407827309e3714b708f8950d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32a743d68c912f71cbf2490954d17480_NEAS.exe
Size

2.0MB
MD5

32a743d68c912f71cbf2490954d17480
SHA1

b23f28b4a5b3c29178679578b5308a7d7dda6549
SHA256

7594ed13022a98d041b63a73ac64deb2fad24055407827309e3714b708f8950d
SHA512

030381e66d85ac81c067d5fad63aece2efdb1c28348791f23feed332c916479d1fd866ddd2ab203818b9b293942c5664239361fe9faf2ddaac68f0cd25547e68
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpuzBF6727XL1+Kwen8Z2IW:BezaTF8FcNkNdfE0pZ9ozt4wIQHxlU8

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3560-0-0x00007FF644BB0000-0x00007FF644F04000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b93-5.dat	xmrig
behavioral2/files/0x000a000000023b99-17.dat	xmrig
behavioral2/files/0x000a000000023b97-16.dat	xmrig
behavioral2/memory/4496-20-0x00007FF70C8C0000-0x00007FF70CC14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9a-25.dat	xmrig
behavioral2/memory/2708-41-0x00007FF7B9050000-0x00007FF7B93A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9e-48.dat	xmrig
behavioral2/files/0x000a000000023b9d-52.dat	xmrig
behavioral2/memory/540-54-0x00007FF7B42C0000-0x00007FF7B4614000-memory.dmp	xmrig
behavioral2/memory/2936-51-0x00007FF7A61F0000-0x00007FF7A6544000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9c-49.dat	xmrig
behavioral2/files/0x000a000000023b9b-46.dat	xmrig
behavioral2/memory/2652-44-0x00007FF6CC330000-0x00007FF6CC684000-memory.dmp	xmrig
behavioral2/memory/4740-34-0x00007FF709EB0000-0x00007FF70A204000-memory.dmp	xmrig
behavioral2/memory/4000-27-0x00007FF658EB0000-0x00007FF659204000-memory.dmp	xmrig
behavioral2/memory/4724-33-0x00007FF660190000-0x00007FF6604E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b98-24.dat	xmrig
behavioral2/memory/1692-11-0x00007FF710040000-0x00007FF710394000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9f-61.dat	xmrig
behavioral2/files/0x000a000000023ba0-62.dat	xmrig
behavioral2/files/0x000a000000023ba1-73.dat	xmrig
behavioral2/memory/1408-85-0x00007FF70A160000-0x00007FF70A4B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba5-94.dat	xmrig
behavioral2/files/0x000a000000023ba7-110.dat	xmrig
behavioral2/memory/1216-119-0x00007FF6E1150000-0x00007FF6E14A4000-memory.dmp	xmrig
behavioral2/memory/224-126-0x00007FF71CAD0000-0x00007FF71CE24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba8-130.dat	xmrig
behavioral2/memory/3040-133-0x00007FF7A7060000-0x00007FF7A73B4000-memory.dmp	xmrig
behavioral2/memory/1536-138-0x00007FF7D7430000-0x00007FF7D7784000-memory.dmp	xmrig
behavioral2/memory/2612-140-0x00007FF6C8E20000-0x00007FF6C9174000-memory.dmp	xmrig
behavioral2/memory/3660-139-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp	xmrig
behavioral2/memory/4900-137-0x00007FF722640000-0x00007FF722994000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bab-135.dat	xmrig
behavioral2/memory/3560-134-0x00007FF644BB0000-0x00007FF644F04000-memory.dmp	xmrig
behavioral2/memory/4324-132-0x00007FF73A3E0000-0x00007FF73A734000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-129.dat	xmrig
behavioral2/memory/5016-128-0x00007FF64F800000-0x00007FF64FB54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baa-123.dat	xmrig
behavioral2/memory/4912-112-0x00007FF61F340000-0x00007FF61F694000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba6-105.dat	xmrig
behavioral2/files/0x000a000000023ba3-103.dat	xmrig
behavioral2/files/0x000a000000023ba4-101.dat	xmrig
behavioral2/memory/1540-98-0x00007FF74BCC0000-0x00007FF74C014000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba2-88.dat	xmrig
behavioral2/files/0x000b000000023b94-86.dat	xmrig
behavioral2/memory/3960-76-0x00007FF683420000-0x00007FF683774000-memory.dmp	xmrig
behavioral2/memory/4960-70-0x00007FF799E30000-0x00007FF79A184000-memory.dmp	xmrig
behavioral2/memory/3460-155-0x00007FF695B80000-0x00007FF695ED4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bac-151.dat	xmrig
behavioral2/files/0x000a000000023bb1-163.dat	xmrig
behavioral2/files/0x000a000000023bae-160.dat	xmrig
behavioral2/memory/4204-167-0x00007FF657BB0000-0x00007FF657F04000-memory.dmp	xmrig
behavioral2/memory/784-164-0x00007FF7EA680000-0x00007FF7EA9D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb0-159.dat	xmrig
behavioral2/files/0x000a000000023baf-158.dat	xmrig
behavioral2/memory/1692-147-0x00007FF710040000-0x00007FF710394000-memory.dmp	xmrig
behavioral2/memory/4496-176-0x00007FF70C8C0000-0x00007FF70CC14000-memory.dmp	xmrig
behavioral2/memory/4388-188-0x00007FF657840000-0x00007FF657B94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb7-199.dat	xmrig
behavioral2/memory/5060-200-0x00007FF62B490000-0x00007FF62B7E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb3-196.dat	xmrig
behavioral2/files/0x000a000000023bb6-195.dat	xmrig
behavioral2/files/0x000a000000023bb5-183.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1692	VfcyfrT.exe
4496	egRFiAf.exe
4000	GrWtyEX.exe
4724	tKFCcLH.exe
4740	amERqYX.exe
2708	BpXxHON.exe
2652	GrNUKSD.exe
2936	cUKpDfU.exe
540	IGPIqNa.exe
4960	ZJMwCqI.exe
3960	tNxGnGd.exe
1408	hrJOOig.exe
4324	NopqrIa.exe
3040	wFBwjRX.exe
1540	QwXBcEb.exe
4900	DBCXEmm.exe
4912	wFlejFf.exe
1536	lMYsIXE.exe
1216	GYWnOzR.exe
224	qQHVcdQ.exe
3660	kDlIMRV.exe
5016	htvBQuz.exe
2612	KZYiZSR.exe
3460	QWgITuz.exe
784	YIwhzTI.exe
4388	SuNzoPC.exe
4204	JEdPIka.exe
4564	nOeASvX.exe
5060	OIbZUhK.exe
1264	LZSwAWE.exe
3112	oGxKYRN.exe
4532	AebGRgs.exe
2684	tCewRpU.exe
3052	vWcWuxG.exe
3436	cooHBAb.exe
4892	grVeNsx.exe
4904	IRSQeEu.exe
2532	HJfudfb.exe
1548	LCdLRvB.exe
4780	ezEHTzC.exe
3844	BIFBWvf.exe
3956	ZkWiNPb.exe
644	JmWThrv.exe
4896	QEbMhQv.exe
1632	ajRoezU.exe
3576	kWSrGSC.exe
4488	fnqAfjW.exe
3120	sCOPkjX.exe
1564	nSCJYXu.exe
396	ZzFmXcX.exe
2956	ImlTtEm.exe
3632	jTwfBjM.exe
2492	mSbYcZa.exe
2140	GOWeBQD.exe
2764	wuTKZoH.exe
1232	FlscmmV.exe
4836	HGeRHxH.exe
2924	poBRaqK.exe
4416	JAdttjR.exe
3292	suJOUht.exe
1996	FrdpqEU.exe
3400	oouYjFw.exe
3148	GTEeqFK.exe
4296	FCyXAsD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3560-0-0x00007FF644BB0000-0x00007FF644F04000-memory.dmp	upx
behavioral2/files/0x000b000000023b93-5.dat	upx
behavioral2/files/0x000a000000023b99-17.dat	upx
behavioral2/files/0x000a000000023b97-16.dat	upx
behavioral2/memory/4496-20-0x00007FF70C8C0000-0x00007FF70CC14000-memory.dmp	upx
behavioral2/files/0x000a000000023b9a-25.dat	upx
behavioral2/memory/2708-41-0x00007FF7B9050000-0x00007FF7B93A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b9e-48.dat	upx
behavioral2/files/0x000a000000023b9d-52.dat	upx
behavioral2/memory/540-54-0x00007FF7B42C0000-0x00007FF7B4614000-memory.dmp	upx
behavioral2/memory/2936-51-0x00007FF7A61F0000-0x00007FF7A6544000-memory.dmp	upx
behavioral2/files/0x000a000000023b9c-49.dat	upx
behavioral2/files/0x000a000000023b9b-46.dat	upx
behavioral2/memory/2652-44-0x00007FF6CC330000-0x00007FF6CC684000-memory.dmp	upx
behavioral2/memory/4740-34-0x00007FF709EB0000-0x00007FF70A204000-memory.dmp	upx
behavioral2/memory/4000-27-0x00007FF658EB0000-0x00007FF659204000-memory.dmp	upx
behavioral2/memory/4724-33-0x00007FF660190000-0x00007FF6604E4000-memory.dmp	upx
behavioral2/files/0x000a000000023b98-24.dat	upx
behavioral2/memory/1692-11-0x00007FF710040000-0x00007FF710394000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-61.dat	upx
behavioral2/files/0x000a000000023ba0-62.dat	upx
behavioral2/files/0x000a000000023ba1-73.dat	upx
behavioral2/memory/1408-85-0x00007FF70A160000-0x00007FF70A4B4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-94.dat	upx
behavioral2/files/0x000a000000023ba7-110.dat	upx
behavioral2/memory/1216-119-0x00007FF6E1150000-0x00007FF6E14A4000-memory.dmp	upx
behavioral2/memory/224-126-0x00007FF71CAD0000-0x00007FF71CE24000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-130.dat	upx
behavioral2/memory/3040-133-0x00007FF7A7060000-0x00007FF7A73B4000-memory.dmp	upx
behavioral2/memory/1536-138-0x00007FF7D7430000-0x00007FF7D7784000-memory.dmp	upx
behavioral2/memory/2612-140-0x00007FF6C8E20000-0x00007FF6C9174000-memory.dmp	upx
behavioral2/memory/3660-139-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp	upx
behavioral2/memory/4900-137-0x00007FF722640000-0x00007FF722994000-memory.dmp	upx
behavioral2/files/0x000a000000023bab-135.dat	upx
behavioral2/memory/3560-134-0x00007FF644BB0000-0x00007FF644F04000-memory.dmp	upx
behavioral2/memory/4324-132-0x00007FF73A3E0000-0x00007FF73A734000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-129.dat	upx
behavioral2/memory/5016-128-0x00007FF64F800000-0x00007FF64FB54000-memory.dmp	upx
behavioral2/files/0x000a000000023baa-123.dat	upx
behavioral2/memory/4912-112-0x00007FF61F340000-0x00007FF61F694000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-105.dat	upx
behavioral2/files/0x000a000000023ba3-103.dat	upx
behavioral2/files/0x000a000000023ba4-101.dat	upx
behavioral2/memory/1540-98-0x00007FF74BCC0000-0x00007FF74C014000-memory.dmp	upx
behavioral2/files/0x000a000000023ba2-88.dat	upx
behavioral2/files/0x000b000000023b94-86.dat	upx
behavioral2/memory/3960-76-0x00007FF683420000-0x00007FF683774000-memory.dmp	upx
behavioral2/memory/4960-70-0x00007FF799E30000-0x00007FF79A184000-memory.dmp	upx
behavioral2/memory/3460-155-0x00007FF695B80000-0x00007FF695ED4000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-151.dat	upx
behavioral2/files/0x000a000000023bb1-163.dat	upx
behavioral2/files/0x000a000000023bae-160.dat	upx
behavioral2/memory/4204-167-0x00007FF657BB0000-0x00007FF657F04000-memory.dmp	upx
behavioral2/memory/784-164-0x00007FF7EA680000-0x00007FF7EA9D4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb0-159.dat	upx
behavioral2/files/0x000a000000023baf-158.dat	upx
behavioral2/memory/1692-147-0x00007FF710040000-0x00007FF710394000-memory.dmp	upx
behavioral2/memory/4496-176-0x00007FF70C8C0000-0x00007FF70CC14000-memory.dmp	upx
behavioral2/memory/4388-188-0x00007FF657840000-0x00007FF657B94000-memory.dmp	upx
behavioral2/files/0x000a000000023bb7-199.dat	upx
behavioral2/memory/5060-200-0x00007FF62B490000-0x00007FF62B7E4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb3-196.dat	upx
behavioral2/files/0x000a000000023bb6-195.dat	upx
behavioral2/files/0x000a000000023bb5-183.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PGGMkLT.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\lhnGwIx.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\KVKyaqt.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\BfUHkoy.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\mSbYcZa.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\wUvINTD.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\StcarFL.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\htvBQuz.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\ZczBxSo.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\HDmDqgr.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\ckQWNxN.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\hGXlXZM.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\iiEJhZJ.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\VgvkqZg.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\wFBwjRX.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\QEbMhQv.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\NeXBykN.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\NkOmFuJ.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\gmLEscq.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\BpXxHON.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\pjGACyP.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\WsJMBbc.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\yYylPdH.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\MWwgcZI.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\SXurxfk.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\LrJJPrt.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\RXrAkRZ.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\fPenklB.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\dxrUNCQ.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\GYWnOzR.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\fDuWrMJ.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\TVGFdVu.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\XcuXvYM.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\ENMfYTo.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\UJglWSA.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\FmvNyAn.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\XfRhfGd.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\YMkesuu.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\dNcurkh.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\ROQtvAK.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\FlscmmV.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\mfxlADD.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\pgrDoLv.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\VvFtUMT.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\WeMvvLJ.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\HJfudfb.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\jvDbtDr.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\mNdVSCo.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\VyQCzBU.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\DKjaHnO.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\YIwhzTI.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\cooHBAb.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\CuFVAuV.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\PxzDSmK.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\uxbmtjz.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\tNxGnGd.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\ygSHjZl.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\BfQBHgu.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\LqCXuwg.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\RDuFiCc.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\FhFRgdW.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\ZHPVGpp.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\uUAJntq.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe
File created	C:\Windows\System\OkXEjzE.exe	32a743d68c912f71cbf2490954d17480_NEAS.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14840	dwm.exe
Token: SeChangeNotifyPrivilege	14840	dwm.exe
Token: 33	14840	dwm.exe
Token: SeIncBasePriorityPrivilege	14840	dwm.exe
Token: SeShutdownPrivilege	14840	dwm.exe
Token: SeCreatePagefilePrivilege	14840	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 1692	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	86
PID 3560 wrote to memory of 1692	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	86
PID 3560 wrote to memory of 4000	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	87
PID 3560 wrote to memory of 4000	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	87
PID 3560 wrote to memory of 4496	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	88
PID 3560 wrote to memory of 4496	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	88
PID 3560 wrote to memory of 4724	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	89
PID 3560 wrote to memory of 4724	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	89
PID 3560 wrote to memory of 4740	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	90
PID 3560 wrote to memory of 4740	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	90
PID 3560 wrote to memory of 2708	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	91
PID 3560 wrote to memory of 2708	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	91
PID 3560 wrote to memory of 2652	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	92
PID 3560 wrote to memory of 2652	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	92
PID 3560 wrote to memory of 2936	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	93
PID 3560 wrote to memory of 2936	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	93
PID 3560 wrote to memory of 540	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	94
PID 3560 wrote to memory of 540	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	94
PID 3560 wrote to memory of 4960	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	95
PID 3560 wrote to memory of 4960	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	95
PID 3560 wrote to memory of 3960	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	96
PID 3560 wrote to memory of 3960	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	96
PID 3560 wrote to memory of 1408	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	97
PID 3560 wrote to memory of 1408	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	97
PID 3560 wrote to memory of 4324	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	98
PID 3560 wrote to memory of 4324	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	98
PID 3560 wrote to memory of 3040	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	99
PID 3560 wrote to memory of 3040	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	99
PID 3560 wrote to memory of 1540	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	100
PID 3560 wrote to memory of 1540	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	100
PID 3560 wrote to memory of 4900	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	101
PID 3560 wrote to memory of 4900	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	101
PID 3560 wrote to memory of 4912	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	102
PID 3560 wrote to memory of 4912	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	102
PID 3560 wrote to memory of 1536	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	103
PID 3560 wrote to memory of 1536	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	103
PID 3560 wrote to memory of 1216	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	104
PID 3560 wrote to memory of 1216	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	104
PID 3560 wrote to memory of 224	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	105
PID 3560 wrote to memory of 224	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	105
PID 3560 wrote to memory of 3660	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	106
PID 3560 wrote to memory of 3660	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	106
PID 3560 wrote to memory of 5016	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	107
PID 3560 wrote to memory of 5016	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	107
PID 3560 wrote to memory of 2612	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	108
PID 3560 wrote to memory of 2612	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	108
PID 3560 wrote to memory of 3460	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	109
PID 3560 wrote to memory of 3460	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	109
PID 3560 wrote to memory of 784	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	110
PID 3560 wrote to memory of 784	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	110
PID 3560 wrote to memory of 4388	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	111
PID 3560 wrote to memory of 4388	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	111
PID 3560 wrote to memory of 4204	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	112
PID 3560 wrote to memory of 4204	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	112
PID 3560 wrote to memory of 4564	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	113
PID 3560 wrote to memory of 4564	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	113
PID 3560 wrote to memory of 5060	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	114
PID 3560 wrote to memory of 5060	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	114
PID 3560 wrote to memory of 1264	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	115
PID 3560 wrote to memory of 1264	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	115
PID 3560 wrote to memory of 3112	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	116
PID 3560 wrote to memory of 3112	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	116
PID 3560 wrote to memory of 4532	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	117
PID 3560 wrote to memory of 4532	3560	32a743d68c912f71cbf2490954d17480_NEAS.exe	117

C:\Users\Admin\AppData\Local\Temp\32a743d68c912f71cbf2490954d17480_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\32a743d68c912f71cbf2490954d17480_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Windows\System\VfcyfrT.exe
  C:\Windows\System\VfcyfrT.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\GrWtyEX.exe
  C:\Windows\System\GrWtyEX.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\egRFiAf.exe
  C:\Windows\System\egRFiAf.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\tKFCcLH.exe
  C:\Windows\System\tKFCcLH.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\amERqYX.exe
  C:\Windows\System\amERqYX.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\BpXxHON.exe
  C:\Windows\System\BpXxHON.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\GrNUKSD.exe
  C:\Windows\System\GrNUKSD.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\cUKpDfU.exe
  C:\Windows\System\cUKpDfU.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\IGPIqNa.exe
  C:\Windows\System\IGPIqNa.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\ZJMwCqI.exe
  C:\Windows\System\ZJMwCqI.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\tNxGnGd.exe
  C:\Windows\System\tNxGnGd.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\hrJOOig.exe
  C:\Windows\System\hrJOOig.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\NopqrIa.exe
  C:\Windows\System\NopqrIa.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\wFBwjRX.exe
  C:\Windows\System\wFBwjRX.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\QwXBcEb.exe
  C:\Windows\System\QwXBcEb.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\DBCXEmm.exe
  C:\Windows\System\DBCXEmm.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\wFlejFf.exe
  C:\Windows\System\wFlejFf.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\lMYsIXE.exe
  C:\Windows\System\lMYsIXE.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\GYWnOzR.exe
  C:\Windows\System\GYWnOzR.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\qQHVcdQ.exe
  C:\Windows\System\qQHVcdQ.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\kDlIMRV.exe
  C:\Windows\System\kDlIMRV.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\htvBQuz.exe
  C:\Windows\System\htvBQuz.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\KZYiZSR.exe
  C:\Windows\System\KZYiZSR.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\QWgITuz.exe
  C:\Windows\System\QWgITuz.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\YIwhzTI.exe
  C:\Windows\System\YIwhzTI.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\SuNzoPC.exe
  C:\Windows\System\SuNzoPC.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\JEdPIka.exe
  C:\Windows\System\JEdPIka.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\nOeASvX.exe
  C:\Windows\System\nOeASvX.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\OIbZUhK.exe
  C:\Windows\System\OIbZUhK.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\LZSwAWE.exe
  C:\Windows\System\LZSwAWE.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\oGxKYRN.exe
  C:\Windows\System\oGxKYRN.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\AebGRgs.exe
  C:\Windows\System\AebGRgs.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\tCewRpU.exe
  C:\Windows\System\tCewRpU.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\vWcWuxG.exe
  C:\Windows\System\vWcWuxG.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\cooHBAb.exe
  C:\Windows\System\cooHBAb.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\grVeNsx.exe
  C:\Windows\System\grVeNsx.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\IRSQeEu.exe
  C:\Windows\System\IRSQeEu.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\HJfudfb.exe
  C:\Windows\System\HJfudfb.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\LCdLRvB.exe
  C:\Windows\System\LCdLRvB.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ezEHTzC.exe
  C:\Windows\System\ezEHTzC.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\BIFBWvf.exe
  C:\Windows\System\BIFBWvf.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\ZkWiNPb.exe
  C:\Windows\System\ZkWiNPb.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\JmWThrv.exe
  C:\Windows\System\JmWThrv.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\QEbMhQv.exe
  C:\Windows\System\QEbMhQv.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\ajRoezU.exe
  C:\Windows\System\ajRoezU.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\kWSrGSC.exe
  C:\Windows\System\kWSrGSC.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\fnqAfjW.exe
  C:\Windows\System\fnqAfjW.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\sCOPkjX.exe
  C:\Windows\System\sCOPkjX.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\nSCJYXu.exe
  C:\Windows\System\nSCJYXu.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\ZzFmXcX.exe
  C:\Windows\System\ZzFmXcX.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\ImlTtEm.exe
  C:\Windows\System\ImlTtEm.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\jTwfBjM.exe
  C:\Windows\System\jTwfBjM.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\mSbYcZa.exe
  C:\Windows\System\mSbYcZa.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\GOWeBQD.exe
  C:\Windows\System\GOWeBQD.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\wuTKZoH.exe
  C:\Windows\System\wuTKZoH.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\FlscmmV.exe
  C:\Windows\System\FlscmmV.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\HGeRHxH.exe
  C:\Windows\System\HGeRHxH.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\poBRaqK.exe
  C:\Windows\System\poBRaqK.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\JAdttjR.exe
  C:\Windows\System\JAdttjR.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\suJOUht.exe
  C:\Windows\System\suJOUht.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\FrdpqEU.exe
  C:\Windows\System\FrdpqEU.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\oouYjFw.exe
  C:\Windows\System\oouYjFw.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\GTEeqFK.exe
  C:\Windows\System\GTEeqFK.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\FCyXAsD.exe
  C:\Windows\System\FCyXAsD.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\DZcNthW.exe
  C:\Windows\System\DZcNthW.exe
  2⤵
  PID:632
- C:\Windows\System\mPgexTT.exe
  C:\Windows\System\mPgexTT.exe
  2⤵
  PID:1092
- C:\Windows\System\XfRhfGd.exe
  C:\Windows\System\XfRhfGd.exe
  2⤵
  PID:2352
- C:\Windows\System\bEytwbE.exe
  C:\Windows\System\bEytwbE.exe
  2⤵
  PID:688
- C:\Windows\System\LCRmssB.exe
  C:\Windows\System\LCRmssB.exe
  2⤵
  PID:4908
- C:\Windows\System\uJPYyDe.exe
  C:\Windows\System\uJPYyDe.exe
  2⤵
  PID:2792
- C:\Windows\System\NnirZWr.exe
  C:\Windows\System\NnirZWr.exe
  2⤵
  PID:2072
- C:\Windows\System\MWwgcZI.exe
  C:\Windows\System\MWwgcZI.exe
  2⤵
  PID:2996
- C:\Windows\System\crwayNN.exe
  C:\Windows\System\crwayNN.exe
  2⤵
  PID:744
- C:\Windows\System\wWyhYud.exe
  C:\Windows\System\wWyhYud.exe
  2⤵
  PID:3084
- C:\Windows\System\ixzVMEq.exe
  C:\Windows\System\ixzVMEq.exe
  2⤵
  PID:1392
- C:\Windows\System\SoJgVMi.exe
  C:\Windows\System\SoJgVMi.exe
  2⤵
  PID:1980
- C:\Windows\System\IvCHsXv.exe
  C:\Windows\System\IvCHsXv.exe
  2⤵
  PID:4536
- C:\Windows\System\LRqaQCP.exe
  C:\Windows\System\LRqaQCP.exe
  2⤵
  PID:2216
- C:\Windows\System\OkXEjzE.exe
  C:\Windows\System\OkXEjzE.exe
  2⤵
  PID:4092
- C:\Windows\System\oZjkXFg.exe
  C:\Windows\System\oZjkXFg.exe
  2⤵
  PID:968
- C:\Windows\System\hZWYoPb.exe
  C:\Windows\System\hZWYoPb.exe
  2⤵
  PID:1060
- C:\Windows\System\AXJPmoS.exe
  C:\Windows\System\AXJPmoS.exe
  2⤵
  PID:5104
- C:\Windows\System\xgzSosH.exe
  C:\Windows\System\xgzSosH.exe
  2⤵
  PID:2028
- C:\Windows\System\MNQSZyw.exe
  C:\Windows\System\MNQSZyw.exe
  2⤵
  PID:2304
- C:\Windows\System\nQMakuh.exe
  C:\Windows\System\nQMakuh.exe
  2⤵
  PID:760
- C:\Windows\System\NIRzijv.exe
  C:\Windows\System\NIRzijv.exe
  2⤵
  PID:1280
- C:\Windows\System\Ygkogqc.exe
  C:\Windows\System\Ygkogqc.exe
  2⤵
  PID:4604
- C:\Windows\System\PmcJHGu.exe
  C:\Windows\System\PmcJHGu.exe
  2⤵
  PID:520
- C:\Windows\System\PPkvnwO.exe
  C:\Windows\System\PPkvnwO.exe
  2⤵
  PID:5144
- C:\Windows\System\wDiDVeP.exe
  C:\Windows\System\wDiDVeP.exe
  2⤵
  PID:5180
- C:\Windows\System\DUuJBZf.exe
  C:\Windows\System\DUuJBZf.exe
  2⤵
  PID:5212
- C:\Windows\System\osdStRw.exe
  C:\Windows\System\osdStRw.exe
  2⤵
  PID:5236
- C:\Windows\System\ISXfQmR.exe
  C:\Windows\System\ISXfQmR.exe
  2⤵
  PID:5264
- C:\Windows\System\VTaCEBD.exe
  C:\Windows\System\VTaCEBD.exe
  2⤵
  PID:5300
- C:\Windows\System\lsztmbE.exe
  C:\Windows\System\lsztmbE.exe
  2⤵
  PID:5320
- C:\Windows\System\rYxUKgk.exe
  C:\Windows\System\rYxUKgk.exe
  2⤵
  PID:5352
- C:\Windows\System\iwCfDwR.exe
  C:\Windows\System\iwCfDwR.exe
  2⤵
  PID:5376
- C:\Windows\System\TCNgNWV.exe
  C:\Windows\System\TCNgNWV.exe
  2⤵
  PID:5412
- C:\Windows\System\BQLDvAY.exe
  C:\Windows\System\BQLDvAY.exe
  2⤵
  PID:5444
- C:\Windows\System\EtUBZRD.exe
  C:\Windows\System\EtUBZRD.exe
  2⤵
  PID:5460
- C:\Windows\System\ujQJqzy.exe
  C:\Windows\System\ujQJqzy.exe
  2⤵
  PID:5496
- C:\Windows\System\DMIldVG.exe
  C:\Windows\System\DMIldVG.exe
  2⤵
  PID:5520
- C:\Windows\System\KoNsGpB.exe
  C:\Windows\System\KoNsGpB.exe
  2⤵
  PID:5544
- C:\Windows\System\BBPfZGC.exe
  C:\Windows\System\BBPfZGC.exe
  2⤵
  PID:5572
- C:\Windows\System\CuFVAuV.exe
  C:\Windows\System\CuFVAuV.exe
  2⤵
  PID:5632
- C:\Windows\System\RMIqVaW.exe
  C:\Windows\System\RMIqVaW.exe
  2⤵
  PID:5656
- C:\Windows\System\sJAKFFx.exe
  C:\Windows\System\sJAKFFx.exe
  2⤵
  PID:5680
- C:\Windows\System\NeXBykN.exe
  C:\Windows\System\NeXBykN.exe
  2⤵
  PID:5720
- C:\Windows\System\VusSDvg.exe
  C:\Windows\System\VusSDvg.exe
  2⤵
  PID:5740
- C:\Windows\System\HMyDYyC.exe
  C:\Windows\System\HMyDYyC.exe
  2⤵
  PID:5788
- C:\Windows\System\RvrEyPS.exe
  C:\Windows\System\RvrEyPS.exe
  2⤵
  PID:5816
- C:\Windows\System\nYHHRmT.exe
  C:\Windows\System\nYHHRmT.exe
  2⤵
  PID:5840
- C:\Windows\System\uhgroyA.exe
  C:\Windows\System\uhgroyA.exe
  2⤵
  PID:5868
- C:\Windows\System\rrkKurA.exe
  C:\Windows\System\rrkKurA.exe
  2⤵
  PID:5896
- C:\Windows\System\qLwLcPU.exe
  C:\Windows\System\qLwLcPU.exe
  2⤵
  PID:5928
- C:\Windows\System\QoDopeb.exe
  C:\Windows\System\QoDopeb.exe
  2⤵
  PID:5952
- C:\Windows\System\GOuljFX.exe
  C:\Windows\System\GOuljFX.exe
  2⤵
  PID:5980
- C:\Windows\System\kNNdHdt.exe
  C:\Windows\System\kNNdHdt.exe
  2⤵
  PID:6008
- C:\Windows\System\zWCOeCe.exe
  C:\Windows\System\zWCOeCe.exe
  2⤵
  PID:6036
- C:\Windows\System\baKqfvo.exe
  C:\Windows\System\baKqfvo.exe
  2⤵
  PID:6068
- C:\Windows\System\fqVFIoR.exe
  C:\Windows\System\fqVFIoR.exe
  2⤵
  PID:6084
- C:\Windows\System\VgvkqZg.exe
  C:\Windows\System\VgvkqZg.exe
  2⤵
  PID:6112
- C:\Windows\System\AjSKJUD.exe
  C:\Windows\System\AjSKJUD.exe
  2⤵
  PID:6140
- C:\Windows\System\lqfeNVW.exe
  C:\Windows\System\lqfeNVW.exe
  2⤵
  PID:5220
- C:\Windows\System\vmLYeWn.exe
  C:\Windows\System\vmLYeWn.exe
  2⤵
  PID:5088
- C:\Windows\System\LAdguSX.exe
  C:\Windows\System\LAdguSX.exe
  2⤵
  PID:1680
- C:\Windows\System\mczFgss.exe
  C:\Windows\System\mczFgss.exe
  2⤵
  PID:5316
- C:\Windows\System\urIMswY.exe
  C:\Windows\System\urIMswY.exe
  2⤵
  PID:5408
- C:\Windows\System\vjqoLJd.exe
  C:\Windows\System\vjqoLJd.exe
  2⤵
  PID:5476
- C:\Windows\System\ZczBxSo.exe
  C:\Windows\System\ZczBxSo.exe
  2⤵
  PID:5536
- C:\Windows\System\NkOmFuJ.exe
  C:\Windows\System\NkOmFuJ.exe
  2⤵
  PID:5648
- C:\Windows\System\yWSgrZo.exe
  C:\Windows\System\yWSgrZo.exe
  2⤵
  PID:5692
- C:\Windows\System\DKjaHnO.exe
  C:\Windows\System\DKjaHnO.exe
  2⤵
  PID:5800
- C:\Windows\System\tPiwVKc.exe
  C:\Windows\System\tPiwVKc.exe
  2⤵
  PID:5836
- C:\Windows\System\RndJfWv.exe
  C:\Windows\System\RndJfWv.exe
  2⤵
  PID:5920
- C:\Windows\System\bcWByqD.exe
  C:\Windows\System\bcWByqD.exe
  2⤵
  PID:6004
- C:\Windows\System\mvzkmeE.exe
  C:\Windows\System\mvzkmeE.exe
  2⤵
  PID:6080
- C:\Windows\System\RsMtmdN.exe
  C:\Windows\System\RsMtmdN.exe
  2⤵
  PID:5284
- C:\Windows\System\zihmPJB.exe
  C:\Windows\System\zihmPJB.exe
  2⤵
  PID:5452
- C:\Windows\System\VDECUCw.exe
  C:\Windows\System\VDECUCw.exe
  2⤵
  PID:5608
- C:\Windows\System\TkUpORG.exe
  C:\Windows\System\TkUpORG.exe
  2⤵
  PID:5852
- C:\Windows\System\HAZLcpH.exe
  C:\Windows\System\HAZLcpH.exe
  2⤵
  PID:5188
- C:\Windows\System\XoiQqzv.exe
  C:\Windows\System\XoiQqzv.exe
  2⤵
  PID:5404
- C:\Windows\System\VvULnMs.exe
  C:\Windows\System\VvULnMs.exe
  2⤵
  PID:6172
- C:\Windows\System\LvByIil.exe
  C:\Windows\System\LvByIil.exe
  2⤵
  PID:6192
- C:\Windows\System\HDmDqgr.exe
  C:\Windows\System\HDmDqgr.exe
  2⤵
  PID:6236
- C:\Windows\System\DesbslQ.exe
  C:\Windows\System\DesbslQ.exe
  2⤵
  PID:6256
- C:\Windows\System\YOAyNtN.exe
  C:\Windows\System\YOAyNtN.exe
  2⤵
  PID:6296
- C:\Windows\System\pviueCo.exe
  C:\Windows\System\pviueCo.exe
  2⤵
  PID:6324
- C:\Windows\System\TwtyExT.exe
  C:\Windows\System\TwtyExT.exe
  2⤵
  PID:6348
- C:\Windows\System\ktqHKmX.exe
  C:\Windows\System\ktqHKmX.exe
  2⤵
  PID:6380
- C:\Windows\System\FUAfhEL.exe
  C:\Windows\System\FUAfhEL.exe
  2⤵
  PID:6404
- C:\Windows\System\AMuxbBw.exe
  C:\Windows\System\AMuxbBw.exe
  2⤵
  PID:6440
- C:\Windows\System\aaoVsAS.exe
  C:\Windows\System\aaoVsAS.exe
  2⤵
  PID:6468
- C:\Windows\System\wGQVAUC.exe
  C:\Windows\System\wGQVAUC.exe
  2⤵
  PID:6500
- C:\Windows\System\mdfhIAN.exe
  C:\Windows\System\mdfhIAN.exe
  2⤵
  PID:6516
- C:\Windows\System\eWTsZyw.exe
  C:\Windows\System\eWTsZyw.exe
  2⤵
  PID:6544
- C:\Windows\System\YMfXcIr.exe
  C:\Windows\System\YMfXcIr.exe
  2⤵
  PID:6568
- C:\Windows\System\YhknMWh.exe
  C:\Windows\System\YhknMWh.exe
  2⤵
  PID:6600
- C:\Windows\System\xAjrsYC.exe
  C:\Windows\System\xAjrsYC.exe
  2⤵
  PID:6620
- C:\Windows\System\ptpWAIm.exe
  C:\Windows\System\ptpWAIm.exe
  2⤵
  PID:6656
- C:\Windows\System\yIWUriS.exe
  C:\Windows\System\yIWUriS.exe
  2⤵
  PID:6676
- C:\Windows\System\iRyJimP.exe
  C:\Windows\System\iRyJimP.exe
  2⤵
  PID:6712
- C:\Windows\System\mfxlADD.exe
  C:\Windows\System\mfxlADD.exe
  2⤵
  PID:6740
- C:\Windows\System\kqyDIGs.exe
  C:\Windows\System\kqyDIGs.exe
  2⤵
  PID:6772
- C:\Windows\System\ROQtvAK.exe
  C:\Windows\System\ROQtvAK.exe
  2⤵
  PID:6796
- C:\Windows\System\opIoixa.exe
  C:\Windows\System\opIoixa.exe
  2⤵
  PID:6824
- C:\Windows\System\UQQlEQk.exe
  C:\Windows\System\UQQlEQk.exe
  2⤵
  PID:6892
- C:\Windows\System\gIceyyg.exe
  C:\Windows\System\gIceyyg.exe
  2⤵
  PID:6916
- C:\Windows\System\BJzprpz.exe
  C:\Windows\System\BJzprpz.exe
  2⤵
  PID:6952
- C:\Windows\System\nRvmWBO.exe
  C:\Windows\System\nRvmWBO.exe
  2⤵
  PID:6988
- C:\Windows\System\RLthPpT.exe
  C:\Windows\System\RLthPpT.exe
  2⤵
  PID:7016
- C:\Windows\System\zfACCHD.exe
  C:\Windows\System\zfACCHD.exe
  2⤵
  PID:7044
- C:\Windows\System\URZrugn.exe
  C:\Windows\System\URZrugn.exe
  2⤵
  PID:7072
- C:\Windows\System\ILwsBjK.exe
  C:\Windows\System\ILwsBjK.exe
  2⤵
  PID:7100
- C:\Windows\System\qowxIAc.exe
  C:\Windows\System\qowxIAc.exe
  2⤵
  PID:7128
- C:\Windows\System\fzJFhuk.exe
  C:\Windows\System\fzJFhuk.exe
  2⤵
  PID:7156
- C:\Windows\System\OXvvyNk.exe
  C:\Windows\System\OXvvyNk.exe
  2⤵
  PID:5312
- C:\Windows\System\sBnFtlI.exe
  C:\Windows\System\sBnFtlI.exe
  2⤵
  PID:6248
- C:\Windows\System\DNUExhu.exe
  C:\Windows\System\DNUExhu.exe
  2⤵
  PID:6268
- C:\Windows\System\mnlpTpT.exe
  C:\Windows\System\mnlpTpT.exe
  2⤵
  PID:6312
- C:\Windows\System\VYjnlAv.exe
  C:\Windows\System\VYjnlAv.exe
  2⤵
  PID:6344
- C:\Windows\System\PxzDSmK.exe
  C:\Windows\System\PxzDSmK.exe
  2⤵
  PID:6492
- C:\Windows\System\EtsdmPN.exe
  C:\Windows\System\EtsdmPN.exe
  2⤵
  PID:6588
- C:\Windows\System\NJnqCUz.exe
  C:\Windows\System\NJnqCUz.exe
  2⤵
  PID:6636
- C:\Windows\System\sBhdYSJ.exe
  C:\Windows\System\sBhdYSJ.exe
  2⤵
  PID:6720
- C:\Windows\System\TjkBaTU.exe
  C:\Windows\System\TjkBaTU.exe
  2⤵
  PID:6768
- C:\Windows\System\cJYWOKz.exe
  C:\Windows\System\cJYWOKz.exe
  2⤵
  PID:6784
- C:\Windows\System\YOlmtgc.exe
  C:\Windows\System\YOlmtgc.exe
  2⤵
  PID:6912
- C:\Windows\System\rrmkTfn.exe
  C:\Windows\System\rrmkTfn.exe
  2⤵
  PID:7008
- C:\Windows\System\XtZchbn.exe
  C:\Windows\System\XtZchbn.exe
  2⤵
  PID:7088
- C:\Windows\System\qaPGSjE.exe
  C:\Windows\System\qaPGSjE.exe
  2⤵
  PID:7140
- C:\Windows\System\IUCnEGR.exe
  C:\Windows\System\IUCnEGR.exe
  2⤵
  PID:6164
- C:\Windows\System\RGSrnsJ.exe
  C:\Windows\System\RGSrnsJ.exe
  2⤵
  PID:6428
- C:\Windows\System\ahItlab.exe
  C:\Windows\System\ahItlab.exe
  2⤵
  PID:6564
- C:\Windows\System\nDFsWDq.exe
  C:\Windows\System\nDFsWDq.exe
  2⤵
  PID:6640
- C:\Windows\System\KDVALNW.exe
  C:\Windows\System\KDVALNW.exe
  2⤵
  PID:6964
- C:\Windows\System\yYnUMZO.exe
  C:\Windows\System\yYnUMZO.exe
  2⤵
  PID:7092
- C:\Windows\System\rKPMKQw.exe
  C:\Windows\System\rKPMKQw.exe
  2⤵
  PID:7164
- C:\Windows\System\FIdgCGN.exe
  C:\Windows\System\FIdgCGN.exe
  2⤵
  PID:6628
- C:\Windows\System\tBVSRkD.exe
  C:\Windows\System\tBVSRkD.exe
  2⤵
  PID:7056
- C:\Windows\System\XskDTTw.exe
  C:\Windows\System\XskDTTw.exe
  2⤵
  PID:6704
- C:\Windows\System\ApoxPJk.exe
  C:\Windows\System\ApoxPJk.exe
  2⤵
  PID:6872
- C:\Windows\System\dGGEfOT.exe
  C:\Windows\System\dGGEfOT.exe
  2⤵
  PID:7192
- C:\Windows\System\ZxSepnd.exe
  C:\Windows\System\ZxSepnd.exe
  2⤵
  PID:7220
- C:\Windows\System\Qjfhkph.exe
  C:\Windows\System\Qjfhkph.exe
  2⤵
  PID:7248
- C:\Windows\System\MPoYYYt.exe
  C:\Windows\System\MPoYYYt.exe
  2⤵
  PID:7276
- C:\Windows\System\FRDRJyz.exe
  C:\Windows\System\FRDRJyz.exe
  2⤵
  PID:7304
- C:\Windows\System\usHMtCe.exe
  C:\Windows\System\usHMtCe.exe
  2⤵
  PID:7332
- C:\Windows\System\tUbCbQC.exe
  C:\Windows\System\tUbCbQC.exe
  2⤵
  PID:7360
- C:\Windows\System\FxSaixD.exe
  C:\Windows\System\FxSaixD.exe
  2⤵
  PID:7388
- C:\Windows\System\FZubZpT.exe
  C:\Windows\System\FZubZpT.exe
  2⤵
  PID:7408
- C:\Windows\System\yiWNFZp.exe
  C:\Windows\System\yiWNFZp.exe
  2⤵
  PID:7440
- C:\Windows\System\qGEwtMf.exe
  C:\Windows\System\qGEwtMf.exe
  2⤵
  PID:7472
- C:\Windows\System\ZGWeMVT.exe
  C:\Windows\System\ZGWeMVT.exe
  2⤵
  PID:7500
- C:\Windows\System\izZIgis.exe
  C:\Windows\System\izZIgis.exe
  2⤵
  PID:7528
- C:\Windows\System\fBbEukL.exe
  C:\Windows\System\fBbEukL.exe
  2⤵
  PID:7556
- C:\Windows\System\LqCFpdR.exe
  C:\Windows\System\LqCFpdR.exe
  2⤵
  PID:7584
- C:\Windows\System\MlGrIbc.exe
  C:\Windows\System\MlGrIbc.exe
  2⤵
  PID:7616
- C:\Windows\System\NVjbjwj.exe
  C:\Windows\System\NVjbjwj.exe
  2⤵
  PID:7644
- C:\Windows\System\DiXeABk.exe
  C:\Windows\System\DiXeABk.exe
  2⤵
  PID:7672
- C:\Windows\System\iMUNcMk.exe
  C:\Windows\System\iMUNcMk.exe
  2⤵
  PID:7700
- C:\Windows\System\QgXftPe.exe
  C:\Windows\System\QgXftPe.exe
  2⤵
  PID:7728
- C:\Windows\System\sFLhkrL.exe
  C:\Windows\System\sFLhkrL.exe
  2⤵
  PID:7760
- C:\Windows\System\lSfOxuI.exe
  C:\Windows\System\lSfOxuI.exe
  2⤵
  PID:7784
- C:\Windows\System\pXEKdCB.exe
  C:\Windows\System\pXEKdCB.exe
  2⤵
  PID:7812
- C:\Windows\System\fDuWrMJ.exe
  C:\Windows\System\fDuWrMJ.exe
  2⤵
  PID:7840
- C:\Windows\System\SLtRfCe.exe
  C:\Windows\System\SLtRfCe.exe
  2⤵
  PID:7860
- C:\Windows\System\iCEEQox.exe
  C:\Windows\System\iCEEQox.exe
  2⤵
  PID:7896
- C:\Windows\System\BjDImVH.exe
  C:\Windows\System\BjDImVH.exe
  2⤵
  PID:7924
- C:\Windows\System\SSVZSRj.exe
  C:\Windows\System\SSVZSRj.exe
  2⤵
  PID:7952
- C:\Windows\System\KwZSoWh.exe
  C:\Windows\System\KwZSoWh.exe
  2⤵
  PID:7980
- C:\Windows\System\AghCDjc.exe
  C:\Windows\System\AghCDjc.exe
  2⤵
  PID:8008
- C:\Windows\System\oOGmWXv.exe
  C:\Windows\System\oOGmWXv.exe
  2⤵
  PID:8036
- C:\Windows\System\dOSphJC.exe
  C:\Windows\System\dOSphJC.exe
  2⤵
  PID:8064
- C:\Windows\System\ubSZcjm.exe
  C:\Windows\System\ubSZcjm.exe
  2⤵
  PID:8092
- C:\Windows\System\dBtUXSc.exe
  C:\Windows\System\dBtUXSc.exe
  2⤵
  PID:8120
- C:\Windows\System\TNSjoOE.exe
  C:\Windows\System\TNSjoOE.exe
  2⤵
  PID:8148
- C:\Windows\System\pluIPlA.exe
  C:\Windows\System\pluIPlA.exe
  2⤵
  PID:8176
- C:\Windows\System\chrZpKN.exe
  C:\Windows\System\chrZpKN.exe
  2⤵
  PID:7176
- C:\Windows\System\ZwcPgeM.exe
  C:\Windows\System\ZwcPgeM.exe
  2⤵
  PID:7244
- C:\Windows\System\kxzvMiz.exe
  C:\Windows\System\kxzvMiz.exe
  2⤵
  PID:7316
- C:\Windows\System\adTtTnL.exe
  C:\Windows\System\adTtTnL.exe
  2⤵
  PID:7384
- C:\Windows\System\TkjFReu.exe
  C:\Windows\System\TkjFReu.exe
  2⤵
  PID:7448
- C:\Windows\System\pxdmBwG.exe
  C:\Windows\System\pxdmBwG.exe
  2⤵
  PID:7512
- C:\Windows\System\PFjGWPG.exe
  C:\Windows\System\PFjGWPG.exe
  2⤵
  PID:7580
- C:\Windows\System\hfbEuzD.exe
  C:\Windows\System\hfbEuzD.exe
  2⤵
  PID:7608
- C:\Windows\System\SEbfyKY.exe
  C:\Windows\System\SEbfyKY.exe
  2⤵
  PID:7684
- C:\Windows\System\tbfWLBO.exe
  C:\Windows\System\tbfWLBO.exe
  2⤵
  PID:7748
- C:\Windows\System\DXXpMrV.exe
  C:\Windows\System\DXXpMrV.exe
  2⤵
  PID:7808
- C:\Windows\System\pJiOGFH.exe
  C:\Windows\System\pJiOGFH.exe
  2⤵
  PID:7908
- C:\Windows\System\tHEDfFZ.exe
  C:\Windows\System\tHEDfFZ.exe
  2⤵
  PID:7972
- C:\Windows\System\pXMJhxs.exe
  C:\Windows\System\pXMJhxs.exe
  2⤵
  PID:8028
- C:\Windows\System\dVaoNKo.exe
  C:\Windows\System\dVaoNKo.exe
  2⤵
  PID:8108
- C:\Windows\System\ysmLqVO.exe
  C:\Windows\System\ysmLqVO.exe
  2⤵
  PID:8140
- C:\Windows\System\etXPBKu.exe
  C:\Windows\System\etXPBKu.exe
  2⤵
  PID:7204
- C:\Windows\System\jzxKtkt.exe
  C:\Windows\System\jzxKtkt.exe
  2⤵
  PID:7356
- C:\Windows\System\DZWmuEk.exe
  C:\Windows\System\DZWmuEk.exe
  2⤵
  PID:7484
- C:\Windows\System\ygSHjZl.exe
  C:\Windows\System\ygSHjZl.exe
  2⤵
  PID:7724
- C:\Windows\System\SXurxfk.exe
  C:\Windows\System\SXurxfk.exe
  2⤵
  PID:7872
- C:\Windows\System\ymEYODs.exe
  C:\Windows\System\ymEYODs.exe
  2⤵
  PID:8020
- C:\Windows\System\AtbfKWt.exe
  C:\Windows\System\AtbfKWt.exe
  2⤵
  PID:8088
- C:\Windows\System\mYLjDfe.exe
  C:\Windows\System\mYLjDfe.exe
  2⤵
  PID:7300
- C:\Windows\System\ccMKXVF.exe
  C:\Windows\System\ccMKXVF.exe
  2⤵
  PID:7776
- C:\Windows\System\aXCNUgv.exe
  C:\Windows\System\aXCNUgv.exe
  2⤵
  PID:7936
- C:\Windows\System\ckQWNxN.exe
  C:\Windows\System\ckQWNxN.exe
  2⤵
  PID:7948
- C:\Windows\System\EwknFox.exe
  C:\Windows\System\EwknFox.exe
  2⤵
  PID:7296
- C:\Windows\System\HfOLRSa.exe
  C:\Windows\System\HfOLRSa.exe
  2⤵
  PID:8204
- C:\Windows\System\rjJNfTB.exe
  C:\Windows\System\rjJNfTB.exe
  2⤵
  PID:8240
- C:\Windows\System\UJHPDfO.exe
  C:\Windows\System\UJHPDfO.exe
  2⤵
  PID:8256
- C:\Windows\System\QlMsuud.exe
  C:\Windows\System\QlMsuud.exe
  2⤵
  PID:8284
- C:\Windows\System\RNVEkcV.exe
  C:\Windows\System\RNVEkcV.exe
  2⤵
  PID:8324
- C:\Windows\System\AhACMXp.exe
  C:\Windows\System\AhACMXp.exe
  2⤵
  PID:8344
- C:\Windows\System\OrxbiKT.exe
  C:\Windows\System\OrxbiKT.exe
  2⤵
  PID:8368
- C:\Windows\System\WlozxnJ.exe
  C:\Windows\System\WlozxnJ.exe
  2⤵
  PID:8404
- C:\Windows\System\IMzzpOh.exe
  C:\Windows\System\IMzzpOh.exe
  2⤵
  PID:8436
- C:\Windows\System\fvaRNQF.exe
  C:\Windows\System\fvaRNQF.exe
  2⤵
  PID:8464
- C:\Windows\System\XbpPCUw.exe
  C:\Windows\System\XbpPCUw.exe
  2⤵
  PID:8500
- C:\Windows\System\gSNJuYs.exe
  C:\Windows\System\gSNJuYs.exe
  2⤵
  PID:8540
- C:\Windows\System\jvDbtDr.exe
  C:\Windows\System\jvDbtDr.exe
  2⤵
  PID:8560
- C:\Windows\System\PZmiBMy.exe
  C:\Windows\System\PZmiBMy.exe
  2⤵
  PID:8600
- C:\Windows\System\cqxoIFN.exe
  C:\Windows\System\cqxoIFN.exe
  2⤵
  PID:8628
- C:\Windows\System\UQJXDph.exe
  C:\Windows\System\UQJXDph.exe
  2⤵
  PID:8652
- C:\Windows\System\TVGFdVu.exe
  C:\Windows\System\TVGFdVu.exe
  2⤵
  PID:8684
- C:\Windows\System\EoxrpbI.exe
  C:\Windows\System\EoxrpbI.exe
  2⤵
  PID:8704
- C:\Windows\System\AsHLTqt.exe
  C:\Windows\System\AsHLTqt.exe
  2⤵
  PID:8728
- C:\Windows\System\KXdWWws.exe
  C:\Windows\System\KXdWWws.exe
  2⤵
  PID:8776
- C:\Windows\System\FnbZuVm.exe
  C:\Windows\System\FnbZuVm.exe
  2⤵
  PID:8800
- C:\Windows\System\WhkdCJD.exe
  C:\Windows\System\WhkdCJD.exe
  2⤵
  PID:8820
- C:\Windows\System\QeuGeYs.exe
  C:\Windows\System\QeuGeYs.exe
  2⤵
  PID:8868
- C:\Windows\System\gXbAeAG.exe
  C:\Windows\System\gXbAeAG.exe
  2⤵
  PID:8888
- C:\Windows\System\jTUgNOb.exe
  C:\Windows\System\jTUgNOb.exe
  2⤵
  PID:8908
- C:\Windows\System\PfjwltA.exe
  C:\Windows\System\PfjwltA.exe
  2⤵
  PID:8928
- C:\Windows\System\eHYAASU.exe
  C:\Windows\System\eHYAASU.exe
  2⤵
  PID:8972
- C:\Windows\System\zFZaOmd.exe
  C:\Windows\System\zFZaOmd.exe
  2⤵
  PID:9008
- C:\Windows\System\plfsjCt.exe
  C:\Windows\System\plfsjCt.exe
  2⤵
  PID:9036
- C:\Windows\System\ujVfoFp.exe
  C:\Windows\System\ujVfoFp.exe
  2⤵
  PID:9064
- C:\Windows\System\PCHhnst.exe
  C:\Windows\System\PCHhnst.exe
  2⤵
  PID:9092
- C:\Windows\System\EYyNusc.exe
  C:\Windows\System\EYyNusc.exe
  2⤵
  PID:9120
- C:\Windows\System\BmuGAfy.exe
  C:\Windows\System\BmuGAfy.exe
  2⤵
  PID:9148
- C:\Windows\System\nkbMZdA.exe
  C:\Windows\System\nkbMZdA.exe
  2⤵
  PID:9176
- C:\Windows\System\bRebBuL.exe
  C:\Windows\System\bRebBuL.exe
  2⤵
  PID:9192
- C:\Windows\System\fXAptkx.exe
  C:\Windows\System\fXAptkx.exe
  2⤵
  PID:8200
- C:\Windows\System\SIiETfk.exe
  C:\Windows\System\SIiETfk.exe
  2⤵
  PID:8272
- C:\Windows\System\JUCqMMd.exe
  C:\Windows\System\JUCqMMd.exe
  2⤵
  PID:8356
- C:\Windows\System\FQzxsWI.exe
  C:\Windows\System\FQzxsWI.exe
  2⤵
  PID:8424
- C:\Windows\System\HdovjHc.exe
  C:\Windows\System\HdovjHc.exe
  2⤵
  PID:8524
- C:\Windows\System\oKBOUnv.exe
  C:\Windows\System\oKBOUnv.exe
  2⤵
  PID:8588
- C:\Windows\System\AwhShxf.exe
  C:\Windows\System\AwhShxf.exe
  2⤵
  PID:8616
- C:\Windows\System\qKuZfoK.exe
  C:\Windows\System\qKuZfoK.exe
  2⤵
  PID:8676
- C:\Windows\System\ZVeNVsA.exe
  C:\Windows\System\ZVeNVsA.exe
  2⤵
  PID:8720
- C:\Windows\System\rEXTXIP.exe
  C:\Windows\System\rEXTXIP.exe
  2⤵
  PID:8848
- C:\Windows\System\OdNnUfG.exe
  C:\Windows\System\OdNnUfG.exe
  2⤵
  PID:8876
- C:\Windows\System\aPfiBnT.exe
  C:\Windows\System\aPfiBnT.exe
  2⤵
  PID:8992
- C:\Windows\System\LrJJPrt.exe
  C:\Windows\System\LrJJPrt.exe
  2⤵
  PID:9056
- C:\Windows\System\XcuXvYM.exe
  C:\Windows\System\XcuXvYM.exe
  2⤵
  PID:9108
- C:\Windows\System\KRsfCRn.exe
  C:\Windows\System\KRsfCRn.exe
  2⤵
  PID:9188
- C:\Windows\System\YSUsmut.exe
  C:\Windows\System\YSUsmut.exe
  2⤵
  PID:8232
- C:\Windows\System\rSRynXe.exe
  C:\Windows\System\rSRynXe.exe
  2⤵
  PID:8316
- C:\Windows\System\uxbmtjz.exe
  C:\Windows\System\uxbmtjz.exe
  2⤵
  PID:8488
- C:\Windows\System\HmHZhza.exe
  C:\Windows\System\HmHZhza.exe
  2⤵
  PID:8572
- C:\Windows\System\KpDzrcp.exe
  C:\Windows\System\KpDzrcp.exe
  2⤵
  PID:8664
- C:\Windows\System\DIVLTMh.exe
  C:\Windows\System\DIVLTMh.exe
  2⤵
  PID:9000
- C:\Windows\System\mGCbrwn.exe
  C:\Windows\System\mGCbrwn.exe
  2⤵
  PID:9144
- C:\Windows\System\VefGuXt.exe
  C:\Windows\System\VefGuXt.exe
  2⤵
  PID:8648
- C:\Windows\System\ckJPYgt.exe
  C:\Windows\System\ckJPYgt.exe
  2⤵
  PID:8772
- C:\Windows\System\TdqKdHI.exe
  C:\Windows\System\TdqKdHI.exe
  2⤵
  PID:8924
- C:\Windows\System\dqMRavU.exe
  C:\Windows\System\dqMRavU.exe
  2⤵
  PID:8516
- C:\Windows\System\cklbvYA.exe
  C:\Windows\System\cklbvYA.exe
  2⤵
  PID:9220
- C:\Windows\System\AWkMMVw.exe
  C:\Windows\System\AWkMMVw.exe
  2⤵
  PID:9272
- C:\Windows\System\ENMfYTo.exe
  C:\Windows\System\ENMfYTo.exe
  2⤵
  PID:9292
- C:\Windows\System\bgdpnAS.exe
  C:\Windows\System\bgdpnAS.exe
  2⤵
  PID:9316
- C:\Windows\System\hHRPqHl.exe
  C:\Windows\System\hHRPqHl.exe
  2⤵
  PID:9348
- C:\Windows\System\FFSpqBF.exe
  C:\Windows\System\FFSpqBF.exe
  2⤵
  PID:9376
- C:\Windows\System\xrnBIWd.exe
  C:\Windows\System\xrnBIWd.exe
  2⤵
  PID:9416
- C:\Windows\System\JmVZVQe.exe
  C:\Windows\System\JmVZVQe.exe
  2⤵
  PID:9432
- C:\Windows\System\rVzFEWU.exe
  C:\Windows\System\rVzFEWU.exe
  2⤵
  PID:9464
- C:\Windows\System\IWgenUo.exe
  C:\Windows\System\IWgenUo.exe
  2⤵
  PID:9492
- C:\Windows\System\EGrGmRm.exe
  C:\Windows\System\EGrGmRm.exe
  2⤵
  PID:9516
- C:\Windows\System\ACvAMsE.exe
  C:\Windows\System\ACvAMsE.exe
  2⤵
  PID:9552
- C:\Windows\System\gJCgoBf.exe
  C:\Windows\System\gJCgoBf.exe
  2⤵
  PID:9576
- C:\Windows\System\pDeiPBO.exe
  C:\Windows\System\pDeiPBO.exe
  2⤵
  PID:9604
- C:\Windows\System\dInsIYC.exe
  C:\Windows\System\dInsIYC.exe
  2⤵
  PID:9628
- C:\Windows\System\sghEErw.exe
  C:\Windows\System\sghEErw.exe
  2⤵
  PID:9656
- C:\Windows\System\BfQBHgu.exe
  C:\Windows\System\BfQBHgu.exe
  2⤵
  PID:9684
- C:\Windows\System\BwZEoMd.exe
  C:\Windows\System\BwZEoMd.exe
  2⤵
  PID:9712
- C:\Windows\System\UJglWSA.exe
  C:\Windows\System\UJglWSA.exe
  2⤵
  PID:9744
- C:\Windows\System\evsYvXt.exe
  C:\Windows\System\evsYvXt.exe
  2⤵
  PID:9784
- C:\Windows\System\wDvhMBa.exe
  C:\Windows\System\wDvhMBa.exe
  2⤵
  PID:9812
- C:\Windows\System\hqNKCsa.exe
  C:\Windows\System\hqNKCsa.exe
  2⤵
  PID:9836
- C:\Windows\System\FtNdabG.exe
  C:\Windows\System\FtNdabG.exe
  2⤵
  PID:9856
- C:\Windows\System\rCzbeeM.exe
  C:\Windows\System\rCzbeeM.exe
  2⤵
  PID:9892
- C:\Windows\System\KvPAGUC.exe
  C:\Windows\System\KvPAGUC.exe
  2⤵
  PID:9924
- C:\Windows\System\OTVlkOt.exe
  C:\Windows\System\OTVlkOt.exe
  2⤵
  PID:9952
- C:\Windows\System\AfMhycx.exe
  C:\Windows\System\AfMhycx.exe
  2⤵
  PID:9968
- C:\Windows\System\yOlATwg.exe
  C:\Windows\System\yOlATwg.exe
  2⤵
  PID:9996
- C:\Windows\System\whnRAdC.exe
  C:\Windows\System\whnRAdC.exe
  2⤵
  PID:10036
- C:\Windows\System\oqEkZZS.exe
  C:\Windows\System\oqEkZZS.exe
  2⤵
  PID:10064
- C:\Windows\System\gMUnZNE.exe
  C:\Windows\System\gMUnZNE.exe
  2⤵
  PID:10080
- C:\Windows\System\WAxpXev.exe
  C:\Windows\System\WAxpXev.exe
  2⤵
  PID:10108
- C:\Windows\System\NezfgIW.exe
  C:\Windows\System\NezfgIW.exe
  2⤵
  PID:10124
- C:\Windows\System\hyEyFgW.exe
  C:\Windows\System\hyEyFgW.exe
  2⤵
  PID:10156
- C:\Windows\System\RXrAkRZ.exe
  C:\Windows\System\RXrAkRZ.exe
  2⤵
  PID:10188
- C:\Windows\System\tFEebPO.exe
  C:\Windows\System\tFEebPO.exe
  2⤵
  PID:10232
- C:\Windows\System\xMFqdGn.exe
  C:\Windows\System\xMFqdGn.exe
  2⤵
  PID:9280
- C:\Windows\System\ZzgrmTd.exe
  C:\Windows\System\ZzgrmTd.exe
  2⤵
  PID:9300
- C:\Windows\System\zEEBrMw.exe
  C:\Windows\System\zEEBrMw.exe
  2⤵
  PID:9404
- C:\Windows\System\jbqIHXm.exe
  C:\Windows\System\jbqIHXm.exe
  2⤵
  PID:9424
- C:\Windows\System\DnHojLu.exe
  C:\Windows\System\DnHojLu.exe
  2⤵
  PID:9512
- C:\Windows\System\WcAxtRL.exe
  C:\Windows\System\WcAxtRL.exe
  2⤵
  PID:9544
- C:\Windows\System\kDqrBfs.exe
  C:\Windows\System\kDqrBfs.exe
  2⤵
  PID:9592
- C:\Windows\System\ccGznmw.exe
  C:\Windows\System\ccGznmw.exe
  2⤵
  PID:9708
- C:\Windows\System\bNeoiyO.exe
  C:\Windows\System\bNeoiyO.exe
  2⤵
  PID:9768
- C:\Windows\System\nmkEnuO.exe
  C:\Windows\System\nmkEnuO.exe
  2⤵
  PID:9848
- C:\Windows\System\GNzCtHa.exe
  C:\Windows\System\GNzCtHa.exe
  2⤵
  PID:9912
- C:\Windows\System\bmERrKw.exe
  C:\Windows\System\bmERrKw.exe
  2⤵
  PID:9960
- C:\Windows\System\AxagQbW.exe
  C:\Windows\System\AxagQbW.exe
  2⤵
  PID:10012
- C:\Windows\System\EfHqAGr.exe
  C:\Windows\System\EfHqAGr.exe
  2⤵
  PID:10072
- C:\Windows\System\RDBPFXx.exe
  C:\Windows\System\RDBPFXx.exe
  2⤵
  PID:10140
- C:\Windows\System\HwHsOxg.exe
  C:\Windows\System\HwHsOxg.exe
  2⤵
  PID:10228
- C:\Windows\System\ehAHtoc.exe
  C:\Windows\System\ehAHtoc.exe
  2⤵
  PID:9308
- C:\Windows\System\pChwfEr.exe
  C:\Windows\System\pChwfEr.exe
  2⤵
  PID:9480
- C:\Windows\System\FMquwGv.exe
  C:\Windows\System\FMquwGv.exe
  2⤵
  PID:9644
- C:\Windows\System\BfUHkoy.exe
  C:\Windows\System\BfUHkoy.exe
  2⤵
  PID:9828
- C:\Windows\System\akDRdEH.exe
  C:\Windows\System\akDRdEH.exe
  2⤵
  PID:9940
- C:\Windows\System\UnYzGTS.exe
  C:\Windows\System\UnYzGTS.exe
  2⤵
  PID:10048
- C:\Windows\System\CBtgMtD.exe
  C:\Windows\System\CBtgMtD.exe
  2⤵
  PID:10208
- C:\Windows\System\fxQvdue.exe
  C:\Windows\System\fxQvdue.exe
  2⤵
  PID:9472
- C:\Windows\System\PSPvrrI.exe
  C:\Windows\System\PSPvrrI.exe
  2⤵
  PID:9888
- C:\Windows\System\WvvrRPR.exe
  C:\Windows\System\WvvrRPR.exe
  2⤵
  PID:8612
- C:\Windows\System\OpsFaMT.exe
  C:\Windows\System\OpsFaMT.exe
  2⤵
  PID:9332
- C:\Windows\System\TNFLHgO.exe
  C:\Windows\System\TNFLHgO.exe
  2⤵
  PID:10272
- C:\Windows\System\IBvGNGx.exe
  C:\Windows\System\IBvGNGx.exe
  2⤵
  PID:10288
- C:\Windows\System\RVdBWZT.exe
  C:\Windows\System\RVdBWZT.exe
  2⤵
  PID:10328
- C:\Windows\System\gzxVVsC.exe
  C:\Windows\System\gzxVVsC.exe
  2⤵
  PID:10356
- C:\Windows\System\wUvINTD.exe
  C:\Windows\System\wUvINTD.exe
  2⤵
  PID:10384
- C:\Windows\System\qQqGauT.exe
  C:\Windows\System\qQqGauT.exe
  2⤵
  PID:10412
- C:\Windows\System\npUAZUg.exe
  C:\Windows\System\npUAZUg.exe
  2⤵
  PID:10440
- C:\Windows\System\gzQBZGG.exe
  C:\Windows\System\gzQBZGG.exe
  2⤵
  PID:10468
- C:\Windows\System\svdBMTR.exe
  C:\Windows\System\svdBMTR.exe
  2⤵
  PID:10496
- C:\Windows\System\PQxHbZY.exe
  C:\Windows\System\PQxHbZY.exe
  2⤵
  PID:10524
- C:\Windows\System\dbwzdBO.exe
  C:\Windows\System\dbwzdBO.exe
  2⤵
  PID:10552
- C:\Windows\System\MEjLwSZ.exe
  C:\Windows\System\MEjLwSZ.exe
  2⤵
  PID:10580
- C:\Windows\System\XnxVCgr.exe
  C:\Windows\System\XnxVCgr.exe
  2⤵
  PID:10608
- C:\Windows\System\VorlUVI.exe
  C:\Windows\System\VorlUVI.exe
  2⤵
  PID:10624
- C:\Windows\System\dzEJffw.exe
  C:\Windows\System\dzEJffw.exe
  2⤵
  PID:10660
- C:\Windows\System\faIXJKI.exe
  C:\Windows\System\faIXJKI.exe
  2⤵
  PID:10680
- C:\Windows\System\ZacToeJ.exe
  C:\Windows\System\ZacToeJ.exe
  2⤵
  PID:10724
- C:\Windows\System\oxtDumO.exe
  C:\Windows\System\oxtDumO.exe
  2⤵
  PID:10752
- C:\Windows\System\Nnhvpnr.exe
  C:\Windows\System\Nnhvpnr.exe
  2⤵
  PID:10800
- C:\Windows\System\YMkesuu.exe
  C:\Windows\System\YMkesuu.exe
  2⤵
  PID:10836
- C:\Windows\System\apETYmp.exe
  C:\Windows\System\apETYmp.exe
  2⤵
  PID:10880
- C:\Windows\System\lvZmXqq.exe
  C:\Windows\System\lvZmXqq.exe
  2⤵
  PID:10912
- C:\Windows\System\WkBsNkU.exe
  C:\Windows\System\WkBsNkU.exe
  2⤵
  PID:10940
- C:\Windows\System\SOcAfLJ.exe
  C:\Windows\System\SOcAfLJ.exe
  2⤵
  PID:10968
- C:\Windows\System\MiUfTKR.exe
  C:\Windows\System\MiUfTKR.exe
  2⤵
  PID:10992
- C:\Windows\System\nRcgGZu.exe
  C:\Windows\System\nRcgGZu.exe
  2⤵
  PID:11012
- C:\Windows\System\AFtZrGI.exe
  C:\Windows\System\AFtZrGI.exe
  2⤵
  PID:11044
- C:\Windows\System\TNeIArT.exe
  C:\Windows\System\TNeIArT.exe
  2⤵
  PID:11076
- C:\Windows\System\eLBolTJ.exe
  C:\Windows\System\eLBolTJ.exe
  2⤵
  PID:11104
- C:\Windows\System\UNLcEgn.exe
  C:\Windows\System\UNLcEgn.exe
  2⤵
  PID:11128
- C:\Windows\System\NsqMLIt.exe
  C:\Windows\System\NsqMLIt.exe
  2⤵
  PID:11156
- C:\Windows\System\ASVkoFD.exe
  C:\Windows\System\ASVkoFD.exe
  2⤵
  PID:11200
- C:\Windows\System\EPwbohk.exe
  C:\Windows\System\EPwbohk.exe
  2⤵
  PID:11232
- C:\Windows\System\uctcsoj.exe
  C:\Windows\System\uctcsoj.exe
  2⤵
  PID:9984
- C:\Windows\System\TrthdUi.exe
  C:\Windows\System\TrthdUi.exe
  2⤵
  PID:10284
- C:\Windows\System\zQclEuk.exe
  C:\Windows\System\zQclEuk.exe
  2⤵
  PID:10600
- C:\Windows\System\zaVPvtv.exe
  C:\Windows\System\zaVPvtv.exe
  2⤵
  PID:10640
- C:\Windows\System\SBziqCg.exe
  C:\Windows\System\SBziqCg.exe
  2⤵
  PID:10700
- C:\Windows\System\ksBHjNB.exe
  C:\Windows\System\ksBHjNB.exe
  2⤵
  PID:10788
- C:\Windows\System\AUDdUlr.exe
  C:\Windows\System\AUDdUlr.exe
  2⤵
  PID:10872
- C:\Windows\System\sTmvIuS.exe
  C:\Windows\System\sTmvIuS.exe
  2⤵
  PID:10932
- C:\Windows\System\LqCXuwg.exe
  C:\Windows\System\LqCXuwg.exe
  2⤵
  PID:10988
- C:\Windows\System\DOyHQER.exe
  C:\Windows\System\DOyHQER.exe
  2⤵
  PID:11072
- C:\Windows\System\lWgGcxq.exe
  C:\Windows\System\lWgGcxq.exe
  2⤵
  PID:11144
- C:\Windows\System\xRyEqWe.exe
  C:\Windows\System\xRyEqWe.exe
  2⤵
  PID:11192
- C:\Windows\System\hzvvNyt.exe
  C:\Windows\System\hzvvNyt.exe
  2⤵
  PID:10268
- C:\Windows\System\eJszwVK.exe
  C:\Windows\System\eJszwVK.exe
  2⤵
  PID:10224
- C:\Windows\System\JNiHATU.exe
  C:\Windows\System\JNiHATU.exe
  2⤵
  PID:10740
- C:\Windows\System\EhVxIbH.exe
  C:\Windows\System\EhVxIbH.exe
  2⤵
  PID:10876
- C:\Windows\System\tVeQgDv.exe
  C:\Windows\System\tVeQgDv.exe
  2⤵
  PID:11028
- C:\Windows\System\adPHUsn.exe
  C:\Windows\System\adPHUsn.exe
  2⤵
  PID:10436
- C:\Windows\System\esqmOPp.exe
  C:\Windows\System\esqmOPp.exe
  2⤵
  PID:10676
- C:\Windows\System\ozDpBXI.exe
  C:\Windows\System\ozDpBXI.exe
  2⤵
  PID:11184
- C:\Windows\System\mNdVSCo.exe
  C:\Windows\System\mNdVSCo.exe
  2⤵
  PID:10668
- C:\Windows\System\IlhxnGu.exe
  C:\Windows\System\IlhxnGu.exe
  2⤵
  PID:11000
- C:\Windows\System\JVrVwCM.exe
  C:\Windows\System\JVrVwCM.exe
  2⤵
  PID:11292
- C:\Windows\System\YidTLkk.exe
  C:\Windows\System\YidTLkk.exe
  2⤵
  PID:11348
- C:\Windows\System\RGqRRBu.exe
  C:\Windows\System\RGqRRBu.exe
  2⤵
  PID:11384
- C:\Windows\System\xNCtnqZ.exe
  C:\Windows\System\xNCtnqZ.exe
  2⤵
  PID:11400
- C:\Windows\System\ajxsrFp.exe
  C:\Windows\System\ajxsrFp.exe
  2⤵
  PID:11440
- C:\Windows\System\XeqnKBG.exe
  C:\Windows\System\XeqnKBG.exe
  2⤵
  PID:11460
- C:\Windows\System\ZQktLqy.exe
  C:\Windows\System\ZQktLqy.exe
  2⤵
  PID:11484
- C:\Windows\System\tRmbGri.exe
  C:\Windows\System\tRmbGri.exe
  2⤵
  PID:11520
- C:\Windows\System\WpZkfLL.exe
  C:\Windows\System\WpZkfLL.exe
  2⤵
  PID:11540
- C:\Windows\System\QZKWOJO.exe
  C:\Windows\System\QZKWOJO.exe
  2⤵
  PID:11568
- C:\Windows\System\CIclDVT.exe
  C:\Windows\System\CIclDVT.exe
  2⤵
  PID:11596
- C:\Windows\System\UNLLIwo.exe
  C:\Windows\System\UNLLIwo.exe
  2⤵
  PID:11624
- C:\Windows\System\rubFUxf.exe
  C:\Windows\System\rubFUxf.exe
  2⤵
  PID:11652
- C:\Windows\System\bjDLeHU.exe
  C:\Windows\System\bjDLeHU.exe
  2⤵
  PID:11668
- C:\Windows\System\LNjDooX.exe
  C:\Windows\System\LNjDooX.exe
  2⤵
  PID:11684
- C:\Windows\System\jgseDJs.exe
  C:\Windows\System\jgseDJs.exe
  2⤵
  PID:11708
- C:\Windows\System\IeYKaMT.exe
  C:\Windows\System\IeYKaMT.exe
  2⤵
  PID:11776
- C:\Windows\System\DedrkGD.exe
  C:\Windows\System\DedrkGD.exe
  2⤵
  PID:11804
- C:\Windows\System\ZJuWNCI.exe
  C:\Windows\System\ZJuWNCI.exe
  2⤵
  PID:11840
- C:\Windows\System\RxYeRFA.exe
  C:\Windows\System\RxYeRFA.exe
  2⤵
  PID:11856
- C:\Windows\System\pgrDoLv.exe
  C:\Windows\System\pgrDoLv.exe
  2⤵
  PID:11892
- C:\Windows\System\eEiqNoL.exe
  C:\Windows\System\eEiqNoL.exe
  2⤵
  PID:11920
- C:\Windows\System\ZgpElBY.exe
  C:\Windows\System\ZgpElBY.exe
  2⤵
  PID:11944
- C:\Windows\System\PGGMkLT.exe
  C:\Windows\System\PGGMkLT.exe
  2⤵
  PID:11968
- C:\Windows\System\vgnaZwD.exe
  C:\Windows\System\vgnaZwD.exe
  2⤵
  PID:11996
- C:\Windows\System\RmPgGIn.exe
  C:\Windows\System\RmPgGIn.exe
  2⤵
  PID:12028
- C:\Windows\System\xCEyTVw.exe
  C:\Windows\System\xCEyTVw.exe
  2⤵
  PID:12064
- C:\Windows\System\YIeTFIr.exe
  C:\Windows\System\YIeTFIr.exe
  2⤵
  PID:12092
- C:\Windows\System\XfVEPKi.exe
  C:\Windows\System\XfVEPKi.exe
  2⤵
  PID:12120
- C:\Windows\System\gWTBVWl.exe
  C:\Windows\System\gWTBVWl.exe
  2⤵
  PID:12148
- C:\Windows\System\YQERhNO.exe
  C:\Windows\System\YQERhNO.exe
  2⤵
  PID:12176
- C:\Windows\System\StcarFL.exe
  C:\Windows\System\StcarFL.exe
  2⤵
  PID:12192
- C:\Windows\System\FbSAPEM.exe
  C:\Windows\System\FbSAPEM.exe
  2⤵
  PID:12212
- C:\Windows\System\RDuFiCc.exe
  C:\Windows\System\RDuFiCc.exe
  2⤵
  PID:12240
- C:\Windows\System\xehnSTy.exe
  C:\Windows\System\xehnSTy.exe
  2⤵
  PID:12280
- C:\Windows\System\xAhgVGi.exe
  C:\Windows\System\xAhgVGi.exe
  2⤵
  PID:11308
- C:\Windows\System\ezZJflM.exe
  C:\Windows\System\ezZJflM.exe
  2⤵
  PID:11316
- C:\Windows\System\BIPgOWo.exe
  C:\Windows\System\BIPgOWo.exe
  2⤵
  PID:11412
- C:\Windows\System\oFUKave.exe
  C:\Windows\System\oFUKave.exe
  2⤵
  PID:11468
- C:\Windows\System\PKLsYNQ.exe
  C:\Windows\System\PKLsYNQ.exe
  2⤵
  PID:11504
- C:\Windows\System\FLECvOP.exe
  C:\Windows\System\FLECvOP.exe
  2⤵
  PID:11584
- C:\Windows\System\xMgYHXT.exe
  C:\Windows\System\xMgYHXT.exe
  2⤵
  PID:11704
- C:\Windows\System\FhFRgdW.exe
  C:\Windows\System\FhFRgdW.exe
  2⤵
  PID:11768
- C:\Windows\System\xOXCfSM.exe
  C:\Windows\System\xOXCfSM.exe
  2⤵
  PID:11796
- C:\Windows\System\EpmANPL.exe
  C:\Windows\System\EpmANPL.exe
  2⤵
  PID:11880
- C:\Windows\System\nLVAuvl.exe
  C:\Windows\System\nLVAuvl.exe
  2⤵
  PID:11964
- C:\Windows\System\GkPBdWs.exe
  C:\Windows\System\GkPBdWs.exe
  2⤵
  PID:11992
- C:\Windows\System\JZpkncB.exe
  C:\Windows\System\JZpkncB.exe
  2⤵
  PID:12076
- C:\Windows\System\vjIaALL.exe
  C:\Windows\System\vjIaALL.exe
  2⤵
  PID:12112
- C:\Windows\System\pFfYPsR.exe
  C:\Windows\System\pFfYPsR.exe
  2⤵
  PID:12160
- C:\Windows\System\EnsZstv.exe
  C:\Windows\System\EnsZstv.exe
  2⤵
  PID:11280
- C:\Windows\System\nMhLNRK.exe
  C:\Windows\System\nMhLNRK.exe
  2⤵
  PID:11336
- C:\Windows\System\ZOWiRjI.exe
  C:\Windows\System\ZOWiRjI.exe
  2⤵
  PID:11452
- C:\Windows\System\zIkpYDQ.exe
  C:\Windows\System\zIkpYDQ.exe
  2⤵
  PID:11700
- C:\Windows\System\PZBpxtu.exe
  C:\Windows\System\PZBpxtu.exe
  2⤵
  PID:11732
- C:\Windows\System\egPKXls.exe
  C:\Windows\System\egPKXls.exe
  2⤵
  PID:11912
- C:\Windows\System\qfBgekj.exe
  C:\Windows\System\qfBgekj.exe
  2⤵
  PID:12040
- C:\Windows\System\DZbciyF.exe
  C:\Windows\System\DZbciyF.exe
  2⤵
  PID:12228
- C:\Windows\System\zPtVARM.exe
  C:\Windows\System\zPtVARM.exe
  2⤵
  PID:11268
- C:\Windows\System\sIlDmdB.exe
  C:\Windows\System\sIlDmdB.exe
  2⤵
  PID:11696
- C:\Windows\System\TRzAkuW.exe
  C:\Windows\System\TRzAkuW.exe
  2⤵
  PID:11956
- C:\Windows\System\zyRRsll.exe
  C:\Windows\System\zyRRsll.exe
  2⤵
  PID:11196
- C:\Windows\System\SXvNkrT.exe
  C:\Windows\System\SXvNkrT.exe
  2⤵
  PID:10908
- C:\Windows\System\QLrRztJ.exe
  C:\Windows\System\QLrRztJ.exe
  2⤵
  PID:11532
- C:\Windows\System\zYmdvAS.exe
  C:\Windows\System\zYmdvAS.exe
  2⤵
  PID:12312
- C:\Windows\System\XJrolvl.exe
  C:\Windows\System\XJrolvl.exe
  2⤵
  PID:12340
- C:\Windows\System\DWEYIgM.exe
  C:\Windows\System\DWEYIgM.exe
  2⤵
  PID:12376
- C:\Windows\System\HRJgxfm.exe
  C:\Windows\System\HRJgxfm.exe
  2⤵
  PID:12404
- C:\Windows\System\NamKfRE.exe
  C:\Windows\System\NamKfRE.exe
  2⤵
  PID:12432
- C:\Windows\System\kftDrCm.exe
  C:\Windows\System\kftDrCm.exe
  2⤵
  PID:12472
- C:\Windows\System\bDJizIv.exe
  C:\Windows\System\bDJizIv.exe
  2⤵
  PID:12488
- C:\Windows\System\OqBczFX.exe
  C:\Windows\System\OqBczFX.exe
  2⤵
  PID:12508
- C:\Windows\System\UfgMjGv.exe
  C:\Windows\System\UfgMjGv.exe
  2⤵
  PID:12540
- C:\Windows\System\hbIIGUJ.exe
  C:\Windows\System\hbIIGUJ.exe
  2⤵
  PID:12556
- C:\Windows\System\OaTwYJu.exe
  C:\Windows\System\OaTwYJu.exe
  2⤵
  PID:12584
- C:\Windows\System\MyRzVuT.exe
  C:\Windows\System\MyRzVuT.exe
  2⤵
  PID:12628
- C:\Windows\System\BWhLwYz.exe
  C:\Windows\System\BWhLwYz.exe
  2⤵
  PID:12656
- C:\Windows\System\HdOGnsG.exe
  C:\Windows\System\HdOGnsG.exe
  2⤵
  PID:12696
- C:\Windows\System\IkkHARH.exe
  C:\Windows\System\IkkHARH.exe
  2⤵
  PID:12724
- C:\Windows\System\JiXBNXs.exe
  C:\Windows\System\JiXBNXs.exe
  2⤵
  PID:12752
- C:\Windows\System\mxLKPXl.exe
  C:\Windows\System\mxLKPXl.exe
  2⤵
  PID:12776
- C:\Windows\System\qemviIb.exe
  C:\Windows\System\qemviIb.exe
  2⤵
  PID:12792
- C:\Windows\System\FvVdvYZ.exe
  C:\Windows\System\FvVdvYZ.exe
  2⤵
  PID:12812
- C:\Windows\System\tgBDSUk.exe
  C:\Windows\System\tgBDSUk.exe
  2⤵
  PID:12844
- C:\Windows\System\pMIsKSo.exe
  C:\Windows\System\pMIsKSo.exe
  2⤵
  PID:12880
- C:\Windows\System\ATVfjWQ.exe
  C:\Windows\System\ATVfjWQ.exe
  2⤵
  PID:12908
- C:\Windows\System\lCgBJAW.exe
  C:\Windows\System\lCgBJAW.exe
  2⤵
  PID:12936
- C:\Windows\System\CYignLP.exe
  C:\Windows\System\CYignLP.exe
  2⤵
  PID:12964
- C:\Windows\System\oIYqqoa.exe
  C:\Windows\System\oIYqqoa.exe
  2⤵
  PID:12992
- C:\Windows\System\ACjDtmZ.exe
  C:\Windows\System\ACjDtmZ.exe
  2⤵
  PID:13032
- C:\Windows\System\gXShBKt.exe
  C:\Windows\System\gXShBKt.exe
  2⤵
  PID:13060
- C:\Windows\System\ApAyilb.exe
  C:\Windows\System\ApAyilb.exe
  2⤵
  PID:13076
- C:\Windows\System\OjGxYcN.exe
  C:\Windows\System\OjGxYcN.exe
  2⤵
  PID:13104
- C:\Windows\System\IKdgOoO.exe
  C:\Windows\System\IKdgOoO.exe
  2⤵
  PID:13132
- C:\Windows\System\MSwSUMs.exe
  C:\Windows\System\MSwSUMs.exe
  2⤵
  PID:13160
- C:\Windows\System\rhihZPD.exe
  C:\Windows\System\rhihZPD.exe
  2⤵
  PID:13200
- C:\Windows\System\RWaAeSp.exe
  C:\Windows\System\RWaAeSp.exe
  2⤵
  PID:13220
- C:\Windows\System\Nxsmigr.exe
  C:\Windows\System\Nxsmigr.exe
  2⤵
  PID:13252
- C:\Windows\System\KaHfZaQ.exe
  C:\Windows\System\KaHfZaQ.exe
  2⤵
  PID:13284
- C:\Windows\System\yYylPdH.exe
  C:\Windows\System\yYylPdH.exe
  2⤵
  PID:13304
- C:\Windows\System\FXAYRif.exe
  C:\Windows\System\FXAYRif.exe
  2⤵
  PID:12324
- C:\Windows\System\EVQMnTe.exe
  C:\Windows\System\EVQMnTe.exe
  2⤵
  PID:12368
- C:\Windows\System\AHyJOkI.exe
  C:\Windows\System\AHyJOkI.exe
  2⤵
  PID:12448
- C:\Windows\System\KKfRwXc.exe
  C:\Windows\System\KKfRwXc.exe
  2⤵
  PID:12524
- C:\Windows\System\IDnrhgP.exe
  C:\Windows\System\IDnrhgP.exe
  2⤵
  PID:12564
- C:\Windows\System\duIjAAR.exe
  C:\Windows\System\duIjAAR.exe
  2⤵
  PID:12648
- C:\Windows\System\lhnGwIx.exe
  C:\Windows\System\lhnGwIx.exe
  2⤵
  PID:12720
- C:\Windows\System\uxmmGfx.exe
  C:\Windows\System\uxmmGfx.exe
  2⤵
  PID:12768
- C:\Windows\System\gYkRMiL.exe
  C:\Windows\System\gYkRMiL.exe
  2⤵
  PID:12872
- C:\Windows\System\IrPxsLz.exe
  C:\Windows\System\IrPxsLz.exe
  2⤵
  PID:12924
- C:\Windows\System\XPHheEv.exe
  C:\Windows\System\XPHheEv.exe
  2⤵
  PID:12948
- C:\Windows\System\TNPwOFx.exe
  C:\Windows\System\TNPwOFx.exe
  2⤵
  PID:13020
- C:\Windows\System\YhYHpnj.exe
  C:\Windows\System\YhYHpnj.exe
  2⤵
  PID:13116
- C:\Windows\System\trYrURH.exe
  C:\Windows\System\trYrURH.exe
  2⤵
  PID:13172
- C:\Windows\System\SEdkePC.exe
  C:\Windows\System\SEdkePC.exe
  2⤵
  PID:13248
- C:\Windows\System\nIYaLea.exe
  C:\Windows\System\nIYaLea.exe
  2⤵
  PID:12304
- C:\Windows\System\VvFtUMT.exe
  C:\Windows\System\VvFtUMT.exe
  2⤵
  PID:12452
- C:\Windows\System\fbNyKlT.exe
  C:\Windows\System\fbNyKlT.exe
  2⤵
  PID:12548
- C:\Windows\System\dNcurkh.exe
  C:\Windows\System\dNcurkh.exe
  2⤵
  PID:12784
- C:\Windows\System\FNQNvSe.exe
  C:\Windows\System\FNQNvSe.exe
  2⤵
  PID:12172
- C:\Windows\System\kZqyMzD.exe
  C:\Windows\System\kZqyMzD.exe
  2⤵
  PID:13016
- C:\Windows\System\nmJwChu.exe
  C:\Windows\System\nmJwChu.exe
  2⤵
  PID:13124
- C:\Windows\System\uJaCTwv.exe
  C:\Windows\System\uJaCTwv.exe
  2⤵
  PID:12388
- C:\Windows\System\ZHPVGpp.exe
  C:\Windows\System\ZHPVGpp.exe
  2⤵
  PID:12532
- C:\Windows\System\zgIjLIz.exe
  C:\Windows\System\zgIjLIz.exe
  2⤵
  PID:13008
- C:\Windows\System\wDOCzNm.exe
  C:\Windows\System\wDOCzNm.exe
  2⤵
  PID:12328
- C:\Windows\System\NyZzogg.exe
  C:\Windows\System\NyZzogg.exe
  2⤵
  PID:12920
- C:\Windows\System\Ctoqnyx.exe
  C:\Windows\System\Ctoqnyx.exe
  2⤵
  PID:3884
- C:\Windows\System\OjblTjM.exe
  C:\Windows\System\OjblTjM.exe
  2⤵
  PID:13336
- C:\Windows\System\JKaDsRh.exe
  C:\Windows\System\JKaDsRh.exe
  2⤵
  PID:13364
- C:\Windows\System\ulcwTXE.exe
  C:\Windows\System\ulcwTXE.exe
  2⤵
  PID:13400
- C:\Windows\System\wqoScvG.exe
  C:\Windows\System\wqoScvG.exe
  2⤵
  PID:13420
- C:\Windows\System\cfPnRAn.exe
  C:\Windows\System\cfPnRAn.exe
  2⤵
  PID:13444
- C:\Windows\System\eaUPgPA.exe
  C:\Windows\System\eaUPgPA.exe
  2⤵
  PID:13484
- C:\Windows\System\BcvImBq.exe
  C:\Windows\System\BcvImBq.exe
  2⤵
  PID:13520
- C:\Windows\System\AqSMfLx.exe
  C:\Windows\System\AqSMfLx.exe
  2⤵
  PID:13536
- C:\Windows\System\khpnHTY.exe
  C:\Windows\System\khpnHTY.exe
  2⤵
  PID:13568
- C:\Windows\System\JxrMrnO.exe
  C:\Windows\System\JxrMrnO.exe
  2⤵
  PID:13592
- C:\Windows\System\PcNXCiJ.exe
  C:\Windows\System\PcNXCiJ.exe
  2⤵
  PID:13608
- C:\Windows\System\fEgWTTO.exe
  C:\Windows\System\fEgWTTO.exe
  2⤵
  PID:13648
- C:\Windows\System\wrUnivB.exe
  C:\Windows\System\wrUnivB.exe
  2⤵
  PID:13680
- C:\Windows\System\drcZPTo.exe
  C:\Windows\System\drcZPTo.exe
  2⤵
  PID:13716
- C:\Windows\System\oMmZKlI.exe
  C:\Windows\System\oMmZKlI.exe
  2⤵
  PID:13732
- C:\Windows\System\EwFffuJ.exe
  C:\Windows\System\EwFffuJ.exe
  2⤵
  PID:13760
- C:\Windows\System\SvYPXfA.exe
  C:\Windows\System\SvYPXfA.exe
  2⤵
  PID:13788
- C:\Windows\System\skMNWdu.exe
  C:\Windows\System\skMNWdu.exe
  2⤵
  PID:13824
- C:\Windows\System\zPXoxrn.exe
  C:\Windows\System\zPXoxrn.exe
  2⤵
  PID:13844
- C:\Windows\System\lIKvBar.exe
  C:\Windows\System\lIKvBar.exe
  2⤵
  PID:13868
- C:\Windows\System\oemIWYT.exe
  C:\Windows\System\oemIWYT.exe
  2⤵
  PID:13888
- C:\Windows\System\XBLFUZZ.exe
  C:\Windows\System\XBLFUZZ.exe
  2⤵
  PID:13904
- C:\Windows\System\kwbUOuL.exe
  C:\Windows\System\kwbUOuL.exe
  2⤵
  PID:13944
- C:\Windows\System\DYJnahf.exe
  C:\Windows\System\DYJnahf.exe
  2⤵
  PID:13984
- C:\Windows\System\LHRRhVS.exe
  C:\Windows\System\LHRRhVS.exe
  2⤵
  PID:14008
- C:\Windows\System\UgQhqiZ.exe
  C:\Windows\System\UgQhqiZ.exe
  2⤵
  PID:14036
- C:\Windows\System\xSyZmfc.exe
  C:\Windows\System\xSyZmfc.exe
  2⤵
  PID:14064
- C:\Windows\System\fPenklB.exe
  C:\Windows\System\fPenklB.exe
  2⤵
  PID:14104
- C:\Windows\System\gdwzKiv.exe
  C:\Windows\System\gdwzKiv.exe
  2⤵
  PID:14144
- C:\Windows\System\SZxDqWQ.exe
  C:\Windows\System\SZxDqWQ.exe
  2⤵
  PID:14172
- C:\Windows\System\juJCpqI.exe
  C:\Windows\System\juJCpqI.exe
  2⤵
  PID:14192
- C:\Windows\System\aAOgeaz.exe
  C:\Windows\System\aAOgeaz.exe
  2⤵
  PID:14224
- C:\Windows\System\nhhrpdt.exe
  C:\Windows\System\nhhrpdt.exe
  2⤵
  PID:14252
- C:\Windows\System\ZhLkMef.exe
  C:\Windows\System\ZhLkMef.exe
  2⤵
  PID:14272
- C:\Windows\System\TxJvvzl.exe
  C:\Windows\System\TxJvvzl.exe
  2⤵
  PID:14312
- C:\Windows\System\jSvUgHD.exe
  C:\Windows\System\jSvUgHD.exe
  2⤵
  PID:12504
- C:\Windows\System\IATxvGR.exe
  C:\Windows\System\IATxvGR.exe
  2⤵
  PID:12896
- C:\Windows\System\uUAJntq.exe
  C:\Windows\System\uUAJntq.exe
  2⤵
  PID:13412
- C:\Windows\System\fuAzDlt.exe
  C:\Windows\System\fuAzDlt.exe
  2⤵
  PID:13464
- C:\Windows\System\IOZhoSI.exe
  C:\Windows\System\IOZhoSI.exe
  2⤵
  PID:13476
- C:\Windows\System\teYtGvd.exe
  C:\Windows\System\teYtGvd.exe
  2⤵
  PID:13584
- C:\Windows\System\pMNEPUi.exe
  C:\Windows\System\pMNEPUi.exe
  2⤵
  PID:13632
- C:\Windows\System\jIszqPc.exe
  C:\Windows\System\jIszqPc.exe
  2⤵
  PID:13752
- C:\Windows\System\byRrrYB.exe
  C:\Windows\System\byRrrYB.exe
  2⤵
  PID:13776
- C:\Windows\System\ckvohcf.exe
  C:\Windows\System\ckvohcf.exe
  2⤵
  PID:3892
- C:\Windows\System\LGEWSEK.exe
  C:\Windows\System\LGEWSEK.exe
  2⤵
  PID:2704
- C:\Windows\System\nATwwaY.exe
  C:\Windows\System\nATwwaY.exe
  2⤵
  PID:13912
- C:\Windows\System\AQcluqH.exe
  C:\Windows\System\AQcluqH.exe
  2⤵
  PID:4524
- C:\Windows\System\nSuXJXo.exe
  C:\Windows\System\nSuXJXo.exe
  2⤵
  PID:13976
- C:\Windows\System\pjGACyP.exe
  C:\Windows\System\pjGACyP.exe
  2⤵
  PID:14024
- C:\Windows\System\yUAvkHi.exe
  C:\Windows\System\yUAvkHi.exe
  2⤵
  PID:14048
- C:\Windows\System\TELGrGw.exe
  C:\Windows\System\TELGrGw.exe
  2⤵
  PID:4352
- C:\Windows\System\YttWYAm.exe
  C:\Windows\System\YttWYAm.exe
  2⤵
  PID:548
- C:\Windows\System\dlULjAH.exe
  C:\Windows\System\dlULjAH.exe
  2⤵
  PID:14220
- C:\Windows\System\yqYAntA.exe
  C:\Windows\System\yqYAntA.exe
  2⤵
  PID:14268
- C:\Windows\System\MqsxaIU.exe
  C:\Windows\System\MqsxaIU.exe
  2⤵
  PID:4736
- C:\Windows\System\IuNzWyT.exe
  C:\Windows\System\IuNzWyT.exe
  2⤵
  PID:13432
- C:\Windows\System\qYMHQLd.exe
  C:\Windows\System\qYMHQLd.exe
  2⤵
  PID:13672
- C:\Windows\System\jGigiAR.exe
  C:\Windows\System\jGigiAR.exe
  2⤵
  PID:13728
- C:\Windows\System\CQhJnpA.exe
  C:\Windows\System\CQhJnpA.exe
  2⤵
  PID:13836
- C:\Windows\System\bISBIda.exe
  C:\Windows\System\bISBIda.exe
  2⤵
  PID:13896
- C:\Windows\System\WsJMBbc.exe
  C:\Windows\System\WsJMBbc.exe
  2⤵
  PID:14116
- C:\Windows\System\gCfXuvc.exe
  C:\Windows\System\gCfXuvc.exe
  2⤵
  PID:2840
- C:\Windows\System\iGomSkB.exe
  C:\Windows\System\iGomSkB.exe
  2⤵
  PID:14240
- C:\Windows\System\GmfIFmc.exe
  C:\Windows\System\GmfIFmc.exe
  2⤵
  PID:13244
- C:\Windows\System\TgxZhyW.exe
  C:\Windows\System\TgxZhyW.exe
  2⤵
  PID:13624
- C:\Windows\System\OQTUiQs.exe
  C:\Windows\System\OQTUiQs.exe
  2⤵
  PID:14136
- C:\Windows\System\cYwiSzJ.exe
  C:\Windows\System\cYwiSzJ.exe
  2⤵
  PID:13380
- C:\Windows\System\CUVlQxw.exe
  C:\Windows\System\CUVlQxw.exe
  2⤵
  PID:13996
- C:\Windows\System\LNRAwKR.exe
  C:\Windows\System\LNRAwKR.exe
  2⤵
  PID:1248
- C:\Windows\System\WtulKZo.exe
  C:\Windows\System\WtulKZo.exe
  2⤵
  PID:3244
- C:\Windows\System\sGdMrrQ.exe
  C:\Windows\System\sGdMrrQ.exe
  2⤵
  PID:14380
- C:\Windows\System\lmiPjgp.exe
  C:\Windows\System\lmiPjgp.exe
  2⤵
  PID:14404
- C:\Windows\System\FQuqWxO.exe
  C:\Windows\System\FQuqWxO.exe
  2⤵
  PID:14424
- C:\Windows\System\ZJlOich.exe
  C:\Windows\System\ZJlOich.exe
  2⤵
  PID:14460
- C:\Windows\System\SToeTzS.exe
  C:\Windows\System\SToeTzS.exe
  2⤵
  PID:14476
- C:\Windows\System\iSPlZdp.exe
  C:\Windows\System\iSPlZdp.exe
  2⤵
  PID:14524
- C:\Windows\System\dDkIzuE.exe
  C:\Windows\System\dDkIzuE.exe
  2⤵
  PID:14544
- C:\Windows\System\AWJEpQZ.exe
  C:\Windows\System\AWJEpQZ.exe
  2⤵
  PID:14560
- C:\Windows\System\lcBCYuf.exe
  C:\Windows\System\lcBCYuf.exe
  2⤵
  PID:14596
- C:\Windows\System\bkEoXIH.exe
  C:\Windows\System\bkEoXIH.exe
  2⤵
  PID:14628
- C:\Windows\System\hGXlXZM.exe
  C:\Windows\System\hGXlXZM.exe
  2⤵
  PID:14656
- C:\Windows\System\WeMvvLJ.exe
  C:\Windows\System\WeMvvLJ.exe
  2⤵
  PID:14696
- C:\Windows\System\hVQUKIQ.exe
  C:\Windows\System\hVQUKIQ.exe
  2⤵
  PID:14712
- C:\Windows\System\cxMqeqt.exe
  C:\Windows\System\cxMqeqt.exe
  2⤵
  PID:14744
- C:\Windows\System\DPEamcP.exe
  C:\Windows\System\DPEamcP.exe
  2⤵
  PID:14780
- C:\Windows\System\vsXZsjb.exe
  C:\Windows\System\vsXZsjb.exe
  2⤵
  PID:14808
- C:\Windows\System\VFKvJYU.exe
  C:\Windows\System\VFKvJYU.exe
  2⤵
  PID:14824
- C:\Windows\System\wuMpVbT.exe
  C:\Windows\System\wuMpVbT.exe
  2⤵
  PID:14856
- C:\Windows\System\qDdVBOI.exe
  C:\Windows\System\qDdVBOI.exe
  2⤵
  PID:14884
- C:\Windows\System\XBVUjKn.exe
  C:\Windows\System\XBVUjKn.exe
  2⤵
  PID:14908
- C:\Windows\System\mjAyUIF.exe
  C:\Windows\System\mjAyUIF.exe
  2⤵
  PID:14924
- C:\Windows\System\aCUJohJ.exe
  C:\Windows\System\aCUJohJ.exe
  2⤵
  PID:15004

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AebGRgs.exe

Filesize
2.0MB

MD5
455a32ac6355687e4e849f172c0a0490

SHA1
6ede2cddaf14a70e42ada734d575efe248b971e7

SHA256
998f6f232415de7733754014f640ecad8cd0b686a2ab15d2d169829c4edc44ef

SHA512
856dc7a87ce9ac04eed695418b4560133b84a7200afc60e02b3ed59d783a904333463a54e81a0b8f10fc3198d86045436154d5311b89ea7683ca7698dd40d33c

Download Submit
C:\Windows\System\BpXxHON.exe

Filesize
2.0MB

MD5
dfdde9b6c3427b691f303f4fc2799746

SHA1
fafac740a6c3201cd431c5b27aae5c22ed418f15

SHA256
19b5771f4285f336fda2b8fc29f8d394b8984fdf88fbb2e4ac6e9b5d99937db0

SHA512
fcc7227e46c1fe525976d324116922140035a53de4a099503543d591a0bfc4231926d2a55b68a0feccdb2b8833e594d66111886d471cbb9fe1b3c182bfae2ec4

Download Submit
C:\Windows\System\DBCXEmm.exe

Filesize
2.0MB

MD5
6609decf4a676f81a0bdaa1001356be7

SHA1
b9f66d6f82b3afb66410312f6b84f69dae9783d1

SHA256
4e7131d6e456751d581e965fd1b6befbb5a7b0ce9a45a039d6281baf4fa8ca94

SHA512
bd331e63372183d994c59801f9bf38bf2a626980dec15339c0232113625ce396f74108d8811d81d00979dd99775e47dd0a84199917b5a2c9a90ffc1d76206adf

Download Submit
C:\Windows\System\GYWnOzR.exe

Filesize
2.0MB

MD5
2cb3aad0f7d83b402ed16f25e2bf3e7f

SHA1
3a0c78f4cef3b0ae6dea92d7e1d6a189eeeb0996

SHA256
2d16047c7845bc5eb52f92097b67259569f52f7cebefe861fd3004f8e66af997

SHA512
4ba645d911fcec8b20a78e0d6ba87896bced8bdb0c39b1d9aed37681c78981eb7e95238e764da86bbed9d62b0602d5f2b947f4faf605d2d6ef333b42f457672a

Download Submit
C:\Windows\System\GrNUKSD.exe

Filesize
2.0MB

MD5
13209dfb1880627c72c8d094cba805c9

SHA1
eaf0401df0543bb35a896411b4e33f7e1a537886

SHA256
cc5254d6198b9742359328948764c9237e7860040f9ae60d614012262c6b6f01

SHA512
926dcb2c6ea0bde3bceaa56a42bc18d41495405366c1e4aab077def26533dcd323ab9b327ff24ee98c7b1b135c010f690740acfeb8cda80d1f5ade32a754353b

Download Submit
C:\Windows\System\GrWtyEX.exe

Filesize
2.0MB

MD5
98262dd3f3d8c6384fec3db7821634eb

SHA1
4ea6873e101b3621639bceb5fe8ea87ef91cfa5f

SHA256
9315f5df74b2931bac71fd412787469bcf2ca9159f8ddf1d3d186c800d315f84

SHA512
d10c54fa24e2887c0a7f17d16c20f380d272d5d168aaf160855cddca897e826c7d6cfbc17e1faf5c6a2b2efed01807559976853b8299a99a3653747901b6031d

Download Submit
C:\Windows\System\IGPIqNa.exe

Filesize
2.0MB

MD5
9cddbb48131eca1dc120a17a71ce5069

SHA1
d33c0befc0a9e8aea566af1993b38cc17d329933

SHA256
b869f841771748e5d23e12f77554462bd5d0b00f0a2fb012470a64255452f413

SHA512
fa62f2989031c83975ff6635267e57c930aba4dc1d2a32c9b5c849b7861c4633a3a2e097e375ca5a82e52565d9ffccc475bb134b3a898f36ebcd9fc0b018fc5e

Download Submit
C:\Windows\System\JEdPIka.exe

Filesize
2.0MB

MD5
0cfd9496e69b8c41d4970cea1d08f4b2

SHA1
3d9bbd128d8aade49c06ce64b664d36d845642d1

SHA256
4510b89686ea301d99c6182e5dcaa3ff7450566017cc8f1ae34369897d4ec8b4

SHA512
7e282a2f525d1894f0183586a9868bfc2891d08421adf12e88308b312365113206e3c19715c79e3c3310b2f74f91f3f8580f976e3b554061b330406104872403

Download Submit
C:\Windows\System\KZYiZSR.exe

Filesize
2.0MB

MD5
2799eca645ec7b32116ecab7eec19775

SHA1
2adb7a422f479971e0c128d4bc2fb8bc282f5e43

SHA256
f211c69a5031e5446d264c9483cf6c81844706c4e05a52e2a5650558682a2539

SHA512
042d35a58998e6efa9fe895a2b420d682a3026491d272bb401cd297e37b18ba73b2013378f36ffe10ba6cc20a9c878a12ac5ba2d28d9e9337124787fcf4d1b2e

Download Submit
C:\Windows\System\LZSwAWE.exe

Filesize
2.0MB

MD5
99c580503db88103362de8d46a5bb10a

SHA1
5ca9ad5d281efbf773f88e033f548795e379c95f

SHA256
18416c862570ef2f2879a598ba811e98df56e6d9af5f71342bead87519f5f4ec

SHA512
5509cfa0493d465ffafabdfde95b4455b41bff1517f3ba311d75eff8e49e5135071aad71d0147e31b53180c0162b4b3294b9f226540a9e1ab7d81231e9d372af

Download Submit
C:\Windows\System\NopqrIa.exe

Filesize
2.0MB

MD5
a556075d584524b1a922add99c015bd9

SHA1
417244497a7672eaa6360255926df8a8d8d70bbe

SHA256
01864b49d0e7a77e3fbf34a90cc7e5dedd9088f504d42f703331059ef3d6d8d3

SHA512
b85464a6e06e2ecb1da6311150b7e6f6fde480dcaa9484ed2109f658a6a0f5ccfcabdd1218afd1d930e473ae9c0e5da2dccc0c01dcb55de2265f38c563e9b64b

Download Submit
C:\Windows\System\OIbZUhK.exe

Filesize
2.0MB

MD5
87a489b483aaf703a6e7c40a646e139c

SHA1
c7ce5c651ef9a6d3dbd5d310f2bc043a9df441e0

SHA256
b0708a49b28c130bfd912c789e67be38037cebb1f9b0f582f44da9ef9d4d18f8

SHA512
725584ef1b1278c32f1e05c6096a77e29c496071db3ffbcb44db03609540e089aadba63a0d7dff11a54ae74f587f7b0d53c3713b557a682ce1f10b35abeb2020

Download Submit
C:\Windows\System\QWgITuz.exe

Filesize
2.0MB

MD5
a8bbf9cf6da0e555a74268ce45b7b519

SHA1
49433da9f586cac7c7bdeb7406867bd5de0fba48

SHA256
62bbb2862ebf957e5a14e4b378739ffed25290d0704ec63317a978f4824fd1cb

SHA512
13a8ad83965bd482bf79b3606cebb40dadce9248e7dccaf3ea27564078d1902d73c4fa4c993da2fd6d66d41ca7939a2d86e841c1dfdcc41d6b5f1ec110990dc7

Download Submit
C:\Windows\System\QwXBcEb.exe

Filesize
2.0MB

MD5
aeb66fa7824cbfef4810277c12200f39

SHA1
8674ae2bbf6859520c690131294c5a3b2d0b455d

SHA256
a06c090ba142ee6a78bc86ad0851d425244f10f48e3b61e74a5f38e76f7857bb

SHA512
bbb80452eb20193cc6233998cd1ec2830ccfb33026ac2d998457060ce22e52675c0babbe00e00361159eb25a820890837bf64641ae5981fce96cc86940247e80

Download Submit
C:\Windows\System\SuNzoPC.exe

Filesize
2.0MB

MD5
5c614d3f10356edf9d376f69781a122d

SHA1
17beef6abb04e5cbc135049c45080f529e9f3d9e

SHA256
510f0de02e2a5dde369a982611d4d245fc617990d8f33fecbcb7659d0127420f

SHA512
ba7754771b5e6d6b9ddf73fd5e47b04f70c87ebc37974262590c66b37ba7a51f932e3b9deac56d17087183f05740e00087e957aafda5958fe9d5709299d45d03

Download Submit
C:\Windows\System\VfcyfrT.exe

Filesize
2.0MB

MD5
d49e3f2d4d9eacc0aa3a1204d1d40ad5

SHA1
ea508445763f2fd78347d38aa7990914b6b4bced

SHA256
0e7c45c9c5e34ab1d01ec1a9b176e06463ed1805ad8a28924ef3856230289ca7

SHA512
82629cadd991d37e390d7978ab1746f8e39e4992a4fbe3e8189b0008a6d953afae2d90a996b69ec764e7fd5ae2059bf1779245547ee802f2266d0770ab04cdd2

Download Submit
C:\Windows\System\YIwhzTI.exe

Filesize
2.0MB

MD5
0a2e9399667bae758d7200972263f58d

SHA1
1b74e6a9df340218f6b22d7e6b030db14c7d6a66

SHA256
280c47ef4e6e346731460e8b273b40dd353fafe59bd9d1050ca309d816039586

SHA512
3ef400c739cf9d7034f24326fc6423c7a3816cc95201aef4df33636d54cac4608ee0f4f097ce4538485cb09a864e541f8918e11b1584332fa45bff02f08b4051

Download Submit
C:\Windows\System\ZJMwCqI.exe

Filesize
2.0MB

MD5
3f0d60ad169866a20a4003433475e76a

SHA1
dc588268e748f62867f97d130dd2634627cee47a

SHA256
8bde19b90dc3b20d3b275374a7b47a89c820df8c3bd6ac6b75d73aa708effa02

SHA512
e2450c6944e301e52111f6bb54be40cbfb2371d364898131358de79e6d28e2b360f81fa8cd8a2f302223ddf364cadcfe8626e517e694d4d0f6a69ce78345038e

Download Submit
C:\Windows\System\amERqYX.exe

Filesize
2.0MB

MD5
891f09445b6394ac4a5b96dde28102d9

SHA1
f547123b4fc7894dc023dd81d6106d1aa8a9f72a

SHA256
1b7465cbe4c986e6ebe78a7aec053536c889a3aff0939d13add799273ebd4bb3

SHA512
38436df04c8347916affdbf58e0535b7d9c0e3234940adfb07501d335521dad5a9da03f18b273a51b0fac775cf1d99d201bc8c2c5636a1a4bc8110bdcd848a55

Download Submit
C:\Windows\System\cUKpDfU.exe

Filesize
2.0MB

MD5
1385e9624f1b25629f8a6ec0bf240bdd

SHA1
7710d7f4d693a827bfd8763ee4808190180efcb1

SHA256
79a601e8c69c234228bbc7c79a7a6982ed3eb692e3115e8b52da86adedf0c5ba

SHA512
f8788858607ff0862a519440b85a9e6ba4f928d6ef1b2be030fc80ed329950f7486f1812fa3b67bb8b9e3bf8b3184ae02c03c8f5e6c998c9651fdf61d95cc9bf

Download Submit
C:\Windows\System\egRFiAf.exe

Filesize
2.0MB

MD5
4994e95807f4aef3e63f55b74b23a6d3

SHA1
f2fe376caab4f6676c9ea84ad710692b498f9f9a

SHA256
3a90ed7f6748b17b373f4e4fcb0e7d105ff6121af5e12f304114277c0e40a545

SHA512
c00015fbe0a1936d278b5e7e27e84a3a3762c26a8796631ee213b0f29acb216d6100d56bbc2904b06db619c11e65bf8e6613309029d9713fef51139d7031bcd2

Download Submit
C:\Windows\System\hrJOOig.exe

Filesize
2.0MB

MD5
ae59a3444219c1326bfe7f8e6fe1437c

SHA1
e045b7b9b20b8ba12a8922802edc74034949e727

SHA256
cb931d4b232f7d355004e3ba149632b689461770ecce598fb8be23cf11002979

SHA512
b039211cf656d01e9d0ac728f948a950a02374f336a711123de7817f80dc24ec17a6a924250d0f5bb59569f241ebaabe69593a327c4de151c2384a7e0b380633

Download Submit
C:\Windows\System\htvBQuz.exe

Filesize
2.0MB

MD5
6e2f5f5d02e0ec320c330755a31adcbe

SHA1
18ea430c89290fe758850a89266edc0c46deb49b

SHA256
6f6a451dd77dc59a70e98f3984d7e1bbec4d1ad0099c48b18dcbbac5300dab81

SHA512
bd8279a28cefa12eecf00548b84b5aa8a83ba7bae80df67ff2332eeccad5daf52f0033958d47f8ab3edd1ba174db3a6aba63b88d2b27e13a2687020036cf6d5a

Download Submit
C:\Windows\System\kDlIMRV.exe

Filesize
2.0MB

MD5
27e6942206bc9f0dc364027c11692ab6

SHA1
40b7156594efc00e53d97bc6db12a71e979c3d71

SHA256
d5c00f9283bd6737fb2725f007fc655924bfc46a3bac268d06d0a4a8cee26243

SHA512
e89365c2fc491c627e52949bbc515651c51c58e203bcc6993eb1aed34ad08a00f59723498fbd690ae13d2e24fdcafc652ae4c2fe5caafd5fac62fd26a460d66d

Download Submit
C:\Windows\System\lMYsIXE.exe

Filesize
2.0MB

MD5
7ec29d34d8fc896e2aae2c8e71361028

SHA1
bafe42daeb2c6bd552ebd550bb83b9f0bd6fdf06

SHA256
41218e52e35ff03adba1952e034340cfefbd83d3a9276b2aec5676c190cd98c4

SHA512
ba08280c62d795b824a6bfb26e6daadb8d2e5cac57cf993439df84a1a4e27a688e356b49397ca56da5b91154700b6149657a259dca5609a413d0e13b1debb4cb

Download Submit
C:\Windows\System\nOeASvX.exe

Filesize
2.0MB

MD5
52ff47c06dac1f1ff899b7bc7083c316

SHA1
7e827ef64e4a6fe47821b8dbd9402a26d81d273c

SHA256
80de5737ee914b104c2d3747ebbd51befe1f08047ee3d7fbede90f8ff25a1fc9

SHA512
a464616fc4f987919307130c9ffc701450af8089263da7d64d12d941a6606aef8851c20b3cc28b022409ff454f5bd55c676c479cfafca7094581ef7ec2388ad3

Download Submit
C:\Windows\System\oGxKYRN.exe

Filesize
2.0MB

MD5
369556108a6ff0fe43591b864d29da35

SHA1
a9ecd830940c8b4e9d0e0cae68b5663db2085b13

SHA256
df7a52185cd01875d5754afb466ec0480edaeccbf4f8592a55b559d30fabf9ce

SHA512
4af1e9da361fd56299d9c2451c425155374f0f1b55be1e61eb992af4b71cab560cd9f58b1d24b2a589d1cc94d7dff36e08e11d16f5c2e002cd54ec70a28cad33

Download Submit
C:\Windows\System\qQHVcdQ.exe

Filesize
2.0MB

MD5
0f2e53f2015c8142388fb16f9bd7c6da

SHA1
7c3d19578b3a8d45680cfdda19362e29d7017dba

SHA256
f6763e33fa92d9a94a1789783503f4dd98e9e3102fbfab4969574b036eaebc09

SHA512
c8e2f51da3c9534dc9aab94b38dcf57b1cdcf2d2b242b48bc95fcc6f335ce722488bc248aba92998030e9aa85c2062f1c68df3dc879fe16f4e050589e1293663

Download Submit
C:\Windows\System\tCewRpU.exe

Filesize
2.0MB

MD5
eda573ade208f197f18170438a8dda65

SHA1
08fc9b38ebf059854ce23a2ffbb2cd795e70a6ad

SHA256
6c308293ac6b2dc6c7c74aaf0a8023f45106369baae9989ce558bf994218d8de

SHA512
b4d7c14b095b1be515c7268a10b68058f070946addf22d9ce8a0d296207c590a703fcc5ebcd1665ce7cc497735c772dcbf265766280a135094fae6a5ccb30996

Download Submit
C:\Windows\System\tKFCcLH.exe

Filesize
2.0MB

MD5
5359ce8c523bf0671d0458ef1f6d6472

SHA1
301da9e420f0aa942b307544d718d497f8cad18e

SHA256
423e7906f49e03e3d7a07eca70f2bfcfaacf4035f21f004cb13e22c6bc86f194

SHA512
5992dbf22604eb779f2c6449067325a6aebfe61da8bbef5af118d4721619dddfa869be3061d93d75d56ca533e5d1e9f07134a99e601df90754f80de14ae11ffd

Download Submit
C:\Windows\System\tNxGnGd.exe

Filesize
2.0MB

MD5
8cba4da36d663e5c273bee453bb489b0

SHA1
7ad92907ab08ce5e1650885ba9f18ae670931f64

SHA256
fbb399d2ca7d8e8880d02aadbb125083202f3452fe2a91f4280097d9b0626c47

SHA512
82e8994504673d606d8a7134fb32e677cc3841d333864277bc8716ce8fb26f6f3b51612b6bfa995042878d9830f7052ea2117e615e05fe8a8d1096ebc6ebccbd

Download Submit
C:\Windows\System\vWcWuxG.exe

Filesize
2.0MB

MD5
24b7f20f9013305b79bbc8c22fd50bf9

SHA1
927641690f41a0de7ffb63a6182032130807d396

SHA256
520440a3691f609893cc4969ad10abcd4285eba694ac7640d118fa10e85c9cf5

SHA512
8482947615e7703034162ebb8f18d50c85c0df292bb95f376d1340426697978e2976e80076c802758492850e95d062c902a7816c76b0fecdbbd8d25a2c74e93c

Download Submit
C:\Windows\System\wFBwjRX.exe

Filesize
2.0MB

MD5
49481a4e83aac3f2c76a12418fb1d86f

SHA1
04eafe9a8dd89872f0f3cd0f8c3e0062dc05b7f2

SHA256
33053f5af05e7f61fcc3ffb2b4386bc75c3f08117b4a4efb728dc28aa2741669

SHA512
9830c0cc03cbe3f5bf12edcb4a5fa7b974e6977e12f4a6362a2bcf53ffc4330800034c1e293702e887ae456e9c9ca1832a3a005fec570baa0e483c42812bc60a

Download Submit
C:\Windows\System\wFlejFf.exe

Filesize
2.0MB

MD5
005a59e5b0f2269e45c59baac04a8eb3

SHA1
ef5948b8359c10b997afb506c96d835533d0612f

SHA256
00937440bbc56fd44d073e34c982dd07ef0f40a1e323aff33a544e3a45db9e8c

SHA512
70a9d02c996976619aa9b0cee1d13e37edce1caa5a5f8b702a91b0e774e0b27192006678253c1a9fa13d823814ec82c756c94dcbc58c2fb5b7df5f8c36bb5d90

Download Submit
memory/224-126-0x00007FF71CAD0000-0x00007FF71CE24000-memory.dmp

Filesize
3.3MB

Download
memory/224-2222-0x00007FF71CAD0000-0x00007FF71CE24000-memory.dmp

Filesize
3.3MB

Download
memory/224-2195-0x00007FF71CAD0000-0x00007FF71CE24000-memory.dmp

Filesize
3.3MB

Download
memory/540-2208-0x00007FF7B42C0000-0x00007FF7B4614000-memory.dmp

Filesize
3.3MB

Download
memory/540-54-0x00007FF7B42C0000-0x00007FF7B4614000-memory.dmp

Filesize
3.3MB

Download
memory/540-1875-0x00007FF7B42C0000-0x00007FF7B4614000-memory.dmp

Filesize
3.3MB

Download
memory/784-2226-0x00007FF7EA680000-0x00007FF7EA9D4000-memory.dmp

Filesize
3.3MB

Download
memory/784-164-0x00007FF7EA680000-0x00007FF7EA9D4000-memory.dmp

Filesize
3.3MB

Download
memory/784-2199-0x00007FF7EA680000-0x00007FF7EA9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2194-0x00007FF6E1150000-0x00007FF6E14A4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-119-0x00007FF6E1150000-0x00007FF6E14A4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2221-0x00007FF6E1150000-0x00007FF6E14A4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2213-0x00007FF70A160000-0x00007FF70A4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2196-0x00007FF70A160000-0x00007FF70A4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-85-0x00007FF70A160000-0x00007FF70A4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1536-138-0x00007FF7D7430000-0x00007FF7D7784000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2214-0x00007FF7D7430000-0x00007FF7D7784000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2192-0x00007FF74BCC0000-0x00007FF74C014000-memory.dmp

Filesize
3.3MB

Download
memory/1540-98-0x00007FF74BCC0000-0x00007FF74C014000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2218-0x00007FF74BCC0000-0x00007FF74C014000-memory.dmp

Filesize
3.3MB

Download
memory/1692-11-0x00007FF710040000-0x00007FF710394000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2202-0x00007FF710040000-0x00007FF710394000-memory.dmp

Filesize
3.3MB

Download
memory/1692-147-0x00007FF710040000-0x00007FF710394000-memory.dmp

Filesize
3.3MB

Download
memory/2612-140-0x00007FF6C8E20000-0x00007FF6C9174000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2223-0x00007FF6C8E20000-0x00007FF6C9174000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2207-0x00007FF6CC330000-0x00007FF6CC684000-memory.dmp

Filesize
3.3MB

Download
memory/2652-44-0x00007FF6CC330000-0x00007FF6CC684000-memory.dmp

Filesize
3.3MB

Download
memory/2652-638-0x00007FF6CC330000-0x00007FF6CC684000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2209-0x00007FF7B9050000-0x00007FF7B93A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1055-0x00007FF7B9050000-0x00007FF7B93A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-41-0x00007FF7B9050000-0x00007FF7B93A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2210-0x00007FF7A61F0000-0x00007FF7A6544000-memory.dmp

Filesize
3.3MB

Download
memory/2936-51-0x00007FF7A61F0000-0x00007FF7A6544000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1058-0x00007FF7A61F0000-0x00007FF7A6544000-memory.dmp

Filesize
3.3MB

Download
memory/3040-133-0x00007FF7A7060000-0x00007FF7A73B4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2215-0x00007FF7A7060000-0x00007FF7A73B4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-155-0x00007FF695B80000-0x00007FF695ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2198-0x00007FF695B80000-0x00007FF695ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2225-0x00007FF695B80000-0x00007FF695ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3560-0-0x00007FF644BB0000-0x00007FF644F04000-memory.dmp

Filesize
3.3MB

Download
memory/3560-134-0x00007FF644BB0000-0x00007FF644F04000-memory.dmp

Filesize
3.3MB

Download
memory/3560-1-0x0000020FB0330000-0x0000020FB0340000-memory.dmp

Filesize
64KB

Download
memory/3660-139-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2197-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2224-0x00007FF6D54C0000-0x00007FF6D5814000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2211-0x00007FF683420000-0x00007FF683774000-memory.dmp

Filesize
3.3MB

Download
memory/3960-76-0x00007FF683420000-0x00007FF683774000-memory.dmp

Filesize
3.3MB

Download
memory/4000-27-0x00007FF658EB0000-0x00007FF659204000-memory.dmp

Filesize
3.3MB

Download
memory/4000-2203-0x00007FF658EB0000-0x00007FF659204000-memory.dmp

Filesize
3.3MB

Download
memory/4204-167-0x00007FF657BB0000-0x00007FF657F04000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2201-0x00007FF657BB0000-0x00007FF657F04000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2227-0x00007FF657BB0000-0x00007FF657F04000-memory.dmp

Filesize
3.3MB

Download
memory/4324-132-0x00007FF73A3E0000-0x00007FF73A734000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2217-0x00007FF73A3E0000-0x00007FF73A734000-memory.dmp

Filesize
3.3MB

Download
memory/4388-188-0x00007FF657840000-0x00007FF657B94000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2228-0x00007FF657840000-0x00007FF657B94000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2205-0x00007FF70C8C0000-0x00007FF70CC14000-memory.dmp

Filesize
3.3MB

Download
memory/4496-176-0x00007FF70C8C0000-0x00007FF70CC14000-memory.dmp

Filesize
3.3MB

Download
memory/4496-20-0x00007FF70C8C0000-0x00007FF70CC14000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2200-0x00007FF79A110000-0x00007FF79A464000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2230-0x00007FF79A110000-0x00007FF79A464000-memory.dmp

Filesize
3.3MB

Download
memory/4564-171-0x00007FF79A110000-0x00007FF79A464000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2204-0x00007FF660190000-0x00007FF6604E4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-33-0x00007FF660190000-0x00007FF6604E4000-memory.dmp

Filesize
3.3MB

Download
memory/4740-34-0x00007FF709EB0000-0x00007FF70A204000-memory.dmp

Filesize
3.3MB

Download
memory/4740-635-0x00007FF709EB0000-0x00007FF70A204000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2206-0x00007FF709EB0000-0x00007FF70A204000-memory.dmp

Filesize
3.3MB

Download
memory/4900-137-0x00007FF722640000-0x00007FF722994000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2216-0x00007FF722640000-0x00007FF722994000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2193-0x00007FF61F340000-0x00007FF61F694000-memory.dmp

Filesize
3.3MB

Download
memory/4912-112-0x00007FF61F340000-0x00007FF61F694000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2219-0x00007FF61F340000-0x00007FF61F694000-memory.dmp

Filesize
3.3MB

Download
memory/4960-70-0x00007FF799E30000-0x00007FF79A184000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2212-0x00007FF799E30000-0x00007FF79A184000-memory.dmp

Filesize
3.3MB

Download
memory/4960-1878-0x00007FF799E30000-0x00007FF79A184000-memory.dmp

Filesize
3.3MB

Download
memory/5016-128-0x00007FF64F800000-0x00007FF64FB54000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2220-0x00007FF64F800000-0x00007FF64FB54000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2229-0x00007FF62B490000-0x00007FF62B7E4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-200-0x00007FF62B490000-0x00007FF62B7E4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads