xmrig | ce9018e2f673e2c06a748b91b57273f978907c9fdd4194bf54fc3c538dedb60f

Analysis

max time kernel
116s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 22:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
Size

2.4MB
MD5

513db3bf20aab32f4d49b358598f29a0
SHA1

61523fea6568cb2b8bfbee10a94f80bd32ecdf4a
SHA256

ce9018e2f673e2c06a748b91b57273f978907c9fdd4194bf54fc3c538dedb60f
SHA512

0372ce21c2f3439ee45d1f1a01adf25f4709fd144e0714a6d44be035fb2f599e73027717a7f63c89a6552106c69ebc1cf937a913a30524e69468d287350c1715
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQlqOdg6VLEL3e7cW:BemTLkNdfE0pZrQr

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1556-0-0x00007FF6F2AD0000-0x00007FF6F2E24000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b4c-5.dat	xmrig
behavioral2/files/0x000a000000023ba8-7.dat	xmrig
behavioral2/memory/4792-19-0x00007FF6AB2E0000-0x00007FF6AB634000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb4-78.dat	xmrig
behavioral2/files/0x000a000000023bb0-92.dat	xmrig
behavioral2/files/0x000a000000023bb5-123.dat	xmrig
behavioral2/files/0x000a000000023bb6-147.dat	xmrig
behavioral2/memory/3576-180-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp	xmrig
behavioral2/memory/1012-192-0x00007FF603470000-0x00007FF6037C4000-memory.dmp	xmrig
behavioral2/memory/2516-199-0x00007FF6C96C0000-0x00007FF6C9A14000-memory.dmp	xmrig
behavioral2/memory/2028-205-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp	xmrig
behavioral2/memory/4152-206-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp	xmrig
behavioral2/memory/2924-204-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp	xmrig
behavioral2/memory/1692-203-0x00007FF7D1190000-0x00007FF7D14E4000-memory.dmp	xmrig
behavioral2/memory/1020-202-0x00007FF68CB50000-0x00007FF68CEA4000-memory.dmp	xmrig
behavioral2/memory/2684-201-0x00007FF659040000-0x00007FF659394000-memory.dmp	xmrig
behavioral2/memory/4120-200-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp	xmrig
behavioral2/memory/4612-198-0x00007FF653120000-0x00007FF653474000-memory.dmp	xmrig
behavioral2/memory/3892-197-0x00007FF7C3440000-0x00007FF7C3794000-memory.dmp	xmrig
behavioral2/memory/2168-196-0x00007FF6996A0000-0x00007FF6999F4000-memory.dmp	xmrig
behavioral2/memory/2560-195-0x00007FF764F80000-0x00007FF7652D4000-memory.dmp	xmrig
behavioral2/memory/3968-194-0x00007FF6100A0000-0x00007FF6103F4000-memory.dmp	xmrig
behavioral2/memory/3416-193-0x00007FF6314A0000-0x00007FF6317F4000-memory.dmp	xmrig
behavioral2/memory/5032-189-0x00007FF692860000-0x00007FF692BB4000-memory.dmp	xmrig
behavioral2/memory/1440-181-0x00007FF712F00000-0x00007FF713254000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc0-177.dat	xmrig
behavioral2/files/0x0031000000023bbf-175.dat	xmrig
behavioral2/files/0x0031000000023bbe-173.dat	xmrig
behavioral2/files/0x0031000000023bbd-171.dat	xmrig
behavioral2/files/0x000a000000023bbc-169.dat	xmrig
behavioral2/files/0x000b000000023ba4-168.dat	xmrig
behavioral2/files/0x000a000000023bc9-166.dat	xmrig
behavioral2/files/0x000a000000023bbb-164.dat	xmrig
behavioral2/memory/1380-163-0x00007FF6B2CF0000-0x00007FF6B3044000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc8-162.dat	xmrig
behavioral2/files/0x000a000000023bc7-161.dat	xmrig
behavioral2/files/0x000a000000023bb8-159.dat	xmrig
behavioral2/files/0x000a000000023bc6-158.dat	xmrig
behavioral2/files/0x000a000000023bc5-157.dat	xmrig
behavioral2/files/0x000a000000023bc4-156.dat	xmrig
behavioral2/files/0x000a000000023bb9-154.dat	xmrig
behavioral2/files/0x000a000000023bc3-152.dat	xmrig
behavioral2/files/0x000a000000023bc2-145.dat	xmrig
behavioral2/memory/3392-141-0x00007FF7967B0000-0x00007FF796B04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc1-140.dat	xmrig
behavioral2/files/0x000a000000023bba-112.dat	xmrig
behavioral2/files/0x000a000000023bb2-106.dat	xmrig
behavioral2/files/0x000a000000023bb7-103.dat	xmrig
behavioral2/memory/3196-101-0x00007FF7D9590000-0x00007FF7D98E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baf-89.dat	xmrig
behavioral2/files/0x000a000000023bb3-116.dat	xmrig
behavioral2/files/0x000a000000023bae-86.dat	xmrig
behavioral2/memory/2084-81-0x00007FF647880000-0x00007FF647BD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-74.dat	xmrig
behavioral2/files/0x000a000000023bac-68.dat	xmrig
behavioral2/memory/4808-65-0x00007FF7D1920000-0x00007FF7D1C74000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb1-63.dat	xmrig
behavioral2/files/0x000a000000023bab-52.dat	xmrig
behavioral2/files/0x000a000000023baa-50.dat	xmrig
behavioral2/memory/2020-45-0x00007FF6CB8E0000-0x00007FF6CBC34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bad-42.dat	xmrig
behavioral2/memory/1168-31-0x00007FF6C5240000-0x00007FF6C5594000-memory.dmp	xmrig
behavioral2/memory/1768-30-0x00007FF6F3AD0000-0x00007FF6F3E24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4872	JPuoHJL.exe
4792	zsyiRKX.exe
1136	wqZhlbT.exe
2020	XCYPDaS.exe
1768	CfqWEbF.exe
1168	YWKHsCH.exe
2684	PNLkDZd.exe
4808	XLreYXR.exe
1020	HTsHhdf.exe
2084	sMFxsOU.exe
3196	biTHMBs.exe
3392	ICIDYOh.exe
1692	rRhXdyx.exe
1380	NXdFNdm.exe
3576	zaNOCVf.exe
1440	EtBbJHD.exe
5032	ZOxdobG.exe
2924	yVTOhod.exe
1012	IlwsNuu.exe
3416	tpKRTsM.exe
2028	ijBvjyH.exe
3968	AoMAIhT.exe
2560	HnpnXjU.exe
2168	HYZETqF.exe
3892	nIWtEiE.exe
4612	RMhZBcs.exe
2516	nyzwyAD.exe
4120	svOOWhE.exe
4152	ouOnlyp.exe
3184	taFooBd.exe
2544	IRebOsh.exe
544	EeZwCyg.exe
2740	UoYPvDN.exe
4092	QAqqEse.exe
3724	VNuZobc.exe
2964	TDjCzQF.exe
1772	Qoexkvz.exe
3708	XsHBSIp.exe
644	XuCfHgb.exe
1276	wYYRllA.exe
1448	XjhqjHb.exe
2764	qEuMsOk.exe
5000	sYRXOKz.exe
4236	tkpoKtE.exe
5108	szSHhmA.exe
1424	nqfwWRa.exe
3268	tTCMyVx.exe
408	JkNaJnh.exe
1628	ETfyWex.exe
4116	KroHFkR.exe
532	pSqabqu.exe
1464	RWdTBYb.exe
1560	otKUZoA.exe
404	zwNWeEf.exe
3464	KfyAlbh.exe
712	OZcwpHm.exe
2008	baZlYom.exe
3716	CkXfCYX.exe
1492	zvrrZus.exe
4332	CLcfboo.exe
432	QVsMFoF.exe
464	DeiWufM.exe
3276	vmnPsBI.exe
3528	kiwnIIk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1556-0-0x00007FF6F2AD0000-0x00007FF6F2E24000-memory.dmp	upx
behavioral2/files/0x000c000000023b4c-5.dat	upx
behavioral2/files/0x000a000000023ba8-7.dat	upx
behavioral2/memory/4792-19-0x00007FF6AB2E0000-0x00007FF6AB634000-memory.dmp	upx
behavioral2/files/0x000a000000023bb4-78.dat	upx
behavioral2/files/0x000a000000023bb0-92.dat	upx
behavioral2/files/0x000a000000023bb5-123.dat	upx
behavioral2/files/0x000a000000023bb6-147.dat	upx
behavioral2/memory/3576-180-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp	upx
behavioral2/memory/1012-192-0x00007FF603470000-0x00007FF6037C4000-memory.dmp	upx
behavioral2/memory/2516-199-0x00007FF6C96C0000-0x00007FF6C9A14000-memory.dmp	upx
behavioral2/memory/2028-205-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp	upx
behavioral2/memory/4152-206-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp	upx
behavioral2/memory/2924-204-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp	upx
behavioral2/memory/1692-203-0x00007FF7D1190000-0x00007FF7D14E4000-memory.dmp	upx
behavioral2/memory/1020-202-0x00007FF68CB50000-0x00007FF68CEA4000-memory.dmp	upx
behavioral2/memory/2684-201-0x00007FF659040000-0x00007FF659394000-memory.dmp	upx
behavioral2/memory/4120-200-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp	upx
behavioral2/memory/4612-198-0x00007FF653120000-0x00007FF653474000-memory.dmp	upx
behavioral2/memory/3892-197-0x00007FF7C3440000-0x00007FF7C3794000-memory.dmp	upx
behavioral2/memory/2168-196-0x00007FF6996A0000-0x00007FF6999F4000-memory.dmp	upx
behavioral2/memory/2560-195-0x00007FF764F80000-0x00007FF7652D4000-memory.dmp	upx
behavioral2/memory/3968-194-0x00007FF6100A0000-0x00007FF6103F4000-memory.dmp	upx
behavioral2/memory/3416-193-0x00007FF6314A0000-0x00007FF6317F4000-memory.dmp	upx
behavioral2/memory/5032-189-0x00007FF692860000-0x00007FF692BB4000-memory.dmp	upx
behavioral2/memory/1440-181-0x00007FF712F00000-0x00007FF713254000-memory.dmp	upx
behavioral2/files/0x000a000000023bc0-177.dat	upx
behavioral2/files/0x0031000000023bbf-175.dat	upx
behavioral2/files/0x0031000000023bbe-173.dat	upx
behavioral2/files/0x0031000000023bbd-171.dat	upx
behavioral2/files/0x000a000000023bbc-169.dat	upx
behavioral2/files/0x000b000000023ba4-168.dat	upx
behavioral2/files/0x000a000000023bc9-166.dat	upx
behavioral2/files/0x000a000000023bbb-164.dat	upx
behavioral2/memory/1380-163-0x00007FF6B2CF0000-0x00007FF6B3044000-memory.dmp	upx
behavioral2/files/0x000a000000023bc8-162.dat	upx
behavioral2/files/0x000a000000023bc7-161.dat	upx
behavioral2/files/0x000a000000023bb8-159.dat	upx
behavioral2/files/0x000a000000023bc6-158.dat	upx
behavioral2/files/0x000a000000023bc5-157.dat	upx
behavioral2/files/0x000a000000023bc4-156.dat	upx
behavioral2/files/0x000a000000023bb9-154.dat	upx
behavioral2/files/0x000a000000023bc3-152.dat	upx
behavioral2/files/0x000a000000023bc2-145.dat	upx
behavioral2/memory/3392-141-0x00007FF7967B0000-0x00007FF796B04000-memory.dmp	upx
behavioral2/files/0x000a000000023bc1-140.dat	upx
behavioral2/files/0x000a000000023bba-112.dat	upx
behavioral2/files/0x000a000000023bb2-106.dat	upx
behavioral2/files/0x000a000000023bb7-103.dat	upx
behavioral2/memory/3196-101-0x00007FF7D9590000-0x00007FF7D98E4000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-89.dat	upx
behavioral2/files/0x000a000000023bb3-116.dat	upx
behavioral2/files/0x000a000000023bae-86.dat	upx
behavioral2/memory/2084-81-0x00007FF647880000-0x00007FF647BD4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-74.dat	upx
behavioral2/files/0x000a000000023bac-68.dat	upx
behavioral2/memory/4808-65-0x00007FF7D1920000-0x00007FF7D1C74000-memory.dmp	upx
behavioral2/files/0x000a000000023bb1-63.dat	upx
behavioral2/files/0x000a000000023bab-52.dat	upx
behavioral2/files/0x000a000000023baa-50.dat	upx
behavioral2/memory/2020-45-0x00007FF6CB8E0000-0x00007FF6CBC34000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-42.dat	upx
behavioral2/memory/1168-31-0x00007FF6C5240000-0x00007FF6C5594000-memory.dmp	upx
behavioral2/memory/1768-30-0x00007FF6F3AD0000-0x00007FF6F3E24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rRhXdyx.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\wpMJymp.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\KrZzsyc.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\RtXPTfw.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\CrKeCwd.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\JjQaaLw.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\RMhZBcs.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\zNVqTHb.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\CmdNaQM.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\bxcuJKi.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\EtBbJHD.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\mIGftcl.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\tUvOUAs.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\mJHpgGZ.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\SpthtZF.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\JKvVapk.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\ISlafrT.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\KroHFkR.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\AEDcfZr.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\MIIvmib.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\AYKmkri.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\OfQvgFk.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\RWdTBYb.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\EUMpTBy.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\YCfSABl.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\PEuJYkw.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\UprXeFv.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\ZPBBPYx.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\vUPYRSr.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\TceGAnT.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\VCrKTtX.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\KBiAwWi.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\oPMUnNr.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\nvqaTyM.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\tlkQcci.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\kIjMJZI.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\JRVFVYX.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\zCnXAdf.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\IelEmOj.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\hxdjIXM.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\ElZDMyZ.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\pQszyNX.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\HmSMdLh.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\WjfvnYL.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\cpWgxQU.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\BOekXKP.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\VaXHcim.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\lFscOFn.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\aPokDYK.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\bPlIUVj.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\SoWEiQj.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\eyHtWFj.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\uoLOVUK.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\RZCLPEU.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\SUuVjsK.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\EKHQNaE.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\HTsHhdf.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\hiObMEM.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\dVaUHVr.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\HnISosg.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\oSlogsA.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\biTHMBs.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\yWnVhDl.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
File created	C:\Windows\System\zsiWmwb.exe	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2712	dwm.exe
Token: SeChangeNotifyPrivilege	2712	dwm.exe
Token: 33	2712	dwm.exe
Token: SeIncBasePriorityPrivilege	2712	dwm.exe
Token: SeShutdownPrivilege	2712	dwm.exe
Token: SeCreatePagefilePrivilege	2712	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 4872	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	85
PID 1556 wrote to memory of 4872	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	85
PID 1556 wrote to memory of 4792	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	86
PID 1556 wrote to memory of 4792	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	86
PID 1556 wrote to memory of 1136	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	87
PID 1556 wrote to memory of 1136	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	87
PID 1556 wrote to memory of 1168	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	88
PID 1556 wrote to memory of 1168	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	88
PID 1556 wrote to memory of 2020	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	89
PID 1556 wrote to memory of 2020	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	89
PID 1556 wrote to memory of 1768	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	90
PID 1556 wrote to memory of 1768	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	90
PID 1556 wrote to memory of 2684	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	91
PID 1556 wrote to memory of 2684	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	91
PID 1556 wrote to memory of 4808	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	92
PID 1556 wrote to memory of 4808	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	92
PID 1556 wrote to memory of 1020	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	93
PID 1556 wrote to memory of 1020	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	93
PID 1556 wrote to memory of 2084	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	94
PID 1556 wrote to memory of 2084	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	94
PID 1556 wrote to memory of 3196	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	95
PID 1556 wrote to memory of 3196	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	95
PID 1556 wrote to memory of 3392	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	96
PID 1556 wrote to memory of 3392	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	96
PID 1556 wrote to memory of 1692	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	97
PID 1556 wrote to memory of 1692	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	97
PID 1556 wrote to memory of 1380	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	98
PID 1556 wrote to memory of 1380	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	98
PID 1556 wrote to memory of 3576	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	99
PID 1556 wrote to memory of 3576	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	99
PID 1556 wrote to memory of 1440	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	100
PID 1556 wrote to memory of 1440	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	100
PID 1556 wrote to memory of 5032	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	101
PID 1556 wrote to memory of 5032	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	101
PID 1556 wrote to memory of 2924	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	102
PID 1556 wrote to memory of 2924	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	102
PID 1556 wrote to memory of 1012	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	103
PID 1556 wrote to memory of 1012	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	103
PID 1556 wrote to memory of 3416	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	104
PID 1556 wrote to memory of 3416	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	104
PID 1556 wrote to memory of 2028	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	105
PID 1556 wrote to memory of 2028	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	105
PID 1556 wrote to memory of 3968	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	106
PID 1556 wrote to memory of 3968	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	106
PID 1556 wrote to memory of 2560	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	107
PID 1556 wrote to memory of 2560	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	107
PID 1556 wrote to memory of 2168	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	108
PID 1556 wrote to memory of 2168	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	108
PID 1556 wrote to memory of 3892	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	109
PID 1556 wrote to memory of 3892	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	109
PID 1556 wrote to memory of 4612	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	110
PID 1556 wrote to memory of 4612	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	110
PID 1556 wrote to memory of 2516	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	111
PID 1556 wrote to memory of 2516	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	111
PID 1556 wrote to memory of 4120	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	112
PID 1556 wrote to memory of 4120	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	112
PID 1556 wrote to memory of 4152	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	113
PID 1556 wrote to memory of 4152	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	113
PID 1556 wrote to memory of 3184	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	114
PID 1556 wrote to memory of 3184	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	114
PID 1556 wrote to memory of 2544	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	115
PID 1556 wrote to memory of 2544	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	115
PID 1556 wrote to memory of 544	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	116
PID 1556 wrote to memory of 544	1556	513db3bf20aab32f4d49b358598f29a0_NEIKI.exe	116

C:\Users\Admin\AppData\Local\Temp\513db3bf20aab32f4d49b358598f29a0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\513db3bf20aab32f4d49b358598f29a0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\System\JPuoHJL.exe
  C:\Windows\System\JPuoHJL.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\zsyiRKX.exe
  C:\Windows\System\zsyiRKX.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\wqZhlbT.exe
  C:\Windows\System\wqZhlbT.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\YWKHsCH.exe
  C:\Windows\System\YWKHsCH.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\XCYPDaS.exe
  C:\Windows\System\XCYPDaS.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\CfqWEbF.exe
  C:\Windows\System\CfqWEbF.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\PNLkDZd.exe
  C:\Windows\System\PNLkDZd.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\XLreYXR.exe
  C:\Windows\System\XLreYXR.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\HTsHhdf.exe
  C:\Windows\System\HTsHhdf.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\sMFxsOU.exe
  C:\Windows\System\sMFxsOU.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\biTHMBs.exe
  C:\Windows\System\biTHMBs.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\ICIDYOh.exe
  C:\Windows\System\ICIDYOh.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\rRhXdyx.exe
  C:\Windows\System\rRhXdyx.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\NXdFNdm.exe
  C:\Windows\System\NXdFNdm.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\zaNOCVf.exe
  C:\Windows\System\zaNOCVf.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\EtBbJHD.exe
  C:\Windows\System\EtBbJHD.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ZOxdobG.exe
  C:\Windows\System\ZOxdobG.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\yVTOhod.exe
  C:\Windows\System\yVTOhod.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\IlwsNuu.exe
  C:\Windows\System\IlwsNuu.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\tpKRTsM.exe
  C:\Windows\System\tpKRTsM.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\ijBvjyH.exe
  C:\Windows\System\ijBvjyH.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\AoMAIhT.exe
  C:\Windows\System\AoMAIhT.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\HnpnXjU.exe
  C:\Windows\System\HnpnXjU.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\HYZETqF.exe
  C:\Windows\System\HYZETqF.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\nIWtEiE.exe
  C:\Windows\System\nIWtEiE.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\RMhZBcs.exe
  C:\Windows\System\RMhZBcs.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\nyzwyAD.exe
  C:\Windows\System\nyzwyAD.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\svOOWhE.exe
  C:\Windows\System\svOOWhE.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\ouOnlyp.exe
  C:\Windows\System\ouOnlyp.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\taFooBd.exe
  C:\Windows\System\taFooBd.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\IRebOsh.exe
  C:\Windows\System\IRebOsh.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\EeZwCyg.exe
  C:\Windows\System\EeZwCyg.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\UoYPvDN.exe
  C:\Windows\System\UoYPvDN.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\QAqqEse.exe
  C:\Windows\System\QAqqEse.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\VNuZobc.exe
  C:\Windows\System\VNuZobc.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\TDjCzQF.exe
  C:\Windows\System\TDjCzQF.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\Qoexkvz.exe
  C:\Windows\System\Qoexkvz.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\XsHBSIp.exe
  C:\Windows\System\XsHBSIp.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\XuCfHgb.exe
  C:\Windows\System\XuCfHgb.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\wYYRllA.exe
  C:\Windows\System\wYYRllA.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\XjhqjHb.exe
  C:\Windows\System\XjhqjHb.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\qEuMsOk.exe
  C:\Windows\System\qEuMsOk.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\sYRXOKz.exe
  C:\Windows\System\sYRXOKz.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\tkpoKtE.exe
  C:\Windows\System\tkpoKtE.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\szSHhmA.exe
  C:\Windows\System\szSHhmA.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\nqfwWRa.exe
  C:\Windows\System\nqfwWRa.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\tTCMyVx.exe
  C:\Windows\System\tTCMyVx.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\JkNaJnh.exe
  C:\Windows\System\JkNaJnh.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\ETfyWex.exe
  C:\Windows\System\ETfyWex.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\KroHFkR.exe
  C:\Windows\System\KroHFkR.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\pSqabqu.exe
  C:\Windows\System\pSqabqu.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\RWdTBYb.exe
  C:\Windows\System\RWdTBYb.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\zwNWeEf.exe
  C:\Windows\System\zwNWeEf.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\otKUZoA.exe
  C:\Windows\System\otKUZoA.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KfyAlbh.exe
  C:\Windows\System\KfyAlbh.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\OZcwpHm.exe
  C:\Windows\System\OZcwpHm.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\baZlYom.exe
  C:\Windows\System\baZlYom.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\CkXfCYX.exe
  C:\Windows\System\CkXfCYX.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\zvrrZus.exe
  C:\Windows\System\zvrrZus.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\CLcfboo.exe
  C:\Windows\System\CLcfboo.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\QVsMFoF.exe
  C:\Windows\System\QVsMFoF.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\DeiWufM.exe
  C:\Windows\System\DeiWufM.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\vmnPsBI.exe
  C:\Windows\System\vmnPsBI.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\kiwnIIk.exe
  C:\Windows\System\kiwnIIk.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\waRWJwG.exe
  C:\Windows\System\waRWJwG.exe
  2⤵
  PID:3204
- C:\Windows\System\bEwhtQd.exe
  C:\Windows\System\bEwhtQd.exe
  2⤵
  PID:4100
- C:\Windows\System\wQhZqxt.exe
  C:\Windows\System\wQhZqxt.exe
  2⤵
  PID:3024
- C:\Windows\System\vTjyjwt.exe
  C:\Windows\System\vTjyjwt.exe
  2⤵
  PID:4940
- C:\Windows\System\rfyxuDO.exe
  C:\Windows\System\rfyxuDO.exe
  2⤵
  PID:3440
- C:\Windows\System\VyOFZpM.exe
  C:\Windows\System\VyOFZpM.exe
  2⤵
  PID:4232
- C:\Windows\System\LJeWURe.exe
  C:\Windows\System\LJeWURe.exe
  2⤵
  PID:3428
- C:\Windows\System\ElnweTF.exe
  C:\Windows\System\ElnweTF.exe
  2⤵
  PID:224
- C:\Windows\System\AEDcfZr.exe
  C:\Windows\System\AEDcfZr.exe
  2⤵
  PID:3568
- C:\Windows\System\UgnqrkS.exe
  C:\Windows\System\UgnqrkS.exe
  2⤵
  PID:4488
- C:\Windows\System\SfSVWIp.exe
  C:\Windows\System\SfSVWIp.exe
  2⤵
  PID:1476
- C:\Windows\System\fVTosbh.exe
  C:\Windows\System\fVTosbh.exe
  2⤵
  PID:1852
- C:\Windows\System\wAZzurD.exe
  C:\Windows\System\wAZzurD.exe
  2⤵
  PID:4672
- C:\Windows\System\UMQtCCZ.exe
  C:\Windows\System\UMQtCCZ.exe
  2⤵
  PID:4460
- C:\Windows\System\LyGVdnY.exe
  C:\Windows\System\LyGVdnY.exe
  2⤵
  PID:4568
- C:\Windows\System\UgKVxhw.exe
  C:\Windows\System\UgKVxhw.exe
  2⤵
  PID:4200
- C:\Windows\System\banZoeZ.exe
  C:\Windows\System\banZoeZ.exe
  2⤵
  PID:436
- C:\Windows\System\JRVFVYX.exe
  C:\Windows\System\JRVFVYX.exe
  2⤵
  PID:2068
- C:\Windows\System\NZiaJlD.exe
  C:\Windows\System\NZiaJlD.exe
  2⤵
  PID:2932
- C:\Windows\System\IyFwjZw.exe
  C:\Windows\System\IyFwjZw.exe
  2⤵
  PID:1732
- C:\Windows\System\LeqJAEX.exe
  C:\Windows\System\LeqJAEX.exe
  2⤵
  PID:1932
- C:\Windows\System\poIkFzm.exe
  C:\Windows\System\poIkFzm.exe
  2⤵
  PID:424
- C:\Windows\System\rVvsRMG.exe
  C:\Windows\System\rVvsRMG.exe
  2⤵
  PID:1588
- C:\Windows\System\axJftpa.exe
  C:\Windows\System\axJftpa.exe
  2⤵
  PID:4956
- C:\Windows\System\DslUFPp.exe
  C:\Windows\System\DslUFPp.exe
  2⤵
  PID:1072
- C:\Windows\System\txwrZqY.exe
  C:\Windows\System\txwrZqY.exe
  2⤵
  PID:1568
- C:\Windows\System\ZcvTQvm.exe
  C:\Windows\System\ZcvTQvm.exe
  2⤵
  PID:4816
- C:\Windows\System\qhNWbvB.exe
  C:\Windows\System\qhNWbvB.exe
  2⤵
  PID:3116
- C:\Windows\System\EhKiRNT.exe
  C:\Windows\System\EhKiRNT.exe
  2⤵
  PID:1984
- C:\Windows\System\MJFPgbN.exe
  C:\Windows\System\MJFPgbN.exe
  2⤵
  PID:5148
- C:\Windows\System\ufaDomt.exe
  C:\Windows\System\ufaDomt.exe
  2⤵
  PID:5188
- C:\Windows\System\NIBJoKA.exe
  C:\Windows\System\NIBJoKA.exe
  2⤵
  PID:5224
- C:\Windows\System\yErCMtn.exe
  C:\Windows\System\yErCMtn.exe
  2⤵
  PID:5252
- C:\Windows\System\XCZMpFG.exe
  C:\Windows\System\XCZMpFG.exe
  2⤵
  PID:5268
- C:\Windows\System\tVocHty.exe
  C:\Windows\System\tVocHty.exe
  2⤵
  PID:5308
- C:\Windows\System\FxVTRop.exe
  C:\Windows\System\FxVTRop.exe
  2⤵
  PID:5352
- C:\Windows\System\OwQMNcM.exe
  C:\Windows\System\OwQMNcM.exe
  2⤵
  PID:5384
- C:\Windows\System\EUMpTBy.exe
  C:\Windows\System\EUMpTBy.exe
  2⤵
  PID:5424
- C:\Windows\System\ERHguxI.exe
  C:\Windows\System\ERHguxI.exe
  2⤵
  PID:5452
- C:\Windows\System\YHTxsdb.exe
  C:\Windows\System\YHTxsdb.exe
  2⤵
  PID:5480
- C:\Windows\System\QLjCWeD.exe
  C:\Windows\System\QLjCWeD.exe
  2⤵
  PID:5508
- C:\Windows\System\wcUxtxj.exe
  C:\Windows\System\wcUxtxj.exe
  2⤵
  PID:5540
- C:\Windows\System\wpMJymp.exe
  C:\Windows\System\wpMJymp.exe
  2⤵
  PID:5572
- C:\Windows\System\IKHljXA.exe
  C:\Windows\System\IKHljXA.exe
  2⤵
  PID:5608
- C:\Windows\System\MLHJONh.exe
  C:\Windows\System\MLHJONh.exe
  2⤵
  PID:5636
- C:\Windows\System\LCJYBiQ.exe
  C:\Windows\System\LCJYBiQ.exe
  2⤵
  PID:5660
- C:\Windows\System\sVLkVRs.exe
  C:\Windows\System\sVLkVRs.exe
  2⤵
  PID:5692
- C:\Windows\System\GfCEIvn.exe
  C:\Windows\System\GfCEIvn.exe
  2⤵
  PID:5724
- C:\Windows\System\EomjeUu.exe
  C:\Windows\System\EomjeUu.exe
  2⤵
  PID:5748
- C:\Windows\System\IxzNdvy.exe
  C:\Windows\System\IxzNdvy.exe
  2⤵
  PID:5768
- C:\Windows\System\WsGPyQa.exe
  C:\Windows\System\WsGPyQa.exe
  2⤵
  PID:5800
- C:\Windows\System\HINksHJ.exe
  C:\Windows\System\HINksHJ.exe
  2⤵
  PID:5844
- C:\Windows\System\uDihVvv.exe
  C:\Windows\System\uDihVvv.exe
  2⤵
  PID:5864
- C:\Windows\System\cfqGMgR.exe
  C:\Windows\System\cfqGMgR.exe
  2⤵
  PID:5900
- C:\Windows\System\mtwcjts.exe
  C:\Windows\System\mtwcjts.exe
  2⤵
  PID:5928
- C:\Windows\System\kxmRXFV.exe
  C:\Windows\System\kxmRXFV.exe
  2⤵
  PID:5956
- C:\Windows\System\TFHfXQL.exe
  C:\Windows\System\TFHfXQL.exe
  2⤵
  PID:5988
- C:\Windows\System\zFuVUkn.exe
  C:\Windows\System\zFuVUkn.exe
  2⤵
  PID:6028
- C:\Windows\System\ilOvGSP.exe
  C:\Windows\System\ilOvGSP.exe
  2⤵
  PID:6052
- C:\Windows\System\EUijJvx.exe
  C:\Windows\System\EUijJvx.exe
  2⤵
  PID:6076
- C:\Windows\System\TycCCRW.exe
  C:\Windows\System\TycCCRW.exe
  2⤵
  PID:6112
- C:\Windows\System\OYZdotv.exe
  C:\Windows\System\OYZdotv.exe
  2⤵
  PID:6140
- C:\Windows\System\nxcMSBq.exe
  C:\Windows\System\nxcMSBq.exe
  2⤵
  PID:5196
- C:\Windows\System\zUTtxlB.exe
  C:\Windows\System\zUTtxlB.exe
  2⤵
  PID:5204
- C:\Windows\System\kndbhYq.exe
  C:\Windows\System\kndbhYq.exe
  2⤵
  PID:5260
- C:\Windows\System\BARpDvL.exe
  C:\Windows\System\BARpDvL.exe
  2⤵
  PID:5288
- C:\Windows\System\cixfZqW.exe
  C:\Windows\System\cixfZqW.exe
  2⤵
  PID:5400
- C:\Windows\System\LnqBJPD.exe
  C:\Windows\System\LnqBJPD.exe
  2⤵
  PID:5488
- C:\Windows\System\CrEpZmQ.exe
  C:\Windows\System\CrEpZmQ.exe
  2⤵
  PID:5584
- C:\Windows\System\MfYaKLL.exe
  C:\Windows\System\MfYaKLL.exe
  2⤵
  PID:5652
- C:\Windows\System\EgxeQOg.exe
  C:\Windows\System\EgxeQOg.exe
  2⤵
  PID:5700
- C:\Windows\System\njzYRuj.exe
  C:\Windows\System\njzYRuj.exe
  2⤵
  PID:5756
- C:\Windows\System\WjfvnYL.exe
  C:\Windows\System\WjfvnYL.exe
  2⤵
  PID:5852
- C:\Windows\System\CsNQTFh.exe
  C:\Windows\System\CsNQTFh.exe
  2⤵
  PID:5888
- C:\Windows\System\fNnXMtn.exe
  C:\Windows\System\fNnXMtn.exe
  2⤵
  PID:5948
- C:\Windows\System\iPIRTNp.exe
  C:\Windows\System\iPIRTNp.exe
  2⤵
  PID:6008
- C:\Windows\System\PGznspq.exe
  C:\Windows\System\PGznspq.exe
  2⤵
  PID:6044
- C:\Windows\System\cCeUabv.exe
  C:\Windows\System\cCeUabv.exe
  2⤵
  PID:6136
- C:\Windows\System\cBUafJY.exe
  C:\Windows\System\cBUafJY.exe
  2⤵
  PID:5264
- C:\Windows\System\THiEuuy.exe
  C:\Windows\System\THiEuuy.exe
  2⤵
  PID:5460
- C:\Windows\System\RpybjGU.exe
  C:\Windows\System\RpybjGU.exe
  2⤵
  PID:5672
- C:\Windows\System\uBSOJeC.exe
  C:\Windows\System\uBSOJeC.exe
  2⤵
  PID:5784
- C:\Windows\System\BZzaAGe.exe
  C:\Windows\System\BZzaAGe.exe
  2⤵
  PID:5936
- C:\Windows\System\kBJuVJA.exe
  C:\Windows\System\kBJuVJA.exe
  2⤵
  PID:6100
- C:\Windows\System\cpWgxQU.exe
  C:\Windows\System\cpWgxQU.exe
  2⤵
  PID:5436
- C:\Windows\System\KrZzsyc.exe
  C:\Windows\System\KrZzsyc.exe
  2⤵
  PID:5856
- C:\Windows\System\vSwHwBZ.exe
  C:\Windows\System\vSwHwBZ.exe
  2⤵
  PID:5248
- C:\Windows\System\AjlbHyU.exe
  C:\Windows\System\AjlbHyU.exe
  2⤵
  PID:5532
- C:\Windows\System\UyGulXS.exe
  C:\Windows\System\UyGulXS.exe
  2⤵
  PID:6152
- C:\Windows\System\XuyeEyV.exe
  C:\Windows\System\XuyeEyV.exe
  2⤵
  PID:6168
- C:\Windows\System\aPZrHwG.exe
  C:\Windows\System\aPZrHwG.exe
  2⤵
  PID:6192
- C:\Windows\System\AZPKJKG.exe
  C:\Windows\System\AZPKJKG.exe
  2⤵
  PID:6212
- C:\Windows\System\CwYjHKK.exe
  C:\Windows\System\CwYjHKK.exe
  2⤵
  PID:6252
- C:\Windows\System\gTDZzlI.exe
  C:\Windows\System\gTDZzlI.exe
  2⤵
  PID:6292
- C:\Windows\System\hfcOlou.exe
  C:\Windows\System\hfcOlou.exe
  2⤵
  PID:6320
- C:\Windows\System\KKMDXRO.exe
  C:\Windows\System\KKMDXRO.exe
  2⤵
  PID:6340
- C:\Windows\System\EeEMYjP.exe
  C:\Windows\System\EeEMYjP.exe
  2⤵
  PID:6364
- C:\Windows\System\tpcuycI.exe
  C:\Windows\System\tpcuycI.exe
  2⤵
  PID:6404
- C:\Windows\System\AWdYGJB.exe
  C:\Windows\System\AWdYGJB.exe
  2⤵
  PID:6432
- C:\Windows\System\fulHmpA.exe
  C:\Windows\System\fulHmpA.exe
  2⤵
  PID:6460
- C:\Windows\System\SoWEiQj.exe
  C:\Windows\System\SoWEiQj.exe
  2⤵
  PID:6488
- C:\Windows\System\mavwXZC.exe
  C:\Windows\System\mavwXZC.exe
  2⤵
  PID:6516
- C:\Windows\System\BCmYHZK.exe
  C:\Windows\System\BCmYHZK.exe
  2⤵
  PID:6532
- C:\Windows\System\arcMryk.exe
  C:\Windows\System\arcMryk.exe
  2⤵
  PID:6572
- C:\Windows\System\OpyRwWf.exe
  C:\Windows\System\OpyRwWf.exe
  2⤵
  PID:6604
- C:\Windows\System\DYykvzA.exe
  C:\Windows\System\DYykvzA.exe
  2⤵
  PID:6628
- C:\Windows\System\SnZkjpE.exe
  C:\Windows\System\SnZkjpE.exe
  2⤵
  PID:6656
- C:\Windows\System\cvXxIRQ.exe
  C:\Windows\System\cvXxIRQ.exe
  2⤵
  PID:6676
- C:\Windows\System\vUPYRSr.exe
  C:\Windows\System\vUPYRSr.exe
  2⤵
  PID:6708
- C:\Windows\System\QsCPRbO.exe
  C:\Windows\System\QsCPRbO.exe
  2⤵
  PID:6748
- C:\Windows\System\fAenqFu.exe
  C:\Windows\System\fAenqFu.exe
  2⤵
  PID:6776
- C:\Windows\System\ryqcrFa.exe
  C:\Windows\System\ryqcrFa.exe
  2⤵
  PID:6804
- C:\Windows\System\QEerAuv.exe
  C:\Windows\System\QEerAuv.exe
  2⤵
  PID:6820
- C:\Windows\System\AnOAVQn.exe
  C:\Windows\System\AnOAVQn.exe
  2⤵
  PID:6844
- C:\Windows\System\JPBtuID.exe
  C:\Windows\System\JPBtuID.exe
  2⤵
  PID:6864
- C:\Windows\System\VQGQZhv.exe
  C:\Windows\System\VQGQZhv.exe
  2⤵
  PID:6896
- C:\Windows\System\QrqMNgp.exe
  C:\Windows\System\QrqMNgp.exe
  2⤵
  PID:6936
- C:\Windows\System\gKEHbEJ.exe
  C:\Windows\System\gKEHbEJ.exe
  2⤵
  PID:6972
- C:\Windows\System\SFXscCu.exe
  C:\Windows\System\SFXscCu.exe
  2⤵
  PID:6988
- C:\Windows\System\JFoUxRz.exe
  C:\Windows\System\JFoUxRz.exe
  2⤵
  PID:7028
- C:\Windows\System\UmWxApP.exe
  C:\Windows\System\UmWxApP.exe
  2⤵
  PID:7056
- C:\Windows\System\ryNFaRV.exe
  C:\Windows\System\ryNFaRV.exe
  2⤵
  PID:7088
- C:\Windows\System\ogVfXsY.exe
  C:\Windows\System\ogVfXsY.exe
  2⤵
  PID:7112
- C:\Windows\System\XrWCNGW.exe
  C:\Windows\System\XrWCNGW.exe
  2⤵
  PID:7128
- C:\Windows\System\cOJdvlY.exe
  C:\Windows\System\cOJdvlY.exe
  2⤵
  PID:7160
- C:\Windows\System\OBmqQHO.exe
  C:\Windows\System\OBmqQHO.exe
  2⤵
  PID:6208
- C:\Windows\System\ACzdqio.exe
  C:\Windows\System\ACzdqio.exe
  2⤵
  PID:6264
- C:\Windows\System\lGSbqxk.exe
  C:\Windows\System\lGSbqxk.exe
  2⤵
  PID:6392
- C:\Windows\System\hiObMEM.exe
  C:\Windows\System\hiObMEM.exe
  2⤵
  PID:6452
- C:\Windows\System\mEyrFlQ.exe
  C:\Windows\System\mEyrFlQ.exe
  2⤵
  PID:6512
- C:\Windows\System\SgxVIJv.exe
  C:\Windows\System\SgxVIJv.exe
  2⤵
  PID:6584
- C:\Windows\System\QVmLlmM.exe
  C:\Windows\System\QVmLlmM.exe
  2⤵
  PID:6648
- C:\Windows\System\XXlqJfs.exe
  C:\Windows\System\XXlqJfs.exe
  2⤵
  PID:6744
- C:\Windows\System\MGsjteR.exe
  C:\Windows\System\MGsjteR.exe
  2⤵
  PID:6880
- C:\Windows\System\ZIHyjKh.exe
  C:\Windows\System\ZIHyjKh.exe
  2⤵
  PID:6916
- C:\Windows\System\hBjxpKX.exe
  C:\Windows\System\hBjxpKX.exe
  2⤵
  PID:6980
- C:\Windows\System\xpVdKAS.exe
  C:\Windows\System\xpVdKAS.exe
  2⤵
  PID:7040
- C:\Windows\System\fMiLjse.exe
  C:\Windows\System\fMiLjse.exe
  2⤵
  PID:7108
- C:\Windows\System\iyhLzdg.exe
  C:\Windows\System\iyhLzdg.exe
  2⤵
  PID:6164
- C:\Windows\System\yWnVhDl.exe
  C:\Windows\System\yWnVhDl.exe
  2⤵
  PID:6304
- C:\Windows\System\dVaUHVr.exe
  C:\Windows\System\dVaUHVr.exe
  2⤵
  PID:6500
- C:\Windows\System\BrFPcgF.exe
  C:\Windows\System\BrFPcgF.exe
  2⤵
  PID:6624
- C:\Windows\System\BmITgzU.exe
  C:\Windows\System\BmITgzU.exe
  2⤵
  PID:6876
- C:\Windows\System\BOekXKP.exe
  C:\Windows\System\BOekXKP.exe
  2⤵
  PID:7044
- C:\Windows\System\HZrJhqu.exe
  C:\Windows\System\HZrJhqu.exe
  2⤵
  PID:6232
- C:\Windows\System\OBeHqmK.exe
  C:\Windows\System\OBeHqmK.exe
  2⤵
  PID:6556
- C:\Windows\System\waQCpmW.exe
  C:\Windows\System\waQCpmW.exe
  2⤵
  PID:7024
- C:\Windows\System\FmDouCX.exe
  C:\Windows\System\FmDouCX.exe
  2⤵
  PID:6856
- C:\Windows\System\XFusjDH.exe
  C:\Windows\System\XFusjDH.exe
  2⤵
  PID:6568
- C:\Windows\System\YcEGJsm.exe
  C:\Windows\System\YcEGJsm.exe
  2⤵
  PID:7192
- C:\Windows\System\zNVqTHb.exe
  C:\Windows\System\zNVqTHb.exe
  2⤵
  PID:7208
- C:\Windows\System\oRJERFs.exe
  C:\Windows\System\oRJERFs.exe
  2⤵
  PID:7248
- C:\Windows\System\dGADAsq.exe
  C:\Windows\System\dGADAsq.exe
  2⤵
  PID:7292
- C:\Windows\System\oLxyJoD.exe
  C:\Windows\System\oLxyJoD.exe
  2⤵
  PID:7320
- C:\Windows\System\JNkEKjb.exe
  C:\Windows\System\JNkEKjb.exe
  2⤵
  PID:7344
- C:\Windows\System\DDhpXJW.exe
  C:\Windows\System\DDhpXJW.exe
  2⤵
  PID:7360
- C:\Windows\System\yCTIcZw.exe
  C:\Windows\System\yCTIcZw.exe
  2⤵
  PID:7388
- C:\Windows\System\keuztAn.exe
  C:\Windows\System\keuztAn.exe
  2⤵
  PID:7424
- C:\Windows\System\UCbZYWl.exe
  C:\Windows\System\UCbZYWl.exe
  2⤵
  PID:7464
- C:\Windows\System\BYjabFd.exe
  C:\Windows\System\BYjabFd.exe
  2⤵
  PID:7484
- C:\Windows\System\LGfWqhs.exe
  C:\Windows\System\LGfWqhs.exe
  2⤵
  PID:7512
- C:\Windows\System\tniGdov.exe
  C:\Windows\System\tniGdov.exe
  2⤵
  PID:7548
- C:\Windows\System\JWPZBjJ.exe
  C:\Windows\System\JWPZBjJ.exe
  2⤵
  PID:7576
- C:\Windows\System\qECTSmc.exe
  C:\Windows\System\qECTSmc.exe
  2⤵
  PID:7616
- C:\Windows\System\ZVfqtGH.exe
  C:\Windows\System\ZVfqtGH.exe
  2⤵
  PID:7644
- C:\Windows\System\YbHzlNa.exe
  C:\Windows\System\YbHzlNa.exe
  2⤵
  PID:7660
- C:\Windows\System\aVmoPeS.exe
  C:\Windows\System\aVmoPeS.exe
  2⤵
  PID:7696
- C:\Windows\System\rXqfHaH.exe
  C:\Windows\System\rXqfHaH.exe
  2⤵
  PID:7728
- C:\Windows\System\VaXHcim.exe
  C:\Windows\System\VaXHcim.exe
  2⤵
  PID:7756
- C:\Windows\System\mQvvGPm.exe
  C:\Windows\System\mQvvGPm.exe
  2⤵
  PID:7776
- C:\Windows\System\TkjQgpB.exe
  C:\Windows\System\TkjQgpB.exe
  2⤵
  PID:7812
- C:\Windows\System\kSkRLbo.exe
  C:\Windows\System\kSkRLbo.exe
  2⤵
  PID:7828
- C:\Windows\System\UBHQAin.exe
  C:\Windows\System\UBHQAin.exe
  2⤵
  PID:7848
- C:\Windows\System\pgLxtVc.exe
  C:\Windows\System\pgLxtVc.exe
  2⤵
  PID:7872
- C:\Windows\System\eyHtWFj.exe
  C:\Windows\System\eyHtWFj.exe
  2⤵
  PID:7904
- C:\Windows\System\xWVYXJX.exe
  C:\Windows\System\xWVYXJX.exe
  2⤵
  PID:7932
- C:\Windows\System\JlwOpET.exe
  C:\Windows\System\JlwOpET.exe
  2⤵
  PID:7976
- C:\Windows\System\rBYsbkP.exe
  C:\Windows\System\rBYsbkP.exe
  2⤵
  PID:8012
- C:\Windows\System\XZcNHzW.exe
  C:\Windows\System\XZcNHzW.exe
  2⤵
  PID:8040
- C:\Windows\System\gTJPKIQ.exe
  C:\Windows\System\gTJPKIQ.exe
  2⤵
  PID:8068
- C:\Windows\System\wmaBBQd.exe
  C:\Windows\System\wmaBBQd.exe
  2⤵
  PID:8096
- C:\Windows\System\gIgwUFJ.exe
  C:\Windows\System\gIgwUFJ.exe
  2⤵
  PID:8112
- C:\Windows\System\HnISosg.exe
  C:\Windows\System\HnISosg.exe
  2⤵
  PID:8160
- C:\Windows\System\ZZlrgjt.exe
  C:\Windows\System\ZZlrgjt.exe
  2⤵
  PID:8180
- C:\Windows\System\iJUGEeX.exe
  C:\Windows\System\iJUGEeX.exe
  2⤵
  PID:7188
- C:\Windows\System\VHLGhcM.exe
  C:\Windows\System\VHLGhcM.exe
  2⤵
  PID:7232
- C:\Windows\System\NrzNQMP.exe
  C:\Windows\System\NrzNQMP.exe
  2⤵
  PID:7276
- C:\Windows\System\ipYxEJG.exe
  C:\Windows\System\ipYxEJG.exe
  2⤵
  PID:7328
- C:\Windows\System\MbplRcd.exe
  C:\Windows\System\MbplRcd.exe
  2⤵
  PID:7372
- C:\Windows\System\abkjLKt.exe
  C:\Windows\System\abkjLKt.exe
  2⤵
  PID:7432
- C:\Windows\System\iiPxxGy.exe
  C:\Windows\System\iiPxxGy.exe
  2⤵
  PID:7480
- C:\Windows\System\tkxPces.exe
  C:\Windows\System\tkxPces.exe
  2⤵
  PID:7560
- C:\Windows\System\avtKdcz.exe
  C:\Windows\System\avtKdcz.exe
  2⤵
  PID:3816
- C:\Windows\System\mFSZTZx.exe
  C:\Windows\System\mFSZTZx.exe
  2⤵
  PID:7720
- C:\Windows\System\TXcxsOT.exe
  C:\Windows\System\TXcxsOT.exe
  2⤵
  PID:7800
- C:\Windows\System\FEZYcpG.exe
  C:\Windows\System\FEZYcpG.exe
  2⤵
  PID:7856
- C:\Windows\System\rIyopGt.exe
  C:\Windows\System\rIyopGt.exe
  2⤵
  PID:7924
- C:\Windows\System\JERDHcv.exe
  C:\Windows\System\JERDHcv.exe
  2⤵
  PID:7992
- C:\Windows\System\nWaRwHi.exe
  C:\Windows\System\nWaRwHi.exe
  2⤵
  PID:8056
- C:\Windows\System\VzmSVpo.exe
  C:\Windows\System\VzmSVpo.exe
  2⤵
  PID:8152
- C:\Windows\System\zpRbYQV.exe
  C:\Windows\System\zpRbYQV.exe
  2⤵
  PID:7176
- C:\Windows\System\TcrjAFl.exe
  C:\Windows\System\TcrjAFl.exe
  2⤵
  PID:7300
- C:\Windows\System\MoWUbCx.exe
  C:\Windows\System\MoWUbCx.exe
  2⤵
  PID:7384
- C:\Windows\System\HsvAeJk.exe
  C:\Windows\System\HsvAeJk.exe
  2⤵
  PID:7352
- C:\Windows\System\lkwuKUa.exe
  C:\Windows\System\lkwuKUa.exe
  2⤵
  PID:7764
- C:\Windows\System\DCpEBpn.exe
  C:\Windows\System\DCpEBpn.exe
  2⤵
  PID:7952
- C:\Windows\System\TVKqsBs.exe
  C:\Windows\System\TVKqsBs.exe
  2⤵
  PID:8088
- C:\Windows\System\llBpabc.exe
  C:\Windows\System\llBpabc.exe
  2⤵
  PID:7376
- C:\Windows\System\LIpuFGR.exe
  C:\Windows\System\LIpuFGR.exe
  2⤵
  PID:3812
- C:\Windows\System\YCfSABl.exe
  C:\Windows\System\YCfSABl.exe
  2⤵
  PID:7868
- C:\Windows\System\FmFwCXs.exe
  C:\Windows\System\FmFwCXs.exe
  2⤵
  PID:7740
- C:\Windows\System\rNncdbC.exe
  C:\Windows\System\rNncdbC.exe
  2⤵
  PID:7200
- C:\Windows\System\lUSGmUr.exe
  C:\Windows\System\lUSGmUr.exe
  2⤵
  PID:8200
- C:\Windows\System\PvRgKTw.exe
  C:\Windows\System\PvRgKTw.exe
  2⤵
  PID:8224
- C:\Windows\System\oSlogsA.exe
  C:\Windows\System\oSlogsA.exe
  2⤵
  PID:8256
- C:\Windows\System\UXoeZiK.exe
  C:\Windows\System\UXoeZiK.exe
  2⤵
  PID:8284
- C:\Windows\System\DEIYJNa.exe
  C:\Windows\System\DEIYJNa.exe
  2⤵
  PID:8312
- C:\Windows\System\HMvYKhX.exe
  C:\Windows\System\HMvYKhX.exe
  2⤵
  PID:8344
- C:\Windows\System\zsiWmwb.exe
  C:\Windows\System\zsiWmwb.exe
  2⤵
  PID:8384
- C:\Windows\System\nwuWvQm.exe
  C:\Windows\System\nwuWvQm.exe
  2⤵
  PID:8408
- C:\Windows\System\JRwzDaD.exe
  C:\Windows\System\JRwzDaD.exe
  2⤵
  PID:8424
- C:\Windows\System\kDXriqR.exe
  C:\Windows\System\kDXriqR.exe
  2⤵
  PID:8452
- C:\Windows\System\MSQGDVZ.exe
  C:\Windows\System\MSQGDVZ.exe
  2⤵
  PID:8488
- C:\Windows\System\XfRzbIu.exe
  C:\Windows\System\XfRzbIu.exe
  2⤵
  PID:8520
- C:\Windows\System\WwGOGzU.exe
  C:\Windows\System\WwGOGzU.exe
  2⤵
  PID:8548
- C:\Windows\System\YplfoHL.exe
  C:\Windows\System\YplfoHL.exe
  2⤵
  PID:8576
- C:\Windows\System\ZXPLRnk.exe
  C:\Windows\System\ZXPLRnk.exe
  2⤵
  PID:8596
- C:\Windows\System\ytZdEPK.exe
  C:\Windows\System\ytZdEPK.exe
  2⤵
  PID:8628
- C:\Windows\System\WxPYPXZ.exe
  C:\Windows\System\WxPYPXZ.exe
  2⤵
  PID:8652
- C:\Windows\System\npBIOia.exe
  C:\Windows\System\npBIOia.exe
  2⤵
  PID:8692
- C:\Windows\System\tjEDauv.exe
  C:\Windows\System\tjEDauv.exe
  2⤵
  PID:8720
- C:\Windows\System\DLnXDIX.exe
  C:\Windows\System\DLnXDIX.exe
  2⤵
  PID:8736
- C:\Windows\System\oBJRrmt.exe
  C:\Windows\System\oBJRrmt.exe
  2⤵
  PID:8752
- C:\Windows\System\TAgohFl.exe
  C:\Windows\System\TAgohFl.exe
  2⤵
  PID:8792
- C:\Windows\System\biomesU.exe
  C:\Windows\System\biomesU.exe
  2⤵
  PID:8824
- C:\Windows\System\RafLxpD.exe
  C:\Windows\System\RafLxpD.exe
  2⤵
  PID:8848
- C:\Windows\System\QyDwvos.exe
  C:\Windows\System\QyDwvos.exe
  2⤵
  PID:8888
- C:\Windows\System\TWbirGV.exe
  C:\Windows\System\TWbirGV.exe
  2⤵
  PID:8912
- C:\Windows\System\uWdapid.exe
  C:\Windows\System\uWdapid.exe
  2⤵
  PID:8932
- C:\Windows\System\fttCnPW.exe
  C:\Windows\System\fttCnPW.exe
  2⤵
  PID:8968
- C:\Windows\System\LpnMwKT.exe
  C:\Windows\System\LpnMwKT.exe
  2⤵
  PID:9008
- C:\Windows\System\dkStNdc.exe
  C:\Windows\System\dkStNdc.exe
  2⤵
  PID:9024
- C:\Windows\System\YwfFEHn.exe
  C:\Windows\System\YwfFEHn.exe
  2⤵
  PID:9052
- C:\Windows\System\srdFpHN.exe
  C:\Windows\System\srdFpHN.exe
  2⤵
  PID:9092
- C:\Windows\System\biyPCay.exe
  C:\Windows\System\biyPCay.exe
  2⤵
  PID:9108
- C:\Windows\System\pQmTbFE.exe
  C:\Windows\System\pQmTbFE.exe
  2⤵
  PID:9144
- C:\Windows\System\MrSHmFR.exe
  C:\Windows\System\MrSHmFR.exe
  2⤵
  PID:9176
- C:\Windows\System\oZGMsbK.exe
  C:\Windows\System\oZGMsbK.exe
  2⤵
  PID:9196
- C:\Windows\System\tzayLaz.exe
  C:\Windows\System\tzayLaz.exe
  2⤵
  PID:8216
- C:\Windows\System\uMdEsit.exe
  C:\Windows\System\uMdEsit.exe
  2⤵
  PID:8304
- C:\Windows\System\suFICan.exe
  C:\Windows\System\suFICan.exe
  2⤵
  PID:8352
- C:\Windows\System\uoLOVUK.exe
  C:\Windows\System\uoLOVUK.exe
  2⤵
  PID:8400
- C:\Windows\System\uAFeAEy.exe
  C:\Windows\System\uAFeAEy.exe
  2⤵
  PID:8440
- C:\Windows\System\TAsbFYv.exe
  C:\Windows\System\TAsbFYv.exe
  2⤵
  PID:8532
- C:\Windows\System\AbpwSef.exe
  C:\Windows\System\AbpwSef.exe
  2⤵
  PID:8604
- C:\Windows\System\krDovOq.exe
  C:\Windows\System\krDovOq.exe
  2⤵
  PID:8616
- C:\Windows\System\kyqkVMx.exe
  C:\Windows\System\kyqkVMx.exe
  2⤵
  PID:8688
- C:\Windows\System\EFGMiHB.exe
  C:\Windows\System\EFGMiHB.exe
  2⤵
  PID:8744
- C:\Windows\System\CJGdlFU.exe
  C:\Windows\System\CJGdlFU.exe
  2⤵
  PID:8828
- C:\Windows\System\PSpUhvW.exe
  C:\Windows\System\PSpUhvW.exe
  2⤵
  PID:8896
- C:\Windows\System\RZCLPEU.exe
  C:\Windows\System\RZCLPEU.exe
  2⤵
  PID:8960
- C:\Windows\System\ezwWrbw.exe
  C:\Windows\System\ezwWrbw.exe
  2⤵
  PID:9036
- C:\Windows\System\aHbcwQa.exe
  C:\Windows\System\aHbcwQa.exe
  2⤵
  PID:9072
- C:\Windows\System\AZFRuWP.exe
  C:\Windows\System\AZFRuWP.exe
  2⤵
  PID:9124
- C:\Windows\System\DieEkcw.exe
  C:\Windows\System\DieEkcw.exe
  2⤵
  PID:9188
- C:\Windows\System\ikcVloi.exe
  C:\Windows\System\ikcVloi.exe
  2⤵
  PID:8276
- C:\Windows\System\VirarSJ.exe
  C:\Windows\System\VirarSJ.exe
  2⤵
  PID:8496
- C:\Windows\System\MApaNfP.exe
  C:\Windows\System\MApaNfP.exe
  2⤵
  PID:8640
- C:\Windows\System\JTSuaxS.exe
  C:\Windows\System\JTSuaxS.exe
  2⤵
  PID:8748
- C:\Windows\System\xbgZAfo.exe
  C:\Windows\System\xbgZAfo.exe
  2⤵
  PID:8816
- C:\Windows\System\hmNluUH.exe
  C:\Windows\System\hmNluUH.exe
  2⤵
  PID:9004
- C:\Windows\System\LtMjkmv.exe
  C:\Windows\System\LtMjkmv.exe
  2⤵
  PID:9168
- C:\Windows\System\TceGAnT.exe
  C:\Windows\System\TceGAnT.exe
  2⤵
  PID:8572
- C:\Windows\System\RanJGFN.exe
  C:\Windows\System\RanJGFN.exe
  2⤵
  PID:8928
- C:\Windows\System\tvmXPjs.exe
  C:\Windows\System\tvmXPjs.exe
  2⤵
  PID:2196
- C:\Windows\System\xbowcks.exe
  C:\Windows\System\xbowcks.exe
  2⤵
  PID:8372
- C:\Windows\System\NsNARie.exe
  C:\Windows\System\NsNARie.exe
  2⤵
  PID:2032
- C:\Windows\System\fwfRZlt.exe
  C:\Windows\System\fwfRZlt.exe
  2⤵
  PID:9232
- C:\Windows\System\mNypzmu.exe
  C:\Windows\System\mNypzmu.exe
  2⤵
  PID:9260
- C:\Windows\System\leLpheF.exe
  C:\Windows\System\leLpheF.exe
  2⤵
  PID:9280
- C:\Windows\System\asmnZmW.exe
  C:\Windows\System\asmnZmW.exe
  2⤵
  PID:9316
- C:\Windows\System\xWATHDx.exe
  C:\Windows\System\xWATHDx.exe
  2⤵
  PID:9336
- C:\Windows\System\AnsliDM.exe
  C:\Windows\System\AnsliDM.exe
  2⤵
  PID:9376
- C:\Windows\System\XKwDSIm.exe
  C:\Windows\System\XKwDSIm.exe
  2⤵
  PID:9392
- C:\Windows\System\foKvuxX.exe
  C:\Windows\System\foKvuxX.exe
  2⤵
  PID:9420
- C:\Windows\System\KfKPRIT.exe
  C:\Windows\System\KfKPRIT.exe
  2⤵
  PID:9436
- C:\Windows\System\RtXPTfw.exe
  C:\Windows\System\RtXPTfw.exe
  2⤵
  PID:9460
- C:\Windows\System\rJbEkhB.exe
  C:\Windows\System\rJbEkhB.exe
  2⤵
  PID:9492
- C:\Windows\System\GtAuyBY.exe
  C:\Windows\System\GtAuyBY.exe
  2⤵
  PID:9512
- C:\Windows\System\SUuVjsK.exe
  C:\Windows\System\SUuVjsK.exe
  2⤵
  PID:9540
- C:\Windows\System\ITQieVs.exe
  C:\Windows\System\ITQieVs.exe
  2⤵
  PID:9564
- C:\Windows\System\mIGftcl.exe
  C:\Windows\System\mIGftcl.exe
  2⤵
  PID:9592
- C:\Windows\System\mKHcrtB.exe
  C:\Windows\System\mKHcrtB.exe
  2⤵
  PID:9620
- C:\Windows\System\TGNxNjt.exe
  C:\Windows\System\TGNxNjt.exe
  2⤵
  PID:9652
- C:\Windows\System\YPrsbbX.exe
  C:\Windows\System\YPrsbbX.exe
  2⤵
  PID:9684
- C:\Windows\System\lEgpIQQ.exe
  C:\Windows\System\lEgpIQQ.exe
  2⤵
  PID:9720
- C:\Windows\System\cputMib.exe
  C:\Windows\System\cputMib.exe
  2⤵
  PID:9744
- C:\Windows\System\HocaxVv.exe
  C:\Windows\System\HocaxVv.exe
  2⤵
  PID:9772
- C:\Windows\System\toktZZI.exe
  C:\Windows\System\toktZZI.exe
  2⤵
  PID:9812
- C:\Windows\System\vhgRlcV.exe
  C:\Windows\System\vhgRlcV.exe
  2⤵
  PID:9828
- C:\Windows\System\zfHLnIn.exe
  C:\Windows\System\zfHLnIn.exe
  2⤵
  PID:9860
- C:\Windows\System\RukWkEK.exe
  C:\Windows\System\RukWkEK.exe
  2⤵
  PID:9888
- C:\Windows\System\zodvqmN.exe
  C:\Windows\System\zodvqmN.exe
  2⤵
  PID:9912
- C:\Windows\System\TZflgYm.exe
  C:\Windows\System\TZflgYm.exe
  2⤵
  PID:9944
- C:\Windows\System\NfgGHEb.exe
  C:\Windows\System\NfgGHEb.exe
  2⤵
  PID:9972
- C:\Windows\System\FOwzQZn.exe
  C:\Windows\System\FOwzQZn.exe
  2⤵
  PID:10008
- C:\Windows\System\HTtDOCl.exe
  C:\Windows\System\HTtDOCl.exe
  2⤵
  PID:10040
- C:\Windows\System\ABDieOF.exe
  C:\Windows\System\ABDieOF.exe
  2⤵
  PID:10064
- C:\Windows\System\FiJaAqh.exe
  C:\Windows\System\FiJaAqh.exe
  2⤵
  PID:10080
- C:\Windows\System\fulNCGU.exe
  C:\Windows\System\fulNCGU.exe
  2⤵
  PID:10096
- C:\Windows\System\WVKQXLW.exe
  C:\Windows\System\WVKQXLW.exe
  2⤵
  PID:10136
- C:\Windows\System\lhrBMmQ.exe
  C:\Windows\System\lhrBMmQ.exe
  2⤵
  PID:10164
- C:\Windows\System\kOntwbO.exe
  C:\Windows\System\kOntwbO.exe
  2⤵
  PID:10180
- C:\Windows\System\pBaTMVA.exe
  C:\Windows\System\pBaTMVA.exe
  2⤵
  PID:10208
- C:\Windows\System\axKTJGB.exe
  C:\Windows\System\axKTJGB.exe
  2⤵
  PID:9100
- C:\Windows\System\XuUOZTK.exe
  C:\Windows\System\XuUOZTK.exe
  2⤵
  PID:9272
- C:\Windows\System\clwgIqq.exe
  C:\Windows\System\clwgIqq.exe
  2⤵
  PID:9372
- C:\Windows\System\AiKmRbZ.exe
  C:\Windows\System\AiKmRbZ.exe
  2⤵
  PID:9428
- C:\Windows\System\fLUqenY.exe
  C:\Windows\System\fLUqenY.exe
  2⤵
  PID:9472
- C:\Windows\System\WlVKeIa.exe
  C:\Windows\System\WlVKeIa.exe
  2⤵
  PID:9532
- C:\Windows\System\eDxhsFW.exe
  C:\Windows\System\eDxhsFW.exe
  2⤵
  PID:9632
- C:\Windows\System\VqipCfS.exe
  C:\Windows\System\VqipCfS.exe
  2⤵
  PID:1908
- C:\Windows\System\MIIvmib.exe
  C:\Windows\System\MIIvmib.exe
  2⤵
  PID:9700
- C:\Windows\System\WqOfJbK.exe
  C:\Windows\System\WqOfJbK.exe
  2⤵
  PID:9792
- C:\Windows\System\bxGnUvs.exe
  C:\Windows\System\bxGnUvs.exe
  2⤵
  PID:9844
- C:\Windows\System\ERMIGOd.exe
  C:\Windows\System\ERMIGOd.exe
  2⤵
  PID:9924
- C:\Windows\System\FKFNrgC.exe
  C:\Windows\System\FKFNrgC.exe
  2⤵
  PID:9988
- C:\Windows\System\CXXdPlz.exe
  C:\Windows\System\CXXdPlz.exe
  2⤵
  PID:10032
- C:\Windows\System\LixwDwS.exe
  C:\Windows\System\LixwDwS.exe
  2⤵
  PID:10116
- C:\Windows\System\fVgXgZQ.exe
  C:\Windows\System\fVgXgZQ.exe
  2⤵
  PID:10156
- C:\Windows\System\dEHJwMe.exe
  C:\Windows\System\dEHJwMe.exe
  2⤵
  PID:10204
- C:\Windows\System\qOwPbeW.exe
  C:\Windows\System\qOwPbeW.exe
  2⤵
  PID:10236
- C:\Windows\System\GGHffoU.exe
  C:\Windows\System\GGHffoU.exe
  2⤵
  PID:9480
- C:\Windows\System\QKAhmEd.exe
  C:\Windows\System\QKAhmEd.exe
  2⤵
  PID:9612
- C:\Windows\System\ExqTiiB.exe
  C:\Windows\System\ExqTiiB.exe
  2⤵
  PID:9732
- C:\Windows\System\tUvOUAs.exe
  C:\Windows\System\tUvOUAs.exe
  2⤵
  PID:4520
- C:\Windows\System\nLjJVjM.exe
  C:\Windows\System\nLjJVjM.exe
  2⤵
  PID:9896
- C:\Windows\System\dvCClkO.exe
  C:\Windows\System\dvCClkO.exe
  2⤵
  PID:10108
- C:\Windows\System\EcCHFFJ.exe
  C:\Windows\System\EcCHFFJ.exe
  2⤵
  PID:9648
- C:\Windows\System\zCnXAdf.exe
  C:\Windows\System\zCnXAdf.exe
  2⤵
  PID:9900
- C:\Windows\System\gEcohbV.exe
  C:\Windows\System\gEcohbV.exe
  2⤵
  PID:10192
- C:\Windows\System\LDPdGUu.exe
  C:\Windows\System\LDPdGUu.exe
  2⤵
  PID:9276
- C:\Windows\System\FqhlhIv.exe
  C:\Windows\System\FqhlhIv.exe
  2⤵
  PID:10244
- C:\Windows\System\qoZdOHi.exe
  C:\Windows\System\qoZdOHi.exe
  2⤵
  PID:10272
- C:\Windows\System\xTVKwvZ.exe
  C:\Windows\System\xTVKwvZ.exe
  2⤵
  PID:10300
- C:\Windows\System\CrKeCwd.exe
  C:\Windows\System\CrKeCwd.exe
  2⤵
  PID:10328
- C:\Windows\System\jGFCngW.exe
  C:\Windows\System\jGFCngW.exe
  2⤵
  PID:10380
- C:\Windows\System\cPEfzbi.exe
  C:\Windows\System\cPEfzbi.exe
  2⤵
  PID:10400
- C:\Windows\System\ILzXGvq.exe
  C:\Windows\System\ILzXGvq.exe
  2⤵
  PID:10424
- C:\Windows\System\wtOBiXd.exe
  C:\Windows\System\wtOBiXd.exe
  2⤵
  PID:10452
- C:\Windows\System\OpnTeSG.exe
  C:\Windows\System\OpnTeSG.exe
  2⤵
  PID:10480
- C:\Windows\System\icBrpQt.exe
  C:\Windows\System\icBrpQt.exe
  2⤵
  PID:10512
- C:\Windows\System\zjvpErP.exe
  C:\Windows\System\zjvpErP.exe
  2⤵
  PID:10544
- C:\Windows\System\aPokDYK.exe
  C:\Windows\System\aPokDYK.exe
  2⤵
  PID:10572
- C:\Windows\System\FAcLDNd.exe
  C:\Windows\System\FAcLDNd.exe
  2⤵
  PID:10600
- C:\Windows\System\HxorEJr.exe
  C:\Windows\System\HxorEJr.exe
  2⤵
  PID:10620
- C:\Windows\System\oPLZjBa.exe
  C:\Windows\System\oPLZjBa.exe
  2⤵
  PID:10660
- C:\Windows\System\PEuJYkw.exe
  C:\Windows\System\PEuJYkw.exe
  2⤵
  PID:10680
- C:\Windows\System\HoJJTof.exe
  C:\Windows\System\HoJJTof.exe
  2⤵
  PID:10716
- C:\Windows\System\ngUrCSI.exe
  C:\Windows\System\ngUrCSI.exe
  2⤵
  PID:10748
- C:\Windows\System\lkDgEml.exe
  C:\Windows\System\lkDgEml.exe
  2⤵
  PID:10780
- C:\Windows\System\JRgldDG.exe
  C:\Windows\System\JRgldDG.exe
  2⤵
  PID:10808
- C:\Windows\System\aGZYMDG.exe
  C:\Windows\System\aGZYMDG.exe
  2⤵
  PID:10836
- C:\Windows\System\JeSCkSY.exe
  C:\Windows\System\JeSCkSY.exe
  2⤵
  PID:10856
- C:\Windows\System\wguKwpk.exe
  C:\Windows\System\wguKwpk.exe
  2⤵
  PID:10872
- C:\Windows\System\UkLlblv.exe
  C:\Windows\System\UkLlblv.exe
  2⤵
  PID:10900
- C:\Windows\System\oxjeCXy.exe
  C:\Windows\System\oxjeCXy.exe
  2⤵
  PID:10936
- C:\Windows\System\FAWBeaj.exe
  C:\Windows\System\FAWBeaj.exe
  2⤵
  PID:10976
- C:\Windows\System\oLnyzTS.exe
  C:\Windows\System\oLnyzTS.exe
  2⤵
  PID:10996
- C:\Windows\System\EZZjvXn.exe
  C:\Windows\System\EZZjvXn.exe
  2⤵
  PID:11036
- C:\Windows\System\ltzNNrZ.exe
  C:\Windows\System\ltzNNrZ.exe
  2⤵
  PID:11060
- C:\Windows\System\xuXPutR.exe
  C:\Windows\System\xuXPutR.exe
  2⤵
  PID:11088
- C:\Windows\System\ZOISqIy.exe
  C:\Windows\System\ZOISqIy.exe
  2⤵
  PID:11120
- C:\Windows\System\ybtPGLa.exe
  C:\Windows\System\ybtPGLa.exe
  2⤵
  PID:11152
- C:\Windows\System\lFscOFn.exe
  C:\Windows\System\lFscOFn.exe
  2⤵
  PID:11172
- C:\Windows\System\EKHQNaE.exe
  C:\Windows\System\EKHQNaE.exe
  2⤵
  PID:11200
- C:\Windows\System\PfFvcRx.exe
  C:\Windows\System\PfFvcRx.exe
  2⤵
  PID:11232
- C:\Windows\System\jnTElTo.exe
  C:\Windows\System\jnTElTo.exe
  2⤵
  PID:9956
- C:\Windows\System\iAEBcBw.exe
  C:\Windows\System\iAEBcBw.exe
  2⤵
  PID:696
- C:\Windows\System\MpvWczB.exe
  C:\Windows\System\MpvWczB.exe
  2⤵
  PID:9308
- C:\Windows\System\jSfoMDP.exe
  C:\Windows\System\jSfoMDP.exe
  2⤵
  PID:10292
- C:\Windows\System\bPlIUVj.exe
  C:\Windows\System\bPlIUVj.exe
  2⤵
  PID:10388
- C:\Windows\System\fxVMhsY.exe
  C:\Windows\System\fxVMhsY.exe
  2⤵
  PID:10444
- C:\Windows\System\CoiCqkH.exe
  C:\Windows\System\CoiCqkH.exe
  2⤵
  PID:10492
- C:\Windows\System\JjZtNZr.exe
  C:\Windows\System\JjZtNZr.exe
  2⤵
  PID:10552
- C:\Windows\System\ZuVDOtZ.exe
  C:\Windows\System\ZuVDOtZ.exe
  2⤵
  PID:10640
- C:\Windows\System\wLKGnWb.exe
  C:\Windows\System\wLKGnWb.exe
  2⤵
  PID:10728
- C:\Windows\System\xsploey.exe
  C:\Windows\System\xsploey.exe
  2⤵
  PID:10736
- C:\Windows\System\PaKZzwa.exe
  C:\Windows\System\PaKZzwa.exe
  2⤵
  PID:10816
- C:\Windows\System\vxGibha.exe
  C:\Windows\System\vxGibha.exe
  2⤵
  PID:10852
- C:\Windows\System\ZKtpAFq.exe
  C:\Windows\System\ZKtpAFq.exe
  2⤵
  PID:10960
- C:\Windows\System\DaRiViF.exe
  C:\Windows\System\DaRiViF.exe
  2⤵
  PID:11004
- C:\Windows\System\koVnQQQ.exe
  C:\Windows\System\koVnQQQ.exe
  2⤵
  PID:11084
- C:\Windows\System\aBUzmYI.exe
  C:\Windows\System\aBUzmYI.exe
  2⤵
  PID:11168
- C:\Windows\System\PGgmRYV.exe
  C:\Windows\System\PGgmRYV.exe
  2⤵
  PID:11196
- C:\Windows\System\kONwTwM.exe
  C:\Windows\System\kONwTwM.exe
  2⤵
  PID:10264
- C:\Windows\System\XRQYMpv.exe
  C:\Windows\System\XRQYMpv.exe
  2⤵
  PID:10320
- C:\Windows\System\HcdAGOt.exe
  C:\Windows\System\HcdAGOt.exe
  2⤵
  PID:10048
- C:\Windows\System\YjZUKlU.exe
  C:\Windows\System\YjZUKlU.exe
  2⤵
  PID:10564
- C:\Windows\System\Jctfzsz.exe
  C:\Windows\System\Jctfzsz.exe
  2⤵
  PID:10788
- C:\Windows\System\sofDJPF.exe
  C:\Windows\System\sofDJPF.exe
  2⤵
  PID:4184
- C:\Windows\System\rIdAtxJ.exe
  C:\Windows\System\rIdAtxJ.exe
  2⤵
  PID:11144
- C:\Windows\System\lUWoctT.exe
  C:\Windows\System\lUWoctT.exe
  2⤵
  PID:10076
- C:\Windows\System\jgAZkug.exe
  C:\Windows\System\jgAZkug.exe
  2⤵
  PID:10616
- C:\Windows\System\REXMSCf.exe
  C:\Windows\System\REXMSCf.exe
  2⤵
  PID:10896
- C:\Windows\System\fxIEGLX.exe
  C:\Windows\System\fxIEGLX.exe
  2⤵
  PID:11044
- C:\Windows\System\IelEmOj.exe
  C:\Windows\System\IelEmOj.exe
  2⤵
  PID:10744
- C:\Windows\System\ReDjLjY.exe
  C:\Windows\System\ReDjLjY.exe
  2⤵
  PID:11276
- C:\Windows\System\xHqAxkI.exe
  C:\Windows\System\xHqAxkI.exe
  2⤵
  PID:11308
- C:\Windows\System\xAzLlrm.exe
  C:\Windows\System\xAzLlrm.exe
  2⤵
  PID:11332
- C:\Windows\System\ZVurhwW.exe
  C:\Windows\System\ZVurhwW.exe
  2⤵
  PID:11352
- C:\Windows\System\CJRybyN.exe
  C:\Windows\System\CJRybyN.exe
  2⤵
  PID:11392
- C:\Windows\System\rqEeCet.exe
  C:\Windows\System\rqEeCet.exe
  2⤵
  PID:11408
- C:\Windows\System\WdkDaGC.exe
  C:\Windows\System\WdkDaGC.exe
  2⤵
  PID:11448
- C:\Windows\System\oMRBIhl.exe
  C:\Windows\System\oMRBIhl.exe
  2⤵
  PID:11484
- C:\Windows\System\nyCjjBz.exe
  C:\Windows\System\nyCjjBz.exe
  2⤵
  PID:11504
- C:\Windows\System\IDgnpGu.exe
  C:\Windows\System\IDgnpGu.exe
  2⤵
  PID:11532
- C:\Windows\System\ZdVQcZz.exe
  C:\Windows\System\ZdVQcZz.exe
  2⤵
  PID:11564
- C:\Windows\System\NBcYRgs.exe
  C:\Windows\System\NBcYRgs.exe
  2⤵
  PID:11596
- C:\Windows\System\gAIzeil.exe
  C:\Windows\System\gAIzeil.exe
  2⤵
  PID:11616
- C:\Windows\System\JUnXXwJ.exe
  C:\Windows\System\JUnXXwJ.exe
  2⤵
  PID:11644
- C:\Windows\System\QxtEkhD.exe
  C:\Windows\System\QxtEkhD.exe
  2⤵
  PID:11680
- C:\Windows\System\HczppZG.exe
  C:\Windows\System\HczppZG.exe
  2⤵
  PID:11712
- C:\Windows\System\mhoPBiE.exe
  C:\Windows\System\mhoPBiE.exe
  2⤵
  PID:11740
- C:\Windows\System\mBaPHSn.exe
  C:\Windows\System\mBaPHSn.exe
  2⤵
  PID:11764
- C:\Windows\System\ahkVaja.exe
  C:\Windows\System\ahkVaja.exe
  2⤵
  PID:11792
- C:\Windows\System\ZYkxYEG.exe
  C:\Windows\System\ZYkxYEG.exe
  2⤵
  PID:11812
- C:\Windows\System\LGCWmZK.exe
  C:\Windows\System\LGCWmZK.exe
  2⤵
  PID:11868
- C:\Windows\System\oFhmuKK.exe
  C:\Windows\System\oFhmuKK.exe
  2⤵
  PID:11892
- C:\Windows\System\cxbIJLT.exe
  C:\Windows\System\cxbIJLT.exe
  2⤵
  PID:11908
- C:\Windows\System\OvGNFcq.exe
  C:\Windows\System\OvGNFcq.exe
  2⤵
  PID:11936
- C:\Windows\System\vYcWUzb.exe
  C:\Windows\System\vYcWUzb.exe
  2⤵
  PID:11964
- C:\Windows\System\URPKPdF.exe
  C:\Windows\System\URPKPdF.exe
  2⤵
  PID:11984
- C:\Windows\System\WYmPPuR.exe
  C:\Windows\System\WYmPPuR.exe
  2⤵
  PID:12028
- C:\Windows\System\hsRdwaH.exe
  C:\Windows\System\hsRdwaH.exe
  2⤵
  PID:12060
- C:\Windows\System\jlUOpQF.exe
  C:\Windows\System\jlUOpQF.exe
  2⤵
  PID:12096
- C:\Windows\System\QWSXxgw.exe
  C:\Windows\System\QWSXxgw.exe
  2⤵
  PID:12128
- C:\Windows\System\tJMHWsh.exe
  C:\Windows\System\tJMHWsh.exe
  2⤵
  PID:12172
- C:\Windows\System\kEXqpvr.exe
  C:\Windows\System\kEXqpvr.exe
  2⤵
  PID:12196
- C:\Windows\System\TCbUXNh.exe
  C:\Windows\System\TCbUXNh.exe
  2⤵
  PID:12212
- C:\Windows\System\grdYKSY.exe
  C:\Windows\System\grdYKSY.exe
  2⤵
  PID:12240
- C:\Windows\System\MwcpSnm.exe
  C:\Windows\System\MwcpSnm.exe
  2⤵
  PID:12272
- C:\Windows\System\hzsDsNp.exe
  C:\Windows\System\hzsDsNp.exe
  2⤵
  PID:10420
- C:\Windows\System\SjTpVSI.exe
  C:\Windows\System\SjTpVSI.exe
  2⤵
  PID:11340
- C:\Windows\System\ywuRcpp.exe
  C:\Windows\System\ywuRcpp.exe
  2⤵
  PID:11400
- C:\Windows\System\CmdNaQM.exe
  C:\Windows\System\CmdNaQM.exe
  2⤵
  PID:11460
- C:\Windows\System\LRIEuIE.exe
  C:\Windows\System\LRIEuIE.exe
  2⤵
  PID:11548
- C:\Windows\System\NbPSSDO.exe
  C:\Windows\System\NbPSSDO.exe
  2⤵
  PID:2464
- C:\Windows\System\ptKdpmU.exe
  C:\Windows\System\ptKdpmU.exe
  2⤵
  PID:11660
- C:\Windows\System\DrghziF.exe
  C:\Windows\System\DrghziF.exe
  2⤵
  PID:11756
- C:\Windows\System\zOEOaXZ.exe
  C:\Windows\System\zOEOaXZ.exe
  2⤵
  PID:11808
- C:\Windows\System\RpemaJa.exe
  C:\Windows\System\RpemaJa.exe
  2⤵
  PID:11840
- C:\Windows\System\FbuzGgW.exe
  C:\Windows\System\FbuzGgW.exe
  2⤵
  PID:11932
- C:\Windows\System\SLmuDIe.exe
  C:\Windows\System\SLmuDIe.exe
  2⤵
  PID:11992
- C:\Windows\System\mJHpgGZ.exe
  C:\Windows\System\mJHpgGZ.exe
  2⤵
  PID:12056
- C:\Windows\System\NUDlEtt.exe
  C:\Windows\System\NUDlEtt.exe
  2⤵
  PID:12188
- C:\Windows\System\SwbVUYu.exe
  C:\Windows\System\SwbVUYu.exe
  2⤵
  PID:12232
- C:\Windows\System\FKUAmdx.exe
  C:\Windows\System\FKUAmdx.exe
  2⤵
  PID:11268
- C:\Windows\System\ABbTgeh.exe
  C:\Windows\System\ABbTgeh.exe
  2⤵
  PID:11372
- C:\Windows\System\LxwPGPd.exe
  C:\Windows\System\LxwPGPd.exe
  2⤵
  PID:11524
- C:\Windows\System\qMAvmUk.exe
  C:\Windows\System\qMAvmUk.exe
  2⤵
  PID:11544
- C:\Windows\System\LjgSeQh.exe
  C:\Windows\System\LjgSeQh.exe
  2⤵
  PID:11688
- C:\Windows\System\AeVkbES.exe
  C:\Windows\System\AeVkbES.exe
  2⤵
  PID:11900
- C:\Windows\System\Dkndoxb.exe
  C:\Windows\System\Dkndoxb.exe
  2⤵
  PID:12084
- C:\Windows\System\WYQwAoG.exe
  C:\Windows\System\WYQwAoG.exe
  2⤵
  PID:12280
- C:\Windows\System\spQTxYG.exe
  C:\Windows\System\spQTxYG.exe
  2⤵
  PID:11348
- C:\Windows\System\hxdjIXM.exe
  C:\Windows\System\hxdjIXM.exe
  2⤵
  PID:11736
- C:\Windows\System\GgKWmkm.exe
  C:\Windows\System\GgKWmkm.exe
  2⤵
  PID:12092
- C:\Windows\System\tAxibjW.exe
  C:\Windows\System\tAxibjW.exe
  2⤵
  PID:12296
- C:\Windows\System\JwfiVej.exe
  C:\Windows\System\JwfiVej.exe
  2⤵
  PID:12328
- C:\Windows\System\HrDCqMb.exe
  C:\Windows\System\HrDCqMb.exe
  2⤵
  PID:12352
- C:\Windows\System\SpthtZF.exe
  C:\Windows\System\SpthtZF.exe
  2⤵
  PID:12400
- C:\Windows\System\CydVsOe.exe
  C:\Windows\System\CydVsOe.exe
  2⤵
  PID:12420
- C:\Windows\System\vaPFATh.exe
  C:\Windows\System\vaPFATh.exe
  2⤵
  PID:12444
- C:\Windows\System\Bdfivxk.exe
  C:\Windows\System\Bdfivxk.exe
  2⤵
  PID:12476
- C:\Windows\System\UyhpyKb.exe
  C:\Windows\System\UyhpyKb.exe
  2⤵
  PID:12504
- C:\Windows\System\AGwZLMP.exe
  C:\Windows\System\AGwZLMP.exe
  2⤵
  PID:12520
- C:\Windows\System\RHIAZZb.exe
  C:\Windows\System\RHIAZZb.exe
  2⤵
  PID:12544
- C:\Windows\System\nRlfpTO.exe
  C:\Windows\System\nRlfpTO.exe
  2⤵
  PID:12564
- C:\Windows\System\UprXeFv.exe
  C:\Windows\System\UprXeFv.exe
  2⤵
  PID:12588
- C:\Windows\System\GiXAQpN.exe
  C:\Windows\System\GiXAQpN.exe
  2⤵
  PID:12620
- C:\Windows\System\rYSatMz.exe
  C:\Windows\System\rYSatMz.exe
  2⤵
  PID:12660
- C:\Windows\System\UyDnEkR.exe
  C:\Windows\System\UyDnEkR.exe
  2⤵
  PID:12692
- C:\Windows\System\qKSyjju.exe
  C:\Windows\System\qKSyjju.exe
  2⤵
  PID:12716
- C:\Windows\System\ppeuttd.exe
  C:\Windows\System\ppeuttd.exe
  2⤵
  PID:12732
- C:\Windows\System\FENWgSN.exe
  C:\Windows\System\FENWgSN.exe
  2⤵
  PID:12760
- C:\Windows\System\AKgAKCS.exe
  C:\Windows\System\AKgAKCS.exe
  2⤵
  PID:12796
- C:\Windows\System\cdTMoYf.exe
  C:\Windows\System\cdTMoYf.exe
  2⤵
  PID:12828
- C:\Windows\System\cJTdwqc.exe
  C:\Windows\System\cJTdwqc.exe
  2⤵
  PID:12864
- C:\Windows\System\GCsGgCw.exe
  C:\Windows\System\GCsGgCw.exe
  2⤵
  PID:12888
- C:\Windows\System\nTwjYsP.exe
  C:\Windows\System\nTwjYsP.exe
  2⤵
  PID:12904
- C:\Windows\System\PvvtmLH.exe
  C:\Windows\System\PvvtmLH.exe
  2⤵
  PID:12944
- C:\Windows\System\GOrQgQO.exe
  C:\Windows\System\GOrQgQO.exe
  2⤵
  PID:12968
- C:\Windows\System\ITFidFP.exe
  C:\Windows\System\ITFidFP.exe
  2⤵
  PID:13004
- C:\Windows\System\NUPTutq.exe
  C:\Windows\System\NUPTutq.exe
  2⤵
  PID:13032
- C:\Windows\System\iAaIDWY.exe
  C:\Windows\System\iAaIDWY.exe
  2⤵
  PID:13068
- C:\Windows\System\ItpVFYU.exe
  C:\Windows\System\ItpVFYU.exe
  2⤵
  PID:13096
- C:\Windows\System\OzrxbYJ.exe
  C:\Windows\System\OzrxbYJ.exe
  2⤵
  PID:13120
- C:\Windows\System\AYKmkri.exe
  C:\Windows\System\AYKmkri.exe
  2⤵
  PID:13140
- C:\Windows\System\ROHFSow.exe
  C:\Windows\System\ROHFSow.exe
  2⤵
  PID:13172
- C:\Windows\System\JakJMaU.exe
  C:\Windows\System\JakJMaU.exe
  2⤵
  PID:13196
- C:\Windows\System\UOgHQJD.exe
  C:\Windows\System\UOgHQJD.exe
  2⤵
  PID:13220
- C:\Windows\System\okkgJJv.exe
  C:\Windows\System\okkgJJv.exe
  2⤵
  PID:13256
- C:\Windows\System\wfCBduY.exe
  C:\Windows\System\wfCBduY.exe
  2⤵
  PID:13284
- C:\Windows\System\VJmhHPS.exe
  C:\Windows\System\VJmhHPS.exe
  2⤵
  PID:11496
- C:\Windows\System\bmAwYdC.exe
  C:\Windows\System\bmAwYdC.exe
  2⤵
  PID:11860
- C:\Windows\System\viRCRks.exe
  C:\Windows\System\viRCRks.exe
  2⤵
  PID:12340
- C:\Windows\System\RTRzNSH.exe
  C:\Windows\System\RTRzNSH.exe
  2⤵
  PID:12452
- C:\Windows\System\bxcuJKi.exe
  C:\Windows\System\bxcuJKi.exe
  2⤵
  PID:12496
- C:\Windows\System\JjQaaLw.exe
  C:\Windows\System\JjQaaLw.exe
  2⤵
  PID:12516
- C:\Windows\System\YTEgSlw.exe
  C:\Windows\System\YTEgSlw.exe
  2⤵
  PID:12560
- C:\Windows\System\rmEzDDu.exe
  C:\Windows\System\rmEzDDu.exe
  2⤵
  PID:12640
- C:\Windows\System\BYxsYCN.exe
  C:\Windows\System\BYxsYCN.exe
  2⤵
  PID:12680
- C:\Windows\System\QEGNxMP.exe
  C:\Windows\System\QEGNxMP.exe
  2⤵
  PID:12816
- C:\Windows\System\FFJfZjc.exe
  C:\Windows\System\FFJfZjc.exe
  2⤵
  PID:12744
- C:\Windows\System\hbMPmRN.exe
  C:\Windows\System\hbMPmRN.exe
  2⤵
  PID:12840
- C:\Windows\System\KxELdiP.exe
  C:\Windows\System\KxELdiP.exe
  2⤵
  PID:12896
- C:\Windows\System\SvvCqna.exe
  C:\Windows\System\SvvCqna.exe
  2⤵
  PID:12960
- C:\Windows\System\HCSAmwI.exe
  C:\Windows\System\HCSAmwI.exe
  2⤵
  PID:13044
- C:\Windows\System\PXUAcTi.exe
  C:\Windows\System\PXUAcTi.exe
  2⤵
  PID:13092
- C:\Windows\System\AjDWzNP.exe
  C:\Windows\System\AjDWzNP.exe
  2⤵
  PID:13160
- C:\Windows\System\JKvVapk.exe
  C:\Windows\System\JKvVapk.exe
  2⤵
  PID:13192
- C:\Windows\System\HPzKGyT.exe
  C:\Windows\System\HPzKGyT.exe
  2⤵
  PID:13252
- C:\Windows\System\zloijab.exe
  C:\Windows\System\zloijab.exe
  2⤵
  PID:12012
- C:\Windows\System\IwAvwJr.exe
  C:\Windows\System\IwAvwJr.exe
  2⤵
  PID:12580
- C:\Windows\System\ElZDMyZ.exe
  C:\Windows\System\ElZDMyZ.exe
  2⤵
  PID:12556
- C:\Windows\System\BMmsUDD.exe
  C:\Windows\System\BMmsUDD.exe
  2⤵
  PID:12628
- C:\Windows\System\sgJrhtJ.exe
  C:\Windows\System\sgJrhtJ.exe
  2⤵
  PID:13108
- C:\Windows\System\AVTZZlS.exe
  C:\Windows\System\AVTZZlS.exe
  2⤵
  PID:13112
- C:\Windows\System\zavkmJZ.exe
  C:\Windows\System\zavkmJZ.exe
  2⤵
  PID:12364
- C:\Windows\System\TXMSkfy.exe
  C:\Windows\System\TXMSkfy.exe
  2⤵
  PID:4528
- C:\Windows\System\rSFTWVD.exe
  C:\Windows\System\rSFTWVD.exe
  2⤵
  PID:12584
- C:\Windows\System\MAndwLu.exe
  C:\Windows\System\MAndwLu.exe
  2⤵
  PID:3764
- C:\Windows\System\TWMzrxf.exe
  C:\Windows\System\TWMzrxf.exe
  2⤵
  PID:3108
- C:\Windows\System\oDbcIGv.exe
  C:\Windows\System\oDbcIGv.exe
  2⤵
  PID:688
- C:\Windows\System\DYqxrlC.exe
  C:\Windows\System\DYqxrlC.exe
  2⤵
  PID:13324
- C:\Windows\System\jDJRDTA.exe
  C:\Windows\System\jDJRDTA.exe
  2⤵
  PID:13356
- C:\Windows\System\YoToYyl.exe
  C:\Windows\System\YoToYyl.exe
  2⤵
  PID:13392
- C:\Windows\System\QgbCmpE.exe
  C:\Windows\System\QgbCmpE.exe
  2⤵
  PID:13424
- C:\Windows\System\LJVanGu.exe
  C:\Windows\System\LJVanGu.exe
  2⤵
  PID:13456
- C:\Windows\System\ZhFZkgW.exe
  C:\Windows\System\ZhFZkgW.exe
  2⤵
  PID:13484
- C:\Windows\System\lnRgHos.exe
  C:\Windows\System\lnRgHos.exe
  2⤵
  PID:13504
- C:\Windows\System\OoyUEKI.exe
  C:\Windows\System\OoyUEKI.exe
  2⤵
  PID:13532
- C:\Windows\System\OATaNSw.exe
  C:\Windows\System\OATaNSw.exe
  2⤵
  PID:13548
- C:\Windows\System\hrTQCbz.exe
  C:\Windows\System\hrTQCbz.exe
  2⤵
  PID:13572
- C:\Windows\System\vHucbSg.exe
  C:\Windows\System\vHucbSg.exe
  2⤵
  PID:13592
- C:\Windows\System\FPSXrvj.exe
  C:\Windows\System\FPSXrvj.exe
  2⤵
  PID:13640
- C:\Windows\System\FxRAiVP.exe
  C:\Windows\System\FxRAiVP.exe
  2⤵
  PID:13656
- C:\Windows\System\ISlafrT.exe
  C:\Windows\System\ISlafrT.exe
  2⤵
  PID:13684
- C:\Windows\System\Phzvmbu.exe
  C:\Windows\System\Phzvmbu.exe
  2⤵
  PID:13716
- C:\Windows\System\aOKTKnk.exe
  C:\Windows\System\aOKTKnk.exe
  2⤵
  PID:13752
- C:\Windows\System\VCrKTtX.exe
  C:\Windows\System\VCrKTtX.exe
  2⤵
  PID:13780
- C:\Windows\System\ayCqsLt.exe
  C:\Windows\System\ayCqsLt.exe
  2⤵
  PID:13812
- C:\Windows\System\UHnhOac.exe
  C:\Windows\System\UHnhOac.exe
  2⤵
  PID:13836
- C:\Windows\System\opnOlNS.exe
  C:\Windows\System\opnOlNS.exe
  2⤵
  PID:13864
- C:\Windows\System\LfGPZqo.exe
  C:\Windows\System\LfGPZqo.exe
  2⤵
  PID:13884
- C:\Windows\System\TUFejAD.exe
  C:\Windows\System\TUFejAD.exe
  2⤵
  PID:13920
- C:\Windows\System\FsEmUza.exe
  C:\Windows\System\FsEmUza.exe
  2⤵
  PID:13956
- C:\Windows\System\UOOLCqx.exe
  C:\Windows\System\UOOLCqx.exe
  2⤵
  PID:13996
- C:\Windows\System\FoPTPLS.exe
  C:\Windows\System\FoPTPLS.exe
  2⤵
  PID:14028
- C:\Windows\System\YThbFPC.exe
  C:\Windows\System\YThbFPC.exe
  2⤵
  PID:14048
- C:\Windows\System\NizwUcC.exe
  C:\Windows\System\NizwUcC.exe
  2⤵
  PID:14064
- C:\Windows\System\OrzMYCz.exe
  C:\Windows\System\OrzMYCz.exe
  2⤵
  PID:14100
- C:\Windows\System\sVYnOXP.exe
  C:\Windows\System\sVYnOXP.exe
  2⤵
  PID:14136
- C:\Windows\System\hGWtoep.exe
  C:\Windows\System\hGWtoep.exe
  2⤵
  PID:14168
- C:\Windows\System\MUtuFfo.exe
  C:\Windows\System\MUtuFfo.exe
  2⤵
  PID:14200
- C:\Windows\System\dXedBkT.exe
  C:\Windows\System\dXedBkT.exe
  2⤵
  PID:14228
- C:\Windows\System\HQNcEpQ.exe
  C:\Windows\System\HQNcEpQ.exe
  2⤵
  PID:14252
- C:\Windows\System\KZFJHZc.exe
  C:\Windows\System\KZFJHZc.exe
  2⤵
  PID:14284
- C:\Windows\System\pQszyNX.exe
  C:\Windows\System\pQszyNX.exe
  2⤵
  PID:14324
- C:\Windows\System\YuJmaBw.exe
  C:\Windows\System\YuJmaBw.exe
  2⤵
  PID:3696
- C:\Windows\System\ItJIkGR.exe
  C:\Windows\System\ItJIkGR.exe
  2⤵
  PID:12808
- C:\Windows\System\uHORnFI.exe
  C:\Windows\System\uHORnFI.exe
  2⤵
  PID:13444
- C:\Windows\System\xegxhCV.exe
  C:\Windows\System\xegxhCV.exe
  2⤵
  PID:13512
- C:\Windows\System\NHCaweP.exe
  C:\Windows\System\NHCaweP.exe
  2⤵
  PID:13472
- C:\Windows\System\ThouRuI.exe
  C:\Windows\System\ThouRuI.exe
  2⤵
  PID:13580
- C:\Windows\System\qeWFJXV.exe
  C:\Windows\System\qeWFJXV.exe
  2⤵
  PID:13728
- C:\Windows\System\jltGHlv.exe
  C:\Windows\System\jltGHlv.exe
  2⤵
  PID:13696
- C:\Windows\System\iEKFEFG.exe
  C:\Windows\System\iEKFEFG.exe
  2⤵
  PID:13804
- C:\Windows\System\yUoCAgo.exe
  C:\Windows\System\yUoCAgo.exe
  2⤵
  PID:13736
- C:\Windows\System\GqLARSO.exe
  C:\Windows\System\GqLARSO.exe
  2⤵
  PID:13860
- C:\Windows\System\KBiAwWi.exe
  C:\Windows\System\KBiAwWi.exe
  2⤵
  PID:13972
- C:\Windows\System\xebFTZK.exe
  C:\Windows\System\xebFTZK.exe
  2⤵
  PID:14120
- C:\Windows\System\ryFwUGh.exe
  C:\Windows\System\ryFwUGh.exe
  2⤵
  PID:14196
- C:\Windows\System\OfQvgFk.exe
  C:\Windows\System\OfQvgFk.exe
  2⤵
  PID:14272
- C:\Windows\System\ZHCsSeJ.exe
  C:\Windows\System\ZHCsSeJ.exe
  2⤵
  PID:13304
- C:\Windows\System\zsLcNyW.exe
  C:\Windows\System\zsLcNyW.exe
  2⤵
  PID:13628

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AoMAIhT.exe

Filesize
2.4MB

MD5
fce064af48f5c76bcde3f6a0549bb865

SHA1
e6a3eb32c7f1fb173643da594a87144295a17699

SHA256
060916829deb1fe5e5d951e5a34f4a370bd4e2eec9bde8957c9e621aba48f56f

SHA512
4b9e5aa07841012cf1da90ae45d4b8b5851a9d864613dcb98f56b1182dc2788bc63d9eafe0c13329a732f0745ca200d389caa34487bba7e3d6656f1515cf6df3

Download Submit
C:\Windows\System\CfqWEbF.exe

Filesize
2.4MB

MD5
a48e9837ffda1854d3f8ab2affb6f14c

SHA1
2fb7a0b7e21fb504bf9bfd143149681fc6fd5c68

SHA256
c542636c4771b9596ae38913510fa8016c4709b6cc7e5a3d1fcd95a4cce924db

SHA512
348762199f78d6901446f297014ee9fd5b0ea35d69323f0becc61ab38e6bbdcbf08cb91f85e258cc0e2b783101f2c6ce6314bb251f275e9f5b5d3cbb2c61a0e0

Download Submit
C:\Windows\System\EeZwCyg.exe

Filesize
2.4MB

MD5
6f46ccd088df1dc504d4438085ac359d

SHA1
e869198b6636a786b7c2d46abee6a42a14cc6f7a

SHA256
12ac8bb28937510d88400e497b4088a39c505104b8d00e84abc522fc7588f74a

SHA512
5490ace3e7ce9eb6b1e17f18f78299d2526d2aed7254eeca3144d8356c7abd771d3702d9b44f0e6a8c2a9c87881cc37eb0b72972cc9c645d992c17534f749f93

Download Submit
C:\Windows\System\EtBbJHD.exe

Filesize
2.4MB

MD5
563ccc3728f4a73310c10262581b2612

SHA1
f64e7c20e038e3de435dc69f337b8eb4cef65e29

SHA256
ef21225f66a6606b93c6093e522aeeb28eb79ebf7926e1038ecb5c4614363448

SHA512
c872e6676a0ddde5cf44b8f857a551768a8d6207e9d84514ff6df66d274e7164b14ccacec52249cffe85963a27d5e1c5d2e40ec7546365f667e0d8b5f6b37bda

Download Submit
C:\Windows\System\HTsHhdf.exe

Filesize
2.4MB

MD5
99cb7b09b946895bedf869dde8542fdf

SHA1
56d0cdd57568b27dc4a201b271e52d07a5a692a7

SHA256
b88c3d031a487b8b380d68f75c1c3f43d5a9b3e7293498876f17d59e237b208c

SHA512
26584705ff8a915cd4b92497644847573c6f4209b9474fbd14d89c9d2794e6868a60a21835033a45d51010cdd3183b82a7b2ef4f01d7b982c49564a2b2daf9c6

Download Submit
C:\Windows\System\HYZETqF.exe

Filesize
2.4MB

MD5
13ed3f342b9dab46d8fb120d09e487dc

SHA1
f977938501d11202290bf3ad68a8d6a6a07b8a4c

SHA256
794bf9431e0bb37f0e7146abb15125ac13dae9226cde16e707092201e3e593a5

SHA512
9885f1bfbcd7fd57d8329b47ba4091161c4268b2c77e09e256b99969ada4c598738bd6d266228d99cc95af0b60de3bcdb01a243b20a681b38b0fdd616b304d9c

Download Submit
C:\Windows\System\HnpnXjU.exe

Filesize
2.4MB

MD5
6e1598f35dd283a3c5f259a92e57cb7d

SHA1
392798fc776f02ab098069e1390812d3d8021e04

SHA256
8e077270807b1387b10bb9180021691046eee3a58c2e1aadbbcefce9c0669ead

SHA512
8b621490e8dc0c0dbf3904969f92629266a71e547e5a0e6048a36681c614849dca097876923fdc719053e766d4ab36bcd1f0de0c75d6a6621a2710e26a35b373

Download Submit
C:\Windows\System\ICIDYOh.exe

Filesize
2.4MB

MD5
13522a2de1d7b93acec32cae81272455

SHA1
23c7d2b9d02cc538e16cde638adbb8b9b053eefb

SHA256
236f1ea253d2226c953df87e1575b75ed64e31bf2332212b6fef87d345288252

SHA512
d10ada8fe4bafd82747d1cb29f6bd92b200c5ed6b7d10683e9af836946cc5be377300d26b151f6289315cd5b931b7ab2766a70267a35d388cf0704bd461e1474

Download Submit
C:\Windows\System\IRebOsh.exe

Filesize
2.4MB

MD5
7656511506f75ec4d2f57c3045014bcb

SHA1
37e64770058076e951c4b34857d3cf5cece49414

SHA256
a60315b20343e376c17f8d77a64c9744c3554c3a3e890e4649ad0c942dbe2318

SHA512
959e644c42cf6458ac63af5164dfa20914a4d26c0d7af1f5ff89335d5d474a7507149e117766db00fdd283333c2611088e21b4193b199ada1e9aaf6f882c0a05

Download Submit
C:\Windows\System\IlwsNuu.exe

Filesize
2.4MB

MD5
673ec73f32852be562c0b933c119d707

SHA1
491755f856748163e36520314f5fc8c3080b09d2

SHA256
9f855d05044f601e2c1b897a6827f3ae42f70d492b697b3ce14afb5b776af2e4

SHA512
259e9035e4c40adb74b4f557abf59811ace5520a7342dfb8ddd7e5043615943741e8144c8214997fa5d880e4e58bd6d979417fdf5ac37615ab845025952bf2fc

Download Submit
C:\Windows\System\JPuoHJL.exe

Filesize
2.4MB

MD5
fd83959d663d8f659fbcfe89ec1eb733

SHA1
4a5d6262b488668a471d67898350d67f1ceb568e

SHA256
a47ebcf91ed82e9394fc3fdaf364cc29c6bf7ddfcb9c8af57f3e9e8648fc7917

SHA512
5115c26ec26b72a501bd45d23869ca7c9c74e44bbd04fe95fe0d12e3dab93fb5c36013d69349110e3183e2171799faed9bdcb8388188d5160e3b787736654e33

Download Submit
C:\Windows\System\NXdFNdm.exe

Filesize
2.4MB

MD5
d05531d971f7147c26413e2db5172632

SHA1
889353010065c926554fc58eb37985fa297a53b9

SHA256
7b8ce6ee99cd23a6c65331b3f2a101d0fe016531bd0e69f7d83c060b6e68d8d8

SHA512
5e17a1a81bead2ff93e33c80e938409387c291c1c1fe235195b31fe64b5b71b2ccd740d066c0c416fdb4cab02f65ae072aac21f657222fe4955229b11fdd476b

Download Submit
C:\Windows\System\PNLkDZd.exe

Filesize
2.4MB

MD5
da441a8596657330900882d96302c536

SHA1
d8a57be01fa96c42f273a48825eddb1523a21f7b

SHA256
b3ede0b4eabf237c70c10c666c800122e2bc20831f61c9fb9633141386f5473c

SHA512
5c465775362fa14c65fe000b95eeb068646ae62898c1ede387391cd08f98e4ea693e7defaa74dd18f7acab6fb2f27d1f736072ef67fba0933af2ab6809f4cd98

Download Submit
C:\Windows\System\QAqqEse.exe

Filesize
2.4MB

MD5
2fac075a710777cb310ba1d4ae3573b9

SHA1
2cb69b0659146d9384cf48ea5a87fe8321187fed

SHA256
a085dd7eba0cb76e2e5224434b5e613336d7c4ebea31e812d0e55a0140e6ea43

SHA512
3974061e74c1ce8ecb52b8ba068e37e14cc0de3f141f3163bde73ba078a784a665fe378b914ca53c20e432d740f7e291e08c19855f4df5034c5b71029ec98a40

Download Submit
C:\Windows\System\Qoexkvz.exe

Filesize
2.4MB

MD5
dfdcb68e0ea00f6b79f7cbd3ba257953

SHA1
1ff80aa78a3ba065fc9b37a8bc9a93fa264a15bd

SHA256
fa702195e5f1088930586458c27da111e5647de86a7c7da2e0ae00d17c81f550

SHA512
fbcb8f7ba68f3bfaab85b6bae78bb3a8acd0d9bf0397c8405314497293acb97a6ceaba98aff41e9a2fefe7aa1f133c8b4dca222593eef5a50653a0b1d638e244

Download Submit
C:\Windows\System\RMhZBcs.exe

Filesize
2.4MB

MD5
c045843f03359b80c7c350c913e33ecd

SHA1
3be1399c3f751f584682ef95c2d6ffbf913a6c0c

SHA256
cf3b19bfea772cc297c8ba6573df051d1967b62a61c0653058da9f32936eb2da

SHA512
474fce08a82f2bbb2d92982cd3fcb088f5394d6d76811ff168c884a97bb1eeffeccf219775f805d33d5e8081089655ff397987c1a84fc8ec166b9410d2bd5513

Download Submit
C:\Windows\System\TDjCzQF.exe

Filesize
2.4MB

MD5
ae7934ae2a04de36da636561368c4b7c

SHA1
8f767a1fa77bde58b46ef2b7e8639fbc9c9df5c9

SHA256
f8786416bedfa4cd579040e7ce5646f1d7b8d1dba449c77a8c84c24dbebd94fe

SHA512
0b8c05b0af76af5c6abf9589fc8ac032d14c9cbcfba3b2f147f727652f31331084e1c7edb903cb875545348c86b0b526a9a7a20b6b9e7c9dd50e2c2e55ae118a

Download Submit
C:\Windows\System\UoYPvDN.exe

Filesize
2.4MB

MD5
1c06ec929fdf505a29ca0bdd83c5876d

SHA1
57454af58d0adabda1efa4b29e37b327678ddf28

SHA256
7bddddcab495ca00944262932497507a8d94a502c29e933cfc69b980052b1e71

SHA512
1cc59a4defd4d73bc4e738cc95030da33105bd5205ab3dd673036032a9ac780fa974dd292fcadb0b488c86f40176b8fec8402fd25a78d8a5cfd8cfebffeeeabb

Download Submit
C:\Windows\System\VNuZobc.exe

Filesize
2.4MB

MD5
45a6246750fdfe65dad35301a983c81f

SHA1
722f8b0768b30a8b15705501d48335c1c2d56cdb

SHA256
0ceee8d2a6f0ca978a27919d974c2bce261229a20f365f3f48bf0115254c4da3

SHA512
518332902794beb2f7576e2d2d7378fce6fa3e625d13035087b768b8bcd7c170dbe768c86a9859263a9078bc4d187178ed9812b262349a6d082572d4f9d8e684

Download Submit
C:\Windows\System\XCYPDaS.exe

Filesize
2.4MB

MD5
90138bdcca8bc2174a02e9b706f7e939

SHA1
b74b9230bc6628abef82cb380164bc8abc927c19

SHA256
2cff1572acb10acd43d1c13b760fcd2282342710fc4b4daec73e05fa2577a85c

SHA512
44abd7f8bd45c9dc6b56b261d61f2c051dd1e77b707fab4c035f852746c93a2eaea778cc192f6cc6581e7ec6f4f4d917d6e9c98fafdbb63fe2194c3c3dfc82e6

Download Submit
C:\Windows\System\XLreYXR.exe

Filesize
2.4MB

MD5
e3d7401550b468196875bc431756cdb9

SHA1
771cc5b03a590f50cd4e96f43a4deef1d13a7950

SHA256
3503c0e0d377d90a72f3bac73098b7d221326941036212a5ad15736aa2737259

SHA512
014c5d82d8840872acdf091b4bf4c8fb07ec4ea244b06b3a1b8d244548b41277d30b9bb6671ab8a24db292a84b420e5cc613cb1147a47b61aeb6426752759376

Download Submit
C:\Windows\System\YWKHsCH.exe

Filesize
2.4MB

MD5
9d462ed85668ab9925e75979f8e3e18f

SHA1
99dbf3360dc2cc285d53eb46e3c7f3a3196aa983

SHA256
c7cbbec2718015a8df9cb2fe453b611370ed455204e8e48d8b61955c56de2958

SHA512
df53fd09dbff968713b89e70809515f46e91cd76483b10d4af3a585b5d1d31716b62aca0aea3a51339ae0fd667f7b781fb2f366af958f6dd4b7f16904d94b73e

Download Submit
C:\Windows\System\ZOxdobG.exe

Filesize
2.4MB

MD5
b1df533a67eeedf10aee4f6061b870c3

SHA1
fb02947756feae5fea87bb8025d16f9df4c018ab

SHA256
7b708ec0c6985ee1b0dbd8799697e7a5f1681b9895fe80cbe7511894b4090a68

SHA512
9f966b35fa5184aa95a9e9470b37bb8722ef269bf529b23dbc4ddc5125f5915ca101c81c816b43ca3675bc7d0dff0186810320354cb42956617c32acb725f73d

Download Submit
C:\Windows\System\biTHMBs.exe

Filesize
2.4MB

MD5
c04ad6ade0255e4fcf2f6edb9b2376ec

SHA1
02e7f9c0dbb7dc235fd5a1159a64e974fe70d6da

SHA256
d1680b19b85fb622a7d286e9b35d675d8be4374a3d36e7113bded28d2afecfc4

SHA512
f2925241ee0a039dc24ad5096bdf9cd689b683d066f8909ecfb13e5ba0ee926ab889211d0df51849a07ffc2462113448418341c9a160be21d5ca8e7944443d4b

Download Submit
C:\Windows\System\ijBvjyH.exe

Filesize
2.4MB

MD5
d4f267543e1b9244fe7e021fc1b5622a

SHA1
4581b6a68382a639c774eee3e9f59675c30002ac

SHA256
c1b19d8123358d7ee89cb5ddfe659f9301a45aaf28c387527703a50ee6943270

SHA512
814d0c798f5e89ff30fea9264506b8717f2e5645a9c033ff76152c423f9338cdc7b8a5c997e8ba67cdc9073a5897e9ae77976fbd98ae63f15ebb5be80c04d56b

Download Submit
C:\Windows\System\nIWtEiE.exe

Filesize
2.4MB

MD5
0c73177a15ac79cb498700c1efd4f264

SHA1
66cbd4e2dff807338df955777b277fa08e64570f

SHA256
65e61b7e88bb52facdb806ace455c605fca9671f885aead4b8e238917b26f26b

SHA512
5cbdec2a293c6d27ef98e26b7755e250ef5467572da3d3dfdfbe5171f5bd3f724d44472cfbae7e660ac35c5b82e7b34f9af9cf052a2fba8874c611dbea258b8a

Download Submit
C:\Windows\System\nyzwyAD.exe

Filesize
2.4MB

MD5
24f0604c660c476b7f948cfaec79e9fa

SHA1
1fa6bba39a9832df24caa5cfe0c3b4b87888e843

SHA256
d7cd372cfe2b9451bc937b9fc084962c59017665b29322fad34d353f4b57dff1

SHA512
0449ec68daa7be6899a61292b907b65e0014dd59b7ff777b02cea10468c26153c82abd5155bfb14178af460fc5930b1553160f6dab44e83c866e4f2ef6884f55

Download Submit
C:\Windows\System\ouOnlyp.exe

Filesize
2.4MB

MD5
5d0bd680e7071dab87fd31444508e447

SHA1
4b1b288ebcf9428db1a4990fcbe20f71e3febda2

SHA256
45071c2ab07be5144ff201dcf3ea2ccb267ab7b6238ef3f40dabdc7aad1120d3

SHA512
eac4aab7501577ae2f668e6443e83a65870831d7e03986656b1c7436f24e7c18087815f9e5edb949d404f3d143684a7a69419ce8e049e28286ee6395aa2f75d1

Download Submit
C:\Windows\System\rRhXdyx.exe

Filesize
2.4MB

MD5
3eeb388a48649c150a91d0c67ba8acdf

SHA1
4acfb524633a7b18ce0360b41aca13b5c1e14e8e

SHA256
9fc09939c581def6a588bed7da97bd39b879b70d553449d1d7bf24b1e59373a3

SHA512
f4ae13158dee80fb5a03cc3b3d82bad937fab4e62b1b2053888c33e54e4b5f1e5216778d0e25aee9bb4a120556cf441581a4736eb765417e6390eeb0a9dfaa58

Download Submit
C:\Windows\System\sMFxsOU.exe

Filesize
2.4MB

MD5
7f6483d39b28ec276316e55a2682c5d3

SHA1
c22cf5bf94ce70074e1bf40d0b39711cfbfc8fe8

SHA256
dcd394ded5c51cea3b48e8bd04f65123d46414d7c71556c1766d5317cfb799d7

SHA512
10ff159be63c78a0378fecad11a441110e2eee03c53b63b163935f44d5b518914f51f3189e8a9163748288c0b979f82276fc077049b9f77bd933cf737579e427

Download Submit
C:\Windows\System\svOOWhE.exe

Filesize
2.4MB

MD5
ea37bddff84d465c736f1bf17aa1fa1b

SHA1
49cdcdcd738831583d510ca901ba811a9d5079b6

SHA256
2ccf90ce5cd39b45060a080e159243ef8ff9a8a0a3dbe5613f04aa9bc1ac43a4

SHA512
a89b2f1f4df4311cd2cef2aa70055936170c87404d32722f2ded84bb5eb243deb875d86a9e5bfa7886770de14e52f35e094ea62d0093bcd348a69a9e31d2b659

Download Submit
C:\Windows\System\taFooBd.exe

Filesize
2.4MB

MD5
228bc15fe70972b67049de151b4fccde

SHA1
8ba55eca5c3a8373e55dec94f93be33feed95956

SHA256
9ce1699d6974366342af8f4a57eab7c052744d208568498e04ab8d9bab1a73df

SHA512
c635ba804ab0129a6b0cfd96ff6e1c30e671fb19acea1ec10a612c704aa65d54a3870d489fc8ef96814873d1061e914e07ffc700dc11d617168dbaa3e546302b

Download Submit
C:\Windows\System\tpKRTsM.exe

Filesize
2.4MB

MD5
b09b07f42e360b64647e37e8df6230e2

SHA1
87dc97b857963eeb1a5a41caa0a348a65ba093cf

SHA256
d37c3ef56b3fafdaf3c6875b21b6805a125c335e51650d6c289cf86776e1342e

SHA512
de6a625a32b1eb975cbbefa49f8e5a118a79ea93ee29405befc9da96afadcd5bbb8d1c79374355855aa4a6467dc68306e3d40a22704b7051c5b4d8bac1c8742a

Download Submit
C:\Windows\System\wqZhlbT.exe

Filesize
2.4MB

MD5
8397fafce459d8aa983ed484a40ac0a7

SHA1
8dd6425b66a19e8d6145f7179cda7ba417c11625

SHA256
f43967be24b837f37e74451b17c597a72318be60d9197039d8d82b62a925925c

SHA512
96158847364805bac4f0dc970c09e99b4ef5180a900a278ccfb1c13379bd0e99b8535b2a36c87ddec2d97074d7d97cfc515c1d3633b92c457f298a1c54742d4f

Download Submit
C:\Windows\System\yVTOhod.exe

Filesize
2.4MB

MD5
63fae4aefc998739f9cbd5c1ef347ea5

SHA1
a02e915e78552a15dfaccbce82f5d4e974f962ab

SHA256
c70df86061ca167125297cf73c2b0fa55db2d3bea373d124924332b98a22ed7b

SHA512
50702956e0dfaf18372daa64b67964d1837f8766e2fab2d92ce777ee5a03efd0c25a074ed12f2616ff11a2fd8d2552fcd97502facb116b614a8f1c3301b97229

Download Submit
C:\Windows\System\zaNOCVf.exe

Filesize
2.4MB

MD5
f6b1e32dc207b1ea3890b6dc334392af

SHA1
65f20ed7ce02ab4d4202006f38007ea8e36ece89

SHA256
18e8ce21896ed50b8e1c0bdbb1968138bc5630e9666a528196f138912b25abd0

SHA512
bb5f99e22804064201c20ff3b05a8f8919b3fadbe4128483d4fd6a4f838918ac8aa578c309ada6f4aa5ebf40b46036af9a5ed3924e008c57ee77e0f50f715992

Download Submit
C:\Windows\System\zsyiRKX.exe

Filesize
2.4MB

MD5
ae98ad7fb40e28d47e3f46336acaf317

SHA1
f59e6e70a22a2064fcd1d5257f57f6c9a4d51aba

SHA256
f7897c84a9e9e4d617967a6665c94725278e9b5a1efbe7f49521c939041d2f5e

SHA512
172e8f762fb0bc4bb578db71c625a7c34c47c7e9068fd92361071f7ca6ec76aa52a874e466d74ad31e6320f8361f680c5c4ee22b800f5a9bba0dd3f003628ec8

Download Submit
memory/1012-192-0x00007FF603470000-0x00007FF6037C4000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2121-0x00007FF603470000-0x00007FF6037C4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-202-0x00007FF68CB50000-0x00007FF68CEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-2124-0x00007FF68CB50000-0x00007FF68CEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1136-2100-0x00007FF6679B0000-0x00007FF667D04000-memory.dmp

Filesize
3.3MB

Download
memory/1136-2109-0x00007FF6679B0000-0x00007FF667D04000-memory.dmp

Filesize
3.3MB

Download
memory/1136-29-0x00007FF6679B0000-0x00007FF667D04000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2115-0x00007FF6C5240000-0x00007FF6C5594000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2102-0x00007FF6C5240000-0x00007FF6C5594000-memory.dmp

Filesize
3.3MB

Download
memory/1168-31-0x00007FF6C5240000-0x00007FF6C5594000-memory.dmp

Filesize
3.3MB

Download
memory/1380-163-0x00007FF6B2CF0000-0x00007FF6B3044000-memory.dmp

Filesize
3.3MB

Download
memory/1380-2120-0x00007FF6B2CF0000-0x00007FF6B3044000-memory.dmp

Filesize
3.3MB

Download
memory/1440-181-0x00007FF712F00000-0x00007FF713254000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2126-0x00007FF712F00000-0x00007FF713254000-memory.dmp

Filesize
3.3MB

Download
memory/1556-0-0x00007FF6F2AD0000-0x00007FF6F2E24000-memory.dmp

Filesize
3.3MB

Download
memory/1556-1-0x000002D6F1470000-0x000002D6F1480000-memory.dmp

Filesize
64KB

Download
memory/1556-1817-0x00007FF6F2AD0000-0x00007FF6F2E24000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2125-0x00007FF7D1190000-0x00007FF7D14E4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-203-0x00007FF7D1190000-0x00007FF7D14E4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2119-0x00007FF6F3AD0000-0x00007FF6F3E24000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2101-0x00007FF6F3AD0000-0x00007FF6F3E24000-memory.dmp

Filesize
3.3MB

Download
memory/1768-30-0x00007FF6F3AD0000-0x00007FF6F3E24000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2113-0x00007FF6CB8E0000-0x00007FF6CBC34000-memory.dmp

Filesize
3.3MB

Download
memory/2020-45-0x00007FF6CB8E0000-0x00007FF6CBC34000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2103-0x00007FF6CB8E0000-0x00007FF6CBC34000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2114-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp

Filesize
3.3MB

Download
memory/2028-205-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp

Filesize
3.3MB

Download
memory/2084-81-0x00007FF647880000-0x00007FF647BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2118-0x00007FF647880000-0x00007FF647BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2104-0x00007FF647880000-0x00007FF647BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-196-0x00007FF6996A0000-0x00007FF6999F4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2130-0x00007FF6996A0000-0x00007FF6999F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2134-0x00007FF6C96C0000-0x00007FF6C9A14000-memory.dmp

Filesize
3.3MB

Download
memory/2516-199-0x00007FF6C96C0000-0x00007FF6C9A14000-memory.dmp

Filesize
3.3MB

Download
memory/2560-195-0x00007FF764F80000-0x00007FF7652D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2132-0x00007FF764F80000-0x00007FF7652D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2112-0x00007FF659040000-0x00007FF659394000-memory.dmp

Filesize
3.3MB

Download
memory/2684-201-0x00007FF659040000-0x00007FF659394000-memory.dmp

Filesize
3.3MB

Download
memory/2924-204-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2116-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-101-0x00007FF7D9590000-0x00007FF7D98E4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2105-0x00007FF7D9590000-0x00007FF7D98E4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2117-0x00007FF7D9590000-0x00007FF7D98E4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-141-0x00007FF7967B0000-0x00007FF796B04000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2111-0x00007FF7967B0000-0x00007FF796B04000-memory.dmp

Filesize
3.3MB

Download
memory/3416-193-0x00007FF6314A0000-0x00007FF6317F4000-memory.dmp

Filesize
3.3MB

Download
memory/3416-2122-0x00007FF6314A0000-0x00007FF6317F4000-memory.dmp

Filesize
3.3MB

Download
memory/3576-2106-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp

Filesize
3.3MB

Download
memory/3576-180-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp

Filesize
3.3MB

Download
memory/3576-2128-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2129-0x00007FF7C3440000-0x00007FF7C3794000-memory.dmp

Filesize
3.3MB

Download
memory/3892-197-0x00007FF7C3440000-0x00007FF7C3794000-memory.dmp

Filesize
3.3MB

Download
memory/3968-2127-0x00007FF6100A0000-0x00007FF6103F4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-194-0x00007FF6100A0000-0x00007FF6103F4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-2133-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp

Filesize
3.3MB

Download
memory/4120-200-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp

Filesize
3.3MB

Download
memory/4152-206-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp

Filesize
3.3MB

Download
memory/4152-2135-0x00007FF6A6A30000-0x00007FF6A6D84000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2131-0x00007FF653120000-0x00007FF653474000-memory.dmp

Filesize
3.3MB

Download
memory/4612-198-0x00007FF653120000-0x00007FF653474000-memory.dmp

Filesize
3.3MB

Download
memory/4792-19-0x00007FF6AB2E0000-0x00007FF6AB634000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2107-0x00007FF6AB2E0000-0x00007FF6AB634000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2110-0x00007FF7D1920000-0x00007FF7D1C74000-memory.dmp

Filesize
3.3MB

Download
memory/4808-65-0x00007FF7D1920000-0x00007FF7D1C74000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2108-0x00007FF6198C0000-0x00007FF619C14000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2099-0x00007FF6198C0000-0x00007FF619C14000-memory.dmp

Filesize
3.3MB

Download
memory/4872-11-0x00007FF6198C0000-0x00007FF619C14000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2123-0x00007FF692860000-0x00007FF692BB4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-189-0x00007FF692860000-0x00007FF692BB4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads